From 2965425374ca4413339436c2f706f7b5508402e2 Mon Sep 17 00:00:00 2001 From: Apple Date: Sat, 27 Jul 2002 20:41:06 +0000 Subject: [PATCH] Security-54.tar.gz --- .../AES/aesCommon.h | 42 +- AppleCSP/AES/aescsp.cpp | 24 +- AppleCSP/AES/gladmanContext.cpp | 176 + AppleCSP/AES/gladmanContext.h | 75 + AppleCSP/AES/rijndael-alg-ref.c | 4 + AppleCSP/AES/rijndael-alg-ref.h | 13 +- AppleCSP/AES/rijndaelApi.c | 8 +- AppleCSP/AES/rijndaelApi.h | 9 +- AppleCSP/AES/rijndaelGladman.c | 436 ++ AppleCSP/AES/rijndaelGladman.h | 211 + AppleCSP/AES/vRijndael-alg-ref.c | 2 +- AppleCSP/AppleCSP.pbxproj/.cvsignore | 1 - AppleCSP/AppleCSP.pbxproj/project.pbxproj | 2061 ------- AppleCSP/AppleCSP/AppleCSP.cpp | 83 +- AppleCSP/AppleCSP/AppleCSP.h | 1 + AppleCSP/AppleCSP/AppleCSPSession.h | 20 +- AppleCSP/AppleCSP/BinaryKey.h | 2 +- AppleCSP/AppleCSP/NullDigest.h | 75 - AppleCSP/AppleCSP/SignatureContext.h | 2 +- AppleCSP/AppleCSP/cspdebugging.h | 1 + AppleCSP/AppleCSP/deriveKey.cpp | 8 + AppleCSP/AppleCSP/pkcs_7_8.cpp | 8 +- AppleCSP/AppleCSP/wrapKey.cpp | 78 +- AppleCSP/BSafeCSP/bsafeKeyGen.cpp | 13 +- AppleCSP/BSafeCSP/bsafePKCS1.cpp | 4 +- AppleCSP/BSafeCSP/bsafecspi.h | 5 +- AppleCSP/CVSVersionInfo.txt | 2 +- AppleCSP/ComCryption/ascContext.cpp | 30 +- AppleCSP/CryptKitCSP/CryptKitDER.cpp | 23 +- AppleCSP/CryptKitCSP/FEEKeys.cpp | 10 +- AppleCSP/CryptKitCSP/FEEKeys.h | 5 +- AppleCSP/CryptKitCSP/cryptkitcsp.cpp | 21 + AppleCSP/DiffieHellman/DH_csp.cpp | 71 + .../DiffieHellman/DH_csp.h | 70 +- AppleCSP/DiffieHellman/DH_exchange.cpp | 71 + .../DiffieHellman/DH_exchange.h | 19 +- AppleCSP/DiffieHellman/DH_keys.cpp | 514 ++ AppleCSP/DiffieHellman/DH_keys.h | 135 + AppleCSP/DiffieHellman/DH_utils.cpp | 136 + AppleCSP/DiffieHellman/DH_utils.h | 71 + AppleCSP/MiscCSPAlgs/DES.c | 6 + AppleCSP/MiscCSPAlgs/DigestContext.cpp | 9 + AppleCSP/MiscCSPAlgs/DigestContext.h | 3 +- AppleCSP/MiscCSPAlgs/MD2Object.cpp | 6 + AppleCSP/MiscCSPAlgs/MD2Object.h | 3 +- AppleCSP/MiscCSPAlgs/MD5.c | 2 +- AppleCSP/MiscCSPAlgs/MD5.h | 2 +- AppleCSP/MiscCSPAlgs/MacContext.cpp | 29 +- AppleCSP/MiscCSPAlgs/MacContext.h | 25 +- AppleCSP/MiscCSPAlgs/NullCryptor.h | 88 + AppleCSP/MiscCSPAlgs/SHA1.c | 10 +- AppleCSP/MiscCSPAlgs/SHA1.h | 4 + AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp | 14 +- AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h | 6 +- AppleCSP/MiscCSPAlgs/SHA1_priv.c | 1 - AppleCSP/MiscCSPAlgs/desContext.cpp | 2 +- AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp | 63 +- AppleCSP/PBKDF2/HMACSHA1.c | 133 +- AppleCSP/PBKDF2/HMACSHA1.h | 12 +- AppleCSP/RSA_DSA/RSA_DSA_csp.cpp | 4 +- AppleCSP/RSA_DSA/RSA_DSA_keys.cpp | 24 +- AppleCSP/RSA_DSA/RSA_DSA_keys.h | 10 +- AppleCSP/RSA_DSA/RSA_DSA_signature.cpp | 21 +- AppleCSP/RSA_DSA/RSA_DSA_signature.h | 6 +- AppleCSP/RSA_DSA/RSA_DSA_utils.cpp | 87 - AppleCSP/RSA_DSA/RSA_DSA_utils.h | 9 - AppleCSP/RSA_DSA/RSA_asymmetric.cpp | 29 +- AppleCSP/RSA_DSA/RSA_asymmetric.h | 6 +- AppleCSP/csp_capabilities.mdsinfo | 18 + AppleCSP/csp_capabilities_common.mds | 741 +++ AppleCSP/csp_common.mdsinfo | 28 + AppleCSP/csp_primary.mdsinfo | 36 + AppleCSP/open_ssl/bn/bn_err.c | 3 + AppleCSP/open_ssl/bn/bn_exp.c | 366 +- AppleCSP/open_ssl/bn/bn_lcl.h | 118 +- AppleCSP/open_ssl/bn/bn_rand.c | 140 +- AppleCSP/open_ssl/dh/dh_check.c | 137 + AppleCSP/open_ssl/dh/dh_err.c | 116 + AppleCSP/open_ssl/dh/dh_gen.c | 170 + AppleCSP/open_ssl/dh/dh_key.c | 230 + AppleCSP/open_ssl/dh/dh_lib.c | 203 + AppleCSP/open_ssl/openssl/bn.h | 6 + AppleCSP/open_ssl/openssl/dh.h | 221 + AppleCSP/open_ssl/openssl/dsa.h | 2 +- AppleCSP/open_ssl/openssl/opensslconf.h | 18 +- .../open_ssl/opensslUtils/openRsaSnacc.cpp | 118 + AppleCSP/open_ssl/opensslUtils/openRsaSnacc.h | 16 + .../open_ssl/opensslUtils/opensslUtils.cpp | 95 + AppleCSP/open_ssl/opensslUtils/opensslUtils.h | 9 + AppleCSPDL/AppleCSPDL.pbproj/.cvsignore | 1 - AppleCSPDL/AppleCSPDL.pbproj/project.pbxproj | 481 -- AppleCSPDL/CSPDLPlugin.cpp | 4 +- AppleCSPDL/CSPDLPlugin.h | 3 +- AppleCSPDL/CVSVersionInfo.txt | 2 +- AppleCSPDL/KeySchema.m4 | 6 +- AppleCSPDL/SSCSPDLSession.cpp | 32 +- AppleCSPDL/SSCSPDLSession.h | 5 - AppleCSPDL/SSCSPSession.cpp | 47 +- AppleCSPDL/SSCSPSession.h | 14 +- AppleCSPDL/SSContext.cpp | 517 +- AppleCSPDL/SSContext.h | 117 +- AppleCSPDL/SSDLSession.cpp | 46 +- AppleCSPDL/SSDLSession.h | 3 + AppleCSPDL/SSFactory.cpp | 7 +- AppleCSPDL/SSKey.cpp | 16 +- AppleCSPDL/SSKey.h | 1 + AppleCSPDL/cspdl_common.mdsinfo | 28 + AppleCSPDL/cspdl_csp_capabilities.mdsinfo | 18 + AppleCSPDL/cspdl_csp_primary.mdsinfo | 61 + AppleCSPDL/cspdl_dl_primary.mdsinfo | 73 + AppleDL/AppleDL.pbxproj/.cvsignore | 1 - AppleDL/AppleDL.pbxproj/project.pbxproj | 247 - AppleDL/CVSVersionInfo.txt | 2 +- AppleDL/dl_common.mdsinfo | 28 + AppleDL/dl_primary.mdsinfo | 48 + .../AppleX509CL.pbproj/project.pbxproj | 531 -- AppleX509CL/AppleX509CLSession.h | 13 +- AppleX509CL/CLCertExtensions.cpp | 4 +- AppleX509CL/CVSVersionInfo.txt | 2 +- AppleX509CL/CertBuilder.cpp | 59 +- AppleX509CL/CertBuilder.h | 3 + AppleX509CL/CertFields.cpp | 78 +- AppleX509CL/DecodedCert.cpp | 84 +- AppleX509CL/DecodedCert.h | 8 +- AppleX509CL/LockedMap.h | 4 +- AppleX509CL/Session_CSR.cpp | 198 + AppleX509CL/Session_Cert.cpp | 48 +- AppleX509CL/Session_Crypto.cpp | 6 +- AppleX509CL/SnaccUtils.cpp | 114 +- AppleX509CL/SnaccUtils.h | 20 + AppleX509CL/cl_common.mdsinfo | 28 + AppleX509CL/cl_primary.mdsinfo | 38 + AppleX509CL/cldebugging.h | 1 + AppleX509TP/AppleTP.pbproj/project.pbxproj | 445 -- AppleX509TP/AppleTPSession.cpp | 20 - AppleX509TP/AppleTPSession.h | 70 +- AppleX509TP/CVSVersionInfo.txt | 2 +- AppleX509TP/TPCertInfo.cpp | 240 +- AppleX509TP/TPCertInfo.h | 74 +- AppleX509TP/certGroupUtils.cpp | 109 +- AppleX509TP/certGroupUtils.h | 38 +- AppleX509TP/iSignRootCerts.c | 4 + AppleX509TP/rootCerts.cpp | 147 + AppleX509TP/rootCerts.h | 66 +- AppleX509TP/sslRootCerts.c | 3 + AppleX509TP/tpCertGroup.cpp | 229 +- AppleX509TP/tpCredRequest.cpp | 789 +++ AppleX509TP/tpPolicies.cpp | 315 +- AppleX509TP/tpPolicies.h | 16 +- AppleX509TP/tpTime.c | 70 +- AppleX509TP/tpTime.h | 25 +- AppleX509TP/tp_common.mdsinfo | 28 + AppleX509TP/tp_policyOids.mdsinfo | 46 + AppleX509TP/tp_primary.mdsinfo | 34 + AppleX509TP/tpdebugging.h | 1 + CVSVersionInfo.txt | 5 - CertTool/CertTool.html | 339 ++ CertTool/CertTool/CertTool.cpp | 1134 ++++ CertTool/CertTool/CertUI.cpp | 472 ++ CertTool/CertTool/CertUI.h | 137 + CertTool/cdsaUtils/cdsaUtils.c | 687 +++ CertTool/cdsaUtils/cdsaUtils.h | 166 + CertTool/cdsaUtils/cuEnc64.c | 402 ++ CertTool/cdsaUtils/cuEnc64.h | 65 + CertTool/cdsaUtils/dumpasn1.cfg | 2915 ++++++++++ CertTool/cdsaUtils/fileIo.c | 141 + CertTool/cdsaUtils/fileIo.h | 69 + CertTool/cdsaUtils/oidParser.cpp | 296 + CertTool/cdsaUtils/oidParser.h | 44 + CertTool/cdsaUtils/pem.cpp | 170 + CertTool/cdsaUtils/pem.h | 72 + CertTool/cdsaUtils/printCert.cpp | 912 ++++ CertTool/cdsaUtils/printCert.h | 32 + CertTool/cdsaUtils/timeStr.cpp | 144 + CertTool/cdsaUtils/timeStr.h | 27 + Documentation/ACLsInCDSA.cwk | Bin 0 -> 33130 bytes Documentation/APIStrategy.cwk | Bin 0 -> 20278 bytes Documentation/AccessControlArchitecture.cwk | Bin 0 -> 60734 bytes Documentation/AppleCL_Spec.doc | Bin 0 -> 108032 bytes Documentation/AppleCSP.doc | Bin 0 -> 244224 bytes Documentation/AppleTP_Spec.doc | Bin 0 -> 283136 bytes Documentation/ArchitectureOverview.cwk | Bin 0 -> 32536 bytes Documentation/C++Utilities.cwk | Bin 0 -> 97493 bytes Documentation/DebuggingAids.cwk | Bin 0 -> 37201 bytes Documentation/HowToWriteA_CSP.cwk | Bin 0 -> 45874 bytes Documentation/HowToWriteA_Plugin.cwk | Bin 0 -> 28459 bytes Documentation/SecuritySupport.doc | Bin 0 -> 201728 bytes Documentation/Supported_CSP_Algorithms.doc | Bin 0 -> 190464 bytes Documentation/cwk_styles | Bin 0 -> 16094 bytes Keychain/ACL.cpp | 375 ++ Keychain/ACL.h | 143 + Keychain/Access.cpp | 244 + Keychain/Access.h | 109 + Keychain/CCallbackMgr.cp | 149 +- Keychain/CCallbackMgr.h | 56 +- Keychain/Certificate.cpp | 458 ++ Keychain/Certificate.h | 95 + .../CertificateRequest.cpp | 16 +- Keychain/CertificateRequest.h | 46 + Keychain/Certificates.cpp | 114 + Keychain/DLDBListCFPref.h | 14 +- Keychain/DefaultKeychain.h | 26 +- Keychain/Globals.cpp | 4 +- Keychain/Globals.h | 28 +- Keychain/Identity.cpp | 46 + .../serverDaemon.cpp => Keychain/Identity.h | 67 +- Keychain/IdentityCursor.cpp | 110 + Keychain/IdentityCursor.h | 58 + Keychain/Item.cpp | 501 +- Keychain/Item.h | 73 +- Keychain/KCCursor.cpp | 80 +- Keychain/KCCursor.h | 44 +- Keychain/KCEventNotifier.cpp | 7 + Keychain/KCEventNotifier.h | 24 +- Keychain/KCEventObserver.h | 21 +- Keychain/KCExceptions.h | 13 +- Keychain/KCUtilities.cpp | 10 +- Keychain/KCUtilities.h | 14 +- Keychain/KeyItem.cpp | 98 + Keychain/KeyItem.h | 63 + Keychain/Keychains.cpp | 126 +- Keychain/Keychains.h | 67 +- Keychain/Policies.cpp | 47 + Keychain/Policies.h | 68 + Keychain/PolicyCursor.cpp | 84 + Keychain/PolicyCursor.h | 79 + Keychain/PrimaryKey.h | 10 +- Keychain/Refs.h | 5 +- Keychain/RootCertBlobs.h | 1413 +++++ Keychain/Schema.h | 37 +- Keychain/Schema.m4 | 108 +- Keychain/SecACL.cpp | 160 + Keychain/SecACL.h | 119 + Keychain/SecAccess.cpp | 110 + Keychain/SecAccess.h | 105 + Keychain/SecBase.h | 237 + Keychain/SecBridge.h | 49 + .../yarrowseed.h => Keychain/SecCFTypes.cpp | 51 +- Keychain/SecCFTypes.h | 147 + Keychain/SecCertificate.cpp | 109 + Keychain/SecCertificate.h | 150 + Keychain/SecCertificateBundle.cpp | 51 + Keychain/SecCertificateBundle.h | 71 + Keychain/SecCertificateRequest.cpp | 128 + Keychain/SecCertificateRequest.h | 138 + Keychain/SecIdentity.cpp | 59 + Keychain/SecIdentity.h | 66 + Keychain/SecIdentitySearch.cpp | 68 + Keychain/SecIdentitySearch.h | 72 + Keychain/SecKey.cpp | 61 + Keychain/SecKey.h | 85 + Keychain/SecKeychain.cpp | 645 +++ Keychain/SecKeychain.h | 559 ++ Keychain/SecKeychainAPI.cpp | 723 +-- Keychain/SecKeychainAPI.h | 868 +-- Keychain/SecKeychainAPIPriv.h | 41 +- Keychain/SecKeychainItem.cpp | 230 + Keychain/SecKeychainItem.h | 304 ++ Keychain/SecKeychainSearch.cpp | 62 + Keychain/SecKeychainSearch.h | 64 + Keychain/SecPolicy.cpp | 67 + Keychain/SecPolicy.h | 72 + Keychain/SecPolicySearch.cpp | 63 + Keychain/SecPolicySearch.h | 71 + Keychain/SecRuntime.cpp | 140 + Keychain/SecRuntime.h | 110 + Keychain/SecTrust.cpp | 199 + Keychain/SecTrust.h | 205 + Keychain/SecTrustedApplication.cpp | 62 + Keychain/SecTrustedApplication.h | 76 + Keychain/Security.h | 62 + Keychain/StorageManager.cpp | 316 +- Keychain/StorageManager.h | 75 +- Keychain/Trust.cpp | 298 + Keychain/Trust.h | 111 + Keychain/TrustItem.cpp | 120 + Keychain/TrustItem.h | 79 + Keychain/TrustStore.cpp | 232 + Keychain/TrustStore.h | 74 + Keychain/TrustedApplication.cpp | 121 + Keychain/TrustedApplication.h | 70 + Keychain/cssmdatetime.cpp | 16 +- Keychain/cssmdatetime.h | 34 +- Network/ftp-protocol.cpp | 6 + Network/ftp-protocol.h | 15 +- Network/http-protocol.cpp | 11 +- Network/http-protocol.h | 8 +- Network/https-protocol.cpp | 9 +- Network/https-protocol.h | 7 +- Network/https-proxy-protocol.cpp | 2 +- Network/neterror.cpp | 2 +- Network/neterror.h | 2 +- Network/netparameters.h | 2 + Network/xfercore.cpp | 7 +- README.txt | 19 + SecureTransport/CVSVersionInfo.txt | 2 +- SecureTransport/ModuleAttacher.cpp | 52 +- SecureTransport/ModuleAttacher.h | 10 +- SecureTransport/README | 47 +- .../SecureTransport.pbproj/project.pbxproj | 759 +-- SecureTransport/SecureTransport/CipherSuite.h | 8 +- .../SecureTransport/SecureTransport.h | 227 +- SecureTransport/appleCdsa.c | 140 +- SecureTransport/appleGlue.c | 12 +- SecureTransport/appleSession.c | 92 - SecureTransport/appleSession.cpp | 505 ++ SecureTransport/cipherSpecs.c | 30 +- SecureTransport/digests.c | 319 +- SecureTransport/hdskcert.c | 213 +- SecureTransport/hdskchgc.c | 9 +- SecureTransport/hdskfini.c | 145 +- SecureTransport/hdskhelo.c | 126 +- SecureTransport/hdskkeys.c | 363 +- SecureTransport/hdskkyex.c | 509 +- SecureTransport/nullciph.c | 2 - SecureTransport/privateInc/appleCdsa.h | 25 +- SecureTransport/privateInc/appleGlue.h | 2 +- SecureTransport/privateInc/appleSession.h | 15 +- SecureTransport/privateInc/cipherSpecs.h | 2 +- SecureTransport/privateInc/cryptType.h | 57 +- SecureTransport/privateInc/digests.h | 22 +- SecureTransport/privateInc/ssl.h | 2 +- SecureTransport/privateInc/sslBuildFlags.h | 37 +- SecureTransport/privateInc/sslDebug.h | 16 +- SecureTransport/privateInc/sslKeychain.h | 27 +- SecureTransport/privateInc/sslPriv.h | 19 +- SecureTransport/privateInc/sslalert.h | 17 +- SecureTransport/privateInc/sslalloc.h | 14 +- SecureTransport/privateInc/sslctx.h | 195 +- SecureTransport/privateInc/sslhdshk.h | 7 - SecureTransport/privateInc/sslmd5.h | 82 - SecureTransport/privateInc/sslrec.h | 7 +- SecureTransport/privateInc/sslsess.h | 14 +- SecureTransport/privateInc/sslutil.h | 1 + SecureTransport/privateInc/symCipher.h | 2 +- SecureTransport/privateInc/tls_hmac.h | 109 + SecureTransport/privateInc/tls_ssl.h | 135 + SecureTransport/secureTransport.exp | 10 +- SecureTransport/securetransport++.cpp | 29 +- SecureTransport/securetransport++.h | 21 +- SecureTransport/sha.c | 237 - SecureTransport/ssl2mesg.c | 404 +- SecureTransport/ssl2prot.c | 49 +- SecureTransport/ssl2rec.c | 39 +- SecureTransport/ssl3Callouts.c | 718 +++ SecureTransport/sslBER_Dummy.c | 49 + SecureTransport/sslKeychain.c | 547 +- SecureTransport/sslalert.c | 24 +- SecureTransport/sslalloc.c | 90 +- SecureTransport/sslctx.c | 226 +- SecureTransport/sslhdshk.c | 132 +- SecureTransport/sslmd5.c | 354 -- SecureTransport/sslrec.c | 285 +- SecureTransport/sslsess.c | 127 +- SecureTransport/ssltrspt.c | 108 +- SecureTransport/sslutil.c | 9 + SecureTransport/symCipher.c | 59 +- SecureTransport/tls1Callouts.c | 687 +++ SecureTransport/tls_hmac.c | 316 ++ Security.exp | 21 +- Security.pbproj/project.pbxproj | 4014 +++++++++----- SecurityASN1/CVSVersionInfo.txt | 2 +- SecurityASN1/Makefile | 14 +- SecurityASN1/PkcsCms.pbproj/project.pbxproj | 64 +- SecurityASN1/asn/appleoids.asn | 28 + SecurityASN1/asn/pkcs10.asn | 53 + SecurityASN1/c++/appleoids.cpp | 1011 ++-- SecurityASN1/c++/pkcs10.cpp | 738 +++ SecurityASN1/c++/pkcs1oids.cpp | 75 +- SecurityASN1/c++/pkcs7.cpp | 61 +- SecurityASN1/c++/pkcs8.cpp | 63 +- SecurityASN1/c++/pkcs9oids.cpp | 3 +- SecurityASN1/c++/sm_cms.cpp | 889 +-- SecurityASN1/c++/sm_ess.cpp | 392 +- SecurityASN1/c++/sm_vdatypes.cpp | 26 +- SecurityASN1/c++/sm_x411mtsas.cpp | 289 +- SecurityASN1/c++/sm_x411ub.cpp | 3 +- SecurityASN1/c++/sm_x501if.cpp | 129 +- SecurityASN1/c++/sm_x501ud.cpp | 3 +- SecurityASN1/c++/sm_x509af.cpp | 683 +-- SecurityASN1/c++/sm_x509ce.cpp | 370 +- SecurityASN1/c++/sm_x509cmn.cpp | 57 +- SecurityASN1/c++/sm_x520sa.cpp | 26 +- SecurityASN1/inc/appleoids.h | 112 +- SecurityASN1/inc/pkcs10.h | 110 + SecurityASN1/inc/pkcs1oids.h | 8 +- SecurityASN1/inc/pkcs7.h | 8 +- SecurityASN1/inc/pkcs8.h | 8 +- SecurityASN1/inc/pkcs9oids.h | 2 +- SecurityASN1/inc/sm_cms.h | 92 +- SecurityASN1/inc/sm_ess.h | 41 +- SecurityASN1/inc/sm_vdatypes.h | 5 +- SecurityASN1/inc/sm_x411mtsas.h | 32 +- SecurityASN1/inc/sm_x411ub.h | 2 +- SecurityASN1/inc/sm_x501if.h | 14 +- SecurityASN1/inc/sm_x501ud.h | 2 +- SecurityASN1/inc/sm_x509af.h | 68 +- SecurityASN1/inc/sm_x509ce.h | 41 +- SecurityASN1/inc/sm_x509cmn.h | 8 +- SecurityASN1/inc/sm_x520sa.h | 5 +- SecuritySNACCRuntime/Apple_README | 31 +- SecuritySNACCRuntime/CVSVersionInfo.txt | 2 +- SecuritySNACCRuntime/MacOSX-Install | 3 +- SecuritySNACCRuntime/MacOSX-make | 9 + SecuritySNACCRuntime/c++-lib/c++/asn-any.cpp | 18 +- SecuritySNACCRuntime/c++-lib/c++/asn-bits.cpp | 30 +- SecuritySNACCRuntime/c++-lib/c++/asn-bool.cpp | 20 +- SecuritySNACCRuntime/c++-lib/c++/asn-enum.cpp | 12 +- SecuritySNACCRuntime/c++-lib/c++/asn-int.cpp | 24 +- SecuritySNACCRuntime/c++-lib/c++/asn-len.cpp | 60 +- SecuritySNACCRuntime/c++-lib/c++/asn-null.cpp | 16 +- SecuritySNACCRuntime/c++-lib/c++/asn-octs.cpp | 26 +- SecuritySNACCRuntime/c++-lib/c++/asn-oid.cpp | 24 +- SecuritySNACCRuntime/c++-lib/c++/asn-real.cpp | 36 +- SecuritySNACCRuntime/c++-lib/c++/asn-tag.cpp | 55 +- SecuritySNACCRuntime/c++-lib/c++/asn-type.cpp | 14 +- .../c++-lib/c++/asn-useful.cpp | 448 +- SecuritySNACCRuntime/c++-lib/c++/str-stk.cpp | 14 +- SecuritySNACCRuntime/c++-lib/dependencies | 792 --- SecuritySNACCRuntime/c++-lib/inc/asn-config.h | 141 +- SecuritySNACCRuntime/c++-lib/inc/asn-octs.h | 10 +- SecuritySNACCRuntime/c++-lib/inc/asn-useful.h | 74 +- SecuritySNACCRuntime/c++-lib/inc/config.h | 54 - .../c++-lib/inc/sm_vdasnacc.h | 17 +- .../c++-lib/src/asn-useful.cpp | 444 +- .../c++-lib/src/cdsaUtils.cpp | 19 +- .../c++-lib/src/sm_buffer.cpp | 2 + SecuritySNACCRuntime/c++-lib/stamp-useful | 2 +- SecuritySNACCRuntime/c-lib/asn-useful.c | 20 +- SecuritySNACCRuntime/c-lib/asn-useful.h | 20 +- SecuritySNACCRuntime/c-lib/dependencies | 2705 +++------- SecuritySNACCRuntime/c-lib/inc/asn-config.h | 48 +- SecuritySNACCRuntime/c-lib/inc/asn-useful.h | 20 +- SecuritySNACCRuntime/c-lib/inc/tbl.h | 20 +- SecuritySNACCRuntime/c-lib/src/asn-useful.c | 20 +- SecuritySNACCRuntime/c-lib/src/tbl.c | 20 +- SecuritySNACCRuntime/c-lib/stamp-tbl | 2 +- SecuritySNACCRuntime/c-lib/stamp-useful | 2 +- SecuritySNACCRuntime/c-lib/tbl.c | 20 +- SecuritySNACCRuntime/c-lib/tbl.h | 20 +- .../compiler/back-ends/c++-gen/gen-code.c | 132 +- SecuritySNACCRuntime/compiler/core/tbl.c | 2 +- SecuritySNACCRuntime/compiler/core/tbl.h | 2 +- SecuritySNACCRuntime/compiler/dependencies | 1564 ++---- SecuritySNACCRuntime/compiler/stamp-tbl | 2 +- SecuritySNACCRuntime/compiler/tbl.c | 20 +- SecuritySNACCRuntime/compiler/tbl.h | 20 +- SecuritySNACCRuntime/config.cache | 7 +- SecuritySNACCRuntime/config.h | 54 - SecuritySNACCRuntime/config.log | 4 + SecuritySNACCRuntime/config.status | 7 +- SecuritySNACCRuntime/makehead | 45 +- .../snacc.pbproj/project.pbxproj | 395 +- SecuritySNACCRuntime/stamp-h | 2 +- .../Authorization/Authorization.cpp | 11 +- SecurityServer/Authorization/Authorization.h | 29 +- .../Authorization/AuthorizationData.cpp | 211 + .../Authorization/AuthorizationData.h | 155 + .../Authorization/AuthorizationEngine.cpp | 703 ++- .../Authorization/AuthorizationEngine.h | 122 +- .../Authorization/AuthorizationPlugin.h | 8 + .../Authorization/AuthorizationTags.h | 15 +- .../Authorization/AuthorizationWalkers.h | 20 + .../Authorization/authorization.plist | 68 + .../Authorization/trampolineClient.cpp | 4 +- SecurityServer/CVSVersionInfo.txt | 2 +- .../MacYarrow.pbproj/project.pbxproj | 1680 ------ .../MacYarrow/YarrowServer/MacYarrow_OSX.cpp | 294 - .../MacYarrow/YarrowServer/MacYarrow_OSX.h | 81 - .../YarrowServer/YarrowLib_OS9.mcp.exp | 1 - .../MacYarrow/YarrowServer/YarrowServer_OS9.c | 328 -- .../MacYarrow/YarrowServer/YarrowServer_OS9.h | 70 - .../YarrowServer/YarrowServer_OSX.cpp | 196 - SecurityServer/MacYarrow/YarrowServer/debug.c | 91 - SecurityServer/MacYarrow/YarrowServer/debug.h | 135 - .../MacYarrow/YarrowServer/entropyFile.h | 70 - .../MacYarrow/YarrowServer/entropyFileOS9.c | 189 - .../MacYarrow/YarrowServer/entropyFileUnix.c | 189 - .../MacYarrow/YarrowServer/kdebug_private.h | 108 - .../MacYarrow/YarrowServer/systemEntropy.c | 270 - .../MacYarrow/YarrowServer/systemEntropy.h | 60 - .../MacYarrow/testHarness/clientTest.cpp | 85 - SecurityServer/MacYarrow/yarrowseed.cpp | 55 - SecurityServer/MacYarrow/zlib/ChangeLog | 1 - SecurityServer/MacYarrow/zlib/README | 1 - SecurityServer/MacYarrow/zlib/adler32.c | 66 - SecurityServer/MacYarrow/zlib/algorithm.txt | 1 - SecurityServer/MacYarrow/zlib/compress.c | 86 - SecurityServer/MacYarrow/zlib/crc32.c | 180 - SecurityServer/MacYarrow/zlib/deflate.c | 1368 ----- SecurityServer/MacYarrow/zlib/deflate.h | 336 -- SecurityServer/MacYarrow/zlib/infblock.c | 416 -- SecurityServer/MacYarrow/zlib/infblock.h | 57 - SecurityServer/MacYarrow/zlib/infcodes.c | 275 - SecurityServer/MacYarrow/zlib/inffast.c | 188 - SecurityServer/MacYarrow/zlib/inffixed.h | 169 - SecurityServer/MacYarrow/zlib/inflate.c | 384 -- SecurityServer/MacYarrow/zlib/inftrees.c | 473 -- SecurityServer/MacYarrow/zlib/inftrees.h | 76 - SecurityServer/MacYarrow/zlib/infutil.c | 105 - SecurityServer/MacYarrow/zlib/infutil.h | 116 - SecurityServer/MacYarrow/zlib/trees.c | 1232 ----- SecurityServer/MacYarrow/zlib/trees.h | 146 - SecurityServer/MacYarrow/zlib/uncompr.c | 76 - SecurityServer/MacYarrow/zlib/zconf.h | 297 - SecurityServer/MacYarrow/zlib/zlib.h | 911 ---- SecurityServer/MacYarrow/zlib/zlib.mcp | Bin 38665 -> 0 bytes SecurityServer/MacYarrow/zlib/zutil.c | 243 - SecurityServer/MacYarrow/zlib/zutil.h | 238 - SecurityServer/Makefile | 14 +- SecurityServer/SecurityAgentClient.cpp | 158 +- SecurityServer/SecurityAgentClient.h | 36 +- .../SecurityServer.pbxproj/.cvsignore | 1 - .../SecurityServer.pbxproj/project.pbxproj | 4284 --------------- SecurityServer/StartupItems/SecurityServer | 2 +- SecurityServer/acl_keychain.cpp | 143 +- SecurityServer/acl_keychain.h | 31 +- SecurityServer/agentquery.cpp | 60 +- SecurityServer/agentquery.h | 76 +- SecurityServer/authority.cpp | 78 +- SecurityServer/authority.h | 24 +- SecurityServer/cfnotifier.cpp | 3 +- SecurityServer/connection.cpp | 64 +- SecurityServer/connection.h | 12 +- SecurityServer/dbcrypto.cpp | 2 +- SecurityServer/entropy.cpp | 135 + SecurityServer/entropy.h | 59 + SecurityServer/key.cpp | 34 +- SecurityServer/key.h | 12 + SecurityServer/main.cpp | 51 +- SecurityServer/notifications.cpp | 109 + SecurityServer/notifications.h | 82 + SecurityServer/process.cpp | 40 +- SecurityServer/process.h | 17 +- SecurityServer/secagent.defs | 39 +- SecurityServer/secagent_types.h | 15 +- SecurityServer/server.cpp | 102 +- SecurityServer/server.h | 11 +- SecurityServer/session.cpp | 161 +- SecurityServer/session.h | 33 +- SecurityServer/ssblob.h | 7 +- SecurityServer/ssclient.cpp | 42 +- SecurityServer/ssclient.h | 67 +- SecurityServer/sstransit.cpp | 125 +- SecurityServer/sstransit.h | 4 +- SecurityServer/transition.cpp | 149 +- SecurityServer/ucsp.defs | 34 +- SecurityServer/ucspNotify.defs | 25 + SecurityServer/ucsp_types.h | 6 +- SecurityServer/xdatabase.cpp | 49 +- SecurityServer/xdatabase.h | 17 +- cdsa/CVSVersionInfo.txt | 2 +- cdsa/cdsa.pbxproj/.cvsignore | 1 - cdsa/cdsa.pbxproj/project.pbxproj | 4774 ----------------- cdsa/cdsa/certextensions.h | 6 + cdsa/cdsa/cssmapple.h | 301 +- cdsa/cdsa/cssmerr.h | 12 +- cdsa/cdsa/cssmtype.h | 8 +- cdsa/cdsa/eisl.h | 1 - cdsa/cdsa/oidsalg.h | 3 + cdsa/cdsa_client/aclclient.cpp | 155 + cdsa/cdsa_client/aclclient.h | 79 +- cdsa/cdsa_client/aclsupport.cpp | 45 +- cdsa/cdsa_client/aclsupport.h | 5 +- cdsa/cdsa_client/clclient.cpp | 54 + cdsa/cdsa_client/clclient.h | 76 + cdsa/cdsa_client/cspclient.cpp | 41 +- cdsa/cdsa_client/cspclient.h | 35 +- cdsa/cdsa_client/cssmclient.cpp | 14 +- cdsa/cdsa_client/cssmclient.h | 33 +- cdsa/cdsa_client/dlclient.cpp | 14 + cdsa/cdsa_client/dlclient.h | 7 +- cdsa/cdsa_client/keyclient.cpp | 24 +- cdsa/cdsa_client/keyclient.h | 17 +- cdsa/cdsa_client/osxsigner.cpp | 5 +- cdsa/cdsa_client/osxsigner.h | 3 +- cdsa/cdsa_client/securestorage.cpp | 96 +- cdsa/cdsa_client/securestorage.h | 11 +- cdsa/cdsa_client/signclient.h | 10 +- cdsa/cdsa_client/tpclient.cpp | 136 + cdsa/cdsa_client/tpclient.h | 108 + cdsa/cdsa_pluginlib/CSPsession.cpp | 7 +- cdsa/cdsa_pluginlib/CSPsession.h | 3 +- cdsa/cdsa_pluginlib/DLsession.cpp | 6 +- cdsa/cdsa_pluginlib/DLsession.h | 8 +- cdsa/cdsa_pluginlib/cssmplugin.h | 8 +- cdsa/cdsa_pluginlib/generator.pl | 23 +- cdsa/cdsa_pluginlib/pluginsession.cpp | 4 +- cdsa/cdsa_pluginlib/pluginsession.h | 6 +- cdsa/cdsa_utilities/AppleDatabase.cpp | 17 +- cdsa/cdsa_utilities/AtomicFile.cpp | 63 +- cdsa/cdsa_utilities/AtomicFile.h | 5 +- cdsa/cdsa_utilities/Database.cpp | 4 +- cdsa/cdsa_utilities/DatabaseSession.cpp | 7 + cdsa/cdsa_utilities/DatabaseSession.h | 6 +- cdsa/cdsa_utilities/DbIndex.h | 2 +- cdsa/cdsa_utilities/DbValue.cpp | 3 +- cdsa/cdsa_utilities/MetaAttribute.h | 12 +- cdsa/cdsa_utilities/MetaRecord.cpp | 18 +- cdsa/cdsa_utilities/ReadWriteSection.h | 21 +- cdsa/cdsa_utilities/acl_any.cpp | 2 +- cdsa/cdsa_utilities/acl_any.h | 2 +- cdsa/cdsa_utilities/acl_codesigning.cpp | 4 +- cdsa/cdsa_utilities/acl_codesigning.h | 2 +- cdsa/cdsa_utilities/acl_comment.cpp | 2 +- cdsa/cdsa_utilities/acl_comment.h | 2 +- cdsa/cdsa_utilities/acl_password.cpp | 2 +- cdsa/cdsa_utilities/acl_password.h | 2 +- cdsa/cdsa_utilities/acl_process.cpp | 2 +- cdsa/cdsa_utilities/acl_process.h | 2 +- cdsa/cdsa_utilities/acl_protectedpw.cpp | 119 + cdsa/cdsa_utilities/acl_protectedpw.h | 64 + cdsa/cdsa_utilities/acl_threshold.cpp | 18 +- cdsa/cdsa_utilities/acl_threshold.h | 2 +- .../cdsa_utilities/cfutilities.cpp | 52 +- cdsa/cdsa_utilities/cfutilities.h | 218 + cdsa/cdsa_utilities/context.h | 15 +- cdsa/cdsa_utilities/cssmacl.cpp | 86 +- cdsa/cdsa_utilities/cssmacl.h | 100 +- cdsa/cdsa_utilities/cssmaclpod.cpp | 28 +- cdsa/cdsa_utilities/cssmaclpod.h | 41 +- cdsa/cdsa_utilities/cssmalloc.cpp | 79 +- cdsa/cdsa_utilities/cssmalloc.h | 146 +- cdsa/cdsa_utilities/cssmcert.cpp | 80 + cdsa/cdsa_utilities/cssmcert.h | 119 + cdsa/cdsa_utilities/cssmcred.h | 8 +- cdsa/cdsa_utilities/cssmdata.cpp | 26 +- cdsa/cdsa_utilities/cssmdata.h | 51 +- cdsa/cdsa_utilities/cssmdates.cpp | 166 +- cdsa/cdsa_utilities/cssmdates.h | 95 +- cdsa/cdsa_utilities/cssmdb.cpp | 89 +- cdsa/cdsa_utilities/cssmdb.h | 18 +- cdsa/cdsa_utilities/cssmerrno.h | 13 +- cdsa/cdsa_utilities/cssmlist.cpp | 30 +- cdsa/cdsa_utilities/cssmlist.h | 18 +- .../cdsa_utilities/cssmtrust.cpp | 39 +- cdsa/cdsa_utilities/cssmtrust.h | 203 + cdsa/cdsa_utilities/cssmwalkers.h | 8 + cdsa/cdsa_utilities/daemon.cpp | 37 +- cdsa/cdsa_utilities/daemon.h | 17 +- cdsa/cdsa_utilities/debugging.cpp | 75 +- cdsa/cdsa_utilities/debugging.h | 42 +- cdsa/cdsa_utilities/debugsupport.h | 15 +- cdsa/cdsa_utilities/devrandom.cpp | 21 +- cdsa/cdsa_utilities/devrandom.h | 3 +- .../cdsa_utilities/digestobject.h | 72 +- cdsa/cdsa_utilities/generator.pl | 16 +- cdsa/cdsa_utilities/globalizer.cpp | 18 +- cdsa/cdsa_utilities/globalizer.h | 32 +- cdsa/cdsa_utilities/handleobject.cpp | 90 +- cdsa/cdsa_utilities/handleobject.h | 104 +- cdsa/cdsa_utilities/headermap.cpp | 2 + cdsa/cdsa_utilities/headermap.h | 10 +- cdsa/cdsa_utilities/inetreply.cpp | 2 +- cdsa/cdsa_utilities/mach++.cpp | 197 +- cdsa/cdsa_utilities/mach++.h | 56 +- cdsa/cdsa_utilities/mach_notify.c | 192 +- cdsa/cdsa_utilities/machrunloopserver.cpp | 4 +- cdsa/cdsa_utilities/machserver.cpp | 80 +- cdsa/cdsa_utilities/machserver.h | 26 +- cdsa/cdsa_utilities/osxsigning.cpp | 5 +- cdsa/cdsa_utilities/osxsigning.h | 9 +- cdsa/cdsa_utilities/powerwatch.cpp | 28 +- cdsa/cdsa_utilities/refcount.h | 34 +- cdsa/cdsa_utilities/selector.h | 6 +- cdsa/cdsa_utilities/socks++.h | 1 + cdsa/cdsa_utilities/socks++4.cpp | 2 +- cdsa/cdsa_utilities/socks++5.cpp | 2 +- cdsa/cdsa_utilities/threading.h | 24 +- cdsa/cdsa_utilities/tqueue.h | 2 +- cdsa/cdsa_utilities/trackingallocator.h | 76 + cdsa/cdsa_utilities/unix++.h | 25 +- cdsa/cdsa_utilities/url.cpp | 1 - cdsa/cdsa_utilities/utilities.cpp | 67 +- cdsa/cdsa_utilities/utilities.h | 118 +- cdsa/cdsa_utilities/utility_config.h | 8 + cdsa/cdsa_utilities/walkers.h | 20 +- cdsa/cssm/MDS | 6 +- cdsa/cssm/attachfactory.cpp | 4 +- cdsa/cssm/attachment.cpp | 1 - cdsa/cssm/cssm.mdsinfo | 24 + cdsa/cssm/cssmcontext.cpp | 1 - cdsa/cssm/cssmcontext.h | 13 +- cdsa/cssm/cssmmds.cpp | 3 +- cdsa/cssm/generator.pl | 35 +- cdsa/cssm/module.h | 8 +- cdsa/cssm/oidsalg.c | 17 +- cdsa/generator.mk | 13 +- cdsa/mds/MDSAttrParser.cpp | 579 ++ cdsa/mds/MDSAttrParser.h | 154 + cdsa/mds/MDSAttrStrings.cpp | 778 +++ cdsa/mds/MDSAttrStrings.h | 111 + cdsa/mds/MDSAttrUtils.cpp | 290 + cdsa/mds/MDSAttrUtils.h | 119 + cdsa/mds/MDSDictionary.cpp | 533 ++ cdsa/mds/MDSDictionary.h | 122 + cdsa/mds/MDSModule.cpp | 52 +- cdsa/mds/MDSModule.h | 27 +- cdsa/mds/MDSSchema.cpp | 805 ++- cdsa/mds/MDSSchema.h | 81 +- cdsa/mds/MDSSession.cpp | 1420 ++++- cdsa/mds/MDSSession.h | 127 +- cdsa/mds/mdsapi.cpp | 108 - checkpw/checkpw.c | 32 +- checkpw/checkpw.h | 2 + keychains/Makefile | 45 + keychains/X509Anchors | Bin 0 -> 153168 bytes keychains/makeroots | 20 + keychains/roots/.cvsignore | 1 + keychains/roots/2006root.cer | Bin 0 -> 510 bytes keychains/roots/AddTrust Class 1 CA Root.crt | Bin 0 -> 1052 bytes keychains/roots/AddTrust External CA Root.crt | Bin 0 -> 1082 bytes keychains/roots/AddTrust Public CA Root.crt | Bin 0 -> 1049 bytes .../roots/AddTrust Qualified CA Root.crt | Bin 0 -> 1058 bytes keychains/roots/AdminNacCA.crt | Bin 0 -> 1023 bytes keychains/roots/BTCTRT.cer | Bin 0 -> 891 bytes .../roots/Belgacom_selfsigned_primary.crt | Bin 0 -> 842 bytes keychains/roots/C1_PCA_G3v2.509 | Bin 0 -> 1054 bytes keychains/roots/C2_PCA_G3v2.509 | Bin 0 -> 1053 bytes keychains/roots/C3_PCA_G3v2.509 | Bin 0 -> 1054 bytes keychains/roots/C4_PCA_G3v2.509 | Bin 0 -> 1054 bytes keychains/roots/Class1_PCA_G2_v2.509 | Bin 0 -> 774 bytes keychains/roots/Class2_PCA_G2_v2.509 | Bin 0 -> 775 bytes keychains/roots/Class3_PCA_G2_v2.509 | Bin 0 -> 774 bytes keychains/roots/Class4_PCA_G2_v2.509 | Bin 0 -> 774 bytes keychains/roots/DST Root CA X4.cer | Bin 0 -> 831 bytes keychains/roots/DST RootCA X1.cer | Bin 0 -> 988 bytes keychains/roots/DST RootCA X2.cer | Bin 0 -> 988 bytes keychains/roots/DoDCLASS3RootCA.cer | Bin 0 -> 619 bytes keychains/roots/DoDPKIMedRootCA.cer | Bin 0 -> 619 bytes .../roots/Equifax_Secure_Certificate_Auth | Bin 0 -> 804 bytes .../roots/Equifax_Secure_Global_eBusiness | Bin 0 -> 660 bytes .../roots/Equifax_Secure_eBusiness_CA-1.c | Bin 0 -> 646 bytes .../roots/Equifax_Secure_eBusiness_CA-2.c | Bin 0 -> 804 bytes keychains/roots/GTEGB18.cer | Bin 0 -> 606 bytes keychains/roots/IPSServidores.CRT | Bin 0 -> 699 bytes keychains/roots/KMD-CA-KPerson.crt | Bin 0 -> 890 bytes keychains/roots/KMD-CA-Server.crt | Bin 0 -> 862 bytes keychains/roots/PCA1ss_v4.509 | Bin 0 -> 577 bytes keychains/roots/PCA2ss_v4.509 | Bin 0 -> 576 bytes keychains/roots/PCA3ss_v4.509 | Bin 0 -> 576 bytes keychains/roots/SecureServer.509 | Bin 0 -> 568 bytes .../roots/TC_RootLRA-Admin_DER_Class2.der | Bin 0 -> 1111 bytes .../roots/TC_RootLRA-Admin_DER_Class3.der | Bin 0 -> 1111 bytes keychains/roots/TC_RootServer_DER_Class0.der | Bin 0 -> 1081 bytes keychains/roots/TC_RootServer_DER_Class1.der | Bin 0 -> 1081 bytes keychains/roots/TC_RootServer_DER_Class2.der | Bin 0 -> 1081 bytes keychains/roots/TC_RootServer_DER_Class3.der | Bin 0 -> 1081 bytes keychains/roots/TC_RootServer_DER_Class4.der | Bin 0 -> 1081 bytes .../roots/UTN-USERFirst-ClientAuthenticat | Bin 0 -> 1190 bytes keychains/roots/UTN-USERFirst-Hardware.crt | Bin 0 -> 1144 bytes .../roots/UTN-USERFirst-NetworkApplicatio | Bin 0 -> 1128 bytes keychains/roots/UTN-USERFirst-Object.crt | Bin 0 -> 1130 bytes keychains/roots/ac-racine.der | Bin 0 -> 887 bytes keychains/roots/expressz.cer | Bin 0 -> 1363 bytes keychains/roots/ipscaCAC.der | Bin 0 -> 2051 bytes keychains/roots/ipscaCLASE1.der | Bin 0 -> 2038 bytes keychains/roots/ipscaCLASE3.der | Bin 0 -> 2038 bytes keychains/roots/ipscaCLASEA1.der | Bin 0 -> 2051 bytes keychains/roots/ipscaCLASEA3.der | Bin 0 -> 2051 bytes keychains/roots/ipscaTimestamping.der | Bin 0 -> 2117 bytes keychains/roots/kozjegyzoi.cer | Bin 0 -> 1665 bytes keychains/roots/persbasi.crt | Bin 0 -> 805 bytes keychains/roots/persfree.crt | Bin 0 -> 817 bytes keychains/roots/persprem.crt | Bin 0 -> 813 bytes keychains/roots/qvrca.crt | Bin 0 -> 1492 bytes keychains/roots/serverbasic.crt | Bin 0 -> 791 bytes keychains/roots/serverpremium.crt | Bin 0 -> 811 bytes keychains/roots/uzleti.cer | Bin 0 -> 1359 bytes symbol_strip.sh | 22 +- 770 files changed, 51860 insertions(+), 44064 deletions(-) rename SecurityServer/MacYarrow/YarrowServer/YarrowServer_OSX.h => AppleCSP/AES/aesCommon.h (61%) create mode 100644 AppleCSP/AES/gladmanContext.cpp create mode 100644 AppleCSP/AES/gladmanContext.h create mode 100644 AppleCSP/AES/rijndaelGladman.c create mode 100644 AppleCSP/AES/rijndaelGladman.h delete mode 100644 AppleCSP/AppleCSP.pbxproj/.cvsignore delete mode 100644 AppleCSP/AppleCSP.pbxproj/project.pbxproj delete mode 100644 AppleCSP/AppleCSP/NullDigest.h create mode 100644 AppleCSP/DiffieHellman/DH_csp.cpp rename SecureTransport/privateInc/st_sha.h => AppleCSP/DiffieHellman/DH_csp.h (50%) create mode 100644 AppleCSP/DiffieHellman/DH_exchange.cpp rename SecurityServer/MacYarrow/YarrowServer/prefixRelease.h => AppleCSP/DiffieHellman/DH_exchange.h (70%) create mode 100644 AppleCSP/DiffieHellman/DH_keys.cpp create mode 100644 AppleCSP/DiffieHellman/DH_keys.h create mode 100644 AppleCSP/DiffieHellman/DH_utils.cpp create mode 100644 AppleCSP/DiffieHellman/DH_utils.h create mode 100644 AppleCSP/MiscCSPAlgs/NullCryptor.h create mode 100644 AppleCSP/csp_capabilities.mdsinfo create mode 100644 AppleCSP/csp_capabilities_common.mds create mode 100644 AppleCSP/csp_common.mdsinfo create mode 100644 AppleCSP/csp_primary.mdsinfo create mode 100644 AppleCSP/open_ssl/dh/dh_check.c create mode 100644 AppleCSP/open_ssl/dh/dh_err.c create mode 100644 AppleCSP/open_ssl/dh/dh_gen.c create mode 100644 AppleCSP/open_ssl/dh/dh_key.c create mode 100644 AppleCSP/open_ssl/dh/dh_lib.c create mode 100644 AppleCSP/open_ssl/openssl/dh.h delete mode 100644 AppleCSPDL/AppleCSPDL.pbproj/.cvsignore delete mode 100644 AppleCSPDL/AppleCSPDL.pbproj/project.pbxproj create mode 100644 AppleCSPDL/cspdl_common.mdsinfo create mode 100644 AppleCSPDL/cspdl_csp_capabilities.mdsinfo create mode 100644 AppleCSPDL/cspdl_csp_primary.mdsinfo create mode 100644 AppleCSPDL/cspdl_dl_primary.mdsinfo delete mode 100644 AppleDL/AppleDL.pbxproj/.cvsignore delete mode 100644 AppleDL/AppleDL.pbxproj/project.pbxproj create mode 100644 AppleDL/dl_common.mdsinfo create mode 100644 AppleDL/dl_primary.mdsinfo delete mode 100644 AppleX509CL/AppleX509CL.pbproj/project.pbxproj create mode 100644 AppleX509CL/Session_CSR.cpp create mode 100644 AppleX509CL/cl_common.mdsinfo create mode 100644 AppleX509CL/cl_primary.mdsinfo delete mode 100644 AppleX509TP/AppleTP.pbproj/project.pbxproj create mode 100644 AppleX509TP/rootCerts.cpp create mode 100644 AppleX509TP/tpCredRequest.cpp create mode 100644 AppleX509TP/tp_common.mdsinfo create mode 100644 AppleX509TP/tp_policyOids.mdsinfo create mode 100644 AppleX509TP/tp_primary.mdsinfo delete mode 100644 CVSVersionInfo.txt create mode 100644 CertTool/CertTool.html create mode 100644 CertTool/CertTool/CertTool.cpp create mode 100644 CertTool/CertTool/CertUI.cpp create mode 100644 CertTool/CertTool/CertUI.h create mode 100644 CertTool/cdsaUtils/cdsaUtils.c create mode 100644 CertTool/cdsaUtils/cdsaUtils.h create mode 100644 CertTool/cdsaUtils/cuEnc64.c create mode 100644 CertTool/cdsaUtils/cuEnc64.h create mode 100644 CertTool/cdsaUtils/dumpasn1.cfg create mode 100644 CertTool/cdsaUtils/fileIo.c create mode 100644 CertTool/cdsaUtils/fileIo.h create mode 100644 CertTool/cdsaUtils/oidParser.cpp create mode 100644 CertTool/cdsaUtils/oidParser.h create mode 100644 CertTool/cdsaUtils/pem.cpp create mode 100644 CertTool/cdsaUtils/pem.h create mode 100644 CertTool/cdsaUtils/printCert.cpp create mode 100644 CertTool/cdsaUtils/printCert.h create mode 100644 CertTool/cdsaUtils/timeStr.cpp create mode 100644 CertTool/cdsaUtils/timeStr.h create mode 100644 Documentation/ACLsInCDSA.cwk create mode 100644 Documentation/APIStrategy.cwk create mode 100644 Documentation/AccessControlArchitecture.cwk create mode 100644 Documentation/AppleCL_Spec.doc create mode 100644 Documentation/AppleCSP.doc create mode 100644 Documentation/AppleTP_Spec.doc create mode 100644 Documentation/ArchitectureOverview.cwk create mode 100644 Documentation/C++Utilities.cwk create mode 100644 Documentation/DebuggingAids.cwk create mode 100644 Documentation/HowToWriteA_CSP.cwk create mode 100644 Documentation/HowToWriteA_Plugin.cwk create mode 100644 Documentation/SecuritySupport.doc create mode 100644 Documentation/Supported_CSP_Algorithms.doc create mode 100644 Documentation/cwk_styles create mode 100644 Keychain/ACL.cpp create mode 100644 Keychain/ACL.h create mode 100644 Keychain/Access.cpp create mode 100644 Keychain/Access.h create mode 100644 Keychain/Certificate.cpp create mode 100644 Keychain/Certificate.h rename SecurityServer/MacYarrow/YarrowServer/prefixDebug.h => Keychain/CertificateRequest.cpp (75%) create mode 100644 Keychain/CertificateRequest.h create mode 100644 Keychain/Certificates.cpp create mode 100644 Keychain/Identity.cpp rename SecurityServer/MacYarrow/testHarness/serverDaemon.cpp => Keychain/Identity.h (51%) create mode 100644 Keychain/IdentityCursor.cpp create mode 100644 Keychain/IdentityCursor.h create mode 100644 Keychain/KeyItem.cpp create mode 100644 Keychain/KeyItem.h create mode 100644 Keychain/Policies.cpp create mode 100644 Keychain/Policies.h create mode 100644 Keychain/PolicyCursor.cpp create mode 100644 Keychain/PolicyCursor.h create mode 100644 Keychain/RootCertBlobs.h create mode 100644 Keychain/SecACL.cpp create mode 100644 Keychain/SecACL.h create mode 100644 Keychain/SecAccess.cpp create mode 100644 Keychain/SecAccess.h create mode 100644 Keychain/SecBase.h create mode 100644 Keychain/SecBridge.h rename SecurityServer/MacYarrow/yarrowseed.h => Keychain/SecCFTypes.cpp (55%) create mode 100644 Keychain/SecCFTypes.h create mode 100644 Keychain/SecCertificate.cpp create mode 100644 Keychain/SecCertificate.h create mode 100644 Keychain/SecCertificateBundle.cpp create mode 100644 Keychain/SecCertificateBundle.h create mode 100644 Keychain/SecCertificateRequest.cpp create mode 100644 Keychain/SecCertificateRequest.h create mode 100644 Keychain/SecIdentity.cpp create mode 100644 Keychain/SecIdentity.h create mode 100644 Keychain/SecIdentitySearch.cpp create mode 100644 Keychain/SecIdentitySearch.h create mode 100644 Keychain/SecKey.cpp create mode 100644 Keychain/SecKey.h create mode 100644 Keychain/SecKeychain.cpp create mode 100644 Keychain/SecKeychain.h create mode 100644 Keychain/SecKeychainItem.cpp create mode 100644 Keychain/SecKeychainItem.h create mode 100644 Keychain/SecKeychainSearch.cpp create mode 100644 Keychain/SecKeychainSearch.h create mode 100644 Keychain/SecPolicy.cpp create mode 100644 Keychain/SecPolicy.h create mode 100644 Keychain/SecPolicySearch.cpp create mode 100644 Keychain/SecPolicySearch.h create mode 100644 Keychain/SecRuntime.cpp create mode 100644 Keychain/SecRuntime.h create mode 100644 Keychain/SecTrust.cpp create mode 100644 Keychain/SecTrust.h create mode 100644 Keychain/SecTrustedApplication.cpp create mode 100644 Keychain/SecTrustedApplication.h create mode 100644 Keychain/Security.h create mode 100644 Keychain/Trust.cpp create mode 100644 Keychain/Trust.h create mode 100644 Keychain/TrustItem.cpp create mode 100644 Keychain/TrustItem.h create mode 100644 Keychain/TrustStore.cpp create mode 100644 Keychain/TrustStore.h create mode 100644 Keychain/TrustedApplication.cpp create mode 100644 Keychain/TrustedApplication.h create mode 100644 README.txt delete mode 100644 SecureTransport/appleSession.c create mode 100644 SecureTransport/appleSession.cpp delete mode 100644 SecureTransport/privateInc/sslmd5.h create mode 100644 SecureTransport/privateInc/tls_hmac.h create mode 100644 SecureTransport/privateInc/tls_ssl.h delete mode 100644 SecureTransport/sha.c create mode 100644 SecureTransport/ssl3Callouts.c create mode 100644 SecureTransport/sslBER_Dummy.c delete mode 100644 SecureTransport/sslmd5.c create mode 100644 SecureTransport/tls1Callouts.c create mode 100644 SecureTransport/tls_hmac.c create mode 100644 SecurityASN1/asn/pkcs10.asn create mode 100644 SecurityASN1/c++/pkcs10.cpp create mode 100644 SecurityASN1/inc/pkcs10.h create mode 100644 SecurityServer/Authorization/AuthorizationData.cpp create mode 100644 SecurityServer/Authorization/AuthorizationData.h delete mode 100644 SecurityServer/MacYarrow/MacYarrow.pbproj/project.pbxproj delete mode 100644 SecurityServer/MacYarrow/YarrowServer/MacYarrow_OSX.cpp delete mode 100644 SecurityServer/MacYarrow/YarrowServer/MacYarrow_OSX.h delete mode 100644 SecurityServer/MacYarrow/YarrowServer/YarrowLib_OS9.mcp.exp delete mode 100644 SecurityServer/MacYarrow/YarrowServer/YarrowServer_OS9.c delete mode 100644 SecurityServer/MacYarrow/YarrowServer/YarrowServer_OS9.h delete mode 100644 SecurityServer/MacYarrow/YarrowServer/YarrowServer_OSX.cpp delete mode 100644 SecurityServer/MacYarrow/YarrowServer/debug.c delete mode 100644 SecurityServer/MacYarrow/YarrowServer/debug.h delete mode 100644 SecurityServer/MacYarrow/YarrowServer/entropyFile.h delete mode 100644 SecurityServer/MacYarrow/YarrowServer/entropyFileOS9.c delete mode 100644 SecurityServer/MacYarrow/YarrowServer/entropyFileUnix.c delete mode 100644 SecurityServer/MacYarrow/YarrowServer/kdebug_private.h delete mode 100644 SecurityServer/MacYarrow/YarrowServer/systemEntropy.c delete mode 100644 SecurityServer/MacYarrow/YarrowServer/systemEntropy.h delete mode 100644 SecurityServer/MacYarrow/testHarness/clientTest.cpp delete mode 100644 SecurityServer/MacYarrow/yarrowseed.cpp delete mode 100644 SecurityServer/MacYarrow/zlib/ChangeLog delete mode 100644 SecurityServer/MacYarrow/zlib/README delete mode 100644 SecurityServer/MacYarrow/zlib/adler32.c delete mode 100644 SecurityServer/MacYarrow/zlib/algorithm.txt delete mode 100644 SecurityServer/MacYarrow/zlib/compress.c delete mode 100644 SecurityServer/MacYarrow/zlib/crc32.c delete mode 100644 SecurityServer/MacYarrow/zlib/deflate.c delete mode 100644 SecurityServer/MacYarrow/zlib/deflate.h delete mode 100644 SecurityServer/MacYarrow/zlib/infblock.c delete mode 100644 SecurityServer/MacYarrow/zlib/infblock.h delete mode 100644 SecurityServer/MacYarrow/zlib/infcodes.c delete mode 100644 SecurityServer/MacYarrow/zlib/inffast.c delete mode 100644 SecurityServer/MacYarrow/zlib/inffixed.h delete mode 100644 SecurityServer/MacYarrow/zlib/inflate.c delete mode 100644 SecurityServer/MacYarrow/zlib/inftrees.c delete mode 100644 SecurityServer/MacYarrow/zlib/inftrees.h delete mode 100644 SecurityServer/MacYarrow/zlib/infutil.c delete mode 100644 SecurityServer/MacYarrow/zlib/infutil.h delete mode 100644 SecurityServer/MacYarrow/zlib/trees.c delete mode 100644 SecurityServer/MacYarrow/zlib/trees.h delete mode 100644 SecurityServer/MacYarrow/zlib/uncompr.c delete mode 100644 SecurityServer/MacYarrow/zlib/zconf.h delete mode 100644 SecurityServer/MacYarrow/zlib/zlib.h delete mode 100644 SecurityServer/MacYarrow/zlib/zlib.mcp delete mode 100644 SecurityServer/MacYarrow/zlib/zutil.c delete mode 100644 SecurityServer/MacYarrow/zlib/zutil.h delete mode 100644 SecurityServer/SecurityServer.pbxproj/.cvsignore delete mode 100644 SecurityServer/SecurityServer.pbxproj/project.pbxproj create mode 100644 SecurityServer/entropy.cpp create mode 100644 SecurityServer/entropy.h create mode 100644 SecurityServer/notifications.cpp create mode 100644 SecurityServer/notifications.h create mode 100644 SecurityServer/ucspNotify.defs delete mode 100644 cdsa/cdsa.pbxproj/.cvsignore delete mode 100644 cdsa/cdsa.pbxproj/project.pbxproj create mode 100644 cdsa/cdsa_client/aclclient.cpp create mode 100644 cdsa/cdsa_client/clclient.cpp create mode 100644 cdsa/cdsa_client/clclient.h create mode 100644 cdsa/cdsa_client/tpclient.cpp create mode 100644 cdsa/cdsa_client/tpclient.h create mode 100644 cdsa/cdsa_utilities/acl_protectedpw.cpp create mode 100644 cdsa/cdsa_utilities/acl_protectedpw.h rename SecurityServer/MacYarrow/zlib/infcodes.h => cdsa/cdsa_utilities/cfutilities.cpp (50%) create mode 100644 cdsa/cdsa_utilities/cfutilities.h create mode 100644 cdsa/cdsa_utilities/cssmcert.cpp create mode 100644 cdsa/cdsa_utilities/cssmcert.h rename SecurityServer/MacYarrow/zlib/inffast.h => cdsa/cdsa_utilities/cssmtrust.cpp (59%) create mode 100644 cdsa/cdsa_utilities/cssmtrust.h rename AppleCSP/AppleCSP/DigestObject.h => cdsa/cdsa_utilities/digestobject.h (58%) create mode 100644 cdsa/cdsa_utilities/trackingallocator.h create mode 100644 cdsa/cssm/cssm.mdsinfo create mode 100644 cdsa/mds/MDSAttrParser.cpp create mode 100644 cdsa/mds/MDSAttrParser.h create mode 100644 cdsa/mds/MDSAttrStrings.cpp create mode 100644 cdsa/mds/MDSAttrStrings.h create mode 100644 cdsa/mds/MDSAttrUtils.cpp create mode 100644 cdsa/mds/MDSAttrUtils.h create mode 100644 cdsa/mds/MDSDictionary.cpp create mode 100644 cdsa/mds/MDSDictionary.h create mode 100644 keychains/Makefile create mode 100644 keychains/X509Anchors create mode 100755 keychains/makeroots create mode 100644 keychains/roots/.cvsignore create mode 100644 keychains/roots/2006root.cer create mode 100644 keychains/roots/AddTrust Class 1 CA Root.crt create mode 100644 keychains/roots/AddTrust External CA Root.crt create mode 100644 keychains/roots/AddTrust Public CA Root.crt create mode 100644 keychains/roots/AddTrust Qualified CA Root.crt create mode 100644 keychains/roots/AdminNacCA.crt create mode 100644 keychains/roots/BTCTRT.cer create mode 100644 keychains/roots/Belgacom_selfsigned_primary.crt create mode 100644 keychains/roots/C1_PCA_G3v2.509 create mode 100644 keychains/roots/C2_PCA_G3v2.509 create mode 100644 keychains/roots/C3_PCA_G3v2.509 create mode 100644 keychains/roots/C4_PCA_G3v2.509 create mode 100644 keychains/roots/Class1_PCA_G2_v2.509 create mode 100644 keychains/roots/Class2_PCA_G2_v2.509 create mode 100644 keychains/roots/Class3_PCA_G2_v2.509 create mode 100644 keychains/roots/Class4_PCA_G2_v2.509 create mode 100644 keychains/roots/DST Root CA X4.cer create mode 100644 keychains/roots/DST RootCA X1.cer create mode 100644 keychains/roots/DST RootCA X2.cer create mode 100644 keychains/roots/DoDCLASS3RootCA.cer create mode 100644 keychains/roots/DoDPKIMedRootCA.cer create mode 100644 keychains/roots/Equifax_Secure_Certificate_Auth create mode 100644 keychains/roots/Equifax_Secure_Global_eBusiness create mode 100644 keychains/roots/Equifax_Secure_eBusiness_CA-1.c create mode 100644 keychains/roots/Equifax_Secure_eBusiness_CA-2.c create mode 100644 keychains/roots/GTEGB18.cer create mode 100644 keychains/roots/IPSServidores.CRT create mode 100644 keychains/roots/KMD-CA-KPerson.crt create mode 100644 keychains/roots/KMD-CA-Server.crt create mode 100644 keychains/roots/PCA1ss_v4.509 create mode 100644 keychains/roots/PCA2ss_v4.509 create mode 100644 keychains/roots/PCA3ss_v4.509 create mode 100644 keychains/roots/SecureServer.509 create mode 100644 keychains/roots/TC_RootLRA-Admin_DER_Class2.der create mode 100644 keychains/roots/TC_RootLRA-Admin_DER_Class3.der create mode 100644 keychains/roots/TC_RootServer_DER_Class0.der create mode 100644 keychains/roots/TC_RootServer_DER_Class1.der create mode 100644 keychains/roots/TC_RootServer_DER_Class2.der create mode 100644 keychains/roots/TC_RootServer_DER_Class3.der create mode 100644 keychains/roots/TC_RootServer_DER_Class4.der create mode 100644 keychains/roots/UTN-USERFirst-ClientAuthenticat create mode 100644 keychains/roots/UTN-USERFirst-Hardware.crt create mode 100644 keychains/roots/UTN-USERFirst-NetworkApplicatio create mode 100644 keychains/roots/UTN-USERFirst-Object.crt create mode 100644 keychains/roots/ac-racine.der create mode 100644 keychains/roots/expressz.cer create mode 100644 keychains/roots/ipscaCAC.der create mode 100644 keychains/roots/ipscaCLASE1.der create mode 100644 keychains/roots/ipscaCLASE3.der create mode 100644 keychains/roots/ipscaCLASEA1.der create mode 100644 keychains/roots/ipscaCLASEA3.der create mode 100644 keychains/roots/ipscaTimestamping.der create mode 100644 keychains/roots/kozjegyzoi.cer create mode 100644 keychains/roots/persbasi.crt create mode 100644 keychains/roots/persfree.crt create mode 100644 keychains/roots/persprem.crt create mode 100644 keychains/roots/qvrca.crt create mode 100644 keychains/roots/serverbasic.crt create mode 100644 keychains/roots/serverpremium.crt create mode 100644 keychains/roots/uzleti.cer diff --git a/SecurityServer/MacYarrow/YarrowServer/YarrowServer_OSX.h b/AppleCSP/AES/aesCommon.h similarity index 61% rename from SecurityServer/MacYarrow/YarrowServer/YarrowServer_OSX.h rename to AppleCSP/AES/aesCommon.h index bace99b0..6e3480f6 100644 --- a/SecurityServer/MacYarrow/YarrowServer/YarrowServer_OSX.h +++ b/AppleCSP/AES/aesCommon.h @@ -16,29 +16,27 @@ */ -/* - * YarrowServer - Yarrow RNG server object - */ -#ifndef _YARROW_SERVER_H_ -#define _YARROW_SERVER_H_ +// +// aesCommon.h - common AES/Rijndael constants +// +#ifndef _H_AES_COMMON_ +#define _H_AES_COMMON_ + +#define MIN_AES_KEY_BITS 128 +#define MID_AES_KEY_BITS 192 +#define MAX_AES_KEY_BITS 256 -#include +#define MIN_AES_BLOCK_BITS 128 +#define MID_AES_BLOCK_BITS 192 +#define MAX_AES_BLOCK_BITS 256 -class YarrowServer : public MachPlusPlus::MachServer, public Thread { -public: - YarrowServer(MachPlusPlus::MachServer &globalServer, const char *entropyFilePath = NULL); - ~YarrowServer(); - - void runYarrow(); - -private: - void action(); // Thread action - start up server, etc. - -protected: - boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out); - void notifyDeadName(MachPlusPlus::Port port); - -}; +#define MIN_AES_BLOCK_BYTES (MIN_AES_BLOCK_BITS / 8) +#define DEFAULT_AES_BLOCK_BYTES MIN_AES_BLOCK_BYTES +/* + * When true, the Gladman AES implementation is present and is used + * for all 128-bit block configurations. + */ +#define GLADMAN_AES_128_ENABLE 1 -#endif /* _YARROW_SERVER_H_ */ +#endif /* _H_AES_COMMON_ */ diff --git a/AppleCSP/AES/aescsp.cpp b/AppleCSP/AES/aescsp.cpp index 3a8be1ba..5377e319 100644 --- a/AppleCSP/AES/aescsp.cpp +++ b/AppleCSP/AES/aescsp.cpp @@ -28,22 +28,6 @@ #define DEFAULT_BLOCK_SIZE (MIN_AES_BLOCK_BITS / 8) -#define DEBUG_ED 0 /* general encrypt/decrypt debug */ -#if DEBUG_ED -#define dprint(s) printf s -#else -#define dprint(s) -#endif - -#define DEBUG_SIZES 0 -#if DEBUG_SIZES -#define logSize(s, final, encr, ibs, in, out) \ - printf("%s final %d encr %d inbufsz %d inSize %d outSize %d\n", \ - s, final, encr, ibs, in, out) -#else -#define logSize(s, final, encr, ibs, in, out) -#endif - /* * AES symmetric key generation. * This algorithm has key size restrictions which don't fit with the @@ -153,11 +137,13 @@ void AESContext::init( } int opt128 = 0; +#if !GLADMAN_AES_128_ENABLE if((mBlockSize == (MIN_AES_BLOCK_BITS/8)) && (keyLen == (MIN_AES_KEY_BITS/8)) && doAES128) { opt128 = 1; } +#endif /* !GLADMAN_AES_128_ENABLE */ /* create new key if needed */ if(mAesKey == NULL) { @@ -180,6 +166,7 @@ void AESContext::init( mRawKeySize = keyLen; } +#if !GLADMAN_AES_128_ENABLE if(opt128) { /* optimized path */ mEncryptFcn = rijndaelBlockEncrypt128; @@ -190,6 +177,11 @@ void AESContext::init( mEncryptFcn = rijndaelBlockEncrypt; mDecryptFcn = rijndaelBlockDecrypt; } +#else + /* common standard path */ + mEncryptFcn = rijndaelBlockEncrypt; + mDecryptFcn = rijndaelBlockDecrypt; +#endif !GLADMAN_AES_128_ENABLE /* Finally, have BlockCryptor do its setup */ setup(mBlockSize, context); diff --git a/AppleCSP/AES/gladmanContext.cpp b/AppleCSP/AES/gladmanContext.cpp new file mode 100644 index 00000000..63d8fe51 --- /dev/null +++ b/AppleCSP/AES/gladmanContext.cpp @@ -0,0 +1,176 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * gladmanContext.cpp - glue between BlockCryptor and Gladman AES implementation + * Written by Doug Mitchell 12/12/2001 + */ + +#include "gladmanContext.h" +#include "cspdebugging.h" + +/* + * Global singleton to perform one-time-only init of AES tables. + */ +class GladmanInit +{ +public: + GladmanInit() : mTablesGenerated(false) { } + void genTables(); +private: + bool mTablesGenerated; + Mutex mLock; +}; + +void GladmanInit::genTables() +{ + StLock _(mLock); + if(mTablesGenerated) { + return; + } + + /* allocate the tables */ + CssmAllocator &alloc = CssmAllocator::standard(CssmAllocator::sensitive); + pow_tab = (u1byte *)alloc.malloc(POW_TAB_SIZE * sizeof(u1byte)); + log_tab = (u1byte *)alloc.malloc(LOG_TAB_SIZE * sizeof(u1byte)); + sbx_tab = (u1byte *)alloc.malloc(SBX_TAB_SIZE * sizeof(u1byte)); + isb_tab = (u1byte *)alloc.malloc(ISB_TAB_SIZE * sizeof(u1byte)); + rco_tab = (u4byte *)alloc.malloc(RCO_TAB_SIZE * sizeof(u4byte)); + ft_tab = (u4byte (*)[FT_TAB_SIZE_LS])alloc.malloc( + FT_TAB_SIZE_LS * FT_TAB_SIZE_MS * sizeof(u4byte)); + it_tab = (u4byte (*)[IT_TAB_SIZE_LS])alloc.malloc( + IT_TAB_SIZE_LS * IT_TAB_SIZE_MS * sizeof(u4byte)); + #ifdef LARGE_TABLES + fl_tab = (u4byte (*)[FL_TAB_SIZE_LS])alloc.malloc( + FL_TAB_SIZE_LS * FL_TAB_SIZE_MS * sizeof(u4byte)); + il_tab = (u4byte (*)[IL_TAB_SIZE_LS])alloc.malloc( + IL_TAB_SIZE_LS * IL_TAB_SIZE_MS * sizeof(u4byte)); + #endif + + /* now fill them */ + gen_tabs(); + mTablesGenerated = true; +} + +static ModuleNexus gladmanInit; + +/* + * AES encrypt/decrypt. + */ +GAESContext::GAESContext(AppleCSPSession &session) : + BlockCryptor(session), + mKeyValid(false), + mInitFlag(false), + mRawKeySize(0) +{ + /* one-time only init */ + gladmanInit().genTables(); +} + +GAESContext::~GAESContext() +{ + deleteKey(); + memset(mRawKey, 0, MAX_AES_KEY_BITS / 8); + mInitFlag = false; +} + +void GAESContext::deleteKey() +{ + memset(&mAesKey, 0, sizeof(GAesKey)); + mKeyValid = false; +} + +/* + * Standard CSPContext init, called from CSPFullPluginSession::init(). + * Reusable, e.g., query followed by en/decrypt. Even reusable after context + * changed (i.e., new IV in Encrypted File System). + */ +void GAESContext::init( + const Context &context, + bool encrypting) +{ + if(mInitFlag && !opStarted()) { + return; + } + + UInt32 keyLen; + UInt8 *keyData = NULL; + bool sameKeySize = false; + + /* obtain key from context */ + symmetricKeyBits(context, CSSM_ALGID_AES, + encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, + keyData, keyLen); + + /* + * Delete existing key if key size changed + */ + if(mRawKeySize == keyLen) { + sameKeySize = true; + } + else { + deleteKey(); + } + + /* init key only if key size or key bits have changed */ + if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) { + set_key((u4byte *)keyData, keyLen * 8, &mAesKey); + + /* save this raw key data */ + memmove(mRawKey, keyData, mRawKeySize); + mRawKeySize = keyLen; + } + + /* Finally, have BlockCryptor do its setup */ + setup(GLADMAN_BLOCK_SIZE_BYTES, context); + mInitFlag = true; +} + +/* + * Functions called by BlockCryptor + */ +void GAESContext::encryptBlock( + const void *plainText, // length implied (one block) + size_t plainTextLen, + void *cipherText, + size_t &cipherTextLen, // in/out, throws on overflow + bool final) // ignored +{ + if(plainTextLen != GLADMAN_BLOCK_SIZE_BYTES) { + CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR); + } + if(cipherTextLen < GLADMAN_BLOCK_SIZE_BYTES) { + CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); + } + rEncrypt((u4byte *)plainText, (u4byte *)cipherText, &mAesKey); + cipherTextLen = GLADMAN_BLOCK_SIZE_BYTES; +} + +void GAESContext::decryptBlock( + const void *cipherText, // length implied (one cipher block) + void *plainText, + size_t &plainTextLen, // in/out, throws on overflow + bool final) // ignored +{ + if(plainTextLen < GLADMAN_BLOCK_SIZE_BYTES) { + CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); + } + rDecrypt((u4byte *)cipherText, (u4byte *)plainText, &mAesKey); + plainTextLen = GLADMAN_BLOCK_SIZE_BYTES; +} + diff --git a/AppleCSP/AES/gladmanContext.h b/AppleCSP/AES/gladmanContext.h new file mode 100644 index 00000000..daf71dde --- /dev/null +++ b/AppleCSP/AES/gladmanContext.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +// +// gladmanContext.h - Gladman AES context class +// +#ifndef _H_GLADMAN_CONTEXT +#define _H_GLADMAN_CONTEXT + +#include +#include "AppleCSP.h" +#include "AppleCSPContext.h" +#include "AppleCSPSession.h" +#include "BlockCryptor.h" +#include "rijndaelGladman.h" +#include "aesCommon.h" + +#define GLADMAN_BLOCK_SIZE_BYTES DEFAULT_AES_BLOCK_BYTES + +/* Symmetric encryption context */ +class GAESContext : public BlockCryptor { +public: + GAESContext(AppleCSPSession &session); + ~GAESContext(); + + // called by CSPFullPluginSession + void init(const Context &context, bool encoding = true); + + // As an optimization, we allow reuse of a modified context. The main thing + // we avoid is a redundant key scheduling. We save the current raw keys bits + // in mRawKey and compare on re-init. + bool changed(const Context &context) { return true; } + + // called by BlockCryptor + void encryptBlock( + const void *plainText, // length implied (one block) + size_t plainTextLen, + void *cipherText, + size_t &cipherTextLen, // in/out, throws on overflow + bool final); + void decryptBlock( + const void *cipherText, // length implied (one cipher block) + void *plainText, + size_t &plainTextLen, // in/out, throws on overflow + bool final); + +private: + void deleteKey(); + + /* scheduled key */ + GAesKey mAesKey; + bool mKeyValid; + bool mInitFlag; // for easy reuse + + /* raw key bits saved here and checked on re-init to avoid extra key schedule */ + uint8 mRawKey[MAX_AES_KEY_BITS / 8]; + uint32 mRawKeySize; +}; /* AESContext */ + +#endif //_H_GLADMAN_CONTEXT diff --git a/AppleCSP/AES/rijndael-alg-ref.c b/AppleCSP/AES/rijndael-alg-ref.c index 96d809f3..22179cd4 100644 --- a/AppleCSP/AES/rijndael-alg-ref.c +++ b/AppleCSP/AES/rijndael-alg-ref.c @@ -354,6 +354,8 @@ int rijndaelDecrypt ( return 0; } +#if !GLADMAN_AES_128_ENABLE + /* * All of these 128-bit-key-and-block routines require 32-bit word-aligned * char array pointers.ÊThe key schedule arrays are easy; they come from @@ -604,3 +606,5 @@ int rijndaelDecrypt128 ( return 0; } +#endif /* !GLADMAN_AES_128_ENABLE */ + diff --git a/AppleCSP/AES/rijndael-alg-ref.h b/AppleCSP/AES/rijndael-alg-ref.h index 193f376c..41a889cb 100644 --- a/AppleCSP/AES/rijndael-alg-ref.h +++ b/AppleCSP/AES/rijndael-alg-ref.h @@ -24,15 +24,8 @@ #ifndef __RIJNDAEL_ALG_H #define __RIJNDAEL_ALG_H -#ifdef __APPLE__ -#define MIN_AES_KEY_BITS 128 -#define MID_AES_KEY_BITS 192 -#define MAX_AES_KEY_BITS 256 +#include "aesCommon.h" -#define MIN_AES_BLOCK_BITS 128 -#define MID_AES_BLOCK_BITS 192 -#define MAX_AES_BLOCK_BITS 256 -#endif #define MAXBC (MAX_AES_BLOCK_BITS/32) #define MAXKC (MAX_AES_KEY_BITS/32) #define MAXROUNDS 14 @@ -61,6 +54,8 @@ int rijndaelDecryptRound (word8 a[4][MAXBC], int keyBits, int blockBits, word8 rk[MAXROUNDS+1][4][MAXBC], int rounds); #endif +#if !GLADMAN_AES_128_ENABLE + /* * Optimized routines for 128-bit block and key. */ @@ -78,6 +73,8 @@ int rijndaelEncrypt128 (word8 a[4][BC_128_OPT], int rijndaelDecrypt128 (word8 a[4][BC_128_OPT], word8 rk[MAXROUNDS+1][4][MAXBC]); +#endif /* !GLADMAN_AES_128_ENABLE */ + #ifdef __cplusplus } #endif diff --git a/AppleCSP/AES/rijndaelApi.c b/AppleCSP/AES/rijndaelApi.c index 9fbd1cfe..aba5b870 100644 --- a/AppleCSP/AES/rijndaelApi.c +++ b/AppleCSP/AES/rijndaelApi.c @@ -80,6 +80,7 @@ int makeKey( key->columns = blockLen / 32; /* initialize key schedule */ +#if !GLADMAN_AES_128_ENABLE if(enable128Opt && (keyLen == MIN_AES_KEY_BITS) && (blockLen == MIN_AES_BLOCK_BITS)) { @@ -93,7 +94,10 @@ int makeKey( rijndaelKeySched128 (k, key->keySched); memset(k, 0, 4 * KC_128_OPT); } - else { + else +#endif /* !GLADMAN_AES_128_ENABLE */ + { + /* general case */ word8 k[4][MAXKC]; @@ -188,6 +192,7 @@ int rijndaelBlockDecrypt( return key->blockLen; } +#if !GLADMAN_AES_128_ENABLE /* * Optimized routines for 128 bit block and 128 bit key. */ @@ -265,4 +270,5 @@ int rijndaelBlockDecrypt128( memset(localBlock, 0, 4*BC_128_OPT); return MIN_AES_BLOCK_BITS; } +#endif /* !GLADMAN_AES_128_ENABLE */ diff --git a/AppleCSP/AES/rijndaelApi.h b/AppleCSP/AES/rijndaelApi.h index e1f36233..38e79001 100644 --- a/AppleCSP/AES/rijndaelApi.h +++ b/AppleCSP/AES/rijndaelApi.h @@ -72,6 +72,7 @@ int rijndaelBlockDecrypt( word8 *input, word8 *outBuffer); +#if !GLADMAN_AES_128_ENABLE /* * Optimized routines for 128 bit block and 128 bit key. */ @@ -83,8 +84,9 @@ int rijndaelBlockDecrypt128( keyInstance *key, word8 *input, word8 *outBuffer); +#endif /* !GLADMAN_AES_128_ENABLE */ -#ifdef __ppc__ +#if defined(__ppc__) && defined(ALTIVEC_ENABLE) /* * dmitch addenda 4/11/2001: 128-bit only vectorized encrypt/decrypt with no CBC */ @@ -96,11 +98,12 @@ void vBlockDecrypt128( keyInstance *key, word8 *input, word8 *outBuffer); -#endif __ppc__ - + /* temp switch for runtime enable/disable */ extern int doAES128; +#endif /* __ppc__ && ALTIVEC_ENABLE */ + /* ptr to one of several (possibly optimized) encrypt/decrypt functions */ typedef int (*aesCryptFcn)( keyInstance *key, diff --git a/AppleCSP/AES/rijndaelGladman.c b/AppleCSP/AES/rijndaelGladman.c new file mode 100644 index 00000000..fbef2c31 --- /dev/null +++ b/AppleCSP/AES/rijndaelGladman.c @@ -0,0 +1,436 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * rijndaelGladman.c - Gladman AES/Rijndael implementation. + * Based on rijndael.c written by Dr. Brian Gladman. + */ + + + +/* This is an independent implementation of the encryption algorithm: */ +/* */ +/* RIJNDAEL by Joan Daemen and Vincent Rijmen */ +/* */ +/* which is a candidate algorithm in the Advanced Encryption Standard */ +/* programme of the US National Institute of Standards and Technology. */ +/* */ +/* Copyright in this implementation is held by Dr B R Gladman but I */ +/* hereby give permission for its free direct or derivative use subject */ +/* to acknowledgment of its origin and compliance with any conditions */ +/* that the originators of the algorithm place on its exploitation. */ +/* */ +/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ + +#include "rijndaelGladman.h" + +/* enable of block/word/byte swapping macros */ +#define USE_SWAP_MACROS 1 + +#if old_way +/* original static declarations */ +u1byte pow_tab[256]; +u1byte log_tab[256]; +u1byte sbx_tab[256]; +u1byte isb_tab[256]; +u4byte rco_tab[ 10]; +u4byte ft_tab[4][256]; +u4byte it_tab[4][256]; + +#ifdef LARGE_TABLES + u4byte fl_tab[4][256]; + u4byte il_tab[4][256]; +#endif +#else /* new_way */ +u1byte *pow_tab; /* [POW_TAB_SIZE] */ +u1byte *log_tab; /* [LOG_TAB_SIZE] */; +u1byte *sbx_tab; /* [SBX_TAB_SIZE] */ +u1byte *isb_tab; /* [ISB_TAB_SIZE] */ +u4byte *rco_tab; /* [RCO_TAB_SIZE] */ +u4byte (*ft_tab)[FT_TAB_SIZE_LS]; +u4byte (*it_tab)[IT_TAB_SIZE_LS]; +#ifdef LARGE_TABLES +u4byte (*fl_tab)[FL_TAB_SIZE_LS]; +u4byte (*il_tab)[IL_TAB_SIZE_LS]; +#endif /* LARGE_TABLES */ +#endif /* new_way */ + +#define ff_mult(a,b) (a && b ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0) + +#define f_rn(bo, bi, n, k) \ + bo[n] = ft_tab[0][byte(bi[n],0)] ^ \ + ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ + ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) + +#define i_rn(bo, bi, n, k) \ + bo[n] = it_tab[0][byte(bi[n],0)] ^ \ + it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ + it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) + +#ifdef LARGE_TABLES + +#define ls_box(x) \ + ( fl_tab[0][byte(x, 0)] ^ \ + fl_tab[1][byte(x, 1)] ^ \ + fl_tab[2][byte(x, 2)] ^ \ + fl_tab[3][byte(x, 3)] ) + +#define f_rl(bo, bi, n, k) \ + bo[n] = fl_tab[0][byte(bi[n],0)] ^ \ + fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ + fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) + +#define i_rl(bo, bi, n, k) \ + bo[n] = il_tab[0][byte(bi[n],0)] ^ \ + il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ + il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) + +#else + +#define ls_box(x) \ + ((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \ + ((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \ + ((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \ + ((u4byte)sbx_tab[byte(x, 3)] << 24) + +#define f_rl(bo, bi, n, k) \ + bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \ + rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \ + rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ + rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n) + +#define i_rl(bo, bi, n, k) \ + bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \ + rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \ + rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ + rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n) + +#endif + +void gen_tabs(void) +{ u4byte i, t; + u1byte p, q; + + /* log and power tables for GF(2**8) finite field with */ + /* 0x11b as modular polynomial - the simplest prmitive */ + /* root is 0x11, used here to generate the tables */ + + for(i = 0,p = 1; i < 256; ++i) + { + pow_tab[i] = (u1byte)p; log_tab[p] = (u1byte)i; + + p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0); + } + + log_tab[1] = 0; p = 1; + + for(i = 0; i < 10; ++i) + { + rco_tab[i] = p; + + p = (p << 1) ^ (p & 0x80 ? 0x1b : 0); + } + + /* note that the affine byte transformation matrix in */ + /* rijndael specification is in big endian format with */ + /* bit 0 as the most significant bit. In the remainder */ + /* of the specification the bits are numbered from the */ + /* least significant end of a byte. */ + + for(i = 0; i < 256; ++i) + { + p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p; + q = (q >> 7) | (q << 1); p ^= q; + q = (q >> 7) | (q << 1); p ^= q; + q = (q >> 7) | (q << 1); p ^= q; + q = (q >> 7) | (q << 1); p ^= q ^ 0x63; + sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i; + } + + for(i = 0; i < 256; ++i) + { + p = sbx_tab[i]; + +#ifdef LARGE_TABLES + + t = p; fl_tab[0][i] = t; + fl_tab[1][i] = rotl(t, 8); + fl_tab[2][i] = rotl(t, 16); + fl_tab[3][i] = rotl(t, 24); +#endif + t = ((u4byte)ff_mult(2, p)) | + ((u4byte)p << 8) | + ((u4byte)p << 16) | + ((u4byte)ff_mult(3, p) << 24); + + ft_tab[0][i] = t; + ft_tab[1][i] = rotl(t, 8); + ft_tab[2][i] = rotl(t, 16); + ft_tab[3][i] = rotl(t, 24); + + p = isb_tab[i]; + +#ifdef LARGE_TABLES + + t = p; il_tab[0][i] = t; + il_tab[1][i] = rotl(t, 8); + il_tab[2][i] = rotl(t, 16); + il_tab[3][i] = rotl(t, 24); +#endif + t = ((u4byte)ff_mult(14, p)) | + ((u4byte)ff_mult( 9, p) << 8) | + ((u4byte)ff_mult(13, p) << 16) | + ((u4byte)ff_mult(11, p) << 24); + + it_tab[0][i] = t; + it_tab[1][i] = rotl(t, 8); + it_tab[2][i] = rotl(t, 16); + it_tab[3][i] = rotl(t, 24); + } +}; + +#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) + +#define imix_col(y,x) \ + u = star_x(x); \ + v = star_x(u); \ + w = star_x(v); \ + t = w ^ (x); \ + (y) = u ^ v ^ w; \ + (y) ^= rotr(u ^ t, 8) ^ \ + rotr(v ^ t, 16) ^ \ + rotr(t,24) + +/* initialise the key schedule from the user supplied key */ + +#define loop4(i) \ +{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ + t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \ + t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \ + t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \ + t ^= e_key[4 * i + 3]; e_key[4 * i + 7] = t; \ +} + +#define loop6(i) \ +{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ + t ^= e_key[6 * i]; e_key[6 * i + 6] = t; \ + t ^= e_key[6 * i + 1]; e_key[6 * i + 7] = t; \ + t ^= e_key[6 * i + 2]; e_key[6 * i + 8] = t; \ + t ^= e_key[6 * i + 3]; e_key[6 * i + 9] = t; \ + t ^= e_key[6 * i + 4]; e_key[6 * i + 10] = t; \ + t ^= e_key[6 * i + 5]; e_key[6 * i + 11] = t; \ +} + +#define loop8(i) \ +{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ + t ^= e_key[8 * i]; e_key[8 * i + 8] = t; \ + t ^= e_key[8 * i + 1]; e_key[8 * i + 9] = t; \ + t ^= e_key[8 * i + 2]; e_key[8 * i + 10] = t; \ + t ^= e_key[8 * i + 3]; e_key[8 * i + 11] = t; \ + t = e_key[8 * i + 4] ^ ls_box(t); \ + e_key[8 * i + 12] = t; \ + t ^= e_key[8 * i + 5]; e_key[8 * i + 13] = t; \ + t ^= e_key[8 * i + 6]; e_key[8 * i + 14] = t; \ + t ^= e_key[8 * i + 7]; e_key[8 * i + 15] = t; \ +} + +u4byte *set_key( + const u4byte in_key[], + const u4byte key_len, + GAesKey *aesKey) +{ u4byte i, t, u, v, w; + u4byte *e_key = aesKey->e_key; + u4byte *d_key = aesKey->d_key; + + aesKey->k_len = (key_len + 31) / 32; + + #if USE_SWAP_MACROS + get_key(e_key, key_len); + #else + e_key[0] = in_key[0]; e_key[1] = in_key[1]; + e_key[2] = in_key[2]; e_key[3] = in_key[3]; + #endif + + switch(aesKey->k_len) + { + case 4: t = e_key[3]; + for(i = 0; i < 10; ++i) + loop4(i); + break; + + case 6: + #if USE_SWAP_MACROS + t = e_key[5]; + #else + /* done in get_key macros in USE_SWAP_MACROS case */ + e_key[4] = in_key[4]; t = e_key[5] = in_key[5]; + #endif + for(i = 0; i < 8; ++i) + loop6(i); + break; + + case 8: + #if USE_SWAP_MACROS + t = e_key[7]; + #else + e_key[4] = in_key[4]; e_key[5] = in_key[5]; + e_key[6] = in_key[6]; t = e_key[7] = in_key[7]; + #endif + for(i = 0; i < 7; ++i) + loop8(i); + break; + } + + d_key[0] = e_key[0]; d_key[1] = e_key[1]; + d_key[2] = e_key[2]; d_key[3] = e_key[3]; + + for(i = 4; i < 4 * aesKey->k_len + 24; ++i) + { + imix_col(d_key[i], e_key[i]); + } + + return e_key; +}; + +/* encrypt a block of text */ + +#define f_nround(bo, bi, k) \ + f_rn(bo, bi, 0, k); \ + f_rn(bo, bi, 1, k); \ + f_rn(bo, bi, 2, k); \ + f_rn(bo, bi, 3, k); \ + k += 4 + +#define f_lround(bo, bi, k) \ + f_rl(bo, bi, 0, k); \ + f_rl(bo, bi, 1, k); \ + f_rl(bo, bi, 2, k); \ + f_rl(bo, bi, 3, k) + +void rEncrypt( + const u4byte in_blk[4], + u4byte out_blk[4], + const GAesKey *aesKey) +{ + u4byte b0[4], b1[4], *kp; + u4byte *e_key = aesKey->e_key; + + #if USE_SWAP_MACROS + u4byte swap_block[4]; + get_block(swap_block); + b0[0] = swap_block[0] ^ e_key[0]; b0[1] = swap_block[1] ^ e_key[1]; + b0[2] = swap_block[2] ^ e_key[2]; b0[3] = swap_block[3] ^ e_key[3]; + #else + b0[0] = in_blk[0] ^ e_key[0]; b0[1] = in_blk[1] ^ e_key[1]; + b0[2] = in_blk[2] ^ e_key[2]; b0[3] = in_blk[3] ^ e_key[3]; + #endif + + kp = e_key + 4; + + if(aesKey->k_len > 6) + { + f_nround(b1, b0, kp); f_nround(b0, b1, kp); + } + + if(aesKey->k_len > 4) + { + f_nround(b1, b0, kp); f_nround(b0, b1, kp); + } + + f_nround(b1, b0, kp); f_nround(b0, b1, kp); + f_nround(b1, b0, kp); f_nround(b0, b1, kp); + f_nround(b1, b0, kp); f_nround(b0, b1, kp); + f_nround(b1, b0, kp); f_nround(b0, b1, kp); + f_nround(b1, b0, kp); f_lround(b0, b1, kp); + + #if USE_SWAP_MACROS + put_block(b0); + #else + out_blk[0] = b0[0]; out_blk[1] = b0[1]; + out_blk[2] = b0[2]; out_blk[3] = b0[3]; + #endif +}; + +/* decrypt a block of text */ + +#define i_nround(bo, bi, k) \ + i_rn(bo, bi, 0, k); \ + i_rn(bo, bi, 1, k); \ + i_rn(bo, bi, 2, k); \ + i_rn(bo, bi, 3, k); \ + k -= 4 + +#define i_lround(bo, bi, k) \ + i_rl(bo, bi, 0, k); \ + i_rl(bo, bi, 1, k); \ + i_rl(bo, bi, 2, k); \ + i_rl(bo, bi, 3, k) + +void rDecrypt( + const u4byte in_blk[4], + u4byte out_blk[4], + const GAesKey *aesKey) +{ + u4byte b0[4], b1[4], *kp; + u4byte *e_key = aesKey->e_key; + u4byte *d_key = aesKey->d_key; + u4byte k_len = aesKey->k_len; + + #if USE_SWAP_MACROS + u4byte swap_block[4]; + get_block(swap_block); + b0[0] = swap_block[0] ^ e_key[4 * k_len + 24]; + b0[1] = swap_block[1] ^ e_key[4 * k_len + 25]; + b0[2] = swap_block[2] ^ e_key[4 * k_len + 26]; + b0[3] = swap_block[3] ^ e_key[4 * k_len + 27]; + #else + b0[0] = in_blk[0] ^ e_key[4 * k_len + 24]; + b0[1] = in_blk[1] ^ e_key[4 * k_len + 25]; + b0[2] = in_blk[2] ^ e_key[4 * k_len + 26]; + b0[3] = in_blk[3] ^ e_key[4 * k_len + 27]; + #endif + + kp = d_key + 4 * (k_len + 5); + + if(k_len > 6) + { + i_nround(b1, b0, kp); i_nround(b0, b1, kp); + } + + if(k_len > 4) + { + i_nround(b1, b0, kp); i_nround(b0, b1, kp); + } + + i_nround(b1, b0, kp); i_nround(b0, b1, kp); + i_nround(b1, b0, kp); i_nround(b0, b1, kp); + i_nround(b1, b0, kp); i_nround(b0, b1, kp); + i_nround(b1, b0, kp); i_nround(b0, b1, kp); + i_nround(b1, b0, kp); i_lround(b0, b1, kp); + + #if USE_SWAP_MACROS + put_block(b0); + #else + out_blk[0] = b0[0]; out_blk[1] = b0[1]; + out_blk[2] = b0[2]; out_blk[3] = b0[3]; + #endif +}; diff --git a/AppleCSP/AES/rijndaelGladman.h b/AppleCSP/AES/rijndaelGladman.h new file mode 100644 index 00000000..a58f608d --- /dev/null +++ b/AppleCSP/AES/rijndaelGladman.h @@ -0,0 +1,211 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * rijndaelGladman.h - constants and macros for Gladman AES/Rijndael implementation. + * Based on std_defs.h written by Dr. Brian Gladman. + */ + + + +/* 1. Standard types for AES cryptography source code */ + +typedef unsigned char u1byte; /* an 8 bit unsigned character type */ +typedef unsigned short u2byte; /* a 16 bit unsigned integer type */ +typedef unsigned long u4byte; /* a 32 bit unsigned integer type */ + +typedef signed char s1byte; /* an 8 bit signed character type */ +typedef signed short s2byte; /* a 16 bit signed integer type */ +typedef signed long s4byte; /* a 32 bit signed integer type */ + +/* 2. Standard interface for AES cryptographic routines */ + +/* These are all based on 32 bit unsigned values and will therefore */ +/* require endian conversions for big-endian architectures */ + +#ifdef __cplusplus + extern "C" + { +#endif + + /* + * Lookup tables, dynamically allocated (by client) and generated (by + * gen_tabs()) + */ + #define LARGE_TABLES + + #define POW_TAB_SIZE 256 + #define LOG_TAB_SIZE 256 + #define SBX_TAB_SIZE 256 + #define ISB_TAB_SIZE 256 + #define RCO_TAB_SIZE 10 + #define FT_TAB_SIZE_MS 4 + #define FT_TAB_SIZE_LS 256 + #define IT_TAB_SIZE_MS 4 + #define IT_TAB_SIZE_LS 256 + extern u1byte *pow_tab; /* [POW_TAB_SIZE] */ + extern u1byte *log_tab; /* [LOG_TAB_SIZE] */; + extern u1byte *sbx_tab; /* [SBX_TAB_SIZE] */ + extern u1byte *isb_tab; /* [ISB_TAB_SIZE] */ + extern u4byte *rco_tab; /* [RCO_TAB_SIZE] */ + extern u4byte (*ft_tab)[FT_TAB_SIZE_LS]; + extern u4byte (*it_tab)[IT_TAB_SIZE_LS]; + + #ifdef LARGE_TABLES + #define FL_TAB_SIZE_MS 4 + #define FL_TAB_SIZE_LS 256 + #define IL_TAB_SIZE_MS 4 + #define IL_TAB_SIZE_LS 256 + extern u4byte (*fl_tab)[FL_TAB_SIZE_LS]; + extern u4byte (*il_tab)[IL_TAB_SIZE_LS]; + #endif + + typedef struct { + u4byte k_len; + u4byte e_key[64]; + u4byte d_key[64]; + } GAesKey; + + void gen_tabs(void); // one-time-only table generate + u4byte *set_key(const u4byte in_key[], const u4byte key_len, GAesKey *aesKey); + void rEncrypt(const u4byte in_blk[4], u4byte out_blk[4], const GAesKey *aesKey); + void rDecrypt(const u4byte in_blk[4], u4byte out_blk[4], const GAesKey *aesKey); + +#ifdef __cplusplus + }; +#endif + +/* 3. Basic macros for speeding up generic operations */ + +/* Circular rotate of 32 bit values */ + +#ifdef _MSC_VER + +# include +# pragma intrinsic(_lrotr,_lrotl) +# define rotr(x,n) _lrotr(x,n) +# define rotl(x,n) _lrotl(x,n) + +#else + +#define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n)))) +#define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n)))) + +#endif + +/* Invert byte order in a 32 bit variable */ + +#define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00)) + +/* Extract byte from a 32 bit quantity (little endian notation) */ + +#define byte(x,n) ((u1byte)((x) >> (8 * n))) + +/* For inverting byte order in input/output 32 bit words if needed */ +#ifdef __ppc__ +#define BYTE_SWAP +#endif + +#ifdef BLOCK_SWAP +#define BYTE_SWAP +#define WORD_SWAP +#endif + +#ifdef BYTE_SWAP +#define io_swap(x) bswap(x) +#else +#define io_swap(x) (x) +#endif + +/* For inverting the byte order of input/output blocks if needed */ + +#ifdef WORD_SWAP + +#define get_block(x) \ + ((u4byte*)(x))[0] = io_swap(in_blk[3]); \ + ((u4byte*)(x))[1] = io_swap(in_blk[2]); \ + ((u4byte*)(x))[2] = io_swap(in_blk[1]); \ + ((u4byte*)(x))[3] = io_swap(in_blk[0]) + +#define put_block(x) \ + out_blk[3] = io_swap(((u4byte*)(x))[0]); \ + out_blk[2] = io_swap(((u4byte*)(x))[1]); \ + out_blk[1] = io_swap(((u4byte*)(x))[2]); \ + out_blk[0] = io_swap(((u4byte*)(x))[3]) + +#define get_key(x,len) \ + ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \ + ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \ + switch((((len) + 63) / 64)) { \ + case 2: \ + ((u4byte*)(x))[0] = io_swap(in_key[3]); \ + ((u4byte*)(x))[1] = io_swap(in_key[2]); \ + ((u4byte*)(x))[2] = io_swap(in_key[1]); \ + ((u4byte*)(x))[3] = io_swap(in_key[0]); \ + break; \ + case 3: \ + ((u4byte*)(x))[0] = io_swap(in_key[5]); \ + ((u4byte*)(x))[1] = io_swap(in_key[4]); \ + ((u4byte*)(x))[2] = io_swap(in_key[3]); \ + ((u4byte*)(x))[3] = io_swap(in_key[2]); \ + ((u4byte*)(x))[4] = io_swap(in_key[1]); \ + ((u4byte*)(x))[5] = io_swap(in_key[0]); \ + break; \ + case 4: \ + ((u4byte*)(x))[0] = io_swap(in_key[7]); \ + ((u4byte*)(x))[1] = io_swap(in_key[6]); \ + ((u4byte*)(x))[2] = io_swap(in_key[5]); \ + ((u4byte*)(x))[3] = io_swap(in_key[4]); \ + ((u4byte*)(x))[4] = io_swap(in_key[3]); \ + ((u4byte*)(x))[5] = io_swap(in_key[2]); \ + ((u4byte*)(x))[6] = io_swap(in_key[1]); \ + ((u4byte*)(x))[7] = io_swap(in_key[0]); \ + } + +#else + +#define get_block(x) \ + ((u4byte*)(x))[0] = io_swap(in_blk[0]); \ + ((u4byte*)(x))[1] = io_swap(in_blk[1]); \ + ((u4byte*)(x))[2] = io_swap(in_blk[2]); \ + ((u4byte*)(x))[3] = io_swap(in_blk[3]) + +#define put_block(x) \ + out_blk[0] = io_swap(((u4byte*)(x))[0]); \ + out_blk[1] = io_swap(((u4byte*)(x))[1]); \ + out_blk[2] = io_swap(((u4byte*)(x))[2]); \ + out_blk[3] = io_swap(((u4byte*)(x))[3]) + +#define get_key(x,len) \ + ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \ + ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \ + switch((((len) + 63) / 64)) { \ + case 4: \ + ((u4byte*)(x))[6] = io_swap(in_key[6]); \ + ((u4byte*)(x))[7] = io_swap(in_key[7]); \ + case 3: \ + ((u4byte*)(x))[4] = io_swap(in_key[4]); \ + ((u4byte*)(x))[5] = io_swap(in_key[5]); \ + case 2: \ + ((u4byte*)(x))[0] = io_swap(in_key[0]); \ + ((u4byte*)(x))[1] = io_swap(in_key[1]); \ + ((u4byte*)(x))[2] = io_swap(in_key[2]); \ + ((u4byte*)(x))[3] = io_swap(in_key[3]); \ + } + +#endif diff --git a/AppleCSP/AES/vRijndael-alg-ref.c b/AppleCSP/AES/vRijndael-alg-ref.c index 88893836..f5afda69 100644 --- a/AppleCSP/AES/vRijndael-alg-ref.c +++ b/AppleCSP/AES/vRijndael-alg-ref.c @@ -681,4 +681,4 @@ void vBlockDecrypt128( return; } -#endif /* !ppc */ +#endif /* defined(__ppc__) && defined(ALTIVEC_ENABLE) */ diff --git a/AppleCSP/AppleCSP.pbxproj/.cvsignore b/AppleCSP/AppleCSP.pbxproj/.cvsignore deleted file mode 100644 index 0857ac37..00000000 --- a/AppleCSP/AppleCSP.pbxproj/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -*.pbxuser diff --git a/AppleCSP/AppleCSP.pbxproj/project.pbxproj b/AppleCSP/AppleCSP.pbxproj/project.pbxproj deleted file mode 100644 index 1524298d..00000000 --- a/AppleCSP/AppleCSP.pbxproj/project.pbxproj +++ /dev/null @@ -1,2061 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 32; - objects = { - 00B7C42CFEC78220D0A17CE7 = { - isa = PBXFileReference; - path = pkcs_7_8.cpp; - refType = 4; - }; - 00B7C42EFEC7824FD0A17CE7 = { - isa = PBXFileReference; - path = pkcs_7_8.h; - refType = 4; - }; - 00B7C430FEC78562D0A17CE7 = { - isa = PBXFileReference; - path = wrapKey.cpp; - refType = 4; - }; - 00B7C431FEC78562D0A17CE7 = { - fileRef = 00B7C430FEC78562D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00B95717FEBDE93ED0A17CE7 = { - isa = PBXFileReference; - path = AppleCSPUtils.cpp; - refType = 4; - }; - 00B95718FEBDE93ED0A17CE7 = { - fileRef = 00B95717FEBDE93ED0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00B95719FEBDEC98D0A17CE7 = { - isa = PBXFileReference; - path = AppleCSPUtils.h; - refType = 4; - }; - 00B9571AFEBDEC98D0A17CE7 = { - fileRef = 00B95719FEBDEC98D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 00B9571BFEBDF916D0A17CE7 = { - isa = PBXFileReference; - path = BinaryKey.h; - refType = 4; - }; - 00B9571CFEBDF916D0A17CE7 = { - fileRef = 00B9571BFEBDF916D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 00BBA18BFED05E75D0A17CE7 = { - isa = PBXFileReference; - name = HMACSHA1.c; - path = PBKDF2/HMACSHA1.c; - refType = 2; - }; - 00BBA18CFED05E75D0A17CE7 = { - isa = PBXFileReference; - name = pbkdf2.c; - path = PBKDF2/pbkdf2.c; - refType = 2; - }; - 00BBA18DFED05E75D0A17CE7 = { - isa = PBXFileReference; - name = HMACSHA1.h; - path = PBKDF2/HMACSHA1.h; - refType = 2; - }; - 00BBA18EFED05E75D0A17CE7 = { - isa = PBXFileReference; - name = pbkdf2.h; - path = PBKDF2/pbkdf2.h; - refType = 2; - }; - 00BBA18FFED05E75D0A17CE7 = { - fileRef = 00BBA18DFED05E75D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 00BBA190FED05E75D0A17CE7 = { - fileRef = 00BBA18EFED05E75D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 00BBA191FED05E75D0A17CE7 = { - fileRef = 00BBA18BFED05E75D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00BBA192FED05E75D0A17CE7 = { - fileRef = 00BBA18CFED05E75D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00BBA193FED060CED0A17CE7 = { - isa = PBXFileReference; - path = deriveKey.cpp; - refType = 4; - }; - 00BBA194FED060CED0A17CE7 = { - fileRef = 00BBA193FED060CED0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00FCF302FF28B8B011CD296C = { - isa = PBXFileReference; - path = wrapKeyCms.cpp; - refType = 4; - }; - 00FCF303FF28B8B011CD296C = { - fileRef = 00FCF302FF28B8B011CD296C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0144AEB60054261D7F000001 = { - isa = PBXFileReference; - name = BlockCryptor.h; - path = AppleCSP/BlockCryptor.h; - refType = 2; - }; - 0144AEB70054261D7F000001 = { - fileRef = 0144AEB60054261D7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0144AEB80054359B7F000001 = { - isa = PBXFileReference; - path = BlockCryptor.cpp; - refType = 4; - }; - 0144AEB90054359B7F000001 = { - fileRef = 0144AEB80054359B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 015F469500433E457F000001 = { - isa = PBXFileReference; - path = FEECSPUtils.h; - refType = 4; - }; - 015F469600433E457F000001 = { - fileRef = 015F469500433E457F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 015F469700433ED37F000001 = { - isa = PBXFileReference; - path = FEECSPUtils.cpp; - refType = 4; - }; - 015F469800433ED37F000001 = { - fileRef = 015F469700433ED37F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 015F46990044518E7F000001 = { - isa = PBXFileReference; - name = FEEKeys.h; - path = CryptKitCSP/FEEKeys.h; - refType = 2; - }; - 015F469A0044518E7F000001 = { - fileRef = 015F46990044518E7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 015F469B0044580E7F000001 = { - isa = PBXFileReference; - path = FEEKeys.cpp; - refType = 4; - }; - 015F469C0044580E7F000001 = { - fileRef = 015F469B0044580E7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 015F469D00446C827F000001 = { - isa = PBXFileReference; - path = CryptKitSpace.h; - refType = 4; - }; - 015F469E00446C827F000001 = { - fileRef = 015F469D00446C827F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 01847A450055487B7F000001 = { - isa = PBXFileReference; - path = FEEAsymmetricContext.h; - refType = 4; - }; - 01847A460055487B7F000001 = { - fileRef = 01847A450055487B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 01847A4700554A6C7F000001 = { - isa = PBXFileReference; - name = FEEAsymmetricContext.cpp; - path = CryptKitCSP/FEEAsymmetricContext.cpp; - refType = 2; - }; - 01847A4800554A6C7F000001 = { - fileRef = 01847A4700554A6C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 01C17D02FF16DCC911CD283A = { - children = ( - 2B8B5BBAFFF3E29A11CD283A, - ); - isa = PBXGroup; - name = Frameworks; - refType = 4; - }; - 023E3603001F8EB211CD283A = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\""; - }; - isa = PBXBuildStyle; - name = "Build Folder"; - }; - 0806BF29FFD847D411CD296C = { - isa = PBXBundleReference; - path = AppleCSP.bundle; - refType = 3; - }; - 0806BF2AFFD847D411CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - }; - isa = PBXBuildStyle; - name = Development; - }; - 0806BF2BFFD847D411CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = YES; - }; - isa = PBXBuildStyle; - name = Deployment; - }; - 09C40943FEAF7DAAD0A17CE7 = { - isa = PBXFileReference; - path = AppleCSP.cpp; - refType = 4; - }; - 09C40944FEAF7DAAD0A17CE7 = { - fileRef = 09C40943FEAF7DAAD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 09C40945FEAF7E09D0A17CE7 = { - isa = PBXFileReference; - path = AppleCSP.h; - refType = 4; - }; - 09C40946FEAF7E09D0A17CE7 = { - fileRef = 09C40945FEAF7E09D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 0D5C9DCDFEAFAC09D0A17CE7 = { - isa = PBXFileReference; - name = debugging.c; - path = AppleCSP/debugging.c; - refType = 2; - }; - 0D5C9DCEFEAFAC09D0A17CE7 = { - isa = PBXFileReference; - name = debugging.h; - path = AppleCSP/debugging.h; - refType = 2; - }; - 0D5C9DCFFEAFAC09D0A17CE7 = { - fileRef = 0D5C9DCEFEAFAC09D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 0D5C9DD0FEAFAC09D0A17CE7 = { - fileRef = 0D5C9DCDFEAFAC09D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0FD07C9DFE8A174411CD283A = { - buildStyles = ( - 0806BF2AFFD847D411CD296C, - 0806BF2BFFD847D411CD296C, - 023E3603001F8EB211CD283A, - ); - isa = PBXProject; - mainGroup = 0FD07C9EFE8A174411CD283A; - productRefGroup = 0FD07CBFFE8A1A0011CD283A; - projectDirPath = .; - targets = ( - 0FD07C9FFE8A17DE11CD283A, - 6D8679A7FE9E75CF11CD296C, - 22FA741EFE8A468311CD283A, - 22FA7434FE8A468311CD283A, - ); - }; - 0FD07C9EFE8A174411CD283A = { - children = ( - 22FA7442FE8A470511CD283A, - 22FA7784FE8A470511CD283A, - 22FA7799FE8A470511CD283A, - 22FA77F8FE8A470511CD283A, - 17CFEF85FF8A5A84D0A17CE7, - 01C17D02FF16DCC911CD283A, - 0FD07CBFFE8A1A0011CD283A, - ); - isa = PBXGroup; - refType = 4; - }; - 0FD07C9FFE8A17DE11CD283A = { - buildPhases = ( - ); - buildSettings = { - FRAMEWORK_SEARCH_PATHS = ""; - HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\""; - INSTALL_PATH = /; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = ""; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = world; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - conditionalBuildSettings = { - }; - dependencies = ( - 1118B012FE8AE31F11CD296C, - ); - isa = PBXAggregateTarget; - name = world; - productInstallPath = /; - productName = world; - shouldUseHeadermap = 0; - }; - 0FD07CBFFE8A1A0011CD283A = { - children = ( - 0806BF29FFD847D411CD296C, - ); - isa = PBXGroup; - name = Products; - path = ""; - refType = 3; - }; - 1118B012FE8AE31F11CD296C = { - isa = PBXTargetDependency; - target = 22FA741EFE8A468311CD283A; - }; - 17CFEF85FF8A5A84D0A17CE7 = { - children = ( - 1972C1CB00430D427F000001, - 1972C1CC00430D427F000001, - 1972C1C900430C1C7F000001, - 1972C1A3004307DF7F000001, - 1972C19B0043075C7F000001, - 1972C19C0043075C7F000001, - 1972C19D0043075C7F000001, - 1972C19E0043075C7F000001, - ); - isa = PBXGroup; - name = AES; - refType = 4; - }; - 1871086FFF1549F211CD283A = { - isa = PBXLibraryReference; - name = libCryptKit.a; - path = /MacOS9/Projects/build/libCryptKit.a; - refType = 0; - }; - 1972C192004306477F000001 = { - isa = PBXTargetDependency; - target = 6D8679A7FE9E75CF11CD296C; - }; - 1972C19B0043075C7F000001 = { - isa = PBXFileReference; - name = "rijndael-alg-ref.c"; - path = "AES/rijndael-alg-ref.c"; - refType = 4; - }; - 1972C19C0043075C7F000001 = { - isa = PBXFileReference; - name = "rijndael-alg-ref.h"; - path = "AES/rijndael-alg-ref.h"; - refType = 4; - }; - 1972C19D0043075C7F000001 = { - isa = PBXFileReference; - name = rijndaelApi.c; - path = AES/rijndaelApi.c; - refType = 4; - }; - 1972C19E0043075C7F000001 = { - isa = PBXFileReference; - name = rijndaelApi.h; - path = AES/rijndaelApi.h; - refType = 4; - }; - 1972C19F0043075C7F000001 = { - fileRef = 1972C19C0043075C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1A00043075C7F000001 = { - fileRef = 1972C19E0043075C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1A10043075C7F000001 = { - fileRef = 1972C19B0043075C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1A20043075C7F000001 = { - fileRef = 1972C19D0043075C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1A3004307DF7F000001 = { - isa = PBXFileReference; - name = "boxes-ref.h"; - path = "AES/boxes-ref.h"; - refType = 4; - }; - 1972C1A4004307DF7F000001 = { - fileRef = 1972C1A3004307DF7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1A5004308417F000001 = { - isa = PBXFileReference; - path = cryptkitcsp.cpp; - refType = 4; - }; - 1972C1A6004308417F000001 = { - isa = PBXFileReference; - path = cryptkitcsp.h; - refType = 4; - }; - 1972C1A7004308417F000001 = { - isa = PBXFileReference; - path = DigestContext.cpp; - refType = 4; - }; - 1972C1A8004308417F000001 = { - isa = PBXFileReference; - path = DigestContext.h; - refType = 4; - }; - 1972C1A9004308417F000001 = { - isa = PBXFileReference; - path = DigestObject.cpp; - refType = 4; - }; - 1972C1AA004308417F000001 = { - isa = PBXFileReference; - path = DigestObject.h; - refType = 4; - }; - 1972C1AB004308417F000001 = { - fileRef = 1972C1A6004308417F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1AC004308417F000001 = { - fileRef = 1972C1A8004308417F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1AD004308417F000001 = { - fileRef = 1972C1AA004308417F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1AE004308417F000001 = { - fileRef = 1972C1A5004308417F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1AF004308417F000001 = { - fileRef = 1972C1A7004308417F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1B0004308417F000001 = { - fileRef = 1972C1A9004308417F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1B1004308907F000001 = { - isa = PBXFileReference; - path = algmaker.cpp; - refType = 4; - }; - 1972C1B2004308907F000001 = { - isa = PBXFileReference; - path = bsafeAsymmetric.cpp; - refType = 4; - }; - 1972C1B3004308907F000001 = { - isa = PBXFileReference; - path = bsafeContext.cpp; - refType = 4; - }; - 1972C1B4004308907F000001 = { - isa = PBXFileReference; - path = bsafecsp.h; - refType = 4; - }; - 1972C1B5004308907F000001 = { - isa = PBXFileReference; - path = bsafecspi.h; - refType = 4; - }; - 1972C1B6004308907F000001 = { - isa = PBXFileReference; - path = bsafeKeyGen.cpp; - refType = 4; - }; - 1972C1B7004308907F000001 = { - isa = PBXFileReference; - path = bsafePKCS1.cpp; - refType = 4; - }; - 1972C1B8004308907F000001 = { - isa = PBXFileReference; - path = bsafePKCS1.h; - refType = 4; - }; - 1972C1B9004308907F000001 = { - isa = PBXFileReference; - path = bsafeSymmetric.cpp; - refType = 4; - }; - 1972C1BA004308907F000001 = { - isa = PBXFileReference; - path = bsobjects.h; - refType = 4; - }; - 1972C1BB004308907F000001 = { - isa = PBXFileReference; - path = memory.cpp; - refType = 4; - }; - 1972C1BC004308907F000001 = { - isa = PBXFileReference; - path = miscalgorithms.cpp; - refType = 4; - }; - 1972C1BD004308907F000001 = { - fileRef = 1972C1B4004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1BE004308907F000001 = { - fileRef = 1972C1B5004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1BF004308907F000001 = { - fileRef = 1972C1B8004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C0004308907F000001 = { - fileRef = 1972C1BA004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C1004308907F000001 = { - fileRef = 1972C1B1004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C2004308907F000001 = { - fileRef = 1972C1B2004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C3004308907F000001 = { - fileRef = 1972C1B3004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C4004308907F000001 = { - fileRef = 1972C1B6004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C5004308907F000001 = { - fileRef = 1972C1B7004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C6004308907F000001 = { - fileRef = 1972C1B9004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C7004308907F000001 = { - fileRef = 1972C1BB004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C8004308907F000001 = { - fileRef = 1972C1BC004308907F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1C900430C1C7F000001 = { - isa = PBXFileReference; - name = aescsp.cpp; - path = AES/aescsp.cpp; - refType = 4; - }; - 1972C1CA00430C1C7F000001 = { - fileRef = 1972C1C900430C1C7F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1CB00430D427F000001 = { - isa = PBXFileReference; - name = aescsp.h; - path = AES/aescsp.h; - refType = 4; - }; - 1972C1CC00430D427F000001 = { - isa = PBXFileReference; - name = aescspi.h; - path = AES/aescspi.h; - refType = 4; - }; - 1972C1CD00430D427F000001 = { - fileRef = 1972C1CB00430D427F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1CE00430D427F000001 = { - fileRef = 1972C1CC00430D427F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1CF004320A27F000001 = { - isa = PBXFileReference; - path = FEESignatureObject.h; - refType = 4; - }; - 1972C1D0004320A27F000001 = { - fileRef = 1972C1CF004320A27F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1D2004324407F000001 = { - isa = PBXFileReference; - path = FEESignatureObject.cpp; - refType = 4; - }; - 1972C1D3004324407F000001 = { - fileRef = 1972C1D2004324407F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1D400432DF47F000001 = { - isa = PBXFileReference; - name = FEESignatureContext.h; - path = CryptKitCSP/FEESignatureContext.h; - refType = 2; - }; - 1972C1D500432DF47F000001 = { - fileRef = 1972C1D400432DF47F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1972C1D6004330C77F000001 = { - isa = PBXFileReference; - name = FEESignatureContext.cpp; - path = CryptKitCSP/FEESignatureContext.cpp; - refType = 2; - }; - 1972C1D7004330C77F000001 = { - fileRef = 1972C1D6004330C77F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1D96D506FEB620B6D0A17CE7 = { - isa = PBXFileReference; - name = AppleCSPContext.h; - path = AppleCSP/AppleCSPContext.h; - refType = 2; - }; - 1D96D507FEB620B6D0A17CE7 = { - fileRef = 1D96D506FEB620B6D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 1D96D50FFEB63683D0A17CE7 = { - isa = PBXFileReference; - name = AppleCSPContext.cpp; - path = AppleCSP/AppleCSPContext.cpp; - refType = 2; - }; - 1D96D510FEB63683D0A17CE7 = { - fileRef = 1D96D50FFEB63683D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 1DF71D5FFF31105711CD283A = { - isa = PBXFileReference; - path = cssmplugin.exp; - refType = 4; - }; - 1DF71D60FF31105711CD283A = { - fileRef = 1DF71D5FFF31105711CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA741EFE8A468311CD283A = { - buildPhases = ( - 22FA741FFE8A468311CD283A, - 22FA7420FE8A468311CD283A, - 22FA7421FE8A468311CD283A, - 22FA7422FE8A468311CD283A, - 22FA7423FE8A468311CD283A, - ); - buildSettings = { - DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2"; - EXPORTED_SYMBOLS_FILE = AppleCSP/cssmplugin.exp; - FRAMEWORK_SEARCH_PATHS = ""; - HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/BSafe.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/BSafe.framework/Headers\""; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security"; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-O1"; - OTHER_CFLAGS = "-pipe -DVDADER_RULES -DALLOW_ZERO_PASSWORD"; - OTHER_LDFLAGS = "-bundle -undefined error"; - OTHER_REZFLAGS = ""; - PRELINK_FLAGS = "-L$(SYMROOT)"; - PRELINK_LIBS = "-lBSafe -lCryptKit -lstdc++"; - PRODUCT_NAME = AppleCSP; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas -Wno-format"; - }; - conditionalBuildSettings = { - }; - dependencies = ( - 1972C192004306477F000001, - ); - isa = PBXBundleTarget; - name = AppleCSP; - productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Security"; - productName = AppleCSP; - productReference = 0806BF29FFD847D411CD296C; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - AppleCSP - CFBundleGetInfoString - - CFBundleIdentifier - com.apple.applecsp - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - AppleCSP - CFBundlePackageType - BNDL - CFBundleShortVersionString - 1.0 - CFBundleSignature - ???? - CFBundleVersion - AppleCSP 1.0 - - -"; - shouldUseHeadermap = 1; - }; - 22FA741FFE8A468311CD283A = { - buildActionMask = 2147483647; - files = ( - 09C40946FEAF7E09D0A17CE7, - 0D5C9DCFFEAFAC09D0A17CE7, - 1D96D507FEB620B6D0A17CE7, - 27CADDA2FEB8CBB7D0A17CE7, - 00B9571AFEBDEC98D0A17CE7, - 00B9571CFEBDF916D0A17CE7, - 00BBA18FFED05E75D0A17CE7, - 00BBA190FED05E75D0A17CE7, - 1972C1CD00430D427F000001, - 1972C1CE00430D427F000001, - 1972C19F0043075C7F000001, - 1972C1A00043075C7F000001, - 1972C1A4004307DF7F000001, - 1972C1AB004308417F000001, - 1972C1AC004308417F000001, - 1972C1AD004308417F000001, - 1972C1BD004308907F000001, - 1972C1BE004308907F000001, - 1972C1BF004308907F000001, - 1972C1C0004308907F000001, - 1972C1D0004320A27F000001, - 1972C1D500432DF47F000001, - 015F469600433E457F000001, - 015F469A0044518E7F000001, - 015F469E00446C827F000001, - 0144AEB70054261D7F000001, - 01847A460055487B7F000001, - ); - isa = PBXHeadersBuildPhase; - name = Headers; - }; - 22FA7420FE8A468311CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; - }; - 22FA7421FE8A468311CD283A = { - buildActionMask = 2147483647; - files = ( - 09C40944FEAF7DAAD0A17CE7, - 0D5C9DD0FEAFAC09D0A17CE7, - 1D96D510FEB63683D0A17CE7, - 00B95718FEBDE93ED0A17CE7, - 00B7C431FEC78562D0A17CE7, - 00BBA191FED05E75D0A17CE7, - 00BBA192FED05E75D0A17CE7, - 00BBA194FED060CED0A17CE7, - 00FCF303FF28B8B011CD296C, - 1DF71D60FF31105711CD283A, - 1972C1CA00430C1C7F000001, - 1972C1A10043075C7F000001, - 1972C1A20043075C7F000001, - 1972C1AE004308417F000001, - 1972C1AF004308417F000001, - 1972C1B0004308417F000001, - 1972C1C1004308907F000001, - 1972C1C2004308907F000001, - 1972C1C3004308907F000001, - 1972C1C4004308907F000001, - 1972C1C5004308907F000001, - 1972C1C6004308907F000001, - 1972C1C7004308907F000001, - 1972C1C8004308907F000001, - 1972C1D3004324407F000001, - 1972C1D7004330C77F000001, - 015F469800433ED37F000001, - 015F469C0044580E7F000001, - 0144AEB90054359B7F000001, - 01847A4800554A6C7F000001, - ); - isa = PBXSourcesBuildPhase; - name = Sources; - }; - 22FA7422FE8A468311CD283A = { - buildActionMask = 2147483647; - files = ( - 2B8B5BBBFFF3E29A11CD283A, - ); - isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; - }; - 22FA7423FE8A468311CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; - }; - 22FA7434FE8A468311CD283A = { - buildPhases = ( - 22FA7435FE8A468311CD283A, - 22FA7436FE8A468311CD283A, - 22FA7437FE8A468311CD283A, - 22FA7438FE8A468311CD283A, - ); - buildSettings = { - DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline"; - FRAMEWORK_SEARCH_PATHS = ""; - HEADER_SEARCH_PATHS = "\"$(SRCROOT)\""; - INSTALL_PATH = /usr/local/lib; - LIBRARY_SEARCH_PATHS = ""; - LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-O2 -fno-inline"; - OTHER_CFLAGS = "-pipe"; - OTHER_LDFLAGS = ""; - OTHER_LIBTOOL_FLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = libCryptKit.a; - REZ_EXECUTABLE = YES; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - conditionalBuildSettings = { - }; - dependencies = ( - ); - isa = PBXLibraryTarget; - name = CryptKit; - productInstallPath = /usr/local/lib; - productName = libCryptKit.a; - productReference = 1871086FFF1549F211CD283A; - shouldUseHeadermap = 1; - }; - 22FA7435FE8A468311CD283A = { - buildActionMask = 2147483647; - files = ( - 22FA7B38FE8A470611CD283A, - 22FA7B39FE8A470611CD283A, - 22FA7B3AFE8A470611CD283A, - 22FA7B3BFE8A470611CD283A, - 22FA7B3CFE8A470611CD283A, - 22FA7B3DFE8A470611CD283A, - 22FA7B3FFE8A470611CD283A, - 22FA7B40FE8A470611CD283A, - 22FA7B41FE8A470611CD283A, - 22FA7B42FE8A470611CD283A, - 22FA7B43FE8A470611CD283A, - 22FA7B44FE8A470611CD283A, - 22FA7B45FE8A470611CD283A, - 22FA7B46FE8A470611CD283A, - 22FA7B47FE8A470611CD283A, - 22FA7B48FE8A470611CD283A, - 22FA7B49FE8A470611CD283A, - 22FA7B4AFE8A470611CD283A, - 22FA7B4BFE8A470611CD283A, - 22FA7B4CFE8A470611CD283A, - 22FA7B4DFE8A470611CD283A, - 22FA7B4EFE8A470611CD283A, - 22FA7B4FFE8A470611CD283A, - 22FA7B50FE8A470611CD283A, - 22FA7B51FE8A470611CD283A, - 22FA7B52FE8A470611CD283A, - 22FA7B53FE8A470611CD283A, - 22FA7B54FE8A470611CD283A, - 22FA7B55FE8A470611CD283A, - 22FA7B56FE8A470611CD283A, - 22FA7B57FE8A470611CD283A, - 22FA7B58FE8A470611CD283A, - 22FA7B59FE8A470611CD283A, - 22FA7B5AFE8A470611CD283A, - 22FA7B63FE8A470611CD283A, - 22FA7B64FE8A470611CD283A, - 22FA7B65FE8A470611CD283A, - 22FA7B66FE8A470611CD283A, - ); - isa = PBXHeadersBuildPhase; - name = Headers; - }; - 22FA7436FE8A468311CD283A = { - buildActionMask = 2147483647; - files = ( - 22FA7B67FE8A470611CD283A, - 22FA7B68FE8A470611CD283A, - 22FA7B69FE8A470611CD283A, - 22FA7B6AFE8A470611CD283A, - 22FA7B6BFE8A470611CD283A, - 22FA7B6CFE8A470611CD283A, - 22FA7B6DFE8A470611CD283A, - 22FA7B6EFE8A470611CD283A, - 22FA7B70FE8A470611CD283A, - 22FA7B71FE8A470611CD283A, - 22FA7B72FE8A470611CD283A, - 22FA7B73FE8A470611CD283A, - 22FA7B74FE8A470611CD283A, - 22FA7B75FE8A470611CD283A, - 22FA7B76FE8A470611CD283A, - 22FA7B77FE8A470611CD283A, - 22FA7B78FE8A470611CD283A, - 22FA7B79FE8A470611CD283A, - 22FA7B7AFE8A470611CD283A, - 22FA7B7CFE8A470611CD283A, - 22FA7B7DFE8A470611CD283A, - 22FA7B7EFE8A470611CD283A, - 22FA7B85FE8A470611CD283A, - 22FA7B86FE8A470611CD283A, - 22FA7B87FE8A470611CD283A, - 22FA7B88FE8A470611CD283A, - ); - isa = PBXSourcesBuildPhase; - name = Sources; - }; - 22FA7437FE8A468311CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; - }; - 22FA7438FE8A468311CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; - }; - 22FA7442FE8A470511CD283A = { - children = ( - 09C40943FEAF7DAAD0A17CE7, - 1D96D50FFEB63683D0A17CE7, - 00B95717FEBDE93ED0A17CE7, - 0144AEB80054359B7F000001, - 0D5C9DCDFEAFAC09D0A17CE7, - 00BBA193FED060CED0A17CE7, - 00BBA18BFED05E75D0A17CE7, - 00BBA18CFED05E75D0A17CE7, - 00B7C42CFEC78220D0A17CE7, - 00B7C430FEC78562D0A17CE7, - 00FCF302FF28B8B011CD296C, - 09C40945FEAF7E09D0A17CE7, - 1D96D506FEB620B6D0A17CE7, - 27CADDA1FEB8CBB7D0A17CE7, - 00B95719FEBDEC98D0A17CE7, - 00B9571BFEBDF916D0A17CE7, - 0144AEB60054261D7F000001, - 0D5C9DCEFEAFAC09D0A17CE7, - 00BBA18DFED05E75D0A17CE7, - 00BBA18EFED05E75D0A17CE7, - 00B7C42EFEC7824FD0A17CE7, - 1DF71D5FFF31105711CD283A, - ); - isa = PBXGroup; - path = AppleCSP; - refType = 4; - }; - 22FA7784FE8A470511CD283A = { - children = ( - 1972C1B1004308907F000001, - 1972C1B2004308907F000001, - 1972C1B3004308907F000001, - 1972C1B4004308907F000001, - 1972C1B5004308907F000001, - 1972C1B6004308907F000001, - 1972C1B7004308907F000001, - 1972C1B8004308907F000001, - 1972C1B9004308907F000001, - 1972C1BA004308907F000001, - 1972C1BB004308907F000001, - 1972C1BC004308907F000001, - ); - isa = PBXGroup; - path = BSafeCSP; - refType = 4; - }; - 22FA7799FE8A470511CD283A = { - children = ( - 22FA779CFE8A470511CD283A, - 22FA779DFE8A470511CD283A, - 22FA77A0FE8A470511CD283A, - 22FA77A1FE8A470511CD283A, - 22FA77A2FE8A470511CD283A, - 22FA77A3FE8A470511CD283A, - 22FA77A4FE8A470511CD283A, - 22FA77A5FE8A470511CD283A, - 22FA77A6FE8A470511CD283A, - 22FA77AAFE8A470511CD283A, - 22FA77ABFE8A470511CD283A, - 22FA77ACFE8A470511CD283A, - 22FA77ADFE8A470511CD283A, - 22FA77AEFE8A470511CD283A, - 22FA77AFFE8A470511CD283A, - 22FA77B0FE8A470511CD283A, - 22FA77B1FE8A470511CD283A, - 22FA77B2FE8A470511CD283A, - 22FA77B3FE8A470511CD283A, - 22FA77B4FE8A470511CD283A, - 22FA77B5FE8A470511CD283A, - 22FA77B6FE8A470511CD283A, - 22FA77B8FE8A470511CD283A, - 22FA77B9FE8A470511CD283A, - 22FA77BAFE8A470511CD283A, - 22FA77BBFE8A470511CD283A, - 22FA77BCFE8A470511CD283A, - 22FA77BDFE8A470511CD283A, - 22FA77BEFE8A470511CD283A, - 22FA77BFFE8A470511CD283A, - 22FA77C0FE8A470511CD283A, - 22FA77C1FE8A470511CD283A, - 22FA77C2FE8A470511CD283A, - 22FA77C3FE8A470511CD283A, - 22FA77C4FE8A470511CD283A, - 22FA77C5FE8A470511CD283A, - 22FA77C6FE8A470511CD283A, - 22FA77C7FE8A470511CD283A, - 22FA77C8FE8A470511CD283A, - 22FA77C9FE8A470511CD283A, - 22FA77CAFE8A470511CD283A, - 22FA77CBFE8A470511CD283A, - 22FA77CCFE8A470511CD283A, - 22FA77CDFE8A470511CD283A, - 22FA77CEFE8A470511CD283A, - 22FA77CFFE8A470511CD283A, - 22FA77D0FE8A470511CD283A, - 22FA77D1FE8A470511CD283A, - 22FA77D2FE8A470511CD283A, - 22FA77D3FE8A470511CD283A, - 22FA77D4FE8A470511CD283A, - 22FA77D5FE8A470511CD283A, - 22FA77D6FE8A470511CD283A, - 22FA77D7FE8A470511CD283A, - 22FA77D8FE8A470511CD283A, - 22FA77D9FE8A470511CD283A, - 22FA77DCFE8A470511CD283A, - 22FA77DDFE8A470511CD283A, - 22FA77ECFE8A470511CD283A, - 22FA77EDFE8A470511CD283A, - 22FA77F0FE8A470511CD283A, - 22FA77F1FE8A470511CD283A, - 22FA77F2FE8A470511CD283A, - 22FA77F3FE8A470511CD283A, - 22FA77F6FE8A470511CD283A, - 22FA77F7FE8A470511CD283A, - ); - isa = PBXGroup; - path = CryptKit; - refType = 4; - }; - 22FA779CFE8A470511CD283A = { - isa = PBXFileReference; - path = byteRep.c; - refType = 4; - }; - 22FA779DFE8A470511CD283A = { - isa = PBXFileReference; - path = byteRep.h; - refType = 4; - }; - 22FA77A0FE8A470511CD283A = { - isa = PBXFileReference; - path = CipherFileDES.c; - refType = 4; - }; - 22FA77A1FE8A470511CD283A = { - isa = PBXFileReference; - path = CipherFileDES.h; - refType = 4; - }; - 22FA77A2FE8A470511CD283A = { - isa = PBXFileReference; - path = CipherFileFEED.c; - refType = 4; - }; - 22FA77A3FE8A470511CD283A = { - isa = PBXFileReference; - path = CipherFileFEED.h; - refType = 4; - }; - 22FA77A4FE8A470511CD283A = { - isa = PBXFileReference; - path = CipherFileTypes.h; - refType = 4; - }; - 22FA77A5FE8A470511CD283A = { - isa = PBXFileReference; - path = config.h; - refType = 4; - }; - 22FA77A6FE8A470511CD283A = { - isa = PBXFileReference; - path = Crypt.h; - refType = 4; - }; - 22FA77AAFE8A470511CD283A = { - isa = PBXFileReference; - path = curveParams.c; - refType = 4; - }; - 22FA77ABFE8A470511CD283A = { - isa = PBXFileReference; - path = curveParams.h; - refType = 4; - }; - 22FA77ACFE8A470511CD283A = { - isa = PBXFileReference; - path = DES.c; - refType = 4; - }; - 22FA77ADFE8A470511CD283A = { - isa = PBXFileReference; - path = DES.h; - refType = 4; - }; - 22FA77AEFE8A470511CD283A = { - isa = PBXFileReference; - path = ECDSA_Profile.h; - refType = 4; - }; - 22FA77AFFE8A470511CD283A = { - isa = PBXFileReference; - path = ECDSA_Verify_Prefix.h; - refType = 4; - }; - 22FA77B0FE8A470511CD283A = { - isa = PBXFileReference; - path = elliptic.c; - refType = 4; - }; - 22FA77B1FE8A470511CD283A = { - isa = PBXFileReference; - path = elliptic.h; - refType = 4; - }; - 22FA77B2FE8A470511CD283A = { - isa = PBXFileReference; - path = ellipticMeasure.h; - refType = 4; - }; - 22FA77B3FE8A470511CD283A = { - isa = PBXFileReference; - path = ellipticProj.c; - refType = 4; - }; - 22FA77B4FE8A470511CD283A = { - isa = PBXFileReference; - path = ellipticProj.h; - refType = 4; - }; - 22FA77B5FE8A470511CD283A = { - isa = PBXFileReference; - path = enc64.c; - refType = 4; - }; - 22FA77B6FE8A470511CD283A = { - isa = PBXFileReference; - path = enc64.h; - refType = 4; - }; - 22FA77B8FE8A470511CD283A = { - isa = PBXFileReference; - path = falloc.c; - refType = 4; - }; - 22FA77B9FE8A470511CD283A = { - isa = PBXFileReference; - path = falloc.h; - refType = 4; - }; - 22FA77BAFE8A470511CD283A = { - isa = PBXFileReference; - path = feeCipherFile.c; - refType = 4; - }; - 22FA77BBFE8A470511CD283A = { - isa = PBXFileReference; - path = feeCipherFile.h; - refType = 4; - }; - 22FA77BCFE8A470511CD283A = { - isa = PBXFileReference; - path = feeCipherFileAtom.c; - refType = 4; - }; - 22FA77BDFE8A470511CD283A = { - isa = PBXFileReference; - path = feeDebug.h; - refType = 4; - }; - 22FA77BEFE8A470511CD283A = { - isa = PBXFileReference; - path = feeDES.c; - refType = 4; - }; - 22FA77BFFE8A470511CD283A = { - isa = PBXFileReference; - path = feeDES.h; - refType = 4; - }; - 22FA77C0FE8A470511CD283A = { - isa = PBXFileReference; - path = feeDigitalSignature.c; - refType = 4; - }; - 22FA77C1FE8A470511CD283A = { - isa = PBXFileReference; - path = feeDigitalSignature.h; - refType = 4; - }; - 22FA77C2FE8A470511CD283A = { - isa = PBXFileReference; - path = feeECDSA.c; - refType = 4; - }; - 22FA77C3FE8A470511CD283A = { - isa = PBXFileReference; - path = feeECDSA.h; - refType = 4; - }; - 22FA77C4FE8A470511CD283A = { - isa = PBXFileReference; - path = feeFEED.c; - refType = 4; - }; - 22FA77C5FE8A470511CD283A = { - isa = PBXFileReference; - path = feeFEED.h; - refType = 4; - }; - 22FA77C6FE8A470511CD283A = { - isa = PBXFileReference; - path = feeFEEDExp.c; - refType = 4; - }; - 22FA77C7FE8A470511CD283A = { - isa = PBXFileReference; - path = feeFEEDExp.h; - refType = 4; - }; - 22FA77C8FE8A470511CD283A = { - isa = PBXFileReference; - path = feeFunctions.h; - refType = 4; - }; - 22FA77C9FE8A470511CD283A = { - isa = PBXFileReference; - path = feeHash.c; - refType = 4; - }; - 22FA77CAFE8A470511CD283A = { - isa = PBXFileReference; - path = feeHash.h; - refType = 4; - }; - 22FA77CBFE8A470511CD283A = { - isa = PBXFileReference; - path = feePublicKey.c; - refType = 4; - }; - 22FA77CCFE8A470511CD283A = { - isa = PBXFileReference; - path = feePublicKey.h; - refType = 4; - }; - 22FA77CDFE8A470511CD283A = { - isa = PBXFileReference; - path = feePublicKeyPrivate.h; - refType = 4; - }; - 22FA77CEFE8A470511CD283A = { - isa = PBXFileReference; - path = feeRandom.c; - refType = 4; - }; - 22FA77CFFE8A470511CD283A = { - isa = PBXFileReference; - path = feeRandom.h; - refType = 4; - }; - 22FA77D0FE8A470511CD283A = { - isa = PBXFileReference; - path = feeTypes.h; - refType = 4; - }; - 22FA77D1FE8A470511CD283A = { - isa = PBXFileReference; - path = giantFFT.c; - refType = 4; - }; - 22FA77D2FE8A470511CD283A = { - isa = PBXFileReference; - path = giantIntegers.c; - refType = 4; - }; - 22FA77D3FE8A470511CD283A = { - isa = PBXFileReference; - path = giantIntegers.h; - refType = 4; - }; - 22FA77D4FE8A470511CD283A = { - isa = PBXFileReference; - path = giantPort_Generic.h; - refType = 4; - }; - 22FA77D5FE8A470511CD283A = { - isa = PBXFileReference; - path = giantPort_i486.h; - refType = 4; - }; - 22FA77D6FE8A470511CD283A = { - isa = PBXFileReference; - path = giantPort_i486.s; - refType = 4; - }; - 22FA77D7FE8A470511CD283A = { - isa = PBXFileReference; - path = giantPort_PPC.c; - refType = 4; - }; - 22FA77D8FE8A470511CD283A = { - isa = PBXFileReference; - path = giantPort_PPC.h; - refType = 4; - }; - 22FA77D9FE8A470511CD283A = { - isa = PBXFileReference; - path = giantPortCommon.h; - refType = 4; - }; - 22FA77DCFE8A470511CD283A = { - isa = PBXFileReference; - path = MD5.c; - refType = 4; - }; - 22FA77DDFE8A470511CD283A = { - isa = PBXFileReference; - path = MD5.h; - refType = 4; - }; - 22FA77ECFE8A470511CD283A = { - isa = PBXFileReference; - path = platform.c; - refType = 4; - }; - 22FA77EDFE8A470511CD283A = { - isa = PBXFileReference; - path = platform.h; - refType = 4; - }; - 22FA77F0FE8A470511CD283A = { - isa = PBXFileReference; - path = SHA1.c; - refType = 4; - }; - 22FA77F1FE8A470511CD283A = { - isa = PBXFileReference; - path = SHA1.h; - refType = 4; - }; - 22FA77F2FE8A470511CD283A = { - isa = PBXFileReference; - path = SHA1_priv.c; - refType = 4; - }; - 22FA77F3FE8A470511CD283A = { - isa = PBXFileReference; - path = SHA1_priv.h; - refType = 4; - }; - 22FA77F6FE8A470511CD283A = { - isa = PBXFileReference; - path = utilities.c; - refType = 4; - }; - 22FA77F7FE8A470511CD283A = { - isa = PBXFileReference; - path = utilities.h; - refType = 4; - }; - 22FA77F8FE8A470511CD283A = { - children = ( - 1972C1A5004308417F000001, - 1972C1A6004308417F000001, - 1972C1A7004308417F000001, - 1972C1A8004308417F000001, - 1972C1A9004308417F000001, - 1972C1AA004308417F000001, - 015F469B0044580E7F000001, - 015F46990044518E7F000001, - 01847A4700554A6C7F000001, - 01847A450055487B7F000001, - 1972C1D6004330C77F000001, - 1972C1D400432DF47F000001, - 1972C1CF004320A27F000001, - 1972C1D2004324407F000001, - 015F469500433E457F000001, - 015F469700433ED37F000001, - 015F469D00446C827F000001, - ); - isa = PBXGroup; - path = CryptKitCSP; - refType = 4; - }; - 22FA7B38FE8A470611CD283A = { - fileRef = 22FA779DFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B39FE8A470611CD283A = { - fileRef = 22FA77A1FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B3AFE8A470611CD283A = { - fileRef = 22FA77A3FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B3BFE8A470611CD283A = { - fileRef = 22FA77A4FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B3CFE8A470611CD283A = { - fileRef = 22FA77A5FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B3DFE8A470611CD283A = { - fileRef = 22FA77A6FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B3FFE8A470611CD283A = { - fileRef = 22FA77ABFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B40FE8A470611CD283A = { - fileRef = 22FA77ADFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B41FE8A470611CD283A = { - fileRef = 22FA77AEFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B42FE8A470611CD283A = { - fileRef = 22FA77AFFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B43FE8A470611CD283A = { - fileRef = 22FA77B1FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B44FE8A470611CD283A = { - fileRef = 22FA77B2FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B45FE8A470611CD283A = { - fileRef = 22FA77B4FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B46FE8A470611CD283A = { - fileRef = 22FA77B6FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B47FE8A470611CD283A = { - fileRef = 22FA77B9FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B48FE8A470611CD283A = { - fileRef = 22FA77BBFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B49FE8A470611CD283A = { - fileRef = 22FA77BDFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B4AFE8A470611CD283A = { - fileRef = 22FA77BFFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B4BFE8A470611CD283A = { - fileRef = 22FA77C1FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B4CFE8A470611CD283A = { - fileRef = 22FA77C3FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B4DFE8A470611CD283A = { - fileRef = 22FA77C5FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B4EFE8A470611CD283A = { - fileRef = 22FA77C7FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B4FFE8A470611CD283A = { - fileRef = 22FA77C8FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B50FE8A470611CD283A = { - fileRef = 22FA77CAFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B51FE8A470611CD283A = { - fileRef = 22FA77CCFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B52FE8A470611CD283A = { - fileRef = 22FA77CDFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B53FE8A470611CD283A = { - fileRef = 22FA77CFFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B54FE8A470611CD283A = { - fileRef = 22FA77D0FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B55FE8A470611CD283A = { - fileRef = 22FA77D3FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B56FE8A470611CD283A = { - fileRef = 22FA77D4FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B57FE8A470611CD283A = { - fileRef = 22FA77D5FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B58FE8A470611CD283A = { - fileRef = 22FA77D8FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B59FE8A470611CD283A = { - fileRef = 22FA77D9FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B5AFE8A470611CD283A = { - fileRef = 22FA77DDFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B63FE8A470611CD283A = { - fileRef = 22FA77EDFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B64FE8A470611CD283A = { - fileRef = 22FA77F1FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B65FE8A470611CD283A = { - fileRef = 22FA77F3FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B66FE8A470611CD283A = { - fileRef = 22FA77F7FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 22FA7B67FE8A470611CD283A = { - fileRef = 22FA779CFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B68FE8A470611CD283A = { - fileRef = 22FA77A0FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B69FE8A470611CD283A = { - fileRef = 22FA77A2FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B6AFE8A470611CD283A = { - fileRef = 22FA77AAFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B6BFE8A470611CD283A = { - fileRef = 22FA77ACFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B6CFE8A470611CD283A = { - fileRef = 22FA77B0FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B6DFE8A470611CD283A = { - fileRef = 22FA77B3FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B6EFE8A470611CD283A = { - fileRef = 22FA77B5FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B70FE8A470611CD283A = { - fileRef = 22FA77B8FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B71FE8A470611CD283A = { - fileRef = 22FA77BAFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B72FE8A470611CD283A = { - fileRef = 22FA77BCFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B73FE8A470611CD283A = { - fileRef = 22FA77BEFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B74FE8A470611CD283A = { - fileRef = 22FA77C0FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B75FE8A470611CD283A = { - fileRef = 22FA77C2FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B76FE8A470611CD283A = { - fileRef = 22FA77C4FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B77FE8A470611CD283A = { - fileRef = 22FA77C6FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B78FE8A470611CD283A = { - fileRef = 22FA77C9FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B79FE8A470611CD283A = { - fileRef = 22FA77CBFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B7AFE8A470611CD283A = { - fileRef = 22FA77CEFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B7CFE8A470611CD283A = { - fileRef = 22FA77D2FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B7DFE8A470611CD283A = { - fileRef = 22FA77D7FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B7EFE8A470611CD283A = { - fileRef = 22FA77DCFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B85FE8A470611CD283A = { - fileRef = 22FA77ECFE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B86FE8A470611CD283A = { - fileRef = 22FA77F0FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B87FE8A470611CD283A = { - fileRef = 22FA77F2FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 22FA7B88FE8A470611CD283A = { - fileRef = 22FA77F6FE8A470511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 27CADDA1FEB8CBB7D0A17CE7 = { - isa = PBXFileReference; - path = AppleCSPSession.h; - refType = 4; - }; - 27CADDA2FEB8CBB7D0A17CE7 = { - fileRef = 27CADDA1FEB8CBB7D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 2B8B5BBAFFF3E29A11CD283A = { - isa = PBXFrameworkReference; - path = Security.framework; - refType = 3; - }; - 2B8B5BBBFFF3E29A11CD283A = { - fileRef = 2B8B5BBAFFF3E29A11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 6D8679A7FE9E75CF11CD296C = { - buildPhases = ( - ); - buildSettings = { - FRAMEWORK_SEARCH_PATHS = ""; - HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\""; - INSTALL_PATH = /; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = ""; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = Libraries; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - conditionalBuildSettings = { - }; - dependencies = ( - 6D8679A9FE9E75CF11CD296C, - ); - isa = PBXAggregateTarget; - name = Libraries; - productInstallPath = /; - productName = Libraries; - shouldUseHeadermap = 0; - }; - 6D8679A9FE9E75CF11CD296C = { - isa = PBXTargetDependency; - target = 22FA7434FE8A468311CD283A; - }; - }; - rootObject = 0FD07C9DFE8A174411CD283A; -} diff --git a/AppleCSP/AppleCSP/AppleCSP.cpp b/AppleCSP/AppleCSP/AppleCSP.cpp index 7dfa2fbf..e51ec979 100644 --- a/AppleCSP/AppleCSP/AppleCSP.cpp +++ b/AppleCSP/AppleCSP/AppleCSP.cpp @@ -40,6 +40,9 @@ #endif #include #include +#include +#include + #include "YarrowConnection.h" /* @@ -73,7 +76,8 @@ AppleCSPPlugin::AppleCSPPlugin() : #ifdef ASC_CSP_ENABLE ascAlgFactory(new AscAlgFactory(&normAllocator, &privAllocator)), #endif - rsaDsaAlgFactory(new RSA_DSA_Factory(&normAllocator, &privAllocator)) + rsaDsaAlgFactory(new RSA_DSA_Factory(&normAllocator, &privAllocator)), + dhAlgFactory(new DH_Factory(&normAllocator, &privAllocator)) { // misc. once-per-address-space cruft... } @@ -91,6 +95,7 @@ AppleCSPPlugin::~AppleCSPPlugin() delete ascAlgFactory; #endif delete rsaDsaAlgFactory; + delete dhAlgFactory; } @@ -150,7 +155,8 @@ AppleCSPSession::AppleCSPSession( ascAlgFactory(*(dynamic_cast(plug.ascAlgFactory))), #endif rsaDsaAlgFactory(*(dynamic_cast(plug.rsaDsaAlgFactory))), - normAllocator(plug.normAlloc()), + dhAlgFactory(*(dynamic_cast(plug.dhAlgFactory))), + normAllocator(*this), privAllocator(plug.privAlloc()) { // anything? @@ -203,6 +209,10 @@ void AppleCSPSession::setupContext( CASSERT(cspCtx != NULL); return; } + if (dhAlgFactory.setup(*this, cspCtx, context)) { + CASSERT(cspCtx != NULL); + return; + } #ifdef CRYPTKIT_CSP_ENABLE if (cryptKitFactory.setup(*this, cspCtx, context)) { CASSERT(cspCtx != NULL); @@ -497,11 +507,13 @@ void AppleCSPSession::PassThrough( /* obtain sha1 hash of rawBlob */ - void *digest = NULL; - CssmData *outHash = NULL; + CSSM_DATA_PTR outHash = NULL; try { - digest = normAllocator.malloc(SHA1_DIGEST_SIZE); - outHash = new CssmData(digest, SHA1_DIGEST_SIZE); + outHash = + (CSSM_DATA_PTR)normAllocator.malloc(sizeof(CSSM_DATA)); + outHash->Data = + (uint8 *)normAllocator.malloc(SHA1_DIGEST_SIZE); + outHash->Length = SHA1_DIGEST_SIZE; } catch(...) { if(allocdRawBlob) { @@ -509,7 +521,7 @@ void AppleCSPSession::PassThrough( } throw; } - cspGenSha1Hash(rawBlob.data(), rawBlob.length(), digest); + cspGenSha1Hash(rawBlob.data(), rawBlob.length(), outHash->Data); if(allocdRawBlob) { freeCssmData(rawBlob, privAllocator); } @@ -595,68 +607,61 @@ CSPKeyInfoProvider *AppleCSPSession::infoProvider( const CssmKey &key) { CSPKeyInfoProvider *provider = NULL; - try { - provider = new RSAKeyInfoProvider(key); - } - catch(...) { - } + #ifdef BSAFE_CSP_ENABLE + /* Give BSAFE first shot, if it's here */ + provider = BSafe::BSafeKeyInfoProvider::provider(key); if(provider != NULL) { return provider; } + #endif - #ifdef BSAFE_CSP_ENABLE - try { - provider = new BSafe::BSafeKeyInfoProvider(key); - } - catch(...) { - - } + provider = RSAKeyInfoProvider::provider(key); if(provider != NULL) { return provider; } - #endif - try { - provider = new SymmetricKeyInfoProvider(key); - } - catch(...) { - } + provider = SymmetricKeyInfoProvider::provider(key); if(provider != NULL) { return provider; } + #ifdef CRYPTKIT_CSP_ENABLE - try { - provider = new CryptKit::FEEKeyInfoProvider(key); + provider = CryptKit::FEEKeyInfoProvider::provider(key); + if(provider != NULL) { + return provider; } - catch(...) { + #endif - } + provider = DSAKeyInfoProvider::provider(key); if(provider != NULL) { return provider; } - #endif + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); } /* * CSPKeyInfoProvider for symmetric keys. */ -SymmetricKeyInfoProvider::SymmetricKeyInfoProvider( - const CssmKey &cssmKey) : - CSPKeyInfoProvider(cssmKey) +CSPKeyInfoProvider *SymmetricKeyInfoProvider::provider( + const CssmKey &cssmKey) { - if(mKey.blobType() != CSSM_KEYBLOB_RAW) { + if(cssmKey.blobType() != CSSM_KEYBLOB_RAW) { errorLog0("KeyInfoProvider deals only with RAW keys!\n"); CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); } - if(mKey.keyClass() == CSSM_KEYCLASS_SESSION_KEY) { + if(cssmKey.keyClass() != CSSM_KEYCLASS_SESSION_KEY) { /* that's all we need to know */ - return; - } - else { - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + return NULL; } + return new SymmetricKeyInfoProvider(cssmKey); +} + +SymmetricKeyInfoProvider::SymmetricKeyInfoProvider( + const CssmKey &cssmKey) : + CSPKeyInfoProvider(cssmKey) +{ } /* cook up a Binary key */ diff --git a/AppleCSP/AppleCSP/AppleCSP.h b/AppleCSP/AppleCSP/AppleCSP.h index 554d39d9..13a6b757 100644 --- a/AppleCSP/AppleCSP/AppleCSP.h +++ b/AppleCSP/AppleCSP/AppleCSP.h @@ -80,6 +80,7 @@ private: AppleCSPAlgorithmFactory *ascAlgFactory; #endif AppleCSPAlgorithmFactory *rsaDsaAlgFactory; + AppleCSPAlgorithmFactory *dhAlgFactory; }; diff --git a/AppleCSP/AppleCSP/AppleCSPSession.h b/AppleCSP/AppleCSP/AppleCSPSession.h index db540b19..aa5eec9f 100644 --- a/AppleCSP/AppleCSP/AppleCSPSession.h +++ b/AppleCSP/AppleCSP/AppleCSPSession.h @@ -44,6 +44,7 @@ class MiscAlgFactory; class AscAlgFactory; #endif class RSA_DSA_Factory; +class DH_Factory; /* one per attach/detach */ class AppleCSPSession : public CSPFullPluginSession { @@ -121,7 +122,7 @@ public: BinaryKey &lookupRefKey( const CssmKey &cssmKey); - // CSP's RNG. THis is redirects to Yarrow. + // CSP's RNG. This redirects to Yarrow. void getRandomBytes(size_t length, uint8 *cp); void addEntropy(size_t length, const uint8 *cp); @@ -139,6 +140,7 @@ public: AscAlgFactory &ascAlgFactory; #endif RSA_DSA_Factory &rsaDsaAlgFactory; + DH_Factory &dhAlgFactory; private: // storage of binary keys (which apps know as reference keys) @@ -202,9 +204,17 @@ private: */ class CSPKeyInfoProvider { -public: +protected: CSPKeyInfoProvider( const CssmKey &cssmKey) : mKey(cssmKey) { } +public: + /* + * This is the public way to construct - returns NULL if key is + * not handled. Static declaration per subclass. + * + * static CSPKeyInfoProvider *provider( + * const CssmKey &cssmKey); + */ virtual ~CSPKeyInfoProvider() { } /* cook up a Binary key */ @@ -225,9 +235,13 @@ protected: */ class SymmetricKeyInfoProvider : public CSPKeyInfoProvider { -public: +private: SymmetricKeyInfoProvider( const CssmKey &cssmKey); +public: + static CSPKeyInfoProvider *provider( + const CssmKey &cssmKey); + ~SymmetricKeyInfoProvider() { } void CssmKeyToBinary( BinaryKey **binKey); // RETURNED diff --git a/AppleCSP/AppleCSP/BinaryKey.h b/AppleCSP/AppleCSP/BinaryKey.h index 604dabe8..ef42392d 100644 --- a/AppleCSP/AppleCSP/BinaryKey.h +++ b/AppleCSP/AppleCSP/BinaryKey.h @@ -41,7 +41,7 @@ public: /* * Generate raw key blob. * The format argument is an in/out parameter and is optionally used - * to reque4st a specific keyblob format for providers which can generate + * to request a specific keyblob format for providers which can generate * multipleÊformats. This value comes from an optional * CSSM_ATTRIBUTE_{PUBLIC,PRIVATE,SYMMETRIC}_KEY_FORMAT attribute in the current * context. If so such attribute is present, the default value diff --git a/AppleCSP/AppleCSP/NullDigest.h b/AppleCSP/AppleCSP/NullDigest.h deleted file mode 100644 index 1b8cc6de..00000000 --- a/AppleCSP/AppleCSP/NullDigest.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - * NULLDigest.h - nop digest for use with raw signature algorithms. - * NullDigest(someData) = someData. - */ - -#ifndef _NULL_DIGEST_H_ -#define _NULL_DIGEST_H_ - -#include -#include - -class NullDigest : public DigestObject -{ -public: - NullDigest() : mInBuf(NULL), mInBufSize(0) - { - } - - ~NullDigest() - { - CssmAllocator::standard().free(mInBuf); - } - - void digestInit() - { - /* reusable - reset */ - CssmAllocator::standard().free(mInBuf); - mInBufSize = 0; - mInBuf = NULL; - } - - void digestUpdate( - const void *data, - size_t len) - { - mInBuf = CssmAllocator::standard().realloc(mInBuf, mInBufSize + len); - memmove((uint8 *)mInBuf + mInBufSize, data, len); - mInBufSize += len; - } - - virtual void digestFinal( - void *digest) - { - memmove(digest, mInBuf, mInBufSize); - } - - size_t digestSizeInBytes() const - { - return mInBufSize; - } - -private: - void *mInBuf; - size_t mInBufSize; -}; - -#endif /* _NULL_DIGEST_H_ */ \ No newline at end of file diff --git a/AppleCSP/AppleCSP/SignatureContext.h b/AppleCSP/AppleCSP/SignatureContext.h index 92f44247..4218701a 100644 --- a/AppleCSP/AppleCSP/SignatureContext.h +++ b/AppleCSP/AppleCSP/SignatureContext.h @@ -38,7 +38,7 @@ #define _SIGNATURE_CONTEXT_H_ #include -#include +#include #include class SignatureContext : public AppleCSPContext { diff --git a/AppleCSP/AppleCSP/cspdebugging.h b/AppleCSP/AppleCSP/cspdebugging.h index d9c0217c..fa28fe69 100644 --- a/AppleCSP/AppleCSP/cspdebugging.h +++ b/AppleCSP/AppleCSP/cspdebugging.h @@ -49,6 +49,7 @@ #if DEBUG_ENABLE || ERROR_LOG_ENABLE #include +#include #if !LOG_VIA_PRINTF diff --git a/AppleCSP/AppleCSP/deriveKey.cpp b/AppleCSP/AppleCSP/deriveKey.cpp index 42fea236..2b416a44 100644 --- a/AppleCSP/AppleCSP/deriveKey.cpp +++ b/AppleCSP/AppleCSP/deriveKey.cpp @@ -33,6 +33,7 @@ #include "cspdebugging.h" #include #include +#include /* minimum legal values */ #define PBKDF2_MIN_SALT 8 /* bytes */ @@ -140,6 +141,7 @@ void AppleCSPSession::DeriveKey( /* validate input args, common to all algorithms */ switch(context.algorithm()) { case CSSM_ALGID_PKCS5_PBKDF2: + case CSSM_ALGID_DH: break; /* maybe more here, later */ default: @@ -189,6 +191,12 @@ void AppleCSPSession::DeriveKey( Param, keyData); break; + case CSSM_ALGID_DH: + DeriveKey_DH(context, + Param, + keyData, + *this); + break; /* maybe more here, later */ default: assert(0); diff --git a/AppleCSP/AppleCSP/pkcs_7_8.cpp b/AppleCSP/AppleCSP/pkcs_7_8.cpp index 4bcd419c..8d54cd55 100644 --- a/AppleCSP/AppleCSP/pkcs_7_8.cpp +++ b/AppleCSP/AppleCSP/pkcs_7_8.cpp @@ -197,7 +197,7 @@ void cspDecodePkcs7( StLock _(snaccLock); buf.InstallData((char *)encodedBlob.Data, len); - if((rtn = setjmp(jbuf)) == 0) { + try { int i; EncryptedContentInfo1 *eci; @@ -224,7 +224,7 @@ void cspDecodePkcs7( (char *)(*eci->encryptedContent), eci->encryptedContent->Len()); } - else { + catch(...) { errorLog1("cspDecodePkcs7: BDec threw %d\n", rtn); CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); } @@ -303,7 +303,7 @@ void cspDecodePkcs8( StLock _(snaccLock); buf.InstallData((char *)encodedBlob.Data, len); - if((rtn = setjmp(jbuf)) == 0) { + try { EncryptedPrivateKeyInfo epki; epki.BDec(buf, len, jbuf); @@ -315,7 +315,7 @@ void cspDecodePkcs8( (char *)(epki.encryptedKey), len); } - else { + catch(...) { errorLog1("cspDecodePkcs8: BDec threw %d\n", rtn); CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); } diff --git a/AppleCSP/AppleCSP/wrapKey.cpp b/AppleCSP/AppleCSP/wrapKey.cpp index 703419db..be08e27a 100644 --- a/AppleCSP/AppleCSP/wrapKey.cpp +++ b/AppleCSP/AppleCSP/wrapKey.cpp @@ -20,6 +20,12 @@ // wrapKey.cpp - wrap/unwrap key functions for AppleCSPSession // +/* + * Currently the Security Server wraps public keys when they're stored, so we have + * to allow this. We might not want to do this in the real world. + */ +#define ALLOW_PUB_KEY_WRAP 1 + #include "AppleCSPSession.h" #include "AppleCSPUtils.h" #ifdef USE_SNACC @@ -93,28 +99,20 @@ void AppleCSPSession::WrapKey( default: CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); } - try { - /* wrapping key only required for non-NULL wrap */ - CssmKey &wrappingKeyRef = - Context.get(CSSM_ATTRIBUTE_KEY, - CSSMERR_CSP_MISSING_ATTR_KEY); - wrappingKey = &wrappingKeyRef; - } - catch (const CssmError err) { - if((err.error == CSSMERR_CSP_MISSING_ATTR_KEY) && - (Context.algorithm() == CSSM_ALGID_NONE) && + + /* wrapping key only required for non-NULL wrap */ + wrappingKey = Context.get(CSSM_ATTRIBUTE_KEY); + if(wrappingKey == NULL) { + if((Context.algorithm() == CSSM_ALGID_NONE) && (Context.type() == CSSM_ALGCLASS_SYMMETRIC)) { // NULL wrap, OK isNullWrap = true; } else { errorLog0("WrapKey: missing wrapping key\n"); - throw; + CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY); } } - catch (...) { - throw; - } /* * Validate misc. params as best we can @@ -126,9 +124,11 @@ void AppleCSPSession::WrapKey( /* * Can only wrap session and private keys. */ + #if !ALLOW_PUB_KEY_WRAP if(UnwrappedKey.keyClass() == CSSM_KEYCLASS_PUBLIC_KEY) { CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); } + #endif /* ALLOW_PUB_KEY_WRAP */ cspValidateIntendedKeyUsage(&wrappingKey->KeyHeader, CSSM_KEYUSE_WRAP); /* @@ -253,10 +253,23 @@ void AppleCSPSession::WrapKey( /* * Prepare outgoing header. */ - copyCssmHeader(UnwrappedKey.header(), wrappedHdr, normAllocator); + const CssmKey::Header &unwrappedHdr = UnwrappedKey.header(); + setKeyHeader(wrappedHdr, + plugin.myGuid(), + unwrappedHdr.algorithm(), // same as incoming + unwrappedHdr.keyClass(), // same as incoming + unwrappedHdr.KeyAttr, + unwrappedHdr.KeyUsage); + wrappedHdr.LogicalKeySizeInBits = unwrappedHdr.LogicalKeySizeInBits; wrappedHdr.WrapAlgorithmId = Context.algorithm(); // true for null // and non-Null wrappedHdr.Format = wrapFormat; + if(isNullWrap) { + wrappedHdr.BlobType = CSSM_KEYBLOB_RAW; + } + else { + wrappedHdr.BlobType = CSSM_KEYBLOB_WRAPPED; + } /* * special case - break out here for custom Apple CMS @@ -301,7 +314,6 @@ void AppleCSPSession::WrapKey( copyCssmData(rawBlob, CssmData::overlay(WrappedKey.KeyData), normAllocator); - wrappedHdr.BlobType = CSSM_KEYBLOB_RAW; wrappedHdr.Format = rawFormat; } #ifdef USE_SNACC @@ -396,27 +408,18 @@ void AppleCSPSession::UnwrapKey( CSSM_KEYBLOB_FORMAT wrapFormat = WrappedKey.blobFormat(); /* obtain unwrapping key if present */ - try { - CssmKey &unwrappingKeyRef = - Context.get(CSSM_ATTRIBUTE_KEY, - CSSMERR_CSP_MISSING_ATTR_KEY); - unwrappingKey = &unwrappingKeyRef; - } - catch (const CssmError err) { - if((err.error == CSSMERR_CSP_MISSING_ATTR_KEY) && - (Context.algorithm() == CSSM_ALGID_NONE) && + unwrappingKey = Context.get(CSSM_ATTRIBUTE_KEY); + if(unwrappingKey == NULL) { + if((Context.algorithm() == CSSM_ALGID_NONE) && (Context.type() == CSSM_ALGCLASS_SYMMETRIC)) { // NULL unwrap, OK isNullUnwrap = true; } else { errorLog0("UnwrapKey: missing wrapping key\n"); - throw; + CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY); } } - catch (...) { - throw; - } /* * validate unwrappingKey @@ -450,10 +453,12 @@ void AppleCSPSession::UnwrapKey( /* validate WrappedKey */ switch(WrappedKey.keyClass()) { case CSSM_KEYCLASS_PUBLIC_KEY: + #if !ALLOW_PUB_KEY_WRAP if(!isNullUnwrap) { errorLog0("UnwrapKey: unwrap of public key illegal\n"); CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); } + #endif /* ALLOW_PUB_KEY_WRAP */ keyType = CKT_Public; break; case CSSM_KEYCLASS_PRIVATE_KEY: @@ -491,12 +496,15 @@ void AppleCSPSession::UnwrapKey( /* prepare outgoing header */ CssmKey::Header &unwrappedHdr = UnwrappedKey.header(); - copyCssmHeader(WrappedKey.header(), unwrappedHdr, normAllocator); - unwrappedHdr.WrapAlgorithmId = Context.algorithm(); // true for null - // and non-Null - /* GUID must be appropriate */ - unwrappedHdr.CspId = plugin.myGuid(); - + const CssmKey::Header &wrappedHdr = WrappedKey.header(); + setKeyHeader(unwrappedHdr, + plugin.myGuid(), + wrappedHdr.algorithm(), // same as incoming + wrappedHdr.keyClass(), // same as incoming + KeyAttr & ~KEY_ATTR_RETURN_MASK, + KeyUsage); + unwrappedHdr.LogicalKeySizeInBits = wrappedHdr.LogicalKeySizeInBits; + unwrappedHdr.KeyUsage = wrappedHdr.KeyUsage; UnwrappedKey.KeyData.Data = NULL; // ignore possible incoming KeyData UnwrappedKey.KeyData.Length = 0; diff --git a/AppleCSP/BSafeCSP/bsafeKeyGen.cpp b/AppleCSP/BSafeCSP/bsafeKeyGen.cpp index 088f2098..274a158b 100644 --- a/AppleCSP/BSafeCSP/bsafeKeyGen.cpp +++ b/AppleCSP/BSafeCSP/bsafeKeyGen.cpp @@ -276,22 +276,27 @@ BSafe::BSafeKeyInfoProvider::BSafeKeyInfoProvider( const CssmKey &cssmKey) : CSPKeyInfoProvider(cssmKey) { - switch(mKey.keyClass()) { +} + +CSPKeyInfoProvider *BSafe::BSafeKeyInfoProvider::provider( + const CssmKey &cssmKey) +{ + switch(cssmKey.keyClass()) { case CSSM_KEYCLASS_PUBLIC_KEY: case CSSM_KEYCLASS_PRIVATE_KEY: break; default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + return NULL; } switch(mKey.algorithm()) { case CSSM_ALGID_RSA: case CSSM_ALGID_DSA: break; default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); + return NULL; } /* OK, we'll handle this one */ - return; + return new BSafeKeyInfoProvider(cssmKey); } /* cook up a Binary key */ diff --git a/AppleCSP/BSafeCSP/bsafePKCS1.cpp b/AppleCSP/BSafeCSP/bsafePKCS1.cpp index 80eaae27..1c7e0196 100644 --- a/AppleCSP/BSafeCSP/bsafePKCS1.cpp +++ b/AppleCSP/BSafeCSP/bsafePKCS1.cpp @@ -68,7 +68,7 @@ void BS_setKeyPkcs1( try { SC_decodeAsnObj(pkcs1Blob, snaccPubKey); } - catch(CssmError cerror) { + catch(const CssmError &cerror) { CSSM_RETURN crtn = cerror.cssmError(); errorLog1("BS_setKeyPkcs1: SC_decodeAsnObj returned %s\n", @@ -119,7 +119,7 @@ void BS_GetKeyPkcs1( try { SC_encodeAsnObj(snaccPubKey, pkcs1Blob, maxSize); } - catch(CssmError cerror) { + catch(const CssmError &cerror) { CSSM_RETURN crtn = cerror.cssmError(); errorLog1("BS_GetKeyPkcs1: SC_encodeAsnObj returned %s\n", diff --git a/AppleCSP/BSafeCSP/bsafecspi.h b/AppleCSP/BSafeCSP/bsafecspi.h index 18b42ce3..536db3d6 100644 --- a/AppleCSP/BSafeCSP/bsafecspi.h +++ b/AppleCSP/BSafeCSP/bsafecspi.h @@ -415,9 +415,12 @@ private: */ class BSafeKeyInfoProvider : public CSPKeyInfoProvider { - public: +private: BSafeKeyInfoProvider( const CssmKey &cssmKey); + public: + static CSPKeyInfoProvider *provider( + const CssmKey &cssmKey); ~BSafeKeyInfoProvider() { } void CssmKeyToBinary( BinaryKey **binKey); // RETURNED diff --git a/AppleCSP/CVSVersionInfo.txt b/AppleCSP/CVSVersionInfo.txt index 63f75973..e4d9558e 100644 --- a/AppleCSP/CVSVersionInfo.txt +++ b/AppleCSP/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:47 mb Exp $ -# $Name: Security-30~1 $ +# $Name: $ ProjectName: AppleCSP ProjectVersion: 16 diff --git a/AppleCSP/ComCryption/ascContext.cpp b/AppleCSP/ComCryption/ascContext.cpp index 0f4da113..9bd6a352 100644 --- a/AppleCSP/ComCryption/ascContext.cpp +++ b/AppleCSP/ComCryption/ascContext.cpp @@ -10,7 +10,7 @@ #include "ascFactory.h" #include #include -#include +#include #define abprintf(args...) debug("ascBuf", ## args) /* buffer sizes */ #define aioprintf(args...) debug("ascIo", ## args) /* all I/O */ @@ -141,6 +141,32 @@ void ASCContext::init( } mDecryptBufValid = false; + /* optional optimization attribute */ + comcryptOptimize optimize = CCO_DEFAULT; + uint32 opt = context.getInt(CSSM_ATTRIBUTE_ASC_OPTIMIZATION); + switch(opt) { + case CSSM_ASC_OPTIMIZE_DEFAULT: + optimize = CCO_DEFAULT; + break; + case CSSM_ASC_OPTIMIZE_SIZE: + optimize = CCO_SIZE; + break; + case CSSM_ASC_OPTIMIZE_SECURITY: + optimize = CCO_SECURITY; + break; + case CSSM_ASC_OPTIMIZE_TIME: + optimize = CCO_TIME; + break; + case CSSM_ASC_OPTIMIZE_TIME_SIZE: + optimize = CCO_TIME_SIZE; + break; + case CSSM_ASC_OPTIMIZE_ASCII: + optimize = CCO_ASCII; + break; + default: + CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS); + } + /* All other context attributes ignored */ /* init the low-level state */ if(mCcObj == NULL) { @@ -151,7 +177,7 @@ void ASCContext::init( } } - crtn = comcryptInit(mCcObj, keyData, keyLen, CCO_DEFAULT); + crtn = comcryptInit(mCcObj, keyData, keyLen, optimize); if(crtn) { throwComcrypt(crtn, "comcryptInit"); } diff --git a/AppleCSP/CryptKitCSP/CryptKitDER.cpp b/AppleCSP/CryptKitCSP/CryptKitDER.cpp index bd5182ea..82e03a72 100644 --- a/AppleCSP/CryptKitCSP/CryptKitDER.cpp +++ b/AppleCSP/CryptKitCSP/CryptKitDER.cpp @@ -46,13 +46,14 @@ /* * Trivial exception class associated with a feeReturn. */ +// @@@ This should really be a subclass of exception class feeException { protected: feeException(feeReturn frtn, const char *op); public: - ~feeException() { } - feeReturn frtn() { return mFrtn; } + ~feeException() throw() {} + feeReturn frtn() const throw() { return mFrtn; } static void throwMe(feeReturn frtn, const char *op = NULL) __attribute__((noreturn)); private: feeReturn mFrtn; @@ -389,7 +390,7 @@ static FEECurveParameters *feeCurveParamsToSnacc( giantToBigIntStr(cp->basePrime, *snaccCp->basePrime); } } - catch(feeException ferr) { + catch(const feeException &ferr) { delete snaccCp; throw; } @@ -481,7 +482,7 @@ feeReturn feeDEREncodeElGamalSignature( giantToBigIntStr(u, snaccSig.u); giantToBigIntStr(PmX, snaccSig.pmX); } - catch(feeException ferr) { + catch(const feeException &ferr) { return ferr.frtn(); } try { @@ -517,7 +518,7 @@ feeReturn feeDEREncodeECDSASignature( giantToBigIntStr(c, snaccSig.c); giantToBigIntStr(d, snaccSig.d); } - catch(feeException ferr) { + catch(const feeException &ferr) { return ferr.frtn(); } try { @@ -558,7 +559,7 @@ feeReturn feeDERDecodeElGamalSignature( *u = bigIntStrToGiant(snaccSig.u); *PmX = bigIntStrToGiant(snaccSig.pmX); } - catch(feeException ferr) { + catch(const feeException &ferr) { return ferr.frtn(); } catch(...) { @@ -593,7 +594,7 @@ feeReturn feeDERDecodeECDSASignature( *c = bigIntStrToGiant(snaccSig.c); *d = bigIntStrToGiant(snaccSig.d); } - catch(feeException ferr) { + catch(const feeException &ferr) { return ferr.frtn(); } catch(...) { @@ -636,7 +637,7 @@ feeReturn feeDEREncodePublicKey( giantToBigIntStr(plusY, *snaccKey.plusY); } } - catch(feeException ferr) { + catch(const feeException &ferr) { return ferr.frtn(); } @@ -671,7 +672,7 @@ feeReturn feeDEREncodePrivateKey( snaccKey.curveParams = feeCurveParamsToSnacc(cp); giantToBigIntStr(privData, snaccKey.privData); } - catch(feeException ferr) { + catch(const feeException &ferr) { return ferr.frtn(); } @@ -722,7 +723,7 @@ feeReturn feeDERDecodePublicKey( int_to_giant(0, *plusY); } } - catch(feeException ferr) { + catch(const feeException &ferr) { return ferr.frtn(); } catch(...) { @@ -752,7 +753,7 @@ feeReturn feeDERDecodePrivateKey( *cp = feeCurveParamsFromSnacc(*snaccKey.curveParams); *privData = bigIntStrToGiant(snaccKey.privData); } - catch(feeException ferr) { + catch(const feeException &ferr) { return ferr.frtn(); } catch(...) { diff --git a/AppleCSP/CryptKitCSP/FEEKeys.cpp b/AppleCSP/CryptKitCSP/FEEKeys.cpp index 317e3e81..14f5d435 100644 --- a/AppleCSP/CryptKitCSP/FEEKeys.cpp +++ b/AppleCSP/CryptKitCSP/FEEKeys.cpp @@ -251,12 +251,16 @@ void CryptKit::FEEKeyPairGenContext::generate( CryptKit::FEEKeyInfoProvider::FEEKeyInfoProvider( const CssmKey &cssmKey) : CSPKeyInfoProvider(cssmKey) +{ +} +CSPKeyInfoProvider *FEEKeyInfoProvider::provider( + const CssmKey &cssmKey) { switch(cssmKey.algorithm()) { case CSSM_ALGID_FEE: break; default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); + return NULL; } switch(cssmKey.keyClass()) { case CSSM_KEYCLASS_PUBLIC_KEY: @@ -264,10 +268,10 @@ CryptKit::FEEKeyInfoProvider::FEEKeyInfoProvider( /* FIXME - verify proper CSSM_KEYBLOB_RAW_FORMAT_xx */ break; default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + return NULL; } /* OK, we'll handle this one */ - return; + return new FEEKeyInfoProvider(cssmKey); } /* Given a raw key, cook up a Binary key */ diff --git a/AppleCSP/CryptKitCSP/FEEKeys.h b/AppleCSP/CryptKitCSP/FEEKeys.h index 411969ae..1c7b0532 100644 --- a/AppleCSP/CryptKitCSP/FEEKeys.h +++ b/AppleCSP/CryptKitCSP/FEEKeys.h @@ -86,9 +86,12 @@ public: */ class FEEKeyInfoProvider : public CSPKeyInfoProvider { -public: +private: FEEKeyInfoProvider( const CssmKey &cssmKey); +public: + static CSPKeyInfoProvider *provider( + const CssmKey &cssmKey); ~FEEKeyInfoProvider() { } void CssmKeyToBinary( BinaryKey **binKey); // RETURNED diff --git a/AppleCSP/CryptKitCSP/cryptkitcsp.cpp b/AppleCSP/CryptKitCSP/cryptkitcsp.cpp index 24827a03..ea97af75 100644 --- a/AppleCSP/CryptKitCSP/cryptkitcsp.cpp +++ b/AppleCSP/CryptKitCSP/cryptkitcsp.cpp @@ -31,6 +31,7 @@ #include #include #include +#include CssmAllocator *CryptKitFactory::normAllocator; CssmAllocator *CryptKitFactory::privAllocator; @@ -107,6 +108,26 @@ bool CryptKitFactory::setup( *privAllocator))); } return true; + case CSSM_ALGID_FEE: + if(cspCtx == NULL) { + cspCtx = new SignatureContext(session, + *(new NullDigest()), + *(new FEERawSigner(feeRandCallback, + &session, + session, + *privAllocator))); + } + return true; + case CSSM_ALGID_ECDSA: + if(cspCtx == NULL) { + cspCtx = new SignatureContext(session, + *(new NullDigest()), + *(new FEEECDSASigner(feeRandCallback, + &session, + session, + *privAllocator))); + } + return true; default: break; } diff --git a/AppleCSP/DiffieHellman/DH_csp.cpp b/AppleCSP/DiffieHellman/DH_csp.cpp new file mode 100644 index 00000000..e3010317 --- /dev/null +++ b/AppleCSP/DiffieHellman/DH_csp.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * DH_csp.cpp - Diffie-Hellman Algorithm factory + */ + +#include "DH_csp.h" +#include "DH_keys.h" +#include + +CssmAllocator *DH_Factory::normAllocator; +CssmAllocator *DH_Factory::privAllocator; + +DH_Factory::DH_Factory(CssmAllocator *normAlloc, CssmAllocator *privAlloc) +{ + setNormAllocator(normAlloc); + setPrivAllocator(privAlloc); + + /* NOTE WELL we assume that the RSA_DSA factory has already been instantitated, + * doing the basic init of openssl */ + + ERR_load_DH_strings(); +} + +DH_Factory::~DH_Factory() +{ +} + +bool DH_Factory::setup( + AppleCSPSession &session, + CSPFullPluginSession::CSPContext * &cspCtx, + const Context &context) +{ + switch(context.type()) { + case CSSM_ALGCLASS_KEYGEN: + switch(context.algorithm()) { + case CSSM_ALGID_DH: + if(cspCtx == NULL) { + cspCtx = new DHKeyPairGenContext(session, context); + } + return true; + default: + break; + } + break; + + default: + break; + } + /* not implemented here */ + return false; +} + + + diff --git a/SecureTransport/privateInc/st_sha.h b/AppleCSP/DiffieHellman/DH_csp.h similarity index 50% rename from SecureTransport/privateInc/st_sha.h rename to AppleCSP/DiffieHellman/DH_csp.h index 4728daa7..e0dfa6ea 100644 --- a/SecureTransport/privateInc/st_sha.h +++ b/AppleCSP/DiffieHellman/DH_csp.h @@ -16,38 +16,38 @@ */ -#ifndef SHA_H -#define SHA_H - -/* NIST Secure Hash Algorithm */ -/* heavily modified from Peter C. Gutmann's implementation */ - -/* Useful defines & typedefs */ - -/* Possibly an unreasonable assumption, but it works */ -#ifdef WIN32 -#define LITTLE_ENDIAN 1 -#endif - -typedef unsigned char BYTE; -typedef unsigned long LONG; - -#define SHA_BLOCKSIZE 64 -#define SHA_DIGESTSIZE 20 - -typedef struct { - LONG digest[5]; /* message digest */ - LONG count_lo, count_hi; /* 64-bit bit count */ - LONG data[16]; /* SHA data buffer */ -} SHA_INFO; - -void sha_init(SHA_INFO *); -void sha_update(SHA_INFO *, BYTE *, int); -void sha_final(SHA_INFO *); - -void sha_stream(SHA_INFO *, FILE *); -void sha_print(SHA_INFO *); - -#define USE_MODIFIED_SHA 1 - -#endif /* SHA_H */ +/* + * DH_csp.h - Diffie-Hellman Algorithm factory + */ + +#ifndef _DH_CSP_H_ +#define _DH_CSP_H_ + +#include +#include + +/* Can't include AppleCSPSession.h due to circular dependency */ +class AppleCSPSession; + +class DH_Factory : public AppleCSPAlgorithmFactory { +public: + DH_Factory(CssmAllocator *normAlloc = NULL, CssmAllocator *privAlloc = NULL); + ~DH_Factory(); + + bool setup( + AppleCSPSession &session, + CSPFullPluginSession::CSPContext * &cspCtx, + const Context &context); + + static void setNormAllocator(CssmAllocator *alloc) + { assert(!normAllocator); normAllocator = alloc; } + static void setPrivAllocator(CssmAllocator *alloc) + { assert(!privAllocator); privAllocator = alloc; } + + // memory allocators + static CssmAllocator *normAllocator; + static CssmAllocator *privAllocator; + +}; + +#endif /* _DH_CSP_H_ */ diff --git a/AppleCSP/DiffieHellman/DH_exchange.cpp b/AppleCSP/DiffieHellman/DH_exchange.cpp new file mode 100644 index 00000000..385f6490 --- /dev/null +++ b/AppleCSP/DiffieHellman/DH_exchange.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * DH_exchange.cp - Diffie-Hellman key exchange + */ + +#include "DH_exchange.h" +#include +#include +#include "DH_utils.h" +#include +#include + +void DeriveKey_DH ( + const Context &context, + const CssmData &Param, // other's public key + CSSM_DATA *keyData, // mallocd by caller + // we fill in keyData->Length bytes + AppleCSPSession &session) +{ + bool mallocdKey; + size_t privSize; + + /* private DH key from context */ + DH *privKey = contextToDhKey(context, session, CSSM_KEYUSE_DERIVE, + mallocdKey); + privSize = DH_size(privKey); + if(privSize < keyData->Length) { + /* we've been asked for more bits than this key can generate */ + CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE); + } + BIGNUM *pubKey = BN_bin2bn(Param.Data, Param.Length, NULL); + if(pubKey == NULL) { + CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); + } + unsigned char *buf = (unsigned char *)session.malloc(privSize); + int rtn = DH_compute_key(buf, pubKey, privKey); + if(rtn >= 0) { + /* + * FIXME : I have not found a specification describing *which* + * bytes of the value we just computed we are supposed to + * use as the actual key bytes. We use the M.S. bytes. + */ + memmove(keyData->Data, buf, keyData->Length); + } + if(mallocdKey) { + DH_free(privKey); + } + BN_free(pubKey); + session.free(buf); + if(rtn < 0) { + throwRsaDsa("DH_compute_key"); + } +} + diff --git a/SecurityServer/MacYarrow/YarrowServer/prefixRelease.h b/AppleCSP/DiffieHellman/DH_exchange.h similarity index 70% rename from SecurityServer/MacYarrow/YarrowServer/prefixRelease.h rename to AppleCSP/DiffieHellman/DH_exchange.h index 7c5ee212..a4146012 100644 --- a/SecurityServer/MacYarrow/YarrowServer/prefixRelease.h +++ b/AppleCSP/DiffieHellman/DH_exchange.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -16,4 +16,19 @@ */ -#define DEBUG 0 +/* + * DH_exchange.h - Diffie-Hellman key exchange + */ + +#ifndef _DH_EXCHANGE_H_ +#define _DH_EXCHANGE_H_ + +#include + +void DeriveKey_DH ( + const Context &context, + const CssmData &Param, + CSSM_DATA *keyData, + AppleCSPSession &session); + +#endif /* _DH_EXCHANGE_H_ */ diff --git a/AppleCSP/DiffieHellman/DH_keys.cpp b/AppleCSP/DiffieHellman/DH_keys.cpp new file mode 100644 index 00000000..02022c5a --- /dev/null +++ b/AppleCSP/DiffieHellman/DH_keys.cpp @@ -0,0 +1,514 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * DH_keys.cpp - Diffie-Hellman key pair support. + */ + +#include "DH_keys.h" +#include "DH_utils.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define dhKeyDebug(args...) debug("dhKey", ## args) + +/* + * FIXME - the CDSA Algorithm Guide claims that the incoming params argument + * for a GenerateAlgorithmParameters call is ignored for D-H. This means + * that there is no way for the caller to specify 'g' (typically 2, 3, or + * 5). This seems WAY bogus but we'll code to the spec for now, assuming + * a hard-coded default generator. + */ +#define DH_GENERATOR_DEFAULT DH_GENERATOR_2 + + +/*** + *** Diffie-Hellman-style BinaryKey + ***/ + +/* constructor with optional existing RSA key */ +DHBinaryKey::DHBinaryKey(DH *dhKey) + : mDhKey(dhKey) +{ + mPubKey.Data = NULL; + mPubKey.Length = 0; +} + +DHBinaryKey::DHBinaryKey(const CSSM_DATA *pubBlob) + : mDhKey(NULL) +{ + setPubBlob(pubBlob); +} + +DHBinaryKey::~DHBinaryKey() +{ + if(mDhKey) { + assert(mPubKey.Data == NULL); + DH_free(mDhKey); + mDhKey = NULL; + } + if(mPubKey.Data) { + assert(mDhKey == NULL); + DH_Factory::privAllocator->free(mPubKey.Data); + mPubKey.Data = NULL; + mPubKey.Length = 0; + } +} + +void DHBinaryKey::generateKeyBlob( + CssmAllocator &allocator, + CssmData &blob, + CSSM_KEYBLOB_FORMAT &format) +{ + switch(mKeyHeader.KeyClass) { + case CSSM_KEYCLASS_PUBLIC_KEY: + { + /* trivial case, just copy the public blob */ + assert(mDhKey == NULL); + assert(mPubKey.Data != NULL); + format = DH_PUB_KEY_FORMAT; + copyCssmData(CssmData::overlay(mPubKey), blob, allocator); + break; + } + case CSSM_KEYCLASS_PRIVATE_KEY: + { + assert(mDhKey != NULL); + assert(mPubKey.Data == NULL); + format = DH_PRIV_KEY_FORMAT; + CssmAutoData encodedKey(allocator); + CSSM_RETURN crtn = DHPrivateKeyEncode(mDhKey, encodedKey); + if(crtn) { + CssmError::throwMe(crtn); + } + blob = encodedKey.release(); + break; + } + default: + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + } +} + +/* for importing.... */ +void DHBinaryKey::setPubBlob(const CSSM_DATA *pubBlob) +{ + assert(mDhKey == NULL); + assert(mPubKey.Data == NULL); + setUpData(mPubKey, pubBlob->Length, *DH_Factory::privAllocator); + memmove(mPubKey.Data, pubBlob->Data, pubBlob->Length); +} + +/* for creating from a full DH private key... */ +void DHBinaryKey::setPubBlob(DH *privKey) +{ + assert(mDhKey == NULL); + assert(mPubKey.Data == NULL); + setUpData(mPubKey, BN_num_bytes(privKey->pub_key), + *DH_Factory::privAllocator); + BN_bn2bin(privKey->pub_key, mPubKey.Data); +} + +/*** + *** Diffie-Hellman style AppleKeyPairGenContext + ***/ + +/* + * This one is specified in, and called from, CSPFullPluginSession. Our + * only job is to prepare two subclass-specific BinaryKeys and call up to + * AppleKeyPairGenContext. + */ +void DHKeyPairGenContext::generate( + const Context &context, + CssmKey &pubKey, + CssmKey &privKey) +{ + DHBinaryKey *pubBinKey = new DHBinaryKey(); + DHBinaryKey *privBinKey = new DHBinaryKey(); + + try { + AppleKeyPairGenContext::generate(context, + session(), + pubKey, + pubBinKey, + privKey, + privBinKey); + } + catch (...) { + delete pubBinKey; + delete privBinKey; + throw; + } +} + +/* + * obtain a 32-bit integer from a BigIntegerStr. + */ +static uint32 bigIntStrToInt( + const BigIntegerStr &bint, + CSSM_RETURN toThrow) // throws this if out of range +{ + size_t bytes = bint.Len(); + if(bytes > 4) { + dhKeyDebug("DH integer overflow"); + if(toThrow) { + CssmError::throwMe(toThrow); + } + else { + return 0; + } + } + uint32 rtn = 0; + const unsigned char *uo = (const unsigned char *)bint.Octs(); + for(size_t i=0; i(pubBinKey); + DHBinaryKey &rPrivBinKey = + dynamic_cast(privBinKey); + + /* + * Parameters from context: + * Key size in bits, required; + * {p,g,privKeyLength} from generateParams, optional + * NOTE: currently the openssl D-H imnplementation ignores the + * privKeyLength field. + */ + keyBits = context.getInt(CSSM_ATTRIBUTE_KEY_LENGTH, + CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH); + CssmData *paramData = context.get(CSSM_ATTRIBUTE_ALG_PARAMS); + + DHParameterBlock algParamBlock; + DHParameter *algParams = NULL; + uint32 privValueLen = 0; // only nonzero from externally generated + // params + + if(paramData != NULL) { + /* this contains the DER encoding of a DHParameterBlock */ + try { + SC_decodeAsnObj(*paramData, algParamBlock); + } + catch(...) { + /* + * CDSA Extension: the CDSA Algorithm Guide says that the D-H + * parameter block is supposed to be wrapped with its accompanying + * OID. However Openssl does not do this; it just exports + * an encoded DHParameter rather than a DHParameterBlock. + * For compatibility we'll try decoding the parameters as one + * of these. + */ + if(algParamBlock.params) { + delete algParamBlock.params; + algParamBlock.params = NULL; + } + algParamBlock.params = new DHParameter; + try { + SC_decodeAsnObj(*paramData, *algParamBlock.params); + dhKeyDebug("Trying openssl-style DH param decoding"); + } + catch(...) { + dhKeyDebug("openssl-style DH param decoding FAILED"); + CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS); + } + } + + algParams = algParamBlock.params; + if(algParams == NULL) { + dhKeyDebug("Bad DH param decoding"); + CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS); + } + + /* snag the optional private key length field */ + if(algParams->privateValueLength) { + privValueLen = bigIntStrToInt(*algParams->privateValueLength, + CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS); + } + + /* ensure caller's key size matches the incoming params */ + uint32 paramKeyBytes; + if(privValueLen) { + paramKeyBytes = (privValueLen + 7) / 8; + } + else { + paramKeyBytes = algParams->prime.Len(); + /* trim off possible m.s. byte of zero */ + const unsigned char *uo = + (const unsigned char *)algParams->prime.Octs(); + if(*uo == 0) { + paramKeyBytes--; + } + } + uint32 reqBytes = (keyBits + 7) / 8; + if(paramKeyBytes != reqBytes) { + dhKeyDebug("DH key size mismatch (req %d param %d)", + (int)reqBytes, (int)paramKeyBytes); + CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE); + } + } + else { + /* no alg params specified; generate them now */ + dhKeyDebug("DH implicit alg param calculation"); + algParamBlock.params = new DHParameter; + algParams = algParamBlock.params; + dhGenParams(keyBits, DH_GENERATOR_DEFAULT, 0, *algParams); + } + + /* create key, stuff params into it */ + rPrivBinKey.mDhKey = DH_new(); + if(rPrivBinKey.mDhKey == NULL) { + CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); + } + DH *dhKey = rPrivBinKey.mDhKey; + dhKey->p = bigIntStrToBn(algParams->prime); + dhKey->g = bigIntStrToBn(algParams->base); + dhKey->length = privValueLen; + + /* generate the key (both public and private capabilities) */ + int irtn = DH_generate_key(dhKey); + if(!irtn) { + throwRsaDsa("DH_generate_key"); + } + + /* public key just a blob */ + rPubBinKey.setPubBlob(dhKey); +} + + + +/*** + *** Diffie-Hellman CSPKeyInfoProvider. + ***/ +DHKeyInfoProvider::DHKeyInfoProvider( + const CssmKey &cssmKey) : + CSPKeyInfoProvider(cssmKey) +{ + switch(cssmKey.algorithm()) { + case CSSM_ALGID_DH: + break; + default: + CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); + } + switch(cssmKey.keyClass()) { + case CSSM_KEYCLASS_PUBLIC_KEY: + case CSSM_KEYCLASS_PRIVATE_KEY: + break; + default: + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + } + /* OK, we'll handle this one */ + return; +} + +/* Given a raw key, cook up a Binary key */ +void DHKeyInfoProvider::CssmKeyToBinary( + BinaryKey **binKey) +{ + *binKey = NULL; + + assert(mKey.blobType() == CSSM_KEYBLOB_RAW); + switch(mKey.keyClass()) { + case CSSM_KEYCLASS_PUBLIC_KEY: + { + /* trivial case - no DH * */ + DHBinaryKey *dhKey = new DHBinaryKey(&mKey.KeyData); + *binKey = dhKey; + break; + } + case CSSM_KEYCLASS_PRIVATE_KEY: + { + /* first cook up an DH key, then drop that into a BinaryKey */ + DH *dhKey = rawCssmKeyToDh(mKey); + DHBinaryKey *dhBinKey = new DHBinaryKey(dhKey); + *binKey = dhBinKey; + break; + } + default: + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + } +} + +/* + * Obtain key size in bits. + * FIXME - I doubt that this is, or can be, exactly accurate..... + */ +void DHKeyInfoProvider::QueryKeySizeInBits( + CSSM_KEY_SIZE &keySize) +{ + uint32 numBits = 0; + + if(mKey.blobType() != CSSM_KEYBLOB_RAW) { + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); + } + switch(mKey.keyClass()) { + case CSSM_KEYCLASS_PUBLIC_KEY: + /* trivial case */ + numBits = mKey.KeyData.Length * 8; + break; + case CSSM_KEYCLASS_PRIVATE_KEY: + { + DH *dhKey = rawCssmKeyToDh(mKey); + numBits = DH_size(dhKey) * 8; + DH_free(dhKey); + break; + } + default: + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + } + keySize.LogicalKeySizeInBits = numBits; + keySize.EffectiveKeySizeInBits = numBits; +} + + +/* + * Generate keygen parameters, stash them in a context attr array for later use + * when actually generating the keys. + */ + +void DHKeyPairGenContext::generate( + const Context &context, + uint32 bitSize, + CssmData ¶ms, // RETURNED here, + uint32 &attrCount, // here, + Context::Attr * &attrs) // and here +{ + /* generate the params */ + DHParameterBlock algParamBlock; + algParamBlock.params = new DHParameter; + DHParameter *algParams = algParamBlock.params; + dhGenParams(bitSize, DH_GENERATOR_DEFAULT, 0, *algParams); + + /* drop in the required OID */ + algParamBlock.oid.Set(pkcs_3_arc); + + /* + * Here comes the fun part. + * We "return" the DER encoding of these generated params in two ways: + * 1. Copy out to app via the params argument, mallocing if Data ptr is NULL. + * The app must free this. + * 2. Cook up a 1-element Context::attr array containing one ALG_PARAM attr, + * a CSSM_DATA_PTR containing the DER encoding. We have to save a ptr to + * this attr array and free it, the CSSM_DATA it points to, and the DER + * encoding *that* points to, in our destructor. + * + * First, DER encode. + */ + size_t maxSize = sizeofBigInt(algParams->prime) + + sizeofBigInt(algParams->base) + + 30; // includes oid, tag, length + if(algParams->privateValueLength) { + maxSize += sizeofBigInt(*algParams->privateValueLength); + } + CssmAutoData aDerData(session()); + SC_encodeAsnObj(algParamBlock, aDerData, maxSize); + + /* copy/release that into a mallocd CSSM_DATA. */ + CSSM_DATA_PTR derData = (CSSM_DATA_PTR)session().malloc(sizeof(CSSM_DATA)); + *derData = aDerData.release(); + + /* stuff that into a one-element Attr array which we keep after returning */ + freeGenAttrs(); + mGenAttrs = (Context::Attr *)session().malloc(sizeof(Context::Attr)); + mGenAttrs->AttributeType = CSSM_ATTRIBUTE_ALG_PARAMS; + mGenAttrs->AttributeLength = sizeof(CSSM_DATA); + mGenAttrs->Attribute.Data = derData; + + /* and "return" this stuff */ + copyCssmData(CssmData::overlay(*derData), params, session()); + attrCount = 1; + attrs = mGenAttrs; +} + +/* free mGenAttrs and its referents if present */ +void DHKeyPairGenContext::freeGenAttrs() +{ + if(mGenAttrs == NULL) { + return; + } + if(mGenAttrs->Attribute.Data) { + if(mGenAttrs->Attribute.Data->Data) { + session().free(mGenAttrs->Attribute.Data->Data); + } + session().free(mGenAttrs->Attribute.Data); + } + session().free(mGenAttrs); +} + +/* + * Generate DSA algorithm parameters returning result + * into DHParameter.{prime,base,privateValueLength]. + * This is called from both GenerateParameters and from + * KeyPairGenerate (if no GenerateParameters has yet been called). + * + * FIXME - privateValueLength not implemented in openssl, not here + * either for now. + */ + +void DHKeyPairGenContext::dhGenParams( + uint32 keySizeInBits, + unsigned g, // probably should be BIGNUM + int privValueLength, // optional + DHParameter &algParams) +{ + /* validate key size */ + if((keySizeInBits < DH_MIN_KEY_SIZE) || + (keySizeInBits > DH_MAX_KEY_SIZE)) { + CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH); + } + + /* create an openssl-style DH key with minimal setup */ + DH *dhKey = DH_generate_parameters(keySizeInBits, g, NULL, NULL); + if(dhKey == NULL) { + throwRsaDsa("DSA_generate_parameters"); + } + + /* stuff dhKey->{p,g,length}] into a caller's DSAAlgParams */ + bnToBigIntStr(dhKey->p, algParams.prime); + bnToBigIntStr(dhKey->g, algParams.base); + if(privValueLength) { + algParams.privateValueLength = new BigIntegerStr(); + snaccIntToBigIntegerStr(g, *algParams.privateValueLength); + } + DH_free(dhKey); +} + diff --git a/AppleCSP/DiffieHellman/DH_keys.h b/AppleCSP/DiffieHellman/DH_keys.h new file mode 100644 index 00000000..1ed8a4b5 --- /dev/null +++ b/AppleCSP/DiffieHellman/DH_keys.h @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * DH_keys.h - Diffie-Hellman key pair support + */ + +#ifndef _DH_KEYS_H_ +#define _DH_KEYS_H_ + +#include +#include +#include +#include +#include +#include +#include + +#define DH_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS3 +#define DH_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS3 + +#define DH_MIN_KEY_SIZE 512 /* FIXME */ +#define DH_MAX_KEY_SIZE 2048 + +/* + * Diffie-Hellman version of a BinaryKey. + */ +class DHBinaryKey : public BinaryKey { +public: + DHBinaryKey(DH *dhKey = NULL); // for private key + DHBinaryKey(const CSSM_DATA *pubBlob); // for public key + ~DHBinaryKey(); + void generateKeyBlob( + CssmAllocator &allocator, + CssmData &blob, + CSSM_KEYBLOB_FORMAT &format); + + void setPubBlob(const CSSM_DATA *pubBlob); + void setPubBlob(DH *privKey); + + /* + * At most one of these is valid - a DH for a private key, + * CSSM_DATA for public. + */ + DH *mDhKey; + CSSM_DATA mPubKey; +}; + +class DHKeyPairGenContext : + public AppleCSPContext, private AppleKeyPairGenContext { +public: + DHKeyPairGenContext( + AppleCSPSession &session, + const Context &) : + AppleCSPContext(session), + mGenAttrs(NULL) {} + + ~DHKeyPairGenContext() { freeGenAttrs(); } + + // no init functionality, but we need to implement it + void init( + const Context &, + bool) { } + + // this one is specified in, and called from, CSPFullPluginSession + void generate( + const Context &context, + CssmKey &pubKey, + CssmKey &privKey); + + // this one is specified in, and called from, AppleKeyPairGenContext + void generate( + const Context &context, + BinaryKey &pubBinKey, + BinaryKey &privBinKey, + uint32 &keySize); + + // specified in, and called from, CSPFullPluginSessionÊ- generate parameters + void generate( + const Context &context, + uint32 bitSize, + CssmData ¶ms, + uint32 &attrCount, + Context::Attr * &attrs); + + /* + * Necessary to handle and deflect "context changed" notification which occurs + * after the strange return from "generate parameters", when the plugin adds + * the "returned" values to the Context. + */ + bool changed(const Context &context) { return true; } + + void dhGenParams( + uint32 keySizeInBits, + unsigned g, // probably should be BIGNUM + int privValueLength, // optional + DHParameter &algParams); + +private: + /* gross hack to store attributes "returned" from GenParams */ + Context::Attr *mGenAttrs; + void freeGenAttrs(); +}; /* DHKeyPairGenContext */ + +/* + * CSPKeyInfoProvider for Diffie-Hellman keys + */ +class DHKeyInfoProvider : public CSPKeyInfoProvider +{ +public: + DHKeyInfoProvider( + const CssmKey &cssmKey); + ~DHKeyInfoProvider() { } + void CssmKeyToBinary( + BinaryKey **binKey); // RETURNED + void QueryKeySizeInBits( + CSSM_KEY_SIZE &keySize); // RETURNED +}; + +#endif /* _DH_KEYS_H_ */ diff --git a/AppleCSP/DiffieHellman/DH_utils.cpp b/AppleCSP/DiffieHellman/DH_utils.cpp new file mode 100644 index 00000000..c1ecce3f --- /dev/null +++ b/AppleCSP/DiffieHellman/DH_utils.cpp @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * DH_utils.cpp + */ + +#include "DH_utils.h" +#include "DH_keys.h" +#include +#include +#include +#include +#include +#include +#include + +#define dhMiscDebug(args...) debug("dhMisc", ## args) + +/* + * Given a Context: + * -- obtain CSSM key (there must only be one) + * -- validate keyClass - MUST be private! (DH public keys are never found + * in contexts.) + * -- validate keyUsage + * -- convert to DH *, allocating the DH key if necessary + */ +DH *contextToDhKey( + const Context &context, + AppleCSPSession &session, + CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc. + bool &mallocdKey) // RETURNED +{ + CssmKey &cssmKey = + context.get(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); + const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader; + if(hdr.AlgorithmId != CSSM_ALGID_DH) { + CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH); + } + if(hdr.KeyClass != CSSM_KEYCLASS_PRIVATE_KEY) { + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + } + cspValidateIntendedKeyUsage(&hdr, usage); + return cssmKeyToDh(cssmKey, session, mallocdKey); +} +/* + * Convert a CssmKey (Private only!) to an DH * key. May result in the + * creation of a new DH (when cssmKey is a raw key); allocdKey is true + * in that case in which case the caller generally has to free the allocd key). + */ +DH *cssmKeyToDh( + const CssmKey &cssmKey, + AppleCSPSession &session, + bool &allocdKey) // RETURNED +{ + DH *dhKey = NULL; + allocdKey = false; + + const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; + if(hdr->AlgorithmId != CSSM_ALGID_DH) { + // someone else's key (should never happen) + CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); + } + assert(hdr->KeyClass == CSSM_KEYCLASS_PRIVATE_KEY); + switch(hdr->BlobType) { + case CSSM_KEYBLOB_RAW: + dhKey = rawCssmKeyToDh(cssmKey); + allocdKey = true; + break; + case CSSM_KEYBLOB_REFERENCE: + { + BinaryKey &binKey = session.lookupRefKey(cssmKey); + DHBinaryKey *dhBinKey = dynamic_cast(&binKey); + /* this cast failing means that this is some other + * kind of binary key */ + if(dhBinKey == NULL) { + dhMiscDebug("cssmKeyToDh: wrong BinaryKey subclass\n"); + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); + } + assert(dhBinKey->mDhKey != NULL); + dhKey = dhBinKey->mDhKey; + break; + } + default: + CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT); + } + return dhKey; +} + +/* + * Convert a raw CssmKey (Private only!) to a newly alloc'd DH key. + */ +DH *rawCssmKeyToDh( + const CssmKey &cssmKey) +{ + const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader; + + if(hdr->AlgorithmId != CSSM_ALGID_DH) { + // someone else's key (should never happen) + CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); + } + assert(hdr->BlobType == CSSM_KEYBLOB_RAW); + assert(hdr->KeyClass == CSSM_KEYCLASS_PRIVATE_KEY); + if(hdr->Format != DH_PRIV_KEY_FORMAT) { + CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT); + } + + DH *dhKey = DH_new(); + if(dhKey == NULL) { + CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); + } + CSSM_RETURN crtn; + crtn = DHPrivateKeyDecode(dhKey, + cssmKey.KeyData.Data, + cssmKey.KeyData.Length); + if(crtn) { + CssmError::throwMe(crtn); + } + return dhKey; +} + diff --git a/AppleCSP/DiffieHellman/DH_utils.h b/AppleCSP/DiffieHellman/DH_utils.h new file mode 100644 index 00000000..7a079935 --- /dev/null +++ b/AppleCSP/DiffieHellman/DH_utils.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * DH_utils.h + */ +#ifndef _DH_UTILS_H_ +#define _DH_UTILS_H_ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +void throwDh( + const char *op); + +/* + * Given a Context: + * -- obtain CSSM key (there must only be one) + * -- validate keyClass - MUST be private! (DH public keys are never found + * in contexts.) + * -- validate keyUsage + * -- convert to DH *, allocating the DH key if necessary + */ +DH *contextToDhKey( + const Context &context, + AppleCSPSession &session, + CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc. + bool &mallocdKey); // RETURNED + +/* + * Convert a CssmKey to an DH * key. May result in the creation of a new + * DH (when cssmKey is a raw key); allocdKey is true in that case + * in which case the caller generally has to free the allocd key). + */ +DH *cssmKeyToDh( + const CssmKey &cssmKey, + AppleCSPSession &session, + bool &allocdKey); // RETURNED + +/* + * Convert a raw CssmKey to a newly alloc'd DH *. + */ +DH *rawCssmKeyToDh( + const CssmKey &cssmKey); + + +#ifdef __cplusplus +} +#endif + +#endif /*_DH_UTILS_H_ */ diff --git a/AppleCSP/MiscCSPAlgs/DES.c b/AppleCSP/MiscCSPAlgs/DES.c index 7f7d23d7..f3d65225 100644 --- a/AppleCSP/MiscCSPAlgs/DES.c +++ b/AppleCSP/MiscCSPAlgs/DES.c @@ -27,7 +27,13 @@ * Created. */ +#ifdef CRYPTKIT_CSP_ENABLE +/* CryptKit compiled in; secure malloc available */ #define STATIC_PERMS 0 +#else +/* Statically allocated lookup tables */ +#define STATIC_PERMS 1 +#endif /* CRYPTKIT_CSP_ENABLE */ #include "DES.h" #if !STATIC_PERMS diff --git a/AppleCSP/MiscCSPAlgs/DigestContext.cpp b/AppleCSP/MiscCSPAlgs/DigestContext.cpp index be76041e..65ae21ae 100644 --- a/AppleCSP/MiscCSPAlgs/DigestContext.cpp +++ b/AppleCSP/MiscCSPAlgs/DigestContext.cpp @@ -42,6 +42,15 @@ void DigestContext::final(CssmData &data) mDigest.digestFinal((UInt8 *)data.data()); } +CSPFullPluginSession::CSPContext *DigestContext::clone(CssmAllocator &) +{ + /* first clone the low-level digest object */ + DigestObject *newDigest = mDigest.digestClone(); + + /* now construct a new context */ + return new DigestContext(session(), *newDigest); +} + size_t DigestContext::outputSize(bool, size_t) { return mDigest.digestSizeInBytes(); diff --git a/AppleCSP/MiscCSPAlgs/DigestContext.h b/AppleCSP/MiscCSPAlgs/DigestContext.h index 5083ccb2..2d43f8ca 100644 --- a/AppleCSP/MiscCSPAlgs/DigestContext.h +++ b/AppleCSP/MiscCSPAlgs/DigestContext.h @@ -23,7 +23,7 @@ #ifndef _DIGEST_CONTEXT_H_ #define _DIGEST_CONTEXT_H_ -#include +#include #include "AppleCSPContext.h" #include @@ -42,6 +42,7 @@ public: void init(const Context &context, bool); void update(const CssmData &data); void final(CssmData &data); + CSPFullPluginSession::CSPContext *clone(CssmAllocator &); // clone internal state size_t outputSize(bool, size_t); private: diff --git a/AppleCSP/MiscCSPAlgs/MD2Object.cpp b/AppleCSP/MiscCSPAlgs/MD2Object.cpp index 0042b369..b83b8aad 100644 --- a/AppleCSP/MiscCSPAlgs/MD2Object.cpp +++ b/AppleCSP/MiscCSPAlgs/MD2Object.cpp @@ -48,6 +48,12 @@ void MD2Object::digestFinal( setIsDone(true); } +/* use default memberwise init */ +DigestObject *MD2Object::digestClone() const +{ + return new MD2Object(*this); +} + UInt32 MD2Object::digestSizeInBytes() const { return MD2_DIGEST_LENGTH; diff --git a/AppleCSP/MiscCSPAlgs/MD2Object.h b/AppleCSP/MiscCSPAlgs/MD2Object.h index a70d7cab..edff7d4a 100644 --- a/AppleCSP/MiscCSPAlgs/MD2Object.h +++ b/AppleCSP/MiscCSPAlgs/MD2Object.h @@ -24,7 +24,7 @@ #define _MD2_OBJECT_H_ #include -#include +#include #include class MD2Object : public DigestObject @@ -38,6 +38,7 @@ public: size_t len); virtual void digestFinal( void *digest); + virtual DigestObject *digestClone() const; virtual size_t digestSizeInBytes() const; private: MD2_CTX mCtx; diff --git a/AppleCSP/MiscCSPAlgs/MD5.c b/AppleCSP/MiscCSPAlgs/MD5.c index baf80ad7..dacd82ea 100644 --- a/AppleCSP/MiscCSPAlgs/MD5.c +++ b/AppleCSP/MiscCSPAlgs/MD5.c @@ -201,7 +201,7 @@ void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ -void MD5Final(unsigned char *digest, struct MD5Context *ctx) +void MD5Final(struct MD5Context *ctx, unsigned char *digest) { unsigned count; unsigned char *p; diff --git a/AppleCSP/MiscCSPAlgs/MD5.h b/AppleCSP/MiscCSPAlgs/MD5.h index 04e1f5f7..38fcd841 100644 --- a/AppleCSP/MiscCSPAlgs/MD5.h +++ b/AppleCSP/MiscCSPAlgs/MD5.h @@ -53,7 +53,7 @@ struct MD5Context { void MD5Init(struct MD5Context *context); void MD5Update(struct MD5Context *context, unsigned char const *buf, unsigned len); -void MD5Final(unsigned char *digest, struct MD5Context *context); +void MD5Final(struct MD5Context *context, unsigned char *digest); /* * This is needed to make RSAREF happy on some MS-DOS compilers. diff --git a/AppleCSP/MiscCSPAlgs/MacContext.cpp b/AppleCSP/MiscCSPAlgs/MacContext.cpp index 2d41ae2d..1d2ee434 100644 --- a/AppleCSP/MiscCSPAlgs/MacContext.cpp +++ b/AppleCSP/MiscCSPAlgs/MacContext.cpp @@ -50,14 +50,29 @@ void MacContext::init(const Context &context, bool isSigning) UInt32 keyLen; UInt8 *keyData = NULL; - symmetricKeyBits(context, CSSM_ALGID_SHA1HMAC, + symmetricKeyBits(context, mAlg, isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY, keyData, keyLen); - if((keyLen < HMAC_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) { + UInt32 minKey = 0; + switch(mAlg) { + case CSSM_ALGID_SHA1HMAC: + minKey = HMAC_SHA_MIN_KEY_SIZE; + mDigestSize = kHMACSHA1DigestSize; + break; + case CSSM_ALGID_MD5HMAC: + minKey = HMAC_MD5_MIN_KEY_SIZE; + mDigestSize = kHMACMD5DigestSize; + break; + default: + assert(0); // factory should not have called us + CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); + } + if((keyLen < minKey) || (keyLen > HMAC_MAX_KEY_SIZE)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } - CSSM_RETURN crtn = hmacInit(mHmac, keyData, keyLen); + CSSM_RETURN crtn = hmacInit(mHmac, keyData, keyLen, + (mAlg == CSSM_ALGID_SHA1HMAC) ? CSSM_TRUE : CSSM_FALSE); if(crtn) { CssmError::throwMe(crtn); } @@ -76,7 +91,7 @@ void MacContext::update(const CssmData &data) /* generate only */ void MacContext::final(CssmData &out) { - if(out.length() < kHMACSHA1DigestSize) { + if(out.length() < mDigestSize) { CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); } hmacFinal(mHmac, out.data()); @@ -87,14 +102,14 @@ void MacContext::final(const CssmData &in) { unsigned char mac[kHMACSHA1DigestSize]; hmacFinal(mHmac, mac); - if(memcmp(mac, in.data(), kHMACSHA1DigestSize)) { + if(memcmp(mac, in.data(), mDigestSize)) { CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED); } } size_t MacContext::outputSize(bool final, size_t inSize) { - return kHMACSHA1DigestSize; + return mDigestSize; } #ifdef CRYPTKIT_CSP_ENABLE @@ -126,7 +141,7 @@ void MacLegacyContext::init(const Context &context, bool isSigning) symmetricKeyBits(context, CSSM_ALGID_SHA1HMAC, isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY, keyData, keyLen); - if((keyLen < HMAC_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) { + if((keyLen < HMAC_SHA_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) { CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY); } diff --git a/AppleCSP/MiscCSPAlgs/MacContext.h b/AppleCSP/MiscCSPAlgs/MacContext.h index 4825e255..126052d5 100644 --- a/AppleCSP/MiscCSPAlgs/MacContext.h +++ b/AppleCSP/MiscCSPAlgs/MacContext.h @@ -16,7 +16,7 @@ */ /* - * MacContext.h - AppleCSPContext for HMACSHA1 + * MacContext.h - AppleCSPContext for HMAC{SHA1,MD5} */ #ifndef _MAC_CONTEXT_H_ @@ -25,15 +25,25 @@ #include #include -#define HMAC_MIN_KEY_SIZE 20 /* in bytes */ +/* + * TLS Export Ciphers require HMAC calculation with a secret key + * size of 0 bytes. We'd really like to enforce a minimum key size equal + * the digest size, per RFC 2104, but TLS precludes that. + */ +#define HMAC_MIN_KEY_SIZE 0 +#define HMAC_SHA_MIN_KEY_SIZE HMAC_MIN_KEY_SIZE +#define HMAC_MD5_MIN_KEY_SIZE HMAC_MIN_KEY_SIZE #define HMAC_MAX_KEY_SIZE 2048 - class MacContext : public AppleCSPContext { public: MacContext( - AppleCSPSession &session) : - AppleCSPContext(session), mHmac(NULL) { } + AppleCSPSession &session, + CSSM_ALGORITHMS alg) : + AppleCSPContext(session), + mHmac(NULL), + mAlg(alg), + mDigestSize(0) { } ~MacContext(); /* called out from CSPFullPluginSession.... @@ -51,6 +61,8 @@ public: private: hmacContextRef mHmac; + CSSM_ALGORITHMS mAlg; + UInt32 mDigestSize; }; #ifdef CRYPTKIT_CSP_ENABLE @@ -61,7 +73,8 @@ private: class MacLegacyContext : public AppleCSPContext { public: MacLegacyContext( - AppleCSPSession &session) : + AppleCSPSession &session, + CSSM_ALGORITHMS alg) : AppleCSPContext(session), mHmac(NULL) { } ~MacLegacyContext(); diff --git a/AppleCSP/MiscCSPAlgs/NullCryptor.h b/AppleCSP/MiscCSPAlgs/NullCryptor.h new file mode 100644 index 00000000..92056fc7 --- /dev/null +++ b/AppleCSP/MiscCSPAlgs/NullCryptor.h @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * NullCryptor.h - null symmetric encryptor for measurement only + * Written by Doug Mitchell 12/17/2001 + */ +#ifndef _NULL_CRYPTOR_H_ +#define _NULL_CRYPTOR_H_ + +/* + * DO NOT DEFINE THIS SYMBOL TRUE FOR CODE CHECKED IN TO CVS + */ +#define NULL_CRYPT_ENABLE 0 + +#if NULL_CRYPT_ENABLE + +#include +#include "AppleCSP.h" +#include "AppleCSPContext.h" +#include "AppleCSPSession.h" +#include "BlockCryptor.h" + +#define NULL_CRYPT_BLOCK_SIZE 16 + +class NullCryptor : public BlockCryptor { +public: + NullCryptor(AppleCSPSession &session) : + BlockCryptor(session), + mInitFlag(false) { } + ~NullCryptor() { } + + // called by CSPFullPluginSession + void init(const Context &context, bool encoding = true) + { + if(mInitFlag && !opStarted()) { + return; + } + /* Just have BlockCryptor do its setup */ + setup(NULL_CRYPT_BLOCK_SIZE, context); + mInitFlag = true; + } + + // called by BlockCryptor + void encryptBlock( + const void *plainText, // length implied (one block) + size_t plainTextLen, + void *cipherText, + size_t &cipherTextLen, // in/out, throws on overflow + bool final) + { + memmove(cipherText, plainText, NULL_CRYPT_BLOCK_SIZE); + cipherTextLen = NULL_CRYPT_BLOCK_SIZE; + } + + void decryptBlock( + const void *cipherText, // length implied (one cipher block) + void *plainText, + size_t &plainTextLen, // in/out, throws on overflow + bool final) + { + memmove(plainText, cipherText, NULL_CRYPT_BLOCK_SIZE); + plainTextLen = NULL_CRYPT_BLOCK_SIZE; + } + +private: + bool mInitFlag; // for easy reuse + +}; /* NullCryptor */ + +#endif /* NULL_CRYPT_ENABLE */ + +#endif //_NULL_CRYPTOR_H_ diff --git a/AppleCSP/MiscCSPAlgs/SHA1.c b/AppleCSP/MiscCSPAlgs/SHA1.c index ef94aa23..196125af 100644 --- a/AppleCSP/MiscCSPAlgs/SHA1.c +++ b/AppleCSP/MiscCSPAlgs/SHA1.c @@ -20,7 +20,7 @@ #include "SHA1.h" #include "SHA1_priv.h" -#include "platform.h" +#include /* for now map falloc to malloc, FIXME */ #include @@ -162,6 +162,14 @@ unsigned char *sha1Digest(sha1Obj sha1) return (unsigned char *)sinst->context.digest; } +/* As above, with copy. */ +void sha1GetDigest(sha1Obj sha1, + unsigned char *digest) +{ + unsigned char *dig = sha1Digest(sha1); + memmove(digest, dig, SHS_DIGESTSIZE); +} + unsigned sha1DigestLen(void) { return SHS_DIGESTSIZE; diff --git a/AppleCSP/MiscCSPAlgs/SHA1.h b/AppleCSP/MiscCSPAlgs/SHA1.h index 823ff6b5..1d31a6ac 100644 --- a/AppleCSP/MiscCSPAlgs/SHA1.h +++ b/AppleCSP/MiscCSPAlgs/SHA1.h @@ -57,6 +57,10 @@ void sha1AddData(sha1Obj sha1, */ unsigned char *sha1Digest(sha1Obj sha1); +/* As above, with copy. */ +void sha1GetDigest(sha1Obj sha1, + unsigned char *digest); + /* * Obtain the length of the message digest. */ diff --git a/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp b/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp index 978d0099..c83c0bbd 100644 --- a/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp +++ b/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.cpp @@ -51,10 +51,16 @@ void MD5Object::digestFinal( if(mIsDone) { throw std::runtime_error("MD5 digestFinal after final"); } - MD5Final((unsigned char *)digest, &mCtx); + MD5Final(&mCtx, (unsigned char *)digest); mIsDone = true; } +/* use default memberwise init */ +DigestObject *MD5Object::digestClone() const +{ + return new MD5Object(*this); +} + UInt32 MD5Object::digestSizeInBytes() const { return MD5_DIGEST_SIZE; @@ -127,6 +133,12 @@ void SHA1Object::digestFinal( mIsDone = true; } +/* use default memberwise init */ +DigestObject *SHA1Object::digestClone() const +{ + return new SHA1Object(*this); +} + UInt32 SHA1Object::digestSizeInBytes() const { return SHS_DIGESTSIZE; diff --git a/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h b/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h index 458cb127..fc22114e 100644 --- a/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h +++ b/AppleCSP/MiscCSPAlgs/SHA1_MD5_Object.h @@ -26,9 +26,9 @@ #define _SHA1_MD5_OBJECT_H_ #include -#include +#include #include -#include +#include class SHA1Object : public DigestObject { @@ -41,6 +41,7 @@ public: size_t len); virtual void digestFinal( void *digest); + virtual DigestObject *digestClone() const; virtual size_t digestSizeInBytes() const; private: SHS_INFO mCtx; @@ -60,6 +61,7 @@ public: size_t len); virtual void digestFinal( void *digest); + virtual DigestObject *digestClone() const; virtual size_t digestSizeInBytes() const; private: MD5Context mCtx; diff --git a/AppleCSP/MiscCSPAlgs/SHA1_priv.c b/AppleCSP/MiscCSPAlgs/SHA1_priv.c index e8279988..7ca0e398 100644 --- a/AppleCSP/MiscCSPAlgs/SHA1_priv.c +++ b/AppleCSP/MiscCSPAlgs/SHA1_priv.c @@ -28,7 +28,6 @@ #include "SHA1_priv.h" -#include "platform.h" #include /* The SHS f()-functions */ diff --git a/AppleCSP/MiscCSPAlgs/desContext.cpp b/AppleCSP/MiscCSPAlgs/desContext.cpp index 8913a57f..dfa759c8 100644 --- a/AppleCSP/MiscCSPAlgs/desContext.cpp +++ b/AppleCSP/MiscCSPAlgs/desContext.cpp @@ -151,7 +151,7 @@ void DES3Context::init( { StLock _(desInitMutex()); for(i=0; i<3; i++) { - if(irtn = desinit(&DesInst[i], DES_MODE_STD)) { + if((irtn = desinit(&DesInst[i], DES_MODE_STD))) { DESDebug("desinit returned %d\n", irtn); CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR); } diff --git a/AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp b/AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp index 2e7e848b..a02d49b8 100644 --- a/AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp +++ b/AppleCSP/MiscCSPAlgs/miscAlgFactory.cpp @@ -23,6 +23,7 @@ #include "miscAlgFactory.h" #include +#include #include "desContext.h" #include "rc2Context.h" #include "rc4Context.h" @@ -31,15 +32,9 @@ #include "DigestContext.h" #include "SHA1_MD5_Object.h" /* raw digest */ #include "MD2Object.h" +#include "NullCryptor.h" #include -/* - * normally CSSM_ALGID_SHA1HMAC_LEGACY maps to a MacLegacyContext if - * CRYPTKIT_CSP_ENABLE is true. For quick testing, we also map - * CSSM_ALGID_SHA1HMAC to MacLegacyContext. - */ -#define HMAC_BOGUS_ENABLE 0 - /* * These #defines are mainly to facilitate measuring the performance of our own * implementation vs. the ones in BSafe. This factory gets called first; if @@ -83,7 +78,20 @@ bool MiscAlgFactory::setup( switch(alg) { case CSSM_ALGID_AES: if(cspCtx == NULL) { - cspCtx = new AESContext(session); + /* + * Get optional block size to determine correct implementation + */ + uint32 blockSize = context.getInt(CSSM_ATTRIBUTE_BLOCK_SIZE); + if(blockSize == 0) { + blockSize = GLADMAN_BLOCK_SIZE_BYTES; + } + if(GLADMAN_AES_128_ENABLE && + (blockSize == GLADMAN_BLOCK_SIZE_BYTES)) { + cspCtx = new GAESContext(session); + } + else { + cspCtx = new AESContext(session); + } } return true; @@ -132,6 +140,14 @@ bool MiscAlgFactory::setup( return true; #endif + #if NULL_CRYPT_ENABLE + case CSSM_ALGID_NONE: + if(cspCtx == NULL) { + cspCtx = new NullCryptor(session); + } + return true; + #endif /* NULL_CRYPT_ENABLE */ + default: break; // not our symmetric alg } // switch alg for symmetric @@ -233,13 +249,32 @@ bool MiscAlgFactory::setup( case CSSM_ALGID_SHA1HMAC: if(cspCtx == NULL) { cspCtx = new AppleSymmKeyGenerator(session, - HMAC_MIN_KEY_SIZE * 8, + HMAC_SHA_MIN_KEY_SIZE * 8, + HMAC_MAX_KEY_SIZE * 8, + true); // must be byte size + } + return true; + case CSSM_ALGID_MD5HMAC: + if(cspCtx == NULL) { + cspCtx = new AppleSymmKeyGenerator(session, + HMAC_MD5_MIN_KEY_SIZE * 8, HMAC_MAX_KEY_SIZE * 8, true); // must be byte size } return true; #endif + #if NULL_CRYPT_ENABLE + case CSSM_ALGID_NONE: + if(cspCtx == NULL) { + cspCtx = new AppleSymmKeyGenerator(session, + NULL_CRYPT_BLOCK_SIZE * 8, + NULL_CRYPT_BLOCK_SIZE * 8, + true); // must be byte size + } + return true; + #endif /* NULL_CRYPT_ENABLE */ + default: break; // not our keygen alg } // switch alg for keygen @@ -249,20 +284,16 @@ bool MiscAlgFactory::setup( switch(alg) { #if MAF_MAC_ENABLE case CSSM_ALGID_SHA1HMAC: + case CSSM_ALGID_MD5HMAC: if(cspCtx == NULL) { - #if HMAC_BOGUS_ENABLE - /* quick hack for Keychain Access testing */ - cspCtx = new MacLegacyContext(session); - #else - cspCtx = new MacContext(session); - #endif + cspCtx = new MacContext(session, alg); } return true; #endif #if CRYPTKIT_CSP_ENABLE case CSSM_ALGID_SHA1HMAC_LEGACY: if(cspCtx == NULL) { - cspCtx = new MacLegacyContext(session); + cspCtx = new MacLegacyContext(session, alg); } return true; #endif diff --git a/AppleCSP/PBKDF2/HMACSHA1.c b/AppleCSP/PBKDF2/HMACSHA1.c index 45a6a136..4a2fbbe9 100644 --- a/AppleCSP/PBKDF2/HMACSHA1.c +++ b/AppleCSP/PBKDF2/HMACSHA1.c @@ -23,14 +23,84 @@ Written by: Michael Brouwer */ #include "HMACSHA1.h" -#include +#include +#include #include #include // for malloc - maybe we should use CssmAllocator? #include +#pragma mark --- Common digest class --- + +typedef struct { + union { + sha1Obj sha1Context; // must be allocd via sha1Alloc + struct MD5Context md5Context; + } dig; + CSSM_BOOL isSha1; +} DigestCtx; + +/* Ops on a DigestCtx */ +static CSSM_RETURN DigestCtxInit( + DigestCtx *ctx, + CSSM_BOOL isSha1) +{ + if(isSha1) { + if(ctx->dig.sha1Context == NULL) { + ctx->dig.sha1Context = sha1Alloc(); + if(ctx->dig.sha1Context == NULL) { + return CSSMERR_CSP_MEMORY_ERROR; + } + } + else { + sha1Reinit(ctx->dig.sha1Context); + } + } + else { + MD5Init(&ctx->dig.md5Context); + } + ctx->isSha1 = isSha1; + return CSSM_OK; +} + +static void DigestCtxFree( + DigestCtx *ctx) +{ + if(ctx->isSha1) { + sha1Free(ctx->dig.sha1Context); + } + memset(ctx, 0, sizeof(DigestCtx)); +} + +static void DigestCtxUpdate( + DigestCtx *ctx, + const void *textPtr, + UInt32 textLen) +{ + if(ctx->isSha1) { + sha1AddData(ctx->dig.sha1Context, (unsigned char *)textPtr, textLen); + } + else { + MD5Update(&ctx->dig.md5Context, (unsigned char *)textPtr, textLen); + } +} + +static void DigestCtxFinal( + DigestCtx *ctx, + void *digest) +{ + if(ctx->isSha1) { + sha1GetDigest(ctx->dig.sha1Context, (unsigned char *)digest); + } + else { + MD5Final(&ctx->dig.md5Context, (unsigned char *)digest); + } +} + +#pragma mark --- HMAC class --- + struct hmacContext { - sha1Obj sha1Context; - UInt8 k_opad[kSHA1BlockSize]; + DigestCtx digest; + UInt8 k_opad[kSHA1BlockSize]; }; hmacContextRef hmacAlloc() @@ -44,9 +114,7 @@ void hmacFree( hmacContextRef hmac) { if(hmac != NULL) { - if(hmac->sha1Context != NULL) { - sha1Free (hmac->sha1Context); - } + DigestCtxFree(&hmac->digest); memset(hmac, 0, sizeof(struct hmacContext)); free(hmac); } @@ -56,36 +124,30 @@ void hmacFree( CSSM_RETURN hmacInit( hmacContextRef hmac, const void *keyPtr, - UInt32 keyLen) + UInt32 keyLen, + CSSM_BOOL isSha1) // true -> SHA1; false -> MD5 { UInt8 tk[kSHA1DigestSize]; UInt8 *key; UInt32 byte; UInt8 k_ipad[kSHA1BlockSize]; - - if(hmac->sha1Context == NULL) { - hmac->sha1Context = sha1Alloc(); - if(hmac->sha1Context == NULL) { - return CSSMERR_CSP_MEMORY_ERROR; - } - } - else { - sha1Reinit(hmac->sha1Context); - } + UInt32 digestSize = sha1Digest ? kSHA1DigestSize : MD5_DIGEST_SIZE; - /* If the key is longer than kSHA1BlockSize reset it to key=SHA1(key) */ + DigestCtxInit(&hmac->digest, isSha1); + + /* If the key is longer than kSHA1BlockSize reset it to key=digest(key) */ if (keyLen <= kSHA1BlockSize) key = (UInt8*)keyPtr; else { - sha1AddData(hmac->sha1Context, (UInt8*)keyPtr, keyLen); - memcpy (tk, sha1Digest(hmac->sha1Context), kSHA1DigestSize); + DigestCtxUpdate(&hmac->digest, (UInt8*)keyPtr, keyLen); + DigestCtxFinal(&hmac->digest, tk); key = tk; - keyLen = kSHA1DigestSize; - sha1Reinit (hmac->sha1Context); + keyLen = digestSize; + DigestCtxInit(&hmac->digest, isSha1); } - /* The HMAC_SHA_1 transform looks like: - SHA1 (K XOR opad || SHA1 (K XOR ipad || text)) + /* The HMAC_ transform looks like: + (K XOR opad || (K XOR ipad || text)) Where K is a n byte key ipad is the byte 0x36 repeated 64 times. opad is the byte 0x5c repeated 64 times. @@ -103,7 +165,7 @@ CSSM_RETURN hmacInit( memset (k_ipad + keyLen, 0x36, kSHA1BlockSize - keyLen); memset (hmac->k_opad + keyLen, 0x5c, kSHA1BlockSize - keyLen); } - sha1AddData (hmac->sha1Context, k_ipad, kSHA1BlockSize); + DigestCtxUpdate(&hmac->digest, k_ipad, kSHA1BlockSize); return CSSM_OK; } @@ -112,20 +174,23 @@ CSSM_RETURN hmacUpdate( const void *textPtr, UInt32 textLen) { - sha1AddData (hmac->sha1Context, (UInt8*)textPtr, textLen); + DigestCtxUpdate(&hmac->digest, textPtr, textLen); return CSSM_OK; } CSSM_RETURN hmacFinal( hmacContextRef hmac, - void *resultPtr) // caller mallocs, must be HMACSHA1_OUT_SIZE bytes + void *resultPtr) // caller mallocs, must be appropriate output size for + // current digest algorithm { - memcpy (resultPtr, sha1Digest (hmac->sha1Context), kSHA1DigestSize); - sha1Reinit (hmac->sha1Context); - /* Perform outer SHA1 */ - sha1AddData (hmac->sha1Context, hmac->k_opad, kSHA1BlockSize); - sha1AddData (hmac->sha1Context, (UInt8*)resultPtr, kSHA1DigestSize); - memcpy (resultPtr, sha1Digest (hmac->sha1Context), kSHA1DigestSize); + UInt32 digestSize = hmac->digest.isSha1 ? kSHA1DigestSize : kHMACMD5DigestSize; + + DigestCtxFinal(&hmac->digest, resultPtr); + DigestCtxInit(&hmac->digest, hmac->digest.isSha1); + /* Perform outer digest */ + DigestCtxUpdate(&hmac->digest, hmac->k_opad, kSHA1BlockSize); + DigestCtxUpdate(&hmac->digest, resultPtr, digestSize); + DigestCtxFinal(&hmac->digest, resultPtr); return CSSM_OK; } @@ -136,7 +201,7 @@ hmacsha1 (const void *keyPtr, UInt32 keyLen, void *resultPtr) { hmacContextRef hmac = hmacAlloc(); - hmacInit(hmac, keyPtr, keyLen); + hmacInit(hmac, keyPtr, keyLen, CSSM_TRUE); hmacUpdate(hmac, textPtr, textLen); hmacFinal(hmac, resultPtr); hmacFree(hmac); diff --git a/AppleCSP/PBKDF2/HMACSHA1.h b/AppleCSP/PBKDF2/HMACSHA1.h index bf3e15b7..af143b92 100644 --- a/AppleCSP/PBKDF2/HMACSHA1.h +++ b/AppleCSP/PBKDF2/HMACSHA1.h @@ -18,7 +18,7 @@ /* File: HMACSHA1.h - Contains: Apple Data Security Services HMACSHA1 function declaration. + Contains: Apple Data Security Services HMAC{SHA1,MD5} function declaration. Copyright: (C) 1999 by Apple Computer, Inc., all rights reserved Written by: Michael Brouwer */ @@ -33,13 +33,14 @@ extern "C" { #endif #define kHMACSHA1DigestSize 20 +#define kHMACMD5DigestSize 16 /* XXX These should really be in SHA1.h */ #define kSHA1DigestSize 20 #define kSHA1BlockSize 64 -/* This function create an HMACSHA1 digest of kHMACSHA1DigestSize and outputs - it to resultPtr. See RFC 2104 for details. */ +/* This function create an HMACSHA1 digest of kHMACSHA1DigestSizestSize bytes + * and outputs it to resultPtr. See RFC 2104 for details. */ void hmacsha1 (const void *keyPtr, UInt32 keyLen, const void *textPtr, UInt32 textLen, @@ -48,7 +49,7 @@ hmacsha1 (const void *keyPtr, UInt32 keyLen, /* * Staged version. * - * Opaque reference to an hmacsha1 session + * Opaque reference to an hmac session */ struct hmacContext; typedef struct hmacContext *hmacContextRef; @@ -59,7 +60,8 @@ void hmacFree( CSSM_RETURN hmacInit( hmacContextRef hmac, const void *keyPtr, - UInt32 keyLen); + UInt32 keyLen, + CSSM_BOOL sha1Digest); // true -> SHA1; false -> MD5 CSSM_RETURN hmacUpdate( hmacContextRef hmac, const void *textPtr, diff --git a/AppleCSP/RSA_DSA/RSA_DSA_csp.cpp b/AppleCSP/RSA_DSA/RSA_DSA_csp.cpp index ba979894..3cc7dee7 100644 --- a/AppleCSP/RSA_DSA/RSA_DSA_csp.cpp +++ b/AppleCSP/RSA_DSA/RSA_DSA_csp.cpp @@ -24,8 +24,8 @@ #include "RSA_DSA_signature.h" /* raw signer */ #include /* raw digest */ #include -#include -#include "RSA_DSA_Keys.h" +#include +#include "RSA_DSA_keys.h" #include "RSA_asymmetric.h" #include #include diff --git a/AppleCSP/RSA_DSA/RSA_DSA_keys.cpp b/AppleCSP/RSA_DSA/RSA_DSA_keys.cpp index 49e985a4..87428ce0 100644 --- a/AppleCSP/RSA_DSA/RSA_DSA_keys.cpp +++ b/AppleCSP/RSA_DSA/RSA_DSA_keys.cpp @@ -20,7 +20,7 @@ * RSA_DSA_Keys.cpp - RSA, DSA related asymmetric key pair classes. */ -#include "RSA_DSA_Keys.h" +#include "RSA_DSA_keys.h" #include #include #include @@ -177,22 +177,27 @@ void RSAKeyPairGenContext::generate( RSAKeyInfoProvider::RSAKeyInfoProvider( const CssmKey &cssmKey) : CSPKeyInfoProvider(cssmKey) +{ +} + +CSPKeyInfoProvider *RSAKeyInfoProvider::provider( + const CssmKey &cssmKey) { switch(cssmKey.algorithm()) { case CSSM_ALGID_RSA: break; default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); + return NULL; } switch(cssmKey.keyClass()) { case CSSM_KEYCLASS_PUBLIC_KEY: case CSSM_KEYCLASS_PRIVATE_KEY: break; default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + return NULL; } /* OK, we'll handle this one */ - return; + return new RSAKeyInfoProvider(cssmKey); } /* Given a raw key, cook up a Binary key */ @@ -530,21 +535,26 @@ DSAKeyInfoProvider::DSAKeyInfoProvider( const CssmKey &cssmKey) : CSPKeyInfoProvider(cssmKey) { + +} +CSPKeyInfoProvider *DSAKeyInfoProvider::provider( + const CssmKey &cssmKey) +{ switch(cssmKey.algorithm()) { case CSSM_ALGID_DSA: break; default: - CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); + return NULL; } switch(cssmKey.keyClass()) { case CSSM_KEYCLASS_PUBLIC_KEY: case CSSM_KEYCLASS_PRIVATE_KEY: break; default: - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); + return NULL; } /* OK, we'll handle this one */ - return; + return new DSAKeyInfoProvider(cssmKey); } /* Given a raw key, cook up a Binary key */ diff --git a/AppleCSP/RSA_DSA/RSA_DSA_keys.h b/AppleCSP/RSA_DSA/RSA_DSA_keys.h index 8aff2600..337dc2a3 100644 --- a/AppleCSP/RSA_DSA/RSA_DSA_keys.h +++ b/AppleCSP/RSA_DSA/RSA_DSA_keys.h @@ -92,9 +92,12 @@ public: */ class RSAKeyInfoProvider : public CSPKeyInfoProvider { -public: +private: RSAKeyInfoProvider( const CssmKey &cssmKey); +public: + static CSPKeyInfoProvider *provider( + const CssmKey &cssmKey); ~RSAKeyInfoProvider() { } void CssmKeyToBinary( BinaryKey **binKey); // RETURNED @@ -177,9 +180,12 @@ private: */ class DSAKeyInfoProvider : public CSPKeyInfoProvider { -public: +private: DSAKeyInfoProvider( const CssmKey &cssmKey); +public: + static CSPKeyInfoProvider *provider( + const CssmKey &cssmKey); ~DSAKeyInfoProvider() { } void CssmKeyToBinary( BinaryKey **binKey); // RETURNED diff --git a/AppleCSP/RSA_DSA/RSA_DSA_signature.cpp b/AppleCSP/RSA_DSA/RSA_DSA_signature.cpp index f163fdfc..31976016 100644 --- a/AppleCSP/RSA_DSA/RSA_DSA_signature.cpp +++ b/AppleCSP/RSA_DSA/RSA_DSA_signature.cpp @@ -48,6 +48,23 @@ void RSASigner::signerInit( { setIsSigning(isSigning); keyFromContext(context); + + /* optional padding attribute */ + uint32 padding; + bool padPresent = context.getInt(CSSM_ATTRIBUTE_PADDING, padding); + if(padPresent) { + /* padding specified in context, convert to openssl style */ + switch(padding) { + case CSSM_PADDING_NONE: + mPadding = RSA_NO_PADDING; + break; + case CSSM_PADDING_PKCS1: + mPadding = RSA_PKCS1_PADDING; + break; + default: + CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING); + } + } setInitFlag(true); } @@ -79,7 +96,7 @@ void RSASigner::sign( (unsigned char *)encodedInfo.data(), (unsigned char *)sig, mRsaKey, - RSA_PKCS1_PADDING); + mPadding); if(irtn < 0) { throwRsaDsa("RSA_private_encrypt"); } @@ -126,7 +143,7 @@ void RSASigner::verify( (unsigned char *)sig, decryptSig, mRsaKey, - RSA_PKCS1_PADDING); + mPadding); if(irtn < 0) { op = "RSA_public_decrypt"; throwSigVerify = true; diff --git a/AppleCSP/RSA_DSA/RSA_DSA_signature.h b/AppleCSP/RSA_DSA/RSA_DSA_signature.h index 62ac9c74..ac1b610f 100644 --- a/AppleCSP/RSA_DSA/RSA_DSA_signature.h +++ b/AppleCSP/RSA_DSA/RSA_DSA_signature.h @@ -29,6 +29,8 @@ #include #include +#define RSA_SIG_PADDING_DEFAULT RSA_PKCS1_PADDING + class RSASigner : public RawSigner { public: RSASigner( @@ -38,7 +40,8 @@ public: RawSigner(alloc, digestAlg), mRsaKey(NULL), mWeMallocdRsaKey(false), - mSession(session) { } + mSession(session), + mPadding(RSA_SIG_PADDING_DEFAULT) { } ~RSASigner(); @@ -76,6 +79,7 @@ private: RSA *mRsaKey; bool mWeMallocdRsaKey; AppleCSPSession &mSession; + int mPadding; // RSA_NO_PADDING, RSA_PKCS1_PADDING }; class DSASigner : public RawSigner { diff --git a/AppleCSP/RSA_DSA/RSA_DSA_utils.cpp b/AppleCSP/RSA_DSA/RSA_DSA_utils.cpp index 30d723ee..da4510ea 100644 --- a/AppleCSP/RSA_DSA/RSA_DSA_utils.cpp +++ b/AppleCSP/RSA_DSA/RSA_DSA_utils.cpp @@ -33,93 +33,6 @@ #define rsaMiscDebug(args...) debug("rsaMisc", ## args) -void throwRsaDsa( - const char *op) -{ - unsigned long e = logSslErrInfo(op); - CSSM_RETURN cerr = CSSM_OK; - - /* try to parse into something meaningful */ - int reason = ERR_GET_REASON(e); - int lib = ERR_GET_LIB(e); - - /* first try the global ones */ - switch(reason) { - case ERR_R_MALLOC_FAILURE: - cerr = CSSMERR_CSP_MEMORY_ERROR; break; - case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED: - /* internal */ break; - case ERR_R_PASSED_NULL_PARAMETER: - cerr = CSSMERR_CSP_INVALID_POINTER; break; - case ERR_R_NESTED_ASN1_ERROR: - case ERR_R_BAD_ASN1_OBJECT_HEADER: - case ERR_R_BAD_GET_ASN1_OBJECT_CALL: - case ERR_R_EXPECTING_AN_ASN1_SEQUENCE: - case ERR_R_ASN1_LENGTH_MISMATCH: - case ERR_R_MISSING_ASN1_EOS: - /* ASN - shouldn't happen, right? */ - cerr = CSSMERR_CSP_INTERNAL_ERROR; break; - default: - break; - } - if(cerr != CSSM_OK) { - CssmError::throwMe(cerr); - } - - /* now the lib-specific ones */ - switch(lib) { - case ERR_R_BN_LIB: - /* all indicate serious internal error...right? */ - cerr = CSSMERR_CSP_INTERNAL_ERROR; break; - case ERR_R_RSA_LIB: - switch(reason) { - case RSA_R_ALGORITHM_MISMATCH: - cerr = CSSMERR_CSP_ALGID_MISMATCH; break; - case RSA_R_BAD_SIGNATURE: - cerr = CSSMERR_CSP_VERIFY_FAILED; break; - case RSA_R_DATA_TOO_LARGE: - case RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE: - case RSA_R_DATA_TOO_SMALL: - case RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE: - case RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY: - cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break; - case RSA_R_KEY_SIZE_TOO_SMALL: - cerr = CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH; break; - case RSA_R_PADDING_CHECK_FAILED: - cerr = CSSMERR_CSP_INVALID_DATA; break; - case RSA_R_RSA_OPERATIONS_NOT_SUPPORTED: - cerr = CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED; break; - case RSA_R_UNKNOWN_ALGORITHM_TYPE: - cerr = CSSMERR_CSP_INVALID_ALGORITHM; break; - case RSA_R_WRONG_SIGNATURE_LENGTH: - cerr = CSSMERR_CSP_VERIFY_FAILED; break; - default: - cerr = CSSMERR_CSP_INTERNAL_ERROR; break; - } - break; - case ERR_R_DSA_LIB: - switch(reason) { - case DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE: - cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break; - default: - cerr = CSSMERR_CSP_INTERNAL_ERROR; break; - } - break; - default: - cerr = CSSMERR_CSP_INTERNAL_ERROR; break; - } - CssmError::throwMe(cerr); -} - -/* - * given an openssl-style error, throw appropriate CssmError. - */ -void throwOpensslErr(int irtn) -{ - /* FIXME */ - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); -} - /* * Given a Context: * -- obtain CSSM key (there must only be one) diff --git a/AppleCSP/RSA_DSA/RSA_DSA_utils.h b/AppleCSP/RSA_DSA/RSA_DSA_utils.h index ec5a7193..e3acd649 100644 --- a/AppleCSP/RSA_DSA/RSA_DSA_utils.h +++ b/AppleCSP/RSA_DSA/RSA_DSA_utils.h @@ -31,15 +31,6 @@ extern "C" { #endif -void throwRsaDsa( - const char *op); - -/* - * given an openssl-style error, throw appropriate CssmError. - */ -void throwOpensslErr( - int irtn); - /* * Given a Context: * -- obtain CSSM key (there must only be one) diff --git a/AppleCSP/RSA_DSA/RSA_asymmetric.cpp b/AppleCSP/RSA_DSA/RSA_asymmetric.cpp index 81012ffc..33fa9f0e 100644 --- a/AppleCSP/RSA_DSA/RSA_asymmetric.cpp +++ b/AppleCSP/RSA_DSA/RSA_asymmetric.cpp @@ -23,6 +23,7 @@ #include "RSA_asymmetric.h" #include "RSA_DSA_utils.h" #include +#include #define rsaCryptDebug(args...) debug("rsaCrypt", ## args) #define rbprintf(args...) debug("rsaBuf", ## args) @@ -75,11 +76,25 @@ void RSA_CryptContext::init(const Context &context, bool encoding = true) assert(opStarted()); } - /* validate context - TBD */ + unsigned cipherBlockSize = RSA_size(mRsaKey); + unsigned plainBlockSize; + + /* padding - not present means value zero, CSSM_PADDING_NONE */ + uint32 padding = context.getInt(CSSM_ATTRIBUTE_PADDING); + switch(padding) { + case CSSM_PADDING_NONE: + mPadding = RSA_NO_PADDING; + plainBlockSize = cipherBlockSize; + break; + case CSSM_PADDING_PKCS1: + mPadding = RSA_PKCS1_PADDING; + plainBlockSize = cipherBlockSize - 11; + break; + default: + CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING); + } /* finally, have BlockCryptor set up its stuff. */ - unsigned cipherBlockSize = RSA_size(mRsaKey); - unsigned plainBlockSize = cipherBlockSize - 11; setup(encoding ? plainBlockSize : cipherBlockSize, // blockSizeIn encoding ? cipherBlockSize : plainBlockSize, // blockSizeOut false, // pkcs5Pad @@ -104,14 +119,14 @@ void RSA_CryptContext::encryptBlock( (unsigned char *)plainText, (unsigned char *)cipherText, mRsaKey, - RSA_PKCS1_PADDING); + mPadding); } else { irtn = RSA_private_encrypt(plainTextLen, (unsigned char *)plainText, (unsigned char *)cipherText, mRsaKey, - RSA_PKCS1_PADDING); + mPadding); } if(irtn < 0) { throwRsaDsa("RSA_public_encrypt"); @@ -136,14 +151,14 @@ void RSA_CryptContext::decryptBlock( (unsigned char *)cipherText, (unsigned char *)plainText, mRsaKey, - RSA_PKCS1_PADDING); + mPadding); } else { irtn = RSA_private_decrypt(inBlockSize(), (unsigned char *)cipherText, (unsigned char *)plainText, mRsaKey, - RSA_PKCS1_PADDING); + mPadding); } if(irtn < 0) { throwRsaDsa("RSA_private_decrypt"); diff --git a/AppleCSP/RSA_DSA/RSA_asymmetric.h b/AppleCSP/RSA_DSA/RSA_asymmetric.h index 3cbb4d75..a62e8095 100644 --- a/AppleCSP/RSA_DSA/RSA_asymmetric.h +++ b/AppleCSP/RSA_DSA/RSA_asymmetric.h @@ -30,13 +30,16 @@ #include #include +#define RSA_ASYM_PADDING_DEFAULT RSA_PKCS1_PADDING + class RSA_CryptContext : public BlockCryptor { public: RSA_CryptContext(AppleCSPSession &session) : BlockCryptor(session), mRsaKey(NULL), mAllocdRsaKey(false), - mInitFlag(false) { } + mInitFlag(false), + mPadding(RSA_ASYM_PADDING_DEFAULT) { } ~RSA_CryptContext(); @@ -64,6 +67,7 @@ private: RSA *mRsaKey; bool mAllocdRsaKey; bool mInitFlag; // allows easy reuse + int mPadding; // RSA_NO_PADDING, RSA_PKCS1_PADDING }; /* RSA_CryptContext */ diff --git a/AppleCSP/csp_capabilities.mdsinfo b/AppleCSP/csp_capabilities.mdsinfo new file mode 100644 index 00000000..57b19954 --- /dev/null +++ b/AppleCSP/csp_capabilities.mdsinfo @@ -0,0 +1,18 @@ + + + + + Capabilities + file:csp_capabilities_common.mds + MdsFileDescription + Built-in CSP Capabilities + MdsFileType + PluginSpecific + MdsRecordType + MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE + ModuleID + {87191ca2-0fc9-11d4-849a000502b52122} + SSID + 0 + + diff --git a/AppleCSP/csp_capabilities_common.mds b/AppleCSP/csp_capabilities_common.mds new file mode 100644 index 00000000..e5035a41 --- /dev/null +++ b/AppleCSP/csp_capabilities_common.mds @@ -0,0 +1,741 @@ + + + + + + AlgType + CSSM_ALGID_SHA1 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_OUTPUT_SIZE + AttributeValue + 20 + + + ContextType + CSSM_ALGCLASS_DIGEST + Description + SHA1 Digest + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_MD5 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_OUTPUT_SIZE + AttributeValue + 16 + + + ContextType + CSSM_ALGCLASS_DIGEST + Description + MD5 Digest + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_MD2 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_OUTPUT_SIZE + AttributeValue + 16 + + + ContextType + CSSM_ALGCLASS_DIGEST + Description + MD2 Digest + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_RSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + RSA Key Pair Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_DES + Attributes + + + AttributeType + CSSM_ATTRIBUTE_KEY_LENGTH + AttributeValue + 64 + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + DES Key Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_3DES_3KEY + Attributes + + + AttributeType + CSSM_ATTRIBUTE_KEY_LENGTH + AttributeValue + 192 + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + 3DES Key Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_RC2 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + RC2 Key Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_RC4 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + RC4 Key Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_RC5 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + RC5 Key Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_SHA1HMAC + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + SHA1HMAC Key Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_AES + Attributes + + + AttributeType + CSSM_ATTRIBUTE_KEY_LENGTH + AttributeValue + + 128 + 192 + 256 + + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + AES Key Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_ASC + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + ASC Key Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_FEE + Attributes + + + AttributeType + CSSM_ATTRIBUTE_KEY_LENGTH + AttributeValue + + 31 + 127 + 128 + 161 + 192 + + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + FEE Key Pair Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_DSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_KEYGEN + Description + DSA Key Pair Generation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_PKCS5_PBKDF2 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_DERIVEKEY + Description + PKCS5 Key Derivation + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_DES + Attributes + + + AttributeType + CSSM_ATTRIBUTE_MODE + AttributeValue + + 2 + 3 + 5 + 6 + + + + ContextType + CSSM_ALGCLASS_SYMMETRIC + Description + DES Encryption + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_3DES_3KEY_EDE + Attributes + + + AttributeType + CSSM_ATTRIBUTE_MODE + AttributeValue + + 2 + 3 + 5 + 6 + + + + ContextType + CSSM_ALGCLASS_SYMMETRIC + Description + 3DES EDE Encryption + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_AES + Attributes + + + AttributeType + CSSM_ATTRIBUTE_MODE + AttributeValue + + 2 + 3 + 5 + 6 + + + + ContextType + CSSM_ALGCLASS_SYMMETRIC + Description + AES Encryption + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_RC4 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_MODE + AttributeValue + + 0 + + + + ContextType + CSSM_ALGCLASS_SYMMETRIC + Description + RC4 Encryption + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_RC5 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_MODE + AttributeValue + + 2 + 3 + 5 + 6 + + + + ContextType + CSSM_ALGCLASS_SYMMETRIC + Description + RC5 Encryption + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_RSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_ASYMMETRIC + Description + RSA Encryption + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_FEEDEXP + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_ASYMMETRIC + Description + FEEDExp Encryption + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_FEED + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_ASYMMETRIC + Description + FEED Encryption + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_SHA1WithRSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + SHA1 With RSA Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_MD5WithRSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + MD5 With RSA Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_MD2WithRSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + MD2 With RSA Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_RSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + Raw RSA Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_SHA1WithDSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + SHA1 With DSA Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_DSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + Raw DSA Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_FEE_MD5 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + MD5 with FEE Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_FEE_SHA1 + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + SHA1 with FEE Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_FEE + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + Raw FEE Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_SHA1WithECDSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + SHA1 with ECDSA Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_ECDSA + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_SIGNATURE + Description + Raw ECDSA Signature + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_SHA1HMAC + Attributes + + + AttributeType + CSSM_ATTRIBUTE_OUTPUT_SIZE + AttributeValue + 20 + + + ContextType + CSSM_ALGCLASS_MAC + Description + SHA1HMAC MAC + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_SHA1HMAC_LEGACY + Attributes + + + AttributeType + CSSM_ATTRIBUTE_OUTPUT_SIZE + AttributeValue + 20 + + + ContextType + CSSM_ALGCLASS_MAC + Description + SHA1HMAC MAC Legacy + UseeTag + CSSM_USEE_NONE + + + AlgType + CSSM_ALGID_APPLE_YARROW + Attributes + + + AttributeType + CSSM_ATTRIBUTE_NONE + AttributeValue + + + + ContextType + CSSM_ALGCLASS_RANDOMGEN + Description + Yarrow PRNG + UseeTag + CSSM_USEE_NONE + + + diff --git a/AppleCSP/csp_common.mdsinfo b/AppleCSP/csp_common.mdsinfo new file mode 100644 index 00000000..80c759fd --- /dev/null +++ b/AppleCSP/csp_common.mdsinfo @@ -0,0 +1,28 @@ + + + + + BuiltIn + + CDSAVersion + 2.0 + Desc + Apple built-in CSP + DynamicFlag + + MdsFileDescription + Built-in CSP Common info + MdsFileType + PluginCommon + ModuleID + {87191ca2-0fc9-11d4-849a000502b52122} + ModuleName + AppleCSP + MultiThreadFlag + + ProductVersion + 1.0 + ServiceMask + CSSM_SERVICE_CSP + + diff --git a/AppleCSP/csp_primary.mdsinfo b/AppleCSP/csp_primary.mdsinfo new file mode 100644 index 00000000..e708c16e --- /dev/null +++ b/AppleCSP/csp_primary.mdsinfo @@ -0,0 +1,36 @@ + + + + + AclSubjectTypes + + AuthTags + + CspCustomFlags + 0 + CspFlags + + CspType + CSSM_CSP_SOFTWARE + MdsFileDescription + Built-in CSP Primary info + MdsFileType + PluginSpecific + MdsRecordType + MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE + ModuleID + {87191ca2-0fc9-11d4-849a000502b52122} + ModuleName + AppleCSP + ProductVersion + 1.0 + SSID + 0 + SampleTypes + + UseeTags + + Vendor + Apple Computer, Inc. + + diff --git a/AppleCSP/open_ssl/bn/bn_err.c b/AppleCSP/open_ssl/bn/bn_err.c index 012a5c0d..d706e586 100644 --- a/AppleCSP/open_ssl/bn/bn_err.c +++ b/AppleCSP/open_ssl/bn/bn_err.c @@ -95,11 +95,13 @@ static ERR_STRING_DATA BN_str_functs[]= {ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, {ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"}, +{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"}, {ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"}, {ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"}, {ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, {ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, {ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, +{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"}, {ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, {0,NULL} }; @@ -113,6 +115,7 @@ static ERR_STRING_DATA BN_str_reasons[]= {BN_R_ENCODING_ERROR ,"encoding error"}, {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, {BN_R_INVALID_LENGTH ,"invalid length"}, +{BN_R_INVALID_RANGE ,"invalid range"}, {BN_R_NOT_INITIALIZED ,"not initialized"}, {BN_R_NO_INVERSE ,"no inverse"}, {BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, diff --git a/AppleCSP/open_ssl/bn/bn_exp.c b/AppleCSP/open_ssl/bn/bn_exp.c index eb0de885..81173237 100644 --- a/AppleCSP/open_ssl/bn/bn_exp.c +++ b/AppleCSP/open_ssl/bn/bn_exp.c @@ -1,21 +1,3 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* crypto/bn/bn_exp.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. @@ -73,6 +55,60 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + #include #include "cryptlib.h" @@ -84,7 +120,8 @@ # include #endif -#define TABLE_SIZE 16 + +#define TABLE_SIZE 32 /* slow but works */ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) @@ -109,42 +146,6 @@ err: return(r); } -#if 0 -/* this one works - simple but works */ -int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_CTX *ctx) - { - int i,bits,ret=0; - BIGNUM *v,*tmp; - - BN_CTX_start(ctx); - v = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (v == NULL || tmp == NULL) goto err; - - if (BN_copy(v,a) == NULL) goto err; - bits=BN_num_bits(p); - - if (BN_is_odd(p)) - { if (BN_copy(r,a) == NULL) goto err; } - else { if (!BN_one(r)) goto err; } - - for (i=1; id[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ if (BN_is_odd(m)) - { ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); } + { + if (a->top == 1) + { + BN_ULONG A = a->d[0]; + ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); + } + else + ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); + } else #endif #ifdef RECP_MUL_MOD @@ -388,7 +399,7 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, return(ret); } -/* #ifdef RECP_MUL_MOD */ + int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { @@ -416,27 +427,22 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ts=1; if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */ - if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx)) - goto err; /* 2 */ - - if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */ - window=1; - else if (bits >= 256) - window=5; /* max size of window */ - else if (bits >= 128) - window=4; - else - window=3; - j=1<<(window-1); - for (i=1; i 1) { - BN_init(&val[i]); - if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx)) - goto err; + if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx)) + goto err; /* 2 */ + j=1<<(window-1); + for (i=1; i= 0) { - BN_mod(&(val[0]),a,m,ctx); + if (!BN_mod(&(val[0]),a,m,ctx)) + goto err; aa= &(val[0]); } else aa=a; if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */ - if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */ - - if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */ - window=1; - else if (bits >= 256) - window=5; /* max size of window */ - else if (bits >= 128) - window=4; - else - window=3; - j=1<<(window-1); - for (i=1; i 1) { - BN_init(&(val[i])); - if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx)) - goto err; + if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */ + j=1<<(window-1); + for (i=1; id[0] & 1)) + { + BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); + return(0); + } + bits = BN_num_bits(p); + if (bits == 0) + { + BN_one(rr); + return(1); + } + BN_CTX_start(ctx); + d = BN_CTX_get(ctx); + r = BN_CTX_get(ctx); + t = BN_CTX_get(ctx); + if (d == NULL || r == NULL || t == NULL) goto err; + +#ifdef ATALLA + if (!tried_atalla) + { + BN_set_word(t, a); + if (BN_mod_exp_atalla(rr, t, p, m)) + { + BN_CTX_end(ctx); + return 1; + } + } +/* If it fails, try the other methods */ +#endif + + if (in_mont != NULL) + mont=in_mont; + else + { + if ((mont = BN_MONT_CTX_new()) == NULL) goto err; + if (!BN_MONT_CTX_set(mont, m, ctx)) goto err; + } + + r_is_one = 1; /* except for Montgomery factor */ + + /* bits-1 >= 0 */ + + /* The result is accumulated in the product r*w. */ + w = a; /* bit 'bits-1' of 'p' is always set */ + for (b = bits-2; b >= 0; b--) + { + /* First, square r*w. */ + next_w = w*w; + if ((next_w/w) != w) /* overflow */ + { + if (r_is_one) + { + if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; + r_is_one = 0; + } + else + { + if (!BN_MOD_MUL_WORD(r, w, m)) goto err; + } + next_w = 1; + } + w = next_w; + if (!r_is_one) + { + if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err; + } + + /* Second, multiply r*w by 'a' if exponent bit is set. */ + if (BN_is_bit_set(p, b)) + { + next_w = w*a; + if ((next_w/a) != w) /* overflow */ + { + if (r_is_one) + { + if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; + r_is_one = 0; + } + else + { + if (!BN_MOD_MUL_WORD(r, w, m)) goto err; + } + next_w = a; + } + w = next_w; + } + } + + /* Finally, set r:=r*w. */ + if (w != 1) + { + if (r_is_one) + { + if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; + r_is_one = 0; + } + else + { + if (!BN_MOD_MUL_WORD(r, w, m)) goto err; + } + } + + if (r_is_one) /* can happen only if a == 1*/ + { + if (!BN_one(rr)) goto err; + } + else + { + if (!BN_from_montgomery(rr, r, mont, ctx)) goto err; + } + ret = 1; +err: + if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); + BN_CTX_end(ctx); + return(ret); + } + /* The old fallback, simple version :-) */ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, @@ -678,26 +817,21 @@ int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_init(&(val[0])); ts=1; if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */ - if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx)) - goto err; /* 2 */ - - if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */ - window=1; - else if (bits >= 256) - window=5; /* max size of window */ - else if (bits >= 128) - window=4; - else - window=3; - j=1<<(window-1); - for (i=1; i 1) { - BN_init(&(val[i])); - if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx)) - goto err; + if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx)) + goto err; /* 2 */ + j=1<<(window-1); + for (i=1; i= 2) and a random 'b' bits exponent, + * the number of multiplications is a constant plus on average + * + * 2^(w-1) + (b-w)/(w+1); + * + * here 2^(w-1) is for precomputing the table (we actually need + * entries only for windows that have the lowest bit set), and + * (b-w)/(w+1) is an approximation for the expected number of + * w-bit windows, not counting the first one. + * + * Thus we should use + * + * w >= 6 if b > 671 + * w = 5 if 671 > b > 239 + * w = 4 if 239 > b > 79 + * w = 3 if 79 > b > 23 + * w <= 2 if 23 > b + * + * (with draws in between). Very small exponents are often selected + * with low Hamming weight, so we use w = 1 for b <= 23. + */ +#if 1 +#define BN_window_bits_for_exponent_size(b) \ + ((b) > 671 ? 6 : \ + (b) > 239 ? 5 : \ + (b) > 79 ? 4 : \ + (b) > 23 ? 3 : 1) +#else +/* Old SSLeay/OpenSSL table. + * Maximum window size was 5, so this table differs for b==1024; + * but it coincides for other interesting values (b==160, b==512). + */ +#define BN_window_bits_for_exponent_size(b) \ + ((b) > 255 ? 5 : \ + (b) > 127 ? 4 : \ + (b) > 17 ? 3 : 1) +#endif + + + /* Pentium pro 16,16,16,32,64 */ /* Alpha 16,16,16,16.64 */ #define BN_MULL_SIZE_NORMAL (16) /* 32 */ @@ -148,7 +228,7 @@ extern "C" { /* This is used for internal error checking and is not normally used */ #ifdef BN_DEBUG # include -# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->max); +# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); #else # define bn_check_top(a) #endif diff --git a/AppleCSP/open_ssl/bn/bn_rand.c b/AppleCSP/open_ssl/bn/bn_rand.c index 8446be51..05eeff1f 100644 --- a/AppleCSP/open_ssl/bn/bn_rand.c +++ b/AppleCSP/open_ssl/bn/bn_rand.c @@ -1,21 +1,3 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* crypto/bn/bn_rand.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. @@ -84,13 +66,17 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) { unsigned char *buf=NULL; int ret=0,bit,bytes,mask; - #ifndef __APPLE__ time_t tim; - #endif - + + if (bits == 0) + { + BN_zero(rnd); + return 1; + } + bytes=(bits+7)/8; bit=(bits-1)%8; - mask=0xff<= 128 && i > 0) + buf[i] = buf[i-1]; + else if (c < 42) + buf[i] = 0; + else if (c < 84) + buf[i] = 255; + } + } +#endif + + if (top != -1) + { + if (top) + { + if (bit == 0) + { + buf[0]=1; + buf[1]|=0x80; + } + else + { + buf[0]|=(3<<(bit-1)); + } } else { - buf[0]|=(3<<(bit-1)); - buf[0]&= ~(mask<<1); + buf[0]|=(1<neg || BN_is_zero(range)) + { + BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); + return 0; + } + + n = BN_num_bits(range); /* n > 0 */ + + if (n == 1) + { + if (!BN_zero(r)) return 0; + } + else if (BN_is_bit_set(range, n - 2)) + { + do + { + /* range = 11..._2, so each iteration succeeds with probability >= .75 */ + if (!BN_rand(r, n, -1, 0)) return 0; + } + while (BN_cmp(r, range) >= 0); + } + else + { + /* range = 10..._2, + * so 3*range (= 11..._2) is exactly one bit longer than range */ + do + { + if (!BN_rand(r, n + 1, -1, 0)) return 0; + /* If r < 3*range, use r := r MOD range + * (which is either r, r - range, or r - 2*range). + * Otherwise, iterate once more. + * Since 3*range = 11..._2, each iteration succeeds with + * probability >= .75. */ + if (BN_cmp(r ,range) >= 0) + { + if (!BN_sub(r, r, range)) return 0; + if (BN_cmp(r, range) >= 0) + if (!BN_sub(r, r, range)) return 0; + } + } + while (BN_cmp(r, range) >= 0); + } + + return 1; + } diff --git a/AppleCSP/open_ssl/dh/dh_check.c b/AppleCSP/open_ssl/dh/dh_check.c new file mode 100644 index 00000000..3737f379 --- /dev/null +++ b/AppleCSP/open_ssl/dh/dh_check.c @@ -0,0 +1,137 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/* crypto/dh/dh_check.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include +#include + +/* Check that p is a safe prime and + * if g is 2, 3 or 5, check that is is a suitable generator + * where + * for 2, p mod 24 == 11 + * for 3, p mod 12 == 5 + * for 5, p mod 10 == 3 or 7 + * should hold. + */ + +int DH_check(DH *dh, int *ret) + { + int ok=0; + BN_CTX *ctx=NULL; + BN_ULONG l; + BIGNUM *q=NULL; + + *ret=0; + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + q=BN_new(); + if (q == NULL) goto err; + + if (BN_is_word(dh->g,DH_GENERATOR_2)) + { + l=BN_mod_word(dh->p,24); + if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; + } +#if 0 + else if (BN_is_word(dh->g,DH_GENERATOR_3)) + { + l=BN_mod_word(dh->p,12); + if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; + } +#endif + else if (BN_is_word(dh->g,DH_GENERATOR_5)) + { + l=BN_mod_word(dh->p,10); + if ((l != 3) && (l != 7)) + *ret|=DH_NOT_SUITABLE_GENERATOR; + } + else + *ret|=DH_UNABLE_TO_CHECK_GENERATOR; + + if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL)) + *ret|=DH_CHECK_P_NOT_PRIME; + else + { + if (!BN_rshift1(q,dh->p)) goto err; + if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) + *ret|=DH_CHECK_P_NOT_SAFE_PRIME; + } + ok=1; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (q != NULL) BN_free(q); + return(ok); + } diff --git a/AppleCSP/open_ssl/dh/dh_err.c b/AppleCSP/open_ssl/dh/dh_err.c new file mode 100644 index 00000000..edf04592 --- /dev/null +++ b/AppleCSP/open_ssl/dh/dh_err.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/* crypto/dh/dh_err.c */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef NO_ERR +static ERR_STRING_DATA DH_str_functs[]= + { +{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"}, +{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"}, +{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"}, +{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"}, +{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"}, +{ERR_PACK(0,DH_F_DH_NEW,0), "DH_new"}, +{0,NULL} + }; + +static ERR_STRING_DATA DH_str_reasons[]= + { +{DH_R_NO_PRIVATE_VALUE ,"no private value"}, +{0,NULL} + }; + +#endif + +void ERR_load_DH_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef NO_ERR + ERR_load_strings(ERR_LIB_DH,DH_str_functs); + ERR_load_strings(ERR_LIB_DH,DH_str_reasons); +#endif + + } + } diff --git a/AppleCSP/open_ssl/dh/dh_gen.c b/AppleCSP/open_ssl/dh/dh_gen.c new file mode 100644 index 00000000..e0d7ffba --- /dev/null +++ b/AppleCSP/open_ssl/dh/dh_gen.c @@ -0,0 +1,170 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/* crypto/dh/dh_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include +#include + +/* We generate DH parameters as follows + * find a prime q which is prime_len/2 bits long. + * p=(2*q)+1 or (p-1)/2 = q + * For this case, g is a generator if + * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1. + * Since the factors of p-1 are q and 2, we just need to check + * g^2 mod p != 1 and g^q mod p != 1. + * + * Having said all that, + * there is another special case method for the generators 2, 3 and 5. + * for 2, p mod 24 == 11 + * for 3, p mod 12 == 5 <<<<< does not work for safe primes. + * for 5, p mod 10 == 3 or 7 + * + * Thanks to Phil Karn for the pointers about the + * special generators and for answering some of my questions. + * + * I've implemented the second simple method :-). + * Since DH should be using a safe prime (both p and q are prime), + * this generator function can take a very very long time to run. + */ + +DH *DH_generate_parameters(int prime_len, int generator, + void (*callback)(int,int,void *), void *cb_arg) + { + BIGNUM *p=NULL,*t1,*t2; + DH *ret=NULL; + int g,ok= -1; + BN_CTX *ctx=NULL; + + ret=DH_new(); + if (ret == NULL) goto err; + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t1 == NULL || t2 == NULL) goto err; + + if (generator == DH_GENERATOR_2) + { + BN_set_word(t1,24); + BN_set_word(t2,11); + g=2; + } +#ifdef undef /* does not work for safe primes */ + else if (generator == DH_GENERATOR_3) + { + BN_set_word(t1,12); + BN_set_word(t2,5); + g=3; + } +#endif + else if (generator == DH_GENERATOR_5) + { + BN_set_word(t1,10); + BN_set_word(t2,3); + /* BN_set_word(t3,7); just have to miss + * out on these ones :-( */ + g=5; + } + else + g=generator; + + p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); + if (p == NULL) goto err; + if (callback != NULL) callback(3,0,cb_arg); + ret->p=p; + ret->g=BN_new(); + if (!BN_set_word(ret->g,g)) goto err; + ok=1; +err: + if (ok == -1) + { + DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB); + ok=0; + } + + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if (!ok && (ret != NULL)) + { + DH_free(ret); + ret=NULL; + } + return(ret); + } diff --git a/AppleCSP/open_ssl/dh/dh_key.c b/AppleCSP/open_ssl/dh/dh_key.c new file mode 100644 index 00000000..d1af8573 --- /dev/null +++ b/AppleCSP/open_ssl/dh/dh_key.c @@ -0,0 +1,230 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/* crypto/dh/dh_key.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include +#include +#include + +static int generate_key(DH *dh); +static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); +static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); +static int dh_init(DH *dh); +static int dh_finish(DH *dh); + +int DH_generate_key(DH *dh) + { + return dh->meth->generate_key(dh); + } + +int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) + { + return dh->meth->compute_key(key, pub_key, dh); + } + +static DH_METHOD dh_ossl = { +"OpenSSL DH Method", +generate_key, +compute_key, +dh_bn_mod_exp, +dh_init, +dh_finish, +0, +NULL +}; + +DH_METHOD *DH_OpenSSL(void) +{ + return &dh_ossl; +} + +static int generate_key(DH *dh) + { + int ok=0; + BN_CTX ctx; + BN_MONT_CTX *mont; + BIGNUM *pub_key=NULL,*priv_key=NULL; + + BN_CTX_init(&ctx); + + if (dh->priv_key == NULL) + { + priv_key=BN_new(); + if (priv_key == NULL) goto err; + do + if (!BN_rand_range(priv_key, dh->p)) goto err; + while (BN_is_zero(priv_key)); + } + else + priv_key=dh->priv_key; + + if (dh->pub_key == NULL) + { + pub_key=BN_new(); + if (pub_key == NULL) goto err; + } + else + pub_key=dh->pub_key; + + if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) + { + if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, + dh->p,&ctx)) goto err; + } + mont=(BN_MONT_CTX *)dh->method_mont_p; + + if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) + goto err; + + dh->pub_key=pub_key; + dh->priv_key=priv_key; + ok=1; +err: + if (ok != 1) + DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB); + + if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); + if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); + BN_CTX_free(&ctx); + return(ok); + } + +static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) + { + BN_CTX ctx; + BN_MONT_CTX *mont; + BIGNUM *tmp; + int ret= -1; + + BN_CTX_init(&ctx); + BN_CTX_start(&ctx); + tmp = BN_CTX_get(&ctx); + + if (dh->priv_key == NULL) + { + DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); + goto err; + } + if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) + { + if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, + dh->p,&ctx)) goto err; + } + + mont=(BN_MONT_CTX *)dh->method_mont_p; + if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont)) + { + DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); + goto err; + } + + ret=BN_bn2bin(tmp,key); +err: + BN_CTX_end(&ctx); + BN_CTX_free(&ctx); + return(ret); + } + +static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx) + { + if (a->top == 1) + { + BN_ULONG A = a->d[0]; + return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); + } + else + return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); + } + + +static int dh_init(DH *dh) + { + dh->flags |= DH_FLAG_CACHE_MONT_P; + return(1); + } + +static int dh_finish(DH *dh) + { + if(dh->method_mont_p) + BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); + return(1); + } diff --git a/AppleCSP/open_ssl/dh/dh_lib.c b/AppleCSP/open_ssl/dh/dh_lib.c new file mode 100644 index 00000000..ff639b2a --- /dev/null +++ b/AppleCSP/open_ssl/dh/dh_lib.c @@ -0,0 +1,203 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/* crypto/dh/dh_lib.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include +#include + +const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; + +static DH_METHOD *default_DH_method; +static int dh_meth_num = 0; +static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL; + +void DH_set_default_method(DH_METHOD *meth) +{ + default_DH_method = meth; +} + +DH_METHOD *DH_get_default_method(void) +{ + if(!default_DH_method) default_DH_method = DH_OpenSSL(); + return default_DH_method; +} + +DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth) +{ + DH_METHOD *mtmp; + mtmp = dh->meth; + if (mtmp->finish) mtmp->finish(dh); + dh->meth = meth; + if (meth->init) meth->init(dh); + return mtmp; +} + +DH *DH_new(void) +{ + return DH_new_method(NULL); +} + +DH *DH_new_method(DH_METHOD *meth) + { + DH *ret; + ret=(DH *)Malloc(sizeof(DH)); + + if (ret == NULL) + { + DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE); + return(NULL); + } + if(meth) ret->meth = meth; + else ret->meth = DH_get_default_method(); + ret->pad=0; + ret->version=0; + ret->p=NULL; + ret->g=NULL; + ret->length=0; + ret->pub_key=NULL; + ret->priv_key=NULL; + ret->q=NULL; + ret->j=NULL; + ret->seed = NULL; + ret->seedlen = 0; + ret->counter = NULL; + ret->method_mont_p=NULL; + ret->references = 1; + ret->flags=ret->meth->flags; + CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data); + Free(ret); + ret=NULL; + } + return(ret); + } + +void DH_free(DH *r) + { + int i; + if(r == NULL) return; + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); +#ifdef REF_PRINT + REF_PRINT("DH",r); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"DH_free, bad reference count\n"); + abort(); + } +#endif + + if(r->meth->finish) r->meth->finish(r); + + CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); + + if (r->p != NULL) BN_clear_free(r->p); + if (r->g != NULL) BN_clear_free(r->g); + if (r->q != NULL) BN_clear_free(r->q); + if (r->j != NULL) BN_clear_free(r->j); + if (r->seed) Free(r->seed); + if (r->counter != NULL) BN_clear_free(r->counter); + if (r->pub_key != NULL) BN_clear_free(r->pub_key); + if (r->priv_key != NULL) BN_clear_free(r->priv_key); + Free(r); + } + +int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + dh_meth_num++; + return(CRYPTO_get_ex_new_index(dh_meth_num-1, + &dh_meth,argl,argp,new_func,dup_func,free_func)); + } + +int DH_set_ex_data(DH *d, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); + } + +void *DH_get_ex_data(DH *d, int idx) + { + return(CRYPTO_get_ex_data(&d->ex_data,idx)); + } + +int DH_size(DH *dh) + { + return(BN_num_bytes(dh->p)); + } diff --git a/AppleCSP/open_ssl/openssl/bn.h b/AppleCSP/open_ssl/openssl/bn.h index faa5d072..76835f4c 100644 --- a/AppleCSP/open_ssl/openssl/bn.h +++ b/AppleCSP/open_ssl/openssl/bn.h @@ -346,6 +346,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); +int BN_rand_range(BIGNUM *rnd, BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG); BIGNUM *BN_new(void); @@ -382,6 +383,8 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,BN_CTX *ctx); int BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); int BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2, BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx); int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, @@ -504,11 +507,13 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); #define BN_F_BN_DIV 107 #define BN_F_BN_EXPAND2 108 #define BN_F_BN_MOD_EXP_MONT 109 +#define BN_F_BN_MOD_EXP_MONT_WORD 117 #define BN_F_BN_MOD_INVERSE 110 #define BN_F_BN_MOD_MUL_RECIPROCAL 111 #define BN_F_BN_MPI2BN 112 #define BN_F_BN_NEW 113 #define BN_F_BN_RAND 114 +#define BN_F_BN_RAND_RANGE 122 #define BN_F_BN_USUB 115 /* Reason codes. */ @@ -519,6 +524,7 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); #define BN_R_ENCODING_ERROR 104 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 #define BN_R_INVALID_LENGTH 106 +#define BN_R_INVALID_RANGE 115 #define BN_R_NOT_INITIALIZED 107 #define BN_R_NO_INVERSE 108 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 diff --git a/AppleCSP/open_ssl/openssl/dh.h b/AppleCSP/open_ssl/openssl/dh.h new file mode 100644 index 00000000..4903c1a4 --- /dev/null +++ b/AppleCSP/open_ssl/openssl/dh.h @@ -0,0 +1,221 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/* crypto/dh/dh.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_DH_H +#define HEADER_DH_H + +#ifdef NO_DH +#error DH is disabled. +#endif + +#ifndef NO_BIO +#include +#endif +#include +#include + +#define DH_FLAG_CACHE_MONT_P 0x01 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct dh_st DH; + +typedef struct dh_method { + const char *name; + /* Methods here */ + int (*generate_key)(DH *dh); + int (*compute_key)(unsigned char *key,BIGNUM *pub_key,DH *dh); + int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ + + int (*init)(DH *dh); + int (*finish)(DH *dh); + int flags; + char *app_data; +} DH_METHOD; + +struct dh_st + { + /* This first argument is used to pick up errors when + * a DH is passed instead of a EVP_PKEY */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + int length; /* optional */ + BIGNUM *pub_key; /* g^x */ + BIGNUM *priv_key; /* x */ + + int flags; + char *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + + int references; + CRYPTO_EX_DATA ex_data; + DH_METHOD *meth; + }; + +#define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +#define DH_GENERATOR_5 5 + +/* DH_check error codes */ +#define DH_CHECK_P_NOT_PRIME 0x01 +#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +#define DH_NOT_SUITABLE_GENERATOR 0x08 + +/* primes p where (p-1)/2 is prime too are called "safe"; we define + this for backward compatibility: */ +#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \ + (char *(*)())d2i_DHparams,(char *)(x)) +#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) +#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ + (unsigned char *)(x)) +#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x)) +#ifdef __cplusplus +#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \ + (unsigned char *)(x)) +#else +#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \ + (unsigned char *)(x)) +#endif + +DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(DH_METHOD *meth); +DH_METHOD *DH_get_default_method(void); +DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); +DH *DH_new_method(DH_METHOD *meth); + +DH * DH_new(void); +void DH_free(DH *dh); +int DH_size(DH *dh); +int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); +DH * DH_generate_parameters(int prime_len,int generator, + void (*callback)(int,int,void *),void *cb_arg); +int DH_check(DH *dh,int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh); +DH * d2i_DHparams(DH **a,unsigned char **pp, long length); +int i2d_DHparams(DH *a,unsigned char **pp); +#ifndef NO_FP_API +int DHparams_print_fp(FILE *fp, DH *x); +#endif +#ifndef NO_BIO +int DHparams_print(BIO *bp, DH *x); +#else +int DHparams_print(char *bp, DH *x); +#endif +void ERR_load_DH_strings(void ); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +/* Error codes for the DH functions. */ + +/* Function codes. */ +#define DH_F_DHPARAMS_PRINT 100 +#define DH_F_DHPARAMS_PRINT_FP 101 +#define DH_F_DH_COMPUTE_KEY 102 +#define DH_F_DH_GENERATE_KEY 103 +#define DH_F_DH_GENERATE_PARAMETERS 104 +#define DH_F_DH_NEW 105 + +/* Reason codes. */ +#define DH_R_NO_PRIVATE_VALUE 100 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/AppleCSP/open_ssl/openssl/dsa.h b/AppleCSP/open_ssl/openssl/dsa.h index 8cb59e0c..08fdfaca 100644 --- a/AppleCSP/open_ssl/openssl/dsa.h +++ b/AppleCSP/open_ssl/openssl/dsa.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). diff --git a/AppleCSP/open_ssl/openssl/opensslconf.h b/AppleCSP/open_ssl/openssl/opensslconf.h index 69ec50f3..bb00c6ad 100644 --- a/AppleCSP/open_ssl/openssl/opensslconf.h +++ b/AppleCSP/open_ssl/openssl/opensslconf.h @@ -16,6 +16,23 @@ */ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + /* * opensslconf.h - hand-rolled config #defines for openssl code used in AppleCSP * Written by Doug Mitchell 4/3/2001 @@ -34,7 +51,6 @@ extern "C" { */ #define _OPENSSL_APPLE_CDSA_ 1 -#define NO_DH 1 #define NO_MD5 1 #define NO_RIPEMD 1 #define NO_DES 1 diff --git a/AppleCSP/open_ssl/opensslUtils/openRsaSnacc.cpp b/AppleCSP/open_ssl/opensslUtils/openRsaSnacc.cpp index 4317e195..08108b26 100644 --- a/AppleCSP/open_ssl/opensslUtils/openRsaSnacc.cpp +++ b/AppleCSP/open_ssl/opensslUtils/openRsaSnacc.cpp @@ -128,6 +128,37 @@ static void nullAlgParams( snaccAlgId.parameters->value = cbuf; } +/* + * int --> BigIntegerStr + */ +void snaccIntToBigIntegerStr( + int i, + BigIntegerStr &bigInt) +{ + char c[4]; + int dex; + int numChars; + + if(i >= 0x1000000) { + numChars = 4; + } + else if(i > 0x10000) { + numChars = 3; + } + else if(i > 0x100) { + numChars = 2; + } + else { + numChars = 1; + } + /* i ==> DER */ + for(dex=numChars-1; dex>=0; dex--) { + c[dex] = i & 0xff; + i >>= 8; + } + + bigInt.ReSet(c, 4); +} /* * Replacements for d2i_RSAPublicKey, etc. @@ -635,3 +666,90 @@ CSSM_RETURN DSASigDecode( } return 0; } + +CSSM_RETURN DHPrivateKeyDecode( + DH *openKey, + unsigned char *p, + unsigned length) +{ + DHPrivateKey snaccPrivKey; + CssmData cData(p, length); + try { + SC_decodeAsnObj(cData, snaccPrivKey); + } + catch(...) { + return CSSMERR_CSP_INVALID_KEY; + } + + /* verify alg identifier */ + if(snaccPrivKey.dHOid != dhKeyAgreement) { + sslSnaccDebug("DHPrivateKeyDecode: bad privateKeyAlgorithm"); + return CSSMERR_CSP_ALGID_MISMATCH; + } + + DHParameter *params = snaccPrivKey.params; + if(params == NULL) { + /* not optional */ + sslSnaccDebug("DHPrivateKeyDecode: missing key params"); + return CSSMERR_CSP_INVALID_KEY; + } + + /* convert snaccPrivKey fields to DH key fields */ + try { + openKey->priv_key = bigIntStrToBn(snaccPrivKey.secretPart); + openKey->p = bigIntStrToBn(params->prime); + openKey->g = bigIntStrToBn(params->base); + /* TBD - ignore privateValueLength for now */ + } + catch(...) { + /* FIXME - bad sig? memory? */ + return CSSMERR_CSP_MEMORY_ERROR; + } + return 0; +} + +CSSM_RETURN DHPrivateKeyEncode( + DH *openKey, + CssmOwnedData &encodedKey) +{ + /* First convert into a snacc-style private key */ + DHPrivateKey snaccPrivKey; + snaccPrivKey.params = new DHParameter; + DHParameter *params = snaccPrivKey.params; + + try { + snaccPrivKey.dHOid.Set(dhKeyAgreement_arc); + bnToBigIntStr(openKey->priv_key, snaccPrivKey.secretPart); + bnToBigIntStr(openKey->p, params->prime); + bnToBigIntStr(openKey->g, params->base); + if(openKey->length) { + /* actually currently not supported */ + params->privateValueLength = new BigIntegerStr(); + snaccIntToBigIntegerStr(openKey->length, *params->privateValueLength); + } + } + catch(...) { + /* ? */ + return CSSMERR_CSP_MEMORY_ERROR; + } + + /* conservative guess for max size of encoded key */ + unsigned maxSize = sizeofBigInt(snaccPrivKey.secretPart) + + sizeofBigInt(params->prime) + + sizeofBigInt(params->base) + + 60; // includes dHOid, tags, lenghts + if(openKey->length) { + maxSize += sizeofBigInt(*params->privateValueLength); + } + + /* DER encode */ + try { + SC_encodeAsnObj(snaccPrivKey, encodedKey, maxSize); + } + catch(...) { + /* ? */ + return CSSMERR_CSP_MEMORY_ERROR; + } + return 0; +} + diff --git a/AppleCSP/open_ssl/opensslUtils/openRsaSnacc.h b/AppleCSP/open_ssl/opensslUtils/openRsaSnacc.h index 7a89e74c..e524ce7e 100644 --- a/AppleCSP/open_ssl/opensslUtils/openRsaSnacc.h +++ b/AppleCSP/open_ssl/opensslUtils/openRsaSnacc.h @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -49,6 +50,13 @@ void bnToBigIntStr( unsigned sizeofBigInt( BigIntegerStr &bigInt); +/* + * int --> BigIntegerStr + */ +void snaccIntToBigIntegerStr( + int i, + BigIntegerStr &bigInt); + /* * Replacements for d2i_RSAPublicKey, etc. */ @@ -97,6 +105,14 @@ CSSM_RETURN DSASigDecode( const void *p, unsigned length); +CSSM_RETURN DHPrivateKeyDecode( + DH *openKey, + unsigned char *p, + unsigned length); +CSSM_RETURN DHPrivateKeyEncode( + DH *openKey, + CssmOwnedData &encodedKey); + #ifdef __cplusplus } diff --git a/AppleCSP/open_ssl/opensslUtils/opensslUtils.cpp b/AppleCSP/open_ssl/opensslUtils/opensslUtils.cpp index 3a55eebe..114b33af 100644 --- a/AppleCSP/open_ssl/opensslUtils/opensslUtils.cpp +++ b/AppleCSP/open_ssl/opensslUtils/opensslUtils.cpp @@ -24,6 +24,10 @@ #include #include #include +#include +#include +#include +#include #include #include #include "opensslUtils.h" @@ -117,3 +121,94 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md) return md; } +void throwRsaDsa( + const char *op) +{ + unsigned long e = logSslErrInfo(op); + CSSM_RETURN cerr = CSSM_OK; + + /* try to parse into something meaningful */ + int reason = ERR_GET_REASON(e); + int lib = ERR_GET_LIB(e); + + /* first try the global ones */ + switch(reason) { + case ERR_R_MALLOC_FAILURE: + cerr = CSSMERR_CSP_MEMORY_ERROR; break; + case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED: + /* internal */ break; + case ERR_R_PASSED_NULL_PARAMETER: + cerr = CSSMERR_CSP_INVALID_POINTER; break; + case ERR_R_NESTED_ASN1_ERROR: + case ERR_R_BAD_ASN1_OBJECT_HEADER: + case ERR_R_BAD_GET_ASN1_OBJECT_CALL: + case ERR_R_EXPECTING_AN_ASN1_SEQUENCE: + case ERR_R_ASN1_LENGTH_MISMATCH: + case ERR_R_MISSING_ASN1_EOS: + /* ASN - shouldn't happen, right? */ + cerr = CSSMERR_CSP_INTERNAL_ERROR; break; + default: + break; + } + if(cerr != CSSM_OK) { + CssmError::throwMe(cerr); + } + + /* now the lib-specific ones */ + switch(lib) { + case ERR_R_BN_LIB: + /* all indicate serious internal error...right? */ + cerr = CSSMERR_CSP_INTERNAL_ERROR; break; + case ERR_R_RSA_LIB: + switch(reason) { + case RSA_R_ALGORITHM_MISMATCH: + cerr = CSSMERR_CSP_ALGID_MISMATCH; break; + case RSA_R_BAD_SIGNATURE: + cerr = CSSMERR_CSP_VERIFY_FAILED; break; + case RSA_R_DATA_TOO_LARGE: + case RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE: + case RSA_R_DATA_TOO_SMALL: + case RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE: + case RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY: + cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break; + case RSA_R_KEY_SIZE_TOO_SMALL: + cerr = CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH; break; + case RSA_R_PADDING_CHECK_FAILED: + cerr = CSSMERR_CSP_INVALID_DATA; break; + case RSA_R_RSA_OPERATIONS_NOT_SUPPORTED: + cerr = CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED; break; + case RSA_R_UNKNOWN_ALGORITHM_TYPE: + cerr = CSSMERR_CSP_INVALID_ALGORITHM; break; + case RSA_R_WRONG_SIGNATURE_LENGTH: + cerr = CSSMERR_CSP_VERIFY_FAILED; break; + default: + cerr = CSSMERR_CSP_INTERNAL_ERROR; break; + } + break; + case ERR_R_DSA_LIB: + switch(reason) { + case DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE: + cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break; + default: + cerr = CSSMERR_CSP_INTERNAL_ERROR; break; + } + break; + case ERR_R_DH_LIB: + /* actually none of the DH errors make sense at the CDSA level */ + cerr = CSSMERR_CSP_INTERNAL_ERROR; + break; + default: + cerr = CSSMERR_CSP_INTERNAL_ERROR; break; + } + CssmError::throwMe(cerr); +} + +/* + * given an openssl-style error, throw appropriate CssmError. + */ +void throwOpensslErr(int irtn) +{ + /* FIXME */ + CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); +} + diff --git a/AppleCSP/open_ssl/opensslUtils/opensslUtils.h b/AppleCSP/open_ssl/opensslUtils/opensslUtils.h index 88c2c31e..7a12046a 100644 --- a/AppleCSP/open_ssl/opensslUtils/opensslUtils.h +++ b/AppleCSP/open_ssl/opensslUtils/opensslUtils.h @@ -46,6 +46,15 @@ private: unsigned long logSslErrInfo(const char *op); +void throwRsaDsa( + const char *op); + +/* + * given an openssl-style error, throw appropriate CssmError. + */ +void throwOpensslErr( + int irtn); + #ifdef __cplusplus } diff --git a/AppleCSPDL/AppleCSPDL.pbproj/.cvsignore b/AppleCSPDL/AppleCSPDL.pbproj/.cvsignore deleted file mode 100644 index 0857ac37..00000000 --- a/AppleCSPDL/AppleCSPDL.pbproj/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -*.pbxuser diff --git a/AppleCSPDL/AppleCSPDL.pbproj/project.pbxproj b/AppleCSPDL/AppleCSPDL.pbproj/project.pbxproj deleted file mode 100644 index 46ce5436..00000000 --- a/AppleCSPDL/AppleCSPDL.pbproj/project.pbxproj +++ /dev/null @@ -1,481 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 32; - objects = { - 01278A2FFEDB186711CD283A = { - isa = PBXFileReference; - path = SSContext.cpp; - refType = 4; - }; - 01278A30FEDB186711CD283A = { - isa = PBXFileReference; - path = SSKey.cpp; - refType = 4; - }; - 01278A31FEDB186711CD283A = { - fileRef = 01278A2FFEDB186711CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01278A32FEDB186711CD283A = { - fileRef = 01278A30FEDB186711CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01278A33FEDB4D5611CD283A = { - isa = PBXFileReference; - path = SSFactory.cpp; - refType = 4; - }; - 01278A34FEDB4D5611CD283A = { - isa = PBXFileReference; - path = SSFactory.h; - refType = 4; - }; - 01278A35FEDB4D5611CD283A = { - fileRef = 01278A34FEDB4D5611CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01278A36FEDB4D5611CD283A = { - fileRef = 01278A33FEDB4D5611CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01278A37FEDB676A11CD283A = { - isa = PBXFileReference; - path = SSCSPSession.cpp; - refType = 4; - }; - 01278A38FEDB676A11CD283A = { - isa = PBXFileReference; - path = SSCSPSession.h; - refType = 4; - }; - 01278A39FEDB676A11CD283A = { - fileRef = 01278A38FEDB676A11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01278A3AFEDB676A11CD283A = { - fileRef = 01278A37FEDB676A11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 023E3602001F8E8611CD283A = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\""; - }; - isa = PBXBuildStyle; - name = "Build Folder"; - }; - 049EAD58FEF6E7E511CD283A = { - isa = PBXFileReference; - path = SSDLSession.cpp; - refType = 4; - }; - 049EAD59FEF6E7E511CD283A = { - isa = PBXFileReference; - path = SSDLSession.h; - refType = 4; - }; - 049EAD5AFEF6E7E511CD283A = { - fileRef = 049EAD59FEF6E7E511CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 049EAD5BFEF6E7E511CD283A = { - fileRef = 049EAD58FEF6E7E511CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 050E4183FEFED76611CD283A = { - isa = PBXFileReference; - path = SSDatabase.cpp; - refType = 4; - }; - 050E4184FEFED76611CD283A = { - isa = PBXFileReference; - path = SSDatabase.h; - refType = 4; - }; - 050E4185FEFED76611CD283A = { - fileRef = 050E4184FEFED76611CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 050E4186FEFED76611CD283A = { - fileRef = 050E4183FEFED76611CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 089C1669FE841209C02AAC07 = { - buildStyles = ( - 1B60AA6AFFD84BD911CD296C, - 1B60AA6BFFD84BD911CD296C, - 023E3602001F8E8611CD283A, - ); - isa = PBXProject; - mainGroup = 089C166AFE841209C02AAC07; - projectDirPath = .; - targets = ( - 089C1673FE841209C02AAC07, - ); - }; - 089C166AFE841209C02AAC07 = { - children = ( - 08FB77AFFE84173DC02AAC07, - 089C1671FE841209C02AAC07, - 19C28FB6FE9D52B211CA2CBB, - ); - isa = PBXGroup; - name = CFPlugInBundle; - refType = 4; - }; - 089C1671FE841209C02AAC07 = { - children = ( - 2AD52209FFF3DF1811CD283A, - ); - isa = PBXGroup; - name = "External Frameworks and Libraries"; - path = ""; - refType = 3; - }; - 089C1673FE841209C02AAC07 = { - buildPhases = ( - 089C1674FE841209C02AAC07, - 089C1675FE841209C02AAC07, - 089C1676FE841209C02AAC07, - 089C1677FE841209C02AAC07, - 089C1679FE841209C02AAC07, - ); - buildSettings = { - DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline"; - EXPORTED_SYMBOLS_FILE = cssmplugin.exp; - FRAMEWORK_SEARCH_PATHS = ""; - HEADER_SEARCH_PATHS = ""; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security"; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-O2 -fno-inline"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined error -lstdc++"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AppleCSPDL; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = bundle; - }; - conditionalBuildSettings = { - }; - dependencies = ( - ); - isa = PBXBundleTarget; - name = AppleCSPDL; - productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Security"; - productName = AppleCSPDL; - productReference = 1B60AA69FFD84BD911CD296C; - productSettingsXML = " - - - - CFBundleExecutable - AppleCSPDL - CFBundleGetInfoString - - CFBundleIdentifier - com.apple.applecspdl - CFBundleName - AppleCSPDL - CFBundlePackageType - BNDL - CFBundleShortVersionString - 1.0 - CFBundleSignature - ???? - CFBundleVersion - AppleCSPDL 1.0 - - -"; - shouldUseHeadermap = 1; - }; - 089C1674FE841209C02AAC07 = { - buildActionMask = 2147483647; - files = ( - 11996865FF0456D211CD283A, - 17C156A2FEA7954611CD283A, - 634531E5FF09563011CD283A, - 71F5C646FED611A911CD283A, - 09C51A18FEF19D5311CD283A, - 01278A39FEDB676A11CD283A, - 050E4185FEFED76611CD283A, - 049EAD5AFEF6E7E511CD283A, - 01278A35FEDB4D5611CD283A, - 71F5C648FED61A6411CD283A, - ); - isa = PBXHeadersBuildPhase; - name = Headers; - }; - 089C1675FE841209C02AAC07 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; - }; - 089C1676FE841209C02AAC07 = { - buildActionMask = 2147483647; - files = ( - 11996866FF0456D211CD283A, - 17C156A5FEA7954611CD283A, - 634531E6FF09563011CD283A, - 01278A31FEDB186711CD283A, - 09C51A19FEF19D5311CD283A, - 01278A3AFEDB676A11CD283A, - 050E4186FEFED76611CD283A, - 049EAD5BFEF6E7E511CD283A, - 01278A36FEDB4D5611CD283A, - 01278A32FEDB186711CD283A, - ); - isa = PBXSourcesBuildPhase; - name = Sources; - }; - 089C1677FE841209C02AAC07 = { - buildActionMask = 2147483647; - files = ( - 2AD5220AFFF3DF1811CD283A, - ); - isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; - }; - 089C1679FE841209C02AAC07 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; - }; - 08FB77AFFE84173DC02AAC07 = { - children = ( - 17C1569CFEA7954611CD283A, - 17C1569DFEA7954611CD283A, - 17C1569EFEA7954611CD283A, - 17C1569FFEA7954611CD283A, - 634531E3FF09563011CD283A, - 634531E4FF09563011CD283A, - 01278A2FFEDB186711CD283A, - 71F5C645FED611A911CD283A, - 61D315C0FEF05D5211CD283A, - 61D315C1FEF05D5211CD283A, - 01278A37FEDB676A11CD283A, - 01278A38FEDB676A11CD283A, - 050E4183FEFED76611CD283A, - 050E4184FEFED76611CD283A, - 049EAD58FEF6E7E511CD283A, - 049EAD59FEF6E7E511CD283A, - 01278A33FEDB4D5611CD283A, - 01278A34FEDB4D5611CD283A, - 01278A30FEDB186711CD283A, - 71F5C647FED61A6411CD283A, - 1DF71D5EFF310FB211CD283A, - ); - isa = PBXGroup; - name = Source; - refType = 4; - }; - 09C51A18FEF19D5311CD283A = { - fileRef = 61D315C1FEF05D5211CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 09C51A19FEF19D5311CD283A = { - fileRef = 61D315C0FEF05D5211CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 11996865FF0456D211CD283A = { - fileRef = 17C1569DFEA7954611CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 11996866FF0456D211CD283A = { - fileRef = 17C1569CFEA7954611CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 17C1569CFEA7954611CD283A = { - isa = PBXFileReference; - path = CSPDLDatabase.cpp; - refType = 4; - }; - 17C1569DFEA7954611CD283A = { - isa = PBXFileReference; - path = CSPDLDatabase.h; - refType = 4; - }; - 17C1569EFEA7954611CD283A = { - isa = PBXFileReference; - path = CSPDLPlugin.cpp; - refType = 4; - }; - 17C1569FFEA7954611CD283A = { - isa = PBXFileReference; - path = CSPDLPlugin.h; - refType = 4; - }; - 17C156A2FEA7954611CD283A = { - fileRef = 17C1569FFEA7954611CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 17C156A5FEA7954611CD283A = { - fileRef = 17C1569EFEA7954611CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 19C28FB6FE9D52B211CA2CBB = { - children = ( - 1B60AA69FFD84BD911CD296C, - ); - isa = PBXGroup; - name = Products; - refType = 4; - }; - 1B60AA69FFD84BD911CD296C = { - isa = PBXBundleReference; - path = AppleCSPDL.bundle; - refType = 3; - }; - 1B60AA6AFFD84BD911CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - }; - isa = PBXBuildStyle; - name = Development; - }; - 1B60AA6BFFD84BD911CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = YES; - }; - isa = PBXBuildStyle; - name = Deployment; - }; - 1DF71D5EFF310FB211CD283A = { - isa = PBXFileReference; - path = cssmplugin.exp; - refType = 4; - }; - 2AD52209FFF3DF1811CD283A = { - isa = PBXFrameworkReference; - path = Security.framework; - refType = 3; - }; - 2AD5220AFFF3DF1811CD283A = { - fileRef = 2AD52209FFF3DF1811CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 61D315C0FEF05D5211CD283A = { - isa = PBXFileReference; - path = SSCSPDLSession.cpp; - refType = 4; - }; - 61D315C1FEF05D5211CD283A = { - isa = PBXFileReference; - path = SSCSPDLSession.h; - refType = 4; - }; - 634531E3FF09563011CD283A = { - isa = PBXFileReference; - path = Schema.cpp; - refType = 4; - }; - 634531E4FF09563011CD283A = { - isa = PBXFileReference; - path = Schema.h; - refType = 4; - }; - 634531E5FF09563011CD283A = { - fileRef = 634531E4FF09563011CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 634531E6FF09563011CD283A = { - fileRef = 634531E3FF09563011CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 71F5C645FED611A911CD283A = { - isa = PBXFileReference; - path = SSContext.h; - refType = 4; - }; - 71F5C646FED611A911CD283A = { - fileRef = 71F5C645FED611A911CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 71F5C647FED61A6411CD283A = { - isa = PBXFileReference; - path = SSKey.h; - refType = 4; - }; - 71F5C648FED61A6411CD283A = { - fileRef = 71F5C647FED61A6411CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - }; - rootObject = 089C1669FE841209C02AAC07; -} diff --git a/AppleCSPDL/CSPDLPlugin.cpp b/AppleCSPDL/CSPDLPlugin.cpp index c9e40e90..f101211d 100644 --- a/AppleCSPDL/CSPDLPlugin.cpp +++ b/AppleCSPDL/CSPDLPlugin.cpp @@ -29,6 +29,7 @@ // Make and break the plugin object // CSPDLPlugin::CSPDLPlugin() + : mRawCsp(gGuidAppleCSP) { } @@ -58,7 +59,8 @@ CSPDLPlugin::makeSession(CSSM_MODULE_HANDLE handle, subserviceType, attachFlags, upcalls, - mSSCSPDLSession); + mSSCSPDLSession, + mRawCsp); case CSSM_SERVICE_DL: return new SSDLSession(handle, *this, diff --git a/AppleCSPDL/CSPDLPlugin.h b/AppleCSPDL/CSPDLPlugin.h index 63280859..edb4111a 100644 --- a/AppleCSPDL/CSPDLPlugin.h +++ b/AppleCSPDL/CSPDLPlugin.h @@ -25,7 +25,7 @@ #include "SSCSPDLSession.h" #include "CSPDLDatabase.h" #include "SSFactory.h" - +#include #include class SSCSPSession; @@ -49,6 +49,7 @@ private: SSCSPDLSession mSSCSPDLSession; CSPDLDatabaseManager mDatabaseManager; SSFactory mSSFactory; + CssmClient::CSP mRawCsp; // raw (nonsecure) CSP connection }; diff --git a/AppleCSPDL/CVSVersionInfo.txt b/AppleCSPDL/CVSVersionInfo.txt index 36e4beae..2bc0c2db 100644 --- a/AppleCSPDL/CVSVersionInfo.txt +++ b/AppleCSPDL/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:51 mb Exp $ -# $Name: Security-30~1 $ +# $Name: $ ProjectName: AppleCSPDL ProjectVersion: 15 diff --git a/AppleCSPDL/KeySchema.m4 b/AppleCSPDL/KeySchema.m4 index 84098e84..321d6dc8 100644 --- a/AppleCSPDL/KeySchema.m4 +++ b/AppleCSPDL/KeySchema.m4 @@ -1,7 +1,7 @@ divert(-1) changecom(/*, */) /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -26,11 +26,11 @@ enum {' divert(2)dnl // $1 attributes -static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO $1SchemaAttributeList[] = +const CSSM_DB_SCHEMA_ATTRIBUTE_INFO $1SchemaAttributeList[] = { divert(3)dnl // $1 indices -static const CSSM_DB_SCHEMA_INDEX_INFO $1SchemaIndexList[] = +const CSSM_DB_SCHEMA_INDEX_INFO $1SchemaIndexList[] = {') define(`endClass', diff --git a/AppleCSPDL/SSCSPDLSession.cpp b/AppleCSPDL/SSCSPDLSession.cpp index 7a2bae58..d9061641 100644 --- a/AppleCSPDL/SSCSPDLSession.cpp +++ b/AppleCSPDL/SSCSPDLSession.cpp @@ -30,8 +30,6 @@ using namespace SecurityServer; // SSCSPDLSession -- Security Server CSP session // SSCSPDLSession::SSCSPDLSession() -// @@@ FIXME allocators needs to change. -: mClientSession(CssmAllocator::standard(), CssmAllocator::standard()) { } @@ -51,12 +49,28 @@ SSCSPDLSession::makeReferenceKey(SSCSPSession &session, KeyHandle inKeyHandle, SSKey & SSCSPDLSession::lookupKey(const CssmKey &inKey) { - if (inKey.blobType() == CSSM_KEYBLOB_REFERENCE) - return find(inKey); - else if (inKey.blobType() == CSSM_KEYBLOB_RAW) - { - // @@@ How can we deal with this? + /* for now we only allow ref keys */ + if(inKey.blobType() != CSSM_KEYBLOB_REFERENCE) { + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); } - - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); + + /* fetch key (this is just mapping the value in inKey.KeyData to an SSKey) */ + SSKey &theKey = find(inKey); + + #ifdef someday + /* + * Make sure caller hasn't changed any crucial header fields. + * Some fields were changed by makeReferenceKey, so make a local copy.... + */ + CSSM_KEYHEADER localHdr = cssmKey.KeyHeader; + get binKey-like thing from SSKey, maybe SSKey should keep a copy of + hdr...but that's' not supersecure....; + + localHdr.BlobType = binKey->mKeyHeader.BlobType; + localHdr.Format = binKey->mKeyHeader.Format; + if(memcmp(&localHdr, &binKey->mKeyHeader, sizeof(CSSM_KEYHEADER))) { + CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); + } + #endif + return theKey; } diff --git a/AppleCSPDL/SSCSPDLSession.h b/AppleCSPDL/SSCSPDLSession.h index eb4c05b5..c281bbc9 100644 --- a/AppleCSPDL/SSCSPDLSession.h +++ b/AppleCSPDL/SSCSPDLSession.h @@ -37,16 +37,11 @@ class SSCSPDLSession: public KeyPool public: SSCSPDLSession(); - SecurityServer::ClientSession &clientSession() { return mClientSession; } - void makeReferenceKey(SSCSPSession &session, SecurityServer::KeyHandle inKeyHandle, CssmKey &outKey, SSDatabase &inSSDatabase, uint32 inKeyAttr, const CssmData *inKeyLabel); SSKey &lookupKey(const CssmKey &inKey); - -private: - SecurityServer::ClientSession mClientSession; }; diff --git a/AppleCSPDL/SSCSPSession.cpp b/AppleCSPDL/SSCSPSession.cpp index 5f5b7f3a..ef698f59 100644 --- a/AppleCSPDL/SSCSPSession.cpp +++ b/AppleCSPDL/SSCSPSession.cpp @@ -41,11 +41,14 @@ SSCSPSession::SSCSPSession(CSSM_MODULE_HANDLE handle, CSSM_SERVICE_TYPE subserviceType, CSSM_ATTACH_FLAGS attachFlags, const CSSM_UPCALLS &upcalls, - SSCSPDLSession &ssCSPDLSession) + SSCSPDLSession &ssCSPDLSession, + CssmClient::CSP &rawCsp) : CSPFullPluginSession(handle, plug, version, subserviceId, subserviceType, attachFlags, upcalls), mSSCSPDLSession(ssCSPDLSession), - mSSFactory(plug.mSSFactory) + mSSFactory(plug.mSSFactory), + mRawCsp(rawCsp), + mClientSession(CssmAllocator::standard(), *this) { } @@ -160,6 +163,7 @@ SSCSPSession::UnwrapKey(CSSM_CC_HANDLE CCHandle, CSSM_PRIVILEGE Privilege) { SSDatabase database = getDatabase(context); + validateKeyAttr(KeyAttr); const AccessCredentials *cred = NULL; const AclEntryInput *owner = NULL; if (CredAndAclEntry) @@ -207,7 +211,25 @@ SSCSPSession::DeriveKey(CSSM_CC_HANDLE ccHandle, const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry, CssmKey &derivedKey) { - unimplemented(); + SSDatabase database = getDatabase(context); + validateKeyAttr(keyAttr); + const AccessCredentials *cred = NULL; + const AclEntryInput *owner = NULL; + if (credAndAclEntry) + { + cred = AccessCredentials::overlay(credAndAclEntry->AccessCred); + owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry); + } + + /* optional BaseKey */ + const CssmKey *keyInContext = + context.get(CSSM_ATTRIBUTE_KEY); + KeyHandle contextKeyHandle = + keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey; + KeyHandle keyHandle; + clientSession().deriveKey(database.dbHandle(), context, contextKeyHandle, keyUsage, + keyAttr, param, cred, owner, keyHandle, derivedKey.header()); + makeReferenceKey(keyHandle, derivedKey, database, keyAttr, keyLabel); } void @@ -221,6 +243,7 @@ SSCSPSession::GenerateKey(CSSM_CC_HANDLE ccHandle, CSSM_PRIVILEGE privilege) { SSDatabase database = getDatabase(context); + validateKeyAttr(keyAttr); const AccessCredentials *cred = NULL; const AclEntryInput *owner = NULL; if (credAndAclEntry) @@ -250,6 +273,8 @@ SSCSPSession::GenerateKeyPair(CSSM_CC_HANDLE ccHandle, CSSM_PRIVILEGE privilege) { SSDatabase database = getDatabase(context); + validateKeyAttr(publicKeyAttr); + validateKeyAttr(privateKeyAttr); const AccessCredentials *cred = NULL; const AclEntryInput *owner = NULL; if (credAndAclEntry) @@ -488,3 +513,19 @@ SSCSPSession::PassThrough(CSSM_CC_HANDLE CCHandle, { unimplemented(); } + +/* Validate requested key attr flags for newly generated keys */ +void SSCSPSession::validateKeyAttr(uint32 reqKeyAttr) +{ + if(reqKeyAttr & (CSSM_KEYATTR_RETURN_DATA)) { + /* CSPDL only supports reference keys */ + CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK); + } + if(reqKeyAttr & (CSSM_KEYATTR_ALWAYS_SENSITIVE | + CSSM_KEYATTR_NEVER_EXTRACTABLE)) { + /* invalid for any CSP */ + CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); + } + /* There may be more, but we'll leave it to SS and CSP to decide */ +} + diff --git a/AppleCSPDL/SSCSPSession.h b/AppleCSPDL/SSCSPSession.h index 97daab1f..6b97dad4 100644 --- a/AppleCSPDL/SSCSPSession.h +++ b/AppleCSPDL/SSCSPSession.h @@ -37,7 +37,8 @@ class SSCSPSession : public CSPFullPluginSession public: SSCSPDLSession &mSSCSPDLSession; SSFactory &mSSFactory; - + CssmClient::CSP &mRawCsp; + SSCSPSession(CSSM_MODULE_HANDLE handle, CSPDLPlugin &plug, const CSSM_VERSION &version, @@ -45,10 +46,11 @@ public: CSSM_SERVICE_TYPE subserviceType, CSSM_ATTACH_FLAGS attachFlags, const CSSM_UPCALLS &upcalls, - SSCSPDLSession &ssCSPDLSession); + SSCSPDLSession &ssCSPDLSession, + CssmClient::CSP &rawCsp); SecurityServer::ClientSession &clientSession() - { return mSSCSPDLSession.clientSession(); } + { return mClientSession; } CSPContext *contextCreate(CSSM_CC_HANDLE handle, const Context &context); #if 0 @@ -159,6 +161,12 @@ public: uint32 PassThroughId, const void *InData, void **OutData); +private: + /* Validate requested key attr flags for newly generated keys */ + void validateKeyAttr(uint32 reqKeyAttr); + + SecurityServer::ClientSession mClientSession; + }; diff --git a/AppleCSPDL/SSContext.cpp b/AppleCSPDL/SSContext.cpp index d03f0f75..4ea3794e 100644 --- a/AppleCSPDL/SSContext.cpp +++ b/AppleCSPDL/SSContext.cpp @@ -23,6 +23,9 @@ #include "SSCSPSession.h" #include "SSKey.h" +#include + +#define ssCryptDebug(args...) debug("ssCrypt", ## args) using namespace SecurityServer; @@ -34,11 +37,30 @@ SSContext::SSContext(SSCSPSession &session) { } +void SSContext::clearOutBuf() +{ + if(mOutBuf.Data) { + mSession.free(mOutBuf.Data); + mOutBuf.clear(); + } +} + +void SSContext::copyOutBuf(CssmData &out) +{ + if(out.length() < mOutBuf.length()) { + CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR); + } + memmove(out.Data, mOutBuf.Data, mOutBuf.Length); + out.Length = mOutBuf.Length; + clearOutBuf(); +} + void SSContext::init(const Context &context, bool /* encoding */) // @@@ should be removed from API since it's already in mDirection { mContext = &context; + clearOutBuf(); } SecurityServer::ClientSession & @@ -83,41 +105,234 @@ SSRandomContext::final(CssmData &out) } -// -// SSSignContext -- Context for signing and GenerateMac operations -// -SSSignContext::SSSignContext(SSCSPSession &session) : SSContext(session) {} +// signature contexts +SSSignatureContext::SSSignatureContext(SSCSPSession &session) + : SSContext(session), + mKeyHandle(noKey), + mNullDigest(NULL), + mDigest(NULL) +{ + /* nothing else for now */ +} -void -SSSignContext::update(const CssmData &data) +SSSignatureContext::~SSSignatureContext() { + delete mNullDigest; + delete mDigest; } -size_t -SSSignContext::outputSize(bool final, size_t inSize) +void SSSignatureContext::init(const Context &context, bool signing) { - return 0; + SSContext::init(context, signing); + + /* reusable: skip everything except resetting digest state */ + if((mNullDigest != NULL) || (mDigest != NULL)) { + if(mNullDigest != NULL) { + mNullDigest->digestInit(); + } + return; + } + + /* snag key from context */ + const CssmKey &keyInContext = + context.get(CSSM_ATTRIBUTE_KEY, + CSSMERR_CSP_MISSING_ATTR_KEY); + mKeyHandle = mSession.lookupKey(keyInContext).keyHandle(); + + /* get digest alg and sig alg from Context.algorithm */ + switch(context.algorithm()) { + /*** DSA ***/ + case CSSM_ALGID_SHA1WithDSA: + mDigestAlg = CSSM_ALGID_SHA1; + mSigAlg = CSSM_ALGID_DSA; + break; + case CSSM_ALGID_DSA: // Raw + mDigestAlg = CSSM_ALGID_NONE; + mSigAlg = CSSM_ALGID_DSA; + break; + /*** RSA ***/ + case CSSM_ALGID_SHA1WithRSA: + mDigestAlg = CSSM_ALGID_SHA1; + mSigAlg = CSSM_ALGID_RSA; + break; + case CSSM_ALGID_MD5WithRSA: + mDigestAlg = CSSM_ALGID_MD5; + mSigAlg = CSSM_ALGID_RSA; + break; + case CSSM_ALGID_MD2WithRSA: + mDigestAlg = CSSM_ALGID_MD2; + mSigAlg = CSSM_ALGID_RSA; + break; + case CSSM_ALGID_RSA: // Raw + mDigestAlg = CSSM_ALGID_NONE; + mSigAlg = CSSM_ALGID_RSA; + break; + /*** FEE ***/ + case CSSM_ALGID_FEE_SHA1: + mDigestAlg = CSSM_ALGID_SHA1; + mSigAlg = CSSM_ALGID_FEE; + break; + case CSSM_ALGID_FEE_MD5: + mDigestAlg = CSSM_ALGID_MD5; + mSigAlg = CSSM_ALGID_FEE; + break; + case CSSM_ALGID_FEE: // Raw + mDigestAlg = CSSM_ALGID_NONE; + mSigAlg = CSSM_ALGID_FEE; + break; + /*** ECDSA ***/ + case CSSM_ALGID_SHA1WithECDSA: + mDigestAlg = CSSM_ALGID_SHA1; + mSigAlg = CSSM_ALGID_ECDSA; + break; + case CSSM_ALGID_ECDSA: // Raw + mDigestAlg = CSSM_ALGID_NONE; + mSigAlg = CSSM_ALGID_ECDSA; + break; + default: + CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); + } + + /* set up mNullDigest or mDigest */ + if(mDigestAlg == CSSM_ALGID_NONE) { + mNullDigest = new NullDigest(); + } + else { + mDigest = new CssmClient::Digest(mSession.mRawCsp, mDigestAlg); + } } -void -SSSignContext::final(CssmData &out) +/* + * for raw sign/verify - optionally called after init. + * Note that in init (in this case), we set mDigestAlg to ALGID_NONE and set up + * a NullDigest. We now overwrite mDigestAlg, and we'll useÊthis + * new value when we do the actual sign/vfy. + */ +void SSSignatureContext::setDigestAlgorithm(CSSM_ALGORITHMS digestAlg) +{ + mDigestAlg = digestAlg; +} + +void SSSignatureContext::update(const CssmData &data) +{ + /* Note that for this context, we really can not deal with an out-of-sequence + * update --> final(true, 0) --> update since we lose the pending digest state + * when we perform the implied final() during outputSize(true, 0). */ + assert(mOutBuf.Data == NULL); + + /* add incoming data to digest or accumulator */ + if(mNullDigest) { + mNullDigest->digestUpdate(data.data(), data.length()); + } + else { + mDigest->digest(data); + } +} + +size_t SSSignatureContext::outputSize(bool final, size_t inSize) { + if(!final) { + ssCryptDebug("===sig outputSize !final\n"); + return 0; + } + if(!encoding()) { + ssCryptDebug("===sig outputSize final, !encoding\n"); + /* don't see why this is even called... */ + return 0; + } + if(inSize == 0) { + /* + * This is the implied signal to go for it. Note that in this case, + * we can not go back and re-do the op in case of an unexpected + * sequence of update/outputSize(final, 0)/final - we lose the digest + * state. Perhaps we should save the digest...? But still it would + * be impossible to do another update. + */ + clearOutBuf(); + sign(mOutBuf); + ssCryptDebug("===sig outputSize(pre-op) %u", (unsigned)mOutBuf.Length); + return (size_t)mOutBuf.Length; + } + else { + /* out-of-band case, ask CSP via SS */ + uint32 outSize = clientSession().getOutputSize(*mContext, + mKeyHandle, + /* FIXME - what to use for inSize here - we don't want to + * interrogate mDigest, as that would result in another RPC... + * and signature size is not related to input size...right? */ + inSize, + true); + ssCryptDebug("===sig outputSize(RPC) %u", (unsigned)outSize); + return (size_t)outSize; + } } +/* sign */ -// -// SSVerifyContext -- Context for Verify and VerifyMac operations -// -SSVerifyContext::SSVerifyContext(SSCSPSession &session) : SSContext(session) {} +/* first the common routine shared by final and outputSize */ +void SSSignatureContext::sign(CssmData &sig) +{ + /* we have to pass down a modified Context, thus.... */ + Context tempContext = *mContext; + tempContext.AlgorithmType = mSigAlg; + + if(mNullDigest) { + CssmData dData(const_cast(mNullDigest->digestPtr()), + mNullDigest->digestSizeInBytes()); + clientSession().generateSignature(tempContext, + mKeyHandle, + dData, + sig, + mDigestAlg); + } + else { + clientSession().generateSignature(tempContext, + mKeyHandle, + (*mDigest)(), + sig, + mDigestAlg); + } +} -void -SSVerifyContext::update(const CssmData &data) +/* this is the one called by CSPFullPluginSession */ +void SSSignatureContext::final(CssmData &sig) { + if(mOutBuf.Data) { + /* normal final case in which the actual RPC via SS was done in the + * previous outputSize() call. */ + ssCryptDebug("===final via pre-op and copy"); + copyOutBuf(sig); + return; + } + + ssCryptDebug("===final via RPC"); + sign(sig); } +/* verify */ void -SSVerifyContext::final(const CssmData &in) +SSSignatureContext::final(const CssmData &sig) { + /* we have to pass down a modified Context, thus.... */ + Context tempContext = *mContext; + tempContext.AlgorithmType = mSigAlg; + + if(mNullDigest) { + CssmData dData(const_cast(mNullDigest->digestPtr()), + mNullDigest->digestSizeInBytes()); + clientSession().verifySignature(tempContext, + mKeyHandle, + dData, + sig, + mDigestAlg); + } + else { + clientSession().verifySignature(tempContext, + mKeyHandle, + (*mDigest)(), + sig, + mDigestAlg); + } } @@ -125,158 +340,240 @@ SSVerifyContext::final(const CssmData &in) // SSCryptContext -- Context for Encrypt and Decrypt operations // SSCryptContext::SSCryptContext(SSCSPSession &session) -: SSContext(session), mKeyHandle(noKey), mCurrent(0), mCapacity(0), -mBuffer(NULL) + : SSContext(session), mKeyHandle(noKey) { + /* nothing for now */ } SSCryptContext::~SSCryptContext() { - freeBuffer(); -} - -void -SSCryptContext::freeBuffer() -{ - // @@@ We should probably use CssmAllocator::standard(sensitive) instead of malloc/realloc/free here - if (mBuffer) - { - // Zero out buffer (only on decrypt?) - if (mCapacity /* && !encoding() */) - { - memset(mBuffer, 0, mCapacity); - } - - free(mBuffer); - mBuffer = NULL; - mCapacity = 0; - } + /* nothing for now */ } void SSCryptContext::init(const Context &context, bool encoding) { + ssCryptDebug("===init"); SSContext::init(context, encoding); - freeBuffer(); - mCurrent = 0; - mCapacity = 0; + /* reusable; reset accumulator */ + mNullDigest.digestInit(); const CssmKey &keyInContext = context.get(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY); - - // @@@ Should return SSKey. mKeyHandle = mSession.lookupKey(keyInContext).keyHandle(); } size_t SSCryptContext::inputSize(size_t outSize) { + ssCryptDebug("===inputSize outSize=%u", (unsigned)outSize); return UINT_MAX; } size_t SSCryptContext::outputSize(bool final, size_t inSize) { - if (!final) - { - mCapacity = mCurrent + inSize; - mBuffer = realloc(mBuffer, mCapacity); + ssCryptDebug("===outputSize final %d inSize=%u", final, (unsigned)inSize); + if(!final) { + /* we buffer until final; no intermediate output */ return 0; } - - // There should not be any remaining input data left when final is true; - assert(!inSize); - - // Do the actual operation. - const CssmData in(mBuffer, mCurrent); - CssmData out; - if (encoding()) - clientSession().encrypt(*mContext, mKeyHandle, in, out); - else - clientSession().decrypt(*mContext, mKeyHandle, in, out); - - freeBuffer(); - mBuffer = out.Data; - mCapacity = out.Length; - mCurrent = 0; - return mCapacity; + size_t inBufSize = mNullDigest.digestSizeInBytes(); + if(inSize == 0) { + /* This is the implied signal to go for it */ + clearOutBuf(); + if(inBufSize == 0) { + return 0; + } + const CssmData in(const_cast(mNullDigest.digestPtr()), inBufSize); + if (encoding()) { + clientSession().encrypt(*mContext, mKeyHandle, in, mOutBuf); + } + else { + clientSession().decrypt(*mContext, mKeyHandle, in, mOutBuf); + } + /* leave the accumulator as is in case of unexpected sequence */ + ssCryptDebug(" ===outSize(pre-op) %u", (unsigned)mOutBuf.Length); + return mOutBuf.Length; + } + else { + /* out-of-band case, ask CSP via SS */ + uint32 outSize = clientSession().getOutputSize(*mContext, + mKeyHandle, + inBufSize + inSize, + encoding()); + ssCryptDebug(" ===outSize(RPC) %u", (unsigned)outSize); + return (size_t)outSize; + } } void SSCryptContext::minimumProgress(size_t &in, size_t &out) { - // This should never be called. - assert(false); + in = 1; + out = 0; } void SSCryptContext::update(void *inp, size_t &inSize, void *outp, size_t &outSize) { + ssCryptDebug("===update inSize=%u", (unsigned)inSize); + /* add incoming data to accumulator */ + mNullDigest.digestUpdate(inp, inSize); outSize = 0; - assert(inSize); - assert(mCurrent + inSize <= mCapacity); - memcpy(&reinterpret_cast(mBuffer)[mCurrent], inp, inSize); - mCurrent += inSize; + clearOutBuf(); } void SSCryptContext::final(CssmData &out) { - if(!out.Length) return; - assert(out.Data && out.Length); - uint32 todo = min(out.Length, mCapacity - mCurrent); - memcpy(out.Data, &reinterpret_cast(mBuffer)[mCurrent], todo); - mCurrent += todo; - out.Length = todo; + if(mOutBuf.Data != NULL) { + /* normal final case in which the actual RPC via SS was done in the + * previous outputSize() call. A memcpy is needed here because + * CSPFullPluginSession has just allocated the buf size we need. */ + ssCryptDebug("===final via pre-op and copy"); + copyOutBuf(out); + return; + } + + /* when is this path taken...? */ + ssCryptDebug("===final via RPC"); + size_t inSize = mNullDigest.digestSizeInBytes(); + if(!inSize) return; + + const CssmData in(const_cast(mNullDigest.digestPtr()), inSize); + unsigned origOutSize = out.length(); + if (encoding()) { + clientSession().encrypt(*mContext, mKeyHandle, in, out); + } + else { + clientSession().decrypt(*mContext, mKeyHandle, in, out); + } + assert(out.length() <= origOutSize); + mNullDigest.digestInit(); +} - freeBuffer(); +// Digest, using raw CSP +SSDigestContext::SSDigestContext(SSCSPSession &session) + : SSContext(session), mDigest(NULL) +{ + } +SSDigestContext::~SSDigestContext() +{ + delete mDigest; +} -#if 0 -// -// SSKeyPairGenContext -- Context for key pair generation -// -SSKeyPairGenContext::SSKeyPairGenContext(SSCSPSession &session) -: SSContext(session) {} +void SSDigestContext::init(const Context &context, bool encoding) +{ + CSSM_ALGORITHMS alg; + + SSContext::init(context, encoding); + alg = context.algorithm(); + mDigest = new CssmClient::Digest(mSession.mRawCsp, alg); +} -void -SSKeyPairGenContext::generate(const Context &context, - CssmKey &pubKey, - SSKey *pubBinKey, - CssmKey &privKey, - SSKey *privBinKey) +void SSDigestContext::update(const CssmData &data) { + mDigest->digest(data); } -void -SSKeyPairGenContext::generate(const Context &context, - SSKey &pubBinKey, - SSKey &privBinKey, - uint32 &keySize) +void SSDigestContext::final(CssmData &out) { + (*mDigest)(out); } +size_t SSDigestContext::outputSize(bool final, size_t inSize) +{ + if(!final) { + return 0; + } + else { + return (size_t)mDigest->getOutputSize(inSize); + } +} -// -// SSSymmKeyGenContext -- Context for symmetric key generation -// -SSSymmKeyGenContext::SSSymmKeyGenContext(SSCSPSession &session, - uint32 minSize, - uint32 maxSize, - bool byteSized) -: SSContext(session), - minSizeInBits(minSize), - maxSizeInBits(maxSize), - mustBeByteSized(byteSized) +// MACContext - common class for MAC generate, verify +SSMACContext::SSMACContext(SSCSPSession &session) + : SSContext(session), mKeyHandle(noKey) { + } - -void -SSSymmKeyGenContext::generateSymKey(const Context &context, CssmKey &cssmKey) + +void SSMACContext::init(const Context &context, bool encoding) { + SSContext::init(context, encoding); + + /* reusable; reset accumulator */ + mNullDigest.digestInit(); + + /* snag key from context */ + const CssmKey &keyInContext = + context.get(CSSM_ATTRIBUTE_KEY, + CSSMERR_CSP_MISSING_ATTR_KEY); + mKeyHandle = mSession.lookupKey(keyInContext).keyHandle(); +} + +void SSMACContext::update(const CssmData &data) +{ + /* add incoming data to accumulator */ + mNullDigest.digestUpdate(data.data(), data.length()); +} + +size_t SSMACContext::outputSize(bool final, size_t inSize) +{ + if(!final) { + ssCryptDebug("===mac outputSize !final\n"); + return 0; + } + if(!encoding()) { + ssCryptDebug("===mac outputSize final, !encoding\n"); + /* don't see why this is even called... */ + return 0; + } + if(inSize == 0) { + /* + * This is the implied signal to go for it. + */ + clearOutBuf(); + genMac(mOutBuf); + ssCryptDebug("===mac outputSize(pre-op) %u", (unsigned)mOutBuf.Length); + return (size_t)mOutBuf.Length; + } + else { + /* out-of-band case, ask CSP via SS */ + uint32 outSize = clientSession().getOutputSize(*mContext, + mKeyHandle, + inSize + mNullDigest.digestSizeInBytes(), + true); + ssCryptDebug("===mac outputSize(RPC) %u", (unsigned)outSize); + return (size_t)outSize; + } +} + +/* generate */ + +/* first the common routine used by final() and outputSize() */ +void SSMACContext::genMac(CssmData &mac) +{ + CssmData allData(const_cast(mNullDigest.digestPtr()), + mNullDigest.digestSizeInBytes()); + clientSession().generateMac(*mContext, mKeyHandle, allData, mac); +} + +void SSMACContext::final(CssmData &mac) +{ + genMac(mac); +} + +/* verify */ +void SSMACContext::final(const CssmData &mac) +{ + CssmData allData(const_cast(mNullDigest.digestPtr()), + mNullDigest.digestSizeInBytes()); + clientSession().verifyMac(*mContext, mKeyHandle, allData, mac); } -#endif diff --git a/AppleCSPDL/SSContext.h b/AppleCSPDL/SSContext.h index 1f3f6d4e..e403858d 100644 --- a/AppleCSPDL/SSContext.h +++ b/AppleCSPDL/SSContext.h @@ -24,6 +24,8 @@ #include #include +#include +#include // // Parent class for all CSPContexts implemented in this CSP. Currently the @@ -36,35 +38,63 @@ class SSContext : public CSPFullPluginSession::CSPContext { public: SSContext(SSCSPSession &session); + ~SSContext() { clearOutBuf(); } virtual void init(const Context &context, bool encoding); protected: SecurityServer::ClientSession &clientSession(); SSCSPSession &mSession; - - // We remeber a pointer to the passed in context and assume it will + + // mOutBuf provides a holding tank for implied final() operations + // resulting from an outputSize(true, 0). This form of outputSize() + // is understood to only occur just prior to the final() call. To avoid + // an extra RPC (just to perform the outputSize(), most subclasses of + // SSContext actually perform the final() operation at this time, + // storing the result in mOutBuf. At final(), mOutBuf() is just copied + // to the caller's supplied output buffer. + CssmData mOutBuf; + + // We remember a pointer to the passed in context and assume it will // remain a valid from init(), update() all the way though the call to // final(). const Context *mContext; + + void clearOutBuf(); + void copyOutBuf(CssmData &out); }; -// SSSignContext -- Context for Sign, and GenerateMac operations -class SSSignContext : public SSContext +// context for signature (sign and verify) +class SSSignatureContext : public SSContext { public: - SSSignContext(SSCSPSession &session); + SSSignatureContext(SSCSPSession &session); + ~SSSignatureContext(); + virtual void init(const Context &context, bool signing); virtual void update(const CssmData &data); virtual size_t outputSize(bool final, size_t inSize); + + /* sign */ + void sign(CssmData &sig); virtual void final(CssmData &out); -}; - -// SSVerifyContext -- Context for Verify, and VerifyMac operations -class SSVerifyContext : public SSContext -{ -public: - SSVerifyContext(SSCSPSession &session); - virtual void update(const CssmData &data); + + /* verify */ virtual void final(const CssmData &in); + + /* for raw sign/verify - optionally called after init */ + virtual void setDigestAlgorithm(CSSM_ALGORITHMS digestAlg); + +private: + /* stash the context's key for final sign/verify */ + SecurityServer::KeyHandle mKeyHandle; + + /* alg-dependent, calculated at init time */ + CSSM_ALGORITHMS mSigAlg; // raw signature alg + CSSM_ALGORITHMS mDigestAlg; // digest + CSSM_ALGORITHMS mOrigAlg; // caller's context alg + + /* exactly one of these is used to collect updates */ + NullDigest *mNullDigest; + CssmClient::Digest *mDigest; }; // Context for GenerateRandom operations @@ -75,9 +105,9 @@ public: virtual void init(const Context &context, bool); virtual size_t outputSize(bool final, size_t inSize); virtual void final(CssmData &out); - + private: - uint32 mOutSize; + uint32 mOutSize; // spec'd in context at init() time }; // Context for Encrypt and Decrypt operations @@ -95,43 +125,44 @@ public: virtual void final(CssmData &out); private: - void freeBuffer(); - SecurityServer::KeyHandle mKeyHandle; - uint32 mCurrent; - uint32 mCapacity; - void *mBuffer; + NullDigest mNullDigest; // accumulator }; -#if 0 -// Context for key (pair) generation -class SSKeyGenContext : public SSContext +// Digest, using raw CSP +class SSDigestContext : public SSContext { public: - SSKeyGenContext(SSCSPSession &session); - - // Subclass implements generate(const Context &, CssmKey &, - // CssmKey &). That method allocates two subclass-specific - // SSKeys and calls this method. This will call down to - // generate(const Context &, SSKey &, SSKey &) - // and optionally to SSKey::generateKeyBlob. - void generate(const Context &context, - CssmKey &pubKey, - SSKey *pubBinKey, - CssmKey &privKey, - SSKey *privBinKey); + SSDigestContext(SSCSPSession &session); + ~SSDigestContext(); + virtual void init(const Context &context, bool); + virtual void update(const CssmData &data); + virtual void final(CssmData &out); + virtual size_t outputSize(bool final, size_t inSize); -protected: - // @@@ Subclasses must implement this. It cooks up a key pair. - virtual void generate(const Context &context, - SSKey &pubBinKey, // valid on successful return - SSKey &privBinKey, // ditto - uint32 &keySize); // ditto +private: + CssmClient::Digest *mDigest; +}; +// common class for MAC generate, verify +class SSMACContext : public SSContext +{ public: - void generateSymKey(const Context &context, CssmKey &outCssmKey); + SSMACContext(SSCSPSession &session); + virtual void init(const Context &context, bool); + virtual void update(const CssmData &data); + virtual size_t outputSize(bool final, size_t inSize); + + /* sign */ + void genMac(CssmData &mac); + virtual void final(CssmData &out); + /* verify */ + virtual void final(const CssmData &in); + +private: + SecurityServer::KeyHandle mKeyHandle; + NullDigest mNullDigest; // accumulator }; -#endif // 0 #endif // _H_SS_CONTEXT diff --git a/AppleCSPDL/SSDLSession.cpp b/AppleCSPDL/SSDLSession.cpp index fee09af4..fb69ba3d 100644 --- a/AppleCSPDL/SSDLSession.cpp +++ b/AppleCSPDL/SSDLSession.cpp @@ -43,7 +43,8 @@ SSDLSession::SSDLSession(CSSM_MODULE_HANDLE handle, : DLPluginSession(handle, plug, version, subserviceId, subserviceType, attachFlags, upcalls, databaseManager), mSSCSPDLSession(ssCSPDLSession), - mDL(Module(gGuidAppleFileDL, Cssm::standard())) + mDL(Module(gGuidAppleFileDL, Cssm::standard())), + mClientSession(CssmAllocator::standard(), static_cast(*this)) { // @@@ mDL.allocator(*static_cast(this)); mDL->allocator(allocator()); @@ -89,7 +90,7 @@ SSDLSession::DbDelete(const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation, const AccessCredentials *inAccessCred) { - SSDatabase db(mSSCSPDLSession.clientSession(), mDL, inDbName, inDbLocation); + SSDatabase db(mClientSession, mDL, inDbName, inDbLocation); db->accessCredentials(inAccessCred); db->deleteDb(); } @@ -104,7 +105,7 @@ SSDLSession::DbCreate(const char *inDbName, const void *inOpenParameters, CSSM_DB_HANDLE &outDbHandle) { - SSDatabase db(mSSCSPDLSession.clientSession(), mDL, inDbName, inDbLocation); + SSDatabase db(mClientSession, mDL, inDbName, inDbLocation); db->dbInfo(&inDBInfo); db->accessRequest(inAccessRequest); db->resourceControlContext(inCredAndAclEntry); @@ -124,7 +125,7 @@ SSDLSession::DbOpen(const char *inDbName, const void *inOpenParameters, CSSM_DB_HANDLE &outDbHandle) { - SSDatabase db(mSSCSPDLSession.clientSession(), mDL, inDbName, inDbLocation); + SSDatabase db(mClientSession, mDL, inDbName, inDbLocation); db->accessRequest(inAccessRequest); db->accessCredentials(inAccessCred); db->openParameters(inOpenParameters); @@ -404,10 +405,43 @@ SSDLSession::DataGetFromUniqueRecordId(CSSM_DB_HANDLE inDbHandle, { SSDatabase db = findDbHandle(inDbHandle); const SSUniqueRecord uniqueId = findSSUniqueRecord(inUniqueRecord); - CSSM_RETURN result = CSSM_DL_DataGetFromUniqueRecordId(db->handle(), uniqueId, inoutAttributes, inoutData); + + // Setup so we always retrive the attributes even if the client + // doesn't want them so we can figure out if we just retrived a key. + CSSM_DB_RECORD_ATTRIBUTE_DATA attributes; + CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR pAttributes; + if (inoutAttributes) + pAttributes = inoutAttributes; + else + { + pAttributes = &attributes; + memset(pAttributes, 0, sizeof(attributes)); + } + + CSSM_RETURN result = CSSM_DL_DataGetFromUniqueRecordId(db->handle(), + uniqueId, pAttributes, inoutData); if (result) CssmError::throwMe(result); - // @@@ If this is a key do the right thing. + + if (inoutData) + { + if (pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PUBLIC_KEY + || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PRIVATE_KEY + || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) + { + // This record is a key, do the right thing (tm). + // Allocate storage for the key. + CssmKey *outKey = allocator().alloc(); + new SSKey(*this, *outKey, db, uniqueId, pAttributes->DataRecordType, *inoutData); + + // Free the data we retrived (keyblob) + allocator().free(inoutData->Data); + + // Set the length and data on the data we return to the client + inoutData->Length = sizeof(*outKey); + inoutData->Data = reinterpret_cast(outKey); + } + } } void diff --git a/AppleCSPDL/SSDLSession.h b/AppleCSPDL/SSDLSession.h index c7143bc2..b03a44d8 100644 --- a/AppleCSPDL/SSDLSession.h +++ b/AppleCSPDL/SSDLSession.h @@ -45,6 +45,8 @@ public: SSCSPDLSession &ssCSPDLSession); ~SSDLSession(); + SecurityServer::ClientSession &clientSession() + { return mClientSession; } void GetDbNames(CSSM_NAME_LIST_PTR &NameList); void FreeNameList(CSSM_NAME_LIST &NameList); void DbDelete(const char *DbName, @@ -151,6 +153,7 @@ protected: SSUniqueRecordMap mSSUniqueRecordMap; CssmClient::DL mDL; + SecurityServer::ClientSession mClientSession; }; diff --git a/AppleCSPDL/SSFactory.cpp b/AppleCSPDL/SSFactory.cpp index 1e01a505..93f0dcaa 100644 --- a/AppleCSPDL/SSFactory.cpp +++ b/AppleCSPDL/SSFactory.cpp @@ -36,8 +36,13 @@ bool SSFactory::setup(SSCSPSession &session, CSPFullPluginSession::CSPContext * switch (context.type()) { case CSSM_ALGCLASS_SIGNATURE: + cspCtx = new SSSignatureContext(session); + return true; case CSSM_ALGCLASS_MAC: - cspCtx = encoding ? new SSSignContext(session) : new SSVerifyContext(session); + cspCtx = new SSMACContext(session); + return true; + case CSSM_ALGCLASS_DIGEST: + cspCtx = new SSDigestContext(session); return true; case CSSM_ALGCLASS_SYMMETRIC: case CSSM_ALGCLASS_ASYMMETRIC: diff --git a/AppleCSPDL/SSKey.cpp b/AppleCSPDL/SSKey.cpp index 76aa7d9f..341f39ee 100644 --- a/AppleCSPDL/SSKey.cpp +++ b/AppleCSPDL/SSKey.cpp @@ -36,7 +36,8 @@ SSKey::SSKey(SSCSPSession &session, KeyHandle keyHandle, CssmKey &ioKey, SSDatabase &inSSDatabase, uint32 inKeyAttr, const CssmData *inKeyLabel) : ReferencedKey(session.mSSCSPDLSession), -mAllocator(session), mKeyHandle(keyHandle) +mAllocator(session), mKeyHandle(keyHandle), +mClientSession(session.clientSession()) { CssmKey::Header &header = ioKey.header(); if (inKeyAttr & CSSM_KEYATTR_PERMANENT) @@ -45,7 +46,7 @@ mAllocator(session), mKeyHandle(keyHandle) CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE); // EncodeKey and store it in the db. - CssmDataContainer blob(clientSession().returnAllocator); + CssmDataContainer blob(mAllocator); clientSession().encodeKey(keyHandle, blob); assert(header.HeaderVersion == CSSM_KEYHEADER_VERSION); @@ -138,7 +139,8 @@ SSKey::SSKey(SSDLSession &session, CssmKey &ioKey, SSDatabase &inSSDatabase, CssmData &keyBlob) : ReferencedKey(session.mSSCSPDLSession), mAllocator(session.allocator()), mKeyHandle(noKey), mUniqueId(uniqueId), -mRecordType(recordType) +mRecordType(recordType), +mClientSession(session.clientSession()) { CssmKey::Header &header = ioKey.header(); memset(&header, 0, sizeof(header)); // Clear key header @@ -264,7 +266,7 @@ SSKey::free(const AccessCredentials *accessCred, CssmKey &ioKey, SecurityServer::ClientSession & SSKey::clientSession() { - return keyPool().clientSession(); + return mClientSession; } KeyHandle @@ -276,7 +278,7 @@ SSKey::keyHandle() if (!mUniqueId || !mUniqueId->database()) CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); - CssmDataContainer blob; + CssmDataContainer blob(mAllocator); mUniqueId->get(NULL, &blob); CssmKey::Header dummyHeader; // @@@ Unused mKeyHandle = @@ -307,7 +309,7 @@ SSKey::changeOwner(const AccessCredentials &accessCred, if (mUniqueId == true) { // The key is persistant, make the change on disk. - CssmDataContainer keyBlob(clientSession().returnAllocator); + CssmDataContainer keyBlob(mAllocator); clientSession().encodeKey(keyHandle(), keyBlob); mUniqueId->modify(mRecordType, NULL, &keyBlob, CSSM_DB_MODIFY_ATTRIBUTE_NONE); @@ -329,7 +331,7 @@ SSKey::changeAcl(const AccessCredentials &accessCred, const AclEdit &aclEdit) if (mUniqueId == true) { // The key is persistant, make the change on disk. - CssmDataContainer keyBlob(clientSession().returnAllocator); + CssmDataContainer keyBlob(mAllocator); clientSession().encodeKey(keyHandle(), keyBlob); mUniqueId->modify(mRecordType, NULL, &keyBlob, CSSM_DB_MODIFY_ATTRIBUTE_NONE); diff --git a/AppleCSPDL/SSKey.h b/AppleCSPDL/SSKey.h index 262e9fab..9d623aa8 100644 --- a/AppleCSPDL/SSKey.h +++ b/AppleCSPDL/SSKey.h @@ -72,6 +72,7 @@ private: SSDatabase mSSDatabase; SSUniqueRecord mUniqueId; CSSM_DB_RECORDTYPE mRecordType; + SecurityServer::ClientSession &mClientSession; }; diff --git a/AppleCSPDL/cspdl_common.mdsinfo b/AppleCSPDL/cspdl_common.mdsinfo new file mode 100644 index 00000000..a402a535 --- /dev/null +++ b/AppleCSPDL/cspdl_common.mdsinfo @@ -0,0 +1,28 @@ + + + + + BuiltIn + + CDSAVersion + 2.0 + Desc + Apple built-in CSPDL + DynamicFlag + + MdsFileDescription + Built-in CSPDL Common info + MdsFileType + PluginCommon + ModuleID + {87191ca3-0fc9-11d4-849a000502b52122} + ModuleName + AppleCSPDL + MultiThreadFlag + + ProductVersion + 1.0 + ServiceMask + CSSM_SERVICE_CSP | CSSM_SERVICE_DL + + diff --git a/AppleCSPDL/cspdl_csp_capabilities.mdsinfo b/AppleCSPDL/cspdl_csp_capabilities.mdsinfo new file mode 100644 index 00000000..0cfb82ae --- /dev/null +++ b/AppleCSPDL/cspdl_csp_capabilities.mdsinfo @@ -0,0 +1,18 @@ + + + + + Capabilities + file:csp_capabilities_common.mds + MdsFileDescription + Built-in CSPDL CSP Capabilities + MdsFileType + PluginSpecific + MdsRecordType + MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE + ModuleID + {87191ca3-0fc9-11d4-849a000502b52122} + SSID + 0 + + diff --git a/AppleCSPDL/cspdl_csp_primary.mdsinfo b/AppleCSPDL/cspdl_csp_primary.mdsinfo new file mode 100644 index 00000000..9bb65f8e --- /dev/null +++ b/AppleCSPDL/cspdl_csp_primary.mdsinfo @@ -0,0 +1,61 @@ + + + + + AclSubjectTypes + + CSSM_ACL_SUBJECT_TYPE_PASSWORD + CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD + CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY + CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE + CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT + + AuthTags + + CSSM_ACL_AUTHORIZATION_ANY + + CspCustomFlags + 0 + CspFlags + CSSM_CSP_STORES_PRIVATE_KEYS | CSSM_CSP_STORES_PUBLIC_KEYS | CSSM_CSP_STORES_SESSION_KEYS + CspType + CSSM_CSP_SOFTWARE + MdsFileDescription + Built-in CSPDL CSP Primary info + MdsFileType + PluginSpecific + MdsRecordType + MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE + ModuleID + {87191ca3-0fc9-11d4-849a000502b52122} + ModuleName + AppleCSPDL + ProductVersion + 1.0 + SSID + 0 + SampleTypes + + CSSM_SAMPLE_TYPE_PASSWORD + CSSM_SAMPLE_TYPE_HASHED_PASSWORD + CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD + CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD + CSSM_SAMPLE_TYPE_SIGNED_NONCE + CSSM_SAMPLE_TYPE_SIGNED_SECRET + CSSM_SAMPLE_TYPE_BIOMETRIC + CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC + CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC + CSSM_SAMPLE_TYPE_THRESHOLD + CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT + CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK + CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK + CSSM_SAMPLE_TYPE_PROCESS + CSSM_SAMPLE_TYPE_COMMENT + CSSM_SAMPLE_TYPE_RETRY_ID + + UseeTags + + Vendor + Apple Computer, Inc. + + diff --git a/AppleCSPDL/cspdl_dl_primary.mdsinfo b/AppleCSPDL/cspdl_dl_primary.mdsinfo new file mode 100644 index 00000000..e90fa265 --- /dev/null +++ b/AppleCSPDL/cspdl_dl_primary.mdsinfo @@ -0,0 +1,73 @@ + + + + + AclSubjectTypes + + CSSM_ACL_SUBJECT_TYPE_PASSWORD + CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD + CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY + CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE + CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT + + AuthTags + + CSSM_ACL_AUTHORIZATION_ANY + + ConjunctiveOps + + CSSM_DB_NONE + CSSM_DB_AND + CSSM_DB_OR + + DLType + CSSM_DL_FFS + MdsFileDescription + Built-in CSPDL DL Primary info + MdsFileType + PluginSpecific + MdsRecordType + MDS_CDSADIR_DL_PRIMARY_RECORDTYPE + ModuleID + {87191ca3-0fc9-11d4-849a000502b52122} + ModuleName + AppleCSPDL + ProductVersion + 1.0 + QueryLimitsFlag + 0 + RelationalOps + + CSSM_DB_EQUAL + CSSM_DB_LESS_THAN + CSSM_DB_GREATER_THAN + CSSM_DB_CONTAINS_FINAL_SUBSTRING + CSSM_DB_CONTAINS_INITIAL_SUBSTRING + CSSM_DB_CONTAINS + + + SSID + 1 + SampleTypes + + CSSM_SAMPLE_TYPE_PASSWORD + CSSM_SAMPLE_TYPE_HASHED_PASSWORD + CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD + CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD + CSSM_SAMPLE_TYPE_SIGNED_NONCE + CSSM_SAMPLE_TYPE_SIGNED_SECRET + CSSM_SAMPLE_TYPE_BIOMETRIC + CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC + CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC + CSSM_SAMPLE_TYPE_THRESHOLD + CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT + CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK + CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK + CSSM_SAMPLE_TYPE_PROCESS + CSSM_SAMPLE_TYPE_COMMENT + CSSM_SAMPLE_TYPE_RETRY_ID + + Vendor + Apple Computer, Inc. + + diff --git a/AppleDL/AppleDL.pbxproj/.cvsignore b/AppleDL/AppleDL.pbxproj/.cvsignore deleted file mode 100644 index 0857ac37..00000000 --- a/AppleDL/AppleDL.pbxproj/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -*.pbxuser diff --git a/AppleDL/AppleDL.pbxproj/project.pbxproj b/AppleDL/AppleDL.pbxproj/project.pbxproj deleted file mode 100644 index 140f280b..00000000 --- a/AppleDL/AppleDL.pbxproj/project.pbxproj +++ /dev/null @@ -1,247 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 32; - objects = { - 023E3605001F8F6B11CD283A = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\""; - }; - isa = PBXBuildStyle; - name = "Build Folder"; - }; - 0FD07C9DFE8A174411CD283A = { - buildStyles = ( - 1B60AA6DFFD84BFD11CD296C, - 1B60AA6EFFD84BFD11CD296C, - 023E3605001F8F6B11CD283A, - ); - isa = PBXProject; - mainGroup = 0FD07C9EFE8A174411CD283A; - projectDirPath = .; - targets = ( - 0FD07CA2FE8A183A11CD283A, - ); - }; - 0FD07C9EFE8A174411CD283A = { - children = ( - 0FD07CAAFE8A18AF11CD283A, - 2B8B5BBCFFF3E33011CD283A, - 0FD07CBFFE8A1A0011CD283A, - ); - isa = PBXGroup; - refType = 4; - }; - 0FD07CA2FE8A183A11CD283A = { - buildPhases = ( - 0FD07CA3FE8A183A11CD283A, - 0FD07CA4FE8A183A11CD283A, - 0FD07CA5FE8A183A11CD283A, - 0FD07CA6FE8A183A11CD283A, - 0FD07CA7FE8A183A11CD283A, - ); - buildSettings = { - DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline"; - EXPORTED_SYMBOLS_FILE = cssmplugin.exp; - FRAMEWORK_SEARCH_PATHS = ""; - HEADER_SEARCH_PATHS = ""; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security"; - LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = "-O2 -fno-inline"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined error -lstdc++"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AppleFileDL; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = bundle; - }; - conditionalBuildSettings = { - }; - dependencies = ( - ); - isa = PBXBundleTarget; - name = AppleFileDL; - productInstallPath = "\"$(SYSTEM_LIBRARY_DIR)/Security\""; - productName = AppleFileDL; - productReference = 1B60AA6CFFD84BFD11CD296C; - productSettingsXML = " - - - - CFBundleExecutable - AppleFileDL - CFBundleGetInfoString - - CFBundleIdentifier - com.apple.applefiledl - CFBundleName - AppleFileDL - CFBundlePackageType - BNDL - CFBundleShortVersionString - 1.0 - CFBundleSignature - ???? - CFBundleVersion - AppleFileDL 1.0 - - -"; - shouldUseHeadermap = 1; - }; - 0FD07CA3FE8A183A11CD283A = { - buildActionMask = 2147483647; - files = ( - 2295BBC2FEEF08A311CD28CA, - ); - isa = PBXHeadersBuildPhase; - name = Headers; - }; - 0FD07CA4FE8A183A11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; - }; - 0FD07CA5FE8A183A11CD283A = { - buildActionMask = 2147483647; - files = ( - 2295BBC3FEEF08A311CD28CA, - ); - isa = PBXSourcesBuildPhase; - name = Sources; - }; - 0FD07CA6FE8A183A11CD283A = { - buildActionMask = 2147483647; - files = ( - 2B8B5BBEFFF3E33011CD283A, - ); - isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; - }; - 0FD07CA7FE8A183A11CD283A = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; - }; - 0FD07CAAFE8A18AF11CD283A = { - children = ( - 2295BBC0FEEF08A311CD28CA, - 2295BBC1FEEF08A311CD28CA, - 1DF71D5DFF30EDAB11CD283A, - 0FD07CB3FE8A18AF11CD283A, - 0FD07CB4FE8A18AF11CD283A, - 0FD07CB5FE8A18AF11CD283A, - ); - isa = PBXGroup; - name = AppleDL; - path = ""; - refType = 4; - }; - 0FD07CB3FE8A18AF11CD283A = { - isa = PBXFileReference; - path = FORMAT; - refType = 4; - }; - 0FD07CB4FE8A18AF11CD283A = { - isa = PBXFileReference; - path = ISSUES; - refType = 4; - }; - 0FD07CB5FE8A18AF11CD283A = { - isa = PBXFileReference; - path = TODO; - refType = 4; - }; - 0FD07CBFFE8A1A0011CD283A = { - children = ( - 1B60AA6CFFD84BFD11CD296C, - ); - isa = PBXGroup; - name = Products; - path = ""; - refType = 3; - }; - 1B60AA6CFFD84BFD11CD296C = { - isa = PBXBundleReference; - path = AppleFileDL.bundle; - refType = 3; - }; - 1B60AA6DFFD84BFD11CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - }; - isa = PBXBuildStyle; - name = Development; - }; - 1B60AA6EFFD84BFD11CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = YES; - }; - isa = PBXBuildStyle; - name = Deployment; - }; - 1DF71D5DFF30EDAB11CD283A = { - isa = PBXFileReference; - path = cssmplugin.exp; - refType = 4; - }; - 2295BBC0FEEF08A311CD28CA = { - isa = PBXFileReference; - path = AppleFileDL.cpp; - refType = 4; - }; - 2295BBC1FEEF08A311CD28CA = { - isa = PBXFileReference; - path = AppleFileDL.h; - refType = 4; - }; - 2295BBC2FEEF08A311CD28CA = { - fileRef = 2295BBC1FEEF08A311CD28CA; - isa = PBXBuildFile; - settings = { - }; - }; - 2295BBC3FEEF08A311CD28CA = { - fileRef = 2295BBC0FEEF08A311CD28CA; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 2B8B5BBCFFF3E33011CD283A = { - children = ( - 2B8B5BBDFFF3E33011CD283A, - ); - isa = PBXGroup; - name = "External Frameworks"; - refType = 4; - }; - 2B8B5BBDFFF3E33011CD283A = { - isa = PBXFrameworkReference; - path = Security.framework; - refType = 3; - }; - 2B8B5BBEFFF3E33011CD283A = { - fileRef = 2B8B5BBDFFF3E33011CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - }; - rootObject = 0FD07C9DFE8A174411CD283A; -} diff --git a/AppleDL/CVSVersionInfo.txt b/AppleDL/CVSVersionInfo.txt index ac5fcb26..60b80956 100644 --- a/AppleDL/CVSVersionInfo.txt +++ b/AppleDL/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $ -# $Name: Security-30~1 $ +# $Name: $ ProjectName: AppleDL ProjectVersion: 13 diff --git a/AppleDL/dl_common.mdsinfo b/AppleDL/dl_common.mdsinfo new file mode 100644 index 00000000..8e5c7bdd --- /dev/null +++ b/AppleDL/dl_common.mdsinfo @@ -0,0 +1,28 @@ + + + + + BuiltIn + + CDSAVersion + 2.0 + Desc + Apple built-in DL + DynamicFlag + + MdsFileDescription + Built-in DL Common info + MdsFileType + PluginCommon + ModuleID + {87191ca1-0fc9-11d4-849a000502b52122} + ModuleName + AppleDL + MultiThreadFlag + + ProductVersion + 1.0 + ServiceMask + CSSM_SERVICE_DL + + diff --git a/AppleDL/dl_primary.mdsinfo b/AppleDL/dl_primary.mdsinfo new file mode 100644 index 00000000..8af187b4 --- /dev/null +++ b/AppleDL/dl_primary.mdsinfo @@ -0,0 +1,48 @@ + + + + + AclSubjectTypes + + AuthTags + + ConjunctiveOps + + CSSM_DB_NONE + CSSM_DB_AND + CSSM_DB_OR + + DLType + CSSM_DL_FFS + MdsFileDescription + Built-in DL Primary info + MdsFileType + PluginSpecific + MdsRecordType + MDS_CDSADIR_DL_PRIMARY_RECORDTYPE + ModuleID + {87191ca1-0fc9-11d4-849a000502b52122} + ModuleName + AppleDL + ProductVersion + 1.0 + QueryLimitsFlag + 0 + RelationalOps + + CSSM_DB_EQUAL + CSSM_DB_LESS_THAN + CSSM_DB_GREATER_THAN + CSSM_DB_NOT_EQUAL + CSSM_DB_CONTAINS + CSSM_DB_CONTAINS_INITIAL_SUBSTRING + CSSM_DB_CONTAINS_FINAL_SUBSTRING + + SSID + 0 + SampleTypes + + Vendor + Apple Computer, Inc. + + diff --git a/AppleX509CL/AppleX509CL.pbproj/project.pbxproj b/AppleX509CL/AppleX509CL.pbproj/project.pbxproj deleted file mode 100644 index 533513ed..00000000 --- a/AppleX509CL/AppleX509CL.pbproj/project.pbxproj +++ /dev/null @@ -1,531 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 32; - objects = { - 00EDCDFCFF682165D0A17CE7 = { - isa = PBXFileReference; - path = CertExtensions.cpp; - refType = 4; - }; - 00EDCDFDFF682166D0A17CE7 = { - fileRef = 00EDCDFCFF682165D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00EDCDFEFF685DECD0A17CE7 = { - isa = PBXFileReference; - path = CertExtensions.h; - refType = 4; - }; - 00EDCDFFFF685DECD0A17CE7 = { - fileRef = 00EDCDFEFF685DECD0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 0145E217FFEECAE67F000001 = { - isa = PBXFileReference; - path = CSPAttacher.h; - refType = 4; - }; - 0145E218FFEECAE67F000001 = { - fileRef = 0145E217FFEECAE67F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0145E219FFEECB7D7F000001 = { - isa = PBXFileReference; - path = CSPAttacher.cpp; - refType = 4; - }; - 0145E21AFFEECB7D7F000001 = { - fileRef = 0145E219FFEECB7D7F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 01B9A482FF51F881D0A17CE7 = { - isa = PBXFileReference; - path = CertBuilder.cpp; - refType = 4; - }; - 01B9A483FF51F881D0A17CE7 = { - isa = PBXFileReference; - path = CertBuilder.h; - refType = 4; - }; - 01B9A484FF51F882D0A17CE7 = { - fileRef = 01B9A483FF51F881D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 01B9A485FF51F882D0A17CE7 = { - fileRef = 01B9A482FF51F881D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 023E3604001F8F3611CD283A = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\""; - }; - isa = PBXBuildStyle; - name = "Build Folder"; - }; - 026EACE1FF4315CCD0A17CE7 = { - buildStyles = ( - 1C9129D5FFD8583A11CD296C, - 1C9129D6FFD8583A11CD296C, - 023E3604001F8F3611CD283A, - ); - isa = PBXProject; - mainGroup = 026EACE2FF4315CCD0A17CE7; - productRefGroup = 026EACE3FF431640D0A17CE7; - projectDirPath = .; - targets = ( - 026EACE7FF431640D0A17CE7, - ); - }; - 026EACE2FF4315CCD0A17CE7 = { - children = ( - 026EACEDFF431781D0A17CE7, - 026EACEEFF431781D0A17CE7, - 01B9A482FF51F881D0A17CE7, - 01B9A483FF51F881D0A17CE7, - 00EDCDFCFF682165D0A17CE7, - 00EDCDFEFF685DECD0A17CE7, - 04CBC2A4FF487123D0A17CE7, - 0A8DEDB2FF48916BD0A17CE7, - 0A8DEDB0FF488BFED0A17CE7, - 0145E219FFEECB7D7F000001, - 0145E217FFEECAE67F000001, - 08D5DEBCFF52F2F3D0A17CE7, - 08D5DEBEFF52F335D0A17CE7, - 0A8DEDBAFF49C621D0A17CE7, - 0A8DEDBBFF49C621D0A17CE7, - 0A8DEDB6FF499ACAD0A17CE7, - 23C0B750FF4C5F61D0A17CE7, - 23C0B751FF4C5F61D0A17CE7, - 026EACFFFF43462AD0A17CE7, - 026EAD00FF43462AD0A17CE7, - 23715C3DFF4C5A26D0A17CE7, - 23C0B758FF4C6EA0D0A17CE7, - 23C0B759FF4C6EA0D0A17CE7, - 026EACFDFF431F36D0A17CE7, - 35D41EC6FFF3E85F11CD283A, - 026EACE3FF431640D0A17CE7, - ); - isa = PBXGroup; - refType = 4; - }; - 026EACE3FF431640D0A17CE7 = { - children = ( - 1C9129D4FFD8583A11CD296C, - ); - isa = PBXGroup; - name = Products; - refType = 4; - }; - 026EACE7FF431640D0A17CE7 = { - buildPhases = ( - 026EACE8FF431640D0A17CE7, - 026EACE9FF431640D0A17CE7, - 026EACEAFF431640D0A17CE7, - 026EACEBFF431640D0A17CE7, - 026EACECFF431640D0A17CE7, - ); - buildSettings = { - DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline"; - EXPORTED_SYMBOLS_FILE = cssmplugin.exp; - FRAMEWORK_SEARCH_PATHS = ""; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security"; - OPTIMIZATION_CFLAGS = "-O1"; - OTHER_CFLAGS = "-DVDADER_RULES"; - OTHER_LDFLAGS = "-bundle -undefined error -lstdc++"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AppleX509CL; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-format -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = bundle; - }; - conditionalBuildSettings = { - }; - dependencies = ( - ); - isa = PBXBundleTarget; - name = AppleX509CL; - productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Security"; - productName = AppleX509CL; - productReference = 1C9129D4FFD8583A11CD296C; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - AppleX509CL - CFBundleGetInfoString - - CFBundleIconFile - - CFBundleIdentifier - com.apple.applex509cl - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - AppleX509CL - CFBundlePackageType - BNDL - CFBundleShortVersionString - 1.0 - CFBundleSignature - ???? - CFBundleVersion - AppleX509CL 1.0 - - -"; - shouldUseHeadermap = 1; - }; - 026EACE8FF431640D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 026EACF5FF431781D0A17CE7, - 0A8DEDB1FF488BFED0A17CE7, - 0A8DEDB7FF499ACAD0A17CE7, - 0A8DEDBCFF49C621D0A17CE7, - 23C0B752FF4C5F61D0A17CE7, - 23C0B75AFF4C6EA0D0A17CE7, - 01B9A484FF51F882D0A17CE7, - 08D5DEBFFF52F335D0A17CE7, - 00EDCDFFFF685DECD0A17CE7, - 0145E218FFEECAE67F000001, - ); - isa = PBXHeadersBuildPhase; - name = Headers; - }; - 026EACE9FF431640D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; - }; - 026EACEAFF431640D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 026EACF7FF431781D0A17CE7, - 026EACFEFF431F36D0A17CE7, - 026EAD01FF43462AD0A17CE7, - 026EAD02FF43462AD0A17CE7, - 04CBC2A5FF487123D0A17CE7, - 0A8DEDB3FF48916BD0A17CE7, - 0A8DEDBDFF49C621D0A17CE7, - 23715C3EFF4C5A26D0A17CE7, - 23C0B753FF4C5F61D0A17CE7, - 23C0B75BFF4C6EA0D0A17CE7, - 01B9A485FF51F882D0A17CE7, - 08D5DEBDFF52F2F3D0A17CE7, - 00EDCDFDFF682166D0A17CE7, - 0145E21AFFEECB7D7F000001, - ); - isa = PBXSourcesBuildPhase; - name = Sources; - }; - 026EACEBFF431640D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 35D41EC8FFF3E85F11CD283A, - ); - isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; - }; - 026EACECFF431640D0A17CE7 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; - }; - 026EACEDFF431781D0A17CE7 = { - isa = PBXFileReference; - path = AppleX509CL.cpp; - refType = 4; - }; - 026EACEEFF431781D0A17CE7 = { - isa = PBXFileReference; - path = AppleX509CL.h; - refType = 4; - }; - 026EACF5FF431781D0A17CE7 = { - fileRef = 026EACEEFF431781D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 026EACF7FF431781D0A17CE7 = { - fileRef = 026EACEDFF431781D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 026EACFDFF431F36D0A17CE7 = { - isa = PBXFileReference; - path = cssmplugin.exp; - refType = 4; - }; - 026EACFEFF431F36D0A17CE7 = { - fileRef = 026EACFDFF431F36D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 026EACFFFF43462AD0A17CE7 = { - isa = PBXFileReference; - path = Session_Cert.cpp; - refType = 4; - }; - 026EAD00FF43462AD0A17CE7 = { - isa = PBXFileReference; - path = Session_CRL.cpp; - refType = 4; - }; - 026EAD01FF43462AD0A17CE7 = { - fileRef = 026EACFFFF43462AD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 026EAD02FF43462AD0A17CE7 = { - fileRef = 026EAD00FF43462AD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 04CBC2A4FF487123D0A17CE7 = { - isa = PBXFileReference; - path = CertFields.cpp; - refType = 4; - }; - 04CBC2A5FF487123D0A17CE7 = { - fileRef = 04CBC2A4FF487123D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 08D5DEBCFF52F2F3D0A17CE7 = { - isa = PBXFileReference; - path = DecodedCert.cpp; - refType = 4; - }; - 08D5DEBDFF52F2F3D0A17CE7 = { - fileRef = 08D5DEBCFF52F2F3D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 08D5DEBEFF52F335D0A17CE7 = { - isa = PBXFileReference; - path = DecodedCert.h; - refType = 4; - }; - 08D5DEBFFF52F335D0A17CE7 = { - fileRef = 08D5DEBEFF52F335D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 0A8DEDB0FF488BFED0A17CE7 = { - isa = PBXFileReference; - path = CLCachedEntry.h; - refType = 4; - }; - 0A8DEDB1FF488BFED0A17CE7 = { - fileRef = 0A8DEDB0FF488BFED0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 0A8DEDB2FF48916BD0A17CE7 = { - isa = PBXFileReference; - path = CLCachedEntry.cpp; - refType = 4; - }; - 0A8DEDB3FF48916BD0A17CE7 = { - fileRef = 0A8DEDB2FF48916BD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0A8DEDB6FF499ACAD0A17CE7 = { - isa = PBXFileReference; - path = LockedMap.h; - refType = 4; - }; - 0A8DEDB7FF499ACAD0A17CE7 = { - fileRef = 0A8DEDB6FF499ACAD0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 0A8DEDBAFF49C621D0A17CE7 = { - isa = PBXFileReference; - path = debugging.c; - refType = 4; - }; - 0A8DEDBBFF49C621D0A17CE7 = { - isa = PBXFileReference; - path = debugging.h; - refType = 4; - }; - 0A8DEDBCFF49C621D0A17CE7 = { - fileRef = 0A8DEDBBFF49C621D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 0A8DEDBDFF49C621D0A17CE7 = { - fileRef = 0A8DEDBAFF49C621D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 1C9129D4FFD8583A11CD296C = { - isa = PBXBundleReference; - path = AppleX509CL.bundle; - refType = 3; - }; - 1C9129D5FFD8583A11CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - }; - isa = PBXBuildStyle; - name = Development; - }; - 1C9129D6FFD8583A11CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = YES; - }; - isa = PBXBuildStyle; - name = Deployment; - }; - 23715C3DFF4C5A26D0A17CE7 = { - isa = PBXFileReference; - path = Session_Crypto.cpp; - refType = 4; - }; - 23715C3EFF4C5A26D0A17CE7 = { - fileRef = 23715C3DFF4C5A26D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 23C0B750FF4C5F61D0A17CE7 = { - isa = PBXFileReference; - path = Session.h; - refType = 4; - }; - 23C0B751FF4C5F61D0A17CE7 = { - isa = PBXFileReference; - path = Session.cpp; - refType = 4; - }; - 23C0B752FF4C5F61D0A17CE7 = { - fileRef = 23C0B750FF4C5F61D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 23C0B753FF4C5F61D0A17CE7 = { - fileRef = 23C0B751FF4C5F61D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 23C0B758FF4C6EA0D0A17CE7 = { - isa = PBXFileReference; - path = SnaccUtils.cpp; - refType = 4; - }; - 23C0B759FF4C6EA0D0A17CE7 = { - isa = PBXFileReference; - path = SnaccUtils.h; - refType = 4; - }; - 23C0B75AFF4C6EA0D0A17CE7 = { - fileRef = 23C0B759FF4C6EA0D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 23C0B75BFF4C6EA0D0A17CE7 = { - fileRef = 23C0B758FF4C6EA0D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 35D41EC6FFF3E85F11CD283A = { - children = ( - 35D41EC7FFF3E85F11CD283A, - ); - isa = PBXGroup; - name = "External Frameworks"; - path = ../Projects/SecurityX/AppleX509CL; - refType = 3; - }; - 35D41EC7FFF3E85F11CD283A = { - isa = PBXFrameworkReference; - path = Security.framework; - refType = 3; - }; - 35D41EC8FFF3E85F11CD283A = { - fileRef = 35D41EC7FFF3E85F11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - }; - rootObject = 026EACE1FF4315CCD0A17CE7; -} diff --git a/AppleX509CL/AppleX509CLSession.h b/AppleX509CL/AppleX509CLSession.h index c15e3795..489e82aa 100644 --- a/AppleX509CL/AppleX509CLSession.h +++ b/AppleX509CL/AppleX509CLSession.h @@ -27,6 +27,7 @@ #include "DecodedCert.h" #include "LockedMap.h" #include +#include class AppleX509CLSession : public CLPluginSession { @@ -296,8 +297,16 @@ private: void verifyData( CSSM_CC_HANDLE ccHand, const CssmData &tbs, - const CssmData &sig); - + const CssmData &sig); + + /* routines in Session_CSR.cpp */ + void generateCsr( + CSSM_CC_HANDLE CCHandle, + const CSSM_APPLE_CL_CSR_REQUEST *csrReq, + CSSM_DATA_PTR &csrPtr); + void verifyCsr( + const CSSM_DATA *csrPtr); + /* * Maps of cached certs, CRLs, and active queries * This one holds cached certs and CRLs. diff --git a/AppleX509CL/CLCertExtensions.cpp b/AppleX509CL/CLCertExtensions.cpp index dcad8447..416574ba 100644 --- a/AppleX509CL/CLCertExtensions.cpp +++ b/AppleX509CL/CLCertExtensions.cpp @@ -805,7 +805,7 @@ bool getFieldAuthorityKeyId( if(snaccObj->authorityCertIssuer != NULL) { /* GeneralNames, the hard one */ cdsaObj->generalNamesPresent = CSSM_TRUE; - cdsaObj->generalNames = (CE_GeneralNames *)alloc.malloc(sizeof(CE_GeneralName)); + cdsaObj->generalNames = (CE_GeneralNames *)alloc.malloc(sizeof(CE_GeneralNames)); CL_snaccGeneralNamesToCdsa(*snaccObj->authorityCertIssuer, *cdsaObj->generalNames, alloc); @@ -833,6 +833,7 @@ static void freeFieldGeneralNames( } if(cdsaObj->numNames) { memset(cdsaObj->generalName, 0, cdsaObj->numNames * sizeof(CE_GeneralName)); + alloc.free(cdsaObj->generalName); } memset(cdsaObj, 0, sizeof(CE_GeneralNames)); } @@ -845,6 +846,7 @@ void freeFieldAuthorityKeyId ( CE_AuthorityKeyID *cdsaObj = (CE_AuthorityKeyID *)cssmExt->value.parsedValue; alloc.free(cdsaObj->keyIdentifier.Data); freeFieldGeneralNames(cdsaObj->generalNames, alloc); + alloc.free(cdsaObj->generalNames); alloc.free(cdsaObj->serialNumber.Data); memset(cdsaObj, 0, sizeof(CE_AuthorityKeyID)); freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue diff --git a/AppleX509CL/CVSVersionInfo.txt b/AppleX509CL/CVSVersionInfo.txt index 1cf34734..2f45cd47 100644 --- a/AppleX509CL/CVSVersionInfo.txt +++ b/AppleX509CL/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $ -# $Name: Security-30~1 $ +# $Name: $ ProjectName: AppleX509CL ProjectVersion: 3 diff --git a/AppleX509CL/CertBuilder.cpp b/AppleX509CL/CertBuilder.cpp index 4a3a093a..3842f4af 100644 --- a/AppleX509CL/CertBuilder.cpp +++ b/AppleX509CL/CertBuilder.cpp @@ -27,6 +27,7 @@ #include "CertBuilder.h" #include #include +#include "cldebugging.h" #define BUF_ENC_EXTRA 64 @@ -106,8 +107,14 @@ void NameBuilder::addATDV( abuf.Init(buf, bufLen); abuf.ResetInWriteRvsMode(); AsnLen bytesEnc; + #if SNACC_ENABLE_PDU dirStr.BEncPdu(abuf, bytesEnc); - if(bytesEnc > bufLen) { + if(bytesEnc > bufLen) + #else + bytesEnc = dirStr.BEnc(abuf); + if(abuf.WriteError() || (bytesEnc > bufLen)) + #endif /* SNACC_ENABLE_PDU */ + { #ifndef NDEBUG printf("Whoops! Buffer overflow\n"); #endif @@ -119,6 +126,56 @@ void NameBuilder::addATDV( free(buf); } +void NameBuilder::addX509Name ( + const CSSM_X509_NAME *x509Name) +{ + /* + * The main job here is extracting attr/value pairs in CSSM format + * from x509Name, and converting them into arguments for addATDV. + * Note that we're taking the default for primaryDistinguished, + * because the CDSA CSSM_X509_TYPE_VALUE_PAIR struct doesn't allow for + * it. + */ + for(unsigned rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { + CSSM_X509_RDN_PTR rdn = &x509Name->RelativeDistinguishedName[rdnDex]; + if(rdn->numberOfPairs != 1) { + errorLog0("setField_RDN: only one a/v pair per RDN supported\n"); + CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); + } + + CSSM_X509_TYPE_VALUE_PAIR_PTR atv = rdn->AttributeTypeAndValue; + AsnOid oid; + oid.Set(reinterpret_cast(atv->type.Data), atv->type.Length); + + DirectoryString::ChoiceIdEnum stringType; + switch(atv->valueType) { + case BER_TAG_T61_STRING: + stringType = DirectoryString::teletexStringCid; + break; + case BER_TAG_PRINTABLE_STRING: + stringType = DirectoryString::printableStringCid; + break; + case BER_TAG_PKIX_UNIVERSAL_STRING: + stringType = DirectoryString::universalStringCid; + break; + case BER_TAG_PKIX_BMP_STRING: + stringType = DirectoryString::bmpStringCid; + break; + case BER_TAG_PKIX_UTF8_STRING: + stringType = DirectoryString::utf8StringCid; + break; + default: + errorLog1("setField_RDN: illegal tag(%d)\n", atv->valueType); + CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); + } + addATDV(oid, + reinterpret_cast(atv->value.Data), + atv->value.Length, + stringType); + } +} + + /* * Custom AsnOid, used for converting CssmOid to AsnOid. The Snacc class * declaration doesn't provide a means to construct from, or set by, diff --git a/AppleX509CL/CertBuilder.h b/AppleX509CL/CertBuilder.h index 4f67c434..e65eb48d 100644 --- a/AppleX509CL/CertBuilder.h +++ b/AppleX509CL/CertBuilder.h @@ -63,6 +63,9 @@ public: DirectoryString::ChoiceIdEnum stringType, // printableStringCid, etc. // from sm_x520sa bool primaryDistinguished = true); + + void addX509Name ( + const CSSM_X509_NAME *x509Name); }; diff --git a/AppleX509CL/CertFields.cpp b/AppleX509CL/CertFields.cpp index 63fb159b..5d3f6227 100644 --- a/AppleX509CL/CertFields.cpp +++ b/AppleX509CL/CertFields.cpp @@ -268,17 +268,16 @@ static bool getField_RDN ( AsnTag tag; AsnLen elmtLen; ENV_TYPE env; - int val; char *valData; int valLength; DirectoryString *dirStr = NULL; buf.InstallData(cbuf->Access(), len); - if ((val = setjmp (env)) == 0) { + try { tag = BDecTag (buf, len, env); elmtLen = BDecLen (buf, len, env); } - else { + catch(...) { errorLog0("getField_RDN: malformed DirectoryString (1)\n"); /* FIXME - throw? Discard the whole cert? What? */ rdn->GoNext(); @@ -300,10 +299,10 @@ static bool getField_RDN ( /* from sm_x520sa.h */ AsnLen dec; dirStr = new DirectoryString; - if((val = setjmp (env)) == 0) { + try { dirStr->BDecContent(buf, tag, elmtLen, dec, env); } - else { + catch(...) { errorLog0("getField_RDN: malformed DirectoryString (1)\n"); /* FIXME - throw? Discard the whole cert? What? */ rdn->GoNext(); @@ -357,58 +356,6 @@ static bool getField_RDN ( return true; } -static void setField_RDN ( - NameBuilder &name, - const CssmData &fieldValue) -{ - /* - * The main job here is extracting attr/value pairs in CSSM format - * from fieldData, and converting them into arguments for NameBuilder.addATDV. - * Note that we're taking the default for primaryDistinguished, - * because the CDSA CSSM_X509_TYPE_VALUE_PAIR struct doesn't allow for - * it. - */ - CSSM_X509_NAME_PTR x509Name = (CSSM_X509_NAME_PTR)fieldValue.data(); - for(unsigned rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - CSSM_X509_RDN_PTR rdn = &x509Name->RelativeDistinguishedName[rdnDex]; - if(rdn->numberOfPairs != 1) { - errorLog0("setField_RDN: only one a/v pair per RDN supported\n"); - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - - CSSM_X509_TYPE_VALUE_PAIR_PTR atv = rdn->AttributeTypeAndValue; - AsnOid oid; - oid.Set(reinterpret_cast(atv->type.Data), atv->type.Length); - - DirectoryString::ChoiceIdEnum stringType; - switch(atv->valueType) { - case BER_TAG_T61_STRING: - stringType = DirectoryString::teletexStringCid; - break; - case BER_TAG_PRINTABLE_STRING: - stringType = DirectoryString::printableStringCid; - break; - case BER_TAG_PKIX_UNIVERSAL_STRING: - stringType = DirectoryString::universalStringCid; - break; - case BER_TAG_PKIX_BMP_STRING: - stringType = DirectoryString::bmpStringCid; - break; - case BER_TAG_PKIX_UTF8_STRING: - stringType = DirectoryString::utf8StringCid; - break; - default: - errorLog1("setField_RDN: illegal tag(%d)\n", atv->valueType); - CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER); - } - name.addATDV(oid, - reinterpret_cast(atv->value.Data), - atv->value.Length, - stringType); - - } -} - /* common for issuer and subject */ static void freeField_RDN ( CssmOwnedData &fieldValue) @@ -468,7 +415,8 @@ static void setField_Issuer ( "IssuerName"); NameBuilder *issuer = new NameBuilder; cert.certificateToSign->issuer = issuer; - setField_RDN(*issuer, fieldValue); + const CSSM_X509_NAME *x509Name = (const CSSM_X509_NAME *)fieldValue.Data; + issuer->addX509Name(x509Name); } /*** subject ***/ @@ -500,7 +448,8 @@ static void setField_Subject ( "SubjectName"); NameBuilder *subject = new NameBuilder; cert.certificateToSign->subject = subject; - setField_RDN(*subject, fieldValue); + const CSSM_X509_NAME *x509Name = (const CSSM_X509_NAME *)fieldValue.Data; + subject->addX509Name(x509Name); } /*** @@ -918,7 +867,7 @@ static void setField_PublicKeyInfo ( /* actual public key blob - AsnBits */ snaccKeyInfo->subjectPublicKey.Set(reinterpret_cast (cssmKeyInfo->subjectPublicKey.Data), - cssmKeyInfo->subjectPublicKey.Length); + cssmKeyInfo->subjectPublicKey.Length * 8); } static void freeField_PublicKeyInfo ( @@ -979,7 +928,10 @@ static void setField_PublicKeyStruct ( /* actual public key blob - AsnBits */ /*** - *** TBD FIXME if this key is a ref key, null wrap it to a raw key + *** Note: ideally we'd like to just convert an incoming ref key to a raw + *** key here if necessary, but this occurs during CertCreateTemplate, + *** when we don't have a CSP handle. This conversion is the caller's + *** responsibility. ***/ if(cssmKey->KeyHeader.BlobType != CSSM_KEYBLOB_RAW) { errorLog0("CL SetField: must specify RAW key blob\n"); @@ -993,7 +945,7 @@ static void freeField_PublicKeyStruct ( CssmOwnedData &fieldValue) { CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR)fieldValue.data(); - DecodedCert::freeCSSMKey(cssmKey, fieldValue.allocator, false); + CL_freeCSSMKey(cssmKey, fieldValue.allocator, false); } /*** @@ -1210,7 +1162,7 @@ void DecodedCert::getAllParsedCertFields( { /* this is the max - some might be missing */ uint32 maxFields = NUM_STD_CERT_FIELDS + mNumExtensions; - CSSM_FIELD_PTR outFields = (CSSM_FIELD_PTR)malloc(maxFields * sizeof(CSSM_FIELD)); + CSSM_FIELD_PTR outFields = (CSSM_FIELD_PTR)alloc.malloc(maxFields * sizeof(CSSM_FIELD)); /* * We'll be copying oids and values for fields we find into diff --git a/AppleX509CL/DecodedCert.cpp b/AppleX509CL/DecodedCert.cpp index 1ec61db7..a9ea1f88 100644 --- a/AppleX509CL/DecodedCert.cpp +++ b/AppleX509CL/DecodedCert.cpp @@ -34,7 +34,7 @@ DecodedCert::DecodedCert( AppleX509CLSession &session) - : alloc(CssmAllocator::standard()), + : alloc(session), mSession(session) { certificateToSign = new CertificateToSign; @@ -45,7 +45,7 @@ DecodedCert::DecodedCert( DecodedCert::DecodedCert( AppleX509CLSession &session, const CssmData &encodedCert) - : alloc(CssmAllocator::standard()), + : alloc(session), mSession(session) { reset(); @@ -200,84 +200,6 @@ CSSM_KEY_PTR DecodedCert::extractCSSMKey( (snaccKeyInfo->algorithm == NULL)) { CssmError::throwMe(CSSMERR_CL_NO_FIELD_VALUES); } - CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR) alloc.malloc(sizeof(CSSM_KEY)); - memset(cssmKey, 0, sizeof(CSSM_KEY)); - CSSM_KEYHEADER &hdr = cssmKey->KeyHeader; - CssmRemoteData keyData(alloc, cssmKey->KeyData); - try { - hdr.HeaderVersion = CSSM_KEYHEADER_VERSION; - /* CspId blank */ - hdr.BlobType = CSSM_KEYBLOB_RAW; - hdr.AlgorithmId = CL_snaccOidToCssmAlg(snaccKeyInfo->algorithm->algorithm); - - /* - * Format inferred from AlgorithmId. I have never seen these defined - * anywhere, e.g., whart's the format of an RSA public key in a cert? - * X509 certainly doesn't say. However. the following two cases are known - * to be correct. - */ - switch(hdr.AlgorithmId) { - case CSSM_ALGID_RSA: - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - break; - case CSSM_ALGID_DSA: - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - break; - case CSSM_ALGID_FEE: - /* CSSM_KEYBLOB_RAW_FORMAT_NONE --> DER encoded */ - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE; - break; - default: - /* punt */ - hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE; - } - hdr.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; - - /* KeyUsage inferred from extensions */ - hdr.KeyUsage = inferKeyUsage(); - - /* start/end date unknown, leave zero */ - hdr.WrapAlgorithmId = CSSM_ALGID_NONE; - hdr.WrapMode = CSSM_ALGMODE_NONE; - - /* - * subjectPublicKeyInfo.subjectPublicKey (AsnBits) ==> KeyData - */ - SC_asnBitsToCssmData(snaccKeyInfo->subjectPublicKey, keyData); - keyData.release(); - - /* - * LogicalKeySizeInBits - ask the CSP - */ - CSSM_CSP_HANDLE cspHand = getGlobalCspHand(true); - CSSM_KEY_SIZE keySize; - CSSM_RETURN crtn; - crtn = CSSM_QueryKeySizeInBits(cspHand, NULL, cssmKey, &keySize); - if(crtn) { - CssmError::throwMe(crtn); - } - cssmKey->KeyHeader.LogicalKeySizeInBits = - keySize.LogicalKeySizeInBits; - } - catch (...) { - alloc.free(cssmKey); - throw; - } - return cssmKey; -} - -void DecodedCert::freeCSSMKey( - CSSM_KEY_PTR cssmKey, - CssmAllocator &alloc, - bool freeTop) -{ - if(cssmKey == NULL) { - return; - } - alloc.free(cssmKey->KeyData.Data); - memset(cssmKey, 0, sizeof(CSSM_KEY)); - if(freeTop) { - alloc.free(cssmKey); - } + return CL_extractCSSMKey(*snaccKeyInfo, alloc, this); } diff --git a/AppleX509CL/DecodedCert.h b/AppleX509CL/DecodedCert.h index 7296829b..0afd60c9 100644 --- a/AppleX509CL/DecodedCert.h +++ b/AppleX509CL/DecodedCert.h @@ -165,11 +165,7 @@ public: CSSM_KEY_PTR extractCSSMKey( CssmAllocator &alloc) const; - static void freeCSSMKey( - CSSM_KEY_PTR cssmKey, - CssmAllocator &alloc, - bool freeTop = true); // delete the actual key - // as well as contents + CSSM_KEYUSE inferKeyUsage() const; private: @@ -183,8 +179,6 @@ private: /* encode mExtensions ==> tbs->Extensions */ void encodeExtensions(); - CSSM_KEYUSE inferKeyUsage() const; - /* called from decodeExtensions and setField* */ void addExtension( AsnType *snaccThing, // e.g. KeyUsage diff --git a/AppleX509CL/LockedMap.h b/AppleX509CL/LockedMap.h index 2a7a1c06..8388c40d 100644 --- a/AppleX509CL/LockedMap.h +++ b/AppleX509CL/LockedMap.h @@ -42,7 +42,7 @@ private: *lookupEntryLocked(KeyType key) { // don't create new entry if desired entry isn't there - MapType::iterator it = mMap.find(key); + typename MapType::iterator it = mMap.find(key); if(it == mMap.end()) { return NULL; } @@ -80,7 +80,7 @@ public: *removeFirstEntry() { StLock _(mMapLock); - MapType::iterator it = mMap.begin(); + typename MapType::iterator it = mMap.begin(); if(it == mMap.end()) { return NULL; } diff --git a/AppleX509CL/Session_CSR.cpp b/AppleX509CL/Session_CSR.cpp new file mode 100644 index 00000000..b61c1c0e --- /dev/null +++ b/AppleX509CL/Session_CSR.cpp @@ -0,0 +1,198 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +// +// Session_CSP.cpp - CSR-related session functions. +// + +#include "AppleX509CLSession.h" +#include "DecodedCert.h" +#include "SnaccUtils.h" +#include "cldebugging.h" +#include "CSPAttacher.h" +#include "CertBuilder.h" +#include +#include +#include +#include +#include + +/* + * Generate a DER-encoded CSR. + */ +void AppleX509CLSession::generateCsr( + CSSM_CC_HANDLE CCHandle, + const CSSM_APPLE_CL_CSR_REQUEST *csrReq, + CSSM_DATA_PTR &csrPtr) +{ + /* + * We use the full CertificationRequest here; we encode the + * CertificationRequestInfo component separately to calculate + * its signature, then we encode the whole CertificationRequest + * after dropping in the signature and SignatureAlgorithmIdentifier. + * + * CertificationRequestInfo, CertificationRequest from pkcs10 + */ + CertificationRequest certReq; + CertificationRequestInfo *reqInfo = new CertificationRequestInfo; + certReq.certificationRequestInfo = reqInfo; + + /* + * Step 1: convert CSSM_APPLE_CL_CSR_REQUEST to CertificationRequestInfo. + */ + reqInfo->version.Set(0); + + /* subject Name */ + NameBuilder *subject = new NameBuilder; + reqInfo->subject = subject; + subject->addX509Name(csrReq->subjectNameX509); + + /* SubjectPublicKeyInfo, AlgorithmIdentifier from sm_x509af */ + SubjectPublicKeyInfo *snaccKeyInfo = new SubjectPublicKeyInfo; + reqInfo->subjectPublicKeyInfo = snaccKeyInfo; + AlgorithmIdentifier *snaccAlgId = new AlgorithmIdentifier; + snaccKeyInfo->algorithm = snaccAlgId; + CL_cssmAlgToSnaccOid(csrReq->subjectPublicKey->KeyHeader.AlgorithmId, + snaccAlgId->algorithm); + /* FIXME - for now assume NULL alg params */ + CL_nullAlgParams(*snaccAlgId); + + /* actual public key blob - AsnBits */ + snaccKeyInfo->subjectPublicKey.Set(reinterpret_cast + (csrReq->subjectPublicKey->KeyData.Data), + csrReq->subjectPublicKey->KeyData.Length * 8); + + /* attributes - see sm_x501if - we support one, CSSMOID_ChallengePassword, + * as a printable string */ + if(csrReq->challengeString) { + Attribute *attr = reqInfo->attributes.Append(); + /* attr->type is an OID */ + attr->type.Set(challengePassword_arc); + /* one value, spec'd as AsnAny, we have to encode first. */ + PrintableString snaccStr(csrReq->challengeString); + CssmAutoData encChallenge(*this); + SC_encodeAsnObj(snaccStr, encChallenge, + strlen(csrReq->challengeString) + 32); + /* AttributeValue is an AsnAny as far as SNACC is concerned */ + AttributeValue *av = attr->values.Append(); + CSM_Buffer *cbuf = new CSM_Buffer((char *)encChallenge.data(), + encChallenge.length()); + av->value = cbuf; + } + + /* + * Step 2: DER-encode the CertificationRequestInfo. + */ + CssmAutoData encReqInfo(*this); + SC_encodeAsnObj(*reqInfo, encReqInfo, 8 * 1024); // totally wild guess + + /* + * Step 3: sign the encoded CertificationRequestInfo. + */ + CssmAutoData sig(*this); + signData(CCHandle, encReqInfo, sig); + + /* + * Step 4: finish up CertificationRequest - signatureAlgorithm, signature + */ + certReq.signatureAlgorithm = new SignatureAlgorithmIdentifier; + certReq.signatureAlgorithm->algorithm.Set(reinterpret_cast( + csrReq->signatureOid.Data), csrReq->signatureOid.Length); + /* FIXME - for now assume NULL alg params */ + CL_nullAlgParams(*certReq.signatureAlgorithm); + certReq.signature.Set((char *)sig.data(), sig.length() * 8); + + /* + * Step 5: DER-encode the finished CertificationRequestSigned. + */ + CssmAutoData encCsr(*this); + SC_encodeAsnObj(certReq, encCsr, + encReqInfo.length() + // size of the thing we signed + sig.length() + // size of signature + 100); // sigAlgId plus encoding overhead + + /* TBD - enc64 the result, when we have this much working */ + csrPtr = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); + csrPtr->Data = (uint8 *)malloc(encCsr.length()); + csrPtr->Length = encCsr.length(); + memmove(csrPtr->Data, encCsr.data(), encCsr.length()); +} + +/* + * Verify CSR with its own public key. + */ +void AppleX509CLSession::verifyCsr( + const CSSM_DATA *csrPtr) +{ + /* + * 1. Extract the public key from the CSR. We do this by decoding + * the whole thing and getting a CSSM_KEY from the + * SubjectPublicKeyInfo. + */ + CertificationRequest certReq; + const CssmData &csrEnc = CssmData::overlay(*csrPtr); + SC_decodeAsnObj(csrEnc, certReq); + CertificationRequestInfo *certReqInfo = certReq.certificationRequestInfo; + if(certReqInfo == NULL) { + CssmError::throwMe(CSSMERR_CL_INVALID_DATA); + } + CSSM_KEY_PTR cssmKey = CL_extractCSSMKey(*certReqInfo->subjectPublicKeyInfo, + *this, // alloc + NULL); // no DecodedCert + + /* + * 2. Obtain signature algorithm and parameters. + */ + SignatureAlgorithmIdentifier *snaccAlgId = certReq.signatureAlgorithm; + if(snaccAlgId == NULL) { + CssmError::throwMe(CSSMERR_CL_INVALID_DATA); + } + CSSM_ALGORITHMS vfyAlg = CL_snaccOidToCssmAlg(snaccAlgId->algorithm); + + /* + * 3. Extract the raw bits to be verified and the signature. We + * decode the CSR as a CertificationRequestSigned for this, which + * avoids the decode of the CertificationRequestInfo. + */ + CertificationRequestSigned certReqSigned; + SC_decodeAsnObj(csrEnc, certReqSigned); + + CSM_Buffer *cbuf = certReqSigned.certificationRequestInfo.value; + char *cbufData = const_cast(cbuf->Access()); + CssmData toVerify(cbufData, cbuf->Length()); + AsnBits sigBits = certReqSigned.signature; + size_t sigBytes = (sigBits.BitLen() + 7) / 8; + CssmData sig(const_cast(sigBits.BitOcts()), sigBytes); + + /* + * 4. Attach to CSP, cook up signature context, verify signature. + */ + CSSM_CSP_HANDLE cspHand = getGlobalCspHand(true); + CSSM_RETURN crtn; + CSSM_CC_HANDLE ccHand; + crtn = CSSM_CSP_CreateSignatureContext(cspHand, + vfyAlg, + NULL, // Access Creds + cssmKey, + &ccHand); + if(crtn) { + CssmError::throwMe(crtn); + } + verifyData(ccHand, toVerify, sig); + CL_freeCSSMKey(cssmKey, *this); +} diff --git a/AppleX509CL/Session_Cert.cpp b/AppleX509CL/Session_Cert.cpp index 39bbb6ef..4d90b15e 100644 --- a/AppleX509CL/Session_Cert.cpp +++ b/AppleX509CL/Session_Cert.cpp @@ -344,5 +344,51 @@ AppleX509CLSession::PassThrough( const void *InputParams, void **OutputParams) { - unimplemented(); + switch(PassThroughId) { + case CSSM_APPLEX509CL_OBTAIN_CSR: + { + /* + * Create a Cert Signing Request (CSR). + * Input is a CSSM_APPLE_CL_CSR_REQUEST. + * Output is a PEM-encoded CertSigningRequest (SNACC type + * CertificationRequest from pkcs10). + */ + if(InputParams == NULL) { + CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER); + } + if(OutputParams == NULL) { + CssmError::throwMe(CSSMERR_CL_INVALID_OUTPUT_POINTER); + } + CSSM_APPLE_CL_CSR_REQUEST *csrReq = + (CSSM_APPLE_CL_CSR_REQUEST *)InputParams; + if((csrReq->subjectNameX509 == NULL) || + (csrReq->signatureOid.Data == NULL) || + (csrReq->subjectPublicKey == NULL) || + (csrReq->subjectPrivateKey == NULL)) { + CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER); + } + CSSM_DATA_PTR csrPtr = NULL; + generateCsr(CCHandle, csrReq, csrPtr); + *OutputParams = csrPtr; + break; + } + case CSSM_APPLEX509CL_VERIFY_CSR: + { + /* + * Perform signature verify of a CSR. + * Input: CSSM_DATA referring to a DER-encoded CSR. + * Output: Nothing, throws CSSMERR_CL_VERIFICATION_FAILURE + * on failure. + */ + if(InputParams == NULL) { + CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER); + } + const CSSM_DATA *csrPtr = (const CSSM_DATA *)InputParams; + verifyCsr(csrPtr); + break; + } + default: + CssmError::throwMe(CSSMERR_CL_INVALID_PASSTHROUGH_ID); + } } + diff --git a/AppleX509CL/Session_Crypto.cpp b/AppleX509CL/Session_Crypto.cpp index 223e55d9..90467ecd 100644 --- a/AppleX509CL/Session_Crypto.cpp +++ b/AppleX509CL/Session_Crypto.cpp @@ -28,6 +28,7 @@ #include "SnaccUtils.h" #include "cldebugging.h" #include "CSPAttacher.h" +#include "CertBuilder.h" #include #include #include @@ -169,7 +170,7 @@ AppleX509CLSession::CertVerify( if(context != NULL) { CSSM_FreeContext(context); } - DecodedCert::freeCSSMKey(signerPubKey, *this); + CL_freeCSSMKey(signerPubKey, *this); if(ourCcHand != CSSM_INVALID_HANDLE) { CSSM_DeleteContext(ourCcHand); } @@ -178,7 +179,7 @@ AppleX509CLSession::CertVerify( if(context != NULL) { CSSM_FreeContext(context); } - DecodedCert::freeCSSMKey(signerPubKey, *this); + CL_freeCSSMKey(signerPubKey, *this); if(ourCcHand != CSSM_INVALID_HANDLE) { CSSM_DeleteContext(ourCcHand); } @@ -309,4 +310,3 @@ void AppleX509CLSession::verifyData( } } - diff --git a/AppleX509CL/SnaccUtils.cpp b/AppleX509CL/SnaccUtils.cpp index 99a7ea74..409caaf5 100644 --- a/AppleX509CL/SnaccUtils.cpp +++ b/AppleX509CL/SnaccUtils.cpp @@ -24,6 +24,7 @@ */ #include "SnaccUtils.h" +#include "CSPAttacher.h" #include "cldebugging.h" #include #include @@ -113,9 +114,8 @@ CL_certDecodeComponents( AsnLen totalLen; // including tag and ASN length char *elemStart; // ptr to start of element, including tag - int rtn; ENV_TYPE env; - if ((rtn = setjmp (env)) == 0) { + try { tag = BDecTag (buf, bytesDecoded, env); if (tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { errorLog1("CL_CertDecodeComponents: bad first-level tag (0x%x)\n", tag); @@ -186,8 +186,8 @@ CL_certDecodeComponents( * of indefinte-length data. */ } - else { - errorLog0("CL_CertDecodeComponents: longjmp during decode\n"); + catch(...) { + errorLog0("CL_CertDecodeComponents: throw during decode\n"); TBSCert.reset(); algId.reset(); rawSig.reset(); @@ -366,7 +366,7 @@ void CL_cssmAlgToSnaccOid( oid.ReSet(md2WithRSAEncryption_arc); break; case CSSM_ALGID_MD5WithRSA: - oid.ReSet(md2WithRSAEncryption_arc); + oid.ReSet(md5WithRSAEncryption_arc); break; case CSSM_ALGID_SHA1WithRSA: oid.ReSet(sha1withRSAEncryption_arc); @@ -452,6 +452,7 @@ void CL_snaccGeneralNamesToCdsa( char *src = NULL; unsigned len = 0; AsnType *toBeEncoded = NULL; + bool freeSrc = false; switch(currSnaccName->choiceId) { case GeneralName::otherNameCid: /* OTHER_NAME, AsnOid */ @@ -517,6 +518,7 @@ void CL_snaccGeneralNamesToCdsa( src = aData; len = aData.length(); aData.release(); + freeSrc = true; currCdsaName->berEncoded = CSSM_TRUE; } else { @@ -528,7 +530,9 @@ void CL_snaccGeneralNamesToCdsa( currCdsaName->name.Data = (uint8 *)alloc.malloc(len); currCdsaName->name.Length = len; memmove(currCdsaName->name.Data, src, len); - + if(freeSrc) { + alloc.free(src); + } snaccObj.GoNext(); } } @@ -699,7 +703,8 @@ void CL_normalizeString( /* upper case */ while(pCh < pEos) { - *pCh++ = toupper(*pCh); + *pCh = toupper(*pCh); + pCh++; } /* clean out whitespace */ @@ -831,4 +836,99 @@ void CL_normalizeX509Name( } /* for each RDN */ } +/* + * Obtain a CSSM_KEY from a SubjectPublicKeyInfo, inferring as much as we can + * from required fields (subjectPublicKeyInfo) and extensions (for + * KeyUse, obtained from the optional DecodedCert). + */ +CSSM_KEY_PTR CL_extractCSSMKey( + SubjectPublicKeyInfo &snaccKeyInfo, + CssmAllocator &alloc, + const DecodedCert *decodedCert) // optional +{ + CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR) alloc.malloc(sizeof(CSSM_KEY)); + memset(cssmKey, 0, sizeof(CSSM_KEY)); + CSSM_KEYHEADER &hdr = cssmKey->KeyHeader; + CssmRemoteData keyData(alloc, cssmKey->KeyData); + try { + hdr.HeaderVersion = CSSM_KEYHEADER_VERSION; + /* CspId blank */ + hdr.BlobType = CSSM_KEYBLOB_RAW; + hdr.AlgorithmId = CL_snaccOidToCssmAlg(snaccKeyInfo.algorithm->algorithm); + + /* + * Format inferred from AlgorithmId. I have never seen these defined + * anywhere, e.g., whart's the format of an RSA public key in a cert? + * X509 certainly doesn't say. However. the following two cases are known + * to be correct. + */ + switch(hdr.AlgorithmId) { + case CSSM_ALGID_RSA: + hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; + break; + case CSSM_ALGID_DSA: + hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186; + break; + case CSSM_ALGID_FEE: + /* CSSM_KEYBLOB_RAW_FORMAT_NONE --> DER encoded */ + hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE; + break; + default: + /* punt */ + hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE; + } + hdr.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; + + /* KeyUsage inferred from extensions */ + if(decodedCert) { + hdr.KeyUsage = decodedCert->inferKeyUsage(); + } + else { + hdr.KeyUsage = CSSM_KEYUSE_ANY; + } + + /* start/end date unknown, leave zero */ + hdr.WrapAlgorithmId = CSSM_ALGID_NONE; + hdr.WrapMode = CSSM_ALGMODE_NONE; + + /* + * subjectPublicKeyInfo.subjectPublicKey (AsnBits) ==> KeyData + */ + SC_asnBitsToCssmData(snaccKeyInfo.subjectPublicKey, keyData); + keyData.release(); + + /* + * LogicalKeySizeInBits - ask the CSP + */ + CSSM_CSP_HANDLE cspHand = getGlobalCspHand(true); + CSSM_KEY_SIZE keySize; + CSSM_RETURN crtn; + crtn = CSSM_QueryKeySizeInBits(cspHand, CSSM_INVALID_HANDLE, cssmKey, &keySize); + if(crtn) { + CssmError::throwMe(crtn); + } + cssmKey->KeyHeader.LogicalKeySizeInBits = + keySize.LogicalKeySizeInBits; + } + catch (...) { + alloc.free(cssmKey); + throw; + } + return cssmKey; +} + +void CL_freeCSSMKey( + CSSM_KEY_PTR cssmKey, + CssmAllocator &alloc, + bool freeTop) +{ + if(cssmKey == NULL) { + return; + } + alloc.free(cssmKey->KeyData.Data); + memset(cssmKey, 0, sizeof(CSSM_KEY)); + if(freeTop) { + alloc.free(cssmKey); + } +} diff --git a/AppleX509CL/SnaccUtils.h b/AppleX509CL/SnaccUtils.h index 5893cea8..6c408473 100644 --- a/AppleX509CL/SnaccUtils.h +++ b/AppleX509CL/SnaccUtils.h @@ -30,6 +30,7 @@ #include #include #include +#include "DecodedCert.h" /* ghastly requirements of snacc-generated cert code */ #include @@ -116,6 +117,25 @@ void CL_normalizeX509Name( Name &name, CssmAllocator &alloc); +/* + * Obtain a CSSM_KEY from a SubjectPublicKeyInfo, inferring as much as we can + * from required fields (subjectPublicKeyInfo) and extensions (for + * KeyUse, obtained from the optional DecodedCert). + */ +CSSM_KEY_PTR CL_extractCSSMKey( + SubjectPublicKeyInfo &snaccKeyInfo, + CssmAllocator &alloc, + const DecodedCert *decodedCert); // optional + +/* + * Free key obtained in CL_extractCSSMKey(). + */ +void CL_freeCSSMKey( + CSSM_KEY_PTR cssmKey, + CssmAllocator &alloc, + bool freeTop = true); // delete the actual key + // as well as contents + #ifdef __cplusplus } #endif diff --git a/AppleX509CL/cl_common.mdsinfo b/AppleX509CL/cl_common.mdsinfo new file mode 100644 index 00000000..2b573672 --- /dev/null +++ b/AppleX509CL/cl_common.mdsinfo @@ -0,0 +1,28 @@ + + + + + BuiltIn + + CDSAVersion + 2.0 + Desc + Apple built-in CL + DynamicFlag + + MdsFileDescription + Built-in X509 CL Common info + MdsFileType + PluginCommon + ModuleID + {87191ca4-0fc9-11d4-849a000502b52122} + ModuleName + AppleX509CL + MultiThreadFlag + + ProductVersion + 1.0 + ServiceMask + CSSM_SERVICE_CL + + diff --git a/AppleX509CL/cl_primary.mdsinfo b/AppleX509CL/cl_primary.mdsinfo new file mode 100644 index 00000000..932e311e --- /dev/null +++ b/AppleX509CL/cl_primary.mdsinfo @@ -0,0 +1,38 @@ + + + + + BundleTypeFormat + + CertFieldsNames + + + CertTypeFormat + <<CSSM_CERT_X_509v3 | CSSM_CERT_ENCODING_DER + CrlTypeFormat_NONE + 0 + DefaultTemplateType + CSSM_CL_TEMPLATE_INTERMEDIATE_CERT + MdsFileDescription + Built-in X509CL Primary info + MdsFileType + PluginSpecific + MdsRecordType + MDS_CDSADIR_CL_PRIMARY_RECORDTYPE + ModuleID + {87191ca4-0fc9-11d4-849a000502b52122} + ModuleName + AppleX509CL + ProductVersion + 1.0 + SSID + 0 + TemplateFieldNames + + + Vendor + Apple Computer, Inc. + XlationTypeFormat + + + diff --git a/AppleX509CL/cldebugging.h b/AppleX509CL/cldebugging.h index f7342aff..8ac7add8 100644 --- a/AppleX509CL/cldebugging.h +++ b/AppleX509CL/cldebugging.h @@ -49,6 +49,7 @@ #if DEBUG_ENABLE || ERROR_LOG_ENABLE #include +#include #if !LOG_VIA_PRINTF diff --git a/AppleX509TP/AppleTP.pbproj/project.pbxproj b/AppleX509TP/AppleTP.pbproj/project.pbxproj deleted file mode 100644 index d354edcf..00000000 --- a/AppleX509TP/AppleTP.pbproj/project.pbxproj +++ /dev/null @@ -1,445 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 32; - objects = { - 00E007DFFF9267D6D0A17CE7 = { - isa = PBXFileReference; - path = certGroupUtils.cpp; - refType = 4; - }; - 00E007E0FF9267D6D0A17CE7 = { - isa = PBXFileReference; - path = certGroupUtils.h; - refType = 4; - }; - 00E007E1FF9267D6D0A17CE7 = { - isa = PBXFileReference; - path = iSignRootCerts.c; - refType = 4; - }; - 00E007E2FF9267D6D0A17CE7 = { - isa = PBXFileReference; - path = rootCerts.h; - refType = 4; - }; - 00E007E3FF9267D6D0A17CE7 = { - isa = PBXFileReference; - path = tpPolicies.cpp; - refType = 4; - }; - 00E007E4FF9267D6D0A17CE7 = { - isa = PBXFileReference; - path = tpPolicies.h; - refType = 4; - }; - 00E007E5FF9267D6D0A17CE7 = { - fileRef = 00E007E0FF9267D6D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 00E007E6FF9267D6D0A17CE7 = { - fileRef = 00E007E2FF9267D6D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 00E007E7FF9267D6D0A17CE7 = { - fileRef = 00E007E4FF9267D6D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 00E007E8FF9267D6D0A17CE7 = { - fileRef = 00E007DFFF9267D6D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E007E9FF9267D6D0A17CE7 = { - fileRef = 00E007E1FF9267D6D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E007EAFF9267D6D0A17CE7 = { - fileRef = 00E007E3FF9267D6D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E007EBFF926B7BD0A17CE7 = { - isa = PBXFileReference; - path = debugging.c; - refType = 4; - }; - 00E007ECFF926B7BD0A17CE7 = { - isa = PBXFileReference; - path = debugging.h; - refType = 4; - }; - 00E007EDFF926B7BD0A17CE7 = { - fileRef = 00E007ECFF926B7BD0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 00E007EEFF926B7BD0A17CE7 = { - fileRef = 00E007EBFF926B7BD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 00E007EFFF937BBCD0A17CE7 = { - isa = PBXFileReference; - path = sslRootCerts.c; - refType = 4; - }; - 00E007F0FF937BBCD0A17CE7 = { - fileRef = 00E007EFFF937BBCD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 023E3601001F8E2511CD283A = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\""; - }; - isa = PBXBuildStyle; - name = "Build Folder"; - }; - 02B529DEFF8D3AA7D0A17CE7 = { - buildStyles = ( - 1C9129D8FFD8585E11CD296C, - 1C9129D9FFD8585E11CD296C, - 023E3601001F8E2511CD283A, - ); - isa = PBXProject; - mainGroup = 02B529DFFF8D3AA7D0A17CE7; - productRefGroup = 02B529E0FF8D3AFDD0A17CE7; - projectDirPath = .; - targets = ( - 02B529E3FF8D3AFDD0A17CE7, - ); - }; - 02B529DFFF8D3AA7D0A17CE7 = { - children = ( - 02B529EDFF8D3DB1D0A17CE7, - 02B529EBFF8D3D43D0A17CE7, - 02B529EFFF8D3E0AD0A17CE7, - 02B529E9FF8D3C09D0A17CE7, - 00E007DFFF9267D6D0A17CE7, - 00E007E0FF9267D6D0A17CE7, - 00E007EBFF926B7BD0A17CE7, - 00E007ECFF926B7BD0A17CE7, - 00E007E1FF9267D6D0A17CE7, - 00E007E2FF9267D6D0A17CE7, - 00E007EFFF937BBCD0A17CE7, - 02B529F8FF8D458FD0A17CE7, - 5F314875FFA4B878D0A17CE7, - 5F314873FFA4B3D9D0A17CE7, - 00E007E3FF9267D6D0A17CE7, - 00E007E4FF9267D6D0A17CE7, - 0B9ABCAFFF9395CDD0A17CE7, - 0B9ABCB1FF9396DDD0A17CE7, - 35D41EC9FFF3E99811CD283A, - 02B529E0FF8D3AFDD0A17CE7, - ); - isa = PBXGroup; - refType = 4; - }; - 02B529E0FF8D3AFDD0A17CE7 = { - children = ( - 1C9129D7FFD8585E11CD296C, - ); - isa = PBXGroup; - name = Products; - refType = 4; - }; - 02B529E3FF8D3AFDD0A17CE7 = { - buildPhases = ( - 02B529E4FF8D3AFDD0A17CE7, - 02B529E5FF8D3AFDD0A17CE7, - 02B529E6FF8D3AFDD0A17CE7, - 02B529E7FF8D3AFDD0A17CE7, - 02B529E8FF8D3AFDD0A17CE7, - ); - buildSettings = { - DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline"; - EXPORTED_SYMBOLS_FILE = cssmplugin.exp; - FRAMEWORK_SEARCH_PATHS = ""; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security"; - OPTIMIZATION_CFLAGS = "-O2 -fno-inline"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined suppress -lstdc++"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = AppleX509TP; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas -Wno-format"; - WRAPPER_EXTENSION = bundle; - }; - conditionalBuildSettings = { - }; - dependencies = ( - ); - isa = PBXBundleTarget; - name = AppleTP; - productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Security"; - productName = AppleX509TP; - productReference = 1C9129D7FFD8585E11CD296C; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - AppleX509TP - CFBundleGetInfoString - - CFBundleIconFile - - CFBundleIdentifier - com.apple.applex509tp - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - AppleX509TP - CFBundlePackageType - BNDL - CFBundleShortVersionString - 1.0 - CFBundleSignature - ???? - CFBundleVersion - AppleX509TP 1.0 - - -"; - shouldUseHeadermap = 1; - }; - 02B529E4FF8D3AFDD0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 02B529EAFF8D3C09D0A17CE7, - 02B529ECFF8D3D43D0A17CE7, - 00E007E5FF9267D6D0A17CE7, - 00E007E6FF9267D6D0A17CE7, - 00E007E7FF9267D6D0A17CE7, - 00E007EDFF926B7BD0A17CE7, - 0B9ABCB2FF9396DDD0A17CE7, - 5F314874FFA4B3D9D0A17CE7, - ); - isa = PBXHeadersBuildPhase; - name = Headers; - }; - 02B529E5FF8D3AFDD0A17CE7 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; - }; - 02B529E6FF8D3AFDD0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 02B529EEFF8D3DB1D0A17CE7, - 02B529F0FF8D3E0AD0A17CE7, - 02B529F9FF8D458FD0A17CE7, - 00E007E8FF9267D6D0A17CE7, - 00E007E9FF9267D6D0A17CE7, - 00E007EAFF9267D6D0A17CE7, - 00E007EEFF926B7BD0A17CE7, - 00E007F0FF937BBCD0A17CE7, - 0B9ABCB0FF9395CDD0A17CE7, - 5F314876FFA4B878D0A17CE7, - ); - isa = PBXSourcesBuildPhase; - name = Sources; - }; - 02B529E7FF8D3AFDD0A17CE7 = { - buildActionMask = 2147483647; - files = ( - 35D41ECBFFF3E99811CD283A, - ); - isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; - }; - 02B529E8FF8D3AFDD0A17CE7 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; - }; - 02B529E9FF8D3C09D0A17CE7 = { - isa = PBXFileReference; - path = AppleTPSession.h; - refType = 4; - }; - 02B529EAFF8D3C09D0A17CE7 = { - fileRef = 02B529E9FF8D3C09D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 02B529EBFF8D3D43D0A17CE7 = { - isa = PBXFileReference; - path = AppleTP.h; - refType = 4; - }; - 02B529ECFF8D3D43D0A17CE7 = { - fileRef = 02B529EBFF8D3D43D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 02B529EDFF8D3DB1D0A17CE7 = { - isa = PBXFileReference; - path = AppleTP.cpp; - refType = 4; - }; - 02B529EEFF8D3DB1D0A17CE7 = { - fileRef = 02B529EDFF8D3DB1D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 02B529EFFF8D3E0AD0A17CE7 = { - isa = PBXFileReference; - path = AppleTPSession.cpp; - refType = 4; - }; - 02B529F0FF8D3E0AD0A17CE7 = { - fileRef = 02B529EFFF8D3E0AD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 02B529F8FF8D458FD0A17CE7 = { - isa = PBXFileReference; - path = tpCertGroup.cpp; - refType = 4; - }; - 02B529F9FF8D458FD0A17CE7 = { - fileRef = 02B529F8FF8D458FD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0B9ABCAFFF9395CDD0A17CE7 = { - isa = PBXFileReference; - path = tpTime.c; - refType = 4; - }; - 0B9ABCB0FF9395CDD0A17CE7 = { - fileRef = 0B9ABCAFFF9395CDD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 0B9ABCB1FF9396DDD0A17CE7 = { - isa = PBXFileReference; - path = tpTime.h; - refType = 4; - }; - 0B9ABCB2FF9396DDD0A17CE7 = { - fileRef = 0B9ABCB1FF9396DDD0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 1C9129D7FFD8585E11CD296C = { - isa = PBXBundleReference; - path = AppleX509TP.bundle; - refType = 3; - }; - 1C9129D8FFD8585E11CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - }; - isa = PBXBuildStyle; - name = Development; - }; - 1C9129D9FFD8585E11CD296C = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = YES; - }; - isa = PBXBuildStyle; - name = Deployment; - }; - 35D41EC9FFF3E99811CD283A = { - children = ( - 35D41ECAFFF3E99811CD283A, - ); - isa = PBXGroup; - name = "External Frameworks"; - path = ../Projects/SecurityX/AppleX509TP; - refType = 3; - }; - 35D41ECAFFF3E99811CD283A = { - isa = PBXFrameworkReference; - path = Security.framework; - refType = 3; - }; - 35D41ECBFFF3E99811CD283A = { - fileRef = 35D41ECAFFF3E99811CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 5F314873FFA4B3D9D0A17CE7 = { - isa = PBXFileReference; - path = TPCertInfo.h; - refType = 4; - }; - 5F314874FFA4B3D9D0A17CE7 = { - fileRef = 5F314873FFA4B3D9D0A17CE7; - isa = PBXBuildFile; - settings = { - }; - }; - 5F314875FFA4B878D0A17CE7 = { - isa = PBXFileReference; - path = TPCertInfo.cpp; - refType = 4; - }; - 5F314876FFA4B878D0A17CE7 = { - fileRef = 5F314875FFA4B878D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - }; - rootObject = 02B529DEFF8D3AA7D0A17CE7; -} diff --git a/AppleX509TP/AppleTPSession.cpp b/AppleX509TP/AppleTPSession.cpp index 5b7cab29..bd6764e2 100644 --- a/AppleX509TP/AppleTPSession.cpp +++ b/AppleX509TP/AppleTPSession.cpp @@ -160,16 +160,6 @@ void AppleTPSession::CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle, CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); } -void AppleTPSession::SubmitCredRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority, - CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType, - const CSSM_TP_REQUEST_SET &RequestInput, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext, - sint32 &EstimatedTime, - CssmData &ReferenceIdentifier) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - void AppleTPSession::FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority, CSSM_TP_FORM_TYPE FormType, CssmData &BlankForm) @@ -231,13 +221,3 @@ void AppleTPSession::FormSubmit(CSSM_TP_FORM_TYPE FormType, CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); } -void AppleTPSession::RetrieveCredResult(const CssmData &ReferenceIdentifier, - const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, - sint32 &EstimatedTime, - CSSM_BOOL &ConfirmationRequired, - CSSM_TP_RESULT_SET_PTR &RetrieveOutput) -{ - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); -} - - diff --git a/AppleX509TP/AppleTPSession.h b/AppleX509TP/AppleTPSession.h index ca2460a3..af986f3d 100644 --- a/AppleX509TP/AppleTPSession.h +++ b/AppleX509TP/AppleTPSession.h @@ -174,13 +174,69 @@ public: CSSM_TP_RESULT_SET_PTR &RetrieveOutput); private: - void AppleTPSession::CertGroupConstructPriv(CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DL_DB_LIST &DBList, - const void *ConstructParams, - const CSSM_CERTGROUP &CertGroupFrag, - CSSM_BOOL ignoreExpired, - TPCertGroup *&CertGroup); + void CertGroupConstructPriv(CSSM_CL_HANDLE clHand, + CSSM_CSP_HANDLE cspHand, + const CSSM_DL_DB_LIST &DBList, + const void *ConstructParams, + const CSSM_CERTGROUP &CertGroupFrag, + CSSM_BOOL ignoreExpired, + const char *cssmTimeStr, // May be NULL + TPCertGroup *&CertGroup); + + /* in tpCredRequest.cp */ + CSSM_X509_NAME * buildX509Name(const CSSM_APPLE_TP_NAME_OID *nameArray, + unsigned numNames); + void freeX509Name(CSSM_X509_NAME *top); + CSSM_X509_TIME *buildX509Time(unsigned secondsFromNow); + void freeX509Time(CSSM_X509_TIME *xtime); + void refKeyToRaw( + CSSM_CSP_HANDLE cspHand, + const CSSM_KEY *refKey, + CSSM_KEY_PTR rawKey); + void makeCertTemplate( + /* required */ + CSSM_CL_HANDLE clHand, + CSSM_CSP_HANDLE cspHand, // for converting ref to raw key + uint32 serialNumber, + const CSSM_X509_NAME *issuerName, + const CSSM_X509_NAME *subjectName, + const CSSM_X509_TIME *notBefore, + const CSSM_X509_TIME *notAfter, + const CSSM_KEY *subjectPubKey, + const CSSM_OID &sigOid, // e.g., CSSMOID_SHA1WithRSA + /* optional */ + const CSSM_DATA *subjectUniqueId, + const CSSM_DATA *issuerUniqueId, + CSSM_X509_EXTENSION *extensions, + unsigned numExtensions, + CSSM_DATA_PTR &rawCert); + + void SubmitCsrRequest( + const CSSM_TP_REQUEST_SET &RequestInput, + sint32 &EstimatedTime, + CssmData &ReferenceIdentifier); + + /* + * Per-session storage of SubmitCredRequest results. + * + * A TpCredHandle is just an address of a cert, cast to a uint32. It's + * what ReferenceIdentifier.Data points to. + */ + typedef uint32 TpCredHandle; + typedef std::map credMap; + credMap tpCredMap; + Mutex tpCredMapLock; + + /* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and + * add it and the cert to tpCredMap. */ + void addCertToMap( + const CSSM_DATA *cert, + CSSM_DATA_PTR refId); + + /* given a ReferenceIdentifier, obtain associated cert and remove from the map */ + CSSM_DATA_PTR getCertFromMap( + const CSSM_DATA *refId); }; diff --git a/AppleX509TP/CVSVersionInfo.txt b/AppleX509TP/CVSVersionInfo.txt index 6053b5b9..5d71b6ed 100644 --- a/AppleX509TP/CVSVersionInfo.txt +++ b/AppleX509TP/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:53 mb Exp $ -# $Name: Security-30~1 $ +# $Name: $ ProjectName: AppleX509TP ProjectVersion: 3 diff --git a/AppleX509TP/TPCertInfo.cpp b/AppleX509TP/TPCertInfo.cpp index 726cd7dd..66a5003c 100644 --- a/AppleX509TP/TPCertInfo.cpp +++ b/AppleX509TP/TPCertInfo.cpp @@ -34,6 +34,7 @@ #include /* for Mutex */ #include #include +#include #define tpTimeDbg(args...) debug("tpTime", ## args) @@ -45,15 +46,25 @@ TPCertInfo::TPCertInfo( const CSSM_DATA *certData, CSSM_CL_HANDLE clHand, + const char *cssmTimeStr, // = NULL bool copyCertData) : // true: we copy, we free // false - caller owns mClHand(clHand), mCacheHand(CSSM_INVALID_HANDLE), mSubjectName(NULL), - mIssuerName(NULL) + mIssuerName(NULL), + mIndex(0), + mIsAnchor(false), + mIsFromDb(false), + mNumStatusCodes(0), + mStatusCodes(NULL), + mUniqueRecord(NULL) { CSSM_RETURN crtn; + mDlDbHandle.DBHandle = 0; + mDlDbHandle.DLHandle = 0; + if(copyCertData) { mCertData = tpMallocCopyCssmData(CssmAllocator::standard(), certData); } @@ -85,6 +96,10 @@ TPCertInfo::TPCertInfo( releaseResources(); CssmError::throwMe(crtn); } + + /* calculate other commonly used fields */ + mIsRoot = tpCompareCssmData(mSubjectName, mIssuerName) ? true : false; + calculateCurrent(cssmTimeStr); } /* frees mSubjectName, mIssuerName, mCacheHand via mClHand */ @@ -107,6 +122,9 @@ void TPCertInfo::releaseResources() if(mCacheHand != CSSM_INVALID_HANDLE) { CSSM_CL_CertAbortCache(mClHand, mCacheHand); } + if(mStatusCodes) { + free(mStatusCodes); + } } /* fetch arbitrary field from cached cert */ @@ -176,41 +194,43 @@ const CSSM_DATA *TPCertInfo::issuerName() return mIssuerName; } -bool TPCertInfo::isSelfSigned() // i.e., subject == issuer -{ - return tpCompareCssmData(mSubjectName, mIssuerName) ? true : false; -} - /* - * Verify validity (not before/after). Returns - * CSSMERR_TP_CERT_NOT_VALID_YET - * CSSMERR_TP_CERT_EXPIRED - * CSSM_OK - * CSSMERR_TP_INVALID_CERT_POINTER, other "bogus cert" errors + * Verify validity (not before/after). Only throws on gross error + * (CSSMERR_TP_INVALID_CERT_POINTER, etc.). * * We use some stdlib time calls over in tpTime.c; the stdlib function * gmtime() is not thread-safe, so we do the protection here. Note that * this makes *our* calls to gmtime() thread-safe, but if the app has * other threads which are also calling gmtime, we're out of luck. */ -static ModuleNexus tpTimeLock; +ModuleNexus tpTimeLock; -CSSM_RETURN TPCertInfo::isCurrent( - CSSM_BOOL allowExpired) +void TPCertInfo::calculateCurrent( + const char *cssmTimeStr /* = NULL */) { CSSM_DATA_PTR notBeforeField = NULL; CSSM_DATA_PTR notAfterField = NULL; CSSM_RETURN crtn = CSSM_OK; + CSSM_X509_TIME *xNotAfter; CASSERT(mCacheHand != CSSM_INVALID_HANDLE); crtn = fetchField(&CSSMOID_X509V1ValidityNotBefore, ¬BeforeField); if(crtn) { - errorLog0("TPCertInfo::isCurrent: GetField error"); - return crtn; + errorLog0("TPCertInfo::calculateCurrent: GetField error"); + CssmError::throwMe(crtn); } + /* subsequent errors to errOut */ struct tm now; - { + if(cssmTimeStr != NULL) { + /* caller specifies verification time base */ + if(timeStringToTm(cssmTimeStr, strlen(cssmTimeStr), &now)) { + errorLog0("TPCertInfo::calculateCurrent: timeStringToTm error"); + CssmError::throwMe(CSSMERR_TP_INVALID_TIMESTRING); + } + } + else { + /* time base = right now */ StLock _(tpTimeLock()); nowTime(&now); } @@ -219,68 +239,52 @@ CSSM_RETURN TPCertInfo::isCurrent( if(timeStringToTm((char *)xNotBefore->time.Data, xNotBefore->time.Length, ¬Before)) { - errorLog0("TPCertInfo::isCurrent: malformed notBefore time\n"); + errorLog0("TPCertInfo::calculateCurrent: malformed notBefore time\n"); crtn = CSSMERR_TP_INVALID_CERT_POINTER; goto errOut; } if(compareTimes(&now, ¬Before) < 0) { - crtn = CSSMERR_TP_CERT_NOT_VALID_YET; + mNotValidYet = true; tpTimeDbg("\nTP_CERT_NOT_VALID_YET:\n now y:%d m:%d d:%d h:%d m:%d", now.tm_year, now.tm_mon, now.tm_mday, now.tm_hour, now.tm_min); tpTimeDbg(" notBefore y:%d m:%d d:%d h:%d m:%d", notBefore.tm_year, notBefore.tm_mon, notBefore.tm_mday, notBefore.tm_hour, notBefore.tm_min); - struct tm now2; - { - StLock _(tpTimeLock()); - nowTime(&now2); - } - tpTimeDbg(" now2 y:%d m:%d d:%d h:%d m:%d", - now2.tm_year, now2.tm_mon, now2.tm_mday, now2.tm_hour, - now2.tm_min); + } + else { + mNotValidYet = false; + } + + struct tm notAfter; + crtn = fetchField(&CSSMOID_X509V1ValidityNotAfter, ¬AfterField); + if(crtn) { + errorLog0("TPCertInfo::calculateCurrent: GetField error"); goto errOut; } - if(!allowExpired) { - struct tm notAfter; - crtn = fetchField(&CSSMOID_X509V1ValidityNotAfter, ¬AfterField); - if(crtn) { - errorLog0("TPCertInfo::isCurrent: GetField error"); - goto errOut; - } - - CSSM_X509_TIME *xNotAfter = (CSSM_X509_TIME *)notAfterField->Data; - if(timeStringToTm((char *)xNotAfter->time.Data, xNotAfter->time.Length, - ¬After)) { - errorLog0("TPCertInfo::isCurrent: malformed notAfter time\n"); - crtn = CSSMERR_TP_INVALID_CERT_POINTER; - } - else if(compareTimes(&now, ¬After) > 0) { - crtn = CSSMERR_TP_CERT_EXPIRED; - tpTimeDbg("\nTP_CERT_EXPIRED: \n now y:%d m:%d d:%d " - "h:%d m:%d", - now.tm_year, now.tm_mon, now.tm_mday, - now.tm_hour, now.tm_min); - tpTimeDbg(" notAfter y:%d m:%d d:%d h:%d m:%d", - notAfter.tm_year, notAfter.tm_mon, notAfter.tm_mday, - notAfter.tm_hour, notAfter.tm_min); - struct tm now2; - { - StLock _(tpTimeLock()); - nowTime(&now2); - } - tpTimeDbg(" now2 y:%d m:%d d:%d h:%d m:%d", - now2.tm_year, now2.tm_mon, now2.tm_mday, now2.tm_hour, - now2.tm_min); - } - else { - crtn = CSSM_OK; - } + xNotAfter = (CSSM_X509_TIME *)notAfterField->Data; + if(timeStringToTm((char *)xNotAfter->time.Data, xNotAfter->time.Length, + ¬After)) { + errorLog0("TPCertInfo::calculateCurrent: malformed notAfter time\n"); + crtn = CSSMERR_TP_INVALID_CERT_POINTER; + goto errOut; + } + else if(compareTimes(&now, ¬After) > 0) { + crtn = CSSMERR_TP_CERT_EXPIRED; + tpTimeDbg("\nTP_CERT_EXPIRED: \n now y:%d m:%d d:%d " + "h:%d m:%d", + now.tm_year, now.tm_mon, now.tm_mday, + now.tm_hour, now.tm_min); + tpTimeDbg(" notAfter y:%d m:%d d:%d h:%d m:%d", + notAfter.tm_year, notAfter.tm_mon, notAfter.tm_mday, + notAfter.tm_hour, notAfter.tm_min); + mExpired = true; } else { - crtn = CSSM_OK; + mExpired = false; } + crtn = CSSM_OK; errOut: if(notAfterField) { freeField(&CSSMOID_X509V1ValidityNotAfter, notAfterField); @@ -288,7 +292,31 @@ errOut: if(notBeforeField) { freeField(&CSSMOID_X509V1ValidityNotBefore, notBeforeField); } - return crtn; + if(crtn != CSSM_OK) { + CssmError::throwMe(crtn); + } +} + +CSSM_RETURN TPCertInfo::isCurrent( + CSSM_BOOL allowExpired) +{ + if(mNotValidYet) { + return CSSMERR_TP_CERT_NOT_VALID_YET; + } + if(allowExpired || !mExpired) { + return CSSM_OK; + } + else { + return CSSMERR_TP_CERT_EXPIRED; + } +} + +void TPCertInfo::addStatusCode(CSSM_RETURN code) +{ + mNumStatusCodes++; + mStatusCodes = (CSSM_RETURN *)realloc(mStatusCodes, + mNumStatusCodes * sizeof(CSSM_RETURN)); + mStatusCodes[mNumStatusCodes - 1] = code; } /*** @@ -389,7 +417,7 @@ CSSM_CERTGROUP_PTR TPCertGroup::buildCssmCertGroup() CSSM_CERTGROUP_PTR cgrp = (CSSM_CERTGROUP_PTR)mAlloc.malloc(sizeof(CSSM_CERTGROUP)); cgrp->NumCerts = mNumCerts; - cgrp->CertGroupType = CSSM_CERTGROUP_ENCODED_CERT; + cgrp->CertGroupType = CSSM_CERTGROUP_DATA; cgrp->CertType = CSSM_CERT_X_509v3; cgrp->CertEncoding = CSSM_CERT_ENCODING_DER; if(mNumCerts == 0) { @@ -405,3 +433,85 @@ CSSM_CERTGROUP_PTR TPCertGroup::buildCssmCertGroup() } return cgrp; } + +/* build a CSSM_TP_APPLE_EVIDENCE_INFO array */ +CSSM_TP_APPLE_EVIDENCE_INFO *TPCertGroup::buildCssmEvidenceInfo() +{ + CSSM_TP_APPLE_EVIDENCE_INFO *infoArray; + + infoArray = (CSSM_TP_APPLE_EVIDENCE_INFO *)mAlloc.calloc(mNumCerts, + sizeof(CSSM_TP_APPLE_EVIDENCE_INFO)); + for(unsigned i=0; iisExpired()) { + evInfo->StatusBits |= CSSM_CERT_STATUS_EXPIRED; + } + if(certInfo->isNotValidYet()) { + evInfo->StatusBits |= CSSM_CERT_STATUS_NOT_VALID_YET; + } + if(certInfo->dlDbHandle().DLHandle == 0) { + if(certInfo->isAnchor()) { + evInfo->StatusBits |= CSSM_CERT_STATUS_IS_IN_ANCHORS; + } + else { + evInfo->StatusBits |= CSSM_CERT_STATUS_IS_IN_INPUT_CERTS; + } + } + if(certInfo->isSelfSigned()) { + evInfo->StatusBits |= CSSM_CERT_STATUS_IS_ROOT; + } + + unsigned numCodes = certInfo->numStatusCodes(); + if(numCodes) { + evInfo->NumStatusCodes = numCodes; + evInfo->StatusCodes = (CSSM_RETURN *)mAlloc.calloc(numCodes, + sizeof(CSSM_RETURN)); + for(unsigned j=0; jStatusCodes[j] = (certInfo->statusCodes())[j]; + } + } + + evInfo->Index = certInfo->index(); + evInfo->DlDbHandle = certInfo->dlDbHandle(); + evInfo->UniqueRecord = certInfo->uniqueRecord(); + } + return infoArray; +} + +/* Given a status for basic construction of a cert group and a status + * of (optional) policy verification, plus the implicit notBefore/notAfter + * status in the certs, calculate a global return code. This just + * encapsulates a policy for CertGroupeConstruct and CertGroupVerify. + */ +CSSM_RETURN TPCertGroup::getReturnCode( + CSSM_RETURN constructStatus, + CSSM_BOOL allowExpired, + CSSM_RETURN policyStatus /* = CSSM_OK */) +{ + if(constructStatus) { + /* CSSMERR_TP_NOT_TRUSTED, CSSMERR_TP_INVALID_ANCHOR_CERT, gross errors */ + return constructStatus; + } + + /* check for expired, not valid yet */ + bool expired = false; + bool notValid = false; + for(unsigned i=0; iisExpired()) { + expired = true; + } + if(mCertInfo[i]->isNotValidYet()) { + notValid = true; + } + } + if(expired && !allowExpired) { + return CSSMERR_TP_CERT_EXPIRED; + } + if(notValid) { + return CSSMERR_TP_CERT_NOT_VALID_YET; + } + return policyStatus; +} diff --git a/AppleX509TP/TPCertInfo.h b/AppleX509TP/TPCertInfo.h index 313c9443..a9515dbb 100644 --- a/AppleX509TP/TPCertInfo.h +++ b/AppleX509TP/TPCertInfo.h @@ -28,6 +28,15 @@ #include #include #include +#include +#include + +/*** Interim hack, disable not before/not after checking during cert chain processing ***/ +/*** code #ifdef'd with this gets ripped out later ***/ +#define TP_CERT_CURRENT_CHECK_INLINE 0 + +/* protects TP-wide access to time() and gmtime() */ +extern ModuleNexus tpTimeLock; /* * Class representing one certificate. The raw cert data usually comes from @@ -50,6 +59,7 @@ public: TPCertInfo( const CSSM_DATA *certData, CSSM_CL_HANDLE clHand, + const char *cssmTimeStr = NULL, // NULL ==> time base = right now bool copyCertData = false); // true: we copy, we free // false - caller owns @@ -77,8 +87,25 @@ public: const CSSM_DATA *subjectName(); const CSSM_DATA *issuerName(); - bool isSelfSigned(); // i.e., subject == issuer - + bool isSelfSigned() { return mIsRoot; } + bool isExpired() { return mExpired; } + bool isNotValidYet() { return mNotValidYet; } + + unsigned index() { return mIndex; } + void index(unsigned dex) { mIndex = dex; } + bool isAnchor() { return mIsAnchor; } + void isAnchor(bool a) { mIsAnchor = a; } + unsigned numStatusCodes() { return mNumStatusCodes; } + CSSM_RETURN *statusCodes() { return mStatusCodes; } + void addStatusCode(CSSM_RETURN code); + CSSM_DL_DB_HANDLE dlDbHandle() { return mDlDbHandle; } + void dlDbHandle(CSSM_DL_DB_HANDLE hand) + { mDlDbHandle = hand; } + CSSM_DB_UNIQUE_RECORD_PTR uniqueRecord() + { return mUniqueRecord; } + void uniqueRecord(CSSM_DB_UNIQUE_RECORD_PTR rec) + { mUniqueRecord = rec; } + /* * Verify validity (not before/after). Returns * CSSMERR_TP_CERT_NOT_VALID_YET @@ -97,9 +124,24 @@ private: CSSM_DATA_PTR mSubjectName; // always valid CSSM_DATA_PTR mIssuerName; // always valid + /* maintained by caller, default at constructor 0/false */ + unsigned mIndex; + bool mIsAnchor; + bool mIsFromDb; + unsigned mNumStatusCodes; + CSSM_RETURN *mStatusCodes; + CSSM_DL_DB_HANDLE mDlDbHandle; + CSSM_DB_UNIQUE_RECORD_PTR mUniqueRecord; + + /* calculated implicitly at construction */ + bool mExpired; + bool mNotValidYet; + bool mIsRoot; // i.e., subject == issuer + void releaseResources(); + void calculateCurrent( + const char *cssmTimeStr = NULL); // set mExpired, mNotValidYet - /* other field accessors here */ }; /* @@ -137,14 +179,28 @@ public: * Convenience accessors for first and last cert, only valid when we have * at least one cert. */ - TPCertInfo - *firstCert(); - TPCertInfo - *lastCert(); + TPCertInfo *firstCert(); + TPCertInfo *lastCert(); /* build a CSSM_CERTGROUP corresponding with our mCertInfo */ - CSSM_CERTGROUP_PTR - buildCssmCertGroup(); + CSSM_CERTGROUP_PTR buildCssmCertGroup(); + + /* build a CSSM_TP_APPLE_EVIDENCE_INFO array corresponding with our + * mCertInfo */ + CSSM_TP_APPLE_EVIDENCE_INFO *buildCssmEvidenceInfo(); + + /* Given a status for basic construction of a cert group and a status + * of (optional) policy verification, plus the implicit notBefore/notAfter + * status in the certs, calculate a global return code. This just + * encapsulates a policy for CertGroupeConstruct and CertGroupVerify. + */ + CSSM_RETURN getReturnCode( + CSSM_RETURN constructStatus, + CSSM_BOOL allowExpired, + CSSM_RETURN policyStatus = CSSM_OK); + + CssmAllocator + &alloc() {return mAlloc; } private: CssmAllocator &mAlloc; diff --git a/AppleX509TP/certGroupUtils.cpp b/AppleX509TP/certGroupUtils.cpp index 513d8eb9..df1efc0f 100644 --- a/AppleX509TP/certGroupUtils.cpp +++ b/AppleX509TP/certGroupUtils.cpp @@ -215,7 +215,7 @@ CSSM_RETURN tp_VerifyCert( TPCertInfo *subjectCert, TPCertInfo *issuerCert, CSSM_BOOL checkIssuerCurrent, - CSSM_BOOL allowExpired) + CSSM_BOOL allowExpired) // to be deleted { CSSM_RETURN crtn; @@ -226,10 +226,12 @@ CSSM_RETURN tp_VerifyCert( NULL, // VerifyScope 0); // ScopeSize if(crtn == CSSM_OK) { + #if TP_CERT_CURRENT_CHECK_INLINE if(checkIssuerCurrent) { /* also verify validity of issuer */ crtn = issuerCert->isCurrent(allowExpired); } + #endif } else { /* general cert verify failure */ @@ -254,56 +256,60 @@ CSSM_BOOL tp_CompareCerts( * certs can be found using the returned result handle. */ static CSSM_DB_UNIQUE_RECORD_PTR tpCertLookup( - CSSM_TP_HANDLE tpHand, CSSM_DL_DB_HANDLE dlDb, - const CSSM_DATA_PTR subjectName, // DER-encoded + const CSSM_DATA *subjectName, // DER-encoded CSSM_HANDLE_PTR resultHand, CSSM_DATA_PTR cert) // RETURNED { CSSM_QUERY query; CSSM_SELECTION_PREDICATE predicate; - CSSM_BOOL EndOfDataStore; - CSSM_DB_UNIQUE_RECORD_PTR record; + CSSM_DB_UNIQUE_RECORD_PTR record = NULL; cert->Data = NULL; cert->Length = 0; + /* SWAG until cert schema nailed down */ predicate.DbOperator = CSSM_DB_EQUAL; predicate.Attribute.Info.AttributeNameFormat = - CSSM_DB_ATTRIBUTE_NAME_AS_NUMBER; // may not be needed - predicate.Attribute.Info.Attr.AttributeNumber = kSubjectKCItemAttr; - predicate.Attribute.Value = *subjectName; + CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + predicate.Attribute.Info.Label.AttributeName = "Subject"; + predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; + predicate.Attribute.Value = const_cast(subjectName); + predicate.Attribute.NumberOfValues = 1; - query.RecordType = CSSM_DL_DB_RECORD_CERT; - query.NumSelectionPredicates = 1; + query.RecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE; query.Conjunctive = CSSM_DB_NONE; - + query.NumSelectionPredicates = 1; query.SelectionPredicate = &predicate; + query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? + query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? + query.QueryFlags = 0; // FIXME - used? - record = CSSM_DL_DataGetFirst(dlDb, + CSSM_DL_DataGetFirst(dlDb, &query, resultHand, - &EndOfDataStore, NULL, // don't fetch attributes - cert); + cert, + &record); return record; } /* * Search a list of DBs for a cert which verifies specified subject cert. * Just a boolean return - we found it, or not. If we did, we return - * a pointer to the raw cert. + * TPCertInfo associated with the raw cert. * * Special case of subject cert expired indicated by *subjectExpired * returned as something other than CSSM_OK. */ -CSSM_DATA_PTR tpFindIssuer( - CSSM_TP_HANDLE tpHand, +TPCertInfo *tpFindIssuer( + CssmAllocator &alloc, CSSM_CL_HANDLE clHand, CSSM_CSP_HANDLE cspHand, - const CSSM_DATA_PTR subjectCert, - const CSSM_DATA_PTR issuerName, // passed for convenience - const CSSM_DB_LIST_PTR dbList, + TPCertInfo *subjectCert, + const CSSM_DATA *issuerName, // TBD - passed for convenience + const CSSM_DL_DB_LIST *dbList, + const char *cssmTimeStr, // may be NULL CSSM_RETURN *issuerExpired) // RETURNED { uint32 dbDex; @@ -311,35 +317,39 @@ CSSM_DATA_PTR tpFindIssuer( CSSM_DATA_PTR cert; // we malloc CSSM_DL_DB_HANDLE dlDb; CSSM_DB_UNIQUE_RECORD_PTR record; + TPCertInfo *issuerCert = NULL; - *subjectExpired = CSSM_OK; + *issuerExpired = CSSM_OK; if(dbList == NULL) { return NULL; } - cert = (CSSM_DATA_PTR)tpMalloc(tpHand, sizeof(CSSM_DATA)); + cert = (CSSM_DATA_PTR)alloc.malloc(sizeof(CSSM_DATA)); cert->Data = NULL; cert->Length = 0; for(dbDex=0; dbDexNumHandles; dbDex++) { dlDb = dbList->DLDBHandle[dbDex]; - record = tpCertLookup(tpHand, - dlDb, + record = tpCertLookup(dlDb, issuerName, &resultHand, cert); /* remember we have to abort this query regardless...*/ if(record != NULL) { /* Found one. Does it verify the subject cert? */ - if(!tp_VerifyCert(tpHand, - clHand, + issuerCert = new TPCertInfo(cert, clHand, cssmTimeStr, CSSM_TRUE); + if(tp_VerifyCert(clHand, cspHand, subjectCert, - cert, - issuerExpired)) { + issuerCert, + CSSM_FALSE, // check current, ignored + CSSM_FALSE)) { // allowExpired, ignored + delete issuerCert; + issuerCert = NULL; + /* special case - abort immediately if issuerExpired has expired */ if((*issuerExpired) != CSSM_OK) { - CSSM_DL_AbortQuery(dlDb, resultHand); + CSSM_DL_DataAbortQuery(dlDb, resultHand); goto abort; } @@ -348,53 +358,52 @@ CSSM_DATA_PTR tpFindIssuer( * finding the holy grail or no more records found. */ for(;;) { - CSSM_BOOL eod; - - tpFreeCssmData(tpHand, cert, CSSM_FALSE); - record = CSSM_DL_DataGetNext(dlDb, + tpFreeCssmData(alloc, cert, CSSM_FALSE); + CSSM_RETURN crtn = CSSM_DL_DataGetNext(dlDb, resultHand, - &eod, NULL, // no attrs - cert); - if(record == NULL) { + cert, + &record); + if(crtn) { /* no more, done with this DB */ break; } /* found one - does it verify subject? */ - if(tp_VerifyCert(tpHand, - clHand, + issuerCert = new TPCertInfo(cert, clHand, cssmTimeStr, + CSSM_TRUE); + if(tp_VerifyCert(clHand, cspHand, subjectCert, - cert, - issuerExpired)) { + issuerCert, + CSSM_FALSE, + CSSM_FALSE)) { /* yes! */ break; } - else if((*issuerExpired) != CSSM_OK) { - /* abort immediately */ - CSSM_DL_AbortQuery(dlDb, resultHand); - goto abort; - } + delete issuerCert; + issuerCert = NULL; } /* searching subsequent records */ } /* verify fail */ /* else success! */ - if(record != NULL) { + if(issuerCert != NULL) { /* successful return */ - CSSM_DL_AbortQuery(dlDb, resultHand); - return cert; + CSSM_DL_DataAbortQuery(dlDb, resultHand); + issuerCert->dlDbHandle(dlDb); + issuerCert->uniqueRecord(record); + return issuerCert; } } /* tpCertLookup, i.e., CSSM_DL_DataGetFirst, succeeded */ /* in any case, abort the query for this db */ - CSSM_DL_AbortQuery(dlDb, resultHand); + CSSM_DL_DataAbortQuery(dlDb, resultHand); } /* main loop searching dbList */ abort: /* issuer not found */ - tpFreeCssmData(tpHand, cert, CSSM_TRUE); + tpFreeCssmData(alloc, cert, CSSM_TRUE); return NULL; } diff --git a/AppleX509TP/certGroupUtils.h b/AppleX509TP/certGroupUtils.h index ec28cc3d..6bcf0320 100644 --- a/AppleX509TP/certGroupUtils.h +++ b/AppleX509TP/certGroupUtils.h @@ -31,7 +31,7 @@ /* * Cheetah version of TP doesn't work with DLs. */ -#define TP_DL_ENABLE 0 +#define TP_DL_ENABLE 1 #ifdef __cplusplus extern "C" { @@ -75,18 +75,15 @@ void tp_CertFreeAlgId( CSSM_DATA_PTR value); #if TP_DL_ENABLE -CSSM_DATA_PTR -tp_GetCertFromDBList( CSSM_TP_HANDLE hTP, - CSSM_CL_HANDLE hCL, - CSSM_SELECTION_PREDICATE_PTR pPredicate, - uint32 NumberOfPredicates, - const CSSM_DB_LIST_PTR pDBList ); - -CSSM_DATA_PTR -tp_GetCertFromDBListBySName( CSSM_TP_HANDLE hTP, - CSSM_CL_HANDLE hCL, - const CSSM_DATA_PTR pSubjectName, - const CSSM_DB_LIST_PTR pDBList ); +TPCertInfo *tpFindIssuer( + CssmAllocator &alloc, + CSSM_CL_HANDLE clHand, + CSSM_CSP_HANDLE cspHand, + TPCertInfo *subjectCert, + const CSSM_DATA *issuerName, // passed for convenience + const CSSM_DL_DB_LIST *dbList, + const char *cssmTimeStr, // may be NULL + CSSM_RETURN *issuerExpired); // RETURNED #endif /* TP_DL_ENABLE*/ @@ -106,21 +103,6 @@ CSSM_BOOL tp_CompareCerts( const CSSM_DATA *cert1, const CSSM_DATA *cert2); -#if TP_DL_ENABLE -/* - * Search a list of DBs for a cert which verifies specified subject cert. - * Just a boolean return - we found it, or not. - */ -CSSM_DATA_PTR tpFindIssuer( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA_PTR subjectCert, - const CSSM_DATA_PTR issuerName, // passed for convenience - const CSSM_DB_LIST_PTR dbList, - CSSM_BOOL *subjectExpired); // RETURNED -#endif - /* * Given an OID, return the corresponding CSSM_ALGID. */ diff --git a/AppleX509TP/iSignRootCerts.c b/AppleX509TP/iSignRootCerts.c index 5374af84..5bccc65d 100644 --- a/AppleX509TP/iSignRootCerts.c +++ b/AppleX509TP/iSignRootCerts.c @@ -30,6 +30,8 @@ #include #include "rootCerts.h" +#if TP_ROOT_CERT_ENABLE + /* * this static data is generated by extractCertFields, copy&pasted from * its output into this source file @@ -216,3 +218,5 @@ const tpRootCert iSignRootCerts[] = { }; unsigned const numiSignRootCerts = sizeof(iSignRootCerts) / sizeof(tpRootCert); + +#endif /* TP_ROOT_CERT_ENABLE */ diff --git a/AppleX509TP/rootCerts.cpp b/AppleX509TP/rootCerts.cpp new file mode 100644 index 00000000..84a15931 --- /dev/null +++ b/AppleX509TP/rootCerts.cpp @@ -0,0 +1,147 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please + * obtain a copy of the License at http://www.apple.com/publicsource and + * read it before using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please + * see the License for the specific language governing rights and + * limitations under the License. + */ + + +/* + File: rootCerts.cp + + Contains: Bridge between SecTrustGetCSSMAnchorCertificates() and + TP's internally cached tpRootCert array. + + Written by: Doug Mitchell. + + Copyright: Copyright 2002 by Apple Computer, Inc., all rights reserved. + +*/ + +#include "rootCerts.h" +#include "certGroupUtils.h" +#include +#include +#include +#include + +/* static in TPRootStore */ +ModuleNexus TPRootStore::tpGlobalRoots; + +TPRootStore::~TPRootStore() +{ + /* + * Technically this never gets called because the only instance + * of a TPRootStore is via tpGlobalRoots. Freeing mRootCerts + * here really doesn't accomplish anything. + */ +} + +const tpRootCert *TPRootStore::rootCerts( + CSSM_CL_HANDLE clHand, + unsigned &numRootCerts) +{ + StLock _(mLock); + if(mRootCerts) { + numRootCerts = mNumRootCerts; + return mRootCerts; + } + + CssmAllocator &alloc(CssmAllocator::standard()); + CertGroup roots; + tpRootCert *tpRoots = NULL; // copy to mRootCerts on success + unsigned numTpRoots = 0; + + try { + /* Obtain system-wide root certs in blob format */ + Security::KeychainCore::TrustStore &trustStore = + Security::KeychainCore::Trust::gStore(); + trustStore.getCssmRootCertificates(roots); + if(roots.type() != CSSM_CERTGROUP_DATA) { + debug("tpAnchor", "Bad certGroup Type (%d)\n", + (int)roots.type()); + return NULL; + } + numTpRoots = roots.count(); + if(numTpRoots == 0) { + debug("tpAnchor", "empty certGroup\n"); + return NULL; + } + + /* set up tpRoots array, one for each cert in the group */ + tpRoots = + (tpRootCert *)alloc.malloc(numTpRoots * sizeof(tpRootCert)); + memset(tpRoots, 0, numTpRoots * sizeof(tpRootCert)); + for(uint32 certNum=0; certNumsubjectName); + CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SubjectName, + field); + + /* extract public key info - the blob and key size in bits */ + CSSM_KEY_PTR key; + crtn = CSSM_CL_CertGetKeyInfo(clHand, certData, &key); + if(crtn) { + debug("tpAnchor", "CSSM_CL_CertGetKeyInfo error on cert %u", + (unsigned)certNum); + /* clear out this tpRoot? */ + continue; + } + tpCopyCssmData(alloc, &key->KeyData, &tpRoot->publicKey); + tpRoot->keySize = key->KeyHeader.LogicalKeySizeInBits; + + /* A hole in the CDSA API: there is no free function at the + * CL API for this key. It got mallocd with clHand's + * allocator.... + */ + CSSM_API_MEMORY_FUNCS memFuncs; + crtn = CSSM_GetAPIMemoryFunctions(clHand, &memFuncs); + if(crtn) { + debug("tpAnchor", "CSSM_GetAPIMemoryFunctions error"); + /* Oh well.. */ + continue; + } + memFuncs.free_func(key->KeyData.Data, memFuncs.AllocRef); + memFuncs.free_func(key, memFuncs.AllocRef); + } /* main loop */ + } + catch(...) { + /* TBD */ + return NULL; + } + mNumRootCerts = numTpRoots; + numRootCerts = mNumRootCerts; + mRootCerts = tpRoots; + return mRootCerts; +} diff --git a/AppleX509TP/rootCerts.h b/AppleX509TP/rootCerts.h index 47a349eb..f0a980f2 100644 --- a/AppleX509TP/rootCerts.h +++ b/AppleX509TP/rootCerts.h @@ -19,8 +19,7 @@ /* File: rootCerts.h - Contains: embedded iSign and SSL root certs - subject name - and public keys + Contains: Interface to local cache of system-wide trusted root certs Written by: Doug Mitchell. @@ -32,39 +31,46 @@ #define _TP_ROOT_CERTS_H_ #include +#include +#include -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ +/* + * As of 3/18/02, use of the built-in root certs is disabled by default. + * Their use is enabled at in CSSM_TP_CertGroupVerify by the use of a + * private bit in CSSM_APPLE_TP_ACTION_DATA.ActionFlags. + * The presence of the root certs at all (at compile time) is controlled + * TP_ROOT_CERT_ENABLE. + */ +#define TP_ROOT_CERT_ENABLE 1 + +#if TP_ROOT_CERT_ENABLE /* * Each one of these represents one known root cert. */ typedef struct { - const CSSM_DATA * const subjectName; // normalized and DER-encoded - const CSSM_DATA * const publicKey; // DER-encoded - uint32 keySize; + CSSM_DATA subjectName; // normalized and DER-encoded + CSSM_DATA publicKey; // DER-encoded + uint32 keySize; } tpRootCert; -extern const tpRootCert iSignRootCerts[]; -extern const unsigned numiSignRootCerts; - -extern const tpRootCert sslRootCerts[]; -extern const unsigned numSslRootCerts; - -/* These certs are shared by SSL and iSign */ -extern const CSSM_DATA serverpremium_pubKey; -extern const CSSM_DATA serverpremium_subject; -extern const CSSM_DATA serverbasic_pubKey; -extern const CSSM_DATA serverbasic_subject; -extern const CSSM_DATA PCA3ss_v4_pubKey; -extern const CSSM_DATA PCA3ss_v4_subject; - -#define ENABLE_APPLE_DEBUG_ROOT 0 - - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* _TP_ROOT_CERTS_H_ */ \ No newline at end of file +/* One of these per process which caches the roots in tpRootCert format */ +class TPRootStore +{ +public: + TPRootStore() : mRootCerts(NULL), mNumRootCerts(0) { } + ~TPRootStore(); + const tpRootCert *rootCerts( + CSSM_CL_HANDLE clHand, + unsigned &numRootCerts); + static ModuleNexus tpGlobalRoots; + +private: + tpRootCert *mRootCerts; + unsigned mNumRootCerts; + Mutex mLock; +}; + +#endif /* TP_ROOT_CERT_ENABLE */ + +#endif /* _TP_ROOT_CERTS_H_ */ diff --git a/AppleX509TP/sslRootCerts.c b/AppleX509TP/sslRootCerts.c index 51d58253..4150c09a 100644 --- a/AppleX509TP/sslRootCerts.c +++ b/AppleX509TP/sslRootCerts.c @@ -30,6 +30,7 @@ #include #include "rootCerts.h" +#if TP_ROOT_CERT_ENABLE /*********************** Cert File Name: Class1_PCA_G2_v2.cer @@ -1424,3 +1425,5 @@ const tpRootCert sslRootCerts[] = }; const unsigned numSslRootCerts = sizeof(sslRootCerts) / sizeof(tpRootCert); + +#endif /* TP_ROOT_CERT_ENABLE */ diff --git a/AppleX509TP/tpCertGroup.cpp b/AppleX509TP/tpCertGroup.cpp index 4f172db3..332b85b9 100644 --- a/AppleX509TP/tpCertGroup.cpp +++ b/AppleX509TP/tpCertGroup.cpp @@ -27,8 +27,9 @@ #include "TPCertInfo.h" #include "tpPolicies.h" #include "tpdebugging.h" +#include "rootCerts.h" #include - +#include /*----------------------------------------------------------------------------- * CertGroupConstruct @@ -92,6 +93,7 @@ void AppleTPSession::CertGroupConstruct(CSSM_CL_HANDLE clHand, ConstructParams, CertGroupFrag, CSSM_FALSE, // allowExpired + NULL, // cssmTimeStr tpCertGroup); CertGroup = tpCertGroup->buildCssmCertGroup(); delete tpCertGroup; @@ -115,6 +117,7 @@ void AppleTPSession::CertGroupConstructPriv(CSSM_CL_HANDLE clHand, const void *ConstructParams, const CSSM_CERTGROUP &CertGroupFrag, CSSM_BOOL allowExpired, + const char *cssmTimeStr, // May be NULL TPCertGroup *&CertGroup) { TPCertGroup *inCertGroup; // unordered input certs @@ -144,7 +147,7 @@ void AppleTPSession::CertGroupConstructPriv(CSSM_CL_HANDLE clHand, CssmError::throwMe(CSSMERR_TP_INVALID_CL_HANDLE); } if( (CertGroupFrag.NumCerts == 0) || // list is empty - (CertGroupFrag.CertGroupType != CSSM_CERTGROUP_ENCODED_CERT) || + (CertGroupFrag.CertGroupType != CSSM_CERTGROUP_DATA) || (CertGroupFrag.GroupList.CertList[0].Data == NULL) || // first cert empty (CertGroupFrag.GroupList.CertList[0].Length == 0)) { // first cert empty CssmError::throwMe(CSSMERR_CL_INVALID_CERTGROUP_POINTER); @@ -178,9 +181,11 @@ void AppleTPSession::CertGroupConstructPriv(CSSM_CL_HANDLE clHand, try { certInfo = new TPCertInfo( &CertGroupFrag.GroupList.CertList[0], - clHand); + clHand, + cssmTimeStr); + certInfo->index(0); } - catch(CssmError cerr) { + catch(const CssmError &cerr) { outErr = CSSMERR_TP_INVALID_CERTIFICATE; goto abort; } @@ -189,14 +194,16 @@ void AppleTPSession::CertGroupConstructPriv(CSSM_CL_HANDLE clHand, throw; } + /* Add to outCertGroup even if it's not current */ + outCertGroup->appendCert(certInfo); + + #if TP_CERT_CURRENT_CHECK_INLINE /* verify this first one is current */ outErr = certInfo->isCurrent(allowExpired); if(outErr) { goto abort; } - - /* Add to outCertGroup */ - outCertGroup->appendCert(certInfo); + #endif /* this'll be the first subject cert in the main loop */ subjectCert = certInfo; @@ -208,12 +215,14 @@ void AppleTPSession::CertGroupConstructPriv(CSSM_CL_HANDLE clHand, for(certDex=1; certDexindex(certDex); inCertGroup->appendCert(certInfo); } @@ -278,6 +287,8 @@ void AppleTPSession::CertGroupConstructPriv(CSSM_CL_HANDLE clHand, case CSSMERR_TP_CERT_EXPIRED: /* special case - abort immediateley (note the cert * sig verify succeeded.) */ + /*** for now we include this in the evidence ***/ + outCertGroup->appendCert(subjectCert); outErr = crtn; goto abort; default: @@ -292,33 +303,20 @@ issuerLoopEnd: #if TP_DL_ENABLE if(issuerCert == NULL) { /* Issuer not in incoming cert group. Search DBList. */ - CSSM_DATA_PTR foundCert; - - foundCert = tpFindIssuer(tpHand, + CSSM_BOOL subjectExpired = CSSM_FALSE; + issuerCert = tpFindIssuer(*this, clHand, cspHand, - subjectCert->certData(), + subjectCert, subjectCert->issuerName(), - DBList, + &DBList, + cssmTimeStr, &subjectExpired); if(subjectExpired) { /* special case - abort immediately */ outErr = subjectExpired; goto abort; } - if(foundCert != NULL) { - /* set issuerCert for this found cert */ - issuerCert = new TPCertInfo(foundCert, - clHand, - true); // *do* copy - /* - * free cert data obtained from DB - * FIXME: this assumes that OUR session allocators are the - * same ones used by the DL to malloc this cert! - * FIXME: handle exception here - */ - tpFreeCssmData(*this, foundCert, CSSM_TRUE); - } } /* Issuer not in incoming cert group */ #endif /* TP_DL_ENABLE */ @@ -415,14 +413,20 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, TPCertInfo *lastCert; CSSM_BOOL verifiedToRoot = CSSM_FALSE; TPPolicy policy; - CSSM_RETURN outErr = CSSM_OK; + CSSM_RETURN constructReturn = CSSM_OK; + CSSM_RETURN policyReturn = CSSM_OK; CSSM_RETURN crtn; const CSSM_TP_CALLERAUTH_CONTEXT *cred; CSSM_OID_PTR oid = NULL; - CSSM_BOOL allowExpired = CSSM_FALSE; TPCertGroup *tpCertGroup = NULL; // created by // CertGroupConstructPriv TPCertInfo *certInfo = NULL; + CSSM_BOOL allowExpired = CSSM_FALSE; + /* declare volatile as compiler workaround to avoid caching in CR4 */ + const CSSM_APPLE_TP_ACTION_DATA * volatile actionData = NULL; + const CSSM_APPLE_TP_SSL_OPTIONS *sslOpts = NULL; + const CSSM_DATA *fieldVal; + CSSM_TIMESTRING cssmTimeStr; /* verify input args, skipping the ones checked by CertGroupConstruct */ if((VerifyContext == NULL) || (VerifyContext->Cred == NULL)) { @@ -431,11 +435,6 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, } cred = VerifyContext->Cred; - /* allow cert expiration errors? */ - if(cred->Policy.PolicyControl == CSSM_TP_ALLOW_EXPIRE) { - allowExpired = CSSM_TRUE; - } - /* Check out requested policies */ switch(cred->Policy.NumberOfPolicyIds) { case 0: @@ -446,23 +445,40 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, if(cred->Policy.PolicyIds == NULL) { CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); } - - /* - * none of the supported policies allow any additional params - */ - if((cred->Policy.PolicyIds->FieldValue.Data != NULL) || - (cred->Policy.PolicyIds->FieldValue.Length != 0)) { - CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); - } - oid = &cred->Policy.PolicyIds->FieldOid; + fieldVal = &cred->Policy.PolicyIds->FieldValue; + oid = &cred->Policy.PolicyIds->FieldOid; if(tpCompareOids(oid, &CSSMOID_APPLE_ISIGN)) { policy = kTPiSign; + /* no options */ + if(fieldVal->Data != NULL) { + CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); + } } else if(tpCompareOids(oid, &CSSMOID_APPLE_X509_BASIC)) { policy = kTPx509Basic; + /* no options */ + if(fieldVal->Data != NULL) { + CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); + } } else if(tpCompareOids(oid, &CSSMOID_APPLE_TP_SSL)) { policy = kTP_SSL; + /* SSL-specific options */ + sslOpts = (CSSM_APPLE_TP_SSL_OPTIONS *)fieldVal->Data; + if(sslOpts != NULL) { + switch(sslOpts->Version) { + case CSSM_APPLE_TP_SSL_OPTS_VERSION: + if(fieldVal->Length != + sizeof(CSSM_APPLE_TP_SSL_OPTIONS)) { + CssmError::throwMe( + CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); + } + break; + /* handle backwards compatibility here if necessary */ + default: + CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); + } + } } else { /* unknown TP OID */ @@ -474,6 +490,28 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); } + /* Optional ActionData affecting all policies */ + actionData = (CSSM_APPLE_TP_ACTION_DATA * volatile)VerifyContext->ActionData.Data; + if(actionData != NULL) { + switch(actionData->Version) { + case CSSM_APPLE_TP_ACTION_VERSION: + if(VerifyContext->ActionData.Length != + sizeof(CSSM_APPLE_TP_ACTION_DATA)) { + CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA); + } + break; + /* handle backwards versions here if we ever go byond version 0 */ + default: + CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA); + } + if(actionData->ActionFlags & CSSM_TP_ACTION_ALLOW_EXPIRED) { + allowExpired = CSSM_TRUE; + } + } + + /* optional, may be NULL */ + cssmTimeStr = cred->VerifyTime; + /* now the args we can't deal with */ if(cred->CallerCredentials != NULL) { CssmError::throwMe(CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER); @@ -490,11 +528,16 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, NULL, CertGroupToBeVerified, allowExpired, + cssmTimeStr, tpCertGroup); } - catch(CssmError cerr) { - outErr = cerr.cssmError(); - goto out; + catch(const CssmError &cerr) { + constructReturn = cerr.cssmError(); + /* abort if no certs found */ + if((tpCertGroup == NULL) || (tpCertGroup->numCerts() == 0)) { + CssmError::throwMe(constructReturn); + } + /* else press on, collecting as much info as we can */ } /* others are way fatal */ CASSERT(tpCertGroup != NULL); @@ -516,27 +559,31 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, for(i=0; iNumberOfAnchorCerts; i++) { if(tp_CompareCerts(lastCert->certData(), &cred->AnchorCerts[i])) { /* one fully successful return */ - outErr = CSSM_OK; goto out; } } /* verified to a root cert which is not an anchor */ - outErr = CSSMERR_TP_INVALID_ANCHOR_CERT; + constructReturn = CSSMERR_TP_INVALID_ANCHOR_CERT; goto out; } /* try to validate lastCert with anchor certs */ - /* note we're skipping the subject/issuer check...OK? */ for(i=0; iNumberOfAnchorCerts; i++) { try { certInfo = new TPCertInfo(&cred->AnchorCerts[i], - clHand); + clHand, + cssmTimeStr); } catch(...) { /* bad anchor cert - ignore it */ continue; } + if(!tpIsSameName(lastCert->issuerName(), certInfo->subjectName())) { + /* not this anchor */ + delete certInfo; + continue; + } crtn = tp_VerifyCert(clHand, cspHand, lastCert, @@ -546,7 +593,6 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, switch(crtn) { case CSSM_OK: /* The other normal fully successful return. */ - outErr = CSSM_OK; if(certInfo->isSelfSigned()) { verifiedToRoot = CSSM_TRUE; } @@ -556,21 +602,26 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, */ try { tpCertGroup->appendCert(certInfo); + certInfo->isAnchor(true); + certInfo->index(i); } catch(...) { /* shoot - must be memory error */ verifiedToRoot = CSSM_FALSE; delete certInfo; - outErr = CSSMERR_TP_MEMORY_ERROR; + constructReturn = CSSMERR_TP_MEMORY_ERROR; } goto out; + #if TP_CERT_CURRENT_CHECK_INLINE case CSSMERR_TP_CERT_NOT_VALID_YET: case CSSMERR_TP_CERT_EXPIRED: /* special case - abort immediateley */ delete certInfo; - outErr = crtn; + constructReturn = crtn; goto out; + #endif /* TP_CERT_CURRENT_CHECK_INLINE */ + default: /* continue to next anchor */ delete certInfo; @@ -579,7 +630,7 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, } /* for each anchor */ /* partial chain, no root, not verifiable by anchor */ - outErr = CSSMERR_TP_NOT_TRUSTED; + constructReturn = CSSMERR_TP_NOT_TRUSTED; /* common exit - error or success */ out: @@ -589,7 +640,11 @@ out: * SSL: CSSMERR_TP_NOT_TRUSTED and CSSMERR_TP_INVALID_ANCHOR_CERT * are both special cases which can result in full success. */ - if((policy == kTP_SSL) && (outErr == CSSMERR_TP_NOT_TRUSTED)) { + #if TP_ROOT_CERT_ENABLE + if((policy == kTP_SSL) && + (constructReturn == CSSMERR_TP_NOT_TRUSTED) && + (actionData != NULL) && + (actionData->ActionFlags & 0x80000000)) {// The secret "enable root cert check" flag /* see if last cert can be verified by an embedded SSL root */ certInfo = tpCertGroup->lastCert(); CSSM_BOOL brtn = tp_verifyWithSslRoots(clHand, @@ -599,43 +654,65 @@ out: /* SSL success with no incoming root */ /* note unknown incoming root (INVALID_ANCHOR_CERT) is handled * below, after tp_policyVerify */ - outErr = CSSM_OK; + constructReturn = CSSM_OK; } } - if((outErr == CSSM_OK) || // full success so far - (outErr == CSSMERR_TP_INVALID_ANCHOR_CERT)) { // OK, but root not an anchor - - CSSM_RETURN crtn = tp_policyVerify(policy, + #endif /* TP_ROOT_CERT_ENABLE */ + if(tpCertGroup->numCerts() != 0) { + /* policy check if we saw even one cert */ + policyReturn = tp_policyVerify(policy, *this, clHand, cspHand, tpCertGroup, - verifiedToRoot); - if(crtn) { - /* don't override existing INVALID_ANCHOR_CERT on policy success */ - outErr = crtn; - } - else if((outErr == CSSMERR_TP_INVALID_ANCHOR_CERT) && (policy == kTP_SSL)) { + verifiedToRoot, + actionData, + sslOpts, + cred->Policy.PolicyControl); // not currently used + #if TP_ROOT_CERT_ENABLE + if((policyReturn == CSSM_OK) && + (constructReturn == CSSMERR_TP_INVALID_ANCHOR_CERT) && + (policy == kTP_SSL) && + (actionData != NULL) && + (actionData->ActionFlags & 0x80000000)) { + /* The secret "enable root cert check" flag... */ /* SSL - found a good anchor, move to full success */ - outErr = CSSM_OK; + constructReturn = CSSM_OK; } + #endif } /* return evidence - i.e., current chain - if asked to */ if(VerifyContextResult != NULL) { - /* The spec is utterly bogus. We're going to punt and use - * CSSM_EVIDENCE_FORM_UNSPECIFIC to mean just a pointer to - * a CSSM_CERTGROUP. How's that!? + /* + * VerifyContextResult->Evidence[0] : CSSM_TP_APPLE_EVIDENCE_HEADER + * VerifyContextResult->Evidence[1] : CSSM_CERTGROUP + * VerifyContextResult->Evidence[2] : CSSM_TP_APPLE_EVIDENCE_INFO */ - VerifyContextResult->NumberOfEvidences = 1; + VerifyContextResult->NumberOfEvidences = 3; VerifyContextResult->Evidence = - (CSSM_EVIDENCE_PTR)malloc(sizeof(CSSM_EVIDENCE)); - VerifyContextResult->Evidence->EvidenceForm = CSSM_EVIDENCE_FORM_UNSPECIFIC; - VerifyContextResult->Evidence->Evidence = - tpCertGroup->buildCssmCertGroup(); + (CSSM_EVIDENCE_PTR)calloc(3, sizeof(CSSM_EVIDENCE)); + + CSSM_TP_APPLE_EVIDENCE_HEADER *hdr = + (CSSM_TP_APPLE_EVIDENCE_HEADER *)malloc(sizeof(CSSM_TP_APPLE_EVIDENCE_HEADER)); + hdr->Version = CSSM_TP_APPLE_EVIDENCE_VERSION; + CSSM_EVIDENCE_PTR ev = &VerifyContextResult->Evidence[0]; + ev->EvidenceForm = CSSM_EVIDENCE_FORM_APPLE_HEADER; + ev->Evidence = hdr; + + ev = &VerifyContextResult->Evidence[1]; + ev->EvidenceForm = CSSM_EVIDENCE_FORM_APPLE_CERTGROUP; + ev->Evidence = tpCertGroup->buildCssmCertGroup(); + + ev = &VerifyContextResult->Evidence[2]; + ev->EvidenceForm = CSSM_EVIDENCE_FORM_APPLE_CERT_INFO; + ev->Evidence = tpCertGroup->buildCssmEvidenceInfo(); + } - - /* delete (internaluse only) TPCertGroup */ + CSSM_RETURN outErr = tpCertGroup->getReturnCode(constructReturn, + allowExpired, policyReturn); + + /* delete (internal use only) TPCertGroup */ delete tpCertGroup; if(outErr) { CssmError::throwMe(outErr); diff --git a/AppleX509TP/tpCredRequest.cpp b/AppleX509TP/tpCredRequest.cpp new file mode 100644 index 00000000..ee3be4fe --- /dev/null +++ b/AppleX509TP/tpCredRequest.cpp @@ -0,0 +1,789 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * tpCredRequest.cpp - credential request functions SubmitCredRequest, + * RetrieveCredResult + * + * Created 1/24/2002 by Doug Mitchell. + */ + +#include "AppleTPSession.h" +#include "certGroupUtils.h" +#include "tpdebugging.h" +#include "tpTime.h" +#include +#include +#include +#include +#include +#include +#include + +#define tpCredDebug(args...) debug("tpCred", ## args) + +/* + * Build up a CSSM_X509_NAME from an arbitrary list of name/OID pairs. + * We do one a/v pair per RDN. + */ +CSSM_X509_NAME * AppleTPSession::buildX509Name( + const CSSM_APPLE_TP_NAME_OID *nameArray, + unsigned numNames) +{ + CSSM_X509_NAME *top = (CSSM_X509_NAME *)malloc(sizeof(CSSM_X509_NAME)); + top->numberOfRDNs = numNames; + top->RelativeDistinguishedName = + (CSSM_X509_RDN_PTR)malloc(sizeof(CSSM_X509_RDN) * numNames); + CSSM_X509_RDN_PTR rdn; + const CSSM_APPLE_TP_NAME_OID *nameOid; + unsigned nameDex; + for(nameDex=0; nameDexRelativeDistinguishedName[nameDex]; + nameOid = &nameArray[nameDex]; + rdn->numberOfPairs = 1; + rdn->AttributeTypeAndValue = (CSSM_X509_TYPE_VALUE_PAIR_PTR) + malloc(sizeof(CSSM_X509_TYPE_VALUE_PAIR)); + CSSM_X509_TYPE_VALUE_PAIR_PTR atvp = rdn->AttributeTypeAndValue; + tpCopyCssmData(*this, nameOid->oid, &atvp->type); + atvp->valueType = BER_TAG_PRINTABLE_STRING; + atvp->value.Length = strlen(nameOid->string); + atvp->value.Data = (uint8 *)malloc(atvp->value.Length); + memmove(atvp->value.Data, nameOid->string, atvp->value.Length); + } + return top; +} + +/* free the CSSM_X509_NAME obtained from buildX509Name */ +void AppleTPSession::freeX509Name( + CSSM_X509_NAME *top) +{ + if(top == NULL) { + return; + } + unsigned nameDex; + CSSM_X509_RDN_PTR rdn; + for(nameDex=0; nameDexnumberOfRDNs; nameDex++) { + rdn = &top->RelativeDistinguishedName[nameDex]; + if(rdn->AttributeTypeAndValue) { + for(unsigned aDex=0; aDexnumberOfPairs; aDex++) { + CSSM_X509_TYPE_VALUE_PAIR_PTR atvp = + &rdn->AttributeTypeAndValue[aDex]; + free(atvp->type.Data); + free(atvp->value.Data); + } + free(rdn->AttributeTypeAndValue); + } + } + free(top->RelativeDistinguishedName); + free(top); +} + +/* Obtain a CSSM_X509_TIME representing "now" plus specified seconds */ + +/* + * Although RFC 2459, *the* spec for X509 certs, allows for not before/after + * times to be expressed in ther generalized (4-digit year) or UTC (2-digit year + * with implied century rollover), IE 5 on Mac will not accept the generalized + * format. + */ +#define TP_FOUR_DIGIT_YEAR 0 +#if TP_FOUR_DIGIT_YEAR +#define TP_TIME_FORMAT TIME_GEN +#define TP_TIME_TAG BER_TAG_GENERALIZED_TIME +#else +#define TP_TIME_FORMAT TIME_UTC +#define TP_TIME_TAG BER_TAG_UTC_TIME +#endif /* TP_FOUR_DIGIT_YEAR */ + +CSSM_X509_TIME * AppleTPSession::buildX509Time( + unsigned secondsFromNow) +{ + CSSM_X509_TIME *xtime = (CSSM_X509_TIME *)malloc(sizeof(CSSM_X509_TIME)); + xtime->timeType = TP_TIME_TAG; + char *ts = (char *)malloc(GENERALIZED_TIME_STRLEN + 1); + { + StLock _(tpTimeLock()); + timeAtNowPlus(secondsFromNow, TP_TIME_FORMAT, ts); + } + xtime->time.Data = (uint8 *)ts; + xtime->time.Length = strlen(ts); + return xtime; +} + +/* Free CSSM_X509_TIME obtained in buildX509Time */ +void AppleTPSession::freeX509Time( + CSSM_X509_TIME *xtime) +{ + if(xtime == NULL) { + return; + } + free((char *)xtime->time.Data); + free(xtime); +} + +/* + * Cook up a CSSM_DATA with specified integer, DER style (minimum number of + * bytes, big-endian). + */ +static void intToDER( + uint32 theInt, + CSSM_DATA &DER_Data, + CssmAllocator &alloc) +{ + if(theInt < 0x100) { + DER_Data.Length = 1; + DER_Data.Data = (uint8 *)alloc.malloc(1); + DER_Data.Data[0] = (unsigned char)(theInt); + } + else if(theInt < 0x10000) { + DER_Data.Length = 2; + DER_Data.Data = (uint8 *)alloc.malloc(2); + DER_Data.Data[0] = (unsigned char)(theInt >> 8); + DER_Data.Data[1] = (unsigned char)(theInt); + } + else if(theInt < 0x1000000) { + DER_Data.Length = 3; + DER_Data.Data = (uint8 *)alloc.malloc(3); + DER_Data.Data[0] = (unsigned char)(theInt >> 16); + DER_Data.Data[1] = (unsigned char)(theInt >> 8); + DER_Data.Data[2] = (unsigned char)(theInt); + } + else { + DER_Data.Length = 4; + DER_Data.Data = (uint8 *)alloc.malloc(4); + DER_Data.Data[0] = (unsigned char)(theInt >> 24); + DER_Data.Data[1] = (unsigned char)(theInt >> 16); + DER_Data.Data[2] = (unsigned char)(theInt >> 8); + DER_Data.Data[3] = (unsigned char)(theInt); + } +} + +/* The reverse of the above. */ +static uint32 DERToInt( + const CSSM_DATA &DER_Data) +{ + uint32 rtn = 0; + uint8 *bp = DER_Data.Data; + for(unsigned dex=0; dexKeyHeader.BlobType) { + case CSSM_KEYBLOB_RAW: + actPubKey = subjectPubKey; + break; + case CSSM_KEYBLOB_REFERENCE: + refKeyToRaw(cspHand, subjectPubKey, &rawPubKey); + actPubKey = &rawPubKey; + freeRawKey = CSSM_TRUE; + break; + default: + tpCredDebug("CSSM_CL_CertCreateTemplate: bad key blob type (%u)", + (unsigned)subjectPubKey->KeyHeader.BlobType); + CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); + } + + + /* + * version, always 2 (X509v3) + * serialNumber thru subjectPubKey + */ + unsigned numFields = 8 + numExtensions; + if(subjectUniqueId) { + numFields++; + } + if(issuerUniqueId) { + numFields++; + } + + certTemp = (CSSM_FIELD *)malloc(sizeof(CSSM_FIELD) * numFields); + + + /* version */ + intToDER(2, versionDER, *this); + certTemp[fieldDex].FieldOid = CSSMOID_X509V1Version; + certTemp[fieldDex++].FieldValue = versionDER; + + /* serial number */ + intToDER(serialNumber, serialDER, *this); + certTemp[fieldDex].FieldOid = CSSMOID_X509V1SerialNumber; + certTemp[fieldDex++].FieldValue = serialDER; + + /* subject and issuer name */ + certTemp[fieldDex].FieldOid = CSSMOID_X509V1IssuerNameCStruct; + certTemp[fieldDex].FieldValue.Data = (uint8 *)issuerName; + certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_NAME); + + certTemp[fieldDex].FieldOid = CSSMOID_X509V1SubjectNameCStruct; + certTemp[fieldDex].FieldValue.Data = (uint8 *)subjectName; + certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_NAME); + + /* not before/after */ + certTemp[fieldDex].FieldOid = CSSMOID_X509V1ValidityNotBefore; + certTemp[fieldDex].FieldValue.Data = (uint8 *)notBefore; + certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_TIME); + + certTemp[fieldDex].FieldOid = CSSMOID_X509V1ValidityNotAfter; + certTemp[fieldDex].FieldValue.Data = (uint8 *)notAfter; + certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_TIME); + + /* the subject key */ + certTemp[fieldDex].FieldOid = CSSMOID_CSSMKeyStruct; + certTemp[fieldDex].FieldValue.Data = (uint8 *)actPubKey; + certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_KEY); + + /* signature algorithm */ + certTemp[fieldDex].FieldOid = CSSMOID_X509V1SignatureAlgorithmTBS; + certTemp[fieldDex].FieldValue.Data = (uint8 *)&algId; + certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_ALGORITHM_IDENTIFIER); + + /* subject/issuer unique IDs */ + if(subjectUniqueId != 0) { + certTemp[fieldDex].FieldOid = CSSMOID_X509V1CertificateSubjectUniqueId; + certTemp[fieldDex++].FieldValue = *subjectUniqueId; + } + if(issuerUniqueId != 0) { + certTemp[fieldDex].FieldOid = CSSMOID_X509V1CertificateIssuerUniqueId; + certTemp[fieldDex++].FieldValue = *issuerUniqueId; + } + + for(extNum=0; extNumformat == CSSM_X509_DATAFORMAT_PARSED) { + certTemp[fieldDex].FieldOid = ext->extnId; + } + else { + certTemp[fieldDex].FieldOid = CSSMOID_X509V3CertificateExtensionCStruct; + } + certTemp[fieldDex].FieldValue.Data = (uint8 *)ext; + certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_EXTENSION); + } + assert(fieldDex == numFields); + + /* + * OK, here we go + */ + rawCert = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); + rawCert->Data = NULL; + rawCert->Length = 0; + CSSM_RETURN crtn = CSSM_CL_CertCreateTemplate(clHand, + fieldDex, + certTemp, + rawCert); + if(crtn) { + tpCredDebug("CSSM_CL_CertCreateTemplate returned %s", + cssmErrorString(crtn).c_str()); + free(rawCert->Data); + free(rawCert); + rawCert = NULL; + } + + /* free the stuff we mallocd to get here */ + free(serialDER.Data); + free(versionDER.Data); + free(certTemp); + if(freeRawKey) { + tpFreeCssmData(*this, &rawPubKey.KeyData, CSSM_FALSE); + } + if(crtn) { + CssmError::throwMe(crtn); + } +} + +/* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and + * add it and the cert to tpCredMap. */ +void AppleTPSession::addCertToMap( + const CSSM_DATA *cert, + CSSM_DATA_PTR refId) +{ + StLock _(tpCredMapLock); + + TpCredHandle hand = reinterpret_cast(cert); + intToDER(hand, *refId, *this); + tpCredMap[hand] = cert; +} + +/* given a ReferenceIdentifier, obtain associated cert and remove from the map */ +CSSM_DATA_PTR AppleTPSession::getCertFromMap( + const CSSM_DATA *refId) +{ + StLock _(tpCredMapLock); + CSSM_DATA_PTR rtn = NULL; + + if((refId == NULL) || (refId->Data == NULL)) { + return NULL; + } + TpCredHandle hand = DERToInt(*refId); + credMap::iterator it = tpCredMap.find(hand); + if(it == tpCredMap.end()) { + return NULL; + } + rtn = const_cast(it->second); + tpCredMap.erase(hand); + return rtn; +} + +/* + * SubmitCredRequest, CSR form. + */ +void AppleTPSession::SubmitCsrRequest( + const CSSM_TP_REQUEST_SET &RequestInput, + sint32 &EstimatedTime, // RETURNED + CssmData &ReferenceIdentifier) // RETURNED +{ + CSSM_DATA_PTR csrPtr = NULL; + CSSM_CC_HANDLE sigHand = 0; + CSSM_APPLE_CL_CSR_REQUEST csrReq; + + memset(&csrReq, 0, sizeof(csrReq)); + + /* for now we're using the same struct for input as the the normal + * X509 cert request. */ + CSSM_APPLE_TP_CERT_REQUEST *certReq = + (CSSM_APPLE_TP_CERT_REQUEST *)RequestInput.Requests; + if((certReq->cspHand == 0) || + (certReq->clHand == 0) || + (certReq->certPublicKey == NULL) || + (certReq->issuerPrivateKey == NULL) || + (certReq->signatureOid.Data == NULL)) { + CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); + } + if((certReq->subjectNames == NULL) || + (certReq->numSubjectNames == 0)) { + CssmError::throwMe(CSSMERR_TP_INVALID_NAME); + } + + /* convert ref public key to raw per CL requirements */ + const CSSM_KEY *subjectPubKey = certReq->certPublicKey; + const CSSM_KEY *actPubKey = NULL; + CSSM_BOOL freeRawKey = CSSM_FALSE; + CSSM_KEY rawPubKey; + + switch(subjectPubKey->KeyHeader.BlobType) { + case CSSM_KEYBLOB_RAW: + actPubKey = subjectPubKey; + break; + case CSSM_KEYBLOB_REFERENCE: + refKeyToRaw(certReq->cspHand, subjectPubKey, &rawPubKey); + actPubKey = &rawPubKey; + freeRawKey = CSSM_TRUE; + break; + default: + tpCredDebug("SubmitCsrRequest: bad key blob type (%u)", + (unsigned)subjectPubKey->KeyHeader.BlobType); + CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); + } + + /* cook up a CL-passthrough-specific request */ + csrReq.subjectNameX509 = buildX509Name(certReq->subjectNames, + certReq->numSubjectNames); + csrReq.signatureAlg = certReq->signatureAlg; + csrReq.signatureOid = certReq->signatureOid; + csrReq.cspHand = certReq->cspHand; + csrReq.subjectPublicKey = actPubKey; + csrReq.subjectPrivateKey = certReq->issuerPrivateKey; + csrReq.challengeString = certReq->challengeString; + + /* A crypto handle to pass to the CL */ + CSSM_RETURN crtn; + crtn = CSSM_CSP_CreateSignatureContext(certReq->cspHand, + certReq->signatureAlg, + NULL, // AccessCred + certReq->issuerPrivateKey, + &sigHand); + if(crtn) { + tpCredDebug("CSSM_CSP_CreateSignatureContext returned %s", + cssmErrorString(crtn).c_str()); + goto abort; + } + + /* down to the CL to do the actual work */ + crtn = CSSM_CL_PassThrough(certReq->clHand, + sigHand, + CSSM_APPLEX509CL_OBTAIN_CSR, + &csrReq, + (void **)&csrPtr); + if(crtn) { + tpCredDebug("CSSM_CSP_CreateSignatureContext returned %s", + cssmErrorString(crtn).c_str()); + goto abort; + } + + /* save it for retrieval by RetrieveCredResult */ + addCertToMap(csrPtr, &ReferenceIdentifier); + EstimatedTime = 0; + +abort: + /* free local resources */ + if(csrReq.subjectNameX509) { + freeX509Name(csrReq.subjectNameX509); + } + if(sigHand) { + CSSM_DeleteContext(sigHand); + } + if(freeRawKey) { + tpFreeCssmData(*this, &rawPubKey.KeyData, CSSM_FALSE); + } + if(crtn) { + CssmError::throwMe(crtn); + } +} + +/* + * Submit cred (cert) request. Currently the only form of request we + * handle is the basis "sign this cert with key right now", with policy OI + * CSSMOID_APPLE_TP_LOCAL_CERT_GEN. + */ +void AppleTPSession::SubmitCredRequest( + const CSSM_TP_AUTHORITY_ID *PreferredAuthority, + CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType, + const CSSM_TP_REQUEST_SET &RequestInput, + const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext, + sint32 &EstimatedTime, + CssmData &ReferenceIdentifier) +{ + /* free all of these on return if non-NULL */ + CSSM_DATA_PTR certTemplate = NULL; + CSSM_X509_TIME_PTR notBeforeX509 = NULL; + CSSM_X509_TIME_PTR notAfterX509 = NULL; + CSSM_X509_NAME_PTR subjectX509 = NULL; + CSSM_X509_NAME_PTR issuerX509 = NULL; + CSSM_X509_EXTENSION_PTR extens509 = NULL; + CSSM_CC_HANDLE sigContext = 0; + + /* this gets saved on success */ + CSSM_DATA_PTR signedCert = NULL; + + /* validate rather limited set of input args */ + if(PreferredAuthority != NULL) { + CssmError::throwMe(CSSMERR_TP_INVALID_AUTHORITY); + } + if(RequestType != CSSM_TP_AUTHORITY_REQUEST_CERTISSUE) { + CssmError::throwMe(CSSMERR_TP_UNSUPPORTED_SERVICE); + } + if(CallerAuthContext == NULL) { + CssmError::throwMe(CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER); + } + if((RequestInput.NumberOfRequests != 1) || + (RequestInput.Requests == NULL)) { + CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); + } + + /* Apple-specific args */ + const CSSM_TP_POLICYINFO *tpPolicy = &CallerAuthContext->Policy; + if((tpPolicy->NumberOfPolicyIds != 1) || + (tpPolicy->PolicyIds == NULL)) { + CssmError::throwMe(CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER); + } + if(tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid, + &CSSMOID_APPLE_TP_CSR_GEN)) { + /* break out to CSR-specific code */ + SubmitCsrRequest(RequestInput, EstimatedTime, ReferenceIdentifier); + return; + } + else if(!tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid, + &CSSMOID_APPLE_TP_LOCAL_CERT_GEN)) { + CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); + } + + CSSM_APPLE_TP_CERT_REQUEST *certReq = + (CSSM_APPLE_TP_CERT_REQUEST *)RequestInput.Requests; + if((certReq->cspHand == 0) || + (certReq->clHand == 0) || + (certReq->certPublicKey == NULL) || + (certReq->issuerPrivateKey == NULL)) { + CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); + } + if((certReq->subjectNames == NULL) || + (certReq->numSubjectNames == 0)) { + CssmError::throwMe(CSSMERR_TP_INVALID_NAME); + } + if((certReq->numExtensions != 0) & (certReq->extensions == NULL)) { + CssmError::throwMe(CSSMERR_TP_INVALID_POINTER); + } + + CSSM_RETURN ourRtn = CSSM_OK; + + try { + /* convert caller's friendly names and times to CDSA style */ + subjectX509 = buildX509Name(certReq->subjectNames, certReq->numSubjectNames); + if(certReq->issuerNames != NULL) { + issuerX509 = buildX509Name(certReq->issuerNames, certReq->numIssuerNames); + } + else if(certReq->issuerNameX509) { + /* caller obtained this from an existing signer's cert */ + issuerX509 = certReq->issuerNameX509; + } + else { + /* self-signed */ + issuerX509 = subjectX509; + } + notBeforeX509 = buildX509Time(certReq->notBefore); + notAfterX509 = buildX509Time(certReq->notAfter); + + if(certReq->numExtensions != 0) { + /* convert extensions array from CE_DataAndType to CSSM_X509_EXTENSION */ + extens509 = (CSSM_X509_EXTENSION *)malloc(sizeof(CSSM_X509_EXTENSION) * + certReq->numExtensions); + memset(extens509, 0, sizeof(CSSM_X509_EXTENSION) * + certReq->numExtensions); + for(unsigned dex=0; dexnumExtensions; dex++) { + CSSM_X509_EXTENSION *extn = &extens509[dex]; + CE_DataAndType *cdt = &certReq->extensions[dex]; + void *parsedValue; + CSSM_OID extnId; + + switch(cdt->type) { + case DT_AuthorityKeyID: + parsedValue = &cdt->extension.authorityKeyID; + extnId = CSSMOID_AuthorityKeyIdentifier; + break; + case DT_SubjectKeyID: + parsedValue = &cdt->extension.subjectKeyID; + extnId = CSSMOID_SubjectKeyIdentifier; + break; + case DT_KeyUsage: + parsedValue = &cdt->extension.keyUsage; + extnId = CSSMOID_KeyUsage; + break; + case DT_SubjectAltName: + parsedValue = &cdt->extension.subjectAltName; + extnId = CSSMOID_SubjectAltName; + break; + case DT_ExtendedKeyUsage: + parsedValue = &cdt->extension.extendedKeyUsage; + extnId = CSSMOID_ExtendedKeyUsage; + break; + case DT_BasicConstraints: + parsedValue = &cdt->extension.basicConstraints; + extnId = CSSMOID_BasicConstraints; + break; + case DT_CertPolicies: + parsedValue = &cdt->extension.certPolicies; + extnId = CSSMOID_CertificatePolicies; + break; + case DT_NetscapeCertType: + parsedValue = &cdt->extension.netscapeCertType; + extnId = CSSMOID_NetscapeCertType; + break; + case DT_Other: + default: + tpCredDebug("SubmitCredRequest: DT_Other not supported"); + CssmError::throwMe(CSSMERR_TP_UNKNOWN_TAG); + // NOT REACHED + } + extn->extnId = extnId; + extn->critical = cdt->critical; + extn->format = CSSM_X509_DATAFORMAT_PARSED; + extn->value.parsedValue = parsedValue; + extn->BERvalue.Data = NULL; + extn->BERvalue.Length = 0; + } /* for each extension */ + } /* converting extensions */ + + /* cook up the unsigned template */ + makeCertTemplate(certReq->clHand, + certReq->cspHand, + certReq->serialNumber, + issuerX509, + subjectX509, + notBeforeX509, + notAfterX509, + certReq->certPublicKey, + certReq->signatureOid, + NULL, // subjectUniqueID, not used here (yet) + NULL, // issuerUniqueId + extens509, + certReq->numExtensions, + certTemplate); + + /* create signature context */ + ourRtn = CSSM_CSP_CreateSignatureContext(certReq->cspHand, + certReq->signatureAlg, + NULL, // AccessCred + certReq->issuerPrivateKey, + &sigContext); + if(ourRtn) { + tpCredDebug("CSSM_CSP_CreateSignatureContext returned %s", + cssmErrorString(ourRtn).c_str()); + CssmError::throwMe(ourRtn); + } + + signedCert = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); + signedCert->Data = NULL; + signedCert->Length = 0; + ourRtn = CSSM_CL_CertSign(certReq->clHand, + sigContext, + certTemplate, // CertToBeSigned + NULL, // SignScope + 0, // ScopeSize, + signedCert); + if(ourRtn) { + tpCredDebug("CSSM_CL_CertSign returned %s", + cssmErrorString(ourRtn).c_str()); + CssmError::throwMe(ourRtn); + } + + /* save it for retrieval by RetrieveCredResult */ + addCertToMap(signedCert, &ReferenceIdentifier); + EstimatedTime = 0; + } + catch (const CssmError &cerr) { + tpCredDebug("SubmitCredRequest: CSSM error %s", + cssmErrorString(cerr).c_str()); + ourRtn = cerr.cssmError(); + } + catch(...) { + tpCredDebug("SubmitCredRequest: unknown exception"); + ourRtn = CSSMERR_TP_INTERNAL_ERROR; // ?? + } + + /* free reources */ + tpFreeCssmData(*this, certTemplate, CSSM_TRUE); + freeX509Name(subjectX509); + if(certReq->issuerNames) { + freeX509Name(issuerX509); + } + /* else same as subject */ + freeX509Time(notBeforeX509); + freeX509Time(notAfterX509); + if(extens509) { + free(extens509); + } + if(sigContext != 0) { + CSSM_DeleteContext(sigContext); + } + if(ourRtn) { + CssmError::throwMe(ourRtn); + } +} + +void AppleTPSession::RetrieveCredResult( + const CssmData &ReferenceIdentifier, + const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, + sint32 &EstimatedTime, + CSSM_BOOL &ConfirmationRequired, + CSSM_TP_RESULT_SET_PTR &RetrieveOutput) +{ + const CSSM_DATA *cert = getCertFromMap(&ReferenceIdentifier); + + if(cert == NULL) { + tpCredDebug("RetrieveCredResult: refId not found"); + CssmError::throwMe(CSSMERR_TP_INVALID_IDENTIFIER); + } + + /* CSSM_TP_RESULT_SET.Results points to a CSSM_ENCODED_CERT */ + CSSM_ENCODED_CERT *encCert = (CSSM_ENCODED_CERT *)malloc(sizeof(CSSM_ENCODED_CERT)); + encCert->CertType = CSSM_CERT_X_509v3; + encCert->CertEncoding = CSSM_CERT_ENCODING_DER; + + /* + * caller must free all three: + * CSSM_TP_RESULT_SET_PTR RetrieveOutput + * RetrieveOutput->Results (CSSM_ENCODED_CERT *encCert) + * encCert->CertBlob.Data (the actual cert) + */ + encCert->CertBlob = *cert; + RetrieveOutput = (CSSM_TP_RESULT_SET_PTR)malloc( + sizeof(CSSM_TP_RESULT_SET)); + RetrieveOutput->Results = encCert; + RetrieveOutput->NumberOfResults = 1; + ConfirmationRequired = CSSM_FALSE; + EstimatedTime = 0; +} diff --git a/AppleX509TP/tpPolicies.cpp b/AppleX509TP/tpPolicies.cpp index 177b72fe..36d8e06f 100644 --- a/AppleX509TP/tpPolicies.cpp +++ b/AppleX509TP/tpPolicies.cpp @@ -35,6 +35,8 @@ #include #include #include +#include +#include /* * Our private per-extension info. One of these per (understood) extension per @@ -290,6 +292,7 @@ static void iSignFreeCertInfo( } } +#if TP_ROOT_CERT_ENABLE /* * Common code for comparing a root to a list of known embedded roots. */ @@ -317,11 +320,11 @@ static CSSM_BOOL tp_isKnownRootCert( */ for(dex=0; dexKeyClass = CSSM_KEYCLASS_PUBLIC_KEY; hdr->KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE; hdr->KeyUsage = CSSM_KEYUSE_VERIFY; - - for(dex=0; dexsubjectName, certToVfy->issuerName())) { + + rootCerts = TPRootStore::tpGlobalRoots().rootCerts(clHand, numRootCerts); + for(dex=0; dexsubjectName, certToVfy->issuerName())) { /* not this root */ continue; } - rootKey.KeyData = *rootInfo->publicKey; + + /* only variation in key in the loop - raw key bits and size */ + rootKey.KeyData = rootInfo->publicKey; hdr->LogicalKeySizeInBits = rootInfo->keySize; crtn = CSSM_CSP_CreateSignatureContext(cspHand, sigAlg, @@ -457,6 +474,146 @@ errOut: } return brtn; } +#endif /* TP_ROOT_CERT_ENABLE */ + +/* + * Convert a C string to lower case in place. NULL terminator not needed. + */ +static void tpToLower( + char *str, + unsigned strLen) +{ + for(unsigned i=0; iServerNameLen; + char *commonName = NULL; + uint32 commonNameLen = 0; + + if(serverNameLen == 0) { + /* optional */ + return CSSM_OK; + } + if(sslOpts->ServerName == NULL) { + return CSSMERR_TP_INVALID_POINTER; + } + + /* Obtain subject name of leaf cert in CSSM_X509_NAME_PTR form */ + TPCertInfo *leaf = certGroup.certAtIndex(0); + assert(leaf != NULL); + CSSM_RETURN crtn; + crtn = leaf->fetchField(&CSSMOID_X509V1SubjectNameCStruct, &subjNameData); + if(crtn) { + /* should never happen, we shouldn't be here if there is no subject */ + errorLog0("tp_verifySslOpts: error retrieving subject name\n"); + return crtn; + } + CSSM_X509_NAME_PTR x509name = (CSSM_X509_NAME_PTR)subjNameData->Data; + if((x509name == NULL) || (subjNameData->Length != sizeof(CSSM_X509_NAME))) { + errorLog0("tp_verifySslOpts: malformed CSSM_X509_NAME\n"); + crtn = CSSMERR_TP_INVALID_CERTGROUP; + goto done; + } + + /* Now grunge thru the X509 name looking for a common name */ + CSSM_X509_TYPE_VALUE_PAIR *ptvp; + CSSM_X509_RDN_PTR rdnp; + unsigned rdnDex; + unsigned pairDex; + + for(rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { + rdnp = &x509name->RelativeDistinguishedName[rdnDex]; + for(pairDex=0; pairDexnumberOfPairs; pairDex++) { + ptvp = &rdnp->AttributeTypeAndValue[pairDex]; + if(tpCompareOids(&ptvp->type, &CSSMOID_CommonName)) { + commonName = (char *)ptvp->value.Data; + commonNameLen = ptvp->value.Length; + break; + } + } + } + if(commonName == NULL) { + errorLog0("tp_verifySslOpts: NO COMMON NAME in subject\n"); + crtn = CSSMERR_TP_VERIFY_ACTION_FAILED; + goto done; + } + + /* tolerate optional NULL terminators for both */ + if(commonName[commonNameLen - 1] == '\0') { + commonNameLen--; + } + if(sslOpts->ServerName[serverNameLen - 1] == '\0') { + serverNameLen--; + } + + /* convert both name strings to lower case. The one in the X509 Name can + * be done in place; we have to malloc and copy the caller's string. */ + tpToLower(commonName, commonNameLen); + serverName = (char *)certGroup.alloc().malloc(serverNameLen); + memmove(serverName, sslOpts->ServerName, serverNameLen); + tpToLower(serverName, serverNameLen); + + /* case 1: exact match */ + if((serverNameLen == commonNameLen) && + !memcmp(commonName, serverName, commonNameLen)) { + crtn = CSSM_OK; + goto done; + } + + /* case 2: handle optional '*' in cert's common name */ + if(commonName[0] == '*') { + /* last (commonNameLen - 1) chars have to match */ + unsigned effectLen = commonNameLen - 1; // skip '*' + if(serverNameLen < effectLen) { + errorLog0("tp_verifySslOpts: subject/server name wildcard mismatch (1)\n"); + crtn = CSSMERR_TP_VERIFY_ACTION_FAILED; + } + else if(memcmp(commonName+1, // skip '*' + serverName + serverNameLen - effectLen, + effectLen)) { + errorLog0("tp_verifySslOpts: subject/server name wildcard mismatch (2)\n"); + crtn = CSSMERR_TP_VERIFY_ACTION_FAILED; + } + else { + /* wildcard match */ + crtn = CSSM_OK; + } + } + else { + /* mismatch */ + errorLog0("tp_verifySslOpts: subject/server name mismatch\n"); + crtn = CSSMERR_TP_VERIFY_ACTION_FAILED; + } +done: + if(subjNameData != NULL) { + leaf->freeField(&CSSMOID_X509V1SubjectNameCStruct, subjNameData); + } + if(serverName != NULL) { + certGroup.alloc().free(serverName); + } + if(crtn == CSSMERR_TP_VERIFY_ACTION_FAILED) { + leaf->addStatusCode(CSSMERR_APPLETP_HOSTNAME_MISMATCH); + } + return crtn; +} /* * RFC2459 says basicConstraints must be flagged critical for @@ -495,12 +652,15 @@ errOut: * kTPx509Basic: CertGroup of length one allowed. */ CSSM_RETURN tp_policyVerify( - TPPolicy policy, - CssmAllocator &alloc, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - TPCertGroup *certGroup, - CSSM_BOOL verifiedToRoot) // last cert is good root + TPPolicy policy, + CssmAllocator &alloc, + CSSM_CL_HANDLE clHand, + CSSM_CSP_HANDLE cspHand, + TPCertGroup *certGroup, + CSSM_BOOL verifiedToRoot, // last cert is good root + const CSSM_APPLE_TP_ACTION_DATA *actionData, + const CSSM_APPLE_TP_SSL_OPTIONS *sslOpts, + void *policyOpts) // future options { iSignCertInfo *certInfo = NULL; uint32 numCerts; @@ -508,13 +668,13 @@ CSSM_RETURN tp_policyVerify( uint16 expUsage; uint16 actUsage; unsigned certDex; - CSSM_BOOL cA = CSSM_FALSE;// init for compiler warning - CSSM_BOOL isLeaf; // end entity - CSSM_BOOL isRoot; // root cert + CSSM_BOOL cA = CSSM_FALSE; // init for compiler warning + CSSM_BOOL isLeaf; // end entity + CSSM_BOOL isRoot; // root cert CE_ExtendedKeyUsage *extendUsage; CE_AuthorityKeyID *authorityId; - CSSM_RETURN outErr = CSSM_OK; - TPCertInfo *lastCert; + CSSM_RETURN outErr = CSSM_OK; // for gross, non-policy errors + CSSM_BOOL policyFail = CSSM_FALSE; /* First, kTPDefault is a nop here */ if(policy == kTPDefault) { @@ -548,6 +708,9 @@ CSSM_RETURN tp_policyVerify( if(iSignGetCertInfo(alloc, certGroup->certAtIndex(certDex), &certInfo[certDex])) { + (certGroup->certAtIndex(certDex))->addStatusCode( + CSSMERR_TP_INVALID_CERTIFICATE); + /* this one is fatal */ outErr = CSSMERR_TP_INVALID_CERTIFICATE; goto errOut; } @@ -560,12 +723,13 @@ CSSM_RETURN tp_policyVerify( */ for(certDex=0; certDexcertAtIndex(certDex); if(thisCertInfo->foundUnknownCritical) { /* illegal for all policies */ errorLog0("tp_policyVerify: critical flag in unknown extension\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_UNKNOWN_CRITICAL_EXTEN); + policyFail = CSSM_TRUE; } /* @@ -608,8 +772,10 @@ CSSM_RETURN tp_policyVerify( case kTPiSign: /* required for iSign in this position */ errorLog0("tp_policyVerify: no basicConstraints\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode( + CSSMERR_APPLETP_NO_BASIC_CONSTRAINTS); + break; default: /* not reached */ break; @@ -623,8 +789,8 @@ CSSM_RETURN tp_policyVerify( if(!thisCertInfo->basicConstraints.critical) { /* per RFC 2459 */ errorLog0("tp_policyVerify: basicConstraints marked not critical\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode(CSSMERR_TP_VERIFY_ACTION_FAILED); } #endif /* BASIC_CONSTRAINTS_MUST_BE_CRITICAL */ cA = thisCertInfo->basicConstraints.extnData->basicConstraints.cA; @@ -635,13 +801,13 @@ CSSM_RETURN tp_policyVerify( * both true (kTPx509Basic, kTP_SSL only) */ if(cA && !isRoot) { errorLog0("tp_policyVerify: cA true for leaf\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_CA); } } else if(!cA) { errorLog0("tp_policyVerify: cA false for non-leaf\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_CA); } /* @@ -654,14 +820,14 @@ CSSM_RETURN tp_policyVerify( if((policy == kTPiSign) && thisCertInfo->authorityId.present) { if(isRoot) { errorLog0("tp_policyVerify: authorityId in root\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_AUTHORITY_ID); } if(thisCertInfo->authorityId.critical) { /* illegal per RFC 2459 */ errorLog0("tp_policyVerify: authorityId marked critical\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_AUTHORITY_ID); } } @@ -674,8 +840,8 @@ CSSM_RETURN tp_policyVerify( if(thisCertInfo->subjectId.present) { if((policy == kTPiSign) && thisCertInfo->subjectId.critical) { errorLog0("tp_policyVerify: subjectId marked critical\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_SUBJECT_ID); } } @@ -712,8 +878,8 @@ CSSM_RETURN tp_policyVerify( if(!(actUsage & expUsage)) { errorLog2("tp_policyVerify: bad keyUsage (leaf %s; usage 0x%x)\n", (certDex == 0) ? "TRUE" : "FALSE", actUsage); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_KEY_USAGE); } } else if(policy == kTPiSign) { @@ -727,14 +893,14 @@ CSSM_RETURN tp_policyVerify( if(!(ct & CE_NCT_ObjSign)) { errorLog0("tp_policyVerify: netscape-cert-type, !ObjectSign\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_KEY_USAGE); } } else if(!isRoot) { errorLog0("tp_policyVerify: !isRoot, no keyUsage, !(leaf and netscapeCertType)\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_KEY_USAGE); } } } /* for certDex, checking presence of extensions */ @@ -750,14 +916,16 @@ CSSM_RETURN tp_policyVerify( if(extendUsage->numPurposes != 1) { errorLog1("tp_policyVerify: bad extendUsage->numPurposes (%d)\n", (int)extendUsage->numPurposes); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + (certGroup->certAtIndex(0))->addStatusCode( + CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE); } if(!tpCompareOids(extendUsage->purposes, &CSSMOID_ExtendedUseCodeSigning)) { errorLog0("tp_policyVerify: bad extendKeyUsage\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + (certGroup->certAtIndex(0))->addStatusCode( + CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE); } } @@ -779,28 +947,49 @@ CSSM_RETURN tp_policyVerify( if(!tpCompareCssmData(&authorityId->keyIdentifier, &certInfo[certDex+1].subjectId.extnData->subjectKeyID)) { errorLog0("tp_policyVerify: bad key ID linkage\n"); - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; - goto errOut; + policyFail = CSSM_TRUE; + (certGroup->certAtIndex(certDex))->addStatusCode( + CSSMERR_APPLETP_INVALID_ID_LINKAGE); } } - /* iSign, SSL: compare root against known root certs */ - lastCert = certGroup->lastCert(); - if(policy == kTPiSign) { - bool brtn = tp_isIsignRootCert(clHand, lastCert); - if(!brtn) { - outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; + /* + * SSL: optionally verify common name. + * FIXME - should this be before or after the root cert test? How can + * we return both errors? + */ + if(policy == kTP_SSL) { + CSSM_RETURN cerr = tp_verifySslOpts(*certGroup, sslOpts); + if(cerr) { + policyFail = CSSM_TRUE; } } - else if(verifiedToRoot && (policy == kTP_SSL)) { - /* note SSL doesn't require root here */ - bool brtn = tp_isSslRootCert(clHand, lastCert); - if(!brtn) { - outErr = CSSMERR_TP_INVALID_ANCHOR_CERT; + + /* iSign, SSL: compare root against known root certs */ + /* FIXME - this goes away soon */ + #if TP_ROOT_CERT_ENABLE + if((outErr == CSSM_OK) && // skip if we have a gross error (other than policy failure) + (actionData != NULL) && + (actionData->ActionFlags & 0x80000000)) { // The secret "enable root cert check" flag + TPCertInfo *lastCert = certGroup->lastCert(); + if(policy == kTPiSign) { + bool brtn = tp_isIsignRootCert(clHand, lastCert); + if(!brtn) { + policyFail = CSSM_TRUE; + } + } + else if(verifiedToRoot && (policy == kTP_SSL)) { + /* note SSL doesn't require root here */ + bool brtn = tp_isSslRootCert(clHand, lastCert); + if(!brtn) { + outErr = CSSMERR_TP_INVALID_ANCHOR_CERT; + } } } - else { - outErr = CSSM_OK; + #endif /* TP_ROOT_CERT_ENABLE */ + if(policyFail && (outErr == CSSM_OK)) { + /* only error in this function was policy failure */ + outErr = CSSMERR_TP_VERIFY_ACTION_FAILED; } errOut: /* free resources */ diff --git a/AppleX509TP/tpPolicies.h b/AppleX509TP/tpPolicies.h index ee66c51c..26f3ac20 100644 --- a/AppleX509TP/tpPolicies.h +++ b/AppleX509TP/tpPolicies.h @@ -27,6 +27,7 @@ #include #include +#include #include "TPCertInfo.h" #ifdef __cplusplus @@ -53,12 +54,15 @@ typedef enum { * Returns CSSM_TRUE on success. */ CSSM_RETURN tp_policyVerify( - TPPolicy policy, - CssmAllocator &alloc, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - TPCertGroup *certGroup, - CSSM_BOOL verifiedToRoot); // last cert is good root + TPPolicy policy, + CssmAllocator &alloc, + CSSM_CL_HANDLE clHand, + CSSM_CSP_HANDLE cspHand, + TPCertGroup *certGroup, + CSSM_BOOL verifiedToRoot, // last cert is good root + const CSSM_APPLE_TP_ACTION_DATA *actionData, + const CSSM_APPLE_TP_SSL_OPTIONS *sslOpts, + void *policyOpts); // future options #ifdef __cplusplus } diff --git a/AppleX509TP/tpTime.c b/AppleX509TP/tpTime.c index 9e9ee2c0..b6075a7b 100644 --- a/AppleX509TP/tpTime.c +++ b/AppleX509TP/tpTime.c @@ -27,9 +27,7 @@ #include #include #include - -#define UTC_TIME_STRLEN 13 -#define GENERALIZED_TIME_STRLEN 15 +#include /* * Given a string containing either a UTC-style or "generalized time" @@ -42,7 +40,8 @@ int timeStringToTm( struct tm *tmp) { char szTemp[5]; - unsigned isUtc; + bool isUtc = false; // 2-digit year + bool isCssmTime = false; // no trailing 'Z' unsigned x; unsigned i; char *cp; @@ -57,10 +56,12 @@ int timeStringToTm( } switch(len) { case UTC_TIME_STRLEN: // 2-digit year, not Y2K compliant - isUtc = 1; + isUtc = true; break; + case CSSM_TIME_STRLEN: + isCssmTime = true; + break; case GENERALIZED_TIME_STRLEN: // 4-digit year - isUtc = 0; break; default: // unknown format return 1; @@ -75,11 +76,18 @@ int timeStringToTm( } } - /* check last character is a 'Z' */ - if(cp[len - 1] != 'Z' ) { - return 1; - } - + /* check last character is a 'Z' or digit as appropriate */ + if(isCssmTime) { + if(!isdigit(cp[len - 1])) { + return 1; + } + } + else { + if(cp[len - 1] != 'Z' ) { + return 1; + } + } + /* YEAR */ szTemp[0] = *cp++; szTemp[1] = *cp++; @@ -169,7 +177,10 @@ int timeStringToTm( return 0; } -/* return current GMT time as a struct tm */ +/* + * Return current GMT time as a struct tm. + * Caller must hold tpTimeLock. + */ void nowTime( struct tm *now) { @@ -232,3 +243,38 @@ int compareTimes( return 0; } +/* + * Create a time string, in either UTC (2-digit) or or Generalized (4-digit) + * year format. Caller mallocs the output string whose length is at least + * (UTC_TIME_STRLEN+1) or (GENERALIZED_TIME_STRLEN+1) respectively. + * Caller must hold tpTimeLock. + */ +void timeAtNowPlus(unsigned secFromNow, + TpTimeSpec timeSpec, + char *outStr) +{ + struct tm utc; + time_t baseTime; + + baseTime = time(NULL); + baseTime += (time_t)secFromNow; + utc = *gmtime(&baseTime); + + if(timeSpec == TIME_UTC) { + /* UTC - 2 year digits - code which parses this assumes that + * (2-digit) years between 0 and 49 are in century 21 */ + if(utc.tm_year >= 100) { + utc.tm_year -= 100; + } + sprintf(outStr, "%02d%02d%02d%02d%02d%02dZ", + utc.tm_year /* + 1900 */, utc.tm_mon + 1, + utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); + } + else { + sprintf(outStr, "%04d%02d%02d%02d%02d%02dZ", + /* note year is relative to 1900, hopefully it'll have + * four valid digits! */ + utc.tm_year + 1900, utc.tm_mon + 1, + utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); + } +} diff --git a/AppleX509TP/tpTime.h b/AppleX509TP/tpTime.h index 7ad2699b..c4cc1722 100644 --- a/AppleX509TP/tpTime.h +++ b/AppleX509TP/tpTime.h @@ -31,6 +31,11 @@ extern "C" { #endif +/* lengths of time strings without trailing NULL */ +#define UTC_TIME_STRLEN 13 +#define CSSM_TIME_STRLEN 14 /* no trailing 'Z' */ +#define GENERALIZED_TIME_STRLEN 15 + /* * Given a string containing either a UTC-style or "generalized time" * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on @@ -41,7 +46,10 @@ extern int timeStringToTm( unsigned len, struct tm *tmp); -/* return current GMT time as a struct tm */ +/* + * Return current GMT time as a struct tm. + * Caller must hold tpTimeLock. + */ extern void nowTime( struct tm *now); @@ -55,6 +63,21 @@ extern int compareTimes( const struct tm *t1, const struct tm *t2); +/* + * Create a time string, in either UTC (2-digit) or or Generalized (4-digit) + * year format. Caller mallocs the output string whose length is at least + * (UTC_TIME_STRLEN+1) or (GENERALIZED_TIME_STRLEN+1) respectively. + * Caller must hold tpTimeLock. + */ +typedef enum { + TIME_UTC, + TIME_GEN +} TpTimeSpec; + +void timeAtNowPlus(unsigned secFromNow, + TpTimeSpec timeSpec, + char *outStr); + #ifdef __cplusplus } #endif diff --git a/AppleX509TP/tp_common.mdsinfo b/AppleX509TP/tp_common.mdsinfo new file mode 100644 index 00000000..2e616a9f --- /dev/null +++ b/AppleX509TP/tp_common.mdsinfo @@ -0,0 +1,28 @@ + + + + + BuiltIn + + CDSAVersion + 2.0 + Desc + Apple built-in X509TP + DynamicFlag + + MdsFileDescription + Built-in X509TP Common info + MdsFileType + PluginCommon + ModuleID + {87191ca5-0fc9-11d4-849a000502b52122} + ModuleName + AppleX509TP + MultiThreadFlag + + ProductVersion + 1.0 + ServiceMask + CSSM_SERVICE_TP + + diff --git a/AppleX509TP/tp_policyOids.mdsinfo b/AppleX509TP/tp_policyOids.mdsinfo new file mode 100644 index 00000000..5429a4c0 --- /dev/null +++ b/AppleX509TP/tp_policyOids.mdsinfo @@ -0,0 +1,46 @@ + + + + + MdsFileDescription + Built-in X509TP Policy OIDs + MdsFileType + PluginSpecific + MdsRecordType + MDS_CDSADIR_TP_OIDS_RECORDTYPE + ModuleID + {87191ca5-0fc9-11d4-849a000502b52122} + Policies + + + OID + + KoZIhvdjZAEB + + Value + + + + + OID + + KoZIhvdjZAEC + + Value + + + + + OID + + KoZIhvdjZAED + + Value + + + + + SSID + 0 + + diff --git a/AppleX509TP/tp_primary.mdsinfo b/AppleX509TP/tp_primary.mdsinfo new file mode 100644 index 00000000..6670aaf8 --- /dev/null +++ b/AppleX509TP/tp_primary.mdsinfo @@ -0,0 +1,34 @@ + + + + + AclSubjectTypes + + CSSM_ACL_SUBJECT_TYPE_ANY + + AuthTags + + CSSM_ACL_AUTHORIZATION_ANY + + CertTypeFormat + <<CSSM_CERT_X_509v3 | CSSM_CERT_ENCODING_DER + MdsFileDescription + Built-in X509TP Primary info + MdsFileType + PluginSpecific + MdsRecordType + MDS_CDSADIR_TP_PRIMARY_RECORDTYPE + ModuleID + {87191ca5-0fc9-11d4-849a000502b52122} + ModuleName + AppleX509TP + ProductVersion + 1.0 + SSID + 0 + SampleTypes + + Vendor + Apple Computer, Inc. + + diff --git a/AppleX509TP/tpdebugging.h b/AppleX509TP/tpdebugging.h index a0cd615d..c98e7543 100644 --- a/AppleX509TP/tpdebugging.h +++ b/AppleX509TP/tpdebugging.h @@ -49,6 +49,7 @@ #if DEBUG_ENABLE || ERROR_LOG_ENABLE #include +#include #if !LOG_VIA_PRINTF diff --git a/CVSVersionInfo.txt b/CVSVersionInfo.txt deleted file mode 100644 index fd712e66..00000000 --- a/CVSVersionInfo.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Created and modified by checkpoint; do not edit -# $Id: CVSVersionInfo.txt,v 1.22.4.2 2002/01/10 22:57:07 perry Exp $ -# $Name: Security-30~1 $ -ProjectName: Security -ProjectVersion: 30~1 diff --git a/CertTool/CertTool.html b/CertTool/CertTool.html new file mode 100644 index 00000000..b328c0fe --- /dev/null +++ b/CertTool/CertTool.html @@ -0,0 +1,339 @@ + + + + + + CertTool.html + + + +
+

+CertTool

+ +
+

+Last Update 5/20/02

+ +

+Table Of Contents

+1. Introduction +
2. Generating a Self-Signed +Certificate +
3. Generating +a Certificate Signing Request (CSR) +
4. Verifying a CSR +
5. Importing +a Certificate from a Certificate Authority +
6. Displaying a Certificate +
7. Certificate Authorities +and CSRs +
  +

+1. Introduction

+ +
CertTool is a UNIX command-line program which is used to create +key pairs, certificates, and certificate signing requests; to import externally +generated certificates into a Keychain, and to display the contents of +certificates. Currently. the primary use of CertTool is to perform the +certificate-related administration required to configure an SSL server +based on Mac OS X's SecureTransport library. Each supported CertTool operation +is described below in detail. +

The reader of this document, and the user of CertTool, is assumed to +be familiar with the following: +

    +
  • +General principles of public key cryptography
    • + +
  • +The concepts of certificates and trust
    • + +
  • +General operation of the Secure Socket Layer (SSL) protocol
    • + +
  • +General operation of the Mac OS X Keychain
    • + +
  • +The Mac OS X SecureTransport library
    • +
+No programming knowledge is assumed or required. An excellent primer on +the topics of public key cryptography, certificates, and SSL can be found +at http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html. +

Note: in all examples of usage of the command line tool which follow, +the user's input is shown in bold. Running CertTool with no command-line +arguments results in usage info being displayed. +
 

+ +

+2. Generating a +Self-Signed Certificate

+ +
This command generates a key pair and a self-signed (root) +certificate and places them in a keychain. The root cert is signed by the +private key generated during this command. The cert generated by this command +is totally untrustworth and cannot be used in the "real world"; the primary +use of this command is to facilitate early development of SSL server applications +based on SecureTransport. In particular, "real world" SSL clients (e.g., +web browsers) will complain to varying degrees when they attempt to connect +to an SSL server which presents a cert which is generated by this command. +Some broswers, after a fair amount of handholding, will allow you to conditionally +"trust" this cert. +

The format of this command is +

# CertTool c [options] +

The available options are: +

k=keyChainName +
Where "KeyChainName" is the name of the keychain into which +keys and the cert will be added. If no keychain is specified, keys and +certs are added to the default keychain. The specified keychain must exist +unless you specify the 'c' option.
+c +
Specifies that the designated key is to be created.
+
+This an interactive command; you will be prompted for a number of different +items which are used to generate the keypair and the cert. A sample sesion +follows. +
  +
# CertTool k=certkc +
Enter key and certificate label: testCert +

Please specify parameters for the key pair you will generate. +

  r  RSA +
  d  DSA +
  f  FEE +

Select key algorithm by letter: r +

Valid key sizes for RSA are 512..2048; default is 512 +
Enter key size in bits or CR for default: 512 +

You have selected algorithm RSA, key size 512 bits. +
OK (y/anything)? y +
Enter cert/key usage (s=signing, b=signing AND encrypting): b +
...Generating key pair... +

<<Note: you will be prompted for the Keychain's passphrase +by the Keychain system at this point if the specified keychain is not open.>> +

Please specify the algorithm with which your certificate will be signed. +

  5  RSA with MD5 +
  s  RSA with SHA1 +

Select signature algorithm by letter: s +

You have selected algorithm RSA with SHA1. +
OK (y/anything)? y +
...creating certificate... +

You will now specify the various components of the certificate's +
Relative Distinguished Name (RDN). An RDN has a number of +
components, all of which are optional, but at least one of +
which must be present. +

Note that if you are creating a certificate for use in an +
SSL/TLS server, the Common Name component of the RDN must match +
exactly the host name of the server. This must not be an IP +
address, but the actual domain name, e.g. www.apple.com. +

Entering a CR for a given RDN component results in no value for +
that component. +

Common Name       (e.g, www.apple.com) +: 10.0.61.5 +
Country                  +(e.g, US) : +
Organization            +(e.g, Apple Computer, Inc.) : Apple +
Organization Unit     (e.g, Apple Data Security) +: +
State/Province          +(e.g., California) : California +

You have specified: +
  Common Name       : 10.0.61.5 +
  Organization            +: Apple +
  State/Province         +: California +
Is this OK (y/anything)? y +
..cert stored in Keychain. +
#

+The "Common Name" portion of the RDN - in the above case, "10.0.61.5" - +MUST match the host name of the machine you'll running sslServer on. (In +this case the test machine doesn't have an actual hostname; it's DHCP'd +behind a firewall which is why "10.0.61.5" was specified for Common Name.) +This is part of SSL's certificate verification; it prevents an attack using +DNS spoofing. +

A brief note about cert/key usage: the normal configuration of SecureTransport +is that the server cert specified in SSLSetCertificate() is capable of +both signing and encryption. If this cert is only capable of signing, then +you must create a second keychain ontaining a cert which is capable of +encryption, and pass that to SSLSetEncryptionCertificate(). +
  +
 

+ +

+3. Generating +a Certificate Signing Request (CSR)

+ +
A CSR is the standard means by which an administrator of a +web server provides information to a Certificate Authority (CA) in order +to obtain a valid certificate which is signed by the CA. This type of cert +is used in the real world; certs signed by CAs such as Verisign or Thawte +are recognized by all web browsers when performing SSL transactions. +

The general procedure for obtaining a "real" cert is: +
  +

    +
  • +Generate a key pair
    • + +
  • +Generate a CSR
    • + +
  • +Provide the CSR and some other information and/or documentation to the +CA
    • + +
  • +CA sends you a certificate which is signed by the CA.
    • + +
  • +You import that certificate, obtained from the CA, into your keychain. +The items in that keychain can now be used in SecureTranspoert's SSLSetCertificate() +call.
    • +
+This command performs the first two steps in the above procedure. See Section +5 for information on importing the resulting certificate into your +keychain. +

The format of this command is +

# CertTool r outFileName [options] +

The resulting CSR will be written to "outFileName". +

The available options are: +

k=keyChainName +

Where "KeyChainName" is the name of the keychain into which +keys and the cert will be added. If no keychain is specified, keys and +certs are added to the default keychain. The specified keychain must exist +unless you specify the 'c' option.
+d +
The 'd' option tells CertTool to create the CSR in DER-encoded +format. The default is PEM-encoded, which is what most CAs expect. PEM +encoded data consists of printable ASCII text which can, for example, be +pasted into an email message. DER-encoded data is nonprintable binary data.
+c +
Specifies that the designated key is to be created.
+This an interactive command; you will be prompted for a number of different +items which are used to generate the keypair and the CSR. The prompts given, +and the format of the data you must supply, are identical to the data shown +in the sample session in Section 2. +

See Section 7 for more information on using CSRs and about CAs. +
  +
 

+ +

+4. Verifying a CSR

+ +
A CSR contains, among other things, the public key which was +generated in Section +3. The CSR is signed with the associated private key. Thus the inteegrity +of a CSR can be verified by extracting its public key and verifying the +signature of the CSR. This command performs this integrity check. +

The format of this command is +

# CertTool v inFileName [options] +

The resulting CSR will be written to "outFileName". +

The only available option is the 'd' flag, which as described in Section +3, indiciates that the CSR is in DER format rather than the default +PEM format. +

A typical (successful) run of this command is like so: +

# CertTool v myCsr.pem +
...CSR verified successfully. +

A large number of things can go wrong of the verification fails; suffice +it to say that if you see anything other than the above success message, +you have a bad or corrupted CSR. +
  +

 
+
+ +

+5. Importing +a Certificate from a Certificate Authority

+ +
Once you have negotiated with your CA, and provided them with +the CSR generated in Section +3 as well as any other information, documentation, and payment thay +require, the CA will provide you with a certificate. Use this command to +add that certificate to the keychain containing the keypair you generated +in Section 3. +You currently also have to specify the string you provided as "key and +certificate label" when executing this command. <Note this requirement +will go away soon.> +

The format of this command is +

# CertTool i inFileName label [options] +

The cert to import is obtained from "inFileName". The label argument +is the string you provided to the prompt "Enter key and certificate label:" +in Section 3. +

The available options are: +

k=keyChainName +

Where "KeyChainName" is the name of the keychain to which the +cert will be added. If no keychain is specified, the cert is added to the +default keychain. The specified keychain must exist, and it must contain +the keypair you generated in Section +3. If the keychain is not open when this command is executed, you will +be prompted by the Keychain system for its passphrase.
+d +
Specifies DER format as described above. The default is PEM +format.
+
+ +

+6. Displaying a Certificate

+ +
This displays the contents of an existing certificate, obtained +from a file. +

The format of this command is +

# CertTool d inFileName [options] +

The cert to display is obtained from "inFileName". +

The only available option is the 'd' flag, specifying DER format as +described above. The default is PEM format +
 

+ +

+7. Certificate Authorities +and CSRs

+ +
As mentioned above, the general procedure for obtaining a "real" +cert is: +
    +
  • +Generate a key pair
    • + +
  • +Generate a CSR
    • + +
  • +Provide the CSR and some other information and/or documentation to the +CA
    • + +
  • +CA sends you a certificate which is signed by the CA.
    • + +
  • +You import that certificate, obtained from the CA, into your keychain. +The items in that keychain can now be used in SecureTranspoert's SSLSetCertificate() +call.
    • +
+
+ +
One CA with an excellent web-based interface for obtaining +a cert is Verisign (http://www.verisign.com/products/site/index.html). +You can get a free 14-day trial certificate using nothing but CertTool, +Verisign's web site, and email. You need to provide some personal information; +then you paste in the CSR generated in Section +3 into a form on the web site. A few minutes later Verisign emails +you a certificate, which you import into your keychain per Section +5.  The whole process takes less than 10 minutes. The free certificate +obtained in this manner is signed by a temporary root cert which is not +recognized by any browsers, but Verisign also provides a measn of installing +this temporary root cert into your browser, directly from their web site. +Typically one would use the free, temporary cert to perform initial configuration +of a server and to ring out the general SSL infrastructure. Once you feel +comfortable with the operation of the server, then it's time to buy a "real" +certificate which will allow your web server to be recognized by any browser. +

Thawte has a similar, very friendly service at http://www.thawte.com/.

+ +
Note that, for early web server development and/or testing, +you can skip the entire procedure described above and just generate your +own self-signed root cert as described in section 1. No CA is involved; +no CSR is generated; no cert needs to be imported - CertTool generates +a cert for you and immediately adds it to your keychain. Bear in mind that +this option requires tolerance of the various SSL clients you'll be testing +with, none of whom recognize your root cert.
+ + + diff --git a/CertTool/CertTool/CertTool.cpp b/CertTool/CertTool/CertTool.cpp new file mode 100644 index 00000000..73074286 --- /dev/null +++ b/CertTool/CertTool/CertTool.cpp @@ -0,0 +1,1134 @@ +/* + File: CertTool.cpp + + Description: certificate manipulation tool + + Author: dmitch + + Copyright: © Copyright 2002 Apple Computer, Inc. All rights reserved. + + Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple + Computer, Inc. ("Apple") in consideration of your agreement to + the following terms, and your use, installation, modification + or redistribution of this Apple software constitutes acceptance + of these terms. If you do not agree with these terms, please + do not use, install, modify or redistribute this Apple software. + + In consideration of your agreement to abide by the following + terms, and subject to these terms, Apple grants you a personal, + non-exclusive license, under Apple's copyrights in this + original Apple software (the "Apple Software"), to use, + reproduce, modify and redistribute the Apple Software, with + or without modifications, in source and/or binary forms; + provided that if you redistribute the Apple Software in + its entirety and without modifications, you must retain + this notice and the following text and disclaimers in all + such redistributions of the Apple Software. Neither the + name, trademarks, service marks or logos of Apple Computer, + Inc. may be used to endorse or promote products derived from the + Apple Software without specific prior written permission from + Apple. Except as expressly stated in this notice, no other + rights or licenses, express or implied, are granted by Apple + herein, including but not limited to any patent rights that + may be infringed by your derivative works or by other works + in which the Apple Software may be incorporated. + + The Apple Software is provided by Apple on an "AS IS" basis. + APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, + REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE + OR IN COMBINATION WITH YOUR PRODUCTS. + + IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, + INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION + AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED + AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING + NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "CertUI.h" +#include +#include + +/* will change soon */ +#include + +/* + * Workaround flags. + */ + +/* SecKeychainGetCSPHandle implemented? */ +#define SEC_KEYCHAIN_GET_CSP 0 + +/* SecCertificateAddToKeychain fully functional? */ +#define SEC_CERT_ADD_TO_KC 1 + +/* SecKeyCreatePair() implemented */ +#define SEC_KEY_CREATE_PAIR 0 + +#if !SEC_KEY_CREATE_PAIR +/* munge Label attr if manually generating keys */ +#define MUNGE_LABEL_ATTR 1 +#endif + +#define KC_DB_PATH "Library/Keychains" /* relative to home */ + +/* + * defaults for undocumented 'Z' option + */ +#define ZDEF_KEY_LABEL "testCert" +#define ZDEF_KEY_ALG CSSM_ALGID_RSA +#define ZDEF_KEY_SIZE 512 +#define ZDEF_KEY_USAGE (kKeyUseSigning | kKeyUseEncrypting) +#define ZDEF_SIG_ALG CSSM_ALGID_SHA1WithRSA +#define ZDEF_SIG_OID CSSMOID_SHA1WithRSA +#define ZDEF_COMMON_NAME "10.0.61.5" +#define ZDEF_ORG_NAME "Apple Computer - DEBUG ONLY" +#define ZDEF_COUNTRY "US" +#define ZDEF_STATE "Washington" +#define ZDEF_CHALLENGE "someChallenge" + +static void usage(char **argv) +{ + printf("usage:\n"); + printf(" Create a keypair and cert: %s c [options]\n", argv[0]); + printf(" Create a CSR: %s r outFileName [options]\n", + argv[0]); + printf(" Verify a CSR: %s v infileName [options]\n", argv[0]); + #if SEC_CERT_ADD_TO_KC + printf(" Import a certificate: %s i inFileName [options]\n", argv[0]); + #else + /* this one needs the printName */ + printf(" Import a certificate: %s i inFileName printName [options]\n", + argv[0]); + #endif + printf(" Display a certificate: %s d inFileName [options]\n", argv[0]); + printf("Options:\n"); + printf(" k=keychainName\n"); + printf(" c(reate the keychain)\n"); + printf(" v(erbose)\n"); + printf(" d (CSR in DER format; default is PEM)\n"); + printf(" h(elp)\n"); + exit(1); +} + +#if SEC_KEY_CREATE_PAIR +#error Work needed to generate key pair using Keychain. +#else + +/* + * Workaround to manually generate a key pair and munge its DB attributes + * to include the hash of the public key in the private key's Label attr. + */ +#if MUNGE_LABEL_ATTR + +/* Convert a reference key to a raw key. */ +static CSSM_RETURN refKeyToRaw( + CSSM_CSP_HANDLE cspHand, + const CSSM_KEY *refKey, + CSSM_KEY_PTR rawKey) // RETURNED +{ + CSSM_CC_HANDLE ccHand; + CSSM_RETURN crtn; + CSSM_ACCESS_CREDENTIALS creds; + + memset(rawKey, 0, sizeof(CSSM_KEY)); + memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); + crtn = CSSM_CSP_CreateSymmetricContext(cspHand, + CSSM_ALGID_NONE, + CSSM_ALGMODE_NONE, + &creds, // passPhrase + NULL, // wrapping key + NULL, // init vector + CSSM_PADDING_NONE, // Padding + 0, // Params + &ccHand); + if(crtn) { + showError(crtn, "refKeyToRaw: context err"); + return crtn; + } + crtn = CSSM_WrapKey(ccHand, + &creds, + refKey, + NULL, // DescriptiveData + rawKey); + if(crtn != CSSM_OK) { + showError(crtn, "refKeyToRaw: CSSM_WrapKey"); + return crtn; + } + CSSM_DeleteContext(ccHand); + return CSSM_OK; +} + +/* + * Find private key by label, modify its Label attr to be the + * hash of the associated public key. + */ +static CSSM_RETURN setPubKeyHash( + CSSM_CSP_HANDLE cspHand, + CSSM_DL_DB_HANDLE dlDbHand, + const CSSM_KEY *pubKey, // to get hash + CSSM_KEY_PTR privKey, // its record gets updated + const char *keyLabel) // look up by this +{ + CSSM_QUERY query; + CSSM_SELECTION_PREDICATE predicate; + CSSM_DB_UNIQUE_RECORD_PTR record = NULL; + CSSM_RETURN crtn; + CSSM_DATA labelData; + CSSM_HANDLE resultHand; + + labelData.Data = (uint8 *)keyLabel; + labelData.Length = strlen(keyLabel) + 1; // incl. NULL + query.RecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; + query.Conjunctive = CSSM_DB_NONE; + query.NumSelectionPredicates = 1; + predicate.DbOperator = CSSM_DB_EQUAL; + + predicate.Attribute.Info.AttributeNameFormat = + CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + predicate.Attribute.Info.Label.AttributeName = "Label"; + predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; + /* hope this cast is OK */ + predicate.Attribute.Value = &labelData; + query.SelectionPredicate = &predicate; + + query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? + query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? + query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA; // FIXME - used? + + /* build Record attribute with one attr */ + CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; + CSSM_DB_ATTRIBUTE_DATA attr; + attr.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attr.Info.Label.AttributeName = "Label"; + attr.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; + + recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; + recordAttrs.NumberOfAttributes = 1; + recordAttrs.AttributeData = &attr; + + crtn = CSSM_DL_DataGetFirst(dlDbHand, + &query, + &resultHand, + &recordAttrs, + NULL, // hopefully optional ...theData, + &record); + /* abort only on success */ + if(crtn != CSSM_OK) { + showError(crtn, "CSSM_DL_DataGetFirst"); + printf("***setPubKeyHash: can't find private key\n"); + return crtn; + } + + /* do NULL unwrap of public key for use with raw CSP */ + CSSM_KEY rawPubKey; + crtn = refKeyToRaw(cspHand, pubKey, &rawPubKey); + if(crtn) { + printf("***Error converting public key to raw format\n"); + return crtn; + } + + /* connect to raw CSP */ + CSSM_CSP_HANDLE rawCspHand = cuCspStartup(CSSM_TRUE); + if(rawCspHand == 0) { + printf("***Error connecting to raw CSP; aborting.\n"); + return -1; + } + + /* calculate hash of pub key */ + CSSM_DATA_PTR keyDigest = NULL; + CSSM_CC_HANDLE ccHand; + crtn = CSSM_CSP_CreatePassThroughContext(rawCspHand, + &rawPubKey, + &ccHand); + if(ccHand == 0) { + showError(crtn, "CSSM_CSP_CreatePassThroughContext"); + printf("***Error calculating public key hash. Aborting.\n"); + return -1; + } + crtn = CSSM_CSP_PassThrough(ccHand, + CSSM_APPLECSP_KEYDIGEST, + NULL, + (void **)&keyDigest); + if(crtn) { + showError(crtn, "CSSM_CSP_PassThrough(PUBKEYHASH)"); + printf("***Error calculating public key hash. Aborting.\n"); + return -1; + } + CSSM_FreeKey(cspHand, NULL, &rawPubKey, CSSM_FALSE); + CSSM_DeleteContext(ccHand); + CSSM_ModuleDetach(rawCspHand); + + /* + * Replace Label attr data with hash. + * NOTE: the module which allocated this attribute data - a DL - + * was loaded and attached by the Sec layer, not by us. Thus + * we can't use the memory allocator functions *we* used when + * attaching to the CSPDL - we have to use the ones + * which the Sec layer registered with the DL. + */ + CSSM_API_MEMORY_FUNCS memFuncs; + crtn = CSSM_GetAPIMemoryFunctions(dlDbHand.DLHandle, &memFuncs); + if(crtn) { + showError(crtn, "CSSM_GetAPIMemoryFunctions(DLHandle)"); + /* oh well, leak and continue */ + } + else { + memFuncs.free_func(attr.Value->Data, memFuncs.AllocRef); + memFuncs.free_func(attr.Value, memFuncs.AllocRef); + } + attr.Value = keyDigest; + + /* modify key attributes */ + crtn = CSSM_DL_DataModify(dlDbHand, + CSSM_DL_DB_RECORD_PRIVATE_KEY, + record, + &recordAttrs, + NULL, // DataToBeModified + CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); + if(crtn) { + showError(crtn, "CSSM_DL_DataModify(PUBKEYHASH)"); + printf("***Error setting public key hash. Aborting.\n"); + return crtn; + } + crtn = CSSM_DL_DataAbortQuery(dlDbHand, resultHand); + if(crtn) { + showError(crtn, "CSSM_DL_DataAbortQuery"); + /* let's keep going in this case */ + } + crtn = CSSM_DL_FreeUniqueRecord(dlDbHand, record); + if(crtn) { + showError(crtn, "CSSM_DL_FreeUniqueRecord"); + /* let's keep going in this case */ + crtn = CSSM_OK; + } + + /* free resources */ + cuAppFree(keyDigest->Data, NULL); + return CSSM_OK; +} +#endif /* MUNGE_LABEL_ATTR */ + +/* Still on the !SEC_KEY_CREATE_PAIR workaround */ + +/* + * Generate a key pair using the CSPDL. + */ +static OSStatus generateKeyPair( + CSSM_CSP_HANDLE cspHand, + CSSM_DL_DB_HANDLE dlDbHand, + CSSM_ALGORITHMS keyAlg, // e.g., CSSM_ALGID_RSA + uint32 keySizeInBits, + const char *keyLabel, // C string + CU_KeyUsage keyUsage, // CUK_Signing, etc. + CSSM_BOOL verbose, + CSSM_KEY_PTR *pubKeyPtr, // mallocd, created, RETURNED + CSSM_KEY_PTR *privKeyPtr) // mallocd, created, RETURNED +{ + CSSM_KEY_PTR pubKey = reinterpret_cast( + APP_MALLOC(sizeof(CSSM_KEY))); + CSSM_KEY_PTR privKey = reinterpret_cast( + APP_MALLOC(sizeof(CSSM_KEY))); + if((pubKey == NULL) || (privKey == NULL)) { + return memFullErr; + } + + CSSM_RETURN crtn; + CSSM_KEYUSE pubKeyUse = 0; + CSSM_KEYUSE privKeyUse = 0; + + if(keyUsage & kKeyUseSigning) { + pubKeyUse |= CSSM_KEYUSE_VERIFY; + privKeyUse |= CSSM_KEYUSE_SIGN; + } + if(keyUsage & kKeyUseEncrypting) { + pubKeyUse |= (CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_WRAP); + privKeyUse |= (CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_UNWRAP); + } + + crtn = cuCspGenKeyPair(cspHand, + &dlDbHand, + keyAlg, + keyLabel, + strlen(keyLabel) + 1, + keySizeInBits, + pubKey, + pubKeyUse, + CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, + privKey, + privKeyUse, + CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT); + if(crtn) { + APP_FREE(pubKey); + APP_FREE(privKey); + return paramErr; + } + if(verbose) { + printf("...%u bit key pair generated.\n", + (unsigned)keySizeInBits); + } + + #if MUNGE_LABEL_ATTR + /* bind private key to cert by public key hash */ + crtn = setPubKeyHash(cspHand, + dlDbHand, + pubKey, + privKey, + keyLabel); + if(crtn) { + printf("***Error setting public key hash. Continuing at peril.\n"); + } + #endif /* MUNGE_LABEL_ATTR */ + + *pubKeyPtr = pubKey; + *privKeyPtr = privKey; + return noErr; +} +#endif /* SEC_KEY_CREATE_PAIR */ + +static void verifyCsr( + CSSM_CL_HANDLE clHand, + const char *fileName, + CSSM_BOOL pemFormat) +{ + unsigned char *csr = NULL; + unsigned csrLen; + CSSM_DATA csrData; + unsigned char *der = NULL; + unsigned derLen = 0; + + if(readFile(fileName, &csr, &csrLen)) { + printf("***Error reading CSR from file %s. Aborting.\n", + fileName); + return; + } + if(pemFormat) { + int rtn = pemDecode(csr, csrLen, &der, &derLen); + if(rtn) { + printf("***%s: Bad PEM formatting. Aborting.\n", fileName); + return; + } + csrData.Data = der; + csrData.Length = derLen; + } + else { + csrData.Data = csr; + csrData.Length = csrLen; + } + + CSSM_RETURN crtn = CSSM_CL_PassThrough(clHand, + 0, // CCHandle + CSSM_APPLEX509CL_VERIFY_CSR, + &csrData, + NULL); + if(crtn) { + cuPrintError("Verify CSR", crtn); + } + else { + printf("...CSR verified successfully.\n"); + } + if(der) { + free(der); + } + if(csr) { + free(csr); + } +} + +static void displayCert( + const char *fileName, + CSSM_BOOL pemFormat) +{ + unsigned char *rawCert = NULL; + unsigned rawCertSize; + unsigned char *derCert = NULL; + unsigned derCertSize; + int rtn; + + rtn = readFile(fileName, &rawCert, &rawCertSize); + if(rtn) { + printf("Error reading %s; aborting.\n", fileName); + return; + } + if(pemFormat) { + rtn = pemDecode(rawCert, rawCertSize, &derCert, &derCertSize); + if(rtn) { + printf("***%s: Bad PEM formatting. Aborting.\n", fileName); + return; + } + printCert(derCert, derCertSize, CSSM_TRUE); + free(derCert); + } + else { + printCert(rawCert, rawCertSize, CSSM_TRUE); + } +} + +static void importCert( + SecKeychainRef kcRef, // if SEC_CERT_ADD_TO_KC + CSSM_DL_DB_HANDLE dlDbHand, // otherwise + const char *fileName, + CSSM_BOOL pemFormat, + /* cruft needed by cuAddCertToDb */ + const char *printName) // C string +{ + unsigned char *cert = NULL; + unsigned certLen; + CSSM_DATA certData; + unsigned char *der = NULL; + unsigned derLen = 0; + #if !SEC_CERT_ADD_TO_KC + CSSM_DATA pubKeyHash = {3, (uint8 *)"foo"}; + #endif + + if(readFile(fileName, &cert, &certLen)) { + printf("***Error reading certificate from file %s. Aborting.\n", + fileName); + return; + } + if(pemFormat) { + int rtn = pemDecode(cert, certLen, &der, &derLen); + if(rtn) { + printf("***%s: Bad PEM formatting. Aborting.\n", fileName); + return; + } + certData.Data = der; + certData.Length = derLen; + } + else { + certData.Data = cert; + certData.Length = certLen; + } + + #if SEC_CERT_ADD_TO_KC + SecCertificateRef certRef; + OSStatus ortn = SecCertificateCreateFromData( + &certData, + CSSM_CERT_X_509v3, + CSSM_CERT_ENCODING_DER, + &certRef); + if(ortn) { + printf("***SecCertificateCreateFromData returned %d; aborting.\n", + (int)ortn); + return; + } + ortn = SecCertificateAddToKeychain(certRef, kcRef); + if(ortn) { + printf("***SecCertificateAddToKeychain returned %d; aborting.\n", + (int)ortn); + return; + } + #else + CSSM_RETURN crtn = cuAddCertToDb(dlDbHand, + &certData, + CSSM_CERT_X_509v3, + CSSM_CERT_ENCODING_DER, + printName, // printName + &pubKeyHash); + if(crtn) { + printf("***Error adding cert to keychain. Aborting.\n"); + return; + } + #endif /* SEC_CERT_ADD_TO_KC */ + + printf("...certificate successfully imported.\n"); + if(der) { + free(der); + } + if(cert) { + free(cert); + } +} + + +static OSStatus createCertCsr( + CSSM_BOOL createCsr, // true: CSR, false: Cert + CSSM_TP_HANDLE tpHand, // eventually, a SecKeychainRef + CSSM_CL_HANDLE clHand, + CSSM_CSP_HANDLE cspHand, + CSSM_KEY_PTR subjPubKey, + CSSM_KEY_PTR signerPrivKey, + CSSM_ALGORITHMS sigAlg, + const CSSM_OID *sigOid, + CU_KeyUsage keyUsage, // kKeyUseSigning, etc. + /* + * Issuer's RDN is obtained from the issuer cert, if present, or is + * assumed to be the same as the subject name (i.e., we're creating + * a self-signed root cert). + */ + const CSSM_DATA *issuerCert, + CSSM_BOOL useAllDefaults, + CSSM_DATA_PTR certData) // mallocd and RETURNED +{ + CE_DataAndType exts[2]; + CE_DataAndType *extp = exts; + unsigned numExts; + + CSSM_DATA refId; // mallocd by CSSM_TP_SubmitCredRequest + CSSM_APPLE_TP_CERT_REQUEST certReq; + CSSM_TP_REQUEST_SET reqSet; + sint32 estTime; + CSSM_BOOL confirmRequired; + CSSM_TP_RESULT_SET_PTR resultSet; + CSSM_ENCODED_CERT *encCert; + CSSM_APPLE_TP_NAME_OID subjectNames[MAX_NAMES]; + uint32 numNames; + CSSM_TP_CALLERAUTH_CONTEXT CallerAuthContext; + CSSM_FIELD policyId; + + /* Note a lot of the CSSM_APPLE_TP_CERT_REQUEST fields are not + * used for the createCsr option, but we'll fill in as much as is practical + * for either case. + */ + if(issuerCert != NULL) { + printf("createCertCsr: issuerCert not implemented\n"); + return unimpErr; + } + + numExts = 0; + + char challengeBuf[400]; + if(createCsr) { + if(useAllDefaults) { + strcpy(challengeBuf, ZDEF_CHALLENGE); + } + else { + while(1) { + getStringWithPrompt("Enter challenge string: ", + challengeBuf, sizeof(challengeBuf)); + if(challengeBuf[0] != '\0') { + break; + } + } + } + certReq.challengeString = challengeBuf; + } + else { + /* creating cert */ + certReq.challengeString = NULL; + + /* KeyUsage extension */ + extp->type = DT_KeyUsage; + extp->critical = CSSM_FALSE; + extp->extension.keyUsage = 0; + if(keyUsage & kKeyUseSigning) { + extp->extension.keyUsage |= + (CE_KU_DigitalSignature | CE_KU_KeyCertSign); + } + if(keyUsage & kKeyUseEncrypting) { + extp->extension.keyUsage |= + (CE_KU_KeyEncipherment | CE_KU_DataEncipherment); + } + extp++; + numExts++; + + /* BasicConstraints */ + extp->type = DT_BasicConstraints; + extp->critical = CSSM_TRUE; + extp->extension.basicConstraints.cA = CSSM_TRUE; + extp->extension.basicConstraints.pathLenConstraintPresent = CSSM_FALSE; + extp++; + numExts++; + } + + /* name array, get from user. */ + if(useAllDefaults) { + subjectNames[0].string = ZDEF_COMMON_NAME; + subjectNames[0].oid = &CSSMOID_CommonName; + subjectNames[1].string = ZDEF_ORG_NAME; + subjectNames[1].oid = &CSSMOID_OrganizationName; + subjectNames[2].string = ZDEF_COUNTRY; + subjectNames[2].oid = &CSSMOID_CountryName; + subjectNames[3].string = ZDEF_STATE; + subjectNames[3].oid = &CSSMOID_StateProvinceName; + numNames = 4; + } + else { + getNameOids(subjectNames, &numNames); + } + + /* certReq */ + certReq.cspHand = cspHand; + certReq.clHand = clHand; + certReq.serialNumber = 0x12345678; // TBD - random? From user? + certReq.numSubjectNames = numNames; + certReq.subjectNames = subjectNames; + + /* TBD - if we're passed in a signing cert, certReq.issuerNameX509 will + * be obtained from that cert. For now we specify "self-signed" cert + * by not providing an issuer name at all. */ + certReq.numIssuerNames = 0; // root for now + certReq.issuerNames = NULL; + certReq.issuerNameX509 = NULL; + certReq.certPublicKey = subjPubKey; + certReq.issuerPrivateKey = signerPrivKey; + certReq.signatureAlg = sigAlg; + certReq.signatureOid = *sigOid; + certReq.notBefore = 0; // TBD - from user + certReq.notAfter = 60 * 60 * 24 * 30; // seconds from now + certReq.numExtensions = numExts; + certReq.extensions = exts; + + reqSet.NumberOfRequests = 1; + reqSet.Requests = &certReq; + + /* a CSSM_TP_CALLERAUTH_CONTEXT to specify an OID */ + memset(&CallerAuthContext, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT)); + memset(&policyId, 0, sizeof(CSSM_FIELD)); + if(createCsr) { + policyId.FieldOid = CSSMOID_APPLE_TP_CSR_GEN; + } + else { + policyId.FieldOid = CSSMOID_APPLE_TP_LOCAL_CERT_GEN; + } + CallerAuthContext.Policy.NumberOfPolicyIds = 1; + CallerAuthContext.Policy.PolicyIds = &policyId; + + CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tpHand, + NULL, // PreferredAuthority + CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, + &reqSet, + &CallerAuthContext, + &estTime, + &refId); + + /* before proceeding, free resources allocated thus far */ + if(!useAllDefaults) { + freeNameOids(subjectNames, numNames); + } + + if(crtn) { + cuPrintError("CSSM_TP_SubmitCredRequest", crtn); + return crtn; + } + crtn = CSSM_TP_RetrieveCredResult(tpHand, + &refId, + NULL, // CallerAuthCredentials + &estTime, + &confirmRequired, + &resultSet); + if(crtn) { + cuPrintError("CSSM_TP_RetrieveCredResult", crtn); + return crtn; + } + if(resultSet == NULL) { + printf("***CSSM_TP_RetrieveCredResult returned NULL result set.\n"); + return ioErr; + } + encCert = (CSSM_ENCODED_CERT *)resultSet->Results; + *certData = encCert->CertBlob; + + /* free resources allocated by TP */ + APP_FREE(refId.Data); + APP_FREE(encCert); + APP_FREE(resultSet); + return noErr; +} + +typedef enum { + CO_Nop, + CO_CreateCert, + CO_CreateCSR, + CO_VerifyCSR, + CO_ImportCert, + CO_DisplayCert +} CertOp; + +int main(int argc, char **argv) +{ + SecKeychainRef kcRef = nil; + char kcPath[MAXPATHLEN + 1]; + UInt32 kcPathLen = MAXPATHLEN + 1; + CSSM_BOOL createKc = CSSM_FALSE; + OSStatus ortn; + CSSM_DL_DB_HANDLE dlDbHand = {0, 0}; + CSSM_CSP_HANDLE cspHand = 0; + CSSM_TP_HANDLE tpHand = 0; + CSSM_CL_HANDLE clHand = 0; + CSSM_KEY_PTR pubKey; + CSSM_KEY_PTR privKey; + int arg; + char *argp; + CSSM_BOOL verbose = CSSM_FALSE; + CSSM_ALGORITHMS keyAlg; + CSSM_ALGORITHMS sigAlg; + const CSSM_OID *sigOid; + CSSM_DATA certData = {0, NULL}; + CSSM_RETURN crtn; + CU_KeyUsage keyUsage = 0; + bool isRoot; + CSSM_DATA keyLabel; + #if !SEC_KEY_CREATE_PAIR && !MUNGE_LABEL_ATTR + CSSM_DATA pubKeyHash = {3, (uint8 *)"foo"}; + #endif + CSSM_BOOL createCsr = CSSM_FALSE; // else create cert + int optArgs = 0; + + /* command line arguments */ + char *fileName = NULL; + CSSM_BOOL pemFormat = CSSM_TRUE; + char *certPrintName = NULL; + CertOp op = CO_Nop; + uint32 keySizeInBits; + char *kcName = NULL; + CSSM_BOOL useAllDefaults = CSSM_FALSE; // undoc'd cmd option + + if(argc < 2) { + usage(argv); + } + switch(argv[1][0]) { + case 'c': + op = CO_CreateCert; + optArgs = 2; + break; + case 'r': + if(argc < 3) { + usage(argv); + } + op = CO_CreateCSR; + createCsr = CSSM_TRUE; + fileName = argv[2]; + optArgs = 3; + break; + case 'v': + if(argc < 3) { + usage(argv); + } + op = CO_VerifyCSR; + fileName = argv[2]; + optArgs = 3; + break; + case 'i': + #if SEC_CERT_ADD_TO_KC + if(argc < 3) { + usage(argv); + } + optArgs = 3; + #else + if(argc < 4) { + usage(argv); + } + certPrintName = argv[3]; + optArgs = 4; + #endif /* SEC_CERT_ADD_TO_KC */ + op = CO_ImportCert; + fileName = argv[2]; + break; + case 'd': + if(argc < 3) { + usage(argv); + } + op = CO_DisplayCert; + fileName = argv[2]; + optArgs = 3; + break; + default: + usage(argv); + } + for(arg=optArgs; arg +#include +#include +#include +#include +#include +#include +#include +#include +#include + +void showError( + OSStatus ortn, + const char *errStr) +{ + printf("%s returned %d\n", errStr, (int)ortn); +} + + +/* + * Safe gets(). + * -- guaranteed no buffer overflow + * -- guaranteed NULL-terminated string + * -- handles empty string (i.e., response is just CR) properly + */ +void getString( + char *buf, + unsigned bufSize) +{ + unsigned dex; + char c; + char *cp = buf; + + for(dex=0; dexdescription, nameOidIn->example); + fflush(stdout); + getString(resp, sizeof(resp)); + if(resp[0] != '\0') { + unsigned len = strlen(resp) + 1; + nameOidOut->string = (char *)malloc(len); + strcpy((char *)nameOidOut->string, resp); + nameOidOut->oid = nameOidIn->oid; + nameOidOut++; + outNames++; + } + } + if(outNames == 0) { + printf("\nYou must enter at least one value RDN component.\n\n"); + continue; + } + printf("\nYou have specified:\n"); + for(dex=0; dexoid), nameOidOut->string); + } + getStringWithPrompt("Is this OK (y/anything)? ", resp, sizeof(resp)); + if(resp[0] == 'y') { + ok = true; + break; + } + } + *numNames = outNames; +} + +/* + * Free strings mallocd in getNameOids. + */ +void freeNameOids( + CSSM_APPLE_TP_NAME_OID *subjectNames, + uint32 numNames) +{ + for(unsigned i=0; i 2048) { + return false; + } + return true; +} + +static bool dsaKeySizeVerify( + unsigned keySize) +{ + return((keySize >= 512) & (keySize <= 2048)); +} + +static bool feeKeySizeVerify( + unsigned keySize) +{ + switch(keySize) { + case 128: + case 161: + case 192: + return true; + default: + return false; + } +} + +typedef bool (*keySizeVerifyFcn)(unsigned keySize); + +/* map between algorithms, string, char selector, OID */ +typedef struct _AlgInfo { + CSSM_ALGORITHMS alg; + char *str; + char selector; + const CSSM_OID *oid; // only for signatures + uint32 defaultKeySize; // only for keys + char *keyRangeString; // only for keys + const struct _AlgInfo *sigAlgInfo; // only for keys + keySizeVerifyFcn vfyFcn; // only for keys +} AlgInfo; + +/* + * Note: CSSM_ALGID_MD2WithRSA does not work due to an inimplemented + * Security Server feature. Even though CSP nad CL support this, we + * don't really want to provide this capability anyway - it's a known + * insecure digest algorithm. + */ +static const AlgInfo rsaSigAlgInfo[] = +{ + { CSSM_ALGID_MD5WithRSA, "RSA with MD5", '5', &CSSMOID_MD5WithRSA}, +// { CSSM_ALGID_MD2WithRSA, "RSA with MD2", '2', &CSSMOID_MD2WithRSA}, + { CSSM_ALGID_SHA1WithRSA, "RSA with SHA1", 's', &CSSMOID_SHA1WithRSA}, + { CSSM_ALGID_NONE, NULL, 0 } +}; + +static const AlgInfo feeSigAlgInfo[] = +{ + { CSSM_ALGID_FEE_MD5, "FEE with MD5", '5', &CSSMOID_APPLE_FEE_MD5 }, + { CSSM_ALGID_FEE_SHA1, "FEE with SHA1", 's', &CSSMOID_APPLE_FEE_SHA1 }, + { CSSM_ALGID_SHA1WithECDSA, "ECDSA/SHA1", 'e', &CSSMOID_APPLE_ECDSA }, + { CSSM_ALGID_NONE, NULL, 0, NULL } +}; + +static const AlgInfo dsaSigAlgInfo[] = +{ + { CSSM_ALGID_SHA1WithDSA, "DSA with SHA1", 's', &CSSMOID_APPLE_FEE_MD5 }, + { CSSM_ALGID_NONE, NULL, 0, NULL } +}; + +static const AlgInfo keyAlgInfo[] = +{ + { CSSM_ALGID_RSA, "RSA", 'r', NULL, 512, "512..2048", + rsaSigAlgInfo, rsaKeySizeVerify}, + { CSSM_ALGID_DSA, "DSA", 'd', NULL, 512, "512..2048", + dsaSigAlgInfo, dsaKeySizeVerify}, + { CSSM_ALGID_FEE, "FEE", 'f', NULL, 128, "128, 161, 192", + feeSigAlgInfo, feeKeySizeVerify}, + { CSSM_ALGID_NONE, NULL, 0, NULL } +}; + + +/* map a char response to an element of an AlgInfo array */ +static const AlgInfo *algInfoForSelect( + const AlgInfo *algInfo, // NULL terminated + char c) +{ + while(algInfo->str != NULL) { + if(algInfo->selector == c) { + return algInfo; + } + algInfo++; + } + /* not found */ + return NULL; +} + +/* map a CSSM_ALGORITHM to an entry in keyAlgInfo[] */ +static const AlgInfo *algInfoForAlg( + CSSM_ALGORITHMS alg) +{ + const AlgInfo *algInfo = keyAlgInfo; + while(algInfo->str != NULL) { + if(algInfo->alg == alg) { + return algInfo; + } + algInfo++; + } + /* not found */ + return NULL; +} + +/* get key size and algorithm for subject key */ +void getKeyParams( + CSSM_ALGORITHMS &keyAlg, + uint32 &keySizeInBits) +{ + char resp[200]; + const AlgInfo *keyInfo; + const AlgInfo *tempInfo; + + /* get a key algorithm */ + printf("\nPlease specify parameters for the key pair you will generate.\n\n"); + while(1) { + /* break when we get a valid key algorithm */ + tempInfo = keyAlgInfo; + while(tempInfo->str != NULL) { + printf(" %c %s\n", tempInfo->selector, tempInfo->str); + tempInfo++; + } + getStringWithPrompt("\nSelect key algorithm by letter: ", resp, sizeof(resp)); + if(resp[0] == '\0') { + printf("***There is no default. Please choose a key algorithm.\n"); + continue; + } + keyInfo = algInfoForSelect(keyAlgInfo, resp[0]); + if(keyInfo) { + break; + } + } + + while(1) { + /* until we get a valid key size */ + printf("\nValid key sizes for %s are %s; default is %u\n", + keyInfo->str, keyInfo->keyRangeString, (unsigned)keyInfo->defaultKeySize); + getStringWithPrompt("Enter key size in bits or CR for default: ", + resp, sizeof(resp)); + if(resp[0] == '\0') { + keySizeInBits = keyInfo->defaultKeySize; + } + else { + keySizeInBits = atoi(resp); + } + if(keyInfo->vfyFcn(keySizeInBits)) { + printf("\nYou have selected algorithm %s, key size %u bits.\n", + keyInfo->str, (unsigned)keySizeInBits); + getStringWithPrompt("OK (y/anything)? ", resp, sizeof(resp)); + if(resp[0] == 'y') { + break; + } + } + else { + printf("***%u is not a legal key size for algorithm %s.\n", + (unsigned)keySizeInBits, keyInfo->str); + } + } + keyAlg = keyInfo->alg; +} + +/* given a signing key, obtain signing algorithm (int and oid format) */ +OSStatus getSigAlg( + const CSSM_KEY *signingKey, + CSSM_ALGORITHMS &sigAlg, + const CSSM_OID * &sigOid) +{ + char resp[200]; + const AlgInfo *keyInfo; + const AlgInfo *tempInfo; + const AlgInfo *sigInfoArray; + const AlgInfo *sigInfo; + + keyInfo = algInfoForAlg(signingKey->KeyHeader.AlgorithmId); + if(keyInfo == NULL) { + printf("***Signing key has unknown algorithm (%u).\n", + (unsigned)signingKey->KeyHeader.AlgorithmId); + return paramErr; + } + sigInfoArray = keyInfo->sigAlgInfo; + printf("\nPlease specify the algorithm with which your certificate will be " + "signed.\n\n"); + while(1) { + /* break when we get a valid sig algorithm */ + tempInfo = sigInfoArray; + while(tempInfo->str != NULL) { + printf(" %c %s\n", tempInfo->selector, tempInfo->str); + tempInfo++; + } + getStringWithPrompt("\nSelect signature algorithm by letter: ", + resp, sizeof(resp)); + if(resp[0] == '\0') { + printf("***There is no default. Please choose a signature algorithm.\n"); + continue; + } + sigInfo = algInfoForSelect(sigInfoArray, resp[0]); + if(sigInfo == NULL) { + printf("Try again.\n"); + continue; + } + printf("\nYou have selected algorithm %s.\n", sigInfo->str); + getStringWithPrompt("OK (y/anything)? ", resp, sizeof(resp)); + if(resp[0] == 'y') { + break; + } + } + sigAlg = sigInfo->alg; + sigOid = sigInfo->oid; + return noErr; +} + +CU_KeyUsage getKeyUsage(bool isRoot) +{ + char resp[200]; + char *prompt; + + if(isRoot) { + /* root HAS to be capable of signing */ + prompt = "Enter cert/key usage (s=signing, b=signing AND encrypting): "; + } + else { + prompt = "Enter cert/key usage (s=signing, e=encrypting, b=both): "; + } + while(1) { + getStringWithPrompt(prompt, resp, sizeof(resp)); + switch(resp[0]) { + case 's': + return kKeyUseSigning; + case 'e': + if(isRoot) { + continue; + } + return kKeyUseEncrypting; + case 'b': + return kKeyUseSigning | kKeyUseEncrypting; + + } + } +} + + diff --git a/CertTool/CertTool/CertUI.h b/CertTool/CertTool/CertUI.h new file mode 100644 index 00000000..a90c229d --- /dev/null +++ b/CertTool/CertTool/CertUI.h @@ -0,0 +1,137 @@ +/* + File: CertUI.h + + Description: stdio-based routines to get cert info from user. + + Author: dmitch + + Copyright: © Copyright 2002 Apple Computer, Inc. All rights reserved. + + Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple + Computer, Inc. ("Apple") in consideration of your agreement to + the following terms, and your use, installation, modification + or redistribution of this Apple software constitutes acceptance + of these terms. If you do not agree with these terms, please + do not use, install, modify or redistribute this Apple software. + + In consideration of your agreement to abide by the following + terms, and subject to these terms, Apple grants you a personal, + non-exclusive license, under Apple's copyrights in this + original Apple software (the "Apple Software"), to use, + reproduce, modify and redistribute the Apple Software, with + or without modifications, in source and/or binary forms; + provided that if you redistribute the Apple Software in + its entirety and without modifications, you must retain + this notice and the following text and disclaimers in all + such redistributions of the Apple Software. Neither the + name, trademarks, service marks or logos of Apple Computer, + Inc. may be used to endorse or promote products derived from the + Apple Software without specific prior written permission from + Apple. Except as expressly stated in this notice, no other + rights or licenses, express or implied, are granted by Apple + herein, including but not limited to any patent rights that + may be infringed by your derivative works or by other works + in which the Apple Software may be incorporated. + + The Apple Software is provided by Apple on an "AS IS" basis. + APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, + REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE + OR IN COMBINATION WITH YOUR PRODUCTS. + + IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, + INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION + AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED + AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING + NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#ifndef _CREATECERT_CERT_UI_H_ +#define _CREATECERT_CERT_UI_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { + +/* Dump error info. */ +void showError( + OSStatus ortn, + const char *errStr); + +/* + * Safe gets(). + * -- guaranteed no buffer overflow + * -- guaranteed NULL-terminated string + * -- handles empty string (i.e., response is just CR) properly + */ +void getString( + char *buf, + unsigned bufSize); + +/* + * Prompt and safe getString. + */ +void getStringWithPrompt( + const char *prompt, // need not end in newline + char *buf, + unsigned bufSize); + +/* + * Used to interactively cook up an array of CSSM_APPLE_TP_NAME_OIDs, representing + * a cert's RDN. + */ +typedef struct { + const CSSM_OID *oid; // e.g., CSSMOID_CommonName + const char *description; // e.g., "Common Name" + const char *example; // e.g., "www.apple.com" +} NameOidInfo; + +#define MAX_NAMES 5 + +/* Fill in a CSSM_APPLE_TP_NAME_OID array. */ +void getNameOids( + CSSM_APPLE_TP_NAME_OID *subjectNames, // size MAX_NAMES mallocd by caller + uint32 *numNames); // RETURNED + +/* + * Free strings mallocd in getNameOids. + */ +void freeNameOids( + CSSM_APPLE_TP_NAME_OID *subjectNames, + uint32 numNames); + +/* get key size and algorithm for subject key */ +void getKeyParams( + CSSM_ALGORITHMS &keyAlg, + uint32 &keySizeInBits); + +/* given a signing key, obtain signing algorithm (int and oid format) */ +OSStatus getSigAlg( + const CSSM_KEY *signingKey, + CSSM_ALGORITHMS &sigAlg, + const CSSM_OID * &sigOid); + +/* + * Obtain key usage. + */ + +/* these are OR-able bitfields */ +typedef unsigned CU_KeyUsage; +#define kKeyUseSigning 0x01 +#define kKeyUseEncrypting 0x02 + +CU_KeyUsage getKeyUsage(bool isRoot); + +#endif +#ifdef __cplusplus +} +#endif + +#endif /* _CREATECERT_CERT_UI_H_ */ diff --git a/CertTool/cdsaUtils/cdsaUtils.c b/CertTool/cdsaUtils/cdsaUtils.c new file mode 100644 index 00000000..952f8fe0 --- /dev/null +++ b/CertTool/cdsaUtils/cdsaUtils.c @@ -0,0 +1,687 @@ +/* + File: cdsaUtils.c + + Description: common CDSA access utilities + + Author: dmitch + + Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved. + + Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple + Computer, Inc. ("Apple") in consideration of your agreement to + the following terms, and your use, installation, modification + or redistribution of this Apple software constitutes acceptance + of these terms. If you do not agree with these terms, please + do not use, install, modify or redistribute this Apple software. + + In consideration of your agreement to abide by the following + terms, and subject to these terms, Apple grants you a personal, + non-exclusive license, under Apple's copyrights in this + original Apple software (the "Apple Software"), to use, + reproduce, modify and redistribute the Apple Software, with + or without modifications, in source and/or binary forms; + provided that if you redistribute the Apple Software in + its entirety and without modifications, you must retain + this notice and the following text and disclaimers in all + such redistributions of the Apple Software. Neither the + name, trademarks, service marks or logos of Apple Computer, + Inc. may be used to endorse or promote products derived from the + Apple Software without specific prior written permission from + Apple. Except as expressly stated in this notice, no other + rights or licenses, express or implied, are granted by Apple + herein, including but not limited to any patent rights that + may be infringed by your derivative works or by other works + in which the Apple Software may be incorporated. + + The Apple Software is provided by Apple on an "AS IS" basis. + APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, + REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE + OR IN COMBINATION WITH YOUR PRODUCTS. + + IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, + INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION + AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED + AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING + NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "cdsaUtils.h" +#include +#include +#include +#include + +static CSSM_VERSION vers = {2, 0}; +static const CSSM_GUID testGuid = { 0xFADE, 0, 0, { 1,2,3,4,5,6,7,0 }}; + +/* + * Standard app-level memory functions required by CDSA. + */ +void * cuAppMalloc (uint32 size, void *allocRef) { + return( malloc(size) ); +} + +void cuAppFree (void *mem_ptr, void *allocRef) { + free(mem_ptr); + return; +} + +void * cuAppRealloc (void *ptr, uint32 size, void *allocRef) { + return( realloc( ptr, size ) ); +} + +void * cuAppCalloc (uint32 num, uint32 size, void *allocRef) { + return( calloc( num, size ) ); +} + +static CSSM_API_MEMORY_FUNCS memFuncs = { + cuAppMalloc, + cuAppFree, + cuAppRealloc, + cuAppCalloc, + NULL + }; + +CSSM_BOOL cuCompareCssmData(const CSSM_DATA *d1, + const CSSM_DATA *d2) +{ + if(d1->Length != d2->Length) { + return CSSM_FALSE; + } + if(memcmp(d1->Data, d2->Data, d1->Length)) { + return CSSM_FALSE; + } + return CSSM_TRUE; +} + +/* + * Init CSSM; returns CSSM_FALSE on error. Reusable. + */ +static CSSM_BOOL cssmInitd = CSSM_FALSE; + +CSSM_BOOL cuCssmStartup() +{ + CSSM_RETURN crtn; + CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE; + + if(cssmInitd) { + return CSSM_TRUE; + } + crtn = CSSM_Init (&vers, + CSSM_PRIVILEGE_SCOPE_NONE, + &testGuid, + CSSM_KEY_HIERARCHY_NONE, + &pvcPolicy, + NULL /* reserved */); + if(crtn != CSSM_OK) + { + cuPrintError("CSSM_Init", crtn); + return CSSM_FALSE; + } + else { + cssmInitd = CSSM_TRUE; + return CSSM_TRUE; + } +} + +/* + * Attach to CSP. Returns zero on error. + */ +CSSM_CSP_HANDLE cuCspStartup( + CSSM_BOOL bareCsp) // true ==> CSP, false ==> CSP/DL +{ + CSSM_CSP_HANDLE cspHand; + CSSM_RETURN crtn; + const CSSM_GUID *guid; + + /* common CSSM init */ + if(cuCssmStartup() == CSSM_FALSE) { + return 0; + } + if(bareCsp) { + guid = &gGuidAppleCSP; + } + else { + guid = &gGuidAppleCSPDL; + } + crtn = CSSM_ModuleLoad(guid, + CSSM_KEY_HIERARCHY_NONE, + NULL, // eventHandler + NULL); // AppNotifyCallbackCtx + if(crtn) { + cuPrintError("CSSM_ModuleLoad()", crtn); + return 0; + } + crtn = CSSM_ModuleAttach (guid, + &vers, + &memFuncs, // memFuncs + 0, // SubserviceID + CSSM_SERVICE_CSP, + 0, // AttachFlags + CSSM_KEY_HIERARCHY_NONE, + NULL, // FunctionTable + 0, // NumFuncTable + NULL, // reserved + &cspHand); + if(crtn) { + cuPrintError("CSSM_ModuleAttach()", crtn); + return 0; + } + return cspHand; +} + +/* Attach to DL side of CSPDL */ +CSSM_DL_HANDLE cuDlStartup() +{ + CSSM_DL_HANDLE dlHand = 0; + CSSM_RETURN crtn; + + if(cuCssmStartup() == CSSM_FALSE) { + return 0; + } + crtn = CSSM_ModuleLoad(&gGuidAppleCSPDL, + CSSM_KEY_HIERARCHY_NONE, + NULL, // eventHandler + NULL); // AppNotifyCallbackCtx + if(crtn) { + cuPrintError("CSSM_ModuleLoad(Apple CSPDL)", crtn); + return 0; + } + crtn = CSSM_ModuleAttach (&gGuidAppleCSPDL, + &vers, + &memFuncs, // memFuncs + 0, // SubserviceID + CSSM_SERVICE_DL, + 0, // AttachFlags + CSSM_KEY_HIERARCHY_NONE, + NULL, // FunctionTable + 0, // NumFuncTable + NULL, // reserved + &dlHand); + if(crtn) { + cuPrintError("CSSM_ModuleAttach(Apple CSPDL)", crtn); + return 0; + } + return dlHand; +} + +CSSM_CL_HANDLE cuClStartup() +{ + CSSM_CL_HANDLE clHand; + CSSM_RETURN crtn; + + if(cuCssmStartup() == CSSM_FALSE) { + return 0; + } + crtn = CSSM_ModuleLoad(&gGuidAppleX509CL, + CSSM_KEY_HIERARCHY_NONE, + NULL, // eventHandler + NULL); // AppNotifyCallbackCtx + if(crtn) { + cuPrintError("CSSM_ModuleLoad(AppleCL)", crtn); + return 0; + } + crtn = CSSM_ModuleAttach (&gGuidAppleX509CL, + &vers, + &memFuncs, // memFuncs + 0, // SubserviceID + CSSM_SERVICE_CL, // SubserviceFlags - Where is this used? + 0, // AttachFlags + CSSM_KEY_HIERARCHY_NONE, + NULL, // FunctionTable + 0, // NumFuncTable + NULL, // reserved + &clHand); + if(crtn) { + cuPrintError("CSSM_ModuleAttach(AppleCL)", crtn); + return 0; + } + else { + return clHand; + } +} + +CSSM_TP_HANDLE cuTpStartup() +{ + CSSM_TP_HANDLE tpHand; + CSSM_RETURN crtn; + + if(cuCssmStartup() == CSSM_FALSE) { + return 0; + } + crtn = CSSM_ModuleLoad(&gGuidAppleX509TP, + CSSM_KEY_HIERARCHY_NONE, + NULL, // eventHandler + NULL); // AppNotifyCallbackCtx + if(crtn) { + cuPrintError("CSSM_ModuleLoad(AppleTP)", crtn); + return 0; + } + crtn = CSSM_ModuleAttach (&gGuidAppleX509TP, + &vers, + &memFuncs, // memFuncs + 0, // SubserviceID + CSSM_SERVICE_TP, // SubserviceFlags + 0, // AttachFlags + CSSM_KEY_HIERARCHY_NONE, + NULL, // FunctionTable + 0, // NumFuncTable + NULL, // reserved + &tpHand); + if(crtn) { + cuPrintError("CSSM_ModuleAttach(AppleTP)", crtn); + return 0; + } + else { + return tpHand; + } +} + +/* + * open a DB, ensure it's empty. + */ +CSSM_DB_HANDLE cuDbStartup( + CSSM_DL_HANDLE dlHand, // from dlStartup() + const char *dbName) +{ + CSSM_DB_HANDLE dbHand = 0; + CSSM_RETURN crtn; + CSSM_DBINFO dbInfo; + + /* first delete possible existing DB, ignore error */ + crtn = CSSM_DL_DbDelete(dlHand, dbName, NULL, NULL); + switch(crtn) { + /* only allowed error is "no such file" */ + case CSSM_OK: + case CSSMERR_DL_DATASTORE_DOESNOT_EXIST: + break; + default: + cuPrintError("CSSM_DL_DbDelete", crtn); + return 0; + } + + memset(&dbInfo, 0, sizeof(CSSM_DBINFO)); + + /* now create it */ + crtn = CSSM_DL_DbCreate(dlHand, + dbName, + NULL, // DbLocation + &dbInfo, + // &Security::KeychainCore::Schema::DBInfo, + CSSM_DB_ACCESS_PRIVILEGED, + NULL, // CredAndAclEntry + NULL, // OpenParameters + &dbHand); + if(crtn) { + cuPrintError("CSSM_DL_DbCreate", crtn); + } + return dbHand; +} + +/* + * Attach to existing DB or create an empty new one. + */ +CSSM_DB_HANDLE cuDbStartupByName(CSSM_DL_HANDLE dlHand, + char *dbName, + CSSM_BOOL doCreate, + CSSM_BOOL quiet) +{ + CSSM_RETURN crtn; + CSSM_DB_HANDLE dbHand; + + /* try open existing DB in either case */ + + crtn = CSSM_DL_DbOpen(dlHand, + dbName, + NULL, // DbLocation + CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, + NULL, // CSSM_ACCESS_CREDENTIALS *AccessCred + NULL, // void *OpenParameters + &dbHand); + if(crtn == CSSM_OK) { + return dbHand; + } + if(!doCreate) { + if(!quiet) { + printf("***no such data base (%s)\n", dbName); + cuPrintError("CSSM_DL_DbOpen", crtn); + } + return 0; + } + /* have to create one */ + return cuDbStartup(dlHand, dbName); +} + +/* + * Given a context specified via a CSSM_CC_HANDLE, add a new + * CSSM_CONTEXT_ATTRIBUTE to the context as specified by AttributeType, + * AttributeLength, and an untyped pointer. + */ +CSSM_RETURN cuAddContextAttribute(CSSM_CC_HANDLE CCHandle, + uint32 AttributeType, + uint32 AttributeLength, + const void *AttributePtr) +{ + CSSM_CONTEXT_ATTRIBUTE newAttr; + CSSM_RETURN crtn; + + newAttr.AttributeType = AttributeType; + newAttr.AttributeLength = AttributeLength; + newAttr.Attribute.Data = (CSSM_DATA_PTR)AttributePtr; + crtn = CSSM_UpdateContextAttributes(CCHandle, 1, &newAttr); + if(crtn) { + cuPrintError("CSSM_UpdateContextAttributes", crtn); + } + return crtn; +} + + +/* + * Derive symmetric key. + * Note in the X CSP, we never return an IV. + */ +CSSM_RETURN cuCspDeriveKey(CSSM_CSP_HANDLE cspHand, + uint32 keyAlg, // CSSM_ALGID_RC5, etc. + const char *keyLabel, + unsigned keyLabelLen, + uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. + uint32 keySizeInBits, + CSSM_DATA_PTR password, // in PKCS-5 lingo + CSSM_DATA_PTR salt, // ditto + uint32 iterationCnt, // ditto + CSSM_KEY_PTR key) +{ + CSSM_RETURN crtn; + CSSM_CC_HANDLE ccHand; + uint32 keyAttr; + CSSM_DATA dummyLabel; + CSSM_PKCS5_PBKDF2_PARAMS pbeParams; + CSSM_DATA pbeData; + CSSM_ACCESS_CREDENTIALS creds; + + memset(key, 0, sizeof(CSSM_KEY)); + memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); + crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand, + CSSM_ALGID_PKCS5_PBKDF2, + keyAlg, + keySizeInBits, + &creds, + NULL, // BaseKey + iterationCnt, + salt, + NULL, // seed + &ccHand); + if(crtn) { + cuPrintError("CSSM_CSP_CreateDeriveKeyContext", crtn); + return crtn; + } + keyAttr = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF | + CSSM_KEYATTR_SENSITIVE; + dummyLabel.Length = keyLabelLen; + dummyLabel.Data = (uint8 *)keyLabel; + + /* passing in password is pretty strange....*/ + pbeParams.Passphrase = *password; + pbeParams.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1; + pbeData.Data = (uint8 *)&pbeParams; + pbeData.Length = sizeof(pbeParams); + crtn = CSSM_DeriveKey(ccHand, + &pbeData, + keyUsage, + keyAttr, + &dummyLabel, + NULL, // cred and acl + key); + if(crtn) { + cuPrintError("CSSM_DeriveKey", crtn); + return crtn; + } + crtn = CSSM_DeleteContext(ccHand); + if(crtn) { + cuPrintError("CSSM_DeleteContext", crtn); + } + return crtn; +} + +/* + * Generate key pair of arbitrary algorithm. + */ + +/* CSP DL currently does not perform DSA generate params; let CSP do it implicitly */ +#define DO_DSA_GEN_PARAMS 0 + +CSSM_RETURN cuCspGenKeyPair(CSSM_CSP_HANDLE cspHand, + CSSM_DL_DB_HANDLE *dlDbHand, // optional + uint32 algorithm, + const char *keyLabel, + unsigned keyLabelLen, + uint32 keySize, // in bits + CSSM_KEY_PTR pubKey, // mallocd by caller + CSSM_KEYUSE pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. + CSSM_KEYATTR_FLAGS pubAttrs, // CSSM_KEYATTR_EXTRACTABLE, etc. + CSSM_KEY_PTR privKey, // mallocd by caller + CSSM_KEYUSE privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. + CSSM_KEYATTR_FLAGS privAttrs) // CSSM_KEYATTR_EXTRACTABLE, etc. +{ + CSSM_RETURN crtn; + CSSM_RETURN ocrtn; + CSSM_CC_HANDLE ccHand; + CSSM_DATA keyLabelData; + + keyLabelData.Data = (uint8 *)keyLabel, + keyLabelData.Length = keyLabelLen; + memset(pubKey, 0, sizeof(CSSM_KEY)); + memset(privKey, 0, sizeof(CSSM_KEY)); + + crtn = CSSM_CSP_CreateKeyGenContext(cspHand, + algorithm, + keySize, + NULL, // Seed + NULL, // Salt + NULL, // StartDate + NULL, // EndDate + NULL, // Params + &ccHand); + if(crtn) { + cuPrintError("CSSM_CSP_CreateKeyGenContext", crtn); + return crtn; + } + + /* post-context-create algorithm-specific stuff */ + switch(algorithm) { + #if DO_DSA_GEN_PARAMS + case CSSM_ALGID_DSA: + /* + * extra step - generate params - this just adds some + * info to the context + */ + { + CSSM_DATA dummy = {0, NULL}; + crtn = CSSM_GenerateAlgorithmParams(ccHand, + keySize, &dummy); + if(crtn) { + cuPrintError("CSSM_GenerateAlgorithmParams", crtn); + CSSM_DeleteContext(ccHand); + return crtn; + } + cuAppFree(dummy.Data, NULL); + } + break; + #endif /* DO_DSA_GEN_PARAMS */ + default: + break; + } + + /* optionally specify DL/DB storage location */ + if(dlDbHand) { + crtn = cuAddContextAttribute(ccHand, + CSSM_ATTRIBUTE_DL_DB_HANDLE, + sizeof(CSSM_ATTRIBUTE_DL_DB_HANDLE), + dlDbHand); + if(crtn) { + CSSM_DeleteContext(ccHand); + return crtn; + } + } + ocrtn = CSSM_GenerateKeyPair(ccHand, + pubKeyUsage, + pubAttrs, + &keyLabelData, + pubKey, + privKeyUsage, + privAttrs, + &keyLabelData, // same labels + NULL, // CredAndAclEntry + privKey); + if(ocrtn) { + cuPrintError("CSSM_GenerateKeyPair", ocrtn); + } + crtn = CSSM_DeleteContext(ccHand); + if(crtn) { + cuPrintError("CSSM_DeleteContext", crtn); + if(ocrtn == CSSM_OK) { + /* error on CSSM_GenerateKeyPair takes precedence */ + ocrtn = crtn; + } + } + return ocrtn; +} + +/* + * Add a certificate to an open DLDB. + */ +CSSM_RETURN cuAddCertToDb( + CSSM_DL_DB_HANDLE dlDbHand, + const CSSM_DATA *cert, + CSSM_CERT_TYPE certType, + CSSM_CERT_ENCODING certEncoding, + const char *printName, // C string + const CSSM_DATA *publicKeyHash) +{ + CSSM_DB_ATTRIBUTE_DATA attrs[6]; + CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; + CSSM_DB_ATTRIBUTE_DATA_PTR attr = &attrs[0]; + CSSM_DATA certTypeData; + CSSM_DATA certEncData; + CSSM_DATA printNameData; + CSSM_RETURN crtn; + CSSM_DB_UNIQUE_RECORD_PTR recordPtr; + + /* issuer and serial number required, fake 'em */ + CSSM_DATA issuer = {6, (uint8 *)"issuer"}; + CSSM_DATA serial = {6, (uint8 *)"serial"}; + + /* we spec six attributes, skipping alias */ + certTypeData.Data = (uint8 *)&certType; + certTypeData.Length = sizeof(CSSM_CERT_TYPE); + certEncData.Data = (uint8 *)&certEncoding; + certEncData.Length = sizeof(CSSM_CERT_ENCODING); + printNameData.Data = (uint8 *)printName; + printNameData.Length = strlen(printName) + 1; + + attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attr->Info.Label.AttributeName = "CertType"; + attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; + attr->NumberOfValues = 1; + attr->Value = &certTypeData; + + attr++; + attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attr->Info.Label.AttributeName = "CertEncoding"; + attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; + attr->NumberOfValues = 1; + attr->Value = &certEncData; + + attr++; + attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attr->Info.Label.AttributeName = "PrintName"; + attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; + attr->NumberOfValues = 1; + attr->Value = &printNameData; + + attr++; + attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attr->Info.Label.AttributeName = "PublicKeyHash"; + attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; + attr->NumberOfValues = 1; + attr->Value = (CSSM_DATA_PTR)publicKeyHash; + + attr++; + attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attr->Info.Label.AttributeName = "Issuer"; + attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; + attr->NumberOfValues = 1; + attr->Value = &issuer; + + attr++; + attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attr->Info.Label.AttributeName = "SerialNumber"; + attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; + attr->NumberOfValues = 1; + attr->Value = &serial; + + recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE; + recordAttrs.SemanticInformation = 0; + recordAttrs.NumberOfAttributes = 6; + recordAttrs.AttributeData = attrs; + + crtn = CSSM_DL_DataInsert(dlDbHand, + CSSM_DL_DB_RECORD_X509_CERTIFICATE, + &recordAttrs, + cert, + &recordPtr); + if(crtn) { + cuPrintError("CSSM_DL_DataInsert", crtn); + } + else { + CSSM_DL_FreeUniqueRecord(dlDbHand, recordPtr); + } + return crtn; +} + +/* + * Add a certificate to an open DLDB. + */ +CSSM_RETURN cuAddCertToKC( + SecKeychainRef keychain, + const CSSM_DATA *cert, + CSSM_CERT_TYPE certType, + CSSM_CERT_ENCODING certEncoding, + const char *printName, // C string + const CSSM_DATA *keyLabel) // ?? +{ + SecCertificateRef certificate; + + OSStatus rslt = SecCertificateCreateFromData(cert, certType, certEncoding, &certificate); + if (!rslt) + { + rslt = SecCertificateAddToKeychain(certificate, keychain); + CFRelease(certificate); + } + + return rslt; +} + +/* + * This prototype does not exist in public Security headers in 10.1, but the + * function is in fact exported from the Security framework. A future release + * will include a public prototype for this function. + */ +#if 1 +extern void cssmPerror(const char *how, CSSM_RETURN error); +#else +#include +#endif +/* + * Log CSSM error. + */ +void cuPrintError(char *op, CSSM_RETURN err) +{ + cssmPerror(op, err); +} diff --git a/CertTool/cdsaUtils/cdsaUtils.h b/CertTool/cdsaUtils/cdsaUtils.h new file mode 100644 index 00000000..20099582 --- /dev/null +++ b/CertTool/cdsaUtils/cdsaUtils.h @@ -0,0 +1,166 @@ +/* + File: cdsaUtils.h + + Description: common CDSA access utilities + + Author: dmitch + + Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved. + + Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple + Computer, Inc. ("Apple") in consideration of your agreement to + the following terms, and your use, installation, modification + or redistribution of this Apple software constitutes acceptance + of these terms. If you do not agree with these terms, please + do not use, install, modify or redistribute this Apple software. + + In consideration of your agreement to abide by the following + terms, and subject to these terms, Apple grants you a personal, + non-exclusive license, under Apple's copyrights in this + original Apple software (the "Apple Software"), to use, + reproduce, modify and redistribute the Apple Software, with + or without modifications, in source and/or binary forms; + provided that if you redistribute the Apple Software in + its entirety and without modifications, you must retain + this notice and the following text and disclaimers in all + such redistributions of the Apple Software. Neither the + name, trademarks, service marks or logos of Apple Computer, + Inc. may be used to endorse or promote products derived from the + Apple Software without specific prior written permission from + Apple. Except as expressly stated in this notice, no other + rights or licenses, express or implied, are granted by Apple + herein, including but not limited to any patent rights that + may be infringed by your derivative works or by other works + in which the Apple Software may be incorporated. + + The Apple Software is provided by Apple on an "AS IS" basis. + APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, + REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE + OR IN COMBINATION WITH YOUR PRODUCTS. + + IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, + INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION + AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED + AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING + NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#ifndef _COMMON_CDSA_UTILS_H_ +#define _COMMON_CDSA_UTILS_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* common memory allocators shared by app and CSSM */ +extern void * cuAppMalloc (uint32 size, void *allocRef); +extern void cuAppFree (void *mem_ptr, void *allocRef); +extern void * cuAppRealloc (void *ptr, uint32 size, void *allocRef); +extern void * cuAppCalloc (uint32 num, uint32 size, void *allocRef); + +#define APP_MALLOC(s) cuAppMalloc(s, NULL) +#define APP_FREE(p) cuAppFree(p, NULL) +#define APP_REALLOC(p, s) cuAppRealloc(p, s, NULL) +#define APP_CALLOC(n, s) cuAppRealloc(n, s, NULL) + +extern CSSM_BOOL cuCompareCssmData( + const CSSM_DATA *d1, + const CSSM_DATA *d2); +void cuPrintError(char *op, CSSM_RETURN err); + +/* Init CSSM; returns CSSM_FALSE on error. Reusable. */ +extern CSSM_BOOL cuCssmStartup(); + +/* Attach to CSP. Returns zero on error. */ +extern CSSM_CSP_HANDLE cuCspStartup( + CSSM_BOOL bareCsp); // true ==> CSP, false ==> CSP/DL + +/* Attach to DL side of CSPDL. */ +extern CSSM_DL_HANDLE cuDlStartup(); + +/* Attach to CL, TP */ +extern CSSM_CL_HANDLE cuClStartup(); +extern CSSM_TP_HANDLE cuTpStartup(); + +/* Open a DB, ensure it's empty. */ +CSSM_DB_HANDLE cuDbStartup( + CSSM_DL_HANDLE dlHand, // from dlStartup() + const char *dbName); + +/* Attach to existing DB or create an empty new one. */ +CSSM_DB_HANDLE cuDbStartupByName(CSSM_DL_HANDLE dlHand, + char *dbName, + CSSM_BOOL doCreate, + CSSM_BOOL quiet); + +/* + * Derive symmetric key using PBE. + */ +extern CSSM_RETURN cuCspDeriveKey(CSSM_CSP_HANDLE cspHand, + uint32 keyAlg, // CSSM_ALGID_RC5, etc. + const char *keyLabel, + unsigned keyLabelLen, + uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. + uint32 keySizeInBits, + CSSM_DATA_PTR password, // in PKCS-5 lingo + CSSM_DATA_PTR salt, // ditto + uint32 iterationCnt, // ditto + CSSM_KEY_PTR key); + +/* + * Generate key pair of arbitrary algorithm. + */ +extern CSSM_RETURN cuCspGenKeyPair(CSSM_CSP_HANDLE cspHand, + CSSM_DL_DB_HANDLE *dlDbHand, // optional + uint32 algorithm, + const char *keyLabel, + unsigned keyLabelLen, + uint32 keySize, // in bits + CSSM_KEY_PTR pubKey, // mallocd by caller + CSSM_KEYUSE pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. + CSSM_KEYATTR_FLAGS pubAttrs, // CSSM_KEYATTR_EXTRACTABLE, etc. + CSSM_KEY_PTR privKey, // mallocd by caller + CSSM_KEYUSE privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. + CSSM_KEYATTR_FLAGS privAttrs); // CSSM_KEYATTR_EXTRACTABLE, etc. + +/* Convert a reference key to a raw key. */ +CSSM_RETURN cuRefKeyToRaw(CSSM_CSP_HANDLE cspHand, + const CSSM_KEY *refKey, + CSSM_KEY_PTR rawKey); // RETURNED + +/* + * Add a certificate to an open DLDB. + */ +CSSM_RETURN cuAddCertToDb( + CSSM_DL_DB_HANDLE dlDbHand, + const CSSM_DATA *cert, + CSSM_CERT_TYPE certType, + CSSM_CERT_ENCODING certEncoding, + const char *printName, // C string + const CSSM_DATA *publicKeyHash); // ?? + +/* + * Add a certificate to a keychain. + */ +CSSM_RETURN cuAddCertToKC( + SecKeychainRef keychain, + const CSSM_DATA *cert, + CSSM_CERT_TYPE certType, + CSSM_CERT_ENCODING certEncoding, + const char *printName, // C string + const CSSM_DATA *keyLabel); // ?? + +#ifdef __cplusplus +} +#endif + +#endif /* _COMMON_CDSA_UTILS_H_ */ \ No newline at end of file diff --git a/CertTool/cdsaUtils/cuEnc64.c b/CertTool/cdsaUtils/cuEnc64.c new file mode 100644 index 00000000..2e69af83 --- /dev/null +++ b/CertTool/cdsaUtils/cuEnc64.c @@ -0,0 +1,402 @@ +/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. + * + * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT + * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE + * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE + * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, + * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL + * EXPOSE YOU TO LIABILITY. + *************************************************************************** + * + * enc64.c - encode/decode in 64-char IA5 format, per RFC 1421 + * + * Revision History + * ---------------- + * 11/27/98 dmitch + * Added ECDSA_VERIFY_ONLY dependencies. + * 10/06/98 ap + * Changed to compile with C++. + * 12 Dec 96 Doug Mitchell at NeXT + * Newlines optional in dec64() and isValidEnc64(). + * 9 Oct 96 Doug Mitchell at NeXT + * Created. + */ + +#include "cuEnc64.h" +#include + +/* + * 11/27/98 dmitch: The ECDSA_VERIFY_ONLY symbol, when #defined, disables all + * of the code in this module except that which is necessary for ECDSA + * siggnature verification. + */ + +#ifndef NULL +#define NULL ((void *)0) +#endif /* NULL */ + +/* + * map a 6-bit binary value to a printable character. + */ +static const +unsigned char bintoasc[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +/* + * Map an 7-bit printable character to its corresponding binary value. + * Any illegal characters return high bit set. + */ +static const +unsigned char asctobin[] = +{ + 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, + 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, + 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, + 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, + 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, + 0x80, 0x80, 0x80, 0x3e, 0x80, 0x80, 0x80, 0x3f, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, + 0x3c, 0x3d, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, + 0x80, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, + 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, + 0x17, 0x18, 0x19, 0x80, 0x80, 0x80, 0x80, 0x80, + 0x80, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, + 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, + 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, + 0x31, 0x32, 0x33, 0x80, 0x80, 0x80, 0x80, 0x80 +}; + +/* + * map 6 bits to a printing char + */ +#define ENC(c) (bintoasc[((c) & 0x3f)]) + +#define PAD '=' + +/* + * map one group of up to 3 bytes at inp to 4 bytes at outp. + * Count is number of valid bytes in *inp; if less than 3, the + * 1 or two extras must be zeros. + */ +static void encChunk(const unsigned char *inp, + unsigned char *outp, + int count) +{ + unsigned char c1, c2, c3, c4; + + c1 = *inp >> 2; + c2 = ((inp[0] << 4) & 0x30) | ((inp[1] >> 4) & 0xf); + c3 = ((inp[1] << 2) & 0x3c) | ((inp[2] >> 6) & 0x3); + c4 = inp[2] & 0x3f; + *outp++ = ENC(c1); + *outp++ = ENC(c2); + if (count == 1) { + *outp++ = PAD; + *outp = PAD; + } else { + *outp++ = ENC(c3); + if (count == 2) { + *outp = PAD; + } + else { + *outp = ENC(c4); + } + } +} + +/* + * Given input buffer inbuf, length inlen, encode to 64-char IA5 format. + * Result is fmalloc'd and returned; it is terminated by Microsoft-style + * newline and NULL. Its length (including the trailing newline and NULL) + * is returned in *outlen. + */ + +unsigned char *enc64(const unsigned char *inbuf, + unsigned inlen, + unsigned *outlen) // RETURNED +{ + return enc64WithLines(inbuf, inlen, 0, outlen); +} + +unsigned char *enc64WithLines(const unsigned char *inbuf, + unsigned inlen, + unsigned linelen, + unsigned *outlen) +{ + unsigned outTextLen; + unsigned len; // to malloc, liberal + unsigned olen = 0; // actual output size + unsigned char *outbuf; + unsigned char endbuf[3]; + int i; + unsigned char *outp; + unsigned numLines; + unsigned thisLine; + + outTextLen = ((inlen + 2) / 3) * 4; + if(linelen) { + /* + * linelen must be 0 mod 4 for this to work; round up... + */ + if((linelen & 0x03) != 0) { + linelen = (linelen + 3) & 0xfffffffc; + } + numLines = (outTextLen + linelen - 1)/ linelen; + } + else { + numLines = 1; + } + + /* + * Total output size = encoded text size plus one newline per + * line of output, plus trailing NULL. We always generate newlines + * as \n; when decoding, we tolerate \r\n (Microsoft) or \n. + */ + len = outTextLen + (2 * numLines) + 1; + outbuf = (unsigned char*)malloc(len); + outp = outbuf; + thisLine = 0; + + while(inlen) { + if(inlen < 3) { + for(i=0; i<3; i++) { + if(i < inlen) { + endbuf[i] = inbuf[i]; + } + else { + endbuf[i] = 0; + } + } + encChunk(endbuf, outp, inlen); + inlen = 0; + } + else { + encChunk(inbuf, outp, 3); + inlen -= 3; + inbuf += 3; + } + outp += 4; + thisLine += 4; + olen += 4; + if((linelen != 0) && (thisLine >= linelen) && inlen) { + /* + * last trailing newline added below + * Note we don't split 4-byte output chunks over newlines + */ + *outp++ = '\n'; + olen++; + thisLine = 0; + } + } + *outp++ = '\n'; + *outp = '\0'; + olen += 2; + *outlen = olen; + return outbuf; +} + +static inline int isWhite(unsigned char c) +{ + switch(c) { + case '\n': + case '\r': + case ' ': + case '\t': + case '\0': + return 1; + default: + return 0; + } +} + +/* + * Strip off all whitespace from a (supposedly) enc64-format string. + * Returns a malloc'd string. + */ +static unsigned char *stringCleanse(const unsigned char *inbuf, + unsigned inlen, + unsigned *outlen) +{ + unsigned char *news; // cleansed inbuf + unsigned newsDex; // index into news + unsigned i; + + news = (unsigned char*)malloc(inlen); + newsDex = 0; + for(i=0; i 0) { + goto errorOut; + } + } + else { + goto errorOut; + } + } else if (*bp & 0x80 || (c3 = asctobin[*bp]) & 0x80) { + goto errorOut; + } else { + bp++; + inlen--; + if (*bp == PAD) { + /* + * Three input bytes, two output + */ + c4 = 0; + thisOlen = 2; + if (c3 & 3) { + goto errorOut; + } + } else if (*bp & 0x80 || (c4 = asctobin[*bp]) & 0x80) { + goto errorOut; + } else { + /* + * Normal non-pad case + */ + thisOlen = 3; + } + bp++; + inlen--; + } + j = (c1 << 2) | (c2 >> 4); + *outp++ = j; + if(thisOlen > 1) { + j = (c2 << 4) | (c3 >> 2); + *outp++ = j; + if(thisOlen == 3) { + j = (c3 << 6) | c4; + *outp++ = j; + } + } + olen += thisOlen; + } + free(news); + *outlen = olen; + return outbuf; /* normal return */ + +errorOut: + free(news); + free(outbuf); + return (unsigned char*) NULL; +} + +/* + * Determine if specified input data is valid enc64 format. Returns 1 + * if valid, 0 if not. + * This doesn't do a full enc64 parse job; it scans for legal characters + * and proper sync when a possible pad is found. + */ +int isValidEnc64(const unsigned char *inbuf, + unsigned inlen) +{ + int padChars = 0; // running count of PAD chars + int validEncChars = 0; + unsigned char c; + + /* + * -- scan inbuf + * -- skip whitespace + * -- count valid chars + * -- ensure not more than 2 PAD chars, only at end + * -- ensure valid chars mod 4 == 0 + */ + + while(inlen) { + c = *inbuf++; + inlen--; + if(isWhite(c)) { + continue; + } + if(c == PAD) { + if(++padChars > 2) { + return 0; // max of 2 PAD chars at end + } + } + else if(padChars > 0) { + return 0; // no normal chars after seeing PAD + } + else if((c & 0x80) || ((asctobin[c]) & 0x80)) { + return 0; // invalid encoded char + } + validEncChars++; + } + if((validEncChars & 0x03) != 0) { + return 0; + } + else { + return 1; + } +} diff --git a/CertTool/cdsaUtils/cuEnc64.h b/CertTool/cdsaUtils/cuEnc64.h new file mode 100644 index 00000000..5527d8b9 --- /dev/null +++ b/CertTool/cdsaUtils/cuEnc64.h @@ -0,0 +1,65 @@ +/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved. + * + * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT + * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE + * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE + * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, + * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL + * EXPOSE YOU TO LIABILITY. + *************************************************************************** + * + * enc64.h - encode/decode in 64-char IA5 format, per RFC 1421 + * + * Revision History + * ---------------- + * 9 Oct 96 Doug Mitchell at NeXT + * Created. + */ + +#ifndef _CK_ENC64_H_ +#define _CK_ENC64_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Given input buffer inbuf, length inlen, decode from 64-char IA5 format to + * binary. Result is malloced and returned; its length is returned in *outlen. + * NULL return indicates corrupted input. + */ +unsigned char *enc64(const unsigned char *inbuf, + unsigned inlen, + unsigned *outlen); // RETURNED + +/* + * Enc64, with embedded newlines every lineLen in result. A newline is + * the UNIX \n. Result is mallocd. + */ +unsigned char *enc64WithLines(const unsigned char *inbuf, + unsigned inlen, + unsigned linelen, + unsigned *outlen); // RETURNED + +/* + * Given input buffer inbuf, length inlen, decode from 64-char IA5 format to + * binary. Result is malloced and returned; its length is returned in *outlen. + * NULL return indicates corrupted input. All whitespace in inbuf is + * ignored. + */ +unsigned char *dec64(const unsigned char *inbuf, + unsigned inlen, + unsigned *outlen); + +/* + * Determine if specified input data is valid enc64 format. Returns 1 + * if valid, 0 if not. + */ +int isValidEnc64(const unsigned char *inbuf, + unsigned inbufLen); + +#ifdef __cplusplus +} +#endif + +#endif /*_CK_ENC64_H_*/ diff --git a/CertTool/cdsaUtils/dumpasn1.cfg b/CertTool/cdsaUtils/dumpasn1.cfg new file mode 100644 index 00000000..71d18743 --- /dev/null +++ b/CertTool/cdsaUtils/dumpasn1.cfg @@ -0,0 +1,2915 @@ +# dumpasn1 Object Identifier configuration file, available from +# http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg. This is read by +# dumpasn1.c and is used to display information on Object Identifiers found in +# ASN.1 objects. This is merely a list of things which you might conceivably +# find in use somewhere, and should in no way be taken as a guide to which OIDs +# to use - many of these will never been seen in the wild, or should be shot on +# sight if encountered. +# +# The format of this file is as follows: +# +# - All blank lines and lines beginning with a '#' are ignored. +# - OIDs are described by a set of attributes, of which at least the 'OID' and +# 'Description' must be present. Optional attributes are a 'Comment' and a +# 'Warning' (to indicate that dumpasn1 will display a warning if this OID is +# encountered). +# - Attributes are listed one per line. The first attribute should be an 'OID' +# attribute since this is used to denote the start of a new OID description. +# The other attributes may be given in any order. +# +# See the rest of this file for examples of what an OID description should look +# like. + +# Some unknown X.500 attributes spec from the UK + +OID = 06 09 09 92 26 89 93 F2 2C 01 03 +Comment = Some oddball X.500 attribute collection +Description = rfc822Mailbox (0 9 2342 19200300 1 3) + +# RFC 2247, How to Kludge an FQDN as a DN (or words to that effect) + +OID = 06 0A 09 92 26 89 93 F2 2C 64 01 01 +Comment = Men are from Mars, this OID is from Pluto +Description = domainComponent (0 9 2342 19200300 100 1 25) + +# Certificates Australia + +OID = 06 0A 2A 24 A4 97 A3 53 01 64 01 01 +Comment = Certificates Australia CA +Description = Certificates Australia policyIdentifier (1 2 36 75878867 1 100 1 1) + +# Signet + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 02 +Comment = Signet CA +Description = Signet personal (1 2 36 68980861 1 1 2) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 03 +Comment = Signet CA +Description = Signet business (1 2 36 68980861 1 1 3) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 04 +Comment = Signet CA +Description = Signet legal (1 2 36 68980861 1 1 4) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0A +Comment = Signet CA +Description = Signet pilot (1 2 36 68980861 1 1 10) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0B +Comment = Signet CA +Description = Signet intraNet (1 2 36 68980861 1 1 11) + +OID = 06 09 2A 24 A0 F2 A0 7D 01 01 14 +Comment = Signet CA +Description = Signet securityPolicy (1 2 36 68980861 1 1 20) + +# Mitsubishi + +OID = 06 0B 2A 83 08 8C 1A 4B 3D 01 01 01 +Comment = Mitsubishi security algorithm +Description = symmetric-encryption-algorithm (1 2 392 200011 61 1 1 1) + +OID = 06 0C 2A 83 08 8C 9A 4B 3D 01 01 01 01 +Comment = Mitsubishi security algorithm +Description = misty1-cbc (1 2 392 200011 61 1 1 1 1) + +# SEIS + +OID = 06 05 2A 85 70 22 01 +Comment = SEIS Project +Description = seis-cp (1 2 752 34 1) + +OID = 06 06 2A 85 70 22 01 01 +Comment = SEIS Project certificate policies +Description = SEIS high-assurnace certificatePolicy (1 2 752 34 1 1) + +OID = 06 06 2A 85 70 22 01 02 +Comment = SEIS Project certificate policies +Description = SEIS GAK certificatePolicy (1 2 752 34 1 2) + +OID = 06 05 2A 85 70 22 02 +Comment = SEIS Project +Description = SEIS pe (1 2 752 34 2) + +OID = 06 05 2A 85 70 22 03 +Comment = SEIS Project +Description = SEIS at (1 2 752 34 3) + +OID = 06 06 2A 85 70 22 03 01 +Comment = SEIS Project attribute +Description = SEIS at-personalIdentifier (1 2 752 34 3 1) + +# ANSI X9.57 + +OID = 06 06 2A 86 48 CE 38 01 +Comment = ANSI X9.57 +Description = module (1 2 840 10040 1) + +OID = 06 07 2A 86 48 CE 38 01 01 +Comment = ANSI X9.57 module +Description = x9f1-cert-mgmt (1 2 840 10040 1 1) + +OID = 06 06 2A 86 48 CE 38 02 +Comment = ANSI X9.57 +Description = holdinstruction (1 2 840 10040 2) + +OID = 06 07 2A 86 48 CE 38 02 01 +Comment = ANSI X9.57 hold instruction +Description = holdinstruction-none (1 2 840 10040 2 1) + +OID = 06 07 2A 86 48 CE 38 02 02 +Comment = ANSI X9.57 hold instruction +Description = callissuer (1 2 840 10040 2 2) + +OID = 06 07 2A 86 48 CE 38 02 03 +Comment = ANSI X9.57 hold instruction +Description = reject (1 2 840 10040 2 3) + +OID = 06 07 2A 86 48 CE 38 02 04 +Comment = ANSI X9.57 hold instruction +Description = pickupToken (1 2 840 10040 2 4) + +OID = 06 06 2A 86 48 CE 38 03 +Comment = ANSI X9.57 +Description = attribute (1 2 840 10040 3) + +OID = 06 06 2A 86 48 CE 38 03 01 +Comment = ANSI X9.57 attribute +Description = countersignature (1 2 840 10040 3 1) + +OID = 06 06 2A 86 48 CE 38 03 02 +Comment = ANSI X9.57 attribute +Description = attribute-cert (1 2 840 10040 3 2) + +OID = 06 06 2A 86 48 CE 38 04 +Comment = ANSI X9.57 +Description = algorithm (1 2 840 10040 4) + +# this is specified in sm_cms +OID = 06 07 2A 86 48 CE 38 04 01 +Comment = ANSI X9.57 algorithm +Description = dsa (1 2 840 10040 4 1) + +OID = 06 07 2A 86 48 CE 38 04 02 +Comment = ANSI X9.57 algorithm +Description = dsa-match (1 2 840 10040 4 2) + +OID = 06 07 2A 86 48 CE 38 04 03 +Comment = ANSI X9.57 algorithm +Description = dsaWithSha1 (1 2 840 10040 4 3) + +# ANSI X9.62 + +OID = 06 06 2A 86 48 CE 3D 01 +Comment = ANSI X9.62. This OID may also be assigned as ecdsa-with-SHA1 +Description = fieldType (1 2 840 10045 1) + +OID = 06 07 2A 86 48 CE 3D 01 01 +Comment = ANSI X9.62 field type +Description = prime-field (1 2 840 10045 1 1) + +OID = 06 07 2A 86 48 CE 3D 01 02 +Comment = ANSI X9.62 field type +Description = characteristic-two-field (1 2 840 10045 1 2) + +OID = 06 09 2A 86 48 CE 3D 01 02 03 +Comment = ANSI X9.62 field type +Description = characteristic-two-basis (1 2 840 10045 1 2 3) + +OID = 06 0A 2A 86 48 CE 3D 01 02 03 01 +Comment = ANSI X9.62 field basis +Description = onBasis (1 2 840 10045 1 2 3 1) + +OID = 06 0A 2A 86 48 CE 3D 01 02 03 02 +Comment = ANSI X9.62 field basis +Description = tpBasis (1 2 840 10045 1 2 3 2) + +OID = 06 0A 2A 86 48 CE 3D 01 02 03 03 +Comment = ANSI X9.62 field basis +Description = ppBasis (1 2 840 10045 1 2 3 3) + +OID = 06 07 2A 86 48 CE 3D 01 02 +Comment = ANSI X9.62 +Description = public-key-type (1 2 840 10045 1 2) + +OID = 06 08 2A 86 48 CE 3D 01 02 01 +Comment = ANSI X9.62 public key type +Description = ecPublicKey (1 2 840 10045 1 2 1) + +# The definition for the following OID is somewhat confused, and is given as +# keyType, publicKeyType, and public-key-type, all within 4 lines of text. +# ecPublicKey is defined using the ID publicKeyType, so this is what's used +# here. +OID = 06 06 2A 86 48 CE 3D 02 +Comment = ANSI X9.62 +Description = publicKeyType (1 2 840 10045 2) + +OID = 06 07 2A 86 48 CE 3D 02 01 +Comment = ANSI X9.62 public key type +Description = ecPublicKey (1 2 840 10045 2 1) + +# ANSI X9.42 + +OID = 06 07 2A 86 48 CE 3E 02 +Comment = ANSI X9.42 +Description = number-type (1 2 840 10046 2) + +OID = 06 07 2A 86 48 CE 3E 02 01 +Comment = ANSI X9.42 number-type +Description = dhPublicNumber (1 2 840 10046 2 1) + +# Nortel Secure Networks/Entrust + +OID = 06 07 2A 86 48 86 F6 7D 07 +Description = nsn (1 2 840 113533 7) + +OID = 06 08 2A 86 48 86 F6 7D 07 41 +Description = nsn-ce (1 2 840 113533 7 65) + +OID = 06 09 2A 86 48 86 F6 7D 07 41 00 +Comment = Nortel Secure Networks ce (1 2 840 113533 7 65) +Description = entrustVersInfo (1 2 840 113533 7 65 0) + +OID = 06 08 2A 86 48 86 F6 7D 07 42 +Description = nsn-alg (1 2 840 113533 7 66) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 03 +Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) +Description = cast3CBC (1 2 840 113533 7 66 3) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 0A +Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) +Description = cast5CBC (1 2 840 113533 7 66 10) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 0B +Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) +Description = cast5MAC (1 2 840 113533 7 66 11) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 0C +Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) +Description = pbeWithMD5AndCAST5-CBC (1 2 840 113533 7 66 12) + +OID = 06 09 2A 86 48 86 F6 7D 07 42 0D +Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) +Description = passwordBasedMac (1 2 840 113533 7 66 13) + +OID = 06 08 2A 86 48 86 F6 7D 07 43 +Description = nsn-oc (1 2 840 113533 7 67) + +OID = 06 09 2A 86 48 86 F6 7D 07 43 0C +Comment = Nortel Secure Networks oc (1 2 840 113533 7 67) +Description = entrustUser (1 2 840 113533 7 67 0) + +OID = 06 08 2A 86 48 86 F6 7D 07 44 +Description = nsn-at (1 2 840 113533 7 68) + +OID = 06 09 2A 86 48 86 F6 7D 07 44 00 +Comment = Nortel Secure Networks at (1 2 840 113533 7 68) +Description = entrustCAInfo (1 2 840 113533 7 68 0) + +OID = 06 09 2A 86 48 86 F6 7D 07 44 0A +Comment = Nortel Secure Networks at (1 2 840 113533 7 68) +Description = attributeCertificate (1 2 840 113533 7 68 10) + +# PKCS #1 + +OID = 06 08 2A 86 48 86 F7 0D 01 01 +Description = pkcs-1 (1 2 840 113549 1 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 01 +Comment = PKCS #1 +Description = rsaEncryption (1 2 840 113549 1 1 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 02 +Comment = PKCS #1 +Description = md2withRSAEncryption (1 2 840 113549 1 1 2) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 03 +Comment = PKCS #1 +Description = md4withRSAEncryption (1 2 840 113549 1 1 3) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 04 +Comment = PKCS #1 +Description = md5withRSAEncryption (1 2 840 113549 1 1 4) + +OID = 06 09 2A 86 48 86 F7 0D 01 01 05 +Comment = PKCS #1 +Description = sha1withRSAEncryption (1 2 840 113549 1 1 5) + +# There is some confusion over the identity of the following OID. The OAEP +# one is more recent, but independant vendors have already used the RIPEMD +# one, however it's likely that SET will be a bigger hammer so we report it +# as that. +OID = 06 09 2A 86 48 86 F7 0D 01 01 06 +Comment = PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption +Description = rsaOAEPEncryptionSET (1 2 840 113549 1 1 6) +# ripemd160WithRSAEncryption (1 2 840 113549 1 1 6) + +# PKCS #3 + +OID = 06 08 2A 86 48 86 F7 0D 01 03 +Description = pkcs-3 (1 2 840 113549 1 3) + +OID = 06 09 2A 86 48 86 F7 0D 01 03 01 +Comment = PKCS #3 +Description = dhKeyAgreement (1 2 840 113549 1 3 1) + +# PKCS #5 + +OID = 06 09 2A 86 48 86 F7 0D 01 05 +Description = pkcs-5 (1 2 840 113549 1 5) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 01 +Comment = PKCS #5 +Description = pbeWithMD2AndDES-CBC (1 2 840 113549 1 5 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 03 +Comment = PKCS #5 +Description = pbeWithMD5AndDES-CBC (1 2 840 113549 1 5 3) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 04 +Comment = PKCS #5 +Description = pbeWithMD2AndRC2-CBC (1 2 840 113549 1 5 4) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 06 +Comment = PKCS #5 +Description = pbeWithMD5AndRC2-CBC (1 2 840 113549 1 5 6) + +OID = 06 09 2A 86 48 86 F7 0D 01 05 09 +Comment = PKCS #5, used in BSAFE only +Description = pbeWithMD5AndXOR (1 2 840 113549 1 5 9) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 05 0A +Comment = PKCS #5 +Description = pbeWithSHAAndDES-CBC (1 2 840 113549 1 5 10) + +# PKCS #7 + +OID = 06 09 2A 86 48 86 F7 0D 01 07 +Description = pkcs-7 (1 2 840 113549 1 7) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 01 +Comment = PKCS #7 +Description = data (1 2 840 113549 1 7 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 02 +Comment = PKCS #7 +Description = signedData (1 2 840 113549 1 7 2) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 03 +Comment = PKCS #7 +Description = envelopedData (1 2 840 113549 1 7 3) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 04 +Comment = PKCS #7 +Description = signedAndEnvelopedData (1 2 840 113549 1 7 4) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 05 +Comment = PKCS #7 +Description = digestedData (1 2 840 113549 1 7 5) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 06 +Comment = PKCS #7 +Description = encryptedData (1 2 840 113549 1 7 6) + +OID = 06 09 2A 86 48 86 F7 0D 01 07 07 +Comment = PKCS #7 experimental +Description = dataWithAttributes (1 2 840 113549 1 7 7) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 07 08 +Comment = PKCS #7 experimental +Description = encryptedPrivateKeyInfo (1 2 840 113549 1 7 8) +Warning + +# PKCS #9 + +OID = 06 09 2A 86 48 86 F7 0D 01 09 +Description = pkcs-9 (1 2 840 113549 1 9) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 01 +Comment = PKCS #9 (1 2 840 113549 1 9). Deprecated, use an altName extension instead +Description = emailAddress (1 2 840 113549 1 9 1) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 02 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = unstructuredName (1 2 840 113549 1 9 2) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 03 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = contentType (1 2 840 113549 1 9 3) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 04 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = messageDigest (1 2 840 113549 1 9 4) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 05 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = signingTime (1 2 840 113549 1 9 5) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 06 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = countersignature (1 2 840 113549 1 9 6) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 07 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = challengePassword (1 2 840 113549 1 9 7) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 08 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = unstructuredAddress (1 2 840 113549 1 9 8) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 09 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = extendedCertificateAttributes (1 2 840 113549 1 9 9) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0A +Comment = PKCS #9 (1 2 840 113549 1 9) experimental +Description = issuerAndSerialNumber (1 2 840 113549 1 9 10) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0B +Comment = PKCS #9 (1 2 840 113549 1 9) experimental +Description = passwordCheck (1 2 840 113549 1 9 11) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0C +Comment = PKCS #9 (1 2 840 113549 1 9) experimental +Description = publicKey (1 2 840 113549 1 9 12) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0D +Comment = PKCS #9 (1 2 840 113549 1 9) experimental +Description = signingDescription (1 2 840 113549 1 9 13) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0E +Comment = PKCS #9 (1 2 840 113549 1 9) experimental +Description = extensionReq (1 2 840 113549 1 9 14) + +# PKCS #9 for use with S/MIME + +OID = 06 09 2A 86 48 86 F7 0D 01 09 0F +Comment = PKCS #9 (1 2 840 113549 1 9). This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name +Description = sMIMECapabilities (1 2 840 113549 1 9 15) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 01 +Comment = sMIMECapabilities (1 2 840 113549 1 9 15) +Description = preferSignedData (1 2 840 113549 1 9 15 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 02 +Comment = sMIMECapabilities (1 2 840 113549 1 9 15) +Description = canNotDecryptAny (1 2 840 113549 1 9 15 2) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 03 +Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 1) instead +Description = receiptRequest (1 2 840 113549 1 9 15 3) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 04 +Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 1 1) instead +Description = receipt (1 2 840 113549 1 9 15 4) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 05 +Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 4) instead +Description = contentHints (1 2 840 113549 1 9 15 5) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 06 +Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 3) instead +Description = mlExpansionHistory (1 2 840 113549 1 9 15 6) +Warning + +OID = 06 09 2A 86 48 86 F7 0D 01 09 10 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = id-sMIME (1 2 840 113549 1 9 16) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 00 +Comment = id-sMIME (1 2 840 113549 1 9 16) +Description = id-mod (1 2 840 113549 1 9 16 0) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 01 +Comment = S/MIME Modules (1 2 840 113549 1 9 16 0) +Description = id-mod-cms (1 2 840 113549 1 9 16 0 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 02 +Comment = S/MIME Modules (1 2 840 113549 1 9 16 0) +Description = id-mod-ess (1 2 840 113549 1 9 16 0 2) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 01 +Comment = id-sMIME (1 2 840 113549 1 9 16) +Description = id-ct (1 2 840 113549 1 9 16 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 01 +Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1) +Description = id-ct-receipt (1 2 840 113549 1 9 16 1 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 02 +Comment = id-sMIME (1 2 840 113549 1 9 16) +Description = id-aa (1 2 840 113549 1 9 16 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 01 +Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) +Description = id-aa-receiptRequest (1 2 840 113549 1 9 16 2 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 02 +Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) +Description = id-aa-securityLabel (1 2 840 113549 1 9 16 2 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 03 +Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) +Description = id-aa-mlExpandHistory (1 2 840 113549 1 9 16 2 3) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 04 +Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) +Description = id-aa-contentHint (1 2 840 113549 1 9 16 2 4) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 05 +Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) +Description = id-aa-msgSigDigest (1 2 840 113549 1 9 16 2 5) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 07 +Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) +Description = id-aa-contentIdentifier (1 2 840 113549 1 9 16 2 7) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 08 +Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) +Description = id-aa-macValue (1 2 840 113549 1 9 16 2 8) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 09 +Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) +Description = id-aa-equivalentLabels (1 2 840 113549 1 9 16 2 9) + +OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0A +Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) +Description = id-aa-contentReference (1 2 840 113549 1 9 16 2 10) + +# PKCS #9 for use with PKCS #12 + +OID = 06 09 2A 86 48 86 F7 0D 01 09 14 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = friendlyName (for PKCS #12) (1 2 840 113549 1 9 20) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 15 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = localKeyID (for PKCS #12) (1 2 840 113549 1 9 21) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 16 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = certTypes (for PKCS #12) (1 2 840 113549 1 9 22) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 01 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = x509Certificate (for PKCS #12) (1 2 840 113549 1 9 22 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 02 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = sdsiCertificate (for PKCS #12) (1 2 840 113549 1 9 22 2) + +OID = 06 09 2A 86 48 86 F7 0D 01 09 17 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = crlTypes (for PKCS #12) (1 2 840 113549 1 9 23) + +OID = 06 0A 2A 86 48 86 F7 0D 01 09 17 01 +Comment = PKCS #9 (1 2 840 113549 1 9) +Description = x509Crl (for PKCS #12) (1 2 840 113549 1 9 23 1) + +# PKCS #12. Note that current PKCS #12 implementations tend to be strange and +# peculiar, with implementors misusing OIDs or basing their work on earlier PFX +# drafts or defining their own odd OIDs. In addition the PFX/PKCS #12 spec +# itself is full of errors and inconsistencies, and a number of OIDs have been +# redefined in different drafts (often multiple times), which doesn't make the +# implementors job any easier. + +OID = 06 08 2A 86 48 86 F7 0D 01 0C +Description = pkcs-12 (1 2 840 113549 1 12) + +OID = 06 09 2A 86 48 86 F7 0D 01 0C 01 +Comment = This OID was formerly assigned as PKCS #12 modeID +Description = pkcs-12-PbeIds (1 2 840 113549 1 12 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 01 +Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 1). This OID was formerly assigned as pkcs-12-OfflineTransportMode +Description = pbeWithSHAAnd128BitRC4 (1 2 840 113549 1 12 1 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 02 +Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 2). This OID was formerly assigned as pkcs-12-OnlineTransportMode +Description = pbeWithSHAAnd40BitRC4 (1 2 840 113549 1 12 1 2) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 03 +Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) +Description = pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 04 +Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) +Description = pbeWithSHAAnd2-KeyTripleDES-CBC (1 2 840 113549 1 12 1 4) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 05 +Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) +Description = pbeWithSHAAnd128BitRC2-CBC (1 2 840 113549 1 12 1 5) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 06 +Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) +Description = pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6) + +OID = 06 09 2A 86 48 86 F7 0D 01 0C 02 +Comment = Deprecated +Description = pkcs-12-ESPVKID (1 2 840 113549 1 12 2) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 02 01 +Comment = PKCS #12 ESPVKID (1 2 840 113549 1 12 2). Deprecated, use (1 2 840 113549 1 12 3 5) instead +Description = pkcs-12-PKCS8KeyShrouding (1 2 840 113549 1 12 2 1) +Warning + +# The following appear to have been redefined yet again at 12 10 in the latest +# PKCS #12 spec. +OID = 06 09 2A 86 48 86 F7 0D 01 0C 03 +Description = pkcs-12-BagIds (1 2 840 113549 1 12 3) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 01 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) +Description = pkcs-12-keyBagId (1 2 840 113549 1 12 3 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 02 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) +Description = pkcs-12-certAndCRLBagId (1 2 840 113549 1 12 3 2) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 03 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) +Description = pkcs-12-secretBagId (1 2 840 113549 1 12 3 3) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 04 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) +Description = pkcs-12-safeContentsId (1 2 840 113549 1 12 3 4) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 05 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) +Description = pkcs-12-pkcs-8ShroudedKeyBagId (1 2 840 113549 1 12 3 5) + +OID = 06 09 2A 86 48 86 F7 0D 01 0C 04 +Comment = Deprecated +Description = pkcs-12-CertBagID (1 2 840 113549 1 12 4) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 01 +Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-X509CertCRLBag +Description = pkcs-12-X509CertCRLBagID (1 2 840 113549 1 12 4 1) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 02 +Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-SDSICertBag +Description = pkcs-12-SDSICertBagID (1 2 840 113549 1 12 4 2) + +# The following are from PFX. The ... 5 1 values have been reassigned to OIDs +# with incompatible algorithms at ... 1, the 5 2 values seem to have vanished. +OID = 06 09 2A 86 48 86 F7 0D 01 0C 05 +Description = pkcs-12-OID (1 2 840 113549 1 12 5) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 01 +Comment = PKCS #12 OID (1 2 840 113549 1 12 5). Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead +Description = pkcs-12-PBEID (1 2 840 113549 1 12 5 1) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 01 +Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 1) instead +Description = pkcs-12-PBEWithSha1And128BitRC4 (1 2 840 113549 1 12 5 1 1) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 02 +Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 2) instead +Description = pkcs-12-PBEWithSha1And40BitRC4 (1 2 840 113549 1 12 5 1 2) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 03 +Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead +Description = pkcs-12-PBEWithSha1AndTripleDESCBC (1 2 840 113549 1 12 5 1 3) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 04 +Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 5) instead +Description = pkcs-12-PBEWithSha1And128BitRC2CBC (1 2 840 113549 1 12 5 1 4) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 05 +Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 6) instead +Description = pkcs-12-PBEWithSha1And40BitRC2CBC (1 2 840 113549 1 12 5 1 5) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 06 +Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead +Description = pkcs-12-PBEWithSha1AndRC4 (1 2 840 113549 1 12 5 1 6) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 07 +Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead +Description = pkcs-12-PBEWithSha1AndRC2CBC (1 2 840 113549 1 12 5 1 7) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 02 +Description = pkcs-12-EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 01 +Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead +Description = pkcs-12-RSAEncryptionWith128BitRC4 (1 2 840 113549 1 12 5 2 1) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 02 +Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead +Description = pkcs-12-RSAEncryptionWith40BitRC4 (1 2 840 113549 1 12 5 2 2) +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 03 +Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead +Description = pkcs-12-RSAEncryptionWithTripleDES (1 2 840 113549 1 12 5 2 3) +Warning + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 03 +Description = pkcs-12-SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead +Warning + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 03 01 +Comment = PKCS #12 OID SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead +Description = pkcs-12-RSASignatureWithSHA1Digest (1 2 840 113549 1 12 5 3 1) +Warning + +# Yet *another* redefinition of the PKCS #12 "bag" ID's, now in a different +# order than the last redefinition at ... 12 3. +OID = 06 09 2A 86 48 86 F7 0D 01 0C 0A +Description = pkcs-12Version1 (1 2 840 113549 1 12 10) + +OID = 06 0A 2A 86 48 86 F7 0D 01 0C 0A 01 +Description = pkcs-12BadIds (1 2 840 113549 1 12 10 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 01 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) +Description = pkcs-12-keyBag (1 2 840 113549 1 12 10 1 1) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 02 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) +Description = pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 03 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) +Description = pkcs-12-certBag (1 2 840 113549 1 12 10 1 3) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 04 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) +Description = pkcs-12-crlBag (1 2 840 113549 1 12 10 1 4) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 05 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) +Description = pkcs-12-secretBag (1 2 840 113549 1 12 10 1 5) + +OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 06 +Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) +Description = pkcs-12-safeContentsBag (1 2 840 113549 1 12 10 1 6) + +# RSADSI digest algorithms + +OID = 06 08 2A 86 48 86 F7 0D 02 +Description = digestAlgorithm (1 2 840 113549 2) + +OID = 06 08 2A 86 48 86 F7 0D 02 02 +Comment = RSADSI digestAlgorithm (1 2 840 113549 2) +Description = md2 (1 2 840 113549 2 2) + +OID = 06 08 2A 86 48 86 F7 0D 02 04 +Comment = RSADSI digestAlgorithm (1 2 840 113549 2) +Description = md4 (1 2 840 113549 2 4) + +OID = 06 08 2A 86 48 86 F7 0D 02 05 +Comment = RSADSI digestAlgorithm (1 2 840 113549 2) +Description = md5 (1 2 840 113549 2 5) + +# RSADSI encryption algorithms + +OID = 06 08 2A 86 48 86 F7 0D 03 +Description = encryptionAlgorithm (1 2 840 113549 3) + +OID = 06 08 2A 86 48 86 F7 0D 03 02 +Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) +Description = rc2CBC (1 2 840 113549 3 2) + +OID = 06 08 2A 86 48 86 F7 0D 03 03 +Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) +Description = rc2ECB (1 2 840 113549 3 3) + +OID = 06 08 2A 86 48 86 F7 0D 03 04 +Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) +Description = rc4 (1 2 840 113549 3 4) + +OID = 06 08 2A 86 48 86 F7 0D 03 05 +Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) +Description = rc4WithMAC (1 2 840 113549 3 5) + +OID = 06 08 2A 86 48 86 F7 0D 03 06 +Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) +Description = desx-CBC (1 2 840 113549 3 6) + +OID = 06 08 2A 86 48 86 F7 0D 03 07 +Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) +Description = des-EDE3-CBC (1 2 840 113549 3 7) + +OID = 06 08 2A 86 48 86 F7 0D 03 08 +Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) +Description = rc5CBC (1 2 840 113549 3 8) + +OID = 06 08 2A 86 48 86 F7 0D 03 09 +Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) +Description = rc5-CBCPad (1 2 840 113549 3 9) + +OID = 06 08 2A 86 48 86 F7 0D 03 0A +Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3). Formerly called CDMFCBCPad +Description = desCDMF (1 2 840 113549 3 10) + +# Ascom Systech + +OID = 06 0A 2B 06 01 04 01 81 3C 07 01 01 +Comment = Ascom Systech +Description = ascom (1 3 6 1 4 1 188 7 1 1) + +OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 01 +Comment = Ascom Systech +Description = ideaECB (1 3 6 1 4 1 188 7 1 1 1) + +# Microsoft + +OID = 06 08 2A 86 48 86 F7 14 04 03 +Comment = Microsoft +Description = microsoftExcel (1 2 840 113556 4 3) + +OID = 06 08 2A 86 48 86 F7 14 04 04 +Comment = Microsoft +Description = titledWithOID (1 2 840 113556 4 4) + +OID = 06 08 2A 86 48 86 F7 14 04 05 +Comment = Microsoft +Description = microsoftPowerPoint (1 2 840 113556 4 5) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 04 +Comment = Microsoft code signing +Description = spcIndirectDataContext (1 3 6 1 4 1 311 2 1 4) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0A +Comment = Microsoft code signing. Also known as policyLink +Description = spcAgencyInfo (1 3 6 1 4 1 311 2 1 10) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0B +Comment = Microsoft code signing +Description = spcStatementType (1 3 6 1 4 1 311 2 1 11) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0C +Comment = Microsoft code signing +Description = spcSpOpusInfo (1 3 6 1 4 1 311 2 1 12) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0E +Comment = Microsoft +Description = certExtensions (1 3 6 1 4 1 311 2 1 14) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 0F +Comment = Microsoft code signing +Description = spcPelmageData (1 3 6 1 4 1 311 2 1 15) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 14 +Comment = Microsoft code signing. Also known as "glue extension" +Description = spcLink (type 1) (1 3 6 1 4 1 311 2 1 20) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 15 +Comment = Microsoft +Description = individualCodeSigning (1 3 6 1 4 1 311 2 1 21) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 16 +Comment = Microsoft +Description = commercialCodeSigning (1 3 6 1 4 1 311 2 1 22) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 19 +Comment = Microsoft code signing. Also known as "glue extension" +Description = spcLink (type 2) (1 3 6 1 4 1 311 2 1 25) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 1A +Comment = Microsoft code signing +Description = spcMinimalCriteriaInfo (1 3 6 1 4 1 311 2 1 26) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 1B +Comment = Microsoft code signing +Description = spcFinancialCriteriaInfo (1 3 6 1 4 1 311 2 1 27) + +OID = 06 0A 2B 06 01 04 01 82 37 02 01 1C +Comment = Microsoft code signing. Also known as "glue extension" +Description = spcLink (type 3) (1 3 6 1 4 1 311 2 1 28) + +OID = 06 0A 2B 06 01 04 01 82 37 03 02 01 +Comment = Microsoft code signing +Description = timestampCountersignature (1 3 6 1 4 1 311 3 2 1) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 01 +Comment = Microsoft PKCS #7 contentType +Description = certTrustList (1 3 6 1 4 1 311 10 1) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 02 +Comment = Microsoft +Description = nextUpdateLocation (1 3 6 1 4 1 311 10 2) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 03 01 +Comment = Microsoft enhanced key usage +Description = certTrustListSigning (1 3 6 1 4 1 311 10 3 1) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 03 02 +Comment = Microsoft enhanced key usage +Description = timeStampSigning (1 3 6 1 4 1 311 10 3 2) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 03 03 +Comment = Microsoft enhanced key usage +Description = serverGatedCrypto (1 3 6 1 4 1 311 10 3 3) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 03 04 +Comment = Microsoft enhanced key usage +Description = encryptedFileSystem (1 3 6 1 4 1 311 10 3 4) + +OID = 06 0A 2B 06 01 04 01 82 37 0A 04 01 +Comment = Microsoft attribute +Description = yesnoTrustAttr (1 3 6 1 4 1 311 10 4 1) + +# UNINETT + +OID = 06 0A 2B 06 01 04 01 92 7C 0A 01 01 +Comment = UNINETT PCA +Description = UNINETT policyIdentifier (1 3 6 1 4 1 2428 10 1 1) + +# ICE-TEL + +OID = 06 08 2B 06 01 04 01 95 18 0A +Comment = ICE-TEL CA +Description = ICE-TEL policyIdentifier (1 3 6 1 4 1 2712 10) + +OID = 06 0A 2B 06 01 04 01 95 62 01 01 01 +Comment = ICE-TEL CA policy +Description = ICE-TEL Italian policyIdentifier (1 3 6 1 4 1 2786 1 1 1) + +# cryptlib + +OID = 06 09 2B 06 01 04 01 97 55 20 01 +Comment = cryptlib +Description = cryptlibEnvelope (1 3 6 1 4 1 3029 32 1) + +OID = 06 09 2B 06 01 04 01 97 55 20 02 +Comment = cryptlib +Description = cryptlibPrivateKey (1 3 6 1 4 1 3029 32 2) + +OID = 06 0B 2B 06 01 04 01 97 55 2A D7 24 01 +Comment = cryptlib special MPEG-of-cat OID +Description = mpeg-1 (1 3 6 1 4 1 3029 42 11172 1) + +# PKIX + +OID = 06 06 2B 06 01 05 05 07 +Description = pkix (1 3 6 1 5 5 7) + +OID = 06 07 2B 06 01 05 05 07 01 +Comment = PKIX +Description = privateExtension (1 3 6 1 5 5 7 1) + +OID = 06 08 2B 06 01 05 05 07 01 01 +Comment = PKIX private extension +Description = authorityInfoAccess (1 3 6 1 5 5 7 1 1) + +OID = 06 07 2B 06 01 05 05 07 02 +Comment = PKIX +Description = policyQualifierIds (1 3 6 1 5 5 7 2) + +OID = 06 08 2B 06 01 05 05 07 02 01 +Comment = PKIX policy qualifier +Description = cps (1 3 6 1 5 5 7 2 1) + +OID = 06 08 2B 06 01 05 05 07 02 02 +Comment = PKIX policy qualifier +Description = unotice (1 3 6 1 5 5 7 2 2) + +OID = 06 07 2B 06 01 05 05 07 03 +Comment = PKIX +Description = keyPurpose (1 3 6 1 5 5 7 3) + +OID = 06 08 2B 06 01 05 05 07 03 01 +Comment = PKIX key purpose +Description = serverAuth (1 3 6 1 5 5 7 3 1) + +OID = 06 08 2B 06 01 05 05 07 03 02 +Comment = PKIX key purpose +Description = clientAuth (1 3 6 1 5 5 7 3 2) + +OID = 06 08 2B 06 01 05 05 07 03 03 +Comment = PKIX key purpose +Description = codeSigning (1 3 6 1 5 5 7 3 3) + +OID = 06 08 2B 06 01 05 05 07 03 04 +Comment = PKIX key purpose +Description = emailProtection (1 3 6 1 5 5 7 3 4) + +OID = 06 08 2B 06 01 05 05 07 03 05 +Comment = PKIX key purpose +Description = ipsecEndSystem (1 3 6 1 5 5 7 3 5) + +OID = 06 08 2B 06 01 05 05 07 03 06 +Comment = PKIX key purpose +Description = ipsecTunnel (1 3 6 1 5 5 7 3 6) + +OID = 06 08 2B 06 01 05 05 07 03 07 +Comment = PKIX key purpose +Description = ipsecUser (1 3 6 1 5 5 7 3 7) + +OID = 06 08 2B 06 01 05 05 07 03 08 +Comment = PKIX key purpose +Description = timeStamping (1 3 6 1 5 5 7 3 8) + +OID = 06 07 2B 06 01 05 05 07 04 +Comment = PKIX +Description = cmpInformationTypes (1 3 6 1 5 5 7 4) + +OID = 06 08 2B 06 01 05 05 07 04 01 +Comment = PKIX CMP information +Description = caProtEncCert (1 3 6 1 5 5 7 4 1) + +OID = 06 08 2B 06 01 05 05 07 04 02 +Comment = PKIX CMP information +Description = signKeyPairTypes (1 3 6 1 5 5 7 4 2) + +OID = 06 08 2B 06 01 05 05 07 04 03 +Comment = PKIX CMP information +Description = encKeyPairTypes (1 3 6 1 5 5 7 4 3) + +OID = 06 08 2B 06 01 05 05 07 04 04 +Comment = PKIX CMP information +Description = preferredSymmAlg (1 3 6 1 5 5 7 4 4) + +OID = 06 08 2B 06 01 05 05 07 04 05 +Comment = PKIX CMP information +Description = caKeyUpdateInfo (1 3 6 1 5 5 7 4 5) + +OID = 06 08 2B 06 01 05 05 07 04 06 +Comment = PKIX CMP information +Description = currentCRL (1 3 6 1 5 5 7 4 6) + +OID = 06 08 2B 06 01 05 05 07 30 01 +Comment = PKIX authority info access descriptor +Description = ocsp (1 3 6 1 5 5 7 48 1) + +OID = 06 08 2B 06 01 05 05 07 30 02 +Comment = PKIX authority info access descriptor +Description = caIssuers (1 3 6 1 5 5 7 48 2) + +# ISAKMP + +OID = 06 08 2B 06 01 05 05 08 01 01 +Comment = ISAKMP HMAC algorithm +Description = HMAC-MD5 (1 3 6 1 5 5 8 1 1) + +OID = 06 08 2B 06 01 05 05 08 01 02 +Comment = ISAKMP HMAC algorithm +Description = HMAC-SHA (1 3 6 1 5 5 8 1 2) + +OID = 06 08 2B 06 01 05 05 08 01 03 +Comment = ISAKMP HMAC algorithm +Description = HMAC-Tiger (1 3 6 1 5 5 8 1 3) + +# DEC (via ECMA) + +OID = 06 07 2B 0C 02 87 73 07 01 +Comment = DASS algorithm +Description = decEncryptionAlgorithm (1 3 12 2 1011 7 1) + +OID = 06 08 2B 0C 02 87 73 07 01 02 +Comment = DASS encryption algorithm +Description = decDEA (1 3 12 2 1011 7 1 2) + +OID = 06 07 2B 0C 02 87 73 07 02 +Comment = DASS algorithm +Description = decHashAlgorithm (1 3 12 2 1011 7 2) + +OID = 06 07 2B 0C 02 87 73 07 02 01 +Comment = DASS hash algorithm +Description = decMD2 (1 3 12 2 1011 7 2 1) + +OID = 06 07 2B 0C 02 87 73 07 02 02 +Comment = DASS hash algorithm +Description = decMD4 (1 3 12 2 1011 7 2 2) + +OID = 06 07 2B 0C 02 87 73 07 03 +Comment = DASS algorithm +Description = decSignatureAlgorithm (1 3 12 2 1011 7 3) + +OID = 06 07 2B 0C 02 87 73 07 03 01 +Comment = DASS signature algorithm +Description = decMD2withRSA (1 3 12 2 1011 7 3 1) + +OID = 06 07 2B 0C 02 87 73 07 03 02 +Comment = DASS signature algorithm +Description = decMD4withRSA (1 3 12 2 1011 7 3 2) + +OID = 06 07 2B 0C 02 87 73 07 03 03 +Comment = DASS signature algorithm +Description = decDEAMAC (1 3 12 2 1011 7 3 3) + +# NIST Open Systems Environment (OSE) Implementor's Workshop (OIW), +# specialising in oddball and partially-defunct OIDs + +OID = 06 05 2B 0E 02 1A 05 +Comment = Unsure about this OID +Description = sha (1 3 14 2 26 5) + +OID = 06 06 2B 0E 03 02 01 01 +Comment = X.509. Unsure about this OID +Description = rsa (1 3 14 3 2 1 1) + +OID = 06 05 2B 0E 03 02 02 +Comment = Oddball OIW OID +Description = md4WitRSA (1 3 14 3 2 2) + +OID = 06 05 2B 0E 03 02 03 +Comment = Oddball OIW OID +Description = md5WithRSA (1 3 14 3 2 3) + +OID = 06 05 2B 0E 03 02 04 +Comment = Oddball OIW OID +Description = md4WithRSAEncryption (1 3 14 3 2 4) + +OID = 06 06 2B 0E 03 02 02 01 +Comment = X.509. Deprecated +Description = sqmod-N (1 3 14 3 2 2 1) +Warning + +OID = 06 06 2B 0E 03 02 03 01 +Comment = X.509. Deprecated +Description = sqmod-NwithRSA (1 3 14 3 2 3 1) +Warning + +OID = 06 05 2B 0E 03 02 06 +Description = desECB (1 3 14 3 2 6) + +OID = 06 05 2B 0E 03 02 07 +Description = desCBC (1 3 14 3 2 7) + +OID = 06 05 2B 0E 03 02 08 +Description = desOFB (1 3 14 3 2 8) + +OID = 06 05 2B 0E 03 02 09 +Description = desCFB (1 3 14 3 2 9) + +OID = 06 05 2B 0E 03 02 0A +Description = desMAC (1 3 14 3 2 10) + +OID = 06 05 2B 0E 03 02 0B +Comment = ISO 9796-2, also X9.31 Part 1 +Description = rsaSignature (1 3 14 3 2 11) + +# this is used by BSAFE +OID = 06 05 2B 0E 03 02 0C +Comment = OIW?, supposedly from an incomplete version of SDN.702 (doesn't match final SDN.702) +Description = dsa-bsafe (1 3 14 3 2 12) +Warning + +OID = 06 05 2B 0E 03 02 0D +Comment = Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27) +# Their response was that they know it's wrong, but noone uses SHA0 so it won't +# cause any problems, right? +Description = dsaWithSHA (1 3 14 3 2 13) +Warning + +# The various mdWithRSASIsignature OIDs are for the ANSI X9.31 draft and use +# ISO 9796-2 padding rules. This work was derailed during the PKP brouhaha and +# is still in progress +OID = 06 05 2B 0E 03 02 0E +Comment = Oddball OIW OID using 9796-2 padding rules +Description = mdc2WithRSASignature (1 3 14 3 2 14) + +OID = 06 05 2B 0E 03 02 0F +Comment = Oddball OIW OID using 9796-2 padding rules +Description = shaWithRSASignature (1 3 14 3 2 15) + +OID = 06 05 2B 0E 03 02 10 +Comment = Oddball OIW OID. Deprecated, use a plain DH OID instead +Description = dhWithCommonModulus (1 3 14 3 2 16) +Warning + +OID = 06 05 2B 0E 03 02 11 +Comment = Oddball OIW OID. Mode is ECB +Description = desEDE (1 3 14 3 2 17) + +OID = 06 05 2B 0E 03 02 12 +Comment = Oddball OIW OID +Description = sha (1 3 14 3 2 18) + +OID = 06 05 2B 0E 03 02 13 +Comment = Oddball OIW OID, DES-based hash, planned for X9.31 Part 2 +Description = mdc-2 (1 3 14 3 2 19) + +OID = 06 05 2B 0E 03 02 14 +Comment = Oddball OIW OID. Deprecated, use a plain DSA OID instead +Description = dsaCommon (1 3 14 3 2 20) +Warning + +OID = 06 05 2B 0E 03 02 15 +Comment = Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead +Description = dsaCommonWithSHA (1 3 14 3 2 21) +Warning + +OID = 06 05 2B 0E 03 02 16 +Comment = Oddball OIW OID +Description = rsaKeyTransport (1 3 14 3 2 22) + +OID = 06 05 2B 0E 03 02 17 +Comment = Oddball OIW OID +Description = keyed-hash-seal (1 3 14 3 2 23) + +OID = 06 05 2B 0E 03 02 18 +Comment = Oddball OIW OID using 9796-2 padding rules +Description = md2WithRSASignature (1 3 14 3 2 24) + +OID = 06 05 2B 0E 03 02 19 +Comment = Oddball OIW OID using 9796-2 padding rules +Description = md5WithRSASignature (1 3 14 3 2 25) + +OID = 06 05 2B 0E 03 02 1A +Comment = OIW +Description = sha1 (1 3 14 3 2 26) + +# Yet another multiply-assigned OID +OID = 06 05 2B 0E 03 02 1B +Comment = OIW. This OID may also be assigned as ripemd-160 +Description = dsaWithSHA1 (1 3 14 3 2 27) + +OID = 06 05 2B 0E 03 02 1C +Comment = OIW +Description = dsaWithCommonSHA1 (1 3 14 3 2 28) + +OID = 06 05 2B 0E 03 02 1D +Comment = Oddball OIW OID +Description = sha-1WithRSAEncryption (1 3 14 3 2 29) + +OID = 06 05 2B 0E 03 03 01 +Comment = Oddball OIW OID +Description = simple-strong-auth-mechanism (1 3 14 3 3 1) + +OID = 06 06 2B 0E 07 02 01 01 +Comment = Unsure about this OID +Description = ElGamal (1 3 14 7 2 1 1) + +OID = 06 06 2B 0E 07 02 03 01 +Comment = Unsure about this OID +Description = md2WithRSA (1 3 14 7 2 3 1) + +OID = 06 06 2B 0E 07 02 03 02 +Comment = Unsure about this OID +Description = md2WithElGamal (1 3 14 7 2 3 2) + +# Teletrust + +OID = 06 03 2B 24 01 +Comment = Teletrust document +Description = document (1 3 36 1) + +OID = 06 04 2B 24 01 01 +Comment = Teletrust document +Description = finalVersion (1 3 36 1 1) + +OID = 06 04 2B 24 01 02 +Comment = Teletrust document +Description = draft (1 3 36 1 2) + +OID = 06 03 2B 24 02 +Comment = Teletrust sio +Description = sio (1 3 36 2) + +OID = 06 04 2B 24 02 01 +Comment = Teletrust sio +Description = certificate (1 3 36 2 1) + +OID = 06 04 2B 24 02 01 +Comment = Teletrust sio +Description = sedu (1 3 36 2 1) + +OID = 06 03 2B 24 03 +Comment = Teletrust algorithm +Description = algorithm (1 3 36 3) + +OID = 06 04 2B 24 03 01 +Comment = Teletrust algorithm +Description = encryptionAlgorithm (1 3 36 3 1) + +OID = 06 05 2B 24 03 01 01 +Comment = Teletrust encryption algorithm +Description = des (1 3 36 3 1 1) + +OID = 06 06 2B 24 03 01 01 01 +Comment = Teletrust encryption algorithm +Description = desECB_pad (1 3 36 3 1 1 1) + +OID = 06 07 2B 24 03 01 01 01 01 +Comment = Teletrust encryption algorithm +Description = desECB_ISOpad (1 3 36 3 1 1 1 1) + +OID = 06 07 2B 24 03 01 01 02 01 +Comment = Teletrust encryption algorithm +Description = desCBC_pad (1 3 36 3 1 1 2 1) + +OID = 06 08 2B 24 03 01 01 02 01 01 +Comment = Teletrust encryption algorithm +Description = desCBC_ISOpad (1 3 36 3 1 1 2 1 1) + +OID = 06 05 2B 24 03 01 03 +Comment = Teletrust encryption algorithm +Description = des_3 (1 3 36 3 1 3) + +OID = 06 07 2B 24 03 01 03 01 01 +Comment = Teletrust encryption algorithm. EDE triple DES +Description = des_3ECB_pad (1 3 36 3 1 3 1 1) + +OID = 06 08 2B 24 03 01 03 01 01 01 +Comment = Teletrust encryption algorithm. EDE triple DES +Description = des_3ECB_ISOpad (1 3 36 3 1 3 1 1 1) + +OID = 06 07 2B 24 03 01 03 02 01 +Comment = Teletrust encryption algorithm. EDE triple DES +Description = des_3CBC_pad (1 3 36 3 1 3 2 1) + +OID = 06 08 2B 24 03 01 03 02 01 01 +Comment = Teletrust encryption algorithm. EDE triple DES +Description = des_3CBC_ISOpad (1 3 36 3 1 3 2 1 1) + +OID = 06 05 2B 24 03 01 02 +Comment = Teletrust encryption algorithm +Description = idea (1 3 36 3 1 2) + +OID = 06 06 2B 24 03 01 02 01 +Comment = Teletrust encryption algorithm +Description = ideaECB (1 3 36 3 1 2 1) + +OID = 06 07 2B 24 03 01 02 01 01 +Comment = Teletrust encryption algorithm +Description = ideaECB_pad (1 3 36 3 1 2 1 1) + +OID = 06 08 2B 24 03 01 02 01 01 01 +Comment = Teletrust encryption algorithm +Description = ideaECB_ISOpad (1 3 36 3 1 2 1 1 1) + +OID = 06 06 2B 24 03 01 02 02 +Comment = Teletrust encryption algorithm +Description = ideaCBC (1 3 36 3 1 2 2) + +OID = 06 07 2B 24 03 01 02 02 01 +Comment = Teletrust encryption algorithm +Description = ideaCBC_pad (1 3 36 3 1 2 2 1) + +OID = 06 08 2B 24 03 01 02 02 01 01 +Comment = Teletrust encryption algorithm +Description = ideaCBC_ISOpad (1 3 36 3 1 2 2 1 1) + +OID = 06 06 2B 24 03 01 02 03 +Comment = Teletrust encryption algorithm +Description = ideaOFB (1 3 36 3 1 2 3) + +OID = 06 06 2B 24 03 01 02 04 +Comment = Teletrust encryption algorithm +Description = ideaCFB (1 3 36 3 1 2 4) + +OID = 06 05 2B 24 03 01 04 +Comment = Teletrust encryption algorithm +Description = rsaEncryption (1 3 36 3 1 4) + +OID = 06 08 2B 24 03 01 04 84 00 11 +Comment = Teletrust encryption algorithm +Description = rsaEncryptionWithlmod512expe17 (1 3 36 3 1 4 512 17) + +OID = 06 05 2B 24 03 01 05 +Comment = Teletrust encryption algorithm +Description = bsi-1 (1 3 36 3 1 5) + +OID = 06 06 2B 24 03 01 05 01 +Comment = Teletrust encryption algorithm +Description = bsi_1ECB_pad (1 3 36 3 1 5 1) + +OID = 06 06 2B 24 03 01 05 02 +Comment = Teletrust encryption algorithm +Description = bsi_1CBC_pad (1 3 36 3 1 5 2) + +OID = 06 07 2B 24 03 01 05 02 01 +Comment = Teletrust encryption algorithm +Description = bsi_1CBC_PEMpad (1 3 36 3 1 5 2 1) + +OID = 06 04 2B 24 03 02 +Comment = Teletrust algorithm +Description = hashAlgorithm (1 3 36 3 2) + +OID = 06 05 2B 24 03 02 01 +Comment = Teletrust hash algorithm +Description = ripemd160 (1 3 36 3 2 1) + +OID = 06 05 2B 24 03 02 02 +Comment = Teletrust hash algorithm +Description = ripemd128 (1 3 36 3 2 2) + +OID = 06 05 2B 24 03 02 03 +Comment = Teletrust hash algorithm +Description = ripemd256 (1 3 36 3 2 3) + +OID = 06 05 2B 24 03 02 04 +Comment = Teletrust hash algorithm +Description = mdc2singleLength (1 3 36 3 2 4) + +OID = 06 05 2B 24 03 02 05 +Comment = Teletrust hash algorithm +Description = mdc2doubleLength (1 3 36 3 2 5) + +OID = 06 04 2B 24 03 03 +Comment = Teletrust algorithm +Description = signatureAlgorithm (1 3 36 3 3) + +OID = 06 05 2B 24 03 03 01 +Comment = Teletrust signature algorithm +Description = rsaSignature (1 3 36 3 3 1) + +OID = 06 06 2B 24 03 03 01 01 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1 (1 3 36 3 3 1 1) + +# What *were* they thinking? +OID = 06 09 2B 24 03 03 01 01 84 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l2 (1 3 36 3 3 1 1 512 2) +OID = 06 09 2B 24 03 03 01 01 85 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l2 (1 3 36 3 3 1 1 640 2) +OID = 06 09 2B 24 03 03 01 01 86 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l2 (1 3 36 3 3 1 1 768 2) +OID = 06 09 2B 24 03 03 01 01 87 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 892 2) +OID = 06 09 2B 24 03 03 01 01 88 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l2 (1 3 36 3 3 1 1 1024 2) +OID = 06 09 2B 24 03 03 01 01 84 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l3 (1 3 36 3 3 1 1 512 3) +OID = 06 09 2B 24 03 03 01 01 85 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l3 (1 3 36 3 3 1 1 640 3) +OID = 06 09 2B 24 03 03 01 01 86 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l3 (1 3 36 3 3 1 1 768 3) +OID = 06 09 2B 24 03 03 01 01 87 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l3 (1 3 36 3 3 1 1 896 3) +OID = 06 09 2B 24 03 03 01 01 88 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l3 (1 3 36 3 3 1 1 1024 3) +OID = 06 09 2B 24 03 03 01 01 84 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l5 (1 3 36 3 3 1 1 512 5) +OID = 06 09 2B 24 03 03 01 01 85 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l5 (1 3 36 3 3 1 1 640 5) +OID = 06 09 2B 24 03 03 01 01 86 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l5 (1 3 36 3 3 1 1 768 5) +OID = 06 09 2B 24 03 03 01 01 87 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l5 (1 3 36 3 3 1 1 896 5) +OID = 06 09 2B 24 03 03 01 01 88 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l5 (1 3 36 3 3 1 1 1024 5) +OID = 06 09 2B 24 03 03 01 01 84 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l9 (1 3 36 3 3 1 1 512 9) +OID = 06 09 2B 24 03 03 01 01 85 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l9 (1 3 36 3 3 1 1 640 9) +OID = 06 09 2B 24 03 03 01 01 86 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l9 (1 3 36 3 3 1 1 768 9) +OID = 06 09 2B 24 03 03 01 01 87 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l9 (1 3 36 3 3 1 1 896 9) +OID = 06 09 2B 24 03 03 01 01 88 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l9 (1 3 36 3 3 1 1 1024 9) +OID = 06 09 2B 24 03 03 01 01 84 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l512_l11 (1 3 36 3 3 1 1 512 11) +OID = 06 09 2B 24 03 03 01 01 85 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l640_l11 (1 3 36 3 3 1 1 640 11) +OID = 06 09 2B 24 03 03 01 01 86 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l768_l11 (1 3 36 3 3 1 1 768 11) +OID = 06 09 2B 24 03 03 01 01 87 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l896_l11 (1 3 36 3 3 1 1 896 11) +OID = 06 09 2B 24 03 03 01 01 88 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithsha1_l1024_l11 (1 3 36 3 3 1 1 1024 11) + +OID = 06 06 2B 24 03 03 01 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160 (1 3 36 3 3 1 2) + +OID = 06 09 2B 24 03 03 01 02 84 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l2 (1 3 36 3 3 1 2 512 2) +OID = 06 09 2B 24 03 03 01 02 85 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l2 (1 3 36 3 3 1 2 640 2) +OID = 06 09 2B 24 03 03 01 02 86 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l2 (1 3 36 3 3 1 2 768 2) +OID = 06 09 2B 24 03 03 01 02 87 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 892 2) +OID = 06 09 2B 24 03 03 01 02 88 00 02 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l2 (1 3 36 3 3 1 2 1024 2) +OID = 06 09 2B 24 03 03 01 02 84 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l3 (1 3 36 3 3 1 2 512 3) +OID = 06 09 2B 24 03 03 01 02 85 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l3 (1 3 36 3 3 1 2 640 3) +OID = 06 09 2B 24 03 03 01 02 86 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l3 (1 3 36 3 3 1 2 768 3) +OID = 06 09 2B 24 03 03 01 02 87 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l3 (1 3 36 3 3 1 2 896 3) +OID = 06 09 2B 24 03 03 01 02 88 00 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l3 (1 3 36 3 3 1 2 1024 3) +OID = 06 09 2B 24 03 03 01 02 84 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l5 (1 3 36 3 3 1 2 512 5) +OID = 06 09 2B 24 03 03 01 02 85 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l5 (1 3 36 3 3 1 2 640 5) +OID = 06 09 2B 24 03 03 01 02 86 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l5 (1 3 36 3 3 1 2 768 5) +OID = 06 09 2B 24 03 03 01 02 87 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l5 (1 3 36 3 3 1 2 896 5) +OID = 06 09 2B 24 03 03 01 02 88 00 05 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l5 (1 3 36 3 3 1 2 1024 5) +OID = 06 09 2B 24 03 03 01 02 84 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l9 (1 3 36 3 3 1 2 512 9) +OID = 06 09 2B 24 03 03 01 02 85 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l9 (1 3 36 3 3 1 2 640 9) +OID = 06 09 2B 24 03 03 01 02 86 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l9 (1 3 36 3 3 1 2 768 9) +OID = 06 09 2B 24 03 03 01 02 87 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l9 (1 3 36 3 3 1 2 896 9) +OID = 06 09 2B 24 03 03 01 02 88 00 09 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l9 (1 3 36 3 3 1 2 1024 9) +OID = 06 09 2B 24 03 03 01 02 84 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l512_l11 (1 3 36 3 3 1 2 512 11) +OID = 06 09 2B 24 03 03 01 02 85 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l640_l11 (1 3 36 3 3 1 2 640 11) +OID = 06 09 2B 24 03 03 01 02 86 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l768_l11 (1 3 36 3 3 1 2 768 11) +OID = 06 09 2B 24 03 03 01 02 87 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l896_l11 (1 3 36 3 3 1 2 896 11) +OID = 06 09 2B 24 03 03 01 02 88 00 11 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithripemd160_l1024_l11 (1 3 36 3 3 1 2 1024 11) + +OID = 06 06 2B 24 03 03 01 03 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithrimpemd128 (1 3 36 3 3 1 3) + +OID = 06 06 2B 24 03 03 01 04 +Comment = Teletrust signature algorithm +Description = rsaSignatureWithrimpemd256 (1 3 36 3 3 1 4) + +OID = 06 05 2B 24 03 03 02 +Comment = Teletrust signature algorithm +Description = ecsieSign (1 3 36 3 3 2) + +OID = 06 06 2B 24 03 03 02 01 +Comment = Teletrust signature algorithm +Description = ecsieSignWithsha1 (1 3 36 3 3 2 1) + +OID = 06 06 2B 24 03 03 02 02 +Comment = Teletrust signature algorithm +Description = ecsieSignWithripemd160 (1 3 36 3 3 2 2) + +OID = 06 06 2B 24 03 03 02 03 +Comment = Teletrust signature algorithm +Description = ecsieSignWithmd2 (1 3 36 3 3 2 3) + +OID = 06 06 2B 24 03 03 02 04 +Comment = Teletrust signature algorithm +Description = ecsieSignWithmd5 (1 3 36 3 3 2 4) + +OID = 06 04 2B 24 03 04 +Comment = Teletrust algorithm +Description = signatureScheme (1 3 36 3 4) + +OID = 06 05 2B 24 03 04 01 +Comment = Teletrust signature scheme +Description = sigS_ISO9796-1 (1 3 36 3 4 1) + +OID = 06 05 2B 24 03 04 02 +Comment = Teletrust signature scheme +Description = sigS_ISO9796-2 (1 3 36 3 4 2) + +OID = 06 05 2B 24 03 04 02 01 +Comment = Teletrust signature scheme. Unsure what this is supposed to be +Description = sigS_ISO9796-2Withred (1 3 36 3 4 2 1) + +OID = 06 06 2B 24 03 04 02 02 +Comment = Teletrust signature scheme. Unsure what this is supposed to be +Description = sigS_ISO9796-2Withrsa (1 3 36 3 4 2 2) + +OID = 06 06 2B 24 03 04 02 03 +Comment = Teletrust signature scheme. 9796-2 with random number in padding field +Description = sigS_ISO9796-2Withrnd (1 3 36 3 4 2 3) + +OID = 06 03 2B 24 04 +Comment = Teletrust attribute +Description = attribute (1 3 36 4) + +OID = 06 03 2B 24 05 +Comment = Teletrust policy +Description = policy (1 3 36 5) + +OID = 06 03 2B 24 06 +Comment = Teletrust API +Description = api (1 3 36 6) + +OID = 06 04 2B 24 06 01 +Comment = Teletrust API +Description = manufacturer-specific_api (1 3 36 6 1) + +OID = 06 05 2B 24 06 01 01 +Comment = Teletrust API +Description = utimaco-api (1 3 36 6 1 1) + +OID = 06 04 2B 24 06 02 +Comment = Teletrust API +Description = functionality-specific_api (1 3 36 6 2) + +OID = 06 03 2B 24 07 +Comment = Teletrust key management +Description = keymgmnt (1 3 36 7) + +OID = 06 04 2B 24 07 01 +Comment = Teletrust key management +Description = keyagree (1 3 36 7 1) + +OID = 06 05 2B 24 07 01 01 +Comment = Teletrust key management +Description = bsiPKE (1 3 36 7 1 1) + +OID = 06 04 2B 24 07 02 +Comment = Teletrust key management +Description = keytrans (1 3 36 7 2) + +OID = 06 04 2B 24 07 02 01 +Comment = Teletrust key management. 9796-2 with key stored in hash field +Description = encISO9796-2Withrsa (1 3 36 7 2 1) + +# Thawte + +OID = 06 04 2B 65 01 04 +Comment = Thawte +Description = thawte-ce (1 3 101 1 4) + +OID = 06 05 2B 65 01 04 01 +Comment = Thawte certificate extension +Description = strongExtranet (1 3 101 1 4 1) + +# X.520 + +OID = 06 03 55 04 00 +Comment = X.520 id-at (2 5 4) +Description = objectClass (2 5 4 0) + +OID = 06 03 55 04 01 +Comment = X.520 id-at (2 5 4) +Description = aliasedEntryName (2 5 4 1) + +OID = 06 03 55 04 02 +Comment = X.520 id-at (2 5 4) +Description = knowledgeInformation (2 5 4 2) + +OID = 06 03 55 04 03 +Comment = X.520 id-at (2 5 4) +Description = commonName (2 5 4 3) + +OID = 06 03 55 04 04 +Comment = X.520 id-at (2 5 4) +Description = surname (2 5 4 4) + +OID = 06 03 55 04 05 +Comment = X.520 id-at (2 5 4) +Description = serialNumber (2 5 4 5) + +OID = 06 03 55 04 06 +Comment = X.520 id-at (2 5 4) +Description = countryName (2 5 4 6) + +OID = 06 03 55 04 07 +Comment = X.520 id-at (2 5 4) +Description = localityName (2 5 4 7) + +OID = 06 04 55 04 07 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveLocalityName (2 5 4 7 1) + +OID = 06 03 55 04 08 +Comment = X.520 id-at (2 5 4) +Description = stateOrProvinceName (2 5 4 8) + +OID = 06 04 55 04 08 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveStateOrProvinceName (2 5 4 8 1) + +OID = 06 03 55 04 09 +Comment = X.520 id-at (2 5 4) +Description = streetAddress (2 5 4 9) + +OID = 06 04 55 04 09 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveStreetAddress (2 5 4 9 1) + +OID = 06 03 55 04 0A +Comment = X.520 id-at (2 5 4) +Description = organizationName (2 5 4 10) + +OID = 06 04 55 04 0A 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveOrganizationName (2 5 4 10 1) + +OID = 06 03 55 04 0B +Comment = X.520 id-at (2 5 4) +Description = organizationalUnitName (2 5 4 11) + +OID = 06 04 55 04 0B 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveOrganizationalUnitName (2 5 4 11 1) + +OID = 06 03 55 04 0C +Comment = X.520 id-at (2 5 4) +Description = title (2 5 4 12) + +OID = 06 03 55 04 0D +Comment = X.520 id-at (2 5 4) +Description = description (2 5 4 13) + +OID = 06 03 55 04 0E +Comment = X.520 id-at (2 5 4) +Description = searchGuide (2 5 4 14) + +OID = 06 03 55 04 0F +Comment = X.520 id-at (2 5 4) +Description = businessCategory (2 5 4 15) + +OID = 06 03 55 04 10 +Comment = X.520 id-at (2 5 4) +Description = postalAddress (2 5 4 16) + +OID = 06 04 55 04 10 01 +Comment = X.520 id-at (2 5 4) +Description = collectivePostalAddress (2 5 4 16 1) + +OID = 06 03 55 04 11 +Comment = X.520 id-at (2 5 4) +Description = postalCode (2 5 4 17) + +OID = 06 04 55 04 11 01 +Comment = X.520 id-at (2 5 4) +Description = collectivePostalCode (2 5 4 17 1) + +OID = 06 03 55 04 12 +Comment = X.520 id-at (2 5 4) +Description = postOfficeBox (2 5 4 18) + +OID = 06 04 55 04 12 01 +Comment = X.520 id-at (2 5 4) +Description = collectivePostOfficeBox (2 5 4 18 1) + +OID = 06 03 55 04 13 +Comment = X.520 id-at (2 5 4) +Description = physicalDeliveryOfficeName (2 5 4 19) + +OID = 06 04 55 04 13 01 +Comment = X.520 id-at (2 5 4) +Description = collectivePhysicalDeliveryOfficeName (2 5 4 19 1) + +OID = 06 03 55 04 14 +Comment = X.520 id-at (2 5 4) +Description = telephoneNumber (2 5 4 20) + +OID = 06 04 55 04 14 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveTelephoneNumber (2 5 4 20 1) + +OID = 06 03 55 04 15 +Comment = X.520 id-at (2 5 4) +Description = telexNumber (2 5 4 21) + +OID = 06 04 55 04 15 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveTelexNumber (2 5 4 21 1) + +OID = 06 03 55 04 16 +Comment = X.520 id-at (2 5 4) +Description = teletexTerminalIdentifier (2 5 4 22) + +OID = 06 04 55 04 16 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveTeletexTerminalIdentifier (2 5 4 22 1) + +OID = 06 03 55 04 17 +Comment = X.520 id-at (2 5 4) +Description = facsimileTelephoneNumber (2 5 4 23) + +OID = 06 04 55 04 17 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveFacsimileTelephoneNumber (2 5 4 23 1) + +OID = 06 03 55 04 18 +Comment = X.520 id-at (2 5 4) +Description = x121Address (2 5 4 24) + +OID = 06 03 55 04 19 +Comment = X.520 id-at (2 5 4) +Description = internationalISDNNumber (2 5 4 25) + +OID = 06 04 55 04 19 01 +Comment = X.520 id-at (2 5 4) +Description = collectiveInternationalISDNNumber (2 5 4 25 1) + +OID = 06 03 55 04 1A +Comment = X.520 id-at (2 5 4) +Description = registeredAddress (2 5 4 26) + +OID = 06 03 55 04 1B +Comment = X.520 id-at (2 5 4) +Description = destinationIndicator (2 5 4 27) + +OID = 06 03 55 04 1C +Comment = X.520 id-at (2 5 4) +Description = preferredDeliveryMehtod (2 5 4 28) + +OID = 06 03 55 04 1D +Comment = X.520 id-at (2 5 4) +Description = presentationAddress (2 5 4 29) + +OID = 06 03 55 04 1E +Comment = X.520 id-at (2 5 4) +Description = supportedApplicationContext (2 5 4 30) + +OID = 06 03 55 04 1F +Comment = X.520 id-at (2 5 4) +Description = member (2 5 4 31) + +OID = 06 03 55 04 20 +Comment = X.520 id-at (2 5 4) +Description = owner (2 5 4 32) + +OID = 06 03 55 04 21 +Comment = X.520 id-at (2 5 4) +Description = roleOccupant (2 5 4 33) + +OID = 06 03 55 04 22 +Comment = X.520 id-at (2 5 4) +Description = seeAlso (2 5 4 34) + +OID = 06 03 55 04 23 +Comment = X.520 id-at (2 5 4) +Description = userPassword (2 5 4 35) + +OID = 06 03 55 04 24 +Comment = X.520 id-at (2 5 4) +Description = userCertificate (2 5 4 36) + +OID = 06 03 55 04 25 +Comment = X.520 id-at (2 5 4) +Description = caCertificate (2 5 4 37) + +OID = 06 03 55 04 26 +Comment = X.520 id-at (2 5 4) +Description = authorityRevocationList (2 5 4 38) + +OID = 06 03 55 04 27 +Comment = X.520 id-at (2 5 4) +Description = certificateRevocationList (2 5 4 39) + +OID = 06 03 55 04 28 +Comment = X.520 id-at (2 5 4) +Description = crossCertificatePair (2 5 4 40) + +OID = 06 03 55 04 29 +Comment = X.520 id-at (2 5 4) +Description = name (2 5 4 41) + +OID = 06 03 55 04 2A +Comment = X.520 id-at (2 5 4) +Description = givenName (2 5 4 42) + +OID = 06 03 55 04 2B +Comment = X.520 id-at (2 5 4) +Description = initials (2 5 4 43) + +OID = 06 03 55 04 2C +Comment = X.520 id-at (2 5 4) +Description = generationQualifier (2 5 4 44) + +OID = 06 03 55 04 2D +Comment = X.520 id-at (2 5 4) +Description = uniqueIdentifier (2 5 4 45) + +OID = 06 03 55 04 2E +Comment = X.520 id-at (2 5 4) +Description = dnQualifier (2 5 4 46) + +OID = 06 03 55 04 2F +Comment = X.520 id-at (2 5 4) +Description = enhancedSearchGuide (2 5 4 47) + +OID = 06 03 55 04 30 +Comment = X.520 id-at (2 5 4) +Description = protocolInformation (2 5 4 48) + +OID = 06 03 55 04 31 +Comment = X.520 id-at (2 5 4) +Description = distinguishedName (2 5 4 49) + +OID = 06 03 55 04 32 +Comment = X.520 id-at (2 5 4) +Description = uniqueMember (2 5 4 50) + +OID = 06 03 55 04 33 +Comment = X.520 id-at (2 5 4) +Description = houseIdentifier (2 5 4 51) + +OID = 06 03 55 04 34 +Comment = X.520 id-at (2 5 4) +Description = supportedAlgorithms (2 5 4 52) + +OID = 06 03 55 04 35 +Comment = X.520 id-at (2 5 4) +Description = deltaRevocationList (2 5 4 53) + +OID = 06 03 55 04 3A +Comment = X.520 id-at (2 5 4) +Description = crossCertificatePair (2 5 4 58) + +# X500 algorithms + +OID = 06 02 55 08 +Description = X.500-Algorithms (2 5 8) + +OID = 06 03 55 08 01 +Description = X.500-Alg-Encryption (2 5 8 1) + +OID = 06 04 55 08 01 01 +Comment = X.500 algorithms. Ambiguous, since no padding rules specified +Description = rsa (2 5 8 1 1) +Warning + +# X.509. Some of the smaller values are from early X.509 drafts with +# cross-pollination from X9.55 and are now deprecated. Alternative OIDs are +# marked if these are known. In some cases there are multiple generations of +# superseded OIDs + +OID = 06 03 55 1D 01 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 35) instead +Description = authorityKeyIdentifier (2 5 29 1) +Warning + +OID = 06 03 55 1D 02 +Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead +Description = keyAttributes (2 5 29 2) +Warning + +OID = 06 03 55 1D 03 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 32) instead +Description = certificatePolicies (2 5 29 3) +Warning + +OID = 06 03 55 1D 04 +Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead +Description = keyUsageRestriction (2 5 29 4) +Warning + +OID = 06 03 55 1D 05 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 33) instead +Description = policyMapping (2 5 29 5) +Warning + +OID = 06 03 55 1D 06 +Comment = X.509 id-ce (2 5 29). Obsolete, use nameConstraints instead +Description = subtreesConstraint (2 5 29 6) +Warning + +OID = 06 03 55 1D 07 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 17) instead +Description = subjectAltName (2 5 29 7) +Warning + +OID = 06 03 55 1D 08 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 18) instead +Description = issuerAltName (2 5 29 8) +Warning + +OID = 06 03 55 1D 09 +Comment = X.509 id-ce (2 5 29) +Description = subjectDirectoryAttributes (2 5 29 9) + +OID = 06 03 55 1D 0A +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead +Description = basicConstraints (2 5 29 10) +Warning + +OID = 06 03 55 1D 0B +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 30) instead +Description = nameConstraints (2 5 29 11) +Warning + +OID = 06 03 55 1D 0C +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead +Description = policyConstraints (2 5 29 12) +Warning + +OID = 06 03 55 1D 0D +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead +Description = basicConstraints (2 5 29 13) +Warning + +OID = 06 03 55 1D 0E +Comment = X.509 id-ce (2 5 29) +Description = subjectKeyIdentifier (2 5 29 14) + +OID = 06 03 55 1D 0F +Comment = X.509 id-ce (2 5 29) +Description = keyUsage (2 5 29 15) + +OID = 06 03 55 1D 10 +Comment = X.509 id-ce (2 5 29) +Description = privateKeyUsagePeriod (2 5 29 16) + +OID = 06 03 55 1D 11 +Comment = X.509 id-ce (2 5 29) +Description = subjectAltName (2 5 29 17) + +OID = 06 03 55 1D 12 +Comment = X.509 id-ce (2 5 29) +Description = issuerAltName (2 5 29 18) + +OID = 06 03 55 1D 13 +Comment = X.509 id-ce (2 5 29) +Description = basicConstraints (2 5 29 19) + +OID = 06 03 55 1D 14 +Comment = X.509 id-ce (2 5 29) +Description = cRLNumber (2 5 29 20) + +OID = 06 03 55 1D 15 +Comment = X.509 id-ce (2 5 29) +Description = cRLReason (2 5 29 21) + +OID = 06 03 55 1D 16 +Comment = X.509 id-ce (2 5 29). Deprecated, alternative OID uncertain +Description = expirationDate (2 5 29 22) +Warning + +OID = 06 03 55 1D 17 +Comment = X.509 id-ce (2 5 29) +Description = instructionCode (2 5 29 23) + +OID = 06 03 55 1D 18 +Comment = X.509 id-ce (2 5 29) +Description = invalidityDate (2 5 29 24) + +OID = 06 03 55 1D 19 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 31) instead +Description = cRLDistributionPoints (2 5 29 25) +Warning + +OID = 06 03 55 1D 1A +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 28) instead +Description = issuingDistributionPoint (2 5 29 26) +Warning + +OID = 06 03 55 1D 1B +Comment = X.509 id-ce (2 5 29) +Description = deltaCRLIndicator (2 5 29 27) + +OID = 06 03 55 1D 1C +Comment = X.509 id-ce (2 5 29) +Description = issuingDistributionPoint (2 5 29 28) + +OID = 06 03 55 1D 1D +Comment = X.509 id-ce (2 5 29) +Description = certificateIssuer (2 5 29 29) + +OID = 06 03 55 1D 1E +Comment = X.509 id-ce (2 5 29) +Description = nameConstraints (2 5 29 30) + +OID = 06 03 55 1D 1F +Comment = X.509 id-ce (2 5 29) +Description = cRLDistributionPoints (2 5 29 31) + +OID = 06 03 55 1D 20 +Comment = X.509 id-ce (2 5 29) +Description = certificatePolicies (2 5 29 32) + +OID = 06 03 55 1D 21 +Comment = X.509 id-ce (2 5 29) +Description = policyMappings (2 5 29 33) + +OID = 06 03 55 1D 22 +Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead +Description = policyConstraints (2 5 29 34) +Warning + +OID = 06 03 55 1D 23 +Comment = X.509 id-ce (2 5 29) +Description = authorityKeyIdentifier (2 5 29 35) + +OID = 06 03 55 1D 24 +Comment = X.509 id-ce (2 5 29) +Description = policyConstraints (2 5 29 36) + +OID = 06 03 55 1D 25 +Comment = X.509 id-ce (2 5 29) +Description = extKeyUsage (2 5 29 37) + +# DMS-SDN-702 + +OID = 06 09 60 86 48 01 65 02 01 01 01 +Comment = DMS-SDN-702 +Description = sdnsSignatureAlgorithm (2 16 840 1 101 2 1 1 1) + +OID = 06 09 60 86 48 01 65 02 01 01 02 +Comment = DMS-SDN-702. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1. +Description = fortezzaSignatureAlgorithm (2 16 840 1 101 2 1 1 2) + +OID = 06 09 60 86 48 01 65 02 01 01 03 +Comment = DMS-SDN-702 +Description = sdnsConfidentialityAlgorithm (2 16 840 1 101 2 1 1 3) + +OID = 06 09 60 86 48 01 65 02 01 01 04 +Comment = DMS-SDN-702. Formerly known as mosaicConfidentialityAlgorithm +Description = fortezzaConfidentialityAlgorithm (2 16 840 1 101 2 1 1 4) + +OID = 06 09 60 86 48 01 65 02 01 01 05 +Comment = DMS-SDN-702 +Description = sdnsIntegrityAlgorithm (2 16 840 1 101 2 1 1 5) + +OID = 06 09 60 86 48 01 65 02 01 01 06 +Comment = DMS-SDN-702. Formerly known as mosaicIntegrityAlgorithm +Description = fortezzaIntegrityAlgorithm (2 16 840 1 101 2 1 1 6) + +OID = 06 09 60 86 48 01 65 02 01 01 07 +Comment = DMS-SDN-702 +Description = sdnsTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 7) + +OID = 06 09 60 86 48 01 65 02 01 01 08 +Comment = DMS-SDN-702. Formerly know as mosaicTokenProtectionAlgorithm +Description = fortezzaTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 8) + +OID = 06 09 60 86 48 01 65 02 01 01 09 +Comment = DMS-SDN-702 +Description = sdnsKeyManagementAlgorithm (2 16 840 1 101 2 1 1 9) + +OID = 06 09 60 86 48 01 65 02 01 01 0A +Comment = DMS-SDN-702. Formerly known as mosaicKeyManagementAlgorithm +Description = fortezzaKeyManagementAlgorithm (2 16 840 1 101 2 1 1 10) + +OID = 06 09 60 86 48 01 65 02 01 01 0B +Comment = DMS-SDN-702 +Description = sdnsKMandSigAlgorithm (2 16 840 1 101 2 1 1 11) + +OID = 06 09 60 86 48 01 65 02 01 01 0C +Comment = DMS-SDN-702. Formerly known as mosaicKMandSigAlgorithm +Description = fortezzaKMandSigAlgorithm (2 16 840 1 101 2 1 1 12) + +OID = 06 09 60 86 48 01 65 02 01 01 0D +Comment = DMS-SDN-702 +Description = SuiteASignatureAlgorithm (2 16 840 1 101 2 1 1 13) + +OID = 06 09 60 86 48 01 65 02 01 01 0E +Comment = DMS-SDN-702 +Description = SuiteAConfidentialityAlgorithm (2 16 840 1 101 2 1 1 14) + +OID = 06 09 60 86 48 01 65 02 01 01 0F +Comment = DMS-SDN-702 +Description = SuiteAIntegrityAlgorithm (2 16 840 1 101 2 1 1 15) + +OID = 06 09 60 86 48 01 65 02 01 01 10 +Comment = DMS-SDN-702 +Description = SuiteATokenProtectionAlgorithm (2 16 840 1 101 2 1 1 16) + +OID = 06 09 60 86 48 01 65 02 01 01 11 +Comment = DMS-SDN-702 +Description = SuiteAKeyManagementAlgorithm (2 16 840 1 101 2 1 1 17) + +OID = 06 09 60 86 48 01 65 02 01 01 12 +Comment = DMS-SDN-702 +Description = SuiteAKMandSigAlgorithm (2 16 840 1 101 2 1 1 18) + +OID = 06 09 60 86 48 01 65 02 01 01 13 +Comment = DMS-SDN-702. Formerly known as mosaicUpdatedSigAlgorithm +Description = fortezzaUpdatedSigAlgorithm (2 16 840 1 101 2 1 1 19) + +OID = 06 09 60 86 48 01 65 02 01 01 14 +Comment = DMS-SDN-702. Formerly known as mosaicKMandUpdSigAlgorithms +Description = fortezzaKMandUpdSigAlgorithms (2 16 840 1 101 2 1 1 20) + +OID = 06 09 60 86 48 01 65 02 01 01 15 +Comment = DMS-SDN-702. Formerly known as mosaicUpdatedIntegAlgorithm +Description = fortezzaUpdatedIntegAlgorithm (2 16 840 1 101 2 1 1 21) + +OID = 06 09 60 86 48 01 65 02 01 01 16 +Comment = DMS-SDN-702. Formerly known as mosaicKeyEncryptionAlgorithm +Description = keyExchangeAlgorithm (2 16 840 1 101 2 1 1 22) + +# CSOR (GAK-FIPS) + +OID = 06 07 60 86 48 01 65 03 01 +Comment = CSOR GAK +Description = slabel (2 16 840 1 101 3 1) +Warning + +OID = 06 07 60 86 48 01 65 03 02 +Comment = CSOR GAK +Description = pki (2 16 840 1 101 3 2) +Warning + +OID = 06 08 60 86 48 01 65 03 02 01 +Comment = CSOR GAK policy +Description = GAK policyIdentifier (2 16 840 1 101 3 2 1) +Warning + +OID = 06 08 60 86 48 01 65 03 02 02 +Comment = CSOR GAK extended key usage +Description = GAK (2 16 840 1 101 3 2 2) +Warning + +OID = 06 09 60 86 48 01 65 03 02 02 01 +Comment = CSOR GAK extended key usage +Description = kRAKey (2 16 840 1 101 3 2 2 1) +Warning + +OID = 06 08 60 86 48 01 65 03 02 03 +Comment = CSOR GAK extensions +Description = extensions (2 16 840 1 101 3 2 3) +Warning + +OID = 06 09 60 86 48 01 65 03 02 03 01 +Comment = CSOR GAK extensions +Description = kRTechnique (2 16 840 1 101 3 2 3 1) +Warning + +OID = 06 09 60 86 48 01 65 03 02 03 02 +Comment = CSOR GAK extensions +Description = kRecoveryCapable (2 16 840 1 101 3 2 3 2) +Warning + +OID = 06 09 60 86 48 01 65 03 02 03 03 +Comment = CSOR GAK extensions +Description = kR (2 16 840 1 101 3 2 3 3) +Warning + +OID = 06 08 60 86 48 01 65 03 02 04 +Comment = CSOR GAK +Description = keyrecoveryschemes (2 16 840 1 101 3 2 4) +Warning + +OID = 06 08 60 86 48 01 65 03 02 05 +Comment = CSOR GAK +Description = krapola (2 16 840 1 101 3 2 5) +Warning + +OID = 06 07 60 86 48 01 65 03 03 +Comment = CSOR GAK +Description = arpa (2 16 840 1 101 3 3) +Warning + +# Novell + +OID = 06 09 60 86 48 01 86 F8 37 01 09 +Comment = Novell +Description = pki (2 16 840 1 113719 1 9) + +OID = 06 0A 60 86 48 01 86 F8 37 01 09 04 +Comment = Novell PKI +Description = pkiAttributeType (2 16 840 1 113719 1 9 4) + +OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 01 +Comment = Novell PKI attribute type +Description = registeredAttributes (2 16 840 1 113719 1 9 4 1) + +OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 02 +Comment = Novell PKI attribute type +Description = relianceLimit (2 16 840 1 113719 1 9 4 2) + +# Netscape + +OID = 06 08 60 86 48 01 86 F8 42 01 +Comment = Netscape +Description = cert-extension (2 16 840 1 113730 1) + +OID = 06 09 60 86 48 01 86 F8 42 01 01 +Comment = Netscape certificate extension +Description = netscape-cert-type (2 16 840 1 113730 1 1) + +OID = 06 09 60 86 48 01 86 F8 42 01 02 +Comment = Netscape certificate extension +Description = netscape-base-url (2 16 840 1 113730 1 2) + +OID = 06 09 60 86 48 01 86 F8 42 01 03 +Comment = Netscape certificate extension +Description = netscape-revocation-url (2 16 840 1 113730 1 3) + +OID = 06 09 60 86 48 01 86 F8 42 01 04 +Comment = Netscape certificate extension +Description = netscape-ca-revocation-url (2 16 840 1 113730 1 4) + +OID = 06 09 60 86 48 01 86 F8 42 02 05 +Comment = Netscape certificate extension +Description = netscape-cert-sequence (2 16 840 1 113730 2 5) + +OID = 06 09 60 86 48 01 86 F8 42 02 06 +Comment = Netscape certificate extension +Description = netscape-cert-url (2 16 840 1 113730 2 6) + +OID = 06 09 60 86 48 01 86 F8 42 01 07 +Comment = Netscape certificate extension +Description = netscape-cert-renewal-url (2 16 840 1 113730 1 7) + +OID = 06 09 60 86 48 01 86 F8 42 01 08 +Comment = Netscape certificate extension +Description = netscape-ca-policy-url (2 16 840 1 113730 1 8) + +OID = 06 09 60 86 48 01 86 F8 42 01 09 +Comment = Netscape certificate extension +Description = HomePage-url (2 16 840 1 113730 1 9) + +OID = 06 09 60 86 48 01 86 F8 42 01 0A +Comment = Netscape certificate extension +Description = EntityLogo (2 16 840 1 113730 1 10) + +OID = 06 09 60 86 48 01 86 F8 42 01 0B +Comment = Netscape certificate extension +Description = UserPicture (2 16 840 1 113730 1 11) + +OID = 06 09 60 86 48 01 86 F8 42 01 0C +Comment = Netscape certificate extension +Description = netscape-ssl-server-name (2 16 840 1 113730 1 12) + +OID = 06 09 60 86 48 01 86 F8 42 01 0D +Comment = Netscape certificate extension +Description = netscape-comment (2 16 840 1 113730 1 13) + +OID = 06 08 60 86 48 01 86 F8 42 02 +Comment = Netscape +Description = data-type (2 16 840 1 113730 2) + +OID = 06 09 60 86 48 01 86 F8 42 02 01 +Comment = Netscape data type +Description = GIF (2 16 840 1 113730 2 1) + +OID = 06 09 60 86 48 01 86 F8 42 02 02 +Comment = Netscape data type +Description = JPEG (2 16 840 1 113730 2 2) + +OID = 06 09 60 86 48 01 86 F8 42 02 03 +Comment = Netscape data type +Description = URL (2 16 840 1 113730 2 3) + +OID = 06 09 60 86 48 01 86 F8 42 02 04 +Comment = Netscape data type +Description = HTML (2 16 840 1 113730 2 4) + +OID = 06 09 60 86 48 01 86 F8 42 02 05 +Comment = Netscape data type +Description = CertSeq (2 16 840 1 113730 2 5) + +OID = 06 08 60 86 48 01 86 F8 42 03 +Comment = Netscape +Description = directory (2 16 840 1 113730 3) + +OID = 06 09 60 86 48 01 86 F8 42 03 01 +Comment = Netscape directory +Description = ldapDefinitions (2 16 840 1 113730 3 1) + +OID = 06 0A 60 86 48 01 86 F8 42 03 01 01 +Comment = Netscape LDAP definitions +Description = carLicense (2 16 840 1 113730 3 1 1) + +OID = 06 0A 60 86 48 01 86 F8 42 03 01 02 +Comment = Netscape LDAP definitions +Description = departmentNumber (2 16 840 1 113730 3 1 2) + +OID = 06 0A 60 86 48 01 86 F8 42 03 01 03 +Comment = Netscape LDAP definitions +Description = employeeNumber (2 16 840 1 113730 3 1 3) + +OID = 06 0A 60 86 48 01 86 F8 42 03 01 04 +Comment = Netscape LDAP definitions +Description = employeeType (2 16 840 1 113730 3 1 4) + +OID = 06 0A 60 86 48 01 86 F8 42 03 02 02 +Comment = Netscape LDAP definitions +Description = inetOrgPerson (2 16 840 1 113730 3 2 2) + +OID = 06 09 60 86 48 01 86 F8 42 04 01 +Comment = Netscape +Description = serverGatedCrypto (2 16 840 1 113730 4 1) + +# Verisign + +OID = 06 0A 60 86 48 01 86 F8 45 01 06 03 +Comment = Verisign +Description = Unknown Verisign extension (2 16 840 1 113733 1 6 3) + +OID = 06 0A 60 86 48 01 86 F8 45 01 06 06 +Comment = Verisign +Description = Unknown Verisign extension (2 16 840 1 113733 1 6 6) + +OID = 06 0B 60 86 48 01 86 F8 45 01 07 01 01 +Comment = Verisign +Description = Verisign certificatePolicy (2 16 840 1 113733 1 7 1 1) + +OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 01 +Comment = Verisign +Description = Unknown Verisign policy qualifier (2 16 840 1 113733 1 7 1 1 1) + +OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 02 +Comment = Verisign +Description = Unknown Verisign policy qualifier (2 16 840 1 113733 1 7 1 1 2) + +OID = 06 0A 60 86 48 01 86 F8 45 01 08 01 +Comment = Verisign +Description = Verisign SGC CA? (2 16 840 1 113733 1 8 1) + +# SET + +OID = 06 03 67 2A 00 +Comment = SET +Description = contentType (2 23 42 0) + +OID = 06 04 67 2A 00 00 +Comment = SET contentType +Description = PANData (2 23 42 0 0) + +OID = 06 04 67 2A 00 01 +Comment = SET contentType +Description = PANToken (2 23 42 0 1) + +OID = 06 04 67 2A 00 02 +Comment = SET contentType +Description = PANOnly (2 23 42 0 2) + +# And on and on and on for another 80-odd OIDs which I'm not going to type in + +OID = 06 03 67 2A 01 +Comment = SET +Description = msgExt (2 23 42 1) + +OID = 06 03 67 2A 02 +Comment = SET +Description = field (2 23 42 2) + +OID = 06 04 67 2A 02 00 +Comment = SET field +Description = fullName (2 23 42 2 0) + +OID = 06 04 67 2A 02 01 +Comment = SET field +Description = givenName (2 23 42 2 1) + +OID = 06 04 67 2A 02 02 +Comment = SET field +Description = familyName (2 23 42 2 2) + +OID = 06 04 67 2A 02 03 +Comment = SET field +Description = birthFamilyName (2 23 42 2 3) + +OID = 06 04 67 2A 02 04 +Comment = SET field +Description = placeName (2 23 42 2 4) + +OID = 06 04 67 2A 02 05 +Comment = SET field +Description = identificationNumber (2 23 42 2 5) + +OID = 06 04 67 2A 02 06 +Comment = SET field +Description = month (2 23 42 2 6) + +OID = 06 04 67 2A 02 07 +Comment = SET field +Description = date (2 23 42 2 7) + +OID = 06 04 67 2A 02 08 +Comment = SET field +Description = address (2 23 42 2 8) + +OID = 06 04 67 2A 02 09 +Comment = SET field +Description = telephone (2 23 42 2 9) + +OID = 06 04 67 2A 02 0A +Comment = SET field +Description = amount (2 23 42 2 10) + +OID = 06 04 67 2A 02 0B +Comment = SET field +Description = accountNumber (2 23 42 2 7 11) + +OID = 06 04 67 2A 02 0C +Comment = SET field +Description = passPhrase (2 23 42 2 7 12) + +OID = 06 03 67 2A 03 +Comment = SET +Description = attribute (2 23 42 3) + +OID = 06 04 67 2A 03 00 +Comment = SET attribute +Description = cert (2 23 42 3 0) + +OID = 06 05 67 2A 03 00 00 +Comment = SET cert attribute +Description = rootKeyThumb (2 23 42 3 0 0) + +OID = 06 05 67 2A 03 00 01 +Comment = SET cert attribute +Description = additionalPolicy (2 23 42 3 0 1) + +OID = 06 03 67 2A 04 +Comment = SET +Description = algorithm (2 23 42 4) + +OID = 06 03 67 2A 05 +Comment = SET +Description = policy (2 23 42 5) + +OID = 06 04 67 2A 05 00 +Comment = SET policy +Description = root (2 23 42 5 0) + +OID = 06 03 67 2A 06 +Comment = SET +Description = module (2 23 42 6) + +OID = 06 03 67 2A 07 +Comment = SET +Description = certExt (2 23 42 7) + +OID = 06 04 67 2A 07 00 +Comment = SET cert extension +Description = hashedRootKey (2 23 42 7 0) + +OID = 06 04 67 2A 07 01 +Comment = SET cert extension +Description = certificateType (2 23 42 7 1) + +OID = 06 04 67 2A 07 02 +Comment = SET cert extension +Description = merchantData (2 23 42 7 2) + +OID = 06 04 67 2A 07 03 +Comment = SET cert extension +Description = cardCertRequired (2 23 42 7 3) + +OID = 06 04 67 2A 07 04 +Comment = SET cert extension +Description = tunneling (2 23 42 7 4) + +OID = 06 04 67 2A 07 05 +Comment = SET cert extension +Description = setExtensions (2 23 42 7 5) + +OID = 06 04 67 2A 07 06 +Comment = SET cert extension +Description = setQualifier (2 23 42 7 6) + +OID = 06 03 67 2A 08 +Comment = SET +Description = brand (2 23 42 8) + +OID = 06 04 67 2A 08 01 +Comment = SET brand +Description = IATA-ATA (2 23 42 8 1) + +OID = 06 04 67 2A 08 04 +Comment = SET brand +Description = VISA (2 23 42 8 4) + +OID = 06 04 67 2A 08 05 +Comment = SET brand +Description = MasterCard (2 23 42 8 5) + +OID = 06 04 67 2A 08 1E +Comment = SET brand +Description = Diners (2 23 42 8 30) + +OID = 06 04 67 2A 08 22 +Comment = SET brand +Description = AmericanExpress (2 23 42 8 34) + +OID = 06 05 67 2A 08 AE 7B +Comment = SET brand +Description = Novus (2 23 42 8 6011) + +OID = 06 03 67 2A 09 +Comment = SET +Description = vendor (2 23 42 9) + +OID = 06 04 67 2A 09 00 +Comment = SET vendor +Description = GlobeSet (2 23 42 9 0) + +OID = 06 04 67 2A 09 01 +Comment = SET vendor +Description = IBM (2 23 42 9 1) + +OID = 06 04 67 2A 09 02 +Comment = SET vendor +Description = CyberCash (2 23 42 9 2) + +OID = 06 04 67 2A 09 03 +Comment = SET vendor +Description = Terisa (2 23 42 9 3) + +OID = 06 04 67 2A 09 04 +Comment = SET vendor +Description = RSADSI (2 23 42 9 4) + +OID = 06 04 67 2A 09 05 +Comment = SET vendor +Description = VeriFone (2 23 42 9 5) + +OID = 06 04 67 2A 09 06 +Comment = SET vendor +Description = TrinTech (2 23 42 9 6) + +OID = 06 04 67 2A 09 07 +Comment = SET vendor +Description = BankGate (2 23 42 9 7) + +OID = 06 04 67 2A 09 08 +Comment = SET vendor +Description = GTE (2 23 42 9 8) + +OID = 06 04 67 2A 09 09 +Comment = SET vendor +Description = CompuSource (2 23 42 9 9) + +OID = 06 04 67 2A 09 0A +Comment = SET vendor +Description = Griffin (2 23 42 9 10) + +OID = 06 04 67 2A 09 0B +Comment = SET vendor +Description = Certicom (2 23 42 9 11) + +OID = 06 04 67 2A 09 0C +Comment = SET vendor +Description = OSS (2 23 42 9 12) + +OID = 06 04 67 2A 09 0D +Comment = SET vendor +Description = TenthMountain (2 23 42 9 13) + +OID = 06 04 67 2A 09 0E +Comment = SET vendor +Description = Antares (2 23 42 9 14) + +OID = 06 04 67 2A 09 0F +Comment = SET vendor +Description = ECC (2 23 42 9 15) + +OID = 06 04 67 2A 09 10 +Comment = SET vendor +Description = Maithean (2 23 42 9 16) + +OID = 06 04 67 2A 09 11 +Comment = SET vendor +Description = Netscape (2 23 42 9 17) + +OID = 06 04 67 2A 09 12 +Comment = SET vendor +Description = Verisign (2 23 42 9 18) + +OID = 06 04 67 2A 09 13 +Comment = SET vendor +Description = BlueMoney (2 23 42 9 19) + +OID = 06 04 67 2A 09 14 +Comment = SET vendor +Description = Lacerte (2 23 42 9 20) + +OID = 06 04 67 2A 09 15 +Comment = SET vendor +Description = Fujitsu (2 23 42 9 21) + +OID = 06 04 67 2A 09 16 +Comment = SET vendor +Description = eLab (2 23 42 9 22) + +OID = 06 04 67 2A 09 17 +Comment = SET vendor +Description = Entrust (2 23 42 9 23) + +OID = 06 04 67 2A 09 18 +Comment = SET vendor +Description = VIAnet (2 23 42 9 24) + +OID = 06 04 67 2A 09 19 +Comment = SET vendor +Description = III (2 23 42 9 25) + +OID = 06 04 67 2A 09 1A +Comment = SET vendor +Description = OpenMarket (2 23 42 9 26) + +OID = 06 04 67 2A 09 1B +Comment = SET vendor +Description = Lexem (2 23 42 9 27) + +OID = 06 04 67 2A 09 1C +Comment = SET vendor +Description = Intertrader (2 23 42 9 28) + +OID = 06 04 67 2A 09 1D +Comment = SET vendor +Description = Persimmon (2 23 42 9 29) + +OID = 06 04 67 2A 09 1E +Comment = SET vendor +Description = NABLE (2 23 42 9 30) + +OID = 06 04 67 2A 09 1F +Comment = SET vendor +Description = espace-net (2 23 42 9 31) + +OID = 06 04 67 2A 09 20 +Comment = SET vendor +Description = Hitachi (2 23 42 9 32) + +OID = 06 04 67 2A 09 21 +Comment = SET vendor +Description = Microsoft (2 23 42 9 33) + +OID = 06 04 67 2A 09 22 +Comment = SET vendor +Description = NEC (2 23 42 9 34) + +OID = 06 04 67 2A 09 23 +Comment = SET vendor +Description = Mitsubishi (2 23 42 9 35) + +OID = 06 04 67 2A 09 24 +Comment = SET vendor +Description = NCR (2 23 42 9 36) + +OID = 06 04 67 2A 09 25 +Comment = SET vendor +Description = e-COMM (2 23 42 9 37) + +OID = 06 04 67 2A 09 26 +Comment = SET vendor +Description = Gemplus (2 23 42 9 38) + +OID = 06 03 67 2A 0A +Comment = SET +Description = national (2 23 42 10) + +OID = 06 05 67 2A 0A 81 40 +Comment = SET national +Description = Japan (2 23 42 10 192) + +# Draft SET. These were invented for testing in pre-1.0 drafts, but have +# been used nonetheless by implementors + +OID = 06 04 86 8D 6F 02 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = hashedRootKey (2 54 1775 2) +Warning + +OID = 06 04 86 8D 6F 03 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = certificateType (2 54 1775 3) +Warning + +OID = 06 04 86 8D 6F 04 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = merchantData (2 54 1775 4) +Warning + +OID = 06 04 86 8D 6F 05 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = cardCertRequired (2 54 1775 5) +Warning + +OID = 06 04 86 8D 6F 06 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = tunneling (2 54 1775 6) +Warning + +OID = 06 04 86 8D 6F 07 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = setQualifier (2 54 1775 7) +Warning + +OID = 06 04 86 8D 6F 63 +Comment = SET. Deprecated, use (2 23 42 7 0) instead +Description = set-data (2 54 1775 99) +Warning + +# Apple + +OID = 06 06 2A 86 48 86 F7 63 +Comment = Apple Computer, Inc. +Description = apple (1 2 840 113635) + +OID = 6 07 2A 86 48 86 F7 63 64 +Comment = Apple Data Security +Description = appleDataSecurity (1 2 840 113635 100) + +OID = 06 08 2A 86 48 86 F7 63 64 01 +Comment = Apple Trust Policy +Description = appleTrustPolicy (1 2 840 113635 100 1) + +OID = 06 08 2A 86 48 86 F7 63 64 02 +Comment = Apple Security Algorithms +Description = appleSecurityAlgorithm (1 2 840 113635 100 2) + +OID = 06 09 2A 86 48 86 F7 63 64 01 01 +Comment = Apple iSign +Description = iSignTP (1 2 840 113635 100 1 1) + +OID = 06 09 2A 86 48 86 F7 63 64 01 02 +Comment = Apple X509 Basic +Description = AppleX509Basic (1 2 840 113635 100 1 2) + +OID = 06 09 2A 86 48 86 F7 63 64 02 01 +Comment = Apple FEE +Description = fee (1 2 840 113635 100 2 1) + +OID = 06 09 2A 86 48 86 F7 63 64 02 02 +Comment = Apple ASC +Description = asc (1 2 840 113635 100 2 2) + +OID = 06 09 2A 86 48 86 F7 63 64 02 03 +Comment = Apple FEE/MD5 signature +Description = feeMD5 (1 2 840 113635 100 2 3) + +OID = 06 09 2A 86 48 86 F7 63 64 02 04 +Comment = Apple FEE/SHA1 signature +Description = feeSHA1 (1 2 840 113635 100 2 4) + +OID = 06 09 2A 86 48 86 F7 63 64 02 05 +Comment = Apple FEED encryption +Description = appleFeed (1 2 840 113635 100 2 5) + +OID = 06 09 2A 86 48 86 F7 63 64 02 06 +Comment = Apple FEEDExp signature +Description = appleFeedExp (1 2 840 113635 100 2 6) + +OID = 06 09 2A 86 48 86 F7 63 64 02 07 +Comment = Apple FEE/ECDSA signature +Description = feeECDSA (1 2 840 113635 100 2 7) + + +# Extended key usage +OID = 06 04 55 1D 25 03 +Comment = Code Signing +Description = id-kp-codeSigning (OID 2 5 29 37 3) + +# Intel's CDSA-specific SHA1withECDSA +OID = 06 0B 60 86 48 01 86 F8 4D 02 02 05 51 +Comment = CDSA SHA1 with ECDSA +Description = sha1WithECDSA (OID 2 16 840 1 113741 2 2 5 81) + +# End of Fahnenstange diff --git a/CertTool/cdsaUtils/fileIo.c b/CertTool/cdsaUtils/fileIo.c new file mode 100644 index 00000000..087513ae --- /dev/null +++ b/CertTool/cdsaUtils/fileIo.c @@ -0,0 +1,141 @@ +/* + File: fileIo.c + + Description: simple file read/write utilities + + Author: dmitch + + Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved. + + Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple + Computer, Inc. ("Apple") in consideration of your agreement to + the following terms, and your use, installation, modification + or redistribution of this Apple software constitutes acceptance + of these terms. If you do not agree with these terms, please + do not use, install, modify or redistribute this Apple software. + + In consideration of your agreement to abide by the following + terms, and subject to these terms, Apple grants you a personal, + non-exclusive license, under Apple's copyrights in this + original Apple software (the "Apple Software"), to use, + reproduce, modify and redistribute the Apple Software, with + or without modifications, in source and/or binary forms; + provided that if you redistribute the Apple Software in + its entirety and without modifications, you must retain + this notice and the following text and disclaimers in all + such redistributions of the Apple Software. Neither the + name, trademarks, service marks or logos of Apple Computer, + Inc. may be used to endorse or promote products derived from the + Apple Software without specific prior written permission from + Apple. Except as expressly stated in this notice, no other + rights or licenses, express or implied, are granted by Apple + herein, including but not limited to any patent rights that + may be infringed by your derivative works or by other works + in which the Apple Software may be incorporated. + + The Apple Software is provided by Apple on an "AS IS" basis. + APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, + REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE + OR IN COMBINATION WITH YOUR PRODUCTS. + + IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, + INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION + AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED + AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING + NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ +#include +#include +#include +#include +#include +#include +#include +#include "fileIo.h" + +int writeFile( + const char *fileName, + const unsigned char *bytes, + unsigned numBytes) +{ + int rtn; + int fd; + + fd = open(fileName, O_RDWR | O_CREAT | O_TRUNC, 0600); + if(fd <= 0) { + return errno; + } + rtn = lseek(fd, 0, SEEK_SET); + if(rtn < 0) { + return errno; + } + rtn = write(fd, bytes, (size_t)numBytes); + if(rtn != (int)numBytes) { + if(rtn >= 0) { + printf("writeFile: short write\n"); + } + rtn = EIO; + } + else { + rtn = 0; + } + close(fd); + return rtn; +} + +/* + * Read entire file. + */ +int readFile( + const char *fileName, + unsigned char **bytes, // mallocd and returned + unsigned *numBytes) // returned +{ + int rtn; + int fd; + char *buf; + struct stat sb; + unsigned size; + + *numBytes = 0; + *bytes = NULL; + fd = open(fileName, O_RDONLY, 0); + if(fd <= 0) { + return errno; + } + rtn = fstat(fd, &sb); + if(rtn) { + goto errOut; + } + size = sb.st_size; + buf = malloc(size); + if(buf == NULL) { + rtn = ENOMEM; + goto errOut; + } + rtn = lseek(fd, 0, SEEK_SET); + if(rtn < 0) { + goto errOut; + } + rtn = read(fd, buf, (size_t)size); + if(rtn != (int)size) { + if(rtn >= 0) { + printf("readFile: short read\n"); + } + rtn = EIO; + } + else { + rtn = 0; + *bytes = buf; + *numBytes = size; + } +errOut: + close(fd); + return rtn; +} diff --git a/CertTool/cdsaUtils/fileIo.h b/CertTool/cdsaUtils/fileIo.h new file mode 100644 index 00000000..3db7233e --- /dev/null +++ b/CertTool/cdsaUtils/fileIo.h @@ -0,0 +1,69 @@ +/* + File: fileIo.h + + Description: simple file read/write utilities + + Author: dmitch + + Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved. + + Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple + Computer, Inc. ("Apple") in consideration of your agreement to + the following terms, and your use, installation, modification + or redistribution of this Apple software constitutes acceptance + of these terms. If you do not agree with these terms, please + do not use, install, modify or redistribute this Apple software. + + In consideration of your agreement to abide by the following + terms, and subject to these terms, Apple grants you a personal, + non-exclusive license, under Apple's copyrights in this + original Apple software (the "Apple Software"), to use, + reproduce, modify and redistribute the Apple Software, with + or without modifications, in source and/or binary forms; + provided that if you redistribute the Apple Software in + its entirety and without modifications, you must retain + this notice and the following text and disclaimers in all + such redistributions of the Apple Software. Neither the + name, trademarks, service marks or logos of Apple Computer, + Inc. may be used to endorse or promote products derived from the + Apple Software without specific prior written permission from + Apple. Except as expressly stated in this notice, no other + rights or licenses, express or implied, are granted by Apple + herein, including but not limited to any patent rights that + may be infringed by your derivative works or by other works + in which the Apple Software may be incorporated. + + The Apple Software is provided by Apple on an "AS IS" basis. + APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, + REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE + OR IN COMBINATION WITH YOUR PRODUCTS. + + IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, + INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION + AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED + AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING + NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ +#ifdef __cplusplus +extern "C" { +#endif + +int readFile( + const char *fileName, + unsigned char **bytes, // mallocd and returned + unsigned *numBytes); // returned + +int writeFile( + const char *fileName, + const unsigned char *bytes, + unsigned numBytes); + +#ifdef __cplusplus +} +#endif diff --git a/CertTool/cdsaUtils/oidParser.cpp b/CertTool/cdsaUtils/oidParser.cpp new file mode 100644 index 00000000..a25a9be0 --- /dev/null +++ b/CertTool/cdsaUtils/oidParser.cpp @@ -0,0 +1,296 @@ +/* + * oidParser.cpp - parse an Intel-style OID, with the assistance of dumpasn1.cfg + */ + +#include +#include +#include +#include +#include "oidParser.h" +#include "fileIo.h" +#include +#include +#include +#include +#include +#include +#include + +/* get config file from .. or from . */ +#define CONFIG_FILE_NAME "dumpasn1.cfg" +static char *CONFIG_FILE1 = "../"CONFIG_FILE_NAME; +static char *CONFIG_FILE2 = CONFIG_FILE_NAME; +/* or from here via getenv */ +#define CONFIG_FILE_ENV "LOCAL_BUILD_DIR" + +static char *OID_ENTRY_START = "OID = "; +static char *OID_DESCR_START = "Description = "; +/* + * Read entire file with extra bytes left over in the mallocd buffer. + */ +int readFileExtra( + char *fileName, + unsigned extraBytes, + unsigned char **bytes, // mallocd and returned + unsigned *numBytes) // returned +{ + int rtn; + int fd; + unsigned char *buf; + struct stat sb; + unsigned size; + + *numBytes = 0; + *bytes = NULL; + fd = open(fileName, O_RDONLY, 0); + if(fd <= 0) { + return 1; + } + rtn = fstat(fd, &sb); + if(rtn) { + goto errOut; + } + size = sb.st_size; + buf = (unsigned char *)malloc(size + extraBytes); + if(buf == NULL) { + rtn = ENOMEM; + goto errOut; + } + rtn = lseek(fd, 0, SEEK_SET); + if(rtn < 0) { + goto errOut; + } + rtn = read(fd, buf, (size_t)size); + if(rtn != (int)size) { + if(rtn >= 0) { + printf("readFile: short read\n"); + } + rtn = EIO; + } + else { + rtn = 0; + *bytes = buf; + *numBytes = size; + } +errOut: + close(fd); + return rtn; +} + +/* + * Attempt to read dumpasn1.cfg from various places. If we can't find it, + * printOid() function will just print raw bytes as it + * would if the .cfg file did not contain the desired OID. + */ +static CSSM_DATA_PTR readConfig() +{ + CSSM_DATA_PTR configData = NULL; + int rtn; + + configData = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA)); + if(configData == NULL) { + return NULL; + } + /* malloc one extra byte, we'll null it later */ + rtn = readFileExtra(CONFIG_FILE1, 1, &configData->Data, + (unsigned *)&configData->Length); + if(rtn) { + rtn = readFileExtra(CONFIG_FILE2, 1, &configData->Data, + (unsigned *)&configData->Length); + } + if(rtn) { + char fileName[100]; + char *localBuildDir = getenv(CONFIG_FILE_ENV); + if(localBuildDir == NULL) { + rtn = 1; + } + else { + sprintf(fileName, "%s/%s", localBuildDir, CONFIG_FILE_NAME); + rtn = readFileExtra(fileName, 1, &configData->Data, + (unsigned *)&configData->Length); + } + } + if(rtn == 0) { + /* make the whole shebang one long C string */ + configData->Data[configData->Length++] = '\0'; + return configData; + } + else { + printf("""warning: no OID parser config file\n"); + free(configData); + return NULL; + } +} + +/* + * The heart of this module. + * + * -- Convert Intel-style OID to a string which might be found + * in the config file + * -- search config file for that string + * -- if found, use that entry in config file to output meaningful + * string and return CSSM_TRUE. Else return CSSM_FALSE. + */ +static CSSM_BOOL parseOidWithConfig( + const CSSM_DATA_PTR configData, + const CSSM_OID_PTR oid, + char *strBuf) +{ + char *fullOidStr = NULL; + char *ourEntry = NULL; + char *nextEntry = NULL; + char *descStart = NULL; + char *cp; + unsigned i; + CSSM_BOOL brtn; + char *nextCr; // next CR if any + char *nextNl; // next NL if any + char *eol; // end of line + int len; + + if(configData == NULL) { + return CSSM_FALSE; + } + + /* cook up a full OID string, with tag and length */ + fullOidStr = (char *)malloc((3 * oid->Length) + + // 2 chars plus space per byte + strlen(OID_ENTRY_START) + // "OID = " + 6 + // 06 xx - tag and length + 1); // NULL + if(fullOidStr == NULL) { + return CSSM_FALSE; + } + /* subsequent errors to errOut: */ + + sprintf(fullOidStr, "OID = 06 %02X", (unsigned)oid->Length); + cp = fullOidStr + strlen(fullOidStr); + for(i=0; iLength; i++) { + /* move cp to current end of string */ + cp += strlen(cp); + /* add one byte */ + sprintf(cp, " %02X", oid->Data[i]); + } + + /* + * Let's play it loose and assume that there are no embedded NULLs + * in the config file. Thus we can use the spiffy string functions + * in stdlib. + */ + ourEntry = strstr((char *)configData->Data, fullOidStr); + if(ourEntry == NULL) { + brtn = CSSM_FALSE; + goto errOut; + } + + /* get position of NEXT full entry - may be NULL (end of file) */ + nextEntry = strstr(ourEntry+1, OID_ENTRY_START); + + /* get position of our entry's description line */ + descStart = strstr(ourEntry+1, OID_DESCR_START); + + /* handle not found/overflow */ + if( (descStart == NULL) || // no more description lines + ( (descStart > nextEntry) && // no description in THIS entry + (nextEntry != NULL) ) ) { // make sure this is valid + brtn = CSSM_FALSE; + goto errOut; + } + + /* set descStart to after the leader */ + descStart += strlen(OID_DESCR_START); + + /* + * descStart points to the text we're interested in. + * First find end of line, any style. + */ + nextNl = strchr(descStart, '\n'); + nextCr = strchr(descStart, '\r'); + if((nextNl == NULL) && (nextCr == NULL)) { + /* no line terminator, go to eof */ + eol = (char *)configData->Data + configData->Length; + } + else if(nextCr == NULL) { + eol = nextNl; + } + else if(nextNl == NULL) { + eol = nextCr; + } + else if(nextNl < nextCr) { + /* both present, take first one */ + eol = nextNl; + } + else { + eol = nextCr; + } + + /* caller's string buf = remainder of description line */ + len = eol - descStart; + if(len > (OID_PARSER_STRING_SIZE - 1)) { + /* fixed-length output buf, avoid overflow */ + len = OID_PARSER_STRING_SIZE - 1; + } + memcpy(strBuf, descStart, len); + strBuf[len] = '\0'; + brtn = CSSM_TRUE; +errOut: + if(fullOidStr != NULL) { + free(fullOidStr); + } + return brtn; +} + +/*** OidParser class ***/ +OidParser::OidParser(bool noConfig) +{ + if(noConfig) { + configData = NULL; + } + else { + configData = readConfig(); + } +} + +OidParser::~OidParser() +{ + if(configData == NULL) { + return; + } + if(configData->Data != NULL) { + free(configData->Data); + } + free(configData); +} + +/* + * Parse an Intel-style OID, generating a C string in caller-supplied buffer. + */ +void OidParser::oidParse( + const unsigned char *oidp, + unsigned oidLen, + char *strBuf) +{ + unsigned i; + CSSM_OID oid; + + oid.Data = (uint8 *)oidp; + oid.Length = oidLen; + + if((oidLen == 0) || (oidp == NULL)) { + strcpy(strBuf, "EMPTY"); + return; + } + if(parseOidWithConfig(configData, &oid, strBuf) == CSSM_FALSE) { + /* no config file, just dump the bytes */ + char cbuf[8]; + + sprintf(strBuf, "OID : < 06 %02X ", (unsigned)oid.Length); + for(i=0; i"); + } +} + + diff --git a/CertTool/cdsaUtils/oidParser.h b/CertTool/cdsaUtils/oidParser.h new file mode 100644 index 00000000..46ce10ad --- /dev/null +++ b/CertTool/cdsaUtils/oidParser.h @@ -0,0 +1,44 @@ +/* + * oidParser.cpp - parse an Intel-style OID, with the assistance of dumpasn1.cfg. + * The config file islooked dfor int e following locations: + * + * current working directory (.) + * parent directory (..) + * The directory specified by the environment variable LOCAL_BUILD_DIR + * + * OidParser will still work if the config file is not found, but OIDs will be + * dispayed in raw hex format. + */ + +#ifndef _OID_PARSER_H_ +#define _OID_PARSER_H_ + +#include + +/* + * Generated strings go into a client-allocated char array of + * this size. + */ +#define OID_PARSER_STRING_SIZE 120 + +class OidParser +{ +private: + CSSM_DATA_PTR configData; // contents of dumpasn1.cfg +public: + /* costruct with noConfig true - skip reading config file */ + OidParser(bool noConfig=false); + ~OidParser(); + + /* + * Parse an Intel-style OID, generating a C string in + * caller-supplied buffer. + */ + void oidParse( + const unsigned char *oidp, + unsigned oidLen, + char *strBuf); + +}; + +#endif /* _OID_PARSER_H_ */ diff --git a/CertTool/cdsaUtils/pem.cpp b/CertTool/cdsaUtils/pem.cpp new file mode 100644 index 00000000..aa2595a7 --- /dev/null +++ b/CertTool/cdsaUtils/pem.cpp @@ -0,0 +1,170 @@ +/* + File: pem.h + + Description: PEM encode/decode routines + + Author: dmitch + + Copyright: © Copyright 2002 Apple Computer, Inc. All rights reserved. + + Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple + Computer, Inc. ("Apple") in consideration of your agreement to + the following terms, and your use, installation, modification + or redistribution of this Apple software constitutes acceptance + of these terms. If you do not agree with these terms, please + do not use, install, modify or redistribute this Apple software. + + In consideration of your agreement to abide by the following + terms, and subject to these terms, Apple grants you a personal, + non-exclusive license, under Apple's copyrights in this + original Apple software (the "Apple Software"), to use, + reproduce, modify and redistribute the Apple Software, with + or without modifications, in source and/or binary forms; + provided that if you redistribute the Apple Software in + its entirety and without modifications, you must retain + this notice and the following text and disclaimers in all + such redistributions of the Apple Software. Neither the + name, trademarks, service marks or logos of Apple Computer, + Inc. may be used to endorse or promote products derived from the + Apple Software without specific prior written permission from + Apple. Except as expressly stated in this notice, no other + rights or licenses, express or implied, are granted by Apple + herein, including but not limited to any patent rights that + may be infringed by your derivative works or by other works + in which the Apple Software may be incorporated. + + The Apple Software is provided by Apple on an "AS IS" basis. + APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, + REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE + OR IN COMBINATION WITH YOUR PRODUCTS. + + IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, + INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION + AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED + AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING + NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include "pem.h" +#include +#include +#include +#include "cuEnc64.h" + +int pemEncode( + const unsigned char *inData, + unsigned inDataLen, + unsigned char **outData, + unsigned *outDataLen, + const char *headerString) +{ + unsigned char *enc; + unsigned encLen; + + /* First base64 encode */ + enc = enc64WithLines(inData, inDataLen, 64, &encLen); + if(enc == NULL) { + /* malloc error is actually the only known failure */ + printf("***pemEncode: Error encoding file. Aborting.\n"); + return -1; + } + + /* estimate outsize - just be sloppy, way conservative */ + unsigned outSize = encLen + (2 * strlen(headerString)) + 200; + *outData = (unsigned char *)malloc(outSize); + sprintf((char *)*outData, "-----BEGIN %s-----\n%s-----END %s-----\n", + headerString, (char *)enc, headerString); + *outDataLen = strlen((char *)*outData); + + if((*outData)[*outDataLen - 1] == '\0') { + (*outDataLen)--; + } + free(enc); + return 0; +} + +int pemDecode( + const unsigned char *inData, + unsigned inDataLen, + unsigned char **outData, + unsigned *outDataLen) +{ + char *cp; + int freeCp = 0; + char *curr1, *curr2; + char *startPem = NULL; + char *endPem = NULL; + unsigned char *out; + unsigned outLen; + int ourRtn = 0; + + /* make the whole thing a NULL-terminated string */ + if(inData[inDataLen - 1] != '\0') { + cp = (char *)malloc(inDataLen + 1); + memmove(cp, inData, inDataLen); + cp[inDataLen] = '\0'; + inDataLen++; + freeCp = 1; + } + else { + /* already is */ + cp = (char *)inData; + } + + /* cp is start of NULL-terminated buffer, size inDataLen */ + /* skip over everything until "-----" */ + curr1 = strstr(cp, "-----"); + if(curr1 == NULL) { + printf("***pemDecode: no terminator found\n"); + ourRtn = -1; + goto abort; + } + + /* find end of separator line, handling both flavors of terminator */ + cp = curr1; + curr1 = strchr(cp, '\n'); + curr2 = strchr(cp, '\r'); + if((curr1 == NULL) & (curr2 == NULL)) { + printf("***pemDecode: Bad PEM format (1)\n"); + ourRtn = -1; + goto abort; + } + if(curr1 == NULL) { + startPem = curr2; + } + else { + startPem = curr1; + } + + /* startPem points to end of separator line */ + /* locate ending terminator and lop it off */ + curr1 = strstr(startPem, "-----"); + if(curr1 == NULL) { + printf("***pemDecode: Bad PEM format (2)\n"); + ourRtn = -1; + goto abort; + } + endPem = curr1; + /* endPem points to last PEM data plus one */ + + out = dec64((unsigned char *)startPem, endPem-startPem, &outLen); + if(out == NULL) { + printf("Bad PEM format (3)\n"); + ourRtn = -1; + goto abort; + } + *outData = out; + *outDataLen = outLen; +abort: + if(freeCp) { + free(cp); + } + return ourRtn; +} + diff --git a/CertTool/cdsaUtils/pem.h b/CertTool/cdsaUtils/pem.h new file mode 100644 index 00000000..02bbf5d7 --- /dev/null +++ b/CertTool/cdsaUtils/pem.h @@ -0,0 +1,72 @@ +/* + File: pem.h + + Description: PEM encode/decode routines + + Author: dmitch + + Copyright: © Copyright 2002 Apple Computer, Inc. All rights reserved. + + Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple + Computer, Inc. ("Apple") in consideration of your agreement to + the following terms, and your use, installation, modification + or redistribution of this Apple software constitutes acceptance + of these terms. If you do not agree with these terms, please + do not use, install, modify or redistribute this Apple software. + + In consideration of your agreement to abide by the following + terms, and subject to these terms, Apple grants you a personal, + non-exclusive license, under Apple's copyrights in this + original Apple software (the "Apple Software"), to use, + reproduce, modify and redistribute the Apple Software, with + or without modifications, in source and/or binary forms; + provided that if you redistribute the Apple Software in + its entirety and without modifications, you must retain + this notice and the following text and disclaimers in all + such redistributions of the Apple Software. Neither the + name, trademarks, service marks or logos of Apple Computer, + Inc. may be used to endorse or promote products derived from the + Apple Software without specific prior written permission from + Apple. Except as expressly stated in this notice, no other + rights or licenses, express or implied, are granted by Apple + herein, including but not limited to any patent rights that + may be infringed by your derivative works or by other works + in which the Apple Software may be incorporated. + + The Apple Software is provided by Apple on an "AS IS" basis. + APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, + REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE + OR IN COMBINATION WITH YOUR PRODUCTS. + + IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, + INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION + AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED + AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING + NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ +#ifdef __cplusplus +extern "C" { +#endif + +int pemEncode( + const unsigned char *inData, + unsigned inFileLen, + unsigned char **outData, + unsigned *outDataLen, + const char *headerString); + +int pemDecode( + const unsigned char *inData, + unsigned inFileLen, + unsigned char **outData, + unsigned *outDataLen); + +#ifdef __cplusplus +} +#endif diff --git a/CertTool/cdsaUtils/printCert.cpp b/CertTool/cdsaUtils/printCert.cpp new file mode 100644 index 00000000..1a01990a --- /dev/null +++ b/CertTool/cdsaUtils/printCert.cpp @@ -0,0 +1,912 @@ +/* + * Parse a cert, dump contents. + */ +#include "cdsaUtils.h" +#include +#include +#include +#include +#include +#include +#include +#include "printCert.h" +#include "oidParser.h" +#include "timeStr.h" +#include + +static char *months[] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" +}; + +/* + * Convert a CSSM_DATA_PTR, referring to a DER-encoded int, to a + * uint32. + */ +static uint32 DER_ToInt(const CSSM_DATA *DER_Data) +{ + uint32 rtn = 0; + uint32 i = 0; + + while(i < DER_Data->Length) { + rtn |= DER_Data->Data[i]; + if(++i == DER_Data->Length) { + break; + } + rtn <<= 8; + } + return rtn; +} + +static void printTime(const CSSM_X509_TIME *cssmTime) +{ + struct tm tm; + + /* ignore cssmTime->timeType for now */ + if(appTimeStringToTm((char *)cssmTime->time.Data, cssmTime->time.Length, &tm)) { + printf("***Bad time string format***\n"); + return; + } + if(tm.tm_mon > 11) { + printf("***Bad time string format***\n"); + return; + } + printf("%02d:%02d:%02d %s %d, %04d\n", + tm.tm_hour, tm.tm_min, tm.tm_sec, + months[tm.tm_mon], tm.tm_mday, tm.tm_year + 1900); + +} + +static void printDataAsHex( + const CSSM_DATA *d, + unsigned maxToPrint = 0) // optional, 0 means print it all +{ + unsigned i; + bool more = false; + uint32 len = d->Length; + uint8 *cp = d->Data; + + if((maxToPrint != 0) && (len > maxToPrint)) { + len = maxToPrint; + more = true; + } + for(i=0; iLength + * Tag is implied + */ +static void printOid(OidParser &parser, const CSSM_DATA *oid) +{ + char strBuf[OID_PARSER_STRING_SIZE]; + + if(oid == NULL) { + printf("NULL\n"); + return; + } + if((oid->Length == 0) || (oid->Data == NULL)) { + printf("EMPTY\n"); + return; + } + parser.oidParse(oid->Data, oid->Length, strBuf); + printf("%s\n", strBuf); +} + +/* + * Used to print generic blobs which we don't really understand. + * The bytesToPrint argument is usually thing->Length; it's here because snacc + * peports lengths of bit strings in BITS. Caller knows this and + * modifies bytesToPrint accordingly. In any case, bytesToPrint is the + * max number of valid bytes in *thing->Data. + */ +#define BLOB_LENGTH_PRINT 3 + +static void printBlobBytes( + char *blobType, + char *quanta, // e.g., "bytes', "bits" + uint32 bytesToPrint, + const CSSM_DATA *thing) +{ + uint32 dex; + uint32 toPrint = bytesToPrint; + + if(toPrint > BLOB_LENGTH_PRINT) { + toPrint = BLOB_LENGTH_PRINT; + } + printf("%s; Length %u %s; data = ", + blobType, (unsigned)thing->Length, quanta); + for(dex=0; dexData[dex]); + if(dex == (toPrint - 1)) { + break; + } + } + if(dex < bytesToPrint) { + printf(" ...\n"); + } + else { + printf("\n"); + } +} + +/* + * Print an IA5String or Printable string. Null terminator is not assumed. + * Trailing newline is printed. + */ +static void printString( + const CSSM_DATA *str) +{ + unsigned i; + char *cp = (char *)str->Data; + for(i=0; iLength; i++) { + printf("%c", *cp++); + } + printf("\n"); +} + +static void printDerThing( + CSSM_BER_TAG tagType, + const CSSM_DATA *thing, + OidParser &parser) +{ + switch(tagType) { + case BER_TAG_INTEGER: + printf("%u\n", (unsigned)DER_ToInt(thing)); + return; + case BER_TAG_BOOLEAN: + if(thing->Length != 1) { + printf("***malformed BER_TAG_BOOLEAN: length %d data ", + (unsigned)thing->Length); + } + printf("%u\n", (unsigned)DER_ToInt(thing)); + return; + case BER_TAG_PRINTABLE_STRING: + case BER_TAG_IA5_STRING: + case BER_TAG_T61_STRING: // mostly printable.... + printString(thing); + return; + case BER_TAG_OCTET_STRING: + printBlobBytes("Byte string", "bytes", thing->Length, thing); + return; + case BER_TAG_BIT_STRING: + printBlobBytes("Bit string", "bits", (thing->Length + 7) / 8, thing); + return; + case BER_TAG_SEQUENCE: + printBlobBytes("Sequence", "bytes", thing->Length, thing); + return; + case BER_TAG_SET: + printBlobBytes("Set", "bytes", thing->Length, thing); + return; + case BER_TAG_OID: + printf("OID = "); + printOid(parser, thing); + break; + default: + printf("not displayed (tagType = %s; length %u)\n", + tagTypeString(tagType), (unsigned)thing->Length); + break; + + } +} + +static void printSigAlg( + CSSM_X509_ALGORITHM_IDENTIFIER *sigAlg, + OidParser &parser) +{ + printOid(parser, &sigAlg->algorithm); + if(sigAlg->parameters.Data != NULL) { + printf(" alg params : "); + printDataAsHex(&sigAlg->parameters, 8); + } +} + +/* compare two OIDs, return CSSM_TRUE if identical */ +static CSSM_BOOL compareOids( + const CSSM_OID *oid1, + const CSSM_OID *oid2) +{ + if((oid1 == NULL) || (oid2 == NULL)) { + return CSSM_FALSE; + } + if(oid1->Length != oid2->Length) { + return CSSM_FALSE; + } + if(memcmp(oid1->Data, oid2->Data, oid1->Length)) { + return CSSM_FALSE; + } + else { + return CSSM_TRUE; + } +} + +static CSSM_RETURN printName( + const CSSM_X509_NAME_PTR x509Name, + OidParser &parser) +{ + CSSM_X509_TYPE_VALUE_PAIR *ptvp; + CSSM_X509_RDN_PTR rdnp; + unsigned rdnDex; + unsigned pairDex; + char *fieldName; + + for(rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { + rdnp = &x509Name->RelativeDistinguishedName[rdnDex]; + for(pairDex=0; pairDexnumberOfPairs; pairDex++) { + ptvp = &rdnp->AttributeTypeAndValue[pairDex]; + if(compareOids(&ptvp->type, &CSSMOID_CountryName)) { + fieldName = "Country "; + } + else if(compareOids(&ptvp->type, &CSSMOID_OrganizationName)) { + fieldName = "Org "; + } + else if(compareOids(&ptvp->type, &CSSMOID_LocalityName)) { + fieldName = "Locality "; + } + else if(compareOids(&ptvp->type, &CSSMOID_OrganizationalUnitName)) { + fieldName = "OrgUnit "; + } + else if(compareOids(&ptvp->type, &CSSMOID_CommonName)) { + fieldName = "Common Name "; + } + else if(compareOids(&ptvp->type, &CSSMOID_Surname)) { + fieldName = "Surname "; + } + else if(compareOids(&ptvp->type, &CSSMOID_Title)) { + fieldName = "Title "; + } + else if(compareOids(&ptvp->type, &CSSMOID_Surname)) { + fieldName = "Surname "; + } + else if(compareOids(&ptvp->type, &CSSMOID_StateProvinceName)) { + fieldName = "State "; + } + else if(compareOids(&ptvp->type, &CSSMOID_CollectiveStateProvinceName)) { + fieldName = "Coll. State "; + } + else if(compareOids(&ptvp->type, &CSSMOID_EmailAddress)) { + /* deprecated, used by Thawte */ + fieldName = "Email addrs "; + } + else { + fieldName = "Other name "; + } + printf(" %s : ", fieldName); + printDerThing(ptvp->valueType, &ptvp->value, parser); + } /* for each type/value pair */ + } /* for each RDN */ + + return CSSM_OK; +} + +static void printKeyHeader( + const CSSM_KEYHEADER &hdr) +{ + printf(" Algorithm : "); + switch(hdr.AlgorithmId) { + case CSSM_ALGID_RSA: + printf("RSA\n"); + break; + case CSSM_ALGID_DSA: + printf("DSA\n"); + break; + case CSSM_ALGID_FEE: + printf("FEE\n"); + break; + default: + printf("Unknown(%d(d), 0x%x)\n", (unsigned)hdr.AlgorithmId, + (unsigned)hdr.AlgorithmId); + } + printf(" Key Size : %u bits\n", (unsigned)hdr.LogicalKeySizeInBits); + printf(" Key Use : "); + CSSM_KEYUSE usage = hdr.KeyUsage; + if(usage & CSSM_KEYUSE_ANY) { + printf("CSSM_KEYUSE_ANY "); + } + if(usage & CSSM_KEYUSE_ENCRYPT) { + printf("CSSM_KEYUSE_ENCRYPT "); + } + if(usage & CSSM_KEYUSE_DECRYPT) { + printf("CSSM_KEYUSE_DECRYPT "); + } + if(usage & CSSM_KEYUSE_SIGN) { + printf("CSSM_KEYUSE_SIGN "); + } + if(usage & CSSM_KEYUSE_VERIFY) { + printf("CSSM_KEYUSE_VERIFY "); + } + if(usage & CSSM_KEYUSE_SIGN_RECOVER) { + printf("CSSM_KEYUSE_SIGN_RECOVER "); + } + if(usage & CSSM_KEYUSE_VERIFY_RECOVER) { + printf("CSSM_KEYUSE_VERIFY_RECOVER "); + } + if(usage & CSSM_KEYUSE_WRAP) { + printf("CSSM_KEYUSE_WRAP "); + } + if(usage & CSSM_KEYUSE_UNWRAP) { + printf("CSSM_KEYUSE_UNWRAP "); + } + if(usage & CSSM_KEYUSE_DERIVE) { + printf("CSSM_KEYUSE_DERIVE "); + } + printf("\n"); + +} + +/* + * Print contents of a CE_GeneralNames as best we can. + */ +static void printGeneralNames( + CE_GeneralNames *generalNames, + OidParser &parser) +{ + unsigned i; + CE_GeneralName *name; + + for(i=0; inumNames; i++) { + name = &generalNames->generalName[i]; + switch(name->nameType) { + case GNT_RFC822Name: + printf(" RFC822Name : "); + printString(&name->name); + break; + case GNT_DNSName: + printf(" DNSName : "); + printString(&name->name); + break; + case GNT_URI: + printf(" URI : "); + printString(&name->name); + break; + case GNT_IPAddress: + printf(" IP Address : "); + for(unsigned i=0; iname.Length; i++) { + printf("%d", name->name.Data[i]); + if(i < (name->name.Length - 1)) { + printf("."); + } + } + printf("\n"); + break; + case GNT_RegisteredID: + printf(" RegisteredID : "); + printOid(parser, &name->name); + break; + case GNT_X400Address: + /* ORAddress, a very complicated struct - punt */ + printf(" X400Address : "); + printBlobBytes("Sequence", "bytes", name->name.Length, &name->name); + break; + case GNT_DirectoryName: + /* encoded Name (i.e. CSSM_X509_NAME) */ + printf(" Dir Name : "); + printBlobBytes("Byte string", "bytes", name->name.Length, &name->name); + break; + case GNT_EdiPartyName: + /* sequence EDIPartyName */ + printf(" EdiPartyName : "); + printBlobBytes("Sequence", "bytes", name->name.Length, &name->name); + break; + case GNT_OtherName: + printf(" OtherName : "); + printOid(parser, &name->name); + break; + } + } +} + +static int printExtensionCommon( + const CSSM_DATA &value, + OidParser &parser, + bool expectParsed = true) +{ + if(value.Length != sizeof(CSSM_X509_EXTENSION)) { + printf("***malformed CSSM_FIELD (1)\n"); + return 1; + } + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; + printf("Extension struct : "); printOid(parser, &cssmExt->extnId); + printf(" Critical : %s\n", cssmExt->critical ? "TRUE" : "FALSE"); + switch(cssmExt->format) { + case CSSM_X509_DATAFORMAT_ENCODED: + if(expectParsed) { + printf("Bad CSSM_X509_EXTENSION; expected FORMAT_PARSED\n"); + return 1; + } + if((cssmExt->BERvalue.Data == NULL) || + (cssmExt->value.parsedValue != NULL)) { + printf("***Malformed CSSM_X509_EXTENSION (1)\n"); + return 1; + } + break; + case CSSM_X509_DATAFORMAT_PARSED: + if(!expectParsed) { + printf("Bad CSSM_X509_EXTENSION; expected FORMAT_ENCODED\n"); + return 1; + } + if((cssmExt->BERvalue.Data != NULL) || + (cssmExt->value.parsedValue == NULL)) { + printf("***Malformed CSSM_X509_EXTENSION (2)\n"); + return 1; + } + break; + default: + printf("***Unknown CSSM_X509_EXTENSION.format\n"); + return 1; + } + return 0; +} + +static void printKeyUsage( + const CSSM_DATA &value) +{ + CE_KeyUsage usage; + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; + + usage = *((CE_KeyUsage *)cssmExt->value.parsedValue); + printf(" usage : "); + if(usage & CE_KU_DigitalSignature) { + printf("DigitalSignature "); + } + if(usage & CE_KU_NonRepudiation) { + printf("NonRepudiation "); + } + if(usage & CE_KU_KeyEncipherment) { + printf("KeyEncipherment "); + } + if(usage & CE_KU_DataEncipherment) { + printf("DataEncipherment "); + } + if(usage & CE_KU_KeyAgreement) { + printf("KeyAgreement "); + } + if(usage & CE_KU_KeyCertSign) { + printf("KeyCertSign "); + } + if(usage & CE_KU_CRLSign) { + printf("CRLSign "); + } + if(usage & CE_KU_EncipherOnly) { + printf("EncipherOnly "); + } + if(usage & CE_KU_DecipherOnly) { + printf("DecipherOnly "); + } + printf("\n"); + +} + +static void printBasicConstraints( + const CSSM_DATA &value) +{ + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; + CE_BasicConstraints *bc = (CE_BasicConstraints *)cssmExt->value.parsedValue; + printf(" CA : %s\n", bc->cA ? "TRUE" : "FALSE"); + if(bc->pathLenConstraintPresent) { + printf(" pathLenConstr : %u\n", + (unsigned)bc->pathLenConstraint); + } +} + +static void printExtKeyUsage( + const CSSM_DATA &value, + OidParser &parser) +{ + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; + CE_ExtendedKeyUsage *eku = (CE_ExtendedKeyUsage *)cssmExt->value.parsedValue; + unsigned oidDex; + for(oidDex=0; oidDexnumPurposes; oidDex++) { + printf(" purpose %2d : ", oidDex); + printOid(parser, &eku->purposes[oidDex]); + } +} + +static void printAuthorityKeyId( + const CSSM_DATA &value, + OidParser &parser) +{ + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; + CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)cssmExt->value.parsedValue; + if(akid->keyIdentifierPresent) { + printf(" keyIdentifier : "); printDataAsHex(&akid->keyIdentifier, 8); + } + if(akid->generalNamesPresent) { + printGeneralNames(akid->generalNames, parser); + } + if(akid->serialNumberPresent) { + printf(" serialNumber : "); printDataAsHex(&akid->serialNumber, 8); + } +} + +static void printSubjectAltName( + const CSSM_DATA &value, + OidParser &parser) +{ + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; + CE_GeneralNames *san = (CE_GeneralNames *)cssmExt->value.parsedValue; + printGeneralNames(san, parser); +} + +static void printCertPolicies( + const CSSM_DATA &value, + OidParser &parser) +{ + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; + CE_CertPolicies *cdsaObj = (CE_CertPolicies *)cssmExt->value.parsedValue; + for(unsigned polDex=0; polDexnumPolicies; polDex++) { + CE_PolicyInformation *cPolInfo = &cdsaObj->policies[polDex]; + printf(" Policy %2d : ID ", polDex); + printOid(parser, &cPolInfo->certPolicyId); + for(unsigned qualDex=0; qualDexnumPolicyQualifiers; qualDex++) { + CE_PolicyQualifierInfo *cQualInfo = &cPolInfo->policyQualifiers[qualDex]; + printf(" Qual %2d : ID ", qualDex); + printOid(parser, &cQualInfo->policyQualifierId); + if(cuCompareCssmData(&cQualInfo->policyQualifierId, + &CSSMOID_QT_CPS)) { + printf(" CPS : "); + printString(&cQualInfo->qualifier); + } + else { + printf(" unparsed : "); + printDataAsHex(&cQualInfo->qualifier, 8); + } + } + } +} + +static void printNetscapeCertType( + const CSSM_DATA &value) +{ + CE_NetscapeCertType certType; + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data; + + certType = *((CE_NetscapeCertType *)cssmExt->value.parsedValue); + printf(" certType : "); + if(certType & CE_NCT_SSL_Client) { + printf("SSL_Client "); + } + if(certType & CE_NCT_SSL_Server) { + printf("SSL_Server "); + } + if(certType & CE_NCT_SMIME) { + printf("S/MIME "); + } + if(certType & CE_NCT_ObjSign) { + printf("ObjectSign "); + } + if(certType & CE_NCT_Reserved) { + printf("Reserved "); + } + if(certType & CE_NCT_SSL_CA) { + printf("SSL_CA "); + } + if(certType & CE_NCT_SMIME_CA) { + printf("SMIME_CA "); + } + if(certType & CE_NCT_ObjSignCA) { + printf("ObjSignCA "); + } + printf("\n"); +} + +/* print one field */ +void printCertField( + const CSSM_FIELD &field, + OidParser &parser, + CSSM_BOOL verbose) +{ + const CSSM_DATA *thisData = &field.FieldValue; + const CSSM_OID *thisOid = &field.FieldOid; + + if(cuCompareCssmData(thisOid, &CSSMOID_X509V1Version)) { + if(verbose) { + printf("Version : %u\n", + (unsigned)DER_ToInt(thisData)); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SerialNumber)) { + printf("Serial Number : "); printDataAsHex(thisData, 0); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1IssuerNameCStruct)) { + printf("Issuer Name :\n"); + CSSM_X509_NAME_PTR name = (CSSM_X509_NAME_PTR)thisData->Data; + if((name == NULL) || (thisData->Length != sizeof(CSSM_X509_NAME))) { + printf(" ***malformed CSSM_X509_NAME\n"); + } + else { + printName(name, parser); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SubjectNameCStruct)) { + printf("Subject Name :\n"); + CSSM_X509_NAME_PTR name = (CSSM_X509_NAME_PTR)thisData->Data; + if((name == NULL) || (thisData->Length != sizeof(CSSM_X509_NAME))) { + printf(" ***malformed CSSM_X509_NAME\n"); + } + else { + printName(name, parser); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1ValidityNotBefore)) { + CSSM_X509_TIME *cssmTime = (CSSM_X509_TIME *)thisData->Data; + if((cssmTime == NULL) || (thisData->Length != sizeof(CSSM_X509_TIME))) { + printf(" ***malformed CSSM_X509_TIME\n"); + } + else if(verbose) { + printf("Not Before : "); printString(&cssmTime->time); + printf(" : "); + printTime(cssmTime); + } + else { + printf("Not Before : "); + printTime(cssmTime); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1ValidityNotAfter)) { + CSSM_X509_TIME *cssmTime = (CSSM_X509_TIME *)thisData->Data; + if((cssmTime == NULL) || (thisData->Length != sizeof(CSSM_X509_TIME))) { + printf(" ***malformed CSSM_X509_TIME\n"); + } + else if(verbose) { + printf("Not After : "); printString(&cssmTime->time); + printf(" : "); + printTime(cssmTime); + } + else { + printf("Not After : "); + printTime(cssmTime); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SignatureAlgorithmTBS)) { + if(verbose) { + /* normally skip, it's the same as TBS sig alg */ + printf("TBS Sig Algorithm : "); + CSSM_X509_ALGORITHM_IDENTIFIER *algId = + (CSSM_X509_ALGORITHM_IDENTIFIER *)thisData->Data; + if((algId == NULL) || + (thisData->Length != sizeof(CSSM_X509_ALGORITHM_IDENTIFIER))) { + printf(" ***malformed CSSM_X509_ALGORITHM_IDENTIFIER\n"); + } + else { + printSigAlg(algId, parser); + } + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SignatureAlgorithm)) { + printf("Cert Sig Algorithm : "); + CSSM_X509_ALGORITHM_IDENTIFIER *algId = + (CSSM_X509_ALGORITHM_IDENTIFIER *)thisData->Data; + if((algId == NULL) || + (thisData->Length != sizeof(CSSM_X509_ALGORITHM_IDENTIFIER))) { + printf(" ***malformed CSSM_X509_ALGORITHM_IDENTIFIER\n"); + } + else { + printSigAlg(algId, parser); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1CertificateIssuerUniqueId)) { + if(verbose) { + printf("Issuer UniqueId : "); + printDerThing(BER_TAG_BIT_STRING, thisData, parser); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1CertificateSubjectUniqueId)) { + if(verbose) { + printf("Subject UniqueId : "); + printDerThing(BER_TAG_BIT_STRING, thisData, parser); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SubjectPublicKeyCStruct)) { + CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *pubKeyInfo = + (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)thisData->Data; + printf("Pub Key Algorithm : "); + if((pubKeyInfo == NULL) || + (thisData->Length != sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO))) { + printf(" ***malformed CSSM_X509_SUBJECT_PUBLIC_KEY_INFO\n"); + } + else { + printSigAlg(&pubKeyInfo->algorithm, parser); + printf("Pub key Bytes : Length %u bytes : ", + (unsigned)pubKeyInfo->subjectPublicKey.Length); + printDataAsHex(&pubKeyInfo->subjectPublicKey, 8); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_CSSMKeyStruct)) { + CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR)thisData->Data; + printf("CSSM Key :\n"); + if((cssmKey == NULL) || + (thisData->Length != sizeof(CSSM_KEY))) { + printf(" ***malformed CSSM_KEY\n"); + } + else { + printKeyHeader(cssmKey->KeyHeader); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1Signature)) { + printf("Signature : %u bytes : ", + (unsigned)thisData->Length); + printDataAsHex(thisData, 8); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V3CertificateExtensionCStruct)) { + if(printExtensionCommon(*thisData, parser, false)) { + return; + } + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)thisData->Data; + printf(" Unparsed data : "); printDataAsHex(&cssmExt->BERvalue, 8); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_KeyUsage)) { + if(printExtensionCommon(*thisData, parser)) { + return; + } + printKeyUsage(*thisData); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_BasicConstraints)) { + if(printExtensionCommon(*thisData, parser)) { + return; + } + printBasicConstraints(*thisData); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_ExtendedKeyUsage)) { + if(printExtensionCommon(*thisData, parser)) { + return; + } + printExtKeyUsage(*thisData, parser); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_SubjectKeyIdentifier)) { + if(printExtensionCommon(*thisData, parser)) { + return; + } + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)thisData->Data; + CSSM_DATA_PTR cdata = (CSSM_DATA_PTR)cssmExt->value.parsedValue; + if((cdata == NULL) || (cdata->Data == NULL)) { + printf("****Malformed extension (no parsedValue)\n"); + } + else { + printf(" Subject KeyID : "); printDataAsHex(cdata, 8); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_AuthorityKeyIdentifier)) { + if(printExtensionCommon(*thisData, parser)) { + return; + } + printAuthorityKeyId(*thisData, parser); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_SubjectAltName)) { + if(printExtensionCommon(*thisData, parser)) { + return; + } + printSubjectAltName(*thisData, parser); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_CertificatePolicies)) { + if(printExtensionCommon(*thisData, parser)) { + return; + } + printCertPolicies(*thisData, parser); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_NetscapeCertType)) { + if(printExtensionCommon(*thisData, parser)) { + return; + } + printNetscapeCertType(*thisData); + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1IssuerName)) { + if(verbose) { + printf("Normalized Issuer : "); + printDataAsHex(thisData, 8); + } + } + else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SubjectName)) { + if(verbose) { + printf("Normalized Subject : "); + printDataAsHex(thisData, 8); + } + } + else { + printf("other field: : "); printOid(parser, thisOid); + } +} + +/* connect to CSSM/CL lazily, once */ +static CSSM_CL_HANDLE clHand = 0; + +int printCert( + const unsigned char *certData, + unsigned certLen, + CSSM_BOOL verbose) +{ + CSSM_FIELD_PTR fieldPtr; // mallocd by CL + uint32 i; + uint32 numFields; + OidParser parser; + CSSM_DATA cert; + + if(clHand == 0) { + clHand = cuClStartup(); + if(clHand == 0) { + printf("***Error connecting to CSSM cert module; aborting cert display\n"); + return 0; + } + } + cert.Data = (uint8 *)certData; + cert.Length = certLen; + + CSSM_RETURN crtn = CSSM_CL_CertGetAllFields(clHand, + &cert, + &numFields, + &fieldPtr); + if(crtn) { + cuPrintError("CSSM_CL_CertGetAllFields", crtn); + return crtn; + } + + for(i=0; i +#include "oidParser.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* print one field */ +void printCertField( + const CSSM_FIELD &field, + OidParser &parser, + CSSM_BOOL verbose); + +int printCert( + const unsigned char *certData, + unsigned certLen, + CSSM_BOOL verbose); + +void printCertShutdown(); + +#ifdef __cplusplus +} +#endif + +#endif /* _PARSE_CERT_H_ */ diff --git a/CertTool/cdsaUtils/timeStr.cpp b/CertTool/cdsaUtils/timeStr.cpp new file mode 100644 index 00000000..0ce02bb5 --- /dev/null +++ b/CertTool/cdsaUtils/timeStr.cpp @@ -0,0 +1,144 @@ +#include "timeStr.h" +#include +#include +#include +#include + +/* + * Given a string containing either a UTC-style or "generalized time" + * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on + * error. + */ +int appTimeStringToTm( + const char *str, + unsigned len, + struct tm *tmp) +{ + char szTemp[5]; + unsigned isUtc; + unsigned x; + unsigned i; + char *cp; + + if((str == NULL) || (len == 0) || (tmp == NULL)) { + return 1; + } + + /* tolerate NULL terminated or not */ + if(str[len - 1] == '\0') { + len--; + } + switch(len) { + case UTC_TIME_STRLEN: // 2-digit year, not Y2K compliant + isUtc = 1; + break; + case GENERALIZED_TIME_STRLEN: // 4-digit year + isUtc = 0; + break; + default: // unknown format + return 1; + } + + cp = (char *)str; + + /* check that all characters except last are digits */ + for(i=0; i<(len - 1); i++) { + if ( !(isdigit(cp[i])) ) { + return 1; + } + } + + /* check last character is a 'Z' */ + if(cp[len - 1] != 'Z' ) { + return 1; + } + + /* YEAR */ + szTemp[0] = *cp++; + szTemp[1] = *cp++; + if(!isUtc) { + /* two more digits */ + szTemp[2] = *cp++; + szTemp[3] = *cp++; + szTemp[4] = '\0'; + } + else { + szTemp[2] = '\0'; + } + x = atoi( szTemp ); + if(isUtc) { + /* + * 2-digit year. + * 0 <= year < 50 : assume century 21 + * 50 <= year < 70 : illegal per PKIX + * 70 < year <= 99 : assume century 20 + */ + if(x < 50) { + x += 2000; + } + else if(x < 70) { + return 1; + } + else { + /* century 20 */ + x += 1900; + } + } + /* by definition - tm_year is year - 1900 */ + tmp->tm_year = x - 1900; + + /* MONTH */ + szTemp[0] = *cp++; + szTemp[1] = *cp++; + szTemp[2] = '\0'; + x = atoi( szTemp ); + /* in the string, months are from 1 to 12 */ + if((x > 12) || (x <= 0)) { + return 1; + } + /* in a tm, 0 to 11 */ + tmp->tm_mon = x - 1; + + /* DAY */ + szTemp[0] = *cp++; + szTemp[1] = *cp++; + szTemp[2] = '\0'; + x = atoi( szTemp ); + /* 1..31 in both formats */ + if((x > 31) || (x <= 0)) { + return 1; + } + tmp->tm_mday = x; + + /* HOUR */ + szTemp[0] = *cp++; + szTemp[1] = *cp++; + szTemp[2] = '\0'; + x = atoi( szTemp ); + if((x > 23) || (x < 0)) { + return 1; + } + tmp->tm_hour = x; + + /* MINUTE */ + szTemp[0] = *cp++; + szTemp[1] = *cp++; + szTemp[2] = '\0'; + x = atoi( szTemp ); + if((x > 59) || (x < 0)) { + return 1; + } + tmp->tm_min = x; + + /* SECOND */ + szTemp[0] = *cp++; + szTemp[1] = *cp++; + szTemp[2] = '\0'; + x = atoi( szTemp ); + if((x > 59) || (x < 0)) { + return 1; + } + tmp->tm_sec = x; + return 0; +} + diff --git a/CertTool/cdsaUtils/timeStr.h b/CertTool/cdsaUtils/timeStr.h new file mode 100644 index 00000000..2baac982 --- /dev/null +++ b/CertTool/cdsaUtils/timeStr.h @@ -0,0 +1,27 @@ +#ifndef _TIME_STR_H_ +#define _TIME_STR_H_ + +#include + +#define UTC_TIME_STRLEN 13 +#define GENERALIZED_TIME_STRLEN 15 + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Given a string containing either a UTC-style or "generalized time" + * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on + * error. + */ +int appTimeStringToTm( + const char *str, + unsigned len, + struct tm *tmp); + +#ifdef __cplusplus +} +#endif + +#endif /* _TIME_STR_H_ */ \ No newline at end of file diff --git a/Documentation/ACLsInCDSA.cwk b/Documentation/ACLsInCDSA.cwk new file mode 100644 index 0000000000000000000000000000000000000000..3b1ac75136710c90df91f639a1d8784cf540a7dc GIT binary patch literal 33130 zcmc(Id3apamFIa?rP5kbl`U_0dp2GqTbB0)v)Ec}OCT>;VlkUtDm_VsOI4y4$sz$v zNC+WjOUTL+ry(Q(0tB1@-Tj9XlAif`@?{bmCJ?5l$%HsdcREXFdVoMYzjN+=_q{61 z?sNxv9_YST_uS=d_ndQ=_gq%~47KiT-C2gaxvc6FuOH-J!RdiM>hS&x{2(yPBEtWr z7qSBQk5IE7FpJ7go|H0{#icv&S0VX;p-cnA0w`Z}q2y7bTFyHKR#fmm{Ub;;zng*- zsIlmy!rvr;hM7cx5``#q%SlbU040gm?Q*i& zF}r8bvD?Pd$%F^uC+iL*{bWhKR+>(MuASTG6_=56mbH%&LycwkH=PRqkLR39X&E>H+${g6Qfu{a~oETyzZ`4gM~8HC42CZ|OmarPKps?wd6OHMVd zp+O3vHMRsb_^ZGlN>`sav5VWbUJl$*ed1@2(&E7R)GAtLx~x8`p@*qCaGPWYnI?5j z`x^~?kmg(e2rB_y6Fn60ykQMJKw%ovRag_{vJT7bUP&YLjNBKAMIvjdzQ0TNaekmu z{SK{B_plztAD>opJeVw zhxGjm>K?Q7y;I+ZRlV39s$T4$RQ{w|eZNxOC%>TYzgOk!Lv%mWQ$M2er)<*qC)9oF z9(AAAtM9*3_vyP-y%~E{J2U!JzcVMR-!nD-v#wJ4vp1^y+-vpyO;v90Z`AL38GRq7 zPcc68M(ERWf0I7Lcj%GaLvQdeXjX8NMW4V^gr93I`Z}H$v8KRgS3-mOS?+lLD?ES9 zm;aA=4kG`{$bZL||1O>_wDVb!t!XFl-;l4{3H;D2A9DS}=YY(06hx;MeICzyePwRb zb-B!)zWmSm^1tlmm%ZfWmwn%t|1#S(450^z%KpjA53lvghcEE*p?iiF=%1mbGVbA7 z+3V#)H%)oyrzv0kxYuv>H@&*m&wFJepYqB?9`*8Tqh5aPEMI=3FMoqC|8ifx3~qJr;hE*~6^sppAR_k%@w{H=KZNHCefdMa@_AqW7kv3odifY%ru|s8FTc~5 z&pN>RhJItic-H!ZF=+6NJ>$_8`!BwHmZQc$=E?}|V7!|ANmF%s&cD)^4>`L1VmzDj zlfUK5|GCZwA143Km(P7^JTdlFI}gkFH|^Bl?3IT-F!@uMc1`b;Cw%!wynNUTQ+{f~ z%ZL3i`O{n-16|WjXuWz0&y2Hff7-8n<$vwv!|oWIVS5ZMusH{v z23O(<@j~#AEp1&nJDIlI+PhmK4Oa}t^AZVn=i}+Vc(%{(j*sOUBQ0qg1?^-S3O4hOC_K1TyKyqj}ljRQVVa6iUFYWg^x#U2)Inpx- z`uj48!jOX!$W3IEy^KB31C=(OO`Srz&&diSlIejadoVM~49wZ1ne2XMH*$lRBe74d@MI&*T=bIM)=_ zfOJw0^Il~^I^ZH0qR7ahllTnUym>S@l1Ct?h+>=m;!Z0hQ!l-3eCo~9j^v8jWqBfazv4$F@ zMSGKpLMooss1#!{n#9OSA`}n)TK8^e(mbGKfH|VXtf29ccrq351z-A|II9eB?iY4L zca%i{uW}gw0?4Et9%@4wXe_9(x4=Fmom`;V-oh#c!C{CQO<{HogSRr8x#R1>W~DvA zLm?3_=?m!l%0FoD8cp9#-fW#FGSf+#V5wI&g zW~U27y-M%65A@d@xq=%s2qx1bnf<^BSg;`b3+aR?IP178!xZ`y<;n zR{c1JgONbO$>x*&$pnTr zvDwB!lgBazG|#>!ncmMM7X$u9m(gRc@{7J4OJx%KbH_!(DCn^co=C*Z7#w3SecWEg z1CCM0PY@(V8Yudh57Pw`CstbxHH^``eXNl7^)iqgfmSez+?2~k#cN=|nIht5yFJ4m zF(2R0<{3YN<;^FrC;4nqL5AI z$L#HyJ|`7v<#+<73YzJ8Yt|?b<_tqb>#I?y_ zgvH4qhm9`#FL4%b41s~pftkUVz1A^yR?GUFeg_6GJ;1_5^)VIY(yNC>Ca0xd&dEhbVFZqAel!v!4aHt zVJMivxBsHgJLI{yhIn5eG#X}cn4N3RK^*AO)}Mqc^o==g3gM>_0<6r4lNS3R z;bn7VJL0in_+jacB@x-92W8e__W-ZKq_WwCwvX#Yc@(e#<-u#LhFJG)PJT&CA{8id zBrwQ5V*Xsu0xrXi<$#0g%S2c}hs_wqt=%v>nB<6z=@uy@cvOfG+}}k~Y~%nWKqO_w4Q5v2~~CPk5km(1f@_lxYYt100X?5)y83`^Sb0y{Tm4xCywWQxyzI^r#we z`j{->mrN&81%%#$Tz+gA5l6pk$)v+HMwEj=m4|&nX+ z(y&M~k#Z3JI|q0gkjo)B?-L2ZTR}VF9T`V$oO&?$BvwE+;;}qhwnyQr!JPrbFp5NF zLp&PU_k;Pl6x2RHn9URhlrK;Lr5oD8q@#7k14R?y?B5xV# zf#1#aCHrL-1ha?nEfo$RYU2^WhzKppU!>ukxE=98el3Hlq*9qtH9Q62;Up?2^y-lX z+o0seHdzXzo4p+^JKDRp7}qJif_~_qb^{!^V(j(C;XQx@GcO^8yCXJ}hO6uyNoEQ; zjx}5d7f>{^VX)Xq=8~OuMq$|CV%cG!aV0oUU_ULz{m>%m}Uf%5@Gg_@iW(Thd_LQr^Pa+T=jvSE~Jw@8;cKdxat;XLxusX z20(M9TMhJ$-eg*NT?|b2!yNOf881e@^cHFH&jjtgOeR4fS1b7N8#yad~kp5%~Y@8;o#=Gh5l^UJ|bJJ0#Bqyq>BfFDyd z5>F*DZ;;+Kg;;XXn6^V72gG-PJPBc7NO%I&n-TQ`Nn=hv(&h`?wO(D~j2(xqltmUV z5>r8kyXs)q8Uor#8+gUT5oO#J6ESK?hy!7lMyA@;A>B5wk1&R|)8CI+4g@&O1I#9NjjdB3;+!}pQ)s2JIns(XvNlZEavSZ= zfizFU#cHs+rZb}wgoBO3AI@WosWddw15YX=Q;$d}2mBZdX+KuZd_IBbHY<7RJJ7 zX2^j-$AS%%gr{4~CTT>o46Mq+2-*#o?dZI+QM3pmPof%{Ot`w2)5?c1S^AXWX!m-> zWXy_0Q4_spd5*v{ah`fYJv8;qI$#A>K~pllY%zFPX(^n_3anT{HN4QgA00bcOrL;p z)`?@Bf-}1$*t22aTy!yzmiSO+nw5QKUdx16c|goIp~4(axHB@$KDCh5{6Z^*;+t+m zhB8*=pt6|0>9v`LV~7zG&T(D|;s6!;$tznBJYo)>C-9@xhseqp>Kobkd}JuD#A)1Zn;X=GQ+cBN-VS=kVA)4Rag0a^bma=Sc#=EYJyd1~PG zH+QA5k(nrdksXAwh!V=GcuRt{xEmx(%w>ux5?lvmr!ikG^e%JpI$kU=Ay?Klfa?%j ze%DsWG+e2`_^!dMx^g6P3~F%PTZn5&U$`F@p8=VyKY#y)D?)Q3j5$-oq9jvhFxaj^^D45?0XElC<`3H~dZkkB z)Nt#{1@XiX_7xJ<>s#^zcEO#qqfs@bQD_Q^y$%9eu%{Ob6v8ou5RWS+w<*OLpb$Q?GQIUrk1 z&Qg^XMT$ePVA!~;D;^AO2-^#KOF|8doLO-ia=43RZpZ|CxW+eD3o${FG%|bMRy$ZCB z;NKlVvOR{S5G>_+-HyVjNljiAgOzr1l%+a@yKWXv6YHtK7)lpsy1}`kWiZ2N@$qgc zma^M2tA^}UL90Z~n7h7(LD@qP7bmMgDh`L0&SFpoEZou<{Jgmbl+wI%ClOhXJIlnF z=9Luaxw~jl#5fL}WH|FU@=tNFy6&l$T7_dj4MWdvNB3snM&S>k?&e8Ru`Fx$V5{*k+=|Ho;Md!I?XX9%e#1~1)@NR ztCo4NvgjNb#w4r{8k7+!Dx@%JYHU-ZjWv4o%lmQ4C%PnHBFHvUmhL%HN+hxV%28C2Ziu8= zsl~>+azj5_#;omXh1gx$fGTTk*3k{v%_Ecb8@h?mJDyE~S9-lXF_=jv92hrm${Oi> z1vHMrckyUIV^A!;O@&zpWS_^R5FSdeO5_T#KCM`$?B`_}y*;3(7vN+n&ifX{K0?~W zPAMdSeG6^Q<68CEueqDuD5z{OEBq*8BD*lmO&v3SY`>E}&h7j5szj4fs?X+q1~vz1 z&+WxY@jeSLFi7VT=}P=3^8#<0VWv~qQE;&MtbLPr#7>-4f|Q6HIp}0t5CMY6@7q zG+Dw~m;ZY9#R{)n#a_K$EFl_ZOKSNUh{2ffj_@XLxlxyt(V}ML?s6VDHvXC|J5Z66 ziaunjT7suCuzI1jk9{eh)K({}ciO^dhw0kY`uHDCv zID4aWxF(<4IdP&Le_i;KGu2+Fe1ZojV(&*eIr;8E@Khnc9+7mqr0P84qj=_XYe9XjSY3d>4S@MBKHUV`?*%39DJPG~iuPxvxS#eT z$Z=_ZPB$jBTbt0s3II2OcI*IUW!(T{lJ&{m=+TQmynn_c*KDB4-lv3U%QTfHGDY;w z2W_|+{}G5?@alyj%v{*UVeuP#zhJIe%P29gva^JiM|iDFvdBE{p4+T6I*2I2kFpgbCchehw5GGY@2>g(CL24fn!GMaE zBv|2RUiOimgr`Nq-Gi(>`&g=cfQ&`72dOLE1z>v<{u-pBNwi|$fpV^5^RQ5t67J*j z!!KMu+~x}Rd0kd1_EqS?M$T2`YGHiIaV1mbcrn{=vfF!w7+D%=l86KoXeQh{1I99E z*~@AQ?|pN`#M?Njv2m2TpD_@+`Sk;)8!u_#KQ*B1fzd4dDg3#pT#D|O52Kt*HxCJQ zDY~DKAAY*Oh8&mfCv{mx_W*jpIanGfw|D9DVxrG_&rCT8@fz&y^wdP+Km3-Bdql|M zbo5~`SJ(LD+bcX>#(pBg4PK;!Q;@#3@IR#OW;5RPVB*6HF@C%SZwBxmkgHL-ZVK{o zE)nIq7_QeDd2?A;S=y*cR+SC1*#x7o`?d|(q6c02lQkqNgRR*?{QqHB# zn^RJnOYv3y+3`yUTs}!@F2&b)T;;ZdZfQLKgxZz>(tS{qZ8#I z!|t9vT|^hNL~+$0q8CLrv#6achQTMi6~Z~vpM8(vxc>ov|BSyk@%KOR_cH!Ob__Sy zVG^lQKw5i;^FvjvJ@Q)@lV_Hw6#`GZU#1-EVITx71r`tuLup+S?--~y(OkK}P+DLo zU>rjRRw*!?2-fw=sLa4BbUme!5sa&_fmI9aJT0k8^ii&GK|ANm7zt8X+U&qUstBPU z{0hPQGfk{%tiv;@k}5TQ6&_6Lt-Igs;Sz*A_6O?3V}_g8mdt+ z^vCbtShSWZb-f5hOuag(S4mX@DvD9ez+xI!D=-W1i%l}PDEexsPQxbCc+YRThD}AQR(NgBqj?5a59xZag*2b$pCX4zS`O#Zxl#{hz`qzIf;J%mmcs&CU|>cL z=$S3wLR#p970Y1}Ez+UQ3 zl5B9)&+GH)d>?F95$poGK*LspzS%yVx9CE;(7@&b>K_jm(M6}opcUm{u5AkXoq42b<@ES$HqARl_#(ScETe+q9^S+6=6o&h^RGg7u!Tjit+dq#TT}$wM%#R_#YHf@pR8er18;W3iXpe!_(|JDFEUf2T zb&4FOiW~xTHC-+BPzF3(hL{DoKmt5_xrVMWuwpp`=vung2fM&0Ba5!1>on{dSk_`W z?4`Xv*o8$h+DH3*u#1XdafIb}eXc@yTc! zIpi3g)nJ6P?oQLX+fV&c4`tx*+I+N^(Etq?SPe$FXO}Fz={=}n1K{%lcyUkeNlN-) z3yWaa)Ac^sBK96Sma=F+?f1bJ7r|1L(y)Gv_H91;EWGnQTRQYAN9mwf z#e=mpU1+x`Lz(afP=zuYhDcGvhH1D2hDcGvZlD`VV2BhoEKAuE7@`*q%TcZb29K&? zdCHf-VC6NeK!p+*ERTkb&`1dkqd~()X|x0escYB)I#2=wS2S#l#!6r_4D3d_u>^LG zhE1Ul&<6~!8^PBAMmB0ntnoqmpwvSdSY3wAGHu>OHyPMcfz39so9Si)W2+mWIRe4${FAm~CLU(yb-1c?R|&`cMgMzJc9Fx0S%oHLwrUhf81!4D2KHkrLQK z4XdWx>2||2rJsuk92K5@ls+o;P)6(LV$g(xA2J}SY4j~H3M?5)Vq&9q35^vdN8Rs311JmPwHXK2Ud>jVFoL()%eE2 zCk0jon3`{{00i$A+B91@S$DPYbLTkTQX- zGO*9kX9UJkx9V>-TIBB=RN{*SpVc(nSAu6b-f;dL!(cZnbek?NL41wi^8&-n9Cl9T z#k#+8d`aK|fyDq@<-$NUf2-y}dQkWGNgwTB1}s1i(L+-25XveVcrD?6fjvwQ>w5Ql ze37p?@Y~K`(6CQ=e336a1n4jw*04`|e37p`@Y~Q|)UeNZd=Xv;@nwfcm}mGErqx2j zdQG22kI_1y7ucCx5p9xO|nK)VMt1!{rfyJx*VfHp}S=j|QRL zLe5hf_DKzcehMr|Ptwz7tgIJ2*AOfk+6>Uw=o!(ory+$6!ZRK#YFYUy`ntyD86WJc zLc`Pa>^L+$EqFdd&*^&4`e=AuU|**r8qa4>q2XEjvcMh#ud&XE|6JX*=sEg^u?1@c zwwz#j1(zfAqVBH(dhf3npl{G$OPj3M=eaQXl1q@jNso_11AjNfqUY(G8qdc)JW+#T zFVOS4zsG&_QSdSPoM04YjqYga?l=@#@M8)*^y`;@NHq`r3)1Jl6>A973*U-0meKPs zRX5D0hmp>uFCn$*S)?s=Bx@`QP)dHUOhxt zeTVCQ@w;62@OPIt)X{_AUEWwjPyF!pm#5Qwq%&y6u_J%~8r}7B;MHSv_dm?P;Kvkw zWB$wEr%69K^1psc;h+5NFTYPu{&eAnACdFZ$KH624*m2Sul$5A`nUAP_4Jq(Mw^y( zDd?>YT-pMS4mMdK`e^V{q;~{IkbW%q0Ma{yN0EL!%+O4jp~GQ@-VkPJHq6jm_-9D- zqOi`SI-^#gjpiV|jOIqIvbU%yYK3cPS=6drLFAYxgQX3_r!I>A+N2x)|v`YK;X0%V{^#71WJ%CG{X( zMVH0OCas`7u`=L)Wvm?Yf;ObhbV;lVv-izN&!v`FRbT;KgLENX8=DG#UXOGt?MFI? z29eICWNe95OR3nM^ehd<{ut<>zSw){@lvGcQ5@+;>W#fuwvw(xx}NqT-9Y=0w$rZI zpMY)uq)=cn?OgZ?dl5z2YE~?ur;s+#eO((5UrOcuFE|7Afx+i~K17oTU;N>ZiIQ!Z zK8jucwI9VPc*BdyJXL4E{L2(o<)8b}cj@-R(f|G$-E-p;Kgm$pjo*CbJ5+yDE6Rs% z`s(rj!QZh6{T*F^xo-eEf)%#5j+Win7x=BWsxPA$sxRN);2V1mq$Qb$gsQA9??PJH97k z%E9iP{1e*K-xZPAMByxXrkuhVc~z<|uPyp6Q*OOv0_RC;N5jR1arWb4%1u}0*d;Q4 ze%hEX-0z=|y8SW_czaa1TjljJU-Ge8ihayUcy{-RP+tx!Ojb3J5@wxJ&fv`D7a}jH z+v7eskLy~#K6vku{RDrbiMLakHohV%uc$rFvwZU9HC)x6+QZN5ZMV)$bGxqWax@(iyQ;WuA?oZUPuVVH7^ zyN$nKjhAQ2fsRJNct4IW&iA(m+@M3~SL-h0Wb{wBr|@I_W8JlAqmF~{H9+KHU(PpX z&=T@QCox-a&&?>^b@i0{P<5gAzPhWC&(R!4lKgQw)gJPESWEnXts0q(2;Ufs&*kc{qg4Id-VjXq`EySty zNausk79yD`NH;<@7GUQhZRc@pO~sypWi>)~Eo%vEzEwF5Hs7jjzcp7yzIfzI@*pGRx|*%>Sl4}*lnd#7b)7GHRutbuLbFg^q^fSv zUoPP0y~QO!C$6B%v!W`GZ6-*O_5%L8Wo}(Aps(;adFA8eRg9CT?Gux6y<5%D9Y2i zQIzM?4d%4q?30nnGcxk^>)LWZE=D(mBkthRIxcdnM7W`Z|`c@!J%Q71@s1JCH>aeZ5@{W+Ksp)oy>|jr=t87Z=^~`lXcN-um<_&% zKy0}!BMi*0C3Ui57BCKM+r6s;9`+3uG)pjul*3J6A)|mrq(>z@?RejgmU`Q`+^Ltq zID+8o`^9j9@tQ1Ob>qMo!hhq{gOL{4c=g<`L+fbEZMg`Sn47Ea0^{=B-*_qSKv=LzA*5gx3jLUfScwWpGk6sz+@=IAz7j`NgAJiIA zI!d_>Ze_AiI7PzNV^D_xa&WdMI2n2vsGBSiA1)#w0%er_@|Eg=ZEY`~jzqEE>QZeCOxzY$& z?{Qz7C$vMM>zWDe!Za>@S+vM{jkAtU=y(04FN{mlnruT`9tzTlVGHBIcLv(T4X-6ld5GBKA=UT#b&>o611o3AguI&0Yz(GR!j>q}<1@Gk9Vp)YNu ztiiL;myWBgLua8cnT3Og&rEDzm?2AuKT*A?c0Jv2RbF;9CZtneUuV(whR>qy4WC8Z z8$OG+H+&XtZ`f7DvtWC}XVLbC&!X)OpC#MNHp(5!6Jj!?QO|Cez7|YWZ@#|V&dx%7 zi1k@@orU<&I*T@n^+T=+jt}V~wZ0*JE#(z3-S7K)Q@TMnt425T4e#q!1SV`9fJc|C zeW5Q|=MPL=Ul#TIcnH$Mde4Q)eE%-tAvDlB$s#(+4Pz|pZ6*HoK3>unx+z_cny~ea zQ~H{~^^H^dn#lDHd~iXo&Ho?taAMZJXanz|dAf1(_iBW_kLqWd5StJ1NZN zC(GI0`f@HmQ%>+skrTXA zA+m9TH$?Mrf;U9-ae_BQ=i&r!h!)@kZ-^FFF>aBXKpEb=s2L2sPHQ*w{zhPPD?C)+taJnu7Nx2x-t%XXm!oJGRoCcjg``$-kx6uujP zy`u<54EB4mvor~NPrQdTmCxYfeA78N#WV}PaSl#4**HlzALpMI;C#~}oOo-%iL@oO z6z8ax;Y`zVNMa?<8?DCaq_x;@T94C6=V9mRe4Hq~5bx4%qRn`Nt`%>?wd17KR=jQ2 zfwM>#(opg?xbCGDNa6hQx9E6m(vw=B|eIC72ZF*2JaGHM|)`>#i^GP)Q7j~ z`tcs!ASLN~yx*3>yJ~65&@kOVS;|qK3N%8a_&0aQ=tjI5^+CD`p8gg(NVn35=r){V z`3TOu@b)3n6o?d{4AHgYm!kb8V z+X>uXz>?U}vV99S;M<-4IR4Ek1n6IX@J_3E#0ZmB1Es zcxwh9L&~11RJel6;A3>o=}VQ@x@GK6eBtT9cqOaCtp$9|?@Xjqby-g`pE^TFXt<`b zTYued<#^plUZhMu$aY#d18U_g{~3!=ot*SPbD1d1OFoO5NuRD{EQHh9XC{j#RkjT} z_)H)ErH9is1KYDh{>7@(7672Wye);VVwL{O*hN+5SGVGW@%A?U7XRtExWZRvRZ(s4 z$3+!wnN%i=59)e(rB7W|tK01!`7ZJ4x}vMRGNGFC4<*$-2>n4|bovp?k`&h-cGhARNs<7HQ8U@J~_5*V7W?cldNgccC|b<{|bCGrmqM zic^WPz5>sJlf7CsS$j4IT1g##-EjgGa2D+`1cD&{<96p%6aH7 zZ3CV$0Lz5$BmY@gk6#GKsVa8G@lnxaIx~KWe?NCB1c$R-oSUelQ7aG{Uv-RRDwzu{m zpJO80($m_7+m-68R_iWMU#nV|Qs1gtH==qz_!ZUT!537I2mh<;>ENrXt%HA3?c7>* a@=x!*`^R_Qe(Sft`~AQE;s5;G|NVb;weoxb literal 0 HcmV?d00001 diff --git a/Documentation/APIStrategy.cwk b/Documentation/APIStrategy.cwk new file mode 100644 index 0000000000000000000000000000000000000000..9d51582f93611551a09be747b0c517672f93e6ff GIT binary patch literal 20278 zcmcg!X>c6Jb^d1d#<|P;fXE>TfFKEi;31KsB#Jmlf+7JPAVuBc5?ByRE_R{a1xd)d zPfDUBN}`k>juZcIOnn!HF7w3FNv${6H{;D-wcI@RY59?@Z5h<*WJkq#B2AY^7%1q z|4_>69LuKrOORX{r$`1NIsqM+2Xoi%o+X0#4;u53D8}QRzxs_I``zxw*EA#rofI1> zzw>0CH=8fMck$oMkIZd>?V;wtC*o-@s&pD)nt?z-avIBO#S*-7k3&(+H_o`Xzx`qn zpzIN(l?^DhSR~7|i>Gi}$Nlo^$4qjhXM1 zc*b8bUaFkb$_u|}ajvKHTzTPV(yr8DzC*no+c;;9RbKdqpUY+Ce{4KksnhhyK-|7! zeRy^2zk6YZu{v-&z8KgUXh5*5Z|i=#MF81422HZXz9pe4*RGw;PQ>g($gQMC0 zVmg;iX41tmD_yV#(u0HP{?Sa)%H^$ewm+9Wp30`Fr&Y|AlqOp~)nCkvS)&E1c2T-N zsU8i*3hycxJdm@pxuP|c9?*Ols*x#^KA6u9tCB{kaI18wW7bGMcU&?hGsRRs%L=ww z!?}FQ^5}IUIaUzmn2RoHwc5+;t-P1aC_dIGGde(13?}>2taDl}S<~F%Vltg|sxq1# zNaZtQa;s{UJA9P26^~oP$!vOLG($}aEmSr)dSpm+rfi34I5|f3hQ%$6jNC|yVWTW8 zN*5SJ=`4$CP7VxEyjb4Kk7lR_tB^Y^u1YNzL+1)~&*3p;kTORyL@atyiD49-l&aIG zBO{q~zmg@6Or0E|&MZTlCTR_)PZmdMJBDIefhuYo|5^RXOs3FkIe|rMrH@D`r^>Sx zl)J4$j$o1jLXP9fg4pP2E-&#!Nd*5>})%%Ci`2o8emMz)SEH=-$N>fei1nZrWqSK726WQ@f zOQ(<pS>%HQe=))333?%G+>F)(mhjbbV*hLAwXok-6Dx5zDUnXQXj!UfXjZL!AjMXhNe!%K%PHn_nN0F< zhOJ|eJsksCY{IZhGNh9k24V6znT12lWp_k9xdGL->>l=TVXRP04eR(jLXGnb^)cy= z#c!;&IFlZy?$UO}_qKMWaALcVPISEKl^*%jU8C$78HkrkLC8OLRzW*wvs)W?Z`aZN7Eo|qj^VbraQgrE-GRI;BPj)YR-^|I33AZJYR zX(P`i=_FV@8wvaRL8<&mJ~c>_hy`;J40hk1WJ8tcbmg-xcDj{nt(FHX$ISK^x0ly4 zYA79s@mlHT5?5+m=g(?$>#@m0T0$$wr@|&KSwk2$0zo?l2$rIwt0$7y5P4t z7AhUaEruR6s5CM{DNAN&hQKib4`LOB%t6mi@PhCzr zxqN3wMwxV}i&IPTPgED%2A8caqE%PlfgYZk<=S&hIxFh#>fJ#;>fX2i=3T(`|77Qi zzlJ|hbAmc_!4QnTye-K2>IZ7R%DXfC8{la3UH<)~^1@p@fAABJO#8A%%^3`ss<9bp7? zz7Rq#7Ss8H8Ve)rV$@gtvpr=Xf{3jPdBZ9)0|={pCgn#tUKh=lGI!et9#1PZ< zi+V5_@0uKgSB%f6%B(^qDub+-vROpQ3qnfeV4q{{D#^zyM_!bOjOY!Hu&cGa3Xi-h zh1H-&V^tbsK2>G_wWxLFg_OKjNU2h09B~_Ct~TDQT4^kSgqyEQE(VyTPGB@tguyB<-xQcU@5E>tsYGK0ZSCN8mm2+-w$nQ)7Uc1!AwS4$wzCj#>M8c z7G7*E)@p1yqqkPquTjZchjlJi?uYeQKh6&`wI8m;l`0>3*fwNd@8}ZYbNMP4TR=^e zJ$1ef*xKo6Y{!Dbv8!xZ1_)SbHzF37b4v%!gfrYdlzm54#rEdaz0# zb{($sU{yYBGd64NN=C^-pRKRQ^&YIwhi$$}%VU1iV=@{pS zS=yeR=v4X0!(4OO3Y;<{e0q1eSc0C9x>x{PvDJgk_h1ILVVlOf7|jd#>~hL9upQf7 zEJ3v7TSL|=J(%Uow*xyo*b*Oh18(qO^*(GTc6zX-K5Q3uX{?hitAS6xlAb;2@nDTU ztQWl++sc;G*ai2>F1Gw8*!rtYxTwMK^*j8t9{r_ zxXFXH`LLUDvjr0Wk34Ke*Lmt5!Z93ku?RMM`XvJyWHfe+{f@<_cqs;lG3>#X_^>Rp z9;{xT9&YUBkn>OyK zhB4wbb~o-W!{}L!eFmQ?!&q~T-Gh6|u=y@_FYYbF7P#1bxUURbsIl3&ANRYqZlYaH zj&fP58f!d&2UI@tuxAzQ3b)J$@t})I&uU_ki#>#gTx_|*7Q5KPc-X~OD9m!PNAO4) zw#3CA#iM0dy^B4D$I7s!F7`McFT)yK>=aIwVT~^K1fD3vnlx64C-J0fGdn()f!0^*L}LW;Vqb-`{`@nLHw1< z=EbOf<>fa{W6vuupFfQ|zPY+Nftv5U{n|V<{X%eG9YR zt$*#?nDgGt|N1_{?>BCI1L^nwn^DAbm7eLHby1 zHR;(-~RI1&#myaBh6?!>L}P^=kO z#X}X_u{Iu~J}cs5#@}H}d@T4`Y>vMf|S@sFra9cdkw$3HSUurdBotN|NH z*Wv2;r?>%~@lTD-m>>VNax3=6FNQYb&V&)1i7QEehGhwpWAtN*0LM_>q^;ONx*9i- zwqYmfHuRDn!nQ=fT#Xw^+i;L{4Q?V`i<=Xn8Ev>d5u*OLB_bS8ZYOQU?nDJgLtUgx zu{BX)HsBCxBa(?Zv}cxd4sxW6kRe@+;lv7~1|x|l@z=O3@oTdiLy1o*@c`-7NRe*B zVB*uz8XP9wfPT`A7$EJ!{={#n?a>)Qa~b*?pSPNj=&WjM#&f$ieSR+@gI`GElF^1U2F zcmM6{-@v?kJIEir_s_rgeLg1BjooZzacc98pCr$12 zDrfDEYq?z6`k1XAF|K0ier7JyWY>jJVbBjUua`seaAj8QD3SgK*r3wo-LkW4hzImK ztnN|3sPG+1zT}<5@_x*-;VG}4X+L0^IZi*yr7m1~()H51c=%jh=21n>Co)85%7D{{ ziVR6}WP~YC?YWQ|Rk-zF+$h_?=K0=xmu$co^w~;mAcx3n;GdIM(wXMkpo#Z#cy)HtIQ)0{=8(tYU!ba# z=JK%~a&5=GeeINI%N5^9-1DqsjW%JMVI)`>~{W+5-0i z5m&LR_=qwl?KD&Ki7s|tzg%g*9}|=I3;YW>uHxB!=JMLE+e}8O>=0Q_x<+|+J!2VM znP9X(Vls!p*iVqwvj;V>PVG?I#B~#c^B0R$RwoQY`ccDJ&gXz(tl+we5#tkqbh&68 zTfrxlX;hNiG^#n%H`&K>70;++c>&I!S`jd0RWHbXeii91)+xyOViiJ0j7=@XTtQNc znuZLnvLS5nnTQBcMqX$iI&nSo+dbjdU3^#aiywhwG}gpeEYyh=+v4;*Q~hbK=gG}O z`C+J?8dJ1G|=`_c5(IlP{okHy?K1e%50IR5c5i`sjZKqvnP!^ z{N#0|wsSMS=j9`0#808XG|k6^Gg2lI|5Jmj0*kqynBJp&QjXk7Lx_@w5hIPDf;5Us z(ip1Z((g2oR-%!#2DPNMi1T$*9MzSp2b48y){@AKOb1fdB=y8KASX(2x$y+Nvjc#e`r>7KJp3W2IHRuDv?mL zjLoEcTSywkV$v8a(h4jgtwcR(6_%3LqKPyva}$=+N?L=}q_t=xjbly13{+!1X$@yF z?4WQBsfl@{d{dbSnPIFTjbLqJ1%8Bf&M8i#Bk?gUd|l#Wmbr?w7A>SRaV_a=tRtO+ zjihsNHR(KT;*2APm6mEbG~Ibf_Z&W55*~n; z3KM=Qb0SP^A=pG^8aj1iT~rRnr0-Dj#M3OZb|OsPOB0(gpS;f&T_(yW;}%1l+m*^G1Gy9@`DDSQhYQ16LrXR@UP$q^xy6{R38D0?Hm z%@__dh4157k192?VteEqg-Z${jtWDDp~l9uZbX~1NJb)Z-+^76g@@S zUq%7bAWg|)`!YV2YHgX)x+z(=O{oaCa3#wyI3IPpjs_RJ%oo~*+Fx5Z=@9{@8FfWp zK7n?<&}6(RWu9|oT|Nn=l9VitHS9Q?23fS1aZ!v$S!zzKhf{KQ84qp40po2c^qej^ zY6hmxUt6>g_f$1?vMl2r5pzz*h72|?|DkPICTl7z==QyA%d%vkj;U?Ss^5?Y%(Tej zGf*CbQ+wF{GNVS&l{LjSRI>CqkGnXg=rD1Yg7Ps5rDIZ~#lUTSvECt24t$kLsZF*FUb^cdba zJq@z-j~$IKO|2}>#^HqFR7vv2hAV3t`d<5|&8*cl^u6I}?0du0*!PB~vF{B}W8WKg z0&yDp-taW`z2Rx>d&ASz_evk-45Ox_k8)*ALm#ES0w9%|hCa%9SHc~JQ*@NZ0LC=- zQ4$~OnBwsvHrs0sO4drQaX5Xx7Jqq8whhr?m$t<%bPCr}?(@jvFJz)qvTnmR%wJll z+PN#6Uze5m$k&^VA0qrpz4232eM4yFH=4NO68*=);1AR)r<(RM#lRM>8dTsI`B&L% zGU~0=GPU!oInc&>1l9hp#nL3pP6bWBS7DNMggay&a9brK2Qyg{i{J)Wj1&1Jg|rSeCy7I0KPxx&@IB%U3sG}zgw$jO!7SpSA1u1O<2};=kWdg zJnsEiz&H4He8<0t@AfV3(~x)n4csZv#JvH{+$*qx@7`PZroNRj+xRACE#Kp>=l<}k zxF2XEe-PpnXU_1GazX!e8jXl`QH~oG5 z(#8SqnLmh|a5H~9dn<0^w>a+LPVz(C6@D1~7(j~OjX8oL?vFmo9nl#KBa0kHxa&C2 z9mGY9;y6z5doE+R8=t{FxEJ?vkLv??5D(#DzUO@ukKu8g!V}!Z`4r#9JdJ1YEY9$o z7|-DaoW+ZHi2-p2mWsLtv0!g|&sM(B>PihJ`2h&pa{GD=Ya;`{?!@~~&45Us@#90~c7|rnK?-OB8 zT5V{5x|q3yATq{def;(UKki_yak7m&CqjFzCaZm1x;J5l+QI2f8Gk)f?e83)?oF8` z{^I8?L?v&!_j-1a`|~bcEzF5^4yF2!WzvPoO*A*$J34&$(*Bwk>C7Yxh4QZ@dDTHv zWk+T-Wo^$V$0oJndJhkG#!Ps0L_2etT%O-Rm=IQpdn(p-S^L!w-zRn09VMR0L?K<# z-rt`a%@+Cng~_DlBi+gT@nn8rG6tsKAKH~VlDve%r`}HpAqqg<#?_u9<#=29P<0<*lgqQdKam{y=;qCI#ir=*WHFFRCzGd)9 zWU@yYzJz6ed!@LoAi5{XkJ6;Gx!=w`F~=O3kiw2oPVe_G{^rw9e*N)B SAO8Fo|M_3P{O@1=&;J5!p|vCc literal 0 HcmV?d00001 diff --git a/Documentation/AccessControlArchitecture.cwk b/Documentation/AccessControlArchitecture.cwk new file mode 100644 index 0000000000000000000000000000000000000000..149d784c901f8a6d7643072d19fd4c9cca7f7bac GIT binary patch literal 60734 zcmchg37lM4b*FDtx4K(POD$WLC2uOrlHHP}mb}~Ys>QZsOSUY@3)p~4-PP){yStjM zZpktR%MLIQ-4feD!~#1O#q{m;4YzE`D| zz!{_`^{ZERzh}GWoO|x8S=}EEn{M88^DI8oRVpw0rwM)QSW+GeTl0VAFP2X$g~0#z zi=;CD0yV#&iec7MPg$8#Nu{^)*TbKl)p{SFp-lOfi`+*-n6I?M@>&Z1r@zqS-3u69 zm{($a8cn>)%f8)jBem}xPnDEuGl~V2sl>JZLFzO4JHc|htRbrs=7u>hd@9a8R^_8_ z!Oq&`T*q4D})o~5VKgWQIL#uUP)uq2eX-@M~Y<+NS^b8j5=-+W|OYu6`^T z8(8>e*WRA6wDekgtau9dmJ%t|AI=ED;L!<`OTmUklhp7^<>jR>8pcYYv#sW0Yk3ZL z{bg6F^z!Vn_*oteVc9jLtfS#lc%*!v=XTs*EalH#f1jm6!k}bQh-2?ph39idO!`~Oe1F_SSL%8ROaAx>GsV6J~I#2NTM*hCZ z-$RlM|F}Y}mL4xZSYH0`OTyXZE1`7JO1kDWJohb+hjYs}hYO*y4$aB0lQ(w~Zw=Q_uQ#Wf%RUuzuLx_(FNxh5 zz3F+&#h&|cC9Eyq9Zq3H3qn^c6>gb~b$5o9<+b5r`s@qcS?-;8dF~It&y4Q0x+j_( zv;zD0#<~}Vh2e*>&g`u2tey7c-&asq*A}Pf(#i4jkNvYe9zXxtKRYgSDGJVv13DfG zXE3hNIVXO;H-3K2KWE+IpIujZy{_B5UibO_+4D*NoD=(<+w0}#p5f_p{{_r*&Hagg zpFiQBeV_Hug`fBQg^&C96MN(5xBPR_r~UJ!FZ<`>Z~Nzx0smb39`A4IANluFKJTBW ze#P58_51$)^tJwZ#y|Myvb#Nh*&F?P<=_1C%y0PTiayU@vCO}(e4qETGQ#zoIi7w_ z9N(&Wp1*3br?0-!KiAChcGfKQ?*lP^UB7={_cG64_lEfW@4|aT2kX8OKmR#?{?tF$ zFZA;3PYv%DT+i!_pRe-I^AC9b`7iPB7cPpQ-|_T|I{f>^|J}b|{15*9(%1X=FMX$v zW5aX(^NK$Iyz+&ff931q_pdu$T=^aUyy~j>8R_b(kH+txjh_)8SN*{2U;WSC|1~}S z{hIg0&;Rb_ulb&TZrmI{Bi(F#wZmcK6aKmBjQDAihb8haeVm*A*4x{BeL((%u=!y8 zjBws^vFC4jfw#ZqfB5IMr^L_u;^&VXKG!|w?Oqq@Wb5f(f7=Ir9@`?_ZNJ*ncTD@| zO&{~mofmnzoj3dUU2pLAcKsLszWcrYx#wc+AgUw$0(A zn%`}2@^Rk&T`zz8kNx`{AMj8WEPmb|KR@I7&+hc^&#uSMFZk!)GdzFqXMEm!|I)u#U+?`?KkVQ4J>Z{% zFY3=tQs9jP7GkCcAGtbF_@bQRLI2FLlHP=NUf zUn``4J1>9YKjiJ4_>DaMq<_uJFD|ry@|W}UlfRyqKlxjQ^zY~COWv8czvNwcI%`^j zC+k|8*C{*m@~7NVNdH_R{ZI0A*1!ZG*1^=y88`AA;c$lNGs1J({=A)KBZc(4d5-vE zy-ejRFXlP6Qz_u(OpQOLpZUSO{8{i$MxSSG%F|hEQ~Rv9sr{9rfyiqs)n*(gYjJ`P z>v5i*!5?~CDVWFd=d9*Aj^~^U3hA%U$8*ka=IN~EseRV-)Xu6UJgXhrUsWlje>0{- zx2yh7p1%5}dHbthR!A3*$97h~DNjFFV~FEC_Z@}w?-kO2n5Uy#B)Fkpq;amfB9>>I zYqk{9KUPTp!#sW6i}G=<6HX)C&`nbN=qGvl-^J(mg@8Vi%Ak|@_&-Q`CI{Zj^QxHs zexBFHx}={EJ==UqKmYbZ`T?FJy`jf=zbdcs2tKrb{;Trz3xo@$)6NBF71B4yd3}KN z3=Xt&;ddw#+eaTtZC(`Z|3I0Gz+KknMX$`;yy$ld>7UBe(Wg?I=v1lAi+_-pLC2zu z%Y5`KF9Xe7`uWK9r|#xH`52t~X?Jq@4|KE2Oh7WH?2S zOJhKn%hNM?#kzCVwmcm@&dVshAWzWaQeAYpGj+ zA}^0_=jEX*^t$|cUtR|NE{z`@FZG3zw$3?{UH%WLy=^wTt7 zbktOS*MH?X&Ucq!5@p4%ujb?5_1Aei`mC3M2KIb5miZl?KUYZqQ=TI~qUWYI(REYZ zTX*xUexaXRYlZa5Li+Oy=^1U)?`CE0f_(g9{V?cLK>FCdC4Cu}& z9sN0_KQp5@+PU+}I7ej8omb`M(Wg`U=+vp5JNNRec_Gv8yswb{l0rK#&C~A^-KspY z?ye6M(!Uj-neVg2vk_L$`g9@vGkJOR^i<~AbMi9i?Rk2mkY3=CXaBD}{W)v$^3ORh zPeDUThm$?r;oTm?EdL6JD z%J>=_VMC;Tu_IEy`-O{0hu9M-9h)MhV^?@OJdSOV(y=d6IyOd1$IeLU=4iqb_VHn8vKg&fi>%}u0G3eA0M{d4F@cLq5Od5_I&(o$Vpu%$P-u|ZG%5Fg^bj7qU8(! zMf|d-fPB%l$nx9AkKKCbODz8+Fm!nT&`#+F<#)Uf-|KJav*VRKeIJCMUwVqCuZJ-E zypBKP=?6&mCp+=ZetU@NK3Ue@%xf9=k2=}918D!-hk2hhD< z!G6NBZ*M^ZdVR-jq}>t1<^QYWi#$z*aP=Q`e1Y6Otn;tv_%@^3%E~+5@u#Hi4dKQM zJ3dX?<00Jie>?t-8kF1hPaQkSy%dRmX~*@XeJzA%ys%>{};cv=#|$kL8Sc%r?I_iY<**7uK0RW=R|)|$=A=EnHc zWMj0ladL2^K2;l>nx3rn_TSp9kMFN++`PS68E#BguA3gORL6%ZJ0}~%^{G|8dq(Qb z%1~o)daO1+RT-)^2Pfn%CTWu1+gf8V)oHpLpQ;a5r|OjGpK371O6}e$5?5VLJB*S4 z&VsF9$6;)}VciU8D zta_-jFM`SDn9ZRgP*>~Y&B|BTwK#!9ExQ1#&1C`y4F(56(05mnF z;T)`k$=U%Pr@`r=%2<8>WECV)tzmQ7SVU_Ej6@m(P)aRpteIL*Bd#*eeTORJHIZU{ z>QJT0AP$NECToM!lg;{p+CXLJXsz0;ky0J9E)R}0Mm2v?=)M~BVXpN9`Zhf=z^-I< z{GQ4)8q)*48y)e?FC)0D<298-jcK3UFwh5YqxGf%zX2jD&z-I{g}9~>eZAS_`#|p& zqteReN!VnvUX4uPiBpqxk$0ijoJbhv3y$LM4qc20`+)PiCyaIHxA3n^U!+O7jpOW59Q8 zqA{)(*HjLU)Bz5-@{UE(kpoAmFby1?_jsVUX75Iov=&Bd_qKBxHHYi_r@^>@v8FNs zf5LD^2}AYaVR#c70RxpogSU43<{ym`q+dJ z*{DoIfs@TCNf`se+)<`WREAd@MLvov02nm|g_qf%;Ib@~Gq{Ly|mO+ZcbWGCVzQGN5W>*6aZL z;E1v5zS`8m8suiixBGquJWfsw5YT4ywZA7-f)>Na_iw+&MB;u<1!k0vZvbr28I8brTD| zO504qsf`FgApskM_b`lXf{}ns>h?FQ$U@P=#AN+|ojh+Ng`fOi-(`2?j0ljmi3b0+6Wyh;^-q>eE`cm1wNS zl6UAA0b%R_*faA=W8d8ftbxkSVh_zP%^qk?k2^@#SPt8Iq2tfCBf7@LSj@IQT-T`f ziT*g$Ig`Xj(> z-o1MV;+KMgpfn!lh;A_67+)($I-wgOB^VxsLu@LM@Z&rNS>`8g`jy=-j(0~U8m%5O zA%>VgPzO={nZh|#8HE@pR~cMceM|(K0Fy2SS7@DJe(M19RCNr{WowiaMghM$4Ww-B zuBsHd*yNe5N-QF+f=#^SGIVV=C9ejQ71lJY0?EliNYx;}d&er|Z&TZ*Q9*Wf zrCA#tW{sOP93WSkjq&O}#HW}$(~71VYfSl`MCD_tk7UchztoiQ)O4L-o%^Gn?(9qF zOaVrkM4{ctz#DpQ8U7eLog~XhZ8Y(=fyF3bvLO|jW~>c(TIa$4CsiU7evsZg`0>40V-2C zC6d~j5iW)&Yc-kx!ef}IEKyPW5u`JqdeBHG#aTYM`5Opm8_r zQ56NUW7T_n1sNP^NJc@e*%%N)ny0Y}$*x6NYi)w9=@vNVl;%Yl;|vshajL z<+%y&4o#ph8W4x-=v7lfwkA?w+(S+$ls6X2L5etJyy#5~H7Dc@f?CJ2)+F2=0X7Ij z2rvW!2olj_&cFket&m9F(aP`(Xnl0w^yod0RSIiaef&UU)U3AA>LfaMb*wRs1tY*| z0dXZ(Bt~aLQicndZUcp^V!A^+CBw{C29=~4LJM(O0184yW5?T60#jyO8)}V&nwk!D zSR2?skT9s_xB$VZ0yNz^N!pcx#>@m+u@c%^sH;*fFeJuUzp>+H*E)c(q_38GFRORkS{iPIrZ| zVphRmFwomNb&U6h&p!u8#v__k`=pg;wyMl#&ovzxYR<_EW?1@J3&l@I=*J7-3^;<} zp~-`^)PHI@4n!iV06Zkw%`#eB6=kG=Mx_x7atUgYSn^zr(>fgJy&Z2Lx`-GIJ}7uS z(g-Mw1Y&fq(o>4X5zoy5TlfmyAkH(2#+J*$?<>2(O^z82Q9NUGB|7tV$jF7FLD;oA z*^*2^N(vIjlxZJ`$%B10BmxbjwS{(t9jhy8tlsi*$-$Wn?Qyfda85?mO{%ncl3c5` z_DwtqD%C+(lcJV=E5fj{%?tpo254pOUttcA z^GKCiU{0s?e5l5B;76;xiW>W)7~d-wXoekwyh9hIRhn93a>#(y0FdU#L%3zQa?(Hr z!HvVJ;|o$J-{WybNGjxqCa!qDY!#6fe&8;Tq_h80Kz)#AZX~;Pwi<=Nepws(Me@)mSJceUq zHmB;4fiNzYCh+9j01=tC5T#g7t`6gPwYD8Jk#;cUI5 z&GI*su02tbyc#{lYtc98#AGdEYrn1Gvbn_Rwj1P<$t`JM>vnjn?j%S~)<#VO5ILF- z1%gDAX81vuG#p#3HH9$9UFyR)BE{j^ZxfbfhZeKS>&YH$UT(IhQK9K_sN!&bUA8Y1 z$z6VeOVLbm4(1YxKOaQu~V;T6dPow5iP03xhCD}E} zC>v}=<#eJtHBwkkXH*~x(s`%>F$n_(7`i#+Ii^5t!Au2#j*2C4N^ zEa%!)T#-Zr>OdPeOfv~fGiI1vi(5VV+>0(wqy4D$rV%5afEzAPwJs(~maD-zl`}a& zuTncH%}k(0!84UeE%|1MEg}X9_8n2kcepCECEMY;5enF0I}1j2YDz|(o0_iT9wz#v z(~4-bsk2Rh(iVBaHGm@0vtoyIbEfKW>QD_Vr;k_ zo}M)M3YrR>oSX*;!x~$T%q;F!PBi2VW9A}^gR(dP0nhtut|#N0w&haWHnFRWqpV7f zC1Vs63CWwOiuSnCUlqTgeL%^fq>|GETV6^Uvz`d~?n!g)o!-BL>ZoR0fAlY;|qzfW+rl`S!eDe+bzyfjkIUqjj$J1kg@81`OUnm#HKJZ zO^^AaE03sS*sKY;;f=kcoJC#IaO1+E(dIp6dJak_o0aGw%J#u(jLr_3;$fO}6xO-5 z?V5W|v7ldWVQR~V?K+uEmk6qC8_|m)*QUKH(>DtorvbSw<`kLi1F42)BS6ExNFKIYxnkXBsY#yy95;iI z=Aei>a@I945yk8$R6|ZToKxoZNSk%cjUoj}2ZU)!W^ObO#t7(%W~27v>4G`LeQF>r z;8@hc=pj{La>mDQ8MzUK0)dK;tTiBB%|?=mN{Px%Sl* zrC~L!+%`o{Xn`=r0fV-6!)&`Y%z8JX(6(%xt;zO5T8pz>!iMWIq_nCjM(v2CsOoPccFNjZ((ZtAXBU?{IM%XU0&jH@4 zPoRy;d?IYH<9l&`t*!5kJGUu@!C2Hc;M(x4v9Y8`^MK;ohwj7h@w35ZUVSDI!I2?d zcsp!wH%(Ie`_3v+3G)yS8qGbvLOh-`!N~@qP!1y*T7giK6Eihxm4dc zsD-(*aU0`X{0OT`A{)`}G~4b#0X%rzi0I@%b<+0IjK(FMGOeCx6AsKR?i^~F8=oHA z*G6FG;~|TfH?$8|qM?R^G3=tXmioptNaHq=1jjf$h)pzQRCL@1!Zv!cZ6WQGXHv(A zXH3#r`%~76t&dx_uiLVz0Iv#Ql0d~LQ-oG($JQz4!wQL?Q}WkBBNMP-*Mb zJIXl78OPiz(fd^F18PE}k3A5Mike;Y=)g9m`Q86gk03}t*?Bj*3*&uF%v?&MU#z#kPtDRRzFz`1vL^k zqymZ13#8~}(@9Je{YH^ojaIX0F_Uyiw-^Yj^)v#bSlgsWCi9sOGnX1QtZh8>yE?Ge za+&c%7U<#Czm1o|D?70)k9qz-@yq!`3?()F5cm_CMItu8&RAA>G0a z;wM^0y){F{oTzw08`^}IB?1fi?yy);ri@vO;6lrZN*C!)?C60HKKN|2Cyj~T93Yvv zRrlK9%UKOmDsz5lm(~<*?I`Egmm?X?P~pO{X&Crx<3*!taMXj`a?y~x1w7=L#Q>RL zjn$`6Yk-pnpO{Rwg#&v~USZfwPR$!L$ijHq={^bvY8BCHF5|UzQ5e=vImp0B2B0Py z6pDOEngUMg-kt8FogPn~pDf9PsMeC+7*-7&yDaPWnR zLjP%%hF2M8CR39Zo`F_zQQ4Lc6y#?CAX~bMO@c&C7JXGlQgR?hj*b-T-dKuSKtT*| zjT%fY{b*=L6&LAetG@NIykM&o zNz7m^pv%ps$u>DvU@C9s#%qT=9K)jMOhvsRg3$-HFnK%%uu~AQnw3|+ZJ|m|FjNW% zu%N<=4Dv=b7>HWZOWKbCr?82DkD8vH*qV5}Ia4vNZM~)|;dm|7fW~0TD=$k0&D}%eJ`!Wi=Z8bhK@Hqngf1GT)6lj20zf*p7L*lUp0kY0br5e};ve zT1{kum#oYxyaGA>3S$n3jHn37k-Z8u81dA|bSqi=f+0&$l90-A$dc7Ir#;@Fg4uUR z1*J`ybI0IlRFKq(9EDifuAjJ$NXp;c-wvqoa1xsuwf^o$scERi4)fHpUy7BTQZ zChzuGAjaCAl6R2?Tat3xIf4{`kTeLhRy?vtq#ya6?xTcNADn;r}R+(>=MZI8psD;^a+W$V#NKbBhfnYi#U-M zVs>EJ;xGg1_q$yiRS7|*K*#j%k^-1yRwFK$n`F})$}HA9Q%6i+Nk%1;mPLWrOPhz; zo|@wPs)T7G7lt@pLp&!zMw41%_tl4RJtQ38nlEz^#c};BW;{(qOJm5Sazrs4li@dy zsC4_^L%^htpy?EX=715z!t}In>YFgKX0v9h_ylbik$^!70A$d(&Q}1!g2rL-Dg9J) z&xyj!j3mbif8_L;`4RAAPg(>C;NyfBhXaA0Q}ik|XTx;aBS5e!$p^@iJ~N1hwN~qx zl43Bb+2I4`VQQ8zkC&1NR1Q(eAdm=`He%|JN90TNN$V4@KxJ#qw^_4q_4no*ZACus}IW`a1%By~}=M^Oq2G8KZ!7G4e8hAIJ3=~wiY ziKRS%!o3@&i)KvY$JvC%ei+KbH8T^XFc8ggRY4sE->wFt#TU-%I1xtO9}MN|RU9WY zmYi~?2+&8%dLut06DhI|U**)xRVT-@Rfj<(UBJW2B?pL{IZ~RR>BFR-}XeZG~l$#z-I)QvYIt?CTJ1V z7Pu$Uz@&tzw&aJinM=;xJw2q58%7NPZ2EDK5gn#PO5<0PsPP72k0r((UgM-HwH=ba z6|*gK$eDg%+cEi>Q+yxeLw0iIu#JTogdV_ZarJEI-5D(ioo$T!|5*|zjk0|bsUu>% zTjk{3mh)pFimm89oe>9l4+>g z*oua2?la=7tsGe~+PbpE0_J;d(1qz)xZ?~3*?+fvnRI5RwVjrMWV@y2e?)Q$u#x~- zmAF_dIR+@EC}4%1co>#Wlv&_-3Q0;kW5u?Tuy?UO9Zc5D7$aPHQbC&b0f0Cwo@x{jGGCKy!0i>bPV(^L%#VlGVR=yNVsZD$xb$v#+}AWm%_^++&v`~sWv3;QjBe3G(5`zYfF+fr)sPlldy_nU+ox- zFiS!52~euYmBJ*LH%)!fDrH-V^jC}sLkp#1Ay%MeGL+R~)w`=^+mLJ9TQZHO5MSo4 zX=+(_?Bk)I4Rb!BNh^%G;*Dqy8oJ5PeLD5*y05T}?~U~&Cjza?@wijrD584t7BPJY zPZcDaqY|`;;JB&p5P|Dxj{_I%eb@|Qb3zYm3+tSZhLI{M3l$~0P9d$8orLGHVcg6D z%A<7lg^W%!3oCOGYG6Ol%+g|_wuSwCMQY-HXf`(V-puCBWaY}rqb`>;NCcz%6rw7# zF&80^*(fV2A9)Ub{&telMo*7Ht@KqeCL|s?I*d?I5JWZyQvz&TK(lD?v>*X|RWh~5 zK+0rXdys1}u6lAI-GkgSo;Gy~txpz<6co8w0EkW=yEr6q`l>dF$=d z?%minHklHprY7N~T{}#SY}em{X!SaV7;{t{ohduHjtKm%{h0^K5Cy;^G_NchEXA<9 zIAA&CZ}%{jn>WLVS8ZoHE(`$7Ls*IfDzGMU$lTOZm44pYGSwI(_Ng(%?hGx#FEAVm zPsZ<9bvQpc+bY+$Q%3Sp3&0AlG8qM7*#t5#kcRDRS~_?aHN}2u@zY}#{^|o+l_r>n zSr|y5u%^xhpm3U!VCG~-b|%oVCil=&J1=a^i3~Sz9spFNz7$~5R@ovf3VaV|6EGHy zHQR_YwcM9224i6t%nk00I$@^VOvCDbimD};G%I&E_DQ0MAOQft6TsKH^E=Xd)>`Wn zRV7gY*y9+QFCvkrom!a5Z133CId zSJ4cllbi9>h9QhB0h3|HJsv35U(NxTijjqP1-&WHCzNEP&4P8>5PLsa+b1)(E zI^n`}|B;4V^wRh)_nqflnKNY5n=eu7M$DSAjhX5RBb3z|(1Q7a-mS=&_9@&9yOamn0JLW>SYicIj6udtzL57rI7*E(-5j~@`WDv& z{cF!adyepSi%L!7TGR_Rv09AYB70?rk(wM}LWHko85=VcMah0zaxR6%y6Pm&rSM9L zebe>PskN|Zq^cYqCL~&r>jr1m7g=@|)|xeIMEj5Vxs#HShf52K{KarbSY0gvi5j14RvdMS=`KY3Jk5c`PIFMVMVtAiczmfrXjm2xwzOkFUZu=q@xlR~fE>Skkj>L6$| z0Q0^HAAB}9lX5~F19fN@Fiht31WsEg*C=dsd@bKxXrn7OYLbp_OSjRCscMm7giIc5 z93t=dw;D!{7&`Wusn(egY&8woFcEsBuZ*(eZ>o1&_ogs8Wo6<|0x{c(Lz?Biv1Q}% znuZ`5H5-RIeWE2W+lg-CS#IwE5t-Zn*$cH`j@T<0txoT^0|=&pHAm{^uFaup!Zq5d zGw6o4C=f`L5r(uuInfSzaEWnV)OrU{yG87xgSKJz?o?E~?QKgd_jM9h2BW9}X1mqL zwRPcd#;@s9;QBy-qj3TxaWeU`!+ljPz?HtjkPMpr{x8Ahv4iDe;eb79H z+APjWR9XO-V%zOZovRqU(2VvKE`*gDM}|f)g%3NPSWF%rB$qS*w_4eOLx!0V!v?$y zfL1jgy36tJdRRtsOr@RLT-$+uhJBmA=rjfc*|9SnxTy1%8|k$uTDh*9ENUVv0MQ<# z;LIMsXuii7C)Wf#Ue0!wTADQcIY0W`3Ty?@*s)!sVbM0Pg5;GMc#X4{_nA=4Wj+fg zf+7;64A6EmiVmO|{gl^5Kcy`{GfxcKvhS43mtu8RC*wrin7sPUzbellH9=2aS6NZc3{t(XlZ z@#t}=T3K+#VGkqlS?q;+)5#c#9kSO^kLgK>5QJ&ri0``G5QCJl2z`!*V~yWR5p8L~ z255%SDXo12J;xW{@zy^>?+o=BE&+D(^8*;vS*L!(tzF@3SK-Bty?bm!R@C4KjjBO`7P^NhvoZxHp4kAS!is-eiM$_hJNS zrb)xmj2VHpwlR!h2LjEB!08nLfEL0&f($DBRlMy`5s$Es?HDxn9k4iKjIGoz@RTwe zUmgkGdDEOLL=z*2*o;AVZd-RV;PNxQ$Zy_0n7*oWIa`S*VN+P*3Qa-g7$Yz`rgsKK z5xqHxFO1y@Wf1A_awMaZEIKj6HiE7WPhD>ZkvVeNY})F)p|VjL*#vR%ATRO1(PuIr zMSYI_BW^+f6ker+Pm)dl8I}~l5)~6Id5R9x`jYW`&a#C715jE%uWOe z0aAqtFt)WkYIDM55u_-;1N#Sz(h=zU8no(fGK=mXh}qz3gziT&g@d@M$Cw-YIm_)W zX39o9VS@U?3rn2;(mdcS?c)fP*-R83Ol(WEne6=)P%26r;Sv@A3PSy*1CmREwDDwt z&eQRNohF-#a@13br^=#kibRFfINQNH8Z!!1yXY)VU+N4ljRE+%{L}QSO$&A~ty4a6 z2|F3Yerna^g1rmV*Q(fw_D6gz%^isa!HVk~m_)Z!5~`X9ad#>YG^AqQ|ecp>d1*P@~z zNz>HpayhpT7xX{6*(|24rBo#9asC=b=Iw^ns4aCI-}ghJb}FEND${b2j=-u;L{Wy6 zyiw7Ji=9HPj0ak@evgnwePALeB>8Fx#w?sMbwJu7ITQ6!nKW-! z3IcTOWqUX9Y0(iDnXcay`?MpAc)e9B1!&7Qv`uK`4tVxQU0clM2E6oO zQ^^4YlZqg+_wkv23x6L~>SSU*g-Rw8cgD8>J?5DsLzL^7i1F{P+{h%Bu9%!Qtjii< zYR|kle!w;J_qw{t&SvhGVf?nK3cU{zEx=ALBf3!wbB|IIvm3I#M0FX5Cp}p< zT9j!rZvE|+$=|Y((P;-#RKij$?==1Uz8`=)T-b;`;+u+|Mki4j{>8f3X1iO+&rE-G zAYr|w_a#O1ImbWRcgFRt)uKDaDZ6Op6=i;;;z&v};Sidqi&p!P*bEoyZRW3wc10HW z(Jus_F`#c8w2V3PIEkeqthLVglA2Z=szfK{t8^#%a>>3;0@UV;+!3aeOADA7(U8^Hi zdYwJ)1vEx{5aT$O();ag!<`o7?(m2r)%R8EOk?kxJamr1W)#!xy*38y*}M2PM>JHZ z8|t~5-#?JOh{MZI=dH>;O*Rviw(R_*o%qbCF5fPKiw(jAYauNC^k1Q+t1CNYdSvgI zmpKU>Wlrj-TJe-2Qbey6Ph!$VevBY8YtF`fH81_bZ!2%YLF`_^6uZS<;KZZFx@wN% z*A&;~Cb}ZAT9461y&dJ=U+L==K@J9;UOJB^gDb_RXThSD({@0a_%w!+9l|dR#eBmk zL3ph7dMX@KZ4-u>J}-r5Sw#c+<3S2Sh_QQ>a}?8B8ur~gYKUB*ab#naX(i~qBqpb=9V_( zFTbG4@l3bO+R4Qdx$KHMxl2jK*v~d!8*(?bx8KSqfZdvReRmAmg}fw=mhBI@H|&%M zB|vy;Ro+WtH?u7+IhECGh9aXXy^x8w3OQUyP)4-j76l>5RH=MCkRG9A%ZOHCv$O3l#*Mt@ZN zZN`~DHM6SKMC)kVU#)O;Wt*+yptWin+`M<%&*slimt)E%DYGKBqT;2CFJK3N?w~T- zwE%p~0^;o@zi4jk>WVgTH3O{-ny0z_r>@T70U#?|%;mv4rNSL?)r{&FH$Y$-@6w_j`51TBxF65?4f@Ad1)fIm7sN)f_U2|%B zn2p42`&P~^4k;kr(HB_)h7C=~AGh#gkUUgt#)JtQy=Y5N5+?Yg?1-KBfTQIC=kVwB zqYd)#Mv25@1)UL z6!ZeK64^#Ge=eNqnjt{Hna!^>7>Yy87Tea~jYHb@W^v(@$O?WyMX1t_$<@7PJYDOX zLH?3z*W}?sEu>YwPYz`v+nC6l(rKY~&WpBj{LKf5O+6JCSbmN}&9X}_p=)p@!D$r$j;RjJO_D`@;7I~cC02{yFTcA%dqU7 ztM+m@A3DyjtMhP%Yh`lkG?AYearF(h(2xs@N_^2ER41due%`@f@x-(ZqB^O|`o=pQ z>`=7;nMp&4*oY43M)esiLVf!ijiK0FjHZfXZ~6-qXxjEZ)9*pqPn^i3lj$khR-AzE zK$0TFe9*?&J6|Ww;y`Vk|FTZrI3SPinZ)&LQ|Pocz)qEEz6Wi4MT8z>sH9Nql!C&t z5dzvxc5mEc(3xIOPun_au}^P1i%m&O4$tIQQl8@TCjR(2zrt1Ghv9yatE76ZRlVAl z-Pa-|!XC@y=i0*3y?W$F|19OD+)Mg7Kz`nz5^dkKD z9M{L}eudrr$4x)Zb4fqF#}Bps9?#|Y{0BVi2OZ0#{~^!zW5zryT^B$6$MrHsVV~WF zqik@jUUQ)(6B3bx)uJN{-6+#*kDTbjb76{CYN~Jq z%>CH|Hlh|VzDh|3MkZ)re3gMwzofYAA3OQ0@HfvYrkjJY>-z;T=J;|jI^g-;IW7m| zBAzlZ@|%EmIfx!AFZAL=C1!xsi5js%s*?xJ_rwCE zdYHpcfYiMzm0v(=etCJBDYJaU%@$Ql4(fU69Fbeu27Gly>ElLE{F2f;0dOr)qeWpXr z0G{V*PKHo^_R_%fyaITxVBqWdTcc9>6~Xh(0(e9Yem#Bg+)ob|Qu%(7elpgiGfUJL zRWRQGhxm`8Z|O89*;;c3>y!L6qaPtL4zLCl!w8kj59u9n&S3_~Y|?ZLGW_7DL1t49 znQwg;QvU&e-&d*pilqK^N@k=kvh(ZdLuNBQ{1cToi*QhGYzJIxzqr%{BFn6AvB-il z%>+FpT4I?1RmmA9c$-FL6V$-O%eNIK_%*uzCVyWiy>R&iAAYDXK@pB$Pk(~9(}Q^V z_HMmc(?q!Rd9)TojVT*aPBNv5g+9G#nHL9-;~Mf^RX2kD#2pGK5IDr4d>dAas23&g zvq|%lwKnPT!le0m(r-P^-xsZ7y2VL9SeUeE!mp=4=>|P~p305x%J$Yb)3Lz0dTp+> z%*QWX(2XeVvSrU>fUDsryu>D%LFs#`jmo3a(H<+vjv0XQR?WbGA;~HVcxwR|pJJGw z!a_2n5QtG5XUET8bVcA^4B?cIH`_&FH8HB92V?{y zcxVRTJ*N2@@c8j!1Kwi=;C+Z`eVo6Ks#JbO;5|?Pp6Jl8rw=^Q>iektxB<_I=0H`u z;fkBV$s@ujN&!>!nUd@q#D;}__$eS+9xbJF!(3>IhCv zdNWI$9uM0+F`ceB4(J@UI=MBo{a*|BW+0NzGeG=Sfyp2)RZQf1YYy?hc@S8wIiC%S>W9tG zj>)1?zkJS8i$Yj$_nB4GKc;pGP5$>O^XEKE^KVsI|COGn$o*G?1qg*Q^w!F$DV;qp zxaQ%f>=d+}GjY{55kv+(+#YV>CpDK{ApL@et!pvn0^vTBvlgl`zeDtYW=%%#Gutfw z^A3LaTe>Zf_vJs|(U3VTTiioK6pN^L3*d86bU1U%0&iwO(|!Tc&?F)gn)Vx-WI-(d z_a6Q#<>hbryh`Plljh$&PRWcka~tF7ljaCUoobCB3<~eBuy+I~U=5}(oE?ZBT|lda zqEgT?&D3|72Rc;raO2A4^pc{mI5cLzLofpr-a+plFkO2APe7rx#Gv5BIs&;&@Hd)6 zKu?iarwYVsHnf%cMTzw?YM1Agf>x4^GZAZPDLoI-+ftOwXhoTP)EV=57C$<8eGkPv z8t(X&IYc5;2Q>OoOAq*!O91Q24bP0=Sb8!=1|`1LXv>v!Bd09h*to`H^9TUIeeLYQ z8zfVsCN86`rjg9d1JT`{?0uzTMYN%z_}E zFB%*-RNSRpf9};j0P8mNB3u|2r1BfRxCVHmovh*fhuktZK5a#Dqty(M<=dTN{Or9U zGr)!UhgnAE3waV;a(BVC= zq$B+|M!4N5NGpdR_1_8<^aLZHjT9i|6r(alf$)n_kb00a;gM*3r$B`m zQ)9H_E*0%2rp<9tQG79HoT4c>*^i;bcfU*jQKY+mV%grjf{s!ii-UzLicF8!D5M9^ns61ZRJejHe5~5?;`i=2=#-^O7mde;;vm5 zvxy5G2E}(PSST40=i#~$iZd|ZIW)S~CcTI!O?tOY+J({^>Go~>y@m9`6(=o9%qE?w zGXEKp+CvY&LGydME7uBRk8Z?$UIyKj3Pw zy&8gbi~VMM^8jzlB1D(X)XecHWZGts=)SO>lj$H*y`)j4*jLx|1}dA-9_742T)_`4 zx$ILDYJnCujvRk9(M@`fh|$kusGj3r!ttS)f3^?X;P~R`jvokH1;()0;iShGKK0a7 z`eS|%cxrYBf}t#vU&XloIu}BGD?PImWszkr-ANJ^RJhDPT_@XpmTd&+@!~j&)jWF% zD-dr->?bSatY5B#Io4t}7xl6(^z(OGVJ`P)wOT&2KH~hdJk2GWC236hu(>!4;#{n> zO6i&fSlVZ<(riNb%&oLa>FR#t%%#gMrBzDToXX6lJ6cMsl&*R2o4IsnOKFwTwP5|s zrDwI2Rw-QzKQVLZu9ng&rEAeOGnejeDXmhv7Jq)`(mgGuRZ7=PlqPu3&PwzA|4C`; zX3Oqdckt1#=fc&uU}tTT9n(GV_vS;G|5@JFEjMlB8M@xR=Na2W*!DxuS@cl&q|w1? zVM{0}4^A8HEOEa^CHR!xvX{R*_}j_fR{pkl?ZSPbacwD-)mr(>%ITaVj&dsVlJ+br zFLeTw{97s~-Yj=AO3N#&r2fT{9ihY9q_xGCLuuueUrDfAXUglbyspp@>p?Rq@8npo z)AFthU7;)GEwsD^5mT!|cj)%9Pmk4+Uj+LxuGZ3n`8A(2tC$cIm`>Q)gP^N@~r;Ezw>Cb6nevn zvCY|ep4D5*db-%#6ojnag<-bkmBNCsH1)T@`kNc2R|%8iv{Y}A)tevY#(E3G=_$|W z-WTRs-a=du%h7Lyzs}(Gx9^1 zhwMfxGvmL$g8x} zyFNUlkauQF-q!HULf-P0ylvsmLf%;|c{hZ+V%~0~@(R|&e4ICiXBF~Rw&ZOO&yIPw z!pUd1w7DZZC*>_=_WAr)65_MBfQNqJD4Z1WaC4|yy}e;?SjE4*UU%3T_NBa~NR2$N zBis@O3wh_VZs&8@6^3HoKE}BQ>6+*54z-lGG^~ZI^SnJ_xR5u{Lc6zy{e`@BEqS+v zkwV`3mb}|Ty^wcaOWqyf?wD6)b{DfkAfPuh>pB*MrUMn8T;W^>Cg}n0%I4XhB z$(T36YSM~_YG@YnE@;8gzA#nDyR;>5FiaQnE^EQxP&iP?+t89%3kPFfgEgiV*2Cf6 znD<=fenkOCC$mR!D8Z~dTyC^`a-`jnaG%vXgwuCTxUw+!S)m@Dm-4!CI^}Yy6z&f9 z$GqnucPgynIo|IH&oAVi*^)OJUQozeuGJ&zQl&5!URcOGt0iwdJP`BlgW@+9=2r@h z@S;NArb6D*FcDtd`GmB4=Ii?4qOio~UJB0*FX_6JS-qHlo(D(Ayvgv=wmhgT<~761 z+VX&A%$o`?Z_A^%m^U3>(U!L~bAT}%sVMOKfETvdH}eV(GHlQ=^8HxueExw39rG2 zp}gg(%@>AWOL^-p@2r&fKzLosJJ0e~q`Vh}Ur%}GTi(i)_u}vyZFy&>yqAR6x8hlw=U&96yDmFw?5_lYWVH8yz^q-+VJY|wq$c< z_83%XxP47{d&;}OY`pFO6_VE(UK`$#Y&^Hs&JR!_c^%=`!aI{acA??#f&dkgH!Hj@ z%=0$+F3Upe?XuYBuZLdQsmS*^lq}lJOTur2`DWiPrti6ycNw+h#hn*k9~MOW78^9n zvo=o+zZv?X9o~h!Qk$2O^PAM06W$O`i1qsNJge6o-WV3ySh~sS%IaBOU-+$XQp}U? zSsZ5v7+sR)ev!?uH^52sR}OCur`Q~pFbCgRm5u&p@=D z2gq9--W}d$<9u6joID4#&-a9P+gRkCNPZMj**XdD4eyO@zPph3Zt`Y__l5VzHs77k z9n5Jg?++iayl#3<_yby^&kuwTTHbQ@nh z7U}w<zcRHxYV&(1^Si|Qlh@|=C|#n~ z@5Zrww2-Gj^D-eOe-QJE{b_Saf#iRf^3oivKLwosewyD2)}MIu!&dJT;S+rZ%VGaF-t+aZgjav#_rLV_;hGI}cqaSQiXb{ydTs*X2vf2iXT?!Vfl+~;;Fcd|>l%`W9mbt!kc z>s#CpbkE^_uzMZ%d%O2=Kh%AQ`+ePS<^H_x&vL)NXHDtS@PeLOO54H>u!j4Ru(q#MIwPFNeSKKY{pN53_nqO!zEXK}sBphEoY_~J^<)_6D|O8a z>-tKw*N02FpBFCUety`%{ep0LU&jfXL#?ml)EmMb+;0re=$kdWKU~;1YtHpyecx=x z)8BWf^oQZ9zC)dF4p;PjrSs}=W#3n3Zw*)X{fP0L!u_;xPT!A8o5IC?KbpNFT*Uo? za7o`!!wq3$-%m?dg_HY!I``UebKg_5t_sguSn516T)_Qb!pep0W`z2}4)oFMxDSNu zxvvXbxvvk~xL+5xbKe`bEbJ(+3wyY)54UnZFWkoc{BZliStqOycP^a8_@B8@KCElG z4}={H=Y-{96Zf;i=7n?0E5ft6uME#wxEOeja$g+AxStX3=DsZ4vv753ei&c)O1QSM z@IT61!|=kN(&KLKmxV#@8^X}SpUyfj?B#w*sB*tF?Bl*A>{|FUMmussXZf6P%Sm%r zFAA?;`MS#4VZr8k>sN%gaL4DlZPoho!pFC7c-t+Zd-xNz{o(l|zxVC2aMH*p|MIIL z)HgSV!ijf(_{-JM@!U_=r^4LH_kL$I%%1waFaJq+aQcz|`IYc%_kHm18)4RcfAFQx zg~iX`METC=zyGnnLOTzgU&ZRU9Ijr3Brk8?x^Wl#0zGLw5 zzGQOgsUItMwx=mxd6t*eB5vhX7mq*B1ij7A>(Z*Fb;R~!J*Abh_T={~T&X?e?NdLa zJ&jMkc@OmT_DDR$wxSWaV6xu0pIF^w8frjMC8tTZ>(HJBFC1n2Ll z?E;)t_isqc>bA^xzMYs!dr_LN7WXV5l4|&5T4A8w{gtG3M7Rj&N>klZ0am`hVYCr_ zv=rj%RUeUF90s0NifJ034o`V|*?vcWM+Gy+GTULVa>Bij*~_)oEde+AA^fs_=gh`F z%IHA5yLo#Wi}sJz9ypKw=n&42Y0MXC(N?!GU-vaL!r8O&gXHCwY1E{-51R}w+sP`_ z75sE*3~Tt)Jaj3Yw1ji@uPcLr%4cb)?5W&h(kuLR%*)eKIp!f)W?}X=rwCKE$Jn4h z`Yq6IqVYm|DJ}NfMICAxP0mPbkxqSXt+bn`@s#)bHg6LUXnau@@;>0zLVJln;4MW) zt}#d?J;X+)`JTwSq0rp(xSwa3y$~7*;aY|3zI_2Zg|@TCeL3EqQn&z0ERnjB`{i(n ze6{dHN$WtVw2F10R9el7QJQ^nSiyZ26jYkM8rYXhvUbX)Uf@|~rC7|pLVF!(O!yT` z+S%x2wYre|R{U+9VLOc1iC3BZg3@gC)K2QM=fHCx_ql*zR%sp-F^lwzxyzoK#hQK+ z_Z8HfRa%QCI;*r!yAkCc=)Q|GmvHZ6{qHI*LfZ|qcHxP>n!a7~U%Op<#&-qTYXEMU z+d@3*vNW(vs^ce1Q=CxYvT~h$g_Mk9`+lNCgo5tgUPrN9IZJy|B_w!c0$6*cK2MWD z%H%AqT&z1QtE&R>>Y5>~dxo^08PYNipbtjvW6n6Vm^RnzYAhO|jX82fOImMM&R`(n zkzi2jvssDR(%e9j`t@?H{d!vLH-n2+j&RA+tW}mDaetO337NsZ)W=#ueRTmJqCbmcOk?g3kCA4FJks1A49&b8cz>&#KX8K02`jkI4J*0N4-2?22z_kV_k~{W3&VVz{`0Y$ zLdOCurhwQzk^921sIL=S@`OGGz4Z6p8-6vM-gj@uYr?7U-g)7Sz9%{^2&XZ>S>Yt^ zJ)xWXZ0xKj(Z{;_o-FrbIsSxxJNtgpF*htUJL@X$-Qg7OJz*L5*`dOHPB@eM+_0Sc zyl@ux1>tP&ec_yiW!f3wK0mDEz96jU-WSeWSnlWz7jmB;E?Ox4_;T*$u!K7i8w+QZ zyTWSj-QoO&tHVEqjaXF=VT=73OkBC}$F#YY`+~5B`-$NS?k8an{Z`NBQ9URYo}tL_6X7RU+Um4Ws*@O8i?G+ir4Yf5%R7VDi6P` zO|9p;{-QPC^0cz+S};SNa`ZP-J?Y`fo2gzYwi$IKO4-#i7TF_(%korSZO)V@SSW9% zHcK&e=CN1}XtL$9{)B1TTrg9f;(ExNv7X|AG?tm_Nq^BLt~5@!Zy=Y?Ebs7n+#e~T zRWH<>=U6Kz+6+&E&O>+MVa_U*OxIrWV{}MGri|*o>(=eEy0>Sttfa9Y^D9CKHT{@(m0_b? z`lBKI@SB|E;Z3BER!%RTD)mwZ`Y zrEqrXD{AEE@GJtBP3*D<8S(&0=z?^w|x?IxNJ_>WHSIhHg(?6|om(fl#wuS)6f)Y~Jm zFDY!l{44VE{L;Uw?MK2>KT7_dUwUV;ueN!09J_fX+Q_DIEO|L>@?NgVIt#~+HY7LP zl}%^IOm0LO#j3*pV|;mE$f(ZL*D;=#^%ZS^u=Q9?uQ0ES&PR_!U)iGa+T+kyhOmzx zhrWEzB!nl9LtkC75A(|%i~b6;&tqc#hDndgSSwj77PqL3<$9EZN5eOG$u zIP_&+9$@&z43AbY!xqwMWEjr|GySD+hpx{qFMTicefDf{d(r1k2kM=lQ;O}%%B@ODDXgXZ#o-$Kk8{I4)H>g> zV|(dqI?iDd8!UQvtwrw+SoH2Xi{4$|q4?bMI@eQX_AE)UMHb0>l11_^wn*NSEs}Rh zmr5?RNZwPrRq{-W=RMWpc~7%=-qS6f_Y8~YU1ssTm7X%u(F=*{?F`F_>g^0?^^A1< zb?70sw==9Dwzo5^B(}FRoK0+RXE=x0-p4vk4E>37g7uc-z6I5jK;1w=SD=Mwqwt;htqg7=_Y{<9i{re^%apjB=$KKU!PJH}2=QLi=nG2n`=p_#Qw}A5pIVrJ#lLBvHPj?|_8Qx0# z{o9E=dK>#;@35V%#Y8nN;cVV1?0lStq&$O2s0xvF%ZY_rLA2D_L`n4%1-Ck!8`cnW zH9(Y=qOQ(od>0b!bTM&BmlET&fgQ0ch(*1Mn51hsVYZ3rq%A~aT^Fv$ce9On;2VjH z+QCWCo5N1dZtmiZM0w{48Gi4EdjpBpAaGfai)a3CBE_j3B~zVN(oKWC_35MCG_2ruGH+DnLXd0BXQ zctv8{Wy;22M=qq=HTla7y4Kiq0nr|6{}g6E{y> z{U`9PJ)zT9Kwhy~<(oF{xR&kyEj4?EKB-5#%5!3w%I@7qD$~)mwN~X7qeseDdS@pQ zzk18uQLb5C*YU%gM{lRAM`d`8TkXgVb@AY#&6uymrL%6SoL$*?#C&C(W^w*UEfP+*QvgRVvt0PHx8ya( zk5qC+C(+tRpH?_~_U4h=;63`)vLiJU&gr^odTig(@zvkGnO70=OS?yGg?HG@-NaA5 zRIZ<_9;zG(idzb06ahQawX0`yW3(~pKZiC`0n+x)xnN6WkNpVNk-7@wd6^@16%NhW zILM0!`5mM2{YU63ytsR7b@Bi|jCG^}q`zj?cHS#{bY1*S-COF_vBvn(+Id^gwPO<_ z)n>hU>&D~JbP=6pP}QI6|0BW_=Qr4 z0O`_?WFPp?Hb5`L-F9#0g_ZTAv&~V*vnZ62OuRMisHKjcN$^(B&MLohR3C2~z2p&d zcWmBuGnqZ{Gc-1h-lXsGGi=(lahJZ^C-K!gHtxES?`Q1Tb>r@|9o-lGg7bu_9XD^f z;r1Py_E1XNO}KW?rtN&(;cuvV#}p_#}{+C(D_ z6cyjY|Es{`A%cQ{5B~ZT6`u?W_*4XOKyW|?Efy3Nl}QE}^8fz!KIhzX)7+aD5%v8^ zKEHeRIcJ}}*Is+Awbx#IpL-wp;l$n7e(|s;oMC?_JDJX#LwQb4=z0d}v;Ff4jMM_$&!&ZoN^=gM-6JxlEEbCYr3}`&!sy0<@@D{p7&C}PuGv>R7yWbB9~s6>G9NxmB<#8t-w}cQxy|%HGYT?%c9s zcTQPZx!c(9Hn+F-G;Jv;C@(F`t8eP;iWL+zY-x?VZgXc-Z+onx$8CHv?U;-wWr_hY%v#8(_D0E)vC*8yDgpFCga+AcZ1v27VY6ed#PJc zFb7gX?MiNpr7j*bt#%=_C)&L^))Rx0&h63e<~YP{i?z{^?zp>sOQ*ZNwXMzVjmJz~ zRjW$fux8zZCX>P zBU)NxZB$y+)Y;zE*#W=ev#GYVNsNNJHm{%JyI9{;pWO*z{Y_fw7LJ&Sr6^6CQ<2ht$(z-K{PC6x$l_Y3>X5v2MZ2jdC~@ybL0(&1=XO;WrTDHcI@XOg zHPJ4&s5=&Io=xMLTj{G_gx<1WT&?Qu?uPwz*ZK~R+wj4cBXP10vP{p4A8}M9V85gV z?T|e1JVFuXgLv5@bFA21Rb5%<#$(;v zxK}K;Y>zdT&@~7c*+Qke(Ox*;-P+R{LpIhLI?&m;+Z{W%x3ybUh-AsH6+RM_)7je% zLnQt@A<3bsv9@?@JFJhDq9b&r<%cU0DAAYQs#RzFsE4i^UgFfXD0v z>)klbMbJa+k-p?(5X$r1daFS+G)(JKqkaVi>tZeH-Ol6=4s2ktyE@u0n}_9V+7j)8 z`nX$OW;9`LxiLkJ(Wb4NyE~yz{4mPvSs7?>UBgqONs=7jTEvn6j^6f0>ZW_PQ%6Er zLsA-QQCMAz5R6N$1Yf3(OeTJIsat8qo-$RbTH^_PF*XL}i?teElTI07MD38Bp6*_( zqx2`t%3?{&w$`Y-c6s%2r$yU(W9VWlY)BZ5Xxy!;uV1}!>GGOY)v!KsQfm0TwiUxd zlRH#~XXT7ULm484DTp#cHPP!y`fq98yEsb(6!&0eQ4{nG3o1q;JpJmF_Nb&Ujzw(5 zq;H>X6*k(`Bh?>~sj>vv*DZ*)G1s!-D&DdK)DwU@4aZJd%00Bt}dxrS7Hq;<4Rj+BdxTip+~CCS*)k2)ID8& z*(@7r$n>n_2t7z|qyI@&MZ06hV9F~9ja^oTxz*Km2?KX*OSG+Jk$R{TeppS3dKNrX zoO-uAMjJXPi|&Z-B?6|;N~<-Pctw@EvNou`8E9KHe1#vAiXEqMfl-*AZKXrIrK=bb zD~?sGHZJ8MBVh5O*)o>lOQymibU}UzBV(sOIP^pr6g9x&+`t#FgIYCG?%hMSmnF5) zc)YWz)i7&2+T+He4ArI^?YO9-!W_XH@P~71m$k7>(m+ca;8W41-LbCA#4bH+$dU^{ zmv&K^IwjV#J;te_lJU%Uo8*kh+bJ(Cck}A~(b|rPr_J>=-8MT!5u-jVqAVoA7e8d6 zIo8tZ_1cL|&GG1QeRvC8jF)aX*>(}FM~p|x+S%G17tc)A0*(3_F$(f{Vqu<)0Evwo zDDSlL;NH4e*TTH8cuTG}$GWk!^|(-&{T7T%PqEt;>(~sRVUOuzD?qEv#ey}RJ+Xy( z#@`HB+u3FPS%!!fqedR5Z5Ps_Xm4AOyUiFd1ggv}lA+ajg~js+yYks?d`o99oz)nl zYUHgup&jT%X+c3fz71Anjj`S%w$50AWrL&MLC@#2RAlnkq0#_^y(% z`0;petb0UOEjPE;MB8Ik^~ON^1bg<{U1)8b#CzkK%GEVUMsMRe%r8bP&bzli<>eJ1 z^R3OA8rim?zp)Vu_w&K2B{7@J_UK5oHY|tMVP!{Ku9oTC&$vx6bmy0xdVI0ETT)H>)m$^mOi@=T7KqNcf5!1Xv6Y0Rm>Sw6( zRTO^)!I86A>`ftg#fQxDCc1h&87*ptI9jP&3eUbZTe_*-SI_ipv06G2eIUy$AkL$oFmFh)l0f+%9GV&vMnI-Va2gUen0Xp*gT&kSiaQd;w3?FL4pdGaOIXe2Ty!WngPJlpFdc5T zE|!8HQ8P+}hOYP}nySi%8`47MGO4L!yj{1n%AGTB{t3nIJiMWzfkh-jq~bc7S*Qu1Bu7bNL9wOo8J)eC zFu&=DSqW7{r?YqS7KSCl35*`{?T!1dig5NiySXY^jStZHcuT zE6}3{60}OwnNLcy$&%RqC@vBUhTT!tR*D z&oWn@CMs^{Me~^tb$50#8^Wy)nv&=qYAeOsbJH|do#2NKLN=FRxo_=)GQ2t{z%{eS zw2czGjc+1{z7lN;6(g1?xYU~!-5;QGcyKZ$Q z4tM3c`kHD@N_u0Z44#aoCY@K8hz$kpN{E54?cSopFcmFOEWj3%w`TpSRj&HNgyKZM zuQ!I<3<{>JJ*(`g4E$NMw!!CqlE(ZK@wR47)!J&GxiDX>C{dA!}iv3(sC`R5cBsv6)7y{824PIixN#`*2h^n8z#owx0h|O zLbIM^3E1cMd-VndCZ@m9HpGT#8Y8xx-Q@X;M`vYQPr?%(L234vjAeHDS7qXqBE@!c zvy~7_?+9%0Gx*fIf4w|-{1{#`eX%4OXPL>aBe8JO6CcJBbHBoiS;w^V9pi%e z>uz0|6Sp!wwl>&p>}}Pq3dVqFu!X|fVVc8q%J@LcnV4&D_2*nM*PlRO`O&QHo!wi_ zB#ub2?0ys`KtVK)?Ajs2E~ESFDNw7?gE5w+X}i%QC=dr(;RLfrDH226aJ6V`7j>Fj zyUAoW3RoA`E5_R)LHR5xY*RDq>}Hd0+)%7fivj~h^>xeH6yt5Bu`4yL1iP7NkjE^? z4XfGbs^R}4m*+!|cgGkIEo+*PO8K(P^Vo!<&`3&)9Ky1HVlqSH}LZLMTBi`jbAtc0%aWYN5iwWzSrY3D&aLu}gLiSr=bEDQ$?LwLDDm9XR zvN3iOsbPj;duQ(ldvT(huou+VPs(i&{A z5asXL!3B<6XHs1gx~)c=Zn#tw69**T5bgI@jw#A=vnVih3L((2ew&v-18PVAFW1hy ze$U%B8ysRC#<(FZ65Zae&D}&)3?DrKFl+N>{z)K`KC!!tXl%5dcqIW;7N?BgZ{)(1 zq9@JY5PS5(f8dOrmRzR=9TGn{9(fz1FhZ z36T>FQn1`*m5AO9i9}Jj6=C}A&Jf$#X2r|Stt1g&67g~Ce$LCAG5OKHIGrii@gVGh!K<&K?ZUq7emI z8SVNjVY`l@&^kkmwsOFX~9<1Y;?ykQoO!@lKg&42)nElL1@NF87Ap? zsmoX;Z8Jt5aSGx}c3)xWS%0UY-9Bzd&AqE&0e|=&3By-^ql8<;j-n;85-o&FKd9P> zE*pjDaI@=8jv4XA&7R;69}J8l_(59fc{l#Hbp;GNB^`E=)o?Hx2yMVi$xy-<4oL-F zws(s>KABbpHYDmoaB&jr2|jwO$Lw8|HTN{Y_Ns64i+n1)kyKqGlcCPg6MNT>u5?Fj zr~2kV-H48ab)d-ZKE;RPPG!7RQL!5LA+|QR;rr*fw;kUuJ3Zt#2T` z=C27BTJWmbh>kzuZGkb}TjV*mem9#Lsh!YAyW8Xi(z^kPM(t%C_Ntnw3dG1x$X5>C zmPTs!&El1@=%x`icp6@|_cp;;-ZQ-Nl<|@{4tLG1X_cJmj@h;biT)m&<<-{KgbUYZ zHaW{o*}cs@p5-udr}nVd5qB#5jJPAa>TMG@<|D*hJAA27S=vw_7lQE<*^_RU#_YO` zXUEusW_WKn@6Aoje6ts+3l;9|Q}g@83!Z5cwxT4WH_En8&0VlU3Gp>|3@L5>Voy+F zvZ*nh=!+)gTA@rb%ta#!qU!aAH9g|%P>m$cIQyNrge|?@5v8jY#s%FHlA}PvO?_raGO8!fdgO|YMv4zs#F6ae=|6q0kdRgh1FOWK$;%8K zmjqo(S6YsTtwG2LsZpLGvW$@Anzm4DXIJ9wC9BzPVlt*D>ANKNM%O|e*xt`;AUOC5 z0@ZC@hC{;*39kL=n*ZWS>&*ir3t>ZpZP0jarv638AhgGrED7o1HHDB}Vp8I7mK-+F zNGTeib8|Oq-PWUO?bz1YwoR-yGjscXh#%pwR?G8w{V0b51&q>)L&(&r-A$eBsf}~h zxThwn;XTByAUE7i_-}}zB*YAXafOz=LEgB=_FW}U%T$SSuTuU%f`&a4ybu!b+l%X& zmyLKFG8vv*h;SH3RqOb8vdx&(=9bgo+O;ddIOWDEEwN5%h*c`T z)UDCj6MD%5Rls+p!E0Cgvn|YxOimjn2Rn-&-J_X|@);jc&imXv8mTF5a}6P(eq4X= zR4oskty^WfQBeXLqP0@%M=hfM%O_^M^+jA|c&pf!9q7BZ4JQUvz1U+cia%8;_Fj1~ zipcQL71h>8v*uA-xu$wmjbWP{X0wT(7JCkSNDn*(d%tM{Q<)Exx>b6|4BpsIO|-Z4 z{acC=1acswG|nHs#kPd&KoGc7K^yw0OGWJM&Qn8}jjBpQs#%WbL>n)G%NTWhC$WAW ztUpyVawdX2Zj!Xi+iz}6jiS=|NR+m<#A_~-9m5ulXh7(1z?ZkkNpcoqGG05}zhI@0S6gx4F4w9qxnZiVyXldu=2Rrfe>9@TaW~`*kiih7eIKo8Jw8g|;k~R_t z-A)}ia0=k#tyu18ZH23Cy~b>+04+ls;gqS;`z4JrDW8{JvoO!#dN1_ZFoO4l&9x8u zC6S+7IzMlfQKZ$;E}0WL*7U93I%OYzJW61tzG0OY@j%%W(?IUbeoOcp=$#)e(X2|r zZY#ZBH_4Eh_rWAnhHspeG9jU{HW+Q|W1XM+q0K_JFy(OlS73nZ>SL-%FpLX$C zx$}ZW-p+vfI_bOS5S`mQe0ya>wpgo$8uiU8mhoVW!PK(0iIN5$jTYRz&@nc(j^HD* z=Wl3*nJkBxJs+YyW)|k-3LipaBNbai!3i1x>8B~?9SSE>w)d8iVt%NFJWjd0-XMV} zdHXlyh#zM{=7f>uW%S`YH<;IKJKNhkS(PvZpf&MUmJQ{{QhA7devvW^nkHyiv)s3# zF7{&3c@lhocu<_qzKu+?6YCH*EVm}s$DYCpPIHXklL5u)jriv z44bu*;PJq#fMAWFMxYw%%nL=DoneE$jyD_HjPMPw!dE(;HnH=-D4D1aT@cWv;8ZrG1?Ug)sU&Yw^g<0GjW2ry+kGEO#%81rh9C!S2dL=e*c?Y2% zEL1b)@TPyS`kU7q%7`ph99LoU)U>e&TrWwR*JA^h%uTQzN0Ue9^2nUI_8D7$v)$Su zNwnH7-N5J#f1`};Qh6|f88UTfdTgeOiJ77dCH;+2F?%FTd29;M-_q7Tp5g6w77RLE zmH_PQHfxZ5`y!3CtTwYxl~gEb2d~LVQY9EDgBP)$pq*0N9AO+@28N}zMUdr!Ez6KT%6Ni6=H0guQ9>4Qiiajv!f(5WepL? zhI}ZTpI2UX+?@HA#L8xE3=3_mpBV(+SjW>U_Hm&N@s=^X4q^zfd z@Gb}5<-mS$fNyI$8AL%NXaeovk6>K3<5Z7voTXrhZ&WJGbDYO8Zm)xm1Nep|@Gy7` zH1O44jo^OpIyjZ@hwBC32KNDXqT|d09bg-{3p@l4KhSYXK`;0ycm_NRu9)OFH-W?W z_NF7jdaxP%96Syt^KDK?f*oKd(6>AN5x9K2(hP7h_$=7Nw`u(boIHhZg#wR&Uw{RC zyH+h&4px9Q;FiN3=d0l8seI!X$aWoPI`}xa8vF+Q4(u#+oDYHTf=9t=(;O!Tc7xx6 zhUt#875oCc`se4J-|_z&=g-bl&K`q3p`)Mn?E{Dlu>6x=f=vLzCEAS1`W zp279}Oz(PrW)5H9$dxVnCO^K?FVo4H;1t}Gld*fk-G#c9IfFZ>(UfKfUtIZ-2dK_ahH}_dDPE#vNb&?2R{k z`cqf^$0Z-VXyb3y9)Aa&r&e!fXT>ggc$+aPuK ztA4(31gUdg<63r3JBRF?@0ris!L&oOZ z_=b0%l5QfMo%3Duc|V`yb4vM2&D@N{)7ye``}FhvIZwYpIy=YZ`zEt<3eD%Q%;z5S zxy^k3*?iLaq3n!I2V_ieGBfD^nX>6`wSO-0?0-G>-naidN#6(jabOm*gnd)ZIbqp&<2>Aob@Ub@&VZv&RLg@*s6;km?IkgF)*2Aa!k! z`c9DgL6G`kkedCXU)#DM)gPp;4pN^AQr`(u&j+dLXt8bi(Lri!kh(ZXT^Xc45u^?d zEZ^Bds*hBm^zrTNNBMBK0r_#4Jnw?ZYlG^NT z3#R&h_h^0Q``?$-fAYa6;cNRo_=%+DhyNV-e)w2?Z~5Z?3VdJuyPiLO68^XEkDo_c zKKWbF|E_0zeb^PGZVpmk3{vC%;OCq1M?X~+q#A=%Q;_;Wka{vmIe+q>ofM=F3R0ax z>PtcDfgtrrka{#o9rUbU-i9Fc;UM+#Aa!Ms`f-ptEqwJZ|5<$nh*RrSJIH5B(14WlAcLAN&QUHowxE#>H_w$w4`iFCohB*GpU}W zlcZ;oPLi^vKJlu_ln+2!LXtqWLm-3;O>D{9HR8PQurbF7acR{M`DgTL+g4D(!by1M|YLL1$NX`GX|LlSwwK7Ou8KmwA zQcnh{Nx$)*ogAdz2vTnbsh5A}=X)hc-SB(=+Gm2)twHLxAa#3?nv8`k^kX3JM1Q}P z!E7I&Nm7l}Cx3E6f4>iHUrQ z6E7@!soo`wJLvaIz?ZcAeLF}!9i(0gQZEOoy4`+xT|w%CAa!Ao zdOS$I5u_$O;XgYuNVNp1ok8l#AoYnLbybl1Ly*b}#=rxD)Px`v3sN5mQdb12D@jfF zb=TKfUswJ98s1MAl`?*V!^#||82oGzx_u(H;Uve|1Zo!JPlC!yYy~*5nmz_apbV6Q z`QUi42JBgiKd}rM01Lq)a1uBfECE$uHCO}cz^Pyz&~KBx;r;*Fc_Hcl&))Uto__M_ zUp(!7dW!JB=`gNr#eoj10PVF-))+56A@dwH(K}n8%h~`rv^Fq&RX}S7PO0p%-`At* z<}I^`WFF%<6Tmgaj&rSmEPNW=>&eCG$2raha453j%SZ|72g_OS0ZCRg^+{^G_guIK z|M2dKlf;8CKQjFl01~O}|KYN^Z%4l#G|zDk2FD!lILCrh7CO#i@KfxAZzINFCr-si z__iWSx_WWKW}HTPF*d`u9Sy_m$6D+~FSrrB{_0CFJo|^={pQIhe(~tTKY8$n-@EUg zZ{Gd&+rN6t7e8-T2tI!KrMo`*FCV_}{PX&^d0ffPxq3)(b=C>KNrF)X@0pPUkJuYI zvU6@@5|Ev9yZQW{`TV~5l&hbeBR4-g=U(%9pZWaU)4K9s=JO8o`8D&YqO)_xn9l{~ z^LX?5eJab&`GNWT6~Tqj|I=qH8aqvFy1@J2{ zmGQX=d>Y&g9s|3<6W~`s}^hNCvX;zBLzAda`WkzV`hs^!2{SCg49bvs!T@QgETIb8p^#QsK?HW2S-WyRONev1>#2(KoY2;N~fr z1CEocAHieO!4`4%fSu#69C~Qzq46uneaFqnF3NmeSHpKBJtaKtYg`2a+ zV|kR?`!C`&Bdq2xBXdG|wli@8UIFI|Dx2Mz>q=_d3LDQ@KKqQ;1?|;sE9cCevu@o9 ztGX*T6mE(gQ&N29nS}+dMT_Sb)|^>bv97GFkk_Zyt(bAnijszN=2SEnu0O48PT|t% z>IH?HrZ1nfe8tQ)h0~{<)6%@9efqKGGg^;5x4gW*py=HCviWBm+gwsNyX4r4!c$LO z5j}Oq^z{p-AG4yReMM!oXjApN*(LKfwU$&bX=t4`qr7PDlCC9l&S;x?)|%7GrdL2 zu@zlgTbnnP&o3$4x+PlIylFvnc642=pzGK(j-9olWz*8GO-s(HFYK2$iCb|>nzaTl9`C{(SO;MhnAb2 zGET8`lv)yDTI1vdEs0Sd7L&3H?#Xqm85I|b9hck(dbveOC#CzjCl1R!)0w^a(@tSz zCQpttZP`p-7w-1L+eYs>2dd9-BF>zMsLzK7o%}kda#(6zXEhw?;$Dt3$tkIJBjRK> zoXmDgos*$wNrZ_QCcc3l=z()Fb2ixw3gaB6fk}*CU!~qufw|61KJ&?)RX8*h;mDth z9Wse5Ql5sAvc0Bj3?=#_m17dRHpZlMjgtA(H8z>(kJMO`(6wG~GD<{*8Jaa`-ufEuyKXKkiTn|F8A}I2D)U$KEYuZ(#m36JIDZ;KOt7h8rw&igt z|19#(2FHRDAnMD2G-f_n093wqXlRvID>aJNX~w2eTVRHq}?S)fx9QcbD*80W#AxWX%^6Lgl+^e&<6el zhCs$4$O$M1i@-$s>{#$9cmgyW#xvkU;9_tI_%yg4d=4CcI8iHbC%6aP4}J>vfM>vX z;WE5Oa*L9hq>1&l>j>%ke|Cdnfj)Cc|qUImAud^125SPL!( zH-O)PKY{1KpMi^l9Scf81^5WK3>;Si4WJL4555V02)8W80yW@Na3i<_JPTd~uYxR$(Hd|j=m!0uWP#(H00zJy_%3)D zyaMu%hwq>bJPv*bo&m3bzkqCpwsLS1SO?w%z6$OF-v^I?$G{U{#tGyF8^A`;1kM3h zgKNQ*h4c+r2R4Eh&;u?6{|cT0&j4o;JOL{}1GoTu1eBae)ES%zD#1$70R9tv1>6q4 z3Elu1CppeCpy<{AfP27!Co@9^9|9i(kASDZ5IEoz`Wu`J?gbBk-Qf4&dGH#@sYFk} zdJqGxpdWm32~jz)2b{(@H^!OzF5czA{{k7vq77plCY~r|f$?v9%{*bX@mHJh>SK7V zZO(hR7sZ2(;=4qRzrN9_#P{mLe_2SbPU90V#E)+eo?PfualMQ47`a^1EqpG+fA7SH z?jmjdX_cTkK%AVLDXWL`rR3c(^&*5Uw!uP^Jq5o zspjyX8Xx{sgTsHr^AA5~$zX)PL@CN25eo_N4lRxhM$9xuQ<NZ8BcY9ZRV+IPL@-id(jkT zrWr(73>&}n`wcA*J-^{Yw}NTv1!r|08o`V|-#MJKENAD0b2<8d`G))EQ7-*9sg-`7 zcaQtVfg5t}9&?Lx3tT^vNY6y)P<&`2N1(8B-%7B#2t6Q0exLYH(#6g%B11z5dKadJ zW;8By8m(JMqFOwu(n^NQOs5r1(5g$fSwm?-E4sP97AbVw)E7py4gpUomDlfVny-%X-6+OI@(kmTM{j?>4F8tv9jXI z=9zQn&+jT)HtU4tOIzyJ)vRjWR5F8Wn<{1%>TgCxVcFbit7dH~EUenFWV$ZR>RQU@ z!h({LlR|$ROUmagIALD-@$=`*Kk1~6p*trPRN3#%ELq;X&^>Wm*}OUBW#x048|Tem zF!zMUmicp=D;A$sethYiviYU+_#UL==e(zs!^y#O`URhbuD%E8IDTuqwPTU_WvG*; zE$Qv);R{_iR!6tRO1Cw&Y%HI)$o!rwUnzLfwBC40G~U$OI?Y|A@2Y8!a;=4*9Edef z3renT zvmeWKj-B=8pCgveWn`VmQBUjwlB+9#RR3Eb3p@a1WuFFPz>6RkFz9NLz?sTXa#+N1 zEXQh&<2crF%;$JE#{!PBNe6K3;i!Rpfa3&?7jm4$@nVjue*zKUBRNh7slV(;Uw5Q$ z`ElaP%cCsibhRn1I;!~!ICphx4_}wr*5*Wef;?PTTJ2b4ermxn_fkD0KFpoxm}f-e z>Q?<;LT5{ldpbYO>Qwevy!8(`A1MDu#H3%0eDudQGh92~k=&t7!C6W6nPj%QBN{aPpQ$z3~~2^E7{lN=h-^Sj8i>nLaP zMG+@Xu>Iu93!Hq8CoaCg>EZr_K?vg9;rfIfdtU3Sbq>ng#JP7bi-37Hc_$FqJ)Cli zYaJ632*x!$$D z1kH}*B`m`?dTq>3mY2MP-nzU@d<*iQ9g_b)A^+L;Lcgbj*=qYt+F2%AWd~@NtF+ox z>rB6abTRqIV^hj(o3k&p?VA1(%IX_L-?0w`;*}@&v(TBT-t_~xUhQ2MKP$XvpG)RR zt}ka(tlfe>YqPL5*^@6i$~oGzPgjkgTNim{UY%U#nEx8iXY!3;>n0qr|1y*{n2@1A zzK3o6J)Rt-;pMb5sDBtQvpjxGJBc!iFN!+xhD|vq4;<-yzKh`)e&rWsI@38$RvT@f zOq)nvCur+k*y&$7E_UrFrX5E)WerU^r>L)F&pm!Es=Ofcd$P+3y8m!Pt&{mRmDwNKl(kwIF?)MoZG8$44IQG&Qm)puCZg8Xy0|c9m}{r0oz-s z@>9;LS70cE&Y(%UZ@oBRtm=dhS%7+u}V} zBEC>}m3YN-lhqE@54}aUFHbmu{Nl&SrCud+qf@Y9K83l6>ro!kyre> zygCjVA>U8P_dtp|j4k5+%_-{mIQK3aR>vVD)NwBP+Ppf7(AOEHB^SfmG~ou@riko+ zk;<`rs3_-o-~NxliwW)CbGiO=wa)Rh-x=P1BP+=~KA!eF57535cys)1+`GkVU!ljt zL-%gq@gF1K#YH3b)A%1*+8niCecsFwpT;>mMV&R2wb-k3gtm@9-z!hN8;Ry@bW9PN z4Hbn>-9T>UXL$YW^_|}sdS&OeLoe<;f9TmYgN{3poAH@Txqd0vFXcM1nB2<>hi)GD zz~OxZpPb%Te54bB*2x?*B&RAN5zy3AK zatDW;+8cjE2yKXFGLadCcE!lJH@s}?|2x>kqo6I<(3W2Tt+md&-W{3W)VO=aU?FoW z`u}$L>hm~VpAQ~kZ7=x~;Nmk^RNK?E7WhRXFsdSH?91{gm->;&VJW*zZi)dA*an z^P5io&I>heIM)vxzPoO~IiPC*`?lk(jLD~OoUm}<1Fw|UI-5VBejSJ*o1ELWZ25?; z6*JbsyA70=rM~uL!L4=9`G)TA_@>&u+04TR&a=;RUSi72e0K5TLCUpt9I9*BJWrn@ zS=`HC^gg45xjW8&sBd8E!%pS-LuW5qjBIUuh;p3^?XxY9>)BNE{|xw)@sscWRpD{d_govWH!3M($jo`6&ly3(#C0zr(};c5ze`_X?o-?lnMB^c#WZ{5OLM z;8vjd^4;KIa4%2{-~phrhk$7E=laUy&Gq?75PsmTyVzac(NyXZE`Ys`qLexw?j03F z)A_N6SjV>T^H;>N}c7B#S)ucuW0D~&e55|Q7@+@RN(1$IVOgTlQH;~3g;0r{ZMaECN zMmiWf!s-CNThv+TT_4N!Y+d)-;g2^n)CQ0KBL`W}pw9{5UqHA75;cwu^RX!>`R6JQN3<`6+E%EW6>^zv970jEys{-=k;h&MUBw z*xySl)P~F_sM@)dYnFGJU!$Ddoew)xDJx@uje!k^AN3|Q4qkMmlMC-;Ke`6*bg~8x zEm}<7UC@#{nC;|>kKD^Y-Hx*x20k=hI$t)3WDfShJjPr-ho9{X@D+dq+0J6+SKFbZ zy5b%utBAamIYG}*f1G~(*3Mth79^bXpgrP$LL>Jxd47u8qA^qaU@mN88MZAM&#E2x zpO1-l*&)$S`S~i7>)+b>N$eoDY3H5Lbm(riXR2w>)Sx{R)E=(qF52xxPTy^Oh`J*B zt@475iy2QRdwp;seUR(%ylfDoQbBvoICleO-*9i;zzvx{rJWz6xsH4hQ|4kP;`Lh& zZFyx7g@yJhr!USqWiX59oZWTj?LPdcYUkio)4w?(`m>ZzJQQ7(7ep!sry!$@i_E_k zo4%W>zI*R_)j9A!#>m4=`-`Uj2jxNIj;e?H7zdq-Ec)|H2cgIK z5o6y-qU{=dKgQRA&m8NIv7+rgqtIr?T}#`0jPD`&mCVD736f#SFM81I$zi_Lhc{+G ztNdx~hqIUcNaauMd>lJ~f6N$ulA(Ps-|Flmbp5aQt@5mmvA$In{@FZFR;JWCjmyOo z`CPJ3>T}&Q@?_@Hjk9%s(QeN-JJQ-X@)gr&VwY$4ibhWdr(k2J?xLJazv*OsVh=H{ z51`L!{5I(;eO^Raj(jlseyY{GB3+klis*X9g-({Pdp2pepI>v7B>VjS!~1r=W?~1v zUHI`JUxTcEgXVj8-hr$mx70I;e>i#YI^% zt{i%OK0eNbOCNXUrIYFKyg8VU;LBGS8@pk-$`0xDl)(#}*G>HA8Yi3abH485dll6> z$9xbwS7h$p%{7frH*f^3gZwCz?6^|fc#|}@8nvuXP4Dw;Y=z2F zIbM5?#tu2AY~*a^(9aItv3tyX;vy5QjXwP*@j&T)sdJp z$=JYJ&D(Z71uri)V`HJQlWA<3comvI4k|ve>zB+E6)(BU#wgStY{d1&Q}I1bT;j0F zk~_}BF^S7e+=971GT6YJd6j2#W+0!dc3ilpPw|44Lk}OVI05<~TP%4!+r$wRb0H7+ zv%UMWqq=`$D4y^+&Wngs)XFcr5nFTfFOy>m@+-(A-AF(kOuCE$6;@P^v_tAIc^XDQvuFjZz z)a%%~Ce5Lp<=(Rs2Jv$SHfi2LOiXj!ui1IUj!*9C8#wZ5%`0wE`;dVko^=OwiN?YI zaT+ed7FRSmkz(fl@G8Gz_s|e!@&)&EoXf!O@@Xg&d|j^J$`@57x8V9 z=AxQ=!X5_}IFM^5v0CrW1zN8k3p7X02bz-~05r$fyj^qp1A*r5+S7j!I2dS-kBN5< z1$3R6hckvbM*vK@gDEm|;X;nnz;rMJ91Ugymh{a$VK&EOz_9@P&#czI>3AH+GEffY zfVqH|m4Y`Xk0&kL&U^1e3pp+VCxVl}$>0>Q7-)9A1XO`)Py?0%JxBlZo&awRft6qt zSPe8A*Zn$+8XvVoW;o?&{O4bEy^Av`=+v2(0&{aa57B& zl3P8-;anO)OKcx-=mp!rcJLFjym z{ssIixLC5SZ)!+zjO53hOYnV3Tn702cW^oQ4{!zeIB-7Q#m80Bw|et_w{|It_j)hI z?y}Mq|7{fV{wKH*+ywqF_$>IGbR;7pj%NX{{aA9aWz9${C{8!!jAxKZ zBJ@6A1#4t@xb2>TYz*7KR^8dutKZ%7ttRG? zf9W14OR*1-JG?Dx1`~6saCyuHv_C_0ZT#ESW}U~BcNBh{%00^9t&~S>W|djzvGbc% zKN8Jhy57n0-?{DVZ)yCG(xyQMEJ^j-G5+UJ-apg${|)FJ=;q_^H2#mJ>Tk*LGyace zS@OuH{Nq4A_($^p?}MJv=-2(X>i_Rc+54O4z0jD~8FV8UB@|78BYzkl-g_Wx7$zvS`V{YT6R zctG1nU-gS))^8Iui>HQ=2aNNjR&1CJt<^7!7 z%>MIc;_64apC@J>XI|qLXL@n>YfM~qGV24k3|!}azEsRvz&;D&-3M4 z+?&F6y|Mp0<*>jv}ub;LZfhu*9lG;2rNXRh_)tbv$) zt_b?IPGaYyxd(0HT+dYuDvrgTKtp6<9ZPrnW zbf2})$-1w1cvvIiy{lJf(-O1)L3>*bU77e^%;DI-sr|#ML*)niyP;_U*C%?{>!9;2 zu1#T{sTlS_H=pN}diS))yE=4lO6Z>Ur)wXu%JS>TN~DwaI4jSAD)W5uUI1vqzJxoS zkCN~IfPVwKz{kKPz>jy16zsf``=0<;fvdqM!Kc7A;9Br$a2>cF+yFiU{uA5?ZUX-o zd=`8T{1^B<_yV{Yd=Y#J`0>uYf}PyE9ozxF2EGpN1a|@72mc?^-vr+R-v;-9?|^$j zF8D6EAAApdAN&CP5Ig{W1nvg^T%&%1+IPSI_1*7()kG3GXBsIhpY@J@|Es_3qHBN&G}nh(AYegIwrn!)yEp#5NaCaagA2JjQzPFWTf4d|{|;?1-;-Z@NIBZf#bMf7FZ41K?m3dt_EKRcY%k%tKiTBSfvG}pdQ3QFZd|94Lk!b zAI}mNxC#6W95w;Ez8DQ z#0u?XhB5G7a2|LB%sYscT~G^_gO|X|;MpmBmnC@QQ2Sl2V-I8H1L*r&uLHM&+rWau z?RT`caQrv$MWF9$&6-NzfqL+9aNiNo0rX3Uks~PwoCadxBj6WcH~1ZhFru#m^`HT4 z1$vX^aqtW99GK`5y#a0DJn%{IGI#~#6!QJQ;5@JcTmrrX3Z}6F4rYOQU_SWrbXN1g z_?ax6foqBwIgerF1owjb!0E@bMH(DhOuqoVPO0xJeXxW+1_za~G7pZK%W66}g*BnY z;HRt${S4&b5{v<-oBOVBUyX`nBFc?|3ZPk>*6J>aw|$4p7@E@b4s3uTI+W5d$dEJ$-b!{!g? z38%wln(Gv$^22%3rc;%l>bggNxXhCGQz^C~s5ksCZwq`TNTsubh3BfmHSWvs}kD4gdN6>XqS( zgPaWReI=YFUAl{#KH|!VUDt1ne2$AVIi2HO8|^nnlz$d^X9K1MX6Nj29LoUif3Qy=#*;asVbAd$LtN%^#aQ5r|b^yt>w2)Tz0anhB&L<<5|PC&*~eO zUH0ngel?}{@x17%XDwYd+WV`_efxVtTPfi{p3q*)EoK+0z9Z4)34H^ezGqS26RuLm zhA2qXJ%Qc9QQBj_ce2)$d^+{SO^vEEFZA4*}(K(wX=^ zF{x#Bre$ht6ZaaSPn;QVevfD~yA>>FD@`u7$KKCRYUdK3?xuz6t0JDXzumN%qxh%Y zufQG;7;n+pKnV`~>65ScczHBQyXBaB{b`+4Sjl3h(C&^HI zdiWPFB{wzHCaDrdUXEM8=A*J zSts|_m^?9OLcsB;kvX+GA>E?>m=USnAMV&5P3Dm5RlD@tSyswzudbtI`aP^}+9OS| z-@tF%yV|rjxjhr0*6O!%st)nwbe^*s)Q#*UY7!+@I@WNs{nyO%nMi2^`6lzccAo1y z{W}bgmznbP%UyOyx_A@ei1UBODJrJ;cO)Nkqw@lR#zX=!n$ zS9_QWX}ek~Yh(B7$d;>5_3g9%4s}`4D*8}1R@$TAVUQ&0+d|co>R&xI&MTvfXKim= zu4S92Y~L1|{v26jtqzPnUPRE*2yc}{80#W%DZ(zQ2>Lh{YOKbpe95?IoQkxFhq5^u zeU_P)Nyno`BIht_>R%j?)FsBHF_b5()@VMXyyr6fS=lHn-Qvyryc+f{NA^2zcq$1# z0P3t(i2_NPwe?ZTkX;(NR9^x!k&4s7fs~?t(&%S(wII?^aWWOL+nEmqEQ>AlLDvs#w?5=cAl2pjS1nNDnpAR2fR-Y3Mgf)%dw)!LWHTOW}RB2Q){A91;a z=Thp!V}_TbwfzP5b)@T&ADB{F;F5laEnUuYP0pG0N(p>S*UHz)seHxkqd5TSOf6T3 zr;uQkkiKQFv!~`hG(j@*ZD>zjN4cRp)f`GC9O2I4&EE9VVM}q{OzgcZz9jf@{NctF zGHkWtKatq<<=$_oOW#)8H;0TWg*m3IqtWN7?nLK^G(6dA_?y}?SX;aW>nEG6(RXZ0 zIrLkQuCyF}^=#v)Jht>NWkjBYw>8ewLVNY6yn1;u_U%|CHIsL&)6ZV@&0y(y`Z^`) z4a*w#VrBE2%H?Y<1IV#0}6hnm+%YJn5-EI8Be*r(5t|nZ2tL#ESfdE# z{wB$P@}r>|$485_X)O6M-s*wqZ5cGCkD?sz&3pGHs-xQdxJM>4vkx%qFW_1uT(@tg zCr2vAo7thR`H?Th5j2~&QB3=*?TS=K$q|lu9z=c_}IW5+Z#5DHIZJ3nmM}SHU2!f3l6IMt%hIYJla&kMx#TT za)szn3*Pw^3nBL2|sy@6F-;D6d$NMH_W> zDa~rVdQnjlX|Q5iD>#;-?`oAIXR-!<&5E{)XOe+__#(-$v+P8SsEsy@;>koX{D@CC zx%`MmEoCS!kfcu-I{SSjV}l$vs$;KaQv1MHiV%vj$#b6i61Rn(cF zc(t(rO_V6j&Bwmz*Uu!MODW5?Ms((SQ6@{9>Ysonh}TMs&o=TY3Uo!9q{xT(ZQEW$ zE@_o!@HTR-nY8S;jcJVyG(yoq{XU%dE`P&ns@0aIl&DCnxUZ2wY3Z_BU&}q!+(C<* z>5(od@YnIe_Mm{PiuV^hiFJ)P@BBPeL)Tw_(o<+5|YAr$XNTR;6nyj`cR%%y$t>orIwQoU^EyqODt9sIp zMcZ{+^{~bdc{Eu(T}w-A@XPgUbZifn+ajMg>VOvJX!#5>yzwZ6R*)v`y4^0bC2 zerwdR>&rI&t5Oxmmwb$azp7pI+ct$blS@!G1s)~coTs_pu1oGW$onSV{|cCuhrLsY9; zv(CtlN;}ZB+4?)WV^@det!a%~G)liTuhFx6*CxGHeWhqosj(NL!+MV4HM?BXH&%Dr zx!=e-p}bQ&0}x*|M$4}ghplz8SF|o!XYRMrl6L3{Yv5*TlkW99Ii^P?1G=KML-n#a zBF_y-%==`*FMJ$B_#6x-idw`196N|1M#!?SDomknD-Btf}ld-W;5LoLvnpdCYM zpiI3fFHcnZt1yy!)h{_w-o$g-Khnl1CeO_3Zk+P0#98i0Yh^#ilE;o>vdEHAeaa%K zwc?z$FS4!ThsHJe^HF#v%@NI3{z}QKQB=9)iK*>&1=#kz>J|MR#7h!)6MHbkYjIUp z+Wuat85zA-jL+Q zJ>B)a$KigX#%A&D9P_OD-AeDsevtfHttd<8I_b%9jL~`n{#xJ|a)f{BGQzAoLR3#$ zAzRhXtn+xop|CG+Evq~VI|53Ztsg&`-zzxC8H7{(%*2T4LhpJ8da;b?;ostaEN^Sp zN3;qaZnWmGRDzZVz{xoj-7;lhhpM^yBC?$?WiTkSy+(U_D+$ zu3ctV(iue+G}{?7>^vvwZqcZGu%m^)Q%EC$9oLo8NV>P=k3`{-Myq8__TGIodYKWP z%RzD_uXaY5ho7ichOcFMEuM%a_%83aUJvJv!a|Rp4TPSt3oiSe_kH0(SzeyiD%I<*4v~8nv+dkx! zmyv4UOEz}G-uf@}Fm zp`^+8Wi@7Mbd(3OJd%Q6^O;`E(7XFKBz-&Oh27dxieXph}{7vVi_ z?VR!Xy{|i;{QU@~*OA&sSzC;wo2=J7$Np?}?^RT- zmp{qeBLf?C4%)VqQol}JS;PwGz@PigHCe`uq!g=ea(+vm#h{pHA9Vg=j@l)2DChTN z{3m^yYOVWBN=+Zl*6Neic_yW?5?V30E7xbzHpMhYwm<1s7c3>|*R}tR_9!B}i&1an z(M4mmc1-G5X+8sQR^X#gOhJuy6e!P1q$m}C{B?)a7E%%88opaV$2rbSH&sbCvYl?- zKqZtQ_vzODXF_wj)l<7hpI!n#N*U=&$>bZ1S;@tQrrHVpa@rEoJ$X+?y1EZf(NhOg zU%LIZnciqN1^;{WarIA>HWLYY5F1{IglLvv=S?H+tNxB@Yr1|r7|qbQDI02IJgIh; z%8syp>_%AI&QfcK=2>`?AmOX}r@ZP?yO! z{I(h?e}&H~zOzD~FJOJ5w8giLpX9r)?>D&~_y#d+%E;_b#3b?s`I!E7OBuPpq8LUOIhSe9*PAVPCT)Q9Y1b6TK zP_|C(EII|g&c|-2+EMf%wc-Ir=40XaWk-?fPrsu`C8oB#>e*AEOLp!RYD{ex>L{m- zHATtCDMT$s9tCW!9CAI#_q1rm?uW?4==*w(aLdrsXk=65^NdERsdyL~Vto6{Dfq+b z@@YlR()vHtKQgT@b*ArQ(LdS!U0S~Q`vL6Uk#sa6BcrZAD^EJ9lcYWBT!Q3@!{?ix zdx)`Vv~_8_tL7T=YqqPW)r*;ilh9CgjlM_0-!sz}d5}@tYL523NP^Sv zd+}>eJx=>O9&8;m-RHa=EULxdeeyZ#dMrb`Prio6q#MViF;m@Cdm+;G@GU$!n$%5k zN8@F>-6!_x7W&TLeKI=dpCWG=a}mpVpI3HwNP<_RapZA4Kh41R-UXR%4~X>I=SaFe zAXCYgUcyF`@cVdv@0}O+>b|!!_0Ee3vw{e|dxY_Fj5p8l$G!|R_Q|X7V&wE~dNo4V9B|gLK)>8cDK(6|-IffaU<~Tm>nVvLHA7wV$Y&bCb=&!iLdUj@4 zI7hhqv)6ti<%dVs2y@Eu*pZQUIFxaBESf&@zM=CeOFL(;$BIYr86vb-@1KoSRsq_& zuU>`pB244HKPmqp{N!Zj4vIIWf1^(_tzKASc7#5&bJUS7RXX~`k<|3dqqk#8gg%zHbP6&%4-Uz1QVWhU z5sQ6$3+zz03>%XC#%m^h)&z&OXR8T`O7GRFgj93IETVVWNWpc`IS*e!7U>j2V+0$X zf&bYH?F+%_oUJ2ggqX#&Q0&BiU#kO2(rQUK;`D2ePb2HKViMO8{W^FQTeZWK;>QRx z8JYjcs@|kDv6Ia_aRc$-&k-9**N?Ay^o=Y5HpXx_dv?=%Jd&bR{FV2VPPbw_o8E_$ zcFn;C$VR4~^QCL0^@&nZn9hT!GyJjpGM}dY7&dy^s59kEeBdu*uT%N`HUgqJk;bx2 ztl^{lXPAhNcs-Kepnb0z2h#0Z*IQ6Fo~YFo#WvRx%e1So*=U@ii(11QVab&%bS<9UwQ-@Z)R97|c-xn}C z7N8%B&C54%owJDwy7Zjl#`fRkuGWwGz5i+SndZ4#AJr4(SX|vNr=$Xo`c#=(B~{He zq|TS)9xt@2a&#x_$=!<4uV~E9!Gb^Wd4@Rk}@$G5F3HUI_ zCzU_dYoC9oAXKy3SqGh>T9nS=Ny~u(MoG=|t_Awf#CDyJXQt@uWcZ#c+ItwbT5kZ# zKU1`N-)w&d64imNlbt*hdwe_;W%9da>0_Sb>9rN)n{K$;Obe3N#Ac+KGy5~t|3cU7 zj`fw4q?P`W){!P~HT`>Z$Q)tC4AB&(hVY`n* z(xoR9&CE4VtA;qWYPC)~18jMA1xWiXREph;vzfBA3gho;kTuo*TCKu}M>UkP#?YZP zcI~!U1*H?QPPRs^0@}T?mTK)35rx`atM~Q&^-JZ`o~L?_+5^TrU7Rh);%UvOovW*; zSv!FGq1fINPb;ZOD|)Aqw;tFx*flDumJ)L4>5<Nj zO1tO8DcM@-=T;=!?m5!>lEx1ITPL(OrTVm+*ygmm12yI}Q@cu;NDaDY$0O;Wb|`3P zmEzL&&T-VOyms}hl9WbRf8UT@zNv%LFx&wEaZgU%KmFUZoRF!Rc0CCO}J9SK=qtel26)Q2Q> z$yShElP`IVzq--W#d4C!$3SkHb;q)%YP@YH6Bc>FlADbL>j$fUO`gBX?S5c@Q! z(|KLqpmt(8M`i>tM+!~wN$@!e`Eau6!~7&tLY_@3+bU>;o9Y> zOl{gbB=bVZ9}^=+-Lt<<&gqC2}Ez|ZuR9Ob;6 zhhJzUF9*#^$<&?FGsLHn37gf0vX;F=t{6Im_~c6YNq9$VRVTY}P|LC+tx@<>WCkAg+V91z+HqQlW@xH+G%^UzAImZPpPF0KO%cv&HkS<;GZx(L8DKL8Zqd zxe^wm!6pQG=n~GsTCcd?GPPI-fiB0JhNBr-fFsk&@V!OX^3*kLfpi&-_r^rAL@;`? z7#129U1j(-`j}S%1@XsC%fY4evqDG4RR?-bMsBcoO}YwZ!CYAJLDn6m<7Yr$@M`4+ zeUcG}H27Ed>&{cSyC&~L@mnbv^nfPE6%7H_;2I{QTcUpY0 zaKBb%gSAOsD>UdFi7oUo$ixg59BM;<%fm+FVo@2**a!h%#I)UhD%UcJY<&;*q*<7` z%xhxvE6rmLnK!0k^R351k8Op}^JatC#RIxQGbBCqmfRXNYgkc{zaQ?fmyF3G-d4BA zamb@-@)8ENi*@}fUFTWoNNp2EEv`W2l{)t89^dvCWsny1n&|?vD@=Fb(-r4I2Tg%a z$JePA4(ddcI`y*7TfsFde~IKC-hwYz`WlJLz(u@eImFZk29PmqBpL_4wp9pZg2SuC z)x%hu)epA9VX=RU@~{Hv`}~@)KrOT)Yfb1AWw3UjMG`!6e6d(hU@g+3JzCRjRNkJN z1Q|bIug%jYX9_wQk0ZP27x&QppUHlrbVAMC8Ho9la7@zVi$G%1NvIh;E z79@^3Y4uW-miCr@NTcT#eWMp9jYzA}^J2YCc~GW9?SiWfv&IXQf!vd?20r0c!v}U` zPz$=)8#;_t9c1XD+2}8M(DVYFp<%Gy?Y@oXv#?&HSy)1| z+qe+Vjy_EA)O?%hosar353pKeRjxrjVntvRZAwH6>A?35<3xCp_OO-&{}q|bdqyMm z%2d5+Qc>vX*t_O?!1v~}xnQEbdl~OH5q9p-t5!& zk-l1f-e_N*#sfEAB||Ta{@KH+PgqA+vG>vB9Os6$MtE)mUZ&`qt#b^v&SH6{mGB0! z+1M=fDtN)Z+WLT?xxj(#f)}KwNzYIRrGtIA(DsJ3_nXx!8;^mxupb=Wj@fu97jinS ze`w_}_6N)Gv#lBo*`5=Y9}b=dzxtLFK}k zE&7D&Au@trL)l0bxI{a_#Yt~*X$2*q%Zvw!ZD7IC3~(f)C~z7)sLAsDkW4HT)F77H z>1{H#bcp^Y1GQcfEE+J{xQ{uKyuDwo(yVp(b<>0$@SShFMWg6JkJ^RwTRiRn;XY`m z<+{tLn^vJm;dax^j3YyA!d5QZIGi5aC=YJ5QIn07SS11lV$v}9gsfX;*Ul!D-RjSX zZj948a@FT+>kt(fZMNwdEG~4Lsy-SH!47@gq;hSa+dTghdnc~bD5=O>0Qi8I9WqZO z@l3B-R_WOj{j4D4G^4qV8!AdcQdGVwAyZqJzTjsYJoB_wY76+@w$HgGpB~C-Xi_FTz!F$^1BP0{tPmWH)Nbhj2dd%n2m*d(VL8?OrPRwEE0v`!7%;Hl8$33(aGE14ig4E7cea!jjh93=WtJ~Tw)EFOooFiQ=O zK@~>IZEBCn3esnur0EDs=+NB|YYBEaBP`Hn$|e>CRd|Em5EUk>1XZVrPl>D8Z1Gwh zneDRpDYG_s%tTU~)PA&Jzc|=-@2J%^ycqgv_(SKQ=gb2}&*tM2UZsNREXJih!If3z928WNxI$rBdiG&>1T*?XhyZ)9WNye+Br?}H!m zlnTdSjJx20ULO@lkMesFLKCW1a$0CcI2M1CvhEpxwHL&yH1wzi4CFc?t=I z)4&YgAJ!B-VzJYMRafDvRD0KEmKcAbk--Bq-L_*4yB(b%>>QvYmLrY%sdY zR>#8~yiX}m4_$82Xh!Td=Em4J-{3Do0t0kN#6fL^D{=8?e`uC<85?2{u8)pRlhB|f*hGOgIC}*s8f6& zjYfPaM1#QrZ9yM`7sH{&egkis^uhy3Scn{%K4iRRUO`%N!}ynRaI1KtNjL>ZmTQN6 zb8f9J-V?!E$P6HwXQH^m@D0yVH=|5)3-UcNISf%)coE*=Dcd>C>=}H9r$LG6esE72 z=yGs?)CP@=Y~qno1{8-P=;^R)B4a4)4f-Z{3Ksc6cJuj#a1UIBRz^cwh6diO#VoP7 zHol@Zo*L^#wfqO)7pb+}jMi1&&U6rq6(~oyGgZ{&zxuF?*V#} zyxH(hgL17JL|42NIEG%ATCKQ8! z{Cn?V5K|tVtv9-(WHvghTE@A={ zTV1Cz$LZS5I!@DGwL7In*>C@iW_dp+9PgdwJ;^C|J1VyhnD`W3`8UXT8PqI%n+__gD?K%O7|8yms>PS(`zg zV6|3*28^&`Y?{_j?bdOU`>EElSE`IBe3p5YUrT0r<`sSgqm9dvPP75CVR{-{gFP+u z1mPikCUj)K*0zVS;$dK8l;_qhdf_?Ogeyd#?zt&st@`ukd3KuAJZB( zqxY?v-w!`F_wR{Ro_QOV`-a*qz75m`;a*NL>;AP z#Ur7<&Z7GAt9oCO&c;i{RvW+b4J*9cw{L;8*0bURsB7Li979~tY}JrB#Ck&g<=1~u zA`!;XYD1o(+Ssdk@ADk7FROWXXIJw+D?S)|HSYszT~ZviKzn|dTQB(q{~Wyc%d*e0 zn%CO;3)PQ}#v3ZmfZnEO#-eM?{aE`;l*3C{Upe+_-iK5htE1R^ztqm&JX7ATJtXb= zE%8@eJaV}|{!V`ISZf_^HSc|T9>303@jjB(6QwONdjphj&)928!z$i~)LvHc!l|s{ z<%mu%y?cGAy)^fSm8n+8z3za>_MxYiu!{E^s_SKCvCk9FlwZY*gzS`#A6-VuapkRg zb1ZJN)nesnTW$@Gz5T{k@!ATTV}uJZA8<9n(=?B(a%+ab$bym>DYuFjc@7vUM`Kn_ zm*=ptIQtVZN*K9+x?SD(UY1_P8&>WH+s4Y>-^q^Jn%$QqhYPfB$=2e+VPP$9XhGgr ze?WeBc^^HYmHG$Be@e<0<4r#rFYiq!)c3KxY1Vh%r4r|s^rfF4g97F|%R7)aR%#Cz z$|&c9Hf1Fe&*5$_^>1YL<4;xgNWZw8Kg{#x{o%W^YaPEO`n3o@`?{9#u53T?9Eoq* z%vKox;RF9KdAa60kG(qaHh1KVZ;Y`z@zdEFN7qWG$?q>q8`Gnu@KH|dtnzi+YW$DM zf+p3oX>fk5)T%!F&6=?C)y4w97ml&mwtLkA@pst0>KUD35!>D0sN~(+H;_H6*lC8n zsu)k$z7PAh;}m0)ck4asVs9vp`?fa}YwpL|8;WO$7nSlR!hQs$tra%=1dYB*m0-9l zXCWwoT~f+P;?J`DGP=)G?oC#imzEnwxX-y6(qWe0Z27B1Q}C=t&NbjMv#Zi>jVZ_8 zRq0SYUET^1y<-Fx<}C4Ih}Ge*#cc0=}=cL-CZMvO$(>^BlWsv1jcA=`C< z)!gh;SE|NoslJ!}Y$cnILjw?jLTXIPj2q0GMcRnMg@_k3MK;%i zOpF(wF~2}m%=T8t516Hh(}1GtHZMRlgOZ8;BRL7_ade8+IaOF1Ipa@l7RjRyX5;fS z;j9i?q^r!hpg$^oIm|@ZtX00fmR(?xyl&|+)A-2oQoTzbs2Tcz5fOBwavoY{1PjD|k z7f4>Otv?Mb4v0UKHN_YV4QUxEA+IaUtZ(!>J3mhsxB`EKnMLFBkXdFKfW|j@`(^9- z@^L~e9sUm%u~m{lb_t#hzr_OFkm^%M=sKJbOTf|E6ZG&(I3Mr;KWZH5Q; zwZ=MG*fz!R%$@rf!_|8nUqayGCF$PBG$*FF5?9^tI8h0LFm%{dakR!Wsx z9jL*Ik7atgLG^`<09Lyc=4xBk2t2?Vn*38{Ei7M!oChq4Nxu1N%$J&+VR4vIvESig zZU+v8r&{z07Fi)l4l=xJwu?T3)3o#|HiNRLf$PPqHjz&_yF<9J`Q?dOY=9%)p%td_ zE$h5byfNf06h1f}1ohG$JZ|V}@`3!&WAqrd)jZKwJvpFOp)oRg)^ZKH)v7`oz)QuY z7p`$3lLtId6Z7EAz8BY$mngDU>}kVVWp)HGq%m0D->2m^GO(FmFh>@L<; zr)3#AK^tIaLtbF<9b21Xt2w}`tp*tMxU>0+@p>2PQ=g3=ZTF}9C7sJXKQ`zs=#5qH z6FzOm3r$sMQ{iuP3LIK!Gg*mSDnf;y7S~(+n)Sn?$vGYuR#K^XpBLp9mLHG5B$`YV zm#k39cm>5X4FBvsOZ@1=qb}8ZfO^3UD@P(59BZ@3w`7m(EW`D~v&Xk)k4I;Z$7GL3 zWRK*g@_b$PI3s&JGka{z9?=>+w={cXZy3HeXOFGfnaB`8j9* z8IBiZkIV@3o%j$(JbsSd*&}%^d`Hi6#J}X&pFJkB$HDAzbM|;jWY4u|_fnp}BzwFt zW_f$YNpK7{4&MxJK0q1}?SbyGbu8p!nv4f-K?|{dw{X=qH;YUrZGMjgbPjsT zevQl4!J*%qb-ggx((=P-B_0woZV?Se5oE!V^MmgIy;yTk`+3&ptC#p%cpLxCei!tR z$YNha$^J#$oOYXKx61F*)8KhO?AJzABzTA;=P-}elVtxBonRzSTP*7;DV{sfeNC46 z6wRtm)^i=>>l45PlCDKV%Cre#1k=0+8eVHsSO@aTRt8 zYmTjD56?(DyTUVAOLVm9z+=Pr- zZ&++BWASe^n!jnWELM^;Qs`7I_-w|Jyc22(vW*XlO{^4^Y>gA+1{q1cQPP3w8(|5nMdpxoZWF3VtnkUZCNyYueAb zWrBAL-Y2*~kP_?={9JIyMCZOMkdbs#1?LFP7u+PcRS?_Xxp9K?1qs2|1>X^jt99;R z!4ARC1zl5|yF_rO;Cq4>1rw$^cZlGvf_n~d?mod0)0~?lIPgH{juo7LklG|j3c3W( z3x);pw>VcVm@7C{Fy#>E-XVBIuuHJ|P`xAgfZ!v7PY7-l{BObM1ScQn-06b51Um%x z3w|beO7N^;@^rOdFetc6aJAq%!50Nz6)ZU1xkkY*!LVS)5zd_;I8)Fn*eLj*;2#8c z3VtkjOz?t0YQoJBoFG^xc$eTJ!3PDm2)-)#k>F9m%Yw;~`YAY5aGoF~xKePv;4Z-r z1-}%$BzQ&enqbll;ZLwk@NU6Hf=dKf2|gmYPOx3DQ}C4FPlEl9RNDpT3I0LwWx+oQ zz9Tr}X!TdnDp)J%7F;5@Q}AuUp9EFMICr9;UeGD%7JO3hDZ$qSI|TEN)qTOvna({f z7=N5-CzvLfBS;ETf`%m!0U`6@uM@*90@>IX6?#BzTwL7Qxp9F9==~{83POl5;Br?-ry5LxS1wbnX9oZWr7s_@-cwAbz@YO9U-~ZwPh>rk>&4bioG%9~V3<_=R9t zu>S(lTX2!!yMiAHo)G+2@UMbb1=S6b6Tvxxq#z|25(j=NdjaE0K9)2P60=14hc)v$p zsy$cdJ>~W{`{n)6H|g~zAHFGHZ|aTm`f%-kaXtS=bo-lq`SaP|k#u24b&Yo_V{Uk| zPKy3m6IS|OMVWh)`Ie%x?90Sjjh(OTj7_=ny4MffQRQNtvFep)#oW6Dy))I6J6`z9 zyjrF9QFGxRoiF^O!-an%pC9>sc+|gqDLfwo_3`m;cwua7%-yCT3o!kICr@RId(QdW zo;|)cyvpr~-yDzk*>(4%ZZOU{RpXq~1uF!r1g(PAf^!60HKcb7Io|R&94~h}K5EAs zeKD82i?i2n_TRU$Mj6;+j0@rp`asu1M<0t!~k!^6+S zn_QtI5kBH|HtX)(Nh&8U?gH)MPpnb+x0NrgiiZ=YBqKqQ46A)&b!D8tlC?J|a>tBd z!8?UDjnQIZ)9M-Xou%qom!Fxy`)yZ^)-z#fVpT;&Wo2dQHZluBjF(J5r%dQdchUH( z4%P@au1HNxm)w_rd+xfQ{Oh?N0FHu+ZutaBqap{Blo6(wg1e&jA|1ouB+tP9RbBdZ zQ7^+YZyxsz126=GNU{6;vs?=4f|GtJ*5zaxG2yhyeSg9$7938 zQ?nP2EEpvb$0qU&M_D!mqdDT&%xbs!Xtk|jw>65ab!^q$bF*cY8yl9p7ur^MjGrbc zU0DBhcS`-P_(Fw>+}6t!-x+@N^b2)9OB}ZF{qE@cgga%ayZvykZQl}$*Kcw0`pb1K zcF^ryQwS=y_5Bsk*58mTufDjvN1o%kY9^*@>aXIzTT<#ubUpLtQQ_t z&NKOPVk6r1$V~<1Osn4#8&`k1p4sLWoIU*dfZDN8?>}AU{p5)EmlV8zlFD16elF*k zY*|l~DeI6CWqmMT)}CKqb3=ULWgmEIGw-WSj~3(O;m3G)+jPYh)py}|TD>l)&iHj( zV)t&>^;7Q=zK+<_rhDT#zwDd8-@G*z@2sB@zi`X=ikq+4HT>EYUmt$uiW`PsyyEiV z7glU_k?=X*7uXpSN)=nXV&bQU9~gdM^4Sx=6UD1$R=mblS>)W^Sid`A;-{A0qUoVn zEXK`aCyNN2?fn;X9YN*9D{ALfxhYcUO?vK~4IPo%IsK~XvG1xsl@0HAwd#vv_p!?D z)8QBJ`sJ@*sB86YhyLWUr(fL+ZZ7-mZ#UO(8y?=;?%dK?{pnj9+_Wv19=2KhwzU3w z7hf8ib`I}s6VJ_5)hc(6_^y6wY+;ILc}}=}P|scD%jP|Qe_FzSw|Xz(eAW@3muoM3 z>ebCl-B)IC&2SnMPGhBUIzE2$HNy2Z!u2)6^)R4>y*~9mGK3#ob^#b9g_Uz#&zD<2wE*&>-=Hc;s7jA{7um0(p8)6Hs zU9no^&iEw;zxI`zxwF#jX?{;j|ldo#(%zW3!I)v(GL3 zl5_7-UGqL;?{O4|y7y$i@9Xi?UzBL-z0c^#-@Y6*@!_ujvStWW|JApvjrxAS-XEZV z5q|*>p*H)ld?dv9N|re<|#DicK=z3l_t$)5hGBbjMWr`nR4sI9lZGwSb5a*1lF zk+17=jY#zmMZN3%#nNq_c}-*UwZ}#4dei>Fm95daQD0Z0Ul+RTqMDi$)RcmL6?ev3 zmr43wM`~z)BE3G@pHxeF2NUUzj2gEo*`WT(3NnclEb6vEoUsbmc zWHRbeZ;!Qg)v~BB-McB(p>l*2I@Q=bE9y?9db)<9l%7hayY;wrt-XK{>r%-sRXVf1 zx4W;mNBGJdr)pE}AWE(4%F-z_(AU?S?$6M_Wj)dQWKS}k=$e(SDN<|cy?WD`PUaDs znO{@WpoVt0iTvl*oiyi^sG#mlv@YG-9p!6|lAHU|Nj={|lQaFIk1!H7E^2LvMEyk6 zKh&4Z%<^>05ir@)-rE6odWECH($&;8$#iPnkcv%Z`cpmYi*85jQ=5|Ffv9hwtt-_Y zZA^;vX_YM|Nu~=Qt*cp-^mV{5eTlT{$(6Wwr_{WzuHHeaOQ`t1J`pxbw708Y(adx* z(Q%wQ*O3yf2E_D+ez4j&kWLHzBG)-RS!@drfserCDmBYf7JOtRB02QKEs_rSLGOzx z3h@9gyOZ6$=^@WM8+&>OGZDR{iQ))2P541nGX1^j#QNl{sCiMtswk68Z_>S4pk*-G zHd~|-gXyt?(xb$HFrQBKr;_50mA)O4*-Vs9UNn$OQw2?ie~tNcqH=l%(n1LAuQ%Wv zbv46YZCUMU$~YF5XD_Qsax z%yFkinSr*9nnf2<5(xi@giHcvRTh@ro#;vR4M?hs_12jKJsn-i%&96Mi|jn=ql~&M zMlV1Q@-j&ZVeW*e)g(wAEo|#zFMc&OEy;CIx3`$UIUP7FTAmm}=SlOmcP9GO`b;!; zj+cZJ=XzDtmT2F&KHaPKfe$adSuLYBM3Kj-mn1kRXp4;azh|JkO?8VrgQ_FXtOZ#ywjf^kak3V z3Q;)=ZrPMdL@SpqI(|)}Yal6EObHEnrIE-)jjgTAFIc>+sdr6ovH~@gfi>;Ro*nlFsOpUc7Ym%%+yvreI}Px_aBxOH&Q~h_=2Z``hcHwa~Hy z9qF5y)smx7P}G+E7gd!=C%wYND=4sC#>2YR*Y^n-?qp}8Yu%|(s8{$fNl9cictLSc zH=R@;dQ_Ikk=Tm`Jk9DBVN9|`)kSCo8x1uOVW`V;5wFMcI@HnnqToM2sC9 zn=e?bmpp@IW*&#KEWG3^oGDqrFOg;J4aT8AA)|ZFtqA}@HF$9bh7VS(8asHS-1cqX`d>C zD9Qf8q`vxA%AN(c31vlnlWc7t2l_gFH>?a=RNUlp| zsdid>M<#LnW_b&`n5pYL!$_pwi;YKnv^Uj}0cZZv8mvARqh^BMm_Gp}ppy&ERe5XX z=I*s5`{qw5WN-LteKIXg+bS1IYJZ)SOaH8>E7`MNcoup*iH(7p{l%IUz5U7g6TH8f zLv3%L`Li++>%16cF>NGNj}il2{m~|`z{F5fYIH$=P^i zYG?ri` zqa8t);8MZ=6uc~WMNoZ=bH@oT73?V-?i79beaSmTj}?9SbG`Eysr297xhz5_Ox6tB zwyG&t&e>D5L$T*=RU)aT_NM>2XnvXK{t3aC1QXw;Y$d_l1jh>I2~HAxS^1`~zO?(< zUp@KQgAe@R-f!J~=k42Xz4?ag|LzkXz3Pffhx&UrtnWy??|gNss`^1qqg7QushU^2f3RU3Yr!wZYXGI zkggC+T_hR{W(wvA<_b;{oGe%&cxtg`@Ro=N1oH)_3QiZCAvjaeC|E97Ay_4Nm!L&J zZ1Vr~DMwteC;R^g?Z;O5|A*}L-OoJz%;V2wKi%V5k@)LBOq_GpRQJyDmv=99mE*GK zwG|uaSoYgF<72KuPgI;V{_@F!#r<~Z#!1=^vdn7 z6>L+e@&-V>aHHV6S-x1ST<04%^r#z{}SOFAOxiiFM= zEzIkTH9B7?oe^}$>Jj>5rS!#s;19+@kbu~>CPX1@7^8Xyyu_q zyyLbn{^PB;+;rn-uKypOyyohUe)xk|UViD&rYwT0sy{tEJnU`4H+3Q_@*5qhs(;I; zw;WZ~UwxV@clyuo`OokB&pUp>^?&l8-}RsO`p?fj!}ZVm&#(E<|LZ>~x~h7d|9q$a zJlTJKUzJr=|G^@}Dp7=KK}^IsZk@PxYTq{DJdb{`2?#^F{x8`%7H^ivL{n zGUrYHbEE(4vd=$qz1x58d6o0m{pWeFbN+69y4lF&pObd47BXw;FMr&($4VFQ|G}M? z3vo~yAw>$Y@Re|0HQ9NeZ&O@8pL9V?H-c_BEXdQ-lBvU*G%qN)SnvhGlY;58&+UR6 z1=|IW3Z4+`5MeKkvhT&#UFT zv~2J{vCDt8MOVb9$Og^XgEpS)KTq(V@6=~psTJenwXV8PU+nA)xwDsYXLC^E{<-$t z*>$}EGf}KuhA*<lfzT{l@nm^{r^k-#JlJ^v4I9qiLzW=!OyeIA8 zV>8eRDEC@m9k3oa57+=~1U3OZQFKVu*f5RTsetg{ql+S=9o(D`@VC=H%2$4l&bpJ! z)AZvIZSIX$^Vt)PMg!m>I@sTC%7nS2J$&l}E(Z1jpDOeAQPeNK4>Xv_=bOmz%v(Lr zRM1te15iPMX(3Iwv3)*8^_={t37S zcq8y8;LX5WfVTo~1O6F!JMb^SJAiir*8=YX-VMA5_*dY)!25vr1J?l`06qwO2>3VP z!@x&?j{?^N9|JxPd;+)u_$2Tt;NO8y1OEZs2z&zz}JAgfUg5T0zl8mN5>-D#!uqtojQxKD?Uxb}@BF3h|5*N= z25PcrvJv`h=KD-w7BCxV0S*D?0CRzPz@nzXm+7A-tMlJgRPUu+3dsIC#wJmtTE#%glMrQS%F5+B)@dQR@{8pSe7` zcE`(K(R%rd=I@GDJ*t1jl;h{)#MY|+eXUbow_{24zKyL>Y!!{UT%hl(?w>t zYSw?kl-WzJoEo3|s^yImlZwCR@og=RLgVrMGarA;2{UfJa?0Vg+Axu4DtIF4veH~Z z{^tPC1-=11A9w*U>Hj@^{@;H=-){nU1K$F^4SWaqF7V&L_kiyMKLAc{@cxzmm(_=V z%JY%9HQzU~Ctry3mkjs!_4JMOABcwvao=E^i#vt}NAj19ERJ(MJ^A60cyIndQNMH# zjqHhc4HX7*BgHsZjQ8jJ``hC7cyM%}o05ihDdo~azCSmT?~Qx+c)k$9QB$bRa)CA{@ZSG3gr`jQL;4@5&eQgFX2;H`p5&a{CSIw#6+iE814Ho!q>w^t-i2 ziB|Ou<_ZTk(72YCF+cCg?Q?93xq*D#-?uA2(#H*L7K*fMsHe{w**-knp9jybe6c7@ zTKDhi>)At&eYAX6VQ3)UG}JrVpKl)-$?+U2`1jR$eP6sJ9v$o_tBO4k=L&i9+e6X#As0*87lC&`#?MfS$;0Y z#nJB2QS@JlBwt`~L? ziF2@1=)k4L;e1cuuD+hQe`x>G{`|gte;M!Gi1nivnd=!DrND0MAN6Al$K?xsIk;^N zU7x=sHvrj}Sp91{J4-BA#yB)9w$=;hUHSah(QXhFC#x69SWa&=ILn@I>qzfA_Rtw+9l#us9Wxm z6VIt8q4jJz4eD%9elYH#z!4ECmr^NvC7iG`Xch7!g+6$f-^<1CM%YL@N`GTVj@YXjq&eneeWs-(liGD1ZS$T5tplUzzyZ{ee%&?Nj|6*1mo-AqP;Y*5nY7?y9HdUiLP_x(GYyXxhKC@Z zp$UC!5fO?dqE6dPxw>MZoFJkkp#uVkB}8hAx63@4N{EXRQF_0(S4yN%vLXrMDH4ZL zf+;BTaEbWpa4R-6E7xDdE`~^D5D-*d&iVpz2j0%Dl`rbJ0qL>b*uTqC0eI5=Uzj1tlrYj9$FZ!ek$ zPE0dl&(Pq$d;u>6vCm7+Q*J!nBL-PBA)}h{(Z_XJh<6knh=(8|*6%NU2zs=Jw)& zfdOfw9#iPUxxPYZ6$Q7ntjG3_jN}J!;Dl>_cOk#qeJ==GE&nnf^m3PpXBvP1{=^|~%qfuqITZYq{jFapxuqu7sb45w35B<8vD znzOT^^NAE)812EbRx*daN~2me!^7lP2bl2D>06<~+WcUUIG5r5@>OvnNAiPilfg&r zTN?P=YOPYj(zue(zCkz|g>8DZc12Pd!G8Crly?R(O)BW=e)L{(WlKwYne|fYXsn>d z7#V3HEDhEzH#mX|n)Fz0KPzat8ahr?9HX#St}G&d!wKnH7q_*jO(9XBXeblT4kFZw zbfFMJibYFGR;hfuXmQD#kz6KzLSl_-=_#m<>n$!rKgF#=#jIxViA+vvF{(-*#dR6f zh(;>X3{knJw#BaAYluK$XcP{Vbo3APAS%Xss0+L+qzEHWEj4AqcW+SL!_bEkiWxk) za%DE%0@{^Tnu#Qm<8sL%HfWG*tpCJ}=9wT5ZHe&=bLif;9v;jCJHL z20QBtQvO^r2uNfYys+bxI~e2jSOqnRDcjGOQ_g=%LtE-(Kxb+Rk*B^gHKaS1#2P1M zQ?{IXEFnknCQn&$(1c6cGT6)T%`lWAl!ilq%U%KuYQ$Y;CLZH&cF0DG2w-TGE58_* z&)b@R`e+{W+G~oqQd^cxqe&2>U>O)ouD()%Nnx#g#>o(0{W(0^%`jiKcev2EPj&#@ z7=P-w5^>55LJw*Pf-4s|r6je9dz5;sCP$;E% za}{Q+7Zs&jk|3CrvO0OYcG}2hSJx#20D*5S)|7oVvt20 z;23nmvT&2=*|ulwS<*8+d|6vdY!1OG&0Q7#Kp?SPfsUXM!CXVqbiyhpIW(#l%_*ib z8wv@0Ai^M$!H(NPiwBKC%ScnUl){NNt}U75WKdj*fjLq*24lP>L}yHF!^WSXTPivw zn3NI`%A}5W4EFc!MYELK-CYVTB>uxIOWj}M-&fUUCW)Mw(;`C>GEuaYyBNRPe@((F z<)BCKugE??qzX3n(VGo?(F+>9iQFpNb)boVhZ&@tl$^Nh5` zn}-k%8&H%RKSn+E4w;!uP++iEZRLV(D{A~kFNwj6J$v$sY!%NkQ*2(U4`58G$S4#k zSX#|gl0tL);b)P|8EXt4jCXzHfB+<#F&UHh=5Zw<&3@v5>0TtLcA=6hWWee(RLehU zxDRDK1~_5ar`el^G#D$%Q>pjlWT6i&=H`QbbI1v{N^bfF%jP|(G5L~-F@f-+wZbcy z4v5A;BVQ=4jByG221W;*1NtsC%kN(NK<<)^U(DxMm})oG_7V;;H$Od6G=55z=1zi* z2`|kTh6owJX+!ZDDDAdvTIi&;v_?B*|6?Xh#-$<8j~f_ z{0y^PrcCu1M-J`Awh!iIUTLjNlR0+QO*IBy6g_5iRuuKs`LtH?NK%B6U8R`19x{oZ z*l?{BjdG90M@kjs0`Xwkhl!_HkK~4j3qyD+vh8L5D~(#l$_*4pf4Q?cRFF1EnLLrV zhJc`{+dI3sN=`ITAcRT~9jT@tN?g_7H=rpCWJ4jXprBJIh2h1RzDne|6@giXXb?xb zlz_D{CCW@eQ+RSa?vdEYjcPJsU1?dzja#6MB# z*fXGq_zNa3?&&Kqi=*)?+$s$k%vKWbDqBp$Q@jC7m|T~Uk%W&8h7wVby-7vn5(MK` z6l zaJSG^$$vD_l|NF$DNZ63QZyE08^hUTAu<&3Z^s36;Zi3j^PVN=0p5}s4a8Q!ry9Qy zMDY=Hyr{=-7N2D@RB9ZG&dOba+@_ooBsHb~R3U+-xX3G-(wl{rsWKS5hHRD)Lx&mW)iTl=!jTttt$$Kyya?Wt08P9B zFjCKGzekh6lKf^1r1|7H1*M$O3}eTnxeYGWrkyv^%Qc$ zgc8zHQ%xg`92hodoY?cQ7p)oPvAWs+U_BS6AJ#OA;a0APe zD~!iAFe9i6j=cm)^85ORMvI!blPDMgbHab=$k0+Xqi2X9V{v$hX;lqvf<~?ow#?ds zBO6o^ctN;e`P&0}K10LQkNFA+c`|DdcQYTf3!k(%U+f{4PIjjVx*6ZiV;juKSg9pu zD6*hKF@=gjjU}n>j)ZzzIKfP}vaRlFmns5@iY9_WNkt2XRPyvtt&BulysUx`XG zqOvGp^RbpRRYwVdwh*64 z%3Tt#?%Wo`R71VNCt&32U!Z=kn9n`YuFdTo9ZTJLMC+b(Qm{Q|#RRgouBL2s5;rR` z?VwCi=3pf@zZ7o@6k4VmD7AxfE1HdVOluK%$JrPf zFh3eWs>v{=PN%nMN{KTV?sRp;t!7wVg&^n@X6!~`CIgJVOWb4hrx~RJkz1UVB33N$ zfvBH!rUi}F2dN@ceXShU0H}7sGPu~ed^fHcD|&(o6h}~_5G}F_0=a*+R`4jgq@ue= z`)yLps_EK_c`T(Ompn)Y4kbU_`rAthOzi@S+iim%)(H7v&gd%-M(vTE)0oj}OqC&? zx6z|JaowYR{Uhc&$$=9_!rEvie^?JnE43sfK@3P#A>fOBRSX#QG8-p%Pe?qvH@}Oi z64yHnuDXZ%RsMzic46n{_Ej4@&7O3u+1S3ei}{m5eC;rJ5*`&*7*;N9p$p2>KbV!l zy(rS%3?8sA{e9i34s6Q>qXd1u#mP)hRu2Yt2+Vtm+lLK(BjYivbplAzy^V1#R(Fx`mrx=Sh8`<>ZcElacBO~QXT{bd$WSM++QAoOTk zX+p0?k1C7@nibtyjzdqlOIf#)fwm}~puPk_MDHY)Vo%?0MIC)PT8UiM?5S?(L9_L- zzDc~Zg(9?Ei4{;1#UbZtk=h3Zr5-?7(veL%rc?{=U%r2r7@rZ8c*As5_<32l!5p+n z2HHOkaY#w#v=p-xv6j$mTHh_3Xp+^v0c*ZR1F z@Q}jKMii8XM(OTaGJH(w;80v!xzVyWEMdZrBdIZV7-UK%RhT{)%7-Kg1E5@p$!e0v z#@&o~cJ=KZ^@y(dJU(bFu>geyWdx!XEPxQvRXh!XLO03F8Bc9!R2>?HE*R?Xjb90Q znG#{TVB`R+?@ET7!b@^nqc?&AI<$>rE#RKrh!<#*+*}cB6DU$DqJg5Fa*b1+k0`NdPtnoZC%L%Bjmen zZ(EK9seKm{WzF{|5eH@7wE8roXV<#+lkv576MkZxza50j+RAWIVztM`k@0599{_g< zT-K6WO^WwwBi&@BTdMP_GEKUOeMjTEp8+Q$3+^Nf^;t~!pI^i;k8}u6jcgFJN z@uqc`#%oU%+m*u=XT~G{q~2x`LR@75D7*G%NyD0OTxC&Bvty%Zj$s+DO<1EX`!IptRskkUdHkM_1B3_ztc+ z6V8Y0!y07cHrHv43K`v45Wx&Fio>c}>eNGxB8r4CU4#3m+`?&zSLdnIhCgNPlc1z| zbcz3$!rALdJC;7^G_T$oU&9|r`F5+iSjt=B1|+t^yxH*_fmX9f^rL68p%P-`xSIJ! z7x<2Y7>TlZsPxEAo~@LOwSsQMpRn6BDJZ??BEG0*&0c}Q#BsaVIU&CM3J zE5#AQGNKSeW1mCU5Zf5YQME2KHBw9_gm;OVe3Vg=t5<3b*0RxI*7fC=F#yQ*zbc85 zo2jFJD7zyG5toA-ruk8ZB}9Bk9s&_AW?=vxunrS%7Whfl%DK)sm9WH424)-b2bS%y za5;A^Eo+cNJQ6KPBS`_FFV7WI2$UI z`gnM6Px15%&+rZ|GG&8bN+nEQF>jyp^g@R8c#v6wU^aSe0>GAwh_QN@VqpPOnf=7( z`oUPwInr4de!z#56_d}4l(MEAh19m9d9|$i_MmG^F$=P0=tHhw9z$Ane; z#x}6!_9?V?XaEvXp&N=p?&R-e^{uswlhdEZj`im=oF8WKXgO4BiS$P~DBJ zrSDg+49F%1eHXYFwQncv#*zK2BqGg9(M}Ze#b>8tde-Jg$g8Q5WY|LD)G#{`AxKJT zTDLThiWru-p{xnb>v6ZGIMi>>cjeS?n4YN^WXtI-tw(N^blVKIT4d{ileM|fB{4RY z6CJF21e@J?51S$ErKJeupq1$;ET1x1ldRGjo;hw2dH!l!CjR;HG#ufmllo6B7 zFvEi{A)8~8O0Z$q2vW^#ecy=W0-w3RSN@Vq0|SLKMILm{X-xQpXsWJ~;9LYk3`i$w`0^GH|~7NIC^IjvcWLv`#NCO^fD{^tgTNdShpe$3fDTjDU-2P%UgM4Q6&w9hRqJR_m2n46(L~K z2?JBuiS>iG%Q1yO%#vdCrBbK}{l|mFqz&%Yf`av-HRSiECLA8vC-`Nw+(Uo1#D475 zRFp6@+UfFXa zxxJXFw5fy?p}wTel&_ifp7e^a_LymK8yDdJ!}7`c60PiUzrf5&6$%w-74dqBJTe+$ zTb0IU+Vxl@oNd!Ted>qiW*dj6{1>UjmH0#9uerIoZ&zziakyjTlK63ti#PAsxN&j( zj8uw{l23|D64LYgE2)ZI^F8PBiLLrk6*&PGvpOMFNa?n@`LbHio11;(9UjYQp7kbL zNUMJKF_(r!M4imVm&Oa*H!&S!)sd^%70ugn`@6KnP3o~X)~yAg6MvvGS+qTBf$>%)ISVOtwnY(#}b!+{QQsDNJo*cagx+5T%HCTO7{U+qm?wZAr`fQp*R} zwr&eaaj$WCsV=UaUvKZ*KRu{A+?y^yiDnfAv1f@ejQ@Dz8;W4%>C9m7%4U zyIxPVT@j^Rl`tdg3b^_*Cq%a!ufL=^tUhc)I1PZ#KxUi`g67=J4tRggZkW=&=pIJm zkfMhr$y%gGtM~8GxdMqsCzYhvX5_&`_jnbs4-vEw^pXho4Wj?qV*uIHrY>}?Gyz_p zwoFsXXps$$8m=gMIMmy#bvmZOayO(|7ZgSI{(!)^3!8fNooRAL9Df-0Fp z95a?H^o;t$(5t98aal1XbHuE;4Cu&xgimaw%slH-oAz|Sp`>#YUd{Cn;X_oj-TKwZ z2!?tI>amm3rdw=Cm6})=6;j4g)+I5DSPSpj_TV|PY@t?c+a<&Nypr;@7*=9w!%UqK zuCJtlgNh#aLpNC4WtNVXF$`PH zyk&{xq}MByMaJi+su}=R<%IyuzZVu_`q^ zVcOEtiJyTE2xGXEtlLyE`v!(JWgv8NqYOit=Rl7nM;a_4u;M4;XhNFb2*a{QLX*}? zCCwu;)hIm#y5$+-J7~^&7rSY-R%E625HMxcJ-Um7fJBQ{xRZH3JNw4uuV5npPRcS$ z*#?cCq1}T7?tSJWDZqDNX$`BfYSNUXU3+}fBi=0LOFMZ3)sujbDC>New43NgIYtdR zOp5nYBeVuVkwi+!I1E;it8D`oKfa5;AG9E~25$26BtKeMCiby4oTIFnBeN*I%I374 z@}~dVDjvDUN^AmMf;i#1mgz<4wWJ7{OV%MuY@29JP60}$>KCiOoFo-LC$sk~sE{Km zqLf|9@&by4hzW|xB0ieDG*EYxm2;)tVk)I3^{roOPrFzn$+*Pk9-e&K=}#p(fyL4j zDW2S5alf;ND8_Cg=2W#)%EX&qk$Y0y>w3MWW=`Z9L9$KQZgv$#Zl&#JRl^rmm+U^= zS{ULmlVXuGDzuuxPYbK$Z|@9aVQ+J3*R5?fgH;mG!-cAw;IbV^k}I-~FW3mAKx7F+ z&cyrFYDQaMVBBS-c4Cy5T%dSVbzm4) zybOn}Dzhaz(~j&YBkX+4aXjp9G7?Y@Dt}BW8&RVgN|UNpCjJ$t#2DoRME zK%5Gt!B7&;qw>{>B~K{|PFRvDO;n(1KvO3+Afr3RXbatn;cG#}hWmN^-nNJFe$YrdHcc%^p0EbY##GdSVPsU9?3EB%U>SMCby zV3#(jPwy(Ne=Rkkq%|oXdx#qHpqg!xtO#tH{EsL6Wu8k3?igl<8&epT)Ik}+Oa@QZ zl^`RFV0k;DlyK#Gkr!43o4`DH72B{uL8s@#(pQei1JJa%?ZZ!x#*5{ltr zv2D*e&iPx`uclGpUzLC09uU%tF~J>sW{Z>Dzrpf4KT*3yinPEK+(wq(xkf;gs%ws?8l znPUqL-?!>WodxmM_O+ey!jo4VD)X^`nE56>>Eh8ThcfM_)5$0QCMhsUfk_HXQect- zlN6Ywz$67GDKJTaNeWC-V3Gop6quyIBn2iZFiC+)3QSU9k^++yn54iY1tuvlNr6cU zOj2Ny0+SS&q`==81*Y&mcAyhj1FQv}0PLI^MZ-YE3*e6cUeD5scL4YC^7jS2{Qbwg z)q3u{DEb&Lc>fOY`QxJKr@$e{^Ge8Ufa>jiU2`4eNM^I`E?BCg98G zMbR&Sqc(u|)+o9Rc-)RC+67$7i`QQY!K;sll!?%7wfm=+m0CxQ4=Ye&N;E6>9iSF%mF&i zJ0{w4UQ_f0V2Zv()03yO(?4yC=xg$T%a1Z!nq9PKX@J;G@cQ%iG(-(NYG{h4&5c@aoYr{v+#8P5Pff@3 z%fcu+`p@0}(i?No8`2%KL7)ZLeJDBsm~#Zrf$PyH(ktIibjwvoBg4Q6aPeKoiidvp zn_vFy-rwBw!|#3P?r(hU%U`_h^EZF?KR)%bk9_F5_rCj`Z-48X{^{!f_v%-^{HhoI z-4zGYH1zv9(^mZOfd^(xkD421ia0Z;eJ*^DrcS$w`>E4Leyr=LU0-Y0*V%RLPxO49 zUGKeD_xIWLy!&;(!LDn6VQK8zZ`T34uKtytciMF~*BOm-qG^5HQ0rcM`i);J#edm# z_&2(Lx?LahJKeY1^_<`9{#?86wCe?Sz3UHp{&l;4j~BvEo%VgZ-v3A4|I+TMrxU;lT0xi{T} z34ZxWI?uz{>~u8^NEqzBD4MlqI=bN2#+DnWH|%L>xV3RwNjn@Zd75b7-9i6-?gZ=} zaCd7IeGAxhqTBl2e9GQGYiSfc8+a#hEwHmKiY@@213VX)w+wp#bO5V?4*(wo{(HIm z3iI(5@V*&XMYfp9GVK<+@zITk|f8zQNfAIbP`mT5U^IP8dhS$C3A71gY zm%Q)=&%OMzOZSgF9ZzH0oZBP=bL|@6q5I?PdWv07wd?9H>UpPKpKjNJUEg@8p1;Yi z3%;cLg?8<<>l(X$(XMye^#Qv^UslR@+Vxtye#Nd|wd=iK)35j0wfQdH&$R2luj_ul zU9bA4?q6!x=iROQ=i9aKJG#Hvt}nFfi|zVFyWVNn`@X9*_j8>ytpjD?x(=-$&6)O0 z)PjF+6t66iO#Zq1HJkr`o95r_WDnynzf5D0{UsZNKUbb?3@Uy}HOD-HTN}+I2;RXl z_2f)``V@S0`RWT3fBo@iMo~NP{IlG5e=DEz-@kS?wi)>Su+m! z-~QKp%D=Bba`MZck08zvq5qGSK7Ba*`6G*@~Ls%8pd=Q+wA}} zzFW`OPGh{M02=3gknvr5tas;mQS>E1W4_=2_E$f@?fzP|*S-GG1cAfn(-5+AthL7vM z(XMmtI?t}(vFms3`U|`M+OE(2l+r)Xu2)4R-}U?=yFTBpFR<&s->B!Gw(G5S zz0Iyq`i!1G*{;w0tnM$f>w7<^`}f)PHoM+#*TZhn^TX}B>hrqqumbTlM@t zu2Gw0@!{;FpVLnon;*&8T;uaEY>J{=f&Vok|CcvO4=t$}4Wa@{@-I2c>Z5I&@!z)K zzX8L*D}ZkSzXguo8b!wd=L3qlJQGmdCBL0<0PsBEYTz@#-N3XRQS=yK32-(L;xoIs zf8I{)32@1iJzjGapNiSs^fclt!19Zt=wzTBcnR<|pe+|gmjl-WhjioF059x`q89wn(#nNNT6;~)LE54`U^*Z#}f-h9pLU;B@*`umr@_{ymIZ|byf z{EMXHn|8hZUAn)+uJ^r1_xIcNsDIV{(RMw_uFLKE1iS9H>&xx>QM=w@*Zb}IGrNB6 zI+bvjU84`^zQL|%+4XF@KFzNC?D`*e{k~lvuxs=|`FB%4gg-ZD1sb9XFE+G5M9qD8hUn=rc{PHK` z_FxJ~;Thz0I-E{ar{%_}QNy~XY0)eqC^ycFrmkzcXUe;$9X8`D&C@Iw5xY{FmShk( zBN+tFWDwYRYa`jGMMpf`a(FVbcnQ{$xZah)%i%y3gW| zz)wdL68c~9cM?`>39uAs1C{~HfoB0LfKz}|fzyD;0;dCK0A~U#fwO?KfpY*g_*_08 z53~cTfDT|a&^a6Qc7qA;3dK>it7Xy2NeqaC?1crcN;ORgCC<0di6Yb1r zllF4pIZ2-9^7+!_KC6tE@cUK3%Yc^yuLAxacm?qP0Ok85@M`Y=5zze`lTZDY^`~@i zCf!?rw*qei{uy{X@Grm&82O!ieh|niW9;(}k@nw!4+9?oJ_=k9d<^(F@Co2^z}S4X zzTZT;n}J(^{{-#;YNh)k&+i1jI_CGU@%=8~HDjLFD&x=nO#S~nAoTz9xqkuhcfggv z3xO8_uLRP#ssHso-T&&xT7P=}I?`Va=w9$o++PD+3)IS!_3T}we>droz9IC#wJmtTE#%glMrQS%F5+B)@dQR@{8pSe7`cE`(K(R%rd=I@GDJ*t1j zl;h_|jTLkcxV*1*%IkJ4iQc!dHHuZ}*uM+(U^O-*+D^N=qkgM4YP=$fr!Ah_cFk4M zmC?wz2)PKU1*-NgR z8lU^Bb$t|^*!e8Ymb+!rl;%h}Q67d6gcZh8uH(^h~AvA?sU_Q(J1fj3%7htWBC zI4=h`_QQ8^w3Yh;u-mS~(H@?yF>V|Q1=!~qQ3v?^EINa4bE8$H=!K7C`Z*t6VkL>E zd-*1AR}1I(Olh3~Ga@uq28}JwHh;Ook{gq@Fh> z^`dC;{DjTYL3@2rR=02PFPZ=Xtv-eT8VMK2`#xCb6+ z;FCY@)KY&Y-r$dC-fK$7Fe7>9!wx-Th>|>$ZuYz^6wn{P&a@k)!!^|(cg#}pr)LaR z^vB&Hb~7brjB9s#Ru-gbRB|E(>_n&hh#9QtF?dKce9vQ9fk4FhBkfW2$#wAN1|m;g zSbCxfPw9=K`}ahV+RRfL)(}04yGHXJoA?F}(QRC((zl|>Zm!d#b7}aD=mhSY&6}GU zF%3;0%Hx?$FNimU_aR6Uqcgz&9>K>NU@hc_#1#U>mRp za`pj_gm5wNKH&Yp3AFh!z+zw{un9Px%1;2+1Lpy2Ak$jljq{@DO~AM3vqA@W5$L@b zIQ?+y1D*;z4VZf*vvR=OfeVkuOQCt9>5qYF%<4`DwgTILrvnAxdnvicoO;qSOzQy?gG9JOoPDFfqwvA4SWXpEO6#hymg?DzPuRtN8mNU z+n3=90v`pg2W~zYZw&Y`a1U_Rsd%rz>wz}_Uw{v81s0ykDkI=j;548Qdvr1I;6`^Z{=M-U56MxCwaQc6bH24fr9ja0m4QUBD=CDexlT#lUsI2Y}mm;?)8- zA}5~#BrjhFz5yJ0A@~Dty9low_z>_bU`Y;KfDzz@z$by*fnNg4y6JD=x*p00o{a2C z{`!D70Urjw3ET}_nrC$p@SNRvp}=c_*8%tKflvD26QB*)4xA6X50J3la2&M$L{rWC zYaUzY`4rEaPLsY*mub&uWTZz%4y7aK2E)c10*W_rD-)Sqs$~t z8h^W=nUOvVhl6e7!QzvZK2581nlzs2`*eG=a89S0$bA;AvdYg&pM_@@4zn`)C`rHd zV-P2u7tyH4w^ixWv`v?jReo0bEIO1Jm7AnYlbx*eHE=LqonF6PRlJ=gcUk3U>4B{0 zS>&)w+Rz_&Fe-m~hN{vZcPL%{ z^b9f7A9pY=e|m5n^<9)EfUJL-?S*>i%)&XHW+L}lw8|&oNb`G0^o>Ad6k|5fSJ zv`v?j+)p@t79C2A%1u({r2n59%RH?9f8y1JK1kDl96qVi8#r(E#+6m+54QX){;9!} zR@Xtu(S-Re&`F>(f64pNZtHi*wd^|6utr zOMi~TKNG?K;Yd@Lx5v@dX?h+kZk9Kz{H(r6^HS=bVru`T(ggWR<6QTi5+4Dq0m58M zKjmqTCCrzMof8T3A7SpJ-dsg`o?`4AMVONaa}i+x=5T9$YIXQciWr)laI+d8pd{P?b}SbL}US{-6AtN&hdy&-+{O z|I$9k-;gi(m-PRlv~OK9h1{h3;$ZK|{s>^w|EpZb@u#facqrFxO!|Y-<*;W>U+@2> zKUnQ?RQpYT{b{N(tbS76u7}Exd#K8(#`&RoQjKAC$<_3!PV?9HWFk0Mw|yeHCX(i_ zjT#RQpX!!YQ|!T&{O8P7-HM6S-iop>jjl}dSLdo-a<{s0Iyp+G$LIu+-?aO#e(fgJF3;b*i#?~L z?<6TxQVVRg-9n+Xg9icZ|gKY`El!j4ZtRVrLEBe4`_w- z^k@fb_xA!r(SELnP>1hUVN(h#>GvhO4@UTXkoDa$|5|J<{iy9p*ko(td)PscXN7z} zYqmF%f7JFB#KaDBQIR$Iqg;!m7>uUb-j@QqWcv7RKA04Ez6&VWT`%Q#SbEi{eKZB? z+sLkiLH@`6@3blJ?3WIXpbLoei;aD`BRP#=1E?SMEVsk3rlPFKSFIrL< zt3BFRAWU*xXOTY7eSgxLZG86dWNHb^1FWAv51iE2Rism|&4yy$2JOvQ$Fm{Bz5sPX z>-0-?yJqn$NBergHD@VQ&Jg^cZrN6&nV$6UTQ~TLGIMPI#BR92Dcf$T)E@tRc11f^ zk-I<()t{~86jeva8~XTw_JF_*;+$TtdHb#w3ctP7p}yF|=P>CO0qqHw=$BbYLY{na z^hCo#tx`K$NY&5NTJ?!D)SeOkiI(cUPV$MXgykG)AkN&yecpDx1m4L*^E{lRz824m zlLyG{ytkGzwNGZh;XK{;{Ah2AbIRNj#dF4UYIT{rh5d;&u{{{-c#l?6NcE~++Uw(7 z?!CH=mTCV^f%ZsJT#CKDn~Wxv?U@Ux54wsqJ8}p6|kKb97{?jxBJceo>7b zhWRGy*vzvIa&6~RIl9nHIcvXbkRZvkQX1O1)NyE`KJ}aWLiAJFqMoF&Lv=aQ-$kRTIQS5-bEy&r;xgCuIm(b; zs$FW}z$Un2CorE<)K9X0E~}j-c~YR(*-Z9URh!BbI^B6DUB-K5%wJJhRfs~xulHc@)r27k$T@l zs?)jah~8<}yZHWCdUY!`NDjqw9fpZKjon}-k3hRG)4UdAog4?XL;h0>J*oZ{Wn5n6 z9e4=~C+KGh!=*?;Lv$vtWG=dgQfG2^Dp$YjEz z_;;fl+2@;0#|JFk@94>E>ZW@t>6}W}X3E3Yjh5rJ{pZnt;)iBq^m!{~7gRci(Q>_% zPq&nd=#{1D;d-t7Jt>uLN%V58eQ%xGkIvv=l~BKBzh^7T=a2;P$bW!)b_-87ytBqo zD&g38MReFW+~K9faTEGp8ebgz4gBHm3?6o=_-8maZLO=h?q(4yYx^)zc=HczO1C!v3&vEEKAe}O>AIXGEqD(- zUR&$dlZdy1&v^3uW75>;`orqZn{22PP z*`AjBv!3jV;w$4Uic9)*CXL7H(j&n`>rhI%I`l<7zP`ustS6cEwB@muJLuJVebGS5 z@%ln(>R~dT_F5E+x5i4AKb?3_v}W?YM@2@F&jOoLXY3r{UQr5#FCn<>@5+-++GyvgbD+Ok;bd#_Il(*R8cE5q7_H`EJC1_e1JVX?V|-F_(Y1(iw2_Oc7E~R z@F>cumPZc2g`(>jmOHsoEcQhe5V z!y^rfwu)ww{R7ZNoZ+MFa*U{-HVfm0L@+|cM^W?;(O5?riVKwMYBu^RBC?izik}qd zv5n*|l2)zu*_I99sIrAYo)qd8#XLODpeUO7WfhpIgd%O&z@0}=LTgpK;wOq@h$l5` zQp+<@{Kn6HnpsNWQ5}EUMC~X1_kvgH^R3^X`L*Qp&gAn;$>&#+&#&t9gdg_&T%Vmk z?E6jf{TIpi?0R`UV(O=dsEXun>b$GpB0+Z0NGHRh#+L?<|bQ z1JPL*I_b{Oxzl+Z;%5Cm`S-t*0+Z`B!mQlnI*o~}Vv%1gFJ1Gw8o_HEp}EV+bsCfF zG&Dv`kMt+kX-uxusJEtRa-D`&8ceR!m|UlEFzZPs*J)&}Tpn+3D{HRvZ+V@@}mEKNFZ7Eh+rr0=uzK-Tkg-t>J|yRx2Vm7hiD zbY1EDEI!Gi|2TY7MNgc!gQEYzmY+qRbQ{z62O&q3=Rali-Q@XC?k9}HOKBbW=e#!= z%))IP{cx~&T3uOX9<1(7<6J}kjMXhvTmDPSc>10cj{w#Hf9vOerr+Z=dHz$Gb)w6; zud(uMBCCQXvL0(9<!>q?cr6TH>}>w)utjlksjPk#&R zN+;J9POdA|-kph_jy1Wiu>P4gljlE8p8urvm6PW`O`iWWdHz%RJTvX}pFICbCq9OA zktWZ7s(&iu1fk9PfKTV>1==;=Y*ucg?B~hG_847{@9bsHjqyzgoSr-Y+@9q6TEcxdHEbJy``a@ zlsXeFym{gLVY^0}5;^tp=E8>zF5@g_>^hdO#w#sPlOneF@drnczK z5Zdi4JZB`Qj5}_se=e)m)GpnN&VKT}Fwhf4eih*ny*<9sNh+PHrV+f(DHEoCexG_l zsYNZFYopWQyD3{~bl#*W8-80uF74VE^>q@U?sb-%TEC9pRP!J$?WISCDKossC4C-T z3s3dlhmGXn+%jmQH&%4n*>pN5(ck=%&QU(qt%a1rPVbWu&HQvX(P@Np?euOF>BDd? zn@*O~_*^ZCsZ;;-=7Gv{2P#hzRNweXZfc9D;cpFc&Yca`>JRl$<;ijLtXGvYyoAg1nc4Gf9949P=Z8+~v-*p~cxjenY zM)cOHgZ_RYKmT8)>bwo{$1Lcp+J(QjLDcDhTA^f>8`>%?^d=d--9WgL+3y06bfl5m8MemLrvFTdMlFd zBrDta#d%%t-0|}QWqbX78fux|19CW$t9Mu^VkWs6uv%5Va{CFA!_+tg<#a0HY+5V2 zs4bnyzHpTG7%@q8&80eY(x&h&fU!;>9Hb1rIm1iTbMNoNleVg_{asDv_xC7rwUs{e zlUDVfp`vLpmk`yenzkA5sI>XkW=FjXKv;6n5?8PxM}zt@e9AEg1l>v;^*^ zHp$)rVh`$3@qnJ_-7)HAQApes-r;bV@y;byirV8Rk_h8bXr-ED%XV|s>7LWbyM=$! zVcR%KTB)Ubb=A3(YJuJf<2Ixd%+#AYhOVmBTz$pN6;dD4#TcKUPd9bGqyn zDbG31sUxYC{+LM`w_?)B;!$0tkzgT|3OavD*sx32bX9qs!B`ieI(A8GmPHOkLtZ{F!nQm)PC`eQui~isr}xU zvG1H2`*xX`(9hd1xltdfzoyXx!8=*Y$)N$?z{fgsRkaS;siA(-r}%WiI4N}^sM5`( ze7)C5?<)%L`4QE&QLZ$fB&O47tKJaj6%*MFr-zO`H&nJ+l(^XPs^6V^Yx_Yu*Hmv5 z63^*9VCggF-5Ut+f|*W=J}^*v^-u$+E;n%cxuin6YJgLRPd5ss&vJFmDv!b~prqN) zaa|Za5FN_m=mng?Ui<#I0AC7-BqpNtUgWiIaZn;jRt#$TlBiN6HL!rVn zyp=i8BjOQ$?TvoIlOgU_aHjJtdQCh#_ME>dHiNi7`UPIu*tfAwAM%WNRuG&ooM>L&s>V|~<)^s}a< zP4mzMH$`veP=E%wVRM3KJx1wD~spGvF?E|CBYtp&yLI3*6Z_@RC=CiyRd4bZD8cmE~t=3bDteJfEwC<6gCR?R* zy!DPjSw>l_Ezx6)-`tzgyBK9(<*CU!YL44;X&iPQ&t}7g^3G-dgo$jXtfM@b;LWOb zc~1J>-<9S5f%|2R*p(uEC(qeOoatXxzU0MinxFRV?_O+(-ivK3(|e+Cz66pwG?rOq%gR?)0vLp6G|9c|5R$ythaHW1o6U+L3&}vGJej)2w-pCsAts zXtuwdqk+E3))G32$KPD^B-*Ak?Q83wdT*C-OzO{Tzl`>1Chz4~z1r4Awpwq@TnZL% zgEr^kqtDC0Mk@-GW&>Q5MW68AiR`xPjRBp}o4`zcvMA0f$=_^H@4XQ!VJUoH@7+&} zz`5SrbNn4m^*Qh=%BWXLQ*<_%)a$EX*Dax5&Kn!+)qQkEPaQ^m_1>@AlvuMP&?V#B z)q5#z5gc?oI{Y{|M56>BH~BjWD(&58tgZF>?Jy)mc2hdE{u&nP5#ApZH}Gx?y@BHg zcsDVe^YiGUhT^!I<6NUcea&%E!=>ZCXYpl}Gm-Z!{s8av2(W94u0uk^<-g(D5q-w4 zKS%rIXiLzIZ-~xCH!0Qa%VU2Z-kEXr`|!L@y;<&DYCR3T zo%Ke!+o=@~u;DZ`{6yX;r~2!^QBEahYhLy2x!~m-Q13lETPbIGbdB-HxkN2$TLDis zja0WsuczDw+HnkTpBazZ$HvQ%(_F(v4e!PpWxsvqE8viig!N5z)9H;Yj_aqWzc#Kh zb=L1=;lD8c5j~NOQFtGezdNiR?(oRC?;lc{dR!+?yDNGHoF@ujVLf*TwrRZg68T%z zt|7ffyUN{R{Vqzr1wB>Ys_0bE`go21j;ip^v`ZRp$7;Le=)Gs+;QH@93$F~xY zuVYbsfAR)1)e_!5b}e;%y-{x;yB>+DXU8Nl$HZCh!m8K9*O7BPt~(+gkCye`KIXZ1 z(QD!DW8+i)ze&5Cv4~SX(8}KqR;JZ>6!`|8pT^jl$xw`=JmRkR4lv1epopwVmMm)h zNqr6*kHbGl{^~bx`O}HFGW*S24U7sJ@ZB4*m(!DRMzDR2X8YvT4`Vrlj&J1d+(goJ z{}%2~#FLo9)j7V=-qxr1&3v8)-ki<|O=FyZdsD*Aj~-_<+G`XT-})==u!A@Ao)H}z zAI!U!=TUyzvNpg8bI>ET-*B~@UuPoewci_e1!d{Ysc%7xH{dfg(B9b@WwpRH6ZI-2 z7ikTroI_E;h4vHx4u?UEwi{kh&_8f#8yBM+kjB)ED!8j}K z@+)f6yXWhTB(uEb0rJ-KmZw0&?}5q5V09j&jjVFUdrz>&I~T!|8iSr>@0ni8*sGq7 zI1bFRM;;CE|5Sc2zwz}n?tg$Cc(l=Qy!VG|Y&1S+H_&H3My;)>>ftYnWaBT7-fc+( zeJpS3TzK|WC?wBUT<}PXSoEM972j2CB+N4u&%@20{9ZwAj(@fD_l@oiufo-qgJFNPTx!DR9mhUlXx@HufxXCRnN9kLX5Bp%luPj^%m5Lo$MyZTZso> zOKhZGKmInsuQmsGjNyjp*m2}fT$Dv$c~A9ZD^K3~KAfa$1v)@FGJDKdua)i-Wnoy) zgV<{H@%M86fco?3=tqs~pEuzHzaM>_<@b98L~$b7GOa_ti+_z4(Gjg{`3*W7T6Un` zdy8ApXC6<~?200WTi{FAy;G4mMHe-PH{BvVlBXdemPOOAnsL>vo3ET$%P*QS+E401 z=7@Z5RHgb%qJQ_2XTkr9#dniic@!~K%x^l_v?DQ{j3~D9Im1R4`$-uhzp`Pzc0d+G zvJ-w$o@V}e2^;yv-eSB>d>s0>RKHwhM#5w3&2G-NpyG$QNfs= zQ{349#r&%IqXWsmN6}{*=W3o)IZj67>i3f=sfABnRig;!J#)(<{n9CTU;zr6pCf+PM`x zg|#qUK~ASY3szDiy*C2-*M#o60?$m**M-nME82S$x_SYn$v^XT9uv|1jd0W;x=woX zNpRTdVAK>H59MmjsD+s49D40M(mmR!+Di*6XMc{LzzFqS$eO>gcmpMArr+ngDodJc zc=)Vn?fI}pll4ho^_YT7&IPgM~4*A4Vs;k?vf;T@ZHxLv>Q*zrc1I8;F)-Ox0cdM zT7Myq4=WC)f^!#mY(Y-u0h$5P`Wf{?A1U`xqUzRa3Tdp_XasSSuj3GRDTg%G49l$= ziqxu=a9SDQ<@pSd)?26)UyHMwvNQ`5Ry9bQ>iw$fVbQ3QQZ^eNnq${$i;ZA95AEbN z%J21eqdL}FDIyH@c2%t@5QS8h(rL|87oS=K)&!m%eEM3U0iJH8W~~4^0LK2CXxdIq zn$bI-v|WJKULVQt(%p*n`}ktOdeB$+1TU&+J*63~9`s5xdT0ypUsY>1Q{F1>w0cgI zlCD+Wz4%t@wO(|R+m78lmtNA`lxO)ePjhnWYhPO_jjTFVMi0LTzpxt8anvlB_v~(3xe6@SlS6uJ zyV;GyCrmA;)qHaK$VM}KTA`s4oMxh>Rb=mkv9ISU@?2Qw82Mhxb6gDWvXwSe^k0w4f*O7FZq0{bFcM_uSrtu zL2|Q^UwqY63$*ZFmAq(9+ij$%egy67H2&&D9$&pbx2((C zO@_rCnv+!DxZG%tRDB}vK|Y82F!13V`bYDVk`lc=xsN+xC61Ql&F4;Sa1L?ZBl-05 zC3C7v@-LneO}*@}BC0v1*OX6MM(@Ji0_8W8R`M$uSWUaPSzbw_Bwc(dOmrt%a9^j1 z)a$|N5OS2?hP=}_TWgu5;q*pcc_&YVHj>ZPl(Lp5o&4Jjy|qGXHJVAQJS9!)L)Dg+ zbM26qglS!lG^zv$vfIfon73imh}}{Bb{2S zlSDhs7mBhjW9hoJhCwnfj3vus`&g@|b^xv&)jsi$-c?=hmv!804%{`h^RC*h+T@u! ze`tNFzPasKV^olJ5oNW4x(gcg+BeCgbHq+?7l%nl^wWFtpnbKdQ`gs3N`p&3`r0zD zH&2gt+E^X0DaP^(=^PUnml0UU} zCK9X>qiCpJ-Op3KW4fK+-3G}bwefp-os+NbRISo3J%H?!>JZmRTkD(afbeGSpkvBh z)de?H_v|6y;VpOl;P%kh2i6~;%JR5L?hSA;(L#- zm3!BDL#25iS5u-=A~bq(O)pN9u5x;N|F~D79@MD9B|u!Nb~f>;an+&5$&wq%NGDH4 zSy3*$@ms6zRJ!~O^{?paYXio7si)D`<;|6s?9d7(9XRiR_zKtMhoAA1y_%#|9w;_jVp_) z(TtA}O$~@aNvHO+2f-J1OaSdC>UKV&a^noe3QnbHc$&^PMUtvpp)^`mN=WxVUX zyoFyz_)XsqF^wWmCFlaJu5jHUpKk1kx~$XX>r8_NZS+MOt!y(Zcs_NnMefC0;>#_R zCHH9;Bw!S9b zJrZd}?KP2pQyJPjunh?wJHA*$3R#N+eJ?BEHmYn-U4on+%4_tsW=j3!JTBRlei8pS zgNcuur3HLdn^u@gBb8~~PTQSJ=aEK!yh;;AM5#ScL$vZ95@kZmHCmCzRD99LLf)g& zwBmhHwLq_^mHI``B_HWu<=2GYoo5tnk$!3?hk7k|wi@H>o3F9oM!mcFCr%3zr#gl8 zI%+GJr9Z&vc^lu<3YSJntM})n2 zpIZ|53j5)1mD)(2b>Jo)rd=Icp)1X%_G%rpS|OTA!^n2`7>@3=}*KEAuJI zr6TR=cwYBC#P{yAl(}`txW@JBloEdO$JHwJu2v3;uXLh-bZQ^cy`5a;af0@TNy0P+ z5JhLAQPe|0PG#%VH|l-$yT%qiqLdse;_Wgj{tYYH2dxJ6xAa7qReCzVOKOVropNfA zz*t}H;8M#2cV5*By)gQ}6pV+#R=P^(1kNdOZrE!i&u!FXN^P4#00@eOG?f=i@QSxb~H(WO+N~(Og*5 z>FtwN4rBkY*3x$khSi?4Oy0z4@{!krt&b>XncPb<+~e~Ri)@4XLR?$9qe78UVKV}S zl(zP2PsdK@mnfxh6n~E*siDp4TaE8zl{MlX`>U@PO{bA9lqCAT>yID>Qb;z^bJ0T%Sq9YuAXZ;vkXA z(4!;tzB30sDdxzI&?3o-STKXkYdMcXhkQZN>N-M(pKu$h*H{GF+-1vH}PvHm`Wn$ zBgrN^Tg~qp zQSV5ey7$*^kp;JDJw~qq;}`c)!>GS9LNzr-+u4*Be7nG<^0%d}MFq7{R8hQIBk%KR zWf#A>-=@9^y9DJesJFD^Rjrh_=%Yu+PBP{z!ClL!Ht|Y`YRN`Q=g2a8sp4GihHa-@ zappFz>h%yA(Fj0gOR7XmX(#svWO0RsN{}vd9#m{Y7F?P^9H~*1Xc|1IIe31OOj#)P zhGMCE%qFXrUijT*V6I7mM+0h&`!q*Vw)fj9&9RdmTL@mFcNus0{nUa%@RIa1&ublNh6D^ew$Alora>0+PIH$^X9vh`CqYj#dSKsqig}h z2a4HA<`qd?WtwFxX-~0PL5;O7;%dvNBd*Tnzh!iF4^h%8Mo{a|Z3K)QE>#pUCz~vx-_iev}p8z7STns)LDHj2@9M(h1N<|I;;=E z84*43K;SItGeu}M&+pbJ=)H8WrhO5QehizAP;}KtfzF{mf7Y3_EOzEjJ?cAYfAOUBk}xQk6+e$(gull{%D(YNS|FY6x>aX3q~p_Rs`_}+ zJuPV-=NnN(wP>fB#)9HX`5-|%I#$9$UWYy5s$o#^kUMTBwuW>W8`^`f;rzVaS_X*2cJ0h3oh zH{4^KZYRZ4o^J$h4;-i-bLzE$sb*;1mT1MPXw^fWe$zyvtNQ`&hYnd(T>U)){)*#> zdldEX`5pHZ6lIc^DbK*A(>3UT)l@)c%ihUW^9tmDNuP>;^5*@?no5s&?DPogO7BW_ zY4@2WjlZOkT{6^XzFJ@_D{?lVsU#x@z}NZ8HN-Za$p%YT`R;gehgz>v)O(_gN24`j z_c6C~u=p|Px0$q4^b(D90)vm2wUb*IPDGQ64^^+mD)OdeH(aWGbS3+9fd0@}NAsJ{ zvVXJ9|B~jWvXo11VvXQM{do;E24#Zr}B4cGAzQt*db>*1|j-h4% zHCCDhS2(?uOLfaqYHdNeB`${{3M*a|?#v;G&ff*3)VkS_ zr=7J{?NCZyia18CcA4|&xv1qlUWop{cyFpvFzj&tBBlMlw37X1tVs`hDC@6e*N#tV z2erw^{MBa|G!Sj~{YD?kT#c?>E#t44y~xTrCVm&6T0MRYy*;yqw^aI3t30*$LzdC!hmyB*it2dsSAxN2>;&VrZ% z&d0^4vP)!YvVu${t5|LGh)wZl^}lwU{M?cv|G-{M~Gwf9QDX*bxn?DKY8 z*RFN>+MA(ug45W+8YrTjf(zL{bw8i8qdVElK7}&wwpHd+ZC9SJGjFmTj6N=xbV}|d z8?L8iYh+K;o}hS0K9h9hh^_zfvE&*!+CB2xI$Ac|$Cet)i|aL~;`TYyDS@zC!fYUCqH zjX5-aUC;9#@-DPHUw!IXQ$m~umT+PPCM&*x*Mk7fC5?fQOHJf61s zDtb`6dcO*XpTZ}479I)p?Ww4*ysP(D=xlkZvenM-`X(!Uzu|W-l6en&px$-wTpXjg zpxdegaEP}=_1EA3p%N8gtW}%jS-n+Qku+y}Rd*LT>Q0HsCwK&xi!(=x5< z?HLk9&dsDqybc1^Bh0mHu?%t<2uV8+Psn+oqkn zKczO`v->OL@LcvS`CeRcSlEjjFev-#cYt4gA3euT{RQ|>d2F$~>904|_oj2SeLQbk z`#V2Qi6>|J()W(j1MWNH9n{gwDx;nc+6fo>o@LpYgY}E=r0lVNaXo)n>FfK$A5Zo= zewzN<27M;Fm+|9CJLNelChjv^Vf-f__|15^?mLgaJMp^cQOA91oZX49Pim~Km0XkG zT(@srk7m)Mp4QoFb^C7omtjHkv}~a`zaeW^-{&ny*!k*XfuBQTS!_SO>Rk9coL=<< z?qm^rqL)(g{hS-9GplscjLxdkc*4(pI0@f%K^-s1Pn^=&gCif^K7}%2=^z^ zap*8#-|XvG6-|+6HFmB+9qv)230%a~)1Ip&ySjJYq+t{aQ2x~{vbL}<~ z>4)~-EowWxRy+F_D}}qjQex~!TJOu*_HuqTUzeUAp3LhRya0}jC-6~xug8jhDks(y zv%RhSgIn-@_JQj9v0|32z}oxzX=iM3?qEGZaNn8J!V;}!bo6;p#ZwK>?#lU7Y|k2IJhy7?dX+iujkUdd9;jb|PigpXk#>Fid=5M)4dVx~nCH_|DPt|#2ORDAml(C= zi034scz^E>ueytt8vZu)47K>1m9s-*8LZcKJ1*f9EzX`#Y2VZ8u6<7XqWkVdkw~TN z$X9jUJ^Tc|cPFYH?N0b|@0B|x_P5gKt+n2;br&t%SpIx?$&=9VOU|&2mm5i%ZZ-ntJTX=Rl)0;YSy{HOwjXG# nx z^qjq~sAq?^USoJX2lCmR7dv}OhH1a==Lx-)avrAy&;sSG$t(*uM4NTCwOhPADau)o zb7CTV=J|qFvE)`)57-Bb)A?A{b1tAY!;-cAJ9CyJ$CW9mb1SGc{KQ`>#gb`p_V6SnmC!%bAldj{N>yC8NpDn(y*6u1e{05B% zyrl1(Ghc6P*Tq=ladTEBYk;>{1OZ*pFvbc%PLG%M0;WlbyPuQ_)^;T?v|gB z_i)G&dU@siS1xkZE$2X4QOqCTI)@Dp=Ip4%zBqpkNhObHo}l;Yn|PS($=Wp?YFu5g9=h$oBT^5R(*eItC+TE7y{ z*Rm73(y9NrA}(Vl=v|^_a~`r^DtJz%ZsTdG9O!I{Cghy=>2uJi=kS*^#8HW*eI6xv z5~eL(-m}Em$(jCaX_{j%jnN$KyHGwC^cr9OIvL zc{%*#iXZE^=W#8)Bl_I{Ym+OnTA7s6&$K*WsH+r^e)?3%YsK2{I7ilbc3?IgTi4Hs zui%YYl$&uh!eb>*>LI6$%?YSGKJ|x9GxX?d(Q0R*gc@Usgq#GWm1zwq;wbBJ?U}&n zYn;uBJP+xqH~3s2os6zkC+esEMXW0NY`88sXKckvep63A2b#6F(A$Fa<{VDnlroO? zmC-QbV*yVOP+#!~FxsWvS6iJ>p7ONX+e!R8zGJOX*XKbwoSEdmoSkeg^5EnqHKdX6I4k7% z@%(1X*7CWbUZM1tR)a|YqH#N}nIFy{d#oIDZH*?nj1tbLRZ5I?JR4twHMFXI4CJMu zrMJhp6gpUw=ir{c53Qv|TfJ7=sW!H`1K7YGtflYkqn4dPPI{%BUL5h6QBDorH^k#P z9yvuCxXu>8z@fh+HYL#;47u2-NdBsHDb@Z(-`^RK|x{cYnsOHCk=6JiRuZ5mD z@lsN?uc`94vsMmmUo(xwl|p_y{C)uSv@yK(6rA>B#^gAji8n;&bDt;C3%l>fpJGfV z!zGI;S*>8`3BygbW~m;%UE^%(oklM_Vf9nXhM!ZLpIbLS%`D^h+ciITXnyX}{M@zq zxqb6f-&CKU-Td6K`8lWgIk)+#)bP3a%};Z~`0s_y&t=Wena$6Wo1bP*@wwMB`wvCu z_iyvh_<2h6(-UF;t$oN(HGV(WG(Yug@!!sJKh-b&T;Kd$-u%3v`FUaU^RPyqTT1p) zpMP`n^VGih?S+$+5Uz3RW^(g1B%snm*{v);ixn~&p!-%Ofqbuq<+|zLu28Pp(HGXS zhWb>zip%b=)Uu$~5R1-Wer>a}<+^R0+yrAo^dAqZGNUr>Yn9C#Ec6Zt_J9V=#eV$ewOY2%XQ7ji~LKi|? zcM9&tpRP`Z2esPm&D`mh;c+I<_p;<$&Sd1mmaLTWdy)9XTgd&JtFG&qKHj@Q(;0A8 z)?!C|U7f?TL1x#5HAgrf7W0?VbXRymt}i}Mu2^zSiC;1DHYFk`R0o4%4oYw1W(a7W6Ls<+?~Q1%w3-eNBT~wrOa)0P<4Z`j8bBp+&5$ooYf#) zoVeGLu_XC4T&a}{M%2y&rA(u@+BLVLL29is?~&!Yzm(oeh{zSa_0r?S*EloPI~)P$ zQramEqW>ORRoJ5|s8%r#E9$IRgDN`AmATnRn}eg-yzDU+*eYw+?ZRW%>H4O|MY0G|QZgPXx4;7Rb} z7w{~26*vjJ7Mu>=3oZjww}3WaA8;^u8CU>L1S`OMz~6v>0XKr%!B4>7O|7brg0F$w z!9(Clu+5fLwLRDY>;dM2Mc~iCyTJRwhrk`+UNB{=s+t96gG0bvumIcuz6_oL&w>fl zpc9x2UJ2d{{uX=@{1D8XUR67Th2VH_G5A~XJ#asG2>cqHI-{!I3Ff^JT7Y+gOTcHq z=fSPuPO#I9s%lTL7_0(s0&fSGfXl&`z#U+RZD==G58e*m1+DcVeyc`?{?go#69d@U$;83s_+yHI|KLWo1=kHNfZvp4+Syg`lHiG`W zn6qFzuo9dPt^r>I{d-r{4Ddp*Etmy%2D^fNz*_JI@BsLCuo3(YJPZ2wffvAh@NV$e z;3ME#a1;0%n6WQqg1x~@z%pOfP1)l)VfXOf68L&H;3r+@Cf@{Hb;Ck=?coa-Ngf#)|1r7iQf;r%7 z@M-WA_&q=YswRS~!B@a-;4X04VYCh02Ob26zmz(`frs-7I1IcDoCVGY7lZeJ883%_ zz(L>@;1=*L@S-E2JNR?(mtgrTs%jm06L=@M0(=SVJHWf(>);3AA@B@n%t20p0dO?< zAK=~K6W}x8pTQTwt#grw;7;%WIQd9;9efwu4URkt-UBPaS>SB20lXW$2V4QJ0{;xY z0KN#m3TDh_Jpr!*=YThXcY%KZp8}r)UjeHYAj`lp1w3p@xWEn+T%!@yiH9~=vg2P?rFz(wF~;1X~t z_#n6md>woP+yQ<7ehhY93}1l(un7DkxE6dK+ycH1?f{R1UxTSjXe&4v41fo~&jDMb zYCM<%W`YlZkAhEv&w?+2Z-Jk_in747V9HWn1Fr$+f(yYL!P^0fYBd&&2a~`yU{7!| zI2~LDJ`U~yKLZCI3q8OO!TsQu;0f?MFzGmW7Yu;8;25yS@$>;42IhmGgQvkRCsfsb z;7~9J%ma(T72taCvRAYIgC*d#U>$f9cos}Jk+}ypwLBcdexjV~7`g!!u(RmWtCLQn$0ToCp5HX=B-~pA=w{aRiDzmW0cYE^nb$xog z>y{nsdud=#~MK|x>a$jQS zS=3EhZbvQpa`g7B@8h{%W8pL1#-i8E+O1)0hR>{gJNl96>}RZBPrLOko<>7$aK#?` zQS4u*VNd%7bIF*Zp?)Bq{~0f+by;5#1HJeP!2`@Rih*vE3HQVJ`jU)z9%RYH^BZ$es|mj%)GmCaYY5et>;@ zD`e1qw90Hqo$u@2wzlNyRWLMvjPx3Q?~1keW3S5z>!$ABO+GR?UNW}VoZ4mz@(ixn z$`c{3rEw-bizU_?9U-$y+m>Vbw|3Kb1$v6Ee?xd8ZO+{-_9PKx@qp15+wOar=%|)W z*Yg9*)dpSaY@MnVA0$s(Y=xdc#hyB~t-lTaHbPyCs`gULGe1H*t>O`)E!lX#mKUSF z^t>md5nqC#z9c0>Tf8gHzODW{8B4R4Y|j->p?*2p3_oMA3m?NcnJ>VM04Gwu*}`5; zEuOXOv!oTdL>p(6T{S&1D(6CZs^w#q(HuUGYQ^!(NCuq-H5Z=olthl)hx!x2o?iK6 zN=waJ@}-%5O6GuaIvZb%c2Ah;%!=5hiw(crrkr!KR$XQqbqwNTlbk=vUl_g`piW2h zXxb?M#>#EJ4e1ywy}r6>gBglLo1td_>8e&%sAu_uJ;bF|61Bez^JhNb~ct ze4aU``8m!{-haIL`OD_#ubZD6o1ahRb5(!y-@j;n{z|WbGUJ^A#S_N7xQ@KLx{{8MTUc^uuWVtI?F8&dK4~2E#9A1(QSK4b*8 zA;a0lvr1W)lc#q6_teMtlI?66Pn=u5p1NI+oX6_KVAEaISvlu}c`jq?x_S>h+j8Oispr_JMeIqB!nJxN_DW9c&ZbWEF-Il!V=l8Q{ zaVs;gQoYCnPrl9dw~+S2r_jVKL}sa4T(6TQ2T$vb)~q&{l&y33FU>N$oqg+(YlD2J zJSzfN?#+p%AYwa^vpuP<9W@NNl zoe}7kW_F2|SC3D+B3Q<9${tFaO{r4WbLU+A3>Q&C=8JLd@g7W8yPff9P5$~)bK0A% zaq%C>$*-e5w=U%Zs2}-dhG744t}LZ(w$hwS&J}05?Ue`9GbQ`hj6m`jdp13QoCx)t zAA%jiN45f!YS<86J*=rrrIC@qx@0bBePob1(9U1SfX{Tqwj)f=0 zIa$`HYYk60_WEmOw9Kcg1j`JuR%wV7Ri8%DypAnlb!uF>jsQaI8n-|So0;O}NSTSNIN z#gWlV(Q#4F8DEd6bn%<`mpH2%%tzmjboDlkbMb$$6#Jw9Yjk1rq}mrXSR+(y=Xl=r z77%6FQv4(0EgK$I@305zgjqudDbvwZ%d>nXOY+{>%e8zPdDnVR$*-4{npx)VI?4;j zg*vuQE}X7}kNSoZ$=*u2$QO0Bczl=}Qja2MlC+bTdBR?W;aEBSjN9zkK=v zJ~QW)ZtH7WTEishm;U>$W8`>^X9S9Nauj>H(%#Y+`QBR3tu@qWdh+SC9#5(f`kWd0 z7s4@S94)&ieT|n=u98nKAFOHXXvlfSE*)L>Io}9+B z_QCu@a+rIf)<{~KnT?#WEBH%(FdysV;6LkG;qPnMbskbvs9l$jWL2YxpLS~%o?iU{ zznr&1sU3K0q`!A;ey`uqQKRtCul3O9^-9J`>G0oAuiTY0pxwcrfHT4Q;2q$v!6(2C z;D3SNgJ~ymo(EnF&IA{Li@@i=SHXoRbG`&F16PCF!M)(TKjr)o{5g0ZxCwj%+zTE8 zx4f2fPw+7Kckm>57K}Tks-}Yz!76Y$_$P2bcoa-MmEXaB;AP+);4i>ez}LaIz@6Z? z;P+t6a?b0)02l=G!4mM7;1clH;P1f?z`fvU@SosWFm44tHDCt#5%?*XxDtN|ur=5b zG*(sBZs7Ic0`L}aG5CMLx4_iZoDG6wz-z$&02hOgfGfbq!M}hnf^UN@PUB1(91M;C zJDtw?EI1q-1^xnj7<>eL3VarP0sIm?3nra`KLgkW%mxR8L&3%1L;m}9oHf^6|NOqf zHRJhxMeJD5?<=0)S3JM3cz$2;{Jz3{!1MbG_Z!c3U-4gw4W3lJ7jL0H?wxMmQF+oa z(h1%eR_x)J!R~52_TDY3?HlX)brpF>`q)L8J>@r8A7V=#9^W;V-}hyY`y|%h;c-|K zhQ(!#uXpOp*w48O-lOLZD?9NG^-fnShCRvda^!gZN%by%cni%MtPNvm20!TTYI!nJBiT-jMb~D(oXD`)D13W0Rv`anEXsLg6YXOxyGILsj%P}&(7*EcHa(u7 zPTx+cZWzUrS}(ox=S12*9}9^$sAzZ4UOuk=%-!^TJU5x==JDKIPIKFHvlz$Rxs(}o zR^CSA-)PNlJ=$&LuJ*18)S~q*r^e@D_uQuOGv42o{k|6c&|f=bP6)J0v_EeKn_kbz zh1!>fzNx=JvFntW-Evl~l~n7p78rLE>#>3@pcJiSt!xIdX|&?FyZWD1Sjnwjn~yf;a$>37QTvy7 z^J&lW9-$JS6RTu?wfvT?ET_n^^Ym5!jLob??7dtf2Ph7 zQco1~>iBs;wOgYTrQJ;F}lnj%P@nRw*-;xtfhGQ<<3y%~W;=QQ^Ham3_1BYqxPT zbC7GiGBjt$oieH`NAPWH^x-q5Jb47|rUB8 z*|7V{Yj(h?@JM%`sbu9V*}#(>`nT}K-0GY4|DQnmET=C;Hky0yHhvj|uI88azmg64 zH#H3htKVWvzZ1?HExq<@Y?>wddg7Byx!?LPmiranYtKGi$}3r-(@wo`Jh#f8dZaAT za#AaV@#*KUuIB61ME8(2|t?r zQ`X--Q?w;^mb{LvS=}Am-%?}CV{f>0I)-xgtCBr(G#R7KY^W#T?eIkJc!BL2`!N>F z`%dk<4o#tRD}F>9R@b>8Z|(Y=o_=ZTE!02qiq)Xb?qh8Gr#F7ll`h54xVK*`Jkryz z)n~eKot$=W^?o?d+>sa6BX=ijQ!jtl`22sA=RHO9?YZ^1JN{SHYjNwmY*W4F5$M#t zUA=vux9Box^%@__uj~Q;+U^JNjOB_UP_oSI~#<-p9VA zWRWgwpIM~uWKOvjlw8u^7-KGJ^UONa{QHXf39}s(jvrG;fp{*w72g)#EIFr3+xwf` zymODWe^pI^-m8BrhqX6?jDE%5lJeVE);{)><}DoAbK2}4lbGov$0J-sS%Y;>;Av3Q z`$){-GICi{o zq>nLHTRH-sJqQY^H^~J%)E0};#UXG55HjRA_{WTO@hItM%*MWttE^jQ> zyK!*A$7tt4=n6`t+{@F43?GC3c|L7_DL8?DE#=8R>^h^(nf`E-P9x9jWB}Wy(JPu$u;POiiD}dp&~OGJp0?J#`2(#eWug-6=O(EFeSg(Ylv@ zYSEF_BiVh7r*j?X77uHdyx0@<+R|d^zBsbie2H2Y^$na*TY8*N=VGxm-*-H_wOZ<> zs$Z%$#$*gMf8b=K!V!g9415vU3x`xFk z*%d=;ZTZD_HsimPu#jJ(XD{T5xwKw8vN^@)^UEG}9eUGQ*Su;^_-S)6jkajxmkzJN zD%fD;v>WHY2ETg#u%Y?iPK=rRT>UP6V}B&Bzwb{;Q~31%mZ_&?vYA`zPF>3L_q}*N zR_~)|+mVciIVOF-L4BpReylI-=p!nTQF+o_}jUr>MD9LG&kWcUG~gnhk7k@Eqey< zb<=}*q;sUHbvv}gdopHC!*2uFt%vMPl&i6oW+9x_Lu;K@%ZO9^j^o)qyYwOyGurqN z=59ZlNq36n-b+s?ds(lQBz)kH7b!mgoYl?n+bR_8ehpG)O6n>vrh7s~7h| zTDm3DDK)D1Cgv`!)&t!Z8nvgdvJ|o`pEH(X8K1e))r{i{ka(UMt>IfEP|O0jffnaC zX*xhnp3)r8v&(=ddE4;2UhAu|nP*S1rXE4(nDQ@qL~}d5Ct53!E8bhMgt$I?<1N;6 z_)9N)DW$CS-Lv2ZN6j0!vv!!fSGnZbl=T^knG z9b2y(TaTJrp_Ml&NJXQpTG5uCL@QNX?;Ov>iLB#ETfLl}ulelb(Vu81eb+<1Rs`t; zIOu4`@f6x971|>@O2nGCvw9=MLf(EOrO&DBb0(e5xXk0TRr2xmw`R-D_fjXZP7C=Z z(HK+ewcSy5zPOTSjWi16MbKuj=C5vNfR4ceMy_O^b}XHJ1N9uX@jLsB`4~ z@S!<@_2qY#=)YfXd6c7_d0WvU`w$L^>~VfNkL=y+c*}S)edCj9(Y7fWe9OG{MeaG@ zB4v!RTmt16(+}sbb6_6*URw9d+2~A{FQt!vITyl{p4={=O=i??Wo%E5Q)46?mvuGo zd(%lWRL`T7qbQy0BB<#E>RiIxt=y)Lm9@3c^W}`HGt4_!l&qF)-LIo=?bFVQL_j#Q zK4muTA}5T9%RMZu`^e|f?slos{? zLhp@%ZjH-){&t0lqz>=eZ);OC4SytGrL*4oc4SQjR~IR3WTu%Z&DtD2H5_5~SUF4? z;kmmS^eUcHR!LpQFA`k&n3$E+yP6S^x<>aG&AHew5_RT^W`wcpiFZdRi>zIGIj*z$ zf98<&duNIfrjDKM&q&!C=bycu#0)l?$a&(ZCNjlXax;P2N>?OHZN*O{YRp=dE-Qi2 zJk}xCD6Rch`dcEtjRvrdEv{NdJ2xHK+#oIeBOkIJCf3KDK_bPi$$skbBJYLLW^|VS zLTB3?Zyq%O`PLY*rFAd$vM4Q9@|*`BjHOJu!}u$IRgRPq^R6PPb}n2WPb}lBmE~&F z`lqJeT8R70JlHO5pMupx+4kemWnc^Cyl+Vs3{p_c| z?yF|hob0@DjttiH4~H9Z6TWKc8IG@XO?gG0tb;=a>hIJ7BK_2{XSOkn>=NNuheu@rJ-Eo=q%yiw)lQ_I)75pxLxbG!;2jpOg2z+7IjrR^`Ep5Jqjs6XS&2=w zwwC53HyCXe`Kmm1{;GS8{o`IcdG~$GJMFWRaTQSBw{lGsKPjc6u|~=_%P=N+DKogN zv$iIZ+gkvfNi%AxnKi1lo@NGxA6&1aY3noPIEKfayUG{&->eMTH!B6=)n??H5~)Sw z0eTTG-I8aP(*jGgZ&E7RBZ?%JGOpSF>TX4eseLhfp^T`KHhP>r8DIC(U;N(r(f+G? zja2aW@Ql_LX)(Yzj#`Pdb&v1AjHuJA%RSBMHK&ysXPvfdKBb*kuk;((Jul^7_QGEs z<1(IaJxLM(L*@64x1 z$}sOPIIVvEj9QONoPqfV%6)3K&^AVAF%EnoR8q2MU#Mp1@0-=5xf|o%vif)qa4dUO zzjO4o6-iB{sTQetwVhLQUrHOO+hdHnv`rT8q8SaBD_c>L{5@3D$-B`#T-Tzrw7At9 z+RFKbw}GU6>f`px@zZnAwPFKnl^WRVnBB+nmixHu6U;jypQ))!(MhZmj!>DWu64;Z zBmHefR)6P#dTwsDOG`?GtoioUWmeU4qMRzdo;RH}>li!VH1>G7MIw8|wbVJ9rhX2vnUg5GZ8Sb-V%7%7LarSesjX$y)|m6kXGiw-OzY;6t#tvl}Fzs6s*{TbInXJWjw9J6R;Mz)u{A(1+3_{H%xZ-p|*aV@gM9m!es z-b$@PjokQhrFfohm7n>R*3G4*87JwRTTR>rMt8S|lj>FR94wUw^F*-)>o+WaZ{C!n znR9AWc~=h&*NBz0$X)(i-n{_ZLUb~BO>^Nbx41nRQ3;x9xN!Gn>nPVGA@z zX`Okl7Fm7?H%-B+tls5n7z^QgYPKxz0x%-mx1EvBUHk5?CYoHL>y__jb5Nry`vT>) z^|+EcI{E`?J3f+L#FtzBcaV{s&;J)wzV~V_q*t!Q{nR^1OP!JG$gY(q)=wSHU+zKu zelhfDKhu#bT%oc*alErONh$v>wjpQM9KLgwtmXUF=qA>oEzH{7>$;;puK8`Wzk%Aa zkTq>(O|LaIzeGoMWs*aNTBydg(boGni*8rARDD}%Efwsee5k$JbAjXO&6>;18mme#qBO{ZN$+a68b9-KqFoc*!KO@sDDIxXT?cipy1IV!hD zGP{o~wuxj!QvN9ul`HO0^*?X8&-v=c&yC`euLp%d;Qve{){BmbufJ z$mnNp?TYKT<$eljD0S@P8+dYct-G}NU)#HO9q%)0tpM_YHaq8{mc%)=WI2Xs53ElG z-KS;Dvy)T%avhTnuHufQv?x&{?%ga)%a7W1R>Rm=BV)sJ$I}O8(K(#74DkL?%S%Sa zRZ|({&48P(@GpQ)a#}RsXsMC3&Rc!%vqH(Qq2L>8>ZpS_yX9zq3&%<~t)FEdBah4pwcq{P(McR&&RBEv0y>A?Fs0N%TDXEB_}8iKnu$d3ej6G%#Px zT>f5)d|gCe}5Qoz1$UI8GE~B z{I>*pxT3iK?5}6tGIl}BYS}Lx%;2(=lBAD)kUpVWS-q8*-aZ%G&H&nrTH*4#)J61W zN|RT8JNL_JRgX5I^(Z`5G>`LG*PZ{~&f3mR(H0{+Y>8+6O4h6_j*}&LAJ|;lV=gae zRc^3!to_xtCo_`kP01waU+&K2CoQ{!JSD9+ZLLyzA+0L+eX3g}r;XXvqGu`VS0ha} z?N>5##Xg!Hba<*=M|01lEc5PF<*a2T*Up-{b!s-w7H2@T3T^LZ^zvW!Qm#Co_vK(m z&c17ZvUTdb@`aq?zjGcOZ8-E@RF|Xv>!>ZIY&oNhnw+#4UQ+W>7P!wU^2PoyuQi`y zU$I}=k8L_vvdeJC=Zcoya(FBAL#v@0(<}MZ_NA76Hk6kpmN}7r+7ov`QbrquG;!@! zvihC8D?Orl*vssYPp?m@JB{%^yi+)PEWLHE$cx2}pmo+c9?nvpX`yY;SelizeN@|Z zkyt;xU)vsO+g09#LvwyM*z8%+eyl6nMMmDefOAlLsl7ah8Rz|tK4WiNd0SgHo5=G> z%urz~+FY#l;l`}!%FWg}hq}f*M%(_E{f{d{dr5M8kx7n}`;|5DkM%fqN`HA$-OTsA z&vGf{DH)Y3+C^Hr@j`mw8XDPZF1U94bURhEpNyuZoQ-UdBGzK0ntMUH(zVbzBi+&} zTcOtBr?Wo4I|{C5o6~DY)=0X@jp#5JppUf9TjYxu(sRo%Yli&jEOb{H9?Z(%PI(3G z$y)5lN0Th;sX9XL|BZ%_by>a7Hp^q$qAc4tY^_#dtxAr?bof-eMNW%P;M3Et*iSvR zQDa_AYX@onBKo@?4$d8wQ~6FU#(su=${gifGRi4u<%V(}pS9VFtSr(i`%L$GX`S>> zCabc;Sj^KGH0>hxu9Z7XY35jMsA;7HbC)UyNyEt0*i+WS?S%s!u~5(X&{|9MIF(i_ zsq5?^docH1^1!*ZRowAj4?VTx$URy;a=xRTL&=|;wABnUJ0n5Y@V+{`tFruM8%su8 zXQ-SeWz_y+%`LXm7g1MxRBGv;?RWpBM9$1`%;GI@3?4a0BdMGt8)$F%DiUHT-?;`W ztCBre?y&ck;^?Jhd*hB>{nS2aW04<=eDii(>E)a^vs?DdMsnN2(MVGH(0bjgxc<9t zWLAZbU4J$(9@5S8%|EOE+q~All>FYPyKkM-tn9ay@ybRu$Yu09))hx3tC_qaEgYSp zzbnzSFBNOBG_WnoL+KJ4#`aryGqYD7aE2AjQTWUKTC@VQq`CifAG{2n7=)(MD86<| zUH?w2hvr&K3q1i;@=Qi23BBbx>vor^Z$YaknTN#+D=*4BKBbOb)-(A`O~VqE{nFkt zoEy@>SsRVSdSa)u3`g7%QBIe;5ZyziH_Dr$Da6|A+-><6$~|(CQdtS9ea1RHf08F% zakIZt_BkKYUh^?dt$ts((;ECu3yvey+CB8wF~?h=eGbB*hjFFSudpf@Lv|&#cK4h& z@^>0f-Z!T8&cJiOFoNd+FQwTUs35)h9SnGo8F;_2D)SdMnBrPyDy{ z-A>@UtN5H=eUUgTpZGK_d~ROezl6q{dUNO|AFU&UM>VvPdrBU)itdoidkxxYtm257yE^nWGial3gA4L4vAd z&4zCN75_6SqF!d*o31E&6J~AI0;|jjb&6Cq2I&rPPtBK?AOnmup58cu`W)XQSY!ID zONe31cz=qTj9BN&`k z2YIVqw%Ddm!B3^!NBRA~Qtr*e$}Qy?xzj2y=dsFTSN@SAdv|K|k~a6?pw34KS+eza zkN>blEsP`8=6rV4dPno#T64r`qIowqqj?{P4|+%Q-bw3L!%;_6A7_>79L@Xb`Z;;; z;jYga&6~D9ME$PO&d8x2&>!WQUgO$VeV_ai-RM%{D|<)t-a~ChM|r1LryGNOru({f z57PB(aM~DnFylXi?iR~X9>m*OhXqgz09|x?`7vG-V(W6);1$|e?@IaAW08qjWSO6 zUjAJ;tibg(%i)f~Q3&-&*Q{dgB;57&#k>BBzXT_65(GuH8IjNek|Gul|j zFE{(C=BRx$CtGFzrw;rvwA|>W%XB-ypgk9_pHm@P=1asHdhOjNXf#w26|Bpz~_wntcG0 zw^IqBUAGm&63mj)Z6@B`0ko^Ed%W!`z-xWoNrHQKC7YRqO;+Q^==cUGmDJl%a2 z(0b>tshnA=#b~QjXMYjaJ5OP>CGHEf>&7ChuIsKU5n5V|^{Mvcaj@QFdK1#}TDOjs zQol~^f!ce$6|EKB5G#edz*1uDM_TX8*>*A_dS0El13iNmz>)C;K8o-4SkX`AMBW;n zV{i+;&puFHKUU0g+lcnQe%cuuoI6-g5Zrg>+^IyX86ABdRPj{9v%7Ns6dRrvF|B2- z)BWPFSWf1&__yzRl{xN>wY_^Ds9%Bm4(;Eu7_Z}RPx9h%(E83DX?8VQ+sZy(|AyST z;ki!s=h`ami~HJ~+(}QPef&K(BJKM2`5bsq8paP|G0&%`QpQ@e4>;QKFEMJ#5zk3N z@&4W&%Dan}8vZu)47K>1m9s-*8LZcKJ1*f9EzX`#Y2VZ8?&*HccBP(Yeo`qr@>N}T z4?ltL-HDnl?@st~w?kT=Bevc<8*2qkF=T9 z_-)M-`f7MCyKUXxe}x;bBxgWwcRu*EPOHK9>!-B^-Ak6M$xSQ4jrF(M$2M@E;z8_P zI=8m$Z>7&$YrSFXE?UTU;ZNz=euwJ}IJ%p)@mgfE@2EkRObXXDM%$)q8nL0(xgZ6bCmjV;4ZZZ{i&a-J9~0m|IfzN{>BM#|si?nUkB<($abA$J)Y)XFHeec*5jO*2%mYrpjFKCtJP5X zNcO<`KzK`H%68W3<>Nearte$Jl+?KuR2qKb?`}SpJnQf@zI77r`Ln0tp13GK#@223 zBqFC)t@g&dAeKDi-grnBc1eTi!ZFT8|C9UtTI(!P}hwHyrl1(Ghc6P zrF^V$8560|`qgt6Zyo_GT5n^&^c??eXe>wQ<(2ba zxyV(woC9S=@m#cZ4jUfK*-?poaSY42IqNncd6eXGk2II2IgOEDeZt>bXMy_lCjK-L zByVIK;^W{RObHo}l;YP_PS($=Wp?YFu5g9=h$oBT^5R(*55VwEYyC<*U&~JDN~iwg zinxrKpf`w`&3VXvso*)4x{ar$a-b`8G$G}KPoKk1Gk$J~GK{5t9wq3TNWxo^r-9{#loo!%wdG+B)@z zj&@-g>zn%B0Be&gv09mw@~*D(e4(yVK>F!ZA+Hr{e@oVRc3?IgOYUdHSMbIx%FQ?$ z;jxk)=^>|#%?YS;T>W9wn}YSVXxEQI2{pzN2|0=OJ2$*pEfGw%Ssom1jk8&i=OI1y z2A>P0lhN<$ME%si2)U)thUMI@rM!U58YR79tTI$i;dMc|${8jXMPzGe?M_2Q_H1o_A#}k#@@9Ei&94JqDZYmXx zkkkiR-gS-gTvZLx(U{0z`_|uCgWnI0+H`)(*~#W24^D1ULmK&xt&ro#^P6p4%jbrA zh0YF|_3Z{Le1UZ&ZgdJ^uiNXKecT5Ikow@b@S8AGJd~Z^K*yh=Pu39U7MfV zH$U}F_4(P&&mEhebDE!Xo1aPzpPS$OG&hX@UfBFx*8H5={5-k&Y33B4do8p7P;`F( zHvf#Dr!+r35%%BOhx}CI_j672Q@=I8R}=LOBr3!9&ZHS*k2vX}b& zo134f_Qh{6oFvD%#;Kdh&C`&8N)KgEqDb_`%p5P=;tV%_w>|1*fH@{ttz!*UUc{@o z?EXqE3(za`l-y_JYxqr#(|EMhGt_!e^vw9GDMhB&tDSYllg61@BFp_<|C4yqwsIsW zbCgs1QnqBoroNW(4@+i*%<)(>+(qaGtIvwuWg{_{gSUut4Prhho52Y&XYzaIS<{*N9HTdR>N~MsvB9E593sI z3!YomrJNUZ{WWiQmJi95e-LwdWZUjeJ7%Y@y!t$?I+oV8bfQ=;)PydCw(b<%jXzzT z3=e9x+nc%5EyLqXp6_MJx17ny1@BOo-;2aA-a_u*)DT?(^zq&en$Cc$T(?}!U2F9j zYLMA=A!BWBE3Sx>Fk`R0o4 znl<$9_vo9kWf@8CPT>q{QD+NB`cA2(%x!g0*Tk`mQevFkH)Ic-)gWA)xYv@gB>6O4 zsg(;x)XoE?Ory8j*W{u>YOONwk>$F-l-^2+$Q8Zy(&NO}I5X8dq_uM??UV-5e-Ev= z{}0RoM}ei_IKb74)wCU_|KV@mI&G%^=bz{ed3KP`>&8^o_29$(Rdp@+0pM!;ifiht zF=MN00(c?V3mgOv1B<{mJrOZEzRZ2>t*LA752RgV%#U2Umg5 zf!o17;C}EZm^PuR8elG10xkz12cHBtfSbXsU@4t=4Ojur2Hycc0uwgl4o1)b`-8i| zePH$^+7GS-p8`Jv8^M&x+|3AHKBcPWgSUZ8!4=>$;CgT~cmzBNUi<={1+M}pf!Bi5 z!F$1FVCojo2J8b41}_5(z=>c5cn|m+@Gsy-a69-3_`9i9^-=IOa65PiJPEehvZ}TR zJAggFT(AiI8F&|XKll*11KbOyY{h+!U^X}e%moX;4dBb*8SpHaFbz6^x!{%Hz2I-b z7r_s~%;{CNGgt_Y2N#3C1>XbrgNMMc!KpK<>YZTT3!w#gC%6QB27Dge3ho3uy{M}8 z1dG8c@Fwtfa0$2^d|VW#CKT((T|k@O|(@u;=#h5I6(89(*3$4E_U*-GOld+kx5OCEyTn zB$y8tf$xF)!Oy|7U}1xK4*nFJ3qA+F3?}VZRa=3@-~@2;PP7%Q0_TE@!KL7X;N#%C z;4W}CcoaMa`gX3W@nBo97dQYM2T9jeh*MQs)^ug z@D*?yxC>l%7;OXhfd|3iFQra!;NiRi4g)U(XMyv<#o#?)#>?R!a1eL}xCML*yyyt% z4*necC0PE7s#*u$1l|d*0AB+84)8AcI`{#22s{HCbC6SD02~ee2Y5I51o#a2XYfUE z>s;g^xDz}8PCgP|2j2yEgCmcE_rOYU7C0Mh0PhCx0at*lz(0d8fG>itf*JE!Pr$3d zIp9s;UEm+Ur@-gHSHP+T$TIK|a4onKJOp-pCA(o6j;4OF7Q7kU0KNsbTZpU! zM}uYHSg-oiux zdo}AnSOQ)P)`2&HXTgLMnS0>*`@jGD-v52V>zL!)9K99-KPJ{sLSK#;`wnH9GN$ z;2S5i4+e8isjAn3yG~{Q1h!a??hp0`hk>PF8CVDY47>$g1TF{v0B#1~1&@G7!ITy3 z>%qyZf;-bqPme{Ws>ZocDUR zZhjrlfvq8Rd0yph0eXITp0V=zHa}12=XvA#Ir!gRZv0n#I44!_CEliw`+?g1qm9%Z zn)4{EoR<+^>2PZQRsT$m}kj`3{Y=9&MR@ zyl2c`&d#mf+)tj@w|_^zgSt;!R>{q91(e&NgBOum=<@V5R%~xJ|787iXO9XgJ2Waq zpJ9Ctm*c_X3f@3&x}IKG|4W~N^T_(p$5?j1E&OvlQ+zu9mA|*?@%(h+;ZCV;7{!z3 zxl2a#20lvWx-_Hdv9*8WxcW19i1qQ@WN7IL{_q$Y{Y^WUGNaC((rEk}t=X+dyY;X% zyW0e6*%y?2KwDSaG=9eWyK;uF*JY#T74t%z4OR87ANstJM!lYq3pah!ToLUVk>aBh zkG#b5=*^&iwD~W#9O7vk@8Onrpx#eL1nBFbo}~}a5^lX)Oug})&}&ql*F##p%~+4T zW$xft@|_;Y@%@O0PRWI~4xbIZ_~Tole@0pwpRD@n!DYNocx*8Fje!UUD;dtH8l^ zO^IOWqi=o4s~z}GA5ZIRj4)qM?b8#mvn6{+5^(s6YDB54*^5TCRvTe%MCl!P@Ai%;{bt?Q zZoa!lc*U1mxu- z_Pvn^^zJLKQQW=nGfwn$$=Z}GKEH)8=2qXV|NjKiXE}W-ve6jn+xTS=x|#>b|4P=H za##6pq0XIf)@bRqUt`m3KG!4BO1a;v$HrTbpIfwwWcD!v-P=!ZhbMYx_SvpsW}oGKr}kaPYSg(E zKcWq*>zMspyFO=TpS1NB>K}QC$`@KC!%vG=y(n@&nx8vNJ(pee z811&f2 z++*!uRa2n%>fg#WWah@vuh>Q_w6Cmva6)bpY-P$Wd*H-TOoHE9=LOmtN)8{s2v8EqiPm%XRH{%U~owBw%a zrjM{6UWwkn?|p= zuea2t6dPgk4foE3btU%TYmk`T#_^eE`$pz~*cfiEw(Fts$VHv#tM1ipZms6sZgb1` z58%JZ$j;WHZoQ07)TxCdYY_i8_<%g$hX3z;k&GiwDpIEqczik@UvxX@`2isxJFIquFCmE-{~4R7)<1#1NWKV?u4| zQ=XoS#oD}F?NR5k+a&Jy0-iR{L$nb~HL@`$A*JNW$Vty)R#2C*!diH=`I^1nyW6}= z&ijTY);mih1&ifh9md#pPnEO}wSMuP&G;`REaaD*_blYyxwPJM1ntuE`DKr~4sF!d zHLuzed9pc}MqAWLj4pf)R^bLCr`0U~HTc!@rwz^jc4Ex5bLchU8~d~R`uqNrG=)$9 zZ<+d7Bj`F){phgUH1fRami#a4I5DP|6DH) zBTn^@A?43%_OJYsdwEi`{WLp8ZegB|{GHLHz!bD3cl!Sb{I4H9`yw=RGY(FN?wzdt zGg+&rK?C)3PbalB? zR?CP}`;Oz;J-hTG6nng;nArw)>p`*HPvHrb{Oug@+{!rHJ%-7noL#&3NDdh1$N)0L zd`(JBWtTJAd?m?(Gf?w{qwCD_{;)is^EsuG`D5fe&zgOE9P(xv?O4J*@kTRGz>H*e z6wJwU2G97UG5GE`ysamhE8J2}_qOg-E-&Fx#ZcTz0$uePd1QkQoxh7oN;bR4T;w_!-8`# z`4^>&C#3qby%<_LHaR^V;IEvTXT{11N3zJ243To1by|kLZE{udgG(EYCeO&8UV90c zFLGWj$BwPn4R3)T9kmwJEi>a`cDBj#5YIe45tJ&fcaEng?Mk!o-*PM;Z>(!E!-{mx z9nGO$D|&wdymvI?cnWQl3TDrcTGo_PX>TerAC~t*Cr_67r81MwW?Y7re0*J}S#9#Y z)G@1NgSVYs*@Gv$fZl#`p;^7clV<(&{9XR)b_VPiEMVkHmMF*4**8$nVY$P+1CCAR zjc4SJiQ0oYN8Y!;v*GQf{PqT(wV%aT(bXzu6z;Z%@f;$=3Zk z>h^rX5zDE*BkNOUy()6T`xTQfwRLaUJlfqZHQJxnM^)M-_p8#|Io4jcJ}l08TkKpO zKE{)1leuCe9qpe!1iACPjLUr9%{_$nCcJCEtxc{Eet_axQ#UJTa^<_A7IK*$%lT zny)z?{mt6LYdPP{9I}3Mo0`eVQfz-l%GNml?Cm6^YcjhktIvVv=0!DUj2Sy@r7M!X zim!?J=(J&_R%PN!kek13i+B0O-z5Fb>eG@jEv_2*zTVvQWKSa>vK}T2i#vn%{9+}W zjw2E;X0t;{FUQa}$3x6DT)y>QF6E+QJOE9kiZWigbQ=1gbhPcU(J4pDd@!f5R67^0 zk0+k@4l2vlroD^CorN@tRG!N(v97j8H@wjr<4q|sbVj&)illcGoKd#MRmJg%R^bS` ztH=zHJM3papYE$>)ST?RagGeuJQ5DqM>~Ag(lZ?2(8Kba1DSE&|7#uYvm*V}sgt`` ztt^_*@%(ir-^%Mgso&2Eev{hf&6Aprsx-70j?NPPZHwOs?N4Y*i_L4P;9cg9U zj45@WU8hSnoRZx|iR;e5-Ar}}>LQVLlPEWyWCQ3ISx?NF^Ojl?N3Vrywbr05YRSHyzS(E9S*N$z)4KjD`P+XlzfAb!TvXdyQ`5NkQ4QAoDz%5o`eXRs zXC24nypyvt%1i2cGS8FcRZXSH0=;W8i`D6d@2FccU0r89G)Nvsb4|Jm9#6l_H6?G! zmrE!sCy|A-lB3Gnq=0kGHCTxwU)v7lX^BD@`^Q~)^5gkd?h3a&*H`6zduHosBuYiI zkR_LuGT)Umxx*seBl(Wx30Dj6NL6ae+qSr@r{uSRdM(+9If;{j?2mu|^3-eGEK_ATCT&gmkFrHpH~zq(sl1GFz^FO(6@9oHpK z-}st`{l)K{ANH{Ps$S#1)ZfE1=EsdLH&nCD&9ll_e|4_rKGH}TXPl+lF83zhb0|&C z7NsVXUmfEzo^RxRDecIZ(=q-w$_mSfUhKSgC6S(mb8^?0HlFp!1heL5C5cvOCQnNp z!#nfokut2@5a{Y>e~Z2<&6F_KwX$wwbe7eWx)3TU*|RTHv$GH0IeaYpQY|6H9%MGJ z@|~lntw?GrP1RbZgSv0oCn`bYxnu@*rnY8L;k1@q*@`zaE7~=kyc^v^zK_n*;?`t^ zi(DQ1$M&g@+bhRU&r$hm1M7eq*z1_x$I?Uf-|Q2-HC{ej(OlstA?>p&W}dp%IX12_ zj=Ot{>?oawo_Mt9uw2R$j-@p?-pUEyd7jR_jAt39`;l|543u`l}8 zT)4&i#%+Z)*<;(@zE-HYne{fiV)Iz~bk@$;@*`IZmo~`_c-jEQPKDm~k zu?)NZ_^mU~EXmPrqwzTtvo<&ua;=upwLG6$pk>t7m>JGzNA~tj>*n)}PufQL`}~^r z>9b?&{!Ux1`SFJTnm)8Y<63AN;++?MljF?v><(V)Me3}f&5oEEnw3H707aI#BRQ+y zTRG>|$k)}a)OzC6t@2x|(3Z4S$>lh?5+(bnyFkBH!kd@aRq-4wl?U@gkqY{a%io(b z`{ba^IpuiXH3Oz4tfWPQ^$hfu&llI>6jwt!hPT~ODy;|TU995${5nWWossIuu9YX&PaVx) z?m_*2G4yEnVv;M=E3!Yaby=IFlz$i7kTXjQgtNq(HN3^uI=rXW+T829qxSY^zg3U( z-&z*3rmd{$wWj8m=%}tt@~`(aI;&zC7}rKy@5v~-UExyoZKbtTu#Zwjd$l|7jYwIvkYOP;h>X2?FTmM!k0q-oKhwm|c9X1YQ-8Uy@(25X>e zy{kb#eRma_TK|6mPmH|p^Nggm-XB}PAG^{9?D)gm9^KC#c$cTM-yNX&&K<8vr$v0@ zuG>~AN9FcNX7`cBHj$WB<)1Q9x#A8*Zp^MJJEha>-!^c*Fq?L|+w;_B0e!PS{^i+^ zdD@j8u6*uvyx~22Ygb&yEqNrRq12H^Z{W$*HK(=s-)JE1I_4d2tpM`D3f^(f8*em+ z-|g8lPKLDEyHCrQXD6rj%7%-TDnK7g@SLWsiQP>cFWQ7ayVAH zox#7$K1j|lbL4eUsPubH-M`juarjNk)1jSZI}6I*&u`YzlJv%!i zjNBs4%&*&$tRwyEoXU>Cr>!Y`Ee~u#pDe|B?;LYHTye_&Loec0@QBZ-vt}Rf?>;3* z$^HJ@doS$yT4>`K+sc;3Mq7lGNIRUtSI@yr~` zc7<4mgshyqy{U2Jp@W%|mr|1Su@BNGR4c2u64Na4vF!{X_0$TN z*QG9^H&dFt>f6Z!uT@>0=X8FH+?T=`)$>@_o&VmV(#}oM79%@siM}36)~qa!lO>q9 zdoJx+z}wEM+%(}>`>Sn_WzhAe4Dv+wHU*5FQ5zK}Egcg};O4Trvq>T=Y79kr#DEoYQblam(1OKLvKf>=l+ zU+ly3TJtIP75kO_*rszOmOFQRu4vgU7rD_IWA~h{=GpO_4dtbYWlp4@_M~+NF{9=m z*Ip&7)XHu&dbrxFnbR|~J*Dn6#%d^qv&Yg~=Zd^o>*&-t_Z6uH+v zs_nW+tRH59a16BVI?uwPv9Jy{dseg`>vHU3Gj@) zbRK4}68%t(_t?5M&a3?HD7aE>POlwJBO4<(qQhK(KGHgGkuP4z_*s5rrM{fbJXeeC z8I&WAiaX^Mv?p`Lk&h->^hb4s+|v`SH0!cDg>81cv>jNsZ`fL`!djIai|O#Gc9onK zpTMW5U9q2fYNN)ym{ttZex=}gI5>AnOyxVZ82cIeDRY!_#%D^I_WOa9(5}+1lhM7) zKG3~hS||Ozv&3;uUl#NC1x>q%-$b5e<@WSbS?GLKg1Jjor_VYmPsN(P9&RrjDDQ`Q zvuSB-Eg4_GFMT{&i#0uaF!x>Zz`3xU*t`C0U_7Lo=bL|4|F?Oqe<}IhBkjv6hdgKxU6H)E(K0RD zH9_l&^C+vCyyBCN&d}eLXs(mdiL;*B7VT!zB{YofxA10WuRLJg#c~w>(pDa=;5_Dy z`(HJ+W$?rxG>x|6D((DM2Bg(mtd$|z^QDEJ0J>M2j7}1I`<8V($Mh{|^(6DKSYhQw zdB>+>RmplLpIL(?D*L6qWjHsaLGIbin(y3HBeM)g+!0YumpcpGL!~#$o1!Vi+Uwjc zUV!6j?vaa>%1TJ>GuG+(lRW9#lKqvnIUlkjol8HbR==;?X$}6S1xGHGR`yIEc<%$; z0_}5Z>)ek7m z`x6t%a2u=1N?O-FlEH{yr9*4{H_c(uhqYag=egX6(J30isHWZ?)2G(u%xYZA=fUh) zZ(}cg8-GiSqr3WqCu*vbx3oU|#=&nzS>uWS_gn=|N}vyboFbej|K;!`R48*E6QM zYq~`I8gKJ!zBBgD-yEF>>d!msxCY}gyjNL2!SO^e7m64$IGy;pjeKs-4b~6RiVOSx zXB}lQu8t*4oI!sb!J2)!v$JR{_gQVmZ*hsq}rU%Qnz6ojarmHj zH20mfZZ#ZrMD=l2sfF;5db6`fZua~qCr+QPpOg0OQ zx(CDMM@1ea$am%Sjar>!E?;PPiE^u3ohZG7*SDRKXfy7aGmj6if}w1X~k*)qE6po4H>V%A+}o~vGb7iACEi@WK= zKHps*{&F+c^=pjZQs^_E!reKRLpW&fuR{4uoL=+3>PQ?IXf+VPei(W!sm ztZ`(i6iI$t*RhEl?L?1mQs|`%H z0{$-9%O2q`SHzXoUs3W#@=ASxbCtQDNZyapWgK&FauV-Zm$||G99?cOvn}+> z4dydPqZfD5CQ3ev&a0Jc_5tj^I+YOGbz31U!7Mr5X5!sVei>Qk>Gq~s20G6hceuZ- zMw?YjjoGYP8`)F#&Z;$&r@OBL+IHPFl`~7V7;Sax>@UK4=P8V~#C?HwUG4MQQM8I_ zbMUBA@ux1ndK#ow%)9U9AEy|&wN37=?j_Iyg4 zoK|=3b2;0UdY<`7rR>O8b=^Ju1ip7CsvYf4_;Tb~duH>Qy(zg<9xyFygSB1fz0}xQ z3MK1?(cI=K>{R1)Y8;QWnbr7h%@g`+=w-TX-QItN8?Pj11iqd)QyqL-r`6#5_0!sd z?yU}MOm12UZmhr6KDMEHGkUoh^Lp)XrO#VyyCf zO!gf$$dXCpn#O3`bWI~RH0`pDMmM^bow_}-{Q2;bC!yh&oM9O+=RS4#$*ngm%lGY+ z^Tb#QQ0A`oWo4N&QvTM5*O{vwJ!kJL>e(T88pGo+KAV$OXOHI_%2mJb=Lx-)avtaR zTA;Egcb0`4qRl$nJgF!aFHeec*5jO*NV`2>&?@Hn)oQ4GB=T4vh^^{AShllPFCXWb zrSDtIl+?KuR2qKbZ*8&US%-V1)=9YM&-3`!6Bp&j*t+fdq36`9)!uj)#FA&6oO9i? z6xWK-b$oN(kxqJ-dTOaOjL(Yau*y_@L0vZ*@RGiB&U`)c9m!bZGA2@^^{eMD8_-i* z-{ic;(TjJUG%M0;WlbyPuQ``P;T?v|h3B5FduMp@fB(NL*1Yu`iBc88>I$1|*M?T<($P(lng*%?wAn`| zk*lm*UyFAAD3nlRERm3t=#O)w0YwtQ z@#t+m6`d^pD*8OQl4Rz~4SGF<9~}XAS9-YX!Q$DD94JqDZYmXxkjzam>SMlVAEl}O zGOihZmo;oT`el1<%j&1qi7%*2KMQFQYDgpBk=K;AwPz=Mqn@+e>ecaVd1LCeOh=eOFqxYH7_V zy;j<(HkMf$@4Xo{f5ks)H`-CYS9(f0y*T1CqnsMLZ-~cpJaW=ocL=Q#hW?V+6fO1P zyhH={zLQ~Tn#7fw<_xW*;saTQM< zTT2gRkCOE)R!G;G>|2!t^1T|C>!yFZLb+;3Us%T)>QnJ5F1x={%Ys@%EIPwv-ilVN z#%VlS>KST1D0*gm)s&Lc>($Ou;z{GoERp5@o)uY7+E$JPWsZH&mogD~k?#xnzTMX{ z{$bH$Gsk1ma2KH$tP$1f4vv>G_qN~u=e$}Ct3+FR&ijoqAH)A3wlA$@KZTpm<9?4` z`T7QG-Y@z3w2BlBarhbL?mVgYznZi=`N({w*=l%h2D_dW__`cOzs>yBxttet{WWiQ zmJhir;UMPn$hO^`cFay)dVHQ%9ZTz4I#GO%)r2mDw(b<%jXzzT3=e9x+nc##WM?ND z%;foAmVC>Zj9l1~wM2d|62Ev0xqnkbbRE;jdpBr01Fmx2ay56Y)n}-|EhF-btEDnJ zGH_RTL9Q=8Pp(*bM(#L|Srt#XaJaHAHnDJ+bvk0ke3kXodX>&=_{BBLc9#gAqHo5Q zWhA*)r!%Obaja>Nv*<&+IgUq zY4le6np`wUtySg`vRwC<(pw1;xuUmTdYt$gXQnHkw016~ozfus@1fj<$MuC!tzsTl z)LF3xaYrDSw&V0a{LNdZ&Gi5LlR2Mf2l>2i40j!Z5BGByAov0JF?bS;8OvSW;Dul> za1b~QECSn%Od=lIMZU(o4rF7yoUQ>tn{cpJDBTme1`ycb*srfvak zz&_w$@G`IfoCsEc_kh0v{{n6Vw}YR6znfZB9|d0nw}XeklVF=It7?0&1K0!11&hF+ zfp>xTgAai_z`bC~R@|ozW`je(T(AJ#0KN>K0ndU7)1VWW3tkD{3;q^-5&RI$Ca3|P_yE^v-i@_@JCh&IP zJ)W0?FM&J24%^UfupYb}ybD|bt^qfKe*<@c2f!oXaquLV${nD)fJ4BafbW32z$0Md zwpFzmcmbFR_5}NagTSF+01SeK;23ZsSP9+^t^?PDAA`rh{M}?72NW1kM1j2cHKwgZ}_ycVJw=c3?Jm2{;5C3Fd=E;CtYH z@N@7iSlD2mgFgl5g3p03gGoD9)mC6JI02lz6Kw^nz`5XJa4Gm8_&E43xC`739tDqq zzMZRTJlGcO1r7iQf;nIwSODI?OI2MBegJ+9o(7xm%JbkA;D_KRpno^U0K6O=2kr)s zfgN_Iui#Ly7~BAE2R{P80O#+)ovGlwJ*(<3z(&x&7jqVD2Uddf!8PD(pr1QnXMh)i zZNV(CGuRdE1J;5!fCs?8gN@*K;91bW54-^8gLi|!1|I>}f}6nCz>Iw<6YLFM0+xZ3 zz&pSP!AHOsz{B7fFmX0~2Nr|Vz*_JI@DuPLnE7J(5PS$+4!#P$2@cs0T7fr#cYqIq z%fZdyo8U$JLpyLexC&eiJ`1h~H-lTiH^D~mG}z|=$^>r#?*<52jCGEw~W83%n0p3O)gz0h3?C zGhlZx7n}^P1lNM=!1dq(@F0}tmFa2R+QI18K)E(Y%b|8IL|0w+~<=lff|*?`TW#t_FiHx79s zLen7Nu0SIyYipyT66xxyYPzJltE{SSM2UmZB#!1KCNdc{#wEc>H2R1!ZsUSGanxrN zP4qcN^Yq2|jBzH>XpAu5-#O=YEmQ+KD1!I)=hy#p&OQ73|Nqaab3b!9{Rd0{lfivp zEf{_T^$xxYE(FoZeA^c+178Cx!JS~t6vBcB!8-5?co+CnnWw-MFcX{wE&x9UtHDpf z9pI5>=0orlcnO>`oxTnp1J8izN745{3@ipIuoPSXz5!N(AAz5O+rS;*UhtWtSx>;R zpc^a$Uk6u$>%q^#Js^Gza~b#^xB)x`UIAa2L0tmOw1XdlYr)gtWiW6yV;LL-n!(Xv9ykHSKrc84dech+yx#44}mAaI`AC$ z;vD)Fm;z>ltHBN6R&XD95IhNf5B>;-&Lyv4BA5bR0>1-@MqV9g0DFKH;3{w(_!+nj ztOdV0mbk$Cpy4=zfdwE9&H!hEa{-L1R|D$6K=3)RFE|A(0+)kT;92lnu>U;j1N;j7 zJNN_m6Zk6_cszX0 z1-}EYf}L5@8^Fn|)u(_jf!~1ftfdElV;xS0o&tjP^90sSt)apK&<4H*E(2G98^Hep zT3@TtKYlW>6FI3e*a>Q}VZ&}7b%2gDIHN4hrS1j`cJ*iSPWsR&J2+Njxe#rtPPFCt z%8zy_w7+&RnoO&^Rmg+UDC_<<>F2dyX74bvXK-{=i*M44nHZ*{&DC$%g8e(~VCudU zoeEG2HZAQx==OK*RFtbw-ArcggzCJVc&5BXx6UM7(1`dL%`-_04S% zbX)Pbp**qu$W!XdpA=c*A@r0FgQ>_9Ng#RR86bILDA*4i1SC(if*g=M@sHpfAbH|S zum(H^Bv1SvNS+uBBu{)0nPPurg$ZCHI1n5P4g=e#tWhrWgtA8{FNHE*C`;ShbVB*x zHz&kGJxiz?3iMf_?6FP6mj9lxR1ZTN0mYBR#NtPyVewP$e{*(;kHyb`VhiRCn|*3a zLMXk6gxsonZ^Pv326tFRY62J-8XWdvj;hA#2uo zeENOJdBjz3$S{mm^@D84y&&lMIReXuKM6KaDH-rpurGc_fvbmcXbJoXtOCP!;jj|e z6A0vF58sQp|P=`321ZTc~Cc+gC^i%pu=6-tT?Ta{DFPk zro|7&*-eZ0##i37xbP4TTowLpT@ z+u$8g6)gx5*rhq`W%41#ziiNCy!hRvR7zD!By_h9%JqgwU30-f2zW@nd zV?hFZ6Z{ZJ2wMQOxswDstf7M%7l5n555SG!exS{tr3nuD03Fu&8u&W+A-E6dkjC@i zw_q*@H2ybu8oUa0SYs5}4~zlhK(LY2j9CXbw4oGiCY^)%E8sGq10C0bpMYDyt>9Jg zd+-i;7wCXTH-|XVKnFVR2ilN&6Z{9LLs)DC5+Wr)77LI6g8fo(9ry{*=G1ENQ$Q2d zdy^Sc>{od_ZQg0d-sZg+xZf#vF7z8@{T*lQZQdn2TYIAm_u}VeZ}XNp|7Sb;HAgRS zbirLVzEd4-3+Ua}J>_V(qc=Hvv!kyY+UEV$(Z@%*{6ApBKf1rQ*E#!OL)*N)Ct3HQ z&fapc&F}h?y~z>seZndB{VwkPSB$;QTg}(d^}gmy*8hl8t^I3I)ytvI|M)g*Z*uj) zR-<{}ZQe({^Agtn6X$=$HYr+#nI`>1!eqnTT+ zJ?rS%jy~z=I!Ehnv;L+#dXb}-IJzpJx65Cfx9Se-|9||ewZC(g&5!qxbzkshYj2W0 zlx?=2Y!mW=Aup&Q1}|3n)RbDehNAS@EGwvA?-V_XzrYJdmPgF0p_L=x1!dNw6-7_T z3+ez%$P3y7ImNu-wi>ea^vd#aQf2yT;a_#ZXiVk)H)sFo$6au=C>VFL>k*fyr*GWV z7v!%pajZxVTQksx+6zK={aEC%U?b()won!bWr0u@aJ=!SMHcWvJvisDI`_8wZ8=st_f^jQIpf~u?fHPMuOF=Rc%t5)4Q=z@H12Jv*5%&jwXK!E zHZKk}{lU0Ly; zagJW(=oOAW;OG;MUiV`g&vn;XdW)maJKA!+b#HUD-O&z5yB(dg*80mh`}vMuwKcU>)ipR(gT9BC=9$M&P4qJq{n%sHHL-)vrx4c4;!pIxm_L!dm_Jc^o8nL8 zzY>3TjJokrtgF!Y2zdd!)`z@+<()oWUBySo3;2#_2zY@J zj&}%o0i&_mj&&Ik)&c1=$lH&S`+R()72A9l zYuMU=<1 ziwvnO{{UPXiEKXEk&H$234d0yJsZs~^*hp8e{QQk-`g4Q%9^sJqRva^Q~FGUjRc~y z%c{o*ihB}JpbzzYvh-Kms{aOUvt74;#9P0iiXNdOsC5Huk62?n#q{CO*~wToolAG* z{S(vKxIZl&>*-2#=Lxl8!iA=(_04uuaGe9r;>!|KIhHt{ADB(ys^=!Y z#xx0a@&x{m;oH;WxY1?;rm6Utgr70^(BDKbp8p5nrWnSdb0|Fh&Hu{Ni(kF+Ki{3( zIrRE(Gym`NvuB%dTfqy><9dG)P`-ot?E%a+;0d6)|5YGe`kz5P;DQ))^mb?c4xqbmubH6r921D~uttrc(>hI@4wN`uss`P_3VGHN$oF;05vPfl8GAoT~ z>7GUY>|{RHnMm;+q@%L zbYLFo%!@EjaOO_Tlbv}n=AevSn1eEQV@^3gY0OtSa|ZLx&U`xNHO`#H{Dd>-FhB3i zdCWondoTz2KhySne(uIt71ZCuC#-=FTmvC5s4ClT`TvmrvuoRJG@{naHQ>`E{~bzhbd<B=@|?wvXU1!IU0oPj|TY);!{2b?^MX&toylChWH|+r+CZb zsg#E;ar-&(?Of#XE7XhHZ=ZecG#7WMKluX+{jTW_@7x z61n7}Zof5?h}oTnWV*XyRy3FQkI%%l@6eja2fG&IcXOy+z)?i9s-JdulKlkJI|-=5BQ`uWa;oRn0$!`R#oM|No@pI(%W zW;&BG(#rNGV+p?{o9<1D4k8_JG*kDeKHTgP4JS!R-8pcx}6>F60Vao{r8C$d*8At`Wjis{*KUPu` zL8)?nPmV-Y1|qO^)|!a*koBd0G#l$o<`c1ePd1^-pd88WSgMD@`0?bTL@qzt&n@lh zO60RtZlc>HK~?$D?qx7Fn%=mL8od-f^xQ$0ZFp+KQ$uDBdf2b39a;T1xfZ{T;I*0{r|s&|0vdf#j9uhhg|=IaOG6%@%$}V|5ZPg zo)5eJ2k|LCTK|K5O?K=5TMumA_5a7@f9IkC1nd8Ve%AjHZvDTMaBiw83can2;ridV zZhtD*|2P~^zz&QSvyjY3Q@;4KsJID#QKCBm17w+nxZj(|_Hl=!VISb1`e7`JBQ^|L zF5&k^v&nQ%&apUs92-0kDJ8o&O{22~i8wLm4WE-rFM)aSQ;FV0islhV*4<-xQ1Ng9 zZSZ+B(~x(sGO`_>w{beT-N~Hrka~lFlwJ3eqyYCzWbR^(;zuwmHav*g3y>TI&?pTZQqLbf&4gd^$76W+s-3=5h(R)nMq_xJ{k{CzlZQ zNX6!Q+Fcm&na#OeS5XM+X5;*26FJ0ye3DvU+Q_jcA3ifn%fPfoafUG$6RK)$?@6ZO zrrx8zZHA>}I2r2{FP+O%i7`{8RI+<9>}x)4LRP3Roo1qe#Lh>l3O}2O=F;6c+hDnL zPZl@%2@)oHIP-kKIrqf~TYVZ?H=U)AQ&vtFWz#(wQ%Uh;79Z&>MH8bwZh$}FDAUVR z{#>$P8or^S1*t<3P>Ak$l%p@j6<5S>k2b!7inlfU9WvLG&8XdIz*MpWnp5Fp6boS@ z@E!Drbi49QHRk=<>3B~nF(sdmQiu6um*M9V8Xo3#SDN9F?k+^(n$pIg8uX*_IPFL6 zXQHvhAtraRXt&=^|7QGT+mm^7e5^2z`peBmk*U6dYN^<7a-3f1O4u5a(A8H9#iAY| zgL2zS=}j<=ly%b9mgY1w!5MkgNiLD^$prSkI`PvPEAIIhGkT0)Q@sqZ6$<4Xn{Abo zRChXGJjpcrtv&6z#OXci*tAV?D#(ncqNxJY9VAcnbv=zKUZ|_mr4fSrM9483Hku#% zEl%S`ZLiYjG?sz_2AzS3GwBoqXAu)Zj)Na5dXied!(ZH;UefJf+?TH3!LUS%P2^UL z_7mzkcJsYm^{Zf?r&y-E(y!Y zZZl(;7rd*ONp;(@KF$C|89`d6m*%6n#cqJgo>$M++{K6~WLVQZvr-3RQS;N{#8M`w z(tI(O^qaHtkedCOkrs8Pd$iP14S|Ni4j*YM{AQyHaC3scBuO(cjEy3Ib~90`=SJ1n z7p2l&!Aea_S7^~#I?ik|m&v0v-u%*xo2C1f;2iBo?b2|lX$W9Agg)&|U)*MPadVUW zjmf9S81HG8i(Dq%9XEB=p2#mrBxs%D;xL^t>@~yoMOWy?uJdZ7nbI;Af))%q4&^oz zM_=elUAL&K(hKxAzHvPB{mjJDa?XaL#x>aNvK-h{oT zUk2X?SAfCn3+S8YBfuBIERY3x&;uR?kAcU5_7Kdoe*Jpyy|@44_20ex(hJW%^Atih z`i=0}d<|4r4fAU2?tg2;hT6IZ`Cnf(#H;)N7;xR?ZMp8M|5epqZIyX<%$2+|rrY~W zcl4Q_lc~1u|3IoDk>NpmZ;f{Lui+|npo?1cgCSjP^3DxhVP9OxSBfn!^=tV}@tZBQ zJX;**SH+f+bm)48r^H){g^jJkQ}U*NOG)8Myp_Buv6SSkBuw=%uX;qps~zGsJjC77 zy=arr3wpKHe7WI?s$u6fz3)Xhms-teep*-tlPc**8}QIA=p2v z=svtyObg{dyB>w|Unu|e2|A(t*C$Md@}GD%qf-gxKcj>y7mGvrPdchfl4*fQw~}Kh z|Aq2jDE}20?9kL-4TSQa7s`Jhnfy1x+x?=*^1omG#8`jzi-&z-b^T6zgMYZ_s@f43 z&9D99YR?g{^rRWJ?}a2JkX`F2ZF=FWKefA2gtxkJ~q|}n!wqdz|hCz^uafM z>`fO(KeL9DR^UaT3;0e29iS7;d5}vBzzN{AhdnO^@}L)-yw=kNe!9HRTtqwl5iXnqG|wT^EvM)OGVV%_Sl7)9prND`t(sk>0+Xge@JdLDy&bW394Aef;A#?$>=b?$6IYtcgOw+_Ey9*1-aKXLGO+|9mf)f* zcsuc_F&@L;QgW{{brVi`*1S+Ux7c#39-_vdE}S@nFg{^*#cqmRDX(&k5@#M4U7^x{ zTrt80H66sJ8VhQrm-jJ~k6!*~i9O2OpcHZ33OO&#cs{Oa@}m4FO^!6bsTLH6eQVp( zUPG*u!}(u*NUasl|J&>QUyrJOAkaMjLDm7hZ^zG8ng7R!^Z%!N{?{5jlC`t2F4~nN zSi7|PiublFzFkYSPKg8W#8vCc671p)5@vPI<7zoZEdQyXX73xlz7uQ;0(-4&vKyZ)#B)Kgi$)Szga$R z8oqn^%tRsm;3Er`TT*)JO~w60>8PH%2qo?=VK@e*XnW6CQ^sC?H(Oe+(y_3q8i<>i zEtjX7SFHr~JDYcwXI)HsS<@ORR~N-?RjF?j_;vA#l4MJz+2Zh(+uF9MI8wEv`jT>~ zUYaqv8H2gdC-s2=TlaQsbeO!W{Z(6B#%^j){Iz&4wSj0c-zqLXD7o!fLC=@et}&`Q zD72n9HRIdk38#vd@tEv^1NhueV|+)4-aH{$?y6|lRj)Td=0WY2;}(b zPKKB4E_q#Yy5w_R(k|IteA#=&r6^&#`nQyXDY2AXHabynPr; zNk;pRptuAd!rb4Pj|g!EXGVt4V%%t!^u6O5&vqnfw6-$JBo|Ba59Z~G{N5$_vo`}Y ze28p?K|V<}5VqqdsWm?SylhL&euLB0``jmaq`77|2RG2gpVoQt)iJZ$m+I-nk6Mnw z${bb`7x2j93&aOoou0IdXBzGx&{-C9bym`e!I_lG65>_533)oy>e4pmNe(6zE8AEt zq*6q&h-IwX>p~kE#JGcyEIlWVNXNptd-r*vS+)>&q7tI z36)g(j6l~A=nvF8>Al<)CM*P?TtN~=)+LH^78MI$?+KKJ5|;|nG`p1!;P z@fMuC3&+2-bK&?8$N!Ev{wrzRgPE}Slzd@Dv^(#b-?d&P85xB$23mW9&>7s5_$WWm zVKwpc*}%ySt>g($+H|{C7FIpG@-8uHD0S(*6)ISH?7FTz=&Vn$E@>_5GAoEZU!c>S z`i+3{sCC8mV!M9YGYCO^t*jffc&{@a8Iz7;vZsEP$AA|IxDSOBhY_VFbRI&hiv9h; z6hhgR)t+C_UaC&R1bYxxqoz2u0%@g_rrz=r_7w9}Qy$I0OSxv%a%MrkbfQLS+Z~13 zX0^5Z396l7^|gBwwhoKWM=PZ2BG^GG<$i6@>R9mF@v4&YAv{o&#oyaD|AMSrrFx)k2(O^nzxaJ+f;Z+!1CFxthksgQ*@Dwzfl zr#-c_(A0x&<1hTOrPaMVhLWj$Z8{sjpKJQTXx`gWS%3EbSk5H{Ar-ey*rl9HhViOW zwU~NR3i4Swjv&rL4A!?eZjGp%Cyun6m{R0*bFoaN9v8ZETxuz$tC6dD#pc7-mQ7Xt z!uBrhqG>dBah}ee`;os6y;MFFA@T*pv*A|5Hzn#Z);w7B_!}(vcjh%PO z|LaXS|Em_l`G52C>h|Kpe*Y)v>uTL{ZX|f8b#-IDqw+dG0FGlU{=;?nlim-+&+GhE zAh9gz)1H;Bh<@;!mZoYk|{F8!e`l5A_Rd`}+u`p;Ox85Uu>xVf+@K zbf1eKX-Hf7n?=5?q;wi?l9U!2zAr`3lFn8B#0RF(E=y8KVJ^Hm4qKF1#Er)IYvlXI zicgY&q>X}{Dc-Y?u6|*j#lKujQ=d!C9L+hk(dI84|DW#h zKhJ1!BvVV9qjR@WOxiu0ZDvl*jjh!b~d7km9nTn~AfP z*;O|LOlJlT&bnF+lhvi!Um8mO-}twC(kB(4-_a-pWdmR^M5=BPxBA_8r9y>DO1E zEUiS?{-5slm*!aGPd(Xc;LG_wdp_FoOH&z1_Qsv!yFwJw-sWMo^V%oQ(bGd6+()~1 xZ;jahd%wgC+jwiV!M2Pe9RJ(0_P2f7;rQS7ZLlqKVCDbt``_EL4Yp<4{{>{jU~m8c literal 0 HcmV?d00001 diff --git a/Documentation/AppleTP_Spec.doc b/Documentation/AppleTP_Spec.doc new file mode 100644 index 0000000000000000000000000000000000000000..419c7ce193daf82227338aac0dea60563f2cace0 GIT binary patch literal 283136 zcmeF42Vh*)mHwYBOSWvwoo?Wn;@Dsd+mrwyU|E)JfmteyXW0`Z=@+Qm`(EEk^RlQdGFS9 z&pG$pbML$NJKvsj`#V2;$aY+ z0;hBH4DfWoqw3#ZF$LO#4F86MFlY@1`OXHTwBVQm|7pzc#Lq*6x*GqpmYDSollTmR zo7`uxR$u;k(Dcc+FJJiYHE)G4_Q6Q|_dl?IMbH_ff*nDBkWPg3F)Dx03?|ixN5y-k zLi4ELPc>}%K#dE3A+^s2-N72ZyMmEmfO3cqrBf@+-#)x#T7M1P zSNQ2*251B`!7P9Z2=wc4grUP!@%L-2yi4g3M>FegJZz4AOs7+ao~7x0yq&Y z0#5^r!4hy1I2kMj%Rm!21uO?Ez)El`I1QW*&HzsbXM(f9+29%A9PmtVE;tWdAJJen z*DYWTXa!>0bznVc1LuPazy|PaunBAiTfnnGJLmwNU@O=LE(8~Wi@_ye2s{To7d#Ja z2bY2r*a5mgH;@$cfL^c@^nuI3F3=AKfcPN;?gq~XSs;#8n~m_j8|(pl!S})C;0o{p z@Ir7UcoEnK(k`}WdhVq)!O9xZwvL+gk)p|D9c^2CLJb^n`qUS1KEEz_7I1&>UKP+w z1g~|UZ#6!dym0@1$f`fC#F_ABxPL$4^vAu)?n2=#nMqvL=kHB%R|+@P?h#i!$RAhY zMElDT@S>SP@M4(msv~K;FbLkZCOWBtfQe-KI5F4;2*h~%e5HRtKI>d9McV z0AB__1&@QdRP#L053U2(gD-%az_%&JcfgGZ->sk#0c-*p@KW#z@JVnHLOBe+3hsa= zHM4`@8gMPb`5)j*;7{Ps;1mS46}$j^14wyI0<~Z=r~~z23YZESz%(!&%m9sGCYS|g z17H7nT+auGfJ4Dy;BasRI1(HM7J#F{G2mDbf`#BXa6Ev?f)l|a@HDU(ECH*)$zUm1 z2AaSrU^!R;R)SN(Y2ZrW6j$QoZ0Xa#G*I1^U4N7z7zG1fCDFAP0uQ2-pqwfW2T8Tn?@PF90tD(i1P@`_15gv;W`s_t_7s z|DTDR>_ZLwU+w?rQvcv;ABLb6sFwsYWqLw@n;$O z7jOSF>32W(!zb5nzD=KO`)_aE)UtU^+op9_tZ8juy1KRfg^im=23peD;au3zmkWn? zro+LJfgR~=nCS_-biYwgH}vI(U4YbJn962Tqk7!Z(Xny+n&!^t+|n?e>e?B0Wd?^+ zeS>|2y<*;Ien)0gh=rX;FDX0V?UQUpr5 zXJ;Qpqi!QPGUwYByK~F-mgWr`THBkqcCO#vvUyWy>qVX0w{*6LE!lMUQXgwD93III zhC5S6nx0I5e`b&B*GDO`>D;icE$6cv^C@rHyrHe-;_Ypl)@}~BWcvHMMjP#`31UOr z%{}(Bt()QxrMvn_VJz*36i>HPgWaJg&*kZCMkJ+bO+LvusfhfF5;u}P4mY>0iOSg& zc0!@}Ho>#$ushw;Hz@iHhUavoyGF8o!=tBU`nq$e{@$jY=ekn3aDBP1k(?;GBMm7O zK9}wq?#m2@ovYU@4d2k2Ra3g;Dg9NJ+gi2Fwp9N}+6tj)Y9}j&dz!D~70Z`~o3?J) z@WL@QRKsU8{ow%27uD37cu2X!0K1j`(tIP(x|=WD-g?oNw)WPh@WP$x!ElHcOAii< zN8p3L!S24U)Ucy`YB+p@xSf{JtuVcJs1H84N;!4+DFY+Za7J9(*E^WuX;Zkk(zJu|uxn=~YeFn;Dfms>!VVcvq`dIHVb@@053Qi)B3UQuS4C_u z5~p0Esu*MmyLKYit}Sy)Px)DtusahDW`>cF-RaP%lg(s?a};mQYNs_k??%KA7dzrR znUOT6!l8^4rX`NYe9OjM0K2NOa$z?8{1G(@Ezp%hm>ma6jwzs1C6F{neY%Fjo{>T0 zNtbd@stdj#qmdoRRQxcn8M;#a{YrP#CD}JH)Sn)JPpmO$hGZtDg_e32%!S5GG)pQj zp{pGvXi>shX%v#{OZDgST&^~6Y;5lD4>JftHqW)=l~N?Ojte~FjZuc}>D)*^Y~9yG zTMRBUeu5dZX{Ws+nwo||1PCkUa*A>Y-I-)pxNJZV#WUG%RGhI!%m8W&c+na}$rB=* z?oDO8`_nncv@YF|VFbeI-yx>}LzJ`$7qZk8w$Zsb+9dQ}$_YYPpysV+o<){Yy)eDI z4{CO$!##aa4{5YoQjAVCis}ljOj zXSyI`dSI_Doe+A)qrPYu#gddYjp`E2O^}C5++b`OF`tq}OpXw57RadR9 zEg8U@4%_M18yg#EtZZ5tv#pmwYrU}DIM1p4Tw|l_ayMTPp6v>3%oK41^?(svwfCTQ zcBHy?IrQu2PoKlpmhPjcht~7FnR^F6BgAeaSr#l@C$9AQ1 zXn^kYP#SIStP_`^GzxtE^Dr_z zBKaB&*Q`b^+!NjEmnnsWCA2h}0$qVM)!N>^9c9zDXSL|fu>^XFH^AP$v%w>9p_h6xT)2%y07pk)Oo+2&=S~!g?4ff>* zpnQ_>n>KfD?`+@N(b>A@Y}hEl46a7-2UJsG`%^TcqZI_v4U z%~?Y)X@WI817f7fKFjwp)Ht2ZX0njYNR#T;z>984G|Y?)_hNGO#yzQvJ*MG&gSWRn zYinyqCpu}%*3J$zI9+gFTWm`X$(qz9oEnCkBfFtR>Z!#Qti@YqbpDNv&K6G%i(GE} zM7e07$aE`eco=W@(cQgqSN zh{&NH+YrTBJKikH7YC|2A{%|lh;ByRIDL!mKYRIeUG5Zyo&^lk>Py9w5(|t(!aRfE zBe`cdhO<$!=#uY6T*_9zsL1pUF73g5+BsDMo>!%P$@8I3Uh!P3L3(dj+L`&*&=i*c zdo=Dz_G;X7Iz;>vD{e`Y%&K9AKha3aM8sz&#b@Pf3OkHLojA9}WHy_NkbuNA_qdgx`|Q?M7ckOH!&FaOSXj6xz8^=lGJ6nd^FKI0h4HfG{<% zqpx>_ak8Y*I>d-^yc&zx-1T5tly^#lEaT1r#?lfgGn`aSQ)DRYM{kiN>XfxF@K@>PD21p~!0TF|xoVXRZy zCUD-7l=L)&kxv7S=e!kWv%-3V8mf4@**MOXYVnAS*x?bhJKYQBnfVbMuc|cWh;a2| zQ0-KwvxK6AA%^!LA#nL>CTr!S2@_i+ayr3s$55Wph#ZCug)W=MM*Cf4+!hPmP%4{K z!ze?%ap}PvJe+TP*M`2uQ5@D~`S7vUNr{tD=@2K4E5mhC-aIz)SI@gu$b3H+RJia@Ht{uS|k#r>*th>;ir)t9zO)Ek- zsPS5;HQ&NUmBqHIgY6JELjPB;0owt}BxFKVJxg>=N6qYD!QqrYi} zl(SD|3Pq_zjg%Y>nwP^dq>aR*k(D#D$5_N>D>?HAuczw(d-_wo&N<_frsNF2oKGZQ zNcF8rTU@;6?GZQX7{qy!8&nfAls1D9rboFyAXncz=qQm!V=*Ty$}De^H-($M-;Z#5&ge*fh*VyXx|$sovv_8m_XyE~b~J2Z zT$g0gs6BYKFrkdqU3r&=j%WR7-8H&vKIxxlBy$!G72O4KS*ZB9@a&EvIjc>yXzuSn zJEXLWBWXu5%0aGCBuvF9%d3XMYAnfn+{WbOv>~)FmYEYCt!s&Xd=DQeIro~Kas3*;g z^fG&)zRkr?#jU%9!CvzSA>^wMFTe(Aa~2%V$E@cQ-~KjQ$6m2@yTbNfg_=wyO^aGU3n}~%WeW{S8rzBV9wl$aPP5X@UV&d8g zcCywh6qP1d9~UoXL`Mwg)b8%N)4r#iDi}zYc8xn#dxQA-g~&&4Gx`Yrv5ZvmSk5mMgW_PCJKu} zw5f}@qRKewGIPd7-g(kHlFDKp)B0}ABP|zKG-=d00^{e9Mo0DGQ5(q)W#n~>#w{%y zAPgXXls!C57^tt5!=*0$r<sgKF^o>Q5W0R9saK*6sDOmwNsjazm3-hANi7GWUZWdYg^ySiL`^KWwB?UcP zoF9%sz=Q_C*EYCIqR_ZjdJ3ZWzRb-NkO`DYxK!Pgg$?2IvPmGkS9G*_?*vsd#|Qp* zu4SSR(w+=z2KxF_`N5n#xjZ)YMk?NbFBlC-6nw&F-9gk?g@w*OgK&(_qK>|lwo^*Z zv?fm*sav`>v~u=?VH0q)*-vaeNE{mOqfFD$^jk9a%!`+9fEI&s6>Y`Qb||H z;B0}21PKRn)T+8W9ZTZ;SS#N!(da7wKvj$%+PDT8#)(14m*+yy z9mWC*FGFoc6Lo5$>W*wGI~u7us)4=l zYZ%!Ddx95|8){-MWsum&B2dTB-`9f#JF8eCi-jTY z`j}=6GtSn5(!=3KC-lw3!&+vfEhnG6EH^w##+V)*TiTMt z_c6^c`$sBb8H^6Cs=F3PtQXa}jXzCgo!frmbNv#8W>OmV;3{sN6b`+y#tZwLrjVKr^OXz7M z*7RkyQNCQi%;I>>Cv}%lHwE5SaY#~u%Qak>Yd$!|&UZ6f-sQRwr43)2)_+Dg0vkad zrekd$FCW>7rV8r{BHihxQ{$k>jT}p4q9S$C){acBf-U$IOmaPG+^Vepj7ZP?ngxaj zB@Qkmy)TxDT!yqvtm-3iRckn#A+on6`C`oyL}I>$-oa1$Al8MoN@cOGoid2*sK_?9 z*`_4b5`!6O%-Q_P6+BDM_t@UrxwU;$qOHz8yC=%UHNW!v1>y|mH!qTJd&x8}{BtVs>0mOP`eag)uTBcJ(oG&yW0 z>~FWO&igUl)IwxIB^IVZL`gL2E7DbY|D<30QNEt0& zlBbkRge2j(j_ev&Qw^_&ccSaNm*rADXfd=X6&r>c*eO73vP_vk8cW@~YzQZjTDAu& zL<(_JdhbY1b1mV<5mrSqfJyC=G%`Z9Tteky3D_bXr*oY#OmfVU3`91ByjwOy7DbF& z1NVj0j%xw3B5hygr7Am*m=EmF4EDmFi7Z9&HaYjS_R6HuYv=rQN8A>s8V9X)Oz$;a zv2!UZkwt(`C!X41p`CJ-EQXLuXK62`LrS)EzUV zZkZn{H68UL=o_cQD89cZ1)(^3X=jM*qM2@T^Gd32K0IAl(eSQUOz*|=rP=eQEmu2e z1VtHP9?h0t$*4$&XfRE;#D+5ly;>s<7b~vZl8_{j)`AoY6F^z}DOb2Bjw`2QSd}HmqfztSj5I$g%ifKh4;q6J#LHz8+dufLQn73OrWDh z)G3gY<4vbky%rxgLFDYLCcmUMS!BRW!hv*(Hh_B~ zzmXLix85PZRgl^0+?_^$+S*UoC*+2^aau-&v*{Djg)zQc0W*mD5h+lY*$i{+(n;ulKTuI| z7CQlNXBa3#<(j%&Gv{*s$y@5OZM-PaWt_RRVC;pN#Q^fOrsZKf^6qT$^(aY3E}HGy z-GGUbZfIy>vKY_Sa>gj9pK``2XPw0@`c%!7H*t3*cc1R=G6_tJ`gz*%lRxAgt&r{3 zh=LatEQaeK(NFXYeS3MZyy?`2mpA#08BfJiY~sym>cKIk4Tf5rj&f5rO?f@ohQhaT*5^P_Hayr%;z9Z%qyTG)2d;kI8(*2L^egULHJhLFRD%>zki=`(vJWaoOxA;GsF6a5hnQX&3|GK%33=)o z9dr|cnjh^?Vd7=ggbijxshW`k2yY{ts2Y(#!$`?R4GuUK$QYj3REdjr9hPeRSHxoP^CbX0#yoBDNv$`? zR4GuUK$QYj3REdjr9hPeRSHxoP^CbX0#yoBDNv$`?R4GuUK$QYj3REdjr9hPe ze+v}g9G-JQ3hV$~U>J;m--6$R!#Jqxcn*fy05*d6aVX3O!88trnGW`FILuyf6?h}K z4qOl3$Jtb00Y6}Y@vp(hXL0TU_!+nl%;Suzqrhq4954d*f`0&S0-pt61IKf2)zd&0 z>;JJ|Ht@l@LGVTJP0q8r9oz+e1Nu1|EDJJ+1i?P=HE>jCpQ@a`n=8t__h zBltP^-J=gZ@Mv&v@M!Sp1NYu@??d-K@aRKa1zcDDcQ;4A#s409^xj7UABl^gmIKpqjF$5k1e?#V!T=o8XUo zl9?97DJaeapG+{dJCm7~{*ee(J1dy=vhPgN0dD%9^RnfC3ThBC&Kl9-Ztiz2{LFp6 zYB_7I1`#>(f3y8t;ejlWUU)zFGLU}wKDt3VLi$0vL3%+tLHau ze|h)MZ~yP#|K$6(eDmwS|LPY%_irEl;Cruo=hbg})9YUOcQ1M2-rQheBqx75S^H@>d_oUwv0sb@kultFHbAir`W_T=~}3AHkRV{R0d2Ll^2t+^wts zpew_T?(+_J|L5-WGWWTQPZ#rkE=cJC-Q~c)x}bIv?Y~5F`DEHfI{LZjVCiJ(W9ee) zVd-A!-B*Lxfd2%4NVH9vAHPcmEB)i~WU$gd9!Lgz(mx8SP>^ZClV2t?E&b!?$zV_9 zM?QX?r2ovxb6)nAKL_r5>J)c9#k4}>SL%YASJGAIHA18$K`kBW%us<)zN?S zQh7}NYG?kcFMstJUDefpmM@pq)AKTarmkwyChoq|06O)zuKxRZX{xJldRWqUiu>H^ zKC|xgYWMjw_qpN`h1uyoujJFEcjKeJd>_hR{W5>`tNc~NV?NxB$Nkm&^H*R0t-p7} z@BG#N{MAu;E%@2|)#tc6QF8ge)usiq{CKkQ9!~zaujG$kB%e(1$6d)d1wZ~L`J|u( z1!a38KMrncrAtuQ+fyH`v{^5^rq1+$t|Og5m+!0t$$wH;94Yym6v^L)NdB(m`^DfL z;8hkj(!^Fw}KCX zo4|LL1i?LE=SiGJ41Nmk0jrjACMoz7xCML{JOWN!PM)9*oDaHIVt0cVfmec8f!fn3 z8(0gjIXwtI0!}!SxZwBT&){QcV{?EL&%y2mH*rqzPr!Anurt7C!56?y;7i~u;2YpQ z&Dbp9pIWeK!Cm0j;9hVaxF7uCxBlNF!EYbrpMCuy$lrI*fAxpoKFGaCI6wHekK7a7 z6FicC{zzor-xJ(<>kn`JuUiBDrY}E#Zg9rb7Z0otCQpg3XV+e)N71jXQ)_}+Le!pn zQjNv{jSZJg4sQQVJQAQCz4dS70zXO!+NEpN#uIJdlWE(fU=U=$o4`jvxpqG$(e^iT z{qNwC#X<0C@NIZNyzonKD(&A3{_xntzxnmuKfCRR4}b65U;pw=pZUaxZ+Q2+9)8DL z(fqG?@eB532X=NnPt|wY^P#++KPRurx8|?5<*#<-wfW8Yt8R=YOJ#TdYES;^cloO+ zvYlLRQ}b6cvgiTsj)e|2~M>KFN|`z$9Ja4x6a z`5N!ZU!9fD{p|eJtrqV#zRcotv6trc|1z#lcrkQ*33w@Z8F)E(1^7Gg_uwDEKZ1V( zuLQ3GuLiFHuLZ9IuLo}cSAjQzH-R^Uw}5{JZv}4y{{r3)t_JS_*MN6|cY$lcb>MpN zui)L_J>b3Iec=7z2Jiv!L2x7Z5cn|o2>2-Y82C8&1o$NQH}EO&Y492FS@1dVdGG~r z6Zm)VMerZsOW@1kE8wf(Kf%|)*TK!;8{nJZTj1N^JK(>-E#SN0d*Bz~hXA7Q{}JCm z20sB3<=eo2gP#I*KDUFPfjhv@!JXhPa8`}QKPmcFT2IyA++aTE`_|wHn8it|wd7tK zAeO5hoF<>*6#G6- zsP7HJV1)}?6V#tjvuY6oO*tc06IwA=7ma}u4`%a}81t_CO)&qubAnZiYG&%>dGwn< zeEyuE_EM#BPSG?@b!pTVrZH(ME|0{~^@P#iIYINPhxWhIrF1AK;iiKgYA`}ghbjLS zuCt)meGUaXxwjT-4DvMj*A%RV3J(QM+-#s`8E7y{*iO>h>%!JUU5&hr21|ouMYWox zgs;z2E$zfvi-8p6b^;=N_0YsuvLL-K*$FoY?b;P){TD z}!u|WjN&Indvb#{YI(Mae_4#|Gq(AOWbr*`;;I0C$l!N`{2zb#< z?2`HDnIk!?Jw&Ha$q!S3H=ahH|4ekoDuq26)Ht0rDL9Gi+TcV!Cv#7AJB-hIcRdB_ zh?jLg%8{#c!4A*`20;cq1Re&D0Dsu@B;7+Fbn!U16%~I1TO;b2RDFk9YX$KJw$2)UjknShaHap z4(tG3;H}_opo4bk1fK$*2G2g4Gw#7L$C77=PZeAOwl55VOToLqwcu;uE)X0?*}+z@ z4Ge=3u;ut5cox_Weg^IUkAPR5fUN~4(eAZi0q6m51>%K|fZM?Ar_oN}DA2f=axQ^s z!Rx?v;1SROYfJ-cz{pbkxZt0`Tfs-*shhz!z>mRCz)w#>XM@|pB-C9kSO|^-?*Z=x zSFC`};ML$Y;G?I~CxIVs#Jz6sn3?gAH`0jnKdA>ty;a49P0rap6g}==~yPaAlJ` zjY-GlRV4jnU6R-1%21&$Pda?5I@XV`%ahJ4S(j4zCfhMdHKRdaVK(JD&JCZ>09#c5`}SfERs&L?#XM%SEcx&RK5pr ze_US4a+XSGBITI~%}a%u2=A3D+rhe@tm9K%o+A3BRJ%BSIDqiu(n;2MNO$TjE zkVQ}bt&9uy&42P^gEufPC^kMg_SnDeF~Wx!6a1}=6IvM$JQZVw>sB#-1sXHF1sRzK z+}}Pv_vudlZy#4h?qI09@wW?CBup0%l+G*{fRBCtj=xdrPNkF|A%VgYKJh!1@{)g` zuonJKTnm3EuBpFM7^YHQ(l3R1{Uz?iW%jvGQ2Hd( zFBLbLSE(=uaDSZdp;Q@?^-ZQUZU;{KKS0wF{E7nOM&%`4n@d|Qe? zlXRE}%}a$T)$YmkpX%#m9iQs*6wxQ8+QrfT0K$(;Ct0rwZ9Oh-DVmpR$0B)^)q7FB zS}q`Bsk|!OcV#YBo>FlSR{I{PemKy4|Bw0t9Y3JCFq5kOzbCjhpz8mtyiVY$9v5hB z%)uTTEL&x3W~=@`tsyG!#q^%Mcx3PI5Yhhj`8$=uRLbiw;VX*E>~r_kihWlTxidbU z>K*7-_5bCW$5W${6dX*?*;~jo=0l%yzDWE0o$+D*n(kDhnEL6$njXwMm2z(l$L6k< zE-cUZFi-r>TMOFsiRV?RUKbu$xnASLRPQ7u?uk)je49S8be>qOiRNC3f39FPYM~S; zXTRqV`vDQ+oN-5uc%Gi|uHtt9RFou@x90RdW{cLy_4jhCq|9GES)EsdnNv<_Ww}Q|LuF? zeR83;d1}+C)TY(`f2_A`JjKS}DQv-N|L=u@@4}v34-VQLrBz6ISq-wC=O`cj?Gp;a z=+1cin!6MF8zq#-3lw9r?GmFM7JB|U2+rh|W@Oey&$NS)b}`XT2HIglJ4I;MhrP`f zo&_?&GXMn-Rsn7YBo(xRwLs}>7aYac?gRHdoi{kw1OXG?)e&i?Ipg- z)4{vSdUx5LZ*b4;ZRTC1Fqar9(%I?W_*Dr*V(6XX-C&RqN@ZH21aaQ8gY${2GUi;F zRI&@nC+Biho(+k3mk>_xQa2__torCpW0fSu=XAm=wf?BI?RzsD8p0%TJu4`V8|=v{dW0lAE|nrJMx~ z#F;%@r`Zz)jwXfmnN4Z6D}ZPs z%37;m$S;$iEW8uvq>>nSY~tJ6ubcR_aA_yu<`Z8#2<(JngD%f?E>GGtfJ#^A zQcbz`P|Hc9D0P)U<=yLkSxsgI+qk;{&D6?12GS>6iP4FyZRAcnx%WC+9KvtOSC-r) z=RMq2XzlSZWOk}aV6hK9-Fw=Laa`{H}k6l&7{33 zyaw@-Je_)HppkZ-FfO$+G?Jg%O>H6iDQ(4;6xT+%CrjaLDs3aW4DfG+dW&i?ZKOq8 zXhZ2(Nlzx?vMjOGl4@VYnjWPwL|kiaqgtJdWo^6AwP$gOH5sVfU(}#SYJ%gzsbCYh z4D5kct0|%QTj`6()nW_a7ST{TN4?KFS2M|Y%C+K3cJ$CcQ9xW5_e)bqPi?)!eWrq= z#>JJ6GVT^_E{}2;pN{l*&e2pHJd@H{U!oF-%S_j&NJDz5c&eTQYvGCu!CX>NJE`|G zS#8bBvsz#6o@LvC^0IOdHLuLMwd@J=?ci`|IZ=6j0qG`Xx)%Psp7I`+Xd`KP-+!sJ zUT>+~zDH0Gt0(Ha28b_etGuyhw^SsFAvR9h(QqDeB`LTZ+GrmT#germs%z(y-8>WB z4MAb|89~pmdhLAze(hKBcYzoRSWz0=<`;7pFyi` zAqUB!G)Idoi7bs?N+ye7_849Z>7A?$s)y{SMp{zsEy|d@$~v$V=1Mwu}*zG)rwD~J+=`mDaDoRc?>bim9SLZ zX1WrVi^(po?0l69P7iM9O8oZq9@!%5YsT8Q3qsZQF~WA#$Of?59*%Sv^Bn0?I3waB+zDm_qX0i)e=A)oI;E}~VIp@+-W z@{fd6xTWkHHxuqG%@0SF;9#XtzGi=954o=)3F472Q})t%tZ?NnHHK0OM~5qeLo0BH zr4ojuPOtSVbQ|a4RKJtaKeAZfLoFYomp_f&1HV+3lcWXjrNxVD-EtCfJ>{t+ z&%Y*2d9FXSOp99V9;_ExERyAN1y8=<@owuSI%;hSx#FX?P7bqTCOc>2wABu6sBBBDrv7pp?GVo zWZB(`x5VO-yl-BS5#%$=s6n1CS??O%Xhf;8Mi!}V4ZbqzT6(_8^u=?6Um;6}qD5sn z+PGDAeJ8(1u~_7#Fb}IdZW@&iVhNO%==K`baABDc@&FaHmMrF?@DH5Su@@^wBY^A6 z_Jrq?({k!igU$31+Ng$fe^FpRd2gut@k*XH^(EiKTAhpBE~kv;y(mXTKfOL9mCCXqeIcij|AmM&}iDcm@}NT$y1#oMAGMZ2r0%M5*uC0 z^CvD)3(I=TFdn^}&*|uH?Yn8?xC^+_sCAG7D#m(mcDq&=Psn>9FN<~@T?UQhcQBr? zGMl$bW6Mp^*isy&F`Ils%6}Kn)<PJXw-P$(V0tjm^y~Y$Yi4 zclp*F+m5n|4WrjI zx0R&~UM{6sG$W&$gygAz@;s~5qN-_v!k$EJW0I`8$X9B!zQ(yTD7Duhg_>iIYgNVc zzG#~(QwyvAkVP|@*z2ijD|Y!hQkRU_e$5>bXJ#mwJhnq{oJy(EdVQzg(noQ6n!}Xl zQmMNw{%~sBs}FNpjWq zNp8fo#zi(u825dewN@&zj+RxYnFOUa97&$~KlOepsg)x|+J&^yY;Pe|e1ERI&5x`y zo4ho*)NCG3vlhn(E8$|viqF}~J3=cIseZCYa;#~{{}ov^!m}c4JG9#4sayZC zm()G3P~j5mKR&{;5|(yMc>RaMSJ!{|IehVCb^S*vk9BqZM|J&&x9w^*@?9tFHg~ORWE?p8r=p|8Jt_ z|9xmx;`~3HfYTWN{Uy);yLu64l(9#})$D|z_tI3p>iK_vedqsOx-bY*;977UxEcHc zOk#JOTA(+)F9N&49?)@o5Ojha;7)KCcpSX;gdq40sH5HM!LgtZyd8)aJ`Vl|%;PP< z`9S9m&t6RWocDJXcq4cZ_$_GUO~097J!k`$v(w58z}4U#;4|>m_rUkT9pLBS7wmO% z5BMdR&Rd2vz)9d_@L})~@G{Q*dpUSBcnkO}`+R>6{0#gN91gD@0mQTK0QZ6WL5lso zcYybT_kquX&w(AdySqR)cp{x(1@HHOUa%Lu8hj1h0gmTY$!*}3 z;0Ewt;C^s2uQi?uhQNEk-JlNnIUbw=J`7mG;?5LH?#G(EPM(*Syzll}on&##?z>tf zeHR`_)J^cmxVW_??iWd?dJbTDT1}X?$#zV(3y#8k8>sX{-Wy2@qCd*u^JVnC0^bb~B7m@J^m;XS^&~Sh}Q>yNNi}x{&l7E;}to1lJ zXNGGB-Rk*(*!IT;L2DSFA^x{GhWHd?hQFn8#Ae0|PsLc`1FM4IgFs`7w*-G%=LG(q z@~X`FzkL(AL+CNot#^z3h+Zwr4T_$#VSBgazgVBV>e`|NOR?tdG1D%I=w)pR zE!=mv`Yu8BU4rUfqBrtpdi7m`@jHB1_Y&3K724ZCd%BgfrmK62W`pWpqS~p;b4ztE z(G0r?X-~T9UZUEytTw3bCFh7MD2yBogu4xiE3Bc>RzJNy+o^fiN<@0Y9Cph zR%tuG>I^{bhHSg-Y6sI)pgmKy53Obk=eqqcW9`TyXww;dc zj?OsT;-2?YlL5+=+|9R_+_aDHD82{n4y*lSbw}qAYR6dZwyK?K{dr)Ax_xN(x>Qsj zJB3gs9-+RGb+(=DaXZz~TlaMy+YbIsqeN;+t<FbP4oqZXfv^kTyYxi>P zlCFJzt(C;nk`>zr*zZI?b`N@a*G0F>TwJxgac}WG)wM^yPNx*lWoXId>4LVixIb5L z3L*L^fx@eWYB<58hLdz8725ZBfDU@l4JNjtPf(+8x}- zoeWniIUi&?oGhLld#2iCo-adtJi?m9kdqoDGdiI}Cnro9^Si#_>EeoXFp2S}4r^Cw z+ap|8+Le1e=NBvCF;1$bO~#*OTsh4e;?={s;#bM2&Wj#@{#9*M<2h)8uLsw1s#gu% zuqi5MAyp>l=`#-seIr;Hyw8Q!F5b3x`Pj0Gvg#qUCwPi~I)z5kDycdHsMd;Ic*5?- zNVU=_yB{ZvKWX<9Tpv;4q|y1*ZF}&k353*+<)zNh)&4#HoZlM4O^3c~TzeL-MVN^; zDV@q8oM-xzAPm1lX%cj6)TKdP4Z%A(AYT-I+dmz8e^U2o&v*4zIul0cRcqHn z^;VmMr#XHzYewgKtAEw5@9KGVLbk=ynGWZ3Zw6c_Zc_iJlBmzL-L~iPRPyW3Sg?}X zxvOR$*dFhb=vQ*Iop#~3(<_osm44i(*~u}s_O2%QFnwE0?}?tG?9VoJtq#}T$~lEO zWRvqD$;nP8uAy!<=&NJ7Ckvz0x#5@A$a~!B=xcl9Z+7zI&v@6_n|E@K!6bClWk}mv zQvDoxO~&iI68hZi?nyIl=St^Zbp^j9%qp;yxVHqqci%d3_XvJ}WzxH8(^C89T|%nm zz1eosTMd0oX)Q66H0%`2OQ@U9M=Gv=%AHhZB`H6z{Tk|{nY`E1>lN=^)K}~D^<|Xe zU!l$U_~z!6D2-MWD9iZ+^9xt0hxtL#>R4(tMO0?9Wlbvr>*x!BC)wNu^9ZJd6Z_3&%e@ead2xn1-HJp>C z)7vD z38wo6;w8@|_USDyNKaOFdEO8wmE#P~wc|Xzy)`MY;J6rjzaQxZIMjM?{d>*-; zj@~YHI`J*!id9&1IvRc=rxPpx@~0Ck#nPHrEqfm2G7czrX5$t|ziS+SoQKzIrpA@OILzp&ko3$*>Z&j}Dh3r>UAtYd+|F9U9>lv$}soDbj&T{q?fpbh@9F^^4?R zysRO4mTzN~e}4EYTB7vXivDa-JBPO1S(flf#j`9GrX1Ia({2r359f)(FLo{WUHYa< zXI$C|z1I+4qg};raqTWjUWcA4->Yc#ZuxRmKJV0@zq_~Q7J6-y9G#&n4laL&uFt)6 zAK_0=wLBJu4@RfqDi?o}?G5C0+a#T2`&lHWTt6m>SrC>wSG8OVe~g%wxbE<<5-rP} zWNWc|Xf=P5ZDq>eMcCzxMU3*ER(8^COsh&1`EM*gjljpBs9x?oS;@7hNV)T5wf>|$ zhgIV6uMvOzDXw;R;vD~v|F9R(`){_;C)wV9=Tdl5W6+cFTbehnoQ_yX zils*$HSm8O&rgkbyA~_xROnTUXHhgft^#jsY*d-EYiKhYqZZdx<;pLLlrFz4dh1JS zXk%GR=fSh5K_OYbs==|&W6?$LTKO%oBf{nAkgf2~E?}PDTH34&PS^R*U2s%+t4=AD z8Y@o5dshb+TuV7m!&Z<+I?t7{1|2>L%8yX?v%!V@YA0k3K8xcLz7x&i$m1g)jb=-d z9;dq_Iu(~|`6RBz`*moA_I!~`#rp_r>6!26gur=ad?&rcxE_D-4fsaNwd3!i@)hR* z^D*2M99=>F#6_j(E9_oV<&g!<*tfJ(8yk9?P85uktk7%#b{pg=d+~be?ZLwG$xyysD)<9sZXG zbqCKi%OsDfe120XO*0bH%7|hM-&5VlVhWppjluBfWP5 z{i{WHy%@_(-q-oiy_C22NObi)Qj>jVXU0xM_fLYO2GMoWlb66@Pp3q+!3j{V*o>O@ zdCsEM&L`aQj;h_%pm6r*gfcSZN2nh_)>fc9B`dY0P<&K8+m*v+MT^geEvle9zvwi~ zTBy@OJ_{=J1oNDZxU^;~VV9Jtg;DHYN3jbDyQl)iX5^oXza<0yoZrP`^ie$PE{!qh zc&Hg2l0!FWc22rWlH9^?TW8ShctZ31lB`iI6AN#>rL>aPUx?%Vii0}zO$X)JjGW8? znjO%*n_8idkUL3Hd22O=?9Capk+{j$afrJVLmsQCF1B*Wk*j9wv@*cbvl$?*w@@l} zu5T}CX%@z>YLGS^aOKMK(TjxpF6266RJ9l`1yILux(}YJUu{{$_o5@KtdfN!w0krn|2%bxK z%hzw?ivibyTGJu@*XJmcb1kJAtuD&ffF9Z$T;yuAiS$-;rIWZtDd}3p-Gyys=ND^! zNqt8z_obIKH>Ladp)@IL|xl#}7 z&mgurKArNcwzhNHrID4VeA`_-QThDI>Q+Y0f?3Pm^ztWYhbj-#HiOne96X6bjx~D z@4!a0yppFl+pMHkHjO}cogm#unra*4AEmBUL&=o4xjc8dcCj@{T3;c#*}xN9HPz_) z_AKR=yr?I)K2lUaocgso{%V0c)U$1kI9)xKaa%{kN1Nb+CR#bx<;|4SxI=T2Y8zWS zpgB^tiL3|N9BM<)hqGuOt+|nuXq}Dms_2Y=llXJFQXPy#;(cT+eaW%%lKhLOL{m%K zuZU_$=rzf;N;sQ)o1y$B!b*N6(QBx8yNfGnl%$I!_gK zMU>4#*$zi@>q-2&sS7E)I7~XCpVpHFZ70tgb?uCHX>jRBNu{j`6Xn&TXkDS7i5JzS zZ^VOE4snfHzO!9@#23mzwSQc;zbX(goB%DGzatw6)phdTzZ>tYhNdqXTXj-?B3)hv{h3 z57r;rnmmmR?2Qhii0CXS6PK8Fo8>f%ak0v5vyQR=#J5_@+3sp-Yh$d$(mYxCV6vm5 z%5FXy^$A`c`k}d~rZ-k?rPgfHmM)hyEsoa6LNqe1EWS7ITHLy(E#fvFPl-Z_(CEoD zy*N#}%IIzFV^)P)P@@Wy0CB16S z`wK~1RGZ)e)J-Aw1dQK}-yU9g8RVy*t-M9E$EhB9=jdX1#Q8V_1 z^(Pyk%!}Ym)mAmI6=Z(pjcM4p^y;B2_d?S1)(6dU7TYj&Q)#s-*J>+?mS#1JF8SO) znUa@9Sz7~+#(o`5Ya~-zA?e#jnr{pD6;|!2+@?b>-BBxV=6jfD`ZW`pNLr-VOc!W% zh3O92bhg^q^orUq*6Ff!>Y+gsZP7$6n_MrrjWFwwd-XWt%gruF%|v<5vNgoYO%#xf zsSlRM5nrnuveG2Kvb`pwuO-E@UDR_a)>;=!>8TfxzMtu6D{bRjOIop?I;u`eql30; zcWHR-Zna%Y2=x|O+FreY^-*zuY7%7pAWPmXZLOJ7I~tEmb~ga=e*-14akI35t!mQ> z(?S|IQ%>X3IfRiNuhdjGQEDgDkQ7=Ai88+C8m-7GlYi01Le`?vw5I7)lX}O)dZPQ1 zkK|L?HR5q=eesOEEz(cT#89hw%T{B2{nE-;txVRKrk6Ua?=y*0o+|Zvmx_A&QAW@0 z{8BAU8YQjPo|h9_>8WM9DVKT}qpb0Q^<%1?JZ+}SjUH;*J>)rzPMDtWNz5wjhr5;P zB;u^6Y|>$pU9HfSW>bB&4qCMk&7@(}cXzomn$4nj0yjV8+6=fsWrRuq$rVSE18Qeqp^BrE-9H*BrP3_Yqp2@ z-fWhbTQiPpOs`JPmrwS%YNhtm%0cm!b`+3K?L)ddi4~6%E^s-Ur7nt2L!+pLyqv19 zQ`@NZ)$STwsCSSYNQU?DOq?qI^()y2T@Gq*=?Oop^n9L6YI3xlV(J}%v9{WQg_Z?w zysCAKe)NAiB_5)D(p9@$jXme42yL21)}mxeb(>90g|@!Ve0ipoWDTm%R-YxkD!QnD zwf6(O<`NB*hPch7rj;vIlUXAlx6M2qdC8()9NR!?8pA1 zviMoLL@P2)V@!AQCQg%$+~)2|@}@hvmt>e8w-Jl_2DOE_w(yM#c}7*5VJM`q#aDY; z>9l`|LaL17?-3-`*I8|=@tt~Qjkw1?wK^ojs4ui$Se$G8CXUk^C~I9=#9`7p1C&`U zHY1|C+STM+^;a*cv6W~fi(K!4NQ+x&wTPu3_d;Xe7+4*(o#``ac)c~EUU3jl<>{pB z`zNg%7Jtu(^r*?4^ti><3JvuUU6e?p{1)Qw!M9*GnMO@5w5Ifs_gf_VQRCq> z>C3yJ8cLe|cwrV6hQgSfYoy?x7&kTIRhHeQ-q1XR!{lrnqfvr$Ph?T~ae?X3U4$0j^t<&y@*S_G7OjjbMR8e3TgY1@N^xm3wKK1HEl*o1=`5%w z8(Dqj#V*tZTxkrd` zBkHZuUDc`lW`Ep06-sE(qF{MDKl z*hVcocxHB++D0QZ(NorfT5ASW&>gjbjUKIZk}+EeZdyjUiC4T=OMRqtj(SE*Rh*k+ zG~Z0R;>>nF#WUVBBD+RutF1*#X(zJ=)Z?lYO2OM+;z`wNHS{r#)F?_c^%m4DEI&!6 zdMLGqe5pHKpR8QEkp+{1*-jG78&GWAr#TWoa@06OR+9J7&Zk^vhxoFaH%c`aB$T9I zw&Nh0tBp_7P8+$SQMXEEE7^y6rc^bK^u7tLgO}ct)|aH%C{NsIz7!iN=`9hpKn)s3 zHeoX*+DKll#O-ib@@`DwT5>f+DjMlbh59zOR*$Q8n@b%fT{d1-9d{El?QEBr|K)p^ zU#Eo@iF*L?fqZt7d3h37JI%6%u%|koy~b(Q<~EX(^`(AHbP%VjB}EIridG{Zr6tdg z`N`EAs@&2|x-y>IMjfP!2AOGTCVrvk#ac$argV_sJ+;u|HWNCjEzR;ZD^*%dyePZX zMwO=3jDouR#kAuYdUPkl|m#??_ddtK3eUIxMB=4h+9`m8C z(iTVf(S+{gh-I}=P8zSOpGyZnqde+ytd9}5NOIEAQ(YH-YLcxMP-x|3d@UZB1=lF1 z+}+ z>lRNV)0msgS~T6El4!0!?pf4MN}+{ZTPRN(ttY9HXI-sioTRdwXHfl(ym+S16-pjJ zajM=u5;qkqt+ez8N+r6hs8pK+bLRtje4X!d1nz2@X?NKsHZ8&4%|G>w_0%QEn$ z^sMM@@5HK46PI1!_)z(qRUzMdFLlu`)lytJLVR(sT26JB7Lw*t-zB~Z`aGd`uX>pPXdN+64DC-iT0)K=R``->-~msEnR>&4IKiOO$&k=Qog zK;F{Xrdx;MwWNPKNmUz9nx!SpV|*iuC>On{rm>*7QZ|URgXpH(i#ufTcDirX)1HfJ z>ZxW>Yqh4{Y*Rd?re13g_DDS6BEC43_EY+%E45Bll#^uJm_eMUR?$d#2jwwYQSWJ* z$M>hQ5#)bST6$vratA5%c~^Go)4eK^LH1b{WRNU{!`7`$YS0^ zDOxGNYBLN6n~!!j_hiMWo<=|E9O*f;fTd?+zl5}odTH^7+1`E}D4W?zC;HnP=ib`c zMCd)vn`(FBcl@Qz)K;UeMWn$rN)-oLKPjG)7gnvNk$<88(Z;@-p|!q5D^5kLF5>hT zjKMVS5)WjYS6uBqO!?)<5%m?DagwtD^r$%NvCPh0hd$O^~&N1m2pd?jU}Pt zG*L#@pL$d25%ZlMPF~5kQhoiJ2&3_rG_pyC+RRo9Y+*&t1!yYC$SCDCzA_Eb&OP

;w>TP2)`CKVqlUyW5{ zO{w27sWLuR|1(N^Xso08%`4r%8P5Ka=1-%$mbtwL{CHbBe#oV%wAClbyCONV-b}nA zTBvmjpG%|3t6^H$`ZJY9`cQN+8k+Cd^QK9!ct8>+KZ^P^>z(B*H>)6v+-NO`#=#x% zL@OG?ECBV=l5feamAY_G1S_Ft0L8=8;R>U-VkvKpGUcC-YhrTfy|Cg%@s2{t#x@Oa z{xDe@N>RFBv{xF^<)VS4)@x+RrYth0p%zz*NKcPMrP3J6Y9oE)Ed}%ZNOt4(h2kFR zL1|@aNR9QCr{Bft z;vLHJE7|qNXQh?wHF(?YeWOp7T#c@`S}L!Yz0{?%Ap8K|T0MRsEV6a|-wVmGAk%r+LpxA#S9E2e!)lK4?6CmG_K*wcBC2_kb0zbXm2w zTYEuFrpyb&(|AjyE?PmS^3}3NSL?fL-TSAr_|_Yq@}WE)=xq=Ct@kY+;9Boq>6zXJ z`=}wyus=zqBjNS^ZwL>e9s8J&%5lCN#l06%Dm3Km1pbBYuy`+ zHZGTRN*hQvOi!z?QGc4W1m(Gq%_JQ;?ACut2S`gd!=;^E71z<~!)8gN=_b`;7ic8!@Oz4BDqcx4bXkL-(D=2D^t*^V-(A`IGf_l#nerarqi8ju^{w*2Dp#Y9*Q$C4=@#%~ z$Cs}`2k1TH`Qdrwr}jOMKBhK!4ezj7d%vHY^v1#$Tst2bsU>eYNqseyJCJ(3S5z zB=cVQK&@-mx%vkA4*Xk#$vfip4DpQ-df$_a{9XCh>5(-`(X4o z@4fIr<+pjiOX_Jj>b&4R^imt(ANAmp9&xkge{9C-Mi)-JcX!!vdYjkEdKdYtkCru5 zxB~hbSEKU1NKNox>@QJ{F8=+>%5U@jnEdp1)KXGBszggDO!*T1814Ec_-hh8@?!UW zKX!1XcOC6*-mep0c3rKL-dmxF^hD|1NwhaW`SMhLm(;(-`(w(hw|K>=dW%=z(&^Jm zwvW%fH23>AQ!S6L1@ppl;qQ}OF8(dvFOt{etYSY6o+uZ#P-W`~SUF&OUcPC!U(r@wlH+OyCrZ;!*CpUX%_c7$~Jl&a(QM1GS64PugSc;&S$|!k4#)KOep8_$At}9r{f4UB=Hx^_1l(|EByR z8bz8_C>!`%tX#95E5DuivEaCcU##$U;@hJfi)$s*yeVQ8!#+jg%y5B~PMSKY&vdc>~a)uj9&`vz*yD(y6* zy{a^xuzep+#&(@o#tO0>r!+RXgm}tJdqe4aVtYgBo%>3ALn+J!v~?+K!tX~=y0=oF zy^_&asT7QM<$4IEpj}eRN#YM8ekpGAl#8ji%uCCSM!5F{3(;Y=zS-8V%9|p~YV2Ht zEN1Ph^dRrHSKd|WNJ5wI1?0Wc2+Yq}%8HS%PB#1D$e?CnSwF9Gz#=7n*T`Ndq1~rJ0fbn z+TJ_R%HTFQ(pCbmDo&10P7S~GdJ;vl}K5vh%8YV2UvK8; z4)rdB@>RLjF2*PFIBR}N{yll!HM=kWqU>pVi$qki5qWpn(Zf&SdyPcpNBb^(SzKx_ zi^7}?rAmz$Ey)_Ss->hzvcy}^IE(DDV{8k`kQkGuq*ad+h(8x3BFU9KI|DvfVNpMB15IIN5n z@=f?t^z30*K>z0IA+$-kG0q3j$%-Qj((j~jLpaeg-4L1&&2|7SM|VF`S51`udU#3e zGK%f2JXV`F6rr4EjHLm*?8?6^T_%YXe`^h|Bv*cPn|t5kq(k0&y~AT3C;61b-;y4` z!?Zk6wS>@WC7X{^I`Tl-m|Rk3++fzMV#^EXJzknAvbi3~#8mi9^9%BdY5pn=mDe%` z)*6Vpt`16DQma)yk~5{g%;^-%b1qaGJL9k1%#)`)FKO+ZBwwqs z)i26_p?L?jiKr1j)x66nc4~Yl8B+5nqM6rTU5-}LzuI%xD12;zEFAc5&d0-xPyXNa zjIf(2r+KLAD7E)aO?G{W+Q+X4(Y#8ltCh8QI~1^fNxT%lO=$j0&Exk&W8*iyKdkv* zaglmmKM!O*isnV*d068?n>+IFzNig-yGiOs(LB=R;vTh*Xlk=D;#Y;xvv@90>w4|| zQ~$<+{LflFW2=y~X4d*4Ti@Vk)^|Cb9naHwu8=*VnMLDrzp~8i4da`*|FZY_Vn3l| zQ1*{{#15#U)g|gzv*>dtCSSUE zPbr$8To#wj8+t1H`N%b{)@ns@fO5NpYt>BqCQB}ij#lQl#`Vl_@y1-^YCF8OmBH0M*k+{G^Yh*vuUN6MpKF> z9-L^7P4viX(4JZi-U37?y>BL)sFwUUqPMhWL;ZqeMy2TDne602XqGHtE%|CS=UDn$ zDs_}kr4zOE#zz~Wo5|0w2+-Ru$+gkSZwdB#O~2 z{AjyB-Hdc@bo|&%EVZ}#)gfwXvL#KG>{G?xl3H z`qs`ex_@-^eQfl7LiBxN^nFb9t+lBN-xPf>jJ{V#-!0L%w1&d1kG{1xjDBy3zB{7t zBctzUN8j2xMd6-@^q+~%uWRi;qwnp}w`PR(TmB(^%i`DfK=iG3E&44f*SG9TeGf<9 zspxx8^u0IwJ}b0v?d)Ev@Gp$MFRih4d&WuP81*``&BV>~(16k&(mnPbi`HVAjC*d8 zgzNp?U}iJr_g)g?Mz#%CM`1G z^>#|dR?TwDBGZ(mB#oT1)BQgDbYy($>fV zd+D8fm0#4d`D$5MTCJoqXr9-0XEWcIyk!3aH)n&r^jq7AtG%eqztQ6SFR?$P+3~*L zuT5SNZy}DI!+aVcwfbLjsFA$sd}*^ZJaHrvQut{$0G?}$&;^i zrlS|;(3gncy~g*eg*1MXg{Xc^YrGdh(?j4Y^;_!A)z@kd&yby6HxO36rF67u(-YwZ zalK#jq#nz{h&!@KRXZuEUlxBz*O^buI81r!=`PoQ8=op)$(wp?^;s&ne}l(+gv^(v zH_7F7+DR@7V;reCJ{K?BvO!gb$+VKa;9l?>aQt-g0B3@8z-z(v;70ICa4Yx)Xq*uQhk(W446qJ73tS0a z0$vJU3qA?H1deG8g5$t2cqRBM_#s#`GYHm$9bgxDKlnKK5AZE;2Y3wp+pHk?GWa>T z2h_|Cg8ASGa01u}+CeYa1@?iLgKNOQg1R~I1Go&l09*?`2L24@%ngD*FaUl8ehp5U z7X+)oH^BG6UEo)sZa#Gfv%muI4A25D0^Q){;9tNez^B1I;9l^YL*QlbkKhg9ec%J& zCU7&DbZ8LNgEPT7U>mpuWWfj+1up`x0dD~B1s?^=52FmA4-9~pfLDMIf{%hvf-i#m zz=L4J5kas8{2h2Ds67%M11|%w1MdXagFC?8;P9hpJ8%X#2kZp>U>|rHxDLDrd`0)Gcy3vLGA0jD2_ zEP>a8H-g8H4}w2}btfRV;3eQ?;I-hb;3MFZ;NQW2fJedOVAYApI(QD~0sjK70p9_) zfIovti-O=-a02)^_%t}?X~-hz1Eb)L;Ge-)z>mNci{S_GE${;B(;L!MDM8!G17#8D$6OgFC@J;D{#53Hrbw zcm?<;@P6;W$UF9ojyZwK!M9|1Rkd%+*Tnia$W zo51tH^TA8NE5Vz;4|Q6@HOx-cpUtA|1A3n=yw2o3LFI5z|r6Ya1uBfoB@`D zw}7{TuYo(jTJRGv{6N|R%mt@__kxSTQ{Xu;=pe>A7zJJn{sqhhN4`GGri0IcFMtQY zdpg$M@Mu3aJd%<_XTF~nd(giz!-N9I}FIaOZV*m^sPalBY!B{XI90yi| ztHFK~vh4GqCw8hW_~*7k%=$X|C&n87DflZ`x_W+tXQT0lKj5BdwDr8p{#HDv-=K4x z+H;s%UWKMm-;VJ&d@b(EXDY+X-=*xe^B9+xyOuYJbCey*UG+ySmy%{wN3L~N zSVZBzCUZVfZ#8diUb^~qjlSu+=i=X31#My8)xJ$GWXQi0ybD|e-VNRZ{uR6z{2%ad z;NQW;;C@Huc3xEXvNd;xqB+ycG?z6@>!w}G#KuY#|EuY+%Z+rc-% z9pGEwPVjB;9q?VS27C{EAKV4*25Z3&zz@Ma;78zI@MCZvxF0+Keg}RAUf#HI_f9rd_CJL^X zT95n`kVc-7;T7A_GctbtDQzFVvL#0SPS|zY?;MQPAXmp+JJ`1i{3H3>UP~?4=l-@| zg)ZuG5hG)lO+?ez~lQ=jYA^L&f9tNjS-mB+aBjXb-3 zrXF8v%#R{U_9$pbev~|2!=Ja(pN(4lpmMDim-|-iB-)LVUt>K_-*wb0^+i2T-*k3j zdoEf%it0(r9mqw$j>ca0C7x^47d}(3FB*-k(Pc~1ab(4>UGIt7KF9j_R9oW0>!`gw zF4<;RXL_x)!0VpICfm^`#I-3bG?S9&%cI+V0s{3MQ$r_HR^Mui2!&;@) zO1T_saq;Hp@?YVo=V7n+gwCt$YC=bnQ}pfja1P_@&p{eg`}ew@>}tWAc~0whJzk{- z@&LXZ1K~kqDV33tYMvYW?l zajk~Ks99KL^-r;fj4-W5_87ivLyeU_SJd@&2%3m8$2l%qJ7YIlc*AIyt@gu=ol+J1 zu4@TlAC6j@XJv&g`6IdVVkz_rO19AfRrS?+>TY$dquN-tHybOVx~;-HM7y$k|0*7h z=IGi_^hWpsj&l$4sasr8#&CF zuCBZ5zogYT?L3ZNR%*I>l-7visfxc<^k&C?bdOZ{XhbxfxaH;j6G(1*NU{kuL771y5>*Pj;GpBL8$y^i|*ygzzv`~B$~itjHJ-=8S1PZrld z#Py7(;@aIS?>}8!pDC`-7T4#C>x*%n-&}lus<^JxXCjSwM?mt5F-EREuYS{+$5{{7 zBVt6&=N)}AD&JgVaW&jA*)j59(2Ehm8a#dSyM5>m%d_pM(dr@#y5SJ^=piE6}_{JQn#d_KkH)t;kgr^W9?;3Q3CHe zlHA8BH;THqQ7+>mxtlWDC&enT-aeg1g#3RlHMI@ZH(dKk_w*r?KSv~KpR91*3cqdU z{z6JziPBrm4_pN|?%!0>g>GpRBN7?0YFaKQQ#_u|IEZnjEZqXqx6NX7&!LXX;cIRD zCO=GEDAo(3wkZOKD`)K`OnXUU-vkBOishVx>#-JmJ-q3HgS6)yn@0^y>z&TG>`Pas zjmN96{~-FNdKEvST1=+Z&qO}TBlR@V&pVYTt(QtMDZPk16;dZWQ=}XF&B#$9Nw%VW z&E4`x9c-P6v{p*ld{SMdA-&S{NU*14gqvclaLbDwtIED4Z(?Q8G$Q?weZ~zm6=^eg zv|63J(M`=r6BQ31pHw24#vIaa-!_}KN|NV}x$rr(%rRcv;~t)b5#erUyjvrdeabn? z8xiEfmmpSw?d^$qD(BMr!M}_a>?g;{Ov+{{jlbl0aFknKX)tOgXWxb%h?vH%Q@6q= zqV*i(NrTV_U+;URQuWCpZH#@NmU|d+V-`<2dd;H}RV1SD7!65289Iq?MSpKYIbGMa zFI*9hRc8IW7V(6AukTj$ma%o^U@=0>)tpi+G0#@8&Y|ykC#0C#ntMAeqa5EkrtfZ^ zo6^|)#xRPE2I-o&tzcT!GqqkhRXFO*Z86`rqbD2-w!OSa8LeJt3kP?KU-ry%@V-&c z7Lk6WV$bNYXuqiE^vHYEcJY_+HE~osd+_bxuAZ!M7QPUsVtw?54PDrnsn$ge*4-+W zvj^{bB8WU}CJQv-IU6*r-eC>Y2}6dok*2+=mS_5MmWY94Etl|X@Vm-;a(+Fo)XZY+ zF3Y8btrx9h>7>FwJmYALG^J7BkRw@JTQ2yEx>`s+<3#FR_uIJ`j6)q&(rbr1A8+3ef-tB>TlE8 z&H~4mPoK**#=P8ZdES=h(1-Sm`unSWWPkObm6CRH1arAm-c%Rq-dxYhwZ_o&q|-qS zo>U|BIivGWg<_08nr2V>9nU0PIiLO1mbb0FA?3M`Nl%gR#E|xEm5?^!k*No!r$hLz z{T|fYxgHc=D5vnObuiYD6lOY=o-{S1964g=@=1CyHtW;iZ~3V3{vu|b`{ylGt;+{z zRi_D`ZAWuNr5cPqaY(k3mfDH8I{Q4L_+1~OBmNV-^*i(T?}K%ER;k2Uan&_FTB5e@cw7&ch#5l1)sk-9-xFGV0j;c~?_|#ozLY)k z5jBf;ms)pg*b*^fR^${Zx3MNc1z|1hxW}eXKH55#&`4kMn)XpQf*UtZv&4Ju{|-MY zb2o;roT2)+=Auq5a027>Tt&<61c&a-s%b>hXn{e{;t#SB*!X?A6}k+4qhncZStW$t zRk1_S{UhqubMWR2UgFye;MRVdpSRL2r0RJ`^*sE(#52ji@5_ANuEFzzsoTk{D>Qym zEyFn7CsOvwl)(C+&KP|He)vHLRG! zh22Prq4d!n(n8Hcr>g8g3f@!Mdtpq};FwB*>70Nny;*Y4j#73jCqp{A?@tM*7jG*( zVIogB^N|CFF00H`I;z1WZPpf2bF!q#vY>ttdRY^4#mI?j&fyam+C$tm{fbNrYftdw z66;pmSGD(a#*?&R%ho%uP0O?v(|n&E^>~;yBTtywH_s_WG&_>s+>6mv%>_3fud}g@ zR%WZV(sWwQd6Zh;LQ-!g_4DCvuSNdEuJ><{SK9TyHvdh|cru@~RnKF!s+3It?tj0J zbtkWDSu1lNywS>9YOZsfgaxv`HQUvvuI-?Ab?PMQrcJYR{!?#tAxcs^#*mg^_vL%- z+P?hH&^C?s<@-#%efeqKp*DxqV(ea6uX|;q%e7XN!m?d&-M|#~gzl?t*BvFwXj-@4 z>iO{UU$D&Ar@;5+eO^12W}H#jyUVz!wHxBkbyKMKru&R**Pzzv@k4pXxn3o<4%DmUe!^`julM_7X@ml*Y1=70a2=YL!Lul~9I zSO4tx-!lJKvkP0smifO{u`ToeE%X2O*0e42|LO=wTju}HQne@5wh?TZ|7$ncGXLK) z|KF2Y+m`vimcY#|P+R8z|NQy?c_r_%KHxG zvC#gU((Kaba$kp9*2$k!h6Q>2*1PLIr$=s-^-l8d++tlO&-#6A`3IMus@pDUKR{#u zb7-WY|GCf9qdF<=;p|c<&v>sF<~?^mw&_NG>9IF!HP6dmeA`}(NVr!)`}M8LPts2H z%hh;~LhLRXMfvYz%_2sQ`(C8r`uko|?zL^iX~#q4F}nPGv4h22((aQR$m@|NqrHEf z5mV2O?T8s(uC*7U-foXuc(W1J#i;=G`ncZilXRwl@?spd=*e1R#gn>oPWCv@j%6(} zT0XT^><+24RihU91#=Tum|X|f$3dEj_2zneKpfYpMe6MV8P0R{DXbBN-^Kfz@4Sd# zyI#xMJ18W-GxGcWj45S7ivPZ*$@uTahIXX+`KtU0Ba|eHZ_0OT z>Ax|MUlVPnIPt0M%>^~@+(7ov&s(6e^smI7_Y|M5OY9cXua>MOD8X2xo$qikB2OPi zdguFwE+nnCJdXDuTGTUy^wR4*t$wefjE;-yGIqUo>IcC3!`Z_is(~owQLdZ)>|zzrvDR^WE`bBlGVmq>3C{H zJs#wG=WJ-wHR#>(TMBQSdOTtTDb`;7D?$I=xxY8Qbhcrf9N^hdJLhfKNUwEmv@vCu z=(B!2S&LKEE59vLyZmbOAxld1vD(sjXm%f3NWDoa*eUl|Fd}K={X(4D1rIqE`Z3C6 zcz!k0XGWP!k%sGQb*4~jmA4z-JKdpzD=Ftb=n8VAI7_QU%QT^Xo|@hCQp{| z>*(q^2Tv63)cLrMsD0a&8^r*7N1jUZ5sI_t8lQ@AHU3~XG&mLEFGcw}msR0oa7VU7 z1C2*2s@1+~PxZ#u0^Y4RwtRmt{zcre+H<~o)EYWbtrFJLAZFz46Zp!lKQAGJP=4*Se?e@OXTQN?Y5zggp-_ie9pHEM+ zY-Pl>F{AM8@m~4N!pLCB^Gg{Pdk2&l+Gx@p-|5Z2NMR~>!g^zzyor=vKQhk&n9QBs z@;vlc`dpO;eBNIDx=aN7hNt`>*Bs@OnFfvK>x;7#G&}%jB1GYsUM+SyxYdG2&E9+ptWl z{^!-=Kw{SI-!A>(Mg7v9IHNmqww^|+wbYh$FW!t6=!cYargsJKUo(2vg=l7aUk#?+ z!`pXrTiY;rwWndLpT$0puJHaQC~7fUyU_wqg2MKvM9tYQv|MK%wfZN!&%QssW?asl z^H!Zt4cf;O-KEaVJ!6%R%q|_vv#+UBi)b;U0_@M&ZALSx-(qoAtsaWfclEx}-8%52ir2k+G~z^%R(Oc9 z+x2yqcR7-cT^#!iT63Cko!^nQ0?j0z5C2TLlKU^DyR_q=J7u0lIi@pCT7Vvq`rXYKJRDJQugAhq?L97 zIct-fy1zD7Q;vjw-N9-(^s#rh#Z*e#0(XiW)q7)aY?RuaB9_qIweBgfg-pxm-19Vx zYn;ODDFIX9c>0XGSHqoRM($ieiQ}Ga+DcA(X&%S3vw)tw+i~CBB@6JGi#frfya(OW zA^(fmzn+L`UU4R-XN^o}|E;z0+Z5HeGJ5Xe&=Yu@&77S=kk>C%Rlkd1rsdey(La zX{qNh^F5#6W9N&2-oqutrL3^r*bEDP4&xVyS?goQIdy@bhp;Fv`t%1U-f)|gO1$C9TDU0 zOGjTT$%H;@uphoF$)J&sSuk+nOW zx7;)99+rrX8Z@4EMD^ap_Z)A*W!wurotB?Q?H#|4fl1VRCg0;sbh)8)Y5Vxeu@G96 zp4(F>lTq+1rz}KVV)ruHFUxY;_jIC&DnE%-jv#f8cp<0b$#XhySK<-dSLRkd&gbOX zRP4)#wos&xKqtFs-Jduk`%7& zv}I$AnQF@0Jq(Wdb9lnBy!oz=I5#S|qxG9k?TuAX>6giTR>B0Q4%)Te=B8#E^bv7n z9rcd4!}--REz4Wh9n?mHHPU+MsX-A&e3ru8PoUqu8g%RyHSIV&w`FqZhJHair<&U1SG>$)O+lLXX z=Ynl$uf`5CV?G$Y*HR|CWM!XI?CvyIxywA@9&PiGYUI{_3+|F4Gq|VEGFGT+7UkT$ zXXDg&+due2$irAyb7mm-liS)}DYCXb65P#5@wS)g+7hutNDV;RaWCi0yq0qJRAM>L zQs|%?X~tfOu+hjzA|=ySw)y@9o`Tcc3u(`V+}s!tp;g#}&MIOANTt@ZnXB`vAvq;GZX6?RdHV;2yE886s-kDu zzqV_nm-xvtD5N$2O)Vg}pE`A%ynsO(;t!dBMhEk2a zGoA02_aCsLp0$hM+DI+^!Gl#!jM$ z@1Z;~e)c?)2O= z7S*;E{O+^%qq!Nm-d`La)AM{{oX3ezYAT5rxVs{FhdN!y z8FhuHtLyZj4aU$HW2ohrTnZjX`o^7?wj3qX^Bi4?N|Y6Qh|R5{IY|xf3Jv}$Kb0$} zdv)71*N(F?eCu#%#gQLUKz?6|36u6o$rX(?A%8OsV+YJ+oOhgGxa(hOv6Q}-Yle)f z$kP}>K@V#3p=rBk%6<$QckIevq<^EQ#JpK95WCvkVd@^dN*lLQi=fgLo|!`lOwGF4 zQW51PabjCWneAO?D{@Tji!m399+lGur?VzK@>+Vw-yI*-chzfb1@8yVXl;={wepL- zmUhHD$M>5%U)|N^oaR*OT#2nJi!yRLXw0;^Hd*GZQ`BDluaJyc_Vu0Dp{JHOsyp=3>^~xcSPFAG9e&nPR;amo z0#?LVh&V?{)`fK_xRTnSGFzD?U$tG7uMr<0aW2~+&c#Wirj2LJ!?6y_OL*D4i{~Rn9-9G4lZWBR0Jl)lelq^3ICx6bdh)jH$ucsKToRzIUG zbnL|LEc-09GIt=Q_&&jP7IDY^HNK2vTpb|s5@!Vq8No@{w52Vj))Swuq#xrgN;i>` zMnB2D;v}N#SOZ3lP%19QQn@crBwMiihNbVm1s{zur#2P5P!A1d#5_vmEPo>Jo{McE zbTVg66QM2nP}qbVkG`Eo-4T4YoH2WKG%MFFX@4{fYZK#KEi&B+YU+noS-nes6c)ne z2`@q)wku=wt{tZCaol^Ryt);`iNB3O^k-sO1dG3yO3WWt%1qsy~{aBU1@wZ?tm%v|J{eizi6M7#NU`gs=v5Ht%zdq$2N+A+;!- zn#N$t)xPYZsau1^l*`fY4A8R=r|^Gpr=$7BS+}K-ZM(T#)N775dlqu3g77$SM**I+)8lj(IJKhvl4Q2G8!DuL?R(i$0H;oZ6Ri%yv+U z+mp71Jk36G?q*tAe!@=f%rES#!DEBwj-w9pqQ$JVwDNv?%S-f(Qd1t3;%v6JxNS{4 zNok?^hL#$f)^Y2e`;bu5Yqa27^43uYadb=3-V2Jg-L!tDd61N!#z;i8ih3*StLgpR zTqAV68#&dpy5urJD`__2FUxorYAHM-=h?G(MtivuVit3|S^S$$dni$k zfeM@RQ8$ZO&@A$db}-V?Oj5Fatb^?nt(K&>9MiKRvo^wmVG8IZ=0BAFY4KzBM!;iMA<86wY6e4svL6U zSWBtJc5#(jj?q~k??G;fvb#}R$BML=>$(+_SOlC-*4t96mEek{p(glAmF zEHEfEEUaxs&1`|{9ty8~$9Rl#?WNXoF(b}1SM5b>TZyk+vDpMa4~`kFFpx4QYkg2- zNObvTWt~G^V-me>{nPwM$xxk=)Sh^fJ>`655hXVt`%dmJO{$yuo@da`Bt1E!d_}uR zMK_*G4V0n5TaDRRZJ(}g)tFC)rX`;Z-e8NEi;-%a3rdyBLdT5l7NxQjY8_r3^>N=` zP*U}!*7l~6bb@b$4s$O0NM*f6x)@5$O+U$u#N(Y+1`UQ}aHc$$@`NmwmP3Ct6 z`s}=r%jy)CS*q0*B_;cYrPV5|Rmr{>44rDXh}Gibxw_gF_ET4F)R?DH+BV8B7hDb( zi*scM@S9qU^^EqD=g8-b&tuC}pA|0GQ4T97L-$VeK<9c=Y&ZQZ~G@d@Uu#2ew zRAT(e&Frfcd0PeN2^*)JEO=_zQ{mE6bS=2kMEA~oAGik-Puy@+um!sKB!G%MfSr+-B z?GkMmw%hbXUc zQwMM+jO8>3?`gr2O69jPdoYgIL-caRAAcQI1^19$O|JDl=Z*X|h$kOus=U+sD*WVM zX1>=wZ^0Dd>;Y0U%2#-@uSJ^7qjdE>*^T%lcd$+|=il5*u7tHc_8Z+=(;MAgEsZ^9 zXXoh*FW<;@UuLXpnM<$bvu$w{b+5g5Eq2Y+@|M+y+c;tIeg zx(_be#_33}*30`D+IVv>@4gwn+vR$3zb9#}xJ>t9jEuQ7Gd#}9b9+h9^*ZXq6cKz~SWWS1jf<4#`np(si zV}sd0^*qW12O)MeB})Su(d$LV^qHqZYcGy4Rwd zOAW~9)sA(`l%lXVP9?oqkCh)Q`8(U$JF?t}+dK##bXV_#Q25?l;j`%cDZkU&s}dq1UH07Z@Gyt#V&C2z`~llGpd`<%OZqpXjUzcShp+1>+s zHP1Ba*Ai#Tt*YBDX@6zo-MkNyo4cbtd$HE(iat|cu005M{SNfi1W&y%zpg_MZnW1i zcJtoN^Xhf6i}&GzPt=yg#s;Wgp2mAg(=OfzDX+VDrBrwEdX=a5so6g%_uAB-cBV!i zcV&ahaSoliq+PsslGmT{V&4avslSWY5po}zc;{oJ9#vk?n~kU~c8k^P+j@I&;_XwY zL-NRP-14!*W)y8<%cr*LO$uYt0a9Dl(}HY~@ikkd-Y#Cpb83-#eeBNZ`V`iPvM()} zLdWyd;@7U%vi2_Cv~xGfHh1o>LynGzlkSU*a-Z(Qd`}dX_Tr`zRCM+G(beng=yTYq zKM4J40kT+a`jMvk+VmXi-bkBvf9LI_IIgBH{cM9C2;CX&ppL$58ufJ0wqiu8Iear8 z^{;04<4;Jtqh4H3ANKkB`ta?=UdQjye=}*HuI^>Ly{M;}qc-ta*-G<2b>J(}azl4+ zygTuhY~+YL8|+T}WRYX%Tq!vD+PZxce6&`3)Z;oc^1Nd={v}9Ici|3}@=LXL^~IUR zY3FOq1^!4IE3qSb^?2wzMX!F6PfEmjoMzh$mzq^FR@IZ}JjSYaJ`r&rx)yQTxyebq zXI{pJ_S&`B(C)Tx6dT%Sv=`OVCQ>|t+R{pyy%(IfRtnK}^(2HT7$v3NNc?F*FP-Z= z_1<)sdF^rI4ELF=t5KEJn2oCZJafv%QI&`BbbTqH_0BnATC-G((N?FS3k7(dU|1HcSBeyoCT&7 z!+xaoKCNxXi3qM&$G!tSgQq}|;R$>Mzw5E0pUR26)$xph{`?;EKz04(NgijRXzy#L zoMD4=2I~rf^UgA@9F{6AUha-wN~^f45hpUn`cv5Ow1{aftE}!Pf5o&i7t!)6vtD_Q zb7O7qt_SK@;JicocUX*<@!6HU@HnXa=8QCEHCo$}y;c8)I2*@xotU3%tBjsXD|fc1 zyM4SLHlkRUu2IffF4lIn8QA8wQq0Kb*PT8561sOLsvYfq=(6)s zdq(lh?xb8R4wRO)w%o4sK60$hg(B*LySa^1Un|GKE0#eVDt{E^V6M+CD3DyqL$Ysnb0?t^@gOtQR|a(g{=k-pmtv zE5&-896$?{qb5dKP(x_5j<#xxmn%iF*5jDy1)aIRpjFKEs|B?3;qYU9AUw@9(stD9 z<>NS$yX~3tl*n@+t<-VF-`RXv^3224_{vJS>(8!+yW%4M=$4n=m55lis+2dp3&N7O z2tF1Z-}Rx%ylWkL6mrLQ(w{ASVay0g!4{KcXiLFt& z>$;04KURK;^%{FGyz^|c#J%R_Z6*Kp%$;cAo!X6s&Q4>h|J%-ts(<|7)y%M4DQ8%y zy3;DjI@OInR{k!9;^gMB;?U@OgkD~;{wozJb<;Xf zNEE$yL+VROL4&b&l=i;ZhpFEjbt~XJa&oE1Hn&YS{im^mC}Ieh_e_8 zdV{FhEQR;m3a(SB+qhaP1uCIK6LQRl@BAPrFV@Ih?Fvi#BvQ~fNeL$HnPS+<)wp8a zFtu`8kDSEs@&1s_Calr#t;0a(NE)6f60b)b+TE z-Vyp;E8|j0tX5`Ad8VH4`h03#xq$7bPldFWto`Wi$C74d2pdL%HCXu@v*Tr=Gl+Hmfe7>*soNc5L5Br8}igz2T0J zDLmaue#s-i-7eL>+Tk@~Tk6qUc`Bqu_^asiAP8Kz|p{@#AqrsGq}j%Y5@;8sOz*hao%DT3pN*ZC5j zS&>U9b#OHZ^R+x`-1cjXk62@#nDa4ZYiOdb(40f53v&k>8{hipG61zEU)z}SiZr*kw5qj~iy>EV}@X1~`s>xbL=g~Pmw(^$!tz2C~ zO=E1ysj6kF^zGYHXtm6ACvL4cpz3K&y!9e^K181!%bVd1QG4Cz1@yxD^YItyldYhV zX{5aQ3d1*Y%~Cyjhw_=^JBV7i!s=DahSvebb(`X9WEp?op}6i;Tz4t1ql)W}#Z})_ zpC40PM-T~C7XvJ!r?njG!+FK8jo*BMsa*@Hgv@@^pq>-njo#oySiL57WB}RfgM?R%5Wrat~ zqX&~0Z&(PzKg?35F&-8TXAyeAx}#d%!Txg3z2*1WIA`{VJQv?~Z);mVKDR4}?Mo}! zqfqlw&Ub7SudOww{S>cFt4PuiJFa2w%9HL)avWL%%MxB!3!u3n+1HTF2ePW#pXcV+ zNoVW2cjN8a{2|WD+lR5-xovmkh?uF%uWqGO$576SP82@JYC`AHw$2osjsH1&BQ&Vh zZg<8`y$FxPc)pP(-*mQuFSH;jrT4_~ledubH#J1%m_FX4Y11K4m2yjIuB<(fa+Hbe zD$OV@<-ye@2FAw|qn`Qx6iBu~xP@utL9W?AmE zgD2^mVaswSxif{+$i-)ZB7G<2lE$_=sJcNndMWleId6!$T1bPS;@J0^B9`chne6qp zTI~J~d9UONJCi)a-L{iJ%CCvfWm+aig=0sZ*_ow!ZOrQ2{Z*~`B@I+-mvNIUm-AC| zmcs;JioGeeSnSVnWUIH>SB}M~XXIo1pO|ID*UYGWM*TBV%qT~ey$uW+F?i#LR}LEH z|9pk&GE&O2-+^br&{CES1IL5K;K-&dn-3lZ>%geyEISxn18x960QUfzIqL>?2D^e| z!HM8xFb{kjtOjeqUEmq89_-pZ%XSCngA2e{!0q5(a3A`-tGxCz_~9tXYq zWZBl>P;eMH8O#IMfE&Qm;5o4KR^$N=00)Cr;A(IaxD`AMeh2#X&9Wh2H?SW#0=xlS z0Nx4S1y+Gu!FRxp{jzK%SPm`*-vd7bleW&X$zU#62(AZT0^bJrfM0_b!EODs?7QGM z;7L##kY$6xc3>B9G?)oa1q;DS@NTdgdK1d>MQdJPDo#ZyEwEgMR}b1fK;r zf;+%k&@?p5dVmAK!QeP>5?Bh(0V}{ez$M^=;5zU{Fm@Zt08R&sz&pWvz~{gh!L8s< z@CpzjWhVK5Dx02YF?z@^|a@Kf+x@Emvn^xQGawgMx- zDDX4zFxYx0=m5MK%mJ5!tHC<(M=-8T{@~-_KfvwaPVf|X7K|Q28-j)4Ebtz13Ahs6 z2<`&+fW1d%+5X`D;Dg{(;9Bs)&RO;sFlm=8I~=?NTnOF=J_2q6w}9Kh9bi3p0UR=l zaR^QX^T0>JC&3TFkHBBSMlgIdbp~Gmw}S0=&9X8$1-u1Z3N8cR20sD)c7soVbHQ7| z-QYfO{%fF3a22=?JOI{%b+08aaOv)(18xSlfF1XMpMg()>v14|oY|1QYgz zmw`vYZ@_>tlo8AZ3&7jKJHe;HHDCjH1@s=vvtS@7gOT7hU=o-H7K0VweDGfIA+Q=; z2W|zw0qeo*$MFtm1IL2XzzXm#@IG(}_$c@>_$hc2JPii#MIFHua5Oj@oC9tIw}PL6 zM?k;5;SXRDI2ZgoxCGn*ehMB0zXZPr&x7WDplxs&SPlLF{tWirm$HI`!C~NIU^Vy> z_%2uj)`GG7L9bv1co+D0a2dE9d=gv(z5wn6kAUy*503)f4#=`zU>rCYOajxv8^Cd3 zHaG*E3C;$e2VVx?0&Bs*1G8)gZ~}M}xB$EpJO-Wsy$@onf$c#V90N`O6JAf-gR8)` z;BN3Rcm})(UIyI{h8KWs!1>?;@HOx)@Cw-a5O@I?0Y-z}!PgI^O+c^lv?mw=MuRpm z6PO|978fx~2dBnf>20^Y2u!2+U}L?}6)kBdfq|TcMwTC&BN5 zx~mupwgLNt1HfXi6np?&3a$ayg5UH*W`Les^DI~eJ_zn;L6-n)hM>=an}#Ak!G7pj z`-9!l8^pB*)EhnwJ_ghut}HMR`7DkEM}g^J26#h(bzJ)+t7m{WfQiU!@jB$~Snz=Y z%3d)PYy(~frPsk*!C>%9@F-B$ifaq}nCt!EHss>>!2Zag1Hc{NTVMe4;Y4r+{Qg=n z6Q2HAa6P>HHt<*Y@GD^V3BiwNay=fL1m+ibH`i6*L*PnqRRMW-bJp$ubM&MJO`Fh@ z&%)m}ZXBFJZFOej$8*ow_#AADF&93WdA`0D%Q$~P`W7I*Td zdt)eps~TJCvZY_P(Abvo($T88g^z9F$;*)+Tja|;)+$0)cF#&kfB!c2@A%I>zwy`c z&c^;F^r71Ky4AeLT)WP_C`&3)@gSGx0qB<(UH(c77_x>kU;avuvv$jiH>Rk-f5%JF z9JO*9-qdo@Z(q)fH@wN>`C#!%YOGCFiW*JbxapOt8-2y+tWo4qYEF%n-iz19zT9%r z*vM(@%f9AgzNRnArdMOik=`uYaP~`^UY-4tuliJa)#d8S>%BL<>W9dA!-kfNzW>*} zjvF@kx(`*qJ_en#DhcK?mA^=0w-+}hvD=F#;WHhR7(=15b1LWqwPuwjHwIteuy)iUtr~Ouv71V=sR+e~D9L6N*)`L^>h7E7_p7^G zfv%edmh{^6>XKf*`sz#r*Y@2sufMjhufKZJzQC2?MVllc2g12+%aG@rkDkjeC` z(~0frq0$%83oD0iN^0d$lj>h5smA1W+ptaKb=xqL>k4_XmJrpiSyeJK!<{emijgf$6(B_`848aiRZu^Z8AjRj#G3 z#3nEBC zoK4&%Yg@CjVY&Z{AF#+9H+ChH(muGYHT4;b(^_fB4A$9Kl~!(Z^Sw>m-n?z|u(8?p z{50a`UOh*GomZ{yz6%(2Ge*jC(ev7%P6La;;n0{q3XOaW^ikEv;P&ma?3>_M;Mbt% zaD1b{M<9;NK_Z^>N4B>s&D|MaL9iJ72K*LuW^1ZvXZjuXrC!*QI=! z(-*+k!MDI#psnemag-4xo73*l%YNYN_{(jFZ(JKV3VaHz108KrbMSNf26zIj1KOyD zfeD}uXs?PP9{X2)n^J}>J{K|=bUy{9(tKUDiD&z0$ z?Cz=Y{ek@ZlI(%v`w7!B*wNY9Y_82*m*n4vR56{1M$|3(B{Bd{q^d4YOFb2F1j0NMsUSMyq54ZrlO!*To z#Sdm;~Cu;ot}`8B763f}_Axa5R_(rh^&a4PYji1&#s7 zg5!Yu9Zmozf|I}-!JELF!M}i$!E7)G%mwqne6RqV0!{^|fz!bmU?DgYECP$cSzrk` z8!QFOz;bX7cndfeoCj8b^TAue+rZnwE7bWNTt5P=|9gw8pF95jAMX7d_;+wIcprE_ zxCE>M9{`tv4}uSY4};6VXTe8-=`}&19n*ca->)aF8^Dd=bKoX$Gx$9C0{9~M2Ixw< zxAWXL!5!dR;7;&u@E!17um*e&d>`Be?gneY55Nz>J>W;+UhrdZAGjYp0Db~~3VsHD z4ju##frr5(;1}SR;8E}x_!amy_zn0icpN+deg~cezXwl&KY*vfGhiKf7CZ-@2kXHf z!3*F|;6?CfumSu9yafIV{svwKuYiq!xkFY0O`sWc1KmLn&=d3my+I$a73d540qLhd z*8#<6zYpT`U@!y>1>1ma!FB*8C)=LuaIgc|5$puYU<4Qmb_TnEQD8LK6|{h^^yijm z{{9vih%$@v$-b@rkV7*))ts@^HQ{+iEmx+K)9^Nn7%XQ7$A~YFaHFwL$&apCa|Lprx)?=5_gwf0&CmvbO4&!OxIIPn*_Ttw8+~tiyS3Q>v zzUts?!syc0*}lCl+^^S#(~s<)y#XAYHJ43;Ww1_iMVTQD;=fg=fpVYT=Juw)gR|BN z>o;DJr!*8_J(xm6{vRg|8F$`Yq}6{!gP;}GGfTES#wLgpf83{e zUjA$kT2~D{+F*}tC!TLA?ZNXsHno~N?etI_ko8;BD{Fdez#StToW>91>4C-5=5N&0 z^mI#yr$=Y6negdsL}@f{MznWhV3g@aV{6PU-gCBp=tgJ^wcKeVUY+r! z{gHa0jw`J?+yKlrTc@@}I^#^P$D| z5u?lGS-+1h|KRddb=&0+q+yJ*#u1~T5q5Fcj~MMU^{7rtdl>C7Vn<$>_uT!&scIBg zcU)e|)jaPmci*0v_q+Xn6)jVrJ3X1dU9Vh?;}@sM(dU)!!*~@V$H>uAaQ(>9Dfil= zAw@%uJVuwF&r;;*^GYdl^bO?oNRx4Wzs`uM7dg`rGrauwM2^0NHycr1L>RBvmi1z| zrugKqCUW%SdGC#)rEU4tRuMV6(pHUH=;C z@+XXTkSM+>do#Nbj3+UWUlVPnnA553%>^~@+(7ov&r8!-`d4CDdm>2JCALv8swHa) zo@(4ecX2F1UkG`BEbZi}lt%aH1HDyZH5j`h#a6zM`)zql;6b#g=aCq}rSr7q*qaJ1y3%R6PqR~{`ccMlUafs5XIZq-7=ApILkMnJ0-bT?u zwyz(m`8xRP@2gRUS)igS5Nv`iB%e-33o2prG1nLJryUeMK;=}#2x)cLrM2w>Zl8^sfP zN1jTGClu#cHIA@;b@oDb101tnKmMgCU+1!_IghD(N47%)jYle~)xK&^^~M&>xn&Lc zfAJdf0%)fmZ&dA3{xvXCDBr@9g=_8@%h#R#G zxzgF0NuCt&MdWp@*myIUwchdxvzYUn3GEHutP*VxpVX9wubjboGBwbE}~S` z+R0Y%$uaykm%Ow*Y40&Iq^Bab!ZF*B&Yol4E0@ye@?>Z|MqD@AvvVwU1T9|aj_>s5 zU!*XVI}ve9Th2sE@9D$Fl%LF<-SRv<-_*P&Wv_vr`hr1}#kSM>^rmbA|BnR5PxoJ$ zyI8iUZTuTapK0fCPpof@L*jaW94YnV>i?$cj@pQ3Z>l5fr04zD^8C?xX^-Il!?7nB zW7PM{I(=!_aAJys?HnTB#j{iBeIFR^f`?pJfcu~J}Cr%TNoUNx(Pc5}2 z-HSJ)1^S^SIn%!a_^%l~`$9BxPqG+HyGPXe=q+qBP*>OrhasyySy}zu9fL+TZhwZo zR^E=0Wt(_rakfn!iSHyRY=27Bob5u(wLk4OBKXeWSL40*r`L?}xO3jBo7*yWsWXO> zh2loW+BjsVW2Kok=-etYATNg&I%(LPI>s*_-9UEUNj?#Q-6)j98_Ze;*j52 zM>&?KKu1JWIi}R*8*-{%`P=5Oj9iU8Y;4>}&wcOCQ;aQnCM{(zdLFLhPYb+h$xV%8 z=RMn~jZ~)P<(NVZCsV?yl(Yrz6giq+oGcNgo=d$gq4B$q=bA=?&&?o(SzM>^kJAMB zHU*And`da2Q3{O&yMhwOJ=?UEoU~IP$FsA5_UY}oZ#=&R%sOIDxG3*I$C&&tcK3U_ zqIt#nik@3BJv$+>)dh-7If3a=rN(0U(|%!`o~D z$H1aIl@@aFUL|H?oa1gOVnnbreWj)@298- zQAVQ-M$eu~YaT`^JnvdQc1$iew&`+fMO%52hOKy7UdCg%+CTC&Eu_jjOWcoqJfc>*ufe`HT6}P5Pm?j4w)8a->QG7^ zOAkruO01x^Sp^+=Vt7O!w=W%it&}sU!+4hVO^lm0=UvDAIpo%vl$rlpXh!C}%-uYQRy7WWO?&yyZ|fS++S)j`gXI&>HJ?F^0_FGjog( zZr@q{=qXF%__MZs;7M^}ki2>^ZSHwH#v)FuqiIeN5zam5KpR%%Do>mTluza%)yS>= z7WED3Q{gccs+t8gY~HhRg19ve{t)soqWd~CsE%8oqBKk6!QG5HZhM*T82hMAo^kBVLP=#S z2i=EtwbHvm8}@(n@#ZbjendEX3QjMrNQ;(6sbc?xR$&jSkB6Qoby&}4uFk85&pbv zF+)%n32xVibYr!>75yUQiLsd9k#pkEDeT))+ z40Ba~v-h+W*_vt`YOQKK>b_E6q}H03Cr+HQ{VJm*1HqX*4JOK`K5nh-T~AtwQ600m({oL(dY*7po^xpG)}Rk^!X8TFR9R==*!zxO z=N2)ebR4?kQGGVbOrEeW&B6YbPo!1Fvw71|vy8s;%_V&AXpwkzPs@8Ovwd%`*vk{4 z7X8sIg*jQ{M7foS{A!DiDeLC>C_WvsF04brmDC26*~%_$_D#Fs?{>Ogy(~9wTxOCPaN>sL7PftNo*&_ZIo^@ z&-kQwr0;X`wvRgdjPpCCvga;zyc>0>enwen8DjN0=uL|A1Tkmuwq9_ZMU>f+c=DHh zV86!rw*E><=T^3n8u_xklv+=Gx{`iH3bjyHIhXyUB#KjQoco9FZVmh7QgJbs%6)kv z$tO>IlD_*g`lO&3bMoJo{McEbTVg66X{L)P_kYtk32celJ!OBb@qmhyA54LPzLFG^NVY+ZnEVjkMU%+0y3 zGwNfDU)AIMu4TbdV4vAui*kAi9aYIB{kFGIb+2k$&tFZtU7}L;ZMn6rU>&7H?bXh_ zkE52exEDILed7$x(yA@kTj`_@^^ll7M(G@5Qb4M|xk)R@s+CSGR5C`Y>L$yW&9{=S zlsS|Cr5VpA+INMReE{XwpQZW*QStkFKN)=Fa@%-f zR{lxrhUfpuJ(lFT&8HW%!p-FwC9eGz=Zn~ewvKgt3+XP%b(aeLcOxC`I-X}$kpR+x zHao|>mc+wy&N72%_s(th&eNjLVWKSBn;WOWrzi zLr1q1EiDJd+HP7u(>zGZPh;eCS}4_9Szk@>=jPJE@h->r+$XtA&`O&7`O7liirScy z)S#SOko}4>D{(@`NG-OR=QdS1YiDIj&Yn>!1dw_EMRD=tVpq z8u1x*Rw=SAzaLWBF%r*vo~ktuul%q8RxCE!A{_ZKGjRlmG`F9Zkgls5Qf{)Cgq~-8 z)v~q6EupNlXfe5~ryNT6GbqbMKF@@|9-ZH}H7$X44gQ(NwAxTmV%iN5b3%Eb>DwA| zNG*j&Uki5h>Qdyo?_tQ=3|?Wm6&BX<5Qx=Y&mEv$p`z`Ij7P*Sqx|J z&H9`LhwV7$8Ire&vRBS(Ye~DdM`#|g<0eM7tJHGO&iZ%{-bs|*joLa^q{U=M&^qfF z56Y6CX`ywUKcr9Md)2*Kt&4>9!6?|;Kh1wSrX;l| zo@7rsUs(kGn2&uY_m?K+OP0X%OlOjZoKYQJyGTVho=V>G?BK1-xl?VQu5Q(sPll!? zpRHJ6&BZg7oeN5p%0kDC?G~l76lxt_t!Lb~7nD?eskOc7E~wxep~IYuK2lk4kuHW( zbJI^UBkXZ%1Tklj#_Sbm%5y1Cj1_x6G|41S)e)-CVGFsePGOntFKq|*if>q2t-@NB z?A5{0X=VNHc(|XdU12|U)kckZ8l`BX{BptNP;i`4I)LBQVytJhpFBrC=PoN-ruy7z zxsFm=+6dh{%>$k5Md_qS&%(83L))3g=X0rj`X%^TNN!g@)kht#axiD9Qc%cAX*%9p z4z+ir*O>cOWJ!yR*zWU2~9yOlUk;lL5$Ae zpo{oTon5IdeOX4&X_i79p;DT)Qu_;QZnB+jOJ1k(W=PO9+GAzOmXagK$Vlsxo?pBd ztvDzjBP%Gct?TGAznQ$F43<|NNxEZl>ag`p#oqI&utqy$S3k85aY|x^zj->c?d6#F ze8reA??`>DNmn?jbZEZLRh0j7tQb|%_sX9Y^oQ-{`sM}szrMNtCFggJv?r?^(x5d| zBAuS|Mpyl3QSY#>IF3S^Nh>~S@3g-!M^jFQP8{;gvd9l@muSPV{U+Ls(JKv@cd{HM z`?gwo^o#bK$+VU}8HX`u5=U1`JHF)sa&&F&m03qBp(}uLo~_VHqP=~~yd7ilPO52) z!(@e(7Ns4Z3ad)UGwDoC!xZKHw!N((H?s{KwT>QTf@4#S%rxwAdqhe~XJI;r3f)V7 zlQe~}{5WoUdhX84&Kv(BbCZ; zWA@O@p2~;l<;s4HbyyYL>3KD|*55g?rs*2SO88BucUtkaYR$_e7p=eh@@3|G)w>-^ z*#o5ZH&!O+Q=SEs%$*DmQIC4(oUUnVypzFQ#j)S))|$H!+||_BV|I3)&hYY$T-`me zmbvs=KHC;Y)%6LFT~oEZW%c2&_FMJ58FZj^aMd7tbqzUyV{Daw5)@r${CzdL-_Lt9eQE%a$Kr`NjM zC%(Ji=2{rrHum?MsQ;WD$lt4|{^IZF8KgoVeDb6cB zmhUp?p6|+xeFn|>4%V2LJ35m_5`0=&qdcwF1mz*Ib~B$brT>>aKrY?NI6sC@o%86* z+|s$cRPUNf$g1ER%0YDvEy?OVN|niZiL`_S7uH8DbT@UcMLCxmP&^eHyK`noua>Hq zuPjCvnn)R)YskCX@{uRciJ7Ex4(G2^_VtgUjQ|&;A{cjA_m;VGm>U_x0rDj+Jlb{XDE}Zx1eaqYU@u zG%aamwjZp5x02|KIpFQ2chu2xx#1B`BQ$Uwac%vtNTTGwpyyPTB@_( z?B}x>FP3jSBlBtKz}^k*T=}70Fl5yVC?slP{`L3&n4%WO&T?}++q#W+bKjj)L|1lm zKVR(Tei}Mxyqo)eO1FUej?b<|N==1+)SDeWQnTwnvEp=7{+zV;MBV4y%^hWZocxv1 zYD4XJbFb!^M*UjKew?kU+b(H;ZR6eC50YD>-P}G?U#>j}cl{3Z)dY=Pm|xeS2RGX5 z8oRmg=6UtH=6v)%Op8=&Vw?M`U(&FJy1tA1LCWhcZYkAW++OABeQNek%Dp!Ar=7{M zi~Fu@P&w`5elXu5D^=e~UVp}meIID1{w{7u$bD$yosW@vRCzsbHlnuJEm*H_>+Qjb zw@;xC$s@mU%f}9zQM9xzpW3Q--lvtes<&sz78zf&Me6P1c08vRsn^HuoUc#ujVSxl zk|}iD#T~zPy_U6iai^WzNw&FjdmVB#_H4h%I2@ln%=biLX)ksvK}A=;A6>n^jy|XK zFkDS-`jT9mex#|sHa&;BJJ)uG5G!b#k74)s-cE|+YUb7KJ4@L_2Ju#y{_M(|7OxYUERxidr?m{N9~)jvX$n4>cCf` z<%aIucz5b8*~k%hHrSo|$s)(jxl(ZQwRQU@_-L*6sK<3?boa@Bkg>SxxgQ3V%_I^@+p7?!xaD5V;XFIOWCnE00 z?z}gsjux~v>6zzivy*twye=uOtMI(*Xcdb&g_c!)z4zo@qb(fC+@+<4rf^*GjP{~h z+C+*+QCnImv-e{5RV#&PyLuAB6pWHnZzTSdveu^ldT$zKp!S>2aG%LWz{A47`4rkt zT_QBAj%y8S%%f@h=b2NED6CGk_3L3gU0(`l+jZ8I)-26gTb*fci}lV`7;TAr0`0om z=e46~71QdX9Z-w0KGm)~w&ioo#kqw?-8!t4`gOW0q^+%gZe`VK7go;DLn|qU{YdM5 zTHBtJm(ca<*mt03@DwOAJb{nkcjrj@shr4L9piBI=l7TgTAt)duCIo6cIOsewZS=q zbp^qBXRJG=-D>WRUrMXEs^QvQT7L=~o)$5!WtG+a(5 z`W5(;_V2J5YbSOkFFXz^zd0j~S&i1VWN+2K!SxLLLEju(Q(I;9R9d;SJ>Bi&{g7(f z^{w+_XwWtcKZt3J*r=&3V=meU?CtO`ao3VL#Y#f*{@#_AcNT4Hc(45$YVtQrYlrS- zFkj1Ep%ZzB>r>kIw7P4bi?v-_&ow_=DQ4vJ>&_m23Ej)Pw4>c$lmDDiJhM9~*P1bE zS!>JfI`1RL+FU52Zn&GfE&FuM90!wQ54g?n@`juy^wn^cZ2P>tUxpg5CT0Y_o;XwO zdrB>7@Z`f zj@-0&CoSiSu^b?cUG2+rpgBjR^sNuCBUd|mti8|8M~Bqu9-j7VEsh@7H{`3@xSDxF zZ>3m|^LH&!F(-GF1vP{=>u7VOB3Zm#DT=io$3!pa%=HDWVy<5;pp_4YAL|1#Ft3AY zJ8Jdvah#d@o;gp6JO|QB9asF#Ei8HFp>3eD67Kr*Bz~25%Rjp1W!DcqR;?=K4ex@m zH3LnmbllvyshNF-Ew~Eot@f^h1etXYX0AuQT31iyP6qxh2M0i z)X6&4Ete(sPx1$GU8OCrRrL5wS|H?-v{czQ6!uHk@z11almE+E|T|UVXxQm9;?qdSm}-+Hs)$*Tiryv4 z)ur%$TfucISFc(K}p$W+!!gqcUloxAc_DX2QlSsjpFeR82W{P1a56)oAr&dnu zk(0<<-r&8EvM2G`nr)q1u%lcdox^h>#&r)?HT@Lnbf^DAF3*9Uq=vCu>$HCSAW<%N`t-@)%sDigzE-rCuASW@7O5QQ}(hR*RBb4Jx7BCO@e#s4L%Xr zPVTN%Cu%1Dqme55Y$z8TGxoBL==!_L=eURm~ z;U{1nZBzYalo_TKGHecGvN|`%r<6UPwutrRt%}x&bt20j6yF1yu#8K%uE-^nI=C8y z`C1-5z3kT*AF;+fG3R5-*3d*<^FN1D$uXAkZ1@^1qEyv=AT6~|y?T#JY6o+29o*G- zxn(7n-~x^`y;iDQtsA2>y!VFW^cDV5mOT9~_q65o;s~D^`BeLPLwG!gM^54f%Gu-> z*#1uJP0>;xloz`J&du8{BtkFVwfD_0=8qBmYb~Sm=$sx~DWUzXTwOvEnH#ss%68gQL?>mQ(TQKrTaWm*P6Axb9e7^-cBpF~xO6 zaXqZKPAsl+4WFA_T#XIm_o>BoR&gCxT;Et+jhy0h|H9}$0G;2@#-H(ea&dJ<*zekh zysGhgT~u84Yw^2$)~ouZ*X6}^PH{cAxSm&B4=l%XGl^d7^KUP%u3T3rNs3X%shdg7 zgW!O24|$Kgd?6B2ITQ0%Ie~QV{s-lzpOsKb?a&vNAwzvCyo%H8FXb{N*ASD=;Lg|3 ziq$yXj~4l~w;m)tGkn$LB7<{jXDZ=Iub$vKgH|QDx!9k$-R2?b`gI8Oz#B%ti<1J+rxOcjSnesoNg6QmSJpT}3AfpJO$l^JrUV3eLv=OhkXj zp%F0;sOuLqjOQC!@=a$e_(BVPA-yM#pS*>fzo{WA$Mo?YO`8sZs+3zwb7k#;l%t%D z;*NTkcARN^lADf#7Nq**^Q6RzXQaoajH>X23ksLl#acs9n0ba=O@3c7W0E^7v6Wet zJMG{}`exX&+)1w0=`?cjnV?ADNx7u4?d(+Dpc}mudz_p%#9S?;L3my0=jO<-=%~qF zZ>za0E@`+*p0G3di@R+nfs|hppUbpNj0(q&Ig%!8zcqV91?&d)1Y^K{;0W*rZ~=HH zco$d&ZUx@~J90|kNU$7S488|`1}1HtWs|{Nun=4iz68Dv?g76BFM``R8t}W|H{eN7 z8o;?PU^}o2I2z0Zr-FrGC3rVj4L$?9w?G%*4DdE^CGc#uS3t`^&N~8&z|X-S!0QHO z*#z(d@BnxmJO#QBrVT)UFdV!dOav!@`QY8)6X46>tKdoSG5!0!DyQ z;Ah}ru=P&R0eCZ*11<+wgLUAKU|gB}!NTgO7kKz|&v@*l%CP4>$x&1Rn=ifG>kJ z;CtW)VBCJt7dRhW1TF?20UrgQ0@s2sg8RWQz+L-8E1)~)9`*)%fkS}jBF+Fa!SP@Y zSO^w@rQi$TR&Xcy0T^^3?Ep>$ZwBuG?*hL9zXN>^g6DzZU<5c8oCsQ9550q{!F6CQ zcm%8ie+I9B9tSgi!M5P7;2q%W;7+g+^go1t03*S!U=Q$(LunJxdpzw4MuJ_z;oxZS z5%3AH=LFgW^u&&}1zXyn>om}93%&f088baI|4s#qz>KCiTlf0j$S82zR_G_-N$`81 z4l9O&ZNUEE0I(P=1s?#Hf<|Za-q8XN18auBtH4b|k(*#Y^sN2C?&u5R+5#_e{VPy! z_%QewP=C0xz(C})I1(HMrh^&a4F%S5?T@UU0p0*6BCo~kkhf#O2MQ>A#Za&fco~#l z2agAX!7st1Kv^rUE%0Nm_k-Jzi{AqeA^#o*2OyUY1m6O8f)?b(N#N7)|Ledkc>ML? z26*{bz~A7@8^InEf9K;MdY!1%y55f{++#&5s z+Ib`PMywqhVW6DnH!n|N3bSw5a$VC~&YOob!*(x5vO{Z$ci+GEX>*LcwWA$_rS9ZS z_r_2HSGu;;WlO(op|LIFWeXqM!jt8M|DE#1_|yNDvhp95jotC-j=zolJN|PAaP4~< zsQv5s*2exNG>Q1z{2o?;I`^V1sYJztT$%@XHHCB2rUK{&z z3kN9YIgNeU*L=*^^i0|GYD_@Vn?)PWereOIvtRO6pGvQ~cwKp&SxVJkfi#BzAjoQxdzqXc9itF^Mr$sXCc{l~js~-0?!oMYCVZ zOLE5xCgUTWB{K$(n|4X{ucQ?vdhYp6Nj>+xN%=&rq{h%ZNoN^*KNbPN?tOEj>MIidm^2VM3k6#y5Er(ZS3@~{Zr;y z%6fMzHTB9iPAIJ`<;DgL4kt|cWQ%;x&;C7LTo4oy#F2e6QuEAtQuFevQZtGCU91kp$5-+G&Dq3VvbHrV8D&EPs@S%)nx^snYYR!580E}dAkv}FAfY^-6$ zdaSTyT{AW;S*{Fy5!?pu1X{G-Ixbd#l4WZo^tC5Q7Oq=ZxoKgQ<`6IuTn3&19W7rc zvf}b3@JsLn&=NKf8~|K((JFQhcozHx{E3y57A$17EM#~eLPO{CfW3wlU-}@HdKi4;&8(DlmX+(VArFie&o#Xp{#rGb& z#P`dJ=UK1J^Z7*aec0~tecOS za-!eIX7A+c_qSc1@i#VGHzmG*wfO$jk$xYWz3pRhf7MZO|6{BCJ}$d^YJ7j7`2L;Z zy~m2*PnecXDDm8EuAUydB>z4(J8610!LxSX#MN}}$=@57-En+;&n}Jh$DWW)_$>8o zD!w1Ucb}hBT)P#&UvOglet7iuhre);91$ZyqI@&1uZ zvI+gT|7ouJp?xm@J~lh%?705|SMQgL^eIo6>t*d_T1K zzQ+aeeO;0Mn3eJV;-frWvhl=kv z6z!PtUf!?8HPY!p;z#sYRf6?5^=R(it$S0m8bdSK^vBKo?-;DP+Jv?I>Z7ZFm)=_c zm%THAudAx||GAl(4(ZGw6gVxV6e%$+Q$diXX*xiM*aRr3|Mn)iZ98RhPZUID@Bxab4{>+`4k&_%h)g1ikpK6$*V(!ECb>5O@jZQV^ZDgW zdt7_%wbx#I?Q?7gLJ%BDIwj0qa+QavgQ>Wae*JI6Z&F@r+K+F567=?&)|!XAF}0;}JL z)$l+wpt9iXsf!gb`cv5m8(D4{|LrVcE`68@pWKn zIJOill(d(u9mL0^iGwf21_q`_H|F6RpWV?WFHG}}_B&qX)2S5@dHTzjQeKe_u4jmU zbR{p}R-S8R#D2wALW(_$qURq>%yc=if|E)lR=R`A4=G%CBu2V}N$$D}Um1y!uAm}1 zN{rx$LD;_&F+vgD2-zLjh}a$2h}ad_h}a$2NZ1|NNZ1|NNZ1|NNXWi%HxiPLlgL!H zO(P*B;wX~XNZ1vPgk8}{*d2|8-O)(c9oR_N9oR_N71&7F71&7F9oR_N9gT$D(MZ@G z*httFjf7o+jeL~bjdb17$k!E(d|lDV*B#i%#}`{%xw``!`MLue`MLrd`MRQ!uRE}j zuRE}juR9v~x&s^ex&s^ex}%Y=E3lETD_HJEysl^j><(-M?2bmjuE0jXu4n}84r~PM zjz&Pzbt7PRU?X66U?X66U?X5xU?U*uyAjY>b4Ctp-sm*OENkB6u197~y#eO$hBf~W zk8s^1jBs}_x_t&59DJHKke~Da#0WQNrg_cc1J(KEC@t=KM1#*jekfBnaxFeD;dUYX zYWmUB9~pRLKh5;`(UT`|w`}&nfU3`rGmYmAZ{fgzDP1MplZwhc&MX<-la#T0GR31Sa?h!lF0L8j zOGrgI*e^rC4U_TZoykCh=C>@QkIV~#f2RVn60Bebukv9d0kPm;`Cq~gbCvZV{+orq zoV{)uepTXe>|fRNUFTV|Kdz4G+E`CO5~RS>;2H2Nz*DQXc zTl~Hn^@S}Et_^eo@xlLu#qa-urSA)eGmkt1A8fD`dex&R=!(-{M$Ahh2J}n zZ}r1K6Fgb@jt0kp(?Ab+0z40%J%%vH;>!)L2J7F*-VSgLesDK}dgOzIuLSX-OUx(k zSdOQI_kj<9i@~Mf3UDR33ZN%d1{}L13m^LDhXa0Hk%bRcKe{#xANpf-Z5BTCLwDUB zn1!!9FbiLIU>3gaz$|=S+L7S$F$-T;U>3gaz$|>-k%g~2vhZ~WX5s4&%)-|dS@^nx z+nt54J1`4hcVyw~iY$EHk%bTadX?p87QU{)EPUwY$amG(EPCC6S@cNvLf!8Q%%Vp* zoCU8tvgmb37QL>>qSqB!^tvO9UUy{CgO1M9g?@|W?lWgW&*<7LdfkyluRAb{9{RGg z=yeBX(W5=0`HETeXa{G}8#;fX-p--UHshx$cD=-V* z@cE2c@R&b2i(Pl{Ru?`yzu6SUA8G3S+Wba+c<|S+v%iG}Z>0H+tarkE_Avj?&2Lo0 zf9~HEuUYVN7@%i!D&1KfR#jCks;(Koyf@j>)1FGkJHp1UL`(bT_LjJ=tE!sX5@A!r zd6{r?Hb`qC(~@rQQh=~C-k$8}3++~OA`|uyp*hhO-`1W=hpEl(x~{Qt&BmsNjdh81 z&x&-ax9gNdx_xusV44fU?QQKXZDD&RZ0Sv>6UiQuR6fL+T61}o=#MUs*0}#6{>Amr3_mWo7o}Mc_Y} zQ{D}}4ekT?1HV^8tK20uHlEn*Bv^A9yy>d$qc)`KtCM zO7GR`wpO!G2bX|Lf%IOjZfh0$EkJs%Rb!F6QYhctcFd(4bKpVR77CM_{#ed)(=QZ0H?KlrUdH_~^ImR!bJH(W zo~D6D2%J)2rNuU-13YNepnfD!;Gao zW1)GWFk|7p-17V_&U5Sdw=T~J@}wyJUq<+0>EzZcqT8@Aqud`R>k75w2zd>Qo7;9# zy>j`pX!zW?xn(X?o)N;k^k1#^9id+rE&t2ScYFbPQm9`4!1r@`VCXr`oA*PFdeznl z(#Y(8gmnVV6Z*klJ6AZLdBRBZg#!-w$DT7>#~k4wW!@lf*T2==;f^Kj!v~r}Tu48e z0o<>j|NXi%`0M9vggYqiZcWaG8zD>!50uUn7l42L{*J#<=+0;bq|NjOx#?oH@dtpZF z1sc8bd%>%HCtLSdJLN3TznUqJMlp@m`4oFK?~ImveK<6C=-Z!Pp5b9$tvjzguhHst z>YUN*H9X8~cXCJkS4NHDZTia6d1bN2n)_({^L8xM`Mp3X505qcj$#e|`foyG9qXN} z{86mYQhwwOLsR}oyaT12w8>KJmDgf4itTm8NK_pjYxte~7Svk~hllxlyOUq$or_;- zne)@xn-!6<)HFX<19PF*?nFG^KNe~X?-wKAxrp1-qJ)F~!eM+63p02%%1Iy3J$5Q= z8Sfxv_v{mO_>O%XUovjVPO~C3=P?ZtFSRVUt>$=AyDg143U|7drygzox@`+BF0pn z5@W{YPX;qDKQ34@FE&{_6OPJmPB<VFr~Gh}SgHx_ydqiO!68d74Q9vY5p$xefqijiEw$3F;ut+bEg*ia7_anM^Kt)!<$H5n z)83L!$(JZRHI;4+m!(>IJMmL;{b=pdqfTW=4D_VhKdIKp8w5-GgGswC`|XaEL9D4i z9&B2CF=H}2)OKEZ=#I0_W*^6UgRYe&N8j<%030@fjydF~l9c@LJ3st*^}bWj|41e8 zKL69_G`5xxxu+e%Y*yhL7iKlqh^E;}m%@VGfMq_X<4GI27~s+rTn*S_5nKmUhZ})x z)whB@!8ZZhD}sA~(k>+rl}Wxus1PoUIa<}FI=gy%66pous$@%b7zCkuji{ib($H~f zXvbq`RJwe*Rq(h!1rkNbDmXdQp4{Sm!YsGO1fF8;J$+$As-wN7FIVN)SDd_R*~Oc2n% zI#)i+QoUQkHSIkuZHW%{Vr9c{Utv_2wYV?F5l6-1sGW~k7`Qkp=a4?UxVk3jUBdm~ z*nj^VCceO(uRJc^zwox0JAe9%Q=9#H#h%X%oO+vk+m>jhw6!-;N9|A4QNK-KJ{Ps` z3MQR@3pB-LP<`OIP5r@c*7g>+1ZCWtC7BTQ|H_pmhuqO$8_ZlxWN5o#@$8^sXJzS? zU%6!9*|q&axU;h4%3IDFcoI5SUNC#$x}7`s-Ldl%2kzK;^PxL-{`~MA{j-9~`Q)+W zUBTYF&VFdeNiRNi&;rV^q(7)6ueSc3LFKN?f4gJX9nb98^~ei57C*@QoL@TlYfYOf zP9V-ym5p+h5cW8g3;DG8q=9>n(R1oC7rC{V=ds-!$*XB+X|QC;S-~XAx_CF&!^%xr z2g^+zqHm7`d*cHahz*c{_pjTSpNNnl%H#*|M(TRG2<9t##d9O z(`@`=(_l>ZIz!EGCI@FUpV9neWiU#4s7OonV zvze|rSL!f79ci^-b#y(}<3?0lNvF6}+%X;(5N`KpV!^XSIp^9~@ENY(NBm3F^@sdC z9ejC)JRY^YN>{&%^X=%<^T(m-`s?aH;)VL&Y&;*|9~Dk?ADYh4Ytd(<-)h>qjR)69 zM<1`y(U;4or*b?2y?l9|y(kvEpY$HMIOftFn$AdN7|Xpz%1<>1ePe%iIA?n~*UJGtQYCYI=$mn1ce)O4 z^~y~7${pT&ug5#2`9#k3g-bsFd_}^2{{p<_@y6HHy2fxr*wqn#&Hq2&|375MKw^;4 zor#vVc(T1Ef4+IzzGPIeb)3XloeT`<^qt<|X; z($X{7irRe;@5rRWOmA0LD&3Q4eIp5HLUu8PE%9WSh-cc_@z9(I+mo9UY>Q|OH>Xpb z#tEs8j?{Lk#I5a_mR>eTq>>B5xRopuc2XIl#!0$4lj!laD760~oWH%jr!Cdn7rH$ZqwVI1_}VjT*i1cI;vJNyE0NZ=6E=x#PlY}4%+^eG zxV$}0-+`b#@vTsndiN%oM^S;+aEtbesPHXp9I;I)1et%nE;BH-`UMeEZYv6VS325B zir}fPL^52qG^7n%I}#ZPqkug~p2bgvmsrm75|86S$59WO3<=2$pO*k?HMll^cOf@USnb8rbO4 z9Bh@rbsw>87`_mygHn}Hr10j)+KE`2h|MvWU5xtcMnC*I!Sg&E?-Jy6-A+=tTn2y6KvRaF@* zNr|qAAdr%6V0tvXDPgHd=n)Fx+73NUca_rocR`t-DWFm*DhOK&+xa>iGc<7pl-E)P`5h&LE~VQy2imct_GG_UH$r| z73uu9pT`Jj= z*wGV}W>~O|>+2g&Ufr~@p=o`X7h%2Yg@?Scs;V}<#o3;$^&snJHyC7&mEcV$5?<_u zhp7)b`G`1dYFH4~tu|3e{j7mG2|K0o(A`?%T}~Fkz^w_yB6QcNU_A|Piud%2T|2g< zu)DM&#QknNwY}?qQJSjCH)~eWUz^+({ZO% zrQ_Qp*@!$*vpzO=qC-eSaoM=B(zo>dRkpP=r{>6n_GC1m zID*lky>J*9Rv<~0#>)$&z!wN3TahdA{@t>e@xC^>TbMI3uL-uq?oTmyt$xAKo;`h063MZWxr|`wEb5kpPF~)-CRr{gbr1MHpIJLnjrC2D> z;f*xt9cQd4rbAqd#-og2QjQM`>0($2R;vO1E*u^xC#6h zdt~nczX6B8p8cYr4eSD+20sNq1CN6H55*397;E5Q31|eDfg8b>!871lpf&dw28+ze zp9)?)ll!FbMPB3PrIz=k@WmM8Rp3O>!m?cgyc6sK?*;DzrFbXlyR7rT!Jr;22j2$Y0iQaO^%?LV z;0xfJN85K*tFu#$KU_%UANzI(-*J1=E}=1{^VtseeA*y?Y``N7ys+O zoO9MY-@ci6z(x3g=@h|wZ6@zCh2hVm6o?SV3_O-#Yn>jl~ee!SJ zc9oc0NAcZe-YwhH_ z8wcp`ELS=i&(X<#KRyhT|LR-5eGa0HJ_D`+dTail!B!lcI=~me_25qM4KSC*_JhEi zzzN`%<5@ce_k#z(DCG zb&N@12lzKof~md~lmV?z{N+#2jre=!$=^Np>tFriXAk`Nhxh*1x9__1KX3ioSNNK7 z@b~d6VO%b+Scr2>dBr;SKk5Eo>;C`B{h#e5)FC-C>uh&^wfp}~_x~mLf1#5|Y4`u% z-2Xe>f0I|gbLUU!zmrns6)(~8%PU@oWDMRQj|P38GQ>Nrn*ZkGuoa)Q>A^{XzT(w} z_d|leBu^Wir@=ONmBH^I$@=MPd>fMP=}PC_mLbg4;6&p3x1XlRUtaJIQB=KM?>$9r~mEoS1c0I=y?vxLfvX3?16DgDGvXpQs-nc%A zm1(Pk-VMEydnxz6@ignXzIJ*tyj~NzXW#iub5sbWlVa^Tw`L8lX1deDvu4UCI!)m% z)bbM95|y>qg;IU&`J}vhE+uT58p?xXJ~7RoWD7^pFAa4Ukbi@tt=?>%aM!A#%D0s~ z^ySbtj$MSC2WknWR?w4)?%ngP+&#^e!q=mUP#xSIDL;7zsy;pZiI(DvdU8{mD$x{Z zAkUc1oF|-Ti{~A^{IX_*`b?#?=HIE1 z%0qNJl^E88((q0;CzZrFc`Zk4zgFUx!lg}wn@N2673s^eNtfpem!7ta*m?j+2SeL|!6K zd8j4mAx4i@@{ZFVmQl)H>Z!I-S*;9JaI7AK{NrIu9tD%Qj(jV^Mw);6k@yI9t?vt4_R++(c|jP5TS zLyp9P1Hs{7EjR;ghgM4+EyTB?L!T?-EVxB9l+2L?S;3Wh%65)w#YN7yr-rjS!dU%G zW{o2~wRN-m9}o5&7FROLxLdS2Gsf<{<9(b#3*q;7NN%}RDlMLkh|j0s1>8T2dlf-|8_ zGxyX+`fiD2nfxKQ@l15zi&XV>U45h4_}R-lg_J~+?2w0{o^FB5LdJLNDMPuu3jQl0 z-_H~3XwK?_Yux__xIT(jZ6FQxL-AalD~U7>eJNWS!PFtV7BV_n8B`DX&sWisYHv}- z`m3}9OJOFdkKS*rgonX{G5pucpv~i?I)Sqz_-|+R*fu^J-0EsFD=ejSHTc6#aU(#I zm@2)MOjM905M@e(rg|pAnTM69o%(vJ z6>A)CzP$E0g;=@0c=USiPmE$EEL6A2u7t&6mQ$xMK;U8*o02VA%pXvvF~j7rxQ><>S2v>dJO z&jjB=4=r4x@48erL#0{xrWOmy+n)KGN2?qL9gEfSFHyJ!c=t|*I}7K&ZvhTg3dL*o zm*Dc?E_#A^G_HD_!xrTHEY3Di>C`v<{*_&kCmn`xT+dRzen=J(?_TL;6W3YxJE^kPm$g3decYhSz%U-}ZUxvUi#$Jo!vsd}57pLi8NNGB)SkEqk za`t&FL<_hnxVrD9>p9`L~2AUg|xIw5Y}2jP@dpMSZzgc{EO` zC##1R>Vu<=Wux=s*IkV~Kl=96mlXLH;b40f>${@(v0)*KtM`pO6WpT+r6j9;TNLB# z$6Yy#aZxd8xu1*en4k zKjgAS;fuT#p~AuPp5*0|caazD@!S$TR`4P(PT`A3auX;VtnicE_+vV!W&KKj>9jx} zaVnQzfWB?dTCY35r^KCme%M?4<(~%6fEU3_0KpiSn%t|gI_afKIH#%`Saj0yE!I${GSgrj*YO|duzv8L76UsQufA9tT}Odz_D{> zP&T#n3{fJwb8=-Y7#E!fb7utyTzAhK!s{M9exwha@1#*tRD;-pn6@?qlRCz48n}Jn z_DNTdzbX81`TWwqpi<>MC0xz;O{ih4-ML@v;36|H&}Rj$<`-o*1KKGqPA?VvZkEGQT8iYQf=KqZ6Iq}hkJeqcbl-JsU_4t znk$=Su!}b8<*C+AltLWTAz&J@EreKXWL?%eS(3MJDE0#4+q#0Tv_>HNW^UX2Qr4k` zAIf}EcIQ49Ds*L7Oq)yNdF?kA3RJni#aCRRvaL>95A!_H3Wa6)mo>MS)-Wr-LW?i* z`=R1npVV`mXL%$O^-Nh_leBo~RsqerEN;>INw$BBAN1Y;+5K%DQ!#YcRv=Z@{QD}2 zxJ%#3*2+RwHkf_7Cr>gA&rv+{&&W69BO8OP(M?hRuj5`LYa|<8e^RfOwc4*~sV|4D zRLi!m9-PZLT8HxeQ~g-$I*P53{=U|Qv=S$2VDGXT5OM8SqmJv9n{?DkO_Z8ga13FqJ@SMe?Sw(X9p!JI37`{#Eg; z)LTa$VXy(%-+I#8=B(cq{~tl7{BO3uq|9pckC62iFLTzhe!mRKQ;Rmyz|;Cj3iYxQ z_*##Ty3(t7=o!_rIxm#XZK!3{?vC9OH=n*ZvhCBnVx%LcT|YJN8?A0@jMsROW;#(H z+*xuND<5U_*=fOJObhpfXS8x?o<d4>nY~RMKx%fB7q9>ua7fqKb`m@<{0<-&|U04XBN~?bM)$H8FW; ziUy)%6Hlx)%!_FnG2_lhL)y9bgOHA9qnqe8F)Eu<*y#F@#@0SK=~U951QlvQo%6$5 z!}$hskw=wzGN~=q$9yZxH^X#tD?z@$lW)zT?Wk2zd6t>iokmaV^=d`w`0ByZB~Rp7 zO@CLdXgig7CLS!_<0nlh@6oc7G~^eO&1<}) zuRLNj=g}-CO^dB2wr0MnwfVZ9L>ZN~N{}FgT17rD=4awP1ea1WrI4WxnnRoSjIXV7 z*DP7HZtA42+#zgtS~2R%IF0v)gT^@RJQ;}4_bkD}v`qvL%# z9`u`*XLPLpP5blF^|R6SBhm5E==fVZo>3AV%XK9FYEFB6_rL>{Y+PBv+r93CUvtE&j9(#acCG_&5VI`q(D@@-C2BHu41S>%zcnuO%3KY1SJ zk1+WoiQ2|`vZyF($p75S^+}Z4OOSlYG0nBAVtQXh^OaT$`+0I1u~$;lde&uEkh=Pa zcttWmo^JAM?{FS_U1%06rAq7NovtO1vgyf(U6Mqch!d>$ zi8^&q%crb#eO*-wdH>40Tl{T3T=cV%TK<~qxf=V_Z^X66Mdl?gDQaWi6!KLnSs5*@ zPM)MnttaYv8viuc17q+ePumQRLVZmQ-4s)+2}2QTGdRFeJ^^h?A+2< z)o(fpWuu8=n+BnIZ;Es@DovucimkfT)AtqHtYYe^qDvpot;{NKni8MHF-aQooV65n z-`abxsIF>j?-{N7Ngt6#w}JNYKK-%+N`hGrQLf5qz2hCFHr>@(qmyZSrprlN(;fxY zQ2k5m+KM|oH}zZPS4}UfcJe~yu(Wc0wkuuRSl{X7c{6_E(oSs#Ai8RdmR=_cn{=`} zvS~KB=N;6flXB(uz%AsazSoEEiCR=VpgZy%S1XG`;x6yQxu@fu9WE8s$2`YXVp&X; zlg2W8YiK8Fu0&?7b2s+352mxOcGf($~HQ?N`X|j+ji{rEy5JQQtJ#DxOwfvA*lI$Dw+odc5d%hKs9qH|`x-50YN1 z9R=dK6fK$SW9D1Ze8I;NqMZ^byjm#6tUHERmwJU{RVTB~qaB5Eb$OGl(kN^MRBtvt zer7Nb>=E=ssRM{L()sM@ehK|z1>R$Si@yoM`|#@2E{NQkYeq7X?p;FZhhh(?P=S6n zCD=dg;c08|JMN@7Tg04xBAhIq9qI>L#`D9F9?znc4c(13j@ec`V#eTxwNW|qsZcgZj~V!+eLI-V`w$gcBd_TjL(3}4YJ|`@Zu<<&TyIscItr-P zik-hJ>UvTgZD-UM3FCK1eTnnejj}srCUx5we0dBZrDYV__f(FY@O!gjgqsL0mr;kI z`?e+{O$w*72YXQN55n*sN;7Yia+ksb8kfeAi$+PmcV@5Pb>T0Ge-Qn0EW5p?k&3lZ z;T>TUXb&4Da&wYh&&yw1Cx|Vq=Qq+dq_dvxiQ+N zu$0h_3ER1FI(3sxb7c8b%)8V|QhZ;-2Plp91np+j8+mlmSgjqidW-gz(B?#R^l1f3 zqa7s*a}r!sh(6x$v~b;JF|H3TrDST8d10ZH%(7kBZ&Z}lc$UtyT@M}e=27Ni-t)Fc zqc{h?k2H#M>O|i_VlH&wNh2oN9Q|!!9_gQ{`bjGsJ@=>(Yy(wL3a6LUlT>d=&>w<5%|IZ+O z;?%{<#!vFap1WPBdx>#^`}2Fgo^~`;{J!A(aMoDqRTJj#`LeRyS>n_E<||D17UJdZ zCG+X|J$P2m(RY}MlZtT$Yf-FW?TBe7osKo3?T0%i9KIjU^3=|<6QJvn$n8Qq%I+ms zG{D%ANcgerC{zB$ca$l`!je}ldjjP$4k+el-#|JwtSO31PQYq0@+e@TDhPFN@Cnk5 zQIA=yK91HC_X}(2r}5aP*yk9H3QMOSQ-(yKQh%#xIIYN8S-(#HBbPNK&*E*Y^3Mz( zqa_NL$nOWSy+g&y4v&nw|3G1iah*8rf#5tiPZU1OwcPg^o5r@Q>SDrcwyW4`#ZpJf z%aK#XN0mpRQ}J?*zDLFHnc5M%mr>h#j`lr?gNyHb^0^ltr~Qr>%VS>nRJ4Ohx%k~j z*OJ#yO0@gvtMr&+@g;7zp6oZ%x$Ajz z95Xb{aeUcJBW^x$l-X#jqrm8+zw8bt8f`ne-3?rK;9G!Gof!=Z+! z6X@w9?;AUdw6t^ja-?_+ogqej_5Pue(yF4jj#aBrzsN1)*kejR$c;IZxr6LW#oy>8 zo>r^2GK))~^KE9v_B8X>Vs@A3$Z52<1{KnlJBeFNTjm>C!6TGpA*DKz*+!vsMte_y z<~!P$pgHKF?mZK-#ubwhvng5OnMVx%FXwr7$M=z(Kgu|8AoZCrs$Q$P(de8Vqs?rN zIt6{Lm`6Bk zq6M7sG>_i&Nv=99O{z{xhN3@n@ap>DK zwC`EtK(Y50=q)&APt@v)EQaf_W!friIXzC+MXlkDbCw?UrxX^;jFYcgakZ5pt^4M` zPi?ZZeCw%y>sszw=|uX8Z1K%J*D8}Nrn32sqcpYjn0jUu4IC@o%wjtsz2#S9nE4L) zl}7(WamG8}U8S&^IA-tH`^D-gz3j+(BiBlv%y)Tc)k}FT!^gjh(XopDA=|ukgD`k2 zR>6>#lik?hQ>&!Pxt_DPl49ZX^!)XN zGOPCrVl1aU)^n}+A^G{-O0m9Z)-?`WOzxKyt6h$-PA!f>hdDYg{aI1{{F5rTW~hT6j$wxSS^Ap2vEU?9 z(n`Orcjc!v)s@3mMMqu_n>UK=w6_t+2fC4b^j@@LZ_%6KWW=V}$%H+mNG*(FdMm`y z^xaZ4lj0PcH27Tntv=v=bLJ0`N8Wojg``ohRUfIP9knM%t8&h`${|Cp@`RITfTd?EK=QXxD&~u`g|xH^O^}{ESb8f91ida%hcR z-WIDV>9oktPWecNNE%wHXQF8>IcY`j6v8$FdxN1yMdflBArxDCpVWTx;`4i}Y?qu?v|1?Nc;wJJ{BKp8 zwWPO{GkMQh4fMu7t#NsuBdsrK?C@_L)!LNulQ*%2H19x-Ij!WbRHl)Gp4oV$J}3_b zql;F^^yCfXt+2LwR?C@2SnoGvYkXRhQ(K#FrMOLbYRy=CZ^TvJ8`8?CRWNJWE!1); zrO>Vq$+0FkZtTTzY}7JZW#3h+aZw%`qOew?B~>)usl?{bmEpch9cSjN{b?F8K%U-d;6u@U==N=6;bbFsNPpgIW=|+ z^$5@!soF%^gLDpyZ+tj~_R;#JdWrmO{Qg|Ek$T>AN~Ag%hnVb9|5QIRFF37#s{f0p zH2+lDBpDQ|6AtilPyNlLjC`TjLHV_WRsU5VSVq0qySVC&>gnQ3(MM1X5@nPs@}>?(#7~g z{-wGyAGPI<3L0HRS$of|q`0osAB`hUrQOA0k`W!Wo-}Cl7B%XcU!^3t*r+Noyt|xr3GkwQXb+O|9(}IE`Dc*eEL+zELZ6b zrNdixGUYHCZSuj!L-Wbg%s_S>Nn24wbXKb3ag%OSoMbUBt|o;15fxTFS*>PrQE_Vr zODxHgh7-yNXTB0350<0j?ArK)EsN6oADaGb1uqw%iZrDYuMcYMg} zPN_@JQ2UBjmY$a<891cY-IEqz(oZ_|1lKP#s+%Ts3TJ0Gre zn?SneNo4zbG@h)6GP|54Hoek&hT9lt5;j|UjnJcyLfJ7$Z*f(-sm;{WeQnjFC0YHB zitKa$MDG%|z9?<0)6v-b(bPMB6}9taeFOIuR_&>E70{rXHmQcL)ov6#g)l4V_u?(}l69nID^cPi@saruD>qR< zeN1DdB#!vnb|J_UT)Zl~x}R%n_k--4y>o2 z`*BvW)hCy8)M$~W?KKM67?mAQtp^!DXuLK}TRu~2C*yJT-PJ(+uiaBNZc zSO3U;D!oQj&~xJ%SzAPlTJEUTyk@I8zOKy2em(i>9mL`^-{X|0O1+ZQ(r%>hWA?nB zE7ih!qk5~g=b6M-dTNl407_ArD^3iyW~Vxgcda>(_RiXa zv<}e3Tvhkfda@OXnv$lnNSV)D(s7@qR_n^6y(FTo`dn5s8Y)+&lalp{TusN~n(iUK zH=QNRt(xbmM~b3lgXNPxu3D*eQbsq337+dWUxxR2OCR?&~Rooa^@*NptIUeM)t+eU5&tGh3cXCCwZ(W^2rnToqk3 zzS{l(FS$em`wD{ZHT8s19!g!*7Z=*MK`j1iN@epgQO#JeD1LvRNu5rfsC~7+ zOnqGKYW-XF*C?sEmHK?6qqIsXtwy1<>1Riwp*sfrS4K>pNy2N_h(^UEmdYbZ*N;!~ z8y0_0isY#EIgNQ1R~{M~BU&htX8Co*-HvU+bTZAF>fkNOA#c6bc%*$QDyinfx%=MK zoBe!Y3bO-+v3{wI(3w07_nuF^8TIi9xrX#M<2xapVmCnW{QA+3DHl&^@3xq~i?fuplS(JxtVaiQ& zUCpRZj_#WFSL-YbHm0>WdUZOkHXT(XllV8^LRFqa+exJ6bvw_c(zhk8MFrJSd?rtj7%7>vm3x+|I9I!2 zYe`p}xt{-Ob#EDwUZb?tt3*plC({Nr;;Ix%L9$GIBc4>PmO>w0i8C}BXwubZk0-MRNQWoS@TG5o3NeBl7Etkk}H~_h#PIzWHTl05>X4pkTB8- zwQpHpZK)@1y+2Aen3b%Tm?q!la%-g())TLpFdA{yZquow(NNS;9k-FLedj34|FXTy zu2V-jvLk@_KsGz|d07&dI?2*N*u&kbpyp}T<~Ea)_N8%5bkHcSmJ}@{)6_<0k=^Pn zKV~P_%uh2k$);?dJB2!^<&&(m)Dl16@?tHcQByL=ubs#Wrtx09Egr7tzw#58nwBal zruLNHnrl-t3T|`Mku(&&#L?nq<58v)7*K>suM~VA&tzC7hx!xV2HdZOK78}_jLT2@S z_i1TE#)+~~t2J#-sBcCoeNjUaQkKFMPG&a}M)q=z5RK@%dWX_F=%Ep%2`(&ky{?g2 zkiO4ibm*ZJ>q$xUQ5{4dqnaPRB{9>E($*Gda^49QluW!!IZj#&FG=%}EYKWLF~yy#f81$4-oB!G*?eqx zU$I$+W_%jaY_{y>Mz)PL=hSF!GoB78FPbRLO6r*}5%twEJu`h>)Ux@b#v!$)YH2g% zEpC;%P#Z5GH_zE+)L(t2&b5JmM?{O0<;Gc(XR^@dzFEjd(%e?f)kVzuq4&_K4P@ID z9~p<*`dNKcGq3%Ki`7E5V?%vhBd5JLMzu^bUr3RL!l<@c@58Lk#^kw4Oryed%IvN6 z#*H?jOKxgDC0QuDr!0MquKs@hqmdyurGy(hjsMkBny+-iKgvgKC+RPq%zn#GqxgwD zQU5l(NLDvqP2Q5(CR_E+hFtq}E>&$lX_}TKkMWHtqS9%nn&yJyO6eftZPCq2B}pKy z!=#yw;>JH3sU}ftwXAlwncOfPW;^;wcD+S>u_x`P^woyyab}OxXkjC@I8UvjnQ}Ab zvA&{~H%-#(VA2s}e^FZ5aalTr%B-|yi&Cp7hH4|Lu&hdIi<$7L>?*ced@4t+cA5QD zt2WY@*HVgl$}cI{0|(pNJEn3^T8!#x^pnhyoHGqrayDz15QQ{Ki#JU7_VYmL%vL(l z-*%k)8OB;dZ>RR6wQ85$<1cBZw(5gV^j{&&#%bfEc*^39^nN3o`)0=yd7O$?EyU@_ zn}ccIB_2pI=J_@HD(E4)N}u(5zG(`wGD*vnW?;S3Bxoo1q_b;O7JsRX{>@YBq2e@A zM(chWO(jRncDgrtEpw*ADNem9zf%PheHh zKDaB$wYcZJcK*&Fr2J-moLYRXYH3$#DdHH_y3lUL7n$#sI|}+8&OabEeS^q6+3#jF zX`yt*J=wM6Q_?|ovN`|ocNoO*qqF@+Hx%?n*RGb)J!Ut#bY_L0qs+6zBiJQU9(mBIe5LMdbiEw4|8xpR?eLTh<&S}Od)T%1Tl}7L?Y+`7 z?FRdWJKpR3+U1w8y&3WotY8PLr-*ip&1C=7QyeD+KV&a^8EHJ|yv)npUNZADFLgT@ zZCJ zB!_aAt|3dZ^d603D>>?2QqnjTM?Pw%yGi%zbW&<+6v{Mqt$nNa%2H+Xl_a`Q9rZAa zhn{<@kKeg`(j4`Fb2iU`A?R^b7X~)7XuATP@)!H+|GRknT<7siXc2qvi;%)%%=VuMmd~^>lyAmG1pq})oR6dtv0xvzU4S#EW3H1igxop4j+uZoA>*q zo`9oH;G1v7_Dg==g%j^RQZ$@)^IBOSCV!35(uVT=mM?ZSDn5$Dg75KuiDGo|`zuG^ z&3hmDX?IkyFS{vB@eyLP` z9|6x4-^HsQaxXG|v!(@u}wR7pI{ud zJ-g4*4^LpB9;)-wN@VM-5gVIkc~Ut+N_lF>y(XJ_FjFxAiKN4tQ49B`V`H6 zB^fj}`f;oJOpn?--oIeVYeL*EcJse=D%;eWjGs zY;c;vY6U^_PFpSXyVbNiIt^8{s-d+zzy4%4JXyqKEz7R%dw)fGS29O) zW7*!d9w@&8g_8Z-EXEnmwUTEZ2ibd?k=m?A);2$nmw$u38&~T(Hb0lGQgzY1)>iIB zPwn>6bF&f2uCF>L;X%>R{2PlW)Y|4>qFqaBaa&37-rom9dCj6l4L!?W zL-qbN z{4z#*v+_`BI(`JoX~kF)!1rC*mnF;8BgNnT8!57*+uD1x>m9Q7Y7dXrffUwOR@Hm_ z8>V%?lo0Y(vh_Gg09l~aYpj1ZXw zR;{w-HSYqmvot zM2+lIt-I*U57|4mUZd7C?>y1WORpA3E6HEIbJr+*Kwe*X`EPSRkY4rI|6RchyOwgA zg{s`Oo7zNsBQ%!i-1~!Qg`wWn%36Fqp=?|dFJ;GDvtMc*zk_xYN65>|)_=uC8g>0T zkc}u>7tOB28V}mqk>C5GHuUYLUe|}@kt7%Qh~}cHt;UF76++Llz7F#1wf(1l$ARq6 z@|w~dOcK&OQoLW6Us>PkWOjC)&U1zI5v?p5mwV4L^8hry$&O#PpD$}C)JP}&M9j4#aGB#->mR2T8$_tcdX5dGv+Azt&=ezmj7I;}|SZ8|DlDJ|Yij9H{> z?Wi3dErgVZoMf!6fNI7k{XuJ)rjv-Pl(&2>vgP!YkjChDLQa6vl4&6nu^mi`CmtMY zj@69F%aES(2CoC6lXlliCn_cXHOMXbY-n6ipHV4VcqTnL3C(g#sP%Jsa}K4irBY6* zRXR~iJ3dwsx|aOBM}T&_sqsQ;+Ol4BZMO%rV-WG|(X#K;iVd<{A& zRc;%Im-183-Qyxp9??NLX&qdv@A^S z`OHX8<-_@rpV;0M+sz@W+HQdDj&`uSW1P~eV#=x zEIuE9jy9PHm#igaX$AQ!3}17arS$0i!VdDCK`pexs-r9$I!=v_dqqdRSw{Ewi;f3G z$GOq*py;@Nbd+zZ!dFMf+0k)nbgYYxk{SxPGCJzrFuGnH9UG(LKGE?l(NS+sQMms{ z?_Z40uXDYBM#qiOQ7gi_mVHP^Y5Y2NMo0Oz=vs1CN9mV3>Mhqg#-ro*=(r;~9uwO0 z^}M}Q;ocD)H^t0v&p1gOqcKjpnYeid5>V1Zvd8wZ$QRT4xaSu2aP8mC-StvS9}`z) z7(*p5?CW`c_UCh1#f;cOiTkwk)wE)1oZ63O`Q%#Xci$aSo!=&cTjt2&%Meo zYT0_VdDtno^f&u1=<7nWeaTApbGSLp7wkuSUt6u?egD2TSw*~tICKs3U_#3KU)BlD zJ-AY7D;Dv(We%>uzaw0-2f+*Cdhhe35zE4eJJR$j^Mo@F zm#j0Jm~oi$REufPmmg1+ulk!tY>kZh-)J;_(`;GVNv@ef8@WhlGmcaopNsF?(m^#Q zmeESK$4T=Bn*-ZuU|gL4#u9mAdV9U7X1l*_ytj94XcU*s&~Dphz~@)Oc?e~!SE%nu zXO=Ht)|XYgzj8G{uYtW z3(%*;GhiFw3)8`j*)s<|)IVb%{pS*{v#@){f?ywTDoBD8OM;*k{2V+14&vkC$APQB zwcy*}y8!YAW#B+?FgO{U1~!5g@G)>PxD(t3eg~cg2bTxIq2NsLPVi-LGq?xb3qDy9 z1XqK*z;{9YxFA>swuASBYrxmR55P~r@4z3xxXK`y3Z{d-zu957udm@z*4Xgw1BI?wcv5^Bsg#)d4R>>IItUB0X`3I01tp) zgQ`hEum_kA4g=NTD6j&&8N3s`3!DvhgB!r@VE?Khm;-vid%-ure}iR{gJ30S23x^3 z;EUit!FRzg!E@loDM4@tcnCZSVtn;|CU_l~3)X=3U<=p^`oX)w#o$U%J`KJAXMmmH zGH^Y32~3+F1nr;`{22TeykSNVECJsJKL8Jd$3Xc^XaJ^wS>TPJ4r~Ce;N9Tk;7i~p z@F;j3ymgNt*aZF+oDV(&J_~LIcY~5WgP;N|2FHO@!08|jdO;u91wH`I2cHIC05yA2 z2G9;V!Mnh@;B(*$;0Ew@@H_AnSpB*nXaN5L-U~|if!Dw};Dg{2a0U1!cm(XdFKq{o z0>^b>;UftyTNVXzrp?B=io8$G$=a)+JldPOTgpcd2rN`^c!$I zr~@AZmw+#UJHa==x52`r;4g3{I0w8Jd<1+Hd=gv@z5u=tehTh78eReAi=ic01da#w zpaHB0r-C@x3OYd={0F!Jd>won%s2)*fYZR+z%Fn$_yzbim~bqz4$K0x!O7q>Q2R#s z9b5rE4eka%0Z)KGf|o$War9fTH+VbP1-=Tt4hF!K<7o#l2OJC*fUms?nt<^qKu<6S z91NC&HQ*!Q<2qjg4Zt|;SFhnU8ob5>|7<)kF3|5p@Mf?Dbb^KwuE90q8K=OF6VXk; zqu@6{`m3-f*b5vD7K0>6gAao9z*XRC@K6=99E_VxSg;$M4{n`?90PamfxH5r-;=Qu z9EFZ`G&mHULAW}?pEu+4dBfYp5Qoz@wx%L8PqXm z3vXb|tpOj5pz&AO6YK?E1hF?D=fOMJV3H8Zh9Or`WjSB__W(II&ks14`Jd@o&j{VW*%Nwx;$R8uaHwt89 zlXdu5=Fw((kiFno>>+vslB`Rz_SzdbYz5iAA}tF+i%Ve@bMOoy?H$X~SY$zVM}r)O=UG>Zk($6OoJ@g>srzGVPpSz37TJt3<_9z$l6*)?k&aMym$~ zqpTiK6opfbERR^JCzg+A(Q00tc214uRP&;uDVUiGQgimpJp(W`0uoFtgjWPg^#{O1OfnE#xTP?(`f zR8ytgWSHX&{w$eWpPhEjra!xq-1@ANQIL_6sSYaglbSM^Qbdy{pBhZ+$)}W*LKI4> z8j9tWYzp(N=w~H+&y&;6dH#7*Df39=W(&6&O2vbyW^V?W$DNm&aaLPa5Qnt0yV?%V)10QwEdRF-1wdGWNP| z#vo5zH$%z1a`x)qb1y?xWC1?J zT~IeSsK2v+)N=og1E|OY17pd=5%3DUjq$rLu4DNDq77erfL~2;slWcPuK5J2JJtk`ME55}*PokY@#aL=r_Z+Qxlz1(4z%l|qU(yecKzWf zJPV#nl>Wz~>wONj>**&1ORha@VK9@Uo^Ob*PmiuIch@z+mC^O>OD+7J92LI5PS-WT zyEy84=Y;{kn&635c70QH{n&}o^NZ~H?vw2LqTRY)7<_BBUH>4uzCDWfV03@O+F(hH zaGN;lv!h+^x+XY%U9dzSX?-h4rSn}EZ((rjsdgQlXX)2$2$p~qvLf^x=%#m-?Y`j zZ{|3jcqJ~Mg~5%{b+RK^GLie|aMbgwqjvdOr{%XhW${n!3YJvy{8El`VEdfAt_hmD z?fJ7D^*oHyzc6jrbE0}(ozZno@S`3J|NdTk{vbzvAn?iPdTtc|$Ap{4{drOR1w5B4 z+sYjl|D7C_U%JoAb1p}v|IWAD^DlAK^BSMtPP=|nbiLr6cKt+@es#aaUwM|r-}9r^ z9ygt9*H3bsLHd(je_a?%jgDb-oEP=u%J&3I_8{Lq|Hb0Xa_KA#)<)sd(fx+#`u^y8 zeH1?+zT<=FXz6J5J%TbPGato8= zX_62}l1>TJrCfbwY7{p*^y}D&+ojy$wDAQ;3(I|CMOle{1#_>(K}?S4IdO7x8l}WI z4!F{lm&8h9m1UK3w_@Q$|FXY+otiV@77W|wn3mz5;%efVQ?n8CTM1PF567=?&+;KDdoLayP5rhvoM`T5(x$_SD4+ z82u`prs<+`=QnwI`!KH^$3}rGDsCNjJ+J@j5B5KTv6*f7tweksSQ?Hk1q&q&ENgnP zduE*YQfy#gdURtRPWW1Akt=1$@`^caXO~mtJgP+&Z7Gn`rra+ZT+a~y=t|puT6wO; z7yA`kY$^84mofKv{G2&&nlOHR$nUuJWLIxb*wfdQIDXE`Rm+yuubmSnTf=3k zmfp@pvWHj$18bKab*eg{o>coM)yDcu`h!WkF8l3{l|ihjKOSsad@(8!LUiYqhweD* zY`m`C8+5HKIr@&5(7{V5_|9P&>%U4;^26`^@Z;6{PCfr4m3TM(>2u4tS3cyPy5wBI z;;-vwQl~Ya>{3{;8%RuE2+*2?ivbJ1yu}F*HE2`%)x$*v9hHWTOG7&zJEPL&%dLXP{V9+r zqAA|VnfBzCu%|5%T5gSrmfm!GPhZ%O>S%B23)iGtdpp=FKok{EMN@T~+IzUGjFk{S z)nAwTg+RBD0*dse=vwC!z{ZAE%Qmh!dDXJP8rO1nEqFUKzN7JUU&>Inj5^k^r>TZ( zee?7%?&;s4l*Mqw2eoqj;f-quP2C zN3~lA$H^Rba1>AVbA-;pdpL?$Y*@+i#LH-}Pz^;gEVs8Ob*_AtrFyr7YubBS+7cZI zjBFV0D~#&0HkIy-voWPu9JTWiivkx%?%4VB!*}%03M%K5$C7sid+$2?p&ci^_|!oQD8rKe zppv}W`gaDEyDtCjj$L;=vt!pIFYH+SAl@1;9sISXO%*2)XR69Zxk?CooXUlKT71&L zy~pS|^_Yv?TFmp-J}Mob=M<(#&h=qCckSCp9VYF1=mq3wuqh{AL;pLd6Y&;b5*)Yq zR@LYAy(;hGIM=TH-|HK({QC_lKi5is9RpPl*4U7~yBMyo;rtlRrS#YE9)I0^182IU zUBx>X$mIX8J+V?JH7xcaZMA#1no#=Fp0w9~{}>c_{EFM)fbnJc`cI|X@{3JFFu5hG z@@0}sXEdMD{AA;kjl=6RzKl`ulXypAuMpNOu`p*259;m=3`mOFuh6-F{x*N&j`I=o zf_}x0GcAbwKM6@N7jeEjw41p{Nv3ade-_7IaipR_O;otAeV_deF$}Pu<0d~H>9s*R zx*qHC?RVSg^bU^tjpew2a0mPlpL6n`@!#w_;QG_VpINCC@_(KVzC8I)M=!6^)o;<) z?C8_;$D!%^>!#Tl7T=qV=i~dM!aYAR+fF{-&~!zgk$%U~&TTxnJUaS#g^oUbpPtI` zGloiEo~d`R4}kRk_$^C!XgVX6VJ!DjlwaC{|ILRkYQKl?e)b046F+U5mgT=QZi45i z(?;S+i}?HanO519?#=Y%tCZpL-egNpdny_42;)gK|3s#JOEPTiO0=|ZZf}X}QPt`= z(N6AajrX9R_HL;T7u75PH4DS$zOc1Zs!UbY!s;4Sp=Vfy8jtbhPnune7_GAZj94x!CY)-Vrx3!aF zRK&W*#x)z88aCD?(mgBEsot(r66yBMeS>K(2)DPjx3q;&1Fb&Iyow~1P*=LWGoJ1X z=Xa$tnfB)BZi*bKQACWKD7~3Pt0)fn66t87pgG(2csfxXswzGb6{>Amr3_mWo7%T~EA zmCTSzOV3~#lzY4*lL|AvU0tbkPonjWB%BGUMc5KghKYElofXpb z#tEs8j?{KdiCWt;ExiyYm0S?Utz?<7lgbb^PSVYpM31jUA^L~&x3~ASr8I9A(QQVR zNWvm5u8N0Lhj7ZG>V=MmqqSzl*Phg2GxcbRcTk?LL|SZ@346Au!k&0$YoYV`{uq#P^KKRenhMAr?c|zbU&0R@d zkgj+}tVS@`H52L1_9T*k(D5EpO+ZZ;Fdn8;DbiD-bcVQ{4YK++b%OSIGjnJ0Y%-yu z(`43OgO#dHwzLtuPIV45CU(f1C~7PbHjy^w_SIjuG!te^xV^ojLrj!O#M8{EU?Pp?HCh#2z$l}r!5iHqsBGcR9DmMa|;9*}{t9Ba0<0=AZ9u6r5f_N2<#ea1uFynx<{kA&}J#u@r~uQD;ok5D5n;6A=VbG7RX^@TP>N zBB4hpgp(g7xM)soLnK#KO_Ee8BvI;MZgr|mU$Q5@qw4>+clNPaU3DD4Ps>xeZjs7Zf?WPXxx@8Mu@USNop1xM#-kh zWbQ2@+mgK)hzS{cVS}wwVLEUqgHk`=-+Auy+zY*?QFKe-dGbBaIrp4^{O#7P~kFCbwNg|E}GGlJ0;bWJI9{DT`X1I zn7*NL+42T|hJ?`!S-NXc#*EpTOj|{1s4&;Rsk*Ut$roEv%j(nB&1rvzGkU46&fd)W z-t66+Q>>-2x@mb`x}_oA=toXyG$|~fUs_t#y~@TOo#CNbSDG>CnJ2~Doyi1h&z~h3 zH2sJ=OgB{csXC_$c|J#AB7TRuJc!$h)^(@ZNGB&N<-L2NC>Tdl; zRyU$g^l-9SPB$9^=J-HFa?iXnZyIPmQyhWbQ3Y7xwdgRX|I6Alt(d58Kf}$_f1oQ@ zp6~x;`Z?5R){+*2EY3<~+T4X)&&Fvx^${pwMu;1i&9nyT;4!4_R296?uWro-pAJE$ zzqNA(>OHHNWtN<+`)WocFz!_kC3~?AbnfUwsE1;gFx~$gqK0{BAPFT~KHK^8X zK?lvK(w%{SI&)%MThBN=!>ek{+9kEAs&w`2a_e4*I@YbCB}b=UmSg9YDm%?czh4qC zagIPO%`LFRE&Y`h{c|h&ulkmit?pdW)uu;1xBL{wq%H$r0e6A#0L`+V4h~<=j9D;g zD*vRxG%#}-|8hVl=mML;!$32kUj&z5!RiE{3M>MjW>9nrr~t#^zdVt|Kf*chg%got z@5bgtibWEC4WAQVb>y7*#9+9#_{11*H1gO7!&OJ_AilQTDTVR}<`w1miS}E%8+XyE zjCCgx4AJV?oMFav7#2@hzC4(`1bPa zocP2T&xsU^B>t0oi?3jeHyWuRa!$C}6gS%Qjx6c;Lau{GcRLQheCmABbvm@I1xvw- zxvVAtZUeW2d%(S*kXN>vd4C0%4ywTt@H}_{{FE7sTfxKN5%BD_Zsz<^eoviv_sHOz zukPFX;&Z#6-1(aw+aDa*`jdfy`+v0QzJYtUe*e37ZM^N4^?lu4?b#Mc7A-hEGLkG> zXkintE0aZO3s+jW%EIe-i&8K5gOa7BX1l6&J9Z*?y8jfKnaN@0SB9aqd zTl_hZoDU=sX^{9t_^D05n;k&jd0lNfo?p}bfqghf|4X(4`b>jH4}tAK?vL+-ug&8< zD0l??8tewofT^EHpM!wl~~-)7;n7M`)N(lk=H zg?C%H+d`+Wj#~U3g{GyFMQ0HFWYH(ljNX-!%l|jshr>j;Kob!Y9!bP2#&|stpObCs zLcAt|K4735)Hj@bzU1)GeaQX~kk23DTd@gUu$fhlevB>O!vBW{nBD*)eZTm`dtvs7 zPed$3e6dK*7%zGxd00U7SD@{iKs1(P@gA@b1oW13t{iHMH$iJ4 z`pYq0&ghSVCxG}tPSSFqmGkSDK^qW{$hr6-umgx+4DqO2p z$sSo=obbkH<6ik>@3I|#ywcxsV8LiJR&Ir;ddZonNK~kbOWI3r9@#ar>ym9HJN?bc zvcl8qb%b*%H>c!gZyZiu?vt24kusFZe+ux`UwDVo{>QzxhK9;YUkOSDb$bWM!>Kak zeI4gX?Np$>2(<2IuQ@QgJxB8{nQL&w)Or|hADv*0%4^LVrBroa{KT|C8S8@t?G-q< zvO5;-tk%|At@8HKnx}GSl{>84Q`~0_Wvx}>_SGoosMZ$oIVJ~ltwydDN!%LQZVw~3 zPed!ZDHKeTS4C_c=WAtPx!BIPvnx11*hN+j>nahYeQ=j4)~ub0hoM%9b-Pddb`PJs z=z$bN>(LIEnrvxbCru5=OIW}YZM1N(lZn;{QEO|(X2%y%In?=1CY7&vo=3EAun(8C z8)wL!TI<}4mX2Gr4sHJG;s?3#%L!l3_|5@azv4@GuhHYW6Vjt;~N^kc1 zs&}+2%4_XH^js@J5+$u#{Un`ra8Gfp3D@-&lP5{F^3~pwYSGZgBT6geOM=6kBN_+t zDLMY8ae-UQC^)V)!n>(O`lJI|iKBezCVo-<8Lu2);o0oFbZ&k<8mNx%Y;~neUDj&fP3JG^HcWS*)xkSi9o$(r=LPFl3_p7shqRhBpmt7gB5Vfk+elsg z@TQM0abC0^ex33`(qCGpj{b*_Z*ib=ma&t|Vl+<`y@>{LtFv0DkJ$Ppds@@k>YXgBm4nC&cfal~R9)3nRd=f~ zo3V{C#x^Fl@rv<|0Vhu4nMuCMe4i5RKawxwNo*YB`12$lCts48NhZm}8F0YN@0@$z zt5>ZhPGadn-}maCyPSK@x#ygF?tM=!ZC{h^2e%(=;htPUOV?YD>#ywjnGxCB_%HK^ znWcdU|IfY1%J84G^llD;1=8~R>sBTRwDey7+ASYgOYg>#!ZMU^x+r-+(lE8Av#$pVv=PO9@mn+3x*NG~=5M}1TY<&dEs}fSbw73k zT9Ti4D5_Rx!=vL-xMQ|l9BzR0DR_irR06BFUCx)x{(}cDX)a^sg5XY%^>u?^IvM`2 z&pCOdE!xO&rIGQSTjr%q|LZ?`{eNU$$?VSVY3a|ts+>+k4W|+E0?B5zW^ma&o{cR0 zvg^)vSrR-R|N1%Z7mFA@a!?t0(i${rY|!VH-s)E4SRgt5ow~HF%S}Uq;Neu6a^N!!jNyN&|?6{R@y zNIL&k+I?rOBC9?wJ#vNIAXzZGof-Ap%=ACtd8g@x>$K(I#mpn*-YWx{Dl@%_KAlS) zbmpk6&g_w`NLfmT7EgKTQrVDsm&a1&(5_V`=`R$jx-yP5T`%hduolE_FufN~r@6Y@D4_*7+SGjvn#kB{2+O^+#^Zfl4 zchCQ^gXjOu{ht4vyDvQ8?u*{z;ETTM+B+}f?&tr&-Iu)T?ic>PyI*{zyD$5OtGCRz zyS(mxFMq(bd+DR@zM|XVy|TyOKkV*EkE8QHD%MC?c77ng%+tmC+#ASqJP#(iTTMk) z0`fmf{_i#NGdKC?55u!#l10%6@_C+1sr;Wb>cSu71bgr?<5AKkd~*36n6AD?dHB@G z|F1k}sEaOc|3M?aL)+B+FN<_6O66<6+84NW?rPxHxjU8rQD2w2-TC=c{tx{#cy>SS z%Y2&WxQymMlgj^ z&mMo|+u;e_7Qf81wu7EH54Xp7ME-gITkTF~AYbMA?;80__W1J9f638CK64;xe_4tS z%!MSM`H;|ux!|6W2f5Sal?St~l6fR}(fLA}#f7d!X7r*h3YCGcvfnO27eZIPat7D> z7dVim^d#tPs^8Jlb?2nsRTrHq*GDT$AI$FLX@v-M_$E*1i-hkr=n0V(@6Gg40}GnH zV_&&e92>8P+p5Fk#d;Q7J5>o2mF_!pdk^r=g$Ic_$!ttmYT^o*7!fI3)v6gD}LV2W69U1INP*qHa3bo=e z-HcWXwR&~R4TjF+jzNBCs#vOr71#1$xUEzQhpV%b^~zYaFgZ@`(W&xqy;vz1O2ztY zNDWY_MzvZr5*BLVjw447gp;MIF>srxj7*iH+MvsvD3l9hki+GMmC2}D&~|F!Xr&q! z%Cq5cp;U^hgW>+dECU(|Yf9wdC@d9+s)cHiy5SVmupw_dv=6N7QFXL144_^Khbr~) zusAVUij4M3^Qh{nJ{lF2Z?&*L8XOx8j~v-QK#!2B5>6D3DQzQb8d6y6sg_~DtYJ7@ znV5hq!!V>a*b|GzFas#o>b01Kqm@#rGE*#%(ePc2i&~SFGQv>1rpIWb-5%I^B!mSM z(M+X!tTDVy=!!IxujjPn=(#DH9UfOH*ftCikhICkQgPU*+H)ito~pv3BM>pFh9iXt z?33JWV=A9M^VWLNc$v_-=g8FLWTje%2Zu_9I{cZa_1rdIEJa~F?iqMpsTN@~Oq&g7 z=&Bx-jSo>+m@X7cg&~SVFyqUC!tlW(;nhZT_k8=Bu#RSU1j-kX!$PUSI~za<`c;sm zab&DE84VXlkv=%)>kooUI9aIHi^Ef;LY3xd>hPf*X|Ygoq4;>X@6e7l;SA!7h}3jG zHRI^fqshAU20=>UWTjRs>LBQ|FfsxwL8t~dN0hz&6P21GH!?LbF*`5^c_-7p)iuni zdOVzPvRZ_0b(Ll>dQ9u7a;bPMD$Nd}KoD@9L$@mGm652_v#r5Z1h`lpE=?H*j(fE= zHcz4|4^E^jrP_c=b6u5DlfoIAMcT^86#v2)f>WzI_LNRLtCmO>xD>Sf5F(^{Kxfct@ql^7`gjF8DwoRZcYl6$+S%;mYJ}tc(mB$2f=$C#M>Ns6}Y` zQLm~Y+fg+yMTSzYgtc+hEdvFPA)!%~qe(hYr7;xMXCkJ03X7Twuqq(6O2y%#G1|>o zh7cYshfIDZd{Y%S>vaZI7{# zAk+@50XPy(MkHWLWi>0<1r%Va?---2b;cl)ezYdY69p;^qkBxWtA#QR+ptv$q$Z-9 zsdJRTF-NGJ&Q+ch-xhNvFy+)!c|FL&E`C z*)%+g(01Hpvtc%40;g~g)Rka%C0O84sDWU9(tyq#CQ&o)Dgblylmx0O(W2FGx@gMq zTC2MaN~oSXv~K5q1*;5(^#--zD)efIyOU6xUM6Z0YOqqT3|C5tIMJ9HZIo8k|tK8;ZAK0Y%e=(o~`Yx9!+p zi(4xU-#rE0WA$i^Ks>4u2=-4G3r&nn+w_5+!;#69@4`7><`^*m6-8V@RZKNpC_}3! znWZNShs}THc=7Hj2r)~YiM6-Y;q@ITBEbj&-cg--ZW33mOpT$ts8F0n z4UdtDRYvx!_0)t!j+DO<+8)HvorO?6Jku^ih2djkGy};}Q*n(dcqYmN$h)ED9jaM# z5PU=GwK)%=SXOTt?O;f%3#)1(twrK#qwMiBpvj?8N5w@tYGDJ|@1}fAxq*LM)-S)HJE;9;*9XG->|_L~jk5Y|>1bgBUw!T2NFCim znTF7aEDG?c8^}{$7e+@sI&%!Ub4|1w@{B#1DjzGWqGzt1Vt_g)oNgKHQCE3i?9|&F zu`DR875!Smc^Aw=Sm$gwJXNn{FuW~tro5qxw4Sz_^6?A9_;%(~d4!VXQ@FP>!@3Rc zvZ5xT2@%(@E&yyPWe91*F@wXA*>Yh*i3^`hQz4;Kh=UWk#7B06z`|mG%gl8aR`)n< zP%lovu%jxlP7-6$M3&Vs!{2H&23Ht4Blgr_d56PpE$9?rmKH|VoC2s#Vl|JM461u& zBfx+%KS$IdNf3h{lto*Y&|2_3<(}w(%~z^11#d8+kLA-3Uz<_a-46-d=v+YS&0I?g zFlkgTIf7AQ$W7&V!G=Q+Rnb`(o!SKAjH0QI)CO3|skp|~(jBSe%gPZS9ZjtZ6S!`k z1p015Jx+BN)Gya!h_WhLTXW)MmQ?(3I?z7VC}D}t;#isrB^*9;S_(}ZF!PGLStu7r zBV85t>)Mt8LRqPnav$(K<3%k_U43|vvB2kKl`z6&8&gLJB|c)yTXcUSVQ55MvFRED zfmIcN9)d}#ZmZZ-25ZXQW1&qOuOXcJi)zznncPF_#<`w!aPexgW{VKiG?bn-Vk;>8f~8P73XODhK7W1p4_lq@xgQQ>oA*Jv65`Ef@T4~t3f1lEPWhA z`GEl%FHF)7jH!k=oy{>4A7a99i%O$j#@%AaG`U~PBp4~p%^NW`tLN#~(zwnrGS*ME z$^`00moezV*hgfkQ;SBY$Y40}AiO14_ez^akt>@K5$DxgS?wxDpg|_5r5mgMxJ6x2 zCF@O<&p6D{Xv6zjsy2(Gqt2(Xxnh1#qsAJo;=~VyX3BykFtXTCq)z6`mGWAO+Ncsw zPIU{Ctd43t5o~~}M+%M+DE{eGyicdMpCCm%yQ7Tz+vS3;fK+t9!$KmOQDL>{1g5nH z4dPHDvtS4ocD1=aba5s5(AgLkp!Y-mc;Bh4&0 z3?-$7Ut?2q0{2-h3?6|hc9ofCe5w)NHf|*A@H7Uh-E4W7AfmQev8@qMG{RYHbTQ^u z)ij+9WR@1A>PP|SSQ&FSWFYifS5UpngAC>c@D(F$T74?Q*Pq)3BG z1bYgIm^qshkuKnhwFx&hrmAHfCcZxg59xsy=%Wec^Uy4odNAA-&m|3lr0DKAsyIy+ zBMlfJsWxx1R8_*y!xq4sDNsuVqB21rCdsaJOsNTDwA#fP99*Thvoh*u#SZblH}67A zM>f;w$p~0hTy)sT+ng{t6J$Km8rq`urNi-~a~xoGKUFd&j}#H@df2ZO2SQyE60eU~ zL8`!4)oA-5SwekQJvo5`o>9&6lM+0mm__Jj)q>-YAcIn zNC5>$A{24rsG7K^L=I;Vra33c)3Q(+(^%{HgiaClA>+Uajo}qC)@GV%F{dDLGh#)e zF1zjHOt4*p(nE}hvEh5Mx8nRtXOs|V+-&eR!%P$npJIxT2q>W|tw-H$@X?19;#3+( z#i)~^K7;b6ir~R>aMT}~squE_->N4$s;hRN>*So=esyPuA`}(0LlX=U?o_|CSU2Yq zMrn92nXWeD;z3&2OV^Wzw5n<+ue9Sp+84beuT z<5=IFx=0}WrWS=f3ZxAiBJI{6{YelW(Nb^Lh2#g625N7y{e$6l4Y9|_F;Ep5gdmQ% zJE2n9q;l*&8okxVA$Tc1I)vB6>Pa0Ys8V#hem0Mi9hPb|U2zLUr>95#wo+n(yvj;3 z6*=&;96Z!G8$C?PVguA368IQR<6}`K1*GR|%*EK@u^x+XDBf>SYoTMEs_Fu)l5WuS zvN~5FUBjzZ$#TNyF>^{h4vINf%9-zYs|UA!9IK;L#@M-DybEdjW~z_9!>NkLZwiF_ zM$=4T2L+vg{dUWe#MtZFv`|{h3Wyc0cZ=KxsEK^I!vfJ!b-*bb)wt@ws8pFmC6PKK zZ6R4_`>lf%GvamnNutM~6blQ`(hbx%lNpPXYJg;_IbYb1Ezw?cG_;SSB++E|vFsr(L3jAU^V6Kw*RlLikTvo;^+2iO)CUf=g@g?Uge8uJH5?uD!p(bk@oA-q-!{U7LpiAL+22@nftv9bFR308 zdDW`6-3vk4Q&cPCca}M8TVde3qyc9=Fo1_}1`_n&TtN+B0Mttu93W~_EfYPvwHE0r z5_JJj{dhnEH^fEP7;el0i@C+?S?B))J?7fc?opHkI}QI+MLg9_u1;xi%Bbus_804_ zk|R_%aSysyVy?AqIU7^#gG?Z&sw5#us!Nxl&bR3rwggifDS9%bti8sJb;np5Cnyp} z1DQ0kcv7hLWdDHmrn5Aupc!kW5*zVwhpr(RQ7yLxV{Z9u?8NyXnYs%aFko24GG1W4 zIHqQt%`kU*MCTDcti=?Vt_6I<19*$+K@h9;tcBQ08@FX?UNF@YQwTI6I->4YE@*F~ zhl=5-&SSsR0Sl}tZQ0AM5tTqvUnv}~RE{B)1bowV+rCcVM>nFJ9 zM3Yc>&kEdhE-@xtUiCv+O8MvsvaHk1TtmM?Hg^|6L%1g(!r^FbG8k{XPE8Z*!(q|r zH?fEbby8g;Z1}`=i^V_&0s}a^tXS0uqmt448aq{d277iLXK#|hI`cUP1Ha@<6o?&K zB3>S!3yJ|#HJh^Z<*8+|?fexLOsL_GAYq8z8htln3-T_3uA0* zwZb0%Ngjnqy@^Ay&oUF~Sp}VWs*@Q!ZO11{l-KN;&6t7XJpgxZ|7NUR(|KkNtG`Iz zzkJy#=jN)e(oT2Y`lz+b#x!K!3IL&gA%OZ|R->b1l`l^b8@8kaG53 zMFYZWI z$_?9Wxy}47I9S(hN){%%b>`-r?wF2*->!`pC%)5Y!Fes#V-pDulC{f70CJ!x!3I)0 z>d(=_zvAy1jwils6_Z4dNrLuX1{5EcY|z?~;Atzo-cm<`&+#0S;IllBQai&z(C2y9 zL$G=%RP*&R(gYhh@VJ*s8{5L0QLE~;rPQrys?-sM*jdBo`B@GbkZDy5M>H748tI6g zGQ*G5H6-dm=Rq zPhT@t;hYK)oog=qiykyrM^`;sL(%m9xYJgXtjuEkr>N%@j^6{uj_Vo*^%0NObXt+c zJWGBfViTWlB5U-{hhS5VC*{^;gU_4SKEO*oMA)t4+X|xZX#47~buu$u$O0w#X@TKQOy!&jff*wd9xDq+1YR=X~ z)3Mn2;A<0^9`ZV8khgG@Jo?59mp(qgI~)23n*ElUB&v-vj~F2>@40*e;vrar_l4-bzVebauC-Pda?A`7mQ zuNrTb%1#LshE%Q3@dn?_y$a`7p65^T_hJ4XXP@$t5s-?@vue*4Jy1 zmIT)B>p6++l~!p@U|j~=;5pSsA8ig7+S#mq!Npc9#gorOjYj>5{Gl)?=_XX*bvc-gxSEF#6NCssh<09R>?{ zC#xr^H_z&INT-MON^epxZ}mE*%fsf$yaeXP&?VglYvp~YylP*5<#@L7NsqxYjIb|( z^?6vYZ*#uPPjGSL>y~*Qwm=rlf%QnE06s(yKYh;awT?%#!khBIp*UH)ib^+3qh7HP~hphy=d47DCSbyteT>_iS zhxM}lBt9(geAplxtR7_;mFI)O+GL|_Okfv*iP6*7+a#M(ux37Nmdzfv5t&cEk1}$JEMpeLG;5Qs zvNeG%1k?5emc{qkmV#Z9f(5c&wtLuCor~C#xXnOz$c_ZIP%cgJHo$uCOu<$()!QYz zQm~axu-&pd1zXhw+ar5Yu*;fYd^5nqZUB>h>{rQYwv<@Nn@{4y zV&g+b-Xd?YdX#}?Yw=mY1r7)p-ywG-ux37F4#L8@K-01zV-o!~0T!9Ft=y*kw(yl9W7bl-a%~HNHS5WFiIIn}RKovXpZ#sh7@poj=$s z=iAr=!Yq~6EsTmX9)_prVUsdB2ZpEUVRy^jb6|Li9#)m=92nko0jQ0FlK{?&B)9g7+m+T<8pis461n8tjx}VElFVa$USpl7kJnr zdAqzlq4fZC%`mg6X}-q2abs^2i)me*$~2ymt<4Ab~w9kIsRuPGIko z_sxM_?qOZ>m^_xOx#IQMg&xoM%li}9pkI%{T^qv(@6IV2{h=u1$WgH&|Ad87w0ok`L+H7kin*`svzm5Qu(zBj5`UzwFn(A8Np?-V(m` z@PyUtq@G)Et^=Z9fN14=2_N?Lo@l_V-h93?@e!*>90|>-{pqS$zva=vw;?|2>wP2z z#!t$VR*%?#Z&TOkPXg=WTM!@f^`1<@zF@d~Tt2NZX#OOtY+L(!K4j$+@>D`I zU2SHd4w6mjKt3s-Noc*%>TMPz8(61&N}g6+_|*zF+U7={KLso&pO(*hT%K;gtX@W* zlFu0~ZSpiVeLWBRjC|h1p71cG=f@3~r{xQN3{T7%gNC)g=$v#_%P1)_C+3BPTA#e=18~ zvNpdg&-r@KHeiOQe#hbYq|Gau+SJhQR}Ggw__xJi%6Goxz!;uoH{@hKJZt?uC%;N* z#Z$k36Z7aPgFP=_Qy4z}uQd2TgCCHO7)Hj`z1xoLeXM82pGfA@fAiuWN%yD!mh_Xq z)7RfB&yjY@Go(x8i@(!1&?3*j(A9sDe2jFNeEx;5feYlbFZA?ZC|`Nu>)(4!_P_A; zmmZThe{)^`Jo)f9*9~;bXa491FP<;UNtej_Z-4#wzc259G4s;5A4}_xe*3S#C7<~5$}QiM=*M6Bv+v7eKmHHj{gGV%PvvW_lE;Hq+6;nQ z7)@{HmTi3gA-g8X$$PT5kUo-~CVg-AlcbMkPmsQ^RiTwug-*6A^zK%LR$CQXYyAt- zdRr&yRNFez>9(V!Gi|e^$J?GFoo#!8^q%%L!4|o<{gz;#+}A!GY?k}mKN(yh544{k zeX#v6NZ--XN%~O7I?{J`93_2M$1Lf)d%7-PC?CxS_#`Vx7s_R%i=>})u?mLNS} zF3$(S#j=icy@aF(WiRO=*_RJ8JLF>0TV+{3Xn9%I7BB@FPm8>he_AV5z-BE zlysxq+Sf9Fy}YTf1^jRCYr|jNK{_Zm^>wnU+)8?>Z0qaHtdKiMSIS%a7DLawNEgd7 z(u-xBbeRU&gvT_*beIkQ(r`d*{QTS%{#0_im})c0D;2Kgn@tK@B@TjWmC zopPw}XJ9)zKbN^o4z7G6TqQj_y4SCeFO&Am6Z@}u`W9&${mp1h-ah^te>ouw#((RN z{zRm>qcS3WcYXDH1>-t*j#D$;V#fBfz@ zWZ`|=DWALVE8qEJ{7A_?Dp%W#T!_}q?AW{QFfr^ca?tXa({@Mn?F%q^(^*aG^1Iz# z^IFLJsX{wk9#Lsu4jaT*iMsfuCeqcljU?ZPpyl+!TJ@?nX)32*#YxI7rjNe{PJ2n- za`Jvi9$%|T@)Yl%p}pK!?NkftrEtqj$~l}HxM<8PbtUBz{N_9Sbi9g-wwJ~wDR;gr zN6Sc$D;MLZbkTl)M#^TI^`SdF{NkeJ&PE^0EuXkOJF5C+y?FnE`dW^-n$;i`Rzp@U z!CA|%BrogR(>^p$>jtSl^xI&nyY;J3y63H9)2qkjHMOUCL5jb+t?1f|W9!14aqVR~ z+&FZ+8s~R7yKs2f;3QSsBu`t9tn_@kE7OTR=Hx2O2&{+hO@bkTUK=56$OjF;$A zWB<+SrpC)x^mG)AqeE7t$}RJG=NX)Y>paa%)m8fGrTtyTUyPsTlb6tH6~FaL;~eL) zv`)$??je8K?nYixj&TeCbF$0FSIT%1O2TkEQf|0#7j5O8uIskxf;k;0i4sAF@1 z$8N#Dr^UoSu-;Tg7nt;~mo+?Z(7jOhm{bmS5&4qO&f`}=^kE_Ca%iRdJ&Q=Mk&yIS zw716mz%y7(JUR#lkiQ^UjouDA&O>hp9RoUBI##m=%mli#l?i%~+YH*A-HsqcuCsVm z?5hMCS z4J{etY%~g%DWzf=blim& zPp1tSvfzB zAb(um)o9PjOa3L*cv;_`&pR#;(xvqqYYobUAD%8MYg$gbKv{UcrSd#o zn#y^)H07bOuk!LjpAKhaZP(nq6kT4YU+XwUmn1Kti_O8fy#zmIlFLilOVK5f4L4q+ zUoy5-UNW{+UNW{+Ucz&iXS7OiPRVI(rJ=pbTJtb+7}b8Nn8Ua#gQ zW9ygiq{{&c@{dTZQI3qqWvfxA*}4%GS@t@mwK>(dtYt`Bq@A=?I!N23leAsBNIRsP zfL14KIl;;dkoL+v(s`0+YdSAIqr7-(3FHY?t)e zx@#wCn=B`7x0M)v70;crlC(=!k#@^vr1NAoX#Xq z?Uk$h)c@E{nvsw+E0^@OWLjmAv`wz-TP=UZy6#b8PJ8=)3MY2-{ggI0kj|6!qzhQB z{WP;k-axuot|vWDZXi9MwcKmCQR_mRVGz4l+KrA2fe=43^$lY`t+K23YbFl?^N|r(gr(Kz4&X;-fxRr zZo&mmBYhc6%WHq9f+;N&cB(c5pL=RttOhdKbXkAOY1-uLyiJ$E^b8BIQ`Xb7FN({l z>Sgeo^wQaDGu?i9OYdPPkKe#HWJI-nsN#oX6AghA!Yu1Ug`W=7kiy7ef zbq@LpSg9fS{#p?~{G#ukhTC1cTa)J7ldhAjfA@p+MZ3*1-<`>xt-bugXk_Ty9zHOyw$S(ZcXOO^gP=?lB0rs?cnj$fJfAeZ!Y zmT72xdEZO+o~_ZP#udwX=^XSG3*zJFps$!=Uq1(ZxmcjcOXr}k*r&8O%-QHKB^y4r z8iZ$~A8j+$m#uKIE<4XbUtUQCg={YV+3Ll$+mMY| zm2Id)^n(PThF2HZ9Rv&xAh$A-qu(U&w=i3J%_rt^&INn)^ntLRY%2B z`K+i6YqX&^lD<})t=>|7#hsl4|B(2syUu}s7@R{LrSf6dS@sX*dKcfYzAo1YnD6%& zdULWN_q#^7>W#O++B0V@4xqEkB5m|#asJHN>kFv}URSc6;7@%3zty9^eu0;#;izkJ z>)9U{UswqKUVA$sufIY(^ekOAE;M```#S4=1u~kFc}8_sV?=ZMYW4eZzi46xH~Xk_ z67@dO9=t3YPb?1pr)>CL-LYx;-TvS&CHKPe;BTbs8=7{0V--|iXSkRYW0JNK!|IS@ zlw9LDV*8t`?9Ak4+4YodwUd+mc5-sSPEM}Q>eMJ|`|K>`{8lZ$z|K-GY}4`=+KI|VcA|2zov1v|PE?+6Cn}fNiOLH&QJIsaoT$v9 zJG8ZnIZ>IDWt^zYNyv%HoLs_*%A73cL}gAcYHDw~w=Bw|?)Z+n4G2l%OiV#_3|WcahnD)2)YSfpaB`IL3Co;|#coP62Lxsxk7Z?c8Ak*?wN%XPf7cRl|O@g_M!8LHmpAcl(pz{N>8-q3^ftLu z3Nj?ad}k%%V-RD!Ra2C^cn_w;J1u3Y$fVpYRjEl`res=X_*YYBB~Jk6Qx&vCx`3!Ihy691;)Gn`?5mVXcNd17WS32#6^=@m-(o3|a<#rEmW zXtcn$%E&$4mFe_l_-DILS0>xKmyg^>)ziT>KbPZlC0|E7)78?tyTU)zaK?68+qDdz zql!-7Qd@6ah7V$n=tmk)zB*gC^DUa_OhcEhmZSV*I%nvJX1hE12#b9icEib?_?(`W zTf$Z0w$s8D&}-+Y&sap}*(vKYm&q%?>pCi!@Av3811eAfHhck}f!{#A@K@csiGDjWOx znAPbU`e55_1^Z_7>ARB0dv;ca!^80hn@?HtsrDmNLwqj$OjGPL$^1GkD^6}Zcm^wy z!KUm~UAOz@qX)1XnU1|tX*$v`eVtt6=gMJ6y>$=YsGa_|Hehkj+`qRCtY8Ms#Fwdm zF04;oh{G`LhYBUWpH;4$y2QVnyI3-9JNWuy@ysgwObs2_arhwcc7K=3_R`Jz+uvpT z_HBptx7|4pdtlq)oA`b4fx|Z)Nw&B0KAx=ab!845+*)6V+-`SY zy1D9)-4|@Ow7T!tY{|Qx?|-A~@%~ZQ~|xnWYT^jIl9TVfh3dsqV)2OP5#7PGGbhLD}H;gLx)83;@gW+qJL4GfB*M??%B_|=idL_?(xCK1$!>ob2mQo--Z)6-*&lvjh;3#*SNU+Z{%wu582RY z@c;FHG>!1T26tY=wT+Ft{o)taXTt{dzLtWlz4=y+d-su{ ztGV0%$1fWjjk)U^qm9PBHvnJtJm5ZHklF)Af3ZOqZAR&d{8rd0S=j2ldIv~6gNj_S@0kG?P84K4h#zh~XE@t_T_vad~V;lD#Ya;txNSfgS1H~}ng zXc$-w$sK;viJNcvno(>+-yQxk;O*ioTu>hOa|W2_`*og zX5^;hdp|^cY=7`@7MK&yUHd_5ANt&g9HhTfz}J~04@p1s=Pzr|9e(+j6VE&NfOK`_ zCg4uENuP1?#Ld5ZmcE`iea#8?N;mlDhQ|H;3-h_9(YW%v^<~)D{u);{j*k3r<= zZ`;590AjIEc%AzW|9)=N5J4W)XnggI#^w!AJ7GiP)DzFW`dwhs$Krbe!}rbgkK^Y_KohoGax#rn(A^^`w}t4&5e zY9pV}xVv|1GXO}iU;4z~yIOH|TjP-%zT6mx0{3g&H(mYU zKgQLI83!4_ZV-yPS-bX^xqp#_3QU~pnu-`kNopKCp3Ob z{qA#?_rLFU?|!|Hd^ss8(@cs{bkpF&ov^OvF-;cQ5KYumg z{IxIn??-;ipZ~}o`8*%>UjID(%=oUlKl9&@iS|v=Z*tk&r&i+gR_{Ocd;a^(&-nOf z1{`PpulW5#|2!-3cJ_?-Kl{(T{p^4A&&NK@+aI^1@jIg92%ifBngg&#V2{ zuZqu?#pf6O^9d)!XWRQfaoNXx;%nmfU-)=W{I35#=X3r!eNKFS)~`?hk^kQO5ue}Y z&-(8t-Qu55j_XhPWB>h>KkauK%6?zW6`*?~8-4cf7>= z?|7$QzohBcFL{Rle(HJt`>8MT-#btA&s}%(_FX}*U7zuBcKxki-~E06y(jo=&+8kX zke=D|P5<2c>+$*g`24c>-}|S2|Gpa?pZji#&w%g1-+R9U|LpxP4LV--HvfJ3W{2zY zJ@FZMxZ`=8 zSB3sO{CcO?;Sc#Zi+}H*OaI;BU;2gr?*6KOK0D;67xWyw&f8Z%?Vm?p=;IxEwf{bL zsefL5qK|iV=-cO<@9o#TI6lAQeD&Oq_~*6Tz5UwH_~-LFK9A?UAwEA8pCP~3{eky; z{tNs$&yVN7;KSa2eel8c|Kh)2_!aN>!aM!Pj{<`@6FaG()(06aT*suR~$jO_p_1|y#uJgfL{%d^xz}w#%cz^3R{P){#ce`;* zz<*27{dfM+ufIK>|Msu@?_0m=^Sm|2yDj+rw&3^MLN0E5kK^sO_xXMA488u&u)FUJ zz532S@P6<7c6^4Oe&@gXeee2?f4=)Qe*N7cC+`V*z2^$Q{@(Zd_4fuJy*KRX`!;y{ z`_78br^IJ3J_mmP`$G@C|M}kj{-DzbLO*{n^yCM7-v5K4A3pexj^7Xd)cubSeb4dp zq4<6Kz<=NVJiq?2$N1;R!|(g}H~jY}AME`;xygTj>b3s)>2LezXE(-Y$l+(->u`MT zLWlQr$Kv-le4NkyPw)Tx_w>&%y~01g{0~m=ubl1uz7lft2Y=-4XSq*(LSyv)8yc^| zaX1w}eDppW8uDeIr1<0B8|2ZCp41rS%ZA2#_r@@_mFc-^TZ!m3I8w+#eq|k8`hoR2*~ShQ=!!jeGr|wBNhWca8IEAiSn(zrOUp z_sgpG4^-_RtJ*(Pjq}ygKK8cKK6YEx{>N4O*Q@sbUB(~#m(q@3?(o0XeDjQl`?RC| z4YYTnKlr)NE2{R_RP7(F+W)9(|A(smpGy0E&noTr{q?GSJKuv|#0D9j`(9S{e`eMG zlB)f+Rr`Oa+W)j_|IbzXcT4;I&M58odt%l8w5olvYX33cN1^XWELO>I60bPjKScWr z;$Coj(u=G1S61z}RPDD`?V_ppN8^0FYX2nd;(2Is(l?_W8lCjts`l^4z3}i!iPrSL z|AR{V{U1^K-~Z`V`{B}l@+qbL+^T@c~b++Mido-%z#xsI;GQ_tJjKWqc30KBeNHQ%@@WPd%;lKlQ;? z`=hG%>ba-Bx@!N=d=I`Q=FIS)`a{0Qb5E`G$pdG~_zzqv{U6w`+OMnHe^|BuytJQI z@#kr+s{O{&|Fkz$?SEah|3hhi&}U2ggZ`kjKluF8{@_ch_DVlIxY7>~UatB}7J^qF z{L|9@D`@c4{wsH{+8V6SM8PldFY>)cJd6FPslZ7JUr~eGXBFZt=ivF zwabMmtF%Ajs?z?e$=)&F zU;R;O|FyGA|6iM~+AIF~wTnypBf*2&Yv6z6J*)O_@jdh^ITfET_We=HylueF{x07u z`}?Thi|1m0AC+{Y`u}Cst}(+;c+@XS`{{Qp?WaGkYQLarzn$+P*QftUw4+N;|60Iv zGv6ycMqVe|(?@@m?<2r`Tch#l|5)0`l{pQ4IL%~}x7<#?Ew__%L$fmG+b!>w<%rx{?(_KHDD!&!Z&vL;sM>!~ z+R4{BoS!3Sm-PG>8;vKlOP?oHHtPx3mi8xBJody2PI7t~e)4)5wkO_PV0hvOtMBwO4SSQ^9%8o2vezW5~!ke_FLywqv@oxzm-+ovv)b zbfv4OKg*Z_KY7VKKDo)vGvp_8`*{oHx#v|j^t_6P&-*~>|D=RZc=ActRPB|`dXk<)?+WFQ{baf=AFN=1cxG_a}#%>Av*< z?V$s=CYePCZhcwRUip?=zfrX(Ur7CvjX-9}!DjfkEtKbO`$ENzLoZXbNjBUy^^WzuZuqT+uPq(#<>tXm2};Om2X21IFC>Mw|qaV+)Exf!$vMR z!*)?c>x-UUwZAULfp!Hva=dz=f}%9tSe;rcio%zfPdFRtM-Rg{WldE*;VuT+T{<#e4p`zs=bPTpRu!Q?-qETQOPOmb&f;k`^?iy|7Sj`YM-dur>gdf=bw31 zv||SkKC$#aI9>W5d{WgexeNFYZmHTU`+M+rO8c{tJ_OEZRrq;Ur9Yqb@v49F4b=ZX zly=q`Ge5A_nDN}2C~&qaJ=3aWx%Kp_|FNq74ORPls`kpxvYwfFl{L-$+?lPV|IBYx z?Kf8KuddqvBi{pWGbt|(pU*z7^q-ZShOEtQFa2kCRP9xaF#EpJK6hdnXRgA}+=Ht2 zM^ycjE(OnX)x74OQ}w^T>i-?Shc0CeH^Vts#UO2ZB>3A^4AMTeYOm&ls4^ObKf|2tLtJ4*kB3eJU7s`kpBE>v(XRQ7S<=Boc! z_#X6K_`|CGd*!)@&Trh!{NdkkG!9j<+Q1xG~+6Ps8 zg@@(mRqb!!d(eHkvfbTBmT|ggl>RF}F73~*Mk;WQhSm6AG;slMK64kV-=o{ zNyn!4{Z;=f3O^sK{MEIGmiD!ZzH9VJG4I-J8Hak0%%9YJWO$wf?Na~eY_8fbDD!&G zg;o2P_#XWB9O<0E!!=d^YpVX&TvqyD^P5%w>&tVm5w6lWl^=D@O;!7M;yZrzb6*m$ z;fFu>WmWq}tM)He?O(3ilZ-IVwU00D*Pc`QUyD65oP35p7gX()UAVT2Yp&fDeXyt3 zR`&7Qw^!|zk9}>0w`(i@zxH2B|L0Y9;d%F|+P4SH@aOaPRqdT<$B%lR+Vs;zpm16*FC9fuk1DTJ(;hl@yT?2LGnw1^97ZCe8IQMI4}6S z(w};uYMgJrEtNo{CjyH%FG4~si zZlwPWinCIC71!L*DbKp$$88;tJ<4R%N=@m{@Cg@lw^l%lGj8sPD?~Q`?n!=B1ygzDvdfCofGf zgR2|g9PPxLH@>@!b7ST6-}w2e{c8oz8!MfE(>102rt3=oo1}|^);GPXYOnBf(?6E> zmsPg@WmPOmO<5l2WjB`oFaL1SnJ@oH)n4hAm;XU&f5n9b&R6WJ+ACZ6ihnNcuY7pv z|H?;K?N8==;GcT7jDKp`GXAM&%k8iJTp8!plI7sH*Ua-h@bj9(Rr{+;|JVF>)n3`+ z*Cf4-j{U92mT`V7>20-37wK8(_Sbzq#>7UvF6lSgsh`X6P(zpdzrM=(y#75^yL5|S z{w((<|AcYgaCT{bLyG&y_;39$rTymWxi@dC+Ak~pZ?5?2=GW3E_~hodRsG*z_5Wbi{=?G# zwhg8IZEvmGE1gV@;|a#ktkY5FnCC*RW1h<`7nOT&*;(4(zOl5wy|T-1-&3_et?HlR zK5+i_+p6}Ym(>2ZrTraMob`@pRqaXE=>LxEtM*E_zoXLaw^shcttXfMw^nO#w_aPd zC%$F;TfbDbf4%V1tre}Q`^ATc^qm;%lDsE-~Y9Y^RDFoFyD8*u4=E=>)(~+6y5UfUx{(( z|L#YW{?wu7XHkoq;eYoR_#W`TTk;a~diQs$asFFrr+zh$Lk(;0|DJ=T|9je1yJ#2V zzvqQj`@5?CA1Lkbohc}(hWGfv)L*@gH2an)Yg+4onp`@mbvTt0Af>Hm9I z6nK8`VAcNNs=a#d?|r^%|HIOsTHp*P^}rcUYJsy}r5@PZsg3#2UqydvWlsP;p`2B((s8#;>Nmcty8Rz5AF72O4xo*b!#A#J~vJq;(w6uSc zxZY%k@jqF?Pfd5m4|UxcKc7r8&N!c(tJ+gdo!a4H(;>|FlPPzt_K#NW|Es|Nsk@c- zPqnM|b#2b$iu6*(S#S)L)hMPtTTdK7FXPf9AXTPVM&>8ja6X{QTJ}CZ#^z z;YXK#_VySDdH?JutM<=S?Ul~|Y?ZV6Y~mBf`P@Y5|GCLB4mI#u9;t)R&;8s@RsUC4 z?c$}7JL=^9UgrL}pF|&U^?Bt?q;Fr%_tQ)J7amahf8mi;`|p(gU-;e9{`)&h|KHzV z+P_%wz!&GM_NBs0UtF%*-%`f;VzQgS`K77S{-xv_)BffETE_YE-<5Hw|34x5LhJ#^ zcwiqu#v6M9a-R`sOs&8EM(jT?+3 zJh}dCZ~JlgbH)R?L;anoy~@X32iN4_^mi}qRvuyJ^$>ozhn$=K?rqnfwQhdgbItX3 zeax<3z3zVYW00TH-+k=*di=1z#p!yDLJ{he&r*Yn5y(YcJl-vhLt@wod>MyEM_PqFLk?|(p} z@kJ8y{GFwk^z z;~V`Rztu*07biDt9r+UX0^jDlH{Q?HTlw~pkt?|O3ysG4_a0rMjZwC&jeeeQv~54f z?ggqH=WKX3_wwzMcaP3-l~Hz&*>k^4?ZMdS0&Rc7>ifVT{TgfItE2mA`zliM)zPcD zmyr)%F#1B;xMSukqp#z+T%Es?Z<}xX>qevVPoonjp1T6BmL4>E3T=PUXsk?)UctS< z(tq*j&uII4qjB{5(d)REr#)wM^hEA>3!H4QtlUD5(7%DJ8^%U|$h|!6#u4s4cLiL% z{9i|Z%Duq%>K_aG6>#;sAA_}XSHRU9elq%PzJaSZ|K;faL}KI{N1)o_maM?|p-=9s|zt$E?<^6a3~UG9&KZ|k=E&CZ~? zuiaW)Tx(w3I?`?qy3Lt3=cKd-{O-*?d17qGd~>b4+C19p3^+W6k!HJd?dH+W;816| zInaSB+xBm1wwI4|dfnxv_VQqpT6^tgr{8Qf7hAoBc5``kX{Oz4cITU`0mkfNtKaAG z13hWBwcK249d7GEz2;(PzTI4G_xsJIPQTr2%`CQ?t>wAqQkOwjdfmBICUB%ZrPEyc z?HIAcSS_w=1V-&PSGly@W!S-hCm%i3nLX58Y4rvI!XVb978$3>G$xxXi>nKKSz`3X z_NM06{rh)qYVO*$e^axyva;BjZ3$;K^-auajrq+r0q#g=mIqHVjqd8gA&osN0Kns+ zcBdyG=2sV&HJ2l;9xzUg?O1NM=H@y!9AGk^Bb~X<@&fk`+RKy6?e-i)Cp66mwOXQ` zA(pWd?&dp-i_O8&ZnGMQtv-*NYYke> z!P*LQ0pvNMM3+}qXPCO9tFsIq=UYs7s=2>C+g+YBaLV{Ai><+Yx3|=6&GZMomNQwC z7KZX?iqxV}XK7`zEl$ysJM;4(b9n#*f?%+;CS;_+c$o2`K?S;&+OW!={mpZmN7}vq zYG2`t-iIrWjx@)1cVTDaKJGe>jh4HEG<%+^ac5Wi zgYHth7qiwpw!j(2kt>jP0OZX>?Zp+~GS-Cr?PHxjM4fFn`vAB&C(%0GUKup!d)*}) zm3j51np@@vi0O}@A%YkWKqkI1FfQilAa!}|XbTSLcj4tV1^}F1%cj6pNn`U!r+u_9 z7F_7H+sh2L(&`UZd+q*{lMD;!qfoBh6OIpcj{*ZyDzWIyu7aoLTz7U=l#%dudkd}Q z&ed%Q&D2+B9-`V^5;c1~N4zv>FM*LzBNBD- z!(sJpH93l@?LC1A$!ZTEar3aAGj=Idq0{zbv!Kj0))x4Ey=3&8{m#O2Yq7}zPw<); z(}b(voLS>Zz3x%XwVeks+5o*~fPUz;L6P`waW!cp$q4e^_7Mg8a)qKzMb6@8jo+QQ zsyz$8EeP?ZO=I9*+t^!L0_aw{CPtz5q=DwTKrv_@3f((ys(e>S_Tu8SY@ zn5pLWBW=?-JyfqcZ`r#8gM;RUi1`r?a%f)GceRldlAk(D&<$uJ&^gB)$?E( zq30yVNOjT+9jq&ko8hw_QE^%Q2|K3)XzE_+ivwcQfR=06==5l zhns#(n(UeG!HA&J%sltuKOS~RzsoslQ+GCZn2JD?Lwhu>KZ^M+p~Tk%gD7G!;EZH{ zHG1l_*qP~>Y24gA+D05S=c5{NX?1bXk%G-8g7!62aC3;!g2C8tF{~pJMlU@(@Y=#5 zxEhRimr-bLNKiYl<a>Ie+!Xc0mg>_^7!azC{*h(Qg(lCp*RHjDzrX-L6U{ z;K0m5>sEMG-LJRe&CI9o_4be85a|@;{|}ddR@jV|+~m(98A ztFvfcxVu8&&8FIdpKuKDUv{2W zCM$08(V2rFLIFGmvDW1FODYBOe78Hm=|fBDmw>>tlUv)F?Z}gb=}aZ?B(Rm|-^X{u zK|tDM&N_HU_hb~*bN>fM2PhUUGBz`K$}x^C{Z zF+y_3T)d~pE_3yF08~y-r>o=f_=AJ)K|y^`n4Um5kXAFe=1?)|;v~rT5JD5+=1Iv^ z$bm7trK`EMYpz@iFV{(rbyP>)&{D6?ocG=27MdqX1!#yNfYUIUmEl=j?G^~#lVY$< z&D_hKF+C!{l%|7tXti+9LY7NGjTkiyeFpNIW%WG7ti0ZbOnbkI!sI z!V~&g5nZJ-Ol4?F8sgyAJ-ZKVzx;p+2>2Qf57le6zX}ufS65_fo8$deoIrG9qFGjf z?ZNES1m?zNKItwTgt${iA^YsGt^62s;L{z!{;mvN3ggoB^p?S(=R{gRk(MmW0xGGV z&A}}P4(!`;!KDYbH`^ZTrHnx<0XSuWgk)y{XNM0WbsW4^+@t;?#IYEumHbtC^L+~( zp~D=WoWcdMkl(Cee2~0&G=QS*F1%&R7e{R#@tPXj*X9ZBBa(|WXU)qV+8>LizMDs; z#fS`rW>z$sRc_cvcoHuR#?pxR34!%8i3lkag_ydE9(ycOm;&tcq}U{X=Z_YUd#lXH!-%@RdAvZ0+15)1}H;05r#(rVF^5cxZy29t_+Z}6U0B_ zs+M^Rf~uAcyic2Mc^>jA30iTe0#F`9YRJNZ8fNj0DUM~+2MP>4h>_!6K4^c5g58n+5~{jB3+>5f=3=x zV;8Jb3q!hXdfF~CAJ-3_zJeR21r*%KM;9iUfI9)rxwYliQgS75XvMvAS^kpAZO;?Z zc3ibK_f>esblWY;Au(i$j<1VXC&K4d2xh^og&Ht4qQ61X zyVVtl(iy^|E4S7n`5s|_C_w7FMGA_@pDd*^0G5-KVOIKUU?v%V9A$KfnJ7*e+v|}X z6qgM}Um1QNngZ*XdOvyV1qkqj-xUyvJ-L%HbK+9wsEt33djz~G9|3kWJdgtumeSRU zUB<4HM{S8oLKTqkh7X8Sr59%8kz&kwH|))5kRoe1WPRhfWTRpuIKYCHr^9kdcHY% zT8U89gE&L%mI=WyYR1v!kX>_wy7FAzJH*|T!3uO71<{(Ww16PCXSe4j+=uZI1J{9M z#hi-dk+Mi#py^kd^W;F$<=7GiTSd$eE)Rc_ospVYUG9is;^C`k>!Ro^+RS=DGj&e- zM%GvaVW@Zy|3O|~2@Wh@jOHd-y4xQjtil^|jQl=`jz%&zg4^iWYAPM%lgv)5N$VzK zChiP=3l#X1WEY@Rs8u1;0W~CMtC)pCB<&2Q#Z>78&L5sIELf$nluzhM zCRr02$a$5jw&4f8wVnDNPL#_8F>?!CC?OysYPG<_S;h;{g2nnI(kv2df>QK-cn(StRDr+yWEX%7D18AdiGeM&y>|IYEdPGhGW$6ZusxSB0zAti@FBK^Z7B zZM3umLxGxTTi8I0GB`AhhP64=>4~2WlugaUkOM>_1iR1;WWkSroGJg{6hK@5;7y7r z2fZ%ou_7GwLn<5=cNYbtREBA|=D25^oGHXlWZiKIOw5QQB+c-jWF^c_|7f?nau-Hr zhzW91hlCX=-$9$u5QAt7A*^Q@Z`*WWEYGpbZ22G01g}-81yk7`nXel>V2@ZWshL^47JIgFK33&~ z1`OQa?}jFH4sLrEPxA^&v>@v{N2YF;MZ`V(<2J=K_~>%ZS>gfy#kG;9r&vX4yW7NT zjXn_%k$E!*DkHB-Y21d*jYYBMQ%mbVZn{Iv}zj@) zy)!`Yb$t>oxTeV`VPPs(;^xHJF{?|LJIDU5S%olPx_igvlb+%1uVI*%+^b;x#2qO) zgT?OPNV$>|n!;yM5*T@2YORj?QTRJYh>i;Zpa~%TrXn^=>tq836@=2+ zRbn-ge{Ql-WNP%A78Y?+7hSi5sDc3Fs(%Ltocq#j<;^)B^1PjUVV%SX|9_)k9sj$g zv_;5RE+qCvqf2y|cqlWi*r{PZpT{lrSz5pr80Fw%SF#p~Wd^$g8@J?_6@6QF*_`_I zlH_67I$Fw|pTP#|6NGS{8g{*$X}JqIGHZd7rXIuXg^l-Y{1A_t9VB4K&)40W;Vna4zt;`+;e|5g~ReMwO(tE z^`Wkoh>qi9iJwa%JzGF~d_`aJ!}Bv5RBOj+k!m(FQ;d96 z+yX4QQVEBmbQ1y5PNgBgfko~vmEh-|dSkuV@t`H3~Bsd66L^j#{Se!P&AdX^Q znwku*yuC=L6t+{KyF!>R-jZ5D4FRJTZ0VigQKF|0d$9l{on%7VVtH-k<*Yug?+Q#- z)dhImf}aOu{Q*<;FbHUdmVRvcWUEcZ*7D$#0>^fN;TSEz)V`-b+~@1Lj2cf!Eo^P8 zTS7?iWey)Lw3Fg6CdrdEw%s~4wgK&PrZmq5E#eMHg(y-pU`XChH46<=z?_tmp|s*+e>}Ik7}GE6r9|XhEVZ4~C7BYr{$){vHE&$; zf$Tf0X=#X{Tc)eo?FTO1x4XHtw$~nh zVH7NkCllYF7<5AJ!YBq|N$yqacL%s%vusjIi7rZqFuW0k-hDI;xIcmtMnSy<$mwm6jp z2`e0P)6FegNt^BD-~PRun%nq-SRUA0Bs(!v(G#XTN#~6ZxmFXE{{%dUWPV~!wc&^L z$u}sIp}2$SoD98TJ>e*(O?HIB3#3Le#oQuU?ItAgj*Dha20NFAt;gxKJZM6Z1>*7J zEaDO-d8EstU5NUGW*wK$9=CxH`lW;BM@*RL7i)y(+ntk>={~o_lKGT-K~nE<;@%lg zvT>O4W=)$~5iEau*-BlUgHks%pf9b9xb0)e64~dGsj+RIm2U3rqT3ZH^jLZep*6h$ zT^Dt&SM)~s2Ivj)98u(0MBN|~`{*{q_k0w5h(}bnK?I9Q#d2w7S*{IX#<^$mpUa!` zRGFw$udqw_m{?X{$lZG31sG&T5zQ}mEqviFbC0d*+`9+uT8T|Y*tY2 zBoLz`oTlS^(sJb?o1G1V5W?hp^g-5}Mwa7_$821~4<{j#K=Pw!93&P+DWiEtO)o7tx zR;>z!vLEJ&RmHkfKgIJxm%yynUBnw&-%5f3Z#slvKn|yV0D_}aNiD0E6Y+N1L;@i` z-KnvQEZBmfdnU3Td+Fz0$!ub2iu%w|mM@Z&M!+_QN!p+)XrxPS!6H$)duU{VNxE(k z;|Ec#3d^;mm-|Ffq^H%)$qpAo576Z2G_r7gG%7SRs2;r0hw8O9`3|G)a{HJP<366C zbu4N@0Wq;EK7jE^Gx3o0i5}&5O^@rfzVn2b+swwq;1$XPa@ly9Jm8ZYd$7w0yoifVJ4EWaAA$fPX{Acc`N_6%7) zN75y@M+sT=mFAkp7VgL8s)`~LsP-t@NXpA16|a^Gq=5|34VhI`#{)r~2`Ad7LamBM zmAnJ#+yF}uEwc8Q0Ew{{TURTipwb=k#HxvOm4$_8>B1yHcOVmlmMPh0)jT-ZbeZe0 ztZT(M{Gb2I?LQU^RZSi(9?YSnlKI!?%t+1A}vbxY=o zMD*tAF=kE7&12s9OX(h$E1K^Z4mS&BTF_hWhU43OxGE==bp^aFBziYiN|a2@&cDS( zrrcRkvd|JzM5@=8x^(B!_Kb$$Ih~TYN{dud{RWdbC7$Bh$6pSNv`zOY{(k|*jYKJ- zL~RX$H3xXgtz#;OOT|OI3XHMKTDBxG-87ULU6oVR`c|=_v~(9)!PP3D6~In9PbuAF zoF+>m~m$@apw4eBw&G&ty*__Y^T<9f?=y+H|{@f6i~B7WGXYyo{FW7 z2bhwAM--GSKZy%^^@4R0(a~jTXE$cVRY5CIlv*mkF_&7ZRiVMhGy($GrkG-<*n$vHIMoP$b#15GsjD zmM9`)SDw!45S+1qg=%1LpLBihqnZDnj1RgvRJ=tMQw2g`Ddd@{M&Bl&pAEkeMdY^_;kcQ}8jhY{Du6Q8$K%T|zCZA2-mIu+pl; zoxTJXA|eubQmoGg6Zb1(my8V$RGPCC*Sg2K>Rvw5r98ns8P|ac@`%z&&$m`6n=wUT z%n^AL0tgrk?US&PZwwn_4k-095t5`b@GKr$Vey5o&?jjCg$I@kmh>?}^CFr!4ZbQg zjt^jY@jP-8I7XzJODmz&gEF0U6WC9dIakM+??MAm4G4)PSnOJJLZdNR6az!_%fl66&Cq zFU=y75rRW8m|6EL*Dn@zFs#|)sMY1FnogTmQBBOhW>xUUjc7cy5*z(AqLKt*@{)Fw zPbxiUrj}dMz8P^eNQ?3deI1W=F4dUSw?wHvPr!%>fRys`{V#$%T*=6{LfY7Pm;z4S zg|<=ERlOIH8#uzqC`v*@JozJk|ulmb(R%dAo1`hOSOPtB|p^U6H;kc zsM4Pnz*+9kldxt7r3`hu_B*CLJ{n*P5>ka6!HT}~p?(63n*gdDcQ;`G(|+A9rJSac-~gGh-iA`{-61r^!GG8FIdk5HP`88a6>-E2<$~hKVR)v`&uN zFddH5OzB*r zq-lmHrew(UbYe&q1)^~Wgc-5TE@Em=o-i@h&Y|P@RwX@)@bI+kOsas~atASD_9Ja$ zOnH*~{n|JsMBwTw=uXmD3irwq2Dhpx2J5Qbl8HaG*WDU1P&4dlX3G1<9CWIK%wj?LwS(S-# zqLJP5J+tjGh1Jb7EHVG2VG`aob*79@&a-HojJPkr*OdPyw@K5C>oMGeg3Bp6Gly1@ zH>UOfJrVZEHViRTY`>w4cJ8{P2hkZy!K|;Ih~HYZ128>J(}_(#p@HNtsr>rVWu#-U zns&Qt5TYY$x~-~`&aQFsYzM7lFs4?2YCzqYpG;d#b6!YjG%_pmr9e}Ti3RK+Mkg2O zN#k<%tb)k01M#qlu?Q;D*4N2FchaAOeMmesF~&g7h)O%OdrMYl8Iz3|L!|2gv+~9= z@1e%IQ;+w%eMk-xf3{Fh(X&rk&f5@5eK!a`pwa|Xg)(%&ne92Ql*J^*?pB_!+KhuM z?9-GETE|3Nh8reZN97{HL8>G0^aK@A2X@-#2OC7zIC-#}Opzg^HY$(VJIFOcif_rq zWqz)F`OaY4m7m{1GAmh<^EF)t8DCo4l8|gD2)pz&?MIv#Go77qsyp0j+0}@&6ZzI% z-9*MLkIbgQLt5LJGpCxzHWzFgh^ndPJ(;Vlr}2gRw5E|n#Psmc$F}~H^=hijb>4>? z$^;YVQ>77ln6NaDN?W0@%T_|c^2_=e@V)%V`WB(c8%BrmmW5Ks_ z$HhGrRHkGr%ou0sR46!B%;r>a&j>|~k`d^vTDB{)hK@NNV$1eW-x9&Xkd9!k@UZ70 z1r+Qx=*r{tO?~6oEXw-&h9lX}9O0=80bkigNRlHV(w0K`;Wbnthn;0WW;$6>iD@sE z;fi|l@|zG<+45|{mRbwsv&~o#bF_76nJiVU>(F-2;} z-8iy&jXa*_v7+rO$eIPt^7qIb^zue^#bb$=bl8Fl7p3?y#M2*nY(mSnnZy(cF=IXUi1#$M#1uC_A>^F7X+@v3*Pqj&?#w z2_@HHWwpl=sA@^ndzS?r7p9|ivX~kg){U3FXP8bkUAwmL+OzM9gBM=9d+UK6dv@=~ zk5kP7Q5a)efjUtE+H?r2bq|y-<`6l!$_GuFI^}TSdS804A6}dKDNawoXc0+XA>P|V zHgxEDRxGUuC!rGB+ zd-AlEMTD~isls8lYAJYy6xM={lgNfmBvWd~ydvd6Nf4MW@dB&tb@?uyoJ4~+n5u8* zS!^#au+cCnCXv)OAdmaruH?CCGc{>>s@4J~j-mnWu8`euTHGB~Xar4mSlPejwqK|% zGd4BW4`y{14W>GKMYel8IS!UWb$~2~j^gW(tsC3h8O$@^emXBrIJWuASgU;N-&(o_ zi&i;ajB<6ad1!9vWN))Q*HMPDzessVlxQH0W4^ERq1hWhJ!-vk>vAofWJ=N2F|>T* z(GHadvd%P+VC0*YOBQsL$&%JbV2Js}*5S4042Dh&1g-3>3Gn6>)+(u=Z3zofR6w>s zs)kWg6gL!xgl;#Gv9$}@HsQjl8BQ{kxg0!I(+h2x{8=y7m!CM-U7aC$9z}0SbDLSS z|0uQW;Aj((#LChDR*9%oIcgP3Zg?t-DiY8GvPPP!JdfrDEHFb|#C6;LEm%2{B)#?| z?ykFpz8#p2adjjJw2vtE2$}Z5 zRThQpU`4mToluenuMWbq1evj^n~0hr#YZ{!LMRqX?xuUApO64cDGbq9`7|~$-9~yg z`!b@k)QvsY`L0?ZB2xEC1$Ow0L#@P5<5kA7IFdT^Mwk{o?F5gs{cpb2KSZ~w=3b1R zFAUnTgUa=>=nS982cgmcLkF80pf=L9^b72k!}Q{Wo6F#9UjGLPO}-p31EB_=Vtb$I zPZ)09!K4p;4b2Mq5VZ};Dv?!Y3@I!Oy;7=aQ(QdTeLB}*x?HwV!ZtcjASGoY z-zD0mqXDp#0Fb!Dsufcfs5;u!6P~(HlQA=f+pUg)3Gs~`E+(rWDlej!ssx!ILF#j% zhZRnOcg}sV;KBkr%K@*)PD~Lc!gJw!6(+LTJssR4OO`E?vp?j6yFoNdmGE|?BY+!i zsAUH9Z;lqVnIg?SW(WIJg|Akl=8Qh*EUYSNm~;pUIv$SW3-Oo`Y7fb=B`%@BQaiR@ zVjBV}Uq*k~f;iH_KKmX<3;`XkDH3wsLQZ<2ZH#Wttvuy*2PKLh^mt7<7n|jXrOKE3 zXrKi*MgP?r^Rgs>MQD=6TI3YO$4%7r>&zOf^X{34(N;Q2CR6)mk^orz0mf&EC=^M{ z=3qEE$(Fo?6_Q&@h7tw~b2g9lDd#-M(vZ0orP+*?S0~8?AO!n^$y#Z$5yW70wMGC_ zBz~~Kwu z^?^@GK&ZM&X*qj}@r%%po7O+XZZKuY;;2Cg&C|Itt4O53YXycK&q=bIk=&zz(sJEmFepyl@ zTI}>r<_D&C#?rX~GP#G?pwsHja)>QDB@B%!iIz#K-<7%*{|i9h5aoe|m50=jB#(XA zx+ZgGvlUkt^JfA&ZbpSozIZm} zFYNGC83Z(8vEohM6fk-_YYAiW(OlK_!ie1=$Nc|AuJh~Kbh_go0Lc? zHeygd(#lTg46A=h=70i79BOE;wRy2nYQltVX~+z6`Sd!)sa zdsROfE(~~V6P|4^Uf|eibjL2zsry$KR~2~*7orK$_rmf7af1=9VsVLqreQ{a9UR=a z&@~L9vV^%s?H5Mzk;XdIS@E^#nxIO#!iZI6f;)(Dj1KBr)ueUm4=P%A*bfwTUy0;1 zdSk&3|F;}YN*i0KF#J40Wr;=Ech1j;P&!e;{CiEYLboBIAiyS{=TfqJjsjDovW1(g zl%*86R{cyhIDwCIr*OAGAPK6<$s5PSTDD0+-b5fd&YD1Z<35L$%-~q=8djFcU9@A0 z;ieA7Os2^8k?!d|2E~d~At)$XC=$keuNb$Od zVk*WHf5=4W99RfBe4T_mjviF-Wb%=niOhTMqsUQ4L+OPV1};NrrAnKu09f7xIX1aV zk#kWb-s7nLs6DtVZZIy+54ExfIYqdCv#d6yfJ`QZ>@RCm%+G>J@3UlU5Xw*CkEdg= z*oT0)3D*^R&FNM?l>ri`lMAz9@=WgVl6A$rLVsqe zsiqD$kEBRASGufhujH>_HzA;T+`(Js@g6@!ux%N^qe;g~PIMa6AR{{V;dnpKrk6b~ zV|Ld`S*u!-mBXFd&Ar&p!Po_Og*H2_>6q9^Le^p0((zI1B9Zd&dJlun=@w6v=bvy? z%nt951Z@?y!BTSP!#FSwDL$msGt&0-ltkQbnhy4ZPh|3kN@nt!3S63_exUTKklF=Yi9};Ku@2e%{IWx8QiE}W`w=-elwn0%ztjZdS(G%@zHI` z82`ieat-4FxV_#rs$4tNU+(8LIm(c;d4Z>I=(ixC!HzcgsbNz z(%I3RAw!NOx!XdLj4)!x;0xXEoc1A*6>uu?`T!+5S#K-!%J}2h2TOryov%H_(e<;# zr!}tLwYJ~a1h@K1CffK6yBjWt<2R3Ov|p3wqad~==9kA<1wzBj-!cd^iRDu2m^@>t znSfiYL`}G_d3eEv=ODD4gdz!rx&m>?=_Z~-(At7J-Xr=?(Q zuoU#$f(S7axhtt^e}f0>Da01DgX#Lg?mRFh!;X_f(yX8UOldA`wn3F&}qmF+8(+Sw^UFd)vo4-;%P2^Xf;RFO|5ndvtOq zN@}sW%NAvums%Q}ax}AQxG~C$-__YECbEzcRUf%?ZIuy~*$ru%t1MdWwT?!(=I6M9 z6{I8ODur6&3l0coeL=_V0*`^?&}3lTR!F|gZdy&R+>s6&H&(SKE+n!Xl+L_|UCNkB z-QcXS%ZdQVRt2qkpM8%=jKB`l|aF;DLZUE>l#&hSgG6VZLPjE7dYbzVj3 zMq$g4qmlucq?9H6#C4YMjw1}rF;9}LZOnA1%E~kElibNvXoUzaFl0+v3=>0u7%df= zwCbpMAwo>Ov@S;>uMqGVK`CJL23Yk4aurVq_W9(3@O)W0I1 z)L05)Q2T||&34-UFAKLZI#bQ3`MIhh2Ll^FwR)^^mnB8#m~oGRlXfKq&FdA?8l3pT z_}MdXo+37~D)eTKByGfXan7|BUbp8E9V>r`gQX3+cv$q1{$^j$?tJJ?&^u}wEypzv zd#coy9a}*u4j#ZMx768C{^1VoI72A(jH&ceCe)-VqStRNPx6(yNH?($MDJ&e!gEk7 z@lwi1TyNk@=>~_WfI#gIGHXekeyn0gb#dcwl4Ps!oJDCbn49THhz&sNC-)%78d5IR zh||+niH>?O`=EE`*mj}RDw?e0Zh_-xt)@yi@mg-}N42j=6;Ru$fCdWl7uaZK^-m8; zCfn_~pWh}F+xix0jn}Av3U{>ZS?MwKOCm3%5WOhZs`Hs#2in3X4@;Gkh|61XwJ zcacSJL;P;fF!mI!n_j5PL898|Yf4(AELbf#LSt*6lD4>GTr+eer4g>5ar`hroa^YM z3~<8yg%&(hZynT|jI^?2KgIvdi?=S2M5f|n{o$_KUYz`f8H#csvnzQKYms{We7>hK14su@6GzsiHQz^Qny ztmNQ5yPjgUEH-NG!1g41U+HzdG{aY$x$4VIGGMF7|8-V23D*FrqS9>CnW=9etjf|v zm2`L!#cF7RCDBz?{i*0eypsG{N4)JIiDUE=DAG4>Su(C{HjWeL9*qPDT09aXL(zC7 za&Hf{Fd$O9dvfiZd*4U>4IFo|IZeX`NRV6G=j97ZsTu8bBZwngXh$y!hfr?`KtX;CH5Xx(`I38>&fOrvD^sSCEYyEG37?`T>Kz$&?pgAUS?R% z^tJ@7lFy2~P_!vA;9{BXJt~hJYO@yuwP5e@q*iagp$G$PD}G~ew+NM&`z;zV@L+f8 zJ>EqdAxc7}o3IpAg3^LJqd{_g$S3Iilojpht0aRew~2zP{pGgLTh#D3Ndu9zuuzgF zV_J#1R-pn}(DZ1J2`23h+uWRPv$ZI%u|Nh-4E?lDBINuZ(Lq3S3Ew`WjBjXb;gl)& zga)lym^n`lzc`Z~3d}*e@hQ2lAM>I9#8 z82Vvm#g_DBpV=f&0l0!5uqe_pG~CZKH7S2_Cn%UEpbK0k`)aXU^9*8u0}}LrU$a9m z>qX2`I}!o@6E6^OrHJFNRj4XBFloq|v4nwhaIr9Q?QD+#LedGauoa~xDOn;} zySh@{NQfrkGY@w-px5yNLuoSBDKrBkQc9+!8H?W-NTxN8Blg*P7@_Im^*I^@fc6cD zl&E#Ri&}xc?P3%;~M#7 zzadxTabc$gyL;vjtm`x7QLq+Pxa2qlmSJkDu*s5E&TS4|nm)Z%2*3+X6fIUoPJaHL zEWbGoc63e@$HXb_2}xmorLo&9!r18OyVGuY4VF?uFQtTZtd`cWN$q=$_^s)hLaw#ecgIL^D3h--9d_%J(ob_rpt98AfYGk(DN-RySj2GePT3|XcGU;YEUOZ&$darnn5ua1kt7#F=|r`;nMg*nhoh9grDp_idGJ);|!1po!}q^ z2uGWp3Wdkf38X1ehNxlz#3ECw)Et6@<3-2zIM?bH0j7K4({QjfZno66{xBrlAV~#9V1C zFYORnY?Fo7(-4U4O%OfOTiI>gIg-4%B=od%xqOzXCxR9$Pta6)q~c+Ln`MYdtVPll zU!T~N)f+9Qrfm#H;IQ@a(v?MD`4wAf1z2@H0zciUFdL>$6E*b~ud{buF2|M{g#6xz z63>$DphA(w$t28HX^V}w_n+8th~^g=Z|HDD;Ptvb*pQ`5<2`4DL@aY0a$o{nbrh1l zW0LyGrLK&riCFTl&4-ED2&PuP0x++y6lEcxv=`^h8Qn-;CY#%+~xYQET+j% zbPsv`gAq-IJCeO{rG^(@@8Y@UMa6x}t0)=~zH#X7_^MrcxqA$j1j1YjyD=0?iuREDOYGZyTkqlbg* zMbU^#Pn}Dug|T5^C8=psMDsl7k}Z~YIX{la&5!3N}T&(L95OnX9Y{Auf#b z+jWoByTj!LwifOaDW;fzY@-dF2c+-h`SVIi>v&~5P8zA-Xf-=`(Nm%yot`nakz(6W zAMGjgLhxnqO)$$7dfCMp)RP~RtyO-HwH}=&ZLH(#P$@YXS6msNaVAfXG%c{HK1dp& zOw0K%muDl4XQ-coL2;(Jnh;ZZxH~^Cd`+k*Sm&^q7i5tUPF?LamC{M$E0M0+^loF3 z{qiCP6uxZ~@w&^pTMlfPB%la_p%aK=ggWat-kHMx)C6>VpaM2|54LdJKitu4v=}Ij ztHM`POy+u;67&tefScdH9IIfdOx@>hX}TbhuqjNj+ZLbcu03}X;gs96&KCxdOt@K#!~iy3sSu@~DvipMn-p z=u&hD0l}KaTUrh8#+bNLdDX&_o5CeTk~i0%wvX^PFteg=aJAvcaJ?>U5{9WZ;C5+< ztSrhxbx;rqb~T>1(dBR*lnNx=x^hfKNUW@h981D8hn_bW2loiz45@Y#~N5T2cLM)3T-5?Qfqs!&j_y)l1I$|!i7 zV)uhiNLirVN=I9u6N>MlFhK85nbNrm;Jlia8!gjS#qnYvY1;akd=%cYoR3cQ`=zf^ zwyw8yoEa?o8$gFagPVKBYLfDEr0EhekNe$%1xDo;0JLrWS57;jkX zkpj2Jm-!_3(khg>&h}Vop9byciAGOXGBWUOkceTx8S;ADBf!kyQ#JKKG7jqGGG67-ZbE;tU zt*SC^>5$iK+3r$|eLMGHahq()IGPIMD> zwP;ZV1OfMO(8g{2Ul=715n;4++oH~tPPg>!9!|>AJ9uP=gArpyyBzUZI>;W5l70)# zn2g_^#G;yfM6Q@ZD>|s`r)27vn|cl6K=Zk`mxKzspU+3f?qLQ|GDxtZ-}^D7#hIWu{zt z?$t7*FE$uIc*@mZQce$zYh@1d;!*}}X72gJh`v^Q!w$YV*au84nxPjm1P)i0dfWnbxDUqa05{|o^w@9T` z1x=$8m86@NCynds+B=MwQ9qa1)J2}zKT#lsdD07t?y|bkp`GH2^)9?)U?BHgRH`#UnepLeJWLOgR##v zM4Uk+0p(*1;O5n0;$Rjx+(BZ8zKSrWe7YWD{`+PsVbR$~X03$x^==G0uEG-9lQ&=8 z1&{$>*$83cbOpB5qv_*j&M{WxGA5F9f~asaEIa)Af@DeMc$~n z^&mI^hds?#59du{AY|RB?k17!I|0yO%B(>QGx5P9^kHga? zS}N_Q#L!-{ofQtQA|PS8vI0+<2~~xZ*$ATEzbTwkP|jT9bR_rj`CKNNMwaz56_IR_ zfKFu4L+{Y*GG^B9L|Inn8PO=;QJNxLNl@+US`fjndibQ0pRo-G{QVf|1aje)1s=RB zp*p{}7Fe{u4$-h9nCwL^szajo@&^>jKitUs47sqBnmDE%^^^&Pj)b zfXsAkWtj%rBUfR(Jd%*I?CNOQr&$K&_PtfFw0JRB2%CvSE9k zw<3!1To}U=j&j-c__Zd-bCA>qx#4&EWSLaF{|kBGh>q5BTgOqwWBnC!wFe|}!%ba| z08M8aaEh(r3Fa}kd1!p;LlMN1e=U|qm8(!Dk`w507JSo_ume%iOn8q*Wv>HfM0;N8 zYkCS!<_gHwo99v;Ht6=(5_2g^L7>+#1u19+5ecOnYVW>^P??5F$8ea03nt_5-r7$3 zBuNE_X=EOzMNGZvPH8v#$f&5Qn-rd%YK!5EyG=Y|k-&YF>RlZ2YxO7x*mspn18VD$ zILHdAtT=AYyNDgDg_k(P1Sn=pn)O2C5mtN&eU6{^KGU%I3sf@j5qFxZ-6sFAq0+J9nAhO zEE!;BftrNWhBODs0j+Y$ZgrL?r3Y>U#R{K*j zWSg`cnzw%d(cINq!yt8!Zdu-*-aq4q2^d?Oe$d=FiQL5*w*fxrVQ&SSUC${Pv;|^o zKpN)AcUUwsqqA(8fbC|Jjg&D*>zUbBPkVxmg$AX-L&wjfUiMJsvb@Pp?h#Qu)L%z9 zPfi88-1g737dp#&--+vjBw+%e6sL&K{XL~tex3+OfXrz|(_`=-XO3Is&r19{QxqXPbX807~kLfi?SgzV6#x@l{PVH~U2sa2|4DbR;=5i+)9NL)di9G=YfL>q)W zwl|m^(W-(K%CtvBv$CiX!=&&1!J6DWPm3}J1rP=(Iw&^zWK#)hS?h#@rI~oVFs~iP z%{va>8P0Y%2LyBGB&Mh=(Fl+tJqjw>il};Xe;hQbOh0OMx=>!KgagpFP6|5dGg~Jiu z(Gi^CLGCC!<5Vu&FVTrprt#H$0H4*^M*lUX59txzuJT@6#13ys%mAxYLt_oNVOG@zAc`Znvb zIxk=*>lbN=Sb)>ud89<*x=Ly|AgyBw(-5AB6=kETpL8mD6FKEmiMlALH3r9@zOJ zVhCHIWVyw*Cc3GkAW&|O%d6NbMSrgNW4F7GdobrW7F0#(^&Y>N#*AZP5`~d5CFMKiU9qcHZJp3^!9sOzo3^ zY5fasN&vX7$-z8-46H;R)tFJx3GEgJvmKhkU7ZQwdch^%CXkNN2g7(JteDw0GqJDL zY@^4sV=afJx4HtS)76gfmm5xQaF<@9TxAB)4pJ3_C)8?MEWpG}lDN@wf~nqJ!IXfp z5grGW90}gFV;M^16?wGQ+~gr%g6FnP>T%LtN85F~BbB{W#}?R_=|Mq>5_;h)=)rsT zH_sh@>=q)l^|#Ww9M+WcTHp*+O1Ft#i2{IFL zCWFXO{;gS66H+oAfU2WAg>mbUqJbRel(?dLKp=*a8(@!(>!CmoFjDl?N{k1bfm(Zl z(aV`myl8DCym7rQ^g1evL|gsCdxf>&N~Vd2kXQ2g8IGg}%>%mIIIw2A)8=6n^f{ej z?z$$L`zLQaUi@kohL7VC$rcnfxw+GwP__(U8ZUW!(yszkOV)ZrUW;>sK)>81y$ogc z(0-0MY4?l~%g;bjo~i^pzpGgJcm@cb)IJRzlY+NF(KaUm!700TTogr`enl><>vwc; zl}D`}D5ecZ>cVgmV(Lv}f>|+~_k&05pfCC$6Pgu{GdW!Iwg*{UOQj*COQIl9U z@=K^9D3lxG(8VC=E@WK@G}Z!RoK(;GFWt`KOH`BY-MlbKC{DMfx^;^ieNVD@K+7n0 zX3e^Oti7>OTNB!fw$Lur1B8skvER37(eM?w#I$VbL8e%TUnpYSZv>y7c3*m&I$J-u z*=Hun&PDGM2Qm2Yh<-Fe)sE<^2bF?Q);tOh5Y?)khlbjTCU%I@r3i9eHI;?MNbT~( zK(SSK;4o%Bh=jsrSgdVIRtI-Q1ROAOf8>92C|pLavJ%P!^}9#|pD4|+8gg&oF_Iec ze4&;_AJDx+*`)Dnxwk~(~09zrfO(= zDsB+t`K`Kfw?cZqStc@5!B{bnVoH~!aBN;wGA7WGK$8z?z{PGPK(|*uFtl$a@YfuQ zF(gMqgpnX7rrG$`B^$;Hnat2gH0ZH-%G0u?=NMPY`gw&%nJm8Lk*A&BOsH=Z&u zXOgESZ-&nf*$`fOhFS!@dWKf!1)SZPT+5=8a^WVsK6@_fH3jZ8_|iZ0K-u4=YECknE%+#avlMwi&lD%8cUW4!W} z79U1P9l_n#wD&}d52xC2%SqJHTxwg%dBG3JXoA1{td5}ENgSCziqzQ4nWeO zC7N^c#+Senv73S;cruSd0zn7BZ^m~t&(Y70lNyXHiZ-bt_RGz)&pi9Avtoh*2aIPF z!xTs=xhHmXss77+Mwx^x2{BE{bB$s7_>6_#&&NGAvkN7Gk@V^&FIFHOP~R;i9%)kq zlZ23rnvrYM`iD@s^qA)3o^aM#BmgcminXb!8(?DGIoKTHmaSb4G~ik5v!%xDZ6 zYGhm-#TiIoK3x9VUh&~tOqP# z&|d*-)3(#3OgdF~sGB?_=B6;voJ}Lw&`kzn+t=Gm!hX0Hp=<`$FrOS@tOs}op@-+O z^k6eQB9F)>AWpYJH?89+0ycuRr>Jny&9<&*LSzf5P!aNn$ueEb#7$2r4~im6S_Pqy zQE*XEh0CgEa!|CM(_p2avzJT_8IqIZ>NAG71kC}e_O^&s1#TfdNLNHa?l(zy;K^rX z`8Pv5{rsR!ILgUri|}?(u~A;HUzX}~AI9pN63$IIG7YAnEUmz{Tr0oAL~V*mNbHkUv#V~ z?5JlMLSd5fT++$p+d&kL+i{>9l84WgfK+&g1Uz0*Vw=4Q1!S@TgmSZz2|#&?=ln(J zpxQ1Mk2158V3fn^F`%i?hrJ92u&aXJq59{g$(54I11F%J!+K;o4!38QaZ=b^w5PpU?lN+Wr}cL_~X zuaW+ej@Os_Ra-mZ3=L0qiF`QH-p8p)$G(u%AJ)strTEib!vX^WQe2h@$0YIfY%RS- z(ZFS`o|b5*Q?6NddfgL>Br{!2N79V@vFxxfkWyx?fm` zD2Fx=%azmr)7zE6S6N*9Gk3o?+r1%#9U>$UmXNS-5wZb60CAw!c)_ilyp4uM7+p8*B+2`l z3T~@_WHT!(W&J?*i@o}eNv~b16^6(ZtfYQH1!rmL$_l-`jJ$Icx)8Xl;=Xeg)#r(Mlc zO#U7ad!X1sMR7&n#IvFx!d3JQamS#jAYTv$Waee zFov`A4~`+WdT6j#qM9gK^YMB#oGMrE1e3u9 z@PgDT*qSG^w*L-X_#jbzPDbg1*OO5K%do0HS%TE1q#re}@06EPu{E#n#z_8tm4&UDXDEB_j-@F;@Nsm^sX3o2pJV)k1 zNP0uqTRh}St92!%q2|RkG{NZ=L+f2emY#oeK^hPAd0na%2W)jiuTMLnh0F-o4qq{o zMQ`0H(`yz8u6v%cKxfN3zKmZc^q7sLgEb>O2!!6TfG1HF&@C~hVtn1TM9H6KhJ3EU z&85&|lNmR*&-kJx=7Zn+nSIEw1oO7Eoz|fTn?e}_$s4Dp@Q<3E|y?~d*~Fj_9MiKCk`@YvmaDHx1|-G zGWPyNgjnO6KLUdm8#4s`!D$)6f%DjA(?>Mt=)FOi-0+nin6sRRo0HI^a^ryQ1&F%7 z^-JzZ)GZ03-2}}FFE*4ry#+^f(P6BaIF^|}zKUHBhlNtGV6znLaw%98 zGYYf_75ifp;V;==+MrTGrhGf80mTiYkK)D7eO55NChNNHsR!$w*FjzxXTJMS~odw z$V}mVQ(RJ@?`q4!hP8-(gRmirCuYOt!UkjpEGWUR6u)w~J4X7{Sr@N%`cxJsZCp02 z7N_ie>I_qFp8?HWBM#ixp5(YMbKKWD?i(C;jzWviP88TXc-yJP$2-rn0Yj|`7|-%H zG^#s~XVFWWN@fODGDk7nyzU@Se;?SJUGahs_P6z{Med4hY-_=tVrKbXuXJYuR;MG+p-Ks*4I0t#Db`en@P82$sC?FI-;>St7triI6gq2k9orfW+4_I_M(InhfT8-ZfOZ^#O07I*lo`>?eu#n@s2Bsxb@^&>Z8_2Izw~wYAx+#Pnrv zX5@j^AIsf58cT<*_ts_Cl(*ENHqn}e#e11AB1bIo%;LSmVl78CU~vO}To8^iwY9@x zv1TmOxGet1iF` zdD0wa&ag<@s~6B)^L0*KS85o58AT$i<)G z?ij&dkMV)9G~u#M9FM@|b}XWzc7nSz z+vJYAQ|0h+wswoBce_R2a`D6r+~UYv6SA-j(vZE~>I9|NZt3rBkLWGZ}i zM)^x@dPT%*z)e;$Mh8oH}!R~?S521i=)ThCN!V?=7ZBT_7o+PEV1kJZ5a;5j#D z`!Q_b?C_iuS7vGDBUB7bDrH3lx|PU0?*w>ac&A|Hf-4a?? zNdm{hG9O=W-KvMeJTukxkoT9tLSC=YSF>XRBYNm&VIEh7t!>$yg^L#=^_zr?EFsLr ztqvDa;$3H<)T`m{7}Fo_0Hr5aES1`PdM<85EZgCEn{bhb16s+Dw=(2PdLBOUy+o*S z`dc;Wr6+rEloymBPkfZnoUUQ-`rCiZ1YEYnohok0#0W#5BuC>06(~uyZ$R1tr&ejK z3h=}{dEDVi2U5EU<(|E<+UZCZ%cVA-o+nR$>l5Jl3AF8Ie$C5Gys*I4g&Sq)j6l#> z3(Klj`%bTGdBjB!yqnL<*z8?e^9mk_dA%yeN|t4!roe5wdm$RODkV>LR7cHF8g-myui)dSSn)Pn-s#mhGd<5JKmJpXC_J8ObGsqu6H#>DzWx@RiP?m0CDb-NK{ss;`Zc3XfW}LIbQx`$ zv#tqP-=S^&^46f%Uc+or&d_ITy}7+86do1giFtI2@JJ6)_aOCqQD`5--7!Wi_JGn8 z2No)A+&ZRtn|&Of>kJ4AvknMOMd_3y&{Lx&P1s52nH{U;Vgkp9XR(E#^&4cd2TMp? ztsG5QquOKG%NaAqeVB%c3In^#hhK?a}gex&xSqz0f9!<{j7$RSL{|OoQ(nb7J*Svl58~G3X6p%@X>dk`|vtan;v3 z?T-h}>FqYBa~}L9(vX{&^WZyhcZ`v!+Z~BwdDQ09=kyN5@IE}>fpN85oC1Nsuv%s# zJl(*KBk$<&)meOvFE+Dz_#&egtLCkj0a*~ebr{~YN_$}zK~lZ8+}k08E4T3c1rqkl z9OlpeaQNw+^ek-K$9WY2DaHe{ZJ)!oKO;lG!|wy8N*m3#9aRq7SiH3P^lZBiF&u^G z`=TXvZK4_E_0+l#=M6%=hk>U}e8!NQX71j3HisSzwWjkToavIRvmEgnyVleJcTtbg zaibACR`o#E?=uw*yggA-V_*huLp|GqkAGxg9}ieG`v%~F**780zK24{*vDvPn8-0w zzpC4q>t6k0nbqdgv#$a%u&)Yqd`A5Q!Up+~MPToEhe(Y*8sf{!6=n}@A~i}Dbn_{X zmv?t}^AAyQ|K%8Df&#lFv*P-8x?jS(IzyT1mVgy|;RFvHW&r=#3=%smyLbFJ-K1h1 zo;8IK7)y5P_&GBkk4QHL!M#){A$ob?Sk&|%FqM-RUs}BoY+g+MJ$KHFFhe^a)5qk6 z3!cd2MW~rd+z?e}&Y4>IsKX{fQM6*&r~^J~rec#Q$xa>gQ8N{r-2K_9Lq2MzVpC9+ zojUBJW-2zRgW0JgK5C|7Q&f|kI_jflDmKO6$xa>fQ8N{rLCdmJ$9>dH#b(Hn?9>S# zHB+$}zB)T~j*ptD*p$4Vof@MtE%PELOvPr@rtH*tK5C|7Q+6~vb-s_9so0e7%uZe4 zqh=~L<73&WlRj#uVw0_AvwWvKYCQjoHJhVpSh;Em{*?2xW0D2SuulV@(ZR0uptzgaqN3j-mfQm_D1@;^fvq@WHH zp+yA&HDfu~QiwtpiwhRQwJfX&ftH2B7K<5wA;C_g2t_QGBiIyEQWc0Js?!46*_<*8 zQbhb+gT_1-LOgg2Vff6cWGQALsHQl@P5xqOO#Ds4dm@B12w!p~%m_sV3sMf{SS(Ml zD8&RTrCiF@7~;#9_@+@@FhzNkXZ;n3zc?ifmQVTCUsC)fD92z0RA4ckhaAckEKEsC z@+1~-Av{a|D338!4OvcEEM>5K6J{Y5+O+8W#>!|UjXb6t^avtIqiB@)0}c3>LWv+ulmM4QDV18xmIGpD zos}{wb1;87jHb~BD+P5SN|(cwQ3{QrF%~OA-I8>Q=8!_mSMFe@9B2sQQ#6*wI+!U3 z8YIsg`OT>;wl>R7Z6NtKqtczQhYtQ9adLtO&I+UA79ncY}kK`uxqO`3_d* z!xqp22OI6f7Scio8{@+osnKBbkdkurYw2_@qD2li)`y)$CmF03^?jT#%*C|WVnsCG z$zK^YQIk^+6S$11zbS_$v_$-Y2JKLV<1Y%WrKJ`tqKOU`q?74n2dhN?o6f^BT4u1N zNM{vV*EF`AmRqcdCZSfRu@$t!!6y4;cO|WKuqi&QnVKDJst;R5s~l{a4?BfUG1wBc zv$N4dq|d{Fs-9?7RyBqPq#}73R3G0whnwQMK7K%_jYP`ureQZ9-Zf4qq+AmV<|=F z)AYi8$Q5V| zhLNJdHqoXG3?oH@T}T&ZU>GSHY%^`nz%Y6-*cRH7fuTn=SSNL6U})tHww1PKU}$*^ zwvD!BV5kiSyNE8zz)AvGP=xS-0B8sxWz7~%Pm$R*a(a5q@5X9iN!uo zpU=Qfu-FxJMFuv~Vqc&yWMHE#b|qbzft6b9D!M8ID>GOQT}@Y8o@x0UP2i~T?2Gh8 z@dp|spJQy8yJ%MiR&KFt=$Z^{ti^WI?hI_4#jd4mGqCXnTS|LqkDYUQ^RXe4&K$aq zuCv%gGap0gA`bz&p04M4D*Cn%RSGr%$n}!H8)&bYr(U1N#NQa`GTp!!+5n7PbeJYB z5xS9X6l@Q$kPrI_-9$IpIi;Q(RuH5KA^n(crkf=#H*qT`{w4ys8Q2oKg>Ervx!J*> z>=QhNZlznrALjV!`7~TfT}!voZN}fN4z`!40rVyMlF7rZ8F?6m&5+wA%v^*SmbCCp z`*x%yNq5j4Cd}K@nB*ak?xZ`}AKoJ9jd)%>70;|mAEvwLF5~acG$#H6bT{2CX^Db% zlIKsb0=kFpG1#pJ!&-u1ak`i873@0XcZ&Gqb%q-e-zfSreOa(Q!2IP9$F9XbJJ+5n zb#oHeT=m&ZYMvqJ0A46VeN#40Wd<_^YLqBQadpwPazj;ufe8S50Wbs#t zG5?q0Z#X?hUzfD(fh_yWVJ`GWo|5>U08%afrX$41;co<1%$_#!J>_7m)l^4M(gBQ( zGv(|_U<2vvI0vK4=zznQ{lE(8DV&!9hPlXrG+$6U1bKa$o)Ihs%wI-Ta5*UHOdy?l zEocVPc>w;35ZkjRod+H4X<#{s?OT%f6dg>5368KVJwwk4mOMs26{w#VEQ%*xejML3 z;_q2{L9ji*EI&~bxQxC<4+?f2k?Pi(*T1DKxJS+a5r${vpYEZi!v~J+ zp)+2sEH9vMyjnRnmkz!4Yl@a;DT(n#2YsOm=tUVDqKdoyt4M|9IK zMpplflJAUs^K~kG_rQO?N0E1*|IO?4@Ox!5e@bodJ@n37wCBBV{Pb&MKlI>e=3JvOk-hVUJH95jZZ2yoGM{gQ3>pmsS)-vT9j0QdKwOU6^%%$@KKtO zRFPb&NUC@hO@}>+X270IGht7mS;=5wJ*`Owhnz&Gz+OzJCd2V^nw$(L7ShCI9H|{8EAb+RjT7tKz-6`DtLl5fQu>BQuRNY6mnL#ZtJp{k>)$q(bDGzIn)nwI?&FbdlEIno=mG!;le69Jrzd!PfJBHcdCaykrt;CSmCIFJ&I~mi9jix z1-p#SP8EZn=fN(f^I;FC^{_`!dup7@r;gNav~m}u{u*ec*3>76aXIW+)B<}potye3 zJc&LBdj_2YdnT=h-9XDye?w~57KQ?2=;X4SN=8#&eQs4LJp#L&Zdf$7Y7*VwG<)B2 zimpA_wvH}Y|MagfpnmJ0{o&7WCZv92E2YkR?58ahyztrfPRiN*)!%ebqVwsWzDieb zJ@g-M(Y}ixd3Pg)FaG9_U!kH)>p&m6^x-#tf|(74enuxs-7P{Z5vXsh<)bx+%pM17 zzhI~a*plRyn_D@twR^6{*$v~A?vEIaYd5W&&(ApVk;rtD13nUl-aTd!pwL%klor;R~PE(C1>1^F%t1k(!nQ(1Bv59&bkt{+Z6I zV*$ea9Q#|2U#2gEThO?19PGw^l|#px0^G{;Y1V=A3=1YtyICHvUv^Wbd^sO{PF9EK z?e-9Ajt(yn*ZE*N-g(k#)^vWqN>;czeQYG&L|j(HnT`$54ZQGJHpbz{;W1x4O_<5X z4f(~`M|Klo8^2C|hr^BYtKxAg#j_X32;(+Da9A({*v;|FJYd6V7=xeZm)+rJc{LjE zY}_<^ZdmNGbe#4Q{DQe@H%o_nj0L9a5usi3hljL5h7hljU7Z$|HPo3xo>O^#jocf$ z2;AWdbfSM~(}Hm$yCE(7*UOuJ_Tu1t+qz)V?2Ff_TT?h14$t9>t_#=)Gil-QFkOE|z|#RyQW$Eqae z3lUX>S`SsVfs##aaDG((ndCtiilYweOps0408hr zl4oQ?B^@^_8=MeBXL;bb8QI`6vUEl^d~QZId~QZId~S|xFsCKWmIqo6#Le=+iP!SL zakH`^9P!G-$oNs_6KZRkF9Gl%q)fS4zWi0(#IxZ`06dL?PC~VO(QZ;6hA%8@Ovh26 z0W!RI+zelQbcQcJHw?KjUxvIyP=rz-63u+;CJhI>**LlpuSD$d#kyI(NL|o8aQKY+ zq1`N>9lluE(D@bq*}OS!HgArb&70$9%Urt&uWXtfnY4L3DzfIU=T4a;(+ij{C?l3h z?zPc)u#0ueXE&R-a(ct11Ei9>Xbap79US&jjd0fA>tU^FL^r58IBst-bAlbF80-ke zVMi$eJ4QLMg>`wlK*mN)ymVTt~x_+k-dI5Y&0B^(Bu4r_fO3IgFXzQN$R99mjn0DEhoe@@OCr z^UaSDZz%b3Fo#ky%WHrgrID~>GVjCq4bKTGgPlX8Vdv5q*ab8Wc9O=Y0tja^?0lL6 zyMU&`PSUhgAecupVdvAV6ptI~UQ@+uf3{LAJK zjkI9d{3#Qr8K+5ruzYDr9{>?pFsA4DvSG{%#LW(4SkeijMGh+^bBaN0F?Qq~ zPOKGBV8yB?p7|f~+AYO$+3Utg2c`hM9+g)b0rd&TRnw~xO1{qO)hKM>5|^UU>MeFU zgcVEvYr1iM{0xo61^qW&UWa-=E~PM6vrS^@XP6aVP=<$f+OfuBF&njY`j;OhE`;ls z`P@LTx8hQi&X7rcZtulaqW+5`Ib>vm2LPYFG3AvJS8s68wug{I4DYn*WjSP-=SE*l zZ^wmx3IBW9=<*80luRr8B3}}h8GBJAdkx3yP{!$Z9W zPJ~fN?-(a8Z%ircFuf6*6PH=TRVBR<4~OZ*B{N*~E)9JUmuaNb`aX!ujH}h2K8QBF`+;t66O zw7ro&Y2|}$RoYvzIdOTB^}+ZM>$BSQ!T3=1VH?Hr zA*Of7hb)D%MpR?h9C~eTu4t}aOObqy=hZfy#n09jIkfregSZr}b@GJ>BWBN~7xIO; zbf`6bQC^qXxCpu=!(xG6lMP6MmBZeS3m1;4KXA?tQTK;f=j|mUa){Bjx2D(YaUCOv zy}0&e%gbY4FUmYxUDeG^#UYLi{a5d-!O|?=8>F4;a*pPZtzURi^lvngT|XP_d;AqwdyHffzLQ!5?2rT`fTGuraB0E*@)5Z^c;$*qcrtUvHC4dd6{=9!!MVs zUsLGtNcDTld4=u7E2F{n8LvzVyh(Fj`Ffxkx<_n8%D|@z_?k#HSjmmk`S4qz%Sd+l zM~k-dm|zvhDLTvLqO&|!be6{jSu1&bh|%0I_uu)E0Q9=2ixzW%XfY=v>w|CO1UTz5 zr$m>zFv7n2i7sWe!mZbeThR0(6-}G!nYZAsPi;<`9)ampMdb2~J^NZU72ivE22cw`p1p@7@Gz z>d?MN>jH@anozeM+t*c%BND@Da^pR*5!hWOb(^_2gm>%$O^a78Lpab}0q^)c4ey!7 zz%|@8f&H;O$Taq}v3pjC{WabvD`uT!Xmt&S?$%KBC&Qu7RRW#DkC;M zH*Xw`hxS+nN}-af5btDYc}<1J)pY1p&4kX?Y-mxEZ-w(zIJI*VPA1%f(-61e)XeQTXLKjd4Bd_MKlkD! z$v&LGxgV!u9>5ug=Wu4`A)J4C0jCM}<2=jPaQ@^GoT_*nXGWgH`H!b?mg4}(F{a@w;(HD&n(xuz%Kp~2?b#?3k-Dw;JX2>j z%yY{LH@A0o948_W=EhgH>5nr)`g<^W;pHWxOKN*SwR66lcsMQz707vrK~{rK6U!gxJ@qy!)H?3qRVB1>_d`0>lDC|ZxNTy9CV8^4fxE;3h!S2tdx(%R&G7F z^Y~Tl30uEW~59Itqsm@LW6|&f}7F@&IzF}i_iofq#Oo3=UzL|&5;Qf8# z>=aAtSDXwaX8zK~x{js%ZvIkTUF`~fm%q?RUsAhbG2VwSS+RJf-4srmT^K&I8(4C3 z-ASh|scQxmkCbSBb6peuoF+G;sme8S-K}wQr zIqVgSlkVWC=k`t(a+wgtPtN^FhRKm~J+zP_`wtyhQJqKfInJ%zF0>TK#Ql7}?h zi|36f@^Yhw>6;^3$+-HO9Younv(XS^x#&ikh~6A|mFoKj_6#D&XPM%iKGE7u zRHqw*b_0@tR{WT1V)0G4LZgLbn z-9#Oc&2$jd6E#%mdG{$SEYilvFK*iz{55yz_fzT~e@?X@|Au<6eMIGhL6-j2U9Imgt9*6;rg&E0uJYAirSFII{XGib zI9K1FSMbJH)xD`!-@6pP>BDMVP0y2T2zpma}npHnqQu_TxRlen4 z)cc&J>OS`x1)qDndT(2z?(#E(=amBCpjJmHWtNYp!gv&Dw*R9j{L4{v` zmAXUAcqXMr(I@CYbdE!8S6leG*&&|Dcd_Nc9QQsv-@|$Y_y_R(cnEi5Y*QN?f*o@j zEcgNozTATEu;4u*9C`vfhqgW_x?Pwe zU$CCP7UqfF7}gmZvf#Ic`JsoV&e;2`{7+i&f3)B~4&l&UMJx0H`fKW`d25)z=A;Gx zv<3fy1wU=UzZ=5inGhbo&4T+De8Pf1Y{B1c!Josk<~8hz>1X^0R{kG_@Y*;<;RreO zA)?w^3%(4`5%BaQfUmOP*N64g-eSQY(QwcQcFVL|_mMDv-6t&gpFtKK$lgcc7Jkcu zzl>+yf7m%yPdyQAouPkyz($v<3e#p0&Qf=9)1!{VASxpPT;5g8!3M z&%cK7#F4O{i9o+FcGz!2E7)*Te}d_z>rcEtgg5UD>u>I};3W$l$UN%Dd|>LwoM7s2 z5g!da1ut3xSweoy7lx;pGs65AhxNDYu;4G^Sy6ydKmU0gs+So~x`pSv+gm zm>1X|jB(zdg?*TJ+RFcLT7REFo;O1H{B2?W`IlMn0~Y*H*w*~RR-S7u_;n$C!AMwk z!MFuKg=Z}%@EOc_7g&5*V9C$I8^U@P4u|;{{)+|wNeI8-`yu>-e+=P^pgRHm7X|Yv zXtn6+F#n>Dg!vcW9KsjFwgh}x%ze`|U;NV$zGPFFf5|orewPJ*YY1Od(XaS6Oy-)$7Qw=>wll)dPQN z^)GaO_(kn-Ib^(mx1X}$e-^^mJb-6z7jxyBz}_PN+SOrxtdmSV@B>Y|@C6kd<68Tc zP^Z>D6T(xGu>YwR3vTf-wb6pV&C3612#3FE^aVbrX}4o{n7`wI1%J$fTm9+y3k}EI zw{9@ZzwT#Y{&kj3SReQd;QRW(H^X?>2fhu%OJP0h|7Tdw`oM=l{?7R!ymLvIzjK`h zx9lE0179Q#nsOY6llz^QRBVagaAECNW+PCY66w`f-j^2Yc@;~uCdN-baf&yF5{ngxZ!IVb~@_23&dCvJf(TB*HPh zuR=lxB1@6)I-=CLR2dn`6-M0Mxojzs+Mg?z^PaoU%a41-k~=Z#72NVD z@FjP|cY7*h<8F>2p4*o$9_vV4JDM)LW#7&EQ}a#~{lduQ?)84f&2l4MsI=(0xsqG* z$2@lwEp#O~D%L+X?ib7HLdJ9bVfSF)o}Qz78KE+#-4a?ym&S|Uc+t;zrIKHCS7p87 zT)}folVd}E9{oWtGU-Amcg`Cg_A=#8w_GU}+;l##nwK$V{46&z+~xL{zgb+wB?!5yYZn}_l zi=NKWDX-Hsi)!5QN*O&2>qKu#qkbiyW#XnM(vw|@L&IpRQY?8G07ivgGO_W`FHWM{ z1<)a#Dd#eRXBwsXpF8YLxW!7|D{*&&N{9V?-k;Dtk}RO$P~ID>%9Z#1W3G>$4g1Be z#D0ImD`wIq&plr1a*vKf4EQbKiln&1=}a!4E9cPA#Hf#4h4dJnxf8qh?{|B5A0CjG z6qtl@U}QsHhdY+e6n#`T2uVU)!x#^jO+ywY3uPG(au-VFVkJ{9b-D$=%*f$N0Ymi* z!YCB)^$W)#m0o_bQ!&-<4mgj&>b`S-3Vv}cop*cJuea)UQ$eL@CX-K>N**4@ys;rv z-06DdOqXKlL=KWOUs)A>J79-=K3{`UZY{?y(bjS1Q3{>!LR=!*rMamPNXq)F&N|kgzu_`z0 zu26!WO(}WoNOW~|C02QbEN~k)8fAf2X~mjgRj7=x978O1Uq;i#EQ@l{OJ_Twe`o-j zSawU}=^|?vBx{hd++!A|bgqaBN+4g}W##0KgKILpR4I+o`cS^C2Lcw;3R`qb<#gF& z)#&Jy`dM!KuMl-s0??h%uc=C*lp864I8X+6xafHUdB5E2SMYY3yQ$;SM1NoicvzYQ ztPtp();~s|4!`JSFLixjiW50CC?K>hX1m;jewnogGzq$r^&zh!V9;}nHCKR;l)SNA z#?Sk(AfOH?gG!F4^SLa@09tWJUC^q`RDeYaM%ta=0gQO%1L+g{y~0R&G&R6Dcb#Mj z+Dvu2Lq5zDgf}-li6IWB^ChpNBOyXIk^|B0I=BUx6R^(=)-RwVV7azR=v}3t$)cpP z=!s@1LZjUwZSn8~c4kf>3A0;4I4)tN{G3>efHdZZd*K?BVK;sL7HcglWB(tW? zl<`9YA42VF=n>bJ7|eU3R%umIo2Aeyz2Htj33A!Ox7n&6XQJdVFR(>)Q<$ZSlN}hN zYFjv+9)d0j?a{lDVtR~O%0-yjFsjfps9wI*olread9c+y*KF81oGX^f?uyIYgGcx8 zhk^`(KOjpfJ;Jh6@Sui}(omk5ekI4*V7iQD#<%c(*zI?inE@O6Li5T}$w=n2hh#8cI`ytc+h*yLH zL$?ZL*l2H@s}EQRrStIa4#7Sh6JdaTk)pjJwS{rq$wvux>9b&zoO4?$jWj>gka!ajC^*}Uu?1I5&Y#S{Vc!YVQt zDkhJThpC1i6!(RLu0M1e1V~vs7#m-y++Js3zU^adZT1@F&?qC?K+_(m}UM%6IloK*BQ0#;JZAL1G7i4UWvPOw_E;hEp6Y za39`12CsMt`QbSU{uDD2NajOa;CgI}wnb{BhP1IK5)Eu||O9!}Qr9?xJ@h<8jZR z8JMC<<1EMg;*XbeW4Swc3B*cO#xT-F^cCHoLRrIM+fENbE{?&E%B7O1>%+J=wJcHe1++$0)dd$EUH-3U#`UB zXYp3eI9fP(&C`|W%at&_O)|CmSb<$Ldt6z;tf8g@#@d32Sr6jP%OA*xnvpSXmiWLr z!THzrQO#%CmgwFp^T8_|NFb(G%++cMcO1?-78}9|pS@ODp5(weMNF@7JcmWMcxRlK zJ*5%`!3*kv-b07?bi1-#AN1Y*{z#%9K7BC@enJSLvsiIJJg|=S*dGl{iZV_GkqCHp z7|8Uk$oZDAB}{Xw{a^*cCAl4z(XsS~z{F)SnSqcHF=Z{3iGWEgVZFr;g-oHHNmpc4l~OfB4Onaoyl#=zLI-yT%e1Uwv4^$7APNWb zRtl;f4hO3EPF@m#flPxA{mkZDW+rAXk1#C3wM%C(?eo;E1_u4l=b`1msL+IrTG=kE zBiExko>Ihh*CH!Lv3e8@DtRvk!-6b97op&gLT=CyUi1rIK)N*A?VjGCh|xJ#DSIbg zRAQ-H6hi8bu=2w-@O#Jj6DeA8iD$8TquwvgvheIjt2!m8*P=*O%90}UsX7#TwHBi zKs8Z5P(?;Ay)*+y zo7#vlfLchiBoCGRJVZ~ta#Wfza zuxwc5PnLM#I;5teN6OMOO%RdeaG@fLHYUmipHfcI0_y?4n1i|~jX?c*2yaQcA{>LE z!i;6DfjCVpNyi#QhljS5rQT`Zu2#1L!KhP~Si|L20i>FBa6alC`6h2h1I_dS1$q~F`+IoXE@L#1yV&XkBR>{LZ{qgR+uig zPyA(ICe`W~B?1S)-N35G?iSW@g%S2#c+x*~c(DJ_!GUh~00&QcM}35i)xy_CPdlRr z^S1Pf1%>A^#I6t=mp}#h$C8p8sRRK)xQ8ISkX%_`tzlYKIT$MweO1#K!^|!Ldz^>^ z$ckBl#~ufh1c(Xwi##ES`N$PRLa+pgzbpJwz0PG=l0q+dib)$};g_Y5Zjg5xV1D32 z3N&27@In_d0MA5=D{KK6BTflM0(lt{F-k*gedVviM}!#y``MvnzXm=d=2i|CD=HaF zk8lV!7DTCz6%bXM7|o#})ddJVd)p$=SOJ7v1eibB_mJ?Qna+b96Di9AhrZ$eQU$U6 z;d})yq>348|7hx{S-Zk92X-ycH(ltQgy6lM;R;-Qc5`HyVrs<-Yexi<4svk}OmWt3 z(O5883lp;#^-gFfij6PxY&@6M(!eULIL3Vs)RxgoCj-ckCq4lDYUS=Jx}Z7ktR|(b zN2i%D)NY63nLQ;!4Zu=%Nm2+^vS;dgUGNHpWhF#aAY4^5H=+vM`z$Z;HR;QUvW2!O zaQa2sf`}6j4C^m%gFn0>3q8lkL=d(3u$XZc=p1`HGTE~3V1(clV+ycc9O+V#dq~>*)KgVJFrK=(TUD!~Y(+0x zt;Q6M3O>XYzQlh*CZ4J>N|l$#I#glj1@>VWexafhPhpx?T4B+74+F&PhlMessK#hP zOWDn4Ynta>DpoL|En9KkXEQ1bkzs@uWEbv137bNQ4ishQL3JqHZ@`?Oyh)UqLKqMQ zGo)xdSf;0LDGy0a3~-P9FvEa|>;f6!u zuq;S|-8J+bOG63FmvUGZD!VRLgcl`&Qv`P^UE+wp?u%^Tjv|_^To|SrXO~@A(L)R@ z=&neING0}MGT0Fmqi&W`Sznf&aB`Io#H_$l4OSBy!MtgMKxS9Mtde*iC!Cg4U9fmM zbO)zMc!=62c#BZEeXzr5R>#y*Oc0LHB03KRhKBaZYQGQL-6j1T6vQaN3AKC0D^3Y~ z!OO(zXai3NtnFp2Bn)LCna4a2J{AW+SZ`&A4&;$-LA48jI$=ddT;4U6xCGWL{i^@L z(i=jCEkvyE;75<;5T6V*kwrhN_T|+oh}DSqsCX|GOC&WVBSxQ}Eaku)Bj;k1S=wMG z3fMHyWpeEG@Gi8w4-QO@cQwHzSTK=E-bT`;rMXL{BI~g2iHU7HtCdw1yy0Tw~{&NQrO_L=O+tA9zP#7!drMbvv&uv=^xqy*aZ&sDPz>nrAK=C{y} zIU}C14jpPwWEB4C5N}h%DTRj(TVXY-_a|=S*qF6Rp$q~WgFuM2hsJAsGu4XnXoY9{ zfJgS35i^#JbF+Nmt#Q~<+s6WDgPPMAgb&Z37dFr}u2d~hF+p3e30Z(C;p9A^x;ke8ngmf_nY6@} z(NS&}d+r?Tn<}sp1`B2rw#X_HD8%VX9F_gWeUM5l8$e_|>!h>C+1ew>oXdk&EGn4P zv!d13M9ap8`-f_=)5*tPc)K0U!P%>b0|jJf>FB}!>tMoI#Zx12;~*>($FL~#ih1dq z7_K`cl8fmM-bnFm)2O=zFPIH*VCviyCRDV>qY9>I7_wrez`NY~kV0DY56)-~TOldT zFz(o~;oPtfG>cGZFwlFc2w@9}U&xfkPN>>lgEcARAPYhoh?;xj8!?EDJO-!@uUrE! zOqyXrusK$v(vuvvv{_7eL2TqocAUWY5uRpYk&8ZBKsZ5UOBtlJj0cQm5{g{H4dGoR z*goAkjH6UNkezE}Rq3b3F-*3Eusz308@&@=1~D4c4vMkc7m!VROiIq6eOR5?MCI}D zAp>To3_*#4%rDk?q0~4}ftYCJj7`~x5G)PsdsTf(Qn>>l%5filygC`cZ7LxXu?prN z1ZWWFR!5rDaUHc~B5N?vq6FDQ7qw}TJreIkC+8Vr_m1al)C)n?E0O7%0Lg_J_6`dZ zPQ~KD7|0!rLcv%=)&)h|qIY`*@ikom@8Al_$I{RU{1dkc#wj?~)s@(z9Fe0qbTx<( zk0SC7{)*!4m~K}O>pDK8gRN&Mne0!4_n|+eBc;j>fPklkFGgAU4ZD&imTvhuk{Mc# zB_D5xLZJG1Sl!)&>@dT=iu+`R87o6_qRQ2H5Ivkt#o=KO495nv4c3y!2A54pz)z#! z>?!CiQTQ`K2)kRF)FEWiKU=H}pfBP1T5^ z4K`mb2h@yM#McT`XqnX_Bu7EQ-C{$Lsw$bNIh>^9!3fPQPgfaXR->|T&_2;{Zplh0 z#vYiIZg=A#BjTW$YDVZW-Ra_pntNB^Wdxmrz+jiI?57G?L8*FD$jI~AAO|S&Y^B%< z(ZOgvbZ7=MmR&{_A!3&5s9r!G@Iz>W#?zIu z4>80E5OyuHkWdcN>b-jo@WVb`leYt{V08 zW-I)r4r?ccITA$Ec`spEUVa&2TRfG6gVZxn3fAl(BHD{Aokx1+sBu{NqNY~4g<2(~V zJ;Lr ztBa~)ed<@ugHrEG!0K+51KoJy>?@HvIKz$KNH_gatUkH}r?6A1WRUX7a-6yTJo3rc z3j(;@<=2|@oIK+kH!k)2kuT%P;dAWxJOkRc&z44EzsVKIqO4b;t^HLzm>Q8gMs2b7a8i3OYn|8mYra)^YIsk1(vqV)ghT zQ`N;s<$)PRuHZ;}NLhQpIDC$4`T;XW4dBICy~8AZ5d+YB(BgUPb+w-Fja$pQ%B}{6 z#$FiCufm~_=^$7i$l`->a%MBFT?d)uWmU(8WgkS@8D2?bcuPp_7jXQ4B#$sIwkLx6 zL!D43LW&-OOKkj64~&eSjI!eW20@2hX>=Nb^RK`k6@udz0!(m+zeJ%4p2BbDw=Tpl zF{;0D~JVp#w zV!3?eWrI3j56dQJhk3aJ?}kql@{G$T2-vmZsJ%KpTQEl~v>U08XJDrp8ws#lyt6OU zKc-b2B^;^nk;Z&_Vp0}i9Ek(dG1u|W64bdYV{)~<2#x}>PlD(aA6-NT#2RM&BKDqT z?+FtM45vQYZ25-M@aZO|uJDO}slnoXQ^=<+KgSmn>hSMuKEV=fy&pLPOTcQSuKzNh z=w|TAMd6!k-2qtx+nbsgxF^R~)X`6#w8XJgr`O=`9=u{ed5nlN;zS`l+v_oVihCie zcbH&I4ATr9KkL&&=O57U(4Pp0zV#G3wGICcbFT1GHeu_}Et|jsuCD+3(4RyL+fn#Q zC8B!A!P=5g4jbf;H|#k`faCiR9hd?LD$jFaUOhkKP^bteN@9H_doT*bCxs9K=4ClM zr*=Vzbs77qV|)@tW>6Jb$l$1YwQ}F5C#Wub7=;A1;P7wKNCL$=UB;6*N(0{LlbI|@yt zW(KE;V)E&gU@Y8+?Zgk+?8Q$eho3O|t*Oe*^bH(6fLn^6t!u^)1MTZO z*pGbR;lSYa`-!gjdsPZE@n>WdOQ??=#^L8&KZ)U^N?STP2WI83LvwaP*4i+QxParn z6*Ww`>gjWUVA|o@BG)iB*1*!EXryw>Gjr65fhOUb$;WaSiJ_N*i*Qc-12t+~3$+-W8bc#B zXceKFv3{HvDul#6@WVEwFI>v&o>GgO6e@ z)VTSmwYCa(0bO9>>Z)*yXpx1hufi>+#TKri3b%xoSh&V2+)`R<;h1V+KbO%mjRO_% zK_nZuoR%Bhd`N|jbIH{>Pyruvv2iPCg~7E!DneX4mM1IE;=>%xhgGyn${`Qv*9wlH zpWp!VVKuEbIKv0D%$Bd6+AUl)AJ)(sja!Y}bHH7$^8%D}Xf3TZxHjmP^ix&{4lG~F z!f8IxVky@_9TraWftCnv9j&u)nh&&8aO-Kkg{$U6Cv|GvD)eqHBrW982HIe7iy%!l zu8X=ft{uITkLqB2E2O=Rw9(+E@?jHgI*Si;H6J$9W+{g}7?tLO;A&|LZ85l|=!wu% zm)lBPEnGDpw$V0?+d|7AY4{1d)-kp;7aH7h@Y}{+L>F1O`YPPTbg_kNsKRZh?G~=F z3U>)zV&R&qaNX3cahu5nMQvJNN|#!=B~`c`v_s>zVth+2nRn>b+}bJ}KI5oym!l^s%xhsk z`>Ef;byVT5q$@RUH}rj7Rh?JSRR-5a>#gy%(|+1-@u8D>MDsKs4$uK9hdi)D8?17* z`0U$3gKMKM3m2tBbjZSO#QYnM;V>Q6xP$2DCRo=HcQsvYaBZ|1S{>q!&=Cu_rAl@O zXu!g4t-=k`poQC3g*!?|E!>4wxNGPdjXMB4+l?6_?8~)ut%bX^3U?h{r*Vg%Mcb=z z*VFX|*G89ExFraj-EbBk<_jMp_^{uNQVw}QvkmZB&=+ukKUr`S-DGgpe2CD^bhCxq zVe!bJ-=p8txSL>EtNCyX-D2S`tK!kEbgPBiS%phe+QMC4#lImMvT(bqa2d*I+>HpE zRMR?3S&h3HW8ZD@XaRZT8Jaag!&!D0XxSa6VJU|^nD2V6vDeTDjTl@LG(5CR4vo^N z#*Ki^t1*j*e9uwN!nIf7Zll{Q+!~%ejGaG5$1L31DqNoO8aE7W-)oJ}p)ne>aQiIW z1yrCy>}B@SF<#{lHq$~GyF)(t@$DED@@O19MU5M$@hLcXiW+x2-97~ePf_EFRGfl? z_o8tnDow#*M%B17m8alfDy2hQL6H{=YipEXS z_*$l$v4dJNpf7$WpAJhKx7cMI-8;P_)Uvi23+ zI(n2IHET+>HrzmvCe+k{4^X~G`tm4SIVsl#33d(HSD=HpTh@hA9#Tqm!l`6D{D_;lq5bUFSYq{c}( z{nE>j>s6NIl9$@L9~yN?$&M zzFZ>hF(00kI-jD?>%M$8#7Vgpd`j_ihMrrb+(v@7pxj(+;XDTladae(mUs-?@ccAz zwfJ1om+;Q(_vb>Kl&hf+)0Y{CT+hLK(d7ge!)K>H#eD&;PU8^Q5L`1pulRl$!{;!D ztx|3aFdvoNAEOWIF}y#-Nx2C9K0P6IK7=|ilyV#^If-&@^l^GpaIN5HwVXNh33^K7 z>gZxq?jtDY(6jU*!PTOi8Uxq)`-1xUy*GqxCKY$^T^NXxYiNGr9C>)PmJ zwHxt#ymk=jMC~Nf6SW^gI$8TX(mU!po$d6dx~rXjx~uNEvyJYqd&0Sp?x{P4^xnFE zK>FtT2Bi1ZZ$$c*`az^`t)E2twnXFlHhMhifN!gjw$WOo^C*RMK6N0)S_0`pTAy^B zWwa6LCUTJ;qJ2mYQ-9Kl^wKh_~`&2%x+Ewml!R=Ok^ zozqL1WOVVBbPdw0=-OmWeTuduYZ~@aSF#?xT9ce~zCt^ald&hLJNZiNa=JA6O8q{% zEcr|HXCcxh)SmpM(?i>mzpP(PTaj+13zKiqm2`RX4QD6KOTN*#hYlpq)a;}iTbS$=4z@P{v&UM?i~H%kH%>3=pTRUyF|HO zKTEB*edas(yy5MCoGVjf@e{A+siFME@BA-%d*#$$yh0zive<4Uj5$le#kuv%;Cz z8C$PlyltoQ;i*Bv5UJKM`DmZiVZ-o2K!I_67fW8ue9df?RlD=i#;g2n<--AiGk*;j zJ_2a+!A76?HSCrCSR(qy7vlwH@~J)pru)Y+FY7Y-Okd_y_l4`T`(pAfRQXUdq(`+I z^pD5O?f#m3rQ79wKHW#a!Zuc_y!dFS`eO&d{sqc&KFn!~F1TSegxv(I>>R+_0gGxF zx4|$ji!V-_u{8n4a~gk$n731z_IxE2%;e*;40AMpc^rKDK-Cw-)(JYJ>WkE?HaH*0 z`Bk4)zUs1$#1pxHd`Y_v^%8&Ne0=dA2MFrp{_*}A*T;0>cq+rTXc)#T@xrRI)_D1& zfjnNPzMfX&ImowM!xji039bbUv&u3J_~Q1~;$Kjf;eZ)ht-(8AcAouXSA#KG!hOsX22V(INT=tTrPV8Ep!3Qgyh$UC5 zf2{ka-Dlz`j|(4v<+O>g4#0!)BN&HO2kQiD$tL3cxXt_rLui}G%N|6?=)*0DLpX?1 zv>{yyEAOD6^N@Cf4-PEhDx`hfPiH>j){fHw8F!p@uPD;v^vD5!in0jW{l}APRr?B8-dU@G;Ck+mP~FKZdAV0_hR-q6UXg@WENs(14Vo zHK+kQYR+niNsY4+o_>w93$k4kVgEAjB;oPKoi=DhEy_lbCfHKee1rNSt##Up@7a%i z$*oOzILP=qf%Hr=kuSKY3H>2{r@qKgzZWi47kC4-2E#Y>J?@X3bd;4m{& zic5qe#uS#n<0G((Bp-X}2B!IOg5C=5NG8+2m)SB#g-51;C+OawfxucNUnUnY$%kWt zVu|%Q*y0DW;Ur-L94%{FHmYDoHn<}?pP_*T)3U+*F!{7>RKc`tRKc`tRKYCSU`k7$ z4GokW2+YvHYS+-ff*IKmiUi7~W&Aa!6SO#_O9XU@Il>R-p617Y2uuoVxj z4P6vW_@?Q?vc~zi2^bn(p9Rx&smiD6QU!yBy;#W=SSSpUX7(7Eku}rC8MG@6TXZon zLl@COMFWe@&?E&jbhhYXWJ8Tt=x4@e!OYk!m>HV|Gdx!?p_S>gC8xn`4%)MuhN4wLN3xMt!S-@#HkBuE$wJsNB@NN z-vfvT?rVJ=6z*+(9d&L-+CrO<&c&+k^~gNB4C#E@iF5&7j&vc`d~d+r+USbtgV@ca z_Vt&b$C1594)4PZdn+@VIT%ICP9=Jw)DJ+dm6&O#`!iosZZEP;a|w>U2EM*ook4I7 z8rL!nj!W^s>B{k0ZpKYlF8D)U+Rs8RxvKiYew=j)j`MS!)8UvFjGL}bIn)i@^nH;M zkjbh`+G9?m&X(zLeAWfHY0L2$8Scw;wSnE^d$kF{+xo=()*e!=KvwmsmfD1qCO$FSDIB#%UyJodP z8P`p-+JvcG+Hz=(^9qAb&FY_El(rBxQ2aU%Z8=z}LGbmpI(Yb9-!%<;RK2@Q^>wCc z1NyBWq%G82E%Qy0=xnv+P&gpn`=;4z%XR*i8#$%rkR5>E{iXRerLEbZps|OLLk>mA zHOq3yGS5+p^U@aPC7zmQ_fq_d)H$-Ol(uG>hSHYyy=dQTjm{cZAm{n>&{iObC(lD$ zfp9!`9@WIhM%9^wy;7L7k{=|QT2wh5s19(Tg*zMR$J%M_Qubn?Tw#D+Z#WRwl{tr zZErjf#PeW#yK5nUXV|9df2~U6fC4u8%RcsfMj& zb3B4Gty|=jXN#QjOvXo}-@~sG`K)KFob{X&=TdX!tY=#-ms%_*KIh3<&-rrJbAg=o zTqtKfFOajIi*VL6MoVzkGY0AB+Lqz0XN;EPtY?f|ob`;+3Y_(f(Mp{4jL|Bb^^DPK zob`-Rdjt0{(G;n{dF`gr*!SqdT^u8i?COCQ)%HXhTBx&U6q|&b_B~a%9J_bq+)ZDh zkMXVnLPwGPR~?igNu{$vb`xm?qF`rLs;&jX+ zoPk*aeO-ogF)q$rt;Fe>)i@oq24|yEIJ>lt*5ee;2GD;aZ9=W%eTC(~nc1SK+M80sJEB5FMtgabjkG2I(kW zL)X%EbUl7Gbt8T!bu)hRbPL@|X&RyoW%0Y9Vf+$klyY<%9mC$p7*09*G)}iukxEpi z3LU2jIzf|k2Y%b}Cc2C6rhDjKdNbWeZ^2oJx8c_d@1XnXo%8^`3;Tu-;q*UF_v6g- zqd0s27|t`lk56{vMEu8ae){7$b^R>PJb!>bh4avVAdqKq>iv^^IvVd^z$y19aVq^O zoCp0PH1%nE1}CZszoEeIG(h#$%z=Zu5A4C_ZJ+vkU4YJXMH+M-cVJ+qJkj_*`C8pf zc!tMfI0HI)t{m9Dj9=m7?~D}Bl`CGydGO6dZ{}RJ%|RZwAD_QGFnak?zx9WbLx9Xz05KGJ3TX11DkVD{+Ppz8GvZ3?d3nWn#-Ic)5^vk{_A*q z`EO*+M8!>3o-H%fwX?1lAC@lSv+grw0C<1H);@fxkpE1?Oij@ZVV;?qBClb0M*e0O zK4LUeYlYf<=_3B-N_M6UfZtiOA0PTWM~9K;?X`WmG(OROu6iD<+cP$f&-CU>GdK27 z-4*)JO3a++(R!AR{rmyl88baodo4aBbdG_ehb5Tk9+*Nzq3pHMiA`h$N4Wy9{=xF zAW_%YZ(9du#0V@CzJvA~^?LeDIEqtuIE^ps;-liz=lIW|^C?n`Ki^x-o!exetD*zF zM-BmBr|;zVUu=~hWcwctl$W;Sob1kW(+59WA$bmyWS6+Ld zXArsA7ot6bJ^OLHPJNH3Kc~L4)BgeWm7V^Ns+LbaqFOxpv}*C>=Tu84|3uYw@*h+^ eCx3e8*KhplKVJXkYd`tvzy0jz|L@;_@&5s5)OzRu literal 0 HcmV?d00001 diff --git a/Documentation/HowToWriteA_CSP.cwk b/Documentation/HowToWriteA_CSP.cwk new file mode 100644 index 0000000000000000000000000000000000000000..594c3fe7321ae25f606ebfb2cb9daf6f61ab7493 GIT binary patch literal 45874 zcmeHw3!GhLb?@5eHSf$!-Y=3(m?SgFWHNaI0U?=5LIQcg4Dt{mCo^Ye4moqqaL$}0 zgIW+!5m2duqJV-=R73=a-p5aPL~4(M6u2jFjrjreO8m`KY)T8#ERvGs4JT~h zgRCMg%?C2Y;)LHnlJR>d^4Wn1#VhYtoQ8yL66ulo65F$X@9D%;9w6pH+v*<|wpZf* zV|SB#nq)!8B#tvVk0bV6to_7~PyFxLi?N;Y3zF^em&s`tt8E$t%#(PWIlYz5xK^^@ zPLG4NvcS7DxO)x1OGK0&2~gP+Z5E1DHZXVM#fOe7$2{<}@~FqH$)UL{((^uDnate9 zaw5$S;CijL_;_r@!vDeiPJM<9zZ_r^&)-eiKII3-+F7>J^|60Iy93$;zZRKz@e4jL z6EEESM1zIdA5TXmanFC~E|HB-xM+y69+Hvz_%*S&OXK#w9sNl0E#=0CK;&ykX#N)z zyk!?Sb-vdmDU_DO-w6H&@i)fu@BS;6?L8a2HStp6Vd;pC^PUH2soJJtgT>w_U9kaK ztWw6Z^;l4EvE$Mi>y^!rP-lFu=(pI1WJT;2n}w37$NJk1cDPm+dBNBVrN(&Y>-k0S)y!ZZ8REFbEnfv&U&3$sI+$}94$({Ch)c)RL(j`A;(xsj^ zzjZUsZ+)M^*N>R{h7IPvq0ihmzTN!JSSO&j$c$~~zBz4vTmIa@TYhHlXT90n&pK-E z=akIv+>H61H)8PfZZh`^>dpOvHgmsdp}AkQ$=-k5^keb+%-*%n(UD0pKTah#O?Y}hl9gXIG)kXIA-S+o(^V{i}->$cq-?cw9zw2V=cl~6oqaD5LoVxuQ@xc&;RVL{}xxc*iI_r8p44|(6Ga$?f|F7)RNj+c5*-jD0~Ha+2| zIq+2u{Ou0>b_f1d2mTEQPOIUe{Ci=s8zOl8+$eo~w*$Y;fq%q-f6ReD?!ceIwe1(= zJ?vNfZ=Ll27Qqu|MexK92mV6`{tpiP=MMap2#zsj>iQtY)h)QTZNOLx>6vuenf!(W z|87)H>O&Dc^`Ha)iUa?;1OIgdubCOaYuJVu`2LVc&ATFa?K`9NwGKV&E{ouGhokiM z+ah@V#SXj=*S3$)2Vo!U)f%H-$V~l<5xfD`R%H@!=#4NhbVmqpTo|Qq>~i3raNv(b z@TNr(ylJ%q|GWeLsssN62mYrH{LdWt4CG=i@Rr$8IW3DE_|*>lkOTjS1OJ!<|8rd1c0#v??QHFc(zntEQ73@@ zGnYs3ncE{c^l?}YbaKekS(GK4cg{@_e9rqExYNfuP9Nvq9HpOoXOw>KqYj)p%9cO( zUmW;}2o75iwhi_mY}-7i4fAUv`25*X-uYW_ZO6iVN4Ly(_%;9GC_U^cY`nbJ@{#o<` z+lJ5K`tKt6V)*;2+W}uZ%Yn~#;L9EOy$<{#2mU<={x=T%7Y_W_5&SdN zjI}v3*7j^vPMc%n+J54|pO4B}zCVI5zrulE>%gyf;I}&P`y9A4UY38(fq%zI|5p)w z#exXF;xq@o)PV=`2EDXmwFB>V()Z)q>NogiA&*wP-%0Q2+ZCU4;J@djcYKl+jtyN& z*|Yj#<@zZ7%2HI$${QRwbxx4}0}kBrF;@N}g14`W%4t8(fd_I6*=s-G!0&L)46fjjN&a&%pnW7oPq>!f#lp058H!Ph#z=-QPI+!+^ZzaPQ7b$)Gp+HQvq z>*hu6T<7$6{rM4m{l2K24Hrc44S}A4+-~^q4&3o8Hoh@}Z@e-pXX7ykexn0-`nwT& zCeTHj-V~+Zbgcs~l>W@-sGKvGI`Fm#ezr62 z&JOGj=pe`8-@J%lOcyxMj$Q9PD>L-ooB*3+@Mt&iw^rd1sag1pCQWcY9XnWsM-Tn4 zDL$$Ad=(zEWav^JDaEt=g?evJ(7vnQ&6=eKy_w;qy?yc-`4_KU)VUd0Y97fdsnY+YUlNV zTzNQ~FZn}-qW{JWVtjkj*H8EdGKH~RrlaYybTOaJ4{t%_FI(~l3j^iROn%(Qbv8dx z7)6@#Oqbu2LGFxS%;YAJ*e~S$bbexdgx4dPVy4p{Pv;J^B^pKSYU;`Or7|)AQp}_W z{c(g9gR(pQr>mN6TG;uFf5=pWf=gZg?r}eJY%G^%+eg?>l+kx!w?AG?=S#Wtcowb5 zr6)2)KQnqLGg$J+Y)6lR8snL~B?5lX3T7^ir}Km9;-DcDi!wRwI+4)}eU;*sn?#y?Oj9LWx5 ziXA~UqlLk8F4NV--fu5tO6=ifh2r7!n=Z+WvJXWxGd*6}QB)N6vwb*M&UE;LnW1bR z*~gC-$Yp;ZmoAkur7eDMsWfV63HA(H#`k4PB^1GqWl9hda3x8utglNtLov`H)u0R8E!3>#-s#f&5Gq%0=IFxKkUG zhCoEwOe<~E*n})4O(ic4*%}{D4~*ztJ37YZcd#<2Q0)$>Z}D9t5X3a7?GI&h8Gp>s zzQip4(d_t$5-Vr{Xou3O+Ca)P^#B@>%|oiQwFk0C-7tVuFVXLgZ6y~ zDhnhB0Nh#5sQArMA|1@t%4 zY(zB7Y*a1Mj#3N?kSK+~LO=&m84qFU2&G{d2Q^qpLyrQQY75b$DbzraL`U0EsL&B@ ztqR6~<&tSw$qJDfo?T7oFIhe%c^#$RX@so0tUwixL488r{K52i+K4|fI#SZbVpazb z2$dTyKqrihLXsjHD5+o;tX3_IQD)M)b5J9LwpQv#(kQ;VdfH=hWuU@(xJ7Tz4uP~3 zKPqKaS|>{kwS}Sv!wgl7sI1#)#869=GLT}Zf7;wUZ0^8FIzJ4XuIz^79fD>q1zH14 z2Du{&XxGgs81xTKOvww#Vtyc39^{}rRA!%?ans3>gaI|I1S%GCM(nA00);hHOphYL z+H&4r5n;G>I5T0=!!^Np97JKo@_=fxuBL4qVMW+nQ&4&IP$#U|`J5$U&3Pv|)_bF5`febZDXD z)YDL!(4b=l*k%y6r zl$u-+-9YHU!BPgAs^|~nCmT3*CGJPHL2ZWa|21qXN;b+zEG}! zVW*M^QGoyObZI0#SU6gG#%Pb?1nl519oMjO7($y_%ArslI(>W5?TIntYr?5kkBxS> zI^#$oH&`VX#vWl{97z||NiP+O<7P;cNa)36F|N>&)pewEr2^CncLlJ3O3hPc94zI# z0$)X)1+Xzwgt0QJ&j?7~-$8q-78c%x8YDwIox4zrVOSODfMkbE#bfH$2f9Eh4;@SO z1a+qZ#yh%OgBi?LfMeRK-b~>&7?BG*!qE%~u}xxe0e7fHAjzuPK@6vGOLKJrLFy~$ zzRnK8E$hm% zvox`h{c~J>AR#Il*E)vg)CiqvuyuV^3QW;D`Gs04kCB{cq{=r44|E|PIlWe9(4&X~ zwEmzUrq1YNW++|Gjq8B+jdg`|8QEt|hKBE=_lKPpFI)VnTQZohjk#rDFBdjX? ztzucH^;WslPlEi}a>>|i-XwtOL8AscsfKOdA*dA1Ob0XrUoxETT2Z%BLbIh~IWySR zbOmRU7Hiy6+=wE;#Hz6&}cSTs7OexL2cWOHXbTq%u4 zR|nGAYox&fbyy>sxl%PWhc@Ps@b}GN$3^LI$qsf^Pc(L+)EY}d4R6CKpuP!Ws3C`j z2pHgqth9PB*11POFSJQ!E)$_RLZl(E6A+NVIysL(R$Vh+wCc(H8=OoY~<<4v_= z3l8cvA|J4nP;1^{(;c%M5*HnSgG0JfQFTN@p1~kPMP)U6Q?}V*pX!py;_<4Iqa#)2 z;5YEz>RRQ!VWqLc1ZW{a-)&*^4&azt&Dzxjm&PhXm-1E|ta4#&$tX4>-;qv-sGP3h z2uoR`aS{DwkO%=s>Y_Bp;ZZd_?U*iHCxq5gGBAvW0;RD6 zWZ98{E`iU~YWnr*Qil`6sbYE>%10#zlv7IhFvNYEdn4qy^6o46WbbSO8d zJ*pG7n|>2oYQ zsBWn7fbwVv%oHRGT1tatB={De*PLy#agztD@f|78XmdroUbQ*4deB`LA}FCod;O%Pa%Z&Hho>H^Vp#4ZV3}55R{@u&v`fx&Z7_vmth$AB4Pn#%@E>C;If&r(Q{*OI2?h;h%pM8 zG=w5%bfRhhA!w*_DTh!NS)wZt!+9>aQO=KIvd=&>+>~PFbiy{U*DTD03eI{l77HO& zc`?FoRj~uHO2Oo2E7=`&j&!i2t4Fa$g>wcpV$9M+ufmXsdb;W$a@;_}hLmSwBmPcM zlm5K+ke#pW04Q16bSqkr2T(QQu_<%1xmauJ3rejty(nDUhs>k?Kp6pRM)k`@s&-=# zHR_33yqZp@&sLQg+YKJTBQlIR$r#aT4=3f?84d%At>FUMdpHmGRu?o26@HJ^Dd0Es zCmFBJqWA~4F^J|+)1^x&lEo?MY1gXFpk-`3i5L0{mg0ss9Sl<&ZVcoy6v#0hW;T&s z;((scVs-_A*U)OAs3uQ&2+L1bg7P}P>iwc#j=wlkuVGP8|a8@Xw5PmL} zclpthEQ4SWeMf;omOya2?A6mKYJ8A1qDj@9OnYIL&Cr*0dAxveZNhzlg*6RTj}v^R z0WA-Y7zdELBJzGHB7y4_xFeiwSFo6>isOnsV1|IThIW&@E-U@2TtmkZvrF~DP)?~Z ziZaYdp>{9RZ|4xwPMbn?@&%1Gm`SVSr0RZ@+Dv2bI%k9Zf&jxiquJ3|01HtgZv}~s zHRUm^(eLyX3=D)#8v@m!eN5+6xw^3igxIWc_4PFr5kQSurS9riyHI@V2VO7 zGmshA4jM~3Vf4pHfvXp6w2Fb5ryK1=+ozTzJ$NLGa1ezNtHTL_)E^F|+V3|ZYamCn z#~eFN)?&v6G#F4&QTmJa3?cf@s4w*%z=$*$0X&-TYWjDt!v>*7*cptHzzv(cNNVE` zkR5L0peF=l=xl1hd?8fESP#`*8Y+0k4Wz=x`YT7X`c+u=&lvipu{)zDbCk3K#_Dl0 zR)<@#9?!-BjTJ4s)HMv%po{t{w2^eg{52fwa63brY4kHR`IO55T;tRAFD!(@8>802 zkU~QqR&_f0>-deKw%cJBd;cAI~J9V`Zcpkwqx>23>2}O-c+Nb9IK$5+%fd3 z#zQr^3Ofu^c`TrgRW#@eCS%ym1LIPqx^#MlDHp|vEWjvYzyUR5I*8b`(HO?$VulEw z1)XJ~SjYi`H6xS~SFADq42vt;vDbuV_rpbk@L>gtE2_cn0^3MzQOFF!(|(2Oe=2H_ z`);XS*i+^761xgySqvkSskop$Zl4)uScwS^%M23sFBwgv>haM-k|-5t?Yc`n}vRSFx}VOk%6{C?RIf zb!4om+U-rjkTA+!gPQb>ow7OhxQ*~K-NzE7hjP%xb_i3blVO<0GI?yr;S7NTlC4q$ z5GWpN)XYLb5GSZ~hQiWR!)x}aF&Nv`4L9>tN@}%0sjo!IFf&2;w-A1;mk%7q;Iia| z4&aJ9{A%oCq*qS%A_9O}M(M1 zV-OtBNf{iBY!SnSa<7)b34_~FXaWmXzhOjSjmgM5!c?@(hIFt7j47fMS~dKO0yQEm z9*gGk7JADn!ft4~y#F*bAA;NY;b%1S8tfYlG$DwGXaG>1er9~2%W6?w?m}UvlTQz# zVw1fcmsW>%a-SWh5@FsBwI)&BX01}&XBK00r4!pGM*KXt?19E(X;4O+tep<~!69N- z=AdNIKse!8QR_$F0&TCF-ZVE9jX-GCA3^JK1#GNDScAS~xWPypi1M|07}B6RcjQDo z)366k7iP>Vmqkt%K{EOmSf;^VRke+VcVKZZwiSje(-<63T4;2BtUO*i2O2ED25g(0 z0NZhyLRm|zhd)dav-vgLr_07UErK%T<`Pf}oK|(p-3egXF)lP288GEV%?oAFtT00^ z;8*1``C$a)hq9R*#&3F%Yh5TBTR-yf;sD|}H@ja@znO5Bvez5;P8)0kM#$v`v?KBc zq6Ug{pAL*IcZ*=c1^X4HvI?8BXLfI%qg)DI5zA7@mdd9|!!ocNTurCmT3*fofdA;u+? zzn$_}yO18m1W2urEh-qOYJNa`_2>$Qqg_qvi-wBnq#ac$)IJ7l_vsurfYUVmh6b@K zRQ1&SMwsoUzHrI}@rSwMzAn{DQ4f^a;n0BW?>4H|kSZW!pup&|a->qkDu~H08;)pH zxR}O%SjhMoH@{NW%`OM(Jl%H~jC!mYAohZY3(Qw<0UU?8&;iqxT$Kqu8ajw52{V048fp>YPlYo0-|L|$njOtB?tobJ50H?N0mfI(Hi#) zs05}4o9XEETal!MP-W5gg|yqQ!ndb064Y&61?V-*Ua?^SJ%cdQH6;;1MtTcIbd4nq z1O^Ewt=S{3?q-cTWh4M_6T8sj%!XHYJV7^dO;)v4B#?n=P$h$wU|EsDlp$0}qB1(9&&pueJ1jT?6x1tGcE>BBTm_Ax zIyc^q_2txO>x5`=%?V5c8-lbje0VFwH|d9g>Z}yA6!aj__++(;lUi&vkzF!$+GsuAHhV2~~NSB1i&oi>CO!v*2fHBswA3^v&3vWKvUr%yOQq)oGR$<(aNXgHL% zVT&<$cv{G&q9}z0MI14G!=6#D{a5aU+E&E}R1@-%b32_)TUi4RJC+%Xpwq~`F-E1D zAXvpd{y^CHaDlNu)MkUwIA#F}u>qBK&bX+|OR)S1mp~Fh`or8phMt7805z0MI#|F~ zQM*J^CD1U4*c39%)f)PrD#YW*Lf^#LOY3vcYY8}Q{ZyK23^G=tGYk_uF*Xv5*2;Wk zH4Ancwx8X=JeyAks?E|}epCeE?(eW*bd*Y_qOVa=O&~4{uZUk*7Z=1p%ODF-!|KiH zq}W6aNItHqsiY!gNm~|{6RMM-1Zdqcmt6AE(H0NU40O=#6F=_sW(qGHv8YZGsZt`geRV55BT) z@H3N2b?)&58(ukQUJ(b)u8-UjW)2UJ<-V3fU&_X(b*DJ$r9OaeH!u3?*IKRsbm>7} z^0jZwd`WEi4tbxMCxXYTLAVmOC zH;6El21P<+$tFhDYwXvyam4+wC_qoi>@2yaFWU4Gn3+-+>yipOoe#j(2X6v_&{Fh6 zk>>*YWo({{9Ex&SB~F9MT1JVor0obm~^n)O2#`akWDyW-&ZH2oCwUJ6PlI z=dKf79U%d@=PgjCHqN6_x@Z-(Vi5-7Z8l-|8BI~Wv6VGeQsn|dRC@5}wNm8*r3z#T z)c6|yeu}^2OcfoLD$hDpq3oH%rOJE-O-&V|Oz(H0hOgpoSEV$-X@e64?+=qg40sJ$ z&@+c@q=&iVlAdL5Ji7+VmwftFcgmsPQ}DhSrO!TiBUpzA;V6o1PvGxS z;GDzu@;gp1DLLkFd--a-Z+6DQ>?wIa7d1bGLg&`dKQt)3o+im1sxH*9)SEdhufFe#<6#xhI^3t9W|A!KgRpTWQpsY zfj4HC^x%5r{Z$(D42G#Lfx@kaIl@x4v-C&N$G+ugj_R*6T0ph^DxHo6wylChH(3?j zh4)`_pw{4Ty)46<54&%`+Y?#nX18~rzKpe2>LiBNn>Qf_iR~}o zcgkb9*(I&G9>?Dp{*JAFOWS|xBP3HT=pOuqK*LqbH@-U%$E3HzD%4vgpE8^SRq^)B zyGIlZ`JzlrKBDxkH~*>~f1M(&H~-T=JL&QM3$3dKxlu^dB|Il;d;7QbKx&#$$F2Cg zadO$eh5VKRzoo!`0SYws?%%VQ{e&KX*-zZjyKCP?QkRhUv3Q&OCEkMid-9b0y|>+) z>vefoonne4p!^=jyN5--nB0RHLtYX!Pg%(035LSZWQ8;$&EqK(D-2-F_jpnR+d}*o zQhRmxL<{nWJR&oQuMNUw%oRW%sS6|34)pN|ijB-B^=y{WTotdC7DDSyG_emcqOCTy zX^}?PPBA5aTitId@c$zPT>bP`47yN1#op_EQ{EptD9^#!-RvFo-s$~gj1z`ac_eD$ z&_=b?E%8fB88~c48zpM)kcVUGba20n`rtH9Ot8Men6a6CxZ!f~nP%YuyAe#I_TfGi ztbUJu$Clm2bR9ZB2}+6rvL*(a!vYu|3g$zrR`X~J79U76AcYXAPI948XhSeEIXp|TBAPqBD`nHB3?_o}=yk#)Ndv3LKz{vDV1ODFTK zG$nKIkJ)|1Am^0ToJukMZC%qwffhT1W~jqMEZ{W!&X$<{ZiShOJr2y{fLEraXH$7p zjEe0Ez9)1(%f;_j{GElrZv3_5 z&&S_lr%rSECHV+0JR|$@ZUPha)E9v*xRldW)NZg(<}$A9OPQ)k}lL zHA{1dGks`~MvH5a7OHvN1^JTFq_~2#A|@K(TD8oi%&_@p%FM7WrhkpnY;m(>Ru!&E zS`@b&c4T(qJLDMd`DWo5{#q3mmpL*g#kYAQjm$!OfV1*aBXebLh?|YYfe06uc{0zz z@r}MgJ`Z1=ns0G)QEE*EZh$*rscyK za)#zZ8qlv596_1j07qk+w1v2k52%^TgUe;PgRA7j3Rz)sZAd*6++~>ykk6BqvNFWY z#@Nz!>Vk_0&DZYWEFWZ%=If9S2WR4S?cgf;&?%i3cLrKF z3z8PmbB(MCaSI_$F0MdqggRA7jM%id_>tzWfE#>rYlWYocOTlj!w^=qjxVj45nR2Fs ztFOSFC1*Lfh6>!-a<+qOtiWxNEf%*5Cq zVXy4fd`JU5w8qI-gAEh=LfmZWa&U3kFZ&(bTG-#H4+rFc#qC2oyP;hp+{JQnh?_0z zFsdWmC31;_TVEl&ebVRPHdNsHrQgAAtiW9=mpZsj6}UIb8!c`x^z0T`h^Q@>$z=}i zoC@6Ka=FFr$0$0h0(XU65#nac*$!?oHsxG7i4Sv?4>5U@yh-yR4QRFoJ`36c4)AUI zSIJc&u96Qid9%FP!JX^y$djw(YKyxHnzfP-*T^*v?hO?@Iw%Jn+<6taw4@!}`4#*- zB!?W_)(YH!3|QQoWJMLN2W8OW-i*F)b9gilUlh!QG;72Nr|izNvO6S0nh$AU?|PlS zCuLZMLtG<9c%+v+8Ici-8wQ=*V8tW8XC>?4mRI1em1`Z`3R(}VvphL0haKF?3S3Td z7B_^^eu2|JPex_b!R>Nz3nVZ3#B=o0(O=^a&XD=qcTWmZNYSrG8jFLcXmMjQR)vG7 zXmQucbyYZciWXOtVigYFi^Y|sRE2{@wYYH^ufjpgTU=SnRXAuKi#sAms&E($7I##R zR^h;Pi#sOAs&Jr+#ZAaW6>dR@yI!uZ!Y#D8Ir0{HOGxVu&^3mUjhyOhyj9++`H%)$ zm$=1YnQxP~g}BvV2gtqO6s%k5RT)fN|%JLC?|H({d^uwtCYb)uDb zXgl8{@3r&IJ0hI+VFteP_#VyINX?@8IHPPVACS9jzL;!O9Ous;KM zB_FW3yCR(CtHC!o?+NFdW)7Q_MT(2zYhND;aT`p1lx&pg;oF<{YFj>nwrr|si-#{< zek`2(nmO!Rfz)eTJ}eJ}^Hk0#W3W4rdf;M+ay)42!~J^2#bv3@cdvXr%(q!_@KJ5P z`{WZ!&yRyDXKGu>zx%YE_sb`3-#-!IG+(QHR6Z59vs?465sVh(^W|f5x0YES@~8`# zj{!GB9*_^(GViuL0#5U_$b<4B&G#wfOKF)KfO!!4YUShdVVmzm5l-{X!?$AZgLIH* zDf|84O}PF9^3`GO{CYL|Cp~8`Ko2lAhG*@{_I~!hiW`(rupm-#Jc%169Z?E?9NmqMAISJU1ocX_p|n&gW( zx5%U3#pvmb*u~rMNu_uv^w_)N7vp?u{0PqPj^B&(ZSmtc-=3^Z&Xb3e^{eK{my-3X zo8*xc(-%@qKbB(p>rzZ#Ofh{a^|v^W*VN-&u4z~`Q$Aj^7S~5=`f)y5GlBE5nvdc< zQS&6u*VlG>XUSV@FZOoJ+iH(^8|8Ou@AWpx4YkK{zOnXiaejMUJGiFXW&zIFLp0`BS;@mAh&iiE-&Ie?7 zix=yaB{*LyOIy6;3)0!*r5a^Ti&xhzn{i$zXX3nG&cbxw)l!F6t!SC>z9Q$gOeF4=EiK6J%wpK2|xm)^hUMKxHua`?(lQX;Jiq<6B ze|c*Syz^e1yX2zQdd#7>;(Uf|Ypsv9$yGQnmp8Z01wF6Dd9EDBd5MhRyi~HStGpSK zYrPF4X0-KJv0XCQ`U+~i80WJkjq?^c)cQ(tom`FcnQ{%zXURdFx66UnU!%1{GZV3u zvVZye{T0&G+t}SE_v73y@7dkay-ptAv*m${rDo`>nPGX$$m4%EDzip@|1W+ZlI<-F zO6#>>_+DD#*Zn@W`ZN?j^Rt}Pk3assZ^%2#$N&8M^5N@0|Koxrum8R8eqCn2tq187 zZ~N>se+l1NK+hf>!Ly<3W4*h!U4j_>xi*Tf8V9374}24ohdpZ^eA7~Y3B#V-6E6{4 zXJClLGd1w=4`vt`mVPY^o4@O$yk{yLUPdFeq^>pCbja(}F&E|ij2K%U>s%j7nrRkkfvYZGDL!uHKH?PI-ci`zHC!gTXZI`)_CW4fSyqzh?f zzn!dgaQiqYf&-=0M|CVyIMy7n;58H1!I};7GaW36=D=An1Jrb3o0)z&U~yX>>mZDI zJ*SRFz^Lo_jbN_Zupc~{46LF&!aRq++`w+i3)U0x(Kx_ZUaT(SCD%4gn@u{>Aj<1$ z43+KUq4n0+Y0TBgkf>J>l*jh1!XL{cT^K_qY`uk{zlf*>GGy~Q{avEz*^fGDbJ8tk zs{v!&IiSHj!koOM9}nVJ;xA|);eds-T7i2WZkq!b9IP-M+wS8pkb9OJrb9nEaBpPS zz=QHky_74A8GMhOYp4+{l4q7TGmuj|KAd#??rYeV4Mp%27TG3(>_CSkY{pmx249Y=C|7;C=cyp9AZ|2raaTHy8e)=XGG@ zc-|`59j|U4?2cF0!Es)<3N!YYR|jt}29e!_GuI?zUL(qgc}?(VW3W$Ht@2vo`NcdR z^~B*-;+wNxE!vfUrDV*17hnlQLz{5E1no+q%(XZ-K;a}&8ouL<($2j8LLHKQ^0P;xdl2g*z_ zc}pW3fLn!uf`A%+1Tc<3=g@QsyH0Q63iDcC<}Ikgvnem`ri%rz7np*Il>@=%H84)x z(0ql(+`P#kFB8}!H3h6@3RvwFFgprBI6!e`W3oGjzrp zJVrY24U99gL~3%nmSb`YxTA%I?R$=zJgz(n+jmTE3@WvB@mih}A23aa_dcoRu>GKg zLd}-vY>AaMD;plSDhIGoHrNoGE~J42v$8=Rh3TwpRKTokRKTokRKOhBAf>gof-oiLUoy2L<(gcmdELc07)VG6W#iGijyNT;QSbTKgH zo23h7jp+3(A!H_`HPyg^!Z&bb}u8d-*Ot zP2##8bSK z91|bsxSZaajHRRt=NdV;b(Q=SbK2VwyWQ3L66oLC`Vz`qhjX)Z<2(y9)t6#(kUaQkuyZJm82(L_4=P-7Q{~f#$$_`tC9d?S zXbb!h_fQ@RUsm8lQ;12=VBGzVm|;?VlYX_VPK6^^@=fSWQOcR8^wQ{{`n ztKz|-sd_-~%-9WZRsGPmkn_KWHlK>O%InE|N6EKZNvaAC_NLbxj8aLwyK2 zgac`gX_iCEJPm*z(_L4>nCYOp>G?JMiq(1vRA-K9?w8hO{WsYaRQh`VI{gadJokFn z5tQfD6$s*;0q*twb?OQj_QdO5M^K(qR}gu8F2KFszfN6&U#gLw*Sj8;=hS7R(wD_V~$gxdsC-S_ohyv?o9=PcnWlH>J;kU)G5@xsZ*qTsiT6S zJS{3i3yt(fSXbM0)#lU{RCWsdLqvehaSHrH?-c4N%7-4)>mO1IH6pb&j5$o(+}x8P z6HBo@layWk2<~5>UzI~hg?ECYah!!h=BF`knWzg9D%$Vy-D!;CNa9aHXB{@}UG z+SqjRE3C`LzNWFR8Qw2g+i^MZBI2;qbVRb@RxpinI7#NGF&+i&6vPit9SygVkkclI z=+TunnjS{>kJoxH$fo0Sy}y_Bf5O$QJaqgU5oglU`NsT-s6~ofR2Hk1f ztUGO6QX}yn;`v$bw{6w^wlh=AHB0x~&aPpuMY`*Dj_$XetNU%|>3-Y!y5Dwz?zdft z{k92NjQzF=jB1v)1p93hvK0Gm6XIjPZ9-1Re%pjB!+zU@oPqte32DQA+k`ByXA7Ge zV@W&#(KwR$p={jBczkSY4@PWFPprOKI(tU2sJU*}()uN`dDs25O9gqncgi1Pr#7D+ z$2!lRi!MEYa=6P1Yspw8;fe^~GKweevHH;j&4!gutbNSH>Iv6B=5pUGR#g{b*Uw@| z!4m8Q^0Du28TJdcVL#9c>`!aQ{;^fES~{`ws0({|y0O-|9=m=vVt3GH?8`X|yLh%> zchI@mJ9QrR4Q<7~pdLI&wjF!Mcj7s%UD%^@pVW9AHr__&tYf&qulk5 zUAa$S7yBdFIsaw6tM4oFRr!7Bq=ykJd`|G35UAfqPVC#ZcL$c9w`YdZd@Iz+k667; z-RChy&L$wjzd zviFjU`od+s78~2<6P&TV`+F|DY;R9LQqeP#9sNCf@N>C&AJoWG<~>g%FPXPIWfP|6 z$Hq*JkKJf$eC$qB(_;^qvL5@UDd(}LPyG6omw)xri!c21FaG8K{_DT}^7;Pe5T|%jR51zCbDI7U9@STB6)CZtf;;&J#5$Q;paGP6BYTliuMDd25nPPF& z?iVK4VXp2Ah)y@HsD^wf^Tx|tD>{5BhI%! z;&T>}$Rh+P!=AVWx)e3=eZyPFj*7-C3h{U2;<}d5Xj+(MJ!{l)Zv#1^$VPl!%H7kk zz>q=({?)DG-UMBl!(P@oU{F%$-1|PqNWh2t6uvaP^`onGH!A}F3c4NHIG-BX@YWCI zuHlV;d9Btzu0?SLXgKlut3+4*HxmsrmW%GNBEegOH&L{!cT*o~6j`=$*lNR9SkU|* zMTn;Dp(xFwJrqQ5#~`7)h7<4N@AcO>F1-E<_ieoyINb2o4_>9kkbAwfWKBW`M0EoS z`=d0?57@L3qnHx>4cDQ2q?}7n%jY_YDrEgmeFhiOy$latKw@d3|D-;{_v+6_)n}xv z>P7BR->Y`0&*}%%XUzeHueo1+uluh0j6I^@vG1wx^~dQkmS97x{``gdj2G2sf>gc4 zZ&ka-p!(i;RDCvWR`901ivFp0lGrFDDf9f69z5FO!K3FJ@W%}JvmU&v-h)@o^x)M7 z{nc{}`1ic})vtPR*oDg%Y{TWN=9gamnt$`)wJ8r?TQuM|Lw^?Z@+eX5VFP{y_n4dL zIl#Ycz~7}H6m8MNfWPO#>t6EUbuWAH*m`f=*rf*i5!`D#fepL#$BudQ#D46-Vc)9G z<6`5=mY%@eD+c^l4-Wrxc}%R;b>It$Ee3q2$9v*R1O8jwYgxf>-F_OM@%m}}cLw~|2K*yW zFO9$V>cHRKKH>AKPxvqV9)1mezbR4F9gFrs-|vDx&PBL5Y`ux7>0OAtumQf%FYq@2 zzrsUvtHzJydr0tO+hZi!%=mzf2>qY=)A|T^e?t_S5#q>vI}$f_hk3DXMsPJ?h`|jz zf@$0xM*rUpK8+SHbKCC1LAzYAFE3`x89Qlr_V)JJJ9Cx6Y~IFyor@R8n$_2mJy0mx z+mbho+B-9akzA%F)|<_zkQ{N7Qe|YMP%M}1GSa1iN-k%2cJ;O|?cKQ*-IO!Mfn+LE zYPClT6?-^2Y9BO*8&Sgz7t)nnhDS~2N9|lPKUhf)W?JzrZ4YJ-08^IU3j+h$R5qE* zjXI-d(srjY4D)khs8HB%S4Q5j4`$0lLSq|JxopW!CG&QF#?Bl{Wish(eh}T1aZ{*( zypk})MCJ=+yO0NND2b8Lp`y5$Ne-9n!hk)Pt7Pm{Ar1QaD`nv;nJX3C>d6%NE!o4F z;R13<5L-wk%Y|Y|xT%!0xomk9a>}R5*+RZ#AIK&Z1DR4;(Ui^%Wb7YD3?tL;w{>+pJb_0%xI;sos^4UADXx#n@H43Lt4~*}fc%Z;0{QfJql?P#S{=9E5%#g;WkCp>}yF3BxT6W<eXXKH$g7eQ6k-Y`S?z4iaBDHVYkR~~+ocm0meE0*-Ch>| zWsikjWrtyS%s7My$6=3RS`1bT{nuquWzRAkLfEZTL+!B~74ntgei#&pR)TUER-KgE zVjTtcc2AHTJp5JJoRa+|SQ|#wI%>18;J{QV0Rk77NLZ@$D=}g)qeHOks>NhnnHtN= zYvv!AZ9fCC+loWGJUWswdvKx|xY&}(XNt+3y&D0s6l2<$Y7Rl{W@210qc(dJg4hUT zS1b&RVIy{?5kZQT6vrAb+?I!muw7U>N4*hoAlM`elojN02_VmJ z;H;TaoA{$)e##_8Kl?M85e}M=C`N@GO3rt*osS;;(=@`(>Ka70G6684pt;$Kx*ksDht&f9LmB%#Ev24{tT@`ivxidY?<+VI(s0S zhT0sX!UQWbUbAQUEk>LeH=6s#XtVct(T!ci6|QD@Q%{fGoX;F|B2plA^SXnKe zG*T=;0c^l*7MMg7%|egLV%$k&O!@{_V~K(r#26K(OUx&1Zv?%L6ghXhhyy?|GYkuM z1DKByZa>WK4-3i`GwFccCiA1r-LC35;g-bA8Apd@&Ve}T5q-IlBZajBXkvHd_@Ow2 zP>h7hkps)X3=E)_LlY#YX?5rPRokJO(SjE5`E3${6WF$)i9Q!!5FgkMx=IO<9Fe_-tNA&HEt+H%~ zF3~JRq^rYXIEkv13&W_#%#YfGlCp62?b>>(P{iaoQh?J!@hn1=awT&?)I;xBC1J+xgP7dO4xM5dicF`B>4s_HTt=-Y5SuYg zT-(*&*WM~K#B&JYCI$2JNvuGNe9LgaCm9j+yZ&PwR z3+c;?a1u1<)Q@8U$ZYOKf`RG++aoK=ELI!oLP|~3tZ}a;hJ&4|-Vxv1T4Jv801D~p zluhjbT-)8gy=&Vh7OhO9`w@6ityriG4zXh>c`hjzmhf^B=2fVaM=+y#V#C}G>vMW# zGIdQ^xHxtNJg+p`V%t?pcq)8oREd%^E8CDVxeD>IxJHmR*4MP$@-u$!jX?RIh@72 zYw%-(yUL8r$Szty%+3x-Cx~QT?8`}XKt{n+f~0n22mhTI?OKL{#WbE3ok3I|`&^z{{lPB5)2x5awYHbqY|j~y3I@>EPk z+5)-p&ILzo*~xHut(17aC?O2NX*eJ|^G=(+8(qjU&B=Hr(=Ar=Y$j||sxPe$CJ8Q` zOv_N78q^*H+)Y%35UR4+G#2805WjyKEx^y7mW3o3=Xk)0sbm_?6s=c?5@4J)8t+K4 z0ZGb+sG;^~Fjwl7k`tkEI#GF=s?L$kVF#0e1a_tw%a6Pl38Cej-nn?o-4q%rAU)%a zAJ(N&!x6O>J#QM7Mv!n1WMSDd?ZOI>ovX=H=+jxiL3S=#0kFgD>_;XZH(Vg|g7ynM&kkb?O6YYMz<5|RsU)8_&X`87$2`MmbtdJm5|C;j zFz)EvbfII9La*B!Mo~112|ytnw0JKCiW#GNo!Yqkc3#%YOFTn_J0RGi5HG#yD5C5c z`-Vl)m#p4pzGOAHgy>=I*S)C81Ina~-gt)1NcyP8s}a=`RtQX&I5G*zFT?29e3P#0ZMt|j6LxY?1sON&$822ee%vdo`-Hk zJ#zJ}y_ZWn%9VjjC9uH`b;qM_lV7^rvx&=R80CWhec;_*L zCp*Q&^HP~fLl~8ZR^P^*!^F36U#B0Gd!$!eN1<5${oOG}xc#r!4&R0c&MvE6v%kIFZiqZtNQp zD|8SjAlZ`?T(iXf=ER2~q@yW3QsIq<6mM~>Y#>!Z&WN>5*EVkjp|W_6jpJBTJ7m6U zADdAKcWe{wD3wc`c>Vh@)*JDc2Hd#BCEohMZ&1&133<#VRsR27q5~uBL)(t1?WD8L z!x1Nu)hiMB1j{L#W4CdpNF>%eVe#>In+`E;IPk)J@!=9&e0vLyNAMrUbq-<(4p;=A zz+qJ4YPjBut4~#0S6b?Mzxo;mk{fVk=g1L`Q{ZwAQ4yW5saOQ4CnKqZ;xch~l8b?jV>*UzdCBrxG6Mc3@(N< zSA0NlJ~dHO2*-9rE{%{g%Q_*rAWfyIk!ARfIy43J0H^ILO4DeXi)%t8^Kd~ri_S7| z5d&x8K;m?bn}%MaKHS-Kwt=hi;bzbb16S?CokQmsxEddBCe1W(wLaXrbgqG8sX6>v zID9rs;~)iS+QiMK*)DDxtir_EWNRFxKx`FWpL1xAi)(^*J=}a8$C`VJ9vZbC&ZG0B z9qK@S31|d;LIdoL^Jt!nbM=6ckugEL^9`I|4-064#?3?RMrfD&JR9vST1X3BToZgt z=%g8fYo=xcr}co`i`%tOi-FU6AdY7iEuuvRPV0fr72IN4Y~cKQXr)$-I}g-Nfu(u! zTtZ7++zeQgiEE=ajhheZ8Z>`%WW1%c)Wwa}!!lZSiXNtDJuIi?(hhaNmDYpcqR3%a zxHvuvCi2wnR?KmNYs?|MRbvYo9V-?qjeg$68xQO*t|s-)5R`sHn65Y ztf%#-=%Go=a|3OVcBn&hXg0jSky(^B(nc581WIwVOUJAr^2l}rH^;zPI4a$taU0ne zF_$>)Eb63A7uQ7R8M?JFdv_VQdA@d=Xp@1P@561T%?56P54VN37`TN#91c=z+y+q6 zjCswYb1Q8%a4kOEC3K0#wZq>R`TD$+E_HEDwAkQpK5e6Ih8|j3M>JLIp@({;9qJ$s zEiu|fX*+FqaZS`_;DWS+b{M#&n14MUcG6Cb+YUOHA-a0FU9`)^HPLc-wTIhHyA9k5 zpY8TiuYp_X!}U?0fm`Ln?V&veZnY108C|AvJ&3axVutW&xtuOHa2NS-dugx6?SL1p z_2I6dD_mR?U0~p5VteAsQ}i%R^bnw{=qhQ4I*{2CJP)(Dr}r#n4cvSm?mD{8z%Ag}L&qhH_S1d?x6p^nQBLCq;O$!s{wx}%VFTA~ z;LfHz{$&(ddIS+_v00eCiAO0IDu-6-u)2T_-CGu=LKqMKaYV!@s3 z;%=s!T^vW<0L^l7x6myvZi(P#ySQ8F)-gES#eI%GHwHJy#ob1?jls=zai6EpkHMYi z;%=wg$Kd9gK9c`Zr-98V~;W4;o7k3xk zH3rw>;_jxq$KV#ZxG&Nd$KV!gTmUbL+{5cl%uylCV!R$}1(i6qjJtd3OM1O|kB1W; z>hOxiz0$6ZBa5`-73G&CCf`T*>2~)TI2_)_zR(dmBJHrQ_SUfS3Wtr?A@0}hj(9j3 zZwg+^_%h=VJC2~GUKa~4NME4`bh`jnuZ-jMGhVpC=nv3WH0}WpC+#eHkREc^o6cJF z9Kl8CtMs5=he!15PAh@ojpYD+jlQb;e9*&5y8t~zUlTf`=shB|pq=1?cqQRsjXR=o zSlbIOgk6qDTv}Et{@9a*hezpAY4-?tU#)PuT@zlOc}(P4PH6q1U(^rCQ#QePm8`zUw7B^yr_m?BzVnRc;b{*i?JW8ReZ!@5 znY3F%@OYu+S$bCbJc>S-3vM+q{K^o&I`B>1=d&J8_xT(>r*TJ+p=djU#_@ImJ&%8C zZ^pC<-o+2ox9|`4iC&)fYy#H6<9!?d*mk49xi$d}@DA{I@K4$G^QY+H1$sf#@|dOt z`qOm2NG~!DGJgyi1Jmi@UZR)WcFL|r4@v6?kJR1X+kH=L-n$fd{MT>(l3eTZr@1K4re!By`SCmS$eV$;Pte!@e(t(= zDgIA$-~0(RzW>TU{G1~1zxu16&{IF3zxHR8`T4W|^bS4v^MC)=`?UUd`3u+3lU4-% zTUNBWjvlaff$RFfu6Ar923xHV-5K14@^J6~%DaM(qP#nJ4CNOij4ebMI}%~+^%2Gv zBaAIYeu1(atwC9dE=74D+K2LBbQI;G=o2VMqsLL+P}OR!r5meuSzGC*ssq+4y1D96 zYc<_cbqwXLRlh*_x#}8}w^c7i`T6QTl($!pqWnUvc5xHk7q<|%=Amq&g(#;|GsNlU0ky`hNF6PSTh+_xe3Z*+ z4aya?7UfF1ARcV&q*Oe3&Lwmi%1i0;c(}TmR>Z?KTc|Bw4XPHzN3H)r>*AxKN9n@& zJE0A9QT(0iZn`-BA?TToawg4>e`s~ks`!W1^Jpc?m9#qk30*=P;-6USX=?nF+D+6G zKN((6S0${_6k3k*f6#e}0DNIE5k!{Wg|dw{p^XM6r&2;b9mSxN7o7*ltx{IO%-_H!vXNSJ~ z%VC-_^p`)y3rN|{LYflSz3{Un1+V|hY?*3{-~3gMYRcdJ*$?TC%CWzFhmPLx?e_~5 zzTtasy+%zpb)bIersv=IJ7lXA`U|>9e6$G>JJ8wPz8kyZ8@)Yk!NCFK^+EpN7=Tj2 zJ-437QPnZ4)t7`x&C~>f*QtSFpS$;Mm>JQ!O@&wVVo}aC~(CT%-0{oEJMG%gQ@y+ zcJK+FqxuU}D_WReewv_YR`nR>wY6l|lIi11#;vKAT~4mY7r*}P^vC@2lQ!;;<-)tR z3|paL;1_#XoE@l3+8X@M0+{)=s;g<9QE#?}oh5kH_AG`OZCQSN@pudI=ZwK{z+71^ zz<0h(njIJx@NPY(-Nv6|_uQ{r4}7%XyRuyccluM~vR%Pv@cJ>oInK5QDgg8Bnft>F z`U11G-TT@azOYi-%gdB5ec&HbY%QU(oz|Z9%i=zely+ z*-@n}*JGdgN98ljjmTS#0s7$6WHl026u`Kd1@8Iu0%1p+y<{1+qFjzy0nfh0UN&JL zj-G754v~eukS3IKA#00PBAQ#sXl#@hA=dK_B*wRx$p|auPTfm!Ysr)*xi7Iu(uaOxf@i3 zt!mhI7(LXWtOpfgs{xr;7&G%Sl=EOLVQVS&J;H%1@ESp#jfMbPI=&xdO@eHf{D$B6f9u24Lfb6sVXAlz@p>8s>Xq7+k)T-R4bYtzcyjD zsx8yP6bj9HPV&KGPCbzUha6W1mOO5RMEKIY>2Xy(|F{aK$F<^0F4EX-Ysdk5C|E%KLe)a;;X0S;)5Y^TBGa=DinptFq>SM zYisTpCo!%JY{gY^alEK>j7oO4^s&+T@QdGv{5AM zpX0D|IU7HZ1TABHlvw|u#5oR>5voQRr5cn~REx5j>aZZM!TOId%e0`Zrv{V_6vyN8 zIK@yVs2-c{n0-(-U}Z)K_ft?Ns3{)8dbBalheuiwBkrYh z!E+evvkx$06lFD5jUQl!i^M+&#IS1o7~_WG9|vnGA#1fRlu??CvPxEO$ii@6L-SGA z(gKuqv=C(jEkYTm#fbp=S%I>iR-$a6RVd@MIuQuQXf4Wmx*);Xa|g-**(ifFClL-r zs10S5)+H9vKVvO;H+C7j6CXjsor#ao=W>({v<&4GtnfYxOr?uaPNVfG&!P<|r(^y1 z36id*wwOMIT~F!^!Awvb*s^G?f7&q}{9u#L%1}!#A1%l<%u8@wpZgpS$FgAD zczs$LIzBDZ0ygQpWIWb1`fL~v$LDH*8@C;w$6;E=YZpM?#20&|c)EO35!At*%Eyh` zBF1_t_rbkP5e}!qFNjXS90Gvg6iaXl>@d(UMRGx$oB~yRrXmChR-ya}Y&Zf4&J%!- zI?3qZkH}TAF%!m~UKqPmOy9JBAk6Bx!HS;(yZ3D4^?S1uw=Bj?_$A{*GLtcyj0OL) zK4G>tPAG3O*3}a_gxk4{Wzhob9R?l4jw65SX`F9A#Y@IQ|4LuSCVni7&r!M|ao(rM zimxjz!wv=9=;Er}pT z8Z*{JNYIUkutVNZkZXeNkZqoW{-lhB=!^d*_)_``R9UjDoD9BXES-B%_e8O0@a5Qf zZW6|F4DrY$jO7@|E0Zvm+Q}w*dlJTSa!T2UnTYWW+t53)mOT;UaG%Clvckpe(lrTV z=^$kdO~P0@ueR=)gt26G4H>>Xv14I{EGhm(jiUPXY{M~md3rG+gBoK^V(g7fV(g7f zV(g7fV(g7fV(g7LhByhaH!_K_H!_K_H!?}Fmt&OU$`cYYq*E_$xMR(msL_nEoWUj` zKg9m5x+Wn%v?eh|v3Ph`QEE zHjQK4DQtcM_iZd%Z}7F4cM*BePy15-MK`N{H}VJG?yCw+q`us-^xoG5j#Y2{mPb2A zCqKmA>jYgQL(G!SKHG$kb&AbT;C>XW&h_O9v<-~Xr+2vB9rj~Y)(5om*fi^3XvJUi z)1mNRH(S4?(DAv}uc`JmE^A&}0P5OAv52F%$Nm}i%c^NVYA#ij%d^x4a;9@(a2e`G zl(7@i|pad`^=SpJ&O5&*^gF^K3csIRhs?Lo^d7K11*^?rj!Me1>Q?PJD*Q#);1m z&B2M!5Y5Gj&k&u56Q3cPhZCP6nqR}T#p(iK{BS|tQ0P5cwUKwn0~ZLAUf#ymd}32eJ`&rbBi=X~(o70)U7nM4)jg}1En{2_)o zgJ*_#I?;&d7yKMz8lT+68JQV42{RM1VHQru*f@DL7iVbZ;f%}zoRDh938qD~7-w;o zKo?6f>T;ZkS&0)dt8o%$4bI|RfHN-_;eVHKG2T4fKpXMCQ3u`~>Y`0JF|!3bK3j1D z^irId>A~AqJ7_2E!nv7V>Z3h$8C_0$=?c7|brs&px(4r8T}%5YN&S?fG~PiPz*|Q{ zl%?zNHc$?4_T;HRBXm9f2N@+QQ-u!DLHw^&M(GB;M{*oqgE(RT2>wR_kKyF|6F9|w6sMz~ z!a4G1a8mqPocewa=dZtov)JFkkLbV1KdO&6H1HM(UhmvSY355eh!I$0Cu?x8+#KA@3I%z?PI~d z@AY!l+Xp)3OM{#QKLzXq#93eZx7~aQ<4YohbGv6|iyEut_a1Zj1sJ2H|8`1byZlzR zAL{?s6z$~S10DOnHu6=PTid}ub-$&U96hZRml<_d_*#2k)>m~Fa)ly(gUf@Bz1vo^ zvdiw1ABsP%!mjk{oNg$})U>Bkg^K*H^w=?+@A+tVvUmVLoaX?>`TT5nTV^nM27=M% zj%ZglIgH=99H+eldZ=pC@Cbf6En9LRr+z+CwHd$DnNJR%LHA#;X4}}tKW%?%2O4rT zdU>*#$4`r$wg%CYv93Z2Khvjw^K#spPgV6+`pai_v2VEkby`)N+PC!_=8ynplrD~S zo45D%VAcp!cV}`3GW?65r?&W`Ab5fw;h#-E@TYbl`>dfqw-3yL0YoPJboU=c_4t)= z_@-)SGKXJ2$`{73@&ATSqd>G1zs{IFbI3kZM?IapcK~0dKdI1>+s@zhCv|kR@8<9F ziPOYA?Yl3<_gOu=FYR?7r^WUDHNT%1=-JV6$>lvAeW=Ab5N+z~*oKe2>eqf2{6hVT z&%&wdH+&Y(RwL)LYQ+4g8Zm#D8Y%y<>MQ>P)ldGvoczNlAOHTN4?ppR*}{&&XP{A3VA+n_qK(Zq4^>S(ZJQ z-!0$=k3RaSkNiFdtOMix;CA!x|8WW&$Oid0n&nwXHo$c_8>jUs^uGnNh5TFu7K0_A z4V(;?0(jumY+g%Q#a3?3UnmD;*?ZDww%v=*xtx`q^_iD1{_y{9xgOrQU1rL&?BeWT z)|DN~`mzc)_&Xo01y2Gp(nfG0xCpEV8$dhQ1U6fgIW6+&JW%9wS@x7Hdn&mDLT(8O?h6KF}cjb>uI_C1;~NYoFPi@1qRfyMXUS zQ`ZKW_&!VXXUmDd0;~k9z$xHVa2hxroB_@RXMxq=Z14nd4#>e8a4t9xJQ373|811f zvZ-Hcn_rf&`EB2e!6o3y;8JiIp!rk#cN5>ne;Rl?_zCcn;2Gdba241BwgOpd8|VNs z?G7-t`FC?~57-O#f&Jj8zyZ(+4uWgJb>Mn%1Go`96Fdt%8+-&z5VxpX?eFsY5yBk> zz2IhW4D^A1AU_O(A@Dpf3`T%lI|gn6$HA>&9NY$e20S0U0Q@X?A-Em92>cxQdGKQJ z3*Z;QFM*eU{}22Z@XO$(;8(!Qz{|m}f?or#0IvkE0Er@=ph&wzgd zp9TL6J_r5(uOd=Y#J+y}l4z5@Og+z-AAz6QPyz5yNp-vkeWZ-H-vhroBhcfrHp zd*J)v5%6!|2jEd)hy8z4|G(<$m#Y64lJEab{r?=Q{vMg*s{cFszm57UO!D6UZT(-% z|MMtTsc*|ZVIlVxfyH16XagsMrC=FY4pxAbU==t8oC;0@r-L)Vncyt28k`ND0L}q9 zSOd-l=Yc1J^TAs1B%uDUE#FMvFDBe2;K|@pa2a?Ccq-^Sf%r3}`QyI#)0FKd&;{(< z4sq=UJ)i>q0vrMVC-nckX_n84*&`P~+Y786LD8h&u_R=RVxOC&M&42D|<_;}ew&e9YUvkE)I$uQmp94P+UJQN#{37@z z@E^JVe>e4e5BT5Uz2Gmw`@s9bUEr_4UxU8^9{?W&e+xbY{to;-_%K*m@PYk*ZTtOu z{XUO+%m*id1wj3@i0k6wyT4E7`%V`GoTyP$EA~+wc1y2I&fI8+FP~Md34PYafs%M_ey-UGm;3?p#;Bs&UP|rLa`~>(( z@C$e z0E1u%JP!B&b2 z^Fx*V+P%AO$h!yohq^|45A{_p$d4cG?LL|x?YgDHs9lk8J~B2mG&np;0_*dUqg`Zh zoI-bvug`mXdIv|w2fBwLO!oyF^R~9V`wn(IjT-e=jvuWISMt8DQ7RR+-appgl@C|? zDqSO$^{IrGq$lsMbRX>+=pE_L&E1lB?%mSfo+wV?hVw(igU2cx^IfC)@xkF^(1i-7 zgt=ZlHc-hgdFuN7lFgehetHpef>4nG!3GcKDf`QIJo(8R^Mgkr#_?WiGEgBoQ-yj^ zv)5YY-IZY*fF?USI3yR?QX^wDxgiZBVrvGaAoCC3NHsNi7234Yb3xwShb+K$!B zWO=^!^bS|LN1-j%P}rOn>aNj(*XA0xd3h%GF0oXijRB9Qsup+a&Gjptj2hG;h*A=t;ehT-6A z2jG^`u>nX+k*#}@_<_MBw;Or}yD7~8beG(NBfX=8Fp3PO&?N>e%JuXlVmXQChx@vY z93jSey@z`$hx40m+OmKD?v9&ostM9Jm_igZfVYOpM8#5@%{o|pAXL%DE{nbqdS5VO zDsaLrz0z!=l)aG6avq{V^L?H94f(~JH*QXps6D%7&4ngQKs?w{;xID+9{prk;wI zn&_cOx(5g7KYD38cqf7;0vEx%2F62xsP8a64Vr0qke+NH-!d|A5c%AgU)MF9n(cXG zy~D@o5NgR+Fb9&2t|??b-J@*^ZPMR`cu$m5Js{mv_WlT^kEVo)(KG%mJ1){Vel#&W zsn;~D{C^xxN3SG{K>up`)qt=^TiY#zy*+tn`%O`Cs!uin&-sm@4B_P-^tAjp5E4WeUiwwg^^NX zOQ@RKy{Z#~JZ;rfQB0}BR&yw+gWX*SE((P{VlYqok)M#H56cNnsnPkmG0idy)Xre$++E= zQ_Y%s3(~9hONT09#Dru`^rR@vTYBM2+3a}NxY_hnVCDYa0UO^m%j}^-h~6tks?BL2 zWWWx7Fu2z{y=dT~%PQF-)oy&K*AkBBm{aO{7*DF!Ho0WW*yx~4Qpi(JN@AU?yQOSL_+l#C zRnu8NDdPGt1ow2^y1O!PWb~*kRr2%{pzbL>LXf2}UGZRdZ&GfP+qYIi zA}2@`5(1;4ZLI7J(ohgm@hRoULdRdp8+7iEzctE?)k;a)$~MC8?5n+rJx1S=YB@yv z!7J1=Nso<16HKaCO=@uWMC)7lB~RYCIgF#JG7BRe8deFfEBgU0tP4)eW}0NEX*8D| zlfA@*X@Yo#;H(?LnjfM6p$p3|*?92<>+|v6N?(s$-+s|W6FN3@`=m5xGH)0XV4M|3 z&BnvST^QKdqGg{|YHS-DgRfKqw-gG0hMrJD@4u$KGf%?^1`!zl?Ze|kWV1&L^$1q@ zIBM4kWwd+a1xdJW*m&9IEAn+3%%~UiUSU49AJ{!Y2uM_n zN0KqLp-@BJ`MzD-LOP3*sRi1Tc_)1=+az+Ups=`yD#I8Vj>|~7*4i83Zdcy~ebNZ0 zM;lKqKzZRT%uKqoj)5bX0`!mMqKY2Rw>kt_yNh1=h@+T6I-)2@`k^vPraO^J!<~T* zYQ876B-A1q`p4eG<1>|<_F+&McI*1WMl8k%)G;`vcs!i1qkgq4v+N6JuIhM4~c ziI^BZKh!%QGxv|t;0!H#k#n^=qZkGs6pOCdu@)Wj;E<|+bnt?F)7Z%HCVQy9O+??6 zk{eJLC8F=&8pA;nD0yvD`9)FLwEtN5NPGXt#-T$H_vXX`MRmf=er3?Ef?j#mMhuU< zZxBk;TH}LbVM}+VF%-07^f*!A+WI&$q{gKR_p4*E)Q}i1-Ni@^Bd@oMP7lsmaw!52 zcLw{?j6)31cZaBl0-kudW70!2(L}VBZH3`pdz;jOIu`F6Jiei?a!bX|x_<~$ZD4fd zY5CU9E!#WR=P9#mdPig2NVU_A#6PxBUl&FVeH~_CSWjV17NeFr(wyiy(GS+}c#@v> z&izl1+_A8d2~Yn>$rFF3eo_k@2~0z@?qRF~#(3eh2$Pzcl_?c`6rKm;4N$*QZHykZ z`enIofw4nq>XN6YaE0$f zl{bnTU|^83N-{3g0Wmt9N<$j0HmOvj(t4a|=*e6#(a>1l7%^e`7RvO7O{uJ#@^u3! z)fmsifLL&LdRSmxBPdk_ucHeGKw(`?rcj}E(=gl8#+Vc3hu%SytO}AlkZ_4kjz3S*$q{fhaf&g8G!RB-#I{aF4e;q7G@ zl%J%npC7}nQJpsvU89Lk(h<`1h#k!sQHO2W%D zspgLNMvnFlNmU21a@3_8FUHT3*rTm2I2vI{mFPj~!pddmnRlnIv*5Z3Visc?`x!Vh zPnKq>Ps5*ukXuR}DlvlgS1F{Hr5sUTLB2_|8z7twg)2>-j1tq=;8|4Gt#PV-2yW`` z3gL&GWf73i!=rj8Ql)D|*P9%INU5Kad0s&y-_q5mJE5<)8~;IN zgWisbgx4o;CLEBO%o3?FIy-ll(ohO+Pg}_Oh|EbY^+-BcP}AzNLxZ<4M4igDNtII3VJrfA9ql)jYPES##D!0S3Xc`mA3}5} zv~1~`u(k%Z-BR^R?M(%e#z3|yg~47q!AHXt9A1oZE3e9Jl;ra%RJx?vJD3`_a2%JO z97L{0EEi$IZtk0vyZ;z{B8k5){hvw<{j zM5%Ag_bKS86AZDweBHsV+b*beI2M{rUMu1j?o$Zeg||uD5lWX%z7Xs1@}=)bumP}S zQpqI*vZ)WW?1ix&6+rr9NvjWTB%}y#uk9~v3%vNy3CeHRHtOi>>m5=7GB_~_n|s~% zj*bf^c(`;wPLP|Tm#s+$C-NUc#{G#J@$R3_^+Z=_LCRKV!MH{fJ>~LiRX3;QxU$-eb2InKqjMR>{ zj_Wh(VG=YI>WSJ`-EBM}B62nGg3QX-M-zM-RC7o@4TRI@ZR z#0uMZRQ@2rmh`@Z)i>I@-s7vjIKt9E`0_t!h0w z>e%XN7acjx2T4TKF{2A~o%${*_ChDs>LUtRk}jwtLl0vnRDI~>^UzLIaB61BU!hBy zQWZHBHKmMUA68Qx)+VrHqtp{ACxI%t~D<$u-*9 zh-4zcBq~;JMb+DbqmIKZ+J4~1{Rgkvb?_#_-PEyn%huf;6pFd6cUQ;i^(N}#=KgWlbliSn8XXm{e<0mtTH@M z>7z+*>>5UePf^h|6CHInwzR&Na!1A}BVjX3Z`bA-r7&u~Lt>O1r2< zg_5Nvs8ALWeofwZyPMRJO%R4&zO)VtI_oK8$f!F4N)09xr>pPjR2H===M@vXRmPLI zU};q%%No#c8=MxRw>q$Qhpe@~GQ6RX7zkLn*Hi0T@QFfC9Tr(J6JffUN{|FWva$g$vuO4yEXHYHpPCaTAuVBhtzCKh2N^kyFgybT5W~Fqa;$ zVt})5OJ_ThJK=#Tx+IE*(Kp@?_h<(&8m8AMsvyRkw)jKz|Mx|+(CN-@PiLgOhw`d=VT4H2l>mi@cTu+#&N z>rfl`#Ax!t{uGbqw=H)&fmCuDW70`1f(TU`R!gf8F8XCA6E4%Y$aHra2kuOMq4Bo1 z^3Fnr^c7kwEzV$4aq?dqvy7YZAzZQPDVtoLvT#=j3!_&^*~0ec z#89&wrB}WEMe1a}G2guLipiN(f9=;STbb|QvZEtkb@?gESwR^nLnXkHd^C`~n zuzsrf*Q7v`0!<1uDbS=qlLAc&G%3)eK$8MZ3N$Iuq(GAbO$szA(4;_<0!<1uDbS=q zlLAc&G%3)ez<*>4w6F)j9MB4`12gUaQ0^hnyq-7(+ylbBXKn<37tiMVbHGo7+I?mY z@!P!}dbn1=VNmWf)64gp!6-P9+>h6UyOr<12;9r5-u@5G{eLF!KUv!@w!>7Km+j(y zBtHB1zW>h(cI;Y|wXi?oQg$+Gg$rBVcJrzS*rkap`@im;*p0G}-|pSCAZx$+^sIm9 z!nyolSH)H~Qkj!>S6s-Ri52#>>S5o)0rs%U)4p8GNOS%ZTUOrjjcnB&KapLvcFuxq z-_`T7p8~aiKap*@>YIN=9V=(2Mt8>? ztxY7mJZq;s-{k5JWm^f+!!C$9`#e?H5z&;~W3z`}5pzB@U;5&sEp9J*jx}jnPt5rf zHL0Zi728Ow?XCscoX;+M&ziL3=K3rr^ok<1B^f03GW7B(q1R>?T=hnFyID)xi&I^W z5H^Rp?m2p>i06JVkDb|C*<5FFcG-d#O(OgvwoIc9hSMixbf>rZYaV?RV)&QGUR~^N$TxW- z?xki=_lox8>HPF?E^$vv-;AqHi@5G0#~)A4A^tu}GJnN`Icy=9vsK(0wu$>mwuZYH z61`;;J4dpuo8^l=%#1pYzfk+mJnrpq$+49&|;He0vhu4fcTR zfjfV>1E0GXtpV;70&3uLSDn}J{k7mbRQ$W(Bb4`k@KvykiZ2JR0bc^d=dN%qR`51(8e99F4mN^oz#-5LdO!sn21meA&CfJ&@I}>=-xzHNC0lX1>|2%e)18dKxjlrh1 z?B)jKpR2$Yu=7dm6bF6@RrV6_<_pkxH-{oDI&0_tt{{3f=~O zAAABl0-nNFgNMN@!K=ZqgT?YGyz-tk>^A!D;7{(vUvdBSPl1VQ!j#|BeI6ONHq4Lv zyXBlz2Ka5pGR#u8Y3bC~cTSx&>)kKn?*DTF)TT4b_uBBa-%o^wKTP;(aqH2l-hFh& z1kI8AiSM=bMc>SLzcx(mcXY#y;b)ylVAN`d%;Jdc0BZeo^LW>DS(`7q{O1dUdQPU-jxl5Gj^3~cOU#|P(3$;)FL;tv^wx*NlmL5RVMQgLg+ZQlu`S6^!yH093+S2mj zIrAO7c_*%~pQrvV!=5x_SjIeOoM`)fi8kE297_zmc?DJ!cprE_cs7>hbHEF+7;gvv z9sCCPpWv^+zW_IbZUGCx2Jl*N9Lw)k@Fs8v&?5Y6a6kAOIK8k44|4r;@E71?-~q4z z3vnS>1QvrOpbeZ1mV!qfe(1q(eDy0|%08d{GaIho%Vz8!zx(h1_HXX`%lG{GpT6_$ zfB3fF`<*-A_`2VCZT9Q0{MBFiFG2B_aPc&UdGmk%E9}fY|Mltf9qIF(=`;UV?>{?z z{$l!kN&0+C`g~jZ{BZjGNcwyveg0eey!U?N?)a*oed%)~eU7HjUrV2FO`q>gpPx*h z_oUBnrO$7t&(ptQ3V-lTKR=W{FZq_=U-lh77c9sYw#=LV(09G_%Mbhc()9UL-}C!{ z^m%Lg{B=IF%aqL@XWM>1NE@Gz=f}gf2~7I&cv7n$=f2u}CjGdl_DTI8laihk?5}GR zsQ)8{LcEr~c)>}_U;LUMwB5BToBzFe3r-qZ@X3W&E&d&Z**`|QA^1Ff{j{ek{_E#8 zh_7A<9fACx_T!SjN!0jCDtPfRi8Md-kH4)=dQzs7ew<)F@2XAhNBg5TWp~Y=rIiuO zI_*Du3#Sm5&uzp5sjr~@Pf=H13@!l&!Ofr#ycYa-@P2R?_%3)Dynqe-e-``zEM#=P z5}XZQ3ho5o0^bG?frr6XHu`S|d%#|BE%PC*olNtHIge zmh4svVfF=IzyH23eD0q( zf#Xxt|Nh})fB%8^Pjm~^!;azCUs=;)^X4!5y882i2mHJ+eI8A^w>NzbJ?Q=CrO%&B zpZ_K4ky`YTWU*Vgpeo<1vl zW|u$S_J1tx_Wc@4ro&7oexIONo?x&^`TWB~CVcsL?T<;p>i?J&XVQ<4)~0rXKkDaG z|4B_YEogo9c1vsMj)ofkG06YvKa5;`2-$kl#q84#e&G`4nt&d&*MQgK6?+3%foE(b zxBy%TehSpD@qeBt57#vA<08m+Y7?lRT5YJ{pGp1yYW3seZO7xZpOp45#|38w(|2;la-|!K>aQD0E?!$f- z+W*Wisr`RBeZDk(zUn^jygGgUcKUpC`kb3I|Gf11T*f0#mCWeZL)ZK`@8cqy^hXDt z=4c-8oJTpw;Jm?4V0AR|)t>}+>aYK;+7jH(kK6y-v^&$oye3@M}e0O%<*>1n}kbZj#Z;qa!IZS@LnRg%HU!Luw-Z?Ys<}kv%^wKmN zZ`@wO<{Yl+^KJaPHI;ZN=P4ddImYwd>3OUGI7SL9h~ep&N7D?qCCrK8?E5WXfDqPu zQB4V|c`xHQ&#qL)kyIvgzMh;%QjXSgVNJYelAh}i+GHWwNeY31_PdUV(xWOzaGlkl|q=# zAbeh1v;B!?-s$GqA<8FZmZlX1N8o~>?3NVD`o!}klj^yZ*u&J&_FPBISZ#5HYqaq= zYbIQoVY~M5SxLXGq2)V99=63%u0w=d3$_$o;*-U!ehA*VF_pqvS&ueC^$~Wa{NxPl zGs-_{Y3p?mPp-0*OQC_Bd6@5&wCyp6LV}&CEr6Hd%4$6tb<&Q z(TQg2O7#y7QcCjT8Vwy>8f9oBKikc=kbb5u^_1e)BKO)-DDBo%Z4;;KsmpECZeo|T zQH!?IhU#FYXRzS1VPe^mwy&`k7ikO;H(EQWHZR4Bwq29jb7qMR8JNAlXhDy(a1LY( z{bCDLYT-1%7UXder3r~OeR=)ltFS(&n}zhw164zef^H<=~SkT}YKBkjp~XcaesAY35W*4s3-ht_Lef z#dfmy3t8=$kY`)pRvqTV%*L{EA2pwyb6Yvp?(dnHSxwnaOrD=ly0tRh3jf_nc~7fp zBei_le_7g6Z&~iLN3e(WiM?At@ujxqt!nm2MM-p(UnS9SC32+{+y-r2F=s5T6{)_B z-(mGsC`~84Y`*rw@^h*045>y^ca*E{j=*JFM-+Gt7JTgrsIY8^xht4`3)vV%hhE*6cm0Cad#SO1BxSaw!}qm12ElluRn938Y(VcCaJs zxb*O%LdSfHSep|q#%k z7>(@Q7S3XB#TRlR6kUx@o5|W4NTqF*iYa^!t*Es93)X2_Ph0Wvw8wSCs+Ho|>-hv? zG%8`ex}BU#*eK>a>hwoY`LgV@e3Rcka9CT!zGkX@yE?bF4-vMrMH@s*W+oePSIV^` z(fxMxd(~2#Iu0?#de(Gnl9}h?aSi!j)gYbyDaSllGkgXeK66V)sQIL~I)9i`kPjv) zvyYiNqKJ@<=+=s~ceboX!yKNZH>X>~LDknCo(l(s1r>K*cKFm;`TJ|ss{+M8&zYzz z8`S^N6z==91t>3bLmr^+ll~yxaZWQu)DdbvO zWdnM+Q7s=Kq~X?c^8LwhXZ_sIs>8vi(70xgWOs1ptUR|me?MifpU1_i-1Wv#rf_zC z31@NF_NvplBT~upR`k6ZUk?69?BPRocsQiu&2VhvbU&C%*SN0HHmA+Xh4WKd=OfRn z^X1vu4QO&K(YL;42wi*>?Waz*_gz$%56c=fN^O4j98U6{jmA;_?exeiv9=Z$QW$qX zk=>m=18sK^oZ8B%=#59Om!O%gyC>cf>+14;ctysL&tXOldb+gU9o;yhbc{EQRCi=|&3O|& z-(33Q%HC)pmgdU)otfh## zHvfM1?d(>p7)JniHtY$nCa2BRp#_`in`omJ(*4pT`>FJX+KTl!TA*k-SZt56rX&N0$qjDsuAHmUdcroKWD?Qa+ zgsAm-o7_*{(c_Fc6Y$6b@!-56(5v&r6@TT-jb6M7Hy zviQE-256+;A$TIn9NsF&mV1k_W%zXlsIPB=Iil7h6=TYBBz-crap^%QJx0}$Ok3jL z@Y_p~4ye$dO5}L8THo-TNEK`0h*pk{S%i{S+5ktn+e-~bv5EB1O9Sb6kSEa^p}UsT z3SDW8uD_-n2M(jcL>qg|=TIrt+-Uv^F z-d1U*?2khiIU`2dRUc6wb+&A)@L-f4AHC?MM`I^x=ohHwwJ_0FkH`+<=|35!#dZ^W zgs|2+W?QbIjHYb~Dul3A^m&Az!7-EkvXznrZI(mz(tA?Y*4*`<=*N&Joi&-sude?l z-h5m%5hA=gakrJ+&;P>8S9!hjON%~LTt8l1KT%viSzPb&dj6NYAN1Ps&5kf;`&frds>U%Un#C%)7x1}yb_?Mmv{7) z*z&fIvtNVICUi(h$9(8%n>cFif>UdMm2(ABb9qW%y4P~*HN=xc$~l-lw3RKW@2lDl zdg*OrWx_J47p^PxLg*qnVF~54y@MaZw_fFceQn0mZ*Ds|gZMo1)|aXrYZI5_Qo~sf zrCUxKLF?-K-jTHL{&d|+=-uR5E%BbD0lG<1$z6he=|k$}&+ViYwXvKF3NKTX&HR@k z3D(Q+(m6bzmcTnolAaIg9d+*@lv3pgUOu&?p})hYwP->j^bQ^(ZNq49NLeYV{@b2v zZI05;kX5a_lV|2UK#hB7ks(S@&g0eUgEsE!_uox=@GUfP#-cOnCi}^l`KyglmFhM^ zS~}+wrCCU~bQ(otIkz=T8A`cSvp6GTO?;Ete|nxL_b`)t65A#u*}CW}jalR1+$EH{ z)F6{J$MV#w#w>l&F;`{_+ka@$%q8|tYTAKazJt`2k$AJYv*64@O0UOu2#&LqmbTP) z{#GAV({m0}dfV&7{BrnzO;ta>{IMANn!DwXI!K*%s8yzHx@BF}b$W@M-IKpV!h>6+ z#`UD6gB)5h7}$y6!( zbMp>AvSki=S(s9bc{pb+&SQ2%u5q3xa*pzj(aLHK`+w~aHI%8D%5kU}`pa2yzbPvR zcw#BXNl$sO<)ZhF^#sbyDE@S1BxdfFn|?w?Z({7QAclxHNILdPOQ@}Mu`V6OoVMCy zG)Zb`uF}%7yu*~(9%z6xoH>aUy&vs;T2WWqx*QK#KkX6c@b}YZVQD+hJd!k6NQk+b z(}Bc0rnVy0IqV&uge|AF7IB@e97$tL<4(^_xi!CyNYTcmFDyq`jp^@*87OFRax%*nni_EhL6&7J71ecV-lU6ewrd*uo34r}0?VDup!l+4!D z%CnT^EQ~y4{_=@otMObv(nl|*WfrnKLVCe*K^>)5E?h*I=*85?@~EF`Bx@_>Lcge6 zrHB2R_IwvKQ*tbG@ZUzl+KU=WOU$~*3~*`3NBIZvmsFot*I-C%sj8NCJ}UTfL85o? zquTorC3a>hR-ni?hVEnZH1oXQ)H%ngvx|$MU({c@v5jo6`LsZ3o$SDJEX!N+u{O84 z4koKHEIs*j?fsD)8?3*IlKLS5C*sPn0b zLbbMhXjUzX=mC}Hu;W){E{41vN}WTjnZByngpRSvg4k0n+N+EmN=-2&bPdc6Rm8z*Fd_t0HwaN6=N3*BdLcIBKuKXG! z!i8A2)}!`bYf)p?-ew=j-h?N<1#Z||lyfpw=1$OOB^3JGY)$sNDYQLr*c(&JDrM~< z?8m$Kr{_p%RjQr>thKQxuZnp)sm``C=8p+eu8w&J-_Mw3b-*g>c2o8zClFFAqu#m~ z_n0Zy=ClxQF|^!99j30^IT>wIKb2EhgYc;=&p%9Q*3MGyR(QaE=_GQomn_##oR*!D ze~$R)BbO(#+GjbbL>tv#5wwW*h+d*LC;fV*{&gLVVQe)yDf~t;HghyFN^iA`5cX!; z>b1H@JI%gIKaOk6)R^{G``E2UehX{HwRrZgT59%=uA+)qj>E3z-V(S_ZnFQgB=(v1 zj#@CKHEZr=Nn@=<*axnZ97gW7sux4qa>QBt)by);T6lY6?OjXuhxBb#dY|aZr*b_) zYIV5wUgj1@kWJ=v$thM7wNN+qKtlFvwcvDleQt~1<8rh*eHPXE^3OB&n1hbG8EM;2 zs((&ibMX~k0)0N1?x`7X;+wwe?(EBixeBZ&?%mn<($!TmXYl*3Id7&->&z_um3sI8B^V%<`K6-?Im0oY=-o?J!6_Xn%#cxBK ztFh6S*C~xF3Jh}%TvU%f<-9}vy6Z9S$lgfFY?HNly_CYU-Duvx6gI%!jpqK>Qszdp zr!hz0m;-->G#aJS%3fyfSykV^|DA>@G>UoGoJM({Ri~v+CBH`NYg>!n>~wU=?EUK3 zNo_40bT>MD4IJVqA;wMNlb+n){Z*=KqjozL$*|wl+HAbCR6WA{ao)n*hBGktVcq0# z&V$)=TSjKp99JePG}au?ZMkjMb#^Z&ofBDScOTa2>6ETDdpi;$mw%Vf_Uy0H=YwdU zF6vV1#^1`WL^m1gZem=S{*`NfzL{uf{PFCgaMp>^YjZw%%}jcMLvB!ROIQ(qAQ{6W$5jCD~j$W zS1iDm%h2#AvZBcR8?Pub#rm4pmc5d41qU>mXWdUao0(ITORmIgF>@~vq2?3n?(8>7 zw}pDFX7+J5Njy8>jGT70Jh$a-^hWiy(wC$6=CbDG*|?1@ z|El~ev_$<9mFodw?MS0C!6UQIKO3eI*U4%3X0L$rr0|PU%YBr-X|{RkSXJ|S!aLeE zwyoHjD0v5Zs&TJ!A9QM5uG!Zplxt>gZMmCXJ0!<-FLH3>buVS^_50~^#Y5z=Hh-X4 z!D24u>XWyS*Qe*W`sB}$m`44W60xN!LTCSYE11;Wy&Co)9egABxwAzr?6SXRoi`p`tcuehs+L)^t zJLqp}{6?QVZL9V$imPDr9cIM#O~$+DP~v)imxst{wztOWSW@5H;Qx6%udevLjPLi+51dDR7R_qc zIyRb}vs-Ah7^BXtsT!4EiqtQ^7Jc+3Ewr)L(v|S+rBF!A*BYFYJQgSR7T6j2W^~Bp zH)dODvu-Htnyqd)s04F(HQtNU0VnL^w}I*YD)VM?X+5w_AZe~nqal?{9+ zM~HDJ{@}OZ8)?*z4;ST|nFGSd@E+FeHnw==qI&ezdTJzF72-Cw;gqgR&;jbm`eVLE zwG5l6UI`mn5c?B-VqNBasm=)tH5yhs5b!bPn&N-?xOE=J?}{9;mSDb`QV=NA$x zyxu#Av7Pofz;EN{WlN4(3tjPRg+lIav;z0dd~VR_G<x@QrQf zxXLw0&M(<_l)FwiH)VdVCXSG?I?z6+hulqNIXRSTUt-;*D-?n*&XBprU=w*8HfGPZ z@Xa2!TsIVRe6Gy0tz&JabudqT+ub~otIE}oQASrJMav$cmRl*sE@G(14yJzNG_EH` zt)NwPuM+!3S7=CKXQI_A_IH*z)^m+;-%@um^7XxQdrVi8x(3EICebHX-@JpbiC^Z73$?9exF%K0yz;nKoRL;P`u zOYGFu`23eSKeqE#j$^sJw}wyk||E`7+b@dgm0R`}NKQ zDblQs`=k0^dzL{;bAgiX*>n^J3o>Z~Mw9L^#(rght<2JMw)CeTVpC#pGH|!H;^3k5 z+_TV{fB*g{5d1rhzh>dhX?#@6vve8C#I!W)-7n(So@X*GZf*KAg#TgU{?K{VqgB28 zbhs1rLChw;*VYkHobi5bnA-1%=8WNIp?Ru1l05NOq?y_m(VsERdS$LH&kWyd+vu@= zpVmgT^?IzdD$4d)%aFns`PRlwWveaEkGSr&c|F$e)9CiY)P07y)6%cy?HW2jp6Xw5 zKk-;SUZU%nk@srj)_$*(uU*=V>D0Sln`XW5_2SmMU$2h!(%kGmU9+foz|vB z`VH?_TQ_}s5}&)lk7_^P(&ie%=F;wZy!*~B$W!tBIH7%c|8wo#dt&<^Pf!pVN=Nq_ z{&DZHd&f&oY=>RLHFwz6M|h$;>^A*B|C#+i?t@OZ!lu@Ij&hn7vi#WnKl+IrGe%sx zJO8*xN5-GNBS(>0Hs>*)|C`QLW$nEK?dJKv&GUc%Up@bK334=(|EJzKdD{JYW5pA( zy&h+nX=SKqcg|9_Y3bCKr=G1@?|u=tcAV4D?wld~4-@x?&Z{1+>fNuk>FbRX>WwRE z>0JB0=?j?dd#a_+4Bu;c=7hf&JX{+-@y}!6?b^6M?(g+@`$v`UwDfCvyO!oN=$WKL z>hb>!;cN4%)j#Qby?pD*QN8;`nWv>+d%s@XdiU$q@js9+0QRr`)wX->_iBjr?MZz8 zDE$SE&i`3JUu}Qg^dS_Da68v2XBK(q@zSSA)ywT-=5!wWX+L@=rpMxD{N2uFhFbh6 zy%Qs3QQ{VJMan(@XZtUon0LZ(P4C2G@lLqT%GHFiW~};ldv#5XtB73P<2zNZ^J$*{ zQ@(-QJpaeFZ&luDp8w-YX;*!fJ65=!Fy6Omp8w;Dyx6g+1}`EVV|Go`9F=`p!TiV=J`KU_h4+E|D&g5>fV~}2GTtL$I-FAso8gU zX`cVnJpV^d@g2J6`9Jke+O`L3p8wN4|ED}jyLtYPK7!`?Kj|Ex=J`L&O;kPc&GUcU z51@JePxJhr=J`LRAGvw{Pq~jr^ZXxok%^hx=J`Ky!h!xmcY|r3|KljMT;<^IGR^aU zn&{`=EP)cR)& zHP8QPgF^LADre|JZAI{?Fu-g|16?kEL^&JaI^k8fy}F z^Q1rN(zbNApC>Y@S#wUMQrp@ak8sAl=i13%?P<1o52x+zIiJa0UpysiY(ndM&JyRF zQ{okTvkq}WRCOPjSRLTIm*(a9U!E!D`Ll7x)sYmdpYt!u*)h-CiZ_~{K+P#GJ z{4USH+D4rZq`02O=>iu;slkGB+&c52h z=}>zT#kTQm2dQ`PZ!cl@@oyWab97R6*Z$as=2m;oR~N14-ZbRp)AhWs?B>Tab4qU ziLLR}HeN(7*Mc}5&HA}op>0yT>?H1C{>4dc!MoPm+*}nF{Bbhz{56_(f7za>;OTNw zHugD@=KiYg4s$*2?x|l|m3_3HCusIStCG65Uukd3X??_vd@Hnw)LlWG^5o2NN1}s8 zIpmr+`EpsRk9=Wn^4gBn@*zX!zl^$!k+*GU`J$yPjq+!07p2`f4ka4es>iuI4nJ+- zd7MF4&aiAvlsZlr&oGW$UH8xpJfF@y9cm4W?5SnW4kEzU)g)_P&0#A=>l_+T!j zS8DrG{iLwx-C07@cBP~tTRB71f6GYQv)nvQQ;zmzQFl6#%E9+>y0*DQ>xQ;4wP@q% zl$b0Lo}Q{Ml$Wf%rHj+tY@aw)&=&MO&X54P)OxmZ^<33c5+|2hp(CXg9KIvbMJiU$ z8MJ-96X})uWCRY`lJ0p5U}!(j)LcXfOw0V_yzBUOGk4{6L+*rDhj=DWxe{M$+H%sc zd~anRzb)}?(Ej>@YD^Xhq>ecH>%MPsAmy| zwp&EHp2BL2-;loVhDT1xUI=GeTWfGQQMla4C^T%f^q$Z+doQG(k3MK=((LY7VV#dn z)K-aBv&M;zwa?2ZCr!wrr!Dp;8uun$kyC<@sgWtVen0mOYdf0TV(RG~d3+z&QJ(qh zI3Hd4!tsTaJCFguWYwV!;sFXiaD z%yN;GRimn-gKL#BXHe8Q^0npglt$&(Hl2&Uj!}49>bZ=yo$yM2^a7@Ja-yx;rfe;> zVjp!>znMlSlsbR}m;J1C*X-H7;gC}{)W&O039AEOdva5cP z{})n{I5$@ZF;s$59M~ZoR zMJFtt=t;sV>??ZBImFpX+0vXtLvWr1Fg?nr%#FvV@i~Y?cbC?uJTg_Ba<- z%g*NuQ){lJy{qRzpHp+s*7K}rsjbD~iPX};voGboNNr0hPZzmKTV<|l8BNtID~J

~FVgKw?&>+Az8@x^c?PI8 zScIh7LbjnLvahpkY<=6^RTlOR%7HR`oM&>X{F}oC_L>7J2isdcVO~R|@;sg^H6yg0 zF^Bj))mD3Kp|!w+SKa5NJpK1J@)}B|FehtVa&FmIXt|9gnX+!nh-sOluZxvfp_Q}- z)wK3mY5?hC{~GTHl$uK#n1-AjQqw^g^DuR#+Phlz{x-h(#d)k!u6&DCYbW}6TP}8d z+FI04tz4e{E0yJEb;&R_42`ik>Caf8H$=WJy7F+cm5q>u)dV*vb-iCQ4gMPfxaus_BQkMd{ipX|$8t zYirSVq0iLt739KRae$M`FC#?RKeZ+)v2WPIvz|ic)Z-C%7`d~L=%z%T^4m__Dm+QrWfcj%vb^ldFQ#<2=!#QfnXL-kzca_M}S2snFT87!yeU7NFE$(W^`CHFI^l9dKA}3VOtD)@@QY&q{l1sI> z)z(tMI!YDKt3SZ!b=0zxXJJ#@HjdCNt^Ja%wIoqF+8{=cQ95Nz4k)#ZxydW#sn+(9 z>Kw^Z#&q&pJ-boyLFP}&v{R0148h=rAcw@8M5|PPS!OzG0=R z#cWUQ))-ZWRtpN=lBlB%qIApA@^WyjbUVuL(&r`Tmom}|h01#Or}|ZS=6LEIly~2i zufSDmnc$UjG~t~QN*1*-C%M6Xu9E#THBcKyA0xL&vr6&Q?=wGDref3;{pglN3-hVK zhdWa$>Rx5c_OQn(#~-Vpcn>^c>e{SYo*n7Aq2#FOpN~)q?Ug=w&(U~z0IMDweGyV3 z%Ao{@tzkP4k;-z~K+Y{aCSm7UBl%x{+z@5$gkoyfy@ZzU_fwX3z8^rp?n%$3rX`SD zMiN(--XN`^;6z94wr1Fx>Oj+%8fr*Ag*%dt?j+1s(zb`_WNg>TzkSfd9_1ih*qWrS zlTlD7c?KOksq6qL9f6A0LHY#M%HCUzIh-hMZMUHHvKBAO6u8K?hIO+GviM z)MbP4rg~O-pPX!7`!u=inj|geA6A9F_aoHBU)EBt93#HewdLeB!P zRTl<*_oQ^R|7^7bq#eHHXf-)$FTAAXqb>*!Y3LVe(UmNp(!XN8VmvloR$`Rlh|eA^ zM$4t%sJ5}=bbIsCW4J%j#55OBPix``NXqDgkS6xMYF6*X_|bky$#EPkw@8ixAn_$qV|8)XA}Bd{*)?~c?D%Iz4gJ3(W9$3 zt*g3Fzo(wQ&Q$*hJw2sL>N`t2LyPPv^lwY~*mi1vd9u2fxxM(+JhA-Y7pdCDyUAOf z9lCWCUaR#_*HSgclVNG8d4g}Oq4n&d=X5M6S89Wl+R@qv$7pqgHj7?7_{W}V3AMIm zwVjP;YW7;ku}7-&E%L>ww4dpheMb1>>@9*Xk*WD z^m@enPFMlvnDi2aRKYY#*$yx|&!U6L%QjRBXLS z+4?zRk1=;}u>4r+w?(8Ry_EUwlq$SbPk=`(;fZKc`OthFt7uKxZ-i6@AKU+o(;m{z z`OTkA|CS{COU>^XX#=wy@}M=eN9s+wQCf6T@9?fDN70+fD~7anCO=oB>D34=9Q~PP z(QhVQf`;MyEqODfR~|6$(sLC0(D7PW1;faV<6kYcPI#gNno1+RzjBZ9T-hWg^jNDy zV$2sMbOun*z+$)}=xr?Xc9a=$%9@58mR?wSQQk3B>_-*-nS5prrl{_h_U2{3APtn- zQX?yyT4bhSi`yb{(pXU{$52rl^-XChgy%=u?JL@59#T94-K|?_Nc}VB>HL#CY2Om# zD|1sGqDLB}p3AZyq;i^r&-CEPrP3-!53Sh;vro~=^P%sxc!(~~zJ^yJcChckF55;( zd)*jsm8E(SBejm~t~qZ;R$8-9&#A`QlC4JXSthk;_`_m0H@xSTJa~LK`!`aVmndkz z;qI9qBeh4EmF%HB6-suPl75PM=)t!1p^Zl=PicXSQ;N+=J5<|$`WvY&tax+9Ytz0i-#QH%>{XxDta| z?^ZbJjC^x`R)f+SuYOsdLc4t+dlO}PBwLeTn*9yGzn{G|dv1&6Yt0^lHe+1x%f3n5 z$W3pjO( zM~-s7ZaJ3RPFceupIJxShsW5`vAkUGoJ#aJp*hT1TSHH>c8|TvPOigfY5OPREF{0M zyS2Ugla^XmgbIt@F|*RErz*xPu1;yE9*#BC-5sQ(PLmI!=d*WMj|Po(L95cY!{j%d zD570v-qU-OWl7?qqCX=pfW(>}st)rk+0CRiteGx1%lVYcx~T!#GoJ z%CoJuszLmCoA(2WBTnRP-UqVZq@FF5e|7TSD<$?7H)Hl$1R6eqHq^gZOZ7W%Cx#k1

;einSH16 z@-5zbDDQG|mQ#-+?OxUCi|V#dnR|WiUyN;`28}%aCR>?51OC1!pw(x}f@LheS#&nzR2xbpXiIUBdd+hUDqd1?c`kJyK)!)EHT8Y^LT%Eucv=R;{J zU(#w}YSSvMW~0cJbt!U6gYqiRB}E#w@!hF3jj7U@vtQAo6mO?zTZt`P)-vv%crDk} zt>sBm`nEZ#Z<|X?ga)6(w|mLGJv;}U@IF2dK%aAqR*q4Nc3vO7vLncx(RbA!@E1irXC7&31HTC?H*DwA zXiG=eYFtONT7nfUMQzGsaLH!u>~q(=H@m4JWq-5Cab~R)n*4(eQwTj;j~=t26cIjO&yi`*CjS5xcXO zk@5psXUlr7_hB=f!PW7EJ%(wuK+F35z{#X%o)>1%B)rza%Zux;;`N^D6^k*2o>kX+ zZy@fKlyJ7ap$u~k?O4y6DEA|%UrPJzOBj9COCf02NEe#I-Pl!)B=Hle1?shSqnHmh zjOhsXtJxZKSgdb84DICXu&k!eHE1!fh4v3Hrd(5ao$6bEXA-)x-J@^UQByf*Y0i$1 zP4jfTch17-OWXkT>xM^GTi2PKf#e5tCf7C9&OCOc5!C=Aysl(hhnLc^r~W{FZA%#) zR^M(2FNLGPGR5#8>Af%Kw!3)hd-$&WaAw|>!MotdSP8s?`>t4Voyv{GYER{@?r6A_ z`!NpG)((5k^a8cbkzsv2-X<{E$Wyp)KjIOxs|dHLltK=oVzRMpTdWyKGR!P zozV&pR_%;|^H$YSuR6!EvA%cb16@~OtE&~mV?4rlXYyjjLG_*^(iqj~Z7av|u5WNY z!*+1BoYd4;X}1cJc3>5^Y9VsNwUrZ@Srq|br5?AA2pRi=AwVV){gZhp0I3A zee~Gs^%#vm3CcT)mKr{rJck-H)V6cX9r`YV`C4wmlEZknN;~-!O5eyndMi5FI9iZ%lht)$ z_Llra%k-8!yjS{V^Slw=YinZqJK-hQ0tCOv-}TRFT{r{foH14dgb!QZJHT&!P2t6N z4X=``o5hmv&2oxZ~p9w&WD^0(6C{6^R+dWEh*(wxoLaOa=5an~6a^~c@8G z?y+^`+L(=zUk%~2s_pN(US+iU#)1B4S4}wvQ$xmzlyY5HIkSE&>1GI zOmKO*vMg2rMu=+vr4Ck3OFyA981nXkhgdtm z63&Y`GFv6A;%%hhOqe~G9A=8)ClAda6?!99 zE<}yzGpp&hNM|0>7yWV<{8Y{zxgOfGmv%?kcU$P2?1{C?q?GGSjcd(H>Z%2#pKB_l zdg<-2>N@8RoM*9)t+ef>ewaRY<64VqIZH}tNtACw zE~0$OMovq`8%&m29z4+;H_{_-LwmX!yd6j<-$&LaY9;?Y=q=Z5*e@tEmZFF>v->ZCTAFw1Bm7)k-bZ<|3uBdhe9PU$H*Q zl9%_@o>Ip8{siN*E&;`)T*>e^J(*;riH6xXfAwY|8iH4L}2xL#dccNf>r;(BIr zeO7V3zPSE0(tkNNziI3!?%h;eoe}oF{voeg{9gNut0Pl?t7pAxUwR!au3g3TcyYb8 zxL%P*xC1S5eL-<`=DNyBa*TbPwwc_l*G-O9_r!ZFuEh))FS$ht_x;`4w_dg&NA?9H z^r7-ptST-?e`PMaQZHWG48Hj)Kgaq@-$#plCVLM`J2Td*$*HSSZ)Ym8l19la-z@ie z^vJHHt?rSa&QZ_0ma=>gZl<-Cu|7;&qm=RRXgG>+6|8SMXgkcZu1GC2eHG2QYaAs8J>E&F z4pO?RO%$FBEumYXts@1)ekXetJgC?1B4nr0x|lNwKbt4tbQWi4lXkhnIW&H`TFCL6 z7NWY^HQsBX=_zoP{g%DCeXVPT^6Y$`Xm{zy*~>Sz^ZD?CTwktvvd4-r^5Za4b%2!Y zm*o$2UHHVJ7cozt9!vdq@TvJKZ}!;sS(ZCSW!?{aGkjUTNv_xFD7hFWIMO&}E~RWc zYPAe=X{C6_$#FxBfulEwRTuHzYq?{Iy-WC#)C;~*yA70S`u0|BpIlmydaHa(%XA%I z+QX_LLa)TTCDu6JuTe6!N2Il~6y=l#VgEYzoJ>F0L~2L+UddwW9bv=1jQ1V2vTh_) znU>U4hxCw7XO`hx%(CZzL!ciFfm^`JHLD(d_3bOq^pl@xn+$HqC{;#2S@v1*P4GSN zD0o&&mUV+3FbM7dzXx71hwot5T=D_mnwMn{gYN;%$*ct|0Z#^7!Cr79coygahrsi| z&w*bAZvejy-VELf-Uj{{yaT)od>(uqJOCa7b56>#gGsdjxETt0Wb*0!JEO`z#oAB3EmF=1pGbtIC$s6Ec;XNF7STvS@3!AC|I~C%Qk|` zz{|j^!3V&Hz*oV8;5*<4;8}~a>VE^sxt0Xz@<0(cqtHSh}XI&kqR)D3(e zEIO6)gH_-Ra1J;ZYyua9r-NsJZD1F;9(03V@Jry=z;A&!gU^Bcz=NRWG-wT0o=)1} z3E*j98`udBf@?t+I0Od4FnAI8Iq*{OGVtHPZ-CzgXP=Q}>%k^)DYy*$B)Agn0=q#c zxDnh0UJBj--U!|T-Ui+Q-U;3d{ucZL_%@h(CiDl(zzVP$d=D%+3;6}l1$Tho0q+BU z4fd`kA20@92sWOLjDf!fcY_~*)+c1y7H|XjX)p%<5c~;vH~0W}5X?IV8iBRoC>R1e za^iqt@H1e?8qxu6=VjR`;LG3}VC56D>_YI4^Rw(d;Hhh&3D^R5fm5CY?ZA`4<=`sN z0Xo66z#zC4jDw#AF9g2?{t|o;d;Mo_U%fR!&i@_(rXTYNMv;kNNa&RuV5WEh&8T=*qFj%r7%T5K) z2QLP%1$TmvgMS8FHX;{bKX@j%2YdxQ41NGk-2~0SFMwYG9|Ru--v%w4(PiKqa5K0S zyafCzco+C9@CEP<@BsK8Saxxiodwo__2AFIUEmwwVX*cR+5qeW&j#J#7#IaF0H;5h zb^>d`dawap3buh=;2?Mwcn;_RF9ELrzYcyE{25qsX~rnil_yO!Y4Cr72hRF;#A|aY zYjDM*kJ1t1HK?u-(Qb_WhQf>D4gp%DU99{Fd+{c0S?3c+vZp2cPJ8@mSb1SNYwtb{ zd*0nM93APch&RY%2E_MdwP^LNn!j$2@$@JG+Zr`4-{MWEJTbja}5#ef8#s7S_ab zzT4T1>YKgO*ZbD@aF?YV$JeiCKRk@SEq)yTU-`zZe*2x=D|Y~l`Auu*lbElltyjHw zeVpT~&U(dqw(yqf1C2ETu{O_r2ZFLO4;XK%fPwDyzy}>b~TyG_-v%&Rd6lU|JJA*QLXNQt^VomUh z@32Ynf>5ca&QGyBq-(<*N{GkD<-O`X!eTuUMI zEoZBO%cE6YTjOlNFp^L^Q!Bs3I*rNosm|ZZ&9=fuKCdT*kf7Lky3EOv1b6J^8ttcF zx)m-xNPez`i@9p~!944|SzP<(pDkBie`*U?m{EyZTNC%-ZZzvu&NsQ&iC%N(h?Vnl zkEoeeZmgtauAq=A%7C*8&Us8-`@aNEP`6kYSA4ljD0GM|;0|mD&w3voNklbH#z{k7DtYw;!Er^r|~EI0khN#dT4x|4{!p+FV?uF+|SM+SgJF=kJu`SS`2)n$(ln z&=AhbHeOfWf*xtf&I3;dd%?}%ICJ~uo=>)-bC;HJHQXW%)j7_}IJYVP`d+N97%M+F zCklkdDc7#KE3$2UD1CM@e>pYoiLKmpR|IF#y7^QVorwymvIKIObS&34xCVTt^`JpZ zXV2Zot`m6>|~JJ%`2 z&LYMNfpS%-bU%%h^ohhCXYzBY?`$76s=A}xkNyZ;meaq7q)g@VSX<(X=9cWKSd#6$ zz3k_`{C)~L%T^) z<-5+GB9?RCuI@fNKXI=4+>BiFSxOh$xpvj~V@dbBQ_?NdE8hWstmRxWB|TfKYERAd z_PFnEHd;m0lGY@-!hHxS+Y43IRg+f|4Uk6TRNRZ>bH%&o|1!h7=a03X*FENXK4F#; z)~lOuZ#AylJh<$Spz>weXA6G&z~OrDLHHh42Nb=Gx5-X)J$~ai=S{JmHQie5q~Y2O zd4Bdc=za5|J^KtgeCC$kpQsV%|$gfyIQ`Jap=*QZClJpfFh zam^m#&B(t&5_~`B{m`g>9v7!_*Be8b!rA$W?jDfm~Z%KtWArZ4O(dRb7mR6UUmZf`g9`_@;Z^4L$65?W6NXY0#m z-+ke|sYd6+L-J#}FG1|SP;JlIDE_p(9>tZunMZ<+_GM64mu;cdSFcaLKb5|bWH!>4 zXQ$YuUTxGCErgt{EezABB(q7@+Fah6Dp_& N~N4iQ=+wd*Fs`!ad;WVw>|^;q18 zSqb?SWXav2>{+XC@cHJ3JH6?paLnS^)$y|)lqWRMXa`!X;hF{^^Zc%)(afF|Jx4n{!n-a z!smGkDONosdIlY%g-6jAj(62>V?^p6@4h|ZxXv)Kx2G}AOkNA`m);xC0~{dCLGHK$ zAl~Qp{U<#H!4pyD@K!mtjJ>~hCXRBP^iz@-l^JXyA7>=PNS?ATnNP`RRi zvcIcr&8h9ERUB{B=?}~K7g8_J==D^B^=ZZ4qfskE25&^puECaO)+zRUE#IrD`iRQ& zhgP8tCa)e2kB09A=ohHw zuk;Xmwp`F=^6KrVt-0$z(IY5NPTzqxq(H9IW8evHrRP1oI&s%`(a!(E%2#>4^Gl09 zRa`$_Tt87&5kf;`&frds>U%Un#C%)7x1}yb@5p!>F&smUsL<)BC~m@$`g5=_&UOy6P`Ah8{tw zxjdyml~X;>K@N#In%ec~vGPCKK`*^+tlz8jykA$0#6lOTW6F18gCAm+Abi>Kf2<2C zR~dDZ+90PY#aL+97uQo!sRA(*DV|F7>9xZc@^2T`|@#dG@ z;9FMeFjF}W^+SI-EABUC3_X8b7F~jF%RK zJEjbhj=hp^-$@ti(vfE5rLVD-)X-dVo0eACS+Qrjd)KQc!zMA0Xz%}@y>o$&yDanl ze{!R@l+p`#%D)9lfi!JO%cZC#P0}{drXgv$6tqkxlV)g=i8GUyAP8z<`FIe)RgcFH zUIFnVmqle^6&Da)L=d-vuoOHBet<;}BDY1sJ@ov(@AH29xA*cKpnBSz7Wdfol%Kz44!_-D#;!4M2M4neLaCJGBR>!cmo}Te!yS`iXlu+- zQ%A-Zb`9_DSsLS(^6I5i61#^TN??J!tY%i{363flb(BV2)PvL$j0JEHUXju0bzs=I zlU-ThO5i>*D*BbbHFmD^?0lQfczzB$&|%TOh1POuE8o?n)xWB%L!_$Q9pAiL_Q=|Ej?+wGr3Az*&R9B zykGI0WAQ0llY~EOKQxI|M1R$&2fTK&O17M@uWt)=pN_%)HZ%@28!!rP=?y54Q>RXMt%egrdtk++jqRUjO){~3d6#}S>K$DVGRfDY zXKBO8)8tJX@N@cUh-8$J#E6DV1v26Ou>Kl5g*neN8`wJu^-jG&SJU_Kh(R@{n=!DS+b*6*)V`9Qa z%&?=#@yusVDyX69ZLHfslAWplSWVcV#xd!AG$y#U@pR5mGdTxmf+tf?8?!{|8$0qc zG~r_}dkqMBX>@!EUN&+)0WpZ+7|bsC3lYR5WZ28+4b@pG>)a?S&z z6#VcFtI(tt`aQAdI8h~kLZ0n$htt9vi4sLjm2<>r(QliT3vmgFz1SvvBR`r8_O{bk zl$MW?ho03XjDQ(*RyzrTvQsJ>9l`U_KWCYwHhqfXM}AlVTKHkrXW^&#`QqQK1TFlq z`m^xEiqFE&t}#C~g^%kyCB|66S}`Hmb!z2hF}F*Lomyu%d~8`v_xR2y8KvvBa^t?r zbcLouC(R2cue9}}vmU64E#JO;dr;BLPF{U@{A9s0L8IV-iQ0)Kcu??T!DE7-3!WAH zTEOnu=LJbM`ul?W1uqDus?i@3Tr9XmaF5_#!F_^91WyT`7Cb9>Ucipne-ykZU}vmM z>tKx#b%vlraITU@o3Xa}#eL%l7Qqw!2L5N~MVT#Q+7aWIw^>o@ zH6O+{HE2_QXuVj-RtwXl;6eOG-^EXb7R%Xj$aP9LUSsR}jE7P_XC~sOpw`sSMyjoU zLie)xs_3Mq^9=~+Sc!Nf{dya8gnHf2OJTD;C>4z*AwVaj47i40{be%1`wh`Jsbik2 zj2;KnBFNBElMkk$n8wISpyqF+BxD8J6THVT&515+^vi5!>TL204~*H`W`*%? z$0{RAsB(Bj8?*JS-X5b@II9$_r6s9N55P;unWAgOMTv1iv{`TjmW}Q?6|k^(jW+Uq zyeB3`j)=ktKUjYr-_}1^&PY={CunMn0H}j@Rw_kvpQYZ%kbO2_1^C$lF^`k^PnwkNTeS;NfO!cPP?=~Zy(J(}yH z8eb&bpA}(kisK5zNM^*+u13|26`I%yBW){xY6KE@m7d^~S5oMlo`J7SQoeR7ig}+c z0`RQhQb|%9J9)o_`GQTt=4*d|%Yhn{TOpd)K`d%FHUPEF`)?W1a2W6J%is5RSm|hE z5wB6d!?E|$nHCSWN6Pwk(I(H*kCetKI9#EZ*D1~E9>47LNNC3M0z2ixI2YbhDBt)B zmSbL~vm(4kII#2GIKvJth=^gFVPmJKQ5Gel1$)Xe3zyQ&p96J54cIKk+2E&)U#yQR z@oPpg{yx9*-eM4wANm#iK0jl@2(DMoa79ixg1?c6#W1roiHy4&=fe&`S`d2?u4ytV zuTR+sGCx+{gT(53`pIaVu?v5J{_*W|iZFJjtsp)}HK!*Faoni;My31dP3Bt24UE`K z4A@5#riZ|cZ#jNnI3~8b#Q?J&h10@~z-mUl0u6JA>x_@WyJjodeWMx9-Go0i>Wyxf zgN;v%XlZsH?cw~w&1!Sr^GBJ~8f(#?NW>{L=%P?{pYAbQtv@f)+tiPq;jB2Q+AwRh zKpwWEz-|{Z4C+|xYDgVT zXT_ViMy23sLn@eN&wXNrs->rbQ z1CO?yL*CnA?Hg9VVIwjo7?seo&1r3MJ&DfBc=LYVR(F+=$IQ03GNC|5qR9q07*spb z-^a>$+R4fZo}IC~R@B669{JVMJjosCd&uG5+DzYK-{T9#_g8$^+EDlmve2Y3l#6`# zyp6U|7pM}h)2}D_IL6Ky&fR&$ej z6F!vR(Zt(+)UDEY>Pb)9X!iEPzS3vFh>deB1%Jo*L2YoVa7EpCvrYeVDw(`E3k<)W z;givBZO5u9j6DjbnG-;x^16ueP&spzZPXKBtV92K(tF0R08C!5R*LlEF1SYGQVVi`ml+KrF_7SJ z1}GBSx6sPpSDGIq6A49cH0pk@lgX6AX_Phwrn!;OswYOb`)VD<+4x5)qa{&0w6~e6 z*GO(|x*shV&{K?lbjJa4F8a&3(^_4@>ZVrkQ6#N#X6#7so3PV6;D7K$_zD&Z)QD#5 zEv3!w9$stakg)dF>aSI8qdj~h$^_>>Gp+_*Y2E6D4!zf+^RBd z7iOORiFJ=(kMm6P5&$~Dv&xvCs2*9N`?Rc69wXL)VW(N2nS5!kT zjC;ly{Xx6^>MeFnbc;rK2Avg(Y;pH_3W_rMyjivA&{KV)J*;u_0Ovh6d&aakX-+>6 zDwqA#2T-o}m{{-8UbJkR%VIyM`8+t~8oFoJu}R-M#9!B{Ezpsj)Jj{8e|jArZOAB* zd8xcKW=AXegAF(&p2Ag*XLqWM70Me4(J9-mQ-AA(4Q&r25ii5xf&xJmV4MF^wHc9GH7+@(Tgzb!K`w(Q}}t(P|5q zUZXzp=l#Q5ZDy1;Ii_cso^8>)rQX@A^lKHk4VyUZTjbF7%>4vPPvlbChD*c8T% zO_CP&YN0M--VaWsq7U%xGR}-bnSX{GS`BwK;Il?IJV))=m5nV3 zRU!)+GvLi?1t&o3Af=slpI$&x*@``MRyY=X!*rN!(ns?1EzrgO>Ob-~Udi4vFo(1- zNev&NSCH;qs*jBodfqfiFHg}CEdGaSlYhYjkBCqC?Lj zgW*-S1{+T$?~@C?SFiu(jmBa(n;X50Q?m2?jp!KQi!smoAhVZeD=%s|9!?4!QZBX% z@*lZjqsr(Q`7^Bk0B@X=|6%tx#pz#ger%)#Ze@(Ox8d>dMsU%ocAIyFab(gAS^*dI z&dB?4G`t$dg-xDO7uMf{7sH|Xem!m4=!FK*jJ@Z`_#yV1X$2XL8|+^!-cHd(i*O2# z@cu$QyvJGB)OzHK9jhTTfN-A4(n$>8yhYhqnf8uvsf|PLg@qQO9iFmv{U*<#Gc*ly zg!hAc%7UAL14gaq$c#-iGV-9u=@Iy}KMNfj%31@z@tT5pei*y#(gEYuj(VUXxN?ib zDd#Yv&7xT_@~IJWgwo)=CXraxH!XO_)w8tqz*!7Wsh9IHWnY$8!OmCcmOkCAa?sSw z-tx8ji0m}Zt-ncQMRCb1^6xZi|5u}{6I|5%Ri#d8`M=7g@KlGG_U+hC$!^srshaf& z$4{vp<<7Y$N*&w*8Dcj7o;x99T4%(*pr+t1S%2UcN*=i%o~Ya9_Jr~N;^2Ij&!OS1 zN|(xFeOR{i!}<;`PA|LL(V}{n+BeH?u7B1Fuj$IGMyEUw?_wWa`~4y)poS-e-et|zG99#UM|D%E*TxI{aLtD{}( z)Q>o;OGP!rU42b`12x?tj9Uy_qpmwdC9&Z5x<-su?$JBXy7W;+PmSqai`RO((i%m4 z^%z;M-!p^nDGn&@cwBqLtCYtxI(6bxv1%8ob-BY*rDDob3wR@A18%_BFg}f}L7o+n}3V924 zx>!AD&BvLxMDd!X$ch==q%dY#3{e%f)8a+260hnK6**!$r9xePl+5yZTLQaM|J z6rNss54tbCH1+#k^;X7@gBhWnl0Yf`goFE4)*svn2g@}=%I&vjggh!9Kl&IcN0m40 z&9SJBQ-I3%ZMhQ;?Cl=Wy^m`jd9bRr5#8c z!!p|B^r@v4)?lI|8Df+$CY=nUR+Ke=K1pa@IBIpE2M?~Q2#rGpSe*l zo0LV*8~qH(d!lxZZfT(dUoS1!bms%qmsrDhDV+^;?CXg1Ho#7y*Z|amIBnElKgv-)$V5;(?%wrW1 z%P{iED7{82?~1*+W>er_02uP9h7a>dGTBW8uL8i{#DtO zb0V)(Y5n?OJzbs$;l0CZ@^hAyjIWM750v+gSr~kY3k3Le%_EDhi&Zt?{D63jSyRo- zBj;Ig*Y>n~FD14ovqJcLIa?#Yj@i5vSb;uA^B>{8A89MFm(TVcurjz+6lp7gSLr${ zR#>NUj@~Mcm&nglJc*O9Qcxot=)SG@WZ#KMx`6>80>+RUn zY;(I{k2ycEWEOdMS?l4KZp`6LIyQK$B>%ZUPnpMwvmr*81bEi$1kX>X#L`@7jw_Kf zpjv{jmMn3mp2CVdH2kBZ3D#;bFMEi4`%Y2XjXK%X&InxEQ%V~A%sq`S=;`3(aB?JL z3s3UAL^62)GPU*gE%>?2=?w>z(Lx>(eZol!PXe1Ie3i3tZj~hB9W+SJW=g1}Tf*_y z>6XxZX!vErupHhCTSES;MN6#97;WEgF*hZ0D|BCoIcALE0DkP^Uyh6B7?IGoKfwph z!_N~jI-pMW@R-NR&$Tdm{QhS=QAFcrwUW)p!2yh4GD;a`Mh<GTNA_@E$K_iWpg} zu3@eRUQ2W##v!vZ=mB+Z4FqS6Sl*0U+t0zsA(l5h#mby6EEUiAQ<{15D1+Jf{7g9W z&&|5Zj0^mu%H_jMgw0yz>uakE%#+tIK4u)B`JvSjUTY$`1D;sVW@}+79Vy5>EIgI9 zpvVnQlxFQ5ZD)-vT)tlanRlR1z()Qq^DdlAlD|^;B=aZW%yX}V!xj9u%JEC?96n+! zjJ8*}{Iw%Q>;Lk<8)aeV`AxO!H~NIV5y%q0`}H8qtF*XQS&w(dI;#kAsP z<-klB5)29>NAr`L6$9oymi>HWv&u$Ba?hkJC&1CNsm_CK^)kL;D;KQAHJa7ro1Z%~ zZ#?}_?P%ZDR5Blz*E>wVYm{t45~G!YDb|_NgS5oszujNv$`cXTu#g30wJ>97C{E7h1Y${xcIXYT$PP)1iHAPMd$bXpX2e&K8C;_Tu8-Wc+3B7}C*J0AXV02p z103-VwSeMlL=)6;Q0cJz+{`UgALfva#yNGKezoyobIeVSk0D!46YW$EL#h?4NV0m? z)*AGyR)u{4Ese|_eKxoiOB=)*!{vd>T}m|-Qwvq3s7N)L$AL!$JsC_Ow%kBriz zqI7nYvNn}`>Z5c{loEHI>rGJ#*WmZ+C_ODo*FJW97k>4i~xa%j(W=wwo!za&b}kJ-9C zqa-*4G7jAgYR2mZ_kj1n%eP2EB4^BQg%d#cb^=x5u9rqV2~}k!LwU+p6?^N?m(nV| z(w>6)*!fB=Z2cws(X5=2-UF{^+FCWZ$V~BZYJp5f`Z6;8&T{UXL}n!|Yo%Bj=;xqW zZCuDB5~6v(iq|{@wmytn`Y~=E4Xg-O!Lri<-GTmM&pq|$Ssz1$7VtLu8|y}{4-N{= z_l1}2SEA;O&WhS!>uSnH;%RiW@8j{{6)81`d9WcU=vt;#jX*bmI zYWE`bZs~lcmc46lm*x+Z@~pirYjnEnnLSt0%$U_C#UC!c&K>tu6I;)LEk$M<^;u;0)Skz=g!o+q5n5>+9$ zkmktRlU0u}ILgrs(h?qRJn$&d0#xtUJRz}c-6PaNTovmRqi}R|^NE=hp-kitd%nCp zrChi(HYze}wy($Hr%_x$0d?|ixW3{3iRH>J2j}vx-*}x_ZjEYB| zSYzjDAgSRC?5J%P_&nLYRj9dn4H9ov{?uF3OW+X3S8Q(yEw=qNa2NCraLrh~X<)g1DehkQNLH zX3Uwn>ob?lIGF$XDQ**p8UocSP&o$AD1A-vwqTdw+?Y;T5p)aEf*S-k3qGY|ac&T_ zRw+KX;0>J^^OoRkPL9z5H8H^y!SR9>f;Pc9f^!9NL6_izf{zNW5PU`OHNj1STLrfX z{#tOS;BLWlg5L{X6}%~^*hg_01(OB)38o7U6Ra1UE7&CH5qwYZuwaMaX~7m9@iQPu z3x)+Z32qbIF8G$<4#9T>e=m4kaF zM+CnUye{~I;2puaI>BbMV4L7$f@=gf2zCmd5xgMaq??m;a?NRixL~tji{KK$-wA#u zsGKUi3Tg#&1ak%Tg7*nl2|g$Iir@gnvOHMODL7AXo!~~nj|4jeFA823R4aDmL4t%J zB}fal2|gpZUhr+foq~VdPq-HxI74_AtQMRuXb};$3QiN8E%>0|a>3PtYXzSYd`ZwS zOKlVUNib=D)n71EaFF0|!Cb*YL4)8F!TSWwf>yymI;~#s|D)?8w7Ddmmn?32tFeCsNgEW)q>9pt`mGiaM(dXP$yU@ zSRz;|c&}i&pjEI&&?z`aut{*0;46Z!3T_eHCb&~@m*9TEPXzxU_$NWt!NR{_nqa!% zP{G@RDTinb3(gnZAo#lAhk^$MZHKBH!I0omLH%JGV}b_-j|$!qRL%~9M#0&F4+w?? z-xPdDaIfGY!RvzR!-XTkJVCEuP_Qc0JA#bhLxNRvl#ihHh#;6H_>JHd!Hgq=;8?+( zM+L!sf)nQnCxS*nt6 zPhoq?W->%KI}FteXp|2y-8*6O)hh9N|}4q zQ-k8mce&#zLpN@6%b36V! zePrIrE1W<1nfL!Qo&J2Qko!%+KM0-_>=ayEtM7u_r|Q&d!4rZrHS#YJd_nLv!4CxZ z$DR}5BYQ>grr`Y|p$`Z)34SHmC6MbnhzTkLSIZZ(Q&27c%LKs_vaNq1_>t}GPPR$N3&Z)LauZ+@<``_+mQHO8=~}{D7`OA ze-foXkJ2Zi^vNiFDoUS=(ifuitHW0QEm2w#)%X7B_l_uiG)jLFrLRTlgp2I`Nl{uK zr5mHPCrSrg+8%s2N>?Lpg7R-caO zdVBOcxRU422)_OvyZ>4DyFI9Rul)`_Zuf8NwS1;Tzo$m&fl)d;N>@hd#whJ_X?yVD z==VpX^u8#)KT3ZZrH@AG&t2LcJQMx?b(H>dbp0h)pEH7G|AYFq2d_l+dopG9ej~cS z{xYlo2cql2RrdQE(eDcPyFJ+9ezyltM5*Poj~-rCbB&mFMMX_zbyammWtA?C5GP)C ztd|Xreu_=srj%JJ=AoFW9?(lml~09qlZZ`I4XqUz@wtp&owDPZKVz++xVe=+xu&Xu zPs!37oeu#2!0vYnOB$ob@&a2qW4?p$!u$=)fysM2&i7UeBYkcb8ec|2I5CU}vy-bU zE32xiO1F*GaLiezOqYT;8_v06?)8bD-X-T;Q5W2%D_<3+ z`VJO1)vTuYckr=kKjFdXGa-_{_Vb%yb?@iT#K4U;_w93sc0OGe%wB|GJxE?B%?=4N z;k(HaJ;nOvzmo>=x-@{QC7Kx#c5&C-|0911tkBmdnG?C;NR`@uO<1vKgmn}!m3NT3w{~fwQG8G zac(rT#wthFRH1*OOWL}AX5qNb`s^;r&h-7BnL;rF*= z_G`3sX2FBMRHJeem%gp{YLxOBPgua`>67r)p$ zyDIb_uUgGS>Z_G1?tidSYJadcmB^&C>7HD8RyxxiHm4Iq{mFrx-rBXRZN&*^P17^n zsrPs4!L3#(WpfQ1S2S$Qos|6GP`qzbF5R$kL*K^S$??9vbRwQhXBsxPuUOpi&MujF zlcFwlZ`wafXAoS=XwIuCd}S6wrC((kqZ7O7pUMR&b2~ zf8gf?azF)N7T_cPx?r*ZB+!Px5zG+WC)i)`pg>NrV26ObRZZ8M)3n-Vw!ZUBdM43!(mT46RztF&km;OanMDzXzKb@u8+m!mWdMD&QCs}fV@u-@Y4ID-+UKq z2sX91Hg8(Bp|yE;Ya4a7P4FRkI#=k_j>TFD*{GGUi?nCt1o4I?`oBOYWHe}geu=)V z&=V)<8O{daZ>eCh{-3C8KR{ekUw|6emHAW`= z$o*>s)Z4f3hx*Py*&(3sUlia~ctbEjpeYRPQ`8DFrEt3WN@;VmQfQ%FDSdsOQu-cy z7v_;u3Qb+CRJabdD}`3BQcC%rCdS!cSvpFuibx0h_)Zzk>7mWx+Egylo9xqWjoj{M zbe-?Cqb;53k89z7xp(O2C5r?14s|RVzbDl%3R0))dhqG*v>m9#eSh-4*!xcWe$0Kp z?*1cRIwAVr_uMsYJHD@d1BNG3Y<*JfeNsLJ1G?dq#VhJhIWI^JWJR*emd#&W*KqRU zW8Qnj5qw*^=$KQMd{z#UT})lW79x7lgy?rO75=EzhfFhZ#4rdoCKhS^%E_X6e(`6&m+H>(Ixn3)-u9pK zli2BN`?9*^WwH}2h_1+Pk%UG)yF=J-gpSayyx66YbGsD>m5ZI@yE*z@uQDg@{wtp^ zJ0Wc~eLn9Mstc=f+Evn!JEwxvQ(3)WS4QT)K~jO$-@ayx)#?VpV)y1;@uuS4iniuG zRDSptSw}>RGkRyPYR$P|0KDQq>*u8#zpvI!)Tqu)yVo@$wqHOnR9*Sq5_r=ET^Dq{ z()mi~o-LeMB`J87RsuH|Fyq1}XUQJ_cNI(^m-_BsdcXhTQgj`!@03et7QBW2cZ1k{ z6|7sI!t^Blevhv6e7jQgzmLND_1S)>NtrhzeUEg$uFw90yFKpo&D%{n{81^N@uYQn z?!dn>{cp;5P5(Rcn?Z0s;;iW7@!;!KbbHKtk}sdDzh8IA|2l^T2h*8cxHjEA z)R)XUt9|-4ts_M z68wnwNf8LsJ?^QVw5)|~se#R5ztyiUl>NZnZM~^PZy3)c!_+_`olzT9wQl{$rO9rg zl;dpFv^|>>s!S@eHl9F(4hQ?= zt}fV|97tNxiN1I?8}^xYUb~{Rab-(wQ)YNDcX}#UDuR|9Kn7lWe_MK}x;7hqM1 z_hV$VC5L*FecfSWXIp(ks5Uk^yMyY5^IcxYgu-@Qx6*wPat1T$gcKxs~#;#7|) z4`tDv^yMZqATt{_w{(O_^^VJx0=tvZ4`mY1bft36kg?h&(gWFCW+;(Up`-NJ5bbac zEkrqmCNIn-2ePTH$-ZHAzw6hiPMA4NS7FScBfV8fpjj+_NE5y9q29U zs-ph(q~o!eNpDSQ%!IwF$pX+T>V_6Dzirs4FzV>=pd z&_2%|cih5ywQS1b`i6<&#QadkMt4J5W3NH?%&HboF{4_e(h;+(fU$r)=SipoHoJb< znhd*=$pMWAk)3FNlsZTKue!)5B0_*0CDa5J1!--KXHw}Q(L^%Yo%Kx4qfOY2*lm4n zZRP)y8tfb z<)!P(tA!QTTbtsU#KejA>g9Xfb@f#luD;RJs_Xh*dMq8f@g+hV4bM=Y$1V-9hO3J+ zd{v$iD^2%xFUaPG#nH3F{axuk@m|++DGjc!WGF7zT^Du@sZWL^-t-g7?oJMB*hKOz z?1^txt}27_iZJWQg=Tgsrom_&^X+!;J{KG8Ks~~USw>ww0tf5 z$e%VxS{zT8-orjYd5k0D;%gpj9#Fx;U$=8aKr&c>m%eN>wTf(_1k&&XqXQ21-Tf0Rx^;Jh66U$g5Qdl;KM zSM)q*M2_{$q*34Gl>fq5HsnsPK}mKJBQ`nfb%cqf2zSpV!7Pp+bu2X(% z)jw^z)}*@n=uDmRMog0N-eSEjs(o6g>JtxssVm9Oo{On%G5I|X*EM__lm~u`$Lsmp zY?+U^1D4h~4+!n&R2|Ohe@>?sRp=zN3sfp+)c&o?@@LdO?5+__WRt#eetRPLjh;DG zz-hId8bSJS@b~W2T4Iarr+t$2(4HJ&qkJu6ohd_Pk@1{&%bAE9)wV^V;?YYhciOAf zWU{bld?ceZbid$Nl`cXEr|AAExK&>2@tmUjHQ{EgQ*?Qz+$p**MffSrAvpzulPm2s z-FaatOn0c?$HH`l^YxWGNqV00D0Ol&H8?bUOH!vi1%AS{sdO%t^4%yW@yt?Z7yY4Z z4&~nDRM65bC>332f4#$LTcu8H;VfXJ+4#-^=4^1z0)A9HeC)G;f8^R)?$jmD=Co6= z;Csy4mWo*fABm}tVmccdenNzsP?Ym}aDFU1Cg}yyZHQk92To5XOopbj|)mFM;S4lOl~oXI4}9a z*rL#4v78+48H>frtaiBLB>x90N}a4ri~?zZv8Ceh<2m7#bI8lbVj;)UoR^*@ZW4X_ zN0nHbFSIM4MVb$WO2!kDg|own$@2H2iLqm{92OFjB_2CJcAGSX(zSR}bx67s-XALa z95Gp}uJ^0_(Ir->GRyZd^`9C3wk%%$kMiIYV2yoos&aJ~jX0TJCmDB$lYX4vGg21v zOgXB9(wzL+du*7KYr#oP3vonL>0lf~uqnipLg%hhY_2q8W; z%Z0H=rL)+`AvOyXTs}67FTJ#k@bN~hjCtX!nx~ITv!N6po8=aj^^1xI&AES1Bc_}j zW5gU9{yDK(?$DcKQJux`DTm8)Q4)Lvpm!6S<$2e8M+p~T-s8$*v*d9#7DoQJG{4dH zw{o#r7}p*nNRv`y(ML2WJ@Ut*@E^NY7RP3>tK)BF>DVkW>F_b>?lIXVK2D35eZ*;b zOk;|;Ts~UM0~JJTA(8_ljqf+OCpb^cQ+!46erfug*fw2PJ#G4^F23%S5j7t%hV1Wl z7#Lgn=cB|N79OY`8L!0VoVh~D8WZ>8WN@47MYBggG8@=Vz?&p`7H@kJnE{Ounx@|^F6E1o z0}1JUIoDuaN#Zq`EH?oTXnKdNL+|$atd?y%6DP^l@!x>>d=3bzBrDurLPr*dN}sdvkbE#6H5%+}&th*;xmKD^RH}yMG>CSGA7XM46NwW%_fy}GWepLF>DxNbxK#8F^MH(u zRQt5riAM)qBOQu$-Px)Ma-h46zRx+-=1=sewc=6pr?{_GzQkHUBHNjkTQr)E)_wS^ zo$3wuHoM(U?Bz^uPH4yT%{kMYq0Kqz_S-fQiQxpC56j8#Q8DWKpy$ zo!~4Bc2j!KFEWfhh^*?uZ;-#kJFMNZ9M9jBVUZgpazGbu==mpij%bl z@5B-L9~!mK->FqES={u{wUcw@sWmlStTzn)IpOohz?emrXNCg$hANr2VD@8v5kIoifzdtT7#6>)Q9Oi5E6nu4yBNtt8sH=| z=2xHzPBMemhoza=^ER^sR~m@uj$PNhT`m67sd}u_IN49Y35Y2bw!GVUx??J3b_&l>d&3Cr2*)Y#_u*c(J&v(ne7jWWrD)AXpH zKY7pU$Sj!k>}Iucg=*2NlHp_Po!mHJ+}JW)5v$BB8)$jGYEAzz6Af2E-ce&_T8ZOg z^cR=qdy%dqG2;%eNsUBiG{Ii}-0gitL8t5Yrl?=0sGfemlg&z=t{kujC#ly{%9Fk^ z`XP7DlP}EqOjjoHDC|1eAs!vnL`);I!R%b{ZubjGPU{To2daH7j=svx0U8~(i3%*f z3w_DxYg9drI+&BBZ*1H!M@pZdJ)pxE(jiedn4e_MmAF1Wjye?0$eXSj(FUUs<2{T| z%O8rPEXF@H#eAvJIMMcaf8uVw$9Oa8MqIdc!hD;aW&ARto7L_P_b#K6kq%u#gCox? zuhi46suMA5@-YZ4iU4Q-!{M^x2WThfXw)!1o0ZEdU1`x@oAA9(f6d}dK6(IsMQMfO zJT7Wsgb{TK&PvXdol@EOr|B`9)um^7ig-1iPjspTi*$IF%Iws2Mqld)u2J|jJ_m4T zQ5)gjjIqM9S;N4XC*A>Lxi}8mB$cv3VBC@RF^5c~vwXjBas(2_IJMC(?WQ!S-sr@CjrneigEmch!^_d8p=c}%aAaH=*=gRjeD4}<(ErxQdtzeb zh`@R>P7kdxqNoj0h5j+Ef*!=Gun_=t(9TMw*j2L}CHqKeExHP3X+5XH8eQe}4EmQI zwER3j$%;Z6-8HlT<9_H*7IhP?%rv1h_3Z*(h1PkJbst^22Tc+23T#5Z;E-0(JL~kD z8eb&bpQXIP+7!nX8ugtKOS`;|QR~`l5}e*fR+v=?$3>!I&6tINE@IqnlJd2cM2*rf zOr8+!;!;tjjU69h$gjLH4x6t%5_)VY1fMqUTKy>u6e{F-2Tf-#2i+c3tOL`jOIzGs6{nd7UfA#<|63L{ss+z-(^gT>A=_ ze$-n3<#{@~PK|I-ufC{PE9;#UJX84-CC1{DQ5GfQ7xk27(PbzN3^2x!!EhYtntH%b zk&^Uj)ov@?B3tp+O7|A|Az$J5g)wPOBY`UtKM4Lt9z^x+&^Rx)$X4nJq(w%357#sq zm6xYBg7S8TY1*urq92XM8N2Wo=zpRxZ+0_Wz*e=@s&v-i<#F7oRv4A;r)SXP$&I#w zsa|1&QD{8`W{}z3#aihX;9oRb$a)k`Yn+aj)VNl1hwF@w!n^1-V1fHaGk9CzPmQ{Q z1n`>XFFqcv;Lqovy9CbL%mijHy`tdI4@{Ic9%Z({dtkzCO>+HXlzIr!z_8g z!ED?kNx-M493m0+NdiF=M2GW|#I!!NVB4?9+#{(O$2wf-^V_WwBF_ zUZD<2<+?_tz}d|%M6=`mMAw`1)Zclp59=@2%U0zYy@#&|Y%=c9TG4p0oxGh0W~qRCF2l}cVYCo4m|;-QUd)ApYXFvAJm(S znymVcHwX2*SXX;@PosfTXZoIAp_iLPEpfMF5ni=LcZeAc_hl5DtUzb`~ zy0K8OK#Rb$^}Sl=zMl2`T8XSZ4O!MS4`#H3C(NXWa$4S=4d-u7Ysq&z7w4z7JtP_L z59g(`$JlcCW87MJz22R&okQ&FIU?0Fpn8OD%`Gc7tg3e#Sa#>f+WBmb#nx&tdx!jU zw#?eCskimly01-5X?AaD_k!&sp`vVs(OPi!W4OGvLVHB+s;OElq-y1Vw4j@{;oZru zq0QRayqTK!q&5#};lA5-kRIq8CL>m4_p;HzZDsKLJlOM5umxgNT)L_x>fO$U#S>Qy zrTW}{8+z2Q;Ws?*xxGS-BVH+f7&H>>SFh`sFW00J)&M#iIt!AJae;o-8Bv-^F2;aG zG4x!sMbAKE~VNJ=lGK|+HT&ON4_%BjK1--c;AnYDTgd!MXpJV z$xeR4#j%lE-Bma*@omkvF^wNiY`Ots5w3-2d{ECD7sNA8ZHVc`v!k!}wc4?Uo+qgz z{B6jMJ!>-~5&IskjL2ricWu3J;WOw$riH<|jNiaD=~tcUF=Fe|2aIbk zORz|{INKWhVUcBBE%Bc5G_|w*^IFJ$swh2w zST_!Tn$*pTardiwVG8x@1|ePL!48|Mlo2SrVGH4&0C5T9#$(&BBQAy z--()xM(yoFlc5&tl##)DFy;$!ps_JS!iOFDz`;7g(G7l zp(~x^o;qFM@Ii3BP53CBQ->Gh^zGu+6#BVH5wOvO%7i7h9+qhrv+r3R)-Z0PQ3=buQY!~CK?L8fiJz+ z>14Ekc%L=~rn!;OswYOb`wD{!o7E1ze&!x^H{G8W45(g=e)Gr95biy9TC2Nw zU8og&6lyolj32@KrYuSd{12W8U%^6!8nJA=rM%hQ8`k_%z3Pdz&zxPW+D3c$#@rtf zw&5OwuC#9TLWkb#(lcmW^qWNh1czXUHf~j!NvFH!>7Th5{CY%;%}W620G};m9#8TL z$64C-?D1~S20PvQ+$?#tZ{!$wfYRwnaDk;qA7Q(b7oI*=KYbXh7K+YwDXVn5E zj>#CP1)LEXHP2Z`yKCH)5_y`Ezy;+bMTc-)ywJ1(4Ib^4nItsVe$^4*3+K~MM3>MPt-_SPLxRcm|EsNcKD*m(JWI&ut{_Jc~H49s|DqHkD2NDv^O6=h*^2_ zc@ak(x^Gv%HtBnZ`0HA=1v;`=xU|*yrytX3Lq>_rQRJmDJP>~`*nmUgDPHAxbf?N- zz61%;DcinNf9r$~B+7bGVWk^&ow9<7Tx574=52>^VrGaofFHw}m)>wpBG;R5uTfkN ztuXF#U8~mAMzqS?p=>{!RYB+3tb4}y!LapeMsl6;-z5AOQj=+m=4GQMto4AiniWbv zkpmHzn^d1xz0Ig%W`$ldI-~C98AjgtNZNeEI)|R{?Ayp1t+sG!;sS$rdLCQO{LHJ| zcXEK&C&f+nY!?x}y?@+%$3|0yIvO@Jyo|^h@LBSj>U3UY8dT=v&w8zbxtGmq0Xhb) zger&hKG>z_XgmH#I2W=Dx_~nHZR-InKDps{t;+}fmtN~o-Zr;jy#^(y zpjzl0T*RH`=4pp%(DMDg`*kXnkC#(mZ8XskMw1XwmzT@Xj;Fjk4fpc<5Q@ zVbaI*y~18C)J4quMdUB~0N*}zWE5&1_Lit+V4$#vY|a2p8L65S6*4~1#4pkn@K5i1 zKLPrA-e+h0+&HFTVY=!(k{V5-!#DHuT<99j>S5aN?H?pVVNOuH=SlPw_Da9XrX2bX z?hj4Emv}GZr1)vNL;cM!me-Bfs0HwB6@i71IyVc-OnyFs|%Ay?~^eqE^$J>}=#cazkoulRlE4Z-XxOSIfztK7_K&AB(gw zn*kc5SD07pQhjW!(DSBAdU=YDfd7rW@^TrSf;y8oz9T4^H>fSM0(ceaiwr|BA64DB@h!E@kq?9T)@H{^?Pf)2RZjKCBMkN6^|JXr(-iPBqGh71+UPV6+V4uj zX3T3R?M^E||AL=FKS`(kAx+^U<~u)7Wfks9w$W}gi(m?lY$Jm{v(+N)T9I|SI2B`L zSoHqP>K%1}J#wM9d{a8l@ya1Dg zqj7`%iyho4nrIPDO#?tmGrk$OaCFv*=D0FrIz10!Org)dh!<)`F9$%)~?aj2`*ZGx9b0uy;top=y$mPT)DB! z+jcTMENPNZ?aJ?DV8<`qfi{`VzvrHKVxHN4v%5;}MqpRd*ej;bcljI|-l}w|EY^o* zOFyjd;NtYMYr<{URH@a{tl?)L{B-42qy7IqO83#VuPL1wd{_JIc;c^A!*{pJ|98Ui zo~!()1X{ZvmfHu;d!_5j+Wv>Mw!cbso)az!eyrcDvOYgX{VKIaoAv$d@O@2v12x^D zKCKM?5U|_FezV`^_xjG>JMOU-{8^Vi>h?9TFN3`~tP`!#4rY%Lb_~wc{<&9`P6-~@ zSq4?g;~BThpxW)qw0#DZZU?K`<%~|a0b|4XG_nSHTBr#^LpFEEITft`Gh1?{DB3jg z(Rp;X}nBd1IV|lF>ErB%}8Xs2;18X2hk@IC+OPil)1vd-XdmH7$C|G{6Qj@KC zU@6tGj`+baeSi@c{Oj&kUEVJo=cb(Xmqn1`Cjp>m)`|%c}{N?@)qiJv*^j^`y1W=bMn2f zC|{o+JGb)r*(@pi7|Cxog!fm)U0=-&$Kp0S#Ru8dy;Br^yi)O5(TFdvcSL#lUEObr zXQQPetBv0Ig%p0()o-~*=1Zajde^jbC z{g9)G@$BY)HQLSnlIURU-Q16jV^C}-1jW#rL z1^k!w%vk*z3x1}(*X8iy_t%cSn|r594;C1mc*ZQZ7+AMeZR{3gLW}25zUm}#mxwLR6Kt4F;b2yZ`PY*QJd`+EQiZ-d$8>7 z9<{;m$QT>*w!`WuVH(VPTupR+n#WbSJ!4>Gc}a|v+r`az_82MG$LyRhPw`_>_NQXx zP`r!Vu8zNzrFU`ro!efvv2*)n$fa%WC4y28hIs=G2%ITmjqC(rV zj+}Y7dhz4RyI3zSrw{Xdd42evXs_!J)qfqr&v^H;-V?PG%@O~m&1`x54;}b=X}P95 zkG(tfj$rPb`^VUw`h}>((Ycaw@`uazjq%Y^_$bG9+FjXp8p9_gLD{7@6UvX3+SU0} z_lDp3Y_`Db!Z8xtPA^+7`u3-ny{K zje3u=I2(*~d}o7k+QL|8gYgXhqEgy~KaZlcv_fVtmi1LC2g6-C2|*5=l2dLZJ`vH& z=sHiiH#udX^ti#o{arBLQ?<~TIaTXb*_30Ss&%lQE-wY}?P4|gIZLz{e0AvT2g-ZL zEDXNH1p@rK=8;9$#j3JBQ>*ojHTBFqwm2JezXq^4G9P&8orM=IwaaH!z<;Kd?3jY~rh=E!ed-a|b@z z?Ztib5#iUT%>$xAaA@lw+Vs4&6wFWx{sDU1)|aqrjgo98!LR;5TA0U*1{>TPIfv@k zoB6pz_Oehe_0H1?9%tsK@bBSu$3JItyI_wwKd@vLd3Ras;g_O&EK&SukBKfvAGH@m z&m5@oj=MyTiG#9c{H`vY3IfbQ4oT(CP#BB}@|LACfwHmB4KE&1cPEq5H zIx|9ReYKcsX-_F>@H6)`zM!Xrlf%i8m*8%975~_?NYk7-o6DtmpQ%RfHGRh zBcf06*(2|k*OO<7qRV+3Zxv7G9W+RPlEy9JcP$zr1%;SVl3HoOA zFuws`#S>MjCs?gy^Ko3q1I4JZQD)R&+AMD~Q{g>c%oN#N4`X72=#2RVykg8>C57dc zvVmCxG2OL+ycxBu@?o4Y(ib?MVr5PjmWpTmDa|~2l)-F#ekPpx=Vo1H#s&US+W*Vk4Tm?w{YlE(3wA6l()D8y4q*llvVh;M8VgpjV#YUVbi+b-lL# z*me+Iq<*k94%lFDNL!KO*Ejf?^(~HP``Ih#+)Ei|hy1!~zp~6$0NN9I`DOb#^L|1k z9r_Ovu~Q>~)g{Q)jCem-V4jNED`rcfKqRzjLhuKk9+0KELf;r6^on`fo0S7IVMs7& zj~vZUZkz$kdo26;$Y$jRZ{VIu*^T;6%Q!ciabbA0I_Fzl<6>0#dCh9|zscpe=n08$ z-f`yR@_L8qca0jCXl!U@V2X97{&|mGxB&QLO$D^(z5RJ!$BZ~-wI8^ys zKUySCxLt9~D)a|@_NJ3SRg}$Ii+nvjCeRrDPS{DpG-D$aMr;Qg??Hp(EwNq_xmnzk z)!1xcE+BievFr&h}F|)NsfzTB5 zreKjBvaCU-9Ap&ps^%?cy$mvgYbL|u(k}~3>vT_}6K`|5vuDw;0giZwS{TQ-Rp*1E zjbSID(819ltbL|&)2}u@7(bJR7x);m)ihD&{D)L4I7U{_+FFBt)vB-$pw*GN7w&QL zc%UTa!I^y@SxSCHv1+9dYgHPhwt8=tqc3RPYVNPYJ)vM$aoCy}_|!N9nmy%E>uA_W_Omlce+Wo%4rCH$^Ek!u-ZR zM2f~w+8?E?YvDJ1mK6PxG#91uDBTvN7e?vHp*`23(`$MDk|<^7I!{S(2xJ_(8Pq&O z91!jS?}4*!k%UB(G`kf}0NtZuAvgJsghFbYzL1p+gw1Ksh`SoUduC=uF zVRkZxjdAm6U`4PBmNh@<4)hmiE>M5kZ}ZiwTq(TG-sTo}>eNA@`M&Uy{YuoFQGAcF z&g*M*wC~UB!z^lNg6s^2YOR#ZI++NOwyzpR8Hcef3;-nS7>}y=!lm z<_{JtVTs1_=)T>#bIekIpyK-AF4bzi>Y3Mx%yWSzbfIvIrGPd5hu~b%AYQxUGQJR#vOP}N4Q8vEG%zZLvr`)zrAQa^CBYZi zQQa)?d9r(}P;>JdB;G1^X^}7XCHRIz7+I2p zBGDt+S29`cwr45b)@!1dPmx4H|D?@WFGyT?TwLE2NnLQBATH<=qy@iIZ-fKu%BSM;4r~@!MTD>f*!&51P=>#2%Z*fQ84NOL0T{@xJhuE;C8{c z1a}C&Blvs4sP4l~gy9IwIct-G?V3%N`0$A4zmI|&Gd`9q);1R*^1g{JJAb3Y` zu7X@|7HkuIOmL0h2Ek6jGlCZczZ0CKu$HF@;)2bBErLq~e<%2vpi%*=rwD2Va|Ck* z^@8^aRtY{Q_=?~FMZ`Q<&?z`iaGl^r!H)zx1TP9+7F16Qf`bGJK}wJoY!iG&aJ}H$ zf;$EOxSwz@I8cGD4->2woGxe)0ksNF6Pzvhpx|=B)q-mUpAvjY&@fAF6Z}aqNug_N z1v3Q)2@V&`6)Y4q2u=~aPtYuA6`UnV2vUN-5L_$xqTnXMuLUm(UKhj^T>c%w32xUr{EmHCc#yLuL!;>xJ7WA;7-9^g8KzO5&VPTp9EEk<6SM7CYUZbRPeT7${`xR zg7XD82)-`(q2NJ5+o38)FeJECP<@!7>Jg+sydf|CTN3R(o6f^!9F!G(fh!G{Hx3jRXy1Hr?BM+7?sznZUc zC-{>__Uf*Qe5f(3$l!O4PC1g8q_7W`E3yx=#2ImhZX!Dj?F2+liBJWX)1V7uT6 z!7l}q>eLs48G=wSS8%N0OM;sOKM?E?Oj!^F`wK1>Y#015!Ht5)1oqjdWs5`ry)oZu3{F2RiBg-=0Fu#fy5d*Qz_ z4yyh?>)%8EKdTRYZzEvWE(tJM`+4mjeb3H`GS3h@`_UrfvU^R>+aw*7dBCjBMn^Bh zE3r)4nQ6S}Y|ETBM_haJGT6>x*IEhz1IW354%k9rE(viQo`ws z)N5G3$-(@PIavhg_=&wO*xLttsc7#w*vpIda?}4J@}NdLS7e7*#e!Y?>dS}^d&NrM zt1NSGQki>`%iNn%<{tHwX}ZT}^0Xk>cYAMazwMuUXVwGNL991cv+lH5aE2f~U(LJg zmA$XZ%`-Nd5nEpzuSl7k)r(;ivdFlu-Dg_X|Jtc;RQ)n4g-$$Mu~OV^DC# zgkaaHvCCr4n#ZC)yWwNYW>?Iv;5$!Y>GN5yRgL#mrYmAIgGuv($t#V1W<5|7TfTky z_MqZD^2YIz5htInJRpKb!2=UzISL*W{8;dq;OBy81-};H)p}l#RHMHyxL@#sV5%DZ zA;HChO9b}_?iJi8ctr4&;Az3Lg69Qzvi?!R21C$fl_2#HGt8wKYI`UC@l4+=7Zte{;E znBY{kFSt0TT$NrKr5|@`dvK+@-yVD}y8ihny)H_>7^UBe(mSH`r%}2iN`D@uPxusv zuF4CxTYB|YOP`3+dE27<7g|~orByC%53Y#PE2HZlkJ1~W^qwfaFG_zBr9Y3-C!+Mp zD19nQpNrBLqV%i7R{kwfS`pRv{^<9PD19_ae-WjxMd^f#?EOhmS|6nwqqHYV2VB}7 zd^buzbx3e(O#Sm|r4CP5SU$~%+3%@`TY62D1{d3XEj`rdjG!$_ua43$N9j{h`bLx< z`eA$i$S7SBrKh^IJ(zka_jU4(OV0?VN57|EX4kjRr5^1;+fi1Zj_7)O^gFnc=gtVe z{vNykS@*j=sClow_hibhztL;ydiVYr!3U!2*G2DtBl`Wt==~k;cYE+elv+OfsH{~r z*NEj*RMb>fS5;S3!cj)BPWTa@^|D^EY}p;zrj+>;W=w2#p2m*ysgN9IQow&0dIg`$ z_}(d-m6;yabcu6W>62@!D)^Kvy-{-{tf?q?r?8|kYAj!+l{4l$HtRxJ%y!AgIL`N0 z>-j!6Cyd>mP)!XZ!tCVg%F3#$s?u#^{+Zb|)>z96sadUt30EE{?p7hL8PlcU&4zQX z2(M4{^e#E)ienVXOg?8}s_$U=Fg5=s?{e_5X+Pn?=rh4d5%;RDd=sqh{rs62xUuHG zeeTd+_{)OXix4CS$-|<#3_&J*H(4TQtzQb?QWpomjP2SrJ-RqI@+C1V&m16B2u0aC zH2h9nXFXAu?l8m3Oup?7XP0@Wew`iVRnCi5?p|U2{P)83p?g<)zWbG)9*?B|S^E6C z`a`Du<^P-z99Q?&ZOjRWf+?!M68SWxiwXt>aQtfo=)0d2NXZJmEWif(xSUQHq3!(S6AH-t1OYF_f_HXR=s!k7%|xyk4wS4sQ2*AZ5}9;1 z-IEK?N@u#m=5%7HUx#(;tzEm?R-AAaxZ_T}zf*sbu4oQ5n`_v(qG4n1q~r&O;(eQP z>4uFP`ZnfHj`#JY)sA$gVPpG>#U1Ymv6Yjk(Z~-qsd)U6#|!(qS=XwIuI=sre_8*( zPdEkp;9G(q*wo(IylK^j*5=*R-l(f>f)B}(TcJJ0i?vRpQR{RTX+`S^k_1cie}VSz zHfXM3iN3AS6DR1I1$u(NrGmx!f1<9DLxZWd$`RTq)&JD#najWQ+FR>-r`>$5#`@9U z-nmHEKCK&!WA0xgpx&Oof2i+Of*k_J{)+-M$u|TO1ai@67lr1yl_J;XE2YiNO5p|V zN*U|tDP`=V_tc+E0U^{SZEU?1Npqd7gaIb55{ zC3=&6T1%SS{fw^jop!XPGyQQbODy*e<9x}Iz`a8qi^lIs^^1bksk$C~`a5lmZ})eCdSfd*5@{wC(u5Ry7))NYU>|(eX(66b$HwQx>nNKjpk2HINm{ zTDENd;<|>D7a#N9BaYzP(nZIdvMhH}Z#>((sXsor6pqk-#^RGYlZl~BDmUD4e0$%J zPRZ{~X0tjSe`9V5j~e4B%SReInsQ49al4cok?a>7bSOB z=-;sx!iM4sbVo%W?{TqY>AxK=HuPEZ9rl;(F7d=sN@U!!ig@qmzb6J>y7Bw63MXn* zZ=ZgzLqTjmF{c=e^mj|(O&4@s(Dh2^E1i4dXJVDKpsTf3slnj0$J;a6Js)*fb`?0t zOMUmRzTbaw>DywL0H1Q{Onb!r|D{;-4Py6Iux@<{Q*@N~=sM50D}9gBkHY%(`S_hC zW!}8bev{7E*V$jN-{VbRx!t70YfAZyC#}OF5&yBGgM|8))x4yH4?aBaGKs4tmyR)rVG^*xz*e{x$ov!!-TJevzQ z40dCHbS4LL$^NcnCOo+=T)b#e0|A7(`_Wx$Ya8kpP3%mh2b08{QBWJj&@qcaA#k#Z zOsY#|5Sk{P*&H88UF4$RxEMn{Ljwtm;v+?XP(VD@la{rxjj%cWR=>JX_5*kGL5ETU ziF8J7P}RB>Ek|*8;sf0aWgKOrrtR4r;slZX+IRvBDje*K=VVUxFAGPDlv8Vgb238% zxm3U62U)gum54@3D>~5^&t}6uv(9Q)bT+PRscp&(59Ur!%lkDpb8#~+T8;C8`Jn~pm!bd5=7U5KNwpP)yB zLqf8m9SQeVcNM34M0qHS?xZg_nE{#Eu(_opOsaQWt`yjvjD9GSc&00rbB3(dPH~YG z;Atq4Q=y~u*bwb-1s9^6LX#IN;!-xXHQ6^zuq665YPpZw6!j55Rd6D2OK0oUtggOP zB0@)MEA+i3IjkG5zNyWrT)Z#LrZx}6b3?*Wec0HSRzBNOxn5UPQ9r8WLAu1qvpcOy zE67rq?M)5ZJJ4IyRYm>nNylR`lir%rmY-Y}@ass0}x z)H{8tEy-|Q)B2Y6Vdwge*0xoyIV)QI&-yT;bWal+F4hv7ol-2Wh|24t+CWO z6)+Z%=R6jci+P!m)Xq_s7kNu`HG6Uk(E z)-ySeHeoknw+f8bsyJesl>z;sz-vN-hDV$zX~Zx)!be&Y>ro&x)g(Tkz-A(ggt}>% zzQW0p?5+SZ{5LXA%=9+N+oEao5#XWw`oAPphu$d+D)s=*E`_Z8SW4 z&O@bXfHhoQoZ+kTj96*9uX{l@H!P0sqvs`D&k>R?3Kv%wb`7adh7!G@n4Sfu8`Q9g zO_y2EAE?Sw}7rhG?tn?Rbtc;iPd-(y=iz6;g8>( zZxR1b#FpyIh4E}S7?&Ctk(K-<@-*${?Cv3_FQ8DI;;5x7HGmgdltc(a$I(Pe+j_+x zJ;#Jod0sg}1##j4Mbg|py4MgXc;WnPQdBJ=A)Xu_U%%)WsUV7^NK`{ttY=GgZg4=h z?JJy0Qz(hf9#s@A%npbb*AI4yNncPOj);`_mm3CB7rHB-4s-F$=44LdT4Pe9#6@dN zx{8`-l2+soanRgiyJmt@UhSU`sNubFFII5HW!GP%cgOF6VqX z(h5vFQ??Ozmt5E^>E#|oo7kEZ;!Z_#8kYeiU}!P<=PX z+_M&aJQo#oy(OWeuM!Qnw;&f`09&sC{4` zE#`~u&>{+L=syy_j$GsW2DJ}pl^+K7K}QDrUlY6R@Y{DR3~ztty>o7#u+Ln<5!ZaV z`p9d}u0Be(>VdZ(SgA!R6L5kkvtA0G`mxEM-}Tt8$M!va@{hub>iL!b%+M7Idrn?o&}Yt)V*DZ<_4}J)yBX#6P*$M_G)rf34sD zkv+?iXPjMQv9Sn&vU%PPHfxv%qa&6U1`=_Q-@}t*lo_) zD5RmvV&^ie7Fg9n?!3uW)(my(D!Z~dk>*1E=X`}w|NVE~v%S{j#EJ(>NqdeXYeT0uPc1IjPe z-G&DQ|I5YCN^wakOO>zF?|GB;DXSw|W zhsFVAQ+J!I)A;wLTg@QD(ECKkQ-^&^3*i-+85RvKMK*Ci%~20e(J!V=uD9pwlO1CH zu1_`srsx+^_JBqHV9J2n#&{z3iW05oS*6CPgV$D_8RsOtLRTV}j61_It958mos$9F zau=T#8OHgAnkoFEJ52}zR+*N>j_>lVVNW{RZtL*U;uCZ^W}ac0Bv%4~SK#Fa zzYnX=Gn(!HXTDocgL7c>eYR?R)XBnR#2Lo)VoBG|^q%>Qb;BTuX8?SIhIGG^TXIw} zg7U}n3U|L@Z&DXmM6_!XMEUbUZ|d!<}i)=Z&X)lb$NI$IN#?0uz4A|UhAec z{y^hmHlyRra+(ze{}&_@v_^~5D=iv@rlakXV>A{z!}KBuCumBWALvKy4ReX|(O^xo zdUNzym!sv07B$`F=TEE3iQ`FQO%@}*fbqhskjCrvrXk_Ox5|gdsex7N}+OY>; z+S#GGSqqulYTq}#d&!<1R_Jc}D5>XdP9fRcx?;(C>ut7yu>?|@eT!t1a|gUwMx^hR zzq>cLXLGf>$&q=*)2}_l>PZNnM)3ax|BrkO_r;TbLXe}exf_NRG2h;YoK{_1U?|4a{8D69%3I7_u$hsPeruG7bzGaYj%%}s^<3b#>=3c8>sGDhnkHgRms`;#$DaKah`CT~0VFW&`sT}{ z$z^L>W+=w5s;~W@(waWj_4yIt#zBsww*ah%BKtuCIsIRKt?YXKnu74VdOwJHkQ4## z$GW0OtM7zyl6XC34Sh!S6i!;4G;gJhTnHiHC$1cC&D1cC&D1cC&D1o}$?L!#(9 z(M-`S(QMHI(JCR%ydYx#xs#$=A-en~s;$soSEALToub{M??t1BX)iCqNc}8o5`<^kD{MM zM@7d(#6A-9_}U{D_qcVH#XEkict>I$iFKSSx=V!Lxt^MuE|I3GFeKa*C%OkzAxp`$pQHeY^CAW<& zDx1|@B7lCa`l@Vd9uduI9-^H3tz=T!+GtRkv_;gN z6!Ga~=GSDVBbhmw%=~iB%;Dsj^Umbd(-(Gf3h3WVvY{MH*ScWeR5sYRLJ_#d4MmkD zsTAOh!~?sCUm-ZAY83RFD*mD7Lw4Y{Sm0XVqAyVYZ`Bw$CGs}p3fYVX5w>K82z#f`-pFLZe+U3$WUAot$U%Is0rGL7#;S5(!cj*k5E_CT4mpoHIKP;zdT5#sRJ%OBpBW5)G?)H zDV15F$rM$mI(qWz9Ob)u^6EL|N9bO=UJ=~NH}vG?tcxmAxBI+!yhF#OsZN)kA}ub7 zM8(?Iy;%KUzh1X^|DV`9yFvNN;PaCtE{zwFN>f}E(u9cE7GkA|LLovVjv6ImD&F}o zt;oBKJjO)pS~M*&Ru)CGtURXasR21brr1fRwSZS6UbDRkgeVV@)_T_ufdLBIg zHuX&$#m6|X@sZJ*j@+0eR*jsi|C4cT|27tqqoCET!(p5(QG9ub?=19a2=l+t5+2y) z`xzYO|G@62LUEUt4lkE2&j_2pO2_uL{3M;37>#$>ES7@AQ?5w<+;#F;1&^IF&aDUp zxx(U;ITxdEjFvhyVZp literal 0 HcmV?d00001 diff --git a/Documentation/Supported_CSP_Algorithms.doc b/Documentation/Supported_CSP_Algorithms.doc new file mode 100644 index 0000000000000000000000000000000000000000..d1dafc7ae22ac23491434e4973a79d3aeacf5cb9 GIT binary patch literal 190464 zcmeF434C2uwg1n})Fe&XrUNash0_*FO6Srt3r*8>OxuvOAfT3;Y-{_~Irf+2q=2Zh0l2g-tywEKm8U+;fU3WC@2JqBJpaNvM$ zZvdOXTyAnJ|Mz!5fySVl|NbBh>Vht=y}=+YNWs;pf2Li__*o9dg9=ayCV+_m9yll{ zj`?beKT669_zZ&U+-I=PF2NyOXYOygqp|t%Z^kCTAFGSF69&QZV0#b`nuCrYVL^}J zG9MfXs=)$q6j%rrfyH16SPJj`vx-s>6OR@Hm4nNw;FusdmM_Nv{*Jdx>Qh;-|1UmP z2f^vozBgzM)^cqL27*q?Av(A}G4w_trrr$d!4|L;Yy%Ae6)T8Qog}~Wbw_Zm(hY)F z0{+gVSTAxt3%m-vda@#149-@$n_RA)P(ifcNbYT}OuEw_wDY}-purx{0Xl(hbb}s| zs30bat4>k<2ZD2gU@yP-0shpW=YrRR^T7FP&abKr`-4DnX=dNt2Si8Fa~xO=Mrr<_ ziZGMG6fhM`0|$ZWU#X0geVM!74!W zC);0*e*!oWoCID0P6nrdL!dzo*EOIPtOa#IOxp-V&$0eB5q>+^0Zs$H{mYR_JiVK zoIf^xT=~jbWs4S`S9~1&mtL;bHAU6?H`N7K?XD_7P)g4(50_0nyP~vuTEp8HO{xwW zR#%krAb1?w-&i@9uA&xJ?u3=ML5J7!WYhQ=4^2NDKB>O=)sv5?D7|u8RsHU|pP~y& zFE0o;&HBuw$wixjs)~!NE-1fu`(!vcJ^w2&*bu)lRL}Kz3R5ft4Va& zpOekX;FHTT^^cSxQZ}Jrpsc>&(}zz8jw`?5o3n4I530(F-cmpBw6_+7i^{6+tEhPH zeT$ZCsXlrt`X?j*VHu5ZL!x`&D&*nf>SCBUO#zl)x1@e@b;TL8zuN(q%=q9zvzC-p z6;D{)8vHT5f8We$AF3{^FRwfF6{q%BZwRiMb-`iM${G2ed~o%3r@o`P^s7gfZYZAq z(bA1qH@$s?A|ML49)5gLk5gU+v_&B(0>z*Nj02^h43vZMpaN6^@!~|TlcMkXJ%#U6 z!8C9Xm=0!ugFz_;n8|e(m<CQk4?F%^i704DJXRDq>+cmlP;e`SmI5&{PAGwLuTFUdJvlu4P zA9PcTLBeh)y?rhv^~`A@bIzDf_R5M59L!9LeZQ92V(X(JODT7uY`L>{{rrbTe!zJSq<<8 zPh~q;I9U+fRAnJ$;e8Q|vgi#F>ucT*y-QX*nvkED`akEQB?n7I=+xC#n4aJOaK+1+NF^ zQLgjBRp2M!r{FGdH@FAf3w{Pv{>MN$RX+)Ifo|}2@C9%UxC6u>$YO8;I1wyV`-3Km zxE&k}4XVKcZ~=H5xD;FlZUFayXTTJ6{!*|R>;sp9YrwVOHt=2WBnT_8fWda~dT<`N z7~BkV_dK93e=Vp39|X66TfqTvEGFX)a6b41_#C($ z$c#J`tOGsZJn#kZ6RnHAYmfkK;6m^%@Bk=--;M_2yValuG=mm!3HT52 zeeeW$61;m}5WELWIs)>6ST%J4hk+360Uh8na6Nb!OoyMv)2-kFa5eZbcmd2iiu!~0 zg^a4f9?$_gK^N!-=YS7`8^Dd=7Vrmf_#&)kFc(=_1&#qN%gG0P7<>dA2jka+Eg%8j z0j>ij2*U}WAG{BI2|Nmp#e_Z`ybW9fo&>Xxg-1XmXabLbAja?cLGaOI5SUTE&*~Tw zhMyzGEy!{|O5de}{EQeEIUDi*C}kT<`Trrp45N8XS=q_22v;p%abmb9F&Or>pPL9f zyIaHM$AqtVMYyc8thT9X%g&nm^&8jjT-%fkopFC%UEK*~Wlf1h*qrF--kb4k?S`^4 zQV&mhh0HJ>6X-*WR)_>>FtAOT2C%(bb;{6z|xTXzq=N?R{ZS zqPMNPw=>b|(oau4-kS*bban5g(tY83dV1SC$!f4C@!l}r)f&FXGIBSTgw-{U3Ilz8 z)LS%Bnflsybx|>B*^-FvWtN}py9fIF+FPv-eJ$NRQ9z!wcDD?4QtBlOhE;q~*xcQ} zTS;0KcgLwR#E1`c^oQrfI|dScA(f(>gW<0Bb0BJUM`BmJV?mP37P%JAAU>6hCmSw| z_xJa_ z_U(-u*X-C{w-ZL%+0eLgOWn@xXEfBE=<1Vdzn7C*?T*INEVU(JWn~TI=%lE~Ku3FD zzgor-JV|e>vt^kk3~k*Vh^(=8vH>krA`b70=1wW>ZKu6EY2J2n3HuWLa86sq>uKqU zEW6>@6HSziM1v9~pVFc*#mI|XLkum{A`|>XSNFiK-84yCw;Fe#E8f}MzH6X+pbxD8 z$9DC%w+*HdlB~NDiB`!`WhJd2I&D+k+}_`}pscLHHQjckr>v~jNvOV8mWB3r^zyQ@ zvMs2GL{}Ffw!mAvx;qoSgOy>JCCurGcEb1f!hT_O#QO_;g3DJNJ92tqD#USR(tzZf zmQwQRF%)Rn(-HDfIAi&ajD%A89KRx4h|0C?ZK%D)8_->yh=GU}iH~&gkf+sa7jH26 zl{QS5#P+Upx;xH6P!li-8ri8H)2S^^t%s-r-At2Sn1}R2^k6r_w!1S;@0qMQ@$Q1n zB&(f?c$b)nSfqmv8!4Wos5vp%O?X#=5tZ4AsADRPK5Xw7TlLW!D0H^Mgi^wZu9kRD z-#|xP-H!SoG;B{Cl^!;CbT@nbBrUEI#!dLw)@-j)RVY9|MuU1aDAc>lDe46$s!~zvE%A<)sKkkVJss^W z?fvRat+vWaiDYQZ8s8Q!S=U)Eiu603>p*W;pUX5Y;bgsdVs+qQ2OLn1F5e4RspFDP zr|DGQoKdA9(ikLC?+efdy=m2IN6STZNlPuQT2N4JIV3elxAwNME5j6U-Bxpg?kT0q zqs}JEeo44aylWOje>*%*MWY@&nNMP0%kFsBt^}sWZYt3^fC3(XNmb=O%#N(gwIp1N zvUc5E)N8BgDXK2=tku$yh^ses+}AVE3<(y|KU18pZdx4G-`m~U?z4@fJF9be|IL?Cx3;)<(RPR>*7u7!R@JoDzUj7emFqflf6) z1#C&6DHl7ri|?W6@n&p~@c3o)CWLFHLvfOI+_GiimJR2I>sN}_$wnSoI-jws!2{V>epuqDykA8(h5 zsy67BiKWscyG?1yB_VxLrIWI?iCzpLso2UgeY)SK9h0=ABS{M3#k>VW)`5|l8lPD_V4bd(ykMC^|8`N z-Ga)$B&tv}D5z`7D9q7o>zZ~Ry}9m;jJq{MLN(TAR-v(WWk&eM+Ep39Yno~^em8BX zS-xRQP3BoWzd%98K>h`)LUUM2h!zfKQgcoR6xRmC`eplPr-Nh%@C%SfFZqYY)(DzB5$WTsL zhs7AGyRF()XM}Psu--G<<8VnsUt*xOyAg5k?p!y})uMq=dQMnlz1UXjE0TGpr`EV` zrzpQuO~6PC9iQx!jU?0xJr!Bk>OF0cG=g!B=y}^3lBM`Iso0!;))=C;X-m^in9B7h zT@bNn0MaAm;@mayJ||bc8&rW@iBp|ulK!<(KT3XEchuLz%PG1?RFDv7HGRCQm#v|^ zO&2>Ra;AXMLMpr;wJMw0)K52~M6rd9^}IdoQ(F>l#G)X*-f(YsZ)@Ko=qeLMgj|Dx z;Rah#-zdfDH68g#$JEJE$8tr5s!W!U6+ypKPmtcV@&343Ay!l@xl|pNxZLQv`m6v) zQexNHq$=n%gy+;Wia~H31xY%KGgJeY7FBrpDTPt}q7IevYCy~w0)b70rtz%ao)4lP zd^8r2(nmj6RMz$m_Vjn}>W%j>To1R=MotyA`szPCmL^iPtB2z|Rk|CWlB7G3d*kwCSCWAwwW5XOu>QvZq zi<<|@4n}L)6SlPXz%Pv4DjA~aFWGaHX~43jyOmZnHG!tyvTbeM&VBp#F%nXd`%J4R zRk({%yQa1w-n#KL#wBHqI4s(GNnuFUDtYGqk^!)VqjGIL&7P7wN$nhx(1_vcYS)k@ z2_};pF+WlyWO|vC-OSFqwRNhmh~Nrlx&Pf%gq~5w7qZen$u1*M-?(A1#^|l#C@nA~ ztTiMVkK77FauV-ior&tLZYB(P$^HjOy?sSHHuW7!pnnsSd zv?O}^7r4fbMu^^_pNcRV$9V4h{4qAPoBGR(a4%2sg%(J6l6C zIz|F8>Xdzm{k-c$rK6DuPn_K}EH5{@Hq*~slA?;UjC^}C%oGV)qYj#%-gZvxV@!(- zt59x49+@#ntV>J1s3`AKawE}HO8VJ>wdoYz2rUu$U&3lL_I$4R)COFwp*)0%TqN<7 z+(f!4<%-$S(~4CS8L2f%4|w$gGwY>poDqUSpcY5lKtD$*-^VxXSW~~T)@)^Hk@>7~ z<7qWGqcNnHgj?}esc?(JAr()Vsg&6@1eR7^5T%HQM6s9llJeT3ut~PFeXIx1Ls0&lD9k+gV#* z)6^6udV66HJU)@h?dzhVAdbCEbo4sov84kCE~V^uHR)#lq!|ZynwMt?c|1i@Rg_aL ztrFQtZatz>OQYUEpX!}X;GC%?8`lPmnG_N)z~;tsb9>`^=eoAiBv2gpop{GnlPR4_ z{JXo_`{ATi07(x%4*cpiF0$DHS3>U_G?wcd=;`V1#T&{XOzwVb6VWzOpQha10FRuS zl0`_WJ7=s#R$q>uK%>ml8Ad_2Ts^{;wX4PuO0=(rF8F|%tdzc4kSkH2_u3(O^EnrA))Aac2dgBFvB}8H>}PX$d{_Fc4)bVr#4c#hJBPe{G9`?$MT@q4)Brm5I!gtnAuV>CU*bHb?k`&v~y@(r^p61v*lwUY<(o@b> z4b#1I{XNJBwMY)D-s=^(qmmMFV`<5ZyJIQ3du@?l1-%0IyFW`T!--|=P*%20Gq6mI zzanWBX9QD&!x3r0RxC5)xv~;ROxdu&a?gw$KAk_6taIel*R8LqJ!9nbwTrnVy%UNxjH`>zFmEfgVkDDfEA-WN>G9wZ?myBv=yeVAis?pE*mh_oC3(kPZ>o zdpk2JQr5DZ2KwTnQ)D#l)u5uw3len0-9c-TuUtv}noE-Zwgtn#-nK@J#x8ihsB1?C4?d9V7%F44$lqxJ6$_NxRjxnI)(RC#a(dQv^o$K{{xf$a{oM#mIWi&eI!f8XD@>G9jlbShJdZsC?8QN#InP&iYgN zRN6((<(f_)C6hEIa2ciophLRo1~mOkg`J#YJE~A_x>U1Fd-XFJ$ta!?%|aw2q^AfFy@t{^Rwx`6Cm@o(|gI;9&WYuO3_q`*gT?e zbSGiqF!s&*lFUTZ(cBnL*T${uQzgMk?EDI}N`2kVGin+ex1Am-%2a8Q7?BWC`gK8P z#IcO`YE~8V&#jQ6McVr{r$ygfiwsr(Xf@Rjq=)YTT}Q-O_B6-qcdZ8 z2pL&`VagUomf=?Q>`#mPAq=zCnCGxFI@ktxF1jgRN}WDvie@E{l73A0LFQb#J3>|m z(PdLXsfV@!F??i)JBdTpFrtil5v#T%p|hP`ITGgSbv=n0E7?nso-+~DBIMWO2MliI znB?D=)K7R4vUi}%tzJNGdb_)|o=S$5X}Gk3gJQd`$5S!6+(xcy1g<;c7mavqae#3Q z{8MZ58r4XrW5r=C1v@i-5}~ZO^R2Wix%N(!>P5HF@2N-Xaq~pI#=5rD&diyxqA_t! zyJM#f%wBi1My3+mM>p_dV*hA`jhheebDrsCOE6znE?s`y(q+raHg=&37;~^BcK@i0`x~%NjrOS_2oEpb3UJx;1acw-Uf+D-9hJ)lzr=c5ctZGa!BbU-{QxVl^ws7veELxsOv4koo0BZ zHGybQy@=)JO%O;$WtIs zfjkBB6v$H`Pk}rI@)XEZAWwlj1@aWgQy@=)JO%O;$WtIsfjkBB6v$H`Pk}rI@)XEZ zAWwlj1@aWgQy@=)JO%O;$WtIsfjkBB6v$H`Pk}rI@)XEZ;P0CP9OAGFtN}Xd;M3p- z;1RHl-PDfvRU!4yU*X9|#R_#4OG`kz9}HFk&j+=9pGEu626qC_ z58tE>uLtMR7UzSjz)!$W!Cl~Pa1Xc_{0!U&9s}j&oQwgwzzgZplJVnD=}-Qc{v+eb zQ|V708{3cHj4fD3(ixeKF`tYC{(FCnu>`K7#f3rn{9ydLn2t!Xb82D}1AmuW_Mq_a zSTOT%-TvM1z}vwWz%}3w5F3v?fD^!pU||I(qktyfUD^(&BisD_>6s@Vd-Rb9@Bi6P ze{|>fZ@c;WuYK`zpZWJIKmO4VU;2UfUhuIbnsHJ89eWrGWvKqKc35)K!(6Qksd4~&R_iF(e$JeDZg{`Sn8&+;@-D z0N=UkTi1Q<%h!JXKR@%SD?j$354`&#>45#`pF7akWn?HVm=u&;1LFsUd~?5MN*5HD z%;Hj9aIH5FzXS8Idsl&DKpi*>>;bO_7lO;c zr@(c<+sQFb-zos!UOp7t`1$mLWG`;UlMIDE#vi{+&nM%@uhXB5F}45RU=OC3Ap4K| z(u3Wb{v-W6T0Kq2J3EgP1)ZM%XtC4t?t4$E`|h5nwY%qogQZvh+HHR_?SBe*54Zu` z2%ZDWIZ16B*b6=et_HV&KYSN#?ykip+qo8( zyv}`|?>;}_KELlif9F1raJu#k_j#uKywH9A+Z zXWV_B>pm}cpPzT1U*I!XEZO{Pw9lJqqpyPJ!ImR9?--m7-0;)$afVXJ_>rLpGJcFv zBr{UW{v#u`j9}THWCY9jkr5~3M@FzQ{>ac?8F4b6Wc=`y)z!&=qzek8aUfT-0eK#S z3uj7}vbEJe(OzEz_kcqD7>j{?947$zIbH?i>$nhn5_|{z7CZ{xabys@6O=FD^ilBq zLSz;kjQ`^hkO1~8S<&+h)o^FO@fd;a$D zYjMePC(Uv9d7=CKl+!JDx=-v-r2G)~x!Qg1a-Z+#b6m*>_^gaMOYawa4aSu`=o190m8G12 zNt%Bzaq&!!*hW$L|4;IHL2jD-pOoutG@*YTk$EHhmWCu~m`19w2`?I_YXWDt*L(hu-<*{~N^heTT@8`$< zf8hhyp#AOF8R#R2@j(I?MzNBAS?-LM4)OPoCCsG+oa{5(uUNX1{M*krVN8GTA(Y4a z6$6>ltltIi!o$MP+UTCV^772dJEIYrMozMjWwqXaqJ@W~GD-t}1}A}&!D>(g)_^*o z^yT5zC|{PoEY)8SK?bdi)>nX2z*=zNz^Q1oalwwDE7$|NgS~uK@~k@;2zCWwuq9|` zEZq|94iZ5J{}Y1sK|JUU26?uId*|@Hi;(@q=n4wB8wL}Ddcq74D$cJ)KKp`Be)sX8 zAXEvzltv42nQwqOaL8(a>3s0v z8U~x)^R=YD&y{Lo&_wx_qdl*8&l}vGJ(OuOG2*1NoBAdAR~}9LR_*kw&!tkHR)SRC zlY&jeRT=wSnN+gV$*0fds65Nk;+;vj4pOd6E3xXMd{vS-pW_Ly)H5Vn^Zs-3HeDURtUu5aVPU=jH@xOQ#j zGvR)#hAQ74@=#ms=GsHJ`Jg7^5nrCP6! z+{9HXq)blvg~zb9!JT#dA8MsNuc{Y z#p90WRO=LXtMo^WSlX9D9c$4{3MpUJtI?HCHLi0lAZeB^IDm)i0G=^e7L^XLYGAAY zb`21G+z9~1eNa#wBc%Iduo#q-Ss!s7-}zf-m*5btGlL^9+ur>6H)A_vXeu-lnFh<@ zia0zZu6KWEI+`;G@EyPyL4fZ75-=$Y(0~EH0EogM9tXxht0)Dr5`Ln(RO$mxii7ayww+N_)QY;{_$1rCz*iWA-620k}}O<*&q2V1~aunjce%OHQM z47f z=m4ESH@ZQONK_CL#Z{*${{e&@Zev~t@TUen7rY*v2hLY>epO}IpDMTF>Q8hOJu#d_ zp3#~g&0xLb6t2;f9y~#>17?7Ofi*t<7rxI1hXSSt)cnC5Fc-`Nhl7{U{J}E9F9&pr z!O>tPz>VX2(qp-*{nhyD>FD%aFR30+J*9fRJl&b*cP*#`V%kQarbh(4C>$7} z`2!p%Xf4(%fbC!hI1TvrKZEaQf@I_K{WV}GI2*)4GiU*=AOYII55R8F4%GA#$MojE zfqQDNzx1zo80U|TA6LF|R@tJ3=M^6Z|D~5E#9CrdgkvG`VO~P*rhp)dl7EZl8>uk)HpRm+Y_n;unhxX0Cq!%E_H& z=U#Q&VvAXqPNt~JMFCn z;i9tY`zk7)d*7lZTdI$qivG#Se^^E%+>k0spnqmvTwM$krzybl>z33{uC6#^_IEqr zk{KU7Xx5UFs^STYTZ2D__wSoI?L*aN_2qSkzT(vW>J7nFvo1Jnypm6^|H%heUw7&| znoGZWWa)4W0qdg6F`W!1Le*@MrKMH~<35JQ=NB z&X=?3&=o;cq<%Q$hOQNkPr(Cl7qg>Gp%rWwOvT-jHQ2`%zY=tWtgUpix7#yV;uQsT>#7Ql2MW zk1>hWnLKLD(DhX%)NbNin61U2IgHqo zV~dDglBA!kO&MBMLFG-QLBai#uAAffcx*mG&y7N>9intfipL@j6J-!vY zZvjtB>>l67**%_8QT`OS%4~r^64Z{!`}COE178SVGSYbE$mH z4}lo};=+ks3SCcMd? z+8=0z^L8NLM>SXgE&y)>mx9Z{4d5Q|448t>UkWyZec&>14Y(HE2EGfP1Yrdh5ZDf0 z56%M@gPWnVX#JB()Cq`8bHS;g4_pGi1nvQU1}_5d=V_&V5?}!QEBGR~8K~Xn&49Mx z7*Ge!0(-#g!G+*5@F{Q|_$Kf^qjK7N9#EIR7Sw?cf?L3?-~c%GP%JBOKKKOq9Jn3G zj64*q13ln8@CEP_urMSZcpJDL#O6S2kN|DqLhvo{04Rgsjt1hp)u0A6gBEZJ_z&=X z@C0}gyn7yg95Cq!$OmH8@FX}4gkTTo0GEO5!NXuW{4Abs1s8y;!H>ZUVBS&GAG9xI z#RJ#_IzT7r0^Q&o@L_NRxDng}{s0bNgw+h@A}g!FF`#8R`G60DkAUM~{CcnjB)~hs zb)W=cI05v7_kk~gN5QejV8Md7fos5%V5m>;kz)fYp7Mnj@H6?BcHf5?<_kr}M)aeS z(1`b=G+jE#&xm1=vk~u)P@aDTf2^nNnCp^_=BV-!={7?6VeOcwt<9mQ(_wrTdS;_@ zdfdO|_o^)A{9Bgce=4uC+;#sy$>*c!-ZAT$|EV_pYvh}aCfIx<>db7i|JNwnU!11K zL>kp-tR#Z7io$%`hqo(m&^DDjNrg@$=?kcpr zu|4iH<&m92$+i>Q<`SBT*Fo+H7h^GZcaVb0S>gP+Hb>S+D0#YU4oM#P4fq%vDOnx! z6q>22p#&TGt+H)p#FENm8)FtdQI55)S-3IFv>l>6q@Z(O*M`*zn$jt)TS-O_TFmEqSexdnq$-K zNw*t$iyE3&(U^6&i#0w|$Bl&T;KI@{Enmfs8(17=yQCc$i~&iDOVH zhMzHphrFE9*o=+R7murqv)~rdP;*Y2LDC$jxMMF@m2m|wJN=6S;=0tlzlOB9Yt0irskt_ZXy1%@8kcUMcKwC&*zbDx=a_se^*f6>1l1G zSw261snUAArB?GZf|_B~6U|+A5?|C-c~dicmWm`%zMzDo;S}UbQgAM`k!M7)qzgs$ zwfwf3?F6N1f|r%AW?{w8Uf(ICG?H|O_pa=M%R>A(-oq{Zl;ZMA_^*I`KTD`%`Bocz z%6;C$?_+4y26B)bDn_jway`im$wj)?om*57CLRD+3qe^+FYq9gEg~r#y1rpnsMN{7wXFyaG7HM?ysPb?QThA# z)GGnSA7Zv;N{;#;aN(Y(B|n-o+^Y#^RQhyQdAQfna~ICM{OP^waPF{F!m!YBqGHuD`&B{zIx-KNRD1%C&7JP8u5`KUYHc%pR4y!W zX&r$)&kC!8**R#k$I&;tW-wj68|^2ZtlqagDdKi*GIMFm*)F!%tGU`DM#$0H zLSb^1WHiZ|ABwkzN|xOndrMSj<$d#t3?QGqj2gW6MWY*yC^g3GMXKw9n+iTo&sRiW zT*W$oN6`ox8){^um4>qGwR~id@A6V;%%ZWYjY_+)1hPwXV@x%ilOu#YKqFa87IS|1 zJgW`%VZ~?!a7E6Za1%K#qYm0|=1H_sjC6mUVL$oRu(7>7`^Oz+J(E;sRnya)2K zXf?)SXe1ATJQZ4}s}Zevt2DOU8jUT@ucH;;TF0vqwLDTbrt~A}3E0NogWx?zsgX>j z8=c#_ZBe8SDs;L$HC|2C*E}bpifW+|tvK3NntNKw2H4Hrc52X%O{A3^qJikRohQ~B z=EbU_MsYVrm%ql3gL|lh(%(a@1T>Uv^|};xIvLU!e-KVOowO^ULJg>Oez+}seL8tvR$EWfjY_m~j5EkkriQs#cVjL=r5Y)+Vk?kayKe zUQ^=@^EAlYDw?TIgV05sVWaGnkEnw>tHe{$2HxYNHLl*Hv4J$?7f9t*=IASr$a><* zf6_~f)f2mqu&TAKw%<${m9|QtwaaQ1`8>?epfQv9Wep`$3VqaJGvCa6;%lqiVF4hv@gOqU*!a^|y9?Z9#NpvjrFb(dhcS==xZ6eImL(ZP(Vq==X1;>+j|5 z^b#)#kft|z^lOksAxXV_OOh^=juPmpHqodx4yUI7@@vIK%_^7vP)^-UJaLF$gTIAT z)q?VUrP@JWdbP1+LS>R(I4#l(ri;W06_iiyZTw)q^%Vch*QR*#o2#Al2FdHlTm6yb zST?aAmnxjRUpn9|@#i|yvf8Me zrIDA(%BK7$AqlFNzDo|w^QjW(jwDH*57FD|UPmZNl}7O5Q8xB0ZnlM*3a+DzIC zBYQ)X6(yzr*11|MN6{`*>u%tga_*wWt+YrFCGhWYr0au9?#l09PkQhzG|`MjlhaM= zC+*FT^cX3rt|X*Nr}s%jGm~!7sUN+jcN?S+ys-WoE_t)SFigJf!sD%Yxt>3z}mu7p}x{f8`?B4Tf#rghlm>q%YO(N?fEMVzUn zy7Jiez;P<2O6&EVeoG&v($hOEqPKb-d%wv1ze-hpeDTM4=&RgSeyfA1Qwz0x%1YPQ zRk}`IBCQq_f189Gw}=|2laeG?eV^n;Tx(opZ;7P(KE1W1R8l%xR-I-Nlv;lzdFubv z`>CW>jyP#&(nfFlWKzZV=gQms$SSkROPNc}=HWDJF^|~|agFAAEN3h40Ie*oq5fZX zh%}T^Q!0C*rqXMLgX`Tl$x0(nRLViplRT*9toOEe#w0WS_|qjL>M2aCbP~#X6U8VdjQLo+9qqV8LJPmk)VwpM$Y zRc-I@=pC*G+RWe6yqz?dNr-Y)PK}Otl-guhXR~+o#B90Ej$VqZ*~&gQ##G$lxk+x7 z-x8!~iPIMDn1n<$d@EIo{dlQc- z$6NWk@Ry{XrryC5twmL7Y0XC&UzR$08$U{WH&fy!>S}Kwif zmP0?Qzj#t@r1mPI1-x~#9?Q{}*YmOXUb%KVtI;ey@#&ONLdqgkxN_3hytd}6{XDOz z)=0Y2e3Fhruj%knCE`D2wO1X~}dSqgexf zE^r(n+9`p;E4>(_?ik)LNriM(C!@||9fi_udDE=2D69vRG@Bhim9_TMg8fkHFk+4L zeNJ@00J&I?_wcXrUmm;@ufAr%(`&8~$w;<$0i_>`X;7gAYh_|^XxPuwR^CO3QQHFg zj3?0&X7dc42PxwDVzkE}u*!zMjX7?}+nFWsiKI{5+0EMrqtU@6#=j}5p1}HbeN#_5 zobx4BLrZw5lWJ*`;cuUgo@R`AC2+3z)kcJ6ShlK1`n|%aPE}}vTY`_{iI2ezTcdJj zzN1={q`(w>lD7qOf={~8>UquH7+O|QRy~CJ@i_nT97$RwRmT9;TCp=%#eAMrM_U>5 z1;Y5%G1u_@;89iwOr>r+gD;ICq^yi=>t2e{6Mk(@jBw+j4F(I|{sO`K$YBO9A(G|`Wa+eirYX0p}Ob&u>c^;PoY=pAE?wAEW}*KH5%} zvyC{@pDO)SpJv`3*(?1}`#SEdk=GqeaI$rx}<8WiDJ|(hQ2zC zd$KUHz3Y8;Ox|NZS{*)%s`>JV7<&|;qh5=&ts~X1kyjDE!WGcxR(DUDaVOv8t8U>< zu2`@dEF$imypyG?R>>U9^`?SP(5Bhuy3Zul+}>=Por%#l*|mgb%x&iSOzI||=E(Xd z*X)9oB=@}bMbt+g;fv|@M($nISL==W#gyVoXtN0$y(&v-w4y*^Hp4~P=;P-dve#W6 z3|MMwxuGv$YqtDHO?<9>}sTA_&88f-)&}=(l zJd-m8A2S%fc0Cr1ysq_s+uHSPkU9SB8KN;j1_TxR=@p!+UB2zc#{<8!!O47I4Qjv| zPzRKLe*YhN5Ayr}$XZMJ9%K{BE<&-ny(M_jOU%OfB(?tsijG-Ud(KM@*o4Eje{pg1 z`v&~|Qoy`QeqXC>mR)}Tr+?J_pESQLkDEq#8f!LUPuk30{{5f)`#n z`?zRG_>%l#f9>%3eHw=QXmP~-uWF;0$ph*B(e&^C2)GZ5&-0{rzBHew!smUS8mSLm!I0ncJiq68e$R8QM6i{t zT79UM4_X7HHF8>+qo>*jLL>RS&nv&@jn?@2H<IZyy<1%{$*I7`8{upTk?C} zbVn;?^LyUtJsZw@$nSZ>`wH48Df=E)`8{uj`@huhNE5GMWe$Sh1yMpESycxRRoZs_iq&3tx73A7)XJ(e&i4JlzF1hv{ zvK`!J;8z=cFS*A^Z9X>9o$OmShh330hOoUtZ6Ef`J>G66^l0-vHQ3s=Z&>a%EYc&K znG(j>&tInwJj{-MAv3a11!u?lM%^vz6jzSiyJejnJ2x2ZY`Kd_XDnySJ!*|< z5vbI+J^fKV!E;jW9Kn zA>UkT#GUKhBgwU=hHFn;KZ?C#iug2+FL0~1a&ce!te+qpDuHfy<)xH=6WTiQj?@K=;%Ii=df z4x8E18SQLT?eTdwJgI$G7rL``wF7l79WjTJW#4Tx2LBiHJax+DD!xBVKQNE_l#goH zYCq7?IXgz1*}kkJYpPu37e%s{UlzUfB{AAq*3v2P>`Evk%U3lx%XbsZ{ZWh9vAP&8_&DWUiLD@wbc!ou3>{v8{W(C{ zPXMR$tC5f~_UWCQwqLM6qr3}F(g^|SyDa}IqSMH7t$lbu&W_IqjiRgG=u+|fVi(dg z|DKa9rsUW!co#9QU=Q?9vmbD-c6=@>-^d(bYv`{FW{)C&;-YNymGzWMwi3k6ZNo{r zR-glHoM3X2-Xo`|RYAVkAzhOmuF=IJdj8qdr2iKji5meh)_fb7?b;b9E+&D7PGqtLMu} zsgkQcm8RBTDCau9y^0jGr>Eyf5z6+lT2G91v_~Vq6+a|DpIaf`7md2c;fom$t>TV` zAyobEtHtryFvn)3KP#%Ae^Qy2v+CJEIaO+vbOkYu0+sZV8tHuu=)Vx%^(HJc?KnOa zx@X(r{19}tPQ90XW-D5Ba)mf3*RFR3Jnur+Nl%`MK0cNb6$XbxxsgthXyC5)`JPCt zZ6e$}N7Ytpka^<4;bRz~UX85TDXp7HNvGS4bmI9WSB_lo_st(gciIW8I`^}QeDq#y zt~W!cI300zYzJW%Qk~N5BV&Sc~lvdK2L(&@ll$~PA+(bFHAtzP9R>tW( zv8|-4^BZOH>pX%uI!CtfX2OV5G}01xDTXvvsf(=~`p8u$RA@(9OV8fX*BL`f#m=AF zMOu1sm_#C3yVf|q_WkOL+8rqgrRy$T7`D99Odb?^B}F%Itxi9)QOThM@JM= zS_-FgzM8n|+%wKG=hsFwp3X_=wV=*1lKyLVl<9NQzLA_;&?{x=p>3QwsoHEMy)}H(iE*NobgkmL zzGD~nr5kk~gYwe}nikSd#M9GOO0QI^$U)DnKavdUR34osCcm^jSxVjtYbQq3@XdAt zwSGk{sr;?2?L0wooAOi|Ej-b4e*&PDQ71oG%kH9_wBSPJBd%{DjD^3&ZJ~xH~M}9sW)Mx zSzhUYTG=!J-F4DgJ87zIjDM86PRgUm-(g;lz~ zU8ko>UTpoG@nj!9ZuM*8uUfc6J=+diNSv-7%ebv6;v=11sxw1Vy1a&R8h6+Z7^0KW zM!K_~^2(O5Q$Rf*PNaRbBe0}IYaWePMQ8k*#GlMJ)xkK#bdTgya-_CzCzjUC>dZBx zspLtT!B#|-rRg=_uj>5IZBTwIwU_)#2G&yNMt<8VgpzderRbw?k_F?*LPBq(OcRKa zIsx`{$Jsi+OBzn6kjgqa1KLPF*OJP5?$q(W6)m7s$=0Hobh4r7r8ZP<>2e;2TO?sR zi%ObRDJ$=G@|J&EEvAvRwXB_3rSs9GL*#4PM$5@MI-NY5_@-PoW@wG{&^nPz{HVTD zlrY zsB3!?cXkKD|(5}k}`3LX}5_^vltgIA%x93$^x+6PE0Q)Dp#z$WYI5Rj36usxS!T`fJYPx|1H8h1}tfN4MRR=JZ4S!LRDNT=oMBs!hcCp~E=B{uU+Jf+iT zMNRRqXeh2x>ulqQObCu@Qo7 z5z}_%q-&>V+50`}PwJt}8=WRLyV6cg6HlmAreP%$R(kc&qxVA6)z$}1bQW7bbyI0| zo}$%O=SfNS{3*hz=l;pKq%6wX>U1>rXGhgVGNn@iecPy28@R8qYDeWZ-f_0I@;09I z^Gv@c&@z%1=`~q#A-Y36C9aZ9H*`du(&@5QOQ69L+GGi}T;h7c(@0@GaxdNzUv48M zX?pq4Ok>%(naWKRkc_F1l*SQX+sV5+{Zzavzq%i5>%?C>)pwnXrS#MbNZ+Tj_19);>zpvPlkvD@w;qW9 zbz-=Uo23QpBsZO^m`URr(lsuvB8=>Kr6!7qQg*Vr*TkZXuenAm(wOou+E~b1RGQW_ zooZ6zYN;o>FZoD+D%(_4u+|sP$lIcpuOWt7&7T6RF}{9jZL(G-YfQ6?I;YMPR-P*L z2A7I@`awp|jr>wAOd2Jv)}H4QTj{A~S}B)$7^AH5g7ssnojh%(%Z(oDN95z_M<g-R|LNt>stM6`cWi*>bXB5{%C24jW7s|3z z9m-s5&ZoUoULVZ^Y-g;hdul!TibPGxojg*agT_vNoG8kwJUTyFw3W=IETf@%Wil~M zD$*?-i)*%r_}*-m6t{Let})G2lq{d@an(xgXKyU2g=`ep?ku_Vae~f7mxO5ypc<5; zQPe_SPSw}hJE5Y#N}*Iu4kW{SDU~=?{Oeb;ckxTMOsmrqepcyqJeSn;p_vp@JJSud z)lzd%V+kz_+;~-|()rQ9oq{cnQckMz(7r;J+klfP)ol_n725hb^W~XVk~OG4TYZ-F zs_3Hr)y~BAnoBfL8savSnmWQL52Y@hs=Ko6^;_|kpN+>vIh}{Blx6LtMsxlgL#v;( zvLE}4%Hn6~5}iV5I(@v8H``4_{g3WS^2R&47bmLR>WOU3U^cF}HuDr=c}7*5eki1{ zBcE_+rQ1Llg;W{E-vdahud~`#<2&`r8gUPOYIR5tqrOm*Xsff-W@bm~)MbCBy=k3J zo~Xrirn;!EbJI<}Re$x88e54*vdDGzv9!2_PNkpfg{mm4G?&^*w!|7fRS(l=((pPd zS-oNxp2}5(@com{$`pTBAbsK>lR5Qy7FR1Y)JL>XB8~EEiMuyg>h84jOty{IH;W_8 zR#JbYvze8@#>44ny-S+?cwr(IhLury%8K+)jGHR)DsOOQ6K%G-QtaioI7Xuo>kA~2 zl3mqZqZ+g16vim6lg4FH`Eh~i&^?5YV8iVToR_KvFrz);c4`t(%l$425k~r@hl4Pyno_f|ES3;da zZoV+(wwC7_QSXTEn)O%XJPX#RwK#fpI({)5)sOl!JygYMw5=dDZ`*k;mAx%(Eh?yv zqKf?08hM{aEt_~|cAMJ9za=PZLA^%>R8TF|1~z)M(n-c_CAeuB-upCj5mt6I@+*J2qQlWt1M+-cN7E#JjVOAYZeJulWW>NTZ<{M<>V$87?15~rEvYgVdh zTFI@>nYA8DTFoeUj-!sWq39(~hMpP6if+64?Z-jld@mz9x7^pe)73AzUP#qJ7M!e?)c8ZINL%3%g^|r_<9Iz+C~=gyU%z#dylSq!ebvS)Wy)hCUxX-O zqd!To_2z2l9#YY)hB()IOf=q7A8wuk`Qv&hYZDZccHK&7wG?|Lkj{4Q?SL+NE^7MS zg-w5YnU*zVoG2f)TGPga3G!9?qJ}i2Jca9>&Tb-%{N?H)ni$(P@xKjvs7Kij7Zy^I z?R+l*(*2@?-n48aCDBK95PghlzW0{K>~)m3wm6sXolrrkZlN}n5w9wCi0yA)b+abq zJu*GyEstLMb&IEwX^NZ7S~T6El4!19n$<=jYA2;oORlw)XCtjAsgh@1tz?{}vUfl! z**uLrGpgyEMrYzDd3H^*Mk=kebUmdK-PQ84t?b>?_3pb;Fgr)HFGK646Yso#R65x6 zRJx6(F_Zd(Zg^9AR`i}gJXtj=o%EjgQ2Coxp)8dv((ZUBen4&;&{$3qPCKiTGs~VL6LV>GH#qDeI^gB=J~Dn@p>=4Rnu(|^M3R= z9nnEd8wDDN+Wc8vR5Ne=C@-~;y|Ez~SI?P%3nd@2#Lwl9=x?>{ByFWPNE>>NGktCv z)2J{x`Alhv8?8r|-qd)?^r>u(wY0W)(0F%vN(t9@+BickrSVE9c`F~aowUDrQhG@x z=ykpLCYPi1iu@ue+qj;*rL#@9_VYxub1I|Bu;rsvY&>a}mNbv?jlwAxozAYYptw?f zq1TR9D#e%8p{wM|o{MVgsVbq})t-Ojaa)qPW))N}-jf-q+&$W!V&JYw?(TQA%4{MWvNjSY9Pb_Eh*ZHGg+H z+E24x=0DY}jVxw)QtK$cYSRw~%g-Yosv`xH1EZgGj`W;az|ylRzl5}odTH^7+1`E} zD4W?zC;CsI%|uzVu($GkFSYk~OrI$YX*0Fepre&(9`kXktxcy|ynagRIneW~jeRvk zYkf(H%R%(f%v$;wOye%`K)3UXtG)XvzdVBC9(g@%e#a~Yd6{Ho$}%wNG!5G6a?+`t zvRzDK?SxC&U(%<#mvGjfdQ<5U^PSEhuidU4m9yzE)lV8%l#)g^$?)@&+BInf&!#vT zA0(FXm1&4Z;;0XnuG&PpOB{EIzDh-{XDOSut8n(I>L3mlKYIOE9&w;#ejTN^@$#YY zh-xwxO)5TAz8b5@no_@EQe|x~3u=(|&{#+Fn{ROc70&*W=1-uz7BkBs9#jq0Begr- zs9FCe>TR>2($%swHf+c8cqGA_XdjwDvR`?=wdW9->>IQlV0(F^7fu1(}x+-NO`EVU+hq7DsV7JzzbXR%mFXVm?dtxHi60ZjuMy$5#%x#nIue^bFHkQG}u>*Lh0)~W_d$x0E;RO@UzZvUC_ zUa_N~`i(Y5r9ULK7m_R4Z{=PKrOUmNU2l9!JE%@J<~Kj6*Rg7W80+ZleWPo$u142e zEu*iPJ=>)-E4-SkR*&CG+PCsuwAh?;O|ZQ+lWn!E)^Mk(t=Oyl15l zpQVH^ZI$=$pz-ik-W9BlUKY+oXUUT8qK$^0MWlGy%c`~Ax3IRmh%(O!SMrufakPR? z3uGV)Ky7x~fa@8B2@}WEv=xq=Ct@kY+DIMtUB2GU&^o~q z-eC0<(Hmn^d4K8&t`)(Lf`=%@zS#Y4m3gsym(13g7rHkXZCoztls1rTn4VT&qy9AA z5)==~W|EHVck91wEV&MjHj8{@9j!jx#+Dk(i|aL~Vttiq4&^LcL!M;WJ)-yquDxh! zS)7WaHEL$N$@c1m>t!ieD6`l#_bus_r^?1FUD!gkgfowao=ft?@ivmwm_y^&jofb` z?o{{9)}M(Y>KB#w@E%3039WCH2UfWnb-Y&9J4kneyBuF$#M*hiXFN4Lh5XdMr_jd~ z1{d)To3;0+$VqQ3e8aW#A)#7(YFI=W?sPmY?$#TX54%uLz(wn!M;+z0Rzm9AS_)%RQ1)y@A{=)_z73OQ;^I@;RCg$S!lRT@{a=o?M;Bvafal}~O=6xc1oA*)pVDz_ne?aO9IO>$(Dtf8x zn(nhMoOth7Im78~UMuS_$zOf6tf9;m&>wX*%H4~^f;)nXbJE4XUpe~QymyhG-i}&C ziZipcgu>)5(OqcQ8{n@3c;rp)`g`o)(cX2mw|Q?NyzDxAi}#*LPh{_jwKqWS@{Im2 zseg<2F3PL7c*UuDi&t0a^z3hV`rNZ~zkf5;^7u|LB|I7aUg&c1Z}DDFUeBBc$erl;k!2(oSAL3^qj8(PEtacobG?IOv0vI-y!M985l~u`_p~Z=ZJMH0u6Kq+ zkyEl#B-dNKl4nnmTy3m3r*m`IXq^4-m{QQY15>bteJ$W23Zy+0Ix8IrOs9$Yq1p!G-qDvig~qY8U^Aw1?Wox$I$u&utHXJ$l#i z2HLL?`i%8m#;-^9l;tS@rp;{m@tFG0Bgo!csn1@)=qpKGjllezrE-?9PB!}tymy*~kuPyEkYCq4va)qGs_JrnK+WW8O|@no>)aT#3mJ|( z+uFR8TGy%B5Bb_AIzPR8xYK3}{o87K zJGvLDXjVgWcYglKe0cJR$y=71-S_JiQ!@sdw@QtArE@ekmhWBjfm&CfR+sE6NMIq%P|A1QC)|cq5CFNu@34ZnWkx*WvXi-DYGUrhJdNV(FsCOBZuga}< zF+P#*(EODAd-A$#c3=KQjl1nF5>d%UIB@e1|~V67*MsaCaR z>kaO3q2&v@CpbPFA9)GB;_k{nHW-|bU4BrG()#hO=(FG14byX2A>V~RMbEY%_2%j{ zN}tQycr`j%ab!XIofJMDjP>INi(6wFE)pz_vNH*hHBHY z5h$k_V`%^{yYeqfmq{YU-&(^f$(0}7&l5>Hyb>9!e^RakXKCeR|%-R4t=aO5R+XUl(wYS z-sh0y#L?r@DVFDCs5ErOU%8nlPkCrIJ~b1r`Dd;FmF|}QD01m&9lFh0rOIn7R?L&v zi5`=z+Z$yYh^so3I4vZNr}>X6w6|JHxvLk{Jgju8)`F_v2;n8Ios;BiHMUyPym8hh zqDJbe=3NG{Q&V?rHbkvwtMf!Nuf19vt)zd8oW9hP!!l&S-Vu5!pYxEazx@9SM%XER zQ|#JJZK8K0)R*YHUk{=ghB{X(Yw<=xS-&J+O1({J{!7i{cR*v~H@!cs`CoC7dR;#c zWIc*j@22KqjR$S+$iMrdHuUW#sT)M|NRx|uM00Vi&Blmd6++KabAejdYww@>HxA@~ z*6JCJ!K5K=MT%eF;AhtNIGychuf*rRm$A2JjLZGXGP5@z!@og4MW$SxtSjbc$(z>zCv3lX`sf zj%z+HWp|i;SA$%tC)V7ND5Z6#KD?){w1DWRH5KAD@9kGRo37K`fp*hT9SdpkW@5}D zU28|Z;n6}!t&o#0uo+Ovxa^1FCwghEMXH>h60#Wmn~>#DS~@MHrPRt=ajiLlvFEsi z9(gU=Q>(#if#{^SYh@D^lK&QZ6|LD&zaW`WDOz|YJGl#*rI%3i=UUA-smIZbisp?)dE-Fw zR3kA&MZF=ZHOS&!>$_A((NybY)MqFy>%-#6WO{CrPjR;G<|5u4A5lXzQXG}SG`_7m z?;*^f>!D6y>yv!`945Pi2l9 zY{j#!$nn}h{j6UXnEAxsO|iE*L{)nmV6UT{%~zBXSFNx7Z2V}uKi!ISZgKorLoBto z`qdujX)|8ZROx-H_*+sd4o&Yf^(Jn%Ia1ka1;lz9Nx7Rg+2LqmDP^1Y`2%)g?(z83 zw8?n5WGgAlD#)B+_?ojUWk=5rJIHqmwa^T!uJUZ?Iw`tNkFMHTM)zk&*TbUg;nDSo z=z3^$)!I~rUlLvCMAtRZwKlp+Ybe}?=&HS8^t(Q~HbvJ%qU%}FRXe9B+-s2j-LP3#4+mQWSfbbr=S6)J*0c=Jr=FSG#U5YA}yr%chlc`sX>m!RekiK(igU> z*pL2vE*qVN=xqkQ`D#|NEKa?TX8B}#54@deYt^Jhrn=rvsn|*yNv40ZT+gjX)=Jvc z9tqMp(oEDAJX|1KL4>LQ~WZXO&8bxRotk(RUU_wCM|V9Uc!M{Aiwhr86GAP(@!Ne)k&RuNKnyO%|g1F|F~Q4^5}R zRqD6Yo2#$Y9-bjPyVes{y`^-t>A)l41#!J!^Q0cj!iYP1k*Y>gQok(zkgl_pJH}zk zQ&08Im+w!NujEZVwt7aD+rPo%?M?G#=}mHt6n2w~!Wc&?j?cx*wnnEaLlLcH?>K4P zU}H7w4UCJm&P}B;+tT*aP){wrpf_sQ0-vVd-b(M2y#*<6mG(VSx*A`K-qH}JSM1#q z1g{6@gZ~HK2`&cj2UF%uJ@CH$Qx4H5Ke1#2_&s1f zQ4o9vd;xqJJQoXsSV0iH8+;PHt}qDpf%k)tgHM33fYXbDU?=zn_z8Ghc@TUMTsuAp zZUuWPf}j_CcR~<60A@`Lf+Im?RS--A%fa#BM6eFL8YI9!fs4V%!Dqntz+K>R@H}`C zR7@s4a1?mYlpy#l_&T@&8~}$+C9UZ}&<8F79|HG*--3BFs5kf~_&zw{;2>BHnn4fP z2i^eQ1>Ot(3w#kg1;!l`1Y5xla4vWYxDnh2?gGz(aWknSm;vU42f=T^;#uSi)__yN ze(+ZCK5#j>6Wj$J00?04EATYe2Uml;mIT2s!K2_$0Ob&j1C8J;@YdzDC%ES5Aovlu3p@(K zl|irweD|0jxCh)19t01ACqUD&LGTC|$2cdCvC?214G;vo;1l6<5q{29cm+J+`Q|jf zUjjVe{5#(pp||KR#6b_}2Ls?{a0mDicnJIosC^32Z`m=9r{jV{fUc?k0|yW-?A6rV zq%@Z8bYWwgvv{TvQyk09G}TVDs65$y?CvV-M0WKFXfV^+(zGYgljz-X^~*_u>2g~} zPj_s-PPA9Po$|bwm#4grFuzy_Ba6H)&-YJ%y*^j_8{6LjMh2OGdPBqh4on>SAH#CV z{!D2eh@Pik3MU1@#JAjDQ1zB&f1Y+zaS*$`prpH+Y*t_ZSc1Mdsc2av1w^vo!y}c9 zkkhKtz-6X*%4}#XUt6EGuc7~aAmcCfRO!TmvZ7c)X>ee5;r>|gdqxRDc*?0Oz7+dX zOyBkAudDGATwHj1LBX=940kZJxf8TtYRde4FOUiP9q>}j&+lVa-VPoB4+5E*zXlJ3 z)d5~6K5BwX-=V^+4*u;#`~4yJyC(SF$@cs5==bhZ?DsFC-#?6gPk5)|*97lgZO>;! zzyBlpJvaJ2zs8;)<$kXY*16xSgX{O&{Y%fW>&htnd!zfuMB%^eey?;0n7r4Q zTnyz33Q7u#i;4>h8T=;sQAJBO?RLye8M`uRw{n$JKyCmz3cComigXHs0vu4OKR74- zZ@+#t;U<&&LKBq?A}#mvB}E1L%bI(QGjr9QGsw0$={co1i02U_;JB3$FUOqB>lVtH z%x~1VsoF9KW!Uh#(hC?~-(C;|yIt~=7M{^I{tvC|X8v&dTc>EW89dLZXaC{=r}=b# z6$Njer2PD!4z5d;?2(M}`Y`$H*eGyC$#vsC&ns8^gF_*F6-ysmiHOJt_amEQ|C@(H zVhFSInilc6Xtw#$R?tk6Q7ySIP%@=*+ zS6}V9=!H|ix_9B4$L`#G-_N(6+_~_=pTG9L#}eQA%GcNLysG1a4?VJOPRA2>{rdU; zeARhho&Lk>DW~0C{DJx>-@K#v(no&waL@VYe&{!E+8ciM*^;V{e*Clh6XR|xtbg#Z z-|xEceP90C8Eej}dEv_64t(XN8CP`8J7!DQV>_q4>EsW;@wgj{Kl|g0-cj|H*L-^U zGoN_jd!_epc>m7}rY<`1;9sxl`o!nfT(`cgZOQ|mKXS_@_a3`$%crKld)sIJ^`e4H zKl!@5kFGyz^{+RLYdPWVk1ss>p>>N^cOHMvh6#t?X`W+0{*~v`W`=d&=BXCL1Tnm| zMTq&M?p_hT>GJ5Ct@FB$#;s$8Rw1Kw?bEOQH03+BJv(e|pT_PQy(?u~t+levzm;@1 zvE-%JI;`2@*x%Or1+j*{t#w6kKc%y`z|z-uy_9sH9g?n3&%dqpQp-7cNP45c=cTtS za?SU}-0Y#&qV?cGQ@0@xM&_Jf7ir{9MQ_diB6>^g!4cjPd#Ux*>g4qH7`>i4M{r27NFQdfTT$RVF^mo>2wyzMt2|rLelB(EYKU>9YSzKP-I32WD(bKK><-&L}A2n z0YpR)kxkTy3kb3Zq5)(PA^-2^e(UC~>U32#&df8v=l{@oPTs0|-}f%(p6#A{?zxm$ ze2?4fiV9q%6-2n^>so;;z817B^wTHa{I2NguAg$0zEeWU2K;ICG3{%?>@h5HtzFd z=k9N{cD1^QwDRdzSBu6Idnhu7vD z!5R71Z%)j{0gpVQV6r%MzTdYq`D!rXg> z`{d9-KbN(-gJjTDwULao^(xERco)d&LvGSV!VD3qyXK-(h|wbkBj)G?Uta%18acX; z+ADK&he}yy?~`mCq2E@AmB%z!Ta3gewu*>QqDvg1xLDtb!go|4d3uT2aHOyIJ`uM; z7XDhzmAu1&+8y`gelo(|RmQnR9g+jYImUP-XW`m6d<({IGC5oHWEduMbvy^whs zDc~I!`H^Fe(epTPk`rSLPaq?Z3&)4CWVGT=thjpxS%+_@kp794;5|oWH0X(rRc*yQ+Zpd`=_bJ>FFo=@_^`KblD=6E4md<$n;7k;3Yv% z#yqEeNf7e&(mH1U;LP0JsFwFgcQTVl9!4qTI8668W;P^Ru~5SlY7)lA6a*F>f5T27 z%XRNkvIHrV9NTAOk8z~L>@zAv{Bq6-d#J~1Z1SU{o&9!!u-+>DNCsyj_}M=j+Y{qZ zp_o{nGx}QVIN~3=Vcf{bYg!p5{8BsZcOSq`t*{kKrk>bWWZh!5f=F*h+8j=ad?Tt8 z46`pc)i=;RG>0}%bszcIDFxcJjK-=X%NM1Q!4FC6ofABXMxcyFm0gIN?XeQ|IXvgR zT(sHzLhdl{&~oPRy|u{cGs0rcZm%^j6HZfS`h4Q?oc^srTh~a>vGZWNDubCH0UX~mpZ_) z?JQ?ECCe;w(l!Zoc)WL1JBhbtEEq3a)$E&b%vap?PM@(hkYMHzYNe)_qnR`7=rh{M z)}FN()|%fX)~!3td3ksH+R(<-S1mh;Ec?U~g9U2IpQ#NFQ~}pf8z-3UtdW2hz&)}E z9gSTFhAo}^%al+9_sJ&Rrt)11Bg0NG#sxcPU>H&G!Y_{DhpX9Z#M_pxoLJbQ7;{RY zKkPBIE$mo4>oT$c(9VH+my;HeVfBhZ_l`u|mw+szpW2MSBkI+?GzTx@Ub3v^Gd9l>g} zr3amkE%PK6AYWd?O82LT7GDxw_g&)V~2JzdV5f{zI<6MS6o3Be}?pAvjp@EO5>2tF(LoZ$02!Yjm~XD}t{Iz9zUvaIN4v!S#Z#3vLj6L-0+(je?s5>`(fZ;AX+M1^*@Zj^Mk3 z?+LyyxJ7WQ;5NYz1h)%*D0s6VcJ8fzd01tn{br5^NUyTJVVAH-g^^ekb_7 z;8DS2fOqu@!wQ-Y@j&j|h`cvkS7;Ln2R1%DCzRj@_yg5X8LOM<@%UKYF} zcvbM4;O~Oh1^*DdA$U`;RUk4K1;p5f7XlB}>8(x5|I_~%jH%heHGe4lChgUX<=*vA zmV2w-%a0|9<;55bx3heN0g|NDN`QRP@?n#)jm%bOW~OEj*0nM@BD;OoT-Qltfpae2 zSy3#afNYY|0GS!debVm5rDDv*L;a;A3MjF7L;+dt$Z!pBzp5Hj&w6itw@l?s74IP> z`jb7EEN^)1?-NawU)SF)J5_q7F|#UjeVFSM+XMeAwV@^C;`>R-=kUn8t+y9lcgm{H z(ql~f$7TOi5-)K*uzdDh(MZ{~K%OZ@bx_(P$)zC%J>>d+qeJ@Km~8<<}@<7Tq&54{FwA&SBjf3NF3w9cwSn4ROWObxh1| z$*o{hOI&@vR(1WRf-Jh<6UUTV3x#7QWQ(nZmRe!FNpF^;I%iuhHO8e@pJT3O?1gFS z#US}Y(v_6HbASI)&ra2jX=6U(%B#aEuF7HLx0>5vVPXd|$4M>jQft8Qb;L-iHQ)() zt~7;}qwu@+{`M=c{_Cs@NB%4jM!5xD?a-pYwiHuPb2;~ z&4e>I_6|5KH?Ntfcgs_DMq}o6_r4`nsrG}B;_YV^WL=Wc7-KEX63reW3}H7x1$)RJ zfX}f%@d7#xMKa_#(GS_X?D?tGn326JW^gQR)lovRNV_V{-Uo;Zu24Gbs6-XBVdxmA3oPx)-qS81+t zZJBJ-ujSg;Hw8HA6I##xT57 ztT=jg48MqFFS+BmgAad@I3IuSY2v2+bRYT3iVI$M$1RfO1&{H@@Z88=t2TveCBwug z_~KUUZQjBEkLQyU!Z;tB^SU|Hb#U-$vGK}UkMjnJQNhMWW8f{1cX(%r{<(xjx??+g zk)Ehk>sj9*zw!dznH1{4>rGvAll?_c!v$m27JPiHqP-`Xt^fBDkV}|46|xGDE< zFO3=VT-HZ;W11u`_ou0(5xVj}WwN5-%+8d$SBdhte}JBMzUTRB+dTQH$hXJ)S=AS7 ztCaT*Kjk3#;(S^dILr#G|8u=KLc2>2D=2?Lu7B~4&pvg{^pgyLw3?Pq*PF(`2x&=X zdS4XquTpl_xw6bEL|Nm6cl*4zpB3#QSdJnd~FX z_2p4#eS$dKQ5rS!o$Vd4+N>TF?%CL<#LPX;P_GlOdCtHYSKc(ZeMzH3J4*S(Czg?& zjz%R0l8kH<%2=&qgN#^}IZn^+U!oVr7*WB8iFYeynUuzu&j2KH8T!tT8=KTi9;K^p zNDOCMuaOKPCoXGU$SydU%#mJatO+#1IvO>`+ySPyGFVV_0S`j=J z3i;=#OP`dzP&GG6u8_lhsp9YG4JZ1}(I-~J!4$HVcTW>FFlwAeY~4W~Q{)nn7Su;H zp`Ubg5O>KXLn&ia1NW?t;2h_;2QRDva_1n`&9hDF<@WJTUWak!n3#nhiARQYG2(7wPS@RQjAyADq;xaVaeM z`0y*4L;XA0aZJ)8-Eq_e=LvXJ;TJTybtJ3eI|(;+fxc=*9cW2Tw}#TuSf;jypfxz3 zJ!ax%EaASIp!uPW!nJVD<7P~-Nw7H>!$^nZM`g{O6@S**ZK2+5X&C; z6G=la)`z;_e`tzPa@jE=V#qeR2fta$5DU3fm|vo2;a_-QuKHac-h~_Cbm$WN@Cjb9 z6;-LHIT4=h!fEzu=X)fUfpOu)bgYvTgg^Lmu1cA&Uz9pu-&W|irTQ(+^T=3HTRxvR zidx_>a+)JqDVe(0t8V<$$UjFaFtR*FX5lC&h+OlT6zSQ_bJgyAsgeIQ(Fx!V-3eyR zWBGND(!20HXI8_@y~mj73C`oNbfkaK53$PWxGd0T?~S21rd|3?ZP8{WZ?pN>x?^6z z0@?-45**)Z&OA(+1=3G2R{%g&e``$&#K?fTN6W zB77Y6h$O>Qf0is?+=o=Ff!CS z&Js3lJsP^a7DCQj2aO7ny+?hcwP}RB=d|cwB!B+>cxTWyUc}mJ3pkE(&~<@c!FHjn zU#8!AmT{yuG6M4p@?>eK$9(RSG_X{nEbyG$l8bos$h987RHkF=3=|HkH5S$CWp&Vk zoSsfTUuX-uTpDV`FB2)tF@)5XT24>{QDK&^SZVMtwpW$pHC&ACg685a&iD3g94&yn zPxpkt!O##=kyvx&8)f)BcjsrebhqRq(hF_DE*zw$byTWP%|WJzG)9+f_Kc%x9NtB~ zK>zHX@Vpr*;C)C$m?4o;9M`CYrqVHbhGIJGTW@jcN zFSdw1HH>i_&$IM4~Mh{;R*hZRSwPNuwcS<8uYl1~VEIIb8Ga5(BsJC3%L2p9eg_e%rwQY)Cv(1uH zt21v~u5vPh+lM_)uNXh#pv~2u#jOuIml!A{0rLd*hrnUX0qDU{=?O+C@+rE`d&0m! zt)Nu%0d}rW_=-8e>-7X_)X zup@w0P!m0llpA#gmK!IFIKJBZoT9F?cgRwSnFIWV&O#D`7xb&+gQMgE2R?5ga!s9{ zp$;$y_Mt*7d%pAjBGv5q7(5<#v0?3`v$+^g>i#j)j&pyw5_R(%TqZ+PelF1=_kKhxo*Bb(@uLn;pRAB7$pk>jF``{BI6y) zgAwv7V|O8s>>=z?&6Gu6^alNEe8TPSJF^;Fa*l!r)9kvyqKfkZ%TS+6!srkWgztEs zdg0x-*uQle$p!j4u+tiE=Gc;O@wZLe_to2xn zo;|vC@E8;j`%i7qO7v>Q)4R}&E*0B^{RA~C*V>%jG2ZJyo0(NoHe3ZRkxo#tPtIYi z?J>9Q1x?Z`P9ZWyGK&JI(SjN!%MZ>(LopgPy1!0Z5Gx05P^rGd1Ea(L3-v_b^FG!{ zQhmQXyie<}-o|Yw&29V9gLbtG?#FiIOsR$X-_mKZeqq*4tB|8;T1#f;k2h{X(i4k_@!HKxi{1VHK6BO6t#;k^31hCC3FOwu|F=AtbN^ur#vID z9<2$updMC+khpju>4SIN(eJoFo+#30(Fo6Avw9xSeV&4%te@Aa74>?mRkVlC(H_9m zV}maO&UZWDU~6;6xl^UEssZIfPtYUtEo2~eE@O*yWmVQb4^I4o?%CH>tIze4uZzQd zut^J`7R%4b(^x~MM10gpCbXz!AmxJ%BqW}~`9Wqk=o$RwXov>Q?HcrNsqleDSuQH9 z3|!ZsSr9qijR$sG)vF}%Lm$A8u@<#A5|fj-?Axi4^@3H{7)o8N-i*l6DsTI&ExhWs zCh#7arlRH1CA|*+b5dnKHQ8FU?4TvA^&?rWSr{iu;B2H?wP&H;hO2y6%;;2DMOGHapKF9**Sx_z1N&g#zSv)u9Ix@^Ug0_;_^{={JlHejwPBUI*ceY%ZIQC8 z)LVE3T8w^#zRqVN(+cHV8e5a*k7~XxV($lMCeR~%yYQJQ)E?HlT+hHj{s=jX2s~~s z$6v~rw~OOA%Z~A-w`qQr)MsOP4uzx38J8W@=IE`rKgSv!xk+D2(cPk|QSnaa^lvNun<|S%Ho!U=tdL+esUf*c_h806UjXz`#a?U%y zk+V<(whfq|Hq(Y}?>G-+uIJX#XYV+T7WNX=xH0D!p?B#XU!)mhMZ#tNXEf~Nw4Q{f z?N8||zlrC*sV*Vn6kIjwoz{Xm81pV@pd)z2t&2wpAK(>xHro04IT$gYDvV`d?z9AL z)BD)$Xl*EhHaZsz_80P$-#8K2+7vlr-|0@OEA9%0{`{_2mY9Db@y!{GnWF`kDI(_> zNh)|`(>A)Ygg_sogOOF<9Se2PdrD#Ss`bCU(ahLA=f>{h#IRJpaZ)Jwg6G+R?fEi0 zIcZ^kBq?-Az06h6|41xzmFXD$vq|Ft-dNu}JNz3S>@OrgbEGL@?{S=OBjb^ctdcdT z-}bIBD%NJu3Y5m^6y8Uo;nlDdwmzdR$V2dA-n8#G(x$l=8i2#1=g9Jq`I@Z)b~7{o zWggrhny3>_!I5L_;BP*=)rEVa-9lCXnJW#GO=5gQbJWc&6aReL6Z2v8!a|GC4o_iY zM|}pJVQEkzvLD=22GR^1z_qqWsK>nQ-R%C|RF%;vCMk zdtP1z_K;nrT1!XH-&t|Bc*SwE@tvBt5GVhJW_$V3?ipo9b1q6pvfm?Z(xldvj$~)Y zFVcZNdCtFmlw3yMcJDX3xo9*xyIRUe%&rRMOvqlRE79ZkXfAz^K7)&6)b~ZgEAp9@ zBruJi5zDS8@vfO-(XzyF|0C?dsMJ_IqMozoxK8^?iF*Bx_Pp}M*VV$e7UlhC;duKf z@8OAJx3l>TrU@u9qu zu-n7m*>CX|eP-_!_t>NIShzkI;@XMJXKw~^f&;ZjG-8AuW8<`cYKyMJlZUnQv`S?> z8lubxgk5=#Gp`Ig7(FkCJCO$PhUGLK4Q6WjmLN2Q&4i5X3GrXZ0Hkz{=nIRyZyBA= zEt$(BCs|XmzQH!cw}UN%C4&9zI}3Cr=Lr@k&k&<#+YQ^REl8=+VO|Zd)25iW15cIb zD@3Q%s*TJwkll4E2kDJmL@P5JW&XNQzc+~<$AwRhKLaD^Me5#OqYzDK-HHbmN;Y<) zRAmp+gM!V0E-%uqHujm1%g$1LjPESzm`d%mo{$^wYg7|E7H$pWyi1nR9+$0B8y*Za z4Rx~*^y%=_7EzJ2p#MhP%`Tl=#aGY21=;e1-pZFPwCNhrQ!Mux-T!CGy{%Wdu{?I} zq~&=%7I}>3_Z%YntDNOvuWUJKvsuv@?CRYt3O`s^$yw1ztZ!XGed(^=m&1Am6xMr( z+?LS3S>nv+L_zaXte-!06QO#P+ze^4SG#=dHUpBc6CyLo>SD55{RdAHI@orXo*~JT`vWu5%>0P|B_TtnZcc!|IyOXh5=b@&SxQq98)%A*^ z*bfoSl-|V)hdd}5-#3qxqRMOZW;tr}Zn08hTWSxE-(I6W#EAUznD-8weT54!A8|D# zjA@FiQdSTcnN<`crFQYc&k-Y78O3;zoztZ$z8qy=nxTZ=`IG%?|9e?{7jN9T8+98y zcb}IYbzX*-#fP(G0eUYk6c+d5#ulWu`a`nSOWWv;+NnQQ_EU>=G1l~NDoR_^jp}bepqGqwu?*I!#rQw9=;{F z*YOUGU%l|t-@S~tke8PDj4%B;NOISf8RUUO7p#4$C$VIv9#frS^?Zx$+ z0~F_Tqmi{_N&vuf?4r%P)Aym!o+;+iE^48A&S_MPOt zV-*Hp;uHaXU3+A)b(vLphZY`VVyanrtP68YG8Q)m+uB}A;yPIs!rx2w@^p8Dy%fv> zV~O@3;k_@ME08VG`woZF^dvl_f@aUM^6gL7lDuH*SRzDoMSyw)ps z;FH}x+_#Sizdn6#7Y%|#$3ZO7^X@5_p%(lDjJD%T*tNundnF-8fA1&EGm8cr+$&r| zjqzr2?U20;)JwY=7t;x{gY_wVro`LfpYz%-*aPQa$usiilCy{3iSChIoaORRQTcOf z?wJEsad%kCQ5`z=x9 zRmvIQQk`O0+i4Z^6$w!EV^GgcWkH=o5VA zpS3bx6kW>Oc%5W2?_fd3ObXX#``e~#v-Y9km(6BN;XS`6l)pfUq+U}kGjQ2(Em1!38KqANGR1Z7 zAT0G>@n<$~PabvPvrSjRS$}3VoD~=3M^$J$D-m9`O55w`0(B*!fA@ggqB;dNk; zLP$Jh?-)sMBoVa}v%)$oGL=|R^hQ>+MC=@#Pc$}C-rhKm3D`*QvhG6W_w*O9*D!jH z&I4yrdNl=HA%DraX$4cJp&b?b>ljaH45vZ={l@w&}&C=?+arX z#|^IAB*}v$hkC#{IQ41_^vV<5OV-GLq?;tr#=9NLP31AN%n^X5n^b>!KVRx6ga@&I(1;Df3eg}~HeHhaV1aciY#UZfp+GdW zEg|FsPZPK3I5+Pyv{gJ;B@mm027~q}(SC9)F0UI#EXVc8x%wU1z^GWua>fol8yP&< zZkM&QBNyD`fm+q%lgk;P@wZ-X6g{Ew?Hy-5F10&s-_=Mrp^34|z!W*PZQA zt;Tw(`3#N2ii*$SU~LBqgr-=_2aD{GBnBDUMMtr&iiOB%4A!S9;WujF_rhJ9@F$e* zY%b8|upBnP5%16nD1M;s(Z)_)H)-9MwPh%QHDuHHM74==HGg=Gxi-i#bgL~<*8Df9 zRY;6(J?mJ5Hnl2$44|dL(y?dLSdzFJj6PvUd+%B-1?UY?D}LHot5P|R-Wwn23tIPF zA^wi^1am}2I%WnrRXA^OoR%YUqBKCy#<;-3JKmeZ3aTm3y8$)^+*u8^{vq- z_>Qb5_lP?e2YRf@jW>F=Q)A*4FCj1! z9Su=@-RC9Qg{9}?FKbMOiAt8Jw?|8Uv-d?x=4*Oj>|E5dxoKg1P_pKDw0N?Z%y8E>xGmt1>t*T&p+WA1up z?s`Pl&($k?DbK$zcU_fn+@2{334xBoHiMeSN&+H1kUdD&)1)EMGoH6137~r{Ec7Oy z(NJh@+Y8;&p*-cN;yC+@wJelf3GG>HvGdhdF%~EL(OgfV_aNGtj#Wd7j0@V1QXENx zOo=EhaD13EBbdkS(O?!q6fFB!u^kvM_T1Bc z`tQ>Tu(0B8OT4x4=gwLCzVMR$Uew&B{O;xQwbcaLkNMj0ibM;s_ZsGYdXk+<@F6|0 z%txBFh~~yCqxNdWx*V*2lliN7IU`Hn_1neeL!~@xf7fhuhcGhR`*!!*(=&DOakE;r zT&+uOB6}{dgw7OhnJF+EeF&kK=Dqg43E3$`Es6o${8lPz*%R|dzAPwT8Q}@ z79tve81IR~>3C5UdJAoit|ewDtIV#@3>p*}ZE3o%XaTB^F;8eLKLd4iiK`q5X9`Ew z*(YWSqfSPQJzr6uQZLdOjg4k3JfqF_rhQrLB**KtPPJgOnId^7))ILe8x-51N~7dG zPRtuT2evja6?@-n%vj=l8fa?d0y}Ew3Syb;-paS!q6LY!Dm_=wb_o)~a>aW~=&|?L zz?o=1a1AfHo#4RsZ;#TTzgO@+!3PB7wKhb759 zg42d4NtfW>k;)4%m@q0y_7jX4lO*E>(*#EdjugxjoGfS&d`NJy;0nR@f}aUC3;rs2 zUGS!0_zo&haDd=rW0gN&aEss$!B)W@<5bp;NzyI2MDSU`?*z{Z_TEYT7W_bPpJ3+B zNitioTF@ytQ*gH6qk_u>-xPdX@SP3!l4QAHST;$< z0DC3Lj)MCHj|nc`S7!-;8DTjf~N&r1PzBN&%a=h<~eUe ze{nEK1CS(ZMJK?GIrzPf^>vW0{1Z>;w-gR zN}}S`?pCH(EER0*nUZFf-$>n=(kkpDM@JJY<$a9y!}%;O>f@BInVO}te~IYVbpH{1 zrtl1KA5S^8VSiz3AvMVbXRj#hG~BV~@EK`SrS%SbyH6Ugx5w#i+Qa|wHb1>BBk;?- zEz7Oh-quh5J35zK$Nt-@Swi6-yEXi`byV+v8CfsI?@?wr9V+)syi|@(l2PZ~Uoqyq zsc($Gb3l^0zhYp=BvmtA27n8U&55tbR4VpTqL=*m_Ad?W=MlUpLF&|B(Cs^W6857xI2ha_MZ}-zoR~hTQkP za^EM``2GRm`|M<1?t3^5PPfiGgZs0S+c)~T&xG%K=%X(Gce(H938-ryHn6IKzoNC*1hW|RuL-)}$*-x;7B5gM zTZ7{gbG%9I+*V)NchlZ#0;}o9>4X1GQ}g>Pl4M;#$mj!4STp*i=6SpReEIp~v|&N6 z0L_@rnUcuizN5ZXB_AA3eesV&4^vz|Q_$Y{%-h%gVc@EPw+*^Uhv1!)>^@a)2Zc>G z>qUu($`?Hxj(aYt2{a3Z>P6BY4dxfrlFU2*j2BdFzLl(y6*qZQ%w^Z{^KY2zj@`F z3oo5=$q^0roY{5C*oVIO#CMzSIPK{APaQg-`}A+m`_xlk-~GX1Z3C|V)Z@2|_;A&` zKX~u-Z~yI{H=p|B=w&~x`rfbqxZney|N5X8FMs2YtE+Z@;p(*yWG`KQ$=;`b=-7py z-t(i!p7^Vp0sryhw2@!gbx=d{u`ljCe9R|5J8s}FE*d>~@rQr)uYY{zkQZOs+PbXf z+4~{;$V#|jYpLg=FK5_HCzn?$+Yk#`>n9d)5&mq^{k7ItK0bA>a%}%%YhqyaOIfC#(#h6gL7|s{F@to_Uwl*`f0^JCrmo| z=q1m#f8^ew4}bEc$AZwb#jeq_&#m~yhesUy*S0^rWBD&v{-I&y1=m;Ko_x0R=2w1r|L4AY zapo(Jz3;9)Cf)tMyLS0`X8bp+ep~aQ3AHyKd-)?UgL6aQz}5-vzth^Jv`}EmQWsaG!HCi@y1#n&+0^^|f~%b?H|p z+&TT<{g(UOXX?|t~Q)w_=V*e3@k2Tp$N`nmdT zK(F84tyjkhhU*@stP@}ibqWyl7YhaoJ|&PFG`U=W_~UHRVS*b3^x@lrv4YzK?-1N2 z7$LY{K-rwDNt;IRmn3p6hG%LzJ6l__wH+Wh0eL-L}Z0PLl=;~={&ek?8%ht56?dV$Hv#w2nReFd9(HJ_oe0@(V z3w=2mPJj8rUsgbQay5omj>>)Kb-ACDmCF{+T{-`_g>$#{utvWw5xiIa?ppnuAUrv?AI3QXQOV29h540!6x zm!CcEl{3G4(YuO`Kka?=Ltl8|wWaGuUvr7Zf4>_yPt|W1=mz7+{fhN z>=^q;1$YUc6ATvoLoh@Dy&ycZy3+r5>Iy9^(3P=Xt}A1|O4pIPw(1H^_2??BC;y@= zv~r%V`7}{-ysDF_43%Dyb=TR+XUd-2v0-g?@%o;obuF!}NlojvXY@OtY5$UruC_)k z%a(eFv7SCP3GdLhUVM9a_0(kjZ2g{`-L{r8!{_h3r}-;CyDbww@6r;L6{DfB)5CnLYph!(Bdd`;VFjE%<21*ohlX_~ZwFwE2SP z2Rtxg)(f{CdD+zu-|+jn?>^$iRVPk=aNw>FCnvso@SFQTuw{02vbB9< z>l1HgMoru0;Gf-n>y4lI@LmW0%P{u-I;5e))ZmytMbj z|9WHf`aeB5bm2ayeE1u8oHB084^G+hs;PrE&ilv_Prv^|Kf2+S-(GR;$F6M_hj2 zSGx~<@$9ede9n#+-ca|h4}Id~YhN0?+jU>L`Rbd0^}Q#4y7QM$9Q6FV9=U48-fy3^4?ShVFf8KEQ)^pa~-2BV^j`;EA zvp)OLh41|6qzm_5RrULQ{$uIC9Qop&zZw3WAN_L04dZ|ImoL8dkwbR;;U)KeYUeK< z_2;D*yyuuH@BhW#Csy3Jhq;+E!$XIF~zmnjy56Fta1H(B3^n&-@FqMF{PC&=k|g5>O5 z@fBl`69LLPsr|;t5TZHW{`h9b5j)i9A7#)ehAkJiCKWZQdd@2;@^{c zez^#Xl~VrluZQdV+4`O5FV%ICt}_ws`uoE5T7^VRe<6Gg*Gc*~Dfhj<*WuS$JB-wo zzy4e&>$x9&T_<^~{{Q-hPg!k7&7G+g5r>F#@9@=5hCsU7+6 zXz=w*~Xr1WA==eu1(o>>({Q!wzizn(mFZYv#urE)Y#d$ zdVTBqp7kx=*^V{gx12RCD|gaq?HwE2v+G*ATGqE`8@sa~3-@FIU$%dCO-EODabwfc zhU~kmv&+}DboVN)v8!cU8=A9vU#59msN}SkP1&AJovN|1y_s^_8hiY?dz+EnxXr+> z&i3wEV{3PZ3Ut?1N_R(FOSWDAwKugk_H0nS8`rIGT9*|zHgwBi@9Egqkn9tv%X!g()BDo>0SpW)Qi;}tsr=# zsc=0k6m|$l>d=Pn#1bhR|* zmDj@1&^+pF(X^wbE8EqwMr~_v(mj1?+!!!gomDN_&JA6i9o=z2^JqepKrxr95;Y6_ z#D1>Uh=?4{Xl&gODqF7s0VykwsXJjoUCrFO`k6E5w05kfJJ~hsTUwi|vo(2bP^sB< zB9KOx+;aMc##Zni%b2rh>714Ib@S@#>z35kg?H8D{=HSRqB^@`T}!($z+f1Enu|pu zZfzAtni|`)-JLB>>(^|`cC?3X(5Ie_9of}tdXD7ISg$tf=L3#u*;FGU$gXK^TpJL} zuQkgSs+`u=?4*|Jwbhfe%QmcTUEdTR74}1i=7;g?Y0>Y?8rOGC+JAo&spg<_8)`x$ zgbIdJ2x;HYwpy*z2u4cRHQUlC0%a7yh47#;@$EiFB_c5nMEo9*I&W$H;+o}gOx&{8 z)=fF;%tq?c(5qLfDA0RjcJ2Bzgi-NJw>d8m#Ja{aTCy!?Ha7LB08kkEAU1H*srex^2xhh9-fl zwAgKrcJDuP#E^M`kF)RUMcXwiV#Al#F0Wg@vSE4s!X@)ZgtoE z>VovxD5)h~+oj^O8d(Wuq)BL@ScgK*TNY!Dot@dX#!cByc#?_(4I|yRiF(xsxeC1| zR79Sdn)Xt!MbRg*m*a;cL(j!AjT>5fkS{q71NoCvTs3Aj4pXF3I-1oiy5{%AfgRb7 z)jf?Wd|S$5vs8dOuXZ@c0@%od49elB-9IsKHQZ-$otl*JL|ex~@bd z)NZTm&_lMz7WP2j7%M=R?5l#B>l;?>t9V(#_XUp#Dkm!LR&a!1rr=1ydjuy7{$21j z!QFyq11k(J8LSmi=aiYM(}aL_XK|syq-VLDgNcP{Ktxa zc_sg`;$I31C|+stI|T)>9I)-L;7;)Z3horVQ_$*yI|cO=6wuEv+Zrj?vwYYYO-S)2 zR63R;nZS6AnUW-j3r-PyKybC-e!q5xJz)i z;3tB61osK<7yMfAh~T$^-w7Cd{KcW!RID>mE+l^8nX^T9OF2qk(VFKjccx1Z~AXrBj5h;|1btBGMO>R<2Z)! zr1>zf(FM|^_?Nsl-v0RiHU^^YhaFfoA=%@G`wz2+8V(*JDAFz*L z-y0O^K;Xo1sgTJT*@;@WXdSX@>m6I~82*(Z-^qSrz@*B5piT1c>ba>yR%!KcP7Vnf z?O7nl zvt1Cb>7A+U>-64O_E8ZI%6H1hh9`L2&$53utMzN|-)0APRyC3tf=`5F62;HnRGv$J zIrRTWYu2pjFVafCv*Gp5e)pdml(<*?Tl&0nQu_IE%CosL`LBLF$@y8F`FMix%K40( zo3}`@1>{W`5U$R@m(g>>inNYAHpNRBulyBc|GHnTnOLUXWNzWqs6lGY6hS;kX-Dm` z|AXG&SFsVqJ!JJ9dy?7N42|{ldY%l1<(?VZ=bPl9&p&B}(xG@FC7dS^>Lw(ay!vC* z^SFaK?u$;djyT|%^R?g-pQX1n*-zieFa%ALjfQ>M>%*j=BBKeRph_@6FiW@gblq3L>id3zNrL?a2M7)nOcqQLR0|FgOchKM zOcxw1I7Bc*aH!xg!Qp}<1TzIk3W)Q1m*6PDEWvC+jbM(TRxnpkCzvOgFIXU0C^%Yh zj9`&qv0#Z{sbHDlSV6s@L9kqKoZxuD3IVZ+CkRdyoFsUU;AFum0&uuW*T&puzBlW0 zi(rjltzeyCz2H;<@oTNRwh7t=9fD55>4Gl7YQaA<5Ks^MMc3rQ|5pk#A&&^Pc@KQIILsxjq)Ctaui7MaUg6OdJ!>Rm;Ci`ABEy!-#ps$OVu| zzLD&j$8SqT|Hy{Agtn5GbFuhyiGHh9TbJvK%xF*y(NL+KI&;0G)+5UK&uR5DLQT$$ zmr>s`icH)?zmYqL`rt3PtWLcm_X5&>Rfd?P<>51Zvi7KO5UT0b`A^V!b zc1u&>g`rQyOQ}rWNl7JI@k+@OO1(+W(&9bXwFuq3L+_9atoRrVN`9L3H&Zd0%gI#y zpmccoOvOJAeJzy}ip-%<1v=CxjQbQb>_>j@5??zb2y#THMr1R}T#Y>8{GF^Q=S4|{ z?y{1DlK{#|j#Zhnv}LEXB}I1d(V`JfkS=cHI4gHN4ald%yehh=O@18ye^Jt>QGJQB zk$m6x=uVyR%K0+INy5O7$RysGU_4~eq+i?6BK?N5ohN%@Ilxp)1O<=(3I@=u?M z<;7EC+|KgZ!l0y5l#!7R_6bU4b3QXOHS3dNj>v9*QjF^y5OCKh&2nc&vAn;WpdgKs znIQ?^pZv3ANiTg;3?&wqyo@ZTIx)7ds>b5dX_?BInp_^}qdzCcklDOa9C4p$qWp<5 zyJe?Jhc#waWv-W{P`nktQX5)A{`sGje2x=i+}7Jwf8QD_t2#@MG3_6h{ZmQ2JgYLu zQC$AS7|}@3>64}7b`_6$E{X)nhHqptVcl^0wb0 zElE5%=FChyIp$i`^_vQIp?psqQ%aA)F%z=?%*in~1ssFh;#B7ohDzbG)EN%(e4@8< za?BsY=^gZYRnpB$6osvJgsE6cBMnk{v54168=5N%S77vp&g#W}wmh2I@|N#5_V zIzu4#(!ch0HsY=N>Fj9Q>f<8T+WPSc!liG4Ql&L!3uq=*OM9fEc$z9(vvwn_08AL0K9XyTt3nFhf<=C*yq@m zKVj*rZiAM)q_hswu zu9lz&noHRGWXZNaG3JuRqh{GlzI42cqn;*z zJegGSX_Mi*P51rXB@Yvy;M-fR`@F*pADNKNZXXD^7vmjwe^!%g4$eB$> zV*CT?9o`wDe=cE>?%03GDoU+d&pHBr$pyMIDb#_FlDg(2a-;|N(c&1x<3Gn>3e zUcszJ4$qbUWp#J5zHiF?+e>4{JeMp&yfIDEm;2LH(giwCNx>t$vxPO42 z_o~NywQZg}oaC72{jBPXwN=Xd!mMkMd@(*D8yseZ)&IF(9HF41!wSlukn3N(GeV5Mgja-i43bInF+)X4F@cfe}1?ic!c_bI_cafW)G zcx{?wC%jUr68fGMj}Gm?n+*+9Q}6R@CYF(%w+9J>B~BLd31zI-u|Y_b<^4 zW9+$rF|wFXEQ2whdk;pTZ+L)pD^|ZI^^!-%G@6<BkANCDbFX1xz((g(?ZT~S)prO`{21{DxpEwh5Dz{r1Wi} zBpz#qNLaE|lLdT}TI_q!R*h<6mF9Ro+aO?7W@p_e#S!QEc}~z4M$pNQ=p~r(>i$A~ zYLZ;x+_I&~yF+i5sJuD)G+Y=5Q^;E0Jx$cWs5MI_S$A-D2XcwEDe5DEji1a)wt)e7 zz$>F;R0H>{kKhcS>jqv}A?40NYCSc2^|VHx(6BMTyjK~za%1fX10*taQU>`|Xcw&*yIN)RgBwV-T0oKV0q6GMJu1cA&U&!vVMEG8+e{&_7$N~($7%OVa z=krF5Djdc+UPx9-rtbBs8~-%&&#StOEKhNoPLvZ3s=?5XZZep4G%Z~Ab) zdbl1gm=~~sb^)_p!YrBTIkhF869JcSdIS`Pj3Dj;3%Xg)MeHKWEWweF*s+|HV$7pa zIz(r2B_6D!Ti|tCg+^PeH_#`X9mhRt2Vab<>xYM^pEDCVA%;?DzekGJz<>01sALk+ zEuQVR3+J5b#aR@j!=sgGBuaIx3Flnl!*H!gmnH%Fi8`Pfq_u5x`fKfz%9xa@8ic3q zM|Pz6*fQGk!TQjrJ1{fIKes5J(&2b7>g3cJ@I|?_nUmpY6`ahdSuTRjnr$sc@^pz3 zs`Q*=W$dFtj>Hio2R2yi5Y_vXw$UmZS&lUgMKiMiN0!RyPJ7qV(Y3UIyFA9*W1^5F zm_1q2GYW7NtwEYIKDH_tL1q=U^Pmp;S*a`Ys_}u6;Tw3QPQQX#dQYBk(^YC`Fuvf* z<-r5yxS{GBzhMPf`axSh6BMh=meBF~bgF)Z)_Ib+kJY*dZ;cjiz$Wwy4(SD>vsB+{ z@ma$C3Y87kh6kxoqt9?`zKt;=^w}C5zJkv@D@5X=QJKwnhJY<%X*X2mI?k;|_J#Ec zXK}n=lxg0H=O4w$D@)k4^=RnwS}4^)qk?4bQQzn@r{ub~p3|a#k^K4h zE#NrD(bVO5ic@3b*f6Tg^gGWoj?~5}IQ+sWFAepW&wY9%mP(WbL|2%LvFUoxs8gAa ztu|0NsMeTN3$N8d3m&iXIm5=Mr%@L*;+Kh(<+E?74Gh3z=wKucbWJ;ur)WvWv})Td z+~;ob*1Yf*<)Ock_xUI0I!+F$$mvGNH_G75;d=3T)U&*8$;~NXaMJi7HKA=<9QCO= z2z>B6Ha%D+W{z<*jl;Xh7wCV8FzjGn=cr!@Korq-z@ zxX>d6X3*K(<82THA5-WMJqeclaIt$iItS0~WY%n!(!wE^71(8X#J> z%<=hVOAlUMtA9|MXU1qVkK+QB7EdJN6dEic-(`&Bc%G%VDUXritT@M8fLYUm^%%Xw z(*_qte4t10@$^V0a2lsIiLF9T2&B{sy|X}VLx#b-oDPU&qrcH!1!vXzjPsdo?tAgf$>I8P*zF0r$}wq&Lt3rC}Qv-gO`HpFtN|3)6qo8x+S0 zvdrMYo-M#OwV4s)EY0z72D;hoS`S8mzcP5=zF-h4+=8RA;S=Cd6RmHl!U5`Y0mV;qKfkZ%TS-h31<)wgztEsdf`}p?B6<#0V;z1T*Lv;IO4)qp(Q4p(W>wu@AX zy^XX63-l2>#9z(K`*`(|SY_L7j1686T8p*7XvLG-7z589-8y*8I|1B(YJ*myS1X=a zjb?PIp7#w_t(<6$+}IRohI4soGj11mFjmub5LbSc0NqWV}yQWBHQQ$Pr z@<++?gEP@kj0V2cbwMXn3#U<<2Sx`@Sg0rZp7*gvlIr{AD$T7!kB!@|?Y8~sLA%-o z_uC&gR=AJSX|e7y>!wx6QK;RLnR#UNP59g-@mv1^MiG5ZD{|h zWvprLc=Z8U)UK758ogiWc`;R?HIYGa-MrA_Hd1(k(xUx`m1;=~-x4_s-YwOP!7~DO zutDH%JQ>ikDHgn~)Au+Jg7PDetQUr2ztQ#i^u94@2lyR{&$*vS8EdjQ_v4ptz2)9e z6V!m7Ye^nco6$JdF;ELQs+8c=TZnApyv zztBJaxK6c|6Ty(KoN^7_FVncz>T|v1>*8=9Y|;YyYWW#?8f(auh>tqe#>ha*2OCI8 zJcaXvjBZdJ_{-4{4Vv4LwRWlSfks&_Dy$4#*PvMtXD=BKoXA?QlE4pr06)fB)ZR!; zPM@}Kr$*KbR$*f(b+LLgB1fyd?NgfZs$=u4)ji97Fziw7l3s`ZYlZ)OYO=Lx*+ENK z>qoMB7Q#4D0_OqOsyz$!HeBTs>=|qB(sp|W(Kqp&XFf4IgP!p0nzQ<9EmC@sS_R%2 zd2D(68Rv)3lz^;nku=%9Uz|T3{iB{io2K$@H0DgmGR~Pp&QjJ$y@ypp>#%H~L+ZCx zf$x2-dcZe&2~}>;`(T%mqwm<{NG^02bOB}X-Rr?VJ=^$Q9LmA|W7O(ZwtdSJ_3jCQ zl9q^;uzZjO%n_kls1sZ?2FoYwP*g6>7Kf-TQR(L-9?ALM(cNBDN3BU7k7taZ7bfr0!HvdLdd+CEv(0kDHq1uZBk6hzbny=Lobnk% zD9iphw1wvk&={k_OnJ51V_sq8ZAnIbij9E(g|bq;j7>qCDI4Dbl*}8n7OyZ~CB|Z$ z=oG(-SBqEZ%4(PWr>xpwF)vXo>ePOuV2>!+KHAax4J(Fz8h^+fi z{0r&TbKg{#3=B_#A6C}#=U~jcpn;Cy6{lA{YCj%9s0Xiy*GO$C;AO(f#4<2xeC61rQn@CaN&Ld5gN?F~1XgYCeo!SZER2 z;VFAntk0k`EDcIT_Jez{fiwdLa4p<}PJlPD$S8vmXGEZ+cosTyDE9_=6D8*du(EYAqc(e`m$j;uXiu#&>EIYgMCh#Y%x<=ykE(if?GXHy~gz?r{FON@JI= zBiZkfHfd7pN=LG@;}hvXpFHQ^eor(f3KH>Jo7`M98l7D&oijuhVsgW~}#U zE`5(agNtKI#squUOtENLVz}7{y@SdcsQuq-bRDGMzO3swoz(uIq-b68b+z!VMS1^O zINmyppin!{6C&@fUq&?-lnLoyWrU!4TI@T>i`2uR@&QKqU-SF zVeMtFQW=kiDDwefFPY=aE5i;(&&%OXqyfBPIgPGCpXOVF&=58gGO{Pce|auBPZVv7 zyl)wu&MleCL-nkwSl?K3P&2j$o@DGEw8{cqyCkKtIC+N{HQR33UTr~2jm|w~i=DM^ zxED{A=PN{~)T$rMHIUtPDhHW{T*QK5&cXb3p?+`DyW_$q$De@_>@w=!UZW6AXx)kj zmRgOSC{@{m^q^pKpv#N2tBrlewMA6qtR=q@ce6|9R!NfQ--2v;LT}~E7TR=;=qZ-_jPCz4<=)n- z+*lqvchd5_N`^ef67?J+`l}klSnZW9Cv7%M4zjCvvnc#vT_tBlBeA}91@)!7dS4Ff z6;N2SC?MLbXyGlPeY3=w&xsBgU0df+41PiDs!gI0_k{XO@Bg4gJdAzS20t@u<#+S` zBv3?ucJpq@?dE+>bWnab??Y-`izsTA&Pyw`oA>MCIcV?6lFzZ5*KPfy>PJUo4HZT} zU#@4$jcX=(KznaX;U(^`EWev~vua~^RH@y(JX2b)ZI*PsL-bW48aX#ypO+n6Zm*+v z^ZrE7W7l~X?;|-mQCt&WR2D=1-^IIG?PV7)l*%q%uE_M_J3M3U#i>8;+4L^nyOXim zxQlml(9Tfx?W*e)MX?_unkl`D7Y=z)GQMvfDMgjn=*@D}=G|hY#)aQfiFZIbE9K%Te~F8A|BAi`T#Q zzn8^#@y4CIQMa*k_j&2jS(2nPq@&oU`-r|r3X6MjV+&GS{UO=vrET;^?bIJD`>92` z7;E}B6{W4|M)kd%HO>CcTU6q-qPFy3%8Y<*XITfb#_;80fh-MH2J7;U1fYykHfWuw z(0i8AGjG){epqGqwu?*I!#rQw9=;{F*YOUGU%l|t-@S~t7TXFt}4Sa>H zT-(m&cPHMI?6v3ZWp*ciE>~mUQpuA1o|0o@Ia&-KrKHZXP`7vEUnC96F5GcYex}&2 zzMq9R;?7sk1zr@6(b&#jHB0mzvsXQ>PiVxZPM_uHG;@ZF5Q0%rZmm7*_j*(ql%$kV#2#RYfboO-3zKWG#+?CQ0lt7l0Qk?jU z9KG~y^OSm%UFOC4h8gaklm2E^!eSYV{|lz#U-5L-V+k`t?e zpPjh{SA1~HU|B(6-s#oCxLb|g(Otp{s~W7`#q}rq@bHM?ElXGTW4xmMV9Z2Ww@PQd z$Q?yJ!#`Iu2rqo_9~d47K1NV6+`y!mcH1@=8LC{@zcRXBG`MxL3G_ z8sp94+97)xsF!v#E~XPa&a6-2-^1&Uf6i;WU=ME^Sn`a#x#aBOccOb{qWIAs5?%Jq zwWsEuIZ!1R%L9dHtuFX=E>w-hrI52Ou$!Aab;W8Nry2)J+Dyp48fb!84WdkU4ekAw zsPQW04A71}1yjvfQ%oB?5T3>t^hk0$SXgRbrdnBtMWzx9ir&bImWZ8$^NGl3 zB+(nJJ1{0-BfZPI%O=^W=`Z2qV#GCxI+F`1$oJxJqmcidxYM~|9gw8{`>!~ z(hNK0-~noN^iEX;UBdXpco0??>O!wP;`PFS^%At?-9KR0{!7;JTZLoO8~cY@|AmUs zx^W%I8ijSybRE_-=(VG`_k}Tx;|AAllH@^>Lp_WRRO{6k=#?k9m#zg8*X#YK-a&Gf z#=$WT%)yY5j!22|4RK}tv>>zN>J@YzwTySqn95^hne7cfk?Jq+=S%&B@F4aN8nHoG zAsPg|+9lZ!7Fegkwqdmt3PeNO5<))kbh~Dnj&t)a!?;t7IHfkdZS6>j_LEyOfcc2! zxE?uIr6C)*XDxf8KC@;@-fZ~7cyycj-8~+tRZTv*oB*Yq#6SQydIO}n#-C_H# zMtq4TX6*<}5oa2okJv>DfIng?ptb1jPh}lz2V~Qsb(I?N)p}!s%Jn$1!=p((B0>&X z;1y7K9Q$GW3_ZkJr0tBDz+#L$A%_a{@J3b`VU&ruW=){~HC9U_&z1Bf8oX8jp4eTB zO;oA+7fY)Uvw>cKXJ|!}?qMgl3upN)tW>>3bN0rsOBtZ{#nE8L$3i__qxxb*z$Vp` zAFJ)C5pYRFZ~ByNGRLbB^MEEX=R*xdJ(wOD0cKZ3xD&y`+71*5P1Wmvu*eQcVvwO- zbd>iPfK%dS&>8$@9o8uOGQYNl@H95@#!x!@5{wOS#5-_>CBCE1J4G9tf`-Bd$AX|< z+C!ult)sXYmLcqdNV(2u&;HWmt+@~o{zt*F&QQ*S)!8BTZJnO-w&20 zcJyx9R@FOJymIr5KDq0@x$Ew^E3v6OU!A+|nY+%( zU2Ah!qz2C|$X&?|!}mqGYeVk3OYVA7?n>qqo;yX{f4FRZK9hfj>&o1f6=A;PAL5F| z&$TUgC9Z|9&Cn#W24 zB0Z2j-h)Ierg=P43$lm(yZO6bYQ$quRkw5~^1@NYarPH$Sr{zDXfv?$)mAYUC;QP{ zPoei9+L?}3LyC+G+Ky5jNrOy@JIlF`o#aT`G)Dq52RTJ7Wg2g`eXOP9!)(Wz$L-Nz z7C{s&JF2lA7%%qRdoCQUcPy;9+mdx&_;cs1eP4LVelKe7O3swtDxFulCeVJ&*M?UF z2^95o{u<_fdXk+C_UF)qMVT>@A~cH^1-?C4-qf- z?c3dJPtVlB$IWWha@0?ZUG#i8Pd?=g zlUx`hT>`yFi65hdn7?5mqQ{8wo+zA-7geFR(B|mcBh-$pP8nIGXVI3(XiL+5MGH`U zjCn$1`5EZ3OI%g2lF-Z02eQtQJEkz|xy_K(% zqXmh#io8dZ%ls02BOxqTytjlpyuSv{MDu}bc**Sq2eyBEbgssG1@9AlK%gVAlPz2H9u-x0i)(E&ykNph*+Yl72t%F>yFPYA9M zTrK#nU`3VA&=cG$_@&^(LzCpwf}4lw{5-*FI&G;-aPLT+%O#kg0~>XMQZiypl8hHj z6C5EpQZP?&vYIC-&4O12gLYLP1v?2Q3LY2yNib!C>J`ip94k0SaK7NK^lUTE7yu*fE#o0dtHHd zi8>+$9k0)q2qFc2RiEbx^9uy^0!9L86m$xD1RDfD7Caz$Sn!14NdY5PsqrcggTkop zq7h|u(|=pHis@v{rrHg8<~$gl`JAMCNXbUob(Ui*C1de(cPsZRwhLDGOvyJ(bmZ_% z=^1u)qqT{i^3Fzk=Gec5q-FL;3G*c5iEN8jJ@XoNQDN zZn$Gz(iUo)Dm{4E+kMh_y**BE)85zHf(_Ad?Wqox^ylTaD&QCaV|VsB&Bv4`<{;c1EKUCPNML#i?rgOjbZE6>Sn zoAYI79Xp-8(lY16U%bwi58>j<6%`e&xi)a)0Zn`!6g0{F#3a2;fLVICpg$(*B$<}^ zCh2kdjv0EN;C{hlg2x4zp-%~(7R=_HNc}fESre``$!9L0rL&VS9m(%C$!Ej&n&f9k z`TLc*@9Spy`yX=Of1dk3@bU#N#atSj5z+s4K-lTSJtFP?4 zX>T>P)s$n};D6Jk{r(CcDw-st4?JPb=$D%3?fUcO=Z{ywtegazNu4uAhrKGLxsHNO zJ~*2C;vYxir7e4=puO>#x3B%fz*Pfp8+4O4bDfjyK2;701ywfdMTv^!QSos9|15rb z4~2#}xj(aYt9(4+Z>P6Bf%AK%rlh6r<*F^Xd~3~@ui5+aH+}!(Pqtj}$hWqPc>3Ef zoVzUQ|O?Qz|!AAk0&i+{M!=ciR4^|6O;IChu&1|N9a#}9t@K_7Vi z{2jKOHfQw4&#(A<_2En2+&bu~su5>=_l~7c9==b@UYAV%)8ij#_`o$Yem?q=zu)}g z+OK{6#S4}_e|_6$2EV!ANpl)Ee_+ZH&o|t7!M~sXFIT;J#@t_3`bDoa;`KmxP`P!UDFj4&k7bkcbV;bkZ3KqN2H4M7A#rMr@Drn;-` zu1<)~U>F4*i~{0?m(D~ z`|aoMYW4T`t-6nM&pqedb8pqX)xEfSLB|8Dzvx}`(Ak9Xhm<)=kF&{-kF2knuzt(Z z*_S?&AMbEsbGN;&*Y7$0%B{(9J(i!nd47M^#ci|e!nvmH}Rthb2mKuWM=Nk zH-f(5O=;kRBM6)Mw~z;qAryL?0VSwZs;o>2xLB^@40$D=%KyK(C_A%^TqLEK^%V0E zUV2CUo$nsARZD~KeyZOrL&59Itfw5iULHR3nV0(POnu^;s<&?(zk0UP4FI)a1JD!L4BP_j0*t^10MY&iAf6Hi2>9<-EsxdjmnD{?c>N(& z3Yb{F&uM1(n`Y{gB0wS4MIm)<3bT5~@p^IEYIr9YqPCDru!sD9C7?=iV#v4euy;s0r&Elz?l@Tg zWruxzMxEI_?AcZO8;<5q9C~)zq|^^P-o9U$^j%t0(mwZVgL5yxcQNk%!B>1W@`)xx zH_L5ldw0LRZqaXkHt5pumF=d^yl8vbJD@T+J+t4Oc_S8d>^{jc>B)D$8#Au#)6xgi zzy90v-z0B)c+-m4mmMCsby)lr`t#?s#?e`c>=y zwCTiu^jKgzbLMsJa+ISAKyKx-MU`S3#G}ubGGe2{pP^mnTDsOHJ%voz{>eM6AdGK z%q&>7#xZvs^V?OdU9Gya!M+5d1<0zH0Jx%fZ_@{RgdB`8Xay=kh#J)2FxV|odHjU z6f`kWWg@GV0=3NTsd6(}s+MFEQ{57Cihi-eBYRYj6l6*zj|G7c`HJwpQf^L!oT2Z0ME_|sVk0!Y# zPXNS`86s35BQz)!6ssiSdMw)Mh_o|LYbSKZswAHj5W_0aMao23R%(KpS^|<7MNcBt z5PMXogxd}&zyeYwc=I`th6}NVOVrFz3-gBpekG_YG|DDm2}I@@R06h0K6*PVpb?lu zwJ3*pWgaMmgi=1%cK;ZgHP=>}m6a_k71SJ7>5*iYnOUQF09EFOfruJq>A{dFliYP0 z*#*Vf<)yYfTdA!m$HvQo<+hcwmYG?ZTk>fVAZ2Ls!@Zbp#Ig*DI7J@|`X#5QvX&`6 z-VAD!TBEQEupTzKY7cls^uV!FtrbSVDrK>X3zlN7CHbHu%PdhcSD8($Bvc`LoO)JB zpEqbU*PkjOzC`o{5|ffNBgH*vuHDL+fG9|v5Qs12tpIn>pl<01nIytMNed(k$N@Uh zlCPl^U5L6O^lL8EyyDVAt3%g`#+fYFhOLw7)&PFWFp+YtMdkTL4%=v3Dfca4fTZd1RWVhpkYU=I;c`tjI}ME@mn82JdUG|a z@Sq{h4URY%QeA{yO+twzt7fv1tihx#V|*U($81Ck+qRbJj2GuPY>slfqcp#0v@v{G zgStR?4ImSFf{>*VvKEZS&3~!gYK)H$OEHUjGkoK9>M9wVV;@2#xSeLPww16LTdN=D z3u=G2+PwS{yJbjbt7P(Qwq`QyI{X(E7ui@M+)EPj$6qgJj8s`7dAy2RxbGyRu}Hzt zsJdyC^VO1koBe;pQy?=p7K~jc>Kl|(ma520kxOeHh)mp%R7l#;5zfh7f;Om#PN(FD zcjWa^UDq@z8}}YH@LCva10c_!SvY3$CY(cb9U`jrEzOOIen0bywaia_k}BplOx``> z>QNt=E5xfAD!Dwc+T2PM(_J6jUbsID<1I&z5ks;{{w3VQNcg5^S&0mK7>prBae*yr znpPe?P+>}iDuQ^VW;*Adr#xCQCSE%Y1n~X3FBV-cJ~%?wPQ|B6GoYvD(O37!+znVA z=r!5n9k%k4@!19WIW+u)yA@Ya%S@&D6RgM_ohw4wY&2SFqTq{Iho_SHr2uafjhp1X zDj{ghOQfKx=>YQuiX`hIg^^j1M~5(=67o9!faHXO!|=zlB^5=lBFO~>0fvI)u3~gY z(+fVM04W~?6v7xFx~fH=iWvh*o5i{b=(;PPMT7^O@GOtAws42C2a`k^z^>)BIAxy5 zM@RC5q}{O9(6ps8{9%(G-c?g1p5mHw)#%ucF zo-Eg9=egqHo}!}D5MQ1Kg;8Q^dQ4hrPO4VKVm4b+W6PE1q({;+EU7KZWkk|aGcsb* z>|?B!F@@F~mPq2I6U8UjCZX;WvpF>*GbXcD=NYw|m}O|HiCvY&o)f7nGyQ65(R|?A z5{nTR=2tN_m)fWG$6i_BP2e!l{^!_p3k(IafMLL7U<&Xg@G`I)_#8L|)DOU(X`piw zo}mI42jMv@&>Ocxw*eAR3H%eV2{;a1jK1Az{h~2CTk99+qqDVs5ksK$N?T8fAwbIk zks~IhbpkOdF=b-7j!B8BCx$>9FCt9h(KDW58*oEP&l1{eJ2!+rq>t`{1z`v<75Fu< z3itr{7P!NVB?iEmEC?<@0xE$jzzui+Kd=~h3wRsY4txpF^5$JYpH$ERl7SSUjjaE- zv&BfVbs5KG`#u-nM@iqO%-2!MY^xA;T`$G<9MXNa7WyZBOv!-mfyKacKq?-Or2%=s zXrLUJ18fAaoFk+IK42cO4)_$XWMO|k@F>s#oC10c6NIrq0Z<4W1&#q1zehXTSf(+W z^bdb=_J59@7=grCMohE8fT0Ip4(s;Vy*Re0+8(PiX7L-Bp>g>gWfej>Ebh?^z!`+I%17&=n`UB|jk^}hU{VZDac(WD(e zdgc6|5I{SFp*#6wU5C^ssUK>6FscbL9;J;JQN@2c{a+;keeOr|zz%(cyBa=7W(~(i z^lgai^s|QQc6ZNT+MyrNzX3ZPXyZgz3?U{1=80JEkmILa*?whv*VXYG*`f}K?Jv=2 z5}k^CDe=>U8-(m|n+nMWVB)CdSEEYx=$feU3jtN2%wrFZ^H@UEB z(|b zdIOuGM*3w4I-?Dj^y><=cc1b#$7KFLS~I7A(kkR{Diz>8bo$+rTe6XcK+_YZ`XF8B!pP?5RwoAv;bxY3&bKoU{>SZ7UF?q3&|D|2JicV@lx|I z<#NiYO3hR%m8w+6S*9vKDBJmyA5PihiNVe!!(cGO2|3 zTD-&4`MUd@KIe4b?!HHW6yL{NH*WCDLhOWd^w^z!@%ex7VGN{~1?T^N%+EMKZ}BtC z&%6Ab5-cnZzud42f31=}W0i1(9oCat{7xR6SR(ulPVi$eH)zM2u0mY63d@js2J;l= z!87e*28-!-F@wbo7FQStXs|?}3x7{gqKh~Z21~}u^%#;0OCV{ml)+L8OCn{kbb!G_ zTFFZxZLo}Kmr?D~kdXy;DKqWLRJ#ny3|4M1>cpQilpCxf7E|{0$Q7&{6$Yy`ScS$a z4OV4z3C33ucux7qk6@MXRl8==Z0u99Jik?PjAFB_!o(ZZiM8Zq`BR0MU^)iGay16? z*=7=xcC{8Jo(S7Xyv)&94Sa~EHdbe0;t3m@YhmdKR&QbA3A^1q3oDCY^DV4Af-TTk zHAi0&!4?{SgnRaQI;)iN-p=L!+wQE2FYN?GU<74ko z5xm4;#t*C&v}?4ms2`SUYzcd+rgx>!Ivu-B2J@l)fVmoLwlM7n)N8E8!n7YSPh-n0 zO#1=zHP&ijQ9mr#SPpZjX}rL2AfAslswa})54;D=+amRtucq|7WGu^WUj0>*aG^d5L;tm=?J#g z!ZH!;77HtjVCyWbJc6y)SUaCDb0fCiU}5zUY@^0HIlg&T%**&T8EgU3!uhayiXUo? zJ-4WKo3R;-uz;&bXfyG{R)hJ}G-WVZm$q5hA`25;Zq?XUM#*BX^}z;RJ*;{iyW3)?ZglJ4d$cG!o&}K7Pf-VIos9;G`635uH@6t z#ts_H=Nzmkz;3g!_DJj=vapT_cG$u?BiIoO>xy7UHMS2+u$oT+ThC(_wkCod*H|BC z(b@=hyTN?iVqptuvlCPNP^bJLJE}WWyAwD;n=R*RM_sU=K9b$fodzrPgS5NL!q!<%S;N88wbKW$-4BG?%V zYvj|zZZ~LQOC#8j#s)asZ?(oJx;$uM-4-^F*h8^@lHE4H1^dA&)bo3=HyuuhH6G$m zfN?iyu(J`2yFr7EL@@493^p3U_|!Dm!x4-txxpTZU|d}cHWtAc@di5=!RT3ojYlw! z++Y(CjJ7h^`3N@O!XAxa3p6IH;RR#sX4=)|b4NT7*!rSscL5i;>I$~V>hm#!EmPQH z3wzvPvg*2Mu&^f#wp?L33wttxEwQktB3Pq^JsrW8TG%rYtjWTjjbP0d_FM#O(U_cs zo;NlNVsIH~ZEdp`RJ-T#ypGRStIroB*m4VdDT1|G*vk=Yg@wHm!B$$>tLDrVp2z5U zt>-0!wdwPitki+uUo&UC;H3K<~+7S`L7-HyvAM+`sD8`6&4rIYwQivZk571 zK+kLJO(U;e>C(yP61+`#S=C5zg>!nhAML$d(eyc-cYgcn$4I~PAEa-7@ZM*avG;@b zu3pB8kH7e|9u1`PuY zUo~&|3@5+(@vpAo)vx~Y7hhuYe~)ZhkJp{U)T+!qyd5a_Ryr}f;2kD?(K}E2lJ_?0 z%ia~zR}z8_Cj>p45OgFV=x9RFhZDaheI%J79ZPnQo=YAh9Zy~)ok;#6>G|Xbq>rXn zIva2?b=cX9$5Q8=wRk-BwsQ-fNL?X)GWBcHr_veHr_&vz&!mr$KAXNs`ke1@&0RuT zizd=JXeO;g3+Y@eBdtfP?>LLGlC%?xNN>X~(nHwoJ8lmakRHcE--&;N<-U_BN1N}Y zJF$ke3u{SN;}+62Sm%4yJ$S(P7VN`O()~E*$J4Fo@Z*_1SmCFs&r<)Q^VituUyQwt z_5QWkt=QmSOZQ@v|1I^IL%I-+{n3eSZ#Khc^H$QO*p|(>O}LY^8FyvtXwNgGbr>XFj67)r zPG{SkN(^N$;VRjW;yZ9N;La9kl`1T9i%0Wv*BZ(I&mgLv z8Amm-X7W7UpU4oNv~?^Q<*E;5dvymQ{*WRouO>MFjon`#t{N&X3%| zx!TTBFQw}t6Vxkg>!|wB}_B1G} ztur}DW#gh|wA`{(qF#_>NRczrfE`8EQnGaaQ=Y)ezTz?&&HN?t0 zxuQ9atZ|OBT;`V3#z=C~b9pb}q?hv)>jCnZ1N#Qvu%7{68c%EI)4SC;44Vm5yjIeFM z)0#cRfP4F z4P=TM8#ulil?0s`o0c2YE0i1Xv|Psz?4lZLyM#Q|tG0{dU%(5rrmAQ9yDE|Fsd}cr z3wVZVsCwZX@~rk?g? z0Z;p~fTw*~z_WZQ)>1kf8w7q+JYxe(uCal|Grm-o3nzn$dzW@0*R}29(k?N_4eA-Y z{7&%{Q`<$_CRtDQYU~p5ls}9wxekT>X}d_g7@oFE0Z-edfEPZWf_M&ew(P=44S1Ga zZcwh$*|Lk_X}gHe&3KK^gK;Rk7@aMi(b?h|oh_d6Wx$j0;{vB_Ul42I8b+H+3>D5d z%a_IVX%ZRI z6v{}`DCeUg!!rZ8HaC-2qKcGH48Gj)Q9+tTr4O%?yK{I|JP&}&X$@%>wSJ7}mTEsn zC$w@-zm9qS1@BGF?^{VzNRp;`()flGH{pNdR`8_pJ>|yy@4Yf) z)y{q!X%dS`Q)nRNu7EUyC8T9&BrV5M(kir&@~$`QvY&R+N_3D`p_9}{SJw3^u$HtE zw`65Ew}q7V8l)Z;W#euFZKO%8%eLX)cv`rG%RC8uM+-{TWZwqn#Gn0{1B&mwx& zyDzga#i#1)p&nCwceqA+PCpXu6hQB~M$&q&s)o@RV~r%Kya9~Sf+^CE z7{dv2`1XssR#CGIky`HIc#My8&lh(bwNtHqA6-hrVTs5i$NS{`_iz}Ij_j$5UX*-> zeJP}AZ@A8N8CG{u$EL^C;#?CkSAsJk^rQ7AOV+X~o&O4C-S}4R{%^9BpgSe&o}zR; zrPE+s4o|&iNo<-@=_WC>4R-|Hb(>yOMzmr5zrSc%r-RrCyDN9S;>qd`rG)>N7f)8s z`4^FLMaR5s0B(NKHjKzBh6VL{$frWEMup=l=3JJT=Mg0+MUHuqB@Y-?iY<#)zM_ zoX3JLvP!V_CQ7*WCQ7*WCQ7*WCQ7*WCQ7*WCc;20!P=WB;o6%h;o6%h(b_9( zR5+E3w^B{6QASn?)+i?wR)YOu_|5_)*dID2T%#mDR4MZQ5ZkP?`3l~%g=_vz4ay)6 z@l?=hxBRyVi&Abe?;MOQ^{&7zsw~Tf6r0fRV*(9s9(C5~TTF9{dZo_!cf{V8yZ`d{ zTbVba)z|A86PK?&!Uv}}nxq`Dmas{%?;;2!#$#s11U(bAy`OF1a$jDvHjDZ|8 z0vefb(Zqa+7G@c=GV7p?@BUZv&3`*{Lpu5HXEpN-)-wNl9djTyU?cMlHZyy9D>IRA zMK`u%2YQ%yuuF2ac$VJFtgrpd890E0xDAJJn3)4daSX?CJM+Qsz@4}YcjF%1i~Ddt z9zZ`co(FIWd7Q=>3}OfmGS_JsXEB0NJd8&$hI1Il1kU48X02YtV|W}-;7QKIr|}G) z#dFNdd;u@wCA^GR@G36hHNO3M9dF=G-d>Hdk~adKxW zPDa(ec^)iKnE_2&>K9SE4ekliNFT zDt}?Rn#shDiQ(b=Y(qyXer#xbcosqIIGsM49~d7R9m#b~Cr0ry@x!^6-1Zr90m@Wn z=B!mvuJSf#uTvrZ8X6fAm1e408DsX{?88D;x@Ryy@X+wkxtUGmCk{@WJvqC-vdNy| z{&VMs24+%*{D!g}!xQ=3p0WOmGg@(#RY$V0rYoCMJ)^^;W2Yx(**xsctl616)_-z1 zKcgs|n5;9CD4fh}9~c;&7#SZLIWwIu!h0y$+dp=`f9%vu70AC3@5`U*pG9HTc|N&w zsQ>Kf$ZY+*n%Z^t;lciML+54|b}6-cXgEL8e|8q%zm}HR=o=cz&)m`FVky!># z6<)8{IXaL#l0Tgv%a069FYt}j(TS7evrn-%&HS3t6;lW7oKk;j1Fptg>vkVJc7X2? z-E?n$_ +#include +#include +#include +#include +#include +#include +#include +#include +#include "keychainacl.h" +#include + + +using namespace KeychainCore; + + +// +// The default form of a prompt selector +// +const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR ACL::defaultSelector = { + CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION, 0 +}; + + +// +// Create an ACL object from the result of a CSSM ACL query +// +ACL::ACL(Access &acc, const AclEntryInfo &info, CssmAllocator &alloc) + : allocator(alloc), access(acc), mState(unchanged), mSubjectForm(NULL) +{ + // parse the subject + parse(info.proto().subject()); + + // fill in AclEntryInfo layer information + const AclEntryPrototype &proto = info.proto(); + mAuthorizations = proto.authorization(); + mDelegate = proto.delegate(); + mEntryTag = proto.tag(); + + // take CSSM entry handle from info layer + mCssmHandle = info.handle(); +} + +ACL::ACL(Access &acc, const AclOwnerPrototype &owner, CssmAllocator &alloc) + : allocator(alloc), access(acc), mState(unchanged), mSubjectForm(NULL) +{ + // parse subject + parse(owner.subject()); + + // for an owner "entry", the next-layer information is fixed (and fake) + mAuthorizations.insert(CSSM_ACL_AUTHORIZATION_CHANGE_ACL); + mDelegate = owner.delegate(); + mEntryTag[0] = '\0'; + + // use fixed (fake) entry handle + mCssmHandle = ownerHandle; +} + + +// +// Create a new ACL that authorizes anyone to do anything. +// This constructor produces a "pure" ANY ACL, without descriptor or selector. +// To generate a "standard" form of ANY, use the appListForm constructor below, +// then change its form to allowAnyForm. +// +ACL::ACL(Access &acc, CssmAllocator &alloc) + : allocator(alloc), access(acc), mSubjectForm(NULL) +{ + mState = inserted; // new + mForm = allowAllForm; // everybody + mAuthorizations.insert(CSSM_ACL_AUTHORIZATION_ANY); // anything + mDelegate = false; + + //mPromptDescription stays empty + mPromptSelector = defaultSelector; + + // randomize the CSSM handle + UniformRandomBlobs().random(mCssmHandle); +} + + +// +// Create a new ACL in standard form. +// As created, it authorizes all activities. +// +ACL::ACL(Access &acc, string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector, + CssmAllocator &alloc) + : allocator(alloc), access(acc), mSubjectForm(NULL) +{ + mState = inserted; // new + mForm = appListForm; + mAuthorizations.insert(CSSM_ACL_AUTHORIZATION_ANY); // anything + mDelegate = false; + + mPromptDescription = description; + mPromptSelector = promptSelector; + + // randomize the CSSM handle + UniformRandomBlobs().random(mCssmHandle); +} + + +// +// Destroy an ACL +// +ACL::~ACL() +{ +} + + +// +// Does this ACL authorize a particular right? +// +bool ACL::authorizes(AclAuthorization right) const +{ + return mAuthorizations.find(right) != mAuthorizations.end() + || + mAuthorizations.find(CSSM_ACL_AUTHORIZATION_ANY) != mAuthorizations.end(); +} + + +// +// Add an application to the trusted-app list of this ACL. +// Will fail unless this is a standard "simple" form ACL. +// +void ACL::addApplication(TrustedApplication *app) +{ + switch (mForm) { + case appListForm: // simple... + mAppList.push_back(app); + modify(); + break; + case allowAllForm: // hmm... + if (!mPromptDescription.empty()) { + // verbose "any" form (has description, "any" override) + mAppList.push_back(app); + modify(); + break; + } + // pure "any" form without description. Cannot convert to appListForm + default: + MacOSError::throwMe(errSecACLNotSimple); + } +} + + +// +// Mark an ACL as modified. +// +void ACL::modify() +{ + if (mState == unchanged) { + debug("SecAccess", "ACL %p marked modified", this); + mState = modified; + } +} + + +// +// Mark an ACL as "removed" +// Removed ACLs have no valid contents (they are invalid on their face). +// When "updated" to the originating item, they will cause the corresponding +// ACL entry to be deleted. Otherwise, they are irrelevant. +// Note: Removing an ACL does not actually remove it from its Access's map. +// +void ACL::remove() +{ + mAppList.clear(); + mForm = invalidForm; + mState = deleted; +} + + +// +// (Re)place this ACL's setting into the AclBearer specified. +// If update, assume this is an update operation and the ACL was +// originally derived from this object; specifically, assume the +// CSSM handle is valid. If not update, assume this is a different +// object that has no related ACL entry (yet). +// +void ACL::setAccess(AclBearer &target, bool update, + const AccessCredentials *cred) +{ + // determine what action we need to perform + State action = state(); + if (!update) + action = (action == deleted) ? unchanged : inserted; + + // the owner acl (pseudo) "entry" is a special case + if (isOwner()) { + switch (action) { + case unchanged: + debug("SecAccess", "ACL %p owner unchanged", this); + return; + case inserted: // means modify the initial owner + case modified: + { + debug("SecAccess", "ACL %p owner modified", this); + makeSubject(); + assert(mSubjectForm); + AclOwnerPrototype proto(*mSubjectForm, mDelegate); + target.changeOwner(proto, cred); + return; + } + default: + assert(false); + return; + } + } + + // simple cases + switch (action) { + case unchanged: // ignore + debug("SecAccess", "ACL %p handle 0x%lx unchanged", this, entryHandle()); + return; + case deleted: // delete + debug("SecAccess", "ACL %p handle 0x%lx deleted", this, entryHandle()); + target.deleteAcl(entryHandle(), cred); + return; + default: + break; + } + + // build the byzantine data structures that CSSM loves so much + makeSubject(); + assert(mSubjectForm); + AclEntryPrototype proto(*mSubjectForm, mDelegate); + assert(mEntryTag.size() <= CSSM_MODULE_STRING_SIZE); // no kidding + strcpy(proto.tag(), mEntryTag.c_str()); + AutoAuthorizationGroup tags(mAuthorizations, allocator); + proto.authorization() = tags; + AclEntryInput input(proto); + switch (action) { + case inserted: // insert + debug("SecAccess", "ACL %p inserted", this); + target.addAcl(input, cred); + break; + case modified: // update + debug("SecAccess", "ACL %p handle 0x%lx modified", this, entryHandle()); + target.changeAcl(entryHandle(), input, cred); + break; + default: + assert(false); + } +} + + +// +// Parse an AclEntryPrototype (presumably from a CSSM "Get" ACL operation +// into internal form. +// +void ACL::parse(const TypedList &subject) +{ + try { + switch (subject.type()) { + case CSSM_ACL_SUBJECT_TYPE_ANY: + // subsume an "any" as a standard form + mForm = allowAllForm; + return; + case CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT: + // pure keychain prompt - interpret as applist form with no apps + parsePrompt(subject); + mForm = appListForm; + return; + case CSSM_ACL_SUBJECT_TYPE_THRESHOLD: + { + // app-list format: THRESHOLD(1, n): sign(1), ..., sign(n), PROMPT + if (subject[1] != 1) + throw ParseError(); + uint32 count = subject[2]; + + // parse final (PROMPT) element + const TypedList &end = subject[count + 2]; // last choice + if (end.type() != CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT) + throw ParseError(); // not PROMPT at end + parsePrompt(end); + + // check for leading ANY + const TypedList &first = subject[3]; + if (first.type() == CSSM_ACL_SUBJECT_TYPE_ANY) { + mForm = allowAllForm; + return; + } + + // parse other (SIGN) elements + for (uint32 n = 0; n < count - 1; n++) + mAppList.push_back(new TrustedApplication(subject[n + 3])); + } + mForm = appListForm; + return; + default: + mForm = customForm; + return; + } + } catch (const ParseError &) { + debug("SecAccess", "acl compile failed; marking custom"); + mForm = customForm; + mAppList.clear(); + } +} + +void ACL::parsePrompt(const TypedList &subject) +{ + assert(subject.length() == 3); + mPromptSelector = *subject[1].data().interpretedAs(); + mPromptDescription = subject[2].toString(); +} + + +// +// Take this ACL and produce its meaning as a CSSM ACL subject in mSubjectForm +// +void ACL::makeSubject() +{ + // release previous value, if any + chunkFree(mSubjectForm, allocator); + + switch (form()) { + case allowAllForm: + if (mPromptDescription.empty()) { + // no description -> pure ANY + mSubjectForm = new(allocator) TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY); + } else { + // have description -> threshold(1 of 2) of { ANY, PROMPT } + mSubjectForm = new(allocator) TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_THRESHOLD, + new(allocator) ListElement(1), + new(allocator) ListElement(2)); + *mSubjectForm += new(allocator) ListElement(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY)); + TypedList prompt(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, + new(allocator) ListElement(allocator, CssmData::wrap(mPromptSelector)), + new(allocator) ListElement(allocator, mPromptDescription)); + *mSubjectForm += new(allocator) ListElement(prompt); + } + return; + case appListForm: { + // threshold(1 of n+1) of { app1, ..., appn, PROMPT } + uint32 appCount = mAppList.size(); + mSubjectForm = new(allocator) TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_THRESHOLD, + new(allocator) ListElement(1), + new(allocator) ListElement(appCount + 1)); + for (uint32 n = 0; n < appCount; n++) + *mSubjectForm += + new(allocator) ListElement(mAppList[n]->makeSubject(allocator)); + TypedList prompt(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, + new(allocator) ListElement(allocator, CssmData::wrap(mPromptSelector)), + new(allocator) ListElement(allocator, mPromptDescription)); + *mSubjectForm += new(allocator) ListElement(prompt); + } + return; + case customForm: + assert(false); // @@@ not yet + default: + assert(false); // unexpected + } +} diff --git a/Keychain/ACL.h b/Keychain/ACL.h new file mode 100644 index 00000000..0fecdbe2 --- /dev/null +++ b/Keychain/ACL.h @@ -0,0 +1,143 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// ACL.h - ACL control wrappers +// +#ifndef _SECURITY_ACL_H_ +#define _SECURITY_ACL_H_ + +#include +#include +#include +#include +#include + +namespace Security { +namespace KeychainCore { + +using CssmClient::AclBearer; + +class Access; +class TrustedApplication; + + +// +// An ACL Entry for an Access object +// +class ACL : public SecCFObject { + NOCOPY(ACL) +public: + // create from CSSM layer ACL entry + ACL(Access &acc, const AclEntryInfo &info, + CssmAllocator &alloc = CssmAllocator::standard()); + // create from CSSM layer owner prototype + ACL(Access &acc, const AclOwnerPrototype &owner, + CssmAllocator &alloc = CssmAllocator::standard()); + // create an "any" ACL + ACL(Access &acc, CssmAllocator &alloc = CssmAllocator::standard()); + // create from "standard form" arguments (with empty application list) + ACL(Access &acc, string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector, + CssmAllocator &alloc = CssmAllocator::standard()); + virtual ~ACL(); + + CssmAllocator &allocator; + + enum State { + unchanged, // unchanged from source + inserted, // new + modified, // was changed (replace) + deleted // was deleted (now invalid) + }; + State state() const { return mState; } + + enum Form { + invalidForm, // invalid + customForm, // not a recognized format (but valid) + allowAllForm, // indiscriminate + appListForm // list of apps + prompt confirm + }; + Form form() const { return mForm; } + void form(Form f) { mForm = f; } + + Access &access; // we belong to this Access + +public: + AclAuthorizationSet &authorizations() { return mAuthorizations; } + bool authorizes(AclAuthorization right) const; + void setAuthorization(CSSM_ACL_AUTHORIZATION_TAG auth) + { mAuthorizations.clear(); mAuthorizations.insert(auth); } + + typedef vector< RefPointer > ApplicationList; + ApplicationList &applications() + { assert(form() == appListForm); return mAppList; } + void addApplication(TrustedApplication *app); + + CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector() + { assert(form() == appListForm); return mPromptSelector; } + string &promptDescription() + { assert(form() == appListForm); return mPromptDescription; } + + CSSM_ACL_HANDLE entryHandle() const { return mCssmHandle; } + + static const CSSM_ACL_HANDLE ownerHandle = 0xff0e2743; // pseudo-handle for owner ACL + bool isOwner() const { return mCssmHandle == ownerHandle; } + void makeOwner() { mCssmHandle = ownerHandle; } + + void modify(); + void remove(); + +public: + void setAccess(AclBearer &target, bool update = false, + const AccessCredentials *cred = NULL); + +public: + struct ParseError { }; + +public: + static const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector; + +private: + void parse(const TypedList &subject); + void parsePrompt(const TypedList &subject); + void makeSubject(); + void clearSubjects(Form newForm); + +private: + State mState; // change state + Form mForm; // format type + + // AclEntryPrototype fields (minus subject, which is virtually constructed) + CSSM_ACL_HANDLE mCssmHandle; // CSSM entry handle (for updates) + string mEntryTag; // CSSM entry tag (64 bytes or so, they say) + bool mDelegate; // CSSM delegate flag + AclAuthorizationSet mAuthorizations; // rights for this ACL entry + + // composite AclEntryPrototype (constructed when needed) + TypedList *mSubjectForm; + + // following values valid only if form() == appListForm + ApplicationList mAppList; // list of trusted applications + CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR mPromptSelector; // selector field of PROMPT subject + string mPromptDescription; // description field of PROMPT subject +}; + + +} // end namespace KeychainCore +} // end namespace Security + +#endif // !_SECURITY_ACL_H_ diff --git a/Keychain/Access.cpp b/Keychain/Access.cpp new file mode 100644 index 00000000..6822bcfe --- /dev/null +++ b/Keychain/Access.cpp @@ -0,0 +1,244 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// Access.cpp +// +#include +#include +#include "SecBridge.h" +#include +#include +#include + +using namespace KeychainCore; + + +// +// Create a default Access object. +// This construct an Access with "default form", whatever that happens to be +// in this release. +// +Access::Access(const string &descriptor, const ACL::ApplicationList &trusted) +{ + makeStandard(descriptor, trusted); +} + +Access::Access(const string &descriptor) +{ + ACL::ApplicationList trusted; + trusted.push_back(new TrustedApplication); + makeStandard(descriptor, trusted); +} + +void Access::makeStandard(const string &descriptor, const ACL::ApplicationList &trusted) +{ + // owner "entry" + RefPointer owner = new ACL(*this, descriptor, ACL::defaultSelector); + owner->setAuthorization(CSSM_ACL_AUTHORIZATION_CHANGE_ACL); + addOwner(owner); + + // encrypt entry + RefPointer encrypt = new ACL(*this, descriptor, ACL::defaultSelector); + encrypt->setAuthorization(CSSM_ACL_AUTHORIZATION_ENCRYPT); + encrypt->form(ACL::allowAllForm); + add(encrypt); + + // decrypt entry + RefPointer decrypt = new ACL(*this, descriptor, ACL::defaultSelector); + decrypt->setAuthorization(CSSM_ACL_AUTHORIZATION_DECRYPT); + decrypt->applications() = trusted; + add(decrypt); +} + + +// +// Create an Access object whose initial value is taken +// from a CSSM ACL bearing object. +// +Access::Access(AclBearer &source) +{ + // retrieve and set + AutoAclOwnerPrototype owner; + source.getOwner(owner); + AutoAclEntryInfoList acls; + source.getAcl(acls); + compile(*owner, acls.count(), acls.entries()); +} + + +// +// Create an Access object from CSSM-layer access controls +// +Access::Access(const CSSM_ACL_OWNER_PROTOTYPE &owner, + uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls) +{ + compile(owner, aclCount, acls); +} + + +Access::~Access() +{ +} + + +// +// Return all ACL components in a newly-made CFArray. +// +CFArrayRef Access::copySecACLs() const +{ + return makeCFArray(gTypes().acl, mAcls); +} + +CFArrayRef Access::copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const +{ + list choices; + for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) + if (it->second->authorizations().find(action) != it->second->authorizations().end()) + choices.push_back(it->second); + return choices.empty() ? NULL : makeCFArray(gTypes().acl, choices); +} + + +// +// Enter the complete access configuration into a AclBearer. +// If update, skip any part marked unchanged. (If not update, skip +// any part marked deleted.) +// +void Access::setAccess(AclBearer &target, bool update = false) +{ + AclFactory factory; + editAccess(target, update, factory.promptCred()); +} + +void Access::setAccess(AclBearer &target, Maker &maker) +{ + // remove initial-setup ACL + target.deleteAcl(Maker::creationEntryTag, maker.cred()); + + // insert our own ACL entries + editAccess(target, false, maker.cred()); +} + +void Access::editAccess(AclBearer &target, bool update, const AccessCredentials *cred) +{ + assert(mAcls[ownerHandle]); // have owner + + // apply all non-owner ACLs first + for (Map::iterator it = mAcls.begin(); it != mAcls.end(); it++) + if (!it->second->isOwner()) + it->second->setAccess(target, update, cred); + + // finally, apply owner + mAcls[ownerHandle]->setAccess(target, update, cred); +} + + +// +// A convenience function to add one application to a standard ("simple") form +// ACL entry. This will only work if +// -- there is exactly one ACL entry authorizing the right +// -- that entry is in simple form +// +void Access::addApplicationToRight(AclAuthorization right, TrustedApplication *app) +{ + vector acls; + findAclsForRight(right, acls); + if (acls.size() != 1) + MacOSError::throwMe(errSecACLNotSimple); // let's not guess here... + (*acls.begin())->addApplication(app); +} + + +// +// Add a new ACL to the resident set. The ACL must have been +// newly made for this Access. +// +void Access::add(ACL *newAcl) +{ + if (&newAcl->access != this) + MacOSError::throwMe(paramErr); + assert(!mAcls[newAcl->entryHandle()]); + mAcls[newAcl->entryHandle()] = newAcl; +} + + +// +// Add the owner ACL to the resident set. The ACL must have been +// newly made for this Access. +// Since an Access must have exactly one owner ACL, this call +// should only be made (exactly once) for a newly created Access. +// +void Access::addOwner(ACL *newAcl) +{ + newAcl->makeOwner(); + assert(mAcls.find(ownerHandle) == mAcls.end()); // no owner yet + add(newAcl); +} + + +// +// Compile a set of ACL entries and owner into internal form. +// +void Access::compile(const CSSM_ACL_OWNER_PROTOTYPE &owner, + uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls) +{ + // add owner acl + mAcls[ownerHandle] = new ACL(*this, AclOwnerPrototype::overlay(owner)); + + // add acl entries + const AclEntryInfo *acl = AclEntryInfo::overlay(acls); + for (uint32 n = 0; n < aclCount; n++) { + debug("SecAccess", "%p compiling entry %ld", this, acl[n].handle()); + mAcls[acl[n].handle()] = new ACL(*this, acl[n]); + } + debug("SecAccess", "%p %ld entries compiled", this, mAcls.size()); +} + + +// +// Creation helper objects +// +const char Access::Maker::creationEntryTag[] = "___setup___"; + +Access::Maker::Maker(CssmAllocator &alloc) + : allocator(alloc), mKey(alloc), mCreds(allocator) +{ + // generate random key + mKey.malloc(keySize); + UniformRandomBlobs().random(mKey.get()); + + // create entry info for resource creation + mInput = AclEntryPrototype(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_PASSWORD, + new(allocator) ListElement(mKey.get()))); + mInput.proto().tag(creationEntryTag); + + // create credential sample for access + mCreds += TypedList(allocator, CSSM_SAMPLE_TYPE_PASSWORD, new(allocator) ListElement(mKey.get())); +} + +void Access::Maker::initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds) +{ + //@@@ make up ctx.entry-info + ctx.input() = mInput; + ctx.credentials(creds); +} + +const AccessCredentials *Access::Maker::cred() +{ + return &mCreds; +} diff --git a/Keychain/Access.h b/Keychain/Access.h new file mode 100644 index 00000000..6d3f5183 --- /dev/null +++ b/Keychain/Access.h @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// Access.h - Access control wrappers +// +#ifndef _SECURITY_ACCESS_H_ +#define _SECURITY_ACCESS_H_ + +#include +#include +#include +#include +#include +#include +#include +#include + +namespace Security { +namespace KeychainCore { + +using CssmClient::AclBearer; + + +class Access : public SecCFObject { + NOCOPY(Access) +public: + class Maker { + NOCOPY(Maker) + static const size_t keySize = 16; // number of (random) bytes + friend class Access; + public: + Maker(CssmAllocator &alloc = CssmAllocator::standard()); + + void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL); + const AccessCredentials *cred(); + + TrackingAllocator allocator; + + static const char creationEntryTag[]; + + private: + CssmAutoData mKey; + AclEntryInput mInput; + AutoCredentials mCreds; + }; + +public: + Access(const string &description); + Access(const string &description, const ACL::ApplicationList &trusted); + Access(AclBearer &source); + Access(const CSSM_ACL_OWNER_PROTOTYPE &owner, + uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); + virtual ~Access(); + +public: + CFArrayRef copySecACLs() const; + CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const; + + void add(ACL *newAcl); + void addOwner(ACL *newOwnerAcl); + + void setAccess(AclBearer &target, bool update = false); + void setAccess(AclBearer &target, Maker &maker); + + template + void findAclsForRight(AclAuthorization right, Container &cont) + { + cont.clear(); + for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++) + if (it->second->authorizes(right)) + cont.push_back(it->second); + } + + void addApplicationToRight(AclAuthorization right, TrustedApplication *app); + +protected: + void makeStandard(const string &description, const ACL::ApplicationList &trusted); + void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner, + uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls); + + void editAccess(AclBearer &target, bool update, const AccessCredentials *cred); + +private: + static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle; + typedef map > Map; + + Map mAcls; // set of ACL entries +}; + + +} // end namespace KeychainCore +} // end namespace Security + +#endif // !_SECURITY_ACCESS_H_ diff --git a/Keychain/CCallbackMgr.cp b/Keychain/CCallbackMgr.cp index 4ff7ab72..6f238ece 100644 --- a/Keychain/CCallbackMgr.cp +++ b/Keychain/CCallbackMgr.cp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -22,13 +22,6 @@ Contains: Code that communicates with processes that install a callback with the Keychain Manager to receive keychain events. - Written by: Sari Harrison, Craig Mortensen - - Copyright: © 1998-2000 by Apple Computer, Inc., all rights reserved. - - Change History (most recent first): - - To Do: */ #include "CCallbackMgr.h" @@ -39,21 +32,20 @@ #include #include "Globals.h" #include +#include -//using namespace std; using namespace KeychainCore; using namespace CssmClient; -static const UInt32 kTicksBetweenIdleEvents = 5L; - #pragma mark ÑÑÑÑ CallbackInfo ÑÑÑÑ CallbackInfo::CallbackInfo() : mCallback(NULL),mEventMask(0),mContext(NULL) { } -CallbackInfo::CallbackInfo(SecKeychainCallbackProcPtr inCallbackFunction,SecKeychainEventMask inEventMask,void *inContext) - : mCallback(inCallbackFunction),mEventMask(inEventMask),mContext(inContext) +CallbackInfo::CallbackInfo(SecKeychainCallback inCallbackFunction, + SecKeychainEventMask inEventMask, void *inContext) + : mCallback(inCallbackFunction), mEventMask(inEventMask), mContext(inContext) { } @@ -78,7 +70,7 @@ CCallbackMgr *CCallbackMgr::mCCallbackMgr; CCallbackMgr::CCallbackMgr() : // register for receiving Keychain events via CF - Observer( kSecEventNotificationName, NULL, CFNotificationSuspensionBehaviorDeliverImmediately ) + Observer(kSecEventNotificationName, NULL, CFNotificationSuspensionBehaviorDeliverImmediately) { } @@ -94,7 +86,7 @@ CCallbackMgr& CCallbackMgr::Instance() return *mCCallbackMgr; } -void CCallbackMgr::AddCallback( SecKeychainCallbackProcPtr inCallbackFunction, +void CCallbackMgr::AddCallback( SecKeychainCallback inCallbackFunction, SecKeychainEventMask inEventMask, void* inContext) @@ -118,54 +110,16 @@ void CCallbackMgr::AddCallback( SecKeychainCallbackProcPtr inCallbackFunction, CCallbackMgr::Instance().mEventCallbacks.push_back(info); } -#if 0 -void CCallbackMgr::AddCallbackUPP(KCCallbackUPP inCallbackFunction, - KCEventMask inEventMask, - void* inContext) -{ - CallbackInfo info( reinterpret_cast(inCallbackFunction), inEventMask, inContext ); - CallbackInfo existingInfo; - -#if TARGET_API_MAC_OS8 - OSErr err = noErr; - err = ::GetCurrentProcess( &info.mProcessID ); - KCThrowIf_( err ); -#endif - - CallbackInfoListIterator ix = find( CCallbackMgr::Instance().mEventCallbacks.begin(), - CCallbackMgr::Instance().mEventCallbacks.end(), info ); - - // make sure it is not already there - if ( ix!=CCallbackMgr::Instance().mEventCallbacks.end() ) - { - // It's already there. This could mean that the old process died unexpectedly, - // so we need to validate the process ID of the existing callback. -#if TARGET_API_MAC_OS8 - if (ValidProcess(ix->mProcessID)) // existing callback is OK, so don't add this one. - MacOSError::throwMe(errKCDuplicateCallback); - - // Process is gone, so remove the old entry - CCallbackMgr::Instance().mEventCallbacks.erase(ix); -#else - // On Mac OS X this list is per process so this is always a duplicate - MacOSError::throwMe(errKCDuplicateCallback); -#endif - } - - CCallbackMgr::Instance().mEventCallbacks.push_back(info); -} -#endif - class Predicate { - SecKeychainCallbackProcPtr mCallbackFunction; + SecKeychainCallback mCallbackFunction; public: - Predicate(SecKeychainCallbackProcPtr inCallbackFunction) : mCallbackFunction(inCallbackFunction) {} + Predicate(SecKeychainCallback inCallbackFunction) : mCallbackFunction(inCallbackFunction) {} bool operator()(const CallbackInfo &cbInfo) { return cbInfo.mCallback == mCallbackFunction; } }; -void CCallbackMgr::RemoveCallback(SecKeychainCallbackProcPtr inCallbackFunction) +void CCallbackMgr::RemoveCallback(SecKeychainCallback inCallbackFunction) { size_t oldSize = CCallbackMgr::Instance().mEventCallbacks.size(); Predicate predicate(inCallbackFunction); @@ -175,60 +129,10 @@ void CCallbackMgr::RemoveCallback(SecKeychainCallbackProcPtr inCallbackFunction) MacOSError::throwMe(errSecInvalidCallback); } -#if 0 -void CCallbackMgr::RemoveCallbackUPP(KCCallbackUPP inCallbackFunction) -{ - size_t oldSize = CCallbackMgr::Instance().mEventCallbacks.size(); - Predicate predicate(reinterpret_cast(inCallbackFunction)); - CCallbackMgr::Instance().mEventCallbacks.remove_if(predicate); - - if (oldSize == CCallbackMgr::Instance().mEventCallbacks.size()) - MacOSError::throwMe(errKCInvalidCallback); -} -#endif - -bool CCallbackMgr::ThisProcessUsesSystemEvtCallback() -{ - const SecKeychainEventMask theMask = 1 << kSecSystemEvent; - - - for ( CallbackInfoListIterator ix = CCallbackMgr::Instance().mEventCallbacks.begin(); - ix!=CCallbackMgr::Instance().mEventCallbacks.end(); ++ix ) - { - if ( ix->mEventMask & theMask) - return true; - } - return false; -} - -//%%% jch move this function to SecurityHI -bool CCallbackMgr::ThisProcessCanDisplayUI() -{ - return true; -} - -#if 0 -void CCallbackMgr::Idle() -{ - static unsigned long lastTickCount = 0; - unsigned long tickCount = ::TickCount( ); - - if (tickCount > lastTickCount+kTicksBetweenIdleEvents) - { - lastTickCount = tickCount; - } -} -#endif - -void CCallbackMgr::AlertClients(SecKeychainEvent inEvent, bool inOKToAllocateMemory) -{ - AlertClients(inEvent, Keychain(), Item(), inOKToAllocateMemory); -} - void CCallbackMgr::AlertClients(SecKeychainEvent inEvent, + pid_t inPid, const Keychain &inKeychain, - const Item &inItem, - bool inOKToAllocateMemory) + const Item &inItem) { // Deal with events that we care about ourselves first. if (inEvent == kSecDefaultChangedEvent) @@ -247,20 +151,11 @@ void CCallbackMgr::AlertClients(SecKeychainEvent inEvent, SecKeychainCallbackInfo cbInfo; cbInfo.version = 0; // @@@ kKeychainAPIVersion; - cbInfo.item = inItem ? ItemRef::handle(inItem) : 0; - cbInfo.keychain = inKeychain ? KeychainRef::handle(inKeychain) : 0; - -#if 0 - //%%%cpm- need to change keychaincore.i so we don't to the reinterpret_cast - // we need a carbon-version of the callbackmgr to register for events - // and call the "C" real callback mgr (use the ix->mCallback when this is ready) - - // until then, we rely on CarbonCore for the UPP stuff - InvokeKCCallbackUPP(inEvent,reinterpret_cast(&cbInfo),ix->mContext, - reinterpret_cast(ix->mCallback)); -#else - ix->mCallback(inEvent,&cbInfo,ix->mContext); -#endif + cbInfo.item = inItem ? gTypes().item.handle(*inItem) : 0; + cbInfo.keychain = inKeychain ? gTypes().keychain.handle(*inKeychain) : 0; + cbInfo.pid = inPid; + + ix->mCallback(inEvent, &cbInfo, ix->mContext); } } @@ -289,6 +184,14 @@ void CCallbackMgr::Event(CFNotificationCenterRef center, thisEvent = sint32( event ); + CFNumberRef pid = reinterpret_cast + (CFDictionaryGetValue(userInfo, kSecEventPidKey)); + pid_t thisPid; + if (!pid || !CFNumberGetValue(pid, kCFNumberSInt32Type, &thisPid)) + { + thisPid = 0; + } + CFDictionaryRef kc = reinterpret_cast (CFDictionaryGetValue(userInfo, kSecEventKeychainKey)); Keychain thisKeychain; @@ -309,5 +212,5 @@ void CCallbackMgr::Event(CFNotificationCenterRef center, } // Notify our process of this event. - CCallbackMgr::AlertClients(thisEvent, thisKeychain, thisItem); + CCallbackMgr::AlertClients(thisEvent, thisPid, thisKeychain, thisItem); } diff --git a/Keychain/CCallbackMgr.h b/Keychain/CCallbackMgr.h index 9f04f947..401dc351 100644 --- a/Keychain/CCallbackMgr.h +++ b/Keychain/CCallbackMgr.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 1998-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -17,24 +17,12 @@ /* - File: CCallbackMgr.h - - Contains: Code that communicates with processes that install a callback - with the Keychain Manager to receive keychain events. - - Written by: Sari Harrison, Craig Mortensen - - Copyright: © 1998-2000 by Apple Computer, Inc., all rights reserved. - - Change History (most recent first): - - To Do: -*/ - -#ifndef __CCALLBACKMGR__ -#define __CCALLBACKMGR__ + * CCallbackMgr.h -- Code that communicates with processes that install a callback + * with the Keychain Manager to receive keychain events. + */ +#ifndef _SECURITY_CCALLBACKMGR_H_ +#define _SECURITY_CCALLBACKMGR_H_ -#include #include #include #include @@ -54,14 +42,14 @@ class CallbackInfo public: ~CallbackInfo(); CallbackInfo(); - CallbackInfo(SecKeychainCallbackProcPtr inCallbackFunction,SecKeychainEventMask inEventMask,void *inContext); + CallbackInfo(SecKeychainCallback inCallbackFunction,SecKeychainEventMask inEventMask,void *inContext); bool operator ==(const CallbackInfo& other) const; bool operator !=(const CallbackInfo& other) const; - SecKeychainCallbackProcPtr mCallback; - SecKeychainEventMask mEventMask; - void *mContext; + SecKeychainCallback mCallback; + SecKeychainEventMask mEventMask; + void *mContext; }; // typedefs @@ -71,10 +59,6 @@ typedef CallbackInfo const *ConstCallbackInfoPtr; typedef list::iterator CallbackInfoListIterator; typedef list::const_iterator ConstCallbackInfoListIterator; -#ifdef _CPP_CCALLBACKMGR -# pragma export on -#endif - class CCallbackMgr : Observer { @@ -85,20 +69,14 @@ public: static CCallbackMgr& Instance(); - static void AddCallback( SecKeychainCallbackProcPtr inCallbackFunction, SecKeychainEventMask inEventMask, void* inContext); + static void AddCallback( SecKeychainCallback inCallbackFunction, SecKeychainEventMask inEventMask, void* inContext); //static void AddCallbackUPP(KCCallbackUPP inCallbackFunction, KCEventMask inEventMask, void* inContext); - static void RemoveCallback( SecKeychainCallbackProcPtr inCallbackFunction ); + static void RemoveCallback( SecKeychainCallback inCallbackFunction ); //static void RemoveCallbackUPP(KCCallbackUPP inCallbackFunction); - static bool HasCallbacks() { return CCallbackMgr::Instance().mEventCallbacks.size() > 0; }; - static bool ThisProcessUsesSystemEvtCallback(); - static bool ThisProcessCanDisplayUI(); + static bool HasCallbacks() + { return CCallbackMgr::Instance().mEventCallbacks.size() > 0; }; - static void AlertClients( SecKeychainEvent inEvent, bool inOKToAllocateMemory); -#if 0 - static void Idle(); -#endif - private: virtual void Event ( CFNotificationCenterRef center, @@ -106,8 +84,8 @@ private: const void* object, CFDictionaryRef userInfo ); - static void AlertClients( SecKeychainEvent inEvent, const Keychain& inKeychain, - const Item &inItem, bool inOKToAllocateMemory = true); + static void AlertClients( SecKeychainEvent inEvent, pid_t inPid, + const Keychain& inKeychain, const Item &inItem); list mEventCallbacks; static CCallbackMgr* mCCallbackMgr; @@ -117,4 +95,4 @@ private: } // end namespace Security -#endif // __CCALLBACKMGR__ +#endif // !_SECURITY_CCALLBACKMGR_H_ diff --git a/Keychain/Certificate.cpp b/Keychain/Certificate.cpp new file mode 100644 index 00000000..4cdbff24 --- /dev/null +++ b/Keychain/Certificate.cpp @@ -0,0 +1,458 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// Certificate.cpp +// +#include +#include +#include +#include +#include + +using namespace KeychainCore; + +CL +Certificate::clForType(CSSM_CERT_TYPE type) +{ + return CL(gGuidAppleX509CL); +} + +Certificate::Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding) : + ItemImpl(CSSM_DL_DB_RECORD_X509_CERTIFICATE, reinterpret_cast(NULL), UInt32(data.Length), reinterpret_cast(data.Data)), + mHaveTypeAndEncoding(true), + mType(type), + mEncoding(encoding), + mCL(clForType(type)), + mCertHandle(0) +{ +} + +// db item contstructor +Certificate::Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId) : + ItemImpl(keychain, primaryKey, uniqueId), + mHaveTypeAndEncoding(false), + mCL(NULL), + mCertHandle(0) +{ +} + +// PrimaryKey item contstructor +Certificate::Certificate(const Keychain &keychain, const PrimaryKey &primaryKey) : + ItemImpl(keychain, primaryKey), + mHaveTypeAndEncoding(false), + mCL(NULL), + mCertHandle(0) +{ + // @@@ In this case we don't know the type... +} + +Certificate::Certificate(Certificate &certificate) : + ItemImpl(certificate), + mHaveTypeAndEncoding(certificate.mHaveTypeAndEncoding), + mType(certificate.mType), + mEncoding(certificate.mEncoding), + mCL(certificate.mCL), + mCertHandle(0) +{ +} + +Certificate::~Certificate() +{ + if (mCertHandle) + CSSM_CL_CertAbortCache(mCL->handle(), mCertHandle); +} + +CSSM_HANDLE +Certificate::certHandle() +{ + const CSSM_DATA *cert = &data(); + if (!mCertHandle) + { + if (CSSM_RETURN retval = CSSM_CL_CertCache(mCL->handle(), cert, &mCertHandle)) + CssmError::throwMe(retval); + } + + return mCertHandle; +} + +/* Return a zero terminated list of CSSM_DATA_PTR's with the values of the field specified by field. Caller must call releaseFieldValues to free the storage allocated by this call. */ +CSSM_DATA_PTR * +Certificate::copyFieldValues(const CSSM_OID &field) +{ + CSSM_CL_HANDLE clHandle = mCL->handle(); + CSSM_DATA_PTR fieldValue, *fieldValues; + CSSM_HANDLE resultsHandle = 0; + uint32 numberOfFields = 0; + CSSM_RETURN result; + + result = CSSM_CL_CertGetFirstCachedFieldValue(clHandle, certHandle(), &field, &resultsHandle, &numberOfFields, &fieldValue); + if (result) + { + if (result == CSSMERR_CL_NO_FIELD_VALUES) + return NULL; + + CssmError::throwMe(result); + } + + fieldValues = new CSSM_DATA_PTR[numberOfFields + 1]; + fieldValues[0] = fieldValue; + fieldValues[numberOfFields] = NULL; + + for (uint32 value = 1; value < numberOfFields; ++value) + { + CSSM_RETURN cresult = CSSM_CL_CertGetNextCachedFieldValue(clHandle, resultsHandle, &fieldValues[value]); + if (cresult) + { + fieldValues[value] = NULL; + result = cresult; + break; // No point in continuing really. + } + } + + if (result) + { + releaseFieldValues(field, fieldValues); + CssmError::throwMe(result); + } + + return fieldValues; +} + +void +Certificate::releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues) +{ + if (fieldValues) + { + CSSM_CL_HANDLE clHandle = mCL->handle(); + + for (int ix = 0; fieldValues[ix]; ++ix) + CSSM_CL_FreeFieldValue(clHandle, &field, fieldValues[ix]); + + delete[] fieldValues; + } +} + +void +Certificate::addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field) +{ + CSSM_DATA_PTR *fieldValues = copyFieldValues(field); + if (fieldValues) + { + CssmDbAttributeData &anAttr = mDbAttributes->add(info); + for (int ix = 0; fieldValues[ix]; ++ix) + anAttr.add(*fieldValues[ix], *mDbAttributes); + + releaseFieldValues(field, fieldValues); + } +} + +/* Return a CSSM_DATA_PTR with the value of the first field specified by field. Caller must call releaseFieldValue to free the storage allocated by this call. */ +CSSM_DATA_PTR +Certificate::copyFirstFieldValue(const CSSM_OID &field) +{ + CSSM_CL_HANDLE clHandle = mCL->handle(); + CSSM_DATA_PTR fieldValue; + CSSM_HANDLE resultsHandle = 0; + uint32 numberOfFields = 0; + CSSM_RETURN result; + + result = CSSM_CL_CertGetFirstCachedFieldValue(clHandle, certHandle(), &field, &resultsHandle, &numberOfFields, &fieldValue); + if (result) + { + if (result == CSSMERR_CL_NO_FIELD_VALUES) + return NULL; + + CssmError::throwMe(result); + } + + result = CSSM_CL_CertAbortQuery(clHandle, resultsHandle); + + if (result) + { + releaseFieldValue(field, fieldValue); + CssmError::throwMe(result); + } + + return fieldValue; +} + +void +Certificate::releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue) +{ + if (fieldValue) + { + CSSM_CL_HANDLE clHandle = mCL->handle(); + CSSM_CL_FreeFieldValue(clHandle, &field, fieldValue); + } +} + + + +/* + This method computes the keyIdentifier for the public key in the cert as + described below: + + The keyIdentifier is composed of the 160-bit SHA-1 hash of the + value of the BIT STRING subjectPublicKey (excluding the tag, + length, and number of unused bits). +*/ +void +Certificate::publicKeyHash(CssmData &digestData) +{ +#if 0 + CSSM_DATA_PTR *keysPtr = copyFieldValues(CSSMOID_X509V1SubjectPublicKey); + + if (keysPtr && keysPtr[0]) + { + CssmData &key = CssmData::overlay(*keysPtr[0]); + CssmClient::CSP csp(gGuidAppleCSP); + CssmClient::Digest digest(csp, CSSM_ALGID_SHA1); + digest.digest(key, digestData); + } + + releaseFieldValues(CSSMOID_X509V1SubjectPublicKey, keysPtr); +#else + CSSM_DATA_PTR keyPtr = copyFirstFieldValue(CSSMOID_CSSMKeyStruct); + if (keyPtr && keyPtr->Data) + { + CssmClient::CSP csp(gGuidAppleCSP); + CssmClient::PassThrough passThrough(csp); + CSSM_KEY *key = reinterpret_cast(keyPtr->Data); + void *outData; + CssmData *cssmData; + + /* Given a CSSM_KEY_PTR in any format, obtain the SSHA-1 hash of the + * associated key blob. + * Key is specified in CSSM_CSP_CreatePassThroughContext. + * Hash is allocated bythe CSP, in the App's memory, and returned + * in *outData. */ + passThrough.key(key); + passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData); + cssmData = reinterpret_cast(outData); + assert(cssmData->Length <= digestData.Length); + digestData.Length = cssmData->Length; + memcpy(digestData.Data, cssmData->Data, cssmData->Length); + csp.allocator().free(cssmData->Data); + csp.allocator().free(cssmData); + } + + releaseFieldValue(CSSMOID_CSSMKeyStruct, keyPtr); +#endif +} + +void +Certificate::addLabel() +{ + // Set label attribute for this certificate, based on the X509 subject name. + const CSSM_OID &fieldOid = CSSMOID_X509V1SubjectNameCStruct; + CSSM_DATA_PTR fieldValue = copyFirstFieldValue(fieldOid); + if (fieldValue && fieldValue->Data) + { + CSSM_X509_NAME_PTR x509Name = (CSSM_X509_NAME_PTR)fieldValue->Data; + CSSM_X509_TYPE_VALUE_PAIR *ptvp=0; + CSSM_X509_RDN_PTR rdnp; + unsigned int rdnDex, pairDex; + + // iterate through all RDN pairs; ptvp points to last entry when done + if (x509Name->numberOfRDNs) { + rdnp = &x509Name->RelativeDistinguishedName[x509Name->numberOfRDNs-1]; + if (rdnp->numberOfPairs) + ptvp = &rdnp->AttributeTypeAndValue[rdnp->numberOfPairs-1]; + } + if (ptvp) + { + CSSM_BER_TAG btag = ptvp->valueType; + if (btag==BER_TAG_PRINTABLE_STRING || btag==BER_TAG_IA5_STRING || + btag==BER_TAG_T61_STRING || btag==BER_TAG_PKIX_UTF8_STRING) + { + mDbAttributes->add(Schema::attributeInfo(kSecLabelItemAttr), ptvp->value); + } + } + releaseFieldValue(fieldOid, fieldValue); + } +} + +void +Certificate::populateAttributes() +{ + addParsedAttribute(Schema::attributeInfo(kSecSubjectItemAttr), CSSMOID_X509V1SubjectName); + addParsedAttribute(Schema::attributeInfo(kSecIssuerItemAttr), CSSMOID_X509V1IssuerName); + addParsedAttribute(Schema::attributeInfo(kSecSerialNumberItemAttr), CSSMOID_X509V1SerialNumber); + + addParsedAttribute(Schema::attributeInfo(kSecSubjectKeyIdentifierItemAttr), CSSMOID_SubjectKeyIdentifier); + + if(!mHaveTypeAndEncoding) + MacOSError::throwMe(errSecDataNotAvailable); // @@@ Or some other error. + + // Adjust mType based on the actual version of the cert. + CSSM_DATA_PTR versionPtr = copyFirstFieldValue(CSSMOID_X509V1Version); + if (versionPtr && versionPtr->Data && versionPtr->Length == sizeof(uint32)) + { + mType = CSSM_CERT_X_509v1 + (*reinterpret_cast(versionPtr->Data)); + } + else + mType = CSSM_CERT_X_509v1; + + releaseFieldValue(CSSMOID_X509V1Version, versionPtr); + + mDbAttributes->add(Schema::attributeInfo(kSecCertTypeItemAttr), mType); + mDbAttributes->add(Schema::attributeInfo(kSecCertEncodingItemAttr), mEncoding); + + uint8 digestBytes[20]; + CssmData digestData(digestBytes, 20); + publicKeyHash(digestData); + + mDbAttributes->add(Schema::attributeInfo(kSecPublicKeyHashItemAttr), digestData); + addLabel(); +} + +const CssmData & +Certificate::data() +{ + CssmDataContainer *data = mData.get(); + if (!data && mKeychain) + { + // Make sure mUniqueId is set. + dbUniqueRecord(); + data = new CssmDataContainer(); + mData.reset(data); + mUniqueId->get(NULL, data); + } + + // If the data hasn't been set we can't return it. + if (!data) + MacOSError::throwMe(errSecDataNotAvailable); + + return *data; +} + +CSSM_CERT_TYPE +Certificate::type() +{ + if (!mHaveTypeAndEncoding) + { + SecKeychainAttribute attr; + attr.tag = kSecCertTypeItemAttr; + attr.data = &mType; + attr.length = sizeof(mType); + getAttribute(attr, NULL); + } + + return mType; +} + +CSSM_CERT_ENCODING +Certificate::encoding() +{ + if (!mHaveTypeAndEncoding) + { + SecKeychainAttribute attr; + attr.tag = kSecCertEncodingItemAttr; + attr.data = &mEncoding; + attr.length = sizeof(mEncoding); + getAttribute(attr, NULL); + } + + return mEncoding; +} + +void +Certificate::getSubject(CSSM_X509_NAME &outSubject) +{ +} + +void +Certificate::getIssuer(CSSM_X509_NAME &outName) +{ +} + +CSSM_CL_HANDLE +Certificate::clHandle() +{ + if (!mCL) + mCL = clForType(type()); + + return mCL->handle(); +} + +bool +Certificate::operator < (Certificate &other) +{ + return data() < other.data(); +} + +bool +Certificate::operator == (Certificate &other) +{ + return data() == other.data(); +} + +void +Certificate::update() +{ + ItemImpl::update(); +} + +Item +Certificate::copyTo(const Keychain &keychain) +{ + return ItemImpl::copyTo(keychain); +} + +void +Certificate::didModify() +{ +} + +PrimaryKey +Certificate::add(Keychain &keychain) +{ + // If we already have a Keychain we can't be added. + if (mKeychain) + MacOSError::throwMe(errSecDuplicateItem); + + populateAttributes(); + + CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType(); + + Db db(keychain->database()); + // add the item to the (regular) db + try + { + mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); + } + catch (const CssmError &e) + { + if (e.cssmError() != CSSMERR_DL_INVALID_RECORDTYPE) + throw; + + // Create the cert relation and try again. + db->createRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE, "CSSM_DL_DB_RECORD_X509_CERTIFICATE", + Schema::X509CertificateSchemaAttributeCount, + Schema::X509CertificateSchemaAttributeList, + Schema::X509CertificateSchemaIndexCount, + Schema::X509CertificateSchemaIndexList); + + mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); + } + + mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId); + mKeychain = keychain; + + return mPrimaryKey; +} diff --git a/Keychain/Certificate.h b/Keychain/Certificate.h new file mode 100644 index 00000000..99ec2d40 --- /dev/null +++ b/Keychain/Certificate.h @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// Certificate.h - Certificate objects +// +#ifndef _SECURITY_CERTIFICATE_H_ +#define _SECURITY_CERTIFICATE_H_ + +#include + +// @@@ This should not be here. +#include +#include +namespace Security +{ + +namespace KeychainCore +{ + +class Certificate : public ItemImpl +{ + NOCOPY(Certificate) +public: + static CL clForType(CSSM_CERT_TYPE type); + + // new item constructor + Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding); + + // db item contstructor + Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId); + + // PrimaryKey item contstructor + Certificate(const Keychain &keychain, const PrimaryKey &primaryKey); + + Certificate(Certificate &certificate); + virtual ~Certificate(); + + virtual void update(); + virtual Item copyTo(const Keychain &keychain); + virtual void didModify(); // Forget any attributes and data we just wrote to the db + + const CssmData &data(); + CSSM_CERT_TYPE type(); + CSSM_CERT_ENCODING encoding(); + void getSubject(CSSM_X509_NAME &outSubject); + void getIssuer(CSSM_X509_NAME &outName); + CSSM_CL_HANDLE clHandle(); + + bool operator < (Certificate &other); + bool operator == (Certificate &other); + +protected: + virtual PrimaryKey add(Keychain &keychain); + CSSM_HANDLE certHandle(); + + CSSM_DATA_PTR *copyFieldValues(const CSSM_OID &field); + void releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues); + + void addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field); + + CSSM_DATA_PTR copyFirstFieldValue(const CSSM_OID &field); + void releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue); + + void publicKeyHash(CssmData &digestData); + void addLabel(); + void populateAttributes(); + +private: + bool mHaveTypeAndEncoding; + CSSM_CERT_TYPE mType; + CSSM_CERT_ENCODING mEncoding; + CssmClient::CL mCL; + CSSM_HANDLE mCertHandle; +}; + +} // end namespace KeychainCore + +} // end namespace Security + +#endif // !_SECURITY_CERTIFICATE_H_ diff --git a/SecurityServer/MacYarrow/YarrowServer/prefixDebug.h b/Keychain/CertificateRequest.cpp similarity index 75% rename from SecurityServer/MacYarrow/YarrowServer/prefixDebug.h rename to Keychain/CertificateRequest.cpp index 94ee21be..01815b18 100644 --- a/SecurityServer/MacYarrow/YarrowServer/prefixDebug.h +++ b/Keychain/CertificateRequest.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,5 +15,17 @@ * specific language governing rights and limitations under the License. */ +// +// CertificateRequest.cpp +// +#include -#define DEBUG 1 +using namespace KeychainCore; + +CertificateRequest::CertificateRequest(int a) +{ +} + +CertificateRequest::~CertificateRequest() +{ +} diff --git a/Keychain/CertificateRequest.h b/Keychain/CertificateRequest.h new file mode 100644 index 00000000..5cec874c --- /dev/null +++ b/Keychain/CertificateRequest.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// CertificateRequest.h +// +#ifndef _SECURITY_CERTIFICATEREQUEST_H_ +#define _SECURITY_CERTIFICATEREQUEST_H_ + +#include + +namespace Security +{ + +namespace KeychainCore +{ + +class CertificateRequest : public SecCFObject +{ + NOCOPY(CertificateRequest) +public: + CertificateRequest(int a); + virtual ~CertificateRequest(); + +private: +}; + +} // end namespace KeychainCore + +} // end namespace Security + +#endif // !_SECURITY_CERTIFICATEREQUEST_H_ diff --git a/Keychain/Certificates.cpp b/Keychain/Certificates.cpp new file mode 100644 index 00000000..f8f60fff --- /dev/null +++ b/Keychain/Certificates.cpp @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: Certificates.cpp + + Contains: Working with Certificates + + Copyright: 2002 by Apple Computer, Inc., all rights reserved. + + To Do: +*/ + +#include +#include //%%%should be included in Certificates.h + +using namespace KeychainCore; + +void CertificateImpl::CertificateImplCommonInit(CSSM_CERT_TYPE type) +{ + mType = type; + mCLReference = NULL; + // + // Create a CL reference for this certificate type. + // %%%find us the 1st CL reference we can find for this cert type (this can change) + // + CertLibCursorImpl* cursor = NULL; + cursor = new CertLibCursorImpl(type); + if (!cursor) + MacOSError::throwMe(errSecItemNotFound/*%%%*/); + + CertLib certLib;//%%%allocated on the stack?! + if (!cursor->next(certLib)) + { + delete cursor; + MacOSError::throwMe(errSecItemNotFound/*%%%*/); + } + delete cursor; + + mCLReference = CertLibRef::handle(certLib); // 'tis a SecCertificateLibraryRef +} + +CertificateImpl::CertificateImpl(const CSSM_DATA* data, CSSM_CERT_TYPE type): + mItem(NULL) +{ + CertificateImplCommonInit(type); + (void*)mData.Data = malloc(data->Length); + memcpy(mData.Data, data->Data, data->Length); + mData.Length = data->Length; +} + +CertificateImpl::CertificateImpl(SecKeychainItemRef item, CSSM_CERT_TYPE type) +{ + CertificateImplCommonInit(type); + mItem = item; + SecRetain(item); + mData.Data = NULL; + mData.Length = 0; +} + +CertificateImpl::~CertificateImpl() +{ + if (mData.Data) + { + if (mItem) + SecKeychainItemFreeContent(NULL, mData.Data); // free if copied via SecKeychainItemCopyContent. + else + free(mData.Data); // free if copied from the caller when cert ref was created. + } + if (mItem) + SecRelease(mItem); + + if (mCLReference) + SecRelease(mCLReference); +} + +CSSM_DATA* CertificateImpl::getData() +{ + if (mItem) + { + if (mData.Data) + SecKeychainItemFreeContent(NULL, mData.Data); + + OSStatus result = SecKeychainItemCopyContent(mItem, NULL, NULL, &mData.Length, (void**)&(mData.Data)); + if (result) + MacOSError::throwMe(result); + } // otherwise, return the data originally specified when the cert ref was created. + return &mData; +} + +CSSM_X509_NAME* CertificateImpl::getSubject() +{ + return NULL;//%%%use mCLReference to get subject +} + +CSSM_X509_NAME* CertificateImpl::getIssuer() +{ + return NULL;//%%%use mCLReference to get issuer +} diff --git a/Keychain/DLDBListCFPref.h b/Keychain/DLDBListCFPref.h index a4c6be96..ba74d7a8 100644 --- a/Keychain/DLDBListCFPref.h +++ b/Keychain/DLDBListCFPref.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -17,12 +17,12 @@ /* - DLDBListCFPref.h -*/ - -#ifndef __DLDBLISTCFPREF_H_ -#define __DLDBLISTCFPREF_H_ + * DLDBListCFPref.h + */ +#ifndef _SECURITY_DLDBLISTCFPREF_H_ +#define _SECURITY_DLDBLISTCFPREF_H_ +#include #include #include #include @@ -146,4 +146,4 @@ private: } // end namespace Security -#endif /* __DLDBLISTCFPREF_H_ */ +#endif /* !_SECURITY_DLDBLISTCFPREF_H_ */ diff --git a/Keychain/DefaultKeychain.h b/Keychain/DefaultKeychain.h index 463f56c1..8dad503a 100644 --- a/Keychain/DefaultKeychain.h +++ b/Keychain/DefaultKeychain.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,21 +15,11 @@ * specific language governing rights and limitations under the License. */ - -/* - File: DefaultKeychain.h - - Contains: User preference for default keychain - - Written by: John Hurley - - Copyright: 2000 by Apple Computer, Inc., all rights reserved. - - To Do: -*/ - -#ifndef _H_KEYCHAINCORE_DEFAULTKEYCHAIN__ -#define _H_KEYCHAINCORE_DEFAULTKEYCHAIN__ +// +// DefaultKeychain.h - Default Keychain singleton +// +#ifndef _SECURITY_DEFAULTKEYCHAIN_H_ +#define _SECURITY_DEFAULTKEYCHAIN_H_ #include #include @@ -81,8 +71,8 @@ private: DLDbIdentifier defaultID; }; -}; // end namespace KeychainCore +} // end namespace KeychainCore } // end namespace Security -#endif /* _H_KEYCHAINCORE_DEFAULTKEYCHAIN__ */ +#endif // !_SECURITY_DEFAULTKEYCHAIN_H_ diff --git a/Keychain/Globals.cpp b/Keychain/Globals.cpp index 40bd1f12..e2b646b3 100644 --- a/Keychain/Globals.cpp +++ b/Keychain/Globals.cpp @@ -40,11 +40,11 @@ ModuleNexus KeychainCore::globals; #pragma mark ÑÑÑÑ Constructor/Destructor ÑÑÑÑ Globals::Globals() : -mUI(true), mACLFactory(CssmAllocator::standard()) +mUI(true) { } const AccessCredentials * Globals::credentials() { - return (mUI ? mACLFactory.keychainPromptCredentials() : mACLFactory.nullCredentials()); + return (mUI ? mACLFactory.promptCred() : mACLFactory.nullCred()); } diff --git a/Keychain/Globals.h b/Keychain/Globals.h index f17ed83b..7ebc9651 100644 --- a/Keychain/Globals.h +++ b/Keychain/Globals.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,28 +15,18 @@ * specific language governing rights and limitations under the License. */ - -/* - File: Globals.h - - Contains: Private "globals" and interfaces for KeychainCore - - Copyright: 2000 by Apple Computer, Inc., all rights reserved. - - To Do: - - Notes: Many functions moved from CKeychainMgr.h -*/ - -#ifndef _H_GLOBALS_KEYCHAINCORE -#define _H_GLOBALS_KEYCHAINCORE +// +// DefaultKeychain.h - Private "globals" and interfaces for KeychainCore +// +#ifndef _SECURITY_GLOBALS_H_ +#define _SECURITY_GLOBALS_H_ #ifdef check #undef check #endif #include #include -#include +#include namespace Security @@ -61,7 +51,7 @@ private: // Other "globals" bool mUI; - CssmClient::KeychainAclFactory mACLFactory; + CssmClient::AclFactory mACLFactory; }; extern ModuleNexus globals; @@ -70,4 +60,4 @@ extern ModuleNexus globals; } // end namespace Security -#endif /* _H_GLOBALS_KEYCHAINCORE */ +#endif // !_SECURITY_GLOBALS_H_ diff --git a/Keychain/Identity.cpp b/Keychain/Identity.cpp new file mode 100644 index 00000000..1f5b1652 --- /dev/null +++ b/Keychain/Identity.cpp @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// Identity.cpp - Working with Identities +// +#include + +using namespace KeychainCore; + +Identity::Identity(const RefPointer &privateKey, + const RefPointer &certificate) : + mPrivateKey(privateKey), + mCertificate(certificate) +{ +} + +Identity::~Identity() +{ +} + +RefPointer +Identity::privateKey() const +{ + return mPrivateKey; +} + +RefPointer +Identity::certificate() const +{ + return mCertificate; +} diff --git a/SecurityServer/MacYarrow/testHarness/serverDaemon.cpp b/Keychain/Identity.h similarity index 51% rename from SecurityServer/MacYarrow/testHarness/serverDaemon.cpp rename to Keychain/Identity.h index 63072f11..8e1acdd6 100644 --- a/SecurityServer/MacYarrow/testHarness/serverDaemon.cpp +++ b/Keychain/Identity.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,41 +15,40 @@ * specific language governing rights and limitations under the License. */ - // -// simple daemon to run yarrow server +// Identity.h - Working with Identities // +#ifndef _SECURITY_IDENTITY_H_ +#define _SECURITY_IDENTITY_H_ + +#include +#include +#include -#include -#include -#include +namespace Security +{ + +namespace KeychainCore +{ -int main(int argc, char **argv) +class Identity : public SecCFObject { - char *entropyFilePath = NULL; - int arg; - - for(arg=1; argrunYarrow(); // forks off thread - printf("server running; hit q exit: "); - while(1) { - char c = getchar(); - if(c == 'q') { - break; - } - printf("...still running\n"); - } - return 0; -} \ No newline at end of file + NOCOPY(Identity) +public: + Identity(const RefPointer &privateKey, + const RefPointer &certificate); + virtual ~Identity(); + + RefPointer privateKey() const; + RefPointer certificate() const; + +private: + RefPointer mPrivateKey; + RefPointer mCertificate; +}; + +} // end namespace KeychainCore + +} // end namespace Security + +#endif // !_SECURITY_IDENTITY_H_ diff --git a/Keychain/IdentityCursor.cpp b/Keychain/IdentityCursor.cpp new file mode 100644 index 00000000..dbe5dde7 --- /dev/null +++ b/Keychain/IdentityCursor.cpp @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: IdentityCursor.cpp + + Contains: Working with IdentityCursor + + Copyright: 2002 by Apple Computer, Inc., all rights reserved. + + To Do: +*/ + +#include +#include +#include +#include +#include +#include + +// From AppleCSPDL +#include + +using namespace KeychainCore; + +IdentityCursor::IdentityCursor(const StorageManager::KeychainList &searchList, CSSM_KEYUSE keyUsage) : + mSearchList(searchList), + mKeyCursor(mSearchList, CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL) +{ + // If keyUsage is CSSM_KEYUSE_ANY then we need a key that can do everything + if (keyUsage & CSSM_KEYUSE_ANY) + keyUsage = CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT + | CSSM_KEYUSE_DERIVE | CSSM_KEYUSE_SIGN + | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_SIGN_RECOVER + | CSSM_KEYUSE_VERIFY_RECOVER | CSSM_KEYUSE_WRAP + | CSSM_KEYUSE_UNWRAP; + + if (keyUsage & CSSM_KEYUSE_ENCRYPT) + mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Encrypt, true); + if (keyUsage & CSSM_KEYUSE_DECRYPT) + mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Decrypt, true); + if (keyUsage & CSSM_KEYUSE_DERIVE) + mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Derive, true); + if (keyUsage & CSSM_KEYUSE_SIGN) + mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Sign, true); + if (keyUsage & CSSM_KEYUSE_VERIFY) + mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Verify, true); + if (keyUsage & CSSM_KEYUSE_SIGN_RECOVER) + mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::SignRecover, true); + if (keyUsage & CSSM_KEYUSE_VERIFY_RECOVER) + mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::VerifyRecover, true); + if (keyUsage & CSSM_KEYUSE_WRAP) + mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Wrap, true); + if (keyUsage & CSSM_KEYUSE_UNWRAP) + mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Unwrap, true); +} + +IdentityCursor::~IdentityCursor() +{ +} + +bool +IdentityCursor::next(RefPointer &identity) +{ + for (;;) + { + if (!mCertificateCursor) + { + Item key; + if (!mKeyCursor->next(key)) + return false; + + mCurrentKey = static_cast(key.get()); + + CssmClient::DbUniqueRecord uniqueId = mCurrentKey->dbUniqueRecord(); + CssmClient::DbAttributes dbAttributes(uniqueId->database(), 1); + dbAttributes.add(KeySchema::Label); + uniqueId->get(&dbAttributes, NULL); + const CssmData &keyHash = dbAttributes[0]; + + mCertificateCursor = KCCursor(mSearchList, CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL); + mCertificateCursor->add(CSSM_DB_EQUAL, Schema::kX509CertificatePublicKeyHash, keyHash); + } + + Item cert; + if (mCertificateCursor->next(cert)) + { + RefPointer certificate(static_cast(cert.get())); + identity = new Identity(mCurrentKey, certificate); + return true; + } + else + mCertificateCursor = KCCursor(); + } +} diff --git a/Keychain/IdentityCursor.h b/Keychain/IdentityCursor.h new file mode 100644 index 00000000..c025e165 --- /dev/null +++ b/Keychain/IdentityCursor.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// IdentityCursor.h - Working with IdentityCursors +// +#ifndef _SECURITY_IDENTITYCURSOR_H_ +#define _SECURITY_IDENTITYCURSOR_H_ + +#include +#include +#include +#include +#include + +namespace Security +{ + +namespace KeychainCore +{ + +class Identity; +class KeyItem; + +class IdentityCursor : public SecCFObject +{ + NOCOPY(IdentityCursor) +public: + IdentityCursor(const StorageManager::KeychainList &searchList, CSSM_KEYUSE keyUsage); + virtual ~IdentityCursor(); + bool next(RefPointer &identity); + +private: + StorageManager::KeychainList mSearchList; + KCCursor mKeyCursor; + KCCursor mCertificateCursor; + RefPointer mCurrentKey; +}; + +} // end namespace KeychainCore + +} // end namespace Security + +#endif // !_SECURITY_IDENTITYCURSOR_H_ diff --git a/Keychain/Item.cpp b/Keychain/Item.cpp index 8eb93849..7b98c95c 100644 --- a/Keychain/Item.cpp +++ b/Keychain/Item.cpp @@ -22,14 +22,18 @@ #include "Item.h" +#include "Certificate.h" +#include "KeyItem.h" + #include "Globals.h" #include "Schema.h" #include "KCEventNotifier.h" #include "cssmdatetime.h" #include -#include #include #include +#include +#include using namespace KeychainCore; using namespace CSSMDateTimeUtils; @@ -46,12 +50,9 @@ ItemImpl::ItemImpl(SecItemClass itemClass, OSType itemCreator, UInt32 length, co mData.reset(new CssmDataContainer(data, length)); mDbAttributes->recordType(Schema::recordTypeFor(itemClass)); - mDbAttributes->add(Schema::attributeInfo(kSecCreatorItemAttr), itemCreator); - SInt64 date; - GetCurrentMacLongDateTime(date); - setAttribute(Schema::attributeInfo(kSecCreationDateItemAttr), date); - setAttribute(Schema::attributeInfo(kSecModDateItemAttr), date); + if (itemCreator) + mDbAttributes->add(Schema::attributeInfo(kSecCreatorItemAttr), itemCreator); } ItemImpl::ItemImpl(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data) @@ -70,11 +71,6 @@ ItemImpl::ItemImpl(SecItemClass itemClass, SecKeychainAttributeList *attrList, U mDbAttributes->add(Schema::attributeInfo(attrList->attr[i].tag), CssmData(attrList->attr[i].data, attrList->attr[i].length)); } } - - SInt64 date; - GetCurrentMacLongDateTime(date); - setAttribute(Schema::attributeInfo(kSecCreationDateItemAttr), date); - setAttribute(Schema::attributeInfo(kSecModDateItemAttr), date); } // DbItemImpl constructor @@ -170,8 +166,10 @@ ItemImpl::defaultAttributeValue(const CSSM_DB_ATTRIBUTE_INFO &info) } } + + PrimaryKey -ItemImpl::add(const Keychain &keychain) +ItemImpl::add(Keychain &keychain) { // If we already have a Keychain we can't be added. if (mKeychain) @@ -183,11 +181,27 @@ ItemImpl::add(const Keychain &keychain) if (!mDbAttributes.get()) MacOSError::throwMe(errSecDuplicateItem); + CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType(); + + // update the creation and update dates on the new item + KeychainSchema schema = keychain->keychainSchema(); + SInt64 date; + GetCurrentMacLongDateTime(date); + if (schema->hasAttribute(recordType, kSecCreationDateItemAttr)) + { + setAttribute(schema->attributeInfoFor(recordType, kSecCreationDateItemAttr), date); + } + + if (schema->hasAttribute(recordType, kSecModDateItemAttr)) + { + setAttribute(schema->attributeInfoFor(recordType, kSecModDateItemAttr), date); + } + // If the label (PrintName) attribute isn't specified, set a default label. if (!mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr))) { CssmDbAttributeData *label = NULL; - switch (mDbAttributes->recordType()) + switch (recordType) { case CSSM_DL_DB_RECORD_GENERIC_PASSWORD: label = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr)); @@ -199,20 +213,21 @@ ItemImpl::add(const Keychain &keychain) // if AppleShare server name wasn't specified, try the server address if (!label) label = mDbAttributes->find(Schema::attributeInfo(kSecAddressItemAttr)); break; - + default: break; } // if all else fails, use the account name. - if (!label) label = mDbAttributes->find(Schema::attributeInfo(kSecAccountItemAttr)); + if (!label) + label = mDbAttributes->find(Schema::attributeInfo(kSecAccountItemAttr)); if (label && label->size()) - mDbAttributes->add(Schema::attributeInfo(kSecLabelItemAttr), label->at(0)); + setAttribute (Schema::attributeInfo(kSecLabelItemAttr), label->at(0)); } // get the attributes that are part of the primary key const CssmAutoDbRecordAttributeInfo &primaryKeyInfos = - keychain->primaryKeyInfosFor(recordType()); + keychain->primaryKeyInfosFor(recordType); // make sure each primary key element has a value in the item, otherwise // the database will complain. we make a set of the provided attribute infos @@ -222,115 +237,64 @@ ItemImpl::add(const Keychain &keychain) typedef set InfoSet; InfoSet infoSet; + // make a set of all the attributes in the key for (uint32 i = 0; i < attributes->size(); i++) infoSet.insert(attributes->at(i).Info); - for (uint32 i = 0; i < primaryKeyInfos.size(); i++) { + for (uint32 i = 0; i < primaryKeyInfos.size(); i++) { // check to make sure all required attributes are in the key InfoSet::const_iterator it = infoSet.find(primaryKeyInfos.at(i)); - if (it == infoSet.end()) { + if (it == infoSet.end()) { // not in the key? add the default // we need to add a default value to the item attributes - attributes->add(primaryKeyInfos.at(i), - defaultAttributeValue(primaryKeyInfos.at(i))); + attributes->add(primaryKeyInfos.at(i), defaultAttributeValue(primaryKeyInfos.at(i))); } } - + Db db(keychain->database()); - if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP) + if (useSecureStorage(db)) { // Add the item to the secure storage db SSDb ssDb(safe_cast(&(*db))); TrackingAllocator allocator(CssmAllocator::standard()); - // @@@ Share this instance - KeychainAclFactory aclFactory(allocator); - - AclEntryPrototype anyEncrypt(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY)); - AuthorizationGroup &anyEncryptAuthGroup = anyEncrypt.authorization(); - CSSM_ACL_AUTHORIZATION_TAG encryptTag = CSSM_ACL_AUTHORIZATION_ENCRYPT; - anyEncryptAuthGroup.NumberOfAuthTags = 1; - anyEncryptAuthGroup.AuthTags = &encryptTag; - - const AccessCredentials *nullCred = aclFactory.nullCredentials(); - - const ResourceControlContext credAndAclEntry - (anyEncrypt, const_cast(nullCred)); - - // Create a new SSGroup with owner = ANY, encrypt = ANY - SSGroup ssGroup(ssDb, &credAndAclEntry); - - // Now we edit the acl to look like we want it to. - - // Find the PrintName (which we want SecurityAgent to display when evaluating the ACL - CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr)); - CssmData noName; - CssmData &printName = data ? CssmData::overlay(data->Value[0]) : noName; - - // @@@ This code should use KeychainACL instead, but that class will need some changes. - // Defering integration with KeychainACL to Puma. - - // Figure out if we should special case this to have an anyAllow in this ACL or not. - // Currently only generic password items with sevicename "iTools" passwords are always anyAllow. - bool anyAllow = false; - if (mDbAttributes->recordType() == CSSM_DL_DB_RECORD_GENERIC_PASSWORD) - { - CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr)); - if (data && data->Value[0].Length == 6 && !memcmp("iTools", data->Value[0].Data, 6)) - anyAllow = true; - } - - CssmList &list = *new(allocator) CssmList(); - - // List is a threshold acl with 2 elements or 3 if anyAllow is true. - list.append(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_THRESHOLD)); - list.append(new(allocator) ListElement(1)); - list.append(new(allocator) ListElement(2 + anyAllow)); - - // If anyAllow is true start the threshold list with a any allow sublist. - if(anyAllow) - { - CssmList &anySublist = *new(allocator) CssmList(); - anySublist.append(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_ANY)); - list.append(new(allocator) ListElement(anySublist)); + + // hhs replaced with the new aclFactory class + AclFactory aclFactory; + const AccessCredentials *nullCred = aclFactory.nullCred(); + + RefPointer access = mAccess; + if (!access) { + // create default access controls for the new item + CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr)); + string printName = data ? CssmData::overlay(data->Value[0]).toString() : "keychain item"; + access = new Access(printName); + + // special case for "iTools" password - allow anyone to decrypt the item + if (recordType == CSSM_DL_DB_RECORD_GENERIC_PASSWORD) + { + CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr)); + if (data && data->Value[0].Length == 6 && !memcmp("iTools", data->Value[0].Data, 6)) + { + typedef vector > AclSet; + AclSet acls; + access->findAclsForRight(CSSM_ACL_AUTHORIZATION_DECRYPT, acls); + for (AclSet::const_iterator it = acls.begin(); it != acls.end(); it++) + (*it)->form(ACL::allowAllForm); + } + } } - - // Now add a sublist to trust the current application. - auto_ptr code(CodeSigning::OSXCode::main()); - const char *path = code->canonicalPath().c_str(); - CssmData comment(const_cast(path), strlen(path) + 1); - TrustedApplication app(path, comment); - CssmList &appSublist = *new(allocator) CssmList(); - appSublist.append(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE)); - appSublist.append(new(allocator) ListElement(CSSM_ACL_CODE_SIGNATURE_OSX)); - appSublist.append(new(allocator) ListElement(app->signature())); - appSublist.append(new(allocator) ListElement(app->comment())); - list.append(new(allocator) ListElement(appSublist)); - - // Finally add the keychain prompt sublist to the list so we default to asking - // the user for permission if all else fails. - CssmList &promptSublist = *new(allocator) CssmList(); - promptSublist.append(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT)); - promptSublist.append(new(allocator) ListElement(printName)); - list.append(new(allocator) ListElement(promptSublist)); - - // The acl prototype we want to add contains the list we just made. - AclEntryPrototype promptDecrypt(list); - - // Now make sure it only authorizes decrypt. - AuthorizationGroup &promptDecryptAuthGroup = promptDecrypt.authorization(); - CSSM_ACL_AUTHORIZATION_TAG decryptTag = CSSM_ACL_AUTHORIZATION_DECRYPT; - promptDecryptAuthGroup.NumberOfAuthTags = 1; - promptDecryptAuthGroup.AuthTags = &decryptTag; - - // Add an acl entry for decrypt we just made - AclEdit edit(promptDecrypt); - ssGroup->changeAcl(nullCred, edit); - + + // Create a new SSGroup with temporary access controls + Access::Maker maker; + ResourceControlContext prototype; + maker.initialOwner(prototype, nullCred); + SSGroup ssGroup(ssDb, &prototype); + try { // Insert the record using the newly created group. - mUniqueId = ssDb->insert(recordType(), mDbAttributes.get(), - mData.get(), ssGroup, nullCred); + mUniqueId = ssDb->insert(recordType, mDbAttributes.get(), + mData.get(), ssGroup, maker.cred()); } catch(...) { @@ -338,19 +302,17 @@ ItemImpl::add(const Keychain &keychain) throw; } - // Change the owner so change acl = KeychainPrompt - AclEntryPrototype promptOwner(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, - new(allocator) ListElement(allocator, printName))); - AclOwnerPrototype owner(promptOwner); - ssGroup->changeOwner(nullCred, owner); + // now finalize the access controls on the group + access->setAccess(*ssGroup, maker); + mAccess = NULL; // use them and lose them } else { // add the item to the (regular) db - mUniqueId = db->insert(recordType(), mDbAttributes.get(), mData.get()); + mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); } - mPrimaryKey = keychain->makePrimaryKey(recordType(), mUniqueId); + mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId); mKeychain = keychain; // Forget our data and attributes. @@ -361,9 +323,11 @@ ItemImpl::add(const Keychain &keychain) } Item -ItemImpl::copyTo(const Keychain &keychain) +ItemImpl::copyTo(const Keychain &keychain, Access *newAccess = NULL) { Item item(*this); + if (newAccess) + item->setAccess(newAccess); keychain->add(item); return item; } @@ -378,15 +342,21 @@ ItemImpl::update() if (!isModified()) return; - // Set the modification date on the item. - SInt64 date; - GetCurrentMacLongDateTime(date); - setAttribute(Schema::attributeInfo(kSecModDateItemAttr), date); + CSSM_DB_RECORDTYPE aRecordType = recordType(); + KeychainSchema schema = mKeychain->keychainSchema(); + + // Update the modification date on the item if there is a mod date attribute. + if (schema->hasAttribute(aRecordType, kSecModDateItemAttr)) + { + SInt64 date; + GetCurrentMacLongDateTime(date); + setAttribute(schema->attributeInfoFor(aRecordType, kSecModDateItemAttr), date); + } // Make sure that we have mUniqueId dbUniqueRecord(); Db db(mUniqueId->database()); - if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP) + if (useSecureStorage(db)) { // Add the item to the secure storage db SSDbUniqueRecord ssUniqueId(safe_cast @@ -397,7 +367,7 @@ ItemImpl::update() // Only call this is user interaction is enabled. - ssUniqueId->modify(recordType(), + ssUniqueId->modify(aRecordType, mDbAttributes.get(), mData.get(), CSSM_DB_MODIFY_ATTRIBUTE_REPLACE, @@ -405,14 +375,14 @@ ItemImpl::update() } else { - mUniqueId->modify(recordType(), + mUniqueId->modify(aRecordType, mDbAttributes.get(), mData.get(), CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); } PrimaryKey oldPK = mPrimaryKey; - mPrimaryKey = mKeychain->makePrimaryKey(recordType(), mUniqueId); + mPrimaryKey = mKeychain->makePrimaryKey(aRecordType, mUniqueId); // Forget our data and attributes. mData.reset(NULL); @@ -468,18 +438,20 @@ ItemImpl::setData(UInt32 length,const void *data) mData.reset(new CssmDataContainer(data, length)); } +void +ItemImpl::setAccess(Access *newAccess) +{ + mAccess = newAccess; +} + CssmClient::DbUniqueRecord ItemImpl::dbUniqueRecord() { if (!mUniqueId) { - assert(mKeychain && mPrimaryKey); - DbCursor cursor(mPrimaryKey->createCursor(mKeychain)); - if (!cursor->next(NULL, NULL, mUniqueId)) - { - killRef(); - MacOSError::throwMe(errSecInvalidItemRef); - } + DbCursor cursor(mPrimaryKey->createCursor(mKeychain)); + if (!cursor->next(NULL, NULL, mUniqueId)) + MacOSError::throwMe(errSecInvalidItemRef); } return mUniqueId; @@ -550,8 +522,7 @@ ItemImpl::setAttribute(const CssmDbAttributeInfo &info, const CssmPolyData &data } else if (length == sizeof(SInt64)) { - MacLongDateTimeToTimeString(*reinterpret_cast(buf), - 16, &timeString); + MacLongDateTimeToTimeString(*reinterpret_cast(buf), 16, &timeString); buf = &timeString; length = 16; } @@ -589,66 +560,95 @@ void ItemImpl::getContent(SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData) { - // If the data hasn't been set we can't return it. - if (!mKeychain && outData) - { - CssmData *data = mData.get(); - if (!data) - MacOSError::throwMe(errSecDataNotAvailable); - } - // TODO: need to check and make sure attrs are valid and handle error condition + // If the data hasn't been set we can't return it. + if (!mKeychain && outData) + { + CssmData *data = mData.get(); + if (!data) + MacOSError::throwMe(errSecDataNotAvailable); + } + // TODO: need to check and make sure attrs are valid and handle error condition - if(itemClass) - *itemClass = Schema::itemClassFor(recordType()); - - dbUniqueRecord(); + if(itemClass) + *itemClass = Schema::itemClassFor(recordType()); + + bool getDataFromDatabase = mKeychain && mPrimaryKey; + + if (getDataFromDatabase) // are we attached to a database? + + { + dbUniqueRecord(); + } + // get the number of attributes requested by the caller UInt32 attrCount = attrList ? attrList->count : 0; - DbAttributes dbAttributes(mUniqueId->database(), attrCount); - for (UInt32 ix = 0; ix < attrCount; ++ix) - dbAttributes.add(Schema::attributeInfo(attrList->attr[ix].tag)); - - CssmDataContainer itemData; - getContent(&dbAttributes, outData ? &itemData : NULL); - - if (outData) KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this); - - for (UInt32 ix = 0; ix < attrCount; ++ix) + + if (getDataFromDatabase) { - if (dbAttributes.at(ix).NumberOfValues > 0) + // make a DBAttributes structure and populate it + DbAttributes dbAttributes(mUniqueId->database(), attrCount); + for (UInt32 ix = 0; ix < attrCount; ++ix) { - attrList->attr[ix].data = dbAttributes.at(ix).Value[0].Data; - attrList->attr[ix].length = dbAttributes.at(ix).Value[0].Length; - - // We don't want the data released, it is up the client - dbAttributes.at(ix).Value[0].Data = NULL; - dbAttributes.at(ix).Value[0].Length = 0; + dbAttributes.add(Schema::attributeInfo(attrList->attr[ix].tag)); } - else + + // request the data from the database (since we are a reference "item" and the data is really stored there) + CssmDataContainer itemData; + if (getDataFromDatabase) { - attrList->attr[ix].data = NULL; - attrList->attr[ix].length = 0; + getContent(&dbAttributes, outData ? &itemData : NULL); + } + + // retrieve the data from result + for (UInt32 ix = 0; ix < attrCount; ++ix) + { + if (dbAttributes.at(ix).NumberOfValues > 0) + { + attrList->attr[ix].data = dbAttributes.at(ix).Value[0].Data; + attrList->attr[ix].length = dbAttributes.at(ix).Value[0].Length; + + // We don't want the data released, it is up the client + dbAttributes.at(ix).Value[0].Data = NULL; + dbAttributes.at(ix).Value[0].Length = 0; + } + else + { + attrList->attr[ix].data = NULL; + attrList->attr[ix].length = 0; + } } - } - if (outData) - { - *outData=itemData.data(); - itemData.Data=NULL; - - *length=itemData.length(); - itemData.Length=0; + // clean up + if (outData) + { + *outData=itemData.data(); + itemData.Data=NULL; + + *length=itemData.length(); + itemData.Length=0; + } + } + else if (attrList != NULL) + { + getLocalContent (*attrList); + *outData = NULL; + *length = 0; } - + + // inform anyone interested that we are doing this + if (outData) + { + KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this); + } } void ItemImpl::freeContent(SecKeychainAttributeList *attrList, void *data) { - CssmAllocator &allocator = CssmAllocator::standard(); // @@@ This might not match the one used originally - if (data) - allocator.free(data); + CssmAllocator &allocator = CssmAllocator::standard(); // @@@ This might not match the one used originally + if (data) + allocator.free(data); UInt32 attrCount = attrList ? attrList->count : 0; for (UInt32 ix = 0; ix < attrCount; ++ix) @@ -670,10 +670,11 @@ ItemImpl::modifyAttributesAndData(const SecKeychainAttributeList *attrList, UInt mDbAttributes->recordType(mPrimaryKey->recordType()); } + CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType(); UInt32 attrCount = attrList ? attrList->count : 0; for (UInt32 ix = 0; ix < attrCount; ix++) { - CssmDbAttributeInfo info=mKeychain->attributeInfoForTag(attrList->attr[ix].tag); + CssmDbAttributeInfo info=mKeychain->attributeInfoFor(recordType, attrList->attr[ix].tag); if (attrList->attr[ix].length || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_STRING || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_BLOB || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_STRING || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM @@ -929,7 +930,7 @@ ItemImpl::group() if (&*mUniqueId) { Db db(mKeychain->database()); - if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP) + if (useSecureStorage(db)) { group = safer_cast(*mUniqueId).group(); } @@ -938,22 +939,142 @@ ItemImpl::group() return group; } +void ItemImpl::getLocalContent(SecKeychainAttributeList &attributeList) +{ + CssmAllocator &allocator = CssmAllocator::standard(); // @@@ This might not match the one used originally + + // pull attributes out of a "floating" item, i.e. one that isn't attached to a database + unsigned int i; + for (i = 0; i < attributeList.count; ++i) + { + // get the size of the attribute + UInt32 actualLength; + SecKeychainAttribute attribute; + attribute.tag = attributeList.attr[i].tag; + attribute.length = 0; + attribute.data = NULL; + getAttribute (attribute, &actualLength); + + // if we didn't get the actual length, mark zeros. + if (actualLength == 0) + { + attributeList.attr[i].length = 0; + attributeList.attr[i].data = NULL; + } + else + { + // make room in the item data + attributeList.attr[i].length = actualLength; + attributeList.attr[i].data = allocator.malloc(actualLength); + getAttribute(attributeList.attr[i], &actualLength); + } + } +} + void ItemImpl::getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData) { // Make sure mUniqueId is set. - dbUniqueRecord(); - if (itemData) - { - Db db(mUniqueId->database()); - if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP) - { - SSDbUniqueRecord ssUniqueId(safe_cast(&(*mUniqueId))); - const AccessCredentials *autoPrompt = globals().credentials(); - ssUniqueId->get(dbAttributes, itemData, autoPrompt); - return; - } + dbUniqueRecord(); + if (itemData) + { + Db db(mUniqueId->database()); + if (useSecureStorage(db)) + { + SSDbUniqueRecord ssUniqueId(safe_cast(&(*mUniqueId))); + const AccessCredentials *autoPrompt = globals().credentials(); + ssUniqueId->get(dbAttributes, itemData, autoPrompt); + return; + } } mUniqueId->get(dbAttributes, itemData); } + +bool +ItemImpl::useSecureStorage(const Db &db) +{ + switch (recordType()) + { + case CSSM_DL_DB_RECORD_GENERIC_PASSWORD: + case CSSM_DL_DB_RECORD_INTERNET_PASSWORD: + case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD: + if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP) + return true; + break; + default: + break; + } + return false; +} + + +// +// Item -- This class is here to magically create the right subclass of ItemImpl +// when constructing new items. +// +Item::Item() +{ +} + +Item::Item(ItemImpl *impl) : RefPointer(impl) +{ +} + +Item::Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data) +{ + if (itemClass == CSSM_DL_DB_RECORD_X509_CERTIFICATE + || itemClass == CSSM_DL_DB_RECORD_PUBLIC_KEY + || itemClass == CSSM_DL_DB_RECORD_PRIVATE_KEY + || itemClass == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) + MacOSError::throwMe(errSecNoSuchClass); /* @@@ errSecInvalidClass */ + + *this = new ItemImpl(itemClass, itemCreator, length, data); +} + +Item::Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data) +{ + if (itemClass == CSSM_DL_DB_RECORD_X509_CERTIFICATE + || itemClass == CSSM_DL_DB_RECORD_PUBLIC_KEY + || itemClass == CSSM_DL_DB_RECORD_PRIVATE_KEY + || itemClass == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) + MacOSError::throwMe(errSecNoSuchClass); /* @@@ errSecInvalidClass */ + + *this = new ItemImpl(itemClass, attrList, length, data); +} + +Item::Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId) + : RefPointer( + primaryKey->recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE + ? new Certificate(keychain, primaryKey, uniqueId) + : (primaryKey->recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY + || primaryKey->recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY + || primaryKey->recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) + ? new KeyItem(keychain, primaryKey, uniqueId) + : new ItemImpl(keychain, primaryKey, uniqueId)) +{ +} + +Item::Item(const Keychain &keychain, const PrimaryKey &primaryKey) + : RefPointer( + primaryKey->recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE + ? new Certificate(keychain, primaryKey) + : (primaryKey->recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY + || primaryKey->recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY + || primaryKey->recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) + ? new KeyItem(keychain, primaryKey) + : new ItemImpl(keychain, primaryKey)) +{ +} + +Item::Item(ItemImpl &item) + : RefPointer( + item.recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE + ? new Certificate(safer_cast(item)) + : (item.recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY + || item.recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY + || item.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY) + ? new KeyItem(safer_cast(item)) + : new ItemImpl(item)) +{ +} diff --git a/Keychain/Item.h b/Keychain/Item.h index 6f6edcde..8c0e9c24 100644 --- a/Keychain/Item.h +++ b/Keychain/Item.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -19,12 +19,13 @@ // // Item.h // -#ifndef _H_DBITEM -#define _H_DBITEM +#ifndef _SECURITY_ITEM_H_ +#define _SECURITY_ITEM_H_ #include #include #include +#include namespace Security { @@ -33,13 +34,13 @@ using namespace CssmClient; namespace KeychainCore { -class Item; class Keychain; -class ItemImpl : public ReferencedObject +class ItemImpl : public SecCFObject { +public: friend class Item; - + friend class KeychainImpl; protected: // new item constructors ItemImpl(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data); @@ -59,23 +60,22 @@ protected: protected: // Methods called by KeychainImpl; - friend class KeychainImpl; // Add the receiver to keychain - PrimaryKey add(const Keychain &keychain); + virtual PrimaryKey add(Keychain &keychain); // Get the default value for an attribute static const CSSM_DATA &defaultAttributeValue(const CSSM_DB_ATTRIBUTE_INFO &info); public: - ~ItemImpl(); + virtual ~ItemImpl(); bool isPersistant() const; bool isModified() const; - void update(); + virtual void update(); // put a copy of the item into a given keychain - Item copyTo(const Keychain &keychain); + virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL); CSSM_DB_RECORDTYPE recordType() const; @@ -83,7 +83,7 @@ public: CssmClient::DbUniqueRecord dbUniqueRecord(); const CssmClient::DbAttributes *modifiedAttributes() const; const CssmData *modifiedData() const; - void didModify(); // Forget any attributes and data we just wrote to the db + virtual void didModify(); // Forget any attributes and data we just wrote to the db Keychain keychain() const; PrimaryKey primaryKey() const; @@ -103,60 +103,43 @@ public: void setAttribute(SecKeychainAttribute& attr); void setAttribute(const CssmDbAttributeInfo &info, const CssmPolyData &data); void setData(UInt32 length,const void *data); - - - - SSGroup group(); + void setAccess(Access *newAccess); + SSGroup group(); protected: void getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData); + void getLocalContent(SecKeychainAttributeList &attributeList); + + bool useSecureStorage(const CssmClient::Db &db); // new item members auto_ptr mData; auto_ptr mDbAttributes; + RefPointer mAccess; // db item members CssmClient::DbUniqueRecord mUniqueId; Keychain mKeychain; PrimaryKey mPrimaryKey; - }; + class Item : public RefPointer { public: - Item() {} - Item(ItemImpl *impl) : RefPointer(impl) {} - - Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data) - : RefPointer(new ItemImpl(itemClass, itemCreator, length, data)) {} - - Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data) - : RefPointer(new ItemImpl(itemClass, attrList, length, data)) {} - - Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId) - : RefPointer(new ItemImpl(keychain, primaryKey, uniqueId)) {} - - Item(const Keychain &keychain, const PrimaryKey &primaryKey) - : RefPointer(new ItemImpl(keychain, primaryKey)) {} - - Item(ItemImpl &item) - : RefPointer(new ItemImpl(item)) {} - - bool operator <(const Item &other) const { return **this < *other; } - bool operator !=(const Item &other) const { return **this < *other || *other < **this; } - bool operator ==(const Item &other) const { return !(*this != other); } - - typedef ItemImpl Impl; + Item(); + Item(ItemImpl *impl); + Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data); + Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data); + Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId); + Item(const Keychain &keychain, const PrimaryKey &primaryKey); + Item(ItemImpl &item); }; -typedef Ref ItemRef; - - -}; // end namespace KeychainCore +} // end namespace KeychainCore } // end namespace Security -#endif // _H_DBITEM \ No newline at end of file +#endif // !_SECURITY_ITEM_H_ \ No newline at end of file diff --git a/Keychain/KCCursor.cpp b/Keychain/KCCursor.cpp index f457dd8d..11f88e2d 100644 --- a/Keychain/KCCursor.cpp +++ b/Keychain/KCCursor.cpp @@ -28,6 +28,7 @@ #include "Globals.h" #include "StorageManager.h" #include +#include using namespace KeychainCore; using namespace CssmClient; @@ -36,16 +37,16 @@ using namespace CSSMDateTimeUtils; // // KCCursorImpl // -KCCursorImpl::KCCursorImpl(const DbCursor &dbCursor, SecItemClass itemClass, const SecKeychainAttributeList *attrList) -: mDbCursor(dbCursor) +KCCursorImpl::KCCursorImpl(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList) : + mSearchList(searchList), + mCurrent(mSearchList.begin()) { + recordType(Schema::recordTypeFor(itemClass)); + if (!attrList) // No additional selectionPredicates: we are done return; - - mDbCursor->recordType(Schema::recordTypeFor(itemClass)); - - mDbCursor->conjunctive(CSSM_DB_AND); + conjunctive(CSSM_DB_AND); const SecKeychainAttribute *end=&attrList->attr[attrList->count]; // Add all the attrs in attrs list to the cursor. for (const SecKeychainAttribute *attr=attrList->attr; attr != end; ++attr) @@ -75,17 +76,18 @@ KCCursorImpl::KCCursorImpl(const DbCursor &dbCursor, SecItemClass itemClass, con length = 16; } } - mDbCursor->add(CSSM_DB_EQUAL,info, CssmData(buf,length)); + add(CSSM_DB_EQUAL,info, CssmData(buf,length)); } } -KCCursorImpl::KCCursorImpl(const DbCursor &dbCursor, const SecKeychainAttributeList *attrList) -: mDbCursor(dbCursor) +KCCursorImpl::KCCursorImpl(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList) : + mSearchList(searchList), + mCurrent(mSearchList.begin()) { if (!attrList) // No additional selectionPredicates: we are done return; - mDbCursor->conjunctive(CSSM_DB_AND); + conjunctive(CSSM_DB_AND); bool foundClassAttribute=false; const SecKeychainAttribute *end=&attrList->attr[attrList->count]; // Add all the attrs in attrs list to the cursor. @@ -118,7 +120,7 @@ KCCursorImpl::KCCursorImpl(const DbCursor &dbCursor, const SecKeychainAttributeL length = 16; } } - mDbCursor->add(CSSM_DB_EQUAL,info, CssmData(buf,length)); + add(CSSM_DB_EQUAL,info, CssmData(buf,length)); continue; } @@ -127,8 +129,7 @@ KCCursorImpl::KCCursorImpl(const DbCursor &dbCursor, const SecKeychainAttributeL if (foundClassAttribute || attr->length != sizeof(SecItemClass)) MacOSError::throwMe(paramErr); // We have 2 different 'clas' attributes - mDbCursor->recordType(Schema - ::recordTypeFor(*reinterpret_cast(attr->data))); + recordType(Schema::recordTypeFor(*reinterpret_cast(attr->data))); foundClassAttribute=true; } } @@ -142,26 +143,57 @@ KCCursorImpl::next(Item &item) { DbAttributes dbAttributes; DbUniqueRecord uniqueId; - if (!mDbCursor) - MacOSError::throwMe(errSecInvalidSearchRef); for (;;) { - if (!mDbCursor->next(&dbAttributes, NULL, uniqueId)) + if (!mDbCursor) + { + if (mCurrent == mSearchList.end()) + { + // No more keychains to search so we are done. + return false; + } + + mDbCursor = DbCursor((*mCurrent)->database(), *this); + } + + bool gotRecord; + try + { + gotRecord = mDbCursor->next(&dbAttributes, NULL, uniqueId); + } + catch(const CssmCommonError &err) + { + OSStatus status = err.osStatus(); + if (status != CSSMERR_DL_DATASTORE_DOESNOT_EXIST + && status != CSSMERR_DL_INVALID_RECORDTYPE) + throw; + + gotRecord = false; + } + + // If we did not get a record from the current keychain or the current + // keychain did not exist skip to the next keychain in the list. + if (!gotRecord) { - // Forget my resources. + ++mCurrent; mDbCursor = DbCursor(); - return false; + continue; } - // Skip records that we don't have a matching itemClass for, - // since we can't do anything with them. - if (Schema::itemClassFor(dbAttributes.recordType())) - break; + // If doing a search for all records skip the db blob added by the + // CSP/DL and skip symmetric key items. + // @@@ This is wrong since we should only skip symmetric keys that are + // group keys and not user generated symmetric keys. + if (mDbCursor->recordType() == CSSM_DL_DB_RECORD_ANY && + (dbAttributes.recordType() == 0x80008000 + || dbAttributes.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)) + continue; + + break; } - Keychain keychain = globals().storageManager.keychain(uniqueId->database()->dlDbIdentifier()); // Go though Keychain since item might already exist. - item = keychain->item(dbAttributes.recordType(), uniqueId); + item = (*mCurrent)->item(dbAttributes.recordType(), uniqueId); return true; } diff --git a/Keychain/KCCursor.h b/Keychain/KCCursor.h index 291e1ff6..8dd9bfd5 100644 --- a/Keychain/KCCursor.h +++ b/Keychain/KCCursor.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,19 +15,11 @@ * specific language governing rights and limitations under the License. */ - -/* - File: KCCursor.h - - Contains: The keychain class - - Copyright: 2000 by Apple Computer, Inc., all rights reserved. - - To Do: -*/ - -#ifndef _H_KCCURSOR_ -#define _H_KCCURSOR_ +// +// KCCursor.h +// +#ifndef _SECURITY_KCCURSOR_H_ +#define _SECURITY_KCCURSOR_H_ #include @@ -37,21 +29,22 @@ namespace Security namespace KeychainCore { -class KCCursor; - -class KCCursorImpl : public ReferencedObject +class KCCursorImpl : public SecCFObject, public CssmAutoQuery { NOCOPY(KCCursorImpl) +public: friend class KCCursor; protected: - KCCursorImpl(const CssmClient::DbCursor &dbCursor, SecItemClass itemClass, const SecKeychainAttributeList *attrList); - KCCursorImpl(const CssmClient::DbCursor &dbCursor, const SecKeychainAttributeList *attrList); + KCCursorImpl(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList); + KCCursorImpl(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList); public: virtual ~KCCursorImpl(); bool next(Item &item); private: + StorageManager::KeychainList mSearchList; + StorageManager::KeychainList::iterator mCurrent; CssmClient::DbCursor mDbCursor; }; @@ -63,21 +56,18 @@ public: KCCursor(KCCursorImpl *impl) : RefPointer(impl) {} - KCCursor(const CssmClient::DbCursor &dbCursor, const SecKeychainAttributeList *attrList) - : RefPointer(new KCCursorImpl(dbCursor, attrList)) {} + KCCursor(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList) + : RefPointer(new KCCursorImpl(searchList, attrList)) {} - KCCursor(const CssmClient::DbCursor &dbCursor, SecItemClass itemClass, const SecKeychainAttributeList *attrList) - : RefPointer(new KCCursorImpl(dbCursor, itemClass, attrList)) {} + KCCursor(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList) + : RefPointer(new KCCursorImpl(searchList, itemClass, attrList)) {} typedef KCCursorImpl Impl; }; -typedef Ref KCCursorRef; - } // end namespace KeychainCore } // end namespace Security -#endif /* _H_KCCURSOR_ */ - +#endif // !_SECURITY_KCCURSOR_H_ diff --git a/Keychain/KCEventNotifier.cpp b/Keychain/KCEventNotifier.cpp index 2cf9f658..48ad8818 100644 --- a/Keychain/KCEventNotifier.cpp +++ b/Keychain/KCEventNotifier.cpp @@ -33,6 +33,7 @@ #include "KCEventNotifier.h" #include "KCExceptions.h" #include "Keychains.h" +#include using namespace KeychainCore; @@ -64,6 +65,11 @@ void KCEventNotifier::PostKeychainEvent(SecKeychainEvent whichEvent, KCThrowIfMemFail_(CFNumberRef(theEventData)); CFDictionarySetValue(mutableDict, kSecEventTypeKey, theEventData); + pid_t thePid = getpid(); + CFRef thePidData(CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &thePid)); + KCThrowIfMemFail_(CFNumberRef(thePidData)); + CFDictionarySetValue(mutableDict, kSecEventPidKey, thePidData); + if (dlDbIdentifier) { CFRef dict(DLDbListCFPref::dlDbIdentifierToCFDictionaryRef(dlDbIdentifier)); @@ -78,6 +84,7 @@ void KCEventNotifier::PostKeychainEvent(SecKeychainEvent whichEvent, CFDictionarySetValue(mutableDict, kSecEventItemKey, data); } + // 'name' has to be globally unique (could be KCLockEvent, etc.) // 'object' is just information or a context that can be used. // 'userInfo' has info on event (i.e. which DL/DB(kc - see John's Dict), the event, diff --git a/Keychain/KCEventNotifier.h b/Keychain/KCEventNotifier.h index 768d53e7..30092c0c 100644 --- a/Keychain/KCEventNotifier.h +++ b/Keychain/KCEventNotifier.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -17,21 +17,10 @@ /* - File: KCEventNotifier.h - - Contains: OS X CF Notifier for Keychain Events - - Written by: Craig Mortensen - - Copyright: 2000 by Apple Computer, Inc., All rights reserved. - - Change History (most recent first): - - To Do: -*/ - -#ifndef _KCEVENTNOTIFIER_H_ -#define _KCEVENTNOTIFIER_H_ + * KCEventNotifier.h -- OS X CF Notifier for Keychain Events + */ +#ifndef _SECURITY_KCEVENTNOTIFIER_H_ +#define _SECURITY_KCEVENTNOTIFIER_H_ #include #include @@ -45,6 +34,7 @@ namespace KeychainCore #define kSecEventNotificationName CFSTR("com.apple.securitycore.kcevent") #define kSecEventTypeKey CFSTR("type") +#define kSecEventPidKey CFSTR("pid") #define kSecEventKeychainKey CFSTR("keychain") #define kSecEventItemKey CFSTR("item") @@ -65,4 +55,4 @@ public: } // end namespace Security -#endif /* _KCEVENTNOTIFIER_H_ */ +#endif /* _SECURITY_KCEVENTNOTIFIER_H_ */ diff --git a/Keychain/KCEventObserver.h b/Keychain/KCEventObserver.h index 39fadb4e..5d760199 100644 --- a/Keychain/KCEventObserver.h +++ b/Keychain/KCEventObserver.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -17,22 +17,13 @@ /* - File: KCEventObserver.h - - Contains: OS X CF Observer for Keychain Events - - Written by: Craig Mortensen - - Copyright: 2000 by Apple Computer, Inc., All rights reserved. - - Change History (most recent first): - - To Do: -*/ + * KCEventObserver.h -- OS X CF Observer for Keychain Events + */ +#ifndef _SECURITY_KCEVENTOBSERVER_H_ +#define _SECURITY_KCEVENTOBSERVER_H_ #include #include -#include namespace Security { @@ -66,3 +57,5 @@ public: }; } // end namespace Security + +#endif // !_SECURITY_KCEVENTOBSERVER_H_ diff --git a/Keychain/KCExceptions.h b/Keychain/KCExceptions.h index e3d6c313..1d1974e3 100644 --- a/Keychain/KCExceptions.h +++ b/Keychain/KCExceptions.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -17,11 +17,10 @@ /* - KCExceptions.h -*/ - -#ifndef _H_KCEXCEPTIONS -#define _H_KCEXCEPTIONS + * KCExceptions.h + */ +#ifndef _SECURITY_KCEXCEPTIONS_H_ +#define _SECURITY_KCEXCEPTIONS_H_ #include @@ -88,4 +87,4 @@ inline void KCUnimplemented_() } // end namespace Security -#endif /* _H_KCEXCEPTIONS */ \ No newline at end of file +#endif /* !_SECURITY_KCEXCEPTIONS_H_ */ diff --git a/Keychain/KCUtilities.cpp b/Keychain/KCUtilities.cpp index 88185136..fe01edf2 100644 --- a/Keychain/KCUtilities.cpp +++ b/Keychain/KCUtilities.cpp @@ -39,7 +39,11 @@ OSStatus GetKeychainErrFromCSSMErr( OSStatus cssmError ) return userCanceledErr; case CSSM_ERRCODE_OPERATION_AUTH_DENIED: return errSecAuthFailed; - default: + case CSSM_ERRCODE_NO_USER_INTERACTION: + return errSecInteractionNotAllowed; + case CSSM_ERRCODE_OS_ACCESS_DENIED: + return wrPermErr; + default: return cssmError; } } @@ -48,6 +52,8 @@ OSStatus GetKeychainErrFromCSSMErr( OSStatus cssmError ) switch (cssmError) { // DL SPECIFIC ERROR CODES + case CSSMERR_DL_OS_ACCESS_DENIED: + return wrPermErr; case CSSMERR_DL_RECORD_NOT_FOUND: return errSecItemNotFound; case CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA: @@ -87,7 +93,7 @@ StKCItem::~StKCItem( ) // if an error occured and the item is valid, release the item // if ( *fResult != noErr && *fItem != NULL ) - ::SecKeychainItemRelease(*fItem ); // %%% rjp was KCItemRelease(fitem); + CFRelease(*fItem ); } } // end namespace Security diff --git a/Keychain/KCUtilities.h b/Keychain/KCUtilities.h index 945cc2f1..af086871 100644 --- a/Keychain/KCUtilities.h +++ b/Keychain/KCUtilities.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,12 +15,10 @@ * specific language governing rights and limitations under the License. */ +#ifndef _SECURITY_KCUTILITIES_H_ +#define _SECURITY_KCUTILITIES_H_ -#ifdef _KC_UTILS -# pragma export on -#endif - -#include +#include #include #include #include @@ -65,6 +63,4 @@ private: } // end namespace Security -#ifdef _KC_UTILS -#pragma export off -#endif +#endif // !_SECURITY_KCUTILITIES_H_ diff --git a/Keychain/KeyItem.cpp b/Keychain/KeyItem.cpp new file mode 100644 index 00000000..bfb10ec0 --- /dev/null +++ b/Keychain/KeyItem.cpp @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// KeyItem.cpp +// +#include +#include + +using namespace KeychainCore; + +KeyItem::KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId) : + ItemImpl(keychain, primaryKey, uniqueId), + mKey(NULL) +{ +} + +KeyItem::KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey) : + ItemImpl(keychain, primaryKey), + mKey(NULL) +{ +} + +KeyItem::KeyItem(KeyItem &keyItem) : + ItemImpl(keyItem), + mKey(NULL) +{ +} + +KeyItem::~KeyItem() +{ + if (mKey) + { + CssmClient::SSDbUniqueRecord uniqueId(ssDbUniqueRecord()); + uniqueId->database()->csp()->freeKey(*mKey); + uniqueId->allocator().free(mKey); + } +} + +void +KeyItem::update() +{ + MacOSError::throwMe(unimpErr); +} + +Item +KeyItem::copyTo(const Keychain &keychain) +{ + MacOSError::throwMe(unimpErr); +} + +void +KeyItem::didModify() +{ +} + +PrimaryKey +KeyItem::add(Keychain &keychain) +{ + MacOSError::throwMe(unimpErr); +} + +CssmClient::SSDbUniqueRecord +KeyItem::ssDbUniqueRecord() +{ + DbUniqueRecordImpl *impl = &*dbUniqueRecord(); + return CssmClient::SSDbUniqueRecord(safe_cast(impl)); +} + +const CssmKey & +KeyItem::cssmKey() +{ + if (!mKey) + { + CssmClient::SSDbUniqueRecord uniqueId(ssDbUniqueRecord()); + CssmDataContainer dataBlob(uniqueId->allocator()); + uniqueId->get(NULL, &dataBlob); + mKey = reinterpret_cast(dataBlob.Data); + dataBlob.Data = NULL; + dataBlob.Length = 0; + } + + return *mKey; +} diff --git a/Keychain/KeyItem.h b/Keychain/KeyItem.h new file mode 100644 index 00000000..6c43c87e --- /dev/null +++ b/Keychain/KeyItem.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// KeyItem.h +// +#ifndef _SECURITY_KEYITEM_H_ +#define _SECURITY_KEYITEM_H_ + +#include + +namespace Security +{ + +namespace KeychainCore +{ + +class KeyItem : public ItemImpl +{ + NOCOPY(KeyItem) +public: + // db item contstructor + KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId); + + // PrimaryKey item contstructor + KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey); + + KeyItem(KeyItem &keyItem); + + virtual ~KeyItem(); + + virtual void update(); + virtual Item copyTo(const Keychain &keychain); + virtual void didModify(); + + CssmClient::SSDbUniqueRecord ssDbUniqueRecord(); + const CssmKey &cssmKey(); + +protected: + virtual PrimaryKey add(Keychain &keychain); +private: + CssmKey *mKey; +}; + +} // end namespace KeychainCore + +} // end namespace Security + +#endif // !_SECURITY_KEYITEM_H_ diff --git a/Keychain/Keychains.cpp b/Keychain/Keychains.cpp index 085b62f9..a5254468 100644 --- a/Keychain/Keychains.cpp +++ b/Keychain/Keychains.cpp @@ -31,7 +31,8 @@ #include #include #include - +#include +#include using namespace KeychainCore; using namespace CssmClient; @@ -71,7 +72,8 @@ KeychainSchemaImpl::KeychainSchemaImpl(const Db &db) RelationInfoMap &rim = mDatabaseInfoMap[relationID]; while (attributes->next(&attributeRecord, NULL, uniqueId)) { - if(CSSM_DB_ATTRIBUTE_FORMAT(attributeRecord.at(2))==CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER) + // @@@ this if statement was blocking tags of different naming conventions + //if(CSSM_DB_ATTRIBUTE_FORMAT(attributeRecord.at(2))==CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER) rim[attributeRecord.at(1)] = attributeRecord.at(0); } @@ -104,60 +106,64 @@ KeychainSchemaImpl::~KeychainSchemaImpl() for_each_map_delete(mPrimaryKeyInfoMap.begin(), mPrimaryKeyInfoMap.end()); } -CSSM_DB_ATTRIBUTE_FORMAT -KeychainSchemaImpl::attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const +const KeychainSchemaImpl::RelationInfoMap & +KeychainSchemaImpl::relationInfoMapFor(CSSM_DB_RECORDTYPE recordType) const { - DatabaseInfoMap::const_iterator dit = mDatabaseInfoMap.find(recordType); if (dit == mDatabaseInfoMap.end()) MacOSError::throwMe(errSecNoSuchClass); - RelationInfoMap::const_iterator rit = dit->second.find(attributeId); - if (dit == dit->second.end()) + return dit->second; +} + +bool +KeychainSchemaImpl::hasAttribute(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const +{ + const RelationInfoMap &rmap = relationInfoMapFor(recordType); + RelationInfoMap::const_iterator rit = rmap.find(attributeId); + return rit != rmap.end(); +} + +CSSM_DB_ATTRIBUTE_FORMAT +KeychainSchemaImpl::attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const +{ + const RelationInfoMap &rmap = relationInfoMapFor(recordType); + RelationInfoMap::const_iterator rit = rmap.find(attributeId); + if (rit == rmap.end()) MacOSError::throwMe(errSecNoSuchAttr); return rit->second; } CssmDbAttributeInfo -KeychainSchemaImpl::attributeInfoForTag(UInt32 tag) +KeychainSchemaImpl::attributeInfoFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const { CSSM_DB_ATTRIBUTE_INFO info; + info.AttributeFormat = attributeFormatFor(recordType, attributeId); + info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER; + info.Label.AttributeID = attributeId; - for(DatabaseInfoMap::const_iterator dit = mDatabaseInfoMap.begin(); dit != mDatabaseInfoMap.end(); ++dit) - { - for(RelationInfoMap::const_iterator rit = dit->second.begin(); rit != dit->second.end(); ++rit) - { - if(rit->first==tag) - { - info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER; - info.Label.AttributeID = rit->first; - info.AttributeFormat = rit->second; - return info; - } - } - } return info; } void -KeychainSchemaImpl::getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info) +KeychainSchemaImpl::getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info) const { - DatabaseInfoMap::const_iterator dit = mDatabaseInfoMap.find(recordType); - if (dit == mDatabaseInfoMap.end()) - MacOSError::throwMe(errSecNoSuchClass); + const RelationInfoMap &rmap = relationInfoMapFor(recordType); SecKeychainAttributeInfo *theList=reinterpret_cast(malloc(sizeof(SecKeychainAttributeInfo))); - UInt32 capacity=32; + UInt32 capacity=rmap.size(); UInt32 *tagBuf=reinterpret_cast(malloc(capacity*sizeof(UInt32))); UInt32 *formatBuf=reinterpret_cast(malloc(capacity*sizeof(UInt32))); UInt32 i=0; - for(RelationInfoMap::const_iterator rit = dit->second.begin(); rit != dit->second.end(); ++rit) + + for (RelationInfoMap::const_iterator rit = rmap.begin(); rit != rmap.end(); ++rit) { - if(i>=capacity) + if (i>=capacity) { - capacity*=2; + capacity *= 2; + if (capacity <= i) capacity = i + 1; tagBuf=reinterpret_cast(realloc(tagBuf, (capacity*sizeof(UInt32)))); formatBuf=reinterpret_cast(realloc(tagBuf, (capacity*sizeof(UInt32)))); } @@ -173,14 +179,11 @@ KeychainSchemaImpl::getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, const CssmAutoDbRecordAttributeInfo & -KeychainSchemaImpl::primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) +KeychainSchemaImpl::primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) const { - PrimaryKeyInfoMap::iterator it; + PrimaryKeyInfoMap::const_iterator it; it = mPrimaryKeyInfoMap.find(recordType); - // if the primary key attributes have already been determined, - // return the cached results - if (it == mPrimaryKeyInfoMap.end()) MacOSError::throwMe(errSecNoSuchClass); // @@@ Not really but whatever. @@ -212,16 +215,26 @@ KeychainImpl::~KeychainImpl() { } +bool +KeychainImpl::operator ==(const KeychainImpl &keychain) const +{ + return dLDbIdentifier() == keychain.dLDbIdentifier(); +} + KCCursor KeychainImpl::createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList) { - return KCCursor(DbCursor(mDb), itemClass, attrList); + StorageManager::KeychainList keychains; + keychains.push_back(Keychain(this)); + return KCCursor(keychains, itemClass, attrList); } KCCursor KeychainImpl::createCursor(const SecKeychainAttributeList *attrList) { - return KCCursor(DbCursor(mDb), attrList); + StorageManager::KeychainList keychains; + keychains.push_back(Keychain(this)); + return KCCursor(keychains, attrList); } void @@ -234,13 +247,13 @@ KeychainImpl::create(UInt32 passwordLength, const void *inPassword) } CssmAllocator &alloc = CssmAllocator::standard(); + // @@@ Share this instance - KeychainAclFactory aclFactory(alloc); - // @@@ This leaks the returned credentials const CssmData password(const_cast(inPassword), passwordLength); - const AccessCredentials *cred = aclFactory.passwordChangeCredentials(password); - + AclFactory::PasswordChangeCredentials pCreds (password, alloc); + const AccessCredentials* aa = pCreds; + // @@@ Create a nice wrapper for building the default AclEntryPrototype. TypedList subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY); AclEntryPrototype protoType(subject); @@ -249,7 +262,7 @@ KeychainImpl::create(UInt32 passwordLength, const void *inPassword) authGroup.NumberOfAuthTags = 1; authGroup.AuthTags = &tag; - const ResourceControlContext rcc(protoType, const_cast(cred)); + const ResourceControlContext rcc(protoType, const_cast(aa)); create(&rcc); } @@ -266,10 +279,14 @@ KeychainImpl::create() { CssmAllocator &alloc = CssmAllocator::standard(); // @@@ Share this instance +#ifdef OBSOLETE KeychainAclFactory aclFactory(alloc); const AccessCredentials *cred = aclFactory.keychainPromptUnlockCredentials(); - +#endif + AclFactory aclFactor; + const AccessCredentials *cred = aclFactor.unlockCred (); + // @@@ Create a nice wrapper for building the default AclEntryPrototype. TypedList subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY); AclEntryPrototype protoType(subject); @@ -422,7 +439,7 @@ KeychainImpl::status() const { // @@@ We should figure out the read/write status though a DL passthrough or some other way. // @@@ Also should locked be unlocked read only or just read-only? - return (mDb->isLocked() ? 0 : kSecUnlockStateStatus | kSecWrPermStatus) | kSecRdPermStatus; + return (mDb->isLocked() ? 0 : kSecUnlockStateStatus | kSecWritePermStatus) | kSecReadPermStatus; } bool @@ -453,11 +470,11 @@ KeychainImpl::isActive() const void KeychainImpl::add(Item &inItem) { - PrimaryKey primaryKey = inItem->add(this); + Keychain keychain(this); + PrimaryKey primaryKey = inItem->add(keychain); { StLock _(mDbItemMapLock); - // Use &* to get the item's Impl. - mDbItemMap[primaryKey] = &*inItem; + mDbItemMap[primaryKey] = inItem.get(); } KCEventNotifier::PostKeychainEvent(kSecAddEvent, this, inItem); @@ -500,6 +517,17 @@ KeychainImpl::deleteItem(Item &inoutItem) KCEventNotifier::PostKeychainEvent(kSecDeleteEvent, dLDbIdentifier(), primaryKey); } + +CssmClient::CSP +KeychainImpl::csp() +{ + if (!mDb->dl()->subserviceMask() & CSSM_SERVICE_CSP) + MacOSError::throwMe(errSecInvalidKeychain); + + SSDb ssDb(safe_cast(&(*mDb))); + return ssDb->csp(); +} + PrimaryKey KeychainImpl::makePrimaryKey(CSSM_DB_RECORDTYPE recordType, DbUniqueRecord &uniqueId) { @@ -615,9 +643,9 @@ KeychainImpl::freeAttributeInfo(SecKeychainAttributeInfo *Info) } CssmDbAttributeInfo -KeychainImpl::attributeInfoForTag(UInt32 tag) +KeychainImpl::attributeInfoFor(CSSM_DB_RECORDTYPE recordType, UInt32 tag) { - return keychainSchema()->attributeInfoForTag(tag); + return keychainSchema()->attributeInfoFor(recordType, tag); } @@ -625,7 +653,7 @@ Keychain Keychain::optional(SecKeychainRef handle) { if (handle) - return KeychainRef::required(handle); + return gTypes().keychain.required(handle); else return globals().defaultKeychain; } diff --git a/Keychain/Keychains.h b/Keychain/Keychains.h index 54242aa7..57fe785b 100644 --- a/Keychain/Keychains.h +++ b/Keychain/Keychains.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,27 +15,20 @@ * specific language governing rights and limitations under the License. */ +// +// Keychains.h - The Keychain class +// +#ifndef _SECURITY_KEYCHAINS_H_ +#define _SECURITY_KEYCHAINS_H_ -/* - File: Keychains.h - - Contains: The keychain class - - Copyright: 2000 by Apple Computer, Inc., all rights reserved. - - To Do: -*/ - -#ifndef _H_KEYCHAINS_ -#define _H_KEYCHAINS_ - +#include #include #include #include #include -#include -#include -#include +#include +#include +#include #include namespace Security @@ -46,26 +39,29 @@ namespace KeychainCore class KCCursor; class Item; -class ItemImpl; -class Keychain; class PrimaryKey; class StorageManager; -class KeychainSchemaImpl : public ReferencedObject +class KeychainSchemaImpl : public RefCount { + NOCOPY(KeychainSchemaImpl) public: + friend class KeychainSchema; +protected: KeychainSchemaImpl(const CssmClient::Db &db); +public: ~KeychainSchemaImpl(); CSSM_DB_ATTRIBUTE_FORMAT attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const; - const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType); + const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) const; bool operator <(const KeychainSchemaImpl &other) const; bool operator ==(const KeychainSchemaImpl &other) const; - void getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info); - CssmDbAttributeInfo attributeInfoForTag(UInt32 tag); + void getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info) const; + CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const; + bool hasAttribute(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const; private: typedef map PrimaryKeyInfoMap; @@ -74,8 +70,8 @@ private: typedef map RelationInfoMap; typedef map DatabaseInfoMap; DatabaseInfoMap mDatabaseInfoMap; - - +private: + const RelationInfoMap &relationInfoMapFor(CSSM_DB_RECORDTYPE recordType) const; }; @@ -96,23 +92,25 @@ private: }; -class KeychainImpl : public ReferencedObject +class KeychainImpl : public SecCFObject { NOCOPY(KeychainImpl) +public: friend class Keychain; + friend class ItemImpl; protected: KeychainImpl(const CssmClient::Db &db); protected: // Methods called by ItemImpl; - friend class ItemImpl; - void didUpdate(ItemImpl *inItemImpl, PrimaryKey &oldPK, PrimaryKey &newPK); public: virtual ~KeychainImpl(); + bool operator ==(const KeychainImpl &) const; + // Item calls void add(Item &item); // item must not be persistant. Item will change. void deleteItem(Item &item); // item must be persistant. @@ -152,6 +150,8 @@ public: CssmClient::Db database() { return mDb; } DLDbIdentifier dLDbIdentifier() const { return mDb->dlDbIdentifier(); } + CssmClient::CSP csp(); + PrimaryKey makePrimaryKey(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId); void gatherPrimaryKeyAttributes(CssmClient::DbAttributes& primaryKeyAttrs); @@ -160,12 +160,12 @@ public: Item item(const PrimaryKey& primaryKey); Item item(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId); - CssmDbAttributeInfo attributeInfoForTag(UInt32 tag); + CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, UInt32 tag); void getAttributeInfoForItemID(CSSM_DB_RECORDTYPE itemID, SecKeychainAttributeInfo **Info); -static void freeAttributeInfo(SecKeychainAttributeInfo *Info); + static void freeAttributeInfo(SecKeychainAttributeInfo *Info); + KeychainSchema keychainSchema(); private: - KeychainSchema keychainSchema(); void addItem(const PrimaryKey &primaryKey, ItemImpl *dbItemImpl); void removeItem(const PrimaryKey &primaryKey, const ItemImpl *inItemImpl); @@ -195,11 +195,8 @@ private: }; -typedef Ref KeychainRef; - } // end namespace KeychainCore } // end namespace Security -#endif /* _H_KEYCHAINS_ */ - +#endif // !_SECURITY_KEYCHAINS_H_ diff --git a/Keychain/Policies.cpp b/Keychain/Policies.cpp new file mode 100644 index 00000000..2cdbc9be --- /dev/null +++ b/Keychain/Policies.cpp @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// Policy.cpp - Working with Policies +// +#include + +using namespace KeychainCore; + +Policy::Policy(TP supportingTp, const CssmOid &policyOid) + : mTp(supportingTp), + mOid(CssmAllocator::standard(), policyOid), + mValue(CssmAllocator::standard()) +{ + // value is as yet unimplemented +} + +Policy::~Policy() +{ +} + +bool Policy::operator < (const Policy& other) const +{ + //@@@ inefficient + return oid() < other.oid() || + oid() == other.oid() && value() < other.value(); +} + +bool Policy::operator == (const Policy& other) const +{ + return oid() == other.oid() && value() == other.value(); +} diff --git a/Keychain/Policies.h b/Keychain/Policies.h new file mode 100644 index 00000000..b15ad516 --- /dev/null +++ b/Keychain/Policies.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +// +// Policies.h +// +#ifndef _SECURITY_POLICY_H_ +#define _SECURITY_POLICY_H_ + +#include +#include +#include + +namespace Security +{ + +namespace KeychainCore +{ + +using namespace CssmClient; + +// +// A Policy[Impl] represents a particular +// CSSM "policy" managed by a particular TP. +// +class Policy : public SecCFObject +{ + NOCOPY(Policy) +public: + Policy(TP supportingTp, const CssmOid &policyOid); + +public: + virtual ~Policy(); + + TP &tp() { return mTp; } + const TP &tp() const { return mTp; } + const CssmOid &oid() const { return mOid; } + const CssmData &value() const { return mValue; } + + bool operator < (const Policy& other) const; + bool operator == (const Policy& other) const; + +private: + TP mTp; // TP module for this Policy + CssmAutoData mOid; // OID for this policy + CssmAutoData mValue; // value for this policy +}; + +} // end namespace KeychainCore + +} // end namespace Security + +#endif // !_SECURITY_POLICY_H_ diff --git a/Keychain/PolicyCursor.cpp b/Keychain/PolicyCursor.cpp new file mode 100644 index 00000000..576aefed --- /dev/null +++ b/Keychain/PolicyCursor.cpp @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// PolicyCursor.cpp +// +#include +#include +#include + +using namespace KeychainCore; +using namespace CssmClient; + + +// +// This preliminary implementation bypasses MDS and uses +// a fixed set of policies known to exist in the one known TP. +// +struct TheOneTP : public TP { + TheOneTP() : TP(gGuidAppleX509TP) { } +}; + +static ModuleNexus theOneTP; +static const CssmOid *theOidList[] = { + static_cast(&CSSMOID_APPLE_ISIGN), + static_cast(&CSSMOID_APPLE_X509_BASIC), + static_cast(&CSSMOID_APPLE_TP_SSL), + NULL // sentinel +}; + + +// +// Canonical Construction +// +PolicyCursor::PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value) + : mOid(CssmAllocator::standard()), mOidGiven(false) +{ + if (oid) { + mOid = CssmOid::required(oid); + mOidGiven = true; + } + mSearchPos = 0; +} + + +// +// Destroy +// +PolicyCursor::~PolicyCursor() +{ +} + + +// +// Crank the iterator +// +bool PolicyCursor::next(RefPointer &policy) +{ + while (theOidList[mSearchPos]) { + if (mOidGiven && mOid != *theOidList[mSearchPos]) { + mSearchPos++; + continue; // no oid match + } + // ignoring mValue - not used by current TP + policy = new Policy(theOneTP(), *theOidList[mSearchPos]); + mSearchPos++; // advance cursor + return true; // return next match + } + return false; // end of table, no more matches +} diff --git a/Keychain/PolicyCursor.h b/Keychain/PolicyCursor.h new file mode 100644 index 00000000..bdfc2c94 --- /dev/null +++ b/Keychain/PolicyCursor.h @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// PolicyCursor.h +// +#ifndef _SECURITY_POLICYCURSOR_H_ +#define _SECURITY_POLICYCURSOR_H_ + +#include +#include +#include +#include +#include + +namespace Security +{ + +namespace KeychainCore +{ + +class Policy; + +class PolicyCursor : public SecCFObject +{ + NOCOPY(PolicyCursor) +public: + PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value); + virtual ~PolicyCursor(); + bool next(RefPointer &policy); + +private: + //CFArrayRef mKeychainSearchList; + //SecKeyUsage mKeyUsage; + //SecPolicyRef mPolicy; + CssmAutoData mOid; + bool mOidGiven; + // value ignored (for now?) + +#if 1 // quick version -- using built-in policy list + + int mSearchPos; // next untried table entry + +#else // MDS version -- later + bool mFirstLookup; + + // + // Initialization + // + MDS_HANDLE mMdsHand; + CSSM_DB_HANDLE mDbHand; + // + // Used for searching (lookups) + // + MDS_DB_HANDLE mObjDlDb; + MDS_DB_HANDLE mCdsaDlDb; + MDS_FUNCS* mMdsFuncs; +#endif +}; + +} // end namespace KeychainCore + +} // end namespace Security + +#endif // !_SECURITY_POLICYCURSOR_H_ diff --git a/Keychain/PrimaryKey.h b/Keychain/PrimaryKey.h index d7250beb..16d9046a 100644 --- a/Keychain/PrimaryKey.h +++ b/Keychain/PrimaryKey.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -19,8 +19,8 @@ // // PrimaryKey.h // -#ifndef _H_PRIMARYKEY -#define _H_PRIMARYKEY +#ifndef _SECURITY_PRIMARYKEY_H_ +#define _SECURITY_PRIMARYKEY_H_ #include #include @@ -61,8 +61,8 @@ public: bool operator <(const PrimaryKey &other) const { return **this < *other; } }; -}; // end namespace KeychainCore +} // end namespace KeychainCore } // end namespace Security -#endif // _H_PRIMARYKEY +#endif // !_SECURITY_PRIMARYKEY_H_ diff --git a/Keychain/Refs.h b/Keychain/Refs.h index 5e26f6aa..a3464d21 100644 --- a/Keychain/Refs.h +++ b/Keychain/Refs.h @@ -15,7 +15,7 @@ * specific language governing rights and limitations under the License. */ - +#if 0 // // Refs.h // @@ -123,4 +123,5 @@ public: } // end namespace Security -#endif // _H_REFS \ No newline at end of file +#endif // _H_REFS +#endif diff --git a/Keychain/RootCertBlobs.h b/Keychain/RootCertBlobs.h new file mode 100644 index 00000000..69a6ec2b --- /dev/null +++ b/Keychain/RootCertBlobs.h @@ -0,0 +1,1413 @@ +// This file is automatically generated, temporary, and ugly. +// Don't even THINK of editing this. +static const unsigned char cert_0 [] = { +0x30,0x82,0x03,0x77,0x30,0x82,0x02,0x5f,0xa0,0x03,0x02,0x01,0x02,0x02,0x04,0x02, +0x00,0x00,0xb9,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, +0x05,0x00,0x30,0x5a,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, +0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74, +0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a, +0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03, +0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43, +0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e, +0x17,0x0d,0x30,0x30,0x30,0x35,0x31,0x32,0x31,0x38,0x34,0x36,0x30,0x30,0x5a,0x17, +0x0d,0x32,0x35,0x30,0x35,0x31,0x32,0x32,0x33,0x35,0x39,0x30,0x30,0x5a,0x30,0x5a, +0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30, +0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72, +0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a,0x43,0x79,0x62,0x65, +0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13, +0x19,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72, +0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x30,0x82,0x01,0x22,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01, +0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa3,0x04,0xbb,0x22,0xab, +0x98,0x3d,0x57,0xe8,0x26,0x72,0x9a,0xb5,0x79,0xd4,0x29,0xe2,0xe1,0xe8,0x95,0x80, +0xb1,0xb0,0xe3,0x5b,0x8e,0x2b,0x29,0x9a,0x64,0xdf,0xa1,0x5d,0xed,0xb0,0x09,0x05, +0x6d,0xdb,0x28,0x2e,0xce,0x62,0xa2,0x62,0xfe,0xb4,0x88,0xda,0x12,0xeb,0x38,0xeb, +0x21,0x9d,0xc0,0x41,0x2b,0x01,0x52,0x7b,0x88,0x77,0xd3,0x1c,0x8f,0xc7,0xba,0xb9, +0x88,0xb5,0x6a,0x09,0xe7,0x73,0xe8,0x11,0x40,0xa7,0xd1,0xcc,0xca,0x62,0x8d,0x2d, +0xe5,0x8f,0x0b,0xa6,0x50,0xd2,0xa8,0x50,0xc3,0x28,0xea,0xf5,0xab,0x25,0x87,0x8a, +0x9a,0x96,0x1c,0xa9,0x67,0xb8,0x3f,0x0c,0xd5,0xf7,0xf9,0x52,0x13,0x2f,0xc2,0x1b, +0xd5,0x70,0x70,0xf0,0x8f,0xc0,0x12,0xca,0x06,0xcb,0x9a,0xe1,0xd9,0xca,0x33,0x7a, +0x77,0xd6,0xf8,0xec,0xb9,0xf1,0x68,0x44,0x42,0x48,0x13,0xd2,0xc0,0xc2,0xa4,0xae, +0x5e,0x60,0xfe,0xb6,0xa6,0x05,0xfc,0xb4,0xdd,0x07,0x59,0x02,0xd4,0x59,0x18,0x98, +0x63,0xf5,0xa5,0x63,0xe0,0x90,0x0c,0x7d,0x5d,0xb2,0x06,0x7a,0xf3,0x85,0xea,0xeb, +0xd4,0x03,0xae,0x5e,0x84,0x3e,0x5f,0xff,0x15,0xed,0x69,0xbc,0xf9,0x39,0x36,0x72, +0x75,0xcf,0x77,0x52,0x4d,0xf3,0xc9,0x90,0x2c,0xb9,0x3d,0xe5,0xc9,0x23,0x53,0x3f, +0x1f,0x24,0x98,0x21,0x5c,0x07,0x99,0x29,0xbd,0xc6,0x3a,0xec,0xe7,0x6e,0x86,0x3a, +0x6b,0x97,0x74,0x63,0x33,0xbd,0x68,0x18,0x31,0xf0,0x78,0x8d,0x76,0xbf,0xfc,0x9e, +0x8e,0x5d,0x2a,0x86,0xa7,0x4d,0x90,0xdc,0x27,0x1a,0x39,0x02,0x03,0x01,0x00,0x01, +0xa3,0x45,0x30,0x43,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xe5, +0x9d,0x59,0x30,0x82,0x47,0x58,0xcc,0xac,0xfa,0x08,0x54,0x36,0x86,0x7b,0x3a,0xb5, +0x04,0x4d,0xf0,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30, +0x06,0x01,0x01,0xff,0x02,0x01,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01, +0xff,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, +0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0x0c,0x5d,0x8e,0xe4, +0x6f,0x51,0x68,0x42,0x05,0xa0,0xdd,0xbb,0x4f,0x27,0x25,0x84,0x03,0xbd,0xf7,0x64, +0xfd,0x2d,0xd7,0x30,0xe3,0xa4,0x10,0x17,0xeb,0xda,0x29,0x29,0xb6,0x79,0x3f,0x76, +0xf6,0x19,0x13,0x23,0xb8,0x10,0x0a,0xf9,0x58,0xa4,0xd4,0x61,0x70,0xbd,0x04,0x61, +0x6a,0x12,0x8a,0x17,0xd5,0x0a,0xbd,0xc5,0xbc,0x30,0x7c,0xd6,0xe9,0x0c,0x25,0x8d, +0x86,0x40,0x4f,0xec,0xcc,0xa3,0x7e,0x38,0xc6,0x37,0x11,0x4f,0xed,0xdd,0x68,0x31, +0x8e,0x4c,0xd2,0xb3,0x01,0x74,0xee,0xbe,0x75,0x5e,0x07,0x48,0x1a,0x7f,0x70,0xff, +0x16,0x5c,0x84,0xc0,0x79,0x85,0xb8,0x05,0xfd,0x7f,0xbe,0x65,0x11,0xa3,0x0f,0xc0, +0x02,0xb4,0xf8,0x52,0x37,0x39,0x04,0xd5,0xa9,0x31,0x7a,0x18,0xbf,0xa0,0x2a,0xf4, +0x12,0x99,0xf7,0xa3,0x45,0x82,0xe3,0x3c,0x5e,0xf5,0x9d,0x9e,0xb5,0xc8,0x9e,0x7c, +0x2e,0xc8,0xa4,0x9e,0x4e,0x08,0x14,0x4b,0x6d,0xfd,0x70,0x6d,0x6b,0x1a,0x63,0xbd, +0x64,0xe6,0x1f,0xb7,0xce,0xf0,0xf2,0x9f,0x2e,0xbb,0x1b,0xb7,0xf2,0x50,0x88,0x73, +0x92,0xc2,0xe2,0xe3,0x16,0x8d,0x9a,0x32,0x02,0xab,0x8e,0x18,0xdd,0xe9,0x10,0x11, +0xee,0x7e,0x35,0xab,0x90,0xaf,0x3e,0x30,0x94,0x7a,0xd0,0x33,0x3d,0xa7,0x65,0x0f, +0xf5,0xfc,0x8e,0x9e,0x62,0xcf,0x47,0x44,0x2c,0x01,0x5d,0xbb,0x1d,0xb5,0x32,0xd2, +0x47,0xd2,0x38,0x2e,0xd0,0xfe,0x81,0xdc,0x32,0x6a,0x1e,0xb5,0xee,0x3c,0xd5,0xfc, +0xe7,0x81,0x1d,0x19,0xc3,0x24,0x42,0xea,0x63,0x39,0xa9,}; +static const unsigned char cert_1 [] = { +0x30,0x82,0x03,0xa6,0x30,0x82,0x02,0x8e,0xa0,0x03,0x02,0x01,0x02,0x02,0x04,0x02, +0x00,0x00,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, +0x05,0x00,0x30,0x67,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, +0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74, +0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a, +0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x2f,0x30,0x2d,0x06,0x03, +0x55,0x04,0x03,0x13,0x26,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43, +0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x43,0x6f,0x64,0x65,0x20,0x53, +0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,0x0d,0x30, +0x30,0x30,0x35,0x31,0x37,0x31,0x34,0x30,0x31,0x30,0x30,0x5a,0x17,0x0d,0x32,0x35, +0x30,0x35,0x31,0x37,0x32,0x33,0x35,0x39,0x30,0x30,0x5a,0x30,0x67,0x31,0x0b,0x30, +0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30,0x10,0x06,0x03, +0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x31,0x13, +0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a,0x43,0x79,0x62,0x65,0x72,0x54,0x72, +0x75,0x73,0x74,0x31,0x2f,0x30,0x2d,0x06,0x03,0x55,0x04,0x03,0x13,0x26,0x42,0x61, +0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75, +0x73,0x74,0x20,0x43,0x6f,0x64,0x65,0x20,0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20, +0x52,0x6f,0x6f,0x74,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, +0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a, +0x02,0x82,0x01,0x01,0x00,0xc8,0x71,0x9a,0x18,0x12,0x8e,0x7a,0xdb,0xf9,0x9a,0xfc, +0x41,0xaf,0xd8,0xf2,0xf4,0x09,0x8e,0xad,0x3f,0xfe,0x67,0x37,0x3c,0xda,0xc9,0x26, +0x50,0xb1,0xb1,0x3e,0xcb,0xe8,0x4e,0x73,0x00,0xf2,0xb2,0xdc,0xf3,0xc5,0x46,0xfb, +0x09,0xef,0x18,0x96,0xce,0xa7,0xe0,0x9c,0x84,0x5d,0x20,0x0e,0x7a,0xa0,0xaa,0x36, +0x8b,0xfa,0x28,0xb6,0x78,0x2e,0xb3,0xec,0xe8,0x47,0xf3,0x04,0xf0,0x90,0x23,0xb4, +0xea,0xaf,0xe5,0x53,0xb8,0x05,0xf7,0x47,0x5d,0x2b,0x86,0xf1,0xa7,0xa4,0xc6,0x3b, +0x35,0xb6,0xd2,0x0d,0x52,0x41,0xd7,0xf4,0x92,0x75,0xe1,0xa2,0x0a,0x50,0x56,0x87, +0xbe,0x97,0x0b,0x7b,0x33,0x85,0x10,0xb9,0x28,0x18,0xee,0x33,0xea,0x48,0x11,0xd7, +0x5b,0x91,0x47,0x76,0x22,0xd4,0xee,0xcf,0x5d,0xe7,0xa8,0x4e,0x1c,0x9d,0x96,0x91, +0xdd,0x9c,0xbd,0x74,0x09,0xa8,0x72,0x61,0xaa,0xb0,0x21,0x3a,0xf1,0x3d,0x2c,0x03, +0x56,0x09,0xd2,0xc1,0xdc,0xc3,0xb5,0xc7,0x54,0x37,0xab,0xe6,0x26,0xa2,0xb2,0x46, +0x71,0x73,0xca,0x11,0x88,0xee,0xbc,0xe7,0x64,0xf7,0xd0,0x11,0x1a,0x73,0x40,0x5a, +0xc8,0x49,0x2c,0x0f,0xb7,0xef,0x90,0x7f,0x68,0x80,0x04,0x38,0x0b,0x1b,0x0f,0x3b, +0xd4,0xf5,0xa0,0xb3,0xc2,0x8e,0xe1,0x34,0xb4,0x80,0x99,0x6d,0x9e,0x76,0xd4,0x92, +0x29,0x40,0xb1,0x95,0xd2,0x37,0xa4,0x67,0x12,0x7f,0xe0,0x62,0xbb,0xae,0x35,0xc5, +0x99,0x36,0x82,0x44,0xb8,0xe6,0x78,0x18,0x33,0x61,0x71,0x93,0x5b,0x2d,0x8d,0x9f, +0x78,0x95,0x82,0xeb,0x6d,0x02,0x03,0x01,0x00,0x01,0xa3,0x5a,0x30,0x58,0x30,0x13, +0x06,0x03,0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05, +0x07,0x03,0x03,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xc8,0x41, +0x34,0x5c,0x15,0x15,0x04,0xe5,0x40,0xf2,0xd1,0xab,0x9a,0x6f,0x24,0x92,0x7a,0x87, +0x42,0x5a,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06, +0x01,0x01,0xff,0x02,0x01,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff, +0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x52,0x74,0xaa,0x95,0x4b,0x22, +0x8c,0xc7,0x3d,0x96,0xa4,0xfe,0x5d,0xfa,0x2f,0xb5,0xbc,0xeb,0xf0,0x0b,0xe9,0x56, +0x38,0x1d,0xd1,0x6d,0x0d,0xa1,0xbc,0x68,0x8b,0xf0,0xc5,0x80,0xa5,0x24,0x34,0xfd, +0xf2,0x96,0x18,0x11,0x86,0xa1,0x36,0xf5,0x37,0xe7,0x54,0x40,0xd5,0x64,0x1f,0xc3, +0x5f,0x70,0x42,0x6b,0x2d,0x39,0xc7,0x9e,0x52,0x05,0xce,0xe7,0x6a,0x72,0xd2,0x8d, +0x72,0x3f,0x47,0x50,0x83,0xab,0xc7,0x8d,0x25,0xc9,0xb0,0xe3,0xa7,0x53,0x16,0x95, +0xa6,0x6a,0x53,0xea,0x18,0x9d,0x8f,0x78,0xa9,0x77,0x77,0x1a,0xf9,0xb4,0x97,0x47, +0x59,0x88,0x27,0x28,0xb5,0xca,0xe1,0x2e,0xd7,0x3e,0x0e,0xa2,0x0d,0xb8,0x22,0x44, +0x03,0xe3,0xd1,0x63,0xb0,0x41,0x3a,0xa1,0xf5,0xa4,0x2d,0xf7,0x76,0x1e,0x04,0x54, +0x99,0x78,0x32,0x40,0xd7,0x2b,0x7c,0x4d,0xba,0xa6,0x9c,0xb0,0x79,0x6e,0x07,0xbe, +0x8c,0xec,0xee,0xd7,0x38,0x69,0x5b,0xc1,0x0c,0x56,0x68,0x9f,0xfe,0xeb,0xd1,0xe1, +0xc8,0x88,0xf9,0xf2,0xcd,0x7f,0xbe,0x85,0xb4,0x44,0x67,0x00,0x50,0x3e,0xf4,0x26, +0x03,0x64,0xea,0x77,0x7d,0xe8,0x5e,0x3e,0x1c,0x37,0x47,0xc8,0xd6,0xea,0xa4,0xf3, +0x36,0x3c,0x97,0xc2,0x39,0x72,0x05,0x94,0x19,0x25,0xc3,0xd7,0x37,0x41,0x0f,0xc1, +0x1f,0x87,0x8a,0xfd,0xaa,0xbe,0xe9,0xb1,0x64,0x57,0xe4,0xdb,0x92,0xa1,0xcf,0xe1, +0x49,0xe8,0x3b,0x1f,0x91,0x13,0x5a,0xc3,0x8f,0xd9,0x25,0x58,0x49,0x80,0x47,0x0f, +0xc6,0x03,0xae,0xac,0xe3,0xbf,0xb7,0xc0,0xaa,0x2a,}; +static const unsigned char cert_2 [] = { +0x30,0x82,0x02,0x7d,0x30,0x82,0x01,0xe6,0xa0,0x03,0x02,0x01,0x02,0x02,0x04,0x02, +0x00,0x00,0xb8,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, +0x05,0x00,0x30,0x61,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, +0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74, +0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a, +0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x29,0x30,0x27,0x06,0x03, +0x55,0x04,0x03,0x13,0x20,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43, +0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x4d,0x6f,0x62,0x69,0x6c,0x65, +0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,0x0d,0x30,0x30,0x30,0x35,0x31,0x32,0x31, +0x38,0x32,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x30,0x35,0x31,0x32,0x32,0x33, +0x35,0x39,0x30,0x30,0x5a,0x30,0x61,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06, +0x13,0x02,0x49,0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42, +0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, +0x0b,0x13,0x0a,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x29,0x30, +0x27,0x06,0x03,0x55,0x04,0x03,0x13,0x20,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72, +0x65,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x4d,0x6f,0x62, +0x69,0x6c,0x65,0x20,0x52,0x6f,0x6f,0x74,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81, +0x89,0x02,0x81,0x81,0x00,0xa3,0x6d,0xb1,0x38,0x56,0xac,0xfc,0xb5,0x56,0x21,0xde, +0xc0,0x90,0x5d,0x26,0x47,0x82,0xc6,0x7d,0x8f,0x1f,0xa0,0x85,0x8f,0x2f,0xbb,0xd4, +0xe1,0x1c,0x1d,0xf2,0x24,0x1f,0x28,0xb0,0x2f,0xb9,0xa4,0xa5,0x6f,0xa2,0x22,0x20, +0x64,0xfe,0x84,0x47,0x3c,0x7e,0x2b,0x6c,0x69,0x6a,0xb8,0xd4,0xc0,0x96,0x8e,0x8c, +0x52,0x0d,0xcd,0x6f,0x41,0xd4,0xbf,0x04,0xae,0xa7,0x81,0x2f,0x2d,0x98,0x48,0xd2, +0xc1,0x94,0xa3,0xb5,0x19,0x5d,0x5d,0x51,0x64,0xf4,0x8e,0x41,0xb0,0x9b,0xc0,0x2d, +0x22,0xa0,0x5e,0xc6,0xd8,0x5a,0x12,0x63,0xbc,0x11,0x4a,0x5e,0x26,0x12,0x1d,0xe2, +0x26,0x05,0xe6,0x0f,0x5f,0x22,0x1f,0x7a,0x5f,0x76,0x94,0xae,0xcf,0x5a,0x28,0x0e, +0xab,0x45,0xda,0x22,0x31,0x02,0x03,0x01,0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x1d, +0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xc9,0xe2,0x8f,0xc0,0x02,0x26,0x5a, +0xb6,0xc0,0x07,0xe3,0x7f,0x94,0x07,0x18,0xdb,0x2e,0xa5,0x9a,0x70,0x30,0x0f,0x06, +0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0e, +0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81, +0x00,0x53,0x08,0x0b,0x26,0x09,0x78,0x42,0x73,0xd4,0xec,0x7a,0x77,0x47,0x0d,0xe3, +0x0b,0x33,0x71,0xef,0xae,0x33,0x14,0x4d,0xfb,0xfa,0xfd,0x1a,0xb7,0x51,0xf5,0xe4, +0x99,0x1c,0x06,0x71,0xd7,0x29,0x19,0xd7,0xe6,0x15,0x20,0x51,0x51,0x46,0x6d,0x4f, +0xde,0x18,0x49,0x98,0xd0,0xf8,0x78,0xbb,0x71,0xe8,0x8d,0x01,0x06,0xd5,0xd7,0x64, +0x8f,0x94,0xdf,0x47,0xfe,0xa0,0x85,0x69,0x36,0xa9,0x2f,0x42,0x7a,0x68,0x4a,0x12, +0xd6,0x8b,0x0b,0x70,0x44,0x0a,0xa4,0x04,0xef,0x26,0x88,0xc1,0x35,0x71,0x38,0x5d, +0x1b,0x5b,0x48,0x42,0xf0,0xe7,0x94,0x1c,0x70,0x95,0x34,0xa8,0xab,0xf5,0xab,0xe2, +0x78,0xad,0xf5,0xf0,0x52,0xfd,0x9b,0xea,0x42,0x0c,0xe8,0xd8,0x54,0xbe,0x53,0x66, +0xf5,}; +static const unsigned char cert_3 [] = { +0x30,0x82,0x03,0x02,0x30,0x82,0x02,0x6b,0x02,0x10,0x4c,0xc7,0xea,0xaa,0x98,0x3e, +0x71,0xd3,0x93,0x10,0xf8,0x3d,0x3a,0x89,0x91,0x92,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,0x09, +0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, +0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,0x61, +0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, +0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, +0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,0x32, +0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,0x31, +0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,0x69, +0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,0x1d, +0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20, +0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,0x17, +0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, +0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc1, +0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30, +0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, +0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13, +0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20, +0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, +0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20, +0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28, +0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, +0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74, +0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79, +0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53, +0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72, +0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, +0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xaa,0xd0, +0xba,0xbe,0x16,0x2d,0xb8,0x83,0xd4,0xca,0xd2,0x0f,0xbc,0x76,0x31,0xca,0x94,0xd8, +0x1d,0x93,0x8c,0x56,0x02,0xbc,0xd9,0x6f,0x1a,0x6f,0x52,0x36,0x6e,0x75,0x56,0x0a, +0x55,0xd3,0xdf,0x43,0x87,0x21,0x11,0x65,0x8a,0x7e,0x8f,0xbd,0x21,0xde,0x6b,0x32, +0x3f,0x1b,0x84,0x34,0x95,0x05,0x9d,0x41,0x35,0xeb,0x92,0xeb,0x96,0xdd,0xaa,0x59, +0x3f,0x01,0x53,0x6d,0x99,0x4f,0xed,0xe5,0xe2,0x2a,0x5a,0x90,0xc1,0xb9,0xc4,0xa6, +0x15,0xcf,0xc8,0x45,0xeb,0xa6,0x5d,0x8e,0x9c,0x3e,0xf0,0x64,0x24,0x76,0xa5,0xcd, +0xab,0x1a,0x6f,0xb6,0xd8,0x7b,0x51,0x61,0x6e,0xa6,0x7f,0x87,0xc8,0xe2,0xb7,0xe5, +0x34,0xdc,0x41,0x88,0xea,0x09,0x40,0xbe,0x73,0x92,0x3d,0x6b,0xe7,0x75,0x02,0x03, +0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, +0x05,0x00,0x03,0x81,0x81,0x00,0xa9,0x4f,0xc3,0x0d,0xc7,0x67,0xbe,0x2c,0xcb,0xd9, +0xa8,0xcd,0x2d,0x75,0xe7,0x7e,0x15,0x9e,0x3b,0x72,0xeb,0x7e,0xeb,0x5c,0x2d,0x09, +0x87,0xd6,0x6b,0x6d,0x60,0x7c,0xe5,0xae,0xc5,0x90,0x23,0x0c,0x5c,0x4a,0xd0,0xaf, +0xb1,0x5d,0xf3,0xc7,0xb6,0x0a,0xdb,0xe0,0x15,0x93,0x0d,0xdd,0x03,0xbc,0xc7,0x76, +0x8a,0xb5,0xdd,0x4f,0xc3,0x9b,0x13,0x75,0xb8,0x01,0xc0,0xe6,0xc9,0x5b,0x6b,0xa5, +0xb8,0x89,0xdc,0xac,0xa4,0xdd,0x72,0xed,0x4e,0xa1,0xf7,0x4f,0xbc,0x06,0xd3,0xea, +0xc8,0x64,0x74,0x7b,0xc2,0x95,0x41,0x9c,0x65,0x73,0x58,0xf1,0x90,0x9a,0x3c,0x6a, +0xb1,0x98,0xc9,0xc4,0x87,0xbc,0xcf,0x45,0x6d,0x45,0xe2,0x6e,0x22,0x3f,0xfe,0xbc, +0x0f,0x31,0x5c,0xe8,0xf2,0xd9,}; +static const unsigned char cert_4 [] = { +0x30,0x82,0x03,0x03,0x30,0x82,0x02,0x6c,0x02,0x11,0x00,0xb9,0x2f,0x60,0xcc,0x88, +0x9f,0xa1,0x7a,0x46,0x09,0xb8,0x5b,0x70,0x6c,0x8a,0xaf,0x30,0x0d,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30, +0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03, +0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49, +0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c, +0x61,0x73,0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69, +0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, +0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47, +0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20, +0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49, +0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72, +0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30, +0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, +0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e, +0x17,0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17, +0x0d,0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81, +0xc1,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17, +0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67, +0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b, +0x13,0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63, +0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69, +0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79, +0x20,0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31, +0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67, +0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75, +0x74,0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c, +0x79,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69, +0x53,0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f, +0x72,0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, +0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xa7, +0x88,0x01,0x21,0x74,0x2c,0xe7,0x1a,0x03,0xf0,0x98,0xe1,0x97,0x3c,0x0f,0x21,0x08, +0xf1,0x9c,0xdb,0x97,0xe9,0x9a,0xfc,0xc2,0x04,0x06,0x13,0xbe,0x5f,0x52,0xc8,0xcc, +0x1e,0x2c,0x12,0x56,0x2c,0xb8,0x01,0x69,0x2c,0xcc,0x99,0x1f,0xad,0xb0,0x96,0xae, +0x79,0x04,0xf2,0x13,0x39,0xc1,0x7b,0x98,0xba,0x08,0x2c,0xe8,0xc2,0x84,0x13,0x2c, +0xaa,0x69,0xe9,0x09,0xf4,0xc7,0xa9,0x02,0xa4,0x42,0xc2,0x23,0x4f,0x4a,0xd8,0xf0, +0x0e,0xa2,0xfb,0x31,0x6c,0xc9,0xe6,0x6f,0x99,0x27,0x07,0xf5,0xe6,0xf4,0x4c,0x78, +0x9e,0x6d,0xeb,0x46,0x86,0xfa,0xb9,0x86,0xc9,0x54,0xf2,0xb2,0xc4,0xaf,0xd4,0x46, +0x1c,0x5a,0xc9,0x15,0x30,0xff,0x0d,0x6c,0xf5,0x2d,0x0e,0x6d,0xce,0x7f,0x77,0x02, +0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, +0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x72,0x2e,0xf9,0x7f,0xd1,0xf1,0x71,0xfb,0xc4, +0x9e,0xf6,0xc5,0x5e,0x51,0x8a,0x40,0x98,0xb8,0x68,0xf8,0x9b,0x1c,0x83,0xd8,0xe2, +0x9d,0xbd,0xff,0xed,0xa1,0xe6,0x66,0xea,0x2f,0x09,0xf4,0xca,0xd7,0xea,0xa5,0x2b, +0x95,0xf6,0x24,0x60,0x86,0x4d,0x44,0x2e,0x83,0xa5,0xc4,0x2d,0xa0,0xd3,0xae,0x78, +0x69,0x6f,0x72,0xda,0x6c,0xae,0x08,0xf0,0x63,0x92,0x37,0xe6,0xbb,0xc4,0x30,0x17, +0xad,0x77,0xcc,0x49,0x35,0xaa,0xcf,0xd8,0x8f,0xd1,0xbe,0xb7,0x18,0x96,0x47,0x73, +0x6a,0x54,0x22,0x34,0x64,0x2d,0xb6,0x16,0x9b,0x59,0x5b,0xb4,0x51,0x59,0x3a,0xb3, +0x0b,0x14,0xf4,0x12,0xdf,0x67,0xa0,0xf4,0xad,0x32,0x64,0x5e,0xb1,0x46,0x72,0x27, +0x8c,0x12,0x7b,0xc5,0x44,0xb4,0xae,}; +static const unsigned char cert_5 [] = { +0x30,0x82,0x03,0x02,0x30,0x82,0x02,0x6b,0x02,0x10,0x7d,0xd9,0xfe,0x07,0xcf,0xa8, +0x1e,0xb7,0x10,0x79,0x67,0xfb,0xa7,0x89,0x34,0xc6,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,0x09, +0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, +0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,0x61, +0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, +0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, +0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,0x32, +0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,0x31, +0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,0x69, +0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,0x1d, +0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20, +0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,0x17, +0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, +0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc1, +0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30, +0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, +0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13, +0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20, +0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, +0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20, +0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28, +0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, +0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74, +0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79, +0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53, +0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72, +0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, +0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xcc,0x5e, +0xd1,0x11,0x5d,0x5c,0x69,0xd0,0xab,0xd3,0xb9,0x6a,0x4c,0x99,0x1f,0x59,0x98,0x30, +0x8e,0x16,0x85,0x20,0x46,0x6d,0x47,0x3f,0xd4,0x85,0x20,0x84,0xe1,0x6d,0xb3,0xf8, +0xa4,0xed,0x0c,0xf1,0x17,0x0f,0x3b,0xf9,0xa7,0xf9,0x25,0xd7,0xc1,0xcf,0x84,0x63, +0xf2,0x7c,0x63,0xcf,0xa2,0x47,0xf2,0xc6,0x5b,0x33,0x8e,0x64,0x40,0x04,0x68,0xc1, +0x80,0xb9,0x64,0x1c,0x45,0x77,0xc7,0xd8,0x6e,0xf5,0x95,0x29,0x3c,0x50,0xe8,0x34, +0xd7,0x78,0x1f,0xa8,0xba,0x6d,0x43,0x91,0x95,0x8f,0x45,0x57,0x5e,0x7e,0xc5,0xfb, +0xca,0xa4,0x04,0xeb,0xea,0x97,0x37,0x54,0x30,0x6f,0xbb,0x01,0x47,0x32,0x33,0xcd, +0xdc,0x57,0x9b,0x64,0x69,0x61,0xf8,0x9b,0x1d,0x1c,0x89,0x4f,0x5c,0x67,0x02,0x03, +0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, +0x05,0x00,0x03,0x81,0x81,0x00,0x51,0x4d,0xcd,0xbe,0x5c,0xcb,0x98,0x19,0x9c,0x15, +0xb2,0x01,0x39,0x78,0x2e,0x4d,0x0f,0x67,0x70,0x70,0x99,0xc6,0x10,0x5a,0x94,0xa4, +0x53,0x4d,0x54,0x6d,0x2b,0xaf,0x0d,0x5d,0x40,0x8b,0x64,0xd3,0xd7,0xee,0xde,0x56, +0x61,0x92,0x5f,0xa6,0xc4,0x1d,0x10,0x61,0x36,0xd3,0x2c,0x27,0x3c,0xe8,0x29,0x09, +0xb9,0x11,0x64,0x74,0xcc,0xb5,0x73,0x9f,0x1c,0x48,0xa9,0xbc,0x61,0x01,0xee,0xe2, +0x17,0xa6,0x0c,0xe3,0x40,0x08,0x3b,0x0e,0xe7,0xeb,0x44,0x73,0x2a,0x9a,0xf1,0x69, +0x92,0xef,0x71,0x14,0xc3,0x39,0xac,0x71,0xa7,0x91,0x09,0x6f,0xe4,0x71,0x06,0xb3, +0xba,0x59,0x57,0x26,0x79,0x00,0xf6,0xf8,0x0d,0xa2,0x33,0x30,0x28,0xd4,0xaa,0x58, +0xa0,0x9d,0x9d,0x69,0x91,0xfd,}; +static const unsigned char cert_6 [] = { +0x30,0x82,0x03,0x02,0x30,0x82,0x02,0x6b,0x02,0x10,0x32,0x88,0x8e,0x9a,0xd2,0xf5, +0xeb,0x13,0x47,0xf8,0x7f,0xc4,0x20,0x37,0x25,0xf8,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,0x09, +0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, +0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,0x61, +0x73,0x73,0x20,0x34,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, +0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, +0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,0x32, +0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,0x31, +0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,0x69, +0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,0x1d, +0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20, +0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,0x17, +0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, +0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc1, +0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30, +0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, +0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13, +0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x34,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20, +0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, +0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20, +0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28, +0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e, +0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74, +0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79, +0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53, +0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72, +0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, +0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xba,0xf0, +0xe4,0xcf,0xf9,0xc4,0xae,0x85,0x54,0xb9,0x07,0x57,0xf9,0x8f,0xc5,0x7f,0x68,0x11, +0xf8,0xc4,0x17,0xb0,0x44,0xdc,0xe3,0x30,0x73,0xd5,0x2a,0x62,0x2a,0xb8,0xd0,0xcc, +0x1c,0xed,0x28,0x5b,0x7e,0xbd,0x6a,0xdc,0xb3,0x91,0x24,0xca,0x41,0x62,0x3c,0xfc, +0x02,0x01,0xbf,0x1c,0x16,0x31,0x94,0x05,0x97,0x76,0x6e,0xa2,0xad,0xbd,0x61,0x17, +0x6c,0x4e,0x30,0x86,0xf0,0x51,0x37,0x2a,0x50,0xc7,0xa8,0x62,0x81,0xdc,0x5b,0x4a, +0xaa,0xc1,0xa0,0xb4,0x6e,0xeb,0x2f,0xe5,0x57,0xc5,0xb1,0x2b,0x40,0x70,0xdb,0x5a, +0x4d,0xa1,0x8e,0x1f,0xbd,0x03,0x1f,0xd8,0x03,0xd4,0x8f,0x4c,0x99,0x71,0xbc,0xe2, +0x82,0xcc,0x58,0xe8,0x98,0x3a,0x86,0xd3,0x86,0x38,0xf3,0x00,0x29,0x1f,0x02,0x03, +0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05, +0x05,0x00,0x03,0x81,0x81,0x00,0x85,0x8c,0x12,0xc1,0xa7,0xb9,0x50,0x15,0x7a,0xcb, +0x3e,0xac,0xb8,0x43,0x8a,0xdc,0xaa,0xdd,0x14,0xba,0x89,0x81,0x7e,0x01,0x3c,0x23, +0x71,0x21,0x88,0x2f,0x82,0xdc,0x63,0xfa,0x02,0x45,0xac,0x45,0x59,0xd7,0x2a,0x58, +0x44,0x5b,0xb7,0x9f,0x81,0x3b,0x92,0x68,0x3d,0xe2,0x37,0x24,0xf5,0x7b,0x6c,0x8f, +0x76,0x35,0x96,0x09,0xa8,0x59,0x9d,0xb9,0xce,0x23,0xab,0x74,0xd6,0x83,0xfd,0x32, +0x73,0x27,0xd8,0x69,0x3e,0x43,0x74,0xf6,0xae,0xc5,0x89,0x9a,0xe7,0x53,0x7c,0xe9, +0x7b,0xf6,0x4b,0xf3,0xc1,0x65,0x83,0xde,0x8d,0x8a,0x9c,0x3c,0x88,0x8d,0x39,0x59, +0xfc,0xaa,0x3f,0x22,0x8d,0xa1,0xc1,0x66,0x50,0x81,0x72,0x4c,0xed,0x22,0x64,0x4f, +0x4f,0xca,0x80,0x91,0xb6,0x29,}; +static const unsigned char cert_7 [] = { +0x30,0x82,0x02,0x5a,0x30,0x82,0x01,0xc3,0x02,0x02,0x01,0xa5,0x30,0x0d,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x75,0x31,0x0b,0x30, +0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, +0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, +0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47, +0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f, +0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x23,0x30, +0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65, +0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x47,0x6c,0x6f,0x62,0x61,0x6c,0x20,0x52,0x6f, +0x6f,0x74,0x30,0x1e,0x17,0x0d,0x39,0x38,0x30,0x38,0x31,0x33,0x30,0x30,0x32,0x39, +0x30,0x30,0x5a,0x17,0x0d,0x31,0x38,0x30,0x38,0x31,0x33,0x32,0x33,0x35,0x39,0x30, +0x30,0x5a,0x30,0x75,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, +0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20, +0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06, +0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54, +0x72,0x75,0x73,0x74,0x20,0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20, +0x49,0x6e,0x63,0x2e,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x47, +0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x47,0x6c, +0x6f,0x62,0x61,0x6c,0x20,0x52,0x6f,0x6f,0x74,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30, +0x81,0x89,0x02,0x81,0x81,0x00,0x95,0x0f,0xa0,0xb6,0xf0,0x50,0x9c,0xe8,0x7a,0xc7, +0x88,0xcd,0xdd,0x17,0x0e,0x2e,0xb0,0x94,0xd0,0x1b,0x3d,0x0e,0xf6,0x94,0xc0,0x8a, +0x94,0xc7,0x06,0xc8,0x90,0x97,0xc8,0xb8,0x64,0x1a,0x7a,0x7e,0x6c,0x3c,0x53,0xe1, +0x37,0x28,0x73,0x60,0x7f,0xb2,0x97,0x53,0x07,0x9f,0x53,0xf9,0x6d,0x58,0x94,0xd2, +0xaf,0x8d,0x6d,0x88,0x67,0x80,0xe6,0xed,0xb2,0x95,0xcf,0x72,0x31,0xca,0xa5,0x1c, +0x72,0xba,0x5c,0x02,0xe7,0x64,0x42,0xe7,0xf9,0xa9,0x2c,0xd6,0x3a,0x0d,0xac,0x8d, +0x42,0xaa,0x24,0x01,0x39,0xe6,0x9c,0x3f,0x01,0x85,0x57,0x0d,0x58,0x87,0x45,0xf8, +0xd3,0x85,0xaa,0x93,0x69,0x26,0x85,0x70,0x48,0x80,0x3f,0x12,0x15,0xc7,0x79,0xb4, +0x1f,0x05,0x2f,0x3b,0x62,0x99,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x6d,0xeb, +0x1b,0x09,0xe9,0x5e,0xd9,0x51,0xdb,0x67,0x22,0x61,0xa4,0x2a,0x3c,0x48,0x77,0xe3, +0xa0,0x7c,0xa6,0xde,0x73,0xa2,0x14,0x03,0x85,0x3d,0xfb,0xab,0x0e,0x30,0xc5,0x83, +0x16,0x33,0x81,0x13,0x08,0x9e,0x7b,0x34,0x4e,0xdf,0x40,0xc8,0x74,0xd7,0xb9,0x7d, +0xdc,0xf4,0x76,0x55,0x7d,0x9b,0x63,0x54,0x18,0xe9,0xf0,0xea,0xf3,0x5c,0xb1,0xd9, +0x8b,0x42,0x1e,0xb9,0xc0,0x95,0x4e,0xba,0xfa,0xd5,0xe2,0x7c,0xf5,0x68,0x61,0xbf, +0x8e,0xec,0x05,0x97,0x5f,0x5b,0xb0,0xd7,0xa3,0x85,0x34,0xc4,0x24,0xa7,0x0d,0x0f, +0x95,0x93,0xef,0xcb,0x94,0xd8,0x9e,0x1f,0x9d,0x5c,0x85,0x6d,0xc7,0xaa,0xae,0x4f, +0x1f,0x22,0xb5,0xcd,0x95,0xad,0xba,0xa7,0xcc,0xf9,0xab,0x0b,0x7a,0x7f,}; +static const unsigned char cert_8 [] = { +0x30,0x82,0x01,0xfa,0x30,0x82,0x01,0x63,0x02,0x02,0x01,0xa3,0x30,0x0d,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x45,0x31,0x0b,0x30, +0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, +0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, +0x74,0x69,0x6f,0x6e,0x31,0x1c,0x30,0x1a,0x06,0x03,0x55,0x04,0x03,0x13,0x13,0x47, +0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f, +0x6f,0x74,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x32,0x32,0x33,0x32,0x33,0x30,0x31, +0x30,0x30,0x5a,0x17,0x0d,0x30,0x36,0x30,0x32,0x32,0x33,0x32,0x33,0x35,0x39,0x30, +0x30,0x5a,0x30,0x45,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, +0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20, +0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x1c,0x30,0x1a,0x06, +0x03,0x55,0x04,0x03,0x13,0x13,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54, +0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30, +0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0xe6,0x4f,0xba,0xdb,0x98,0x7c,0x71,0x7c,0xaf, +0x44,0xb7,0xd3,0x0f,0x46,0xd9,0x64,0xe5,0x93,0xc1,0x42,0x8e,0xc7,0xba,0x49,0x8d, +0x35,0x2d,0x7a,0xe7,0x8b,0xbd,0xe5,0x05,0x31,0x59,0xc6,0xb1,0x2f,0x0a,0x0c,0xfb, +0x9f,0xa7,0x3f,0xa2,0x09,0x66,0x84,0x56,0x1e,0x37,0x29,0x1b,0x87,0xe9,0x7e,0x0c, +0xca,0x9a,0x9f,0xa5,0x7f,0xf5,0x15,0x94,0xa3,0xd5,0xa2,0x46,0x82,0xd8,0x68,0x4c, +0xd1,0x37,0x15,0x06,0x68,0xaf,0xbd,0xf8,0xb0,0xb3,0xf0,0x29,0xf5,0x95,0x5a,0x09, +0x16,0x61,0x77,0x0a,0x22,0x25,0xd4,0x4f,0x45,0xaa,0xc7,0xbd,0xe5,0x96,0xdf,0xf9, +0xd4,0xa8,0x8e,0x42,0xcc,0x24,0xc0,0x1e,0x91,0x27,0x4a,0xb5,0x6d,0x06,0x80,0x63, +0x39,0xc4,0xa2,0x5e,0x38,0x03,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x12,0xb3, +0x75,0xc6,0x5f,0x1d,0xe1,0x61,0x55,0x80,0x00,0xd4,0x81,0x4b,0x7b,0x31,0x0f,0x23, +0x63,0xe7,0x3d,0xf3,0x03,0xf9,0xf4,0x36,0xa8,0xbb,0xd9,0xe3,0xa5,0x97,0x4d,0xea, +0x2b,0x29,0xe0,0xd6,0x6a,0x73,0x81,0xe6,0xc0,0x89,0xa3,0xd3,0xf1,0xe0,0xa5,0xa5, +0x22,0x37,0x9a,0x63,0xc2,0x48,0x20,0xb4,0xdb,0x72,0xe3,0xc8,0xf6,0xd9,0x7c,0xbe, +0xb1,0xaf,0x53,0xda,0x14,0xb4,0x21,0xb8,0xd6,0xd5,0x96,0xe3,0xfe,0x4e,0x0c,0x59, +0x62,0xb6,0x9a,0x4a,0xf9,0x42,0xdd,0x8c,0x6f,0x81,0xa9,0x71,0xff,0xf4,0x0a,0x72, +0x6d,0x6d,0x44,0x0e,0x9d,0xf3,0x74,0x74,0xa8,0xd5,0x34,0x49,0xe9,0x5e,0x9e,0xe9, +0xb4,0x7a,0xe1,0xe5,0x5a,0x1f,0x84,0x30,0x9c,0xd3,0x9f,0xa5,0x25,0xd8,}; +static const unsigned char cert_9 [] = { +0x30,0x82,0x02,0x50,0x30,0x82,0x01,0xb9,0x02,0x02,0x01,0x9b,0x30,0x0d,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x70,0x31,0x0b,0x30, +0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, +0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, +0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47, +0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f, +0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30, +0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65, +0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x32,0x30,0x1e,0x17, +0x0d,0x39,0x38,0x30,0x38,0x31,0x31,0x31,0x31,0x33,0x35,0x30,0x37,0x5a,0x17,0x0d, +0x30,0x38,0x30,0x38,0x31,0x31,0x31,0x31,0x32,0x32,0x31,0x36,0x5a,0x30,0x70,0x31, +0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16, +0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f, +0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13, +0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20, +0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31, +0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79, +0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x32,0x30, +0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05, +0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd9,0x2c,0x4c,0x4e, +0x2f,0x69,0x1a,0x23,0xe3,0x56,0xba,0xf3,0xce,0x84,0xc0,0x09,0xc0,0x79,0xf1,0x44, +0x5f,0x33,0x1f,0x15,0x91,0x7f,0x8a,0x88,0x28,0xb8,0x24,0x45,0xcc,0x8f,0x18,0xcd, +0x1f,0x74,0xd1,0xb5,0x8f,0x71,0x4c,0xd6,0x31,0xf6,0x73,0x96,0x84,0x94,0x40,0xc5, +0xa9,0x83,0x60,0x24,0x7d,0xaf,0x6f,0x34,0xb7,0x4b,0x4c,0xc2,0x09,0x80,0x3b,0x45, +0x04,0x9e,0xc4,0x3c,0xc4,0x27,0x75,0x7b,0x00,0x0c,0xa1,0x64,0x47,0xb5,0x14,0x5d, +0x82,0x4b,0x51,0x3a,0x58,0xbb,0x44,0x4c,0x3d,0xd3,0xe5,0x06,0x38,0xe8,0x61,0x5c, +0x98,0x78,0xbb,0x80,0xb3,0x9c,0xda,0x72,0x82,0x62,0xa0,0xdf,0x9c,0x5f,0xeb,0xf9, +0x4f,0x77,0xc2,0xcc,0x60,0x18,0x00,0x6b,0x34,0x82,0x25,0xb3,0x02,0x03,0x01,0x00, +0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00, +0x03,0x81,0x81,0x00,0xa3,0x64,0x91,0x6f,0x10,0xed,0xe7,0x6e,0xa2,0x42,0x40,0x94, +0x78,0xce,0xf8,0x14,0x08,0xd1,0xfa,0x43,0x85,0xeb,0x46,0xcd,0x92,0x14,0xd0,0xef, +0x2e,0x2d,0x36,0x39,0x18,0xd9,0xba,0xc9,0x27,0x88,0x29,0xe9,0x48,0x17,0x6f,0xf8, +0xc1,0xaa,0xc8,0x61,0x6d,0x2d,0xfd,0x40,0x2d,0x75,0x43,0x30,0x97,0x39,0xf8,0x14, +0x64,0xbd,0x6f,0xef,0x63,0xa8,0x2b,0x42,0xdf,0xb2,0x5a,0x0d,0x25,0xec,0x7b,0x37, +0xd8,0xce,0x91,0x29,0x82,0x16,0xf9,0xe8,0x62,0xa2,0xe1,0x76,0xc4,0x02,0x7d,0xdd, +0x25,0x8b,0x98,0xe1,0xf6,0x0d,0x60,0x8c,0xf6,0x59,0x90,0x40,0x51,0x44,0xd1,0xc2, +0xfb,0x19,0x24,0x1e,0x17,0x39,0x6b,0x74,0x21,0x15,0x33,0xd6,0x55,0xd7,0x82,0x1e, +0x70,0x2c,0x27,0xa8,}; +static const unsigned char cert_10 [] = { +0x30,0x82,0x02,0x50,0x30,0x82,0x01,0xb9,0x02,0x02,0x01,0x97,0x30,0x0d,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x70,0x31,0x0b,0x30, +0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, +0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, +0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47, +0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f, +0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30, +0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65, +0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x33,0x30,0x1e,0x17, +0x0d,0x39,0x38,0x30,0x38,0x31,0x30,0x31,0x39,0x35,0x39,0x30,0x38,0x5a,0x17,0x0d, +0x30,0x38,0x30,0x38,0x31,0x30,0x31,0x39,0x33,0x36,0x33,0x39,0x5a,0x30,0x70,0x31, +0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16, +0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f, +0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13, +0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20, +0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31, +0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79, +0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x33,0x30, +0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05, +0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xe1,0xf3,0xb1,0x2b, +0x0b,0xce,0xdc,0x14,0xd9,0x34,0x97,0x62,0x50,0x12,0x56,0x63,0x84,0x4c,0x53,0xfa, +0xc0,0x85,0xcf,0xfa,0xc1,0xdd,0x0f,0xde,0x79,0x13,0x7f,0x53,0xfb,0xaa,0x0e,0x60, +0xdd,0xe2,0x62,0xbf,0xc6,0xee,0x4e,0x99,0x34,0xaa,0x68,0x43,0x35,0x99,0xf8,0xa3, +0xfd,0xf3,0x63,0xbd,0x01,0x54,0x6a,0x9e,0xb2,0x3a,0x96,0x2c,0x7b,0x78,0x28,0xc6, +0x5a,0xb5,0x8d,0x1a,0x15,0x18,0xfd,0xe3,0x8c,0x2e,0xa2,0x50,0x09,0x5b,0x71,0xd6, +0x0d,0xb5,0x18,0x1f,0x19,0x8e,0x04,0x29,0x93,0x93,0x78,0xab,0x5f,0x14,0xe7,0x73, +0x42,0xf2,0x03,0x0c,0x57,0xa2,0x1b,0x50,0x3b,0x0b,0xbb,0x59,0xe0,0xa0,0x3a,0x03, +0xee,0x27,0x1b,0x5a,0x4c,0xb9,0xb0,0x08,0xca,0xb9,0x1a,0x89,0x02,0x03,0x01,0x00, +0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00, +0x03,0x81,0x81,0x00,0x85,0xeb,0xad,0x94,0x20,0x06,0xe9,0xb2,0xa2,0x6b,0x3b,0xf2, +0x66,0xeb,0xe3,0x4b,0xb8,0x12,0x26,0x05,0xe5,0xf4,0x91,0xa8,0xdc,0x87,0xdc,0x98, +0xf4,0x94,0xc1,0xf4,0x61,0xbd,0xd5,0x9c,0x6c,0x51,0x73,0x95,0x5e,0xd0,0xbd,0xd7, +0xe6,0x45,0xdc,0x3c,0xcf,0x46,0x84,0xd5,0xe7,0xb9,0xec,0xe4,0x67,0x63,0x6e,0x00, +0x28,0x77,0x71,0x5d,0x4a,0x05,0xe9,0xb9,0x7c,0x86,0xcc,0xc2,0x44,0xbb,0xde,0x29, +0x48,0xda,0xea,0xdd,0xbd,0x17,0x9f,0x1d,0x51,0x01,0xa8,0xe8,0x14,0x5e,0xb1,0x57, +0xf7,0xff,0xda,0x8f,0xce,0x95,0xfe,0x2d,0xed,0x32,0x12,0x77,0xff,0x7c,0x6a,0x61, +0x95,0xae,0x31,0x72,0x06,0x08,0xf0,0xf9,0xf3,0x0d,0x8e,0xe2,0xef,0xa8,0x53,0x5d, +0x91,0x03,0x83,0xde,}; +static const unsigned char cert_11 [] = { +0x30,0x82,0x03,0x55,0x30,0x82,0x02,0x3d,0x02,0x02,0x01,0xa8,0x30,0x0d,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x70,0x31,0x0b,0x30, +0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03, +0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61, +0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47, +0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f, +0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30, +0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65, +0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x34,0x30,0x1e,0x17, +0x0d,0x39,0x38,0x30,0x38,0x31,0x33,0x31,0x33,0x35,0x31,0x30,0x30,0x5a,0x17,0x0d, +0x31,0x33,0x30,0x38,0x31,0x33,0x32,0x33,0x35,0x39,0x30,0x30,0x5a,0x30,0x70,0x31, +0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16, +0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f, +0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13, +0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20, +0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31, +0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79, +0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x34,0x30, +0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01, +0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00, +0xba,0x9d,0x22,0x6e,0x7f,0xda,0x66,0x3c,0x39,0x42,0xb1,0xa3,0x2a,0x6f,0xd3,0xf7, +0xbc,0xae,0xac,0x31,0x5a,0xd7,0x11,0x90,0x47,0xb9,0x9d,0x19,0x2e,0xf9,0xf3,0x1b, +0x22,0xa0,0xc3,0xe1,0xa7,0xba,0xc4,0xfc,0x5e,0x0a,0x94,0x4b,0x98,0x5a,0x4b,0x26, +0xe4,0x1f,0xf4,0xdc,0xf3,0xfe,0x8e,0x88,0xdc,0x6c,0x2d,0x7c,0x77,0x87,0x26,0x50, +0xc0,0x5e,0x4e,0xa8,0x28,0xa1,0xea,0x17,0x69,0x4f,0x4d,0xc6,0x01,0x0e,0xda,0x9a, +0x0d,0x06,0x56,0x26,0x15,0xb6,0xa4,0x5d,0x7a,0x35,0xaf,0x8d,0xed,0x78,0x52,0x86, +0xf9,0x38,0xab,0xb3,0x01,0xd3,0xda,0x05,0x96,0xb1,0xb6,0x50,0xab,0xc0,0xa1,0xae, +0x17,0x53,0xfa,0x43,0x39,0x20,0x71,0x65,0x23,0xdb,0x6d,0xc4,0xb6,0xed,0x98,0x45, +0x83,0xd7,0xd2,0xf6,0xe2,0xa9,0x6b,0xfb,0xf9,0x75,0xcc,0xef,0xc5,0xab,0x71,0x96, +0x35,0xe8,0xdf,0x8e,0x91,0x9b,0xa8,0x10,0x75,0x1f,0xb7,0xce,0x13,0x8e,0x6b,0xb3, +0x96,0x77,0x97,0x1a,0x91,0x2f,0xc7,0x2c,0x69,0x99,0xf0,0x0f,0x2a,0x68,0x00,0x98, +0x76,0x44,0x1b,0x8c,0x28,0xd2,0xeb,0x8e,0xf4,0x83,0xb4,0x7f,0xa4,0x25,0x5e,0x6c, +0x3b,0xd9,0xc6,0x68,0xd5,0x61,0xb8,0xd4,0x5e,0x31,0x07,0xb5,0x5b,0x90,0x35,0x52, +0x57,0x7b,0x17,0x20,0xed,0x2d,0xb8,0x1e,0x8e,0x88,0x39,0x3e,0x52,0xcb,0xdf,0xf0, +0x5c,0xb1,0x65,0xbb,0xa5,0x12,0xb4,0x90,0x63,0xbf,0x71,0x9d,0x32,0xc1,0xda,0xbf, +0x50,0x4a,0x95,0xbe,0x06,0x3a,0xc4,0x2b,0xeb,0xcd,0x98,0x76,0x44,0x4d,0x0b,0xe5, +0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, +0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x43,0xaf,0x1c,0x87,0xc9,0x49,0xba, +0x65,0x89,0x34,0x49,0x3c,0xea,0x07,0x3b,0x47,0xa2,0x79,0xd4,0xa0,0x3b,0x90,0x6c, +0xde,0x7f,0xa8,0x54,0xc3,0xe8,0x4c,0x40,0x32,0xbc,0xc8,0xec,0x1c,0xe5,0xd9,0xac, +0x40,0xba,0xfc,0x8c,0x3f,0xc2,0x73,0x9c,0xf4,0x64,0xea,0xdf,0xa9,0xed,0x4e,0x5b, +0xc8,0x01,0x60,0xee,0x39,0x6d,0x43,0x27,0xf3,0x7f,0xaa,0x08,0xd2,0xfe,0x4e,0x6f, +0x14,0x32,0x4d,0x7d,0xe4,0x34,0x80,0xa5,0x35,0xc4,0xd6,0x46,0x50,0xb4,0x3b,0xa0, +0x2d,0x65,0x1f,0x4f,0x65,0x7e,0x34,0x28,0x2d,0xc0,0xa7,0x76,0x7d,0x31,0xc9,0x0d, +0x33,0x16,0xf6,0x20,0x19,0x20,0x11,0x50,0xbb,0x03,0xcc,0x70,0x6d,0x96,0xb7,0xef, +0x4c,0xa7,0xda,0x36,0x15,0xcf,0xbb,0x4d,0xd4,0x96,0xdc,0x88,0x4d,0x6c,0x98,0xed, +0xb9,0x73,0xfe,0x28,0x57,0xa0,0xed,0x64,0xf8,0x0a,0x81,0x29,0x73,0xf6,0xf6,0x97, +0x32,0x87,0x39,0xb4,0x81,0xef,0xd9,0x4d,0x1a,0x07,0x34,0xf7,0xba,0x42,0x35,0xde, +0x57,0xdc,0x5c,0xd6,0xf7,0xc5,0xeb,0x0a,0x27,0x0c,0x81,0xa6,0xc2,0xd0,0x68,0x4e, +0xfd,0x92,0x5b,0x48,0x83,0xf6,0x16,0x8a,0x8f,0x36,0x5b,0xed,0x31,0x6c,0x3f,0x41, +0x7a,0x71,0xf7,0x92,0x3f,0x31,0xa4,0x0a,0x40,0x4c,0xf3,0x86,0xe2,0x61,0xc1,0x3c, +0x49,0x81,0x2d,0xa5,0xb8,0xef,0xba,0x97,0x0f,0xbc,0x2b,0x1d,0x9b,0x89,0xf2,0xd2, +0x8e,0x1e,0x4d,0x86,0xf2,0xc2,0xab,0xf6,0x2d,0x99,0xc0,0x1b,0x2a,0x0d,0xa1,0xb6, +0x4f,0xf9,0x2c,0x58,0x4d,0x3d,0x7d,0x37,0x0a,}; +static const unsigned char cert_12 [] = { +0x30,0x82,0x03,0xb6,0x30,0x82,0x02,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x02,0x01, +0xb6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00, +0x30,0x70,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31, +0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f, +0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55, +0x04,0x0b,0x13,0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75, +0x73,0x74,0x20,0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x31,0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45, +0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74, +0x20,0x35,0x30,0x1e,0x17,0x0d,0x39,0x38,0x30,0x38,0x31,0x34,0x31,0x34,0x35,0x30, +0x30,0x30,0x5a,0x17,0x0d,0x31,0x33,0x30,0x38,0x31,0x34,0x32,0x33,0x35,0x39,0x30, +0x30,0x5a,0x30,0x70,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, +0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20, +0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06, +0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54, +0x72,0x75,0x73,0x74,0x20,0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20, +0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47, +0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f, +0x6f,0x74,0x20,0x35,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, +0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a, +0x02,0x82,0x01,0x01,0x00,0xbc,0x12,0x6e,0x3f,0x8a,0x7c,0x7a,0x97,0x01,0xec,0x1e, +0xbb,0x39,0x5a,0x02,0xf4,0x78,0x44,0xa2,0x48,0x1b,0x8e,0x7b,0x49,0x52,0x7a,0xb8, +0x7b,0x47,0xb3,0xaf,0x94,0x9b,0x6f,0xbb,0x96,0xfa,0x2b,0x6a,0x65,0x5c,0xb8,0x1c, +0x94,0x73,0xbe,0xbf,0x89,0x0a,0x22,0x80,0xee,0x57,0xfc,0x8c,0x05,0xbb,0x70,0x9f, +0x97,0x39,0x04,0xda,0xa3,0x87,0x5c,0xa8,0xe5,0xca,0xaf,0xc0,0x33,0x9a,0xd5,0x37, +0x5c,0x4b,0xac,0xe4,0x80,0xd0,0xa6,0x23,0x60,0xfb,0xfd,0x72,0x2e,0x94,0x9d,0xc7, +0xce,0xc2,0x04,0x32,0xef,0x78,0x60,0x5d,0xed,0xad,0x87,0x0f,0x45,0x65,0x1e,0x3c, +0x9a,0x0a,0x9a,0xbe,0x5d,0x1d,0x99,0xec,0xe7,0xf2,0xd1,0xc6,0x7a,0x17,0xd9,0xad, +0x9b,0x54,0x96,0x7f,0xc4,0x7c,0x60,0xbf,0x85,0xaa,0x15,0x35,0x1d,0x40,0xda,0x11, +0xbc,0xec,0x54,0x21,0x28,0x2d,0x23,0xa1,0xa8,0xf0,0xcf,0x2d,0xcd,0xdd,0xfc,0x7e, +0x0f,0x5e,0xe1,0x65,0x07,0x56,0xcb,0x07,0xb4,0xd2,0x56,0xe8,0x5e,0x31,0xcc,0x18, +0x63,0xc4,0x86,0xd2,0x2d,0x85,0xcf,0x93,0x92,0xab,0x6d,0xfe,0x68,0x39,0xfb,0xde, +0x73,0xbd,0x86,0xf8,0xe4,0x46,0x7a,0xea,0x9f,0x0c,0xcb,0xf4,0x19,0xfe,0x63,0xbc, +0xd1,0x2c,0x7b,0x88,0x33,0x36,0xf6,0xe4,0xe1,0x9c,0x0c,0x53,0x81,0x60,0x1c,0xda, +0x2e,0xab,0x96,0xa9,0x16,0x88,0x13,0x50,0x99,0xb2,0xbd,0x55,0xdf,0x15,0x30,0x7e, +0xe8,0xe5,0x98,0xfb,0x70,0x7e,0x6c,0xb5,0x07,0xfc,0xfc,0x46,0xb7,0xd0,0xed,0x37, +0x96,0x7e,0x32,0xfe,0x21,0x02,0x03,0x01,0x00,0x01,0xa3,0x5a,0x30,0x58,0x30,0x12, +0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02, +0x01,0x05,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02, +0x01,0x06,0x30,0x17,0x06,0x03,0x55,0x1d,0x20,0x04,0x10,0x30,0x0e,0x30,0x0c,0x06, +0x0a,0x2a,0x86,0x48,0x86,0xf8,0x63,0x01,0x02,0x01,0x03,0x30,0x19,0x06,0x03,0x55, +0x1d,0x0e,0x04,0x12,0x04,0x10,0x76,0x0a,0x49,0x21,0x38,0x4c,0x9f,0xde,0xf8,0xc4, +0x49,0xc7,0x71,0x71,0x91,0x9d,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x41,0x3a,0xd4,0x18,0x5b,0xda, +0xb8,0xde,0x21,0x1c,0xe1,0x8e,0x09,0xe5,0xf1,0x68,0x34,0xff,0xde,0x96,0xf4,0x07, +0xf5,0xa7,0x3c,0xf3,0xac,0x4a,0xb1,0x9b,0xfa,0x92,0xfa,0x9b,0xed,0xe6,0x32,0x21, +0xaa,0x4a,0x76,0xc5,0xdc,0x4f,0x38,0xe5,0xdf,0xd5,0x86,0xe4,0xd5,0xc8,0x76,0x7d, +0x98,0xd7,0xb1,0xcd,0x8f,0x4d,0xb5,0x91,0x23,0x6c,0x8b,0x8a,0xeb,0xea,0x7c,0xef, +0x14,0x94,0xc4,0xc6,0xf0,0x1f,0x4a,0x2d,0x32,0x71,0x63,0x2b,0x63,0x91,0x26,0x02, +0x09,0xb6,0x80,0x1d,0xed,0xe2,0xcc,0xb8,0x7f,0xdb,0x87,0x63,0xc8,0xe1,0xd0,0x6c, +0x26,0xb1,0x35,0x1d,0x40,0x66,0x10,0x1b,0xcd,0x95,0x54,0x18,0x33,0x61,0xec,0x13, +0x4f,0xda,0x13,0xf7,0x99,0xaf,0x3e,0xd0,0xcf,0x8e,0xa6,0x72,0xa2,0xb3,0xc3,0x05, +0x9a,0xc9,0x27,0x7d,0x92,0xcc,0x7e,0x52,0x8d,0xb3,0xab,0x70,0x6d,0x9e,0x89,0x9f, +0x4d,0xeb,0x1a,0x75,0xc2,0x98,0xaa,0xd5,0x02,0x16,0xd7,0x0c,0x8a,0xbf,0x25,0xe4, +0xeb,0x2d,0xbc,0x98,0xe9,0x58,0x38,0x19,0x7c,0xb9,0x37,0xfe,0xdb,0xe2,0x99,0x08, +0x73,0x06,0xc7,0x97,0x83,0x6a,0x7d,0x10,0x01,0x2f,0x32,0xb9,0x17,0x05,0x4a,0x65, +0xe6,0x2f,0xce,0xbe,0x5e,0x53,0xa6,0x82,0xe9,0x9a,0x53,0x0a,0x84,0x74,0x2d,0x83, +0xca,0xc8,0x94,0x16,0x76,0x5f,0x94,0x61,0x28,0xf0,0x85,0xa7,0x39,0xbb,0xd7,0x8b, +0xd9,0xa8,0xb2,0x13,0x1d,0x54,0x09,0x34,0x24,0x7d,0x20,0x81,0x7d,0x66,0x7e,0xa2, +0x90,0x74,0x5c,0x10,0xc6,0xbd,0xec,0xab,0x1b,0xc2,}; +static const unsigned char cert_13 [] = { +0x30,0x82,0x02,0x3d,0x30,0x82,0x01,0xa6,0x02,0x11,0x00,0xcd,0xba,0x7f,0x56,0xf0, +0xdf,0xe4,0xbc,0x54,0xfe,0x22,0xac,0xb3,0x72,0xaa,0x55,0x30,0x0d,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09, +0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, +0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61, +0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, +0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, +0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39, +0x36,0x30,0x31,0x32,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x38, +0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30, +0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03, +0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49, +0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c, +0x61,0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69, +0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, +0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9f,0x30, +0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81, +0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xe5,0x19,0xbf,0x6d,0xa3,0x56,0x61, +0x2d,0x99,0x48,0x71,0xf6,0x67,0xde,0xb9,0x8d,0xeb,0xb7,0x9e,0x86,0x80,0x0a,0x91, +0x0e,0xfa,0x38,0x25,0xaf,0x46,0x88,0x82,0xe5,0x73,0xa8,0xa0,0x9b,0x24,0x5d,0x0d, +0x1f,0xcc,0x65,0x6e,0x0c,0xb0,0xd0,0x56,0x84,0x18,0x87,0x9a,0x06,0x9b,0x10,0xa1, +0x73,0xdf,0xb4,0x58,0x39,0x6b,0x6e,0xc1,0xf6,0x15,0xd5,0xa8,0xa8,0x3f,0xaa,0x12, +0x06,0x8d,0x31,0xac,0x7f,0xb0,0x34,0xd7,0x8f,0x34,0x67,0x88,0x09,0xcd,0x14,0x11, +0xe2,0x4e,0x45,0x56,0x69,0x1f,0x78,0x02,0x80,0xda,0xdc,0x47,0x91,0x29,0xbb,0x36, +0xc9,0x63,0x5c,0xc5,0xe0,0xd7,0x2d,0x87,0x7b,0xa1,0xb7,0x32,0xb0,0x7b,0x30,0xba, +0x2a,0x2f,0x31,0xaa,0xee,0xa3,0x67,0xda,0xdb,0x02,0x03,0x01,0x00,0x01,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x81,0x81, +0x00,0x4c,0x3f,0xb8,0x8b,0xc6,0x68,0xdf,0xee,0x43,0x33,0x0e,0x5d,0xe9,0xa6,0xcb, +0x07,0x84,0x4d,0x7a,0x33,0xff,0x92,0x1b,0xf4,0x36,0xad,0xd8,0x95,0x22,0x36,0x68, +0x11,0x6c,0x7c,0x42,0xcc,0xf3,0x9c,0x2e,0xc4,0x07,0x3f,0x14,0xb0,0x0f,0x4f,0xff, +0x90,0x92,0x76,0xf9,0xe2,0xbc,0x4a,0xe9,0x8f,0xcd,0xa0,0x80,0x0a,0xf7,0xc5,0x29, +0xf1,0x82,0x22,0x5d,0xb8,0xb1,0xdd,0x81,0x23,0xa3,0x7b,0x25,0x15,0x46,0x30,0x79, +0x16,0xf8,0xea,0x05,0x4b,0x94,0x7f,0x1d,0xc2,0x1c,0xc8,0xe3,0xb7,0xf4,0x10,0x40, +0x3c,0x13,0xc3,0x5f,0x1f,0x53,0xe8,0x48,0xe4,0x86,0xb4,0x7b,0xa1,0x35,0xb0,0x7b, +0x25,0xba,0xb8,0xd3,0x8e,0xab,0x3f,0x38,0x9d,0x00,0x34,0x00,0x98,0xf3,0xd1,0x71, +0x94,}; +static const unsigned char cert_14 [] = { +0x30,0x82,0x02,0x3c,0x30,0x82,0x01,0xa5,0x02,0x10,0x2d,0x1b,0xfc,0x4a,0x17,0x8d, +0xa3,0x91,0xeb,0xe7,0xff,0xf5,0x8b,0x45,0xbe,0x0b,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06, +0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04, +0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63, +0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73, +0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61, +0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e, +0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,0x36, +0x30,0x31,0x32,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x38,0x30, +0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,0x09, +0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, +0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61, +0x73,0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, +0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, +0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9f,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d, +0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb6,0x5a,0x8b,0xa3,0x0d,0x6a,0x23,0x83, +0x80,0x6b,0xcf,0x39,0x87,0xf4,0x21,0x13,0x33,0x06,0x4c,0x25,0xa2,0xed,0x55,0x12, +0x97,0xc5,0xa7,0x80,0xb9,0xfa,0x83,0xc1,0x20,0xa0,0xfa,0x2f,0x15,0x0d,0x7c,0xa1, +0x60,0x6b,0x7e,0x79,0x2c,0xfa,0x06,0x0f,0x3a,0xae,0xf6,0x1b,0x6f,0xb1,0xd2,0xff, +0x2f,0x28,0x52,0x5f,0x83,0x7d,0x4b,0xc4,0x7a,0xb7,0xf8,0x66,0x1f,0x80,0x54,0xfc, +0xb7,0xc2,0x8e,0x59,0x4a,0x14,0x57,0x46,0xd1,0x9a,0x93,0xbe,0x41,0x91,0x03,0xbb, +0x15,0x80,0x93,0x5c,0xeb,0xe7,0xcc,0x08,0x6c,0x3f,0x3e,0xb3,0x4a,0xfc,0xff,0x4b, +0x6c,0x23,0xd5,0x50,0x82,0x26,0x44,0x19,0x8e,0x23,0xc3,0x71,0xea,0x19,0x24,0x47, +0x04,0x9e,0x75,0xbf,0xc8,0xa6,0x00,0x1f,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06, +0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x81,0x81,0x00, +0x8a,0x1b,0x2b,0xfa,0x39,0xc1,0x74,0xd7,0x5e,0xd8,0x19,0x64,0xa2,0x58,0x4a,0x2d, +0x37,0xe0,0x33,0x47,0x0f,0xac,0xed,0xf7,0xaa,0xdb,0x1e,0xe4,0x8b,0x06,0x5c,0x60, +0x27,0xca,0x45,0x52,0xce,0x16,0xef,0x3f,0x06,0x64,0xe7,0x94,0x68,0x7c,0x60,0x33, +0x15,0x11,0x69,0xaf,0x9d,0x62,0x8d,0xa3,0x03,0x54,0x6b,0xa6,0xbe,0xe5,0xee,0x05, +0x18,0x60,0x04,0xbf,0x42,0x80,0xfd,0xd0,0xa8,0xa8,0x1e,0x01,0x3b,0xf7,0xa3,0x5c, +0xaf,0xa3,0xdc,0xe6,0x26,0x80,0x23,0x3c,0xb8,0x44,0x74,0xf7,0x0a,0xae,0x49,0x8b, +0x61,0x78,0xcc,0x24,0xbf,0x88,0x8a,0xa7,0x0e,0xea,0x73,0x19,0x41,0xfd,0x4d,0x03, +0xf0,0x88,0xd1,0xe5,0x78,0x8d,0xa5,0x2a,0x4f,0xf6,0x97,0x0d,0x17,0x77,0xca,0xd8, +}; +static const unsigned char cert_15 [] = { +0x30,0x82,0x02,0x3c,0x30,0x82,0x01,0xa5,0x02,0x10,0x70,0xba,0xe4,0x1d,0x10,0xd9, +0x29,0x34,0xb6,0x38,0xca,0x7b,0x03,0xcc,0xba,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06, +0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04, +0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63, +0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73, +0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61, +0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e, +0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,0x36, +0x30,0x31,0x32,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x38,0x30, +0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,0x09, +0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55, +0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e, +0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61, +0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d, +0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, +0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9f,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d, +0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc9,0x5c,0x59,0x9e,0xf2,0x1b,0x8a,0x01, +0x14,0xb4,0x10,0xdf,0x04,0x40,0xdb,0xe3,0x57,0xaf,0x6a,0x45,0x40,0x8f,0x84,0x0c, +0x0b,0xd1,0x33,0xd9,0xd9,0x11,0xcf,0xee,0x02,0x58,0x1f,0x25,0xf7,0x2a,0xa8,0x44, +0x05,0xaa,0xec,0x03,0x1f,0x78,0x7f,0x9e,0x93,0xb9,0x9a,0x00,0xaa,0x23,0x7d,0xd6, +0xac,0x85,0xa2,0x63,0x45,0xc7,0x72,0x27,0xcc,0xf4,0x4c,0xc6,0x75,0x71,0xd2,0x39, +0xef,0x4f,0x42,0xf0,0x75,0xdf,0x0a,0x90,0xc6,0x8e,0x20,0x6f,0x98,0x0f,0xf8,0xac, +0x23,0x5f,0x70,0x29,0x36,0xa4,0xc9,0x86,0xe7,0xb1,0x9a,0x20,0xcb,0x53,0xa5,0x85, +0xe7,0x3d,0xbe,0x7d,0x9a,0xfe,0x24,0x45,0x33,0xdc,0x76,0x15,0xed,0x0f,0xa2,0x71, +0x64,0x4c,0x65,0x2e,0x81,0x68,0x45,0xa7,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06, +0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x81,0x81,0x00, +0xbb,0x4c,0x12,0x2b,0xcf,0x2c,0x26,0x00,0x4f,0x14,0x13,0xdd,0xa6,0xfb,0xfc,0x0a, +0x11,0x84,0x8c,0xf3,0x28,0x1c,0x67,0x92,0x2f,0x7c,0xb6,0xc5,0xfa,0xdf,0xf0,0xe8, +0x95,0xbc,0x1d,0x8f,0x6c,0x2c,0xa8,0x51,0xcc,0x73,0xd8,0xa4,0xc0,0x53,0xf0,0x4e, +0xd6,0x26,0xc0,0x76,0x01,0x57,0x81,0x92,0x5e,0x21,0xf1,0xd1,0xb1,0xff,0xe7,0xd0, +0x21,0x58,0xcd,0x69,0x17,0xe3,0x44,0x1c,0x9c,0x19,0x44,0x39,0x89,0x5c,0xdc,0x9c, +0x00,0x0f,0x56,0x8d,0x02,0x99,0xed,0xa2,0x90,0x45,0x4c,0xe4,0xbb,0x10,0xa4,0x3d, +0xf0,0x32,0x03,0x0e,0xf1,0xce,0xf8,0xe8,0xc9,0x51,0x8c,0xe6,0x62,0x9f,0xe6,0x9f, +0xc0,0x7d,0xb7,0x72,0x9c,0xc9,0x36,0x3a,0x6b,0x9f,0x4e,0xa8,0xff,0x64,0x0d,0x64, +}; +static const unsigned char cert_16 [] = { +0x30,0x82,0x02,0x34,0x30,0x82,0x01,0xa1,0x02,0x10,0x02,0xad,0x66,0x7e,0x4e,0x45, +0xfe,0x5e,0x57,0x6f,0x3c,0x98,0x19,0x5e,0xdd,0xc0,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06, +0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x20,0x30,0x1e,0x06,0x03,0x55,0x04, +0x0a,0x13,0x17,0x52,0x53,0x41,0x20,0x44,0x61,0x74,0x61,0x20,0x53,0x65,0x63,0x75, +0x72,0x69,0x74,0x79,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2e,0x30,0x2c,0x06,0x03, +0x55,0x04,0x0b,0x13,0x25,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76, +0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e, +0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,0x34, +0x31,0x31,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x30,0x30, +0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,0x09, +0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x20,0x30,0x1e,0x06,0x03,0x55, +0x04,0x0a,0x13,0x17,0x52,0x53,0x41,0x20,0x44,0x61,0x74,0x61,0x20,0x53,0x65,0x63, +0x75,0x72,0x69,0x74,0x79,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2e,0x30,0x2c,0x06, +0x03,0x55,0x04,0x0b,0x13,0x25,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72, +0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, +0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9b,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x89, +0x00,0x30,0x81,0x85,0x02,0x7e,0x00,0x92,0xce,0x7a,0xc1,0xae,0x83,0x3e,0x5a,0xaa, +0x89,0x83,0x57,0xac,0x25,0x01,0x76,0x0c,0xad,0xae,0x8e,0x2c,0x37,0xce,0xeb,0x35, +0x78,0x64,0x54,0x03,0xe5,0x84,0x40,0x51,0xc9,0xbf,0x8f,0x08,0xe2,0x8a,0x82,0x08, +0xd2,0x16,0x86,0x37,0x55,0xe9,0xb1,0x21,0x02,0xad,0x76,0x68,0x81,0x9a,0x05,0xa2, +0x4b,0xc9,0x4b,0x25,0x66,0x22,0x56,0x6c,0x88,0x07,0x8f,0xf7,0x81,0x59,0x6d,0x84, +0x07,0x65,0x70,0x13,0x71,0x76,0x3e,0x9b,0x77,0x4c,0xe3,0x50,0x89,0x56,0x98,0x48, +0xb9,0x1d,0xa7,0x29,0x1a,0x13,0x2e,0x4a,0x11,0x59,0x9c,0x1e,0x15,0xd5,0x49,0x54, +0x2c,0x73,0x3a,0x69,0x82,0xb1,0x97,0x39,0x9c,0x6d,0x70,0x67,0x48,0xe5,0xdd,0x2d, +0xd6,0xc8,0x1e,0x7b,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48, +0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x7e,0x00,0x65,0xdd,0x7e,0xe1,0xb2, +0xec,0xb0,0xe2,0x3a,0xe0,0xec,0x71,0x46,0x9a,0x19,0x11,0xb8,0xd3,0xc7,0xa0,0xb4, +0x03,0x40,0x26,0x02,0x3e,0x09,0x9c,0xe1,0x12,0xb3,0xd1,0x5a,0xf6,0x37,0xa5,0xb7, +0x61,0x03,0xb6,0x5b,0x16,0x69,0x3b,0xc6,0x44,0x08,0x0c,0x88,0x53,0x0c,0x6b,0x97, +0x49,0xc7,0x3e,0x35,0xdc,0x6c,0xb9,0xbb,0xaa,0xdf,0x5c,0xbb,0x3a,0x2f,0x93,0x60, +0xb6,0xa9,0x4b,0x4d,0xf2,0x20,0xf7,0xcd,0x5f,0x7f,0x64,0x7b,0x8e,0xdc,0x00,0x5c, +0xd7,0xfa,0x77,0xca,0x39,0x16,0x59,0x6f,0x0e,0xea,0xd3,0xb5,0x83,0x7f,0x4d,0x4d, +0x42,0x56,0x76,0xb4,0xc9,0x5f,0x04,0xf8,0x38,0xf8,0xeb,0xd2,0x5f,0x75,0x5f,0xcd, +0x7b,0xfc,0xe5,0x8e,0x80,0x7c,0xfc,0x50,}; +static const unsigned char cert_17 [] = { +0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, +0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, +0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, +0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, +0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, +0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, +0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, +0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x30, +0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, +0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, +0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, +0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x34,0x34,0x38,0x5a,0x17, +0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x34,0x34,0x38,0x5a,0x30,0x81, +0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, +0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, +0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, +0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, +0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, +0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, +0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, +0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, +0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x30,0x20, +0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, +0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, +0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, +0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xdf,0x7d,0xe6,0xbe,0xbf,0xd5, +0xf0,0x2f,0x6d,0x4e,0x0e,0xd1,0xe0,0x8d,0x0b,0x7f,0x3b,0x54,0xe8,0x8a,0xe2,0xb0, +0x9f,0x28,0xc5,0x8a,0xc6,0xb9,0xb3,0x33,0x27,0xf5,0x27,0xca,0x1a,0x4c,0x54,0x12, +0x6b,0xb4,0xb2,0x46,0xb3,0x1d,0x4b,0xb3,0xf4,0x21,0x0b,0x4b,0x02,0x2e,0xa1,0xc2, +0x34,0x9c,0x85,0xa0,0xc4,0x78,0x11,0xdb,0xdb,0x6b,0x27,0x2b,0x09,0x2a,0x18,0x4e, +0x40,0xcc,0x9f,0x71,0x19,0x67,0x99,0x74,0xa2,0x7c,0x3f,0xc1,0xd8,0x8b,0x23,0xc8, +0x63,0x3b,0x8a,0x21,0xab,0x5c,0xde,0x1e,0xf4,0x8d,0xdc,0xb4,0x18,0xc3,0x05,0x73, +0xf4,0x6a,0xb4,0xa1,0xfa,0x01,0x08,0x2b,0x01,0x0f,0x6d,0x37,0x5b,0xaa,0x38,0x86, +0x67,0x39,0xd7,0xe5,0x5f,0xfa,0xe4,0x7e,0xcc,0xa3,0x02,0x03,0x01,0x00,0x01,0xa3, +0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, +0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, +0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, +0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, +0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, +0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, +0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, +0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, +0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, +0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, +0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, +0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, +0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, +0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, +0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x30, +0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, +0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x4d,0x07,0x7f,0x5f,0x09,0x30,0x19, +0x92,0xaa,0x05,0x47,0x7a,0x94,0x75,0x54,0x2a,0xae,0xcf,0xfc,0xd8,0x0c,0x42,0xe1, +0x45,0x38,0x2b,0x24,0x95,0xb2,0xca,0x87,0xca,0x79,0xc4,0xc3,0x97,0x90,0x5e,0x62, +0x18,0xc6,0xc9,0x38,0x61,0x4c,0x68,0x35,0xd3,0x4c,0x14,0x11,0xeb,0xc4,0xcd,0xa1, +0xa9,0xd8,0xc5,0x9e,0x68,0x27,0x32,0x07,0x35,0x45,0x04,0xf8,0x5f,0x21,0xa0,0x60, +0x1e,0x1c,0x00,0x48,0x04,0x58,0xd2,0xc5,0xcb,0xae,0x6d,0x32,0x6e,0x3d,0x77,0x95, +0x8c,0x85,0xc7,0xe5,0xae,0x50,0x9d,0x75,0x4a,0x7b,0xff,0x0b,0x27,0x79,0xea,0x4d, +0xa4,0x59,0xff,0xec,0x5a,0xea,0x26,0xa5,0x39,0x83,0xa4,0xd1,0x78,0xce,0xa7,0xa9, +0x7e,0xbc,0xdd,0x2b,0xca,0x12,0x93,0x03,0x4a,}; +static const unsigned char cert_18 [] = { +0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x02, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, +0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, +0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, +0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, +0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, +0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, +0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, +0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x31, +0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, +0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, +0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, +0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x36,0x33,0x33,0x5a,0x17, +0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x36,0x33,0x33,0x5a,0x30,0x81, +0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, +0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, +0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, +0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, +0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, +0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, +0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, +0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, +0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x31,0x20, +0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, +0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, +0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, +0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb0,0x29,0xeb,0xb4,0x76,0xb3, +0xae,0xd7,0xb6,0x5b,0xb4,0x5e,0xe7,0xbd,0xe3,0xb1,0x9c,0x49,0x04,0x57,0x5b,0xa1, +0xab,0xd9,0x7f,0x13,0x1b,0xfd,0xba,0x61,0xab,0xd8,0xe7,0x71,0xdf,0x2d,0x00,0x94, +0x5d,0x51,0x48,0x7d,0x23,0xef,0x75,0x62,0x84,0x90,0x3c,0x0a,0x1f,0x59,0x11,0x74, +0x2f,0x8e,0x80,0xa5,0xfd,0x30,0x02,0x3d,0x29,0x52,0xcd,0x72,0x1a,0x49,0x21,0x9c, +0xbc,0xcb,0x52,0x8e,0x48,0xa1,0x63,0x96,0xc8,0x10,0x85,0x30,0x69,0x57,0x74,0x45, +0xc0,0x5a,0x86,0xc6,0xd5,0x3d,0xe0,0x68,0x57,0x7d,0x31,0x6a,0x24,0x8d,0x45,0x97, +0x3e,0x31,0x7e,0x68,0x66,0x32,0x6e,0x24,0x6d,0xec,0x32,0x36,0xc9,0x41,0xca,0xf0, +0x31,0x44,0xc8,0xa3,0x61,0xca,0x1b,0xa0,0x36,0x1f,0x02,0x03,0x01,0x00,0x01,0xa3, +0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, +0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, +0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, +0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, +0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, +0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, +0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, +0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, +0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, +0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, +0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, +0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, +0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, +0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, +0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x31, +0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, +0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x05,0x42,0x52,0x26,0xa4,0x0c,0x27, +0x01,0x44,0xac,0x5c,0x25,0x28,0xc2,0x44,0x42,0x54,0x08,0xb9,0x1d,0xc5,0x3e,0x6c, +0x59,0x66,0xc4,0xb3,0x4e,0x50,0xa7,0xf8,0xf8,0x96,0x75,0xa1,0x96,0x75,0xe8,0x16, +0x38,0xa0,0xcd,0x5d,0x6e,0xfa,0x79,0xa7,0x1b,0x7b,0x1d,0x1e,0xc3,0x00,0xb9,0x66, +0xbe,0x5a,0xd6,0x62,0x0f,0xe7,0xf2,0x7b,0xb8,0xef,0x4c,0xe0,0xc0,0x3f,0x59,0xae, +0x39,0xb7,0x84,0x09,0x9e,0xab,0xf1,0xa9,0x2e,0x6b,0x69,0xe2,0xad,0xcc,0xf2,0xea, +0x78,0x09,0x05,0x20,0x38,0x42,0x71,0x18,0x7e,0xc7,0xb2,0x97,0xe6,0xd5,0x02,0x05, +0x06,0x56,0xa3,0x5f,0xf1,0xaa,0xc2,0xc4,0x4f,0xfe,0xf7,0xef,0x16,0x0f,0x9d,0xec, +0xaa,0x85,0xcf,0x3d,0x29,0x24,0xf1,0x04,0xcd,}; +static const unsigned char cert_19 [] = { +0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x03, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, +0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, +0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, +0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, +0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, +0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, +0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, +0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x32, +0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, +0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, +0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, +0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x37,0x34,0x34,0x5a,0x17, +0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x37,0x34,0x34,0x5a,0x30,0x81, +0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, +0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, +0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, +0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, +0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, +0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, +0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, +0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, +0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x32,0x20, +0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, +0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, +0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, +0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xda,0x38,0xe8,0xed,0x32,0x00, +0x29,0x71,0x83,0x01,0x0d,0xbf,0x8c,0x01,0xdc,0xda,0xc6,0xad,0x39,0xa4,0xa9,0x8a, +0x2f,0xd5,0x8b,0x5c,0x68,0x5f,0x50,0xc6,0x62,0xf5,0x66,0xbd,0xca,0x91,0x22,0xec, +0xaa,0x1d,0x51,0xd7,0x3d,0xb3,0x51,0xb2,0x83,0x4e,0x5d,0xcb,0x49,0xb0,0xf0,0x4c, +0x55,0xe5,0x6b,0x2d,0xc7,0x85,0x0b,0x30,0x1c,0x92,0x4e,0x82,0xd4,0xca,0x02,0xed, +0xf7,0x6f,0xbe,0xdc,0xe0,0xe3,0x14,0xb8,0x05,0x53,0xf2,0x9a,0xf4,0x56,0x8b,0x5a, +0x9e,0x85,0x93,0xd1,0xb4,0x82,0x56,0xae,0x4d,0xbb,0xa8,0x4b,0x57,0x16,0xbc,0xfe, +0xf8,0x58,0x9e,0xf8,0x29,0x8d,0xb0,0x7b,0xcd,0x78,0xc9,0x4f,0xac,0x8b,0x67,0x0c, +0xf1,0x9c,0xfb,0xfc,0x57,0x9b,0x57,0x5c,0x4f,0x0d,0x02,0x03,0x01,0x00,0x01,0xa3, +0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, +0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, +0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, +0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, +0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, +0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, +0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, +0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, +0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, +0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, +0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, +0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, +0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, +0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, +0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x32, +0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, +0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x89,0x1b,0xf4,0xef,0xe9,0x38,0xe2, +0x6c,0x0c,0xf6,0xcd,0x6f,0x49,0xce,0x29,0xcc,0xfb,0xa6,0x0f,0xf9,0x8d,0x3e,0x95, +0x46,0xd6,0xfc,0x47,0x32,0x89,0xb2,0xc8,0x06,0x61,0x7a,0xd2,0xe7,0x0d,0x13,0x02, +0x94,0x0b,0xd9,0x8b,0x56,0x47,0xf4,0xbb,0xe7,0xc5,0x5f,0x7b,0xf4,0x63,0x4c,0xae, +0x7c,0x34,0xea,0x0d,0xa2,0xa9,0xb3,0x2c,0x85,0xf3,0xe3,0xfe,0x27,0x54,0x10,0x92, +0xb0,0x8f,0x92,0xc1,0x98,0x42,0x18,0x70,0x48,0xdb,0x4e,0x2c,0xeb,0x0d,0x24,0x68, +0xe4,0xd1,0xf7,0xbe,0x09,0xa9,0x29,0x87,0xbb,0xe8,0xda,0xdc,0x3e,0xa3,0x88,0x42, +0x31,0xf5,0xd1,0xe3,0x7f,0xae,0xd8,0x8e,0x00,0x5a,0x74,0x98,0xb0,0x4f,0xc6,0xff, +0x23,0x7b,0x5c,0x73,0x00,0x78,0xc9,0xdb,0x4e,}; +static const unsigned char cert_20 [] = { +0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x04, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, +0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, +0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, +0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, +0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, +0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, +0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, +0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33, +0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, +0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, +0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, +0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x38,0x34,0x39,0x5a,0x17, +0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x38,0x34,0x39,0x5a,0x30,0x81, +0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, +0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, +0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, +0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, +0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, +0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, +0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, +0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, +0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20, +0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, +0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, +0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, +0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb6,0xb4,0xc1,0x35,0x05,0x2e, +0x0d,0x8d,0xec,0xa0,0x40,0x6a,0x1c,0x0e,0x27,0xa6,0x50,0x92,0x6b,0x50,0x1b,0x07, +0xde,0x2e,0xe7,0x76,0xcc,0xe0,0xda,0xfc,0x84,0xa8,0x5e,0x8c,0x63,0x6a,0x2b,0x4d, +0xd9,0x4e,0x02,0x76,0x11,0xc1,0x0b,0xf2,0x8d,0x79,0xca,0x00,0xb6,0xf1,0xb0,0x0e, +0xd7,0xfb,0xa4,0x17,0x3d,0xaf,0xab,0x69,0x7a,0x96,0x27,0xbf,0xaf,0x33,0xa1,0x9a, +0x2a,0x59,0xaa,0xc4,0xb5,0x37,0x08,0xf2,0x12,0xa5,0x31,0xb6,0x43,0xf5,0x32,0x96, +0x71,0x28,0x28,0xab,0x8d,0x28,0x86,0xdf,0xbb,0xee,0xe3,0x0c,0x7d,0x30,0xd6,0xc3, +0x52,0xab,0x8f,0x5d,0x27,0x9c,0x6b,0xc0,0xa3,0xe7,0x05,0x6b,0x57,0x49,0x44,0xb3, +0x6e,0xea,0x64,0xcf,0xd2,0x8e,0x7a,0x50,0x77,0x77,0x02,0x03,0x01,0x00,0x01,0xa3, +0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, +0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, +0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, +0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, +0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, +0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, +0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, +0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, +0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, +0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, +0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, +0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, +0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, +0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, +0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33, +0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, +0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x84,0x86,0x50,0x62,0x79,0xa0,0x27, +0xe1,0x25,0xba,0x09,0xb1,0x34,0x0f,0x13,0x09,0xed,0x2d,0xca,0xa3,0xe6,0x95,0xf9, +0x30,0xac,0xcd,0x17,0xa5,0xce,0x3d,0x97,0x9d,0xec,0x7c,0x8f,0x26,0x7f,0xc0,0x61, +0xca,0x22,0xf7,0x91,0xdd,0x3c,0x36,0x59,0x9a,0x9b,0x75,0xf7,0xbc,0xe4,0xc8,0xed, +0xec,0x02,0xb6,0x22,0xa7,0xf3,0x2c,0xf1,0xc8,0x92,0x78,0x6d,0xb6,0xee,0xc5,0x28, +0xec,0x80,0x20,0x4f,0xb9,0x6b,0x08,0xe7,0x2f,0xa7,0x86,0x1e,0x7d,0xb1,0x08,0x9f, +0x54,0xb9,0x00,0x37,0x3c,0xa0,0xd8,0x1a,0xc8,0x96,0x1c,0xf4,0x32,0x14,0x9c,0x39, +0x95,0xb7,0xee,0xf0,0x43,0x49,0xc2,0x5e,0xe8,0xcb,0x79,0x6f,0x53,0xbf,0xfb,0x49, +0x8a,0x2c,0xd8,0x4b,0xd9,0x55,0xf2,0x12,0x70,}; +static const unsigned char cert_21 [] = { +0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x05, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31, +0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72, +0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62, +0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43, +0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72, +0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74, +0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31, +0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x34, +0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, +0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40, +0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e, +0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x34,0x30,0x30,0x32,0x30,0x5a,0x17, +0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x34,0x30,0x30,0x32,0x30,0x5a,0x30,0x81, +0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10, +0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67, +0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75, +0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20, +0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20, +0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61, +0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22, +0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73, +0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x34,0x20, +0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09, +0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74, +0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, +0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xbf,0x2f,0x63,0xd6,0x36,0x7b, +0xb2,0x0d,0xd3,0x55,0xf5,0x64,0x6c,0xe6,0x25,0x5d,0xc6,0xb4,0xc8,0x14,0xba,0x25, +0x38,0x83,0xeb,0x56,0x62,0xa5,0x55,0xa9,0x65,0xa3,0xf4,0x23,0x99,0xc2,0x4b,0xb9, +0xd0,0xcd,0x54,0x67,0xa6,0xa3,0xa0,0xa3,0xa9,0x33,0x2b,0x76,0xe4,0xbd,0xad,0x77, +0xb2,0xed,0x5c,0x12,0x74,0xc3,0xc5,0xb6,0x0f,0x52,0x9a,0x72,0x93,0x43,0x90,0x62, +0x66,0x15,0x0f,0x45,0xa5,0xdd,0xe0,0xdd,0xb8,0x6f,0x40,0x6e,0x57,0xc1,0x79,0x72, +0xa3,0x60,0xaa,0xba,0x76,0x1d,0x12,0x89,0x53,0x5a,0xfc,0x02,0xbe,0xe1,0x09,0x13, +0xc5,0x4a,0x2f,0xdc,0x3d,0x8b,0x19,0xad,0xd7,0x8b,0x24,0x45,0xfb,0x4c,0xf4,0xcd, +0x5c,0x35,0x1d,0x29,0x4c,0x51,0xf3,0xf2,0x6c,0x55,0x02,0x03,0x01,0x00,0x01,0xa3, +0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86, +0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f, +0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e, +0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b, +0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a, +0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65, +0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65, +0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60, +0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70, +0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e, +0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52, +0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f, +0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72, +0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69, +0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48, +0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75, +0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x34, +0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01, +0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x94,0x68,0x14,0x1b,0x25,0x9e,0x29, +0x99,0xb1,0xb2,0x23,0xd2,0x44,0xb3,0x95,0x9f,0xd1,0x9e,0x55,0x04,0xdd,0xe3,0x2f, +0x82,0x33,0x55,0x96,0x77,0x19,0x9d,0x2b,0x9e,0x65,0x1c,0xfa,0x8a,0xe3,0xc7,0x8f, +0x25,0xfc,0xb1,0x1e,0x55,0x46,0x0f,0x8f,0xff,0x4f,0x37,0x2f,0xa4,0x76,0x59,0xa6, +0x64,0xeb,0xd5,0x16,0x70,0xbd,0xdd,0x95,0x33,0x0c,0xa4,0x0d,0x24,0xeb,0x64,0x50, +0xb4,0x43,0x11,0xf2,0x43,0xbe,0x0d,0x71,0x98,0x22,0xec,0x01,0xaf,0xec,0xf7,0xc7, +0x5c,0x71,0xc3,0x75,0x91,0x58,0x19,0xe8,0xdd,0xa0,0xf4,0xb4,0xf1,0xbc,0x10,0x4a, +0xf3,0x93,0xb4,0x06,0x49,0xbb,0x1f,0x66,0xd2,0xbd,0x74,0x47,0xe1,0x9a,0xf9,0xeb, +0xd7,0xab,0x6d,0x1f,0xba,0xe1,0x1d,0x2c,0xda,}; +static const unsigned char cert_22 [] = { +0x30,0x82,0x03,0x21,0x30,0x82,0x02,0x8a,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xcb,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, +0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, +0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, +0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03, +0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, +0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13, +0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53, +0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e, +0x31,0x21,0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,0x68,0x61,0x77,0x74, +0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x42,0x61,0x73,0x69,0x63, +0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, +0x09,0x01,0x16,0x19,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,0x62,0x61,0x73, +0x69,0x63,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x1e,0x17, +0x0d,0x39,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d, +0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xcb, +0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31,0x15,0x30, +0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72,0x6e,0x20, +0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43, +0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03,0x55,0x04, +0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,0x75,0x6c, +0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13,0x1f,0x43, +0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53,0x65,0x72, +0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e,0x31,0x21, +0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,0x68,0x61,0x77,0x74,0x65,0x20, +0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x43, +0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01, +0x16,0x19,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,0x62,0x61,0x73,0x69,0x63, +0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9f,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d, +0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xbc,0xbc,0x93,0x53,0x6d,0xc0,0x50,0x4f, +0x82,0x15,0xe6,0x48,0x94,0x35,0xa6,0x5a,0xbe,0x6f,0x42,0xfa,0x0f,0x47,0xee,0x77, +0x75,0x72,0xdd,0x8d,0x49,0x9b,0x96,0x57,0xa0,0x78,0xd4,0xca,0x3f,0x51,0xb3,0x69, +0x0b,0x91,0x76,0x17,0x22,0x07,0x97,0x6a,0xc4,0x51,0x93,0x4b,0xe0,0x8d,0xef,0x37, +0x95,0xa1,0x0c,0x4d,0xda,0x34,0x90,0x1d,0x17,0x89,0x97,0xe0,0x35,0x38,0x57,0x4a, +0xc0,0xf4,0x08,0x70,0xe9,0x3c,0x44,0x7b,0x50,0x7e,0x61,0x9a,0x90,0xe3,0x23,0xd3, +0x88,0x11,0x46,0x27,0xf5,0x0b,0x07,0x0e,0xbb,0xdd,0xd1,0x7f,0x20,0x0a,0x88,0xb9, +0x56,0x0b,0x2e,0x1c,0x80,0xda,0xf1,0xe3,0x9e,0x29,0xef,0x14,0xbd,0x0a,0x44,0xfb, +0x1b,0x5b,0x18,0xd1,0xbf,0x23,0x93,0x21,0x02,0x03,0x01,0x00,0x01,0xa3,0x13,0x30, +0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01, +0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05, +0x00,0x03,0x81,0x81,0x00,0x2d,0xe2,0x99,0x6b,0xb0,0x3d,0x7a,0x89,0xd7,0x59,0xa2, +0x94,0x01,0x1f,0x2b,0xdd,0x12,0x4b,0x53,0xc2,0xad,0x7f,0xaa,0xa7,0x00,0x5c,0x91, +0x40,0x57,0x25,0x4a,0x38,0xaa,0x84,0x70,0xb9,0xd9,0x80,0x0f,0xa5,0x7b,0x5c,0xfb, +0x73,0xc6,0xbd,0xd7,0x8a,0x61,0x5c,0x03,0xe3,0x2d,0x27,0xa8,0x17,0xe0,0x84,0x85, +0x42,0xdc,0x5e,0x9b,0xc6,0xb7,0xb2,0x6d,0xbb,0x74,0xaf,0xe4,0x3f,0xcb,0xa7,0xb7, +0xb0,0xe0,0x5d,0xbe,0x78,0x83,0x25,0x94,0xd2,0xdb,0x81,0x0f,0x79,0x07,0x6d,0x4f, +0xf4,0x39,0x15,0x5a,0x52,0x01,0x7b,0xde,0x32,0xd6,0x4d,0x38,0xf6,0x12,0x5c,0x06, +0x50,0xdf,0x05,0x5b,0xbd,0x14,0x4b,0xa1,0xdf,0x29,0xba,0x3b,0x41,0x8d,0xf7,0x63, +0x56,0xa1,0xdf,0x22,0xb1,}; +static const unsigned char cert_23 [] = { +0x30,0x82,0x03,0x2d,0x30,0x82,0x02,0x96,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xd1,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, +0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, +0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, +0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03, +0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, +0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13, +0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53, +0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e, +0x31,0x24,0x30,0x22,0x06,0x03,0x55,0x04,0x03,0x13,0x1b,0x54,0x68,0x61,0x77,0x74, +0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x46,0x72,0x65,0x65,0x6d, +0x61,0x69,0x6c,0x20,0x43,0x41,0x31,0x2b,0x30,0x29,0x06,0x09,0x2a,0x86,0x48,0x86, +0xf7,0x0d,0x01,0x09,0x01,0x16,0x1c,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d, +0x66,0x72,0x65,0x65,0x6d,0x61,0x69,0x6c,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e, +0x63,0x6f,0x6d,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30, +0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39, +0x35,0x39,0x5a,0x30,0x81,0xd1,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13, +0x02,0x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65, +0x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03, +0x55,0x04,0x07,0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a, +0x30,0x18,0x06,0x03,0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20, +0x43,0x6f,0x6e,0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03, +0x55,0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, +0x6f,0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69, +0x73,0x69,0x6f,0x6e,0x31,0x24,0x30,0x22,0x06,0x03,0x55,0x04,0x03,0x13,0x1b,0x54, +0x68,0x61,0x77,0x74,0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x46, +0x72,0x65,0x65,0x6d,0x61,0x69,0x6c,0x20,0x43,0x41,0x31,0x2b,0x30,0x29,0x06,0x09, +0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x1c,0x70,0x65,0x72,0x73,0x6f, +0x6e,0x61,0x6c,0x2d,0x66,0x72,0x65,0x65,0x6d,0x61,0x69,0x6c,0x40,0x74,0x68,0x61, +0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89, +0x02,0x81,0x81,0x00,0xd4,0x69,0xd7,0xd4,0xb0,0x94,0x64,0x5b,0x71,0xe9,0x47,0xd8, +0x0c,0x51,0xb6,0xea,0x72,0x91,0xb0,0x84,0x5e,0x7d,0x2d,0x0d,0x8f,0x7b,0x12,0xdf, +0x85,0x25,0x75,0x28,0x74,0x3a,0x42,0x2c,0x63,0x27,0x9f,0x95,0x7b,0x4b,0xef,0x7e, +0x19,0x87,0x1d,0x86,0xea,0xa3,0xdd,0xb9,0xce,0x96,0x64,0x1a,0xc2,0x14,0x6e,0x44, +0xac,0x7c,0xe6,0x8f,0xe8,0x4d,0x0f,0x71,0x1f,0x40,0x38,0xa6,0x00,0xa3,0x87,0x78, +0xf6,0xf9,0x94,0x86,0x5e,0xad,0xea,0xc0,0x5e,0x76,0xeb,0xd9,0x14,0xa3,0x5d,0x6e, +0x7a,0x7c,0x0c,0xa5,0x4b,0x55,0x7f,0x06,0x19,0x29,0x7f,0x9e,0x9a,0x26,0xd5,0x6a, +0xbb,0x38,0x24,0x08,0x6a,0x98,0xc7,0xb1,0xda,0xa3,0x98,0x91,0xfd,0x79,0xdb,0xe5, +0x5a,0xc4,0x1c,0xb9,0x02,0x03,0x01,0x00,0x01,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06, +0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0d, +0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81, +0x00,0xc7,0xec,0x92,0x7e,0x4e,0xf8,0xf5,0x96,0xa5,0x67,0x62,0x2a,0xa4,0xf0,0x4d, +0x11,0x60,0xd0,0x6f,0x8d,0x60,0x58,0x61,0xac,0x26,0xbb,0x52,0x35,0x5c,0x08,0xcf, +0x30,0xfb,0xa8,0x4a,0x96,0x8a,0x1f,0x62,0x42,0x23,0x8c,0x17,0x0f,0xf4,0xba,0x64, +0x9c,0x17,0xac,0x47,0x29,0xdf,0x9d,0x98,0x5e,0xd2,0x6c,0x60,0x71,0x5c,0xa2,0xac, +0xdc,0x79,0xe3,0xe7,0x6e,0x00,0x47,0x1f,0xb5,0x0d,0x28,0xe8,0x02,0x9d,0xe4,0x9a, +0xfd,0x13,0xf4,0xa6,0xd9,0x7c,0xb1,0xf8,0xdc,0x5f,0x23,0x26,0x09,0x91,0x80,0x73, +0xd0,0x14,0x1b,0xde,0x43,0xa9,0x83,0x25,0xf2,0xe6,0x9c,0x2f,0x15,0xca,0xfe,0xa6, +0xab,0x8a,0x07,0x75,0x8b,0x0c,0xdd,0x51,0x84,0x6b,0xe4,0xf8,0xd1,0xce,0x77,0xa2, +0x81,}; +static const unsigned char cert_24 [] = { +0x30,0x82,0x03,0x29,0x30,0x82,0x02,0x92,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xcf,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, +0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, +0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, +0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03, +0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, +0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13, +0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53, +0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e, +0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x54,0x68,0x61,0x77,0x74, +0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x50,0x72,0x65,0x6d,0x69, +0x75,0x6d,0x20,0x43,0x41,0x31,0x2a,0x30,0x28,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, +0x0d,0x01,0x09,0x01,0x16,0x1b,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,0x70, +0x72,0x65,0x6d,0x69,0x75,0x6d,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f, +0x6d,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30, +0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39, +0x5a,0x30,0x81,0xcf,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a, +0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74, +0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04, +0x07,0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18, +0x06,0x03,0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f, +0x6e,0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04, +0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e, +0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69, +0x6f,0x6e,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x54,0x68,0x61, +0x77,0x74,0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x50,0x72,0x65, +0x6d,0x69,0x75,0x6d,0x20,0x43,0x41,0x31,0x2a,0x30,0x28,0x06,0x09,0x2a,0x86,0x48, +0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x1b,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c, +0x2d,0x70,0x72,0x65,0x6d,0x69,0x75,0x6d,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e, +0x63,0x6f,0x6d,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, +0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00, +0xc9,0x66,0xd9,0xf8,0x07,0x44,0xcf,0xb9,0x8c,0x2e,0xf0,0xa1,0xef,0x13,0x45,0x6c, +0x05,0xdf,0xde,0x27,0x16,0x51,0x36,0x41,0x11,0x6c,0x6c,0x3b,0xed,0xfe,0x10,0x7d, +0x12,0x9e,0xe5,0x9b,0x42,0x9a,0xfe,0x60,0x31,0xc3,0x66,0xb7,0x73,0x3a,0x48,0xae, +0x4e,0xd0,0x32,0x37,0x94,0x88,0xb5,0x0d,0xb6,0xd9,0xf3,0xf2,0x44,0xd9,0xd5,0x88, +0x12,0xdd,0x76,0x4d,0xf2,0x1a,0xfc,0x6f,0x23,0x1e,0x7a,0xf1,0xd8,0x98,0x45,0x4e, +0x07,0x10,0xef,0x16,0x42,0xd0,0x43,0x75,0x6d,0x4a,0xde,0xe2,0xaa,0xc9,0x31,0xff, +0x1f,0x00,0x70,0x7c,0x66,0xcf,0x10,0x25,0x08,0xba,0xfa,0xee,0x00,0xe9,0x46,0x03, +0x66,0x27,0x11,0x15,0x3b,0xaa,0x5b,0xf2,0x98,0xdd,0x36,0x42,0xb2,0xda,0x88,0x75, +0x02,0x03,0x01,0x00,0x01,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13, +0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86, +0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x69,0x36,0x89, +0xf7,0x34,0x2a,0x33,0x72,0x2f,0x6d,0x3b,0xd4,0x22,0xb2,0xb8,0x6f,0x9a,0xc5,0x36, +0x66,0x0e,0x1b,0x3c,0xa1,0xb1,0x75,0x5a,0xe6,0xfd,0x35,0xd3,0xf8,0xa8,0xf2,0x07, +0x6f,0x85,0x67,0x8e,0xde,0x2b,0xb9,0xe2,0x17,0xb0,0x3a,0xa0,0xf0,0x0e,0xa2,0x00, +0x9a,0xdf,0xf3,0x14,0x15,0x6e,0xbb,0xc8,0x85,0x5a,0x98,0x80,0xf9,0xff,0xbe,0x74, +0x1d,0x3d,0xf3,0xfe,0x30,0x25,0xd1,0x37,0x34,0x67,0xfa,0xa5,0x71,0x79,0x30,0x61, +0x29,0x72,0xc0,0xe0,0x2c,0x4c,0xfb,0x56,0xe4,0x3a,0xa8,0x6f,0xe5,0x32,0x59,0x52, +0xdb,0x75,0x28,0x50,0x59,0x0c,0xf8,0x0b,0x19,0xe4,0xac,0xd9,0xaf,0x96,0x8d,0x2f, +0x50,0xdb,0x07,0xc3,0xea,0x1f,0xab,0x33,0xe0,0xf5,0x2b,0x31,0x89,}; +static const unsigned char cert_25 [] = { +0x30,0x82,0x03,0x13,0x30,0x82,0x02,0x7c,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xc4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, +0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, +0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, +0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1d,0x30,0x1b,0x06,0x03, +0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, +0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,0x31,0x28,0x30,0x26,0x06,0x03,0x55, +0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, +0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73, +0x69,0x6f,0x6e,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,0x10,0x54,0x68, +0x61,0x77,0x74,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x31,0x26, +0x30,0x24,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x17,0x73, +0x65,0x72,0x76,0x65,0x72,0x2d,0x63,0x65,0x72,0x74,0x73,0x40,0x74,0x68,0x61,0x77, +0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x38,0x30,0x31, +0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32, +0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55, +0x04,0x06,0x13,0x02,0x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13, +0x0c,0x57,0x65,0x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30, +0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77, +0x6e,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77, +0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63, +0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69, +0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65, +0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e,0x31,0x19,0x30,0x17,0x06,0x03, +0x55,0x04,0x03,0x13,0x10,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x53,0x65,0x72,0x76, +0x65,0x72,0x20,0x43,0x41,0x31,0x26,0x30,0x24,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, +0x0d,0x01,0x09,0x01,0x16,0x17,0x73,0x65,0x72,0x76,0x65,0x72,0x2d,0x63,0x65,0x72, +0x74,0x73,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9f, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03, +0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd3,0xa4,0x50,0x6e,0xc8,0xff, +0x56,0x6b,0xe6,0xcf,0x5d,0xb6,0xea,0x0c,0x68,0x75,0x47,0xa2,0xaa,0xc2,0xda,0x84, +0x25,0xfc,0xa8,0xf4,0x47,0x51,0xda,0x85,0xb5,0x20,0x74,0x94,0x86,0x1e,0x0f,0x75, +0xc9,0xe9,0x08,0x61,0xf5,0x06,0x6d,0x30,0x6e,0x15,0x19,0x02,0xe9,0x52,0xc0,0x62, +0xdb,0x4d,0x99,0x9e,0xe2,0x6a,0x0c,0x44,0x38,0xcd,0xfe,0xbe,0xe3,0x64,0x09,0x70, +0xc5,0xfe,0xb1,0x6b,0x29,0xb6,0x2f,0x49,0xc8,0x3b,0xd4,0x27,0x04,0x25,0x10,0x97, +0x2f,0xe7,0x90,0x6d,0xc0,0x28,0x42,0x99,0xd7,0x4c,0x43,0xde,0xc3,0xf5,0x21,0x6d, +0x54,0x9f,0x5d,0xc3,0x58,0xe1,0xc0,0xe4,0xd9,0x5b,0xb0,0xb8,0xdc,0xb4,0x7b,0xdf, +0x36,0x3a,0xc2,0xb5,0x66,0x22,0x12,0xd6,0x87,0x0d,0x02,0x03,0x01,0x00,0x01,0xa3, +0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30, +0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, +0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x07,0xfa,0x4c,0x69,0x5c,0xfb,0x95,0xcc,0x46, +0xee,0x85,0x83,0x4d,0x21,0x30,0x8e,0xca,0xd9,0xa8,0x6f,0x49,0x1a,0xe6,0xda,0x51, +0xe3,0x60,0x70,0x6c,0x84,0x61,0x11,0xa1,0x1a,0xc8,0x48,0x3e,0x59,0x43,0x7d,0x4f, +0x95,0x3d,0xa1,0x8b,0xb7,0x0b,0x62,0x98,0x7a,0x75,0x8a,0xdd,0x88,0x4e,0x4e,0x9e, +0x40,0xdb,0xa8,0xcc,0x32,0x74,0xb9,0x6f,0x0d,0xc6,0xe3,0xb3,0x44,0x0b,0xd9,0x8a, +0x6f,0x9a,0x29,0x9b,0x99,0x18,0x28,0x3b,0xd1,0xe3,0x40,0x28,0x9a,0x5a,0x3c,0xd5, +0xb5,0xe7,0x20,0x1b,0x8b,0xca,0xa4,0xab,0x8d,0xe9,0x51,0xd9,0xe2,0x4c,0x2c,0x59, +0xa9,0xda,0xb9,0xb2,0x75,0x1b,0xf6,0x42,0xf2,0xef,0xc7,0xf2,0x18,0xf9,0x89,0xbc, +0xa3,0xff,0x8a,0x23,0x2e,0x70,0x47,}; +static const unsigned char cert_26 [] = { +0x30,0x82,0x03,0x27,0x30,0x82,0x02,0x90,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, +0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30, +0x81,0xce,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31, +0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72, +0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13, +0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1d,0x30,0x1b,0x06,0x03, +0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73, +0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,0x31,0x28,0x30,0x26,0x06,0x03,0x55, +0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, +0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73, +0x69,0x6f,0x6e,0x31,0x21,0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,0x68, +0x61,0x77,0x74,0x65,0x20,0x50,0x72,0x65,0x6d,0x69,0x75,0x6d,0x20,0x53,0x65,0x72, +0x76,0x65,0x72,0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,0x86, +0xf7,0x0d,0x01,0x09,0x01,0x16,0x19,0x70,0x72,0x65,0x6d,0x69,0x75,0x6d,0x2d,0x73, +0x65,0x72,0x76,0x65,0x72,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d, +0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x38,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30, +0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a, +0x30,0x81,0xce,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41, +0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65, +0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07, +0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1d,0x30,0x1b,0x06, +0x03,0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e, +0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,0x31,0x28,0x30,0x26,0x06,0x03, +0x55,0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, +0x6f,0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69, +0x73,0x69,0x6f,0x6e,0x31,0x21,0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54, +0x68,0x61,0x77,0x74,0x65,0x20,0x50,0x72,0x65,0x6d,0x69,0x75,0x6d,0x20,0x53,0x65, +0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48, +0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x19,0x70,0x72,0x65,0x6d,0x69,0x75,0x6d,0x2d, +0x73,0x65,0x72,0x76,0x65,0x72,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f, +0x6d,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, +0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd2,0x36, +0x36,0x6a,0x8b,0xd7,0xc2,0x5b,0x9e,0xda,0x81,0x41,0x62,0x8f,0x38,0xee,0x49,0x04, +0x55,0xd6,0xd0,0xef,0x1c,0x1b,0x95,0x16,0x47,0xef,0x18,0x48,0x35,0x3a,0x52,0xf4, +0x2b,0x6a,0x06,0x8f,0x3b,0x2f,0xea,0x56,0xe3,0xaf,0x86,0x8d,0x9e,0x17,0xf7,0x9e, +0xb4,0x65,0x75,0x02,0x4d,0xef,0xcb,0x09,0xa2,0x21,0x51,0xd8,0x9b,0xd0,0x67,0xd0, +0xba,0x0d,0x92,0x06,0x14,0x73,0xd4,0x93,0xcb,0x97,0x2a,0x00,0x9c,0x5c,0x4e,0x0c, +0xbc,0xfa,0x15,0x52,0xfc,0xf2,0x44,0x6e,0xda,0x11,0x4a,0x6e,0x08,0x9f,0x2f,0x2d, +0xe3,0xf9,0xaa,0x3a,0x86,0x73,0xb6,0x46,0x53,0x58,0xc8,0x89,0x05,0xbd,0x83,0x11, +0xb8,0x73,0x3f,0xaa,0x07,0x8d,0xf4,0x42,0x4d,0xe7,0x40,0x9d,0x1c,0x37,0x02,0x03, +0x01,0x00,0x01,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01, +0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, +0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x26,0x48,0x2c,0x16,0xc2, +0x58,0xfa,0xe8,0x16,0x74,0x0c,0xaa,0xaa,0x5f,0x54,0x3f,0xf2,0xd7,0xc9,0x78,0x60, +0x5e,0x5e,0x6e,0x37,0x63,0x22,0x77,0x36,0x7e,0xb2,0x17,0xc4,0x34,0xb9,0xf5,0x08, +0x85,0xfc,0xc9,0x01,0x38,0xff,0x4d,0xbe,0xf2,0x16,0x42,0x43,0xe7,0xbb,0x5a,0x46, +0xfb,0xc1,0xc6,0x11,0x1f,0xf1,0x4a,0xb0,0x28,0x46,0xc9,0xc3,0xc4,0x42,0x7d,0xbc, +0xfa,0xab,0x59,0x6e,0xd5,0xb7,0x51,0x88,0x11,0xe3,0xa4,0x85,0x19,0x6b,0x82,0x4c, +0xa4,0x0c,0x12,0xad,0xe9,0xa4,0xae,0x3f,0xf1,0xc3,0x49,0x65,0x9a,0x8c,0xc5,0xc8, +0x3e,0x25,0xb7,0x94,0x99,0xbb,0x92,0x32,0x71,0x07,0xf0,0x86,0x5e,0xed,0x50,0x27, +0xa6,0x0d,0xa6,0x23,0xf9,0xbb,0xcb,0xa6,0x07,0x14,0x42,}; +static const CSSM_DATA rootCertificates[] = { +{ 891, (unsigned char *)cert_0 }, +{ 938, (unsigned char *)cert_1 }, +{ 641, (unsigned char *)cert_2 }, +{ 774, (unsigned char *)cert_3 }, +{ 775, (unsigned char *)cert_4 }, +{ 774, (unsigned char *)cert_5 }, +{ 774, (unsigned char *)cert_6 }, +{ 606, (unsigned char *)cert_7 }, +{ 510, (unsigned char *)cert_8 }, +{ 596, (unsigned char *)cert_9 }, +{ 596, (unsigned char *)cert_10 }, +{ 857, (unsigned char *)cert_11 }, +{ 954, (unsigned char *)cert_12 }, +{ 577, (unsigned char *)cert_13 }, +{ 576, (unsigned char *)cert_14 }, +{ 576, (unsigned char *)cert_15 }, +{ 568, (unsigned char *)cert_16 }, +{ 1081, (unsigned char *)cert_17 }, +{ 1081, (unsigned char *)cert_18 }, +{ 1081, (unsigned char *)cert_19 }, +{ 1081, (unsigned char *)cert_20 }, +{ 1081, (unsigned char *)cert_21 }, +{ 805, (unsigned char *)cert_22 }, +{ 817, (unsigned char *)cert_23 }, +{ 813, (unsigned char *)cert_24 }, +{ 791, (unsigned char *)cert_25 }, +{ 811, (unsigned char *)cert_26 }, +}; +static const int rootCertificateCount = 27; diff --git a/Keychain/Schema.h b/Keychain/Schema.h index cc5b055c..d8e62ecb 100644 --- a/Keychain/Schema.h +++ b/Keychain/Schema.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -19,11 +19,10 @@ // // Schema.h // -#ifndef _H_SCHEMA -#define _H_SCHEMA +#ifndef _SECURITY_SCHEMA_H_ +#define _SECURITY_SCHEMA_H_ -//#include -#include +#include namespace Security { @@ -46,11 +45,35 @@ extern const CSSM_DB_ATTRIBUTE_INFO IndexType; extern const CSSM_DBINFO DBInfo; +// Certificate attributes and schema +extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateCertType; +extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateCertEncoding; +extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificatePrintName; +extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateAlias; +extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateSubject; +extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateIssuer; +extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateSerialNumber; +extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateSubjectKeyIdentifier; +extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificatePublicKeyHash; + +extern const CSSM_DB_SCHEMA_ATTRIBUTE_INFO X509CertificateSchemaAttributeList[]; +extern const CSSM_DB_SCHEMA_INDEX_INFO X509CertificateSchemaIndexList[]; +extern const uint32 X509CertificateSchemaAttributeCount; +extern const uint32 X509CertificateSchemaIndexCount; + +// UserTrust records attributes and schema +extern const CSSM_DB_ATTRIBUTE_INFO kUserTrustTrustedCertificate; +extern const CSSM_DB_ATTRIBUTE_INFO kUserTrustTrustedPolicy; + +extern const CSSM_DB_SCHEMA_ATTRIBUTE_INFO UserTrustSchemaAttributeList[]; +extern const CSSM_DB_SCHEMA_INDEX_INFO UserTrustSchemaIndexList[]; +extern const uint32 UserTrustSchemaAttributeCount; +extern const uint32 UserTrustSchemaIndexCount; + } // end namespace Schema } // end namespace KeychainCore } // end namespace Security -#endif // _H_SCHEMA - +#endif // !_SECURITY_SCHEMA_H_ diff --git a/Keychain/Schema.m4 b/Keychain/Schema.m4 index 8dad5d48..bd6e653f 100644 --- a/Keychain/Schema.m4 +++ b/Keychain/Schema.m4 @@ -1,7 +1,7 @@ divert(-1) changecom(/*, */) /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -107,6 +107,72 @@ define(`parseInfo', } }') +define(`startNewClass', +`define(`indexIndex', 0)dnl +define(`class', $1)dnl +divert(2)dnl +// $1 attributes +const CSSM_DB_SCHEMA_ATTRIBUTE_INFO $1SchemaAttributeList[] = +{ +divert(3)dnl +// $1 indices +const CSSM_DB_SCHEMA_INDEX_INFO $1SchemaIndexList[] = +{') + +define(`endNewClass', +`divert(2)dnl +}; + +const uint32 class()SchemaAttributeCount = sizeof(class()SchemaAttributeList) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO); + +divert(3)dnl +` // Unique (primary) index' +undivert(5) +` // Secondary indices' +undivert(6)dnl +}; + +const uint32 class()SchemaIndexCount = sizeof(class()SchemaIndexList) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO); + +undivert(4)dnl +divert(0)dnl +undivert(2)dnl +undivert(3)dnl') + +define(`newAttributeBody', +`{ +ifelse(index(`$1',`s'),-1, +` CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, + {(char *)$3},', +` CSSM_DB_ATTRIBUTE_NAME_AS_STRING, + {$4},') + CSSM_DB_ATTRIBUTE_FORMAT_$7 +}') + +define(`simpleNewAttribute', +`const CSSM_DB_ATTRIBUTE_INFO `k'class()$2 = +newAttributeBody($*); +') + +define(`newAttribute', +`divert(2)dnl + { $3, $4, { $5, $6 }, CSSM_DB_ATTRIBUTE_FORMAT_$7 }, +divert(-1) +ifelse(index(`$1',`S'),-1,`', +`divert(4)dnl +simpleNewAttribute($*) +divert(-1)')dnl + +ifelse(index(`$1',`U'),-1,`', +`divert(5)dnl + { $3, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE }, +divert(-1)')dnl +ifelse(index(`$1',`I'),-1,`', +`define(`indexIndex', incr(indexIndex))dnl +divert(6)dnl + { $3, indexIndex(), CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE }, +divert(-1)')') + /* Start of actual output */ divert(0)dnl /* @@ -115,6 +181,8 @@ divert(0)dnl `#include ' +`#include ' +`#include ' `#include ' `#include ' `#include ' @@ -195,11 +263,30 @@ attribute(`UIi', Account, kSecAccountItemAttr, "Account", 0, NULL, BLOB) attribute(`UIi', SecurityDomain, kSecSecurityDomainItemAttr, "SecurityDomain", 0, NULL, BLOB) attribute(`UIi', Server, kSecServerItemAttr, "Server", 0, NULL, BLOB) attribute(`UIi', Protocol, kSecProtocolItemAttr, "Protocol", 0, NULL, UINT32) -attribute(`UIi', AuthType, kSecAuthTypeItemAttr, "AuthType", 0, NULL, BLOB) +attribute(`UIi', AuthType, kSecAuthenticationTypeItemAttr, "AuthType", 0, NULL, BLOB) attribute(`UIi', Port, kSecPortItemAttr, "Port", 0, NULL, UINT32) attribute(`UIi', Path, kSecPathItemAttr, "Path", 0, NULL, BLOB) endClass() +startNewClass(X509Certificate) +newAttribute(`UISs', CertType, kSecCertTypeItemAttr, "CertType", 0, NULL, UINT32) +newAttribute(` Ss', CertEncoding, kSecCertEncodingItemAttr, "CertEncoding", 0, NULL, UINT32) +newAttribute(` Ss', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB) +newAttribute(` Ss', Alias, kSecAliasItemAttr, "Alias", 0, NULL, BLOB) +newAttribute(` ISs', Subject, kSecSubjectItemAttr, "Subject", 0, NULL, BLOB) +newAttribute(`UISs', Issuer, kSecIssuerItemAttr, "Issuer", 0, NULL, BLOB) +newAttribute(`UISs', SerialNumber, kSecSerialNumberItemAttr, "SerialNumber", 0, NULL, BLOB) +newAttribute(` ISs', SubjectKeyIdentifier, kSecSubjectKeyIdentifierItemAttr, "SubjectKeyIdentifier", 0, NULL, BLOB) +newAttribute(` ISs', PublicKeyHash, kSecPublicKeyHashItemAttr, "PublicKeyHash", 0, NULL, BLOB) +endNewClass() + +startNewClass(UserTrust) +newAttribute(`UISs', TrustedCertificate, kSecTrustCertAttr, "TrustedCertificate", 0, NULL, BLOB) +newAttribute(`UISs', TrustedPolicy, kSecTrustPolicyAttr, "TrustedPolicy", 0, NULL, BLOB) +newAttribute(` Ss', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB) +endNewClass() + + divert(3) static const CSSM_DB_RECORD_ATTRIBUTE_INFO Attributes[] = { @@ -247,7 +334,7 @@ recordTypeFor(SecItemClass itemClass) case kSecGenericPasswordItemClass: return CSSM_DL_DB_RECORD_GENERIC_PASSWORD; case kSecInternetPasswordItemClass: return CSSM_DL_DB_RECORD_INTERNET_PASSWORD; case kSecAppleSharePasswordItemClass: return CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD; - default: MacOSError::throwMe(errSecNoSuchClass); + default: return CSSM_DB_RECORDTYPE(itemClass); } } @@ -259,7 +346,7 @@ itemClassFor(CSSM_DB_RECORDTYPE recordType) case CSSM_DL_DB_RECORD_GENERIC_PASSWORD: return kSecGenericPasswordItemClass; case CSSM_DL_DB_RECORD_INTERNET_PASSWORD: return kSecInternetPasswordItemClass; case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD: return kSecAppleSharePasswordItemClass; - default: return 0; // MacOSError::throwMe(errSecNoSuchClass); + default: return SecItemClass(recordType); } } @@ -293,9 +380,20 @@ attributeInfo(SecKeychainAttrType attrType) case kSecProtocolItemAttr: return kAppleshareProtocol; /* Unique Internet password attributes */ case kSecSecurityDomainItemAttr: return kInternetSecurityDomain; - case kSecAuthTypeItemAttr: return kInternetAuthType; + case kSecAuthenticationTypeItemAttr: return kInternetAuthType; case kSecPortItemAttr: return kInternetPort; case kSecPathItemAttr: return kInternetPath; + /* Unique Certificate attributes */ + case kSecCertTypeItemAttr: return kX509CertificateCertType; + case kSecCertEncodingItemAttr: return kX509CertificateCertEncoding; + case kSecSubjectItemAttr: return kX509CertificateSubject; + case kSecIssuerItemAttr: return kX509CertificateIssuer; + case kSecSerialNumberItemAttr: return kX509CertificateSerialNumber; + case kSecSubjectKeyIdentifierItemAttr: return kX509CertificateSubjectKeyIdentifier; + case kSecPublicKeyHashItemAttr: return kX509CertificatePublicKeyHash; + /* Unique UserTrust attributes */ + case kSecTrustCertAttr: return kUserTrustTrustedCertificate; + case kSecTrustPolicyAttr: return kUserTrustTrustedPolicy; default: MacOSError::throwMe(errSecNoSuchAttr); // @@@ Not really but whatever. } } diff --git a/Keychain/SecACL.cpp b/Keychain/SecACL.cpp new file mode 100644 index 00000000..1a79e249 --- /dev/null +++ b/Keychain/SecACL.cpp @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" + + +// +// Local functions +// +static void setApplications(ACL *acl, CFArrayRef applicationList); + + +CFTypeID +SecACLGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().acl.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +/*! + */ +OSStatus SecACLCreateFromSimpleContents(SecAccessRef accessRef, + CFArrayRef applicationList, + CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector, + SecACLRef *newAcl) +{ + BEGIN_SECAPI + RefPointer access = gTypes().access.required(accessRef); + RefPointer acl = new ACL(*access, cfString(description), *promptSelector); + setApplications(acl, applicationList); + access->add(acl.get()); + Required(newAcl) = gTypes().acl.handle(*acl); + END_SECAPI +} + + +/*! + */ +OSStatus SecACLRemove(SecACLRef aclRef) +{ + BEGIN_SECAPI + gTypes().acl.required(aclRef)->remove(); + END_SECAPI +} + + +/*! + */ +OSStatus SecACLCopySimpleContents(SecACLRef aclRef, + CFArrayRef *applicationList, + CFStringRef *promptDescription, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector) +{ + BEGIN_SECAPI + RefPointer acl = gTypes().acl.required(aclRef); + switch (acl->form()) { + case ACL::allowAllForm: + Required(applicationList) = NULL; + Required(promptDescription) = + acl->promptDescription().empty() ? NULL + : makeCFString(acl->promptDescription()); + Required(promptSelector) = acl->promptSelector(); + break; + case ACL::appListForm: + Required(applicationList) = + makeCFArray(gTypes().trustedApplication, acl->applications()); + Required(promptDescription) = makeCFString(acl->promptDescription()); + Required(promptSelector) = acl->promptSelector(); + break; + default: + return errSecACLNotSimple; // custom or unknown + } + END_SECAPI +} + +OSStatus SecACLSetSimpleContents(SecACLRef aclRef, + CFArrayRef applicationList, + CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector) +{ + BEGIN_SECAPI + RefPointer acl = gTypes().acl.required(aclRef); + acl->promptDescription() = description ? cfString(description) : ""; + acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector; + if (applicationList) { + // application-list + prompt + acl->form(ACL::appListForm); + setApplications(acl, applicationList); + } else { + // allow-any + acl->form(ACL::allowAllForm); + } + acl->modify(); + END_SECAPI +} + + +// +// Stuff a CFArray-of-SecTrustedApplications into an ACL object +// +static void setApplications(ACL *acl, CFArrayRef applicationList) +{ + ACL::ApplicationList &appList = acl->applications(); + appList.clear(); + //@@@ should really use STL iterator overlay on CFArray. By hand... + CFIndex count = CFArrayGetCount(applicationList); + for (CFIndex n = 0; n < count; n++) + appList.push_back(gTypes().trustedApplication.required( + SecTrustedApplicationRef(CFArrayGetValueAtIndex(applicationList, n)))); +} + + +// +// Set and get the authorization tags of an ACL entry +// +OSStatus SecACLGetAuthorizations(SecACLRef acl, + CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 *tagCount) +{ + BEGIN_SECAPI + AclAuthorizationSet auths = gTypes().acl.required(acl)->authorizations(); + if (Required(tagCount) < auths.size()) { // overflow + *tagCount = auths.size(); // report size required + CssmError::throwMe(paramErr); + } + *tagCount = auths.size(); + copy(auths.begin(), auths.end(), tags); + END_SECAPI +} + +OSStatus SecACLSetAuthorizations(SecACLRef aclRef, + CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount) +{ + BEGIN_SECAPI + RefPointer acl = gTypes().acl.required(aclRef); + if (acl->isOwner()) // can't change rights of the owner ACL + MacOSError::throwMe(errSecInvalidOwnerEdit); + AclAuthorizationSet &auths = acl->authorizations(); + auths.clear(); + copy(tags, tags + tagCount, insert_iterator(auths, auths.begin())); + acl->modify(); + END_SECAPI +} diff --git a/Keychain/SecACL.h b/Keychain/SecACL.h new file mode 100644 index 00000000..169e28c4 --- /dev/null +++ b/Keychain/SecACL.h @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecACL + The functions provided in SecACL are for managing entries in the access control list. +*/ + +#ifndef _SECURITY_SECACL_H_ +#define _SECURITY_SECACL_H_ + +#include +#include +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @function SecACLGetTypeID + @abstract Returns the type identifier of SecACL instances. + @result The CFTypeID of SecACL instances. +*/ +CFTypeID SecACLGetTypeID(void); + +/*! + @function SecACLCreateFromSimpleContents + @abstract Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item's access. + @param access An access reference. + @param applicationList An array of SecTrustedApplication instances that will be allowed access without prompting. + @param description The human readable name that will be used to refer to this item when the user is prompted. + @param promptSelector A pointer to a CSSM prompt selector. + @param newAcl A pointer to an access control list entry. On return, this points to the reference of the new access control list entry. + @result A result code. See "Security Error Codes" (SecBase.h). + */ +OSStatus SecACLCreateFromSimpleContents(SecAccessRef access, + CFArrayRef applicationList, + CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector, + SecACLRef *newAcl); + +/*! + @function SecACLRemove + @abstract Removes the access control list entry specified. + @param aclRef The reference to the access control list entry to remove. + @result A result code. See "Security Error Codes" (SecBase.h). + */ +OSStatus SecACLRemove(SecACLRef aclRef); + +/*! + @function SecACLGetSimpleContents + @abstract Returns the application list, description, and CSSM prompt selector for a given access control list entry. + @param acl An access control list entry reference. + @param applicationList On return, An array of SecTrustedApplication instances that will be allowed access without prompting, for the given access control list entry. The caller needs to call CFRelease on this array when it's no longer needed. + @param description On return, the human readable name that will be used to refer to this item when the user is prompted, for the given access control list entry. The caller needs to call CFRelease on this string when it's no longer needed. + @param promptSelector A pointer to a CSSM prompt selector. On return, this points to the CSSM prompt selector for the given access control list entry. + @result A result code. See "Security Error Codes" (SecBase.h). + */ +OSStatus SecACLCopySimpleContents(SecACLRef acl, + CFArrayRef *applicationList, + CFStringRef *description, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector); + +/*! + @function SecACLSetSimpleContents + @abstract Sets the application list, description, and CSSM prompt selector for a given access control list entry. + @param acl A reference to the access control list entry to edit. + @param applicationList An application list reference. + @param description The human readable name that will be used to refer to this item when the user is prompted. + @param promptSelector A pointer to a CSSM prompt selector. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecACLSetSimpleContents(SecACLRef acl, + CFArrayRef applicationList, + CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector); + +/*! + @function SecACLGetAuthorizations + @abstract Retrieve the CSSM authorization tags of a given access control list entry. + @param acl An access control list entry reference. + @param tags On return, this points to the first item in an array of CSSM authorization tags. + @param tagCount On return, this points to the number of tags in the CSSM authorization tag array. + @result A result code. See "Security Error Codes" (SecBase.h). + */ +OSStatus SecACLGetAuthorizations(SecACLRef acl, + CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 *tagCount); + +/*! + @function SecACLSetAuthorizations + @abstract Sets the CSSM authorization tags of a given access control list entry. + @param acl An access control list entry reference. + @param tags A pointer to the first item in an array of CSSM authorization tags. + @param tagCount The number of tags in the CSSM authorization tag array. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecACLSetAuthorizations(SecACLRef acl, + CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount); + + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECACL_H_ */ \ No newline at end of file diff --git a/Keychain/SecAccess.cpp b/Keychain/SecAccess.cpp new file mode 100644 index 00000000..e4a4665e --- /dev/null +++ b/Keychain/SecAccess.cpp @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include +#include +#include "SecBridge.h" + + +// +// CF boilerplate +// +CFTypeID SecAccessGetTypeID(void) +{ + BEGIN_SECAPI + return gTypes().access.typeId; + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +// +// API bridge calls +// +/*! + * Create a new SecAccessRef that is set to the default configuration + * of a (newly created) security object. + */ +OSStatus SecAccessCreate(CFStringRef descriptor, CFArrayRef trustedList, SecAccessRef *accessRef) +{ + BEGIN_SECAPI + Required(descriptor); + RefPointer access; + if (trustedList) { + CFIndex length = CFArrayGetCount(trustedList); + ACL::ApplicationList trusted; + for (CFIndex n = 0; n < length; n++) + trusted.push_back(gTypes().trustedApplication.required( + SecTrustedApplicationRef(CFArrayGetValueAtIndex(trustedList, n)))); + access = new Access(cfString(descriptor), trusted); + } else { + access = new Access(cfString(descriptor)); + } + Required(accessRef) = gTypes().access.handle(*access); + END_SECAPI +} + + +/*! + */ +OSStatus SecAccessCreateFromOwnerAndACL(const CSSM_ACL_OWNER_PROTOTYPE *owner, + uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls, + SecAccessRef *accessRef) +{ + BEGIN_SECAPI + Required(accessRef); // preflight + RefPointer access = new Access(Required(owner), aclCount, &Required(acls)); + *accessRef = gTypes().access.handle(*access); + END_SECAPI +} + + +/*! + */ +OSStatus SecAccessGetOwnerAndACL(SecAccessRef accessRef, + CSSM_ACL_OWNER_PROTOTYPE_PTR *owner, + uint32 *aclCount, CSSM_ACL_ENTRY_INFO_PTR *acls) +{ + BEGIN_SECAPI +#if 0 + gTypes().access.required(accessRef)->copyOwnerAndAcl( + Required(owner), Required(aclCount), Required(acls)); +#endif + END_SECAPI +} + + +/*! + */ +OSStatus SecAccessCopyACLList(SecAccessRef accessRef, + CFArrayRef *aclList) +{ + BEGIN_SECAPI + Required(aclList) = gTypes().access.required(accessRef)->copySecACLs(); + END_SECAPI +} + + +/*! + */ +OSStatus SecAccessCopySelectedACLList(SecAccessRef accessRef, + CSSM_ACL_AUTHORIZATION_TAG action, + CFArrayRef *aclList) +{ + BEGIN_SECAPI + Required(aclList) = gTypes().access.required(accessRef)->copySecACLs(action); + END_SECAPI +} diff --git a/Keychain/SecAccess.h b/Keychain/SecAccess.h new file mode 100644 index 00000000..13c02ebf --- /dev/null +++ b/Keychain/SecAccess.h @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecAccess + SecAccess implements a way to set and manipulate access control rules and + restrictions on SecKeychainItems. +*/ + +#ifndef _SECURITY_SECACCESS_H_ +#define _SECURITY_SECACCESS_H_ + +#include +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @function SecAccessGetTypeID + @abstract Returns the type identifier of SecAccess instances. + @result The CFTypeID of SecAccess instances. +*/ +CFTypeID SecAccessGetTypeID(void); + +/*! + @function SecAccessCreate + @abstract Creates a new SecAccessRef that is set to the currently designated system default + configuration of a (newly created) security object. Note that the precise nature of + this default may change between releases. + @param descriptor The name of the item as it should appear in security dialogs + @param trustedlist A CFArray of TrustedApplicationRefs, specifying which applications + should be allowed to access an item without triggering confirmation dialogs. + If NULL, defaults to (just) the application creating the item. To set no applications, + pass a CFArray with no elements. + NOTE: This argument is not yet implemented. It is currently always treated as NULL. + @param accessRef On return, a pointer to the new access reference. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecAccessCreate(CFStringRef descriptor, CFArrayRef trustedlist, SecAccessRef *accessRef); + +/*! + @function SecAccessCreateFromOwnerAndACL + @abstract Creates a new SecAccessRef using the owner and access control list you provide. + @param owner A pointer to a CSSM access control list owner. + @param aclCount An unsigned 32-bit integer representing the number of items in the access control list. + @param acls A pointer to the access control list. + @param On return, a pointer to the new access reference. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecAccessCreateFromOwnerAndACL(const CSSM_ACL_OWNER_PROTOTYPE *owner, uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls, SecAccessRef *accessRef); + +/*! + @function SecAccessGetOwnerAndACL + @abstract Retrieves the owner and the access control list of a given access. + @param accessRef A reference to the access from which to retrieve the information. + @param owner On return, a pointer to the access control list owner. + @param aclCount On return, a pointer to an unsigned 32-bit integer representing the number of items in the access control list. + @param acls On return, a pointer to the access control list. + @result A result code. See "Security Error Codes" (SecBase.h). + */ +OSStatus SecAccessGetOwnerAndACL(SecAccessRef accessRef, CSSM_ACL_OWNER_PROTOTYPE_PTR *owner, uint32 *aclCount, CSSM_ACL_ENTRY_INFO_PTR *acls); + +/*! + @function SecAccessCopyACLList + @abstract Copies all the access control lists of a given access. + @param accessRef A reference to the access from which to retrieve the information. + @param aclList On return, a pointer to a new created CFArray of SecACL instances. The caller is responsible for calling CFRelease on this array. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecAccessCopyACLList(SecAccessRef accessRef, CFArrayRef *aclList); + +/*! + @function SecAccessCopySelectedACLList + @abstract Copies selected access control lists from a given access. + @param accessRef A reference to the access from which to retrieve the information. + @param action An authorization tag specifying what action with which to select the action control lists. + @param aclList On return, a pointer to the selected access control lists. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecAccessCopySelectedACLList(SecAccessRef accessRef, CSSM_ACL_AUTHORIZATION_TAG action, CFArrayRef *aclList); + + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECACCESS_H_ */ diff --git a/Keychain/SecBase.h b/Keychain/SecBase.h new file mode 100644 index 00000000..92baede0 --- /dev/null +++ b/Keychain/SecBase.h @@ -0,0 +1,237 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecBase + SecBase contains common declarations for the Security functions. +*/ + +#ifndef _SECURITY_SECBASE_H_ +#define _SECURITY_SECBASE_H_ + +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +#ifndef __SEC_TYPES__ +#define __SEC_TYPES__ + +/*! + @typedef SecKeychainRef + @abstract Contains information about a keychain. +*/ +typedef struct OpaqueSecKeychainRef *SecKeychainRef; + +/*! + @typedef SecKeychainItemRef + @abstract Contains information about a keychain item. +*/ +typedef struct OpaqueSecKeychainItemRef *SecKeychainItemRef; + +/*! + @typedef SecKeychainSearchRef + @abstract Contains information about a keychain search. +*/ +typedef struct OpaqueSecKeychainSearchRef *SecKeychainSearchRef; + +/*! + @typedef SecKeychainAttrType + @abstract Represents a keychain attribute type. +*/ +typedef OSType SecKeychainAttrType; + +/*! + @struct SecKeychainAttribute + @abstract Contains keychain attributes. + @field tag A 4-byte attribute tag. + @field length The length of the buffer pointed to by data. + @field data A pointer to the attribute data. +*/ +struct SecKeychainAttribute +{ + SecKeychainAttrType tag; + UInt32 length; + void *data; +}; +typedef struct SecKeychainAttribute SecKeychainAttribute; + +/*! + @typedef SecKeychainAttributePtr + @abstract Represents a pointer to a keychain attribute structure. +*/ +typedef SecKeychainAttribute *SecKeychainAttributePtr; + +/*! + @typedef SecKeychainAttributeList + @abstract Represents a list of keychain attributes. + @field count An unsigned 32-bit integer that represents the number of keychain attributes in the array. + @field attr A pointer to the first keychain attribute in the array. +*/ +struct SecKeychainAttributeList +{ + UInt32 count; + SecKeychainAttribute *attr; +}; +typedef struct SecKeychainAttributeList SecKeychainAttributeList; + +/*! + @typedef SecKeychainStatus + @abstract Represents the status of a keychain. +*/ +typedef UInt32 SecKeychainStatus; +#endif + +/*! + @typedef SecTrustedApplicationRef + @abstract Contains information about a trusted application. +*/ +typedef struct OpaqueSecTrustedApplicationRef *SecTrustedApplicationRef; + +/*! + @typedef SecPolicyRef + @abstract Contains information about a policy. +*/ +typedef struct OpaqueSecPolicyRef *SecPolicyRef; + +/*! + @typedef SecCertificateRef + @abstract Contains information about a certificate. +*/ +typedef struct OpaqueSecCertificateRef *SecCertificateRef; + +/*! + @typedef SecAccessRef + @abstract Contains information about an access. +*/ +typedef struct OpaqueSecAccessRef *SecAccessRef; + +/*! + @typedef SecIdentityRef + @abstract Contains information about an identity. +*/ +typedef struct OpaqueSecIdentityRef *SecIdentityRef; + +/*! + @typedef SecKeyRef + @abstract Contains information about a key. +*/ +typedef struct OpaqueSecKeyRef *SecKeyRef; + +/*! + @typedef SecACLRef + @abstract Contains information about an access control list (ACL) entry. +*/ +typedef struct OpaqueSecTrustRef *SecACLRef; + +/*! + @typedef SecKeychainAttributeInfo + @abstract Represents an attribute. + @field count The number of tag-format pairs in the respective arrays. + @field tag A pointer to the first attribute tag in the array. + @field format A pointer to the first attribute format in the array. + @discussion Each tag and format item form a pair. +*/ +struct SecKeychainAttributeInfo +{ + UInt32 count; + UInt32 *tag; + UInt32 *format; +}; +typedef struct SecKeychainAttributeInfo SecKeychainAttributeInfo; + +/*! +@enum Security Error Codes +@abstract Represents the result codes. +@constant errSecNotAvailable No trust results are available. +@constant errSecReadOnly Read only error. +@constant errSecAuthFailed Authorization/Authentication failed. +@constant errSecNoSuchKeychain The keychain does not exist. +@constant errSecInvalidKeychain The keychain is not valid. +@constant errSecDuplicateKeychain A keychain with the same name already exists. +@constant errSecDuplicateCallback More than one callback of the same name exists. +@constant errSecInvalidCallback The callback is not valid. +@constant errSecDuplicateItem The item already exists. +@constant errSecItemNotFound The item cannot be found. +@constant errSecBufferTooSmall The buffer is too small. +@constant errSecDataTooLarge The data is too large. +@constant errSecNoSuchAttr The attribute does not exist. +@constant errSecInvalidItemRef The item reference is invalid. +@constant errSecInvalidSearchRef The search reference is invalid. +@constant errSecNoSuchClass The keychain item class does not exist. +@constant errSecNoDefaultKeychain A default keychain does not exist. +@constant errSecInteractionNotAllowed Interaction is not allowed with the Security Server. +@constant errSecReadOnlyAttr The attribute is read only. +@constant errSecWrongSecVersion The version is incorrect. +@constant errSecKeySizeNotAllowed The key size is not allowed. +@constant errSecNoStorageModule There is no storage module available. +@constant errSecNoCertificateModule There is no certificate module available. +@constant errSecNoPolicyModule There is no policy module available. +@constant errSecInteractionRequired User interaction is required. +@constant errSecDataNotAvailable The data is not available. +@constant errSecDataNotModifiable The data is not modifiable. +@constant errSecCreateChainFailed The attempt to create a certificate chain failed. +@constant errSecACLNotSimple The access control list is not in standard simple form. +@constant errSecPolicyNotFound The policy specified cannot be found. +@constant errSecInvalidTrustSetting The trust setting is invalid. +@constant errSecNoAccessForItem The specified item has no access control. +@discussion The assigned error space is discontinuous: -25240..-25279, -25290..25329. +*/ +enum +{ + errSecNotAvailable = -25291, + errSecReadOnly = -25292, + errSecAuthFailed = -25293, + errSecNoSuchKeychain = -25294, + errSecInvalidKeychain = -25295, + errSecDuplicateKeychain = -25296, + errSecDuplicateCallback = -25297, + errSecInvalidCallback = -25298, + errSecDuplicateItem = -25299, + errSecItemNotFound = -25300, + errSecBufferTooSmall = -25301, + errSecDataTooLarge = -25302, + errSecNoSuchAttr = -25303, + errSecInvalidItemRef = -25304, + errSecInvalidSearchRef = -25305, + errSecNoSuchClass = -25306, + errSecNoDefaultKeychain = -25307, + errSecInteractionNotAllowed = -25308, + errSecReadOnlyAttr = -25309, + errSecWrongSecVersion = -25310, + errSecKeySizeNotAllowed = -25311, + errSecNoStorageModule = -25312, + errSecNoCertificateModule = -25313, + errSecNoPolicyModule = -25314, + errSecInteractionRequired = -25315, + errSecDataNotAvailable = -25316, + errSecDataNotModifiable = -25317, + errSecCreateChainFailed = -25318, + + errSecACLNotSimple = -25240, + errSecPolicyNotFound = -25241, + errSecInvalidTrustSetting = -25242, + errSecNoAccessForItem = -25243, + errSecInvalidOwnerEdit = -25244 +}; + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECBASE_H_ */ diff --git a/Keychain/SecBridge.h b/Keychain/SecBridge.h new file mode 100644 index 00000000..8cf93d6c --- /dev/null +++ b/Keychain/SecBridge.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#ifndef _SECURITY_SECBRIDGE_H_ +#define _SECURITY_SECBRIDGE_H_ + +#include +#include +#include + +using namespace KeychainCore; + +// +// API boilerplate macros. These provide a frame for C++ code that is impermeable to exceptions. +// Usage: +// BEGIN_API +// ... your C++ code here ... +// END_API // returns CSSM_RETURN on exception +// END_API0 // returns nothing (void) on exception +// END_API1(bad) // return (bad) on exception +// +#define BEGIN_SECAPI \ + try { \ + StLock _(globals().apiLock); +#define END_SECAPI \ + } \ + catch (const MacOSError &err) { return err.osStatus(); } \ + catch (const CssmCommonError &err) { return GetKeychainErrFromCSSMErr(err.cssmError())/*err.cssmError(CSSM_CSSM_BASE_ERROR)*/; } \ + catch (const std::bad_alloc &) { return memFullErr; } \ + catch (...) { return internalComponentErr; } \ + return noErr; +#define END_SECAPI0 } catch (...) { return; } +#define END_SECAPI1(bad) } catch (...) { return bad; } + +#endif /* !_SECURITY_SECBRIDGE_H_ */ diff --git a/SecurityServer/MacYarrow/yarrowseed.h b/Keychain/SecCFTypes.cpp similarity index 55% rename from SecurityServer/MacYarrow/yarrowseed.h rename to Keychain/SecCFTypes.cpp index d6b27451..820a85b4 100644 --- a/SecurityServer/MacYarrow/yarrowseed.h +++ b/Keychain/SecCFTypes.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,31 +15,30 @@ * specific language governing rights and limitations under the License. */ - // -// yarrowseed - periodical to collect and seed entropy into /dev/random +// SecCFTypes.cpp - CF runtime interface // -#ifndef _H_YARROWSEED -#define _H_YARROWSEED - -#include -#include - - -using MachPlusPlus::MachServer; - - -/* - * A timer for this module. Just one, and it's always active subsequent to startup. - */ -class YarrowTimer : public MachServer::Timer { -public: - YarrowTimer(MachPlusPlus::MachServer &srv, const char *entropyFile = NULL); - - void action(); - void scheduleTimer(unsigned msFromNow); - - MachPlusPlus::MachServer &server; // to which we do setTimer() -}; -#endif //_H_YARROWSEED +#include + +using namespace KeychainCore; + +ModuleNexus Security::KeychainCore::gTypes; + +SecCFTypes::SecCFTypes() : + access("SecAccess"), + acl("SecACL"), + certificate("SecCertificate"), + certificateRequest("SecCertificateRequest"), + identity("SecIdentity"), + identityCursor("SecIdentitySearch"), + item("SecKeychainItem"), + cursor("SecKeychainSearch"), + keychain("SecKeychain"), + keyItem("SecKey"), + policy("SecPolicy"), + policyCursor("SecPolicySearch"), + trust("SecTrust"), + trustedApplication("SecTrustedApplication") +{ +} diff --git a/Keychain/SecCFTypes.h b/Keychain/SecCFTypes.h new file mode 100644 index 00000000..5a101db8 --- /dev/null +++ b/Keychain/SecCFTypes.h @@ -0,0 +1,147 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// SecCFTypes.h - CF runtime interface +// +#ifndef _SECURITY_SECCFTYPES_H_ +#define _SECURITY_SECCFTYPES_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +//#include +//#include +#include +//#include +#include +//#include +#include +//#include +//#include +//#include +//#include +#include +#include +//#include + +#include +#include + +namespace Security +{ + +namespace KeychainCore +{ + +/* Singleton that registers all the CFClass<> instances with the CFRuntime. + + To make something a CFTypeRef you need to make the actual object inheirit from SecCFObject and provide implementation of the virtual functions in that class. + + In addition to that you need to define an opque type for the C API like: + typedef struct __OpaqueYourObject *YourObjectRef; + and in the C++ headers you define something like: + typedef CFClass YourObjectClass; + + Add an instance of the YourObjectClass to the public section of SecCFTypes below to get it registered with the CFRuntime. + YourObjectClass yourObject; + + + In your C++ code you should use RefPointer to refer to instances of your class. RefPointers are just like autopointers and implement * and -> semantics. They refcount the underlying object. So to create an instance or your new object you would do something like: + + RefPointer instance(new YourObject()); + + RefPointers have copy semantics and if you subclass RefPointer and define a operator < on the subclass you can even safely store instances of your class in stl containers. + + Use then like this: + instance->somemethod(); + or if you want a reference to the underlying object: + YourObject &object = *instance; + if you want a pointer to the underlying object: + YourObject *object = instance.get(); + + In the API glue you will need to use: + RefPointer instance; + [...] get the instance somehow + return gTypes().yourObject.handle(*instance); + to return an opaque handle (the is a CFTypeRef) to your object. + + when you obtain an object as input use: + SecYourObjectRef ref; + RefPointer instance = gTypes().yourObject.required(ref); + to get a RefPointer to an instance of your object fro the external CFTypeRef. +*/ +class SecCFTypes +{ +public: + SecCFTypes(); + +public: + /* Add new instances of CFClass<> here that you want registered with the CF runtime. */ + + /* @@@ Error should be errSecInvalidAccessRef */ + CFClass access; + /* @@@ Error should be errSecInvalidTrustedApplicationRef */ + CFClass acl; + /* @@@ Error should be errSecInvalidCertificateRef */ + CFClass certificate; + /* @@@ Error should be errSecInvalidCertificateRequestRef */ + CFClass certificateRequest; + /* @@@ Error should be errSecInvalidIdentityRef */ + CFClass identity; + CFClass identityCursor; + CFClass item; + CFClass cursor; + CFClass keychain; + /* @@@ Error should be errSecInvalidKeyRef */ + CFClass keyItem; + /* @@@ Error should be errSecInvalidPolicyRef */ + CFClass policy; + /* @@@ Error should be errSecInvalidPolicySearchRef */ + CFClass policyCursor; + /* @@@ Error should be errSecInvalidTrustRef */ + CFClass trust; + /* @@@ Error should be errSecInvalidTrustedApplicationRef */ + CFClass trustedApplication; + +public: + Mutex mapLock; + typedef std::map Map; + Map map; +}; + + +extern ModuleNexus gTypes; + +} // end namespace KeychainCore + +} // end namespace Security + + +#endif // !_SECURITY_SECCFTYPES_H_ diff --git a/Keychain/SecCertificate.cpp b/Keychain/SecCertificate.cpp new file mode 100644 index 00000000..97e8de07 --- /dev/null +++ b/Keychain/SecCertificate.cpp @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" + + +CFTypeID +SecCertificateGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().certificate.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef *certificate) +{ + BEGIN_SECAPI + + RefPointer certificatePtr(new Certificate(Required(data), type, encoding)); + Required(certificate) = gTypes().certificate.handle(*certificatePtr); + + END_SECAPI +} + + +OSStatus +SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef keychain) +{ + BEGIN_SECAPI + + Item item(gTypes().certificate.required(certificate)); + Keychain::optional(keychain)->add(item); + + END_SECAPI +} + +OSStatus +SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data) +{ + BEGIN_SECAPI + + Required(data) = gTypes().certificate.required(certificate)->data(); + + END_SECAPI +} + + +OSStatus +SecCertificateGetType(SecCertificateRef certificate, CSSM_CERT_TYPE *certificateType) +{ + BEGIN_SECAPI + + Required(certificateType) = gTypes().certificate.required(certificate)->type(); + + END_SECAPI +} + + +OSStatus +SecCertificateGetSubject(SecCertificateRef certificate, CSSM_X509_NAME* subject) +{ + BEGIN_SECAPI + + gTypes().certificate.required(certificate)->getSubject(Required(subject)); + + END_SECAPI +} + + +OSStatus +SecCertificateGetIssuer(SecCertificateRef certificate, CSSM_X509_NAME* issuer) +{ + BEGIN_SECAPI + + gTypes().certificate.required(certificate)->getIssuer(Required(issuer)); + + END_SECAPI +} + + +OSStatus +SecCertificateGetCLHandle(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle) +{ + BEGIN_SECAPI + + Required(clHandle) = gTypes().certificate.required(certificate)->clHandle(); + + END_SECAPI +} diff --git a/Keychain/SecCertificate.h b/Keychain/SecCertificate.h new file mode 100644 index 00000000..5d716c71 --- /dev/null +++ b/Keychain/SecCertificate.h @@ -0,0 +1,150 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecCertificate + The functions provided in SecCertificate implement and manage a particular type of keychain item that represents a certificate. You can store a certificate in a keychain, but a certificate can also be a transient object. + + You can use a certificate as a keychain item in most functions. +*/ + +#ifndef _SECURITY_SECCERTIFICATE_H_ +#define _SECURITY_SECCERTIFICATE_H_ + +#include +#include + +// @@@ Here for X509 specific defines +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + + +/*! + @enum CertificateItemAttributes + @abstract Indicates the type of a certificate item attribute. + @constant kSecSubjectItemAttr Indicates a DER-encoded subject distinguished name. + @constant kSecIssuerItemAttr Indicates a DER-encoded issuer distinguished name. + @constant kSecSerialNumberItemAttr Indicates a DER-encoded certificate serial number. + @constant kSecPublicKeyHashItemAttr Indicates a public key hash. + @constant kSecSubjectKeyIdentifierItemAttr Indicates a subject key identifier. + @constant kSecCertTypeItemAttr Indicates a certificate type. + @constant kSecCertEncodingItemAttr Indicates a certificate encoding. +*/ +enum +{ + kSecSubjectItemAttr = 'subj', + kSecIssuerItemAttr = 'issu', + kSecSerialNumberItemAttr = 'snbr', + kSecPublicKeyHashItemAttr = 'hpky', + kSecSubjectKeyIdentifierItemAttr = 'skid', + kSecCertTypeItemAttr = 'ctyp', + kSecCertEncodingItemAttr = 'cenc' +}; + +/*! + @function SecCertificateGetTypeID + @abstract Returns the type identifier of SecCertificate instances. + @result The CFTypeID of SecCertificate instances. +*/ +CFTypeID SecCertificateGetTypeID(void); + +#pragma mark ÑÑÑÑ Certificate Operations ÑÑÑÑ + +/*! + @function SecCertificateCreateFromData + @abstract Creates a certificate based on the input data, type, and encoding. + @param data A pointer to the certificate data. + @param type The certificate type as defined in cssmtype.h. + @param encoding The certificate encoding as defined in cssmtype.h. + @param certificate On return, a pointer to the newly created certificate reference. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef *certificate); + +/*! + @function SecCertificateAddToKeychain + @abstract Adds a certificate to the keychain specified. + @param certificate A reference to the certificate to add to the keychain. + @param keychain A reference to the keychain to which to add the certificate. Pass NULL to add the certificate to the default keychain. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function call only works if the certificate was created using the SecCertificateCreateFromData function and the certificate has not yet been added to a keychain. +*/ +OSStatus SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef keychain); + +/*! + @function SecCertificateGetData + @abstract Retrieves the data for a given certificate. + @param certificate A reference to the certificate from which to retrieve the data. + @param data On return, a pointer to the data for the certificate specified. The caller must allocate the space for a CSSM_DATA structure before calling this function. This data pointer is only guaranteed to remain valid as long as the certificate remains unchanged and valid. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data); + +/*! + @function SecCertificateGetItem + @abstract Retrieves the keychain item reference for a given certificate. + @param certificate A reference to the certificate from which to obtain the keychain item reference. + @param item On return, a pointer to the keychain item reference of the certificate specified. If the certificate is not based on a keychain item, the value of item is NULL. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecCertificateGetItem(SecCertificateRef certificate, SecKeychainItemRef *item); + +/*! + @function SecCertificateGetType + @abstract Retrieves the type for a given certificate. + @param certificate A reference to the certificate from which to obtain the type. + @param certificateType On return, a pointer to the certificate type of the certificate specified. Certificate types are defined in cssmtype.h + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecCertificateGetType(SecCertificateRef certificate, CSSM_CERT_TYPE *certificateType); + +/*! + @function SecCertificateGetSubject + @abstract Retrieves the subject for a given certificate. + @param certificate A reference to the certificate from which to obtain the subject. + @param subject On return, a pointer to the subject of the given certificate. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecCertificateGetSubject(SecCertificateRef certificate, CSSM_X509_NAME *subject); + +/*! + @function SecCertificateGetIssuer + @abstract Retrieves the issuer of a given certificate. + @param certificate A reference to the certificate from which to obtain the issuer. + @param issuer On return, a pointer to the issuer of the given certificate. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecCertificateGetIssuer(SecCertificateRef certificate, CSSM_X509_NAME *issuer); + +/*! + @function SecCertificateGetCLHandle + @abstract Retrieves the certificate library handle for a given certificate. + @param certificate A reference to the certificate from which to obtain the certificate library handle. + @param clHandle On return, a pointer to the certificate library handle of the given certificate. This handle remains valid at least as long as the certificate does. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecCertificateGetCLHandle(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECCERTIFICATE_H_ */ diff --git a/Keychain/SecCertificateBundle.cpp b/Keychain/SecCertificateBundle.cpp new file mode 100644 index 00000000..53774477 --- /dev/null +++ b/Keychain/SecCertificateBundle.cpp @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" + + +OSStatus +SecCertificateBundleImport( + SecKeychainRef keychain, + const CSSM_CERT_BUNDLE* bundle, + CSSM_CERT_BUNDLE_TYPE type, + CSSM_CERT_BUNDLE_ENCODING encodingType, + CFArrayRef keychainListToSkipDuplicates) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + + +OSStatus +SecCertifcateBundleExport( + CFArrayRef itemList, + CSSM_CERT_BUNDLE_TYPE type, + CSSM_CERT_BUNDLE_ENCODING encodingType, + CSSM_DATA* data) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} diff --git a/Keychain/SecCertificateBundle.h b/Keychain/SecCertificateBundle.h new file mode 100644 index 00000000..f97f07ae --- /dev/null +++ b/Keychain/SecCertificateBundle.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecCertificateBundle + The functions provided in SecCertificateBundle implement a way to issue a certificate request to a + certificate authority. +*/ + +#ifndef _SECURITY_SECCERTIFICATEBUNDLE_H_ +#define _SECURITY_SECCERTIFICATEBUNDLE_H_ + +#include +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @function SecCertificateBundleImport + @abstract Imports one or more certificates into a keychain with the specified encoding and bundle type. + @param keychain The destination keychain for the import. Specify NULL for the default keychain. + @param bundle A pointer to the bundle data. + @param type The bundle type as defined in cssmtype.h. + @param encodingType The bundle encoding type as defined in cssmtype.h. + @param keychainListToSkipDuplicates A reference to an array of keychains. These keychains contain certificates that shouldn't be duplicated during the import. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecCertificateBundleImport( + SecKeychainRef keychain, + const CSSM_CERT_BUNDLE* bundle, + CSSM_CERT_BUNDLE_TYPE type, + CSSM_CERT_BUNDLE_ENCODING encodingType, + CFArrayRef keychainListToSkipDuplicates); + +/*! + @function SecCertifcateBundleExport + @abstract Exports one or more certificates into a bundle with the specified encoding and bundle type. + @param certificates An array of certificate and keychain items used to help build the bundle. + @param type The bundle type as defined in cssmtype.h. If the bundle type is unknown, an attempt will be made to determine the type for you. + @param encodingType The encoding type as defined in cssmtype.h. + @param data A pointer to data. On return, this points to the bundle data. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecCertifcateBundleExport( + CFArrayRef certificates, + CSSM_CERT_BUNDLE_TYPE type, + CSSM_CERT_BUNDLE_ENCODING encodingType, + CSSM_DATA* data); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECCERTIFICATEBUNDLE_H_ */ diff --git a/Keychain/SecCertificateRequest.cpp b/Keychain/SecCertificateRequest.cpp new file mode 100644 index 00000000..5b9e7147 --- /dev/null +++ b/Keychain/SecCertificateRequest.cpp @@ -0,0 +1,128 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" + + +CFTypeID +SecCertificateRequestGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().certificateRequest.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecCertificateRequestCreate( + SecPolicyRef policy, + CSSM_CERT_TYPE certificateType, + CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, + SecCertificateRequestRef* certRequest) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + + +OSStatus +SecCertificateRequestSetPrivateKey( + SecCertificateRequestRef certRequest, + SecKeychainItemRef privateKeyItemRef) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + + +OSStatus +SecCertificateRequestSetAttribute( + SecCertificateRequestRef certRequest, + const CSSM_OID* oid, + const CSSM_DATA* value) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + + +OSStatus +SecCertificateRequestSubmit( + SecCertificateRequestRef certRequest, + SecKeychainRef keychain, + sint32* estimatedTime, + SecKeychainItemRef* certRequestItemRef) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + + +OSStatus +SecCertificateRequestCreateFromItem( + SecKeychainItemRef certRequestItemRef, + SecCertificateRequestRef* certRequestRef) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + + +OSStatus +SecCertificateRequestGetType( + SecCertificateRequestRef certRequestRef, + CSSM_TP_AUTHORITY_REQUEST_TYPE* requestType) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + + +OSStatus +SecCertificateRequestGetResult( + SecCertificateRequestRef certRequestRef, + sint32* estimatedTime, + SecCertificateRef* certificateRef) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} diff --git a/Keychain/SecCertificateRequest.h b/Keychain/SecCertificateRequest.h new file mode 100644 index 00000000..e932b253 --- /dev/null +++ b/Keychain/SecCertificateRequest.h @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecCertificateRequest + SecCertificateRequest implements a way to issue a certificate request to a + certificate authority. +*/ + +#ifndef _SECURITY_SECCERTIFICATEREQUEST_H_ +#define _SECURITY_SECCERTIFICATEREQUEST_H_ + +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @typedef SecCertificateRequestRef + @abstract Contains information about a certificate request. +*/ +typedef struct OpaqueSecCertificateRequestRef *SecCertificateRequestRef; + +/*! + @function SecCertificateRequestGetTypeID + Returns the type identifier of all SecCertificateRequest instances. +*/ +CFTypeID SecCertificateRequestGetTypeID(void); + +/*! + @function SecCertificateRequestCreate + Create a certificate request operation based on a policy and certificate type. If a policy is not specified, one will be chosen for the caller. Once the requeste is created, a request reference is returned. For this request reference, you can set attributes for it by using SecCertificateRequestSetAttribute(). To submit the request call SecCertificateRequestSubmit(). + @param certificateType The certificate type (i.e. X509, PGP, etc). These types are in cssmtype.h + @param requestType The identifier to the type of request to submit (i.e. issue, verify, revoke, etc.). These are defined in cssmtype.h + @param certRequest A returned reference to the certificate request. + @result noErr 0 No error. +*/ +OSStatus SecCertificateRequestCreate( + SecPolicyRef policy, + CSSM_CERT_TYPE certificateType, + CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, + SecCertificateRequestRef* certRequest); + +/*! + @function SecCertificateRequestSetPrivateKey + For a given certificate request, set the private key for which the assocaited public key will be certified. + @param certRequest A reference to the certificate request. + @param privateKeyItemRef The keychain item private key to be used for this certificate request. The private key item must be of class type kSecAppleKeyItemClass. + @result noErr 0 No error. +*/ +OSStatus SecCertificateRequestSetPrivateKey( + SecCertificateRequestRef certRequest, + SecKeychainItemRef privateKeyItemRef); + +/*! + @function SecCertificateRequestSetAttribute + For a given certificate request, set an optional attribute for the request. For example, an attribute can be the caller credentials or any other attribute needed for the certificate request operation. + @param oid An BER-encoded oid that defines the attribute (i.e. CSSMOID_CommonName, CSSMOID_SerialNumber, etc.) + @param value The value for the attribute. + @result noErr 0 No error. +*/ +OSStatus SecCertificateRequestSetAttribute( + SecCertificateRequestRef certRequest, + const CSSM_OID* oid, + const CSSM_DATA* value); + +/*! + @function SecCertificateRequestSubmit + Submit a certificate request to be processed by the Security framework. Once the request is submitted, an estimated time is returned indicating when the request results can be retrieved. Once the estimated time has elapsed, obtain the result by calling SecCertificateRequestGetResult(). + @param certRequest A reference to the certificate request. + @param keychain The keychain in which to store the new certificate (for a new cert request) and the cert request item reference. + @param estimatedTime The number of estimated seconds before the result can be retrieved. + @param certRequestItemRef The returned persistent reference for the submitted request. This item is stored in the keychain specified by the keychain parameter. This item can be viewed as an certificate request operation that is still pending. + @result noErr 0 No error. +*/ +OSStatus SecCertificateRequestSubmit( + SecCertificateRequestRef certRequest, + SecKeychainRef keychain, + sint32* estimatedTime, + SecKeychainItemRef* certRequestItemRef); + +/*! + @function SecCertificateRequestCreateFromItem + Given a keychain item reference (a persistent reference for a certificate request), create a certificate request reference to be used by subsuequent calls that take a SecCertificateRequestRef. The keychain item must be obtained by calling SecKeychainSearchCreateFromAttributes() and SecKeychainCopySearchNextItem() for an item with the class of kSecAppleCertificateRequestItemClass. + @param certRequestItemRef A keychain item reference for the certificate request(%%%kSecGenericPasswordItemClass?) + @param certRequestRef The returned certificate request reference. + @result noErr 0 No error. +*/ +OSStatus SecCertificateRequestCreateFromItem( + SecKeychainItemRef certRequestItemRef, + SecCertificateRequestRef* certRequestRef); + +/*! + @function SecCertificateRequestGetType + Returns the certificate request type (i.e. issue, revoke, etc) for a given certificate request item reference. + @param certRequestRef A reference to a submitted request. + @param requestType The returned request type. + @result noErr 0 No error. +*/ +OSStatus SecCertificateRequestGetType( + SecCertificateRequestRef certRequestRef, + CSSM_TP_AUTHORITY_REQUEST_TYPE* requestType); + +/*! + @function SecCertificateRequestGetResult + Get the results of a certificate request. If the request is still pending, the estimated time will be returned which indicates when to call this function again. + @param certRequestRef A reference for the submitted request. + @param estimatedTime The number of estimated seconds before the result can be retrieved. + @param certficateRef The returned certificate reference for a CSSM_TP_AUTHORITY_REQUEST_CERTISSUE only. All other request types return NULL here. + @result noErr 0 No error. +*/ +OSStatus SecCertificateRequestGetResult( + SecCertificateRequestRef certRequestRef, + sint32* estimatedTime, + SecCertificateRef* certificateRef); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECCERTIFICATEREQUEST_H_ */ diff --git a/Keychain/SecIdentity.cpp b/Keychain/SecIdentity.cpp new file mode 100644 index 00000000..1f8b6297 --- /dev/null +++ b/Keychain/SecIdentity.cpp @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" + + +CFTypeID +SecIdentityGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().identity.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecIdentityCopyCertificate( + SecIdentityRef identityRef, + SecCertificateRef *certificateRef) +{ + BEGIN_SECAPI + + RefPointer certificatePtr(gTypes().identity.required(identityRef)->certificate()); + Required(certificateRef) = gTypes().certificate.handle(*certificatePtr); + + END_SECAPI +} + + +OSStatus +SecIdentityCopyPrivateKey( + SecIdentityRef identityRef, + SecKeyRef *privateKeyRef) +{ + BEGIN_SECAPI + + RefPointer keyItemPtr(gTypes().identity.required(identityRef)->privateKey()); + Required(privateKeyRef) = gTypes().keyItem.handle(*keyItemPtr); + + END_SECAPI +} diff --git a/Keychain/SecIdentity.h b/Keychain/SecIdentity.h new file mode 100644 index 00000000..cc6bcce0 --- /dev/null +++ b/Keychain/SecIdentity.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecIdentity + The functions provided in SecIdentity implement a convenient way to match private keys with certificates. +*/ + +#ifndef _SECURITY_SECIDENTITY_H_ +#define _SECURITY_SECIDENTITY_H_ + +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @function SecIdentityGetTypeID + @abstract Returns the type identifier of SecIdentity instances. + @result The CFTypeID of SecIdentity instances. +*/ +CFTypeID SecIdentityGetTypeID(void); + +/*! + @function SecIdentityGetCertificate + @abstract Returns a reference to a certificate for the given identity reference. + @param identityRef An identity reference. + @param certificateRef On return, a pointer to the found certificate reference. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecIdentityCopyCertificate( + SecIdentityRef identityRef, + SecCertificateRef *certificateRef); + +/*! + @function SecIdentityGetPrivateKey + @abstract Returns the private key associated with an identity. + @param identityRef An identity reference. + @param privateKeyRef On return, a pointer to the private key for the given identity. The private key must be of class type kSecAppleKeyItemClass. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecIdentityCopyPrivateKey( + SecIdentityRef identityRef, + SecKeyRef *privateKeyRef); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECIDENTITY_H_ */ diff --git a/Keychain/SecIdentitySearch.cpp b/Keychain/SecIdentitySearch.cpp new file mode 100644 index 00000000..ffb810eb --- /dev/null +++ b/Keychain/SecIdentitySearch.cpp @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" + + +CFTypeID +SecIdentitySearchGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().identityCursor.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecIdentitySearchCreate( + CFTypeRef keychainOrArray, + CSSM_KEYUSE keyUsage, + SecIdentitySearchRef *searchRef) +{ + BEGIN_SECAPI + + Required(searchRef); + + StorageManager::KeychainList keychains; + globals().storageManager.optionalSearchList(keychainOrArray, keychains); + RefPointer identityCursor(new IdentityCursor (keychains, keyUsage)); + *searchRef = gTypes().identityCursor.handle(*identityCursor); + + END_SECAPI +} + + +OSStatus +SecIdentitySearchCopyNext( + SecIdentitySearchRef searchRef, + SecIdentityRef *identityRef) +{ + BEGIN_SECAPI + + RequiredParam(identityRef); + RefPointer identityPtr; + if (!gTypes().identityCursor.required(searchRef)->next(identityPtr)) + return errSecItemNotFound; + + *identityRef = gTypes().identity.handle(*identityPtr); + + END_SECAPI +} diff --git a/Keychain/SecIdentitySearch.h b/Keychain/SecIdentitySearch.h new file mode 100644 index 00000000..038af2f4 --- /dev/null +++ b/Keychain/SecIdentitySearch.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecIdentitySearch + The functions provided in SecIdentitySearch implement a query for SecIdentity objects. +*/ + +#ifndef _SECURITY_SECIDENTITYSEARCH_H_ +#define _SECURITY_SECIDENTITYSEARCH_H_ + +#include +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @typedef SecIdentitySearchRef + @abstract Contains information about an identity search. +*/ +typedef struct OpaqueSecIdentitySearchRef *SecIdentitySearchRef; + +/*! + @function SecIdentitySearchGetTypeID + @abstract Returns the type identifier of SecIdentitySearch instances. + @result The CFTypeID of SecIdentitySearch instances. +*/ +CFTypeID SecIdentitySearchGetTypeID(void); + +/*! + @function SecIdentitySearchCreate + @abstract Creates a search reference for finding identities. + @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list. + @param keyUsage A CSSM_KEYUSE value as defined in cssmtype.h. Control the search by specifying the key usage for the identity. Pass in 0 if you want all identities returned by this search. Passing in CSSM_KEYUSE_ANY will limit the identities returned to those that can be used for every operation. + @param searchRef On return, a pointer to the identity search reference. You must release the identity search reference by calling the CFRelease function. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion You can set values for key usage, and one or more policies, to control the search for identities. You can use the returned search reference to obtain the remaining identities in subsequent calls to the SecIentitySearchCopyNext function. You must release the identity search reference by calling the CFRelease function. +*/ +OSStatus SecIdentitySearchCreate(CFTypeRef keychainOrArray, CSSM_KEYUSE keyUsage, SecIdentitySearchRef *searchRef); + +/*! + @function SecIdentitySearchCopyNext + @abstract Finds the next identity matching the given search criteria, as previously specified by a call to SecKeychainIdentitySearchCreate. + @param searchRef A reference to the current identity search. You create the identity search reference by calling the SecIdentitySearchCreate function. + @param identity On return, a pointer to an identity reference of the next matching identity, if any. You must call the CFRelease function when finished with the identity search reference. + @result A result code. When there are no more identities that match the parameters specified to SecPolicySearchCreate, errSecItemNotFound is returned. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecIdentitySearchCopyNext(SecIdentitySearchRef searchRef, SecIdentityRef *identity); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECIDENTITYSEARCH_H_ */ diff --git a/Keychain/SecKey.cpp b/Keychain/SecKey.cpp new file mode 100644 index 00000000..8349e7cf --- /dev/null +++ b/Keychain/SecKey.cpp @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" + +CFTypeID +SecKeyGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().keyItem.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecKeyCreatePair( + SecKeychainRef keychain, + CSSM_ALGORITHMS algorithm, + UInt32 keySizeInBits, + CSSM_KEYUSE publicKeyUsage, + uint32 publicKeyAttr, + SecKeychainItemRef* publicKeyItemRef, + CSSM_KEYUSE privateKeyUsage, + uint32 privateKeyAttr, + SecKeychainItemRef* privateKeyItemRef, + SecAccessRef initialAccess) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + +OSStatus +SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY **cssmKey) +{ + BEGIN_SECAPI + + Required(cssmKey) = &gTypes().keyItem.required(key)->cssmKey(); + + END_SECAPI +} diff --git a/Keychain/SecKey.h b/Keychain/SecKey.h new file mode 100644 index 00000000..c30a7c60 --- /dev/null +++ b/Keychain/SecKey.h @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecKey + The functions provided in SecKey implement a particular type of SecKeychainItem which represents a key. SecKeys might be stored in a SecKeychain, but can also be used as transient object representing keys. + + Most SecKeychainItem* functions will work on an SecKeyRef. +*/ + +#ifndef _SECURITY_SECKEY_H_ +#define _SECURITY_SECKEY_H_ + +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @function SecKeyGetTypeID + @abstract Returns the type identifier of SecKey instances. + @result The CFTypeID of SecKey instances. +*/ +CFTypeID SecKeyGetTypeID(void); + +/*! + @function SecKeyCreatePair + @abstract Creates an asymmetric key pair and stores it in the keychain specified by the keychain parameter. + @param keychain A reference to the keychain in which to store the private and public key items. Specify NULL for the default keychain. + @param algorithm An algorithm for the key pair. + @param keySizeInBits A key size for the key pair. + @param publicKeyUsage A bit mask indicating all permitted uses for the new public key. The bit mask values are defined in cssmtype.h + @param publicKeyAttr A bit mask defining attribute values for the new public key. The bit mask values are equivalent to a CSSM_KEYATTR_FLAGS and are defined in cssmtype.h + @param publicKey A pointer to the keychain item reference of the new public key. Use the SecKeyGetCSSMKey function to obtain the CSSM_KEY. The public key item must be of class type kSecAppleKeyItemClass. + @param privateKeyUsage A bit mask indicating all permitted uses for the new private key. The bit mask values are defined in cssmtype.h + @param privateKeyAttr A bit mask defining attribute values for the new private key. The bit mask values are equivalent to a CSSM_KEYATTR_FLAGS and are defined in cssmtype.h + @param privateKey A pointer to the keychain item reference of the new private key. Use the SecKeyGetCSSMKey function to obtain the CSSM_KEY. The private key item must be of class type kSecAppleKeyItemClass. + @param initialAccess A reference to an initial access to use for each of the keys returned. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeyCreatePair( + SecKeychainRef keychain, + CSSM_ALGORITHMS algorithm, + uint32 keySizeInBits, + CSSM_KEYUSE publicKeyUsage, + uint32 publicKeyAttr, + SecKeyRef* publicKey, + CSSM_KEYUSE privateKeyUsage, + uint32 privateKeyAttr, + SecKeyRef* privateKey, + SecAccessRef initialAccess); + +/*! + @function SecKeyGetCSSMKey + @abstract Returns a pointer to the CSSM_KEY for the given key item reference. + @param key A keychain key item reference. The key item must be of class type kSecAppleKeyItemClass. + @param cssmKey A pointer to a CSSM_KEY structure for the given key. The caller should not modify or free this data as it is owned by the library. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion The CSSM_KEY is valid until the key item reference is released. +*/ +OSStatus SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY **cssmKey); + + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECKEY_H_ */ diff --git a/Keychain/SecKeychain.cpp b/Keychain/SecKeychain.cpp new file mode 100644 index 00000000..a90e4ad4 --- /dev/null +++ b/Keychain/SecKeychain.cpp @@ -0,0 +1,645 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include +#include +#include +#include +#include "SecBridge.h" +#include "CCallbackMgr.h" +#include "Schema.h" + + +CFTypeID +SecKeychainGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().keychain.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecKeychainGetVersion(UInt32 *returnVers) +{ + if (!returnVers) + return noErr; + + *returnVers = 0x02028000; + return noErr; +} + + +OSStatus +SecKeychainOpen(const char *pathName, SecKeychainRef *keychainRef) +{ + BEGIN_SECAPI + + RequiredParam(keychainRef)=gTypes().keychain.handle(*globals().storageManager.make(pathName)); + + END_SECAPI +} + + +OSStatus +SecKeychainCreate(const char *pathName, UInt32 passwordLength, const void *password, + Boolean promptUser, SecAccessRef initialAccess, SecKeychainRef *keychainRef) +{ + BEGIN_SECAPI + + KCThrowParamErrIf_(!pathName); + Keychain keychain = globals().storageManager.make(pathName); + + // @@@ the call to StorageManager::make above leaves keychain the the cache. + // If the create below fails we should probably remove it. + if(promptUser) + keychain->create(); + else + { + KCThrowParamErrIf_(!password); + keychain->create(passwordLength, password); + } + RequiredParam(keychainRef)=gTypes().keychain.handle(*keychain); + + END_SECAPI +} + + +OSStatus +SecKeychainDelete(SecKeychainRef keychainOrArray) +{ + BEGIN_SECAPI + + StorageManager::KeychainList keychains; + globals().storageManager.optionalSearchList(keychainOrArray, keychains); + globals().storageManager.remove(keychains, true); + + END_SECAPI +} + + +OSStatus +SecKeychainSetSettings(SecKeychainRef keychainRef, const SecKeychainSettings *newSettings) +{ + BEGIN_SECAPI + + Keychain keychain = Keychain::optional(keychainRef); + if (newSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1) + { + UInt32 lockInterval=newSettings->lockInterval; + bool lockOnSleep=newSettings->lockOnSleep; + keychain->setSettings(lockInterval, lockOnSleep); + } + + END_SECAPI +} + + +OSStatus +SecKeychainCopySettings(SecKeychainRef keychainRef, SecKeychainSettings *outSettings) +{ + BEGIN_SECAPI + + Keychain keychain = Keychain::optional(keychainRef); + if (outSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1) + { + UInt32 lockInterval; + bool lockOnSleep; + + keychain->getSettings(lockInterval, lockOnSleep); + outSettings->lockInterval=lockInterval; + outSettings->lockOnSleep=lockOnSleep; + } + + END_SECAPI +} + + +OSStatus +SecKeychainUnlock(SecKeychainRef keychainRef, UInt32 passwordLength, void *password, Boolean usePassword) +{ + BEGIN_SECAPI + + Keychain keychain = Keychain::optional(keychainRef); + + if(usePassword) + keychain->unlock(CssmData(password,passwordLength)); + else + keychain->unlock(); + + END_SECAPI +} + + +OSStatus +SecKeychainLock(SecKeychainRef keychainRef) +{ + BEGIN_SECAPI + + Keychain keychain = Keychain::optional(keychainRef); + keychain->lock(); + + END_SECAPI +} + + +OSStatus +SecKeychainLockAll(void) +{ + BEGIN_SECAPI + + globals().storageManager.lockAll(); + + END_SECAPI +} + + +OSStatus +SecKeychainCopyDefault(SecKeychainRef *keychainRef) +{ + BEGIN_SECAPI + + RequiredParam(keychainRef)=gTypes().keychain.handle(*globals().defaultKeychain.keychain()); + + END_SECAPI +} + + +OSStatus +SecKeychainSetDefault(SecKeychainRef keychainRef) +{ + BEGIN_SECAPI + + globals().defaultKeychain.keychain(Keychain::optional(keychainRef)); + + END_SECAPI +} + +OSStatus SecKeychainCopySearchList(CFArrayRef* searchList) +{ + BEGIN_SECAPI + + RequiredParam(searchList); + StorageManager &smr = globals().storageManager; + StorageManager::KeychainList keychainList; + smr.getSearchList(keychainList); + *searchList = smr.convertFromKeychainList(keychainList); + + END_SECAPI +} + +OSStatus SecKeychainSetSearchList(CFArrayRef searchList) +{ + BEGIN_SECAPI + + RequiredParam(searchList); + StorageManager &smr = globals().storageManager; + StorageManager::KeychainList keychainList; + smr.convertToKeychainList(searchList, keychainList); + smr.setSearchList(keychainList); + + END_SECAPI +} + +OSStatus +SecKeychainGetStatus(SecKeychainRef keychainRef, SecKeychainStatus *keychainStatus) +{ + BEGIN_SECAPI + + RequiredParam(keychainStatus) = (SecKeychainStatus)Keychain::optional(keychainRef)->status(); + + END_SECAPI +} + + +OSStatus +SecKeychainGetPath(SecKeychainRef keychainRef, UInt32 * ioPathLength, char *pathName) +{ + BEGIN_SECAPI + + RequiredParam(pathName); + + const char *name = Keychain::optional(keychainRef)->name(); + UInt32 nameLen = strlen(name); + if (nameLen+1 > *ioPathLength) // if the client's buffer is too small (including null-termination), throw + CssmError::throwMe(CSSMERR_CSSM_BUFFER_TOO_SMALL); + strncpy(pathName, name, nameLen); + pathName[nameLen] = 0; + *ioPathLength = nameLen; // set the length. + + END_SECAPI +} + + +// @@@ Depricated +UInt16 +SecKeychainListGetCount(void) +{ + BEGIN_SECAPI + + return globals().storageManager.size(); + + END_SECAPI1(0) +} + + +// @@@ Depricated +OSStatus +SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef) +{ + BEGIN_SECAPI + + KeychainCore::StorageManager &smgr=KeychainCore::globals().storageManager; + RequiredParam(keychainRef)=gTypes().keychain.handle(*smgr[index]); + + END_SECAPI +} + + +// @@@ Depricated +OSStatus +SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef) +{ + BEGIN_SECAPI + + Required(keychainRef); + Keychain keychain = Keychain::optional(*keychainRef); + StorageManager::KeychainList keychainList; + keychainList.push_back(keychain); + globals().storageManager.remove(keychainList); + *keychainRef = NULL; + + END_SECAPI +} + + +OSStatus +SecKeychainAttributeInfoForItemID(SecKeychainRef keychainRef, UInt32 itemID, SecKeychainAttributeInfo **info) +{ + BEGIN_SECAPI + + Keychain keychain = Keychain::optional(keychainRef); + keychain->getAttributeInfoForItemID(itemID, info); + + END_SECAPI +} + + +OSStatus +SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info) +{ + BEGIN_SECAPI + + KeychainImpl::freeAttributeInfo(info); + + END_SECAPI +} + + +pascal OSStatus +SecKeychainAddCallback(SecKeychainCallback callbackFunction, SecKeychainEventMask eventMask, void* userContext) +{ + BEGIN_SECAPI + + RequiredParam(callbackFunction); + CCallbackMgr::AddCallback(callbackFunction,eventMask,userContext); + + END_SECAPI +} + + +OSStatus +SecKeychainRemoveCallback(SecKeychainCallback callbackFunction) +{ + BEGIN_SECAPI + + RequiredParam(callbackFunction); + CCallbackMgr::RemoveCallback(callbackFunction); + + END_SECAPI +} + + +OSStatus +SecKeychainAddInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef) +{ + BEGIN_SECAPI + + KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL); + // @@@ Get real itemClass + Item item(kSecInternetPasswordItemClass, 'aapl', passwordLength, passwordData); + + if (serverName && serverNameLength) + item->setAttribute(Schema::attributeInfo(kSecServerItemAttr), + CssmData(const_cast(reinterpret_cast(serverName)), serverNameLength)); + + if (accountName && accountNameLength) + { + CssmData account(const_cast(reinterpret_cast(accountName)), accountNameLength); + item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account); + // @@@ We should probably leave setting of label up to lower level code. + item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), account); + } + + if (securityDomain && securityDomainLength) + item->setAttribute(Schema::attributeInfo(kSecSecurityDomainItemAttr), + CssmData(const_cast(reinterpret_cast(securityDomain)), securityDomainLength)); + + item->setAttribute(Schema::attributeInfo(kSecPortItemAttr), UInt32(port)); + item->setAttribute(Schema::attributeInfo(kSecProtocolItemAttr), protocol); + item->setAttribute(Schema::attributeInfo(kSecAuthenticationTypeItemAttr), authenticationType); + + if (path && pathLength) + item->setAttribute(Schema::attributeInfo(kSecPathItemAttr), + CssmData(const_cast(reinterpret_cast(path)), pathLength)); + + Keychain::optional(keychainRef)->add(item); + if (itemRef) + *itemRef = gTypes().item.handle(*item); + + END_SECAPI +} + + +OSStatus +SecKeychainFindInternetPassword(CFTypeRef keychainOrArray, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef) + +{ + BEGIN_SECAPI + + StorageManager::KeychainList keychains; + globals().storageManager.optionalSearchList(keychainOrArray, keychains); + KCCursor cursor(keychains, kSecInternetPasswordItemClass, NULL); + + if (serverName && serverNameLength) + { + cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecServerItemAttr), + CssmData(const_cast(serverName), serverNameLength)); + } + + if (securityDomain && securityDomainLength) + { + cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecSecurityDomainItemAttr), + CssmData (const_cast(securityDomain), securityDomainLength)); + } + + if (accountName && accountNameLength) + { + cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecAccountItemAttr), + CssmData (const_cast(accountName), accountNameLength)); + } + + if (port) + { + cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecPortItemAttr), + UInt32(port)); + } + + if (protocol) + { + cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecProtocolItemAttr), + protocol); + } + + if (authenticationType) + { + cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecAuthenticationTypeItemAttr), + authenticationType); + } + + if (path && pathLength) + { + cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecPathItemAttr), path); + } + + Item item; + if (!cursor->next(item)) + return errSecItemNotFound; + + // Get its data (only if necessary) + if (passwordData || passwordLength) + { + CssmDataContainer outData; + item->getData(outData); + *passwordLength=outData.length(); + outData.Length=0; + *passwordData=outData.data(); + outData.Data=NULL; + } + + if (itemRef) + *itemRef=gTypes().item.handle(*item); + + END_SECAPI +} + + +OSStatus +SecKeychainAddGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef) + +{ + BEGIN_SECAPI + + KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL); + // @@@ Get real itemClass + Item item(kSecGenericPasswordItemClass, 'aapl', passwordLength, passwordData); + + if (serviceName && serviceNameLength) + item->setAttribute(Schema::attributeInfo(kSecServiceItemAttr), CssmData(const_cast(reinterpret_cast(serviceName)), serviceNameLength)); + + if (accountName && accountNameLength) + { + CssmData account(const_cast(reinterpret_cast(accountName)), accountNameLength); + item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account); + // @@@ We should probably leave setting of label up to lower level code. + item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), account); + } + + Keychain::optional(keychainRef)->add(item); + if (itemRef) + *itemRef = gTypes().item.handle(*item); + + END_SECAPI +} + + +OSStatus +SecKeychainFindGenericPassword(CFTypeRef keychainOrArray, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef) + +{ + BEGIN_SECAPI + + StorageManager::KeychainList keychains; + globals().storageManager.optionalSearchList(keychainOrArray, keychains); + KCCursor cursor(keychains, kSecGenericPasswordItemClass, NULL); + + if (serviceName && serviceNameLength) + { + cursor->add (CSSM_DB_EQUAL, Schema::attributeInfo(kSecServiceItemAttr), + const_cast(serviceName)); + } + + if (accountName && accountNameLength) + { + cursor->add (CSSM_DB_EQUAL, Schema::attributeInfo(kSecAccountItemAttr), + const_cast(accountName)); + } + + Item item; + if (!cursor->next(item)) + return errSecItemNotFound; + + // Get its data (only if necessary) + if (passwordData || passwordLength) + { + CssmDataContainer outData; + item->getData(outData); + *passwordLength=outData.length(); + outData.Length=0; + *passwordData=outData.data(); + outData.Data=NULL; + } + + if (itemRef) + *itemRef=gTypes().item.handle(*item); + + END_SECAPI +} + + +OSStatus +SecKeychainSetUserInteractionAllowed(Boolean state) +{ + BEGIN_SECAPI + + globals().setUserInteractionAllowed(state); + + END_SECAPI +} + + +OSStatus +SecKeychainGetUserInteractionAllowed(Boolean *state) +{ + BEGIN_SECAPI + + Required(state)=globals().getUserInteractionAllowed(); + + END_SECAPI +} + + +OSStatus +SecKeychainGetDLDBHandle(SecKeychainRef keychainRef, CSSM_DL_DB_HANDLE *dldbHandle) +{ + BEGIN_SECAPI + + RequiredParam(dldbHandle); + + Keychain keychain = Keychain::optional(keychainRef); + *dldbHandle = keychain->database()->handle(); + + END_SECAPI +} + + +OSStatus +SecKeychainGetCSPHandle(SecKeychainRef keychainRef, CSSM_CSP_HANDLE *cspHandle) +{ + BEGIN_SECAPI + + RequiredParam(cspHandle); + + Keychain keychain = Keychain::optional(keychainRef); + *cspHandle = keychain->csp()->handle(); + + END_SECAPI +} + + +OSStatus +SecKeychainCopyAccess(SecKeychainRef keychainRef, SecAccessRef *accessRef) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + + +OSStatus +SecKeychainSetAccess(SecKeychainRef keychainRef, SecAccessRef accessRef) +{ + BEGIN_SECAPI + + MacOSError::throwMe(unimpErr);//%%%for now + + END_SECAPI +} + + +#pragma mark ---- Private API ---- + + +OSStatus +SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword) +{ + BEGIN_SECAPI + + Keychain keychain = Keychain::optional(keychainRef); + keychain->changePassphrase (oldPasswordLength, oldPassword, newPasswordLength, newPassword); + + END_SECAPI +} + + +OSStatus +SecKeychainCopyLogin(SecKeychainRef *keychainRef) +{ + BEGIN_SECAPI + + // NOTE: operates on default Keychain! It shouldn't... we want to + // have code that operates of a login keychain. + RequiredParam(keychainRef)=gTypes().keychain.handle(*globals().defaultKeychain.keychain()); + + END_SECAPI +} + + +OSStatus +SecKeychainLogin(UInt32 nameLength, void* name, UInt32 passwordLength, void* password) +{ + BEGIN_SECAPI + + globals().storageManager.login(nameLength, name, passwordLength, password); + + END_SECAPI +} + + +OSStatus +SecKeychainLogout() +{ + BEGIN_SECAPI + + globals().storageManager.logout(); + + END_SECAPI +} diff --git a/Keychain/SecKeychain.h b/Keychain/SecKeychain.h new file mode 100644 index 00000000..cb1d26ce --- /dev/null +++ b/Keychain/SecKeychain.h @@ -0,0 +1,559 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecKeychain + SecKeychain implements a repository for securely storing items with publicly visible attributes by which to find the items. +*/ + +#ifndef _SECURITY_SECKEYCHAIN_H_ +#define _SECURITY_SECKEYCHAIN_H_ + +#include +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @enum KeychainStatus + @abstract Defines the current status of a keychain. + @constant kSecUnlockStateStatus Indicates the keychain is unlocked. + @constant kSecReadPermStatus Indicates the keychain is readable. + @constant kSecWritePermStatus Indicates the keychain is writable. +*/ +enum +{ + kSecUnlockStateStatus = 1, + kSecReadPermStatus = 2, + kSecWritePermStatus = 4 +}; + +#define SEC_KEYCHAIN_SETTINGS_VERS1 1 + +/*! + @typedef SecKeychainSettings + @abstract Contains keychain settings. + @field version An unsigned 32-bit integer representing the keychain version. + @field lockOnSleep A boolean value indicating whether the keychain locks when the system sleeps. + @field useLockInterval A boolean value indicating whether the keychain automatically locks after a certain period of time. + @field lockInterval An unsigned 32-bit integer representing the number of seconds before the keychain locks. +*/ +struct SecKeychainSettings +{ + UInt32 version; + Boolean lockOnSleep; + Boolean useLockInterval; + UInt32 lockInterval; +}; +typedef struct SecKeychainSettings SecKeychainSettings; + +/*! + @typedef SecAuthenticationType + @abstract Represents the type of authentication to use for an Internet password. +*/ +typedef FourCharCode SecAuthenticationType; + +/*! + @enum AuthenticationConstants + @abstract Defines constants you can use to identify the type of authentication to use for an Internet password. + @constant kSecAuthenticationTypeNTLM Specifies Windows NT LAN Manager authentication. + @constant kSecAuthenticationTypeMSN Specifies Microsoft Network default authentication. + @constant kSecAuthenticationTypeDPA Specifies Distributed Password authentication. + @constant kSecAuthenticationTypeRPA Specifies Remote Password authentication. + @constant kSecAuthenticationTypeHTTPDigest Specifies HTTP Digest Access authentication. + @constant kSecAuthenticationTypeDefault Specifies the default authentication type. +*/ +enum +{ + kSecAuthenticationTypeNTLM = 'ntlm', + kSecAuthenticationTypeMSN = 'msna', + kSecAuthenticationTypeDPA = 'dpaa', + kSecAuthenticationTypeRPA = 'rpaa', + kSecAuthenticationTypeHTTPDigest = 'httd', + kSecAuthenticationTypeDefault = 'dflt' +}; + +/*! + @typedef SecProtocolType + @abstract Represents the protocol type associated with an AppleShare or Internet password. +*/ +typedef FourCharCode SecProtocolType; + +/*! + @enum ProtocolTypeConstants + @abstract Defines the protocol type associated with an AppleShare or Internet password. + @constant kSecProtocolTypeFTP Indicates FTP. + @constant kSecProtocolTypeFTPAccount Indicates FTP Account. + @constant kSecProtocolTypeHTTP Indicates HTTP. + @constant kSecProtocolTypeIRC Indicates IRC. + @constant kSecProtocolTypeNNTP Indicates NNTP. + @constant kSecProtocolTypePOP3 Indicates POP3. + @constant kSecProtocolTypeSMTP Indicates SMTP. + @constant kSecProtocolTypeSOCKS Indicates SOCKS. + @constant kSecProtocolTypeIMAP Indicates IMAP. + @constant kSecProtocolTypeLDAP Indicates LDAP. + @constant kSecProtocolTypeAppleTalk Indicates AFP over AppleTalk. + @constant kSecProtocolTypeAFP Indicates AFP. + @constant kSecProtocolTypeTelnet Indicates Telnet. + @constant kSecProtocolTypeSSH Indicates SSH. +*/ +enum +{ + kSecProtocolTypeFTP = 'ftp ', + kSecProtocolTypeFTPAccount = 'ftpa', + kSecProtocolTypeHTTP = 'http', + kSecProtocolTypeIRC = 'irc ', + kSecProtocolTypeNNTP = 'nntp', + kSecProtocolTypePOP3 = 'pop3', + kSecProtocolTypeSMTP = 'smtp', + kSecProtocolTypeSOCKS = 'sox ', + kSecProtocolTypeIMAP = 'imap', + kSecProtocolTypeLDAP = 'ldap', + kSecProtocolTypeAppleTalk = 'atlk', + kSecProtocolTypeAFP = 'afp ', + kSecProtocolTypeTelnet = 'teln', + kSecProtocolTypeSSH = 'ssh ' +}; + +/*! + @typedef SecKeychainEvent + @abstract Represents an event in which the state of a keychain or one of its items changed. +*/ +typedef UInt32 SecKeychainEvent; + +/*! + @enum KeychainEventConstants + @abstract Defines the keychain-related event. + @constant kSecLockEvent Indicates a keychain was locked. + @constant kSecUnlockEvent Indicates a keychain was unlocked. + @constant kSecAddEvent Indicates an item was added to a keychain. + @constant kSecDeleteEvent Indicates an item was deleted from a keychain. + @constant kSecUpdateEvent Indicates a keychain item was updated. + @constant kSecPasswordChangedEvent Indicates the keychain password was changed. + @constant kSecDefaultChangedEvent Indicates that a different keychain was specified as the default. + @constant kSecDataAccessEvent Indicates a process has accessed a keychain item's data. + @constant kSecKeychainListChangedEvent Indicates the list of keychains has changed. +*/ +enum +{ + kSecLockEvent = 1, + kSecUnlockEvent = 2, + kSecAddEvent = 3, + kSecDeleteEvent = 4, + kSecUpdateEvent = 5, + kSecPasswordChangedEvent = 6, + kSecDefaultChangedEvent = 9, + kSecDataAccessEvent = 10, + kSecKeychainListChangedEvent = 11 +}; + +/*! + @typedef SecKeychainEventMask + @abstract Represents a bit mask of keychain events +*/ +typedef UInt32 SecKeychainEventMask; + +/*! + @enum KeychainEventConstants + @abstract Defines keychain event constants + @constant kSecLockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is locked. + @constant kSecUnlockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is unlocked. + @constant kSecAddEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is added to a keychain. + @constant kSecDeleteEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is deleted from a keychain. + @constant kSecUpdateEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated. + @constant kSecPasswordChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when the keychain password is changed. + @constant kSecDefaultChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when a different keychain is specified as the default. + @constant kSecDataAccessEventMask If the bit specified by this mask is set, your callback function will be invoked when a process accesses a keychain item's data. + @constant kSecEveryEventMask If all the bits are set, your callback function will be invoked whenever any event occurs. +*/ +enum +{ + kSecLockEventMask = 1 << kSecLockEvent, + kSecUnlockEventMask = 1 << kSecUnlockEvent, + kSecAddEventMask = 1 << kSecAddEvent, + kSecDeleteEventMask = 1 << kSecDeleteEvent, + kSecUpdateEventMask = 1 << kSecUpdateEvent, + kSecPasswordChangedEventMask = 1 << kSecPasswordChangedEvent, + kSecDefaultChangedEventMask = 1 << kSecDefaultChangedEvent, + kSecDataAccessEventMask = 1 << kSecDataAccessEvent, + kSecKeychainListChangedMask = 1 << kSecKeychainListChangedEvent, + kSecEveryEventMask = 0xffffffff +}; + +/*! + @typedef SecKeychainCallbackInfo + @abstract Contains information about a keychain event. + @field version The version of this structure. + @field item A reference to the keychain item associated with this event, if any. Note that some events do not involve a particular keychain item. + @field keychain A reference to the keychain in which the event occurred. + @field pid The id of the process that generated this event. + @discussion The SecKeychainCallbackInfo type represents a structure that contains information about the keychain event for which your application is being notified. For information on how to write a keychain event callback function, see SecKeychainCallback. +*/ +struct SecKeychainCallbackInfo +{ + UInt32 version; + SecKeychainItemRef item; + SecKeychainRef keychain; + pid_t pid; +}; +typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo; + +/*! + @function SecKeychainGetTypeID + @abstract Returns the type identifier of SecKeychain instances. + @result The CFTypeID of SecKeychain instances. +*/ +CFTypeID SecKeychainGetTypeID(void); + +/*! + @function SecKeychainGetVersion + @abstract Determines the version of the Keychain Manager installed on the userÕs system. + @param returnVers On return, a pointer to the version number of the Keychain Manager installed on the current system. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainGetVersion(UInt32 *returnVers); + +#pragma mark ÑÑÑÑ Keychain Management ÑÑÑÑ +/*! + @function SecKeychainOpen + @abstract Opens a keychain. + @param pathName The POSIX path to a keychain. + @param keychain On return, a pointer to the keychain reference. The memory that keychain occupies must be released by calling CFRelease when finished with it. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL). +*/ +OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef *keychain); + +/*! + @function SecKeychainCreateNew + @abstract Creates a new keychain. + @param pathName The POSIX path to a keychain file. + @param passwordLength An unsigned 32-bit integer representing the length of the password buffer. + @param password A pointer to the buffer containing the password. The password must be in canonical UTF8 encoding. + @param promptUser A boolean representing whether to display a password dialog to the user. + @param initialAccess An access reference. + @param keychain On return, a pointer to a keychain reference. The memory that keychain occupies must be released by calling CFRelease when finished with it. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL). +*/ +OSStatus SecKeychainCreate(const char *pathName, UInt32 passwordLength, const void *password, Boolean promptUser, SecAccessRef initialAccess, SecKeychainRef *keychain); + +/*! + @function SecKeychainDelete + @abstract Deletes a keychain from the default searchlist, and removes the keychain itself if it is a file. + @param keychain A pointer to a keychain reference. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL). +*/ +OSStatus SecKeychainDelete(SecKeychainRef keychain); + +/*! + @function SecKeychainSetSettings + @abstract Changes the settings of a keychain. + @param keychain A reference to a keychain. + @param newSettings A pointer to the new keychain settings. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainSetSettings(SecKeychainRef keychain, const SecKeychainSettings *newSettings); + +/*! + @function SecKeychainCopySettings + @abstract Copy the keychain settings. + @param keychain A reference to the keychain from which to copy its settings. + @param outSettings A pointer to a keychain settings structure. Since this structure is versioned, you must preallocate it and fill in the version of the structure. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainCopySettings(SecKeychainRef keychain, SecKeychainSettings *outSettings); + +/*! + @function SecKeychainUnlock + @abstract Unlocks the specified keychain. + @param keychain A reference to the keychain to unlock. Pass NULL to specify the default keychain. If you pass NULL and the default keychain is currently locked, the keychain will appear as the default choice. If you pass a locked keychain, SecKeychainUnlock will use the password provided to unlock it. If the default keychain is currently unlocked, SecKeychainUnlock returns noErr. + @param passwordLength An unsigned 32-bit integer representing the length of the password buffer. + @param password A buffer containing the password for the keychain. Pass NULL if the user password is unknown. In this case, SecKeychainUnlock displays the Unlock Keychain dialog box, and the authentication user interface associated with the keychain about to be unlocked. + @param usePassword A boolean indicating whether the password parameter is used. You should pass TRUE if it is used or FALSE if it is ignored. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion In most cases, your application does not need to call the SecKeychainUnlock function directly, since most Keychain Manager functions that require an unlocked keychain call SecKeychainUnlock automatically. If your application needs to verify that a keychain is unlocked, call the function SecKeychainGetStatus. +*/ +OSStatus SecKeychainUnlock(SecKeychainRef keychain, UInt32 passwordLength, void *password, Boolean usePassword); + +/*! + @function SecKeychainLock + @abstract Locks the specified keychain. + @param keychain A reference to the keychain to lock. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainLock(SecKeychainRef keychain); + +/*! + @function SecKeychainLockAll + @abstract Locks all keychains belonging to the current user. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainLockAll(void); + +/*! + @function SecKeychainCopyDefault + @abstract Retrieves a reference to the default keychain. + @param keychain On return, a pointer to the default keychain reference. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain); + +/*! + @function SecKeychainSetDefault + @abstract Sets the default keychain. + @param keychain A reference to the keychain to set as default. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL). +*/ +OSStatus SecKeychainSetDefault(SecKeychainRef keychain); + +/*! + @function SecKeychainCopySearchList + @abstract Retrieves a keychain search list. + @param searchList The returned list of keychains to search. When finished with the array, you must call CFRelease() to release the memory. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain list is not specified (NULL). +*/ +OSStatus SecKeychainCopySearchList(CFArrayRef *searchList); + +/*! + @function SecKeychainSetSearchList + @abstract Specifies the list of keychains to use in a keychain search list. + @param searchList The list of keychains to use in a search list when the SecKeychainCopySearchList function is called. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain list is not specified (NULL). +*/ +OSStatus SecKeychainSetSearchList(CFArrayRef searchList); + +/*! + @function SecKeychainGetStatus + @abstract Retrieves status information for the specified keychain. + @param keychain A keychain reference. Pass NULL to specify the default keychain. + @param keychainStatus On return, a pointer to the status of the specified keychain. See KeychainStatus for valid status constants. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainGetStatus(SecKeychainRef keychain, SecKeychainStatus *keychainStatus); + +/*! + @function SecKeychainGetPath + @abstract Get the path of the specified keychain. + @param keychain A reference to a keychain. + @param ioPathLength On input, a pointer to the size or the buffer pointed to by pathName. On return, the size of the buffer without the zero termination. + @param pathName On return, the POSIX path to the keychain. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainGetPath(SecKeychainRef keychain, UInt32 *ioPathLength, char *pathName); + +#pragma mark ÑÑÑÑ Keychain Item Attribute Information ÑÑÑÑ +/*! + @function SecKeychainAttributeInfoForItemID + @abstract Obtains tags for all possible attributes for a given item class. + @param keychain A keychain reference. + @param itemID The relation identifier of the item tags. + @param info On return, a pointer to the keychain attribute information. User should call the SecKeychainFreeAttributeInfo function to release the structure when done with it. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters were supplied (NULL). + @discussion Warning, this call returns more attributes than are support by the old style Keychain API and passing them into older calls will yield an invalid attribute error. The recommended call to retrieve the attribute values is the SecKeychainItemCopyAttributesAndData function. +*/ +OSStatus SecKeychainAttributeInfoForItemID(SecKeychainRef keychain, UInt32 itemID, SecKeychainAttributeInfo **info); + +/*! + @function SecKeychainFreeAttributeInfo + @abstract Releases the memory acquired by calling the SecKeychainAttributeInfoForItemID function. + @param info A pointer to the keychain attribute information to release. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters were supplied (NULL). +*/ +OSStatus SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info); + +#pragma mark ÑÑÑÑ Keychain Manager Callbacks ÑÑÑÑ + +/*! + @typedef SecKeychainCallback + @abstract Defines a pointer to a customized callback function. You supply the customized callback function to do a callback tailored to your application's needs. + @param keychainEvent The keychain event that your application wishes to be notified of. See SecKeychainEvent for a description of possible values. The type of event that can trigger your callback depends on the bit mask you passed in the eventMask parameter of the function SecKeychainAddCallback. For more information, see the discussion. + @param info A pointer to a structure of type SecKeychainCallbackInfo. On return, the structure contains information about the keychain event that occurred. The Keychain Manager passes this information to your callback function via the info parameter. + @param context A pointer to application-defined storage that your application previously passed to the function SecKeychainAddCallback. You can use this value to perform operations like track which instance of a function is operating. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If you name your function MyKeychainEventCallback, you would declare it like this: + OSStatus MyKeychainEventCallback ( + SecKeychainEvent keychainEvent, + SecKeychainCallbackInfo *info, + void *context); + + To add your callback function, use the SecKeychainAddCallback function. To remove your callback function, use the SecKeychainRemoveCallback function. +*/ +typedef OSStatus (*SecKeychainCallback)(SecKeychainEvent keychainEvent, SecKeychainCallbackInfo *info, void *context); + +/*! + @function SecKeychainAddCallback + @abstract Registers your keychain event callback function + @param callbackFunction A pointer to your keychain event callback function, described in SecKeychainCallback. You indicate the type of keychain events you want to receive by passing a bit mask of the desired events in the eventMask parameter. + @param eventMask A bit mask indicating the keychain events that your application wishes to be notified of. See SecKeychainEventMask for a description of this bit mask. The Keychain Manager tests this mask to determine the keychain events that you wish to receive, and passes these events in the keychainEvent parameter of your callback function. See SecKeychainEvent for a description of these events. + @param userContext A pointer to application-defined storage that will be passed to your callback function. Your application can use this to associate any particular call of SecKeychainAddCallback with any particular call of your keychain event callback function. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainAddCallback(SecKeychainCallback callbackFunction, SecKeychainEventMask eventMask, void* userContext); + +/*! + @function SecKeychainRemoveCallback + @abstract Unregisters your keychain event callback function. Once removed, keychain events won't be sent to the owner of the callback. + @param callbackFunction The callback function pointer to remove + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainRemoveCallback(SecKeychainCallback callbackFunction); + +#pragma mark ÑÑÑÑ High Level Keychain Manager Calls ÑÑÑÑ +/*! + @function SecKeychainAddInternetPassword + @abstract Adds an internet password as a keychain item to the specified keychain. + @param keychain A reference to keychain in which to store an internet password. + @param serverNameLength The length of the buffer pointed to by server name. + @param serverName A pointer to a string containing the server name. + @param securityDomainLength The length of the buffer pointed to by security domain. + @param securityDomain A pointer to a string containing the security domain. This parameter is optional, as not all protocols will require it. + @param accountNameLength The length of the buffer pointed to by account name. + @param accountName A pointer to a string containing the account name. + @param pathLength The length of the buffer pointed to by path. + @param path A pointer to a string containing the path. + @param port The TCP/IP port number. + @param protocol The protocol associated with this password. See SecProtocolType for a description of possible values. + @param authenticationType The authentication scheme used. See SecAuthenticationType for a description of possible values. Pass the constant kSecAuthenticationTypeDefault, to specify the default authentication scheme. + @param passwordLength The length of the buffer pointed to by passwordData. + @param passwordData A pointer to a buffer which will hold the returned password data. Before calling SecKeychainAddInternetPassword, allocate enough memory for the buffer to hold the data you want to store. + @param itemRef On return, a pointer to the new keychain item. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion The SecKeychainAddInternetPassword function adds a new internet server password to the default keychain. Required parameters to identify the password are serverName and accountName (you cannot pass NULL for both parameters). In addition, some protocols may require an optional securityDomain when authentication is requested. SecKeychainAddInternetPassword optionally returns a reference to the newly added item. +*/ +OSStatus SecKeychainAddInternetPassword(SecKeychainRef keychain, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef); + +/*! + @function SecKeychainFindInternetPassword + @abstract Finds an internet password based on the attributes passed. + @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list. + @param serverNameLength The length of the buffer pointed to by server name. + @param serverName A pointer to a string containing the server name. + @param securityDomainLength The length of the buffer pointed to by security domain. + @param securityDomain A pointer to a string containing the security domain. This parameter is optional, as not all protocols will require it. + @param accountNameLength The length of the buffer pointed to by account name. + @param accountName A pointer to a string containing the account name. + @param pathLength The length of the buffer pointed to by path. + @param path A pointer to a string containing the path. + @param port The TCP/IP port number. + @param protocol The protocol associated with this password. See SecProtocolType for a description of possible values. + @param authenticationType The authentication scheme used. See SecAuthenticationType for a description of possible values. Pass the constant kSecAuthenticationTypeDefault, to specify the default authentication scheme. + @param passwordLength The length of the buffer pointed to by passwordData. + @param passwordData A pointer to a buffer which will hold the returned password data. Before calling SecKeychainFindInternetPassword, allocate enough memory for the buffer to hold the data you want to store. + @param itemRef The item reference of the internet password. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion The SecKeychainFindInternetPassword function finds the first internet password item which matches the attributes you provide. The buffer specified in the passwordData parameter must be large enough to hold the password data, otherwise SecKeychainFindInternetPassword returns the result code errSecBufferTooSmall. In this case, your application must allocate a new buffer of sufficient size before calling SecKeychainFindInternetPassword again. SecKeychainFindInternetPassword optionally returns a reference to the found item. + +*/ +OSStatus SecKeychainFindInternetPassword(CFTypeRef keychainOrArray, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef); + +/*! + @function SecKeychainAddGenericPassword + @abstract Adds a generic password to the specified keychain. + @param keychain A reference to keychain in which to store a generic password. + @param serviceNameLength The length of the buffer pointed to by service name. + @param serviceName A pointer to a string containing the service name. + @param accountNameLength The length of the buffer pointed to by account name. + @param accountName A pointer to a string containing the account name. + @param passwordLength The length of the buffer pointed to by passwordData. + @param passwordData A pointer to a buffer which will hold the returned password data. Before calling SecKeychainAddInternetPassword, allocate enough memory for the buffer to hold the data you want to store. + @param itemRef On return, a pointer to the new keychain item reference. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion The SecKeychainAddGenericPassword function adds a new generic password to the default keychain. Required parameters to identify the password are serviceName and accountName, which are application-defined strings. SecKeychainAddGenericPassword optionally returns a reference to the newly added item. + + You can use SecKeychainAddGenericPassword to add passwords for accounts other than Internet or Appleshare. For example, you might add passwords for your database or scheduling programs. +*/ +OSStatus SecKeychainAddGenericPassword(SecKeychainRef keychain, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef); + +/*! + @function SecKeychainFindGenericPassword + @abstract Find a generic password based on the attributes passed. + @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list. + @param serviceNameLength The length of the buffer pointed to by service name. + @param serviceName A pointer to a string containing the service name. + @param accountNameLength The length of the buffer pointed to by account name. + @param accountName A pointer to a string containing the account name. + @param passwordLength The length of the buffer pointed to by passwordData. + @param passwordData A pointer to a buffer which will hold the returned password data. Before calling SecKeychainAddInternetPassword, allocate enough memory for the buffer to hold the data you want to store. + @param itemRef On return, a pointer to the new keychain item reference. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion The SecKeychainFindGenericPassword function finds the first generic password item which matches the attributes you provide. The buffer specified in the passwordData parameter must be large enough to hold the password data, otherwise SecKeychainFindGenericPassword returns the result code errSecBufferTooSmall. In this case, your application must allocate a new buffer of sufficient size before calling SecKeychainFindGenericPassword again. SecKeychainFindGenericPassword optionally returns a reference to the found item. +*/ +OSStatus SecKeychainFindGenericPassword(CFTypeRef keychainOrArray, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef); + +#pragma mark ÑÑÑÑ Managing User Interaction ÑÑÑÑ +/*! + @function SecKeychainSetUserInteractionAllowed + @abstract Turns on or off any optional user interaction + @param state A boolean representing the state of user interaction. You should pass TRUE to allow user interaction, and FALSE to disallow user interaction + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainSetUserInteractionAllowed(Boolean state); + +/*! + @function SecKeychainGetUserInteractionAllowed + @abstract Retrieves the current state of user interaction. + @param state On return, a pointer to the current state of user interaction. If this is TRUE then user interaction is allowed, if it is FALSE, then user interaction is not allowed. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainGetUserInteractionAllowed(Boolean *state); + +#pragma mark ÑÑÑÑ CSSM Bridge Functions ÑÑÑÑ +/*! + @function SecKeychainGetCSPHandle + @abstract Returns the CSSM_CSP_HANDLE attachment for the given keychain reference. The handle is valid until the keychain reference is released. + @param keychain A keychain reference. + @param cspHandle On return, a pointer to the CSSM_CSP_HANDLE for the given keychain. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainGetCSPHandle(SecKeychainRef keychain, CSSM_CSP_HANDLE *cspHandle); + +/*! + @function SecKeychainGetDLDBHandle + @abstract Returns the CSSM_DL_DB_HANDLE for a given keychain reference. The handle is valid until the keychain reference is released. + @param keychain A keychain reference. + @param dldbHandle On return, a pointer to the CSSM_DL_DB_HANDLE for the given keychain. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainGetDLDBHandle(SecKeychainRef keychain, CSSM_DL_DB_HANDLE *dldbHandle); + +#pragma mark ÑÑÑÑ Keychain Access Management ÑÑÑÑ +/*! + @function SecKeychainCopyAccess + @abstract Retrieves the access for a keychain. + @param keychain A reference to the keychain from which to copy the access. + @param accessRef On return, a pointer to the access reference. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainCopyAccess(SecKeychainRef keychain, SecAccessRef *access); + +/*! + @function SecKeychainSetAccess + @abstract Sets the access for a keychain. + @param keychain A reference to the keychain for which to set the access. + @param accessRef An access reference. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainSetAccess(SecKeychainRef keychain, SecAccessRef access); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECKEYCHAIN_H_ */ diff --git a/Keychain/SecKeychainAPI.cpp b/Keychain/SecKeychainAPI.cpp index 1c9c123c..50378ea2 100644 --- a/Keychain/SecKeychainAPI.cpp +++ b/Keychain/SecKeychainAPI.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,722 +15,59 @@ * specific language governing rights and limitations under the License. */ - /* - * SecKeychainAPI.cpp + * SecKeychainAPI.h * SecurityCore * - * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved + * Copyright: (c) 2000-2002 by Apple Computer, Inc., all rights reserved * */ +/*! + @header SecKeychainAPI The Security Keychain API contains all the APIs need to create a client and Keychain management application. It also contains a certificate, policy, identity and trust management API. + + NOTE: Any function with Create or Copy in the name returns an object that must be released. +*/ #include -#include "SecKeychainAPIPriv.h" -#include "Keychains.h" -#include "Globals.h" -#include "KCUtilities.h" -#include "KCEventNotifier.h" -#include "KCCursor.h" -#include "CCallbackMgr.h" -#include "KCExceptions.h" -#include "Schema.h" -#include - -using namespace Security; - -using namespace KeychainCore; - -// -// API boilerplate macros. These provide a frame for C++ code that is impermeable to exceptions. -// Usage: -// BEGIN_API -// ... your C++ code here ... -// END_API // returns CSSM_RETURN on exception -// END_API0 // returns nothing (void) on exception -// END_API1(bad) // return (bad) on exception -// -#define BEGIN_SECAPI \ - try { \ - StLock _(globals().apiLock); -#define END_SECAPI \ - } \ - catch (const MacOSError &err) { return err.osStatus(); } \ - catch (const CssmCommonError &err) { return GetKeychainErrFromCSSMErr(err.cssmError())/*err.cssmError(CSSM_CSSM_BASE_ERROR)*/; } \ - catch (::std::bad_alloc) { return memFullErr; } \ - catch (...) { return internalComponentErr; } \ - return noErr; -#define END_SECAPI0 } catch (...) { return; } -#define END_SECAPI1(bad) } catch (...) { return bad; } - - -OSStatus SecKeychainGetVersion(UInt32 *returnVers) -{ - if (!returnVers) return noErr; - - *returnVers=0x02028000; - return noErr; -} - - -OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - RequiredParam(keychainRef)=KeychainRef::handle(globals().storageManager.make(pathName)); - END_SECAPI -} - -OSStatus SecKeychainCreateNew(const char *pathName, SecKeychainRef *keychainRef, UInt32 passwordLength, const void *password, Boolean promptUser) -{ - BEGIN_SECAPI - - KCThrowParamErrIf_(!pathName); - - Keychain keychain = globals().storageManager.make(pathName); - - if(promptUser) - { - keychain->create(); - } - else - { - KCThrowParamErrIf_(!password); - - keychain->create(passwordLength, password); - } - RequiredParam(keychainRef)=KeychainRef::handle(keychain); - - END_SECAPI -} - -OSStatus SecKeychainDelete(SecKeychainRef keychainRef) -{ - BEGIN_SECAPI - - Keychain keychain = Keychain::optional(keychainRef); - keychain->database()->deleteDb(); - - list SecKeychainRefToRemove; - SecKeychainRefToRemove.push_back(keychainRef); - KeychainCore::StorageManager &smgr=KeychainCore::globals().storageManager; - smgr.remove(SecKeychainRefToRemove); - return noErr; - - END_SECAPI - - -} -OSStatus SecKeychainSetSettings(SecKeychainRef keychainRef, const SecKeychainSettings *newSettings) -{ - BEGIN_SECAPI - Keychain keychain = Keychain::optional(keychainRef); - if(newSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1) - { - UInt32 lockInterval=newSettings->lockInterval; - bool lockOnSleep=newSettings->lockOnSleep; - - keychain->setSettings(lockInterval, lockOnSleep); - } - END_SECAPI -} - - -OSStatus SecKeychainCopySettings(SecKeychainRef keychainRef, SecKeychainSettings *outSettings) -{ - BEGIN_SECAPI - Keychain keychain = Keychain::optional(keychainRef); - if(outSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1) - { - UInt32 lockInterval; - bool lockOnSleep; - - keychain->getSettings(lockInterval, lockOnSleep); - outSettings->lockInterval=lockInterval; - outSettings->lockOnSleep=lockOnSleep; - } - END_SECAPI -} - - -OSStatus SecKeychainUnlock(SecKeychainRef keychainRef, UInt32 passwordLength, void *password, Boolean usePassword) -{ - BEGIN_SECAPI - Keychain keychain = Keychain::optional(keychainRef); - - if(usePassword) - keychain->unlock(CssmData(password,passwordLength)); - else - keychain->unlock(); - END_SECAPI -} - - -OSStatus SecKeychainLock(SecKeychainRef keychainRef) -{ - BEGIN_SECAPI - Keychain keychain = Keychain::optional(keychainRef); - keychain->lock(); - END_SECAPI -} - - -OSStatus SecKeychainLockAll() -{ - BEGIN_SECAPI - globals().storageManager.lockAll(); - END_SECAPI -} - +#include +#include OSStatus SecKeychainRelease(SecKeychainRef keychainRef) { - BEGIN_SECAPI - KeychainRef::release(keychainRef); - END_SECAPI -} - - -OSStatus SecKeychainCopyDefault(SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - RequiredParam(keychainRef)=KeychainRef::handle(globals().defaultKeychain.keychain()); - END_SECAPI -} - - -OSStatus SecKeychainSetDefault(SecKeychainRef keychainRef) -{ - BEGIN_SECAPI - globals().defaultKeychain.keychain(Keychain::optional(keychainRef)); - END_SECAPI -} - - -OSStatus SecKeychainGetStatus(SecKeychainRef keychainRef, SecKeychainStatus *keychainStatus) -{ - BEGIN_SECAPI - RequiredParam(keychainStatus) = (SecKeychainStatus)Keychain::optional(keychainRef)->status(); - END_SECAPI -} - - -OSStatus SecKeychainGetPath(SecKeychainRef keychainRef, UInt32 * ioPathLength, char *pathName) -{ - BEGIN_SECAPI - RequiredParam(pathName); - const char *name = Keychain::optional(keychainRef)->name(); - UInt32 nameLen = strlen(name); - memcpy(pathName, name, *ioPathLength); - if(nameLen < *ioPathLength) // if the size is smaller then the buffer - *ioPathLength=nameLen; // set the length. otherwise the size is clipped because - // the buffer is too small. - - END_SECAPI -} - - -UInt16 SecKeychainListGetCount(void) -{ - BEGIN_SECAPI - return globals().storageManager.size(); - END_SECAPI -} - - -OSStatus SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - KeychainCore::StorageManager &smgr=KeychainCore::globals().storageManager; - RequiredParam(keychainRef)=KeychainRef::handle(smgr[index]); - END_SECAPI -} - -OSStatus SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void *data, SecKeychainRef keychainRef, SecKeychainItemRef *itemRef) -{ - BEGIN_SECAPI - KCThrowParamErrIf_(length!=0 && data==NULL); - Item item(itemClass, attrList, length, data); - Keychain::optional(keychainRef)->add(item); - if (itemRef) - *itemRef = ItemRef::handle(item); - END_SECAPI -} - -OSStatus SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data) -{ - BEGIN_SECAPI - Item item = ItemRef::required(itemRef); - item->modifyContent(attrList, length, data); - END_SECAPI -} - - -OSStatus SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData) -{ - BEGIN_SECAPI - Item item = ItemRef::required(itemRef); - item->getContent(itemClass, attrList, length, outData); - END_SECAPI -} - -OSStatus SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data) -{ - BEGIN_SECAPI - ItemImpl::freeContent(attrList, data); - END_SECAPI -} - - -OSStatus SecKeychainAttributeInfoForItemID(SecKeychainRef keychainRef, UInt32 itemID, SecKeychainAttributeInfo **info) -{ - BEGIN_SECAPI - Keychain keychain = Keychain::optional(keychainRef); - keychain->getAttributeInfoForItemID(itemID, info); - END_SECAPI -} - -OSStatus SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info) -{ - BEGIN_SECAPI - KeychainImpl::freeAttributeInfo(info); - END_SECAPI -} - -OSStatus SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data) -{ - BEGIN_SECAPI - Item item = ItemRef::required(itemRef); - item->modifyAttributesAndData(attrList, length, data); - END_SECAPI -} + if (!keychainRef) + return errSecInvalidKeychain; -OSStatus SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData) -{ - BEGIN_SECAPI - Item item = ItemRef::required(itemRef); - item->getAttributesAndData(info, itemClass, attrList, length, outData); - END_SECAPI -} - -OSStatus SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data) -{ - BEGIN_SECAPI - ItemImpl::freeAttributesAndData(attrList, data); - END_SECAPI -} - -OSStatus SecKeychainItemDelete(SecKeychainItemRef itemRef) -{ - BEGIN_SECAPI - Item item = ItemRef::required( itemRef ); - Keychain keychain = item->keychain(); - KCThrowIf_( !keychain, errSecInvalidItemRef ); - - keychain->deleteItem( item ); // item must be persistant. - END_SECAPI -} - - -OSStatus SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef) -{ - BEGIN_SECAPI - Required(keychainRef) = KeychainRef::handle(ItemRef::required(itemRef)->keychain()); - END_SECAPI -} - - -OSStatus SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainItemRef *itemCopy, SecKeychainRef destKeychainRef) -{ - BEGIN_SECAPI - Item copy = ItemRef::required(itemRef)->copyTo(Keychain::optional(destKeychainRef)); - if (itemCopy) - *itemCopy = ItemRef::handle(copy); - END_SECAPI + CFRelease(keychainRef); + return noErr; } - OSStatus SecKeychainItemRelease(SecKeychainItemRef itemRef) { - BEGIN_SECAPI - ItemRef::release(itemRef); - END_SECAPI -} - -OSStatus SecKeychainSearchCreateFromAttributes(SecKeychainRef keychainRef, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef) -{ - BEGIN_SECAPI - - Required(searchRef); // Make sure that searchRef is an invalid SearchRef - - KCCursor cursor; - if (keychainRef) - cursor = Keychain::optional(keychainRef)->createCursor(itemClass, attrList); - else - cursor = globals().storageManager.createCursor(itemClass, attrList); - - *searchRef = KCCursorRef::handle(cursor); + if (!itemRef) + return errSecInvalidItemRef; - END_SECAPI + CFRelease(itemRef); + return noErr; } - - -OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef) -{ - BEGIN_SECAPI - RequiredParam(itemRef); - Item item; - if (!KCCursorRef::required(searchRef)->next(item)) - return errSecItemNotFound; - *itemRef=ItemRef::handle(item); - END_SECAPI -} - OSStatus SecKeychainSearchRelease(SecKeychainSearchRef searchRef) { - BEGIN_SECAPI - KCCursorRef::release(searchRef); - END_SECAPI -} + if (!searchRef) + return errSecInvalidSearchRef; - -OSStatus SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - list SecKeychainRefToRemove; - SecKeychainRefToRemove.push_back(RequiredParam(keychainRef)); - StorageManager &smgr = globals().storageManager; - smgr.remove(SecKeychainRefToRemove); - return noErr; - END_SECAPI -} - - -pascal OSStatus SecKeychainAddCallback(SecKeychainCallbackProcPtr callbackFunction, SecKeychainEventMask eventMask, void* userContext) -{ - BEGIN_SECAPI - RequiredParam(callbackFunction); - CCallbackMgr::AddCallback(callbackFunction,eventMask,userContext); - END_SECAPI -} - -OSStatus SecKeychainRemoveCallback(SecKeychainCallbackProcPtr callbackFunction) -{ - BEGIN_SECAPI - RequiredParam(callbackFunction); - CCallbackMgr::RemoveCallback(callbackFunction); - END_SECAPI -} - - -// --- Private API - -OSStatus SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword) -{ - BEGIN_SECAPI - globals().storageManager.changeLoginPassword(oldPasswordLength, oldPassword, newPasswordLength, newPassword); - END_SECAPI -} - -OSStatus SecKeychainCopyLogin(SecKeychainRef *keychainRef) -{ - BEGIN_SECAPI - // NOTE: operates on default Keychain! It shouldn't... we want to - // have code that operates of a login keychain. - RequiredParam(keychainRef)=KeychainRef::handle(globals().defaultKeychain.keychain()); - END_SECAPI -} - - -OSStatus SecKeychainAddInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, char *serverName, - UInt32 securityDomainLength, char *securityDomain, UInt32 accountNameLength, char *accountName, - UInt32 pathLength, char *path, UInt16 port, OSType protocol, OSType authType, - UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef) -{ - BEGIN_SECAPI - KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL); - // @@@ Get real itemClass - Item item(kSecInternetPasswordItemClass, 'aapl', passwordLength, passwordData); - - if (serverName && serverNameLength) - item->setAttribute(Schema::attributeInfo(kSecServerItemAttr), - CssmData(serverName, serverNameLength)); - - if (accountName && accountNameLength) - { - CssmData account(accountName, accountNameLength); - item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account); - // @@@ We should probably leave setting of label up to lower level code. - item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), account); - } - - if (securityDomain && securityDomainLength) - item->setAttribute(Schema::attributeInfo(kSecSecurityDomainItemAttr), - CssmData(securityDomain, securityDomainLength)); - - item->setAttribute(Schema::attributeInfo(kSecPortItemAttr), UInt32(port)); - item->setAttribute(Schema::attributeInfo(kSecProtocolItemAttr), protocol); - item->setAttribute(Schema::attributeInfo(kSecAuthTypeItemAttr), authType); - - if (path && pathLength) - item->setAttribute(Schema::attributeInfo(kSecPathItemAttr), - CssmData(path, pathLength)); - - Keychain::optional(keychainRef)->add(item); - if (itemRef) - *itemRef = ItemRef::handle(item); - - END_SECAPI -} - -OSStatus SecKeychainFindInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, char *serverName, - UInt32 securityDomainLength, char *securityDomain, UInt32 accountNameLength, char *accountName, - UInt32 pathLength, char *path, UInt16 port, OSType protocol, OSType authType, - UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef) - -{ - BEGIN_SECAPI - - - UInt32 attrCount = 0; - - // The number of attributes to search on depends on what was passed in - if ( serverName && serverNameLength) - attrCount++; - - if ( securityDomain && securityDomainLength ) - attrCount++; - - if ( accountName && accountNameLength) - attrCount++; - - if ( port ) - attrCount++; - - if ( protocol ) - attrCount++; - - if ( authType ) - attrCount++; - - if ( path && pathLength ) - attrCount++; - - auto_array attrs(attrCount); - attrCount = 0; - - if ( serverName && serverNameLength ) - { - attrs[attrCount].tag = kSecServerItemAttr; - attrs[attrCount].length = serverNameLength; - attrs[attrCount].data = serverName; - attrCount++; - } - if ( securityDomain && securityDomainLength ) - { - attrs[attrCount].tag = kSecSecurityDomainItemAttr; - attrs[attrCount].length = securityDomainLength; - attrs[attrCount].data = securityDomain; - attrCount++; - } - if ( accountName && accountNameLength ) - { - attrs[attrCount].tag = kSecAccountItemAttr; - attrs[attrCount].length = accountNameLength; - attrs[attrCount].data = accountName; - attrCount++; - } - - if ( port ) - { - attrs[attrCount].tag = kSecPortItemAttr; - attrs[attrCount].length = sizeof( port ); - attrs[attrCount].data = &port; - attrCount++; - } - if ( protocol ) - { - attrs[attrCount].tag = kSecProtocolItemAttr; - attrs[attrCount].length = sizeof( protocol ); - attrs[attrCount].data = &protocol; - attrCount++; - } - if ( authType ) - { - attrs[attrCount].tag = kSecAuthTypeItemAttr; - attrs[attrCount].length = sizeof( authType ); - attrs[attrCount].data = &authType; - attrCount++; - } - - if ( path && pathLength ) - { - attrs[attrCount].tag = kSecPathItemAttr; - attrs[attrCount].length = pathLength; - attrs[attrCount].data = path; - attrCount++; - } - - SecKeychainAttributeList attrList; - attrList.count = attrCount; - attrList.attr = attrs.get(); - - Item item; - - KCCursor cursor; - if (keychainRef) - cursor = Keychain::optional(keychainRef)->createCursor(kSecInternetPasswordItemClass, &attrList); - else - cursor = globals().storageManager.createCursor(kSecInternetPasswordItemClass, &attrList); - - if (!cursor->next(item)) - return errSecItemNotFound; - - - // Get its data (only if necessary) - if ( passwordData || passwordLength ) - { - CssmDataContainer outData; - item->getData(outData); - *passwordLength=outData.length(); - outData.Length=NULL; - *passwordData=outData.data(); - outData.Data=NULL; - } - - if (itemRef) - *itemRef=ItemRef::handle(item); - - - END_SECAPI - - - -} - -OSStatus SecKeychainAddGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, char *serviceName, - UInt32 accountNameLength, char *accountName, - UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef) - -{ - BEGIN_SECAPI - - KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL); - // @@@ Get real itemClass - Item item(kSecGenericPasswordItemClass, 'aapl', passwordLength, passwordData); - - if (serviceName && serviceNameLength) - item->setAttribute(Schema::attributeInfo(kSecServiceItemAttr), CssmData(serviceName, serviceNameLength)); - - if (accountName && accountNameLength) - { - CssmData account(accountName, accountNameLength); - item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account); - // @@@ We should probably leave setting of label up to lower level code. - item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), account); - } - - Keychain::optional(keychainRef)->add(item); - if (itemRef) - *itemRef = ItemRef::handle(item); - - END_SECAPI -} - -OSStatus SecKeychainFindGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, char *serviceName, - UInt32 accountNameLength, char *accountName, - UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef) - -{ - BEGIN_SECAPI - UInt32 attrCount = 0; - - // The number of attributes to search on depends on what was passed in - if (serviceName && serviceNameLength) - attrCount++; - - if (accountName && accountNameLength) - attrCount++; - - auto_array attrs(attrCount); - attrCount = 0; - - if (serviceName && serviceNameLength) - { - attrs[attrCount].tag = kSecServiceItemAttr; - attrs[attrCount].length = serviceNameLength; - attrs[attrCount].data = serviceName; - attrCount++; - } - if (accountName && accountNameLength) - { - attrs[attrCount].tag = kSecAccountItemAttr; - attrs[attrCount].length = accountNameLength; - attrs[attrCount].data = accountName; - attrCount++; - } - - SecKeychainAttributeList attrList; - attrList.count = attrCount; - attrList.attr = attrs.get(); - - Item item; - - KCCursor cursor; - if (keychainRef) - cursor = Keychain::optional(keychainRef)->createCursor(kSecGenericPasswordItemClass, &attrList); - else - cursor = globals().storageManager.createCursor(kSecGenericPasswordItemClass, &attrList); - - if (!cursor->next(item)) - return errSecItemNotFound; - - - // Get its data (only if necessary) - if ( passwordData || passwordLength ) - { - CssmDataContainer outData; - item->getData(outData); - *passwordLength=outData.length(); - outData.Length=NULL; - *passwordData=outData.data(); - outData.Data=NULL; - } - - if (itemRef) - *itemRef=ItemRef::handle(item); - - - END_SECAPI -} - -OSStatus SecKeychainLogin(UInt32 nameLength, void* name, UInt32 passwordLength, void* password) -{ - BEGIN_SECAPI - globals().storageManager.login(nameLength, name, passwordLength, password); - END_SECAPI -} - -OSStatus SecKeychainLogout() -{ - BEGIN_SECAPI - globals().storageManager.logout(); - END_SECAPI + CFRelease(searchRef); + return noErr; } -OSStatus SecKeychainSetUserInteractionAllowed(Boolean state) +OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef) { - BEGIN_SECAPI - globals().setUserInteractionAllowed(state); - END_SECAPI - -} + static bool warnonce; + if (!warnonce) + { + warnonce = true; + Syslog::warning("Calling OBSOLETE SecKeychainCopySearchNextItem please use SecKeychainSearchCopyNext instead"); + } -OSStatus SecKeychainGetUserInteractionAllowed(Boolean *state) -{ - BEGIN_SECAPI - Required(state)=globals().getUserInteractionAllowed(); - END_SECAPI - + return SecKeychainSearchCopyNext(searchRef, itemRef); } - diff --git a/Keychain/SecKeychainAPI.h b/Keychain/SecKeychainAPI.h index a71d0738..8442041f 100644 --- a/Keychain/SecKeychainAPI.h +++ b/Keychain/SecKeychainAPI.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -15,869 +15,37 @@ * specific language governing rights and limitations under the License. */ - -/* - * SecKeychainAPI.h - * SecurityCore - * - * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved - * - */ - /*! - @header SecKeychainAPI The Security Core API contains all the APIs need to create a Keychain management application, minus the HI. - - NOTE: Any function with Create or Copy in the name returns an object that must be released. -*/ + @header SecKeychainAPI + The Security Keychain API contains all the APIs need to create a client and + Keychain management application. It also contains a certificate, policy, + identity and trust management API. -#if !defined(__SECKEYCHAINAPI__) -#define __SECKEYCHAINAPI__ 1 + NOTE: Any function with Create or Copy in the name returns an object that + must be released. +*/ +#ifndef _SECURITY_SECKEYCHAINAPI_H_ +#define _SECURITY_SECKEYCHAINAPI_H_ -#include -#include +#warning including obsolete header file SecKeychainAPI.h Use #include instead +#include +#include +#include #if defined(__cplusplus) extern "C" { #endif -#ifndef __SEC_TYPES__ -#define __SEC_TYPES__ - -/*! -@typedef SecKeychainRef -Opaque Structure to a Keychain reference. -*/ -typedef struct OpaqueSecKeychainRef *SecKeychainRef; -/*! -@typedef SecKeychainItemRef -Opaque Structure to a Keychain item reference. -*/ -typedef struct OpaqueSecKeychainItemRef *SecKeychainItemRef; -/*! -@typedef SecKeychainSearchRef -Opaque Structure to a Keychain search reference. -*/ -typedef struct OpaqueSecKeychainSearchRef *SecKeychainSearchRef; - -typedef OSType SecKeychainAttrType; -/*! -@struct SecKeychainAttribute -Security Item attributes. -*/ -struct SecKeychainAttribute { - SecKeychainAttrType tag; /* 4-byte attribute tag */ - UInt32 length; /* Length of attribute data */ - void * data; /* Pointer to attribute data */ -}; -typedef struct SecKeychainAttribute SecKeychainAttribute; -typedef SecKeychainAttribute * SecKeychainAttributePtr; - -/*! -@struct SecKeychainAttributeList -Security attribute list. -*/ -struct SecKeychainAttributeList { - UInt32 count; /* How many attributes in the array */ - SecKeychainAttribute * attr; /* Pointer to first attribute in array */ -}; -typedef struct SecKeychainAttributeList SecKeychainAttributeList; - -typedef UInt32 SecKeychainStatus; - -#endif - -/*! -@enum TableIDs -*/ -enum { - kSecGenericPasswordItemTableID = CSSM_DL_DB_RECORD_GENERIC_PASSWORD, /* Generic password */ - kSecInternetPasswordItemTableID = CSSM_DL_DB_RECORD_INTERNET_PASSWORD, /* Internet password */ - kSecAppleSharePasswordItemTableID = CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD /* AppleShare password */ -}; - -/*! -@struct SecKeychainAttributeInfo -Security attribute tag list. -*/ -struct SecKeychainAttributeInfo { - UInt32 count; /* How many items in the array */ - UInt32 * tag; /* Pointer to first attribute tag in array */ - UInt32 * format; /* Pointer to first attribute format in array */ -}; -typedef struct SecKeychainAttributeInfo SecKeychainAttributeInfo; - - - -/*! -@typedef SecTypeRef -Opaque pointer to one a pointer to a security referece. -Such as SecKeychainSearchRef, SecKeychainItemRef and SecKeychainItemRef. -*/ -typedef void *SecTypeRef; - -/*! -@enum KeychainErrors -*/ -enum { - errSecNotAvailable = -25291, - errSecReadOnly = -25292, - errSecAuthFailed = -25293, - errSecNoSuchKeychain = -25294, - errSecInvalidKeychain = -25295, - errSecDuplicateKeychain = -25296, - errSecDuplicateCallback = -25297, - errSecInvalidCallback = -25298, - errSecDuplicateItem = -25299, - errSecItemNotFound = -25300, - errSecBufferTooSmall = -25301, - errSecDataTooLarge = -25302, - errSecNoSuchAttr = -25303, - errSecInvalidItemRef = -25304, - errSecInvalidSearchRef = -25305, - errSecNoSuchClass = -25306, - errSecNoDefaultKeychain = -25307, - errSecInteractionNotAllowed = -25308, - errSecReadOnlyAttr = -25309, - errSecWrongSecVersion = -25310, - errSecKeySizeNotAllowed = -25311, - errSecNoStorageModule = -25312, - errSecNoCertificateModule = -25313, - errSecNoPolicyModule = -25314, - errSecInteractionRequired = -25315, - errSecDataNotAvailable = -25316, - errSecDataNotModifiable = -25317, - errSecCreateChainFailed = -25318 -}; - -/*! -@enum KeychainEvents -Events relating to the state of the default Keychain. -*/ -typedef UInt16 SecKeychainEvent; -enum { - kSecLockEvent = 1, /* a keychain was locked */ - kSecUnlockEvent = 2, /* a keychain was unlocked */ - kSecAddEvent = 3, /* an item was added to a keychain */ - kSecDeleteEvent = 4, /* an item was deleted from a keychain */ - kSecUpdateEvent = 5, /* an item was updated */ - kSecPasswordChangedEvent = 6, /* the keychain password was changed */ - kSecSystemEvent = 8, /* the keychain client can process events */ - kSecDefaultChangedEvent = 9, /* the default keychain was changed */ - kSecDataAccessEvent = 10, /* a process has accessed a keychain item's data */ - kSecKeychainListChangedEvent = 11 /* the list of keychains has changed */ -}; - - -typedef UInt16 SecKeychainEventMask; -enum { - kSecLockEventMask = 1 << kSecLockEvent, - kSecUnlockEventMask = 1 << kSecUnlockEvent, - kSecAddEventMask = 1 << kSecAddEvent, - kSecDeleteEventMask = 1 << kSecDeleteEvent, - kSecUpdateEventMask = 1 << kSecUpdateEvent, - kSecPasswordChangedEventMask = 1 << kSecPasswordChangedEvent, - kSecSystemEventEventMask = 1 << kSecSystemEvent, - kSecDefaultChangedEventMask = 1 << kSecDefaultChangedEvent, - kSecDataAccessEventMask = 1 << kSecDataAccessEvent, - kSecEveryEventMask = 0xFFFF /* all of the above*/ -}; - -typedef UInt8 SecAFPServerSignature[16]; -typedef UInt8 SecPublicKeyHash[20]; - -/*! -@enum KeychainStatus -The current status of the Keychain. -*/ -enum { - kSecUnlockStateStatus = 1, - kSecRdPermStatus = 2, - kSecWrPermStatus = 4 -}; - -typedef FourCharCode SecItemClass; -/*! -@enum KeychainItemClasses -Keychain item classes -*/ - -enum { - kSecInternetPasswordItemClass = 'inet', /* Internet password */ - kSecGenericPasswordItemClass = 'genp', /* Generic password */ - kSecAppleSharePasswordItemClass = 'ashp' /* AppleShare password */ -}; - - -/*! -@enum FourCharacterCodes -*/ -enum { - /* Common attributes */ - kSecCreationDateItemAttr = 'cdat', /* Date the item was created (UInt32) */ - kSecModDateItemAttr = 'mdat', /* Last time the item was updated (UInt32) */ - kSecDescriptionItemAttr = 'desc', /* User-visible description string (string) */ - kSecCommentItemAttr = 'icmt', /* User's comment about the item (string) */ - kSecCreatorItemAttr = 'crtr', /* Item's creator (OSType) */ - kSecTypeItemAttr = 'type', /* Item's type (OSType) */ - kSecScriptCodeItemAttr = 'scrp', /* Script code for all strings (ScriptCode) */ - kSecLabelItemAttr = 'labl', /* Item label (string) */ - kSecInvisibleItemAttr = 'invi', /* Invisible (boolean) */ - kSecNegativeItemAttr = 'nega', /* Negative (boolean) */ - kSecCustomIconItemAttr = 'cusi', /* Custom icon (boolean) */ - /* Unique Generic password attributes */ - kSecAccountItemAttr = 'acct', /* User account (string) - also applies to Appleshare and Generic */ - kSecServiceItemAttr = 'svce', /* Service (string) */ - kSecGenericItemAttr = 'gena', /* User-defined attribute (untyped bytes) */ - /* Unique Internet password attributes */ - kSecSecurityDomainItemAttr = 'sdmn', /* urity domain (string) */ - kSecServerItemAttr = 'srvr', /* Server's domain name or IP address (string) */ - kSecAuthTypeItemAttr = 'atyp', /* Authentication Type (AuthType) */ - kSecPortItemAttr = 'port', /* Port (UInt32) */ - kSecPathItemAttr = 'path', /* Path (string) */ - /* Unique Appleshare password attributes */ - kSecVolumeItemAttr = 'vlme', /* Volume (string) */ - kSecAddressItemAttr = 'addr', /* Server address (IP or domain name) or zone name (string) */ - kSecSignatureItemAttr = 'ssig', /* Server signature block (AFPServerSignature) */ - /* Unique AppleShare and Internet attributes */ - kSecProtocolItemAttr = 'ptcl', /* Protocol (ProtocolType) */ - -}; - -typedef FourCharCode SecItemAttr; - - -/*! -@enum SecurityAuthTypeCodes -*/ -enum { - kSecAuthTypeNTLM = 'ntlm', - kSecAuthTypeMSN = 'msna', - kSecAuthTypeDPA = 'dpaa', - kSecAuthTypeRPA = 'rpaa', - kSecAuthTypeHTTPDigest = 'httd', - kSecAuthTypeDefault = 'dflt' -}; -typedef FourCharCode SecAuthType; - -/*! -@enum SecurityProtocolTypeCodes -*/ -enum { - kSecProtocolTypeFTP = 'ftp ', - kSecProtocolTypeFTPAccount = 'ftpa', - kSecProtocolTypeHTTP = 'http', - kSecProtocolTypeIRC = 'irc ', - kSecProtocolTypeNNTP = 'nntp', - kSecProtocolTypePOP3 = 'pop3', - kSecProtocolTypeSMTP = 'smtp', - kSecProtocolTypeSOCKS = 'sox ', - kSecProtocolTypeIMAP = 'imap', - kSecProtocolTypeLDAP = 'ldap', - kSecProtocolTypeAppleTalk = 'atlk', - kSecProtocolTypeAFP = 'afp ', - kSecProtocolTypeTelnet = 'teln' -}; -typedef FourCharCode SecProtocolType; - -/*! -@typedef KCChangeSettingsInfo -Keychain Settings -*/ -struct SecKeychainSettings -{ - UInt32 version; - Boolean lockOnSleep; - Boolean useLockInterval; - UInt32 lockInterval; -}; -typedef struct SecKeychainSettings SecKeychainSettings; - -#define SEC_KEYCHAIN_SETTINGS_VERS1 1 - -struct SecKeychainCallbackInfo -{ - UInt32 version; - SecKeychainItemRef item; - long processID[2]; - long event[4]; - SecKeychainRef keychain; -}; -typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo; - - -/*! - @function SecKeychainGetVersion - Returns the version of the Keychain Manager (an unsigned 32-bit integer) in version. - - @param returnVers Pointer to a UNInt32 to receive the version number. - @result noErr 0 No error. - errSecNotAvailable -25291 Keychain Manager was not loaded. -*/ -OSStatus SecKeychainGetVersion(UInt32 *returnVers); - -/*! - @function SecKeychainOpen - Returns a referenece to the keychain specified by keychainFile. - The memory that keychain occupies must be released by calling SecKeychainRelease when finished - with it. - - @param pathName A posix path to the keychain file. - @param keychainRef Returned keychain reference. - @result noErr 0 No error. - paramErr -50 The keychain parameter is invalid (NULL). -*/ -OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef *keychainRef); - -/*! - @function SecKeychainCreateNew - Returns a referenece to the keychain specified by keychainFile. - The memory that keychain occupies must be released by calling SecKeychainRelease when finished - with it. - - @param pathName A posix path to the keychain file. - @param promptUser Display a password dialog to the user. - @param keychainRef Returned keychain reference. - @param passwordLength Max length of the password buffer. - @param password A pointer to buffer with the password. Must be in canonical UTF8 encoding. - @result noErr 0 No error. - paramErr -50 The keychain parameter is invalid (NULL). -*/ -OSStatus SecKeychainCreateNew(const char *pathName, SecKeychainRef *keychainRef, UInt32 passwordLength, const void *password, Boolean promptUser); - -/*! - @function SecKeychainDelete - Deletes a the keychain specified by keychainRef. - - @param keychainRef keychain to delete reference. - @result noErr 0 No error. - paramErr -50 The keychain parameter is invalid (NULL). -*/ -OSStatus SecKeychainDelete(SecKeychainRef keychainRef); - -/*! - @function SecKeychainSetSettings - Changes the settings of keychain including the lockOnSleep, useLockInterval and lockInterval. - - @param keychainRef keychain reference of the keychain to set. - @param newSettings A SecKeychainSettings structure pointer. - @result noErr 0 No error. -*/ -OSStatus SecKeychainSetSettings(SecKeychainRef keychainRef, const SecKeychainSettings *newSettings); - -/*! - @function SecKeychainCopySettings - Copy the settings of keychain including the lockOnSleep, useLockInterval and lockInterval. Because this structure is versioned - the caller is required to preallocate it and fill in the version of the structure. - - @param keychainRef keychain reference of the keychain settings to copy. - @param outSettings A SecKeychainSettings structure pointer. - @result noErr 0 No error. -*/ -OSStatus SecKeychainCopySettings(SecKeychainRef keychainRef, SecKeychainSettings *outSettings); - -/*! - @function SecKeychainUnlock - Unlocks the specified keychain. - - @param keychainRef A reference to the keychain to be unlocked. - @param passwordLength The length of the password buffer. - @param password A buffer with the password for the keychain. - @param usePassword By setting this flag the password parameter is either used or ignored. - @result noErr 0 No error. -*/ -OSStatus SecKeychainUnlock(SecKeychainRef keychainRef, UInt32 passwordLength, void *password, Boolean usePassword); - -/*! - @function SecKeychainLock - Locks the specified keychain. - - @param keychainRef A reference to the keychain to be Locked. - @result noErr 0 No error. -*/ -OSStatus SecKeychainLock(SecKeychainRef keychainRef); - -/*! - @function SecKeychainLockAll - Locks all keychains. - - @result noErr 0 No error. -*/ -OSStatus SecKeychainLockAll(); - -/*! - @function SecKeychainCopyDefault - This routine returns a SecKeychainRef which specifies the default keychain. Your application - might call this routine to obtain the name and location of the default keychain. - - @param SecKeychainRef A pointer to a reference of the default keychain. - @result noErr 0 No error. - errSecNoDefaultKeychain -25307 There is no currently default keychain. -*/ -OSStatus SecKeychainCopyDefault(SecKeychainRef *keychainRef); - -/*! - @function SecKeychainSetDefault - This routine sets the default keychain to the keychain specified by keychain. - - @param SecKeychainRef A pointer to a reference of the default keychain. - @result noErr 0 No error. - paramErr -50 The input specification parameter was NULL. - errSecNoSuchKeychain -25294 The specified keychain could not be found. - errSecInvalidKeychain -25295 The specified keychain is invalid -*/ -OSStatus SecKeychainSetDefault(SecKeychainRef keychainRef); - -/*! - @function SecKeychainGetStatus - - Returns status information for the specified keychain in the supplied parameter. If keychain is NULL, - the status of the default keychain is returned. - - The value returned in keychainStatus is a 32-bit field, the meaning of which must be determined - by comparison with a list of predefined constants. - - Currently defined bitmask values are: - kSecUnlockStateStatus 1 The specified keychain is unlocked if bit 0 is set. - kSecRdPermStatus 2 The specified keychain is unlocked with read permission if bit 1 is set. - kSecWrPermStatus 4 The specified keychain is unlocked with write permission if bit 2 is set. - - @param keychainRef Pointer to a keychain reference (NULL specifies the default keychain). - @param keychainRefStatus Returned status of the specified keychain. - - @result noErr 0 No error. - errSecNoSuchKeychain -25294 The specified keychain could not be found. - errSecInvalidKeychain -25295 The specified keychain is invalid. -*/ -OSStatus SecKeychainGetStatus(SecKeychainRef keychainRef, SecKeychainStatus* keychainStatus); - -/*! - @function SecKeychainRelease - Releases keychain item references - - @param keychainRef A keychain reference to release. - @result noErr 0 No error. -*/ -OSStatus SecKeychainRelease(SecKeychainRef itemRef); - -/*! - @function SecKeychainGetPath - Get the path location of the specified keychain. - @param keychainRef A reference to a keychain. - @param ioPathLength On input specifies the size or the buffer pointed to by path and on output the length of the buffer - (without the zero termination which is added) - @param pathName A posix path to the receive keychain filename. - @result noErr 0 No error. -*/ -OSStatus SecKeychainGetPath(SecKeychainRef keychainRef, UInt32 *ioPathLength, char *pathName); - -/*! - @function SecKeychainListGetCount - This function returns the number of available keychains. This number includes all keychains within - the "Keychains" folder, as well as any other keychains known to the Keychain Manager. - @result the number of keychains. -*/ -UInt16 SecKeychainListGetCount(void); - -/*! - @function SecKeychainListCopyKeychainAtIndex - This routine to copies a keychain item from the default keychain to another. - @param index The index of the item to copy. - @param keychainRef A keychain reference of the destination keychain. - @result noErr 0 No error. - errSecInvalidKeychain -25295 The specified destination keychain was invalid. - errSecReadOnly -25292 The destination keychain is read only. - errSecNoSuchClass -25306 item has an invalid keychain item class. -*/ -OSStatus SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef); - -/*! - @function SecKeychainItemCreateFromContent - Creates a new keychain item from the supplied parameters. A reference to the newly-created - item is returned in item. A copy of the data buffer pointed to by data is stored in the item. - When the item reference is no longer required, call SecKeychainRelease to deallocate memory occupied - by the item. - - @param itemRefClass A constant identifying the class of item to be created. - @param attrList The list of attributes of the item to be created. - @param length Length of the data to be stored in this item. - @param data Pointer to a buffer containing the data to be stored in this item. - @param keychain to add the item to. - @param itemRef A reference to the newly created keychain item (optional). - @result noErr 0 No error. - paramErr -50 Not enough valid parameters were supplied. - memFullErr -108 Not enough memory in current heap zone to create the object. -*/ -OSStatus SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void *data, SecKeychainRef keychainRef, SecKeychainItemRef *itemRef); - -/*! - @function SecKeychainItemModifyContent - This routine to update an existing keychain item after changing its attributes or data. The item is - written to the keychain's permanent data store. If item has not previously been added to a keychain, - SecKeychainItemModifyContent does nothing and returns noErr. - - @param itemRef A reference of the keychain item to be modified. - @param attrList The list of attributes to be set in this item. - @param length Length of the data to be stored in this item. - @param data Pointer to a buffer containing the data to be stored in this item. - @result noErr 0 No error. - errSecNoDefaultKeychain -25307 No default keychain could be found. - errSecInvalidItemRef -25304 The specified keychain item reference was invalid. -*/ -OSStatus SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data); - -/*! - @function SecKeychainItemCopyContent - Use this function to retrieve the data and/or attributes stored in the given keychain item. - - You must call SecKeychainItemFreeContent when you no longer need the attributes and data. - - @param itemRef A reference of the keychain item to be modified. - @param itemClass The items class. Pass NULL if not required. - @param attrList The list of attributes to get in this item on input, on output the attributes are filled in. - @param length on output the actual length of the data. - @param outData Pointer to a buffer containing the data in this item. Pass NULL if not required. - - @result noErr 0 No error. - paramErr -50 Not enough valid parameters were supplied. - errSecInvalidItemRef -25304 The specified keychain item reference was invalid. - errSecBufferTooSmall -25301 The data was too large for the supplied buffer. - errSecDataNotAvailable -25316 The data is not available for this item. -*/ -OSStatus SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData); - -/*! - @function SecKeychainItemFreeContent -*/ -OSStatus SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data); - -/*! - @function SecKeychainAttributeInfoForItemID - This will allow clients to obtain the tags for all possible attrs for that item class. User should call SecKeychainFreeAttributeInfo to - release the structure when done with it. - - Warning, this call returns more attributes than are support by the old style Keychain API and passing them inro older calls will - yield an invalid attribute error. The recommended call to retrieve the attribtute values is SecKeychainItemCopyAttributesAndData. - - @param keychainRef A reference to the keychain. - @param itemID the relation ID of the item tags - @param info a pointer to a SecKeychainAttributeInfo structure - - @result noErr 0 No error. - paramErr -50 Not enough valid parameters were supplied. -*/ -OSStatus SecKeychainAttributeInfoForItemID(SecKeychainRef keychainRef, UInt32 itemID, SecKeychainAttributeInfo **info); - -/*! - @function SecKeychainFreeAttributeInfo - This function free the memory aquired during the SecKeychainAttributeInfoForItemID call. - - @param Info a pointer to a SecKeychainAttributeInfo structure - - @result noErr 0 No error. - paramErr -50 Not enough valid parameters were supplied. -*/ -OSStatus SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info); - -/*! - @function SecKeychainItemModifyContent - This routine to update an existing keychain item after changing its attributes or data. The item is - written to the keychain's permanent data store. If item has not previously been added to a keychain, - SecKeychainItemModifyContent does nothing and returns noErr. - - @param itemRef A reference of the keychain item to be modified. - @param attrList The list of attributes to be set in this item. - @param length Length of the data to be stored in this item. - @param data Pointer to a buffer containing the data to be stored in this item. - @result noErr 0 No error. - errSecNoDefaultKeychain -25307 No default keychain could be found. - errSecInvalidItemRef -25304 The specified keychain item reference was invalid. -*/ -OSStatus SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data); - - -/*! - @function SecKeychainItemCopyAttributesAndData - Use this function to retrieve the data and/or attributes stored in the given keychain item. - - You must call SecKeychainItemFreeAttributesAndData when you no longer need the attributes and data. - - @param itemRef A reference of the keychain item to be modified. - @param info List of tags of attributes to retrieve. - @param itemClass The items class. Pass NULL if not required. - @param attrList The list of attributes to get in this item on input, on output the attributes are filled in. - @param length on output the actual length of the data. - @param outData Pointer to a buffer containing the data in this item. Pass NULL if not required. - - @result noErr 0 No error. - paramErr -50 Not enough valid parameters were supplied. - errSecInvalidItemRef -25304 The specified keychain item reference was invalid. - errSecBufferTooSmall -25301 The data was too large for the supplied buffer. - errSecDataNotAvailable -25316 The data is not available for this item. -*/ -OSStatus SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData); - -/*! - @function SecKeychainItemFreeAttributesAndData - Use this function to release the data and/or attributes returned by the SecKeychainItemCopyAttributesAndData function. - - @param info List of tags of attributes to retrieve. - - @result noErr 0 No error. -*/ -OSStatus SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data); - -/*! - @function SecKeychainItemDelete - Use this routine to delete a keychain item from the default keychain's permanent data store. If itemRef - has not previously been added to the keychain, SecKeychainItemDelete does nothing and returns noErr. - IMPORTANT: SecKeychainItemDelete does not dispose the memory occupied by the item reference itself; - use SecKeychainItemRelease when you are completely finished with an item. - - @param itemRef A keychain item reference of the item to be deleted. - @result noErr 0 No error. - errSecNoDefaultKeychain -25307 No default keychain could be found. - errSecInvalidItemRef -25304 The specified keychain item reference was invalid. -*/ -OSStatus SecKeychainItemDelete(SecKeychainItemRef itemRef); - -/*! - @function SecKeychainItemCopyKeychain - Use this routine to copy an existing keychain reference from a keychain item. - - @param itemRef A keychain item reference of the item to be updated. - @param keychainRef A pointer to a keychain reference returned. Release this by calling - SecKeychainRelease(). - @result noErr 0 No error. - errSecInvalidItemRef -25304 The specified keychain item reference was invalid. -*/ -OSStatus SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef); - - -/*! - @function SecKeychainItemCreateCopy - Use this routine to copy a keychain item. The copy will be returned in itemCopy. - - @param itemRef A keychain item reference to copy. - @param itemCopy The new copied item. - @result noErr 0 No error. - errSecInvalidKeychain -25295 The specified destKeychain was invalid. - errSecReadOnly -25292 The destKeychain is read only. - errSecNoSuchClass -25306 item has an invalid keychain item class. -*/ -OSStatus SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainItemRef *itemCopy, SecKeychainRef destKeychainRef); - -/*! - @function SecKeychainItemRelease - Releases keychain item references - - @param itemRef A keychain item reference to release. - @result noErr 0 No error. -*/ +OSStatus SecKeychainRelease(SecKeychainRef keychainRef); OSStatus SecKeychainItemRelease(SecKeychainItemRef itemRef); - -/*! - @function SecKeychainSearchCreateFromAttributes - Creates a search reference matching a list of zero or more specified attributes in the specified keychain - and returns a reference to the item. Pass NULL for keychain if you wish to search all unlocked - keychains. The caller is responsible for calling SecKeychainSearchRelease to release this reference - when finished with it. A reference to the current search criteria is also returned, for subsequent calls to - SecKeychainCopySearchNextItem. This reference must be released by the caller when completely finished with a - search by calling SecKeychainSearchRelease. - - @param keychainRef The keychain to search (NULL means search all unlocked keychains) - @param attrList A list of zero or more SecKeychainAttribute records to be matched - (NULL matches any keychain item). - @param searchRef A reference to the current search is returned here. - - @result noErr 0 No error. - errSecNoDefaultKeychain -25307 No default keychain could be found. - errSecItemNotFound -25300 No matching keychain item was found. - errSecNoSuchAttr -25303 Specified an attribute which is undefined for this item class. -*/ -OSStatus SecKeychainSearchCreateFromAttributes(SecKeychainRef keychainRef, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef); - -/*! - @function SecKeychainCopySearchNextItem - Finds the next keychain item matching the given search criteria, as previously specified by a call to - SecKeychainSearchCreateFromAttributes, and returns a reference to the item. The caller is responsible for releasing - this reference when finished with it. - - @param searchRef A reference to the current search criteria. - @param itemRef A reference to the next matching keychain item, if any, is returned here. - @result noErr 0 No error. - errSecNoDefaultKeychain -25307 No default keychain could be found. - errSecInvalidSearchRef -25305 The specified search reference was invalid. - errSecItemNotFound -25300 No more matching keychain items were found. -*/ -OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef); - -/*! - @function SecKeychainSearchRelease - Releases a keychain search reference. - - @param searchRef A reference to the search reference. - @result noErr 0 No error. -*/ OSStatus SecKeychainSearchRelease(SecKeychainSearchRef searchRef); - -/*! - @function SecKeychainListRemoveKeychain - Removed the specified keychain from the list of availible keychains. - - @param keychainRef A reference to the keychain to be removed. - @result noErr 0 No error. -*/ -OSStatus SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef); - -// Keychain Callback mgr stuff -typedef OSStatus (*SecKeychainCallbackProcPtr)(SecKeychainEvent keychainEvent, SecKeychainCallbackInfo* info, void *context); - - -/*! - @function SecKeychainAddCallback - Add a callback. - - @param callbackFunction The callback function pointer to add - @param eventMask - @param userContext - @result noErr 0 No error. -*/ -OSStatus SecKeychainAddCallback(SecKeychainCallbackProcPtr callbackFunction, SecKeychainEventMask eventMask, void* userContext); - - -/*! - @function SecKeychainRemoveCallback - Remove a callback. - - @param callbackFunction The callback function pointer to remove - @result noErr 0 No error. -*/ -OSStatus SecKeychainRemoveCallback(SecKeychainCallbackProcPtr callbackFunction); - - -/*! - @function SecKeychainAddInternetPassword - Add an internet password to the specified keychain. - - @param keychainRef - @param serverNameLength - @param serverName - @param securityDomainLength - @param securityDomain - @param accountNameLength - @param accountName - @param pathLength - @param path - @param port - @param protocol - @param authType - @param passwordLength - @param passwordData - @param itemRef - - @result noErr 0 No error. -*/ -OSStatus SecKeychainAddInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, char *serverName, - UInt32 securityDomainLength, char *securityDomain, UInt32 accountNameLength, char *accountName, - UInt32 pathLength, char *path, UInt16 port, OSType protocol, OSType authType, - UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef); - - -/*! - @function SecKeychainFindInternetPassword - Find an internet password - - @param keychainRef - @param serverNameLength - @param serverName - @param securityDomainLength - @param securityDomain - @param accountNameLength - @param accountName - @param pathLength - @param path - @param port - @param protocol - @param authType - @param passwordLength - @param passwordData - @param itemRef - - @result noErr 0 No error. -*/ -OSStatus SecKeychainFindInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, char *serverName, - UInt32 securityDomainLength, char *securityDomain, UInt32 accountNameLength, char *accountName, - UInt32 pathLength, char *path, UInt16 port, OSType protocol, OSType authType, - UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef); - - -/*! - @function SecKeychainAddGenericPassword - Add an generic password to the specified keychain. - - @param keychainRef - @param serviceNameLength - @param serviceName - @param accountNameLength - @param accountName - @param passwordData - @param passwordLength - @param itemRef - - @result noErr 0 No error. -*/ -OSStatus SecKeychainAddGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, char *serviceName, - UInt32 accountNameLength, char *accountName, - UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef); - - -/*! - @function SecKeychainFindGenericPassword - Find a generic password - - @param keychainRef - @param serverNameLength - @param serverName - @param accountNameLength - @param accountName - @param passwordLength - @param passwordData - @param itemRef - - @result noErr 0 No error. -*/ -OSStatus SecKeychainFindGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, char *serviceName, - UInt32 accountNameLength, char *accountName, - UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef); - - - -/*! - @function SecKeychainSetUserInteractionAllowed - Turn on/off any optional user interface - - @param state true = allow user interface, false = disallow user interface - - @result noErr 0 No error. -*/ -OSStatus SecKeychainSetUserInteractionAllowed(Boolean state); - -/*! - @function SecKeychainGetUserInteractionAllowed - Get the current setting for SecKeychainSetUserInteractionAllowed - - @param *state true = allow user interface, false = disallow user interface - - @result noErr 0 No error. -*/ -OSStatus SecKeychainGetUserInteractionAllowed(Boolean *state); +/* OBSOLETE Please use SecKeychainSearchCopyNext instead. */ +OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef); #if defined(__cplusplus) } #endif -#endif /* ! __SECKEYCHAINAPI__ */ - - +#endif /* !_SECURITY_SECKEYCHAINAPI_H_ */ diff --git a/Keychain/SecKeychainAPIPriv.h b/Keychain/SecKeychainAPIPriv.h index 22c5c42d..de264485 100644 --- a/Keychain/SecKeychainAPIPriv.h +++ b/Keychain/SecKeychainAPIPriv.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -18,15 +18,11 @@ /* * SecKeychainAPIPriv.h - * SecurityCore - * - * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved - * */ -#ifndef __KEYCHAINAPIPRIV__ -#define __KEYCHAINAPIPRIV__ +#ifndef _SECURITY_KEYCHAINAPIPRIV_H_ +#define _SECURITY_KEYCHAINAPIPRIV_H_ -#include +#include #if defined(__cplusplus) extern "C" { @@ -38,26 +34,17 @@ enum kSecClassItemAttr = 'clas', /* Item class (KCItemClass) */ kSecAliasItemAttr = 'alis', /* Alias attribute (required by CDSA). */ kSecProtectedDataItemAttr = 'prot', /* Item's data is protected (encrypted) (Boolean) */ - - /* Certificate attributes */ - kSecSubjectItemAttr = 'subj', /* Subject distinguished name (DER-encoded data) */ - kSecCommonNameItemAttr = 'cn ', /* Common Name (UTF8-encoded string) */ - kSecIssuerItemAttr = 'issu', /* Issuer distinguished name (DER-encoded data) */ - kSecSerialNumberItemAttr = 'snbr', /* Certificate serial number (DER-encoded data) */ - kSecEMailItemAttr = 'mail', /* E-mail address (ASCII-encoded string) */ - kSecPublicKeyHashItemAttr = 'hpky', /* Hash of public key (PublicKeyHash), 20 bytes max. */ - kSecIssuerURLItemAttr = 'iurl', /* URL of the certificate issuer (ASCII-encoded string) */ - /* Shared by keys and certificates */ - kSecEncryptItemAttr = 'encr', /* Encrypt (Boolean) */ - kSecDecryptItemAttr = 'decr', /* Decrypt (Boolean) */ - kSecSignItemAttr = 'sign', /* Sign (Boolean) */ - kSecVerifyItemAttr = 'veri', /* Verify (Boolean) */ - kSecWrapItemAttr = 'wrap', /* Wrap (Boolean) */ - kSecUnwrapItemAttr = 'unwr', /* Unwrap (Boolean) */ - kSecStartDateItemAttr = 'sdat', /* Start Date (UInt32) */ - kSecEndDateItemAttr = 'edat' /* End Date (UInt32) */ }; +UInt16 +SecKeychainListGetCount(void); + +OSStatus +SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef); + +OSStatus +SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef); + OSStatus SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword); OSStatus SecKeychainCopyLogin(SecKeychainRef *keychainRef); @@ -70,4 +57,4 @@ OSStatus SecKeychainLogout(); } #endif -#endif // __KEYCHAINAPIPRIV__ +#endif /* !_SECURITY_KEYCHAINAPIPRIV_H_ */ diff --git a/Keychain/SecKeychainItem.cpp b/Keychain/SecKeychainItem.cpp new file mode 100644 index 00000000..d7d453b8 --- /dev/null +++ b/Keychain/SecKeychainItem.cpp @@ -0,0 +1,230 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" +#include "KCExceptions.h" +#include "Access.h" + + +// +// Given a polymorphic Sec type object, return +// its AclBearer component. +// Note: Login ACLs are not hooked into this layer; +// modules or attachments have no Sec* layer representation. +// +RefPointer aclBearer(CFTypeRef itemRef) +{ + // well, exactly what kind of something are you? + CFTypeID id = CFGetTypeID(itemRef); + if (id == gTypes().item.typeId) { + // keychain item. If it's in a protected group, return the group key + if (SSGroup group = gTypes().item.required(SecKeychainItemRef(itemRef))->group()) + return &*group; + } else if (id == gTypes().keyItem.typeId) { + // key item + //@@@ not hooked up yet + } else if (id == gTypes().keychain.typeId) { + // keychain (this yields the database ACL) + //@@@ not hooked up yet + } + // Guess not. Bummer + MacOSError::throwMe(errSecNoAccessForItem); +} + + +CFTypeID +SecKeychainItemGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().item.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList, + UInt32 length, const void *data, SecKeychainRef keychainRef, + SecAccessRef initialAccess, SecKeychainItemRef *itemRef) +{ + BEGIN_SECAPI + KCThrowParamErrIf_(length!=0 && data==NULL); + Item item(itemClass, attrList, length, data); + if (initialAccess) + item->setAccess(gTypes().access.required(initialAccess)); + Keychain::optional(keychainRef)->add(item); + if (itemRef) + *itemRef = gTypes().item.handle(*item); + END_SECAPI +} + + +OSStatus +SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data) +{ + BEGIN_SECAPI + Item item = gTypes().item.required(itemRef); + item->modifyContent(attrList, length, data); + END_SECAPI +} + + +OSStatus +SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData) +{ + BEGIN_SECAPI + Item item = gTypes().item.required(itemRef); + item->getContent(itemClass, attrList, length, outData); + END_SECAPI +} + + +OSStatus +SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data) +{ + BEGIN_SECAPI + ItemImpl::freeContent(attrList, data); + END_SECAPI +} + + +OSStatus +SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data) +{ + BEGIN_SECAPI + Item item = gTypes().item.required(itemRef); + item->modifyAttributesAndData(attrList, length, data); + END_SECAPI +} + + +OSStatus +SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData) +{ + BEGIN_SECAPI + Item item = gTypes().item.required(itemRef); + item->getAttributesAndData(info, itemClass, attrList, length, outData); + END_SECAPI +} + + +OSStatus +SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data) +{ + BEGIN_SECAPI + ItemImpl::freeAttributesAndData(attrList, data); + END_SECAPI +} + + +OSStatus +SecKeychainItemDelete(SecKeychainItemRef itemRef) +{ + BEGIN_SECAPI + Item item = gTypes().item.required( itemRef ); + Keychain keychain = item->keychain(); + KCThrowIf_( !keychain, errSecInvalidItemRef ); + + keychain->deleteItem( item ); // item must be persistant. + END_SECAPI +} + + +OSStatus +SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef) +{ + BEGIN_SECAPI + Required(keychainRef) = gTypes().keychain.handle(*gTypes().item.required(itemRef)->keychain()); + END_SECAPI +} + + +OSStatus +SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainRef destKeychainRef, + SecAccessRef initialAccess, SecKeychainItemRef *itemCopy) +{ + BEGIN_SECAPI + Item copy = gTypes().item.required(itemRef)->copyTo(Keychain::optional(destKeychainRef)); + if (itemCopy) + *itemCopy = gTypes().item.handle(*copy); + END_SECAPI +} + + +OSStatus +SecKeychainItemGetUniqueRecordID(SecKeychainItemRef keyItemRef, CSSM_DB_UNIQUE_RECORD* uniqueRecordID) +{ + BEGIN_SECAPI + uniqueRecordID = gTypes().item.required(keyItemRef)->dbUniqueRecord(); + END_SECAPI +} + + +OSStatus +SecKeychainItemGetDLDBHandle(SecKeychainItemRef itemRef, CSSM_DL_DB_HANDLE* dldbHandle) +{ + BEGIN_SECAPI + *dldbHandle = gTypes().item.required(itemRef)->keychain()->database()->handle(); + END_SECAPI +} + + +OSStatus SecAccessCreateFromObject(CFTypeRef sourceRef, + SecAccessRef *accessRef) +{ + BEGIN_SECAPI + Required(accessRef); // preflight + RefPointer access = new Access(*aclBearer(sourceRef)); + *accessRef = gTypes().access.handle(*access); + END_SECAPI +} + + +/*! + */ +OSStatus SecAccessModifyObject(SecAccessRef accessRef, CFTypeRef sourceRef) +{ + BEGIN_SECAPI + gTypes().access.required(accessRef)->setAccess(*aclBearer(sourceRef), true); + END_SECAPI +} + +OSStatus +SecKeychainItemCopyAccess(SecKeychainItemRef itemRef, SecAccessRef* accessRef) +{ + BEGIN_SECAPI + + Required(accessRef); // preflight + RefPointer access = new Access(*aclBearer(reinterpret_cast(itemRef))); + *accessRef = gTypes().access.handle(*access); + + END_SECAPI +} + + +OSStatus +SecKeychainItemSetAccess(SecKeychainItemRef itemRef, SecAccessRef accessRef) +{ + BEGIN_SECAPI + + gTypes().access.required(accessRef)->setAccess(*aclBearer(reinterpret_cast(itemRef)), true); + + END_SECAPI +} diff --git a/Keychain/SecKeychainItem.h b/Keychain/SecKeychainItem.h new file mode 100644 index 00000000..a10fb44b --- /dev/null +++ b/Keychain/SecKeychainItem.h @@ -0,0 +1,304 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecKeychainItem + SecKeychainItem implements an item which may be stored in a SecKeychain, with publicly + visible attributes and encrypted data. The access to the data of an item is protected + using strong cryptographic algorithms. +*/ + +#ifndef _SECURITY_SECKEYCHAINITEM_H_ +#define _SECURITY_SECKEYCHAINITEM_H_ + +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @typedef SecItemClass + @abstract Represents a keychain item's class. +*/ +typedef FourCharCode SecItemClass; + +/*! + @enum ItemClassConstants + @abstract Specifies a keychain item's class code. + @constant kSecInternetPasswordItemClass Indicates that the item is an internet password. + @constant kSecGenericPasswordItemClass Indicates that the item is a generic password. + @constant kSecAppleSharePasswordItemClass Indicates that the item is an AppleShare password. + @constant kSecCertificateItemClass Indicates that the item is a digital certificate. + @discussion The SecItemClass enumeration defines constants your application can use to specify the type of the keychain item you wish to create, dispose, add, delete, update, copy, or locate. You can also use these constants with the tag constant SecItemAttr. +*/ +enum +{ + kSecInternetPasswordItemClass = 'inet', + kSecGenericPasswordItemClass = 'genp', + kSecAppleSharePasswordItemClass = 'ashp', + kSecCertificateItemClass = CSSM_DL_DB_RECORD_X509_CERTIFICATE, +}; + +/*! + @typedef SecItemAttr + @abstract Represents a keychain item's attributes. + +*/ +typedef FourCharCode SecItemAttr; + +/*! + @enum ItemAttributeConstants + @abstract Specifies keychain item attributes. + @constant kSecCreationDateItemAttr Identifies the creation date attribute. You use this tag to set or get a value of type UInt32 that indicates the date the item was created. + @constant kSecModDateItemAttr Identifies the modification date attribute. You use this tag to set or get a value of type UInt32 that indicates the last time the item was updated. + @constant kSecDescriptionItemAttr Identifies the description attribute. You use this tag to set or get a value of type string that represents a user-visible string describing this particular kind of item (e.g. "disk image password"). + @constant kSecCommentItemAttr Identifies the comment attribute. You use this tag to set or get a value of type string that represents a user-editable string containing comments for this item. + @constant kSecCreatorItemAttr Identifies the creator attribute. You use this tag to set or get a value that represents the itemÕs creator. + @constant kSecTypeItemAttr Identifies the type attribute. You use this tag to set or get a value that represents the itemÕs type. + @constant kSecScriptCodeItemAttr Identifies the script code attribute. You use this tag to set or get a value of type ScriptCode that represents the script code for all strings. (Note: use of this attribute is deprecated; string attributes should be stored in UTF-8 encoding.) + @constant kSecLabelItemAttr Identifies the label attribute. You use this tag to set or get a value of type string that represents a user-editable string containing the label for this item. + @constant kSecInvisibleItemAttr Identifies the invisible attribute. You use this tag to set or get a value of type Boolean that indicates whether the item is invisible. + @constant kSecNegativeItemAttr Identifies the negative attribute. You use this tag to set or get a value of type Boolean that indicates whether there is a valid password associated with this keychain item. This is useful if your application doesn't want a password for some particular service to be stored in the keychain, but prefers that it always be entered by the user. The item (typically invisible and with zero-length data) acts as a placeholder to say Òdon't use me.Ó + @constant kSecCustomIconItemAttr Identifies the custom icon attribute. You use this tag to set or get a value of type Boolean that indicates whether the item has an application-specific icon. To do this, you must also set the attribute value identified by the tag kSecTypeItemAttr to a file type for which there is a corresponding icon in the desktop database, and set the attribute value identified by the tag kSecCreatorItemAttr to an appropriate application creator type. If a custom icon corresponding to the item's type and creator can be found in the desktop database, it will be displayed by Keychain Access. Otherwise, default icons are used. + @constant kSecAccountItemAttr Identifies the account attribute. You use this tag to set or get a string that represents the user account. It also applies to generic and AppleShare passwords. + @constant kSecServiceItemAttr Identifies the service attribute. You use this tag to set or get a string that represents the service associated with this item (e.g. "iTools"). This is unique to generic password attributes. + @constant kSecGenericItemAttr Identifies the generic attribute. You use this tag to set or get a value of untyped bytes that represents a user-defined attribute. This is unique to generic password attributes. + @constant kSecSecurityDomainItemAttr Identifies the security domain attribute. You use this tag to set or get a value that represents the Internet security domain. This is unique to Internet password attributes. + @constant kSecServerItemAttr Identifies the server attribute. You use this tag to set or get a value of type string that represents the Internet serverÕs domain name or IP address. This is unique to Internet password attributes. + @constant kSecAuthenticationTypeItemAttr Identifies the authentication type attribute. You use this tag to set or get a value of type SecAuthenticationType that represents the Internet authentication scheme. This is unique to Internet password attributes. + @constant kSecPortItemAttr Identifies the port attribute. You use this tag to set or get a value of type UInt32 that represents the Internet port number. This is unique to Internet password attributes. + @constant kSecPathItemAttr Identifies the path attribute. You use this tag to set or get a value that represents the path. This is unique to Internet password attributes. + @constant kSecVolumeItemAttr Identifies the volume attribute. You use this tag to set or get a value that represents the AppleShare volume. This is unique to AppleShare password attributes. + @constant kSecAddressItemAttr Identifies the address attribute. You use this tag to set or get a value of type string that represents the AppleTalk zone name, or the IP or domain name that represents the server address. This is unique to AppleShare password attributes. + @constant kSecSignatureItemAttr Identifies the server signature attribute. You use this tag to set or get a value of type SecAFPServerSignature that represents the server signature block. This is unique to AppleShare password attributes. + @constant kSecProtocolItemAttr Identifies the protocol attribute. You use this tag to set or get a value of type SecProtocolType that represents the Internet protocol. This is unique to AppleShare and Internet password attributes. + @constant kSecCertificateType Indicates a CSSM_CERT_TYPE type. + @constant kSecCertificateEncoding Indicates a CSSM_CERT_ENCODING type. + @constant kSecCrlType Indicates a CSSM_CRL_TYPE type. + @constant kSecCrlEncoding Indicates a CSSM_CRL_ENCODING type. + @constant kSecAlias Indicates an alias. + @discussion To obtain information about a certificate, use the CDSA Certificate Library (CL) API. To obtain information about a key, use the SecKeyGetCSSMKey function and the CDSA Cryptographic Service Provider (CSP) API. +*/ +enum +{ + kSecCreationDateItemAttr = 'cdat', + kSecModDateItemAttr = 'mdat', + kSecDescriptionItemAttr = 'desc', + kSecCommentItemAttr = 'icmt', + kSecCreatorItemAttr = 'crtr', + kSecTypeItemAttr = 'type', + kSecScriptCodeItemAttr = 'scrp', + kSecLabelItemAttr = 'labl', + kSecInvisibleItemAttr = 'invi', + kSecNegativeItemAttr = 'nega', + kSecCustomIconItemAttr = 'cusi', + kSecAccountItemAttr = 'acct', + kSecServiceItemAttr = 'svce', + kSecGenericItemAttr = 'gena', + kSecSecurityDomainItemAttr = 'sdmn', + kSecServerItemAttr = 'srvr', + kSecAuthenticationTypeItemAttr = 'atyp', + kSecPortItemAttr = 'port', + kSecPathItemAttr = 'path', + kSecVolumeItemAttr = 'vlme', + kSecAddressItemAttr = 'addr', + kSecSignatureItemAttr = 'ssig', + kSecProtocolItemAttr = 'ptcl', + kSecCertificateType = 'ctyp', + kSecCertificateEncoding = 'cenc', + kSecCrlType = 'crtp', + kSecCrlEncoding = 'crnc', + kSecAlias = 'alis' +}; + +/*! + @typedef SecAFPServerSignature + @abstract Represents a 16-byte Apple File Protocol server signature block. +*/ +typedef UInt8 SecAFPServerSignature[16]; + +/*! + @typedef SecPublicKeyHash + @abstract Represents a 20-byte public key hash. +*/ +typedef UInt8 SecPublicKeyHash[20]; + +/*! + @function SecKeychainItemGetTypeID + @abstract Returns the type identifier of SecKeychainItem instances. + @result The CFTypeID of SecKeychainItem instances. +*/ +CFTypeID SecKeychainItemGetTypeID(void); + +/*! + @function SecKeychainItemModifyAttributesAndData + @abstract Updates an existing keychain item after changing its attributes or data. + @param itemRef A reference of the keychain item to modify. + @param attrList The list of attributes to set. + @param length The length of the buffer pointed to by data. + @param data Pointer to a buffer containing the data to store. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion The keychain item is written to the keychain's permanent data store. If the keychain item has not previously been added to a keychain, a call to the SecKeychainItemModifyContent function does nothing and returns noErr. +*/ +OSStatus SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data); + +#pragma mark ÑÑÑÑ Keychain Item Management ÑÑÑÑ +/*! + @function SecKeychainItemCreateFromContent + @abstract Creates a new keychain item from the supplied parameters. + @param itemClass A constant identifying the class of item to create. + @param attrList The list of attributes of the item to create. + @param length The length of the buffer pointed to by data. + @param data A pointer to a buffer containing the data to store. + @param initialAccess A reference to the access for this keychain item. + @param keychainRef A reference to the keychain in which to add the item. + @param itemRef On return, a pointer to a reference to the newly created keychain item (optional). When the item reference is no longer required, call CFRelease to deallocate memory occupied by the item. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters are supplied, or memFullErr (-108) if there is not enough memory in the current heap zone to create the object. +*/ +OSStatus SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList, + UInt32 length, const void *data, SecKeychainRef keychainRef, + SecAccessRef initialAccess, SecKeychainItemRef *itemRef); + +/*! + @function SecKeychainItemModifyContent + @abstract Updates an existing keychain item after changing its attributes or data. + @param itemRef A reference to the keychain item to modify. + @param attrList The list of attributes to set. + @param length The length of the buffer pointed to by data. + @param data A pointer to a buffer containing the data to store. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data); + +/*! + @function SecKeychainItemCopyContent + @abstract Copies the data and/or attributes stored in the given keychain item. + @param itemRef A reference to the keychain item to modify. + @param itemClass The item's class. You should pass NULL if it is not required. + @param attrList The list of attributes to get in this item on input, on output the attributes are filled in. You must call SecKeychainItemFreeContent when you no longer need the attributes and data. + @param length On return, the length of the buffer pointed to by outData. + @param outData On return, a pointer to a buffer containing the data in this item. You must call SecKeychainItemFreeContent when you no longer need the attributes and data. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters are supplied. +*/ +OSStatus SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData); + +/*! + @function SecKeychainItemFreeContent + @abstract Releases the memory used by the keychain attribute list and the keychain data retrieved in a call to SecKeychainItemCopyContent. + @param attrList A pointer to the attribute list to release. + @param data A pointer to the data buffer to release. +*/ +OSStatus SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data); + +/*! + @function SecKeychainItemCopyAttributesAndData + @abstract Copies the data and/or attributes stored in the given keychain item. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the attributes and data. + @param itemRef A reference of the keychain item to modify. + @param info List of tags of attributes to retrieve. + @param itemClass The item's class. You should pass NULL if not required. + @param attrList The list of attributes to get in this item on input, on output the attributes are filled in. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the attributes and data. + @param length on output the actual length of the data. + @param outData Pointer to a buffer containing the data in this item. Pass NULL if not required. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the attributes and data. + @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters are supplied. +*/ +OSStatus SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData); + +/*! + @function SecKeychainItemFreeAttributesAndData + @abstract Releases the memory used by the keychain attribute list and the keychain data retrieved in a call to SecKeychainItemCopyAttributesAndData. + @param attrList A pointer to the attribute list to release. + @param data A pointer to the data buffer to release. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data); + +/*! + @function SecKeychainItemDelete + @abstract Deletes a keychain item from the default keychain's permanent data store. + @param itemRef A keychain item reference of the item to delete. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If itemRef has not previously been added to the keychain, SecKeychainItemDelete does nothing and returns noErr. IMPORTANT: SecKeychainItemDelete does not dispose the memory occupied by the item reference itself; use the CFRelease function when you are completely finished with an item. +*/ +OSStatus SecKeychainItemDelete(SecKeychainItemRef itemRef); + +/*! + @function SecKeychainItemCopyKeychain + @abstract Copies an existing keychain reference from a keychain item. + @param itemRef A keychain item reference of the item to update. + @param keychainRef On return, a pointer to a keychain reference. Release this by calling CFRelease function. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef *keychainRef); + +/*! + @function SecKeychainItemCreateCopy + @abstract Copies a keychain item. + @param itemRef A reference to the keychain item to copy. + @param destKeychainRef A reference to the keychain in which to insert the copied keychain item. + @param initialAccess The initial access for the copied keychain item. + @param itemCopy On return, a pointer to a copy of the keychain item referenced by itemRef. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainRef destKeychainRef, + SecAccessRef initialAccess, SecKeychainItemRef *itemCopy); + + +#pragma mark ÑÑÑÑ CSSM Bridge Functions ÑÑÑÑ +/*! + @function SecKeychainItemGetDLDBHandle + @abstract Returns the CSSM_DL_DB_HANDLE for a given key reference. + @param keyItemRef A keychain item key reference. The key item must be of class type kSecAppleKeyItemClass. + @param dldbHandle keychainRef On return, a CSSM_DL_DB_HANDLE for the given key. The handle is valid until the keychain reference is released. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainItemGetDLDBHandle(SecKeychainItemRef keyItemRef, CSSM_DL_DB_HANDLE *dldbHandle); + +/*! + @function SecKeychainItemGetUniqueRecordID + @abstract Returns a CSSM_DB_UNIQUE_RECORD for the given keychain item reference. + @param itemRef A keychain item reference. + @param uniqueRecordID On return, a pointer to a CSSM_DB_UNIQUE_RECORD structure for the given item. The unique record is valid until the item reference is released. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainItemGetUniqueRecordID(SecKeychainItemRef itemRef, CSSM_DB_UNIQUE_RECORD *uniqueRecordID); + +#pragma mark ÑÑÑÑ Keychain Item Access Management ÑÑÑÑ +/*! + @function SecKeychainItemCopyAccess + @abstract Copies the access of a given keychain item. + @param itemRef A reference to a keychain item. + @param access On return, a pointer to the keychain item's access. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainItemCopyAccess(SecKeychainItemRef itemRef, SecAccessRef *access); + +/*! + @function SecKeychainItemSetAccess + @abstract Sets the access of a given keychain item. + @param itemRef A reference to a keychain item. + @param access A reference to an access to replace the keychain item's current access. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainItemSetAccess(SecKeychainItemRef itemRef, SecAccessRef access); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECKEYCHAINITEM_H_ */ diff --git a/Keychain/SecKeychainSearch.cpp b/Keychain/SecKeychainSearch.cpp new file mode 100644 index 00000000..16111cc8 --- /dev/null +++ b/Keychain/SecKeychainSearch.cpp @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" + +CFTypeID +SecKeychainSearchGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().cursor.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecKeychainSearchCreateFromAttributes(CFTypeRef keychainOrArray, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef) +{ + BEGIN_SECAPI + + Required(searchRef); // Make sure that searchRef is an invalid SearchRef + + StorageManager::KeychainList keychains; + globals().storageManager.optionalSearchList(keychainOrArray, keychains); + KCCursor cursor(keychains, itemClass, attrList); + *searchRef = gTypes().cursor.handle(*cursor); + + END_SECAPI +} + + +OSStatus +SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef) +{ + BEGIN_SECAPI + + RequiredParam(itemRef); + Item item; + if (!gTypes().cursor.required(searchRef)->next(item)) + return errSecItemNotFound; + + *itemRef=gTypes().item.handle(*item); + + END_SECAPI +} diff --git a/Keychain/SecKeychainSearch.h b/Keychain/SecKeychainSearch.h new file mode 100644 index 00000000..dd7b081b --- /dev/null +++ b/Keychain/SecKeychainSearch.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecKeychainSearch + The functions provided in SecKeychainSearch implement a query of one or more keychains to search for a particular SecKeychainItem. +*/ + +#ifndef _SECURITY_SECKEYCHAINSEARCH_H_ +#define _SECURITY_SECKEYCHAINSEARCH_H_ + +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @function SecKeychainSearchGetTypeID + @abstract Returns the type identifier of SecKeychainSearch instances. + @result The CFTypeID of SecKeychainSearch instances. +*/ +CFTypeID SecKeychainSearchGetTypeID(void); + +/*! + @function SecKeychainSearchCreateFromAttributes + @abstract Creates a search reference matching a list of zero or more specified attributes in the specified keychain. + @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list. + @param itemClass The keychain item class. + @param attrList A pointer to a list of zero or more keychain attribute records to match. Pass NULL to match any keychain attribute. + @param searchRef On return, a pointer to the current search reference. You are responsible for calling the CFRelease function to release this reference when finished with it. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainSearchCreateFromAttributes(CFTypeRef keychainOrArray, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef); + +/*! + @function SecKeychainSearchCopyNext + @abstract Finds the next keychain item matching the given search criteria. + @param searchRef A reference to the current search criteria. The search reference is created in the SecKeychainSearchCreateFromAttributes function and must be released by calling the CFRelease function when you are done with it. + @param itemRef On return, a pointer to a keychain item reference of the next matching keychain item, if any. + @result A result code. When there are no more items that match the parameters specified to SecPolicySearchCreate, errSecItemNotFound is returned. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECKEYCHAINSEARCH_H_ */ diff --git a/Keychain/SecPolicy.cpp b/Keychain/SecPolicy.cpp new file mode 100644 index 00000000..aad3d9c9 --- /dev/null +++ b/Keychain/SecPolicy.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include +#include "SecBridge.h" + + +static inline Policy *Required(SecPolicyRef policyRef) +{ + return gTypes().policy.required(policyRef); +} + + +// +// CF boilerplate +// +CFTypeID +SecPolicyGetTypeID(void) +{ + BEGIN_SECAPI + return gTypes().policy.typeId; + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +// +// Sec API bridge functions +// +OSStatus +SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID* oid) +{ + BEGIN_SECAPI + Required(oid) = Required(policyRef)->oid(); + END_SECAPI +} + + +OSStatus +SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA* value) +{ + BEGIN_SECAPI + Required(value) = Required(policyRef)->value(); + END_SECAPI +} + + +OSStatus +SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE* tpHandle) +{ + BEGIN_SECAPI + Required(tpHandle) = Required(policyRef)->tp()->handle(); + END_SECAPI +} diff --git a/Keychain/SecPolicy.h b/Keychain/SecPolicy.h new file mode 100644 index 00000000..3ab86e7e --- /dev/null +++ b/Keychain/SecPolicy.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecPolicy + The functions provided in SecPolicy implement a representation of a particular trust policy. +*/ + +#ifndef _SECURITY_SECPOLICY_H_ +#define _SECURITY_SECPOLICY_H_ + +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @function SecPolicyGetTypeID + @abstract Returns the type identifier of SecPolicy instances. + @result The CFTypeID of SecPolicy instances. +*/ +CFTypeID SecPolicyGetTypeID(void); + +/*! + @function SecPolicyGetOID + @abstract Returns a policy's object identifier. + @param policyRef A policy reference. + @param oid On return, a pointer to the policy's object identifier. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID *oid); + +/*! + @function SecPolicyGetValue + @abstract Returns a policy's value. + @param policyRef A policy reference. + @param value On return, a pointer to the policy's value. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA *value); + +/*! + @function SecPolicyGetTPHandle + @abstract Returns the CSSM trust policy handle for the given policy. + @param policyRef A policy reference. + @param tpHandle On return, a pointer to a value of type CSSM_TP_HANDLE. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE *tpHandle); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECPOLICY_H_ */ diff --git a/Keychain/SecPolicySearch.cpp b/Keychain/SecPolicySearch.cpp new file mode 100644 index 00000000..982c5893 --- /dev/null +++ b/Keychain/SecPolicySearch.cpp @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include +#include "SecBridge.h" + + +// +// CF Boilerplate +CFTypeID +SecPolicySearchGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().policyCursor.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecPolicySearchCreate( + CSSM_CERT_TYPE certType, + const CSSM_OID* oid, + const CSSM_DATA* value, + SecPolicySearchRef* searchRef) +{ + BEGIN_SECAPI + Required(searchRef); // preflight + RefPointer cursor(new PolicyCursor(oid, value)); + *searchRef = gTypes().policyCursor.handle(*cursor); + END_SECAPI +} + + +OSStatus +SecPolicySearchCopyNext( + SecPolicySearchRef searchRef, + SecPolicyRef* policyRef) +{ + BEGIN_SECAPI + + RequiredParam(policyRef); + RefPointer policy; + if (!gTypes().policyCursor.required(searchRef)->next(policy)) + return errSecPolicyNotFound; + *policyRef = gTypes().policy.handle(*policy); + END_SECAPI +} diff --git a/Keychain/SecPolicySearch.h b/Keychain/SecPolicySearch.h new file mode 100644 index 00000000..765765fe --- /dev/null +++ b/Keychain/SecPolicySearch.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecPolicySearch + The functions provided in SecPolicySearch implement a query for SecPolicy objects. +*/ + +#ifndef _SECURITY_SECPOLICYSEARCH_H_ +#define _SECURITY_SECPOLICYSEARCH_H_ + +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @typedef SecPolicySearchRef + @abstract A reference to an opaque policy search structure. +*/ +typedef struct OpaquePolicySearchRef *SecPolicySearchRef; + +/*! + @function SecPolicySearchGetTypeID + @abstract Returns the type identifier of SecPolicySearch instances. + @result The CFTypeID of SecPolicySearch instances. +*/ +CFTypeID SecPolicySearchGetTypeID(void); + +/*! + @function SecPolicySearchCreate + @abstract Creates a search reference for finding a policy by specifying its object identifier. + @param certType The type of certificates a policy uses. + @param policyOID A pointer to a BER-encoded policy object identifier that uniquely specifies the policy. + @param value A pointer to an optional policy-defined value. The contents of this value depend on the policy object identifier defined. + @param searchRef On return, a pointer to a policy search reference. The policy search reference is used for subsequent calls to the SecCopyNextPolicy function to obtain the remaining trust policies. You are responsible for releasing the search reference by calling the CFRelease function when finished with it. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecPolicySearchCreate(CSSM_CERT_TYPE certType, const CSSM_OID *policyOID, const CSSM_DATA *value, SecPolicySearchRef *searchRef); + +/*! + @function SecPolicySearchCopyNext + @abstract Finds the next policy matching the given search criteria + @param searchRef A reference to the current policy search criteria. You create the policy search reference by a calling the SecPolicySearchCreate function. You are responsible for releasing the policy by calling the CFRelease function when finished with it. + @param policyRef On return, a pointer to a policy reference. + @result A result code. When there are no more policies that match the parameters specified to SecPolicySearchCreate, errSecPolicyNotFound is returned. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecPolicySearchCopyNext(SecPolicySearchRef searchRef, SecPolicyRef *policyRef); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECPOLICY_H_ */ diff --git a/Keychain/SecRuntime.cpp b/Keychain/SecRuntime.cpp new file mode 100644 index 00000000..ec87f19f --- /dev/null +++ b/Keychain/SecRuntime.cpp @@ -0,0 +1,140 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// SecRuntime.cpp - CF runtime interface +// + +#include +#include + +using namespace KeychainCore; + +// +// SecCFObject +// +SecCFObject::~SecCFObject() +{ +} + +bool +SecCFObject::equal(SecCFObject &other) +{ + return this == &other; +} + +CFHashCode +SecCFObject::hash() +{ + return CFHashCode(this); +} + + +// +// SecCFType +// +SecCFType::SecCFType(SecCFObject *obj) : + mObject(obj) +{ +} + +SecCFType::~SecCFType() +{ + mObject = NULL; +} + +// +// CFClassBase +// +CFClassBase::CFClassBase(const char *name) +{ + // initialize the CFRuntimeClass structure + version = 0; + className = name; + init = NULL; + copy = NULL; + finalize = finalizeType; + equal = equalType; + hash = hashType; + copyFormattingDesc = NULL; + copyDebugDesc = NULL; + + // register + typeId = _CFRuntimeRegisterClass(this); + assert(typeId != _kCFRuntimeNotATypeID); +} + +void +CFClassBase::finalizeType(CFTypeRef cf) +{ + const SecCFType *type = reinterpret_cast(cf); + StLock _(gTypes().mapLock); + gTypes().map.erase(type->mObject.get()); + type->~SecCFType(); +} + +Boolean +CFClassBase::equalType(CFTypeRef cf1, CFTypeRef cf2) +{ + const SecCFType *t1 = reinterpret_cast(cf1); + const SecCFType *t2 = reinterpret_cast(cf2); + // CF checks for pointer equality and ensures type equality already + return t1->mObject->equal(*t2->mObject); +} + +CFHashCode +CFClassBase::hashType(CFTypeRef cf) +{ + return reinterpret_cast(cf)->mObject->hash(); +} + +const SecCFType * +CFClassBase::makeNew(SecCFObject *obj) +{ + void *p = const_cast(_CFRuntimeCreateInstance(NULL, typeId, + sizeof(SecCFType) - sizeof(CFRuntimeBase), NULL)); + new (p) SecCFType(obj); + return reinterpret_cast(p); +} + +const SecCFType * +CFClassBase::handle(SecCFObject *obj) +{ + SecCFTypes::Map &map = gTypes().map; + StLock _(gTypes().mapLock); + SecCFTypes::Map::const_iterator it = map.find(obj); + if (it == map.end()) + { + const SecCFType *p = makeNew(obj); + map[obj] = p; + return p; + } + else + { + CFRetain(it->second); + return it->second; + } +} + +SecCFObject * +CFClassBase::required(const SecCFType *type, OSStatus errorCode) +{ + if (!type) + MacOSError::throwMe(errorCode); + + return type->mObject.get(); +} diff --git a/Keychain/SecRuntime.h b/Keychain/SecRuntime.h new file mode 100644 index 00000000..529e4da1 --- /dev/null +++ b/Keychain/SecRuntime.h @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// SecRuntime.h - CF runtime interface +// +#ifndef _SECURITY_SECRUNTIME_H_ +#define _SECURITY_SECRUNTIME_H_ + +#include +#include + + +namespace Security +{ + +namespace KeychainCore +{ + +class SecCFObject : public RefCount +{ +public: + virtual ~SecCFObject(); + virtual bool equal(SecCFObject &other); + virtual CFHashCode hash(); +}; + + +class SecCFType : public CFRuntimeBase +{ +public: + SecCFType(SecCFObject *obj); + ~SecCFType(); + + RefPointer mObject; +}; + + +class CFClassBase : protected CFRuntimeClass +{ +protected: + CFClassBase(const char *name); + + const SecCFType *makeNew(SecCFObject *obj); + const SecCFType *handle(SecCFObject *obj); + SecCFObject *required(const SecCFType *type, OSStatus errorCode); + +private: + static void finalizeType(CFTypeRef cf); + static Boolean equalType(CFTypeRef cf1, CFTypeRef cf2); + static CFHashCode hashType(CFTypeRef cf); + +public: + CFTypeID typeId; +}; + + +template +class CFClass : public CFClassBase +{ +public: + CFClass(const char *name) : CFClassBase(name) {} + + APITypePtr handle(Object &obj) + { + return APITypePtr(CFClassBase::handle(&obj)); + } + + Object *required(APITypePtr type) + { + Object *object = dynamic_cast(CFClassBase::required + (reinterpret_cast(type), ErrorCode)); + if (!object) + MacOSError::throwMe(ErrorCode); + + return object; + } + + // CF generator functions + APITypePtr operator () (Object *obj) + { return handle(*obj); } + + APITypePtr operator () (const RefPointer &obj) + { return handle(*obj); } + + Object * operator () (APITypePtr ref) + { return required(ref); } +}; + + +} // end namespace KeychainCore + +} // end namespace Security + + +#endif // !_SECURITY_SECRUNTIME_H_ diff --git a/Keychain/SecTrust.cpp b/Keychain/SecTrust.cpp new file mode 100644 index 00000000..0133ea0e --- /dev/null +++ b/Keychain/SecTrust.cpp @@ -0,0 +1,199 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include +#include + +#include "SecBridge.h" + + +static inline Trust *Required(SecTrustRef trustRef) +{ + return gTypes().trust.required(trustRef); +} + + +// +// CF boilerplate +// +CFTypeID SecTrustGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().trust.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +// +// Sec* API bridge functions +// +OSStatus SecTrustCreateWithCertificates( + CFArrayRef certificates, + CFTypeRef policies, + SecTrustRef *trustRef) +{ + BEGIN_SECAPI + Required(trustRef); // preflight + RefPointer trust(new Trust(certificates, policies)); + *trustRef = gTypes().trust.handle(*trust); + END_SECAPI +} + + +OSStatus SecTrustSetParameters( + SecTrustRef trustRef, + CSSM_TP_ACTION action, + CFDataRef actionData) +{ + BEGIN_SECAPI + Trust *trust = gTypes().trust.required(trustRef); + trust->action(action); + trust->actionData(actionData); + END_SECAPI +} + + +OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, CFArrayRef anchorCertificates) +{ + BEGIN_SECAPI + Required(trust)->anchors(anchorCertificates); + END_SECAPI +} + + +OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef keychainOrArray) +{ + BEGIN_SECAPI + StorageManager::KeychainList keychains; + globals().storageManager.optionalSearchList(keychainOrArray, keychains); + Required(trust)->searchLibs() = keychains; + END_SECAPI +} + + +OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate) +{ + BEGIN_SECAPI + Required(trust)->time(verifyDate); + END_SECAPI +} + + +OSStatus SecTrustEvaluate(SecTrustRef trustRef, SecTrustResultType *resultP) +{ + BEGIN_SECAPI + Trust *trust = Required(trustRef); + trust->evaluate(); + if (resultP) + *resultP = trust->result(); + END_SECAPI +} + + +// +// Construct the "official" result evidence and return it +// +OSStatus SecTrustGetResult( + SecTrustRef trustRef, + SecTrustResultType *result, + CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain) +{ + BEGIN_SECAPI + Trust *trust = Required(trustRef); + if (result) + *result = trust->result(); + if (certChain && statusChain) + trust->buildEvidence(*certChain, TPEvidenceInfo::overlayVar(*statusChain)); + END_SECAPI +} + + +// +// Retrieve CSSM-level information for those who want to dig down +// +OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result) +{ + BEGIN_SECAPI + Required(result) = Required(trust)->cssmResult(); + END_SECAPI +} + +OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle) +{ + BEGIN_SECAPI + Required(handle) = Required(trust)->getTPHandle(); + END_SECAPI +} + + +// +// Get the user's default anchor certificate set +// +OSStatus SecTrustCopyAnchorCertificates(CFArrayRef* anchorCertificates) +{ + BEGIN_SECAPI + Required(anchorCertificates) = Trust::gStore().copyRootCertificates(); + END_SECAPI +} + +OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, + uint32 *cssmAnchorCount) +{ + BEGIN_SECAPI + CertGroup certs; + Trust::gStore().getCssmRootCertificates(certs); + Required(cssmAnchors) = certs.blobCerts(); + Required(cssmAnchorCount) = certs.count(); + END_SECAPI +} + + +// +// Get and set user trust settings +// +OSStatus SecTrustGetUserTrust(SecCertificateRef certificate, + SecPolicyRef policy, SecTrustUserSetting *trustSetting) +{ + BEGIN_SECAPI + Required(trustSetting) = Trust::gStore().find( + gTypes().certificate.required(certificate), + gTypes().policy.required(policy)); + END_SECAPI +} + +OSStatus SecTrustSetUserTrust(SecCertificateRef certificate, + SecPolicyRef policy, SecTrustUserSetting trustSetting) +{ + BEGIN_SECAPI + switch (trustSetting) { + case kSecTrustResultProceed: + case kSecTrustResultConfirm: + case kSecTrustResultDeny: + case kSecTrustResultUnspecified: + break; + default: + MacOSError::throwMe(errSecInvalidTrustSetting); + } + Trust::gStore().assign( + gTypes().certificate.required(certificate), + gTypes().policy.required(policy), + trustSetting); + END_SECAPI +} + diff --git a/Keychain/SecTrust.h b/Keychain/SecTrust.h new file mode 100644 index 00000000..72730122 --- /dev/null +++ b/Keychain/SecTrust.h @@ -0,0 +1,205 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecTrust + The functions and data types in SecTrust implement trust computation and allows the user to apply trust decisions to the trust configuration. +*/ + +#ifndef _SECURITY_SECTRUST_H_ +#define _SECURITY_SECTRUST_H_ + +#include +#include +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @typedef SecTrustResultType + @abstract Specifies the trust result type. + @constant kSecTrustResultInvalid Indicates an invalid setting or result. + @constant kSecTrustResultProceed Indicates you may proceed. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings. + @constant kSecTrustResultConfirm Indicates confirmation with the user is required before proceeding. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings. + @constant kSecTrustResultDeny Indicates a user-configured deny; do not proceed. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings. + @constant kSecTrustResultUnspecified Indicates user intent is unknown. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings. + @constant kSecTrustResultRecoverableTrustFailure Indicates a trust framework failure; retry after fixing inputs. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings. + @constant kSecTrustResultFatalTrustFailure Indicates a trust framework failure; no "easy" fix. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings. + @constant kSecTrustResultOtherError Indicates a failure other than that of trust evaluation. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings. + */ +typedef enum { + kSecTrustResultInvalid, + kSecTrustResultProceed, + kSecTrustResultConfirm, + kSecTrustResultDeny, + kSecTrustResultUnspecified, + kSecTrustResultRecoverableTrustFailure, + kSecTrustResultFatalTrustFailure, + kSecTrustResultOtherError +} SecTrustResultType; + +/*! + @typedef SecTrustUserSetting + @abstract Specifies user-specified trust settings. +*/ +typedef SecTrustResultType SecTrustUserSetting; + +/*! + @typedef SecTrustRef + @abstract A pointer to an opaque trust management structure. +*/ +typedef struct OpaqueSecTrustRef *SecTrustRef; + +/*! + @function SecTrustGetTypeID + @abstract Returns the type identifier of SecTrust instances. + @result The CFTypeID of SecTrust instances. +*/ +CFTypeID SecTrustGetTypeID(void); + +/*! + @function SecTrustCreateWithCertificates + @abstract Creates a trust based on the given certificates and policies. + @param certificates The group of certificates to verify. + @param policies An array of one or more policies. + @param trustRef On return, a pointer to the trust management reference. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustCreateWithCertificates(CFArrayRef certificates, CFTypeRef policies, SecTrustRef *trustRef); + +/*! + @function SecTrustSetParameters + @abstract Sets the action and action data for a trust. + @param trustRef The reference to the trust to change. + @param action A CSSM trust action. + @param actionData A reference to action data. + @result A result code. See "Security Error Codes" (SecBase.h). + */ +OSStatus SecTrustSetParameters(SecTrustRef trustRef, CSSM_TP_ACTION action, CFDataRef actionData); + +/*! + @function SecTrustSetAnchorCertificates + @abstract Sets the anchor certificates for a given trust. + @param trust A reference to a trust. + @param anchorCertificates An array of anchor certificates. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, CFArrayRef anchorCertificates); + +/*! + @function SecTrustSetKeychains + @abstract Sets the keychains for a given trust. + @param trust A reference to a trust. + @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef keychainOrArray); + +/*! + @function SecTrustSetVerifyDate + @abstract Verifies the date of a given trust. + @param trust A reference to the trust to verify. + @param verifyDate The date to verify. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate); + +/*! + @function SecTrustEvaluate + @abstract Evaluates a trust. + @param trust A reference to the trust to evaluate. + @param result A pointer to a result type. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType *result); + +/*! + @function SecTrustGetResult + @abstract Returns detail information on the outcome of a call to SecTrustEvaluate. + @param trustRef A reference to a trust. + @param result A pointer to the result from the call to SecTrustEvaluate. + @param certChain On return, a pointer to the certificate chain used to validate the input certificate. + @param statusChain On return, a pointer to the status of the certificate chain. Do not attempt to free this pointer; it remains valid until the trust is destroyed or the next call to SecTrustEvaluate. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustGetResult(SecTrustRef trustRef, SecTrustResultType *result, CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain); + +/*! + @function SecTrustGetCssmResult + @abstract Gets the CSSM trust result. + @param trust A reference to a trust. + @param result On return, a pointer to the CSSM trust result. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result); + +/*! + @function SecTrustGetTPHandle + @abstract Gets the CSSM trust handle + @param trust A reference to a trust. + @param handle On return, a pointer to a CSSM trust handle. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle); + +/*! + @function SecTrustCopyAnchorCertificates + @abstract Returns the anchor (root) certificates. + @param anchors On return, a pointer to the anchors (roots). This may be used with the function SecCertificateGroupVerify. Call the CFRelease function to release this pointer. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustCopyAnchorCertificates(CFArrayRef* anchors); + +/*! + @function SecTrustGetCSSMAnchorCertificates + @abstract Retrieves the CSSM anchor certificates. + @param cssmAnchors A pointer to an array of anchor certificates. + @param cssmAnchorCount A pointer to the number of certificates in anchors. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, uint32 *cssmAnchorCount); + +/*! + @function SecTrustGetUserTrust + @abstract Gets the user-specified trust settings of a certificate and policy. + @param certificate A reference to a certificate. + @param policy A reference to a policy. + @param trustSetting On return, a pointer to the user specified trust settings. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustGetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting *trustSetting); + +/*! + @function SecTrustSetUserTrust + @abstract Sets the user-specified trust settings of a certificate and policy. + @param certificate A reference to a certificate. + @param policy A reference to a policy. + @param trustSetting The user-specified trust settings. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustSetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting); + + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECTRUST_H_ */ diff --git a/Keychain/SecTrustedApplication.cpp b/Keychain/SecTrustedApplication.cpp new file mode 100644 index 00000000..aa36207b --- /dev/null +++ b/Keychain/SecTrustedApplication.cpp @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include + +#include "SecBridge.h" + + +CFTypeID +SecTrustedApplicationGetTypeID(void) +{ + BEGIN_SECAPI + + return gTypes().trustedApplication.typeId; + + END_SECAPI1(_kCFRuntimeNotATypeID) +} + + +OSStatus +SecTrustedApplicationCreateFromPath(const char *path, SecTrustedApplicationRef *appRef) +{ + BEGIN_SECAPI + RefPointer app = + path ? new TrustedApplication(path) : new TrustedApplication; + Required(appRef) = gTypes().trustedApplication.handle(*app); + END_SECAPI +} + +/*! + */ +OSStatus SecTrustedApplicationCopyData(SecTrustedApplicationRef appRef, + CFDataRef *dataRef) +{ + BEGIN_SECAPI + const CssmData &data = gTypes().trustedApplication.required(appRef)->data(); + Required(dataRef) = CFDataCreate(NULL, (const UInt8 *)data.data(), data.length()); + END_SECAPI +} + +OSStatus SecTrustedApplicationSetData(SecTrustedApplicationRef appRef, + CFDataRef dataRef) +{ + BEGIN_SECAPI + gTypes().trustedApplication.required(appRef)->data(cfData(dataRef)); + END_SECAPI +} + diff --git a/Keychain/SecTrustedApplication.h b/Keychain/SecTrustedApplication.h new file mode 100644 index 00000000..a9c482d6 --- /dev/null +++ b/Keychain/SecTrustedApplication.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +/*! + @header SecTrustedApplication + The functions provided in SecTrustedApplication implement an object representing an application in a + SecAccess object. +*/ + +#ifndef _SECURITY_SECTRUSTEDAPPLICATION_H_ +#define _SECURITY_SECTRUSTEDAPPLICATION_H_ + +#include +#include + + +#if defined(__cplusplus) +extern "C" { +#endif + +/*! + @function SecTrustedApplicationGetTypeID + @abstract Returns the type identifier of SecTrustedApplication instances. + @result The CFTypeID of SecTrustedApplication instances. +*/ +CFTypeID SecTrustedApplicationGetTypeID(void); + +/*! + @function SecTrustedApplicationCreateFromPath + @abstract Creates a trusted application reference based on the trusted application specified by path. + @param path The path to the application or tool to trust. For application bundles, use the + path to the bundle directory. Pass NULL to refer to yourself, i.e. the application or tool + making this call. + @param app On return, a pointer to the trusted application reference. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustedApplicationCreateFromPath(const char *path, SecTrustedApplicationRef *app); + +/*! + @function SecTrustedApplicationCopyData + @abstract Retrieves the data of a given trusted application reference + @param appRef A trusted application reference to retrieve data from + @param data On return, a pointer to a data reference of the trusted application. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustedApplicationCopyData(SecTrustedApplicationRef appRef, CFDataRef *data); + +/*! + @function SecTrustedApplicationSetData + @abstract Sets the data of a given trusted application reference + @param appRef A trusted application reference. + @param data A reference to the data to set in the trusted application. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecTrustedApplicationSetData(SecTrustedApplicationRef appRef, CFDataRef data); + + +#if defined(__cplusplus) +} +#endif + +#endif /* !_SECURITY_SECTRUSTEDAPPLICATION_H_ */ diff --git a/Keychain/Security.h b/Keychain/Security.h new file mode 100644 index 00000000..71710132 --- /dev/null +++ b/Keychain/Security.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include +#include diff --git a/Keychain/StorageManager.cpp b/Keychain/StorageManager.cpp index 78194a43..ed3a7875 100644 --- a/Keychain/StorageManager.cpp +++ b/Keychain/StorageManager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -21,9 +21,6 @@ Contains: Working with multiple keychains - Copyright: 2000 by Apple Computer, Inc., all rights reserved. - - To Do: */ #include "StorageManager.h" @@ -39,6 +36,7 @@ #include #include #include +#include #include "KCCursor.h" #include "Globals.h" @@ -50,53 +48,73 @@ using namespace KeychainCore; StorageManager::StorageManager() : mSavedList(), mKeychains(), - mMultiDLDb(mSavedList.list(), true) // Passinng true enables use of Secure Storage + mSearchList() { + _doReload(); } // Create KC if it doesn't exist Keychain StorageManager::keychain(const DLDbIdentifier &dLDbIdentifier) { - //StLock _(mKeychainsLock); + StLock _(mLock); + return _keychain(dLDbIdentifier); +} + +Keychain +StorageManager::_keychain(const DLDbIdentifier &dLDbIdentifier) +{ KeychainMap::iterator it = mKeychains.find(dLDbIdentifier); if (it != mKeychains.end()) return it->second; // The keychain is not in our cache. Create it. - Keychain keychain(mMultiDLDb->database(dLDbIdentifier)); + Module module(dLDbIdentifier.ssuid().guid()); + DL dl; + if (dLDbIdentifier.ssuid().subserviceType() & CSSM_SERVICE_CSP) + dl = SSCSPDL(module); + else + dl = DL(module); + + dl->subserviceId(dLDbIdentifier.ssuid().subserviceId()); + dl->version(dLDbIdentifier.ssuid().version()); + Db db(dl, dLDbIdentifier.dbName()); + Keychain keychain(db); // Add the keychain to the cache. mKeychains.insert(KeychainMap::value_type(dLDbIdentifier, keychain)); return keychain; } -// Create KC if it doesn't exist +// Create KC if it doesn't exist, add it to the search list if it exists and is not already on it. Keychain StorageManager::makeKeychain(const DLDbIdentifier &dLDbIdentifier) { Keychain keychain(keychain(dLDbIdentifier)); - const vector &list = mMultiDLDb->list(); - if (find(list.begin(), list.end(), dLDbIdentifier) != list.end()) { - // The dLDbIdentifier for this keychain is already on our search list. - return keychain; + StLock _(mLock); + if (find(mSearchList.begin(), mSearchList.end(), keychain) != mSearchList.end()) + { + // This keychain is already on our search list. + return keychain; + } + + // If the keychain doesn't exist don't bother adding it to the search list yet. + if (!keychain->exists()) + return keychain; + + // The keychain exists and is not in our search list add it to the search + // list and the cache. Then inform mMultiDLDb. + mSavedList.revert(true); + mSavedList.add(dLDbIdentifier); + mSavedList.save(); + + // @@@ Will happen again when kSecKeychainListChangedEvent notification is received. + _doReload(); } - // If the keychain doesn't exist don't bother adding it to the search list yet. - if (!keychain->exists()) - return keychain; - - // The keychain exists and is not in our search list add it to the search - // list and the cache. Then inform mMultiDLDb. - mSavedList.revert(true); - mSavedList.add(dLDbIdentifier); - mSavedList.save(); - - // @@@ Will happen again when kSecKeychainListChangedEvent notification is received. - mMultiDLDb->list(mSavedList.list()); - + // Make sure we are not holding mLock when we post this event. KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); return keychain; @@ -106,70 +124,108 @@ void StorageManager::created(const Keychain &keychain) // Be notified a Keychain just got created. { DLDbIdentifier dLDbIdentifier = keychain->dLDbIdentifier(); - - // If we don't have a default Keychain yet. Make the newly created keychain the default. - DefaultKeychain &defaultKeychain = globals().defaultKeychain; - if (!defaultKeychain.isSet()) - defaultKeychain.dLDbIdentifier(dLDbIdentifier); - // Add the keychain to the search list and the cache. Then inform mMultiDLDb. - mSavedList.revert(true); - mSavedList.add(dLDbIdentifier); - mSavedList.save(); + { + StLock _(mLock); - // @@@ Will happen again when kSecKeychainListChangedEvent notification is received. - mMultiDLDb->list(mSavedList.list()); + // If we don't have a default Keychain yet. Make the newly created keychain the default. + DefaultKeychain &defaultKeychain = globals().defaultKeychain; + if (!defaultKeychain.isSet()) + defaultKeychain.dLDbIdentifier(dLDbIdentifier); + + // Add the keychain to the search list and the cache. Then inform mMultiDLDb. + mSavedList.revert(true); + mSavedList.add(dLDbIdentifier); + mSavedList.save(); + + // @@@ Will happen again when kSecKeychainListChangedEvent notification is received. + _doReload(); + } + // Make sure we are not holding mLock when we post this event. KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); } - KCCursor StorageManager::createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList) { - return KCCursor(DbCursor(mMultiDLDb), itemClass, attrList); + StLock _(mLock); + return KCCursor(mSearchList, itemClass, attrList); } KCCursor StorageManager::createCursor(const SecKeychainAttributeList *attrList) { - return KCCursor(DbCursor(mMultiDLDb), attrList); + StLock _(mLock); + return KCCursor(mSearchList, attrList); } void StorageManager::lockAll() { - for (KeychainMap::iterator ix = mKeychains.begin(); ix != mKeychains.end(); ix++) + // Make a snapshot of all known keychains while holding mLock. + KeychainList keychainList; { - Keychain keychain(ix->second); + StLock _(mLock); + for (KeychainMap::iterator ix = mKeychains.begin(); ix != mKeychains.end(); ix++) + keychainList.push_back(ix->second); + } + + // Lock each active keychain after having released mLock since locking keychains + // will send notifications. + for (KeychainList::iterator ix = keychainList.begin(); ix != keychainList.end(); ++ix) + { + Keychain keychain = *ix; if (keychain->isActive()) keychain->lock(); } } +void +StorageManager::_doReload() +{ + KeychainList newList; + newList.reserve(mSavedList.size()); + for (CssmClient::DLDbList::iterator ix = mSavedList.begin(); ix != mSavedList.end(); ++ix) + { + Keychain keychain(_keychain(*ix)); + newList.push_back(keychain); + } + mSearchList.swap(newList); +} + void StorageManager::reload(bool force) +{ + StLock _(mLock); + _reload(force); +} + +void +StorageManager::_reload(bool force) { // Reinitialize list from CFPrefs if changed. When force is true force a prefs revert now. if (mSavedList.revert(force)) - mMultiDLDb->list(mSavedList.list()); + _doReload(); } size_t StorageManager::size() { - reload(); - return mMultiDLDb->list().size(); + StLock _(mLock); + _reload(); + return mSearchList.size(); } Keychain StorageManager::at(unsigned int ix) { - reload(); - if (ix >= mMultiDLDb->list().size()) + StLock _(mLock); + _reload(); + if (ix >= mSearchList.size()) MacOSError::throwMe(errSecInvalidKeychain); - return keychain(mMultiDLDb->list().at(ix)); + return mSearchList.at(ix); } Keychain @@ -178,76 +234,124 @@ StorageManager::operator[](unsigned int ix) return at(ix); } -void StorageManager::remove(const list& kcsToRemove) +void StorageManager::remove(const KeychainList &kcsToRemove, bool deleteDb) { - //StLock _(mKeychainsLock); - mSavedList.revert(true); - DLDbIdentifier defaultId = globals().defaultKeychain.dLDbIdentifier(); - bool unsetDefault=false; - for (list::const_iterator ix = kcsToRemove.begin();ix!=kcsToRemove.end();ix++) + bool unsetDefault = false; { - // Find the keychain object for the given ref - Keychain keychainToRemove; - try - { - keychainToRemove = KeychainRef::required(*ix); - } - catch (const MacOSError& err) + StLock _(mLock); + mSavedList.revert(true); + DLDbIdentifier defaultId = globals().defaultKeychain.dLDbIdentifier(); + for (KeychainList::const_iterator ix = kcsToRemove.begin(); ix != kcsToRemove.end(); ++ix) { - if (err.osStatus() == errSecInvalidKeychain) - continue; - throw; + // Find the keychain object for the given ref + Keychain keychainToRemove = *ix; + DLDbIdentifier dLDbIdentifier = keychainToRemove->dLDbIdentifier(); + + // Remove it from the saved list + mSavedList.remove(dLDbIdentifier); + if (dLDbIdentifier == defaultId) + unsetDefault=true; + + if (deleteDb) + { + keychainToRemove->database()->deleteDb(); + // Now remove it from the map + KeychainMap::iterator it = mKeychains.find(dLDbIdentifier); + if (it == mKeychains.end()) + continue; + mKeychains.erase(it); + } } - - // Remove it from the saved list - mSavedList.remove(keychainToRemove->dLDbIdentifier()); - if (keychainToRemove->dLDbIdentifier() == defaultId) - unsetDefault=true; - // Now remove it from the map - KeychainMap::iterator it = mKeychains.find(keychainToRemove->dLDbIdentifier()); - if (it==mKeychains.end()) - continue; - mKeychains.erase(it); + mSavedList.save(); + _doReload(); } - mSavedList.save(); - mMultiDLDb->list(mSavedList.list()); + + // Make sure we are not holding mLock when we post this event. KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); + if (unsetDefault) + { + // Make sure we are not holding mLock when we call this since it posts an event. globals().defaultKeychain.unset(); + } +} + +void +StorageManager::getSearchList(KeychainList &keychainList) +{ + // Make a copy of the searchList + StLock _(mLock); + StorageManager::KeychainList searchList(mSearchList); + + // Return the copy of the list. + keychainList.swap(searchList); } -void StorageManager::replace(const list& newKCList) +void +StorageManager::setSearchList(const KeychainList &keychainList) { - // replace keychains list with new list - CssmClient::DLDbList dldbList; - convert(newKCList,dldbList); + // Make a copy of the passed in searchList + StorageManager::KeychainList keychains(keychainList); + + // Set the current searchlist to be what was passed in, the old list will be freed + // upon exit of this stackframe. + StLock _(mLock); + mSearchList.swap(keychains); } -void StorageManager::convert(const list& SecKeychainRefList,CssmClient::DLDbList& dldbList) +void +StorageManager::optionalSearchList(CFTypeRef keychainOrArray, KeychainList &keychainList) { - // Convert a list of SecKeychainRefs to a DLDbList - dldbList.clear(); // If we don't clear list, we should use "add" instead of push_back - for (list::const_iterator ix = SecKeychainRefList.begin();ix!=SecKeychainRefList.end();ix++) + if (!keychainOrArray) + getSearchList(keychainList); + else { - // Find the keychain object for the given ref - Keychain keychain; - try - { - keychain = KeychainRef::required(*ix); - } - catch (const MacOSError& err) - { - if (err.osStatus() == errSecInvalidKeychain) - continue; - throw; - } - - // Add it to the list - dldbList.push_back(keychain->dLDbIdentifier()); + CFTypeID typeID = CFGetTypeID(keychainOrArray); + if (typeID == CFArrayGetTypeID()) + convertToKeychainList(CFArrayRef(keychainOrArray), keychainList); + else if (typeID == gTypes().keychain.typeId) + keychainList.push_back(gTypes().keychain.required(SecKeychainRef(keychainOrArray))); + else + MacOSError::throwMe(paramErr); + } +} + +// static methods. +void +StorageManager::convertToKeychainList(CFArrayRef keychainArray, KeychainList &keychainList) +{ + assert(keychainArray); + CFIndex count = CFArrayGetCount(keychainArray); + KeychainList keychains(count); + CFClass &kcClass = gTypes().keychain; + for (CFIndex ix = 0; ix < count; ++ix) + { + keychains[ix] = kcClass.required(SecKeychainRef(CFArrayGetValueAtIndex(keychainArray, ix))); + } + + keychainList.swap(keychains); +} + +CFArrayRef +StorageManager::convertFromKeychainList(const KeychainList &keychainList) +{ + CFRef keychainArray(CFArrayCreateMutable(NULL, keychainList.size(), &kCFTypeArrayCallBacks)); + + CFClass &kcClass = gTypes().keychain; + for (KeychainList::const_iterator ix = keychainList.begin(); ix != keychainList.end(); ++ix) + { + SecKeychainRef keychainRef = kcClass.handle(**ix); + CFArrayAppendValue(keychainArray, keychainRef); + CFRelease(keychainRef); } + + // Counter the CFRelease that CFRef<> is about to do when keychainArray goes out of scope. + CFRetain(keychainArray); + return keychainArray; } + #pragma mark ÑÑÑÑ Login Functions ÑÑÑÑ void StorageManager::login(ConstStringPtr name, ConstStringPtr password) @@ -262,10 +366,12 @@ void StorageManager::login(UInt32 nameLength, const void *name, UInt32 passwordL { // @@@ set up the login session on behalf of loginwindow // @@@ (this code should migrate into loginwindow) +#if 0 debug("KClogin", "setting up login session"); if (OSStatus ssnErr = SessionCreate(sessionKeepCurrentBootstrap, sessionHasGraphicAccess | sessionHasTTY)) - debug("KClogin", "session setup failed status=%ld", ssnErr); + debug("KClogin", "session setup failed status=%ld", ssnErr); +#endif if (name == NULL || (passwordLength != 0 && password == NULL)) MacOSError::throwMe(paramErr); @@ -287,7 +393,7 @@ void StorageManager::login(UInt32 nameLength, const void *name, UInt32 passwordL // Login Keychain does not lock on sleep nor lock after timeout by default. keychain->setSettings(INT_MAX, false); } - +#if 0 // @@@ Create a authorization credential for the current user. debug("KClogin", "creating login authorization"); const AuthorizationItem envList[] = @@ -304,6 +410,7 @@ void StorageManager::login(UInt32 nameLength, const void *name, UInt32 passwordL if (OSStatus authErr = AuthorizationCreate(NULL, &environment, kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize, NULL)) debug("KClogin", "failed to create login auth, status=%ld", authErr); +#endif } void StorageManager::logout() @@ -352,15 +459,16 @@ Keychain StorageManager::make(const char *pathName) const CSSM_VERSION *version = NULL; uint32 subserviceId = 0; CSSM_SERVICE_TYPE subserviceType = CSSM_SERVICE_DL | CSSM_SERVICE_CSP; - const CssmSubserviceUid ssuid( gGuidAppleCSPDL, version, - subserviceId, subserviceType ); - DLDbIdentifier dLDbIdentifier( ssuid, fullPathName.c_str(), DbLocation ); - return makeKeychain( dLDbIdentifier ); + const CssmSubserviceUid ssuid(gGuidAppleCSPDL, version, + subserviceId, subserviceType); + DLDbIdentifier dLDbIdentifier(ssuid, fullPathName.c_str(), DbLocation); + return makeKeychain(dLDbIdentifier); } KeychainSchema StorageManager::keychainSchemaFor(const CssmClient::Db &db) { + // @@@ Locking KeychainSchema schema(db); pair result = mKeychainSchemaSet.insert(db); if (result.second) diff --git a/Keychain/StorageManager.h b/Keychain/StorageManager.h index 91631ee7..2961b450 100644 --- a/Keychain/StorageManager.h +++ b/Keychain/StorageManager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -16,18 +16,11 @@ */ -/* - File: StorageManager.h - - Contains: Working with multiple keychains - - Copyright: 2000 by Apple Computer, Inc., all rights reserved. - - To Do: -*/ - -#ifndef _H_STORAGEMANAGER_ -#define _H_STORAGEMANAGER_ +// +// StorageManager.h -- Working with multiple keychains +// +#ifndef _SECURITY_STORAGEMANAGER_H_ +#define _SECURITY_STORAGEMANAGER_H_ #include #include @@ -44,6 +37,8 @@ class StorageManager { NOCOPY(StorageManager) public: + typedef vector KeychainList; + StorageManager(); ~StorageManager() {} @@ -55,7 +50,6 @@ public: // Misc void lockAll(); - void reload(bool force = false); void add(const Keychain& keychainToAdd); // Only add if not there yet. Doesn't write out CFPref @@ -64,22 +58,37 @@ public: Keychain at(unsigned int ix); Keychain operator[](unsigned int ix); - void erase(const Keychain& keychainToRemove); - KCCursor createCursor(const SecKeychainAttributeList *attrList); KCCursor createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList); - // Create KC if it doesn't exist, add to cache, but don't modify search list. - Keychain keychain(const DLDbIdentifier &dlDbIdentifier); + // Create KC if it doesn't exist, add to cache, but don't modify search list. + Keychain keychain(const DLDbIdentifier &dLDbIdentifier); - // Create KC if it doesn't exist, add it to the search list if it is not already on it. - Keychain makeKeychain(const DLDbIdentifier &dlDbIdentifier); + // Same as keychain(const DLDbIdentifier &) but assumes mLock is already held. + Keychain _keychain(const DLDbIdentifier &dLDbIdentifier); + + // Create KC if it doesn't exist, add it to the search list if it exists and is not already on it. + Keychain makeKeychain(const DLDbIdentifier &dLDbIdentifier); // Keychain list maintenance - void remove(const list& kcsToRemove); // remove keychains from list - void replace(const list& newKCList); // replace keychains list with new list - void convert(const list& SecKeychainRefList,CssmClient::DLDbList& dldbList); // maybe should be private + + // remove kcsToRemove from the search list + void remove(const KeychainList &kcsToRemove, bool deleteDb = false); + + void getSearchList(KeychainList &keychainList); + void setSearchList(const KeychainList &keychainList); + + // Iff keychainOrArray is NULL return the default KeychainList in keychainList otherwise + // if keychainOrArray is a CFArrayRef containing SecKeychainRef's convernt it to KeychainList, + // if keychainOrArray is a SecKeychainRef return a KeychainList with one element. + void optionalSearchList(CFTypeRef keychainOrArray, KeychainList &keychainList); + + // Convert CFArrayRef of SecKeychainRef's a KeychainList. The array must not be NULL + static void convertToKeychainList(CFArrayRef keychainArray, KeychainList &keychainList); + + // Convert KeychainList to a CFArrayRef of SecKeychainRef's. + static CFArrayRef convertFromKeychainList(const KeychainList &keychainList); // Login keychain support void login(ConstStringPtr name, ConstStringPtr password); @@ -88,24 +97,34 @@ public: void changeLoginPassword(ConstStringPtr oldPassword, ConstStringPtr newPassword); void changeLoginPassword(UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword); + // Reload mSearchList from mList if the searchList on disk has changed. + void reload(bool force = false); + private: typedef map KeychainMap; typedef set KeychainSchemaSet; + // Reload mSearchList from mList and add new keychains to mKeychains if not already there + // Assumes mLock is already locked. + void _doReload(); + + // Reload mSearchList from mList if the searchList on disk has changed. + // Assumes mLock is already locked. + void _reload(bool force = false); + // Only add if not there yet. Writes out CFPref and broadcasts KCPrefListChanged notification void addAndNotify(const Keychain& keychainToAdd); KeychainSchema keychainSchemaFor(const CssmClient::Db &db); - //Mutex mKeychainsLock; DLDbListCFPref mSavedList; - KeychainMap mKeychains; // the array of Keychains - CssmClient::MultiDLDb mMultiDLDb; + KeychainMap mKeychains; // the cache of Keychains + KeychainList mSearchList; KeychainSchemaSet mKeychainSchemaSet; + Mutex mLock; }; } // end namespace KeychainCore } // end namespace Security -#endif /* _H_STORAGEMANAGER_ */ - +#endif // !_SECURITY_STORAGEMANAGER_H_ diff --git a/Keychain/Trust.cpp b/Keychain/Trust.cpp new file mode 100644 index 00000000..14cb813d --- /dev/null +++ b/Keychain/Trust.cpp @@ -0,0 +1,298 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// Trust.cpp +// +#include +#include +#include +#include +#include +#include "SecBridge.h" + +using namespace KeychainCore; + + +// +// For now, we use a global TrustStore +// +ModuleNexus Trust::gStore; + + +// +// Construct a Trust object with suitable defaults. +// Use setters for additional arguments before calling evaluate(). +// +Trust::Trust(CFTypeRef certificates, CFTypeRef policies) + : mTP(gGuidAppleX509TP), mAction(CSSM_TP_ACTION_DEFAULT), + mVerifyTime(NULL), + mCerts(cfArrayize(certificates)), mPolicies(cfArrayize(policies)), + mResult(kSecTrustResultInvalid) +{ + // set default search list from user's default + globals().storageManager.getSearchList(mSearchLibs); +} + + +// +// Clean up a Trust object +// +Trust::~Trust() +{ + clearResults(); +} + + +// +// Retrieve the last TP evaluation result, if any +// +CSSM_TP_VERIFY_CONTEXT_RESULT_PTR Trust::cssmResult() +{ + if (mResult == kSecTrustResultInvalid) + MacOSError::throwMe(errSecNotAvailable); + return &mTpResult; +} + + +// SecCertificateRef -> CssmData +CssmData cfCertificateData(SecCertificateRef certificate) +{ + return gTypes().certificate.required(certificate)->data(); +} + +// SecPolicyRef -> CssmField (CFDataRef/NULL or oid/value of a SecPolicy) +CssmField cfField(SecPolicyRef item) +{ + RefPointer policy = gTypes().policy.required(SecPolicyRef(item)); + return CssmField(policy->oid(), policy->value()); +} + +// SecKeychain -> CssmDlDbHandle +CSSM_DL_DB_HANDLE cfKeychain(SecKeychainRef ref) +{ + Keychain keychain = gTypes().keychain.required(ref); + return keychain->database()->handle(); +} + + +// +// Here's the big "E" - evaluation. +// We build most of the CSSM-layer input structures dynamically right here; +// they will auto-destruct when we're done. The output structures are kept +// around (in our data members) for later analysis. +// Note that evaluate() can be called repeatedly, so we must be careful to +// dispose of prior results. +// +void Trust::evaluate() +{ + // if we have evaluated before, release prior result + clearResults(); + + // build the target cert group + CFToVector subjects(mCerts); + CertGroup subjectCertGroup(CSSM_CERT_X_509v3, + CSSM_CERT_ENCODING_BER, CSSM_CERTGROUP_DATA); + subjectCertGroup.count() = subjects; + subjectCertGroup.blobCerts() = subjects; + + // build a TP_VERIFY_CONTEXT, a veritable nightmare of a data structure + TPBuildVerifyContext context(mAction); + if (mActionData) + context.actionData() = cfData(mActionData); + + // policies (one at least, please) + CFToVector policies(mPolicies); + if (policies.empty()) + MacOSError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS); + context.setPolicies(policies, policies); + + // anchor certificates + CFCopyRef anchors(mAnchors); + if (!anchors) + anchors = gStore().copyRootCertificates(); // retains + CFToVector roots(anchors); + context.anchors(roots, roots); + + // dlDbList (keychain list) + vector dlDbList; + for (StorageManager::KeychainList::const_iterator it = mSearchLibs.begin(); + it != mSearchLibs.end(); it++) + dlDbList.push_back((*it)->database()->handle()); + context.setDlDbList(dlDbList.size(), &dlDbList[0]); + + // verification time + char timeString[15]; + if (mVerifyTime) { + CssmUniformDate(mVerifyTime).convertTo(timeString, sizeof(timeString)); + context.time(timeString); + } + + // Go TP! + try { + mTP->certGroupVerify(subjectCertGroup, context, &mTpResult); + mTpReturn = noErr; + } catch (CssmCommonError &err) { + mTpReturn = err.osStatus(); + } + mResult = diagnoseOutcome(); + + // see if we can use the evidence + if (mTpResult.count() > 0 + && mTpResult[0].form() == CSSM_EVIDENCE_FORM_APPLE_HEADER + && mTpResult[0].as()->Version == CSSM_TP_APPLE_EVIDENCE_VERSION + && mTpResult.count() == 3 + && mTpResult[1].form() == CSSM_EVIDENCE_FORM_APPLE_CERTGROUP + && mTpResult[2].form() == CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) { + evaluateUserTrust(*mTpResult[1].as(), + mTpResult[2].as()); + } else { + // unexpected evidence information. Can't use it + debug("trusteval", "unexpected evidence ignored"); + } +} + + +// +// Classify the TP outcome in terms of a SecTrustResultType +// +SecTrustResultType Trust::diagnoseOutcome() +{ + switch (mTpReturn) { + case noErr: // peachy + return kSecTrustResultUnspecified; + case CSSMERR_TP_CERT_EXPIRED: // expired cert + case CSSMERR_TP_CERT_NOT_VALID_YET: // mis-expired cert + case CSSMERR_TP_NOT_TRUSTED: // no root, no anchor + case CSSMERR_TP_VERIFICATION_FAILURE: // root does not self-verify + case CSSMERR_TP_INVALID_ANCHOR_CERT: // valid is not an anchor + case CSSMERR_TP_VERIFY_ACTION_FAILED: // policy action failed + return kSecTrustResultRecoverableTrustFailure; + case CSSMERR_TP_INVALID_CERTIFICATE: // bad certificate + return kSecTrustResultFatalTrustFailure; + default: + return kSecTrustResultOtherError; // unknown + } +} + + +// +// Assuming a good evidence chain, check user trust +// settings and set mResult accordingly. +// +void Trust::evaluateUserTrust(const CertGroup &chain, + const CSSM_TP_APPLE_EVIDENCE_INFO *infoList) +{ + // extract cert chain as Certificate objects + //@@@ once new Evidence is in, use it to build the Certificates + mCertChain.resize(chain.count()); + for (uint32 n = 0; n < mCertChain.size(); n++) { + const TPEvidenceInfo &info = TPEvidenceInfo::overlay(infoList[n]); + if (info.recordId()) { + debug("trusteval", "evidence %ld from DLDB source", n); + assert(false); // from DL/DB search - not yet implemented + } else if (info.status(CSSM_CERT_STATUS_IS_IN_INPUT_CERTS)) { + debug("trusteval", "evidence %ld from input cert %ld", n, info.index()); + assert(info.index() < uint32(CFArrayGetCount(mCerts))); + SecCertificateRef cert = SecCertificateRef(CFArrayGetValueAtIndex(mCerts, + info.index())); + mCertChain[n] = gTypes().certificate.required(cert); + } else if (info.status(CSSM_CERT_STATUS_IS_IN_ANCHORS)) { + debug("trusteval", "evidence %ld from anchor cert %ld", n, info.index()); + assert(info.index() < uint32(CFArrayGetCount(mAnchors))); + SecCertificateRef cert = SecCertificateRef(CFArrayGetValueAtIndex(mAnchors, + info.index())); + mCertChain[n] = gTypes().certificate.required(cert); + } else { + // unknown source; make a new Certificate for it + debug("trusteval", "evidence %ld from unknown source", n); + mCertChain[n] = + new Certificate(chain.blobCerts()[n], + CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER); + } + } + + // now walk the chain, leaf-to-root, checking for user settings + TrustStore &store = gStore(); + RefPointer policy = + gTypes().policy.required(SecPolicyRef(CFArrayGetValueAtIndex(mPolicies, 0))); + for (mResultIndex = 0; + mResult == kSecTrustResultUnspecified && mResultIndex < mCertChain.size(); + mResultIndex++) + mResult = store.find(mCertChain[mResultIndex], policy); +} + + +// +// Release TP evidence information. +// This information is severely under-defined by CSSM, so we proceed +// as follows: +// (a) If the evidence matches an Apple-defined pattern, use specific +// knowledge of that format. +// (b) Otherwise, assume that the void * are flat blocks of memory. +// +void Trust::releaseTPEvidence(TPVerifyResult &result, CssmAllocator &allocator) +{ + if (result.count() > 0) { // something to do + if (result[0].form() == CSSM_EVIDENCE_FORM_APPLE_HEADER) { + // Apple defined evidence form -- use intimate knowledge + if (result[0].as()->Version == CSSM_TP_APPLE_EVIDENCE_VERSION + && result.count() == 3 + && result[1].form() == CSSM_EVIDENCE_FORM_APPLE_CERTGROUP + && result[2].form() == CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) { + // proper format + allocator.free(result[0].data()); // just a struct + result[1].as()->destroy(allocator); // CertGroup contents + allocator.free(result[1].data()); // the CertGroup itself + allocator.free(result[2].data()); // array of (flat) info structs + } else { + debug("trusteval", "unrecognized Apple TP evidence format"); + // drop it -- better leak than kill + } + } else { + // unknown format -- blindly assume flat blobs + debug("trusteval", "destroying unknown TP evidence format"); + for (uint32 n = 0; n < result.count(); n++) + allocator.free(result[n].data()); + } + } +} + + +// +// Clear evaluation results unless state is initial (invalid) +// +void Trust::clearResults() +{ + if (mResult != kSecTrustResultInvalid) { + releaseTPEvidence(mTpResult, mTP.allocator()); + mResult = kSecTrustResultInvalid; + } +} + + +// +// Build evidence information +// +void Trust::buildEvidence(CFArrayRef &certChain, TPEvidenceInfo * &statusChain) +{ + if (mResult == kSecTrustResultInvalid) + MacOSError::throwMe(errSecNotAvailable); + certChain = mEvidenceReturned = + makeCFArray(gTypes().certificate, mCertChain); + statusChain = mTpResult[2].as(); +} diff --git a/Keychain/Trust.h b/Keychain/Trust.h new file mode 100644 index 00000000..2eec4e34 --- /dev/null +++ b/Keychain/Trust.h @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// Trust.h - Trust control wrappers +// +#ifndef _SECURITY_TRUST_H_ +#define _SECURITY_TRUST_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace CssmClient; + +namespace Security { +namespace KeychainCore { + + +// +// The Trust object manages trust-verification workflow. +// As such, it represents a somewhat more complex concept than +// a single "object". +// +class Trust : public SecCFObject +{ + NOCOPY(Trust) +public: + Trust(CFTypeRef certificates, CFTypeRef policies); + virtual ~Trust(); + + // set more input parameters + void action(CSSM_TP_ACTION action) { mAction = action; } + void actionData(CFDataRef data) { mActionData = data; } + void time(CFDateRef verifyTime) { mVerifyTime = verifyTime; } + void anchors(CFArrayRef anchorList) { mAnchors = cfArrayize(anchorList); } + StorageManager::KeychainList &searchLibs() { return mSearchLibs; } + + // perform evaluation + void evaluate(); + + // get at evaluation results + void buildEvidence(CFArrayRef &certChain, TPEvidenceInfo * &statusChain); + CSSM_TP_VERIFY_CONTEXT_RESULT_PTR cssmResult(); + + SecTrustResultType result() const { return mResult; } + TP getTPHandle() const { return mTP; } + + // an independent release function for TP evidence results + // (yes, we could hand this out to the C layer if desired) + static void releaseTPEvidence(TPVerifyResult &result, CssmAllocator &allocator); + +private: + SecTrustResultType diagnoseOutcome(); + void evaluateUserTrust(const CertGroup &certs, + const CSSM_TP_APPLE_EVIDENCE_INFO *info); + void clearResults(); + +private: + TP mTP; // our TP + + // input arguments: set up before evaluate() + CSSM_TP_ACTION mAction; // TP action to verify + CFRef mActionData; // action data + CFRef mVerifyTime; // verification "now" + CFRef mCerts; // certificates to verify (item 1 is subject) + CFRef mPolicies; // array of policy objects to control verification + CFRef mAnchors; // array of anchor certs + StorageManager::KeychainList mSearchLibs; // array of databases to search + + // evaluation results: set as a result of evaluate() + SecTrustResultType mResult; // result classification + uint32 mResultIndex; // which result cert made the decision? + OSStatus mTpReturn; // return code from TP Verify + TPVerifyResult mTpResult; // result of latest TP verify + + vector< RefPointer > mCertChain; // distilled certificate chain + + // information returned to caller but owned by us + CFRef mEvidenceReturned; // evidence chain returned + +public: + static ModuleNexus Trust::gStore; +}; + +} // end namespace KeychainCore + +} // end namespace Security + +#endif // !_SECURITY_TRUST_H_ diff --git a/Keychain/TrustItem.cpp b/Keychain/TrustItem.cpp new file mode 100644 index 00000000..6bfe1c79 --- /dev/null +++ b/Keychain/TrustItem.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// TrustStore.h - Abstract interface to permanent user trust assignments +// +#include +#include +#include + + +namespace Security { +namespace KeychainCore { + + +// +// Construct a UserTrustItem from attributes and initial content +// +UserTrustItem::UserTrustItem(Certificate *cert, Policy *policy, const TrustData &trustData) : + ItemImpl(CSSM_DL_DB_RECORD_USER_TRUST, + reinterpret_cast(NULL), + UInt32(sizeof(trustData)), + reinterpret_cast(&trustData)), + mCertificate(cert), mPolicy(policy) +{ + debug("usertrust", "create %p (%p,%p) = %d", this, cert, policy, trustData.trust); +} + + +// +// Destroy it +// +UserTrustItem::~UserTrustItem() +{ + debug("usertrust", "destroy %p", this); +} + + +// +// Retrieve the trust value from a UserTrustItem +// +UserTrustItem::TrustData UserTrustItem::trust() +{ + CssmDataContainer data; + getData(data); + if (data.length() != sizeof(TrustData)) + MacOSError::throwMe(errSecInvalidTrustSetting); + return *data.interpretedAs(); +} + + +// +// Add item to keychain +// +PrimaryKey UserTrustItem::add(Keychain &keychain) +{ + // If we already have a Keychain we can't be added. + if (mKeychain) + MacOSError::throwMe(errSecDuplicateItem); + + populateAttributes(); + + CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType(); + + Db db(keychain->database()); + // add the item to the (regular) db + try + { + mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); + debug("usertrust", "%p inserted", this); + } + catch (const CssmError &e) + { + if (e.cssmError() != CSSMERR_DL_INVALID_RECORDTYPE) + throw; + + // Create the cert relation and try again. + debug("usertrust", "adding schema relation for user trusts"); + db->createRelation(CSSM_DL_DB_RECORD_USER_TRUST, "CSSM_DL_DB_RECORD_USER_TRUST", + Schema::UserTrustSchemaAttributeCount, + Schema::UserTrustSchemaAttributeList, + Schema::UserTrustSchemaIndexCount, + Schema::UserTrustSchemaIndexList); + + mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get()); + debug("usertrust", "%p inserted now", this); + } + + mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId); + mKeychain = keychain; + + return mPrimaryKey; +} + + +void UserTrustItem::populateAttributes() +{ + const CssmData &certData = mCertificate->data(); + const CssmOid &policyOid = mPolicy->oid(); + mDbAttributes->add(Schema::attributeInfo(kSecTrustCertAttr), certData); + mDbAttributes->add(Schema::attributeInfo(kSecTrustPolicyAttr), policyOid); +} + + +} // end namespace KeychainCore +} // end namespace Security diff --git a/Keychain/TrustItem.h b/Keychain/TrustItem.h new file mode 100644 index 00000000..9046ee05 --- /dev/null +++ b/Keychain/TrustItem.h @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// TrustStore.h - Abstract interface to permanent user trust assignments +// +#ifndef _SECURITY_TRUSTITEM_H_ +#define _SECURITY_TRUSTITEM_H_ + +#include +#include +#include +#include + + +// unique keychain item attributes for user trust records +enum { + kSecTrustCertAttr = 'tcrt', + kSecTrustPolicyAttr = 'tpol' +}; + + +namespace Security { +namespace KeychainCore { + + +// +// A trust item in a keychain. +// Currently, Item constructors do not explicitly generate this subclass. +// They don't need to, since our ownly user (TrustStore) can deal with +// the generic Item class just fine. +// If we ever need Item to produce UserTrustItem impls, we would need to +// add constructors from primary key (see Certificate for an example). +// +class UserTrustItem : public ItemImpl { + NOCOPY(UserTrustItem) +public: + struct TrustData { + uint32 version; // version mark + SecTrustUserSetting trust; // user's trust choice + }; + static const uint32 currentVersion = 0x101; + +public: + // new item constructor + UserTrustItem(Certificate *cert, Policy *policy, const TrustData &trust); + virtual ~UserTrustItem(); + + TrustData trust(); + +protected: + virtual PrimaryKey add(Keychain &keychain); + + void populateAttributes(); + +private: + RefPointer mCertificate; + RefPointer mPolicy; +}; + + +} // end namespace KeychainCore +} // end namespace Security + +#endif // !_SECURITY_TRUSTITEM_H_ diff --git a/Keychain/TrustStore.cpp b/Keychain/TrustStore.cpp new file mode 100644 index 00000000..fdc3588a --- /dev/null +++ b/Keychain/TrustStore.cpp @@ -0,0 +1,232 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// TrustStore.h - Abstract interface to permanent user trust assignments +// +#include +#include +#include +#include +#include + + +namespace Security { +namespace KeychainCore { + + +// +// Make and break: trivial +// +TrustStore::TrustStore(CssmAllocator &alloc) + : allocator(alloc), mRootsValid(false), mRootBytes(allocator) +{ +} + +TrustStore::~TrustStore() +{ } + + +// +// Retrieve the trust setting for a (certificate, policy) pair. +// +SecTrustUserSetting TrustStore::find(Certificate *cert, Policy *policy) +{ + if (Item item = findItem(cert, policy)) { + CssmDataContainer data; + item->getData(data); + if (data.length() != sizeof(TrustData)) + MacOSError::throwMe(errSecInvalidTrustSetting); + TrustData &trust = *data.interpretedAs(); + if (trust.version != UserTrustItem::currentVersion) + MacOSError::throwMe(errSecInvalidTrustSetting); + return trust.trust; + } else { + return kSecTrustResultUnspecified; + } +} + + +// +// Set an individual trust element +// +void TrustStore::assign(Certificate *cert, Policy *policy, SecTrustUserSetting trust) +{ + TrustData trustData = { UserTrustItem::currentVersion, trust }; + if (Item item = findItem(cert, policy)) { + // user has a trust setting in a keychain - modify that + item->modifyContent(NULL, sizeof(trustData), &trustData); + } else { + // no trust entry: make one + Item item = new UserTrustItem(cert, policy, trustData); + if (Keychain location = cert->keychain()) + location->add(item); // in the cert's keychain + else + Keychain::optional(NULL)->add(item); // in the default keychain + } +} + + +// +// Search the user's configured keychains for a trust setting. +// If found, return it (as a TrustItem). Otherwise, return NULL. +// Note that this function throws if a "real" error is encountered. +// +Item TrustStore::findItem(Certificate *cert, Policy *policy) +{ + try { + SecKeychainAttribute attrs[2]; + const CssmData &data = cert->data(); + attrs[0].tag = kSecTrustCertAttr; + attrs[0].length = data.length(); + attrs[0].data = data.data(); + const CssmOid &policyOid = policy->oid(); + attrs[1].tag = kSecTrustPolicyAttr; + attrs[1].length = policyOid.length(); + attrs[1].data = policyOid.data(); + SecKeychainAttributeList attrList = { 2, attrs }; + KCCursor cursor = globals().storageManager.createCursor(CSSM_DL_DB_RECORD_USER_TRUST, &attrList); + Item item; + if (cursor->next(item)) + return item; + else + return NULL; + } catch (const CssmError &error) { + if (error.cssmError() == CSSMERR_DL_INVALID_RECORDTYPE) + return NULL; // no trust schema, no records, no error + throw; + } +} + + +// +// Return the root certificate list. +// This list is cached. +// +CFArrayRef TrustStore::copyRootCertificates() +{ + if (!mRootsValid) { + loadRootCertificates(); + mCFRoots = NULL; + } + if (!mCFRoots) { + uint32 count = mRoots.size(); + debug("anchors", "building %ld CF-style anchor certificates", count); + vector roots(count); + for (uint32 n = 0; n < count; n++) { + RefPointer cert = new Certificate(mRoots[n], + CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER); + roots[n] = gTypes().certificate.handle(*cert); + } + mCFRoots = CFArrayCreate(NULL, (const void **)&roots[0], count, + &kCFTypeArrayCallBacks); + for (uint32 n = 0; n < count; n++) + CFRelease(roots[n]); // undo CFArray's retain + } + CFRetain(mCFRoots); + return mCFRoots; +} + +void TrustStore::getCssmRootCertificates(CertGroup &rootCerts) +{ + if (!mRootsValid) + loadRootCertificates(); + rootCerts = CertGroup(CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER, CSSM_CERTGROUP_DATA); + rootCerts.blobCerts() = &mRoots[0]; + rootCerts.count() = mRoots.size(); +} + +void TrustStore::refreshRootCertificates() +{ + if (mRootsValid) { + debug("anchors", "clearing %ld cached anchor certificates", mRoots.size()); + + // throw out the CF version + if (mCFRoots) { + CFRelease(mCFRoots); + mCFRoots = NULL; + } + + // release cert memory + mRootBytes.reset(); + mRoots.clear(); + + // all pristine again + mRootsValid = false; + } +} + + +// +// Load root (anchor) certificates from disk +// +void TrustStore::loadRootCertificates() +{ + using namespace CssmClient; + using namespace KeychainCore::Schema; + + // release previous cached data (if any) + refreshRootCertificates(); + + static const char anchorLibrary[] = "/System/Library/Keychains/X509Anchors"; + + // open anchor database and formulate query (x509v3 certs) + debug("anchors", "Loading anchors from %s", anchorLibrary); + DL dl(gGuidAppleFileDL); + Db db(dl, anchorLibrary); + DbCursor search(db); + search->recordType(CSSM_DL_DB_RECORD_X509_CERTIFICATE); + search->conjunctive(CSSM_DB_OR); +#if 0 // if we ever need to support v1/v2 certificates... + search->add(CSSM_DB_EQUAL, kX509CertificateCertType, UInt32(CSSM_CERT_X_509v1)); + search->add(CSSM_DB_EQUAL, kX509CertificateCertType, UInt32(CSSM_CERT_X_509v2)); + search->add(CSSM_DB_EQUAL, kX509CertificateCertType, UInt32(CSSM_CERT_X_509v3)); +#endif + + // collect certificate data + typedef list ContainerList; + ContainerList::iterator last; + ContainerList certs; + for (;;) { + DbUniqueRecord id; + last = certs.insert(certs.end()); + if (!search->next(NULL, &*last, id)) + break; + } + + // how many data bytes do we need? + size_t size = 0; + for (ContainerList::const_iterator it = certs.begin(); it != last; it++) + size += it->length(); + mRootBytes.length(size); + + // fill CssmData vector while copying data bytes together + mRoots.clear(); + uint8 *base = mRootBytes.data(); + for (ContainerList::const_iterator it = certs.begin(); it != last; it++) { + memcpy(base, it->data(), it->length()); + mRoots.push_back(CssmData(base, it->length())); + base += it->length(); + } + debug("anchors", "%ld anchors loaded", mRoots.size()); + + mRootsValid = true; // ready to roll +} + + +} // end namespace KeychainCore +} // end namespace Security diff --git a/Keychain/TrustStore.h b/Keychain/TrustStore.h new file mode 100644 index 00000000..3aa27899 --- /dev/null +++ b/Keychain/TrustStore.h @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// TrustStore.h - Abstract interface to permanent user trust assignments +// +#ifndef _SECURITY_TRUSTSTORE_H_ +#define _SECURITY_TRUSTSTORE_H_ + +#include +#include +#include +#include +#include + + +namespace Security { +namespace KeychainCore { + + +// +// A TrustStore object mediates access to "user trust" information stored +// for a user (usually in her keychains). +// For lack of a better home, access to the default anchor certificate +// list is also provided here. +// +class TrustStore { + NOCOPY(TrustStore) +public: + TrustStore(CssmAllocator &alloc = CssmAllocator::standard()); + virtual ~TrustStore(); + + CssmAllocator &allocator; + + // set/get user trust for a certificate and policy + SecTrustUserSetting find(Certificate *cert, Policy *policy); + void assign(Certificate *cert, Policy *policy, SecTrustUserSetting assignment); + + // get access to the default root anchor certificates for X509 + CFArrayRef copyRootCertificates(); + void getCssmRootCertificates(CertGroup &roots); + void refreshRootCertificates(); + + typedef UserTrustItem::TrustData TrustData; + +protected: + Item findItem(Certificate *cert, Policy *policy); + void loadRootCertificates(); + +private: + bool mRootsValid; // roots have been loaded from disk + vector mRoots; // array of CssmDatas to certificate datas + CssmAutoData mRootBytes; // certificate data blobs (bunched up) + CFRef mCFRoots; // mRoots as CFArray +}; + +} // end namespace KeychainCore +} // end namespace Security + +#endif // !_SECURITY_TRUSTSTORE_H_ diff --git a/Keychain/TrustedApplication.cpp b/Keychain/TrustedApplication.cpp new file mode 100644 index 00000000..b2a532cd --- /dev/null +++ b/Keychain/TrustedApplication.cpp @@ -0,0 +1,121 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// TrustedApplication.cpp +// +#include +#include +#include +#include +#include +#include + +using namespace KeychainCore; +using namespace CodeSigning; + + +// +// Create a TrustedApplication from a code-signing ACL subject. +// Throws ACL::ParseError if the subject is unexpected. +// +TrustedApplication::TrustedApplication(const TypedList &subject) + : mSignature(CssmAllocator::standard()), + mData(CssmAllocator::standard()) +{ + if (subject.type() != CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE) + throw ACL::ParseError(); + if (subject[1] != CSSM_ACL_CODE_SIGNATURE_OSX) + throw ACL::ParseError(); + mSignature = subject[2].data(); + mData = subject[3].data(); +} + + +TrustedApplication::TrustedApplication(const CssmData &signature, const CssmData &data) : + mSignature(CssmAllocator::standard(), signature), + mData(CssmAllocator::standard(), data) +{ +} + +TrustedApplication::TrustedApplication(const char *path) + : mSignature(CssmAllocator::standard()), + mData(CssmAllocator::standard()) +{ + OSXSigner signer; + RefPointer object(OSXCode::at(path)); + auto_ptr signature(signer.sign(*object)); + mSignature = *signature; + mData = CssmData(const_cast(path), strlen(path) + 1); +} + +TrustedApplication::TrustedApplication() + : mSignature(CssmAllocator::standard()), + mData(CssmAllocator::standard()) +{ + OSXSigner signer; + RefPointer object(OSXCode::main()); + auto_ptr signature(signer.sign(*object)); + mSignature = *signature; + string path = object->canonicalPath(); + mData.copy(path.c_str(), path.length() + 1); // including trailing null +} + +TrustedApplication::~TrustedApplication() +{ +} + +const CssmData & +TrustedApplication::signature() const +{ + return mSignature; +} + +bool +TrustedApplication::sameSignature(const char *path) +{ + // return true if object at given path has same signature + CssmAutoData otherSignature(CssmAllocator::standard()); + calcSignature(path, otherSignature); + return (mSignature.get() == otherSignature); +} + +void +TrustedApplication::calcSignature(const char *path, CssmOwnedData &signature) +{ + // generate a signature for the given object + RefPointer objToVerify(CodeSigning::OSXCode::at(path)); + CodeSigning::OSXSigner signer; + auto_ptr osxSignature(signer.sign(*objToVerify)); + signature.copy(osxSignature->data(), osxSignature->length()); +} + + +// +// Produce a TypedList representing a code-signing ACL subject +// for this application. +// Memory is allocated from the allocator given, and belongs to +// the caller. +// +TypedList TrustedApplication::makeSubject(CssmAllocator &allocator) +{ + return TypedList(allocator, + CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE, + new(allocator) ListElement(CSSM_ACL_CODE_SIGNATURE_OSX), + new(allocator) ListElement(mSignature.get()), + new(allocator) ListElement(mData.get())); +} diff --git a/Keychain/TrustedApplication.h b/Keychain/TrustedApplication.h new file mode 100644 index 00000000..2b367fce --- /dev/null +++ b/Keychain/TrustedApplication.h @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +// +// TrustedApplication.h - TrustedApplication control wrappers +// +#ifndef _SECURITY_TRUSTEDAPPLICATION_H_ +#define _SECURITY_TRUSTEDAPPLICATION_H_ + +#include +#include +#include + + +namespace Security { +namespace KeychainCore { + + +// +// TrustedApplication actually denotes a signed executable +// on disk as used by the ACL subsystem. Much useful +// information is encapsulated in the 'comment' field that +// is stored with the ACL subject. TrustedApplication does +// not interpret this value, leaving its meaning to its caller. +// +class TrustedApplication : public SecCFObject { + NOCOPY(TrustedApplication) +public: + TrustedApplication(const TypedList &subject); + TrustedApplication(const CssmData &signature, const CssmData &comment); + TrustedApplication(const char *path); + TrustedApplication(); // for current application + virtual ~TrustedApplication(); + + const CssmData &signature() const; + + // data (aka "comment") access + const CssmData &data() const { return mData; } + template + void data(const Data &data) { mData = data; } + + TypedList makeSubject(CssmAllocator &allocator); + +protected: + bool sameSignature(const char *path); // return true if object at path has same signature + void calcSignature(const char *path, CssmOwnedData &signature); // generate a signature + +private: + CssmAutoData mSignature; + CssmAutoData mData; +}; + +} // end namespace KeychainCore +} // end namespace Security + +#endif // !_SECURITY_TRUSTEDAPPLICATION_H_ diff --git a/Keychain/cssmdatetime.cpp b/Keychain/cssmdatetime.cpp index 980f0234..22d5c1cd 100644 --- a/Keychain/cssmdatetime.cpp +++ b/Keychain/cssmdatetime.cpp @@ -42,6 +42,7 @@ #include #include #include +#include namespace Security { @@ -219,9 +220,15 @@ TimeStringToMacLongDateTime (const CSSM_DATA &inUTCTime, SInt64 &outMacDate) //tmp->tm_sec = x; date.second = x; - CFTimeZoneRef timeZone = CFTimeZoneCopyDefault(); + CFTimeZoneRef timeZone = CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0); CFAbsoluteTime absTime = CFGregorianDateGetAbsoluteTime(date, timeZone); CFRelease(timeZone); + + // Adjust abstime to local timezone + timeZone = CFTimeZoneCopyDefault(); + absTime += CFTimeZoneGetSecondsFromGMT(timeZone, absTime); + CFRelease(timeZone); + outMacDate = SInt64(double(absTime + kCFAbsoluteTimeIntervalSince1904)); } @@ -234,8 +241,15 @@ void MacSecondsToTimeString(UInt32 inMacDate, UInt32 inLength, void *outData) void MacLongDateTimeToTimeString(const SInt64 &inMacDate, UInt32 inLength, void *outData) { + // @@@ this code is close, but on the fringe case of a daylight savings time it will be off for a little while CFAbsoluteTime absTime = inMacDate - kCFAbsoluteTimeIntervalSince1904; + + // Remove local timezone component from absTime CFTimeZoneRef timeZone = CFTimeZoneCopyDefault(); + absTime -= CFTimeZoneGetSecondsFromGMT(timeZone, absTime); + CFRelease(timeZone); + + timeZone = CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0); CFGregorianDate date = CFAbsoluteTimeGetGregorianDate(absTime, timeZone); CFRelease(timeZone); diff --git a/Keychain/cssmdatetime.h b/Keychain/cssmdatetime.h index 2f7a4762..a1c8c8cb 100644 --- a/Keychain/cssmdatetime.h +++ b/Keychain/cssmdatetime.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 1997-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -17,28 +17,13 @@ /* - File: cssmdatetime.h - - Contains: defines for the CSSM date and time utilities for the Mac - - Written by: The Hindsight team - - Copyright: © 1997-2000 by Apple Computer, Inc., all rights reserved. - - Change History (most recent first): - - To Do: -*/ - -#ifndef _CSSM_DATE_TIME_UTILS -#define _CSSM_DATE_TIME_UTILS + * cssmdatetime.h -- defines for the CSSM date and time utilities for the Mac + */ +#ifndef _SECURITY_CSSMDATETIME_H_ +#define _SECURITY_CSSMDATETIME_H_ #include -#ifdef _CPP_CSSM_DATE_TIME_UTILS -# pragma export on -#endif - namespace Security { @@ -56,12 +41,9 @@ extern void TimeStringToMacLongDateTime(const CSSM_DATA &inUTCTime, SInt64 &outM extern void MacSecondsToTimeString(UInt32 inMacDate, UInt32 inLength, void *outData); extern void MacLongDateTimeToTimeString(const SInt64 &inMacDate, UInt32 inLength, void *outData); -}; // end namespace CSSMDateTimeUtils -} // end namespace Security +} // end namespace CSSMDateTimeUtils -#ifdef _CPP_CSSM_DATE_TIME_UTILS -# pragma export off -#endif +} // end namespace Security -#endif //_CSSM_DATE_TIME_UTILS +#endif // !_SECURITY_CSSMDATETIME_H_ diff --git a/Network/ftp-protocol.cpp b/Network/ftp-protocol.cpp index cef9777b..ae945682 100644 --- a/Network/ftp-protocol.cpp +++ b/Network/ftp-protocol.cpp @@ -332,8 +332,12 @@ void FTPProtocol::FTPConnection::transit(Event event, char *input, size_t length case transferSent: switch (reply) { case 150: + case 125: + transfer().ftpResponse() = input; // remember response for caller. + transfer().ftpResponseCode() = reply; if (!mPassive) mReceiver.receive(mDataPath); // accept incoming connection and stop listening + observe(Observer::resultCodeReady, input); // engage the data path switch (operation()) { @@ -341,9 +345,11 @@ void FTPProtocol::FTPConnection::transit(Event event, char *input, size_t length case downloadDirectory: case downloadListing: mDataPath.start(sink()); + observe(Observer::downloading, input); break; case upload: mDataPath.start(source()); + observe(Observer::uploading, input); break; default: assert(false); diff --git a/Network/ftp-protocol.h b/Network/ftp-protocol.h index 151ec5b8..af3ebb37 100644 --- a/Network/ftp-protocol.h +++ b/Network/ftp-protocol.h @@ -39,9 +39,10 @@ namespace Network { // The Protocol object for the FTP protocol // class FTPProtocol : public Protocol { - class FTPTransfer; +protected: class FTPConnection; public: + class FTPTransfer; static const IPPort defaultFtpPort = 21; FTPProtocol(Manager &mgr); @@ -91,6 +92,7 @@ private: bool mConnectionDone; // our Connection is ready to finish() }; +protected: // // This is the persistent connection object. // @@ -158,7 +160,8 @@ private: FTPDataConnection mDataPath; // subsidiary (data transfer) connection TCPServerSocket mReceiver; // incoming listen socket for active mode transfers }; - + +public: // // The official Transfer object (for all kinds of transfers) // @@ -168,11 +171,19 @@ private: ResultClass resultClass() const; + string &ftpResponse() { return mPrimaryResponseString; } + unsigned int &ftpResponseCode() { return mPrimaryResponseCode; } + unsigned int ftpResponseCode() const { return mPrimaryResponseCode; } + protected: void start(); // start me up void abort(); // abort this Transfer string mFailedReply; // reply string that triggered failure + + private: + string mPrimaryResponseString; //FTP protocol first response line. + unsigned int mPrimaryResponseCode; // numeric response code. }; private: diff --git a/Network/http-protocol.cpp b/Network/http-protocol.cpp index 203c39dc..6a94d92f 100644 --- a/Network/http-protocol.cpp +++ b/Network/http-protocol.cpp @@ -72,6 +72,7 @@ HTTPProtocol::HTTPTransfer *HTTPProtocol::makeTransfer(const Target &target, Ope HTTPProtocol::HTTPConnection::HTTPConnection(Protocol &proto, const HostTarget &hostTarget) : TCPConnection(proto, hostTarget), + subVersion(defaultSubVersion), state(errorState), deferSendRequest(false) { const HostTarget &host = proxyHostTarget(); @@ -96,15 +97,17 @@ void HTTPProtocol::HTTPConnection::sendRequest() { assert(state == idle); + // what version of HTTP/1 shall we use? + subVersion = getv(kNetworkHttpUseVersion, defaultSubVersion); + flushOutput(false); // hold output until we're done const Target &target = this->target(); if (transfer().useProxyHeaders()) { - printfe("%s %s HTTP/1.1", - mOperation.c_str(), target.urlForm().c_str()); + printfe("%s %s HTTP/1.%d", mOperation.c_str(), target.urlForm().c_str(), subVersion); authorizationHeader("Proxy-Authorization", hostTarget, kNetworkGenericProxyUsername, kNetworkGenericProxyPassword); } else { - printfe("%s %s HTTP/1.1", mOperation.c_str(), target.path.c_str()); + printfe("%s %s HTTP/1.%d", mOperation.c_str(), target.path.c_str(), subVersion); } hostHeader(); authorizationHeader("Authorization", target, @@ -144,6 +147,7 @@ void HTTPProtocol::HTTPConnection::sendRequest() } else { printfe("Content-length: %ld", size); } + printfe("Content-Type: %s", getv(kNetworkHttpPostContentType, "text/plain").c_str()); printfe(""); // end of headers mode(source); // initiate autoWrite mode } else { @@ -274,6 +278,7 @@ void HTTPProtocol::HTTPConnection::transit(Event event, char *input, size_t leng } else { // end of headers // we are now handling the transition from response headers to response body observe(Observer::protocolReceive, "** END OF HEADER **"); + observe(Observer::downloading, input); // Transfer-Encoding overrides Content-Length as per RFC2616 p.34 if (const char *encoding = headers().find("Transfer-Encoding")) { diff --git a/Network/http-protocol.h b/Network/http-protocol.h index 09ffd3bd..6e53321e 100644 --- a/Network/http-protocol.h +++ b/Network/http-protocol.h @@ -40,8 +40,8 @@ namespace Network { // The Protocol object for the HTTP protocol // class HTTPProtocol : public Protocol { - class HTTPTransfer; public: + class HTTPTransfer; static const IPPort defaultHttpPort = 80; HTTPProtocol(Manager &mgr, const char *scheme = "http"); @@ -55,11 +55,12 @@ private: void merge(string key, string &old, string newValue); }; -private: +protected: // // Our persistent connection object // class HTTPConnection : public TCPConnection { + static const int defaultSubVersion = 1; // default to HTTP/1.1 public: HTTPConnection(Protocol &proto, const HostTarget &tgt); @@ -106,6 +107,7 @@ private: void chooseRetain(); protected: + int subVersion; // HTTP/1.x sub-protocol version State state; // master state machine switch bool deferSendRequest; // allows a subclass to interrupt state machine string mOperation; // requested HTTP operation @@ -113,7 +115,7 @@ private: unsigned int httpVersionMinor; // minor version of peer }; - +public: // // A generic Transfer object. All HTTP transfers are transactional (headers in, optional data in, // headers out, optional data out), so there's no reason to distinguish subclasses. diff --git a/Network/https-protocol.cpp b/Network/https-protocol.cpp index 13952c79..9f7c568a 100644 --- a/Network/https-protocol.cpp +++ b/Network/https-protocol.cpp @@ -98,9 +98,10 @@ void SecureHTTPProtocol::SecureHTTPConnection::startSSL() mode(rawInput); // configure the SSL session - allowExpiredCerts(getv(kNetworkHttpAcceptExpiredCerts, false)); - allowUnknownRoots(getv(kNetworkHttpAcceptUnknownRoots, false)); - + allowsExpiredCerts(getv(kNetworkHttpAcceptExpiredCerts, false)); + allowsUnknownRoots(getv(kNetworkHttpAcceptUnknownRoots, false)); + peerId(peerAddress()); + // start SSL handshake SSL::open(); assert(SSL::state() == kSSLHandshake); // there is no chance that we could already be done @@ -155,7 +156,7 @@ void SecureHTTPProtocol::SecureHTTPConnection::transit(Event event, } // if SSL fails, we have to abandon the Connection - } catch (CssmCommonError &err) { + } catch (const CssmCommonError &err) { setError("SSL failed", err.osStatus()); throw; } catch (...) { diff --git a/Network/https-protocol.h b/Network/https-protocol.h index 6b0a2477..a0fcce83 100644 --- a/Network/https-protocol.h +++ b/Network/https-protocol.h @@ -37,8 +37,8 @@ namespace Network { // stuff. // class SecureHTTPProtocol : public HTTPProtocol { - class SecureHTTPTransfer; public: + class SecureHTTPTransfer; static const IPPort defaultHttpsPort = 443; SecureHTTPProtocol(Manager &mgr); @@ -52,7 +52,8 @@ private: // Our persistent connection object // typedef SecureTransport SSL; - + +protected: class SecureHTTPConnection : public HTTPConnection, protected SSL { public: SecureHTTPConnection(Protocol &proto, const HostTarget &tgt); @@ -85,7 +86,7 @@ private: bool atEnd() const; }; - +public: // // A generic Transfer object. All HTTP transfers are transactional (headers in, optional data in, // headers out, optional data out), so there's no reason to distinguish subclasses. diff --git a/Network/https-proxy-protocol.cpp b/Network/https-proxy-protocol.cpp index 19020694..57f218c9 100644 --- a/Network/https-proxy-protocol.cpp +++ b/Network/https-proxy-protocol.cpp @@ -147,7 +147,7 @@ void ConnectHTTPProtocol::ConnectHTTPConnection::transit(Event event, connectState = connectReady; try { startSSL(); - } catch (CssmCommonError &err) { + } catch (const CssmCommonError &err) { setError("SSL failed", err.osStatus()); throw; } catch (...) { diff --git a/Network/neterror.cpp b/Network/neterror.cpp index eae2d900..94705d5b 100644 --- a/Network/neterror.cpp +++ b/Network/neterror.cpp @@ -30,7 +30,7 @@ Error::Error(OSStatus err) : MacOSError(err) { } -Error::~Error() +Error::~Error() throw() { } diff --git a/Network/neterror.h b/Network/neterror.h index 165a5e74..33c85bc1 100644 --- a/Network/neterror.h +++ b/Network/neterror.h @@ -37,7 +37,7 @@ class Error : public Security::MacOSError { protected: Error(OSStatus err); public: - virtual ~Error(); + virtual ~Error() throw(); //@@@ -1 == internal error?! static void throwMe(OSStatus err = -1) __attribute__((noreturn)); }; diff --git a/Network/netparameters.h b/Network/netparameters.h index 135e01c0..170eb475 100644 --- a/Network/netparameters.h +++ b/Network/netparameters.h @@ -50,6 +50,8 @@ enum { kNetworkHttpMoreHeaders = PARAMKEY(0x02003,string), // arbitrary more headers kNetworkHttpAcceptExpiredCerts = PARAMKEY(0x02004,bool), // accept expired certs kNetworkHttpAcceptUnknownRoots = PARAMKEY(0x02005,bool), // accept untrusted root certificates + kNetworkHttpPostContentType = PARAMKEY(0x02006,string), // Content-Type: for posted data + kNetworkHttpUseVersion = PARAMKEY(0x02007,integer), // subversion of HTTP/1 to use // Legacy interface use ONLY. Not valid for modern use kNetworkLegacyIsSecure = PARAMKEY(0x100001,bool), // secure connection (SSL) diff --git a/Network/xfercore.cpp b/Network/xfercore.cpp index 5b5dca2a..f57aabc1 100644 --- a/Network/xfercore.cpp +++ b/Network/xfercore.cpp @@ -64,7 +64,10 @@ void TransferEngine::remove(Client *client) debug("xferengine", "xfer %p(%d) HAD %ld BYTES WRITE LEFT", client, client->fileDesc(), client->mWriteBuffer.length()); #endif //NDEBUG - Selector::remove(client->io); + if (client->io.fd () != -1) { // did we have a live socket? + Selector::remove(client->io); + } + client->io = FileDesc(); // invalidate } @@ -337,7 +340,7 @@ void TransferEngine::Client::notify(int fd, Type type) //@@@ feed back for more output here? But also see comments above... //@@@ probably better to take the trip through the Selector } - } catch (CssmCommonError &err) { + } catch (const CssmCommonError &err) { transitError(err); } catch (...) { transitError(UnixError::make(EIO)); // best guess (could be anything) diff --git a/README.txt b/README.txt new file mode 100644 index 00000000..8c2518d9 --- /dev/null +++ b/README.txt @@ -0,0 +1,19 @@ +Web Resources for MacOS Data Security + + +This code contains a Darwin version of CDSA along with many other security libraries. + +Information about CDSA may be obtained from the OpenGroup web site at: + + http://www.opengroup.org/pubs/catalog/c914.htm + +Further information regarding the security of the MacOSX product is available at: + + http://www.apple.com/support/security/ + +Developers wishing to know more about developing their products in a manner consistent with +MacOS security should view: + + http://developer.apple.com/macos/security.html + + diff --git a/SecureTransport/CVSVersionInfo.txt b/SecureTransport/CVSVersionInfo.txt index 10854607..e0a4f43d 100644 --- a/SecureTransport/CVSVersionInfo.txt +++ b/SecureTransport/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:58 mb Exp $ -# $Name: Security-30~1 $ +# $Name: $ ProjectName: SecureTransport ProjectVersion: 3 diff --git a/SecureTransport/ModuleAttacher.cpp b/SecureTransport/ModuleAttacher.cpp index 42378a73..c56e6469 100644 --- a/SecureTransport/ModuleAttacher.cpp +++ b/SecureTransport/ModuleAttacher.cpp @@ -40,6 +40,9 @@ public: mCspHand(CSSM_INVALID_HANDLE), mClHand(CSSM_INVALID_HANDLE), mTpHand(CSSM_INVALID_HANDLE), + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + mCspDlHand(CSSM_INVALID_HANDLE), + #endif mCssmInitd(false) { } ~ModuleAttacher(); @@ -49,7 +52,12 @@ public: CSSM_RETURN loadAllModules( CSSM_CSP_HANDLE &cspHand, CSSM_CL_HANDLE &clHand, - CSSM_TP_HANDLE &tpHand); + CSSM_TP_HANDLE &tpHand + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + , + CSSM_CSP_HANDLE &cspDlHand + #endif + ); private: /* on all private member functions, mLock held on entry and exit */ @@ -66,6 +74,9 @@ private: CSSM_CSP_HANDLE mCspHand; CSSM_TP_HANDLE mClHand; CSSM_TP_HANDLE mTpHand; + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + CSSM_CSP_HANDLE mCspDlHand; + #endif bool mCssmInitd; Mutex mLock; }; @@ -99,6 +110,11 @@ ModuleAttacher::~ModuleAttacher() if(mClHand != CSSM_INVALID_HANDLE) { unloadModule(mClHand, &gGuidAppleX509CL); } + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + if(mCspDlHand != CSSM_INVALID_HANDLE) { + unloadModule(mCspDlHand, &gGuidAppleCSPDL); + } + #endif } static const CSSM_VERSION cssmVers = {2, 0}; @@ -144,7 +160,7 @@ CSSM_HANDLE ModuleAttacher::loadModule( NULL, // eventHandler NULL); // AppNotifyCallbackCtx if(crtn) { - errorLog2("AppleX509CLSession::cspAttach: error (%s) loading %s\n", + errorLog2("ModuleAttacher::loadModule: error (%s) loading %s\n", stCssmErrToStr(crtn), modName); return CSSM_INVALID_HANDLE; } @@ -160,7 +176,7 @@ CSSM_HANDLE ModuleAttacher::loadModule( NULL, // reserved &hand); if(crtn) { - errorLog2("AppleX509CLSession::cspAttach: error (%s) attaching to %s\n", + errorLog2("ModuleAttacher::loadModule: error (%s) attaching to %s\n", stCssmErrToStr(crtn), modName); return CSSM_INVALID_HANDLE; } @@ -214,7 +230,12 @@ CSSM_TP_HANDLE ModuleAttacher::getTpHand() CSSM_RETURN ModuleAttacher::loadAllModules( CSSM_CSP_HANDLE &cspHand, CSSM_CL_HANDLE &clHand, - CSSM_TP_HANDLE &tpHand) + CSSM_TP_HANDLE &tpHand + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + , + CSSM_CSP_HANDLE &cspDlHand + #endif + ) { StLock _(mLock); @@ -236,6 +257,15 @@ CSSM_RETURN ModuleAttacher::loadAllModules( return CSSMERR_CSSM_ADDIN_LOAD_FAILED; } } + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + if(mCspDlHand == CSSM_INVALID_HANDLE) { + mCspDlHand = loadModule(CSSM_SERVICE_CSP, &gGuidAppleCSPDL, "AppleCSPDL"); + if(mCspDlHand == CSSM_INVALID_HANDLE) { + return CSSMERR_CSSM_ADDIN_LOAD_FAILED; + } + } + cspDlHand = mCspDlHand; + #endif cspHand = mCspHand; clHand = mClHand; tpHand = mTpHand; @@ -246,8 +276,18 @@ CSSM_RETURN ModuleAttacher::loadAllModules( CSSM_RETURN attachToModules( CSSM_CSP_HANDLE *cspHand, CSSM_CL_HANDLE *clHand, - CSSM_TP_HANDLE *tpHand) + CSSM_TP_HANDLE *tpHand + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + , + CSSM_CSP_HANDLE *cspDlHand + #endif + ) { - return moduleAttacher().loadAllModules(*cspHand, *clHand, *tpHand); + return moduleAttacher().loadAllModules(*cspHand, *clHand, *tpHand + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + , + *cspDlHand + #endif + ); } diff --git a/SecureTransport/ModuleAttacher.h b/SecureTransport/ModuleAttacher.h index ef353084..13888597 100644 --- a/SecureTransport/ModuleAttacher.h +++ b/SecureTransport/ModuleAttacher.h @@ -27,6 +27,7 @@ #define _MODULE_ATTACHER_H_ #include +#include "sslBuildFlags.h" #ifdef __cplusplus extern "C" { @@ -39,7 +40,14 @@ extern "C" { extern CSSM_RETURN attachToModules( CSSM_CSP_HANDLE *cspHand, CSSM_CL_HANDLE *clHand, - CSSM_TP_HANDLE *tpHand); + CSSM_TP_HANDLE *tpHand + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + , + /* manually attach to secure CSP/DL; eventually we get this from + * SecKeychainAPI */ + CSSM_CSP_HANDLE *cspDlHandle + #endif + ); #ifdef __cplusplus } diff --git a/SecureTransport/README b/SecureTransport/README index 4de427f4..0442b1f0 100644 --- a/SecureTransport/README +++ b/SecureTransport/README @@ -1 +1,46 @@ - SecureTransport notes 8 Nov 1999 dmitch Current status of this project: Note "Version" refers to SSL2 vs. SSL3. "Mode" refers to client vs. server. -- All modes require domestic CSP. -- Both modes require post-Sonata CSP mods which allow specification of raw symmetric key bits. These CSP changes have been checked in prior to 8 Nov 1999. -- Server mode requires post-Sonata CSP mods which allow asymmetric keys to have multiple KeyUsage flags set - specifically, private keys must be able to sign and decrypt; public keys must be able to verify and encrypt. These CSP changes have NOT been checked in as of 8 Nov 1999; final implementation pending input from A. Perez. -- Client mode works in both versions, both domestic and export. -- Server mode works with Netscape client 4.6.1 on Mac. Operation with IE on Mac is flaky - sometimes it works, sometimes not. Server untested with Windows clients. -- Client authentication is not tested. -- No support for session resumption. This needs a thread-safe database, to be implemented in appleSession.c. \ No newline at end of file + SecureTransport notes + 14 Feb 2002 dmitch + +-- Server-side cert usage and configuration is highly application dependent. + + -- Although the use of server-initiated key exchange is optional under + the SSL3 spec, Netscape browsers (4.61 through 4.75) will not tolerate + this operation unless an exportable cipher is selected. The current + configuration of the library will attempt to perform server-initiated + key exchange if and only if the app has specified an encryption + certificate via SSLSetEncryptionCertificate(). Thus, in a config + which is required to work with Netscape browsers, if non-export + (i.e., strong) ciphers are to be supported, encryption certs + must NOT be specified, and the server cert specified in SSLSetCertificate() + must be capable of both signing and encryption. This applies to the underlying + keys as well. + + -- On top of that, even in a situation where Netscape will allow a server- + initiated key exchange (export cipher, app specifies both kinds of certs), + Netscape will abort if the *signing-only* cert (specified in + SSLSetCertificate()) is not capable of encryption! In this case that cert + is never even used for encryption. But that is the real world. + + Thus, to work with Netscape browsers with export-grade ciphers, the main + signing cert still has to be capable of encryption, even if the app specifies + a separate encryption cert. + + -- The SSL_SERVER_KEYEXCH_HACK flag, in sslBuildFlags.h, was previously used + to work around the above-mentioned Netscape bug; when this flag is true, + server-initiated key exchange is only performed if an encrypting cert is + specified AND an export-grade cipher is selected. The current config has + this flag set false. + + -- SSL2 server-side operation requires the presence of a cert and key which is + capable of encryption (not signing). One cert, specified in SSLSetCertificate(), + can support both SSL2 and SSL3 if and only if it is capable of both signing + and encryption. + +-- Server mode operation with IE is fully functional and reliable. There is a + bug in IE which is worked around in SSLEncodeServerHello(), in hdskhelo.c. + See comments there. Tested with IE 5.0 on OS 9 and 5.1.3 on OS X. + +-- Server untested with Windows clients. + +-- Client authentication is not tested. + diff --git a/SecureTransport/SecureTransport.pbproj/project.pbxproj b/SecureTransport/SecureTransport.pbproj/project.pbxproj index 622eca48..b5f6c55d 100644 --- a/SecureTransport/SecureTransport.pbproj/project.pbxproj +++ b/SecureTransport/SecureTransport.pbproj/project.pbxproj @@ -3,7 +3,7 @@ archiveVersion = 1; classes = { }; - objectVersion = 31; + objectVersion = 38; objects = { 00E4CE33FF9B8B71D0A17CE7 = { buildStyles = ( @@ -13,7 +13,7 @@ isa = PBXProject; mainGroup = 00E4CE34FF9B8B71D0A17CE7; productRefGroup = 00E4CE35FF9B8CA8D0A17CE7; - projectDirPath = .; + projectDirPath = ""; targets = ( 00E4CE37FF9B8CA8D0A17CE7, 00E4CE38FF9B8CA8D0A17CE7, @@ -50,7 +50,6 @@ buildPhases = ( ); buildSettings = { - OPTIMIZATION_CFLAGS = ""; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; OTHER_REZFLAGS = ""; @@ -58,8 +57,6 @@ SECTORDER_FLAGS = ""; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; }; - conditionalBuildSettings = { - }; dependencies = ( 00E4CEBEFF9B99B0D0A17CE7, ); @@ -77,11 +74,10 @@ 00E4CE3DFF9B8CA8D0A17CE7, ); buildSettings = { - DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O3"; DYLIB_COMPATIBILITY_VERSION = 1; DYLIB_CURRENT_VERSION = 1; EXPORTED_SYMBOLS_FILE = secureTransport.exp; - FRAMEWORK_SEARCH_PATHS = "\"$(SYMROOT)\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\""; + FRAMEWORK_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\" /Volumes/Data_and_Apps/dmitchBuildRelease"; FRAMEWORK_VERSION = A; HEADER_SEARCH_PATHS = "\"$(SRCROOT)/privateInc\""; INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; @@ -96,8 +92,6 @@ WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas -Wno-format"; WRAPPER_EXTENSION = framework; }; - conditionalBuildSettings = { - }; dependencies = ( ); isa = PBXFrameworkTarget; @@ -145,8 +139,6 @@ 00E4CE65FF9B8EABD0A17CE7, 00E4CE66FF9B8EABD0A17CE7, 00E4CE67FF9B8EABD0A17CE7, - 00E4CE68FF9B8EABD0A17CE7, - 00E4CE6BFF9B8EABD0A17CE7, 00E4CE6CFF9B8EABD0A17CE7, 00E4CE6DFF9B8EABD0A17CE7, 00E4CE6EFF9B8EABD0A17CE7, @@ -167,33 +159,34 @@ 00E4CEB7FF9B909FD0A17CE7, 00E4CEB8FF9B909FD0A17CE7, 0145E21DFFEED50A7F000001, + 9D1B441A01F5ED1200003D05, + 9D1B441B01F5ED1200003D05, + 9D1B441C01F5ED1200003D05, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 00E4CE3AFF9B8CA8D0A17CE7 = { buildActionMask = 2147483647; files = ( + 9D1B441D01F5ED1200003D05, + 9D1B441E01F5ED1200003D05, + 9D1B441F01F5ED1200003D05, + 9D1B442001F5ED1200003D05, ); isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; }; 00E4CE3BFF9B8CA8D0A17CE7 = { buildActionMask = 2147483647; files = ( 00E4CE82FF9B8F1DD0A17CE7, 00E4CE83FF9B8F1DD0A17CE7, - 00E4CE84FF9B8F1DD0A17CE7, 00E4CE85FF9B8F1DD0A17CE7, 00E4CE9BFF9B8FE5D0A17CE7, - 00E4CE9CFF9B8FE5D0A17CE7, 00E4CE9EFF9B8FE5D0A17CE7, 00E4CE9FFF9B8FE5D0A17CE7, 00E4CEA0FF9B8FE5D0A17CE7, 00E4CEA1FF9B8FE5D0A17CE7, - 00E4CEA2FF9B8FE5D0A17CE7, 00E4CEA3FF9B8FE5D0A17CE7, - 00E4CEA4FF9B8FE5D0A17CE7, 00E4CEA5FF9B8FE5D0A17CE7, 00E4CEA6FF9B8FE5D0A17CE7, 00E4CEA7FF9B8FE5D0A17CE7, @@ -213,28 +206,28 @@ 00E4CEC0FF9B9A4ED0A17CE7, 00E4CEC2FF9BA51FD0A17CE7, 0145E21EFFEED50A7F000001, + 9D1B442601F5ED3000003D05, + 9D1B442701F5ED3000003D05, + 9D1B442801F5ED3000003D05, + 9D1B442901F5ED3000003D05, + 9D1B442A01F5ED3000003D05, + 9D1B443101F5EE8D00003D05, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 00E4CE3CFF9B8CA8D0A17CE7 = { buildActionMask = 2147483647; files = ( - 1F123555FF9CE352D0A17CE7, - 1F123558FF9CE3A5D0A17CE7, 1F123559FF9CE3A5D0A17CE7, - 1F12355DFF9CE43ED0A17CE7, - 1F12355EFF9CE43ED0A17CE7, + 9D1B442C01F5ED9400003D05, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 00E4CE3DFF9B8CA8D0A17CE7 = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 00E4CE3EFF9B8E08D0A17CE7 = { children = ( @@ -279,6 +272,7 @@ children = ( 00E4CEB5FF9B909FD0A17CE7, 00E4CEB6FF9B909FD0A17CE7, + 9D1B441201F5ED1200003D05, ); isa = PBXGroup; name = "Public Headers"; @@ -293,9 +287,7 @@ 00E4CE46FF9B8EABD0A17CE7, 00E4CE47FF9B8EABD0A17CE7, 00E4CE48FF9B8EABD0A17CE7, - 00E4CE49FF9B8EABD0A17CE7, 0145E21CFFEED50A7F000001, - 00E4CE4CFF9B8EABD0A17CE7, 00E4CE4DFF9B8EABD0A17CE7, 00E4CE4EFF9B8EABD0A17CE7, 00E4CE4FFF9B8EABD0A17CE7, @@ -313,6 +305,9 @@ 00E4CE5CFF9B8EABD0A17CE7, 00E4CE5DFF9B8EABD0A17CE7, 00E4CE5EFF9B8EABD0A17CE7, + 9D1B441301F5ED1200003D05, + 9D1B441801F5ED1200003D05, + 9D1B441901F5ED1200003D05, ); isa = PBXGroup; name = "Private Headers"; @@ -355,18 +350,6 @@ path = privateInc/digests.h; refType = 4; }; - 00E4CE49FF9B8EABD0A17CE7 = { - isa = PBXFileReference; - name = md5.h; - path = privateInc/md5.h; - refType = 4; - }; - 00E4CE4CFF9B8EABD0A17CE7 = { - isa = PBXFileReference; - name = sha.h; - path = privateInc/sha.h; - refType = 4; - }; 00E4CE4DFF9B8EABD0A17CE7 = { isa = PBXFileReference; name = ssl.h; @@ -473,13 +456,17 @@ children = ( 00E4CE7EFF9B8F1DD0A17CE7, 00E4CE7FFF9B8F1DD0A17CE7, - 00E4CE80FF9B8F1DD0A17CE7, 00E4CE81FF9B8F1DD0A17CE7, 00E4CE91FF9B8FE5D0A17CE7, - 00E4CE92FF9B8FE5D0A17CE7, 00E4CE94FF9B8FE5D0A17CE7, 00E4CEC1FF9BA51FD0A17CE7, 0145E21BFFEED50A7F000001, + 9D1B442101F5ED3000003D05, + 9D1B442201F5ED3000003D05, + 9D1B442301F5ED3000003D05, + 9D1B442401F5ED3000003D05, + 9D1B442501F5ED3000003D05, + 9D1B443001F5EE8D00003D05, ); isa = PBXGroup; name = Apple; @@ -489,9 +476,7 @@ 00E4CE60FF9B8EABD0A17CE7 = { children = ( 00E4CE95FF9B8FE5D0A17CE7, - 00E4CE96FF9B8FE5D0A17CE7, 00E4CE97FF9B8FE5D0A17CE7, - 00E4CE98FF9B8FE5D0A17CE7, ); isa = PBXGroup; name = "Embedded Crypto"; @@ -516,11 +501,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE63FF9B8EABD0A17CE7 = { @@ -530,11 +510,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE64FF9B8EABD0A17CE7 = { @@ -544,11 +519,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE65FF9B8EABD0A17CE7 = { @@ -558,11 +528,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE66FF9B8EABD0A17CE7 = { @@ -572,11 +537,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE67FF9B8EABD0A17CE7 = { @@ -586,39 +546,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 00E4CE68FF9B8EABD0A17CE7 = { - fileRef = 00E4CE49FF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 00E4CE6BFF9B8EABD0A17CE7 = { - fileRef = 00E4CE4CFF9B8EABD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE6CFF9B8EABD0A17CE7 = { @@ -628,11 +555,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE6DFF9B8EABD0A17CE7 = { @@ -642,11 +564,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE6EFF9B8EABD0A17CE7 = { @@ -656,11 +573,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE6FFF9B8EABD0A17CE7 = { @@ -670,11 +582,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE70FF9B8EABD0A17CE7 = { @@ -684,11 +591,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE71FF9B8EABD0A17CE7 = { @@ -698,11 +600,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE72FF9B8EABD0A17CE7 = { @@ -712,11 +609,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE73FF9B8EABD0A17CE7 = { @@ -726,11 +618,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE75FF9B8EABD0A17CE7 = { @@ -740,11 +627,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE76FF9B8EABD0A17CE7 = { @@ -754,11 +636,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE77FF9B8EABD0A17CE7 = { @@ -768,11 +645,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE78FF9B8EABD0A17CE7 = { @@ -782,11 +654,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE79FF9B8EABD0A17CE7 = { @@ -796,11 +663,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE7AFF9B8EABD0A17CE7 = { @@ -810,11 +672,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE7BFF9B8EABD0A17CE7 = { @@ -824,11 +681,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE7CFF9B8EABD0A17CE7 = { @@ -838,11 +690,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE7DFF9B8EABD0A17CE7 = { @@ -852,11 +699,6 @@ ATTRIBUTES = ( Private, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CE7EFF9B8F1DD0A17CE7 = { @@ -869,11 +711,6 @@ path = appleGlue.c; refType = 4; }; - 00E4CE80FF9B8F1DD0A17CE7 = { - isa = PBXFileReference; - path = appleSession.c; - refType = 4; - }; 00E4CE81FF9B8F1DD0A17CE7 = { isa = PBXFileReference; path = sslKeychain.c; @@ -884,12 +721,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -898,26 +729,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 00E4CE84FF9B8F1DD0A17CE7 = { - fileRef = 00E4CE80FF9B8F1DD0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -926,12 +737,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -995,11 +800,6 @@ path = cipherSpecs.c; refType = 4; }; - 00E4CE92FF9B8FE5D0A17CE7 = { - isa = PBXFileReference; - path = sslBER.cpp; - refType = 4; - }; 00E4CE94FF9B8FE5D0A17CE7 = { isa = PBXFileReference; path = symCipher.c; @@ -1010,21 +810,11 @@ path = digests.c; refType = 4; }; - 00E4CE96FF9B8FE5D0A17CE7 = { - isa = PBXFileReference; - path = md5.c; - refType = 4; - }; 00E4CE97FF9B8FE5D0A17CE7 = { isa = PBXFileReference; path = nullciph.c; refType = 4; }; - 00E4CE98FF9B8FE5D0A17CE7 = { - isa = PBXFileReference; - path = sha.c; - refType = 4; - }; 00E4CE99FF9B8FE5D0A17CE7 = { isa = PBXFileReference; path = sslalloc.c; @@ -1040,26 +830,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 00E4CE9CFF9B8FE5D0A17CE7 = { - fileRef = 00E4CE92FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1068,12 +838,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1082,12 +846,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1096,12 +854,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1110,26 +862,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 00E4CEA2FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE96FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1138,26 +870,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 00E4CEA4FF9B8FE5D0A17CE7 = { - fileRef = 00E4CE98FF9B8FE5D0A17CE7; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1166,12 +878,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1180,12 +886,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1194,12 +894,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1208,12 +902,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1222,12 +910,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1236,12 +918,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1250,12 +926,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1264,12 +934,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1278,12 +942,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1292,12 +950,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1306,12 +958,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1359,11 +1005,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CEB8FF9B909FD0A17CE7 = { @@ -1373,11 +1014,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 00E4CEB9FF9B909FD0A17CE7 = { @@ -1385,12 +1021,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1399,12 +1029,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1413,12 +1037,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1427,12 +1045,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1441,12 +1053,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1464,12 +1070,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1483,15 +1083,19 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; +//000 +//001 +//002 +//003 +//004 +//010 +//011 +//012 +//013 +//014 0145E21BFFEED50A7F000001 = { isa = PBXFileReference; path = ModuleAttacher.cpp; @@ -1506,11 +1110,6 @@ fileRef = 0145E21CFFEED50A7F000001; isa = PBXBuildFile; settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 0145E21EFFEED50A7F000001 = { @@ -1518,117 +1117,56 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; - 1F123554FF9CE352D0A17CE7 = { - isa = PBXFrameworkReference; - name = cdsa.framework; - path = /System/Library/PrivateFrameworks/cdsa.framework; - refType = 0; - }; - 1F123555FF9CE352D0A17CE7 = { - fileRef = 1F123554FF9CE352D0A17CE7; - isa = PBXBuildFile; - settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 1F123556FF9CE3A5D0A17CE7 = { - isa = PBXFrameworkReference; - name = cdsa_utilities.framework; - path = /System/Library/PrivateFrameworks/cdsa_utilities.framework; - refType = 0; - }; +//010 +//011 +//012 +//013 +//014 +//1F0 +//1F1 +//1F2 +//1F3 +//1F4 1F123557FF9CE3A5D0A17CE7 = { isa = PBXFrameworkReference; name = CoreFoundation.framework; path = /System/Library/Frameworks/CoreFoundation.framework; refType = 0; }; - 1F123558FF9CE3A5D0A17CE7 = { - fileRef = 1F123556FF9CE3A5D0A17CE7; - isa = PBXBuildFile; - settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; 1F123559FF9CE3A5D0A17CE7 = { fileRef = 1F123557FF9CE3A5D0A17CE7; isa = PBXBuildFile; settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 1F12355AFF9CE43ED0A17CE7 = { children = ( - 1F123554FF9CE352D0A17CE7, - 1F123556FF9CE3A5D0A17CE7, 1F123557FF9CE3A5D0A17CE7, - 1F12355BFF9CE43ED0A17CE7, - 1F12355CFF9CE43ED0A17CE7, + 9D1B442B01F5ED9400003D05, ); isa = PBXGroup; name = Frameworks; refType = 4; }; - 1F12355BFF9CE43ED0A17CE7 = { - isa = PBXFrameworkReference; - name = SecuritySNACCRuntime.framework; - path = /System/Library/PrivateFrameworks/SecuritySNACCRuntime.framework; - refType = 0; - }; - 1F12355CFF9CE43ED0A17CE7 = { - isa = PBXFrameworkReference; - name = SecurityASN1.framework; - path = /System/Library/PrivateFrameworks/SecurityASN1.framework; - refType = 0; - }; - 1F12355DFF9CE43ED0A17CE7 = { - fileRef = 1F12355BFF9CE43ED0A17CE7; - isa = PBXBuildFile; - settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 1F12355EFF9CE43ED0A17CE7 = { - fileRef = 1F12355CFF9CE43ED0A17CE7; - isa = PBXBuildFile; - settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; +//1F0 +//1F1 +//1F2 +//1F3 +//1F4 +//480 +//481 +//482 +//483 +//484 48499A08FFCB05657F000001 = { buildRules = ( ); buildSettings = { COPY_PHASE_STRIP = NO; + OPTIMIZATION_CFLAGS = "-O0"; }; isa = PBXBuildStyle; name = Development; @@ -1642,6 +1180,185 @@ isa = PBXBuildStyle; name = Deployment; }; +//480 +//481 +//482 +//483 +//484 +//9D0 +//9D1 +//9D2 +//9D3 +//9D4 + 9D1B441201F5ED1200003D05 = { + isa = PBXFileReference; + path = "securetransport++.h"; + refType = 4; + }; + 9D1B441301F5ED1200003D05 = { + children = ( + 9D1B441401F5ED1200003D05, + 9D1B441501F5ED1200003D05, + 9D1B441601F5ED1200003D05, + 9D1B441701F5ED1200003D05, + ); + isa = PBXGroup; + name = CVS; + path = privateInc/CVS; + refType = 4; + }; + 9D1B441401F5ED1200003D05 = { + isa = PBXFileReference; + path = Entries; + refType = 4; + }; + 9D1B441501F5ED1200003D05 = { + isa = PBXFileReference; + path = Repository; + refType = 4; + }; + 9D1B441601F5ED1200003D05 = { + isa = PBXFileReference; + path = Root; + refType = 4; + }; + 9D1B441701F5ED1200003D05 = { + isa = PBXFileReference; + path = Template; + refType = 4; + }; + 9D1B441801F5ED1200003D05 = { + isa = PBXFileReference; + name = tls_hmac.h; + path = privateInc/tls_hmac.h; + refType = 4; + }; + 9D1B441901F5ED1200003D05 = { + isa = PBXFileReference; + name = tls_ssl.h; + path = privateInc/tls_ssl.h; + refType = 4; + }; + 9D1B441A01F5ED1200003D05 = { + fileRef = 9D1B441801F5ED1200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B441B01F5ED1200003D05 = { + fileRef = 9D1B441901F5ED1200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B441C01F5ED1200003D05 = { + fileRef = 9D1B441201F5ED1200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B441D01F5ED1200003D05 = { + fileRef = 9D1B441401F5ED1200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B441E01F5ED1200003D05 = { + fileRef = 9D1B441501F5ED1200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B441F01F5ED1200003D05 = { + fileRef = 9D1B441601F5ED1200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B442001F5ED1200003D05 = { + fileRef = 9D1B441701F5ED1200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B442101F5ED3000003D05 = { + isa = PBXFileReference; + path = appleSession.cpp; + refType = 4; + }; + 9D1B442201F5ED3000003D05 = { + isa = PBXFileReference; + path = "securetransport++.cpp"; + refType = 4; + }; + 9D1B442301F5ED3000003D05 = { + isa = PBXFileReference; + path = ssl3Callouts.c; + refType = 4; + }; + 9D1B442401F5ED3000003D05 = { + isa = PBXFileReference; + path = tls_hmac.c; + refType = 4; + }; + 9D1B442501F5ED3000003D05 = { + isa = PBXFileReference; + path = tls1Callouts.c; + refType = 4; + }; + 9D1B442601F5ED3000003D05 = { + fileRef = 9D1B442101F5ED3000003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B442701F5ED3000003D05 = { + fileRef = 9D1B442201F5ED3000003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B442801F5ED3000003D05 = { + fileRef = 9D1B442301F5ED3000003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B442901F5ED3000003D05 = { + fileRef = 9D1B442401F5ED3000003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B442A01F5ED3000003D05 = { + fileRef = 9D1B442501F5ED3000003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B442B01F5ED9400003D05 = { + isa = PBXFrameworkReference; + name = Security.framework; + path = /Volumes/Data_and_Apps/dmitchBuildRelease/Security.framework; + refType = 0; + }; + 9D1B442C01F5ED9400003D05 = { + fileRef = 9D1B442B01F5ED9400003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1B443001F5EE8D00003D05 = { + isa = PBXFileReference; + path = sslBER_Dummy.c; + refType = 4; + }; + 9D1B443101F5EE8D00003D05 = { + fileRef = 9D1B443001F5EE8D00003D05; + isa = PBXBuildFile; + settings = { + }; + }; }; rootObject = 00E4CE33FF9B8B71D0A17CE7; } diff --git a/SecureTransport/SecureTransport/CipherSuite.h b/SecureTransport/SecureTransport/CipherSuite.h index b7195b1d..d5552141 100644 --- a/SecureTransport/SecureTransport/CipherSuite.h +++ b/SecureTransport/SecureTransport/CipherSuite.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -26,8 +26,8 @@ Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. */ -#ifndef _CIPHER_SUITE_H_ -#define _CIPHER_SUITE_H_ +#ifndef _SECURITY_CIPHERSUITE_H_ +#define _SECURITY_CIPHERSUITE_H_ /* fetch Uint32 */ #include @@ -76,4 +76,4 @@ enum SSL_NO_SUCH_CIPHERSUITE = 0xFFFF }; -#endif /* _CIPHER_SUITE_H_ */ +#endif /* !_SECURITY_CIPHERSUITE_H_ */ diff --git a/SecureTransport/SecureTransport/SecureTransport.h b/SecureTransport/SecureTransport/SecureTransport.h index 73740e98..6986ce78 100644 --- a/SecureTransport/SecureTransport/SecureTransport.h +++ b/SecureTransport/SecureTransport/SecureTransport.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -19,31 +19,25 @@ /* File: SecureTransport.h - Contains: Public API for Apple SSL 3.0 Implementation + Contains: Public API for Apple SSL/TLS Implementation - Written by: Doug Mitchell - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. + Copyright: (c) 1999-2002 by Apple Computer, Inc., all rights reserved. */ -#ifndef _SECURE_TRANSPORT_H_ -#define _SECURE_TRANSPORT_H_ +#ifndef _SECURITY_SECURETRANSPORT_H_ +#define _SECURITY_SECURETRANSPORT_H_ -/* - * Initial X port: no keychain storage of certs; no server mode, no - * client-side authentication. - */ -#define ST_KEYCHAIN_ENABLE 0 -#define ST_SERVER_MODE_ENABLE 0 +/* Current capabilities */ +#define ST_SERVER_MODE_ENABLE 1 #define ST_CLIENT_AUTHENTICATION 0 /* * This file describes the public API for an implementation of the - * Secure Socket Layer, V. 3.0. This implementation is based on Netscape's - * SSLRef 3.0, modified for Apple use. (Appropriate copyrights and - * acknowledgements are found elsewhere, and in all files containing - * Netscape code.) + * Secure Socket Layer, V. 3.0, and Transport Layer Security, V. 1.0. + * This implementation is based on Netscape's SSLRef 3.0, modified + * for Apple use. (Appropriate copyrights and acknowledgements are + * found elsewhere, and in all files containing Netscape code.) * * As in SSLRef 3.0, there no transport layer dependencies in this library; * it can be used with sockets, Open Transport, etc. Applications using @@ -51,7 +45,7 @@ * on underlying network connections. Applications are also responsible * for setting up raw network connections; the application passes in * an opaque reference to the underlying (connected) entity at the - * start of an SSL session. + * start of an SSL session in the form of an SSLConnectionRef. * * Some terminology: * @@ -66,18 +60,14 @@ * two calls, inclusive. * * An SSL Session Context, or SSLContextRef, is an opaque reference in this - * library to the state associated with one session. + * library to the state associated with one session. A SSLContextRef cannot + * be reused for multiple sessions. */ #include -//#include -#include #include #include - -#if ST_KEYCHAIN_ENABLE -#include -#endif /* ST_KEYCHAIN_ENABLE */ +#include #ifdef __cplusplus extern "C" { @@ -96,11 +86,13 @@ typedef const void * SSLConnectionRef; /* SSL Protocol version */ typedef enum { - kSSLProtocolUnknown, /* no protocol negotiated/specified */ + kSSLProtocolUnknown, /* no protocol negotiated/specified; use default */ kSSLProtocol2, /* SSL 2.0 only */ kSSLProtocol3, /* SSL 3.0 preferred, 2.0 OK if peer requires */ - kSSLProtocol3Only /* use SSL 3.0 only, fail if peer tries to + kSSLProtocol3Only, /* use SSL 3.0 only, fail if peer tries to * negotiate 2.0 */ + kTLSProtocol1, /* TLS 1.0 preferred, lower versions OK */ + kTLSProtocol1Only /* TLS 1.0 only */ } SSLProtocol; /* State of an SSLSession */ @@ -134,11 +126,11 @@ typedef OSStatus void *data, /* owned by * caller, data * RETURNED */ - UInt32 *dataLength); /* IN/OUT */ + size_t *dataLength); /* IN/OUT */ typedef OSStatus (*SSLWriteFunc) (SSLConnectionRef connection, const void *data, - UInt32 *dataLength); /* IN/OUT */ + size_t *dataLength); /* IN/OUT */ /************************************************* @@ -211,10 +203,9 @@ SSLSetIOFuncs (SSLContextRef context, SSLWriteFunc write); /* - * Get/set SSL protocol version; optional. Default for client is is - * kSSLProtocolUnknown (which works with whatever the server prefers); - * default for server side is kSSLProtocol3 (which prefers SSL3 but - * works with SSL2-only clients). + * Get/set SSL protocol version; optional. Default is kSSLProtocolUnknown, + * in which case the highest possible version (currently kTLSProtocol1) + * is attempted, but a lower version is accepted if the peer requires it. * * SSLSetProtocolVersion can not be called when a session is active. */ @@ -232,11 +223,12 @@ SSLGetProtocolVersion (SSLContextRef context, * Specify this connection's certificate(s). This is mandatory for * server connections, optional for clients. Specifying a certificate * for a client enables SSL client-side authentication. The end-entity - * cert is in certRef[0]. Specifying a root cert is optional; if it's + * cert is in certRefs[0]. Specifying a root cert is optional; if it's * not specified, the root cert which verifies the cert chain specified - * here must have been specified in SSLSetTrustedRootCertKC(). + * here must be present in the system-wide set of trusted anchor certs. * - * The certRefs argument is a CFArray containing KCItemRefs. + * The certRefs argument is a CFArray containing SecCertificateRefs, + * except for certRefs[0], which is a SecIdentityRef. * * Can only be called when no session is active. * @@ -244,11 +236,12 @@ SSLGetProtocolVersion (SSLContextRef context, * * -- The certRef references remains valid for the lifetime of the * session. - * -- The specified certRef[0] is capable of signing. - * -- In order for a server connection to work with SSL3 protocol, - * the private key associated with certRef[0] must ALSO be - * capable of decryption. This is a workaround for a known - * Netscape bug. + * -- The specified certRefs[0] is capable of signing. + * -- The required capabilities of the certRef[0], and of the optional cert + * specified in SSLSetEncryptionCertificate (see below), are highly + * dependent on the application. For example, to work as a server with + * Netscape clients, the cert specified here must be capable of both + * signing and encrypting. */ OSStatus SSLSetCertificate (SSLContextRef context, @@ -256,38 +249,6 @@ SSLSetCertificate (SSLContextRef context, #endif /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */ -#if ST_KEYCHAIN_ENABLE - -/* - * Specify a Keychain containing trusted root certificates. - * Optional; the Keychain's root certs either are appended to or - * replace the existing SSLContextRef's root certs, which are initialized - * to a system-wide set of trusted roots at SSLContextAlloc(). - * - * Can not be called while a session is active. - */ -OSStatus -SSLSetTrustedRootCertKC (SSLContextRef context, - KCRef keyChainRef, - Boolean deleteExisting); - -/* - * Specify a Keychain (and access credentials for the keychain) - * to which newly encountered root certs are attempted to be - * added. This may or may not result in user interaction, depending - * on the configuration of the keychain and of the specified - * accesssCreds. - * - * Can not be called while a session is active and can only be - * called a maximum of one time per SSLContextRef. - */ -OSStatus -SSLSetNewRootKC (SSLContextRef context, - KCRef keyChainRef, - void *accessCreds); - -#endif /* ST_KEYCHAIN_ENABLE */ - /* * Specify I/O connection - a socket, endpoint, etc., which is * managed by caller. On the client side, it's assumed that communication @@ -302,6 +263,33 @@ OSStatus SSLSetConnection (SSLContextRef context, SSLConnectionRef connection); +/* + * Specify the fully qualified doman name of the peer, e.g., "store.apple.com." + * Optional; used to verify the common name field in peer's certificate. + * Name is in the form of a C string; NULL termination optional, i.e., + * peerName[peerNameLen[1] may or may not have a NULL. In any case peerNameLen + * is the number of bytes of the peer domain name. + */ +OSStatus +SSLSetPeerDomainName (SSLContextRef context, + const char *peerName, + size_t peerNameLen); + +/* + * Determine the buffer size needed for SSLGetPeerDomainName(). + */ +OSStatus +SSLGetPeerDomainNameLength (SSLContextRef context, + size_t *peerNameLen); // RETURNED + +/* + * Obtain the value specified in SSLSetPeerDomainName(). + */ +OSStatus +SSLGetPeerDomainName (SSLContextRef context, + char *peerName, // returned here + size_t *peerNameLen); // IN/OUT + /* * Obtain the actual negotiated protocol version of the active * session, which may be different that the value specified in @@ -320,15 +308,15 @@ SSLGetNegotiatedProtocolVersion (SSLContextRef context, */ OSStatus SSLGetNumberSupportedCiphers (SSLContextRef context, - UInt32 *numCiphers); + size_t *numCiphers); OSStatus SSLGetSupportedCiphers (SSLContextRef context, SSLCipherSuite *ciphers, /* RETURNED */ - UInt32 *numCiphers); /* IN/OUT */ + size_t *numCiphers); /* IN/OUT */ /* - * Specify a (typlically) restricted set of SSLCipherSuites to be enabled by + * Specify a (typically) restricted set of SSLCipherSuites to be enabled by * the current SSLContext. Can only be called when no session is active. Default * set of enabled SSLCipherSuites is the same as the complete set of supported * SSLCipherSuites as obtained by SSLGetSupportedCiphers(). @@ -336,7 +324,7 @@ SSLGetSupportedCiphers (SSLContextRef context, OSStatus SSLSetEnabledCiphers (SSLContextRef context, const SSLCipherSuite *ciphers, - UInt32 numCiphers); + size_t numCiphers); /* * Determine number and values of all of the SSLCipherSuites currently enabled. @@ -346,12 +334,12 @@ SSLSetEnabledCiphers (SSLContextRef context, */ OSStatus SSLGetNumberEnabledCiphers (SSLContextRef context, - UInt32 *numCiphers); + size_t *numCiphers); OSStatus SSLGetEnabledCiphers (SSLContextRef context, SSLCipherSuite *ciphers, /* RETURNED */ - UInt32 *numCiphers); /* IN/OUT */ + size_t *numCiphers); /* IN/OUT */ /* @@ -361,15 +349,15 @@ SSLGetEnabledCiphers (SSLContextRef context, * errSSLCertExpired error. */ OSStatus -SSLSetAllowExpiredCerts (SSLContextRef context, - Boolean allowExpired); +SSLSetAllowsExpiredCerts (SSLContextRef context, + Boolean allowsExpired); /* * Obtain the current value of an SSLContext's "allowExpiredCerts" flag. */ OSStatus -SSLGetAllowExpiredCerts (SSLContextRef context, - Boolean *allowExpired); /* RETURNED */ +SSLGetAllowsExpiredCerts (SSLContextRef context, + Boolean *allowsExpired); /* RETURNED */ /* * Specify option of allowing for an unknown root cert, i.e., one which @@ -387,14 +375,14 @@ SSLGetAllowExpiredCerts (SSLContextRef context, * allowing connection to a totally untrusted peer. */ OSStatus -SSLSetAllowAnyRoot (SSLContextRef context, +SSLSetAllowsAnyRoot (SSLContextRef context, Boolean anyRoot); /* * Obtain the current value of an SSLContext's "allow any root" flag. */ OSStatus -SSLGetAllowAnyRoot (SSLContextRef context, +SSLGetAllowsAnyRoot (SSLContextRef context, Boolean *anyRoot); /* RETURNED */ /* @@ -402,10 +390,11 @@ SSLGetAllowAnyRoot (SSLContextRef context, * a handshake attempt. * * The certs argument is a CFArray containing CFDataRefs, each - * of which is one DER-encoded cert. The entire array is mallocd - * by the SecureTransport library. The cert at the end of the - * returned array is the subject (end entity) cert; the root cert - * (or the closest cert to it) is in index 0 of the returned array. + * of which is one DER-encoded cert. The entire array is created + * by the SecureTransport library and must be released by the caller. + * The cert at the end of the returned array is the subject (end + * entity) cert; the root cert (or the closest cert to it) is in + * index 0 of the returned array. */ OSStatus SSLGetPeerCertificates (SSLContextRef context, @@ -417,10 +406,27 @@ SSLGetPeerCertificates (SSLContextRef context, * would be IP address and port, stored in some caller-private manner. * To be optionally called prior to SSLHandshake for the current * session. This is mandatory if this session is to be resumable. + * + * SecureTransport allocates its own copy of the incoming peerID. The + * data provided in *peerID, while opaque to SecureTransport, is used + * in a byte-for-byte compare to other previous peerID values set by the + * current application. Matching peerID blobs result in SecureTransport + * attempting to resume an SSL session with the same parameters as used + * in the previous session which specified the same peerID bytes. */ OSStatus SSLSetPeerID (SSLContextRef context, - CFDataRef peerID); + const void *peerID, + size_t peerIDLen); + +/* + * Obtain current PeerID. Returns NULL pointer, zero length if + * SSLSetPeerID has not been called for this context. + */ +OSStatus +SSLGetPeerID (SSLContextRef context, + const void **peerID, + size_t *peerIDLen); /* * Obtain the SSLCipherSuite (e.g., SSL_RSA_WITH_DES_CBC_SHA) negotiated @@ -441,26 +447,21 @@ SSLGetNegotiatedCipher (SSLContextRef context, * used in one of the following cases: * * -- The end-entity certificate specified in SSLSetCertificate() is - * not capable of encryption. (THIS REQUIREMENT IS OBSOLETE due - * due a workaround for a Netscape bug.) + * not capable of encryption. * * -- The end-entity certificate specified in SSLSetCertificate() * contains a key which is too large (i.e., too strong) for legal * encryption in this session. In this case a weaker cert is * specified here and is used for server-initiated key exchange. * - * -- Servers which establsh an SSL level 2 connection require - * encryption certs. (SSL2 does not perform signing and verification, - * only asymmetric encryption and decryption.) - * - * The encryptionCertRef argument is a CFArray containing - * KCItemRefs. + * The certRefs argument is a CFArray containing SecCertificateRefs, + * except for certRefs[0], which is a SecIdentityRef. * * The following assumptions are made: * - * -- The encryptionCertRef references remains valid for the lifetime of the + * -- The certRefs references remains valid for the lifetime of the * connection. - * -- The specified encryptionCertRef[0] is capable of encryption. + * -- The specified certRefs[0] is capable of encryption. * * Can only be called when no session is active. * @@ -471,7 +472,7 @@ SSLGetNegotiatedCipher (SSLContextRef context, * not accept encryption certs with key sizes larger than 512 * bits for exportable ciphers. Apps which wish to use encryption * certs with key sizes larger than 512 bits should disable the - * use of exportable ciphers via the SSLSetExportEnable() call. + * use of exportable ciphers via the SSLSetEnabledCiphers() call. */ OSStatus SSLSetEncryptionCertificate (SSLContextRef context, @@ -479,8 +480,7 @@ SSLSetEncryptionCertificate (SSLContextRef context, /* * Specify requirements for client-side authentication. - * Optional; Default is kNeverAuthenticate, unless SSLSetTrustedRootCertKC - * has been called, in which case the default is kTryAuthenticate. + * Optional; Default is kNeverAuthenticate. * * Can only be called when no session is active. */ @@ -546,8 +546,8 @@ SSLHandshake (SSLContextRef context); OSStatus SSLWrite (SSLContextRef context, const void * data, - UInt32 dataLength, - UInt32 *processed); /* RETURNED */ + size_t dataLength, + size_t *processed); /* RETURNED */ /* * data is mallocd by caller; available size specified in @@ -557,9 +557,18 @@ SSLWrite (SSLContextRef context, OSStatus SSLRead (SSLContextRef context, void * data, /* RETURNED */ - UInt32 dataLength, - UInt32 *processed); /* RETURNED */ - + size_t dataLength, + size_t *processed); /* RETURNED */ + +/* + * Determine how much data the client can be guaranteed to + * obtain via SSLRead() without blocking or causing any low-level + * read operations to occur. + */ +OSStatus +SSLGetBufferedReadSize (SSLContextRef context, + size_t *bufSize); /* RETURNED */ + /* * Terminate current SSL session. */ @@ -570,4 +579,4 @@ SSLClose (SSLContextRef context); } #endif -#endif /* _SECURE_TRANSPORT_H_ */ +#endif /* !_SECURITY_SECURETRANSPORT_H_ */ diff --git a/SecureTransport/appleCdsa.c b/SecureTransport/appleCdsa.c index 9349bfac..3e502e0c 100644 --- a/SecureTransport/appleCdsa.c +++ b/SecureTransport/appleCdsa.c @@ -43,6 +43,7 @@ #include #include +#include #include #include @@ -54,16 +55,56 @@ #pragma mark *** Utilities *** +/* + * Set up a Raw symmetric key with specified algorithm and key bits. + */ +SSLErr sslSetUpSymmKey( + CSSM_KEY_PTR symKey, + CSSM_ALGORITHMS alg, + CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc. + CSSM_BOOL copyKey, // true: copy keyData false: set by reference + uint8 *keyData, + uint32 keyDataLen) // in bytes +{ + SSLErr serr; + CSSM_KEYHEADER *hdr; + + memset(symKey, 0, sizeof(CSSM_KEY)); + if(copyKey) { + serr = stSetUpCssmData(&symKey->KeyData, keyDataLen); + if(serr) { + return serr; + } + memmove(symKey->KeyData.Data, keyData, keyDataLen); + } + else { + symKey->KeyData.Data = keyData; + symKey->KeyData.Length = keyDataLen; + } + + /* set up the header */ + hdr = &symKey->KeyHeader; + hdr->BlobType = CSSM_KEYBLOB_RAW; + hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; + hdr->AlgorithmId = alg; + hdr->KeyClass = CSSM_KEYCLASS_SESSION_KEY; + hdr->LogicalKeySizeInBits = keyDataLen * 8; + hdr->KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE; + hdr->KeyUsage = keyUse; + hdr->WrapAlgorithmId = CSSM_ALGID_NONE; + return SSLNoErr; +} + /* * Free a CSSM_KEY - its CSP resources, KCItemRef, and the key itself. */ SSLErr sslFreeKey( CSSM_CSP_HANDLE cspHand, CSSM_KEY_PTR *key, /* so we can null it out */ - #if ST_KEYCHAIN_ENABLE - KCItemRef *kcItem) /* optional; ditto */ - #else - void *kcItem) + #if ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF + SecKeychainRef *kcItem) + #else + void *kcItem) #endif { CASSERT(key != NULL); @@ -75,7 +116,7 @@ SSLErr sslFreeKey( sslFree(*key); *key = NULL; } - #if ST_KEYCHAIN_ENABLE + #if ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF if((kcItem != NULL) && (*kcItem != NULL)) { KCReleaseItem(kcItem); /* does this NULL the referent? */ *kcItem = NULL; @@ -153,7 +194,12 @@ SSLErr attachToAll(SSLContext *ctx) CASSERT(ctx != NULL); crtn = attachToModules(&ctx->cspHand, &ctx->clHand, - &ctx->tpHand); + &ctx->tpHand + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + , + &ctx->cspDlHand + #endif + ); if(crtn) { return SSLAttachFailure; } @@ -249,6 +295,7 @@ SSLErr stSetUpCssmData( /* * Common RNG function; replaces SSLRef's SSLRandomFunc. + * FIXME - just use /dev/random. */ SSLErr sslRand(SSLContext *ctx, SSLBuffer *buf) { @@ -305,7 +352,7 @@ SSLErr sslRand(SSLContext *ctx, SSLBuffer *buf) SSLErr sslRsaRawSign( SSLContext *ctx, - const CSSM_KEY_PTR privKey, + const CSSM_KEY *privKey, CSSM_CSP_HANDLE cspHand, const UInt8 *plainText, UInt32 plainTextLen, @@ -333,7 +380,7 @@ SSLErr sslRsaRawSign( SSLErr sslRsaRawVerify( SSLContext *ctx, - const CSSM_KEY_PTR pubKey, + const CSSM_KEY *pubKey, CSSM_CSP_HANDLE cspHand, const UInt8 *plainText, UInt32 plainTextLen, @@ -390,7 +437,7 @@ errOut: SSLErr sslRsaRawSign( SSLContext *ctx, - const CSSM_KEY_PTR privKey, + const CSSM_KEY *privKey, CSSM_CSP_HANDLE cspHand, const UInt8 *plainText, UInt32 plainTextLen, @@ -453,7 +500,7 @@ SSLErr sslRsaRawSign( SSLErr sslRsaRawVerify( SSLContext *ctx, - const CSSM_KEY_PTR pubKey, + const CSSM_KEY *pubKey, CSSM_CSP_HANDLE cspHand, const UInt8 *plainText, UInt32 plainTextLen, @@ -520,7 +567,7 @@ SSLErr sslRsaRawVerify( SSLErr sslRsaEncrypt( SSLContext *ctx, - const CSSM_KEY_PTR pubKey, + const CSSM_KEY *pubKey, CSSM_CSP_HANDLE cspHand, const UInt8 *plainText, UInt32 plainTextLen, @@ -547,7 +594,7 @@ SSLErr sslRsaEncrypt( } #if RSA_PUB_KEY_USAGE_HACK - pubKey->KeyHeader.KeyUsage |= CSSM_KEYUSE_ENCRYPT; + ((CSSM_KEY_PTR)pubKey)->KeyHeader.KeyUsage |= CSSM_KEYUSE_ENCRYPT; #endif memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); @@ -555,7 +602,7 @@ SSLErr sslRsaEncrypt( CSSM_ALGID_RSA, &creds, pubKey, - CSSM_PADDING_NONE, + CSSM_PADDING_PKCS1, &cryptHand); if(crtn) { stPrintCdsaError("CSSM_CSP_CreateAsymmetricContext", crtn); @@ -647,7 +694,7 @@ SSLErr sslRsaEncrypt( SSLErr sslRsaDecrypt( SSLContext *ctx, - const CSSM_KEY_PTR privKey, + const CSSM_KEY *privKey, CSSM_CSP_HANDLE cspHand, const UInt8 *cipherText, UInt32 cipherTextLen, @@ -677,7 +724,7 @@ SSLErr sslRsaDecrypt( CSSM_ALGID_RSA, &creds, privKey, - CSSM_PADDING_NONE, + CSSM_PADDING_PKCS1, &cryptHand); if(crtn) { stPrintCdsaError("CSSM_CSP_CreateAsymmetricContext", crtn); @@ -772,7 +819,7 @@ SSLErr sslRsaDecrypt( /* * Obtain size of key in bytes. */ -UInt32 sslKeyLengthInBytes(const CSSM_KEY_PTR key) +UInt32 sslKeyLengthInBytes(const CSSM_KEY *key) { CASSERT(key != NULL); return (((key->KeyHeader.LogicalKeySizeInBits) + 7) / 8); @@ -783,14 +830,14 @@ UInt32 sslKeyLengthInBytes(const CSSM_KEY_PTR key) */ SSLErr sslGetPubKeyBits( SSLContext *ctx, - const CSSM_KEY_PTR pubKey, + const CSSM_KEY *pubKey, CSSM_CSP_HANDLE cspHand, SSLBuffer *modulus, // data mallocd and RETURNED SSLBuffer *exponent) // data mallocd and RETURNED { CSSM_KEY wrappedKey; CSSM_BOOL didWrap = CSSM_FALSE; - CSSM_KEYHEADER_PTR hdr; + const CSSM_KEYHEADER *hdr; CSSM_CC_HANDLE ccHand; CSSM_RETURN crtn; SSLBuffer pubKeyBlob; @@ -972,7 +1019,12 @@ abort: * Caller must CSSM_FreeKey and free the CSSM_KEY_PTR itself. * * For now, the returned cspHand is a copy of ctx->cspHand, so it - * doesn't have to be detached later - this may change.... + * doesn't have to be detached later - this may change. + * + * Update: since CSSM_CL_CertGetKeyInfo() doesn't provide a means for + * us to tell the CL what CSP to use, we really have no way of knowing + * what is going on here...we return the process-wide (bare) cspHand, + * which is currently always able to deal with this raw public key. */ SSLErr sslPubKeyFromCert( SSLContext *ctx, @@ -1066,7 +1118,7 @@ void writeBufBlob(const SSLBuffer *blob, #endif /* 0 */ -#if ST_KEYCHAIN_ENABLE +#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS /* * Given a CSSM_CERTGROUP which fails due to CSSM_TP_INVALID_ANCHOR @@ -1147,7 +1199,7 @@ static SSLErr sslHandleNewRoot( return SSLNoErr; } -#endif /* ST_KEYCHAIN_ENABLE */ +#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */ /* free a CSSM_CERT_GROUP */ static void sslFreeCertGroup( @@ -1195,7 +1247,12 @@ SSLErr sslVerifyCertChain( CSSM_TP_CALLERAUTH_CONTEXT authCtx; CSSM_FIELD policyId; CSSM_DL_DB_LIST dbList; + CSSM_APPLE_TP_SSL_OPTIONS sslOpts; + CSSM_APPLE_TP_ACTION_DATA actionData; + /* FIXME - allowAnyRoot should probably mean "return success" with + * no checking */ + numCerts = SSLGetCertificateChainLength(certChain); if(numCerts == 0) { /* nope */ @@ -1218,7 +1275,7 @@ SSLErr sslVerifyCertChain( if(certGroup.GroupList.CertList == NULL) { return SSLMemoryErr; } - certGroup.CertGroupType = CSSM_CERTGROUP_ENCODED_CERT; + certGroup.CertGroupType = CSSM_CERTGROUP_DATA; certGroup.CertType = CSSM_CERT_X_509v3; certGroup.CertEncoding = CSSM_CERT_ENCODING_DER; certGroup.NumCerts = numCerts; @@ -1230,13 +1287,6 @@ SSLErr sslVerifyCertChain( c = c->next; } - #if 0 - if(ctx->rootCertName != NULL) { - /* save root cert */ - writeBlob(&certGroup.CertList[numCerts-1], ctx->rootCertName); - } - #endif /* SSL_DEBUG */ - memset(&vfyCtx, 0, sizeof(CSSM_TP_VERIFY_CONTEXT)); vfyCtx.Action = CSSM_TP_ACTION_DEFAULT; vfyCtx.Cred = &authCtx; @@ -1254,14 +1304,28 @@ SSLErr sslVerifyCertChain( CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials; } CSSM_TP_CALLERAUTH_CONTEXT, *CSSM_TP_CALLERAUTH_CONTEXT_PTR; */ + + /* SSL-specific FieldValue */ + sslOpts.Version = CSSM_APPLE_TP_SSL_OPTS_VERSION; + sslOpts.ServerNameLen = ctx->peerDomainNameLen; + sslOpts.ServerName = ctx->peerDomainName; + + /* TP-wide ActionData */ + actionData.Version = CSSM_APPLE_TP_ACTION_VERSION; + actionData.ActionFlags = 0x80000000; // @@@ secret root-cert-enable + if(ctx->allowExpiredCerts) { + actionData.ActionFlags |= CSSM_TP_ACTION_ALLOW_EXPIRED; + } + vfyCtx.ActionData.Data = (uint8 *)&actionData; + vfyCtx.ActionData.Length = sizeof(actionData); + /* zero or one policy here */ - policyId.FieldValue.Data = NULL; - policyId.FieldValue.Length = 0; policyId.FieldOid = CSSMOID_APPLE_TP_SSL; + policyId.FieldValue.Data = (uint8 *)&sslOpts; + policyId.FieldValue.Length = sizeof(sslOpts); authCtx.Policy.NumberOfPolicyIds = 1; authCtx.Policy.PolicyIds = &policyId; - authCtx.Policy.PolicyControl = ctx->allowExpiredCerts ? - CSSM_TP_ALLOW_EXPIRE : NULL; + authCtx.VerifyTime = NULL; authCtx.VerificationAbortOn = CSSM_TP_STOP_ON_POLICY; authCtx.CallbackWithVerifiedCert = NULL; @@ -1292,13 +1356,13 @@ SSLErr sslVerifyCertChain( if(crtn) { /* get some detailed error info */ switch(crtn) { - case CSSMERR_TP_INVALID_ANCHOR_CERT: + case CSSMERR_TP_INVALID_ANCHOR_CERT: /* root found but we don't trust it */ if(ctx->allowAnyRoot) { dprintf0("***Warning: accepting unknown root cert\n"); break; } - #if ST_KEYCHAIN_ENABLE + #if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS if(ctx->newRootCertKc != NULL) { /* see if user wants to handle new root */ serr = sslHandleNewRoot(ctx, &certGroup); @@ -1308,7 +1372,7 @@ SSLErr sslVerifyCertChain( } #else serr = SSLUnknownRootCert; - #endif /* ST_KEYCHAIN_ENABLE */ + #endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */ break; case CSSMERR_TP_NOT_TRUSTED: /* no root, not even in implicit SSL roots */ @@ -1319,7 +1383,7 @@ SSLErr sslVerifyCertChain( serr = SSLNoRootCert; break; case CSSMERR_TP_CERT_EXPIRED: - /* FIXME - tolerate this case via some TBD flag */ + assert(!ctx->allowExpiredCerts); serr = SSLCertExpired; break; case CSSMERR_TP_CERT_NOT_VALID_YET: @@ -1483,7 +1547,7 @@ CSSM_DATA_PTR sslGetCertSubjectName( } #endif ST_KEYCHAIN_ENABLE -#if (SSL_DEBUG && ST_KEYCHAIN_ENABLE) +#if (SSL_DEBUG && ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS) void verifyTrustedRoots(SSLContext *ctx, CSSM_DATA_PTR certs, unsigned numCerts) diff --git a/SecureTransport/appleGlue.c b/SecureTransport/appleGlue.c index 69c2dade..36ebbf50 100644 --- a/SecureTransport/appleGlue.c +++ b/SecureTransport/appleGlue.c @@ -22,7 +22,7 @@ Contains: Glue layer between Apple SecureTransport and original SSLRef code. - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -98,7 +98,7 @@ static const _sslErrMap sslErrMap[] = { */ SSLErr sslIoRead( SSLBuffer buf, - UInt32 *actualLength, + size_t *actualLength, SSLContext *ctx) { UInt32 dataLength = buf.length; @@ -114,7 +114,7 @@ SSLErr sslIoRead( SSLErr sslIoWrite( SSLBuffer buf, - UInt32 *actualLength, + size_t *actualLength, SSLContext *ctx) { UInt32 dataLength = buf.length; @@ -163,12 +163,12 @@ OSStatus sslErrToOsStatus(SSLErr s) /* * Time functions - replaces SSLRef's SSLTimeFunc, SSLConvertTimeFunc - * Weird - this is just used to generate a random number in - * SSLEncodeRandom */ SSLErr sslTime(UInt32 *tim) { - time((time_t *)&tim); + time_t t; + time(&t); + *tim = (UInt32)t; return SSLNoErr; } diff --git a/SecureTransport/appleSession.c b/SecureTransport/appleSession.c deleted file mode 100644 index 7b003cca..00000000 --- a/SecureTransport/appleSession.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: appleSession.c - - Contains: Session storage module, _APPLE_CDSA_ version. - - Written by: Doug Mitchell, based on Netscape RSARef 3.0 - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ - -/* - * This file replaces the caller-specified SSLAddSessionFunc, - * SSLGetSessionFunc, and SSLDeleteSessionFunc callbacks in the - * original SSLRef 3.0. - */ -#ifndef _SSL_H_ -#include "ssl.h" -#endif - -#ifndef _SSLCTX_H_ -#include "sslctx.h" -#endif - -#ifndef _SSLALLOC_H_ -#include "sslalloc.h" -#endif - -#ifndef _APPLE_GLUE_H_ -#include "appleGlue.h" -#endif - -#ifndef _SSL_DEBUG_H_ -#include "sslDebug.h" -#endif - -#ifndef _APPLE_SESSION_H_ -#include "appleSession.h" -#endif - -#include - -/* - * Store opaque sessionData, associated with opaque sessionKey. - */ -SSLErr sslAddSession ( - const SSLBuffer sessionKey, - const SSLBuffer sessionData, - void *sessionRef) -{ - /* TBD */ - return SSLUnsupportedErr; -} - -/* - * Given an opaque sessionKey, alloc & retrieve associated sessionData. - */ -SSLErr sslGetSession ( - const SSLBuffer sessionKey, - SSLBuffer *sessionData, - void *sessionRef) -{ - /* TBD */ - return SSLSessionNotFoundErr; -} - -SSLErr sslDeleteSession ( - const SSLBuffer sessionKey, - void *sessionRef) -{ - /* TBD */ - return SSLSessionNotFoundErr; -} - diff --git a/SecureTransport/appleSession.cpp b/SecureTransport/appleSession.cpp new file mode 100644 index 00000000..721fcfdd --- /dev/null +++ b/SecureTransport/appleSession.cpp @@ -0,0 +1,505 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: appleSession.cpp + + Contains: Session storage module, Apple CDSA version. + + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 + + Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. + +*/ + +/* + * This file replaces the caller-specified SSLAddSessionFunc, + * SSLGetSessionFunc, and SSLDeleteSessionFunc callbacks in the + * original SSLRef 3.0. + * + * The current implementation stores sessions in a deque<>, a member of a + * SessionCache object for which we keep a ModuleNexus-ized instance. It is + * expected that at a given time, only a small number of sessions will be + * cached, so the random insertion access provided by a map<> is unnecessary. + * New entries are placed in the head of the queue, assuming a LIFO usage + * tendency. + * + * Entries in this cache have a time to live of SESSION_CACHE_TTL, currently + * ten minutes. Entries are tested for being stale upon lookup; also, the global + * sslCleanupSession() tests all entries in the cache, deleting entries which + * are stale. This function is currently called whenever an SSLContext is deleted. + * The current design does not provide any asynchronous timed callouts to perform + * further cache cleanup; it was decided that the thread overhead of this would + * outweight the benefits (again assuming a small number of entries in the + * cache). + * + * When a session is added via sslAddSession, and a cache entry already + * exists for the specifed key (sessionID), the sessionData for the existing + * cache entry is updated with the new sessionData. The entry's expiration + * time is unchanged (thus a given session entry can only be used for a finite + * time no mattter how often it is re-used), + */ + +#include "ssl.h" +//#include "sslctx.h" +#include "sslalloc.h" +#include "appleGlue.h" +#include "sslDebug.h" +#include "appleSession.h" + +#include + +#include +#include +#include +#include +#include + +/* time-to-live in cache, in seconds */ +#define QUICK_CACHE_TEST 0 +#if QUICK_CACHE_TEST +#define SESSION_CACHE_TTL ((int)5) +#else +#define SESSION_CACHE_TTL ((int)(10 * 60)) +#endif /* QUICK_CACHE_TEST */ + +#define CACHE_PRINT 0 +#if CACHE_PRINT +#define cprintf(s) printf s +#define DUMP_ALL_CACHE 0 + +static void cachePrint( + const SSLBuffer *key, + const SSLBuffer *data) +{ + unsigned char *kd = key->data; + if(data != NULL) { + unsigned char *dd = data->data; + printf(" key: %02X%02X%02X%02X%02X%02X%02X%02X" + " data: %02X%02X%02X%02X... (len %d)\n", + kd[0],kd[1],kd[2],kd[3], kd[4],kd[5],kd[6],kd[7], + dd[0],dd[1],dd[2],dd[3], (unsigned)data->length); + } + else { + /* just print key */ + printf(" key: %02X%02X%02X%02X%02X%02X%02X%02X\n", + kd[0],kd[1],kd[2],kd[3], kd[4],kd[5],kd[6],kd[7]); + } +} +#else /* !CACHE_PRINT */ +#define cprintf(s) +#define cachePrint(k, d) +#define DUMP_ALL_CACHE 0 +#endif /* CACHE_PRINT */ + +#if DUMP_ALL_CACHE +static void dumpAllCache(); +#else +#define dumpAllCache() +#endif + +/* + * One entry (value) in SessionCache. + */ +class SessionCacheEntry { +public: + /* + * This constructor, the only one, allocs copies of the key and value + * SSLBuffers. + */ + SessionCacheEntry( + const SSLBuffer &key, + const SSLBuffer &sessionData, + const Time::Absolute &expirationTime); + ~SessionCacheEntry(); + + /* basic lookup/match function */ + bool matchKey(const SSLBuffer &key) const; + + /* has this expired? */ + bool isStale(); // calculates "now" + bool isStale(const Time::Absolute &now); // when you know it + + /* key/data accessors */ + SSLBuffer &key() { return mKey; } + SSLBuffer &sessionData() { return mSessionData; } + + /* replace existing mSessionData */ + SSLErr sessionData(const SSLBuffer &data); + +private: + SSLBuffer mKey; + SSLBuffer mSessionData; + + /* this entry to be removed from session map at this time */ + Time::Absolute mExpiration; +}; + +/* + * Note: the caller passes in the expiration time solely to accomodate the + * instantiation of a single const Time::Interval for use in calculating + * TTL. This const, SessionCache.mTimeToLive, is in the singleton gSession Cache. + */ +SessionCacheEntry::SessionCacheEntry( + const SSLBuffer &key, + const SSLBuffer &sessionData, + const Time::Absolute &expirationTime) + : mExpiration(expirationTime) +{ + SSLErr serr; + + serr = SSLCopyBuffer(&key, &mKey); + if(serr) { + throw runtime_error("memory error"); + } + serr = SSLCopyBuffer(&sessionData, &mSessionData); + if(serr) { + throw runtime_error("memory error"); + } + cprintf(("SessionCacheEntry(buf,buf) this %p\n", this)); + mExpiration += Time::Interval(SESSION_CACHE_TTL); +} + +SessionCacheEntry::~SessionCacheEntry() +{ + cprintf(("~SessionCacheEntry() this %p\n", this)); + SSLFreeBuffer(&mKey, NULL); // no SystemContext + SSLFreeBuffer(&mSessionData, NULL); +} + +/* basic lookup/match function */ +bool SessionCacheEntry::matchKey(const SSLBuffer &key) const +{ + if(key.length != mKey.length) { + return false; + } + if((key.data == NULL) || (mKey.data == NULL)) { + return false; + } + return (memcmp(key.data, mKey.data, mKey.length) == 0); +} + +/* has this expired? */ +bool SessionCacheEntry::isStale() +{ + return isStale(Time::now()); +} + +bool SessionCacheEntry::isStale(const Time::Absolute &now) +{ + if(now > mExpiration) { + return true; + } + else { + return false; + } +} + +/* replace existing mSessionData */ +SSLErr SessionCacheEntry::sessionData( + const SSLBuffer &data) +{ + SSLFreeBuffer(&mSessionData, NULL); + return SSLCopyBuffer(&data, &mSessionData); +} + +/* Types for the actual deque and its iterator */ +typedef std::deque SessionCacheType; +typedef SessionCacheType::iterator SessionCacheIter; + +/* + * Global map and associated state. We maintain a singleton of this. + */ +class SessionCache +{ +public: + SessionCache() + : mTimeToLive(SESSION_CACHE_TTL) {} + ~SessionCache(); + + /* these correspond to the C functions exported by this file */ + SSLErr addEntry( + const SSLBuffer sessionKey, + const SSLBuffer sessionData); + SSLErr lookupEntry( + const SSLBuffer sessionKey, + SSLBuffer *sessionData); + SSLErr deleteEntry( + const SSLBuffer sessionKey); + + /* cleanup, delete stale entries */ + bool cleanup(); + SessionCacheType &sessMap() { return mSessionCache; } + +private: + SessionCacheIter lookupPriv( + const SSLBuffer *sessionKey); + void deletePriv( + const SSLBuffer *sessionKey); + SessionCacheIter deletePriv( + SessionCacheIter iter); + SessionCacheType mSessionCache; + Mutex mSessionLock; + const Time::Interval mTimeToLive; +}; + +SessionCache::~SessionCache() +{ + /* free all entries */ + StLock _(mSessionLock); + for(SessionCacheIter iter = mSessionCache.begin(); iter != mSessionCache.end(); ) { + iter = deletePriv(iter); + } +} + +/* these three correspond to the C functions exported by this file */ +SSLErr SessionCache::addEntry( + const SSLBuffer sessionKey, + const SSLBuffer sessionData) +{ + StLock _(mSessionLock); + + SessionCacheIter existIter = lookupPriv(&sessionKey); + if(existIter != mSessionCache.end()) { + /* cache hit - just update this entry's sessionData if necessary */ + /* Note we leave expiration time and position in deque unchanged - OK? */ + SessionCacheEntry *existEntry = *existIter; + SSLBuffer &existBuf = existEntry->sessionData(); + if((existBuf.length == sessionData.length) && + (memcmp(existBuf.data, sessionData.data, sessionData.length) == 0)) { + /* + * These usually match, and a memcmp is a lot cheaper than + * a malloc and a free, hence this quick optimization..... + */ + cprintf(("SessionCache::addEntry CACHE HIT entry = %p\n", existEntry)); + return SSLNoErr; + } + else { + cprintf(("SessionCache::addEntry CACHE REPLACE entry = %p\n", existEntry)); + return existEntry->sessionData(sessionData); + } + } + + /* this allocs new copy of incoming sessionKey and sessionData */ + SessionCacheEntry *entry = new SessionCacheEntry(sessionKey, + sessionData, + Time::now() + mTimeToLive); + + cprintf(("SessionCache::addEntry %p\n", entry)); + cachePrint(&sessionKey, &sessionData); + dumpAllCache(); + + /* add to head of queue for LIFO caching */ + mSessionCache.push_front(entry); + CASSERT(lookupPriv(&sessionKey) != mSessionCache.end()); + return SSLNoErr; +} + +SSLErr SessionCache::lookupEntry( + const SSLBuffer sessionKey, + SSLBuffer *sessionData) +{ + StLock _(mSessionLock); + + SessionCacheIter existIter = lookupPriv(&sessionKey); + if(existIter == mSessionCache.end()) { + return SSLSessionNotFoundErr; + } + SessionCacheEntry *entry = *existIter; + if(entry->isStale()) { + cprintf(("SessionCache::lookupEntry %p: STALE entry, deleting\n", entry)); + cachePrint(&sessionKey, &entry->sessionData()); + deletePriv(existIter); + return SSLSessionNotFoundErr; + } + /* alloc/copy sessionData from existing entry (caller must free) */ + return SSLCopyBuffer(&entry->sessionData(), sessionData); +} + +SSLErr SessionCache::deleteEntry( + const SSLBuffer sessionKey) +{ + StLock _(mSessionLock); + deletePriv(&sessionKey); + return SSLNoErr; +} + +/* cleanup, delete stale entries */ +bool SessionCache::cleanup() +{ + StLock _(mSessionLock); + bool brtn = false; + Time::Absolute rightNow = Time::now(); + SessionCacheIter iter; + + for(iter = mSessionCache.begin(); iter != mSessionCache.end(); ) { + SessionCacheEntry *entry = *iter; + if(entry->isStale(rightNow)) { + #if CACHE_PRINT + SSLBuffer *key = &entry->key(); + cprintf(("...SessionCache::cleanup: deleting cached session (%p)\n", + entry)); + cachePrint(key, &entry->sessionData()); + #endif + iter = deletePriv(iter); + } + else { + iter++; + /* we're leaving one in the map */ + brtn = true; + } + } + return brtn; +} + +/* private methods, mSessionLock held on entry and exit */ +SessionCacheIter SessionCache::lookupPriv( + const SSLBuffer *sessionKey) +{ + SessionCacheIter it; + + for(it = mSessionCache.begin(); it != mSessionCache.end(); it++) { + SessionCacheEntry *entry = *it; + if(entry->matchKey(*sessionKey)) { + return it; + } + } + /* returning map.end() */ + return it; +} + +void SessionCache::deletePriv( + const SSLBuffer *sessionKey) +{ + SessionCacheIter iter = lookupPriv(sessionKey); + if(iter != mSessionCache.end()) { + /* + * delete from map + * free underlying SSLBuffer.data pointers + * destruct the stored map entry + */ + #if CACHE_PRINT + SessionCacheEntry *entry = *iter; + cprintf(("SessionCache::deletePriv %p\n", entry)); + cachePrint(sessionKey, &entry->sessionData()); + dumpAllCache(); + #endif + deletePriv(iter); + } + CASSERT(lookupPriv(sessionKey) == mSessionCache.end()); +} + +/* common erase, given a SessionCacheIter; returns next iter */ +SessionCacheIter SessionCache::deletePriv( + SessionCacheIter iter) +{ + CASSERT(iter != mSessionCache.end()); + SessionCacheEntry *entry = *iter; + SessionCacheIter nextIter = mSessionCache.erase(iter); + delete entry; + return nextIter; +} + +/* the single global thing */ +static ModuleNexus gSessionCache; + +#if DUMP_ALL_CACHE +static void dumpAllCache() +{ + SessionCacheIter it; + SessionCacheType &smap = gSessionCache().sessMap(); + + printf("Contents of sessionCache:\n"); + for(it = smap.begin(); it != smap.end(); it++) { + SessionCacheEntry *entry = *it; + cachePrint(&entry->key(), &entry->sessionData()); + } +} +#endif /* DUMP_ALL_CACHE */ + +/* + * Store opaque sessionData, associated with opaque sessionKey. + */ +SSLErr sslAddSession ( + const SSLBuffer sessionKey, + const SSLBuffer sessionData) +{ + SSLErr serr; + try { + serr = gSessionCache().addEntry(sessionKey, sessionData); + } + catch(...) { + serr = SSLUnsupportedErr; + } + dumpAllCache(); + return serr; +} + +/* + * Given an opaque sessionKey, alloc & retrieve associated sessionData. + */ +SSLErr sslGetSession ( + const SSLBuffer sessionKey, + SSLBuffer *sessionData) +{ + SSLErr serr; + try { + serr = gSessionCache().lookupEntry(sessionKey, sessionData); + } + catch(...) { + serr = SSLSessionNotFoundErr; + } + cprintf(("\nsslGetSession(%d, %p): %d\n", (int)sessionKey.length, sessionKey.data, + serr)); + if(serr == SSLNoErr) { + cachePrint(&sessionKey, sessionData); + } + else { + cachePrint(&sessionKey, NULL); + } + dumpAllCache(); + return serr; +} + +SSLErr sslDeleteSession ( + const SSLBuffer sessionKey) +{ + SSLErr serr; + try { + serr = gSessionCache().deleteEntry(sessionKey); + } + catch(...) { + serr = SSLSessionNotFoundErr; + } + return serr; +} + +/* cleanup up session cache, deleting stale entries. */ +SSLErr sslCleanupSession () +{ + SSLErr serr = SSLNoErr; + bool moreToGo = false; + try { + moreToGo = gSessionCache().cleanup(); + } + catch(...) { + serr = SSLSessionNotFoundErr; + } + /* Possible TBD: if moreToGo, schedule a timed callback to this function */ + return serr; +} diff --git a/SecureTransport/cipherSpecs.c b/SecureTransport/cipherSpecs.c index d00d219f..b03133a5 100644 --- a/SecureTransport/cipherSpecs.c +++ b/SecureTransport/cipherSpecs.c @@ -21,7 +21,7 @@ Contains: SSLCipherSpec declarations - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -187,7 +187,7 @@ const SSLCipherSpec SSL_NULL_WITH_NULL_NULL_CipherSpec = { SSL_NULL_WITH_NULL_NULL, Exportable, SSL_NULL_auth, - &SSLHashNull, + &HashHmacNull, &SSLCipherNull }; @@ -208,7 +208,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_WITH_3DES_EDE_CBC_SHA, NotExportable, SSL_RSA, - &SSLHashSHA1, + &HashHmacSHA1, &SSLCipher3DES_CBC }, #endif @@ -217,7 +217,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_WITH_3DES_EDE_CBC_MD5, NotExportable, SSL_RSA, - &SSLHashMD5, + &HashHmacMD5, &SSLCipher3DES_CBC }, #endif @@ -226,7 +226,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_WITH_RC4_128_SHA, NotExportable, SSL_RSA, - &SSLHashSHA1, + &HashHmacSHA1, &SSLCipherRC4_128 }, #endif @@ -235,7 +235,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_WITH_RC4_128_MD5, NotExportable, SSL_RSA, - &SSLHashMD5, + &HashHmacMD5, &SSLCipherRC4_128 }, #endif @@ -244,7 +244,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_WITH_DES_CBC_SHA, NotExportable, SSL_RSA, - &SSLHashSHA1, + &HashHmacSHA1, &SSLCipherDES_CBC }, #endif @@ -253,7 +253,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_WITH_DES_CBC_MD5, NotExportable, SSL_RSA, - &SSLHashMD5, + &HashHmacMD5, &SSLCipherDES_CBC }, #endif @@ -263,7 +263,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_EXPORT_WITH_RC4_40_MD5, Exportable, SSL_RSA_EXPORT, - &SSLHashMD5, + &HashHmacMD5, &SSLCipherRC4_40 }, #endif @@ -273,7 +273,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_DH_anon_WITH_RC4_128_MD5, NotExportable, SSL_DH_anon, - &SSLHashMD5, + &HashHmacMD5, &SSLCipherRC4_128 }, #endif @@ -282,7 +282,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, Exportable, SSL_RSA_EXPORT, - &SSLHashSHA1, + &HashHmacSHA1, &SSLCipherDES40_CBC }, #endif @@ -292,7 +292,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, Exportable, SSL_RSA_EXPORT, - &SSLHashMD5, + &HashHmacMD5, &SSLCipherRC2_40 }, #endif @@ -301,7 +301,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_WITH_RC2_CBC_MD5, NotExportable, SSL_RSA, - &SSLHashMD5, + &HashHmacMD5, &SSLCipherRC2_128 }, #endif @@ -309,7 +309,7 @@ static const SSLCipherSpec KnownCipherSpecs[] = SSL_RSA_WITH_NULL_MD5, Exportable, SSL_RSA, - &SSLHashMD5, + &HashHmacMD5, &SSLCipherNull } }; @@ -398,7 +398,7 @@ SSLGetSupportedCiphers (SSLContextRef ctx, } /* - * Specify a (typlically) restricted set of SSLCipherSuites to be enabled by + * Specify a (typically) restricted set of SSLCipherSuites to be enabled by * the current SSLContext. Can only be called when no session is active. Default * set of enabled SSLCipherSuites is the same as the complete set of supported * SSLCipherSuites as obtained by SSLGetSupportedCiphers(). diff --git a/SecureTransport/digests.c b/SecureTransport/digests.c index 3654d31d..03a39dec 100644 --- a/SecureTransport/digests.c +++ b/SecureTransport/digests.c @@ -21,7 +21,7 @@ Contains: interface between SSL and SHA, MD5 digest libraries - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -51,42 +51,29 @@ ****************************************************************** */ -#ifndef _SSLCTX_H_ #include "sslctx.h" -#endif - -#ifndef _CRYPTTYPE_H_ #include "cryptType.h" -#endif - -#ifndef SHA_H -#include /* sha.h has a prototype with a FILE* */ -#include "st_sha.h" -#endif - -#ifndef _SSL_MD5_H_ -#include "sslmd5.h" -#endif - -#ifndef _SSLALLOC_H_ #include "sslalloc.h" -#endif - -#ifndef _DIGESTS_H_ #include "digests.h" -#endif - -#ifndef _SSL_DEBUG_H_ #include "sslDebug.h" -#endif - +#include "appleCdsa.h" +#include #include -typedef struct -{ SHA_INFO sha; - int bufferPos; - uint8 dataBuffer[SHA_BLOCKSIZE]; -} SSL_SHA_INFO; +#define DIGEST_PRINT 0 +#if DIGEST_PRINT +#define dgprintf(s) printf s +#else +#define dgprintf(s) +#endif + +/* + * Common digest context. The SSLBuffer.data pointer in a "digest state" argument + * casts to one of these. + */ +typedef struct { + CSSM_CC_HANDLE hashHand; +} cdsaHashContext; uint8 SSLMACPad1[MAX_MAC_PADDING], SSLMACPad2[MAX_MAC_PADDING]; @@ -103,40 +90,63 @@ SSLInitMACPads(void) } } -/* FIXME - what's this for, if each alg has its own clone functions? */ +/* + * A convenience wrapper for HashReference.clone, which has the added benefit of + * allocating the state buffer for the caller. + */ SSLErr CloneHashState(const HashReference *ref, SSLBuffer state, SSLBuffer *newState, SSLContext *ctx) -{ SSLErr err; - if ((err = SSLAllocBuffer(newState, state.length, &ctx->sysCtx)) != 0) +{ + SSLErr err; + if ((err = SSLAllocBuffer(newState, ref->contextSize, &ctx->sysCtx)) != 0) return err; - memcpy(newState->data, state.data, state.length); - return SSLNoErr; + return ref->clone(state, *newState); } +/* + * Wrapper for HashReference.init. + */ SSLErr ReadyHash(const HashReference *ref, SSLBuffer *state, SSLContext *ctx) -{ SSLErr err; +{ + SSLErr err; if ((err = SSLAllocBuffer(state, ref->contextSize, &ctx->sysCtx)) != 0) return err; - if ((err = ref->init(*state)) != 0) - return err; - return SSLNoErr; + return ref->init(*state, ctx); +} + +/* + * Wrapper for HashReference.clone. Tolerates NULL digestCtx and frees it if it's + * there. + */ +SSLErr CloseHash(const HashReference *ref, SSLBuffer *state, SSLContext *ctx) +{ + SSLErr serr; + + if((state == NULL) || (state->data == NULL)) { + return SSLNoErr; + } + serr = ref->close(*state, ctx); + if(serr) { + return serr; + } + return SSLFreeBuffer(state, &ctx->sysCtx); } -static SSLErr HashNullInit(SSLBuffer); +static SSLErr HashNullInit(SSLBuffer digestCtx, SSLContext *sslCtx); static SSLErr HashNullUpdate(SSLBuffer,SSLBuffer); static SSLErr HashNullFinal(SSLBuffer,SSLBuffer); +static SSLErr HashNullClose(SSLBuffer digestCtx, SSLContext *sslCtx); static SSLErr HashNullClone(SSLBuffer,SSLBuffer); -static SSLErr HashMD5Init(SSLBuffer digestCtx); -static SSLErr HashMD5Update(SSLBuffer digestCtx, SSLBuffer data); -static SSLErr HashMD5Final(SSLBuffer digestCtx, SSLBuffer digest); -static SSLErr HashMD5Clone(SSLBuffer src, SSLBuffer dest); - -static SSLErr HashSHA1Init(SSLBuffer digestCtx); -static SSLErr HashSHA1Update(SSLBuffer digestCtx, SSLBuffer data); -static SSLErr HashSHA1Final(SSLBuffer digestCtx, SSLBuffer digest); -static SSLErr HashSHA1Clone(SSLBuffer src, SSLBuffer dest); +static SSLErr HashMD5Init(SSLBuffer digestCtx, SSLContext *sslCtx); +static SSLErr HashSHA1Init(SSLBuffer digestCtx, SSLContext *sslCtx); +static SSLErr cdsaHashInit(SSLBuffer digestCtx, SSLContext *sslCtx, + CSSM_ALGORITHMS digestAlg); +static SSLErr cdsaHashUpdate(SSLBuffer digestCtx, SSLBuffer data); +static SSLErr cdsaHashFinal(SSLBuffer digestCtx, SSLBuffer digest); +static SSLErr cdsaHashClose(SSLBuffer digestCtx, SSLContext *sslCtx); +static SSLErr cdsaHashClone(SSLBuffer src, SSLBuffer dest); /* * These are the handles by which the bulk of digesting work @@ -150,33 +160,36 @@ const HashReference SSLHashNull = HashNullInit, HashNullUpdate, HashNullFinal, + HashNullClose, HashNullClone }; const HashReference SSLHashMD5 = { - sizeof(MD5_CTX), + sizeof(cdsaHashContext), 16, 48, HashMD5Init, - HashMD5Update, - HashMD5Final, - HashMD5Clone + cdsaHashUpdate, + cdsaHashFinal, + cdsaHashClose, + cdsaHashClone }; const HashReference SSLHashSHA1 = { - sizeof(SSL_SHA_INFO), + sizeof(cdsaHashContext), 20, 40, HashSHA1Init, - HashSHA1Update, - HashSHA1Final, - HashSHA1Clone + cdsaHashUpdate, + cdsaHashFinal, + cdsaHashClose, + cdsaHashClone }; /*** NULL ***/ -static SSLErr HashNullInit(SSLBuffer digestCtx) { +static SSLErr HashNullInit(SSLBuffer digestCtx, SSLContext *sslCtx) { return SSLNoErr; } @@ -187,94 +200,140 @@ static SSLErr HashNullUpdate(SSLBuffer digestCtx, SSLBuffer data) { static SSLErr HashNullFinal(SSLBuffer digestCtx, SSLBuffer digest) { return SSLNoErr; } - +static SSLErr HashNullClose(SSLBuffer digestCtx, SSLContext *sslCtx) { + return SSLNoErr; +} static SSLErr HashNullClone(SSLBuffer src, SSLBuffer dest) { return SSLNoErr; } -/*** MD5 ***/ - -static SSLErr HashMD5Init(SSLBuffer digestCtx) -{ CASSERT(digestCtx.length >= sizeof(MD5_CTX)); - SSLMD5Init((MD5_CTX*)digestCtx.data); - return SSLNoErr; +static SSLErr HashMD5Init(SSLBuffer digestCtx, SSLContext *sslCtx) +{ + CASSERT(digestCtx.length >= sizeof(cdsaHashContext)); + return cdsaHashInit(digestCtx, sslCtx, CSSM_ALGID_MD5); } -static SSLErr HashMD5Update(SSLBuffer digestCtx, SSLBuffer data) -{ CASSERT(digestCtx.length >= sizeof(MD5_CTX)); - SSLMD5Update((MD5_CTX*)digestCtx.data, data.data, data.length); - return SSLNoErr; +static SSLErr HashSHA1Init(SSLBuffer digestCtx, SSLContext *sslCtx) +{ + CASSERT(digestCtx.length >= sizeof(cdsaHashContext)); + return cdsaHashInit(digestCtx, sslCtx, CSSM_ALGID_SHA1); } -static SSLErr HashMD5Final(SSLBuffer digestCtx, SSLBuffer digest) -{ CASSERT(digestCtx.length >= sizeof(MD5_CTX)); - CASSERT(digest.length >= 16); - SSLMD5Final(digest.data, (MD5_CTX*)digestCtx.data); - digest.length = 16; +/* common digest functions via CDSA */ +static SSLErr cdsaHashInit(SSLBuffer digestCtx, + SSLContext *sslCtx, + CSSM_ALGORITHMS digestAlg) +{ + SSLErr serr; + cdsaHashContext *cdsaCtx; + CSSM_CC_HANDLE hashHand = 0; + CSSM_RETURN crtn; + + CASSERT(digestCtx.length >= sizeof(cdsaHashContext)); + serr = attachToCsp(sslCtx); // should be a nop + if(serr) { + return serr; + } + cdsaCtx = (cdsaHashContext *)digestCtx.data; + cdsaCtx->hashHand = 0; + dgprintf(("###cdsaHashInit cdsaCtx %p\n", cdsaCtx)); + + /* cook up a digest context, initialize it */ + crtn = CSSM_CSP_CreateDigestContext(sslCtx->cspHand, + digestAlg, + &hashHand); + if(crtn) { + errorLog0("CSSM_CSP_CreateDigestContext failure\n"); + return SSLCryptoError; + } + crtn = CSSM_DigestDataInit(hashHand); + if(crtn) { + CSSM_DeleteContext(hashHand); + errorLog0("CSSM_DigestDataInit failure\n"); + return SSLCryptoError; + } + cdsaCtx->hashHand = hashHand; return SSLNoErr; } -static SSLErr HashMD5Clone(SSLBuffer src, SSLBuffer dest) +static SSLErr cdsaHashUpdate(SSLBuffer digestCtx, SSLBuffer data) { - if (src.length != dest.length) { - errorLog0("HashMD5Clone: length mismatch\n"); - return SSLProtocolErr; - } - memcpy(dest.data, src.data, src.length); - return SSLNoErr; -} - -/*** SHA ***/ -static SSLErr HashSHA1Init(SSLBuffer digestCtx) -{ SSL_SHA_INFO *ctx = (SSL_SHA_INFO*)digestCtx.data; - CASSERT(digestCtx.length >= sizeof(SSL_SHA_INFO)); - sha_init(&ctx->sha); - ctx->bufferPos = 0; - return SSLNoErr; + cdsaHashContext *cdsaCtx; + CSSM_RETURN crtn; + CSSM_DATA cdata; + + CASSERT(digestCtx.length >= sizeof(cdsaHashContext)); + cdsaCtx = (cdsaHashContext *)digestCtx.data; + //dgprintf(("###cdsaHashUpdate cdsaCtx %p\n", cdsaCtx)); + + SSLBUF_TO_CSSM(&data, &cdata); + crtn = CSSM_DigestDataUpdate(cdsaCtx->hashHand, &cdata, 1); + if(crtn) { + errorLog0("CSSM_DigestDataUpdate failure\n"); + return SSLCryptoError; + } + else { + return SSLNoErr; + } } -static SSLErr HashSHA1Update(SSLBuffer digestCtx, SSLBuffer data) -{ SSL_SHA_INFO *ctx = (SSL_SHA_INFO*)digestCtx.data; - uint32 dataRemaining, processed; - uint8 *dataPos; - - CASSERT(digestCtx.length >= sizeof(SSL_SHA_INFO)); - dataRemaining = data.length; - dataPos = data.data; - while (dataRemaining > 0) - { processed = SHA_BLOCKSIZE - ctx->bufferPos; - if (dataRemaining < processed) - processed = dataRemaining; - memcpy(ctx->dataBuffer+ctx->bufferPos, dataPos, processed); - ctx->bufferPos += processed; - if (ctx->bufferPos == SHA_BLOCKSIZE) - { sha_update(&ctx->sha, ctx->dataBuffer, ctx->bufferPos); - ctx->bufferPos = 0; - } - dataRemaining -= processed; - dataPos += processed; - } - //DUMP_BUFFER_PTR("SHA1 data", digestCtx.data, data); - return SSLNoErr; +static SSLErr cdsaHashFinal(SSLBuffer digestCtx, SSLBuffer digest) +{ + cdsaHashContext *cdsaCtx; + CSSM_RETURN crtn; + CSSM_DATA cdata; + SSLErr srtn = SSLNoErr; + + CASSERT(digestCtx.length >= sizeof(cdsaHashContext)); + cdsaCtx = (cdsaHashContext *)digestCtx.data; + dgprintf(("###cdsaHashFinal cdsaCtx %p\n", cdsaCtx)); + SSLBUF_TO_CSSM(&digest, &cdata); + crtn = CSSM_DigestDataFinal(cdsaCtx->hashHand, &cdata); + if(crtn) { + errorLog0("CSSM_DigestDataFinal failure\n"); + srtn = SSLCryptoError; + } + else { + digest.length = cdata.Length; + } + CSSM_DeleteContext(cdsaCtx->hashHand); + cdsaCtx->hashHand = 0; + return srtn; } -static SSLErr HashSHA1Final(SSLBuffer digestCtx, SSLBuffer digest) -{ SSL_SHA_INFO *ctx = (SSL_SHA_INFO*)digestCtx.data; - CASSERT(digestCtx.length >= sizeof(SSL_SHA_INFO)); - CASSERT(digest.length >= SHA_DIGESTSIZE); - if (ctx->bufferPos > 0) - sha_update(&ctx->sha, ctx->dataBuffer, ctx->bufferPos); - sha_final((SHA_INFO*)digestCtx.data); - memcpy(digest.data, ((SHA_INFO*)digestCtx.data)->digest, 20); - //DUMP_BUFFER_PTR("SHA1 final", digestCtx.data, digest); - return SSLNoErr; +static SSLErr cdsaHashClose(SSLBuffer digestCtx, SSLContext *sslCtx) +{ + cdsaHashContext *cdsaCtx; + + CASSERT(digestCtx.length >= sizeof(cdsaHashContext)); + cdsaCtx = (cdsaHashContext *)digestCtx.data; + dgprintf(("###cdsaHashClose cdsaCtx %p\n", cdsaCtx)); + if(cdsaCtx->hashHand != 0) { + CSSM_DeleteContext(cdsaCtx->hashHand); + cdsaCtx->hashHand = 0; + } + return SSLNoErr; } -static SSLErr HashSHA1Clone(SSLBuffer src, SSLBuffer dest) -{ if (src.length != dest.length) { - errorLog0("HashSHA1Clone: length mismatch\n"); - return SSLProtocolErr; - } - memcpy(dest.data, src.data, src.length); - return SSLNoErr; +static SSLErr cdsaHashClone(SSLBuffer src, SSLBuffer dst) +{ + cdsaHashContext *srcCtx; + cdsaHashContext *dstCtx; + CSSM_RETURN crtn; + + CASSERT(src.length >= sizeof(cdsaHashContext)); + CASSERT(dst.length >= sizeof(cdsaHashContext)); + srcCtx = (cdsaHashContext *)src.data; + dstCtx = (cdsaHashContext *)dst.data; + dgprintf(("###cdsaHashClone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); + + crtn = CSSM_DigestDataClone(srcCtx->hashHand, &dstCtx->hashHand); + if(crtn) { + errorLog0("CSSM_DigestDataClone failure\n"); + return SSLCryptoError; + } + else { + return SSLNoErr; + } } + diff --git a/SecureTransport/hdskcert.c b/SecureTransport/hdskcert.c index 63f6e539..5e230e37 100644 --- a/SecureTransport/hdskcert.c +++ b/SecureTransport/hdskcert.c @@ -87,6 +87,7 @@ #endif #include +#include SSLErr SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx) @@ -109,7 +110,9 @@ SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx) } certificate->contentType = SSL_handshake; - certificate->protocolVersion = SSL_Version_3_0; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + certificate->protocolVersion = ctx->negProtocolVersion; if ((err = SSLAllocBuffer(&certificate->contents, totalLength + 7, &ctx->sysCtx)) != 0) return err; @@ -140,9 +143,6 @@ SSLErr SSLProcessCertificate(SSLBuffer message, SSLContext *ctx) { SSLErr err; UInt32 listLen, certLen; - #ifndef __APPLE__ - SSLBuffer buf; - #endif UInt8 *p; SSLCertificate *cert; @@ -161,7 +161,6 @@ SSLProcessCertificate(SSLBuffer message, SSLContext *ctx) errorLog0("SSLProcessCertificate: length decode error 2\n"); return SSLProtocolErr; } - #ifdef __APPLE__ cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate)); if(cert == NULL) { return SSLMemoryErr; @@ -170,24 +169,10 @@ SSLProcessCertificate(SSLBuffer message, SSLContext *ctx) { sslFree(cert); return err; } - #else - if ((err = SSLAllocBuffer(&buf, sizeof(SSLCertificate), &ctx->sysCtx)) != 0) - return err; - cert = (SSLCertificate*)buf.data; - if ((err = SSLAllocBuffer(&cert->derCert, certLen, &ctx->sysCtx)) != 0) - { SSLFreeBuffer(&buf, &ctx->sysCtx); - return err; - } - #endif memcpy(cert->derCert.data, p, certLen); p += certLen; cert->next = ctx->peerCert; /* Insert backwards; root cert will be first in linked list */ ctx->peerCert = cert; - #ifndef _APPLE_CDSA_ - /* we don't parse this, the CL does */ - if ((err = ASNParseX509Certificate(cert->derCert, &cert->cert, ctx)) != 0) - return err; - #endif listLen -= 3+certLen; } CASSERT(p == message.data + message.length && listLen == 0); @@ -195,55 +180,20 @@ SSLProcessCertificate(SSLBuffer message, SSLContext *ctx) if (ctx->peerCert == 0) return X509CertChainInvalidErr; - #ifdef _APPLE_CDSA_ if((err = sslVerifyCertChain(ctx, ctx->peerCert)) != 0) - #else - if ((err = X509VerifyCertChain(ctx->peerCert, ctx)) != 0) - #endif return err; -/* Server's certificate is the last one in the chain */ + /* Server's certificate is the last one in the chain */ cert = ctx->peerCert; while (cert->next != 0) cert = cert->next; -/* Convert its public key to RSAREF format */ - #ifdef _APPLE_CDSA_ + /* Convert its public key to CDSA format */ if ((err = sslPubKeyFromCert(ctx, &cert->derCert, &ctx->peerPubKey, &ctx->peerPubKeyCsp)) != 0) - #else - if ((err = X509ExtractPublicKey(&cert->cert.pubKey, &ctx->peerKey)) != 0) - #endif return err; - - #ifndef _APPLE_CDSA_ - /* - * This appears to be redundant with the cert check above; - * it's here for additional cert checking by clients of SSLRef. - */ - if (ctx->certCtx.checkCertFunc != 0) - { SSLBuffer certList, *certs; - int i,certCount; - SSLCertificate *c; - if ((err = SSLGetPeerCertificateChainLength(ctx, &certCount)) != 0) - return err; - if ((err = SSLAllocBuffer(&certList, certCount * sizeof(SSLBuffer), &ctx->sysCtx)) != 0) - return err; - certs = (SSLBuffer *)certList.data; - c = ctx->peerCert; - for (i = 0; i < certCount; i++, c = c->next) - certs[i] = c->derCert; - - if ((err = ctx->certCtx.checkCertFunc(certCount, certs, ctx->certCtx.checkCertRef)) != 0) - { SSLFreeBuffer(&certList, &ctx->sysCtx); - return err; - } - SSLFreeBuffer(&certList, &ctx->sysCtx); - } - #endif /* _APPLE_CDSA_ */ - return SSLNoErr; } @@ -273,7 +223,9 @@ SSLEncodeCertificateRequest(SSLRecord *request, SSLContext *ctx) msgLen = 1 + 1 + 2 + dnListLen; request->contentType = SSL_handshake; - request->protocolVersion = SSL_Version_3_0; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + request->protocolVersion = ctx->negProtocolVersion; if ((err = SSLAllocBuffer(&request->contents, msgLen + 4, &ctx->sysCtx)) != 0) return err; @@ -377,75 +329,36 @@ SSLEncodeCertificateVerify(SSLRecord *certVerify, SSLContext *ctx) goto fail; if (ERR(err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0) goto fail; - if (ERR(err = SSLCalculateFinishedMessage(hashData, shaMsgState, md5MsgState, 0, ctx)) != 0) + assert(ctx->sslTslCalls != NULL); + if (ERR(err = ctx->sslTslCalls->computeCertVfyMac(ctx, + hashData, shaMsgState, md5MsgState)) != 0) goto fail; -#if RSAREF - len = (ctx->localKey.bits + 7)/8; -#elif BSAFE - { A_RSA_KEY *keyInfo; - int rsaResult; - - if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->localKey, KI_RSAPublic)) != 0) - return ERR(SSLUnknownErr); - len = keyInfo->modulus.len; - } -#elif _APPLE_CDSA_ CASSERT(ctx->signingPrivKey != NULL); len = sslKeyLengthInBytes(ctx->signingPrivKey); -#else -#error No asymmetric crypto specified -#endif /* RSAREF / BSAFE */ certVerify->contentType = SSL_handshake; - certVerify->protocolVersion = SSL_Version_3_0; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + certVerify->protocolVersion = ctx->negProtocolVersion; if (ERR(err = SSLAllocBuffer(&certVerify->contents, len + 6, &ctx->sysCtx)) != 0) goto fail; certVerify->contents.data[0] = SSL_certificate_verify; SSLEncodeInt(certVerify->contents.data+1, len+2, 3); SSLEncodeInt(certVerify->contents.data+4, len, 2); -#if RSAREF - if (RSAPrivateEncrypt(certVerify->contents.data+6, &outputLen, - signedHashData, 36, &ctx->localKey) != 0) /* Sign the structure */ - { err = ERR(SSLUnknownErr); - goto fail; - } -#elif BSAFE - { B_ALGORITHM_OBJ rsa; - B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_CRT_ENCRYPT, 0 }; - int rsaResult; - - if (ERR(rsaResult = B_CreateAlgorithmObject(&rsa)) != 0) - return SSLUnknownErr; - if (ERR(rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPrivate, 0)) != 0) - return SSLUnknownErr; - if (ERR(rsaResult = B_EncryptInit(rsa, ctx->localKey, chooser, NO_SURR)) != 0) - return SSLUnknownErr; - if (ERR(rsaResult = B_EncryptUpdate(rsa, certVerify->contents.data+6, - &outputLen, len, signedHashData, 36, 0, NO_SURR)) != 0) - return SSLUnknownErr; - if (ERR(rsaResult = B_EncryptFinal(rsa, certVerify->contents.data+6+outputLen, - &outputLen, len-outputLen, 0, NO_SURR)) != 0) - return SSLUnknownErr; - B_DestroyAlgorithmObject(&rsa); - } -#elif _APPLE_CDSA_ - - err = sslRsaRawSign(ctx, - ctx->signingPrivKey, - ctx->signingKeyCsp, - signedHashData, - 36, // MD5 size + SHA1 size - certVerify->contents.data+6, - len, // we mallocd len+6 - &outputLen); - if(err) { - goto fail; - } -#else -#error No asymmetric crypto specified -#endif /* RSAREF / BSAFE */ + + err = sslRsaRawSign(ctx, + ctx->signingPrivKey, + ctx->signingKeyCsp, + signedHashData, + 36, // MD5 size + SHA1 size + certVerify->contents.data+6, + len, // we mallocd len+6 + &outputLen); + if(err) { + goto fail; + } CASSERT(outputLen == len); @@ -464,9 +377,6 @@ SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx) UInt8 signedHashData[36]; UInt16 signatureLen; SSLBuffer hashData, shaMsgState, md5MsgState, outputData; - #if defined(BSAFE) || defined(RSAREF) - unsigned int outputLen; - #endif unsigned int publicModulusLen; shaMsgState.data = 0; @@ -484,22 +394,8 @@ SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx) return ERR(SSLProtocolErr); } -#if RSAREF - publicModulusLen = (ctx->peerKey.bits + 7)/8; -#elif BSAFE - { A_RSA_KEY *keyInfo; - int rsaResult; - - if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->peerKey, KI_RSAPublic)) != 0) - return SSLUnknownErr; - publicModulusLen = keyInfo->modulus.len; - } -#elif _APPLE_CDSA_ CASSERT(ctx->peerPubKey != NULL); publicModulusLen = sslKeyLengthInBytes(ctx->peerPubKey); -#else -#error No asymmetric crypto specified -#endif /* RSAREF / BSAFE */ if (signatureLen != publicModulusLen) { errorLog0("SSLProcessCertificateVerify: sig len error 2\n"); @@ -513,41 +409,14 @@ SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx) goto fail; if (ERR(err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0) goto fail; - if (ERR(err = SSLCalculateFinishedMessage(hashData, shaMsgState, md5MsgState, 0, ctx)) != 0) + assert(ctx->sslTslCalls != NULL); + if (ERR(err = ctx->sslTslCalls->computeCertVfyMac(ctx, hashData, + shaMsgState, md5MsgState)) != 0) goto fail; if (ERR(err = SSLAllocBuffer(&outputData, publicModulusLen, &ctx->sysCtx)) != 0) goto fail; -#if RSAREF - if (RSAPublicDecrypt(outputData.data, &outputLen, - message.data + 2, signatureLen, &ctx->peerKey) != 0) - { ERR(err = SSLUnknownErr); - goto fail; - } -#elif BSAFE - { B_ALGORITHM_OBJ rsa; - B_ALGORITHM_METHOD *chooser[] = { &AM_MD2, &AM_MD5, &AM_RSA_DECRYPT, 0 }; - int rsaResult; - unsigned int decryptLen; - - if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPublic, 0)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_DecryptInit(rsa, ctx->peerKey, chooser, NO_SURR)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_DecryptUpdate(rsa, outputData.data, &decryptLen, 36, - message.data + 2, signatureLen, 0, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen = decryptLen; - if ((rsaResult = B_DecryptFinal(rsa, outputData.data+outputLen, - &decryptLen, 36-outputLen, 0, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen += decryptLen; - B_DestroyAlgorithmObject(&rsa); - } -#elif _APPLE_CDSA_ /* * The CSP does the decrypt & compare for us in one shot */ @@ -561,28 +430,6 @@ SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx) if(err) { goto fail; } - -#endif /* RSAREF / BSAFE */ - -#if !_APPLE_CDSA_ - /* we don't have to do the compare */ - if (outputLen != 36) - { - ERR(err = SSLProtocolErr); - goto fail; - } - outputData.length = outputLen; - - DUMP_BUFFER_NAME("Finished got ", outputData); - DUMP_BUFFER_NAME("Finished wanted", hashData); - - if (memcmp(outputData.data, signedHashData, 36) != 0) - { - ERR(err = SSLProtocolErr); - goto fail; - } -#endif /* BSAFE, RSAREF only */ - err = SSLNoErr; fail: diff --git a/SecureTransport/hdskchgc.c b/SecureTransport/hdskchgc.c index bf667f79..a9a11de5 100644 --- a/SecureTransport/hdskchgc.c +++ b/SecureTransport/hdskchgc.c @@ -71,6 +71,7 @@ #include "sslDebug.h" #endif +#include #include SSLErr @@ -83,7 +84,9 @@ SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx) dprintf0("===Sending changeCipherSpec msg\n"); #endif rec->contentType = SSL_change_cipher_spec; - rec->protocolVersion = SSL_Version_3_0; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + rec->protocolVersion = ctx->negProtocolVersion; rec->contents.length = 1; if ((err = SSLAllocBuffer(&rec->contents, 1, &ctx->sysCtx)) != 0) return err; @@ -130,11 +133,15 @@ SSLErr SSLDisposeCipherSuite(CipherContext *cipher, SSLContext *ctx) { SSLErr err; + /* symmetric key */ if (cipher->symKey) { if ((err = cipher->symCipher->finish(cipher, ctx)) != 0) return err; cipher->symKey = 0; } + /* per-record hash/hmac context */ + ctx->sslTslCalls->freeMac(cipher); + return SSLNoErr; } diff --git a/SecureTransport/hdskfini.c b/SecureTransport/hdskfini.c index ca0392e4..1db1d6fb 100644 --- a/SecureTransport/hdskfini.c +++ b/SecureTransport/hdskfini.c @@ -21,7 +21,7 @@ Contains: Finished and server hello done messages. - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -78,33 +78,51 @@ #endif #include +#include SSLErr SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx) { SSLErr err; SSLBuffer finishedMsg, shaMsgState, md5MsgState; - UInt32 sideSenderValue; - + Boolean isServerMsg; + unsigned finishedSize; + shaMsgState.data = 0; md5MsgState.data = 0; + /* size and version depend on negotiatedProtocol */ + switch(ctx->negProtocolVersion) { + case SSL_Version_3_0: + finished->protocolVersion = SSL_Version_3_0; + finishedSize = 36; + break; + case TLS_Version_1_0: + finished->protocolVersion = TLS_Version_1_0; + finishedSize = 12; + break; + default: + assert(0); + return SSLInternalError; + } finished->contentType = SSL_handshake; - finished->protocolVersion = SSL_Version_3_0; - if ((err = SSLAllocBuffer(&finished->contents, 40, &ctx->sysCtx)) != 0) + /* msg = type + 3 bytes len + finishedSize */ + if ((err = SSLAllocBuffer(&finished->contents, finishedSize + 4, + &ctx->sysCtx)) != 0) return err; finished->contents.data[0] = SSL_finished; - SSLEncodeInt(finished->contents.data + 1, 36, 3); + SSLEncodeInt(finished->contents.data + 1, finishedSize, 3); - finishedMsg.data = finished->contents.data+4; - finishedMsg.length = 36; + finishedMsg.data = finished->contents.data + 4; + finishedMsg.length = finishedSize; if ((err = CloneHashState(&SSLHashSHA1, ctx->shaState, &shaMsgState, ctx)) != 0) goto fail; if ((err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0) goto fail; - sideSenderValue = (ctx->protocolSide == SSL_ServerSide) ? SSL_Finished_Sender_Server : SSL_Finished_Sender_Client; - if ((err = SSLCalculateFinishedMessage(finishedMsg, shaMsgState, md5MsgState, sideSenderValue, ctx)) != 0) + isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? true : false; + if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, finishedMsg, + shaMsgState, md5MsgState, isServerMsg)) != 0) goto fail; fail: @@ -117,15 +135,26 @@ SSLErr SSLProcessFinished(SSLBuffer message, SSLContext *ctx) { SSLErr err; SSLBuffer expectedFinished, shaMsgState, md5MsgState; - UInt32 peerSenderValue; + Boolean isServerMsg; + unsigned finishedSize; - if (message.length != 36) { + switch(ctx->negProtocolVersion) { + case SSL_Version_3_0: + finishedSize = 36; + break; + case TLS_Version_1_0: + finishedSize = 12; + break; + default: + assert(0); + return SSLInternalError; + } + if (message.length != finishedSize) { errorLog0("SSLProcessFinished: msg len error 1\n"); return SSLProtocolErr; } - peerSenderValue = (ctx->protocolSide == SSL_ClientSide) ? SSL_Finished_Sender_Server : SSL_Finished_Sender_Client; expectedFinished.data = 0; - if ((err = SSLAllocBuffer(&expectedFinished, 36, &ctx->sysCtx)) != 0) + if ((err = SSLAllocBuffer(&expectedFinished, finishedSize, &ctx->sysCtx)) != 0) return err; shaMsgState.data = 0; if ((err = CloneHashState(&SSLHashSHA1, ctx->shaState, &shaMsgState, ctx)) != 0) @@ -133,11 +162,12 @@ SSLProcessFinished(SSLBuffer message, SSLContext *ctx) md5MsgState.data = 0; if ((err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0) goto fail; - if ((err = SSLCalculateFinishedMessage(expectedFinished, shaMsgState, md5MsgState, peerSenderValue, ctx)) != 0) + isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? false : true; + if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, expectedFinished, + shaMsgState, md5MsgState, isServerMsg)) != 0) goto fail; - DUMP_BUFFER_NAME("finished got", message); - DUMP_BUFFER_NAME("finished wanted", expectedFinished); - if (memcmp(expectedFinished.data, message.data, 36) != 0) + + if (memcmp(expectedFinished.data, message.data, finishedSize) != 0) { errorLog0("SSLProcessFinished: memcmp failure\n"); err = SSLProtocolErr; @@ -151,87 +181,14 @@ fail: return err; } -SSLErr -SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, - SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx) -{ SSLErr err; - SSLBuffer hash, input; - UInt8 sender[4], md5Inner[16], shaInner[20]; - - CASSERT(finished.length == 36); - - if (senderID != 0) - { SSLEncodeInt(sender, senderID, 4); - input.data = sender; - input.length = 4; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - } - input.data = ctx->masterSecret; - input.length = 48; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - input.data = SSLMACPad1; - input.length = SSLHashMD5.macPadSize; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - input.length = SSLHashSHA1.macPadSize; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - hash.data = md5Inner; - hash.length = 16; - if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0) - return err; - hash.data = shaInner; - hash.length = 20; - if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0) - return err; - if ((err = SSLHashMD5.init(md5MsgState)) != 0) - return err; - if ((err = SSLHashSHA1.init(shaMsgState)) != 0) - return err; - input.data = ctx->masterSecret; - input.length = 48; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - input.data = SSLMACPad2; - input.length = SSLHashMD5.macPadSize; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - input.length = SSLHashSHA1.macPadSize; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - input.data = md5Inner; - input.length = 16; - if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) - return err; - hash.data = finished.data; - hash.length = 16; - if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0) - return err; - input.data = shaInner; - input.length = 20; - if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) - return err; - hash.data = finished.data + 16; - hash.length = 20; - if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0) - return err; - return SSLNoErr; -} - SSLErr SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx) { SSLErr err; helloDone->contentType = SSL_handshake; - helloDone->protocolVersion = SSL_Version_3_0; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + helloDone->protocolVersion = ctx->negProtocolVersion; if ((err = SSLAllocBuffer(&helloDone->contents, 4, &ctx->sysCtx)) != 0) return err; helloDone->contents.data[0] = SSL_server_hello_done; diff --git a/SecureTransport/hdskhelo.c b/SecureTransport/hdskhelo.c index 70ee621a..9d3841cb 100644 --- a/SecureTransport/hdskhelo.c +++ b/SecureTransport/hdskhelo.c @@ -21,7 +21,7 @@ Contains: Support for client hello and server hello messages. - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -94,6 +94,14 @@ static SSLErr SSLEncodeRandom(unsigned char *p, SSLContext *ctx); +/* IE treats null session id as valid; two consecutive sessions with NULL ID + * are considered a match. Workaround: when resumable sessions are disabled, + * send a random session ID. */ +#define SSL_IE_NULL_RESUME_BUG 1 +#if SSL_IE_NULL_RESUME_BUG +#define SSL_NULL_ID_LEN 32 /* length of bogus session ID */ +#endif + SSLErr SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx) { SSLErr err; @@ -103,10 +111,18 @@ SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx) sessionIDLen = 0; if (ctx->sessionID.data != 0) sessionIDLen = (UInt8)ctx->sessionID.length; + #if SSL_IE_NULL_RESUME_BUG + if(sessionIDLen == 0) { + sessionIDLen = SSL_NULL_ID_LEN; + } + #endif /* SSL_IE_NULL_RESUME_BUG */ + #if LOG_NEGOTIATE - dprintf0("===SSL3 server: sending SSL_Version_3_0\n"); + dprintf2("===SSL3 server: sending version %d_%d\n", + ctx->negProtocolVersion >> 8, ctx->negProtocolVersion & 0xff); + dprintf1("...sessionIDLen = %d\n", sessionIDLen); #endif - serverHello->protocolVersion = SSL_Version_3_0; + serverHello->protocolVersion = ctx->negProtocolVersion; serverHello->contentType = SSL_handshake; if ((err = SSLAllocBuffer(&serverHello->contents, 42 + sessionIDLen, &ctx->sysCtx)) != 0) return err; @@ -114,20 +130,36 @@ SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx) progress = serverHello->contents.data; *progress++ = SSL_server_hello; progress = SSLEncodeInt(progress, 38 + sessionIDLen, 3); - progress = SSLEncodeInt(progress, SSL_Version_3_0, 2); + progress = SSLEncodeInt(progress, serverHello->protocolVersion, 2); if ((err = SSLEncodeRandom(progress, ctx)) != 0) return err; - memcpy(ctx->serverRandom, progress, 32); - progress += 32; - *(progress++) = (UInt8)sessionIDLen; + memcpy(ctx->serverRandom, progress, SSL_CLIENT_SRVR_RAND_SIZE); + progress += SSL_CLIENT_SRVR_RAND_SIZE; + *(progress++) = (UInt8)sessionIDLen; + #if SSL_IE_NULL_RESUME_BUG + if(ctx->sessionID.data != NULL) { + /* normal path for enabled resumable session */ + memcpy(progress, ctx->sessionID.data, sessionIDLen); + } + else { + /* IE workaround */ + SSLBuffer rb; + rb.data = progress; + rb.length = SSL_NULL_ID_LEN; + sslRand(ctx, &rb); + } + #else if (sessionIDLen > 0) memcpy(progress, ctx->sessionID.data, sessionIDLen); - progress += sessionIDLen; + #endif /* SSL_IE_NULL_RESUME_BUG */ + progress += sessionIDLen; progress = SSLEncodeInt(progress, ctx->selectedCipher, 2); *(progress++) = 0; /* Null compression */ + #if LOG_NEGOTIATE dprintf1("ssl3: server specifying cipherSuite 0x%lx\n", (UInt32)ctx->selectedCipher); - + #endif + CASSERT(progress == serverHello->contents.data + serverHello->contents.length); return SSLNoErr; @@ -150,11 +182,23 @@ SSLProcessServerHello(SSLBuffer message, SSLContext *ctx) protocolVersion = (SSLProtocolVersion)SSLDecodeInt(p, 2); p += 2; - if (protocolVersion != SSL_Version_3_0) - return SSLUnsupportedErr; + if (protocolVersion > ctx->maxProtocolVersion) { + return SSLNegotiationErr; + } ctx->negProtocolVersion = protocolVersion; - #if LOG_NEGOTIATE - dprintf0("===SSL3 client: negVersion is 3_0\n"); + switch(protocolVersion) { + case SSL_Version_3_0: + ctx->sslTslCalls = &Ssl3Callouts; + break; + case TLS_Version_1_0: + ctx->sslTslCalls = &Tls1Callouts; + break; + default: + return SSLNegotiationErr; + } + #if LOG_NEGOTIATE + dprintf2("===SSL3 client: negVersion is %d_%d\n", + (protocolVersion >> 8) & 0xff, protocolVersion & 0xff); #endif memcpy(ctx->serverRandom, p, 32); @@ -175,8 +219,8 @@ SSLProcessServerHello(SSLBuffer message, SSLContext *ctx) ctx->selectedCipher = (UInt16)SSLDecodeInt(p,2); #if LOG_NEGOTIATE - dprintf1("===ssl3: server requests cipherKind 0x%x\n", - (UInt32)ctx->selectedCipher); + dprintf1("===ssl3: server requests cipherKind %d\n", + (unsigned)ctx->selectedCipher); #endif p += 2; if ((err = FindCipherSpec(ctx)) != 0) { @@ -202,7 +246,7 @@ SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx) sessionIDLen = 0; if (ctx->resumableSession.data != 0) - { if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) + { if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) { return err; } sessionIDLen = sessionIdentifier.length; @@ -210,7 +254,7 @@ SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx) length = 39 + 2*(ctx->numValidCipherSpecs) + sessionIDLen; - clientHello->protocolVersion = SSL_Version_3_0; + clientHello->protocolVersion = ctx->maxProtocolVersion; clientHello->contentType = SSL_handshake; if ((err = SSLAllocBuffer(&clientHello->contents, length + 4, &ctx->sysCtx)) != 0) return err; @@ -218,15 +262,16 @@ SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx) p = clientHello->contents.data; *p++ = SSL_client_hello; p = SSLEncodeInt(p, length, 3); - p = SSLEncodeInt(p, SSL_Version_3_0, 2); + p = SSLEncodeInt(p, ctx->maxProtocolVersion, 2); #if LOG_NEGOTIATE - dprintf0("===SSL3 client: proclaiming Version_3_0 capable ONLY\n"); + dprintf2("===SSL3 client: proclaiming max protocol %d_%d capable ONLY\n", + ctx->maxProtocolVersion >> 8, ctx->maxProtocolVersion & 0xff); #endif if ((err = SSLEncodeRandom(p, ctx)) != 0) { SSLFreeBuffer(&clientHello->contents, &ctx->sysCtx); return err; } - memcpy(ctx->clientRandom, p, 32); + memcpy(ctx->clientRandom, p, SSL_CLIENT_SRVR_RAND_SIZE); p += 32; *p++ = sessionIDLen; /* 1 byte vector length */ if (sessionIDLen > 0) @@ -265,6 +310,8 @@ SSLProcessClientHello(SSLBuffer message, SSLContext *ctx) progress = message.data; clientVersion = (SSLProtocolVersion)SSLDecodeInt(progress, 2); progress += 2; + #if old_way + /* tested, works with SSLv3 */ if (clientVersion < SSL_Version_3_0) { #if LOG_NEGOTIATE dprintf1("===SSL3 server: clientVersion %s rejected\n", clientVersion); @@ -272,11 +319,29 @@ SSLProcessClientHello(SSLBuffer message, SSLContext *ctx) return SSLUnsupportedErr; } ctx->negProtocolVersion = SSL_Version_3_0; + #else + /* Untested, for TLS */ + if(clientVersion > ctx->maxProtocolVersion) { + clientVersion = ctx->maxProtocolVersion; + } + switch(clientVersion) { + case SSL_Version_3_0: + ctx->sslTslCalls = &Ssl3Callouts; + break; + case TLS_Version_1_0: + ctx->sslTslCalls = &Tls1Callouts; + break; + default: + return SSLNegotiationErr; + } + ctx->negProtocolVersion = clientVersion; + #endif /* new_way */ #if LOG_NEGOTIATE - dprintf0("===SSL3 server: negVersion is 3_0\n"); + dprintf2("===SSL3 server: negVersion is %d_%d\n", + clientVersion >> 8, clientVersion & 0xff); #endif - memcpy(ctx->clientRandom, progress, 32); + memcpy(ctx->clientRandom, progress, SSL_CLIENT_SRVR_RAND_SIZE); progress += 32; sessionIDLen = *(progress++); if (message.length < 41 + sessionIDLen) { @@ -318,7 +383,7 @@ SSLProcessClientHello(SSLBuffer message, SSLContext *ctx) return err; } #if LOG_NEGOTIATE - dprintf1("ssl3 server: selecting cipherKind 0x%x\n", (UInt32)ctx->selectedCipher); + dprintf1("ssl3 server: selecting cipherKind 0x%x\n", (unsigned)ctx->selectedCipher); #endif compressionCount = *(progress++); @@ -342,20 +407,12 @@ SSLEncodeRandom(unsigned char *p, SSLContext *ctx) SSLErr err; UInt32 time; - #ifdef _APPLE_CDSA_ if ((err = sslTime(&time)) != 0) - #else - if ((err = ctx->sysCtx.time(&time, ctx->sysCtx.timeRef)) != 0) - #endif return err; SSLEncodeInt(p, time, 4); randomData.data = p+4; randomData.length = 28; - #ifdef _APPLE_CDSA_ if((err = sslRand(ctx, &randomData)) != 0) - #else - if ((err = ctx->sysCtx.random(randomData, ctx->sysCtx.randomRef)) != 0) - #endif return err; return SSLNoErr; } @@ -363,13 +420,14 @@ SSLEncodeRandom(unsigned char *p, SSLContext *ctx) SSLErr SSLInitMessageHashes(SSLContext *ctx) { SSLErr err; - if ((err = SSLFreeBuffer(&ctx->shaState, &ctx->sysCtx)) != 0) + + if ((err = CloseHash(&SSLHashSHA1, &ctx->shaState, ctx)) != 0) return err; - if ((err = SSLFreeBuffer(&ctx->md5State, &ctx->sysCtx)) != 0) + if ((err = CloseHash(&SSLHashMD5, &ctx->md5State, ctx)) != 0) return err; if ((err = ReadyHash(&SSLHashSHA1, &ctx->shaState, ctx)) != 0) return err; - if ((err = ReadyHash(&SSLHashMD5, &ctx->md5State, ctx)) != 0) + if ((err = ReadyHash(&SSLHashMD5, &ctx->md5State, ctx)) != 0) return err; return SSLNoErr; } diff --git a/SecureTransport/hdskkeys.c b/SecureTransport/hdskkeys.c index aa941b69..20353140 100644 --- a/SecureTransport/hdskkeys.c +++ b/SecureTransport/hdskkeys.c @@ -80,25 +80,23 @@ #endif #include - -static SSLErr SSLGenerateKeyMaterial(SSLBuffer key, SSLContext *ctx); +#include SSLErr SSLEncodeRSAPremasterSecret(SSLContext *ctx) { SSLBuffer randData; SSLErr err; - if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, 48, &ctx->sysCtx)) != 0) + if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, + SSL_RSA_PREMASTER_SECRET_SIZE, &ctx->sysCtx)) != 0) return err; - SSLEncodeInt(ctx->preMasterSecret.data, SSL_Version_3_0, 2); + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + SSLEncodeInt(ctx->preMasterSecret.data, ctx->maxProtocolVersion, 2); randData.data = ctx->preMasterSecret.data+2; - randData.length = 46; - #ifdef _APPLE_CDSA_ + randData.length = SSL_RSA_PREMASTER_SECRET_SIZE - 2; if ((err = sslRand(ctx, &randData)) != 0) - #else - if ((err = ctx->sysCtx.random(randData, ctx->sysCtx.randomRef)) != 0) - #endif return err; DUMP_BUFFER_NAME("premaster secret", ctx->preMasterSecret); @@ -118,9 +116,6 @@ SSLEncodeDHPremasterSecret(SSLContext *ctx) SSLErr err; int rsaResult; SSLRandomCtx rsaRandom; -#if RSAREF - SSLBuffer privateValue; -#endif /* Given the server's Diffie-Hellman parameters, prepare a public & private value, * then use the public value provided by the server and our private value to @@ -193,87 +188,24 @@ fail: #endif /* APPLE_DH */ -SSLErr -SSLCalculateMasterSecret(SSLContext *ctx) -{ SSLErr err; - SSLBuffer shaState, md5State, clientRandom, - serverRandom, shaHash, md5Hash, leader; - UInt8 *masterProgress, shaHashData[20], leaderData[3]; - int i; - - md5State.data = shaState.data = 0; - if ((err = SSLAllocBuffer(&md5State, SSLHashMD5.contextSize, &ctx->sysCtx)) != 0) - goto fail; - if ((err = SSLAllocBuffer(&shaState, SSLHashSHA1.contextSize, &ctx->sysCtx)) != 0) - goto fail; - - clientRandom.data = ctx->clientRandom; - clientRandom.length = 32; - serverRandom.data = ctx->serverRandom; - serverRandom.length = 32; - shaHash.data = shaHashData; - shaHash.length = 20; - - masterProgress = ctx->masterSecret; - - for (i = 1; i <= 3; i++) - { if ((err = SSLHashMD5.init(md5State)) != 0) - goto fail; - if ((err = SSLHashSHA1.init(shaState)) != 0) - goto fail; - - leaderData[0] = leaderData[1] = leaderData[2] = 0x40 + i; /* 'A', 'B', etc. */ - leader.data = leaderData; - leader.length = i; - - if ((err = SSLHashSHA1.update(shaState, leader)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaState, ctx->preMasterSecret)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaState, clientRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaState, serverRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.final(shaState, shaHash)) != 0) - goto fail; - if ((err = SSLHashMD5.update(md5State, ctx->preMasterSecret)) != 0) - goto fail; - if ((err = SSLHashMD5.update(md5State, shaHash)) != 0) - goto fail; - md5Hash.data = masterProgress; - md5Hash.length = 16; - if ((err = SSLHashMD5.final(md5State, md5Hash)) != 0) - goto fail; - masterProgress += 16; - } - - DUMP_DATA_NAME("master secret",ctx->masterSecret, 48); - - err = SSLNoErr; -fail: - SSLFreeBuffer(&shaState, &ctx->sysCtx); - SSLFreeBuffer(&md5State, &ctx->sysCtx); - return err; -} - SSLErr SSLInitPendingCiphers(SSLContext *ctx) { SSLErr err; - SSLBuffer key, hashCtx; + SSLBuffer key; UInt8 *keyDataProgress, *keyPtr, *ivPtr; int keyDataLen; CipherContext *serverPending, *clientPending; - key.data = hashCtx.data = 0; + key.data = 0; - ctx->readPending.hash = ctx->selectedCipherSpec->macAlgorithm; - ctx->writePending.hash = ctx->selectedCipherSpec->macAlgorithm; + ctx->readPending.macRef = ctx->selectedCipherSpec->macAlgorithm; + ctx->writePending.macRef = ctx->selectedCipherSpec->macAlgorithm; ctx->readPending.symCipher = ctx->selectedCipherSpec->cipher; ctx->writePending.symCipher = ctx->selectedCipherSpec->cipher; ctx->readPending.sequenceNum.high = ctx->readPending.sequenceNum.low = 0; ctx->writePending.sequenceNum.high = ctx->writePending.sequenceNum.low = 0; - keyDataLen = ctx->selectedCipherSpec->macAlgorithm->digestSize + + keyDataLen = ctx->selectedCipherSpec->macAlgorithm->hash->digestSize + ctx->selectedCipherSpec->cipher->secretKeySize; if (ctx->selectedCipherSpec->isExportable == NotExportable) keyDataLen += ctx->selectedCipherSpec->cipher->ivSize; @@ -281,9 +213,9 @@ SSLInitPendingCiphers(SSLContext *ctx) if ((err = SSLAllocBuffer(&key, keyDataLen, &ctx->sysCtx)) != 0) return err; - if ((err = SSLGenerateKeyMaterial(key, ctx)) != 0) + assert(ctx->sslTslCalls != NULL); + if ((err = ctx->sslTslCalls->generateKeyMaterial(key, ctx)) != 0) goto fail; - DUMP_BUFFER_NAME("key data",key); if (ctx->protocolSide == SSL_ServerSide) { serverPending = &ctx->writePending; @@ -295,13 +227,23 @@ SSLInitPendingCiphers(SSLContext *ctx) } keyDataProgress = key.data; - memcpy(clientPending->macSecret, keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize); - DUMP_DATA_NAME("client write mac secret", keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize); - keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->digestSize; - memcpy(serverPending->macSecret, keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize); - DUMP_DATA_NAME("server write mac secret", keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize); - keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->digestSize; - + memcpy(clientPending->macSecret, keyDataProgress, + ctx->selectedCipherSpec->macAlgorithm->hash->digestSize); + keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->hash->digestSize; + memcpy(serverPending->macSecret, keyDataProgress, + ctx->selectedCipherSpec->macAlgorithm->hash->digestSize); + keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->hash->digestSize; + + /* init the reusable-per-record MAC contexts */ + err = ctx->sslTslCalls->initMac(clientPending, ctx); + if(err) { + goto fail; + } + err = ctx->sslTslCalls->initMac(serverPending, ctx); + if(err) { + goto fail; + } + if (ctx->selectedCipherSpec->isExportable == NotExportable) { keyPtr = keyDataProgress; keyDataProgress += ctx->selectedCipherSpec->cipher->secretKeySize; @@ -311,8 +253,6 @@ SSLInitPendingCiphers(SSLContext *ctx) if ((err = ctx->selectedCipherSpec->cipher->initialize(keyPtr, ivPtr, clientPending, ctx)) != 0) goto fail; - DUMP_DATA_NAME("client write key", keyPtr, ctx->selectedCipherSpec->cipher->secretKeySize); - DUMP_DATA_NAME("client write iv", ivPtr, ctx->selectedCipherSpec->cipher->ivSize); keyPtr = keyDataProgress; keyDataProgress += ctx->selectedCipherSpec->cipher->secretKeySize; /* Skip client write IV to get to server write IV */ @@ -320,226 +260,59 @@ SSLInitPendingCiphers(SSLContext *ctx) if ((err = ctx->selectedCipherSpec->cipher->initialize(keyPtr, ivPtr, serverPending, ctx)) != 0) goto fail; - DUMP_DATA_NAME("server write key", keyPtr, ctx->selectedCipherSpec->cipher->secretKeySize); - DUMP_DATA_NAME("server write iv", ivPtr, ctx->selectedCipherSpec->cipher->ivSize); } - else - { UInt8 exportKey[16], exportIV[16]; - SSLBuffer hashOutput, clientWrite, serverWrite, clientRandom, - serverRandom; - - CASSERT(ctx->selectedCipherSpec->cipher->keySize <= 16); - CASSERT(ctx->selectedCipherSpec->cipher->ivSize <= 16); + else { + UInt8 clientExportKey[16], serverExportKey[16], + clientExportIV[16], serverExportIV[16]; + SSLBuffer clientWrite, serverWrite; + SSLBuffer finalClientWrite, finalServerWrite; + SSLBuffer finalClientIV, finalServerIV; + + assert(ctx->selectedCipherSpec->cipher->keySize <= 16); + assert(ctx->selectedCipherSpec->cipher->ivSize <= 16); + /* Inputs to generateExportKeyAndIv are clientRandom, serverRandom, + * clientWriteKey, serverWriteKey. The first two are already present + * in ctx. + * Outputs are a key and IV for each of {server, client}. + */ clientWrite.data = keyDataProgress; clientWrite.length = ctx->selectedCipherSpec->cipher->secretKeySize; serverWrite.data = keyDataProgress + clientWrite.length; serverWrite.length = ctx->selectedCipherSpec->cipher->secretKeySize; - clientRandom.data = ctx->clientRandom; - clientRandom.length = 32; - serverRandom.data = ctx->serverRandom; - serverRandom.length = 32; - - if ((err = SSLAllocBuffer(&hashCtx, SSLHashMD5.contextSize, &ctx->sysCtx)) != 0) - goto fail; - if ((err = SSLHashMD5.init(hashCtx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientWrite)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - hashOutput.data = exportKey; - hashOutput.length = 16; - if ((err = SSLHashMD5.final(hashCtx, hashOutput)) != 0) - goto fail; - - if (ctx->selectedCipherSpec->cipher->ivSize > 0) - { if ((err = SSLHashMD5.init(hashCtx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - hashOutput.data = exportIV; - hashOutput.length = 16; - if ((err = SSLHashMD5.final(hashCtx, hashOutput)) != 0) - goto fail; - } - if ((err = ctx->selectedCipherSpec->cipher->initialize(exportKey, exportIV, - clientPending, ctx)) != 0) - goto fail; - - if ((err = SSLHashMD5.init(hashCtx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverWrite)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - hashOutput.data = exportKey; - hashOutput.length = 16; - if ((err = SSLHashMD5.final(hashCtx, hashOutput)) != 0) - goto fail; - - if (ctx->selectedCipherSpec->cipher->ivSize > 0) - { if ((err = SSLHashMD5.init(hashCtx)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) - goto fail; - if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) - goto fail; - hashOutput.data = exportIV; - hashOutput.length = 16; - if ((err = SSLHashMD5.final(hashCtx, hashOutput)) != 0) - goto fail; - } - if ((err = ctx->selectedCipherSpec->cipher->initialize(exportKey, exportIV, - serverPending, ctx)) != 0) + finalClientWrite.data = clientExportKey; + finalServerWrite.data = serverExportKey; + finalClientIV.data = clientExportIV; + finalServerIV.data = serverExportIV; + finalClientWrite.length = 16; + finalServerWrite.length = 16; + /* these can be zero */ + finalClientIV.length = ctx->selectedCipherSpec->cipher->ivSize; + finalServerIV.length = ctx->selectedCipherSpec->cipher->ivSize; + + assert(ctx->sslTslCalls != NULL); + err = ctx->sslTslCalls->generateExportKeyAndIv(ctx, clientWrite, serverWrite, + finalClientWrite, finalServerWrite, finalClientIV, finalServerIV); + if(err) { + goto fail; + } + if ((err = ctx->selectedCipherSpec->cipher->initialize(clientExportKey, + clientExportIV, clientPending, ctx)) != 0) + goto fail; + if ((err = ctx->selectedCipherSpec->cipher->initialize(serverExportKey, + serverExportIV, serverPending, ctx)) != 0) goto fail; } -/* Ciphers are ready for use */ + /* Ciphers are ready for use */ ctx->writePending.ready = 1; ctx->readPending.ready = 1; -/* Ciphers get swapped by sending or receiving a change cipher spec message */ + /* Ciphers get swapped by sending or receiving a change cipher spec message */ err = SSLNoErr; fail: SSLFreeBuffer(&key, &ctx->sysCtx); - SSLFreeBuffer(&hashCtx, &ctx->sysCtx); - return err; -} - -static SSLErr -SSLGenerateKeyMaterial(SSLBuffer key, SSLContext *ctx) -{ SSLErr err; - UInt8 leaderData[10]; /* Max of 10 hashes (* 16 bytes/hash = 160 bytes of key) */ - UInt8 shaHashData[20], md5HashData[16]; - SSLBuffer shaContext, md5Context; - UInt8 *keyProgress; - int i,j,remaining, satisfied; - SSLBuffer leader, masterSecret, serverRandom, clientRandom, shaHash, md5Hash; - - CASSERT(key.length <= 16 * sizeof(leaderData)); - - leader.data = leaderData; - masterSecret.data = ctx->masterSecret; - masterSecret.length = 48; - serverRandom.data = ctx->serverRandom; - serverRandom.length = 32; - clientRandom.data = ctx->clientRandom; - clientRandom.length = 32; - shaHash.data = shaHashData; - shaHash.length = 20; - md5Hash.data = md5HashData; - md5Hash.length = 20; - - md5Context.data = 0; - shaContext.data = 0; - if ((err = ReadyHash(&SSLHashMD5, &md5Context, ctx)) != 0) - goto fail; - if ((err = ReadyHash(&SSLHashSHA1, &shaContext, ctx)) != 0) - goto fail; - - keyProgress = key.data; - remaining = key.length; - - for (i = 0; remaining > 0; ++i) - { for (j = 0; j <= i; j++) - leaderData[j] = 0x41 + i; /* 'A', 'BB', 'CCC', etc. */ - leader.length = i+1; - - if ((err = SSLHashSHA1.update(shaContext, leader)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaContext, masterSecret)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaContext, serverRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.update(shaContext, clientRandom)) != 0) - goto fail; - if ((err = SSLHashSHA1.final(shaContext, shaHash)) != 0) - goto fail; - if ((err = SSLHashMD5.update(md5Context, masterSecret)) != 0) - goto fail; - if ((err = SSLHashMD5.update(md5Context, shaHash)) != 0) - goto fail; - if ((err = SSLHashMD5.final(md5Context, md5Hash)) != 0) - goto fail; - - satisfied = 16; - if (remaining < 16) - satisfied = remaining; - memcpy(keyProgress, md5HashData, satisfied); - remaining -= satisfied; - keyProgress += satisfied; - - if ((err = SSLHashMD5.init(md5Context)) != 0) - goto fail; - if ((err = SSLHashSHA1.init(shaContext)) != 0) - goto fail; - } - - CASSERT(remaining == 0 && keyProgress == (key.data + key.length)); - err = SSLNoErr; -fail: - SSLFreeBuffer(&md5Context, &ctx->sysCtx); - SSLFreeBuffer(&shaContext, &ctx->sysCtx); - return err; } -#ifndef _APPLE_CDSA_ -/* I'm not sure what this is for */ -SSLErr -ReadyRandom(SSLRandomCtx *rsaRandom, SSLContext *ctx) -{ SSLErr err; - SSLBuffer randomSeedBuf; - UInt8 randomSeed[32]; - int rsaResult; -#if RSAREF - unsigned int bytesNeeded; - - if (R_RandomInit(rsaRandom) != 0) - return ERR(SSLUnknownErr); - if (R_GetRandomBytesNeeded(&bytesNeeded, rsaRandom) != 0) - return ERR(SSLUnknownErr); - - randomSeedBuf.data = randomSeed; - randomSeedBuf.length = 32; - - while (bytesNeeded > 0) - { if (ERR(err = ctx->sysCtx.random(randomSeedBuf, ctx->sysCtx.randomRef)) != 0) - return err; - if ((rsaResult = R_RandomUpdate(rsaRandom, randomSeed, 32)) != 0) - return ERR(SSLUnknownErr); - - if (bytesNeeded >= 32) - bytesNeeded -= 32; - else - bytesNeeded = 0; - } -#elif BSAFE - static B_ALGORITHM_OBJ random; - B_ALGORITHM_METHOD *chooser[] = { &AM_MD5_RANDOM, 0 }; - - if ((rsaResult = B_CreateAlgorithmObject(rsaRandom)) != 0) - return ERR(SSLUnknownErr); - if ((rsaResult = B_SetAlgorithmInfo(*rsaRandom, AI_MD5Random, 0)) != 0) - return ERR(SSLUnknownErr); - if ((rsaResult = B_RandomInit(*rsaRandom, chooser, NO_SURR)) != 0) - return ERR(SSLUnknownErr); - randomSeedBuf.data = randomSeed; - randomSeedBuf.length = 32; - if (ERR(err = ctx->sysCtx.random(randomSeedBuf, ctx->sysCtx.randomRef)) != 0) - return err; - if ((rsaResult = B_RandomUpdate(*rsaRandom, randomSeedBuf.data, randomSeedBuf.length, NO_SURR)) != 0) - return ERR(SSLUnknownErr); -#endif /* RSAREF / BSAFE */ - - return SSLNoErr; -} -#endif /* APPLE_CDSA */ diff --git a/SecureTransport/hdskkyex.c b/SecureTransport/hdskkyex.c index 495c3913..9900d1b7 100644 --- a/SecureTransport/hdskkyex.c +++ b/SecureTransport/hdskkyex.c @@ -79,14 +79,18 @@ #include "digests.h" #endif +#include #include -#if _APPLE_CDSA_ /* - * For this config, just for this file, we'll do this typedef.... + * Client RSA Key Exchange msgs actually start with a two-byte + * length field, contrary to the first version of RFC 2246, dated + * January 1999. See RFC 2246, March 2002, section 7.4.7.1 for + * updated requirements. */ +#define RSA_CLIENT_KEY_ADD_LENGTH 1 + typedef CSSM_KEY_PTR SSLRSAPrivateKey; -#endif static SSLErr SSLEncodeRSAServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx); static SSLErr SSLEncodeRSAKeyParams(SSLBuffer *keyParams, SSLRSAPrivateKey *key, SSLContext *ctx); @@ -135,37 +139,21 @@ SSLEncodeRSAServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx) exportKey.data = 0; hashCtx.data = 0; - #if _APPLE_CDSA_ /* we have a public key here... */ CASSERT(ctx->encryptPubKey != NULL); CASSERT(ctx->protocolSide == SSL_ServerSide); if ((err = SSLEncodeRSAKeyParams(&exportKey, &ctx->encryptPubKey, ctx)) != 0) - #else - if (ERR(err = SSLEncodeRSAKeyParams(&exportKey, &ctx->exportKey, ctx)) != 0) - #endif goto fail; -#if RSAREF - localKeyModulusLen = (ctx->localKey.bits + 7)/8; -#elif BSAFE - { A_RSA_KEY *keyInfo; - int rsaResult; - - if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->localKey, KI_RSAPublic)) != 0) - return SSLUnknownErr; - localKeyModulusLen = keyInfo->modulus.len; - } -#elif _APPLE_CDSA_ CASSERT(ctx->signingPubKey != NULL); localKeyModulusLen = sslKeyLengthInBytes(ctx->signingPubKey); -#else -#error No Asymmetric crypto specified -#endif /* RSAREF / BSAFE */ length = exportKey.length + 2 + localKeyModulusLen; /* RSA ouputs a block as long as the modulus */ - keyExch->protocolVersion = SSL_Version_3_0; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + keyExch->protocolVersion = ctx->negProtocolVersion; keyExch->contentType = SSL_handshake; if (ERR(err = SSLAllocBuffer(&keyExch->contents, length+4, &ctx->sysCtx)) != 0) goto fail; @@ -178,9 +166,9 @@ SSLEncodeRSAServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx) progress += exportKey.length; clientRandom.data = ctx->clientRandom; - clientRandom.length = 32; + clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; serverRandom.data = ctx->serverRandom; - serverRandom.length = 32; + serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; hash.data = &hashes[0]; hash.length = 16; @@ -213,32 +201,6 @@ SSLEncodeRSAServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx) goto fail; progress = SSLEncodeInt(progress, localKeyModulusLen, 2); -#if RSAREF - if (RSAPrivateEncrypt(progress, &outputLen, hashes, 36, &ctx->localKey) != 0) /* Sign the structure */ - return ERR(SSLUnknownErr); -#elif BSAFE - { B_ALGORITHM_OBJ rsa; - B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_ENCRYPT, &AM_RSA_CRT_ENCRYPT, 0 }; - int rsaResult; - UInt32 encryptedOut; - - if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPrivate, 0)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_EncryptInit(rsa, ctx->localKey, chooser, NO_SURR)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_EncryptUpdate(rsa, progress, - &encryptedOut, localKeyModulusLen, hashes, 36, 0, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen = encryptedOut; - if ((rsaResult = B_EncryptFinal(rsa, progress+outputLen, - &encryptedOut, localKeyModulusLen-outputLen, 0, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen += encryptedOut; - B_DestroyAlgorithmObject(&rsa); - } -#elif _APPLE_CDSA_ err = sslRsaRawSign(ctx, ctx->signingPrivKey, ctx->signingKeyCsp, @@ -250,7 +212,6 @@ SSLEncodeRSAServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx) if(err) { goto fail; } -#endif /* RSAREF / BSAFE */ CASSERT(outputLen == localKeyModulusLen); err = SSLNoErr; @@ -268,30 +229,6 @@ SSLEncodeRSAKeyParams(SSLBuffer *keyParams, SSLRSAPrivateKey *key, SSLContext *c SSLBuffer modulus, exponent; UInt8 *progress; -#if RSAREF - keyParams->data = 0; - modulus.length = (key->bits + 7) / 8; - modulus.data = key->modulus + MAX_RSA_MODULUS_LEN - modulus.length; - - exponent.length = MAX_RSA_MODULUS_LEN; - exponent.data = key->publicExponent; /* Point at first byte */ - - while (*exponent.data == 0) - { ++exponent.data; - --exponent.length; - } -#elif BSAFE - { A_RSA_KEY *keyInfo; - int rsaResult; - - if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, *key, KI_RSAPublic)) != 0) - return SSLUnknownErr; - modulus.data = keyInfo->modulus.data; - modulus.length = keyInfo->modulus.len; - exponent.data = keyInfo->exponent.data; - exponent.length = keyInfo->exponent.len; - } -#elif _APPLE_CDSA_ err = sslGetPubKeyBits(ctx, *key, ctx->encryptKeyCsp, @@ -302,9 +239,6 @@ SSLEncodeRSAKeyParams(SSLBuffer *keyParams, SSLRSAPrivateKey *key, SSLContext *c SSLFreeBuffer(&exponent, &ctx->sysCtx); return err; } -#else -#error No assymetric crypto specified -#endif /* RSAREF / BSAFE */ if (ERR(err = SSLAllocBuffer(keyParams, modulus.length + exponent.length + 4, &ctx->sysCtx)) != 0) return err; @@ -315,11 +249,9 @@ SSLEncodeRSAKeyParams(SSLBuffer *keyParams, SSLRSAPrivateKey *key, SSLContext *c progress = SSLEncodeInt(progress, exponent.length, 2); memcpy(progress, exponent.data, exponent.length); -#if _APPLE_CDSA_ /* these were mallocd by sslGetPubKeyBits() */ SSLFreeBuffer(&modulus, &ctx->sysCtx); SSLFreeBuffer(&exponent, &ctx->sysCtx); -#endif return SSLNoErr; } @@ -336,7 +268,9 @@ SSLEncodeDHanonServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx) length = 6 + ctx->dhAnonParams.primeLen + ctx->dhAnonParams.generatorLen + ctx->dhExchangePublic.length; - keyExch->protocolVersion = SSL_Version_3_0; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + keyExch->protocolVersion = ctx->negProtocolVersion; keyExch->contentType = SSL_handshake; if (ERR(err = SSLAllocBuffer(&keyExch->contents, length+4, &ctx->sysCtx)) != 0) return err; @@ -390,7 +324,9 @@ SSLEncodeDHanonServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx) length = 6 + params->prime.len + params->base.len + ctx->dhExchangePublic.length; - keyExch->protocolVersion = SSL_Version_3_0; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + keyExch->protocolVersion = ctx->negProtocolVersion; keyExch->contentType = SSL_handshake; if (ERR(err = SSLAllocBuffer(&keyExch->contents, length+4, &ctx->sysCtx)) != 0) return err; @@ -450,12 +386,7 @@ SSLProcessRSAServerKeyExchange(SSLBuffer message, SSLContext *ctx) SSLBuffer tempPubKey, hashOut, hashCtx, clientRandom, serverRandom; UInt16 modulusLen, exponentLen, signatureLen; UInt8 *progress, *modulus, *exponent, *signature; - #if _APPLE_CDSA_ UInt8 hash[36]; - #else - UInt8 hash[20]; - UInt32 outputLen; - #endif /* _APPLE_CDSA_ */ SSLBuffer signedHashes; signedHashes.data = 0; @@ -487,63 +418,10 @@ SSLProcessRSAServerKeyExchange(SSLBuffer message, SSLContext *ctx) return ERR(SSLProtocolErr); } -#if RSAREF - { /* Allocate room for the signed hashes; RSA can encrypt data - as long as the modulus */ - if (ERR(err = SSLAllocBuffer(&signedHashes, (ctx->peerKey.bits + 7)/8, &ctx->sysCtx)) != 0) - return err; - - if ((RSAPublicDecrypt(signedHashes.data, &outputLen, signature, signatureLen, - &ctx->peerKey)) != 0) - { ERR(err = SSLUnknownErr); - goto fail; - } - } -#elif BSAFE - { B_ALGORITHM_OBJ rsa; - B_ALGORITHM_METHOD *chooser[] = { &AM_MD2, &AM_MD5, &AM_RSA_DECRYPT, 0 }; - int rsaResult; - unsigned int decryptLen; - - /* Allocate room for the signed hashes; BSAFE makes sure we don't decode too much data */ - if (ERR(err = SSLAllocBuffer(&signedHashes, 36, &ctx->sysCtx)) != 0) - return err; - - if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPublic, 0)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_DecryptInit(rsa, ctx->peerKey, chooser, NO_SURR)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_DecryptUpdate(rsa, signedHashes.data, &decryptLen, 36, - signature, signatureLen, 0, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen = decryptLen; - if ((rsaResult = B_DecryptFinal(rsa, signedHashes.data+outputLen, - &decryptLen, 36-outputLen, 0, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen += decryptLen; - B_DestroyAlgorithmObject(&rsa); - } -#elif _APPLE_CDSA_ - - /* not yet - calculate the hashes and then do a sig verify */ - -#else -#error No Asymmetric crypto module -#endif - - #ifndef _APPLE_CDSA_ - if (outputLen != 36) - { ERR(err = SSLProtocolErr); - goto fail; - } - #endif - clientRandom.data = ctx->clientRandom; - clientRandom.length = 32; + clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; serverRandom.data = ctx->serverRandom; - serverRandom.length = 32; + serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; tempPubKey.data = message.data; tempPubKey.length = modulusLen + exponentLen + 4; hashOut.data = hash; @@ -560,18 +438,10 @@ SSLProcessRSAServerKeyExchange(SSLBuffer message, SSLContext *ctx) if (ERR(err = SSLHashMD5.final(hashCtx, hashOut)) != 0) goto fail; - #if _APPLE_CDSA_ /* * SHA hash goes right after the MD5 hash */ hashOut.data = hash + 16; - #else - if ((memcmp(hash, signedHashes.data, 16)) != 0) - { ERR(err = SSLProtocolErr); - goto fail; - } - #endif /* _APPLE_CDSA_ */ - hashOut.length = 20; if (ERR(err = SSLFreeBuffer(&hashCtx, &ctx->sysCtx)) != 0) goto fail; @@ -587,8 +457,6 @@ SSLProcessRSAServerKeyExchange(SSLBuffer message, SSLContext *ctx) if (ERR(err = SSLHashSHA1.final(hashCtx, hashOut)) != 0) goto fail; - #if _APPLE_CDSA_ - err = sslRsaRawVerify(ctx, ctx->peerPubKey, ctx->peerPubKeyCsp, @@ -601,54 +469,8 @@ SSLProcessRSAServerKeyExchange(SSLBuffer message, SSLContext *ctx) err); goto fail; } - - #else /* old BSAFE/RSAREF */ - - if ((memcmp(hash, signedHashes.data + 16, 20)) != 0) - { ERR(err = SSLProtocolErr); - goto fail; - } - - #endif -/* Signature matches; now replace server key with new key */ -#if RSAREF - memset(&ctx->peerKey, 0, sizeof(R_RSA_PUBLIC_KEY)); - memcpy(ctx->peerKey.modulus + (MAX_RSA_MODULUS_LEN - modulusLen), - modulus, modulusLen); - memcpy(ctx->peerKey.exponent + (MAX_RSA_MODULUS_LEN - exponentLen), - exponent, exponentLen); - -/* Adjust bit length for leading zeros in value; assume no more than 8 leading zero bits */ - { unsigned int bitAdjust; - UInt8 c; - - c = modulus[0]; - - bitAdjust = 8; - while (c != 0) - { --bitAdjust; - c >>= 1; - } - ctx->peerKey.bits = modulusLen * 8 - bitAdjust; - } - err = SSLNoErr; -#elif BSAFE - { A_RSA_KEY pubKeyInfo; - int rsaErr; - - pubKeyInfo.modulus.data = modulus; - pubKeyInfo.modulus.len = modulusLen; - pubKeyInfo.exponent.data = exponent; - pubKeyInfo.exponent.len = exponentLen; - - if ((rsaErr = B_CreateKeyObject(&ctx->peerKey)) != 0) - return SSLUnknownErr; - if ((rsaErr = B_SetKeyInfo(ctx->peerKey, KI_RSAPublic, (POINTER)&pubKeyInfo)) != 0) - return SSLUnknownErr; - } - err = SSLNoErr; -#elif _APPLE_CDSA_ + /* Signature matches; now replace server key with new key */ { SSLBuffer modBuf; SSLBuffer expBuf; @@ -669,9 +491,6 @@ SSLProcessRSAServerKeyExchange(SSLBuffer message, SSLContext *ctx) &ctx->peerPubKey, &ctx->peerPubKeyCsp); } -#else -#error No Assymmetric crypto module -#endif /* RSAREF / BSAFE */ fail: ERR(SSLFreeBuffer(&signedHashes, &ctx->sysCtx)); ERR(SSLFreeBuffer(&hashCtx, &ctx->sysCtx)); @@ -816,133 +635,86 @@ SSLDecodeRSAKeyExchange(SSLBuffer keyExchange, SSLContext *ctx) { SSLErr err; SSLBuffer result; UInt32 outputLen, localKeyModulusLen; - SSLRSAPrivateKey *key; + CSSM_KEY_PTR *key; SSLProtocolVersion version; Boolean useEncryptKey = false; + UInt8 *src = NULL; + - #if _APPLE_CDSA_ - - /* different key names, also need CSP handle */ - CSSM_CSP_HANDLE cspHand; - - CASSERT(ctx->protocolSide == SSL_ServerSide); - - /* - * FIXME - The original SSLRef looked at - * ctx->selectedCipherSpec->keyExchangeMethod to decide which - * key to use (exportKey or localKey). I really don't think we - * want to use that - it's constant. We need to look at - * whether the app specified encrypting certs, right? - */ - #if SSL_SERVER_KEYEXCH_HACK - /* - * the way we work with Netscape. - * FIXME - maybe we should *require* an encryptPrivKey in this - * situation? - */ - if((ctx->selectedCipherSpec->keyExchangeMethod == SSL_RSA_EXPORT) && - (ctx->encryptPrivKey != NULL)) { - useEncryptKey = true; - } - - #else /* !SSL_SERVER_KEYEXCH_HACK */ - /* The "correct" way, I think, which doesn't work with Netscape */ - if (ctx->encryptPrivKey) { - useEncryptKey = true; - } - #endif /* SSL_SERVER_KEYEXCH_HACK */ - if (useEncryptKey) { - key = &ctx->encryptPrivKey; - cspHand = ctx->encryptKeyCsp; - } - else { - key = &ctx->signingPrivKey; - cspHand = ctx->signingKeyCsp; - } - #else /* original SSLRef3 */ - if (ctx->selectedCipherSpec->keyExchangeMethod == SSL_RSA_EXPORT) - key = &ctx->exportKey; - else - key = &ctx->localKey; - #endif /* _APPLE_CDSA_ */ - result.data = 0; + /* different key names, also need CSP handle */ + CSSM_CSP_HANDLE cspHand; + + CASSERT(ctx->protocolSide == SSL_ServerSide); + + /* + * FIXME - The original SSLRef looked at + * ctx->selectedCipherSpec->keyExchangeMethod to decide which + * key to use (exportKey or localKey). I really don't think we + * want to use that - it's constant. We need to look at + * whether the app specified encrypting certs, right? + */ + #if SSL_SERVER_KEYEXCH_HACK + /* + * the way we work with Netscape. + * FIXME - maybe we should *require* an encryptPrivKey in this + * situation? + */ + if((ctx->selectedCipherSpec->keyExchangeMethod == SSL_RSA_EXPORT) && + (ctx->encryptPrivKey != NULL)) { + useEncryptKey = true; + } + + #else /* !SSL_SERVER_KEYEXCH_HACK */ + /* The "correct" way, I think, which doesn't work with Netscape */ + if (ctx->encryptPrivKey) { + useEncryptKey = true; + } + #endif /* SSL_SERVER_KEYEXCH_HACK */ + if (useEncryptKey) { + key = &ctx->encryptPrivKey; + cspHand = ctx->encryptKeyCsp; + } + else { + key = &ctx->signingPrivKey; + cspHand = ctx->signingKeyCsp; + } -#if RSAREF - localKeyModulusLen = (key->bits + 7)/8; -#elif BSAFE - { A_RSA_KEY *keyInfo; - int rsaResult; - - if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, *key, KI_RSAPublic)) != 0) - return SSLUnknownErr; - localKeyModulusLen = keyInfo->modulus.len; - } -#elif _APPLE_CDSA_ localKeyModulusLen = sslKeyLengthInBytes(*key); -#else -#error No assymetric crypto module -#endif /* RSAREF / BSAFE */ - - if (keyExchange.length != localKeyModulusLen) { - errorLog0("SSLDecodeRSAKeyExchange: length error\n"); + + /* + * We have to tolerate incoming key exchange msgs with and without the + * two-byte "encrypted length" field. + */ + if (keyExchange.length == localKeyModulusLen) { + /* no length encoded */ + src = keyExchange.data; + } + else if((keyExchange.length == (localKeyModulusLen + 2)) && + (ctx->negProtocolVersion >= TLS_Version_1_0)) { + /* TLS only - skip the length bytes */ + src = keyExchange.data + 2; + } + else { + errorLog2("SSLDecodeRSAKeyExchange: length error (exp %u got %u)\n", + (unsigned)localKeyModulusLen, (unsigned)keyExchange.length); return ERR(SSLProtocolErr); } - -#if RSAREF - if (ERR(err = SSLAllocBuffer(&result, localKeyModulusLen, &ctx->sysCtx)) != 0) + err = SSLAllocBuffer(&result, localKeyModulusLen, &ctx->sysCtx); + if(err != 0) { return err; - if ((RSAPrivateDecrypt(result.data, &outputLen, keyExchange.data, keyExchange.length, key)) != 0) - { ERR(err = SSLUnknownErr); - goto fail; - } -#elif BSAFE - { B_ALGORITHM_OBJ rsa; - B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_DECRYPT, &AM_RSA_CRT_DECRYPT, 0 }; - int rsaResult; - unsigned int decryptLen; - - /* Allocate room for the premaster secret; BSAFE makes sure we don't decode too much data */ - if (ERR(err = SSLAllocBuffer(&result, 48, &ctx->sysCtx)) != 0) - return err; - - if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPrivate, 0)) != 0) - return SSLUnknownErr; - #ifdef macintosh - /* - * I think this is an SSLRef bug - we need to use the right key here, - * as the RSAREF case above does! - */ - if ((rsaResult = B_DecryptInit(rsa, *key, chooser, NO_SURR)) != 0) - return SSLUnknownErr; - #else /* the SSLRef way */ - if ((rsaResult = B_DecryptInit(rsa, ctx->localKey, chooser, NO_SURR)) != 0) - return SSLUnknownErr; - #endif /* mac/SSLREF */ - if ((rsaResult = B_DecryptUpdate(rsa, result.data, &decryptLen, 48, - keyExchange.data, keyExchange.length, 0, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen = decryptLen; - if ((rsaResult = B_DecryptFinal(rsa, result.data+outputLen, - &decryptLen, 48-outputLen, 0, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen += decryptLen; - B_DestroyAlgorithmObject(&rsa); - } -#elif _APPLE_CDSA_ + } + err = sslRsaDecrypt(ctx, *key, cspHand, - keyExchange.data, - keyExchange.length, + src, + localKeyModulusLen, result.data, 48, &outputLen); if(err) { goto fail; } -#endif if (outputLen != 48) { @@ -959,9 +731,11 @@ SSLDecodeRSAKeyExchange(SSLBuffer keyExchange, SSLContext *ctx) ERR(err = SSLProtocolErr); goto fail; } - if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, 48, &ctx->sysCtx)) != 0) + if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, + SSL_RSA_PREMASTER_SECRET_SIZE, &ctx->sysCtx)) != 0) goto fail; - memcpy(ctx->preMasterSecret.data, result.data, 48); + memcpy(ctx->preMasterSecret.data, result.data, + SSL_RSA_PREMASTER_SECRET_SIZE); err = SSLNoErr; fail: @@ -1041,97 +815,60 @@ static SSLErr SSLEncodeRSAKeyExchange(SSLRecord *keyExchange, SSLContext *ctx) { SSLErr err; UInt32 outputLen, peerKeyModulusLen; - #if !_APPLE_CDSA_ - SSLRandomCtx rsaRandom; - int rsaResult; - #endif - + UInt32 bufLen; + UInt8 *dst; + bool encodeLen = false; + if (ERR(err = SSLEncodeRSAPremasterSecret(ctx)) != 0) return err; - #if !_APPLE_CDSA_ - if (ERR(err = ReadyRandom(&rsaRandom, ctx)) != 0) - return err; - #endif - keyExchange->contentType = SSL_handshake; - keyExchange->protocolVersion = SSL_Version_3_0; - -#if RSAREF - peerKeyModulusLen = (ctx->peerKey.bits + 7)/8; -#elif BSAFE - { A_RSA_KEY *keyInfo; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + keyExchange->protocolVersion = ctx->negProtocolVersion; - if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->peerKey, KI_RSAPublic)) != 0) - return SSLUnknownErr; - peerKeyModulusLen = keyInfo->modulus.len; - } -#elif _APPLE_CDSA_ peerKeyModulusLen = sslKeyLengthInBytes(ctx->peerPubKey); -#else -#error No Assymetric Crypto -#endif /* RSAREF / BSAFE */ - if (ERR(err = SSLAllocBuffer(&keyExchange->contents,peerKeyModulusLen + 4,&ctx->sysCtx)) != 0) + bufLen = peerKeyModulusLen + 4; + #if RSA_CLIENT_KEY_ADD_LENGTH + if(ctx->negProtocolVersion >= TLS_Version_1_0) { + bufLen += 2; + encodeLen = true; + } + #endif + if (ERR(err = SSLAllocBuffer(&keyExchange->contents, + bufLen,&ctx->sysCtx)) != 0) { -#if RSAREF - R_RandomFinal(&rsaRandom); -#elif BSAFE - B_DestroyAlgorithmObject(&rsaRandom); -#endif return err; } + dst = keyExchange->contents.data + 4; + if(encodeLen) { + dst += 2; + } keyExchange->contents.data[0] = SSL_client_key_exchange; - SSLEncodeInt(keyExchange->contents.data + 1, peerKeyModulusLen, 3); -#if RSAREF - if ((rsaResult = RSAPublicEncrypt(keyExchange->contents.data+4, &outputLen, - ctx->preMasterSecret.data, 48, - &ctx->peerKey,&rsaRandom)) != 0) - { R_RandomFinal(&rsaRandom); - return ERR(SSLUnknownErr); - } - - R_RandomFinal(&rsaRandom); - -#elif BSAFE - { B_ALGORITHM_OBJ rsa; - B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_ENCRYPT, 0 }; - int rsaResult; - unsigned int encryptedOut; - - if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPublic, 0)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_EncryptInit(rsa, ctx->peerKey, chooser, NO_SURR)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_EncryptUpdate(rsa, keyExchange->contents.data+4, - &encryptedOut, peerKeyModulusLen, ctx->preMasterSecret.data, 48, rsaRandom, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen = encryptedOut; - if ((rsaResult = B_EncryptFinal(rsa, keyExchange->contents.data+4+outputLen, - &encryptedOut, peerKeyModulusLen-outputLen, rsaRandom, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen += encryptedOut; - B_DestroyAlgorithmObject(&rsa); - } - - B_DestroyAlgorithmObject(&rsaRandom); -#elif _APPLE_CDSA_ + + /* this is the record payload length */ + SSLEncodeInt(keyExchange->contents.data + 1, bufLen - 4, 3); + if(encodeLen) { + /* the length of the encrypted pre_master_secret */ + SSLEncodeInt(keyExchange->contents.data + 4, + peerKeyModulusLen, 2); + } err = sslRsaEncrypt(ctx, ctx->peerPubKey, /* FIXME - maybe this should be ctx->cspHand */ ctx->peerPubKeyCsp, ctx->preMasterSecret.data, - 48, - keyExchange->contents.data+4, + SSL_RSA_PREMASTER_SECRET_SIZE, + dst, peerKeyModulusLen, &outputLen); if(err) { return err; } -#endif - CASSERT(outputLen + 4 == keyExchange->contents.length); + CASSERT(outputLen == encodeLen ? + keyExchange->contents.length - 6 : + keyExchange->contents.length - 4 ); return SSLNoErr; } @@ -1148,7 +885,9 @@ SSLEncodeDHanonKeyExchange(SSLRecord *keyExchange, SSLContext *ctx) outputLen = ctx->dhExchangePublic.length + 2; keyExchange->contentType = SSL_handshake; - keyExchange->protocolVersion = SSL_Version_3_0; + assert((ctx->negProtocolVersion == SSL_Version_3_0) || + (ctx->negProtocolVersion == TLS_Version_1_0)); + keyExchange->protocolVersion = ctx->negProtocolVersion; if (ERR(err = SSLAllocBuffer(&keyExchange->contents,outputLen + 4,&ctx->sysCtx)) != 0) return err; diff --git a/SecureTransport/nullciph.c b/SecureTransport/nullciph.c index 175cb057..75352b3f 100644 --- a/SecureTransport/nullciph.c +++ b/SecureTransport/nullciph.c @@ -65,12 +65,10 @@ const SSLSymmetricCipher SSLCipherNull = { 0, /* Secret key size */ 0, /* IV size */ 0, /* Block size */ - #ifdef _APPLE_CDSA_ CSSM_ALGID_NONE, CSSM_ALGID_NONE, CSSM_ALGMODE_NONE, CSSM_PADDING_NONE, - #endif /* _APPLE_CDSA */ NullInit, NullCrypt, NullCrypt, diff --git a/SecureTransport/privateInc/appleCdsa.h b/SecureTransport/privateInc/appleCdsa.h index d51ff3aa..adcbe00f 100644 --- a/SecureTransport/privateInc/appleCdsa.h +++ b/SecureTransport/privateInc/appleCdsa.h @@ -47,12 +47,19 @@ extern char *stCssmErrToStr(CSSM_RETURN err); #define stPrintCdsaError(o, cr) #endif +extern SSLErr sslSetUpSymmKey( + CSSM_KEY_PTR symKey, + CSSM_ALGORITHMS alg, + CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc. + CSSM_BOOL copyKey, // true: copy keyData false: set by reference + uint8 *keyData, + uint32 keyDataLen); // in bytes + extern SSLErr sslFreeKey(CSSM_CSP_HANDLE cspHand, CSSM_KEY_PTR *key, - #if ST_KEYCHAIN_ENABLE - KCItemRef *kcItem); + #if ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF + SecKeychainRef *kcItem); #else /* !ST_KEYCHAIN_ENABLE */ - /* fixme - will we need kcItem as a CL field ptr? */ void *kcItem); #endif /* ST_KEYCHAIN_ENABLE*/ @@ -95,7 +102,7 @@ extern SSLErr sslVerifyCertChain( */ SSLErr sslRsaRawSign( SSLContext *ctx, - const CSSM_KEY_PTR privKey, + const CSSM_KEY *privKey, CSSM_CSP_HANDLE cspHand, const UInt8 *plainText, UInt32 plainTextLen, @@ -105,7 +112,7 @@ SSLErr sslRsaRawSign( SSLErr sslRsaRawVerify( SSLContext *ctx, - const CSSM_KEY_PTR pubKey, + const CSSM_KEY *pubKey, CSSM_CSP_HANDLE cspHand, const UInt8 *plainText, UInt32 plainTextLen, @@ -117,7 +124,7 @@ SSLErr sslRsaRawVerify( */ SSLErr sslRsaEncrypt( SSLContext *ctx, - const CSSM_KEY_PTR pubKey, + const CSSM_KEY *pubKey, CSSM_CSP_HANDLE cspHand, const UInt8 *plainText, UInt32 plainTextLen, @@ -126,7 +133,7 @@ SSLErr sslRsaEncrypt( UInt32 *actualBytes); // RETURNED SSLErr sslRsaDecrypt( SSLContext *ctx, - const CSSM_KEY_PTR privKey, + const CSSM_KEY *privKey, CSSM_CSP_HANDLE cspHand, const UInt8 *cipherText, UInt32 cipherTextLen, @@ -138,14 +145,14 @@ SSLErr sslRsaDecrypt( * Obtain size of key in bytes. */ extern UInt32 sslKeyLengthInBytes( - const CSSM_KEY_PTR key); + const CSSM_KEY *key); /* * Get raw key bits from an RSA public key. */ SSLErr sslGetPubKeyBits( SSLContext *ctx, - const CSSM_KEY_PTR pubKey, + const CSSM_KEY *pubKey, CSSM_CSP_HANDLE cspHand, SSLBuffer *modulus, // data mallocd and RETURNED SSLBuffer *exponent); // data mallocd and RETURNED diff --git a/SecureTransport/privateInc/appleGlue.h b/SecureTransport/privateInc/appleGlue.h index 428be0e0..5f905f9d 100644 --- a/SecureTransport/privateInc/appleGlue.h +++ b/SecureTransport/privateInc/appleGlue.h @@ -22,7 +22,7 @@ Contains: Glue layer between Apple SecureTransport and original SSLRef code. - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. diff --git a/SecureTransport/privateInc/appleSession.h b/SecureTransport/privateInc/appleSession.h index 90e70594..0d6ab094 100644 --- a/SecureTransport/privateInc/appleSession.h +++ b/SecureTransport/privateInc/appleSession.h @@ -19,9 +19,9 @@ /* File: appleSession.h - Contains: Session storage module, _APPLE_CDSA_ version. + Contains: Session storage module, Apple CDSA version. - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -46,17 +46,16 @@ extern "C" { extern SSLErr sslAddSession ( const SSLBuffer sessionKey, - const SSLBuffer sessionData, - void *sessionRef); + const SSLBuffer sessionData); extern SSLErr sslGetSession ( const SSLBuffer sessionKey, - SSLBuffer *sessionData, - void *sessionRef); + SSLBuffer *sessionData); extern SSLErr sslDeleteSession ( - const SSLBuffer sessionKey, - void *sessionRef); + const SSLBuffer sessionKey); + +extern SSLErr sslCleanupSession(); #ifdef __cplusplus } diff --git a/SecureTransport/privateInc/cipherSpecs.h b/SecureTransport/privateInc/cipherSpecs.h index 95984b99..d41b4876 100644 --- a/SecureTransport/privateInc/cipherSpecs.h +++ b/SecureTransport/privateInc/cipherSpecs.h @@ -21,7 +21,7 @@ Contains: SSLCipherSpec declarations - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. diff --git a/SecureTransport/privateInc/cryptType.h b/SecureTransport/privateInc/cryptType.h index d5da53f8..4043b240 100644 --- a/SecureTransport/privateInc/cryptType.h +++ b/SecureTransport/privateInc/cryptType.h @@ -57,6 +57,7 @@ #include #include "sslPriv.h" #include "sslctx.h" +#include "tls_hmac.h" #ifdef __cplusplus extern "C" { @@ -77,15 +78,12 @@ typedef struct SSLCipherSuite cipherSuite; } SSLCipherMapping; -/* - * Note: we're not changing the digest mechanisms for now; BSAFE - * doesn't provide the necessary "digest clone" op. - */ -typedef SSLErr (*HashInit)(SSLBuffer digestCtx); +typedef SSLErr (*HashInit)(SSLBuffer digestCtx, SSLContext *sslCtx); typedef SSLErr (*HashUpdate)(SSLBuffer digestCtx, SSLBuffer data); -typedef SSLErr (*HashFinal)(SSLBuffer digestCtx, SSLBuffer digest); +/* HashFinal also does HashClose */ +typedef SSLErr (*HashFinal)(SSLBuffer digestCtx, SSLBuffer digest); +typedef SSLErr (*HashClose)(SSLBuffer digestCtx, SSLContext *sslCtx); typedef SSLErr (*HashClone)(SSLBuffer src, SSLBuffer dest); - typedef struct { UInt32 contextSize; UInt32 digestSize; @@ -93,17 +91,39 @@ typedef struct HashInit init; HashUpdate update; HashFinal final; + HashClose close; HashClone clone; } HashReference; -extern const HashReference SSLHashNull; -extern const HashReference SSLHashMD5; -extern const HashReference SSLHashSHA1; +/* + * TLS extension: + * -- new struct HashHmacReference + * -- structs which used to use HashReference now use HashHmacReference + * -- new union HashHmacContext, used in CipherContext. + */ +typedef struct { + const HashReference *hash; + const HMACReference *hmac; +} HashHmacReference; + +typedef union { + SSLBuffer hashCtx; + HMACContextRef hmacCtx; +} HashHmacContext; + +/* these are declared in tls_hmac.c */ +extern const HashHmacReference HashHmacNull; +extern const HashHmacReference HashHmacMD5; +extern const HashHmacReference HashHmacSHA1; + +/* + * Hack to avoid circular dependency with tls_ssl.h. + */ +struct _SslTlsCallouts; -#ifdef _APPLE_CDSA_ /* * All symmetric ciphers go thru CDSA, but we'll keep these callouts for - * now. The major change here is the inclusion of the CipherContext + * now. The major change here from SSLRef3 is the inclusion of the CipherContext * arg, for alg/mode and key storage. */ struct CipherContext; @@ -123,12 +143,6 @@ typedef SSLErr (*SSLFinishFunc)( CipherContext *cipherCtx, SSLContext *ctx); -#else -typedef SSLErr (*SSLKeyFunc)(UInt8 *key, UInt8 *iv, void **cipherRef, SSLContext *ctx); -typedef SSLErr (*SSLCryptFunc)(SSLBuffer src, SSLBuffer dest, void *cipherRef, SSLContext *ctx); -typedef SSLErr (*SSLFinishFunc)(void *cipherRef, SSLContext *ctx); -#endif /* _APPLE_CDSA */ - typedef enum { NotExportable = 0, Exportable = 1 @@ -142,12 +156,10 @@ typedef struct { UInt8 secretKeySize; UInt8 ivSize; UInt8 blockSize; - #ifdef _APPLE_CDSA_ CSSM_ALGORITHMS keyAlg; /* CSSM_ALGID_DES, etc. */ CSSM_ALGORITHMS encrAlg; /* ditto */ CSSM_ENCRYPT_MODE encrMode; /* CSSM_ALGMODE_CBCPadIV8, etc. */ CSSM_PADDING encrPad; - #endif /* _APPLE_CDSA */ SSLKeyFunc initialize; SSLCryptFunc encrypt; SSLCryptFunc decrypt; @@ -157,10 +169,9 @@ typedef struct { #define MAX_DIGEST_SIZE 20 /* SHA digest size = 160 bits */ #define MAX_MAC_PADDING 48 /* MD5 MAC padding size = 48 bytes */ #define MASTER_SECRET_LEN 48 /* master secret = 3 x MD5 hashes concatenated */ -#ifdef __APPLE__ + /* SSL V2 - mac secret is the size of symmetric key, not digest */ #define MAX_SYMKEY_SIZE 24 -#endif /* __APPLE__ */ typedef enum { SSL_NULL_auth, @@ -193,7 +204,7 @@ typedef struct { SSLCipherSuite cipherSpec; Exportability isExportable; KeyExchangeMethod keyExchangeMethod; - const HashReference *macAlgorithm; + const HashHmacReference *macAlgorithm; const SSLSymmetricCipher *cipher; } SSLCipherSpec; diff --git a/SecureTransport/privateInc/digests.h b/SecureTransport/privateInc/digests.h index c24a0bf3..93c71fd8 100644 --- a/SecureTransport/privateInc/digests.h +++ b/SecureTransport/privateInc/digests.h @@ -21,7 +21,7 @@ Contains: HashReference declarations - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -30,13 +30,22 @@ #ifndef _DIGESTS_H_ #define _DIGESTS_H_ 1 +#include "cryptType.h" + #ifdef __cplusplus extern "C" { #endif -extern HashReference SSLHashNull; -extern HashReference SSLHashMD5; -extern HashReference SSLHashSHA1; +/* + * These numbers show up all over the place...might as well hard code 'em once. + */ +#define SSL_MD5_DIGEST_LEN 16 +#define SSL_SHA1_DIGEST_LEN 20 +#define SSL_MAX_DIGEST_LEN 20 + +extern const HashReference SSLHashNull; +extern const HashReference SSLHashMD5; +extern const HashReference SSLHashSHA1; extern void SSLInitMACPads(void); extern SSLErr CloneHashState( @@ -48,7 +57,10 @@ extern SSLErr ReadyHash( const HashReference *ref, SSLBuffer *state, SSLContext *ctx); - +extern SSLErr CloseHash( + const HashReference *ref, + SSLBuffer *state, + SSLContext *ctx); #ifdef __cplusplus } diff --git a/SecureTransport/privateInc/ssl.h b/SecureTransport/privateInc/ssl.h index 77c69fb7..5fbaf0c7 100644 --- a/SecureTransport/privateInc/ssl.h +++ b/SecureTransport/privateInc/ssl.h @@ -22,7 +22,7 @@ Contains: convenience header, including public and private parts of original ssl.h - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. diff --git a/SecureTransport/privateInc/sslBuildFlags.h b/SecureTransport/privateInc/sslBuildFlags.h index ca064632..7330a4d7 100644 --- a/SecureTransport/privateInc/sslBuildFlags.h +++ b/SecureTransport/privateInc/sslBuildFlags.h @@ -35,10 +35,10 @@ extern "C" { #endif /* - * This flags functional changes, within SSLRef3 source, made to - * accomodate the Apple SecureTransport library. + * general Keychain functionality. */ -#define _APPLE_CDSA_ 1 + +#define ST_KEYCHAIN_ENABLE 1 /* * Work around the Netscape Server Key Exchange bug. When this is @@ -48,7 +48,7 @@ extern "C" { * -- an export-grade ciphersuite has been negotiated, and * -- an encryptPrivKey is present in the context */ -#define SSL_SERVER_KEYEXCH_HACK 1 +#define SSL_SERVER_KEYEXCH_HACK 0 /* * RSA functions which use a public key to do encryption force @@ -66,6 +66,35 @@ extern "C" { */ #define APPLE_DOMESTIC_CSP_REQUIRED 1 +/* + * CSSM_KEYs obtained from Keychain require a SecKeychainRef to be freed/released. + * True on 9, false on X. + */ +#define ST_KC_KEYS_NEED_REF 0 + +/* + * Initial bringup of server/keychain on X: the certRefs argument of + * SSLSetCertificate() contains one DLDBHandle, not a number of + * SecIdentityRefs. The DLDB contains exactly one private key, and a + * cert with PrintName which matches that key. Public key is obtained + * from the cert. We have to manually attach to the CSPDL in this case. + */ +#define ST_FAKE_KEYCHAIN 0 + +/* + * Flags need for manually attaching to CSPDL for configuration which + * does not contain a working SecKeychainGetCSPHandle(). + */ +#define ST_FAKE_GET_CSPDL_HANDLE 0 + +/* + * We manage trusted certs and pass them to the TP. + * -- OS 9 - true + * -- OS 10, 10.1 - false + * -- Jaguar - TBD. SSLSetNewRootKC and SSLSetTrustedRootCertKC deleted for now. + */ +#define ST_MANAGES_TRUSTED_ROOTS 0 + /* debugging flags */ #ifdef NDEBUG #define SSL_DEBUG 0 diff --git a/SecureTransport/privateInc/sslDebug.h b/SecureTransport/privateInc/sslDebug.h index db23cde5..f6912cf4 100644 --- a/SecureTransport/privateInc/sslDebug.h +++ b/SecureTransport/privateInc/sslDebug.h @@ -42,6 +42,7 @@ #define LOG_VIA_PRINTF 1 #include +#include #if !LOG_VIA_PRINTF @@ -175,16 +176,21 @@ static inline volatile void sslPanic(const char *str) /* log handshake messages */ #define LOG_HDSK_MSG 0 -/* log negotiated handshake paramters */ +/* log negotiated handshake parameters */ #define LOG_NEGOTIATE 0 /* log received protocol messsages */ #define LOG_RX_PROTOCOL 0 +/* log resumable session info */ +#define LOG_RESUM_SESSION 0 + #else /* !SSL_DEBUG - normal build - all flags disabled */ #define LOG_HDSK_STATE 0 -#define LOG_HDSK_MSG 0 +#define LOG_HDSK_MSG 0 #define LOG_NEGOTIATE 0 +#define LOG_RX_PROTOCOL 0 +#define LOG_RESUM_SESSION 0 #endif /* SSL_DEBUG */ #if LOG_HDSK_STATE @@ -200,6 +206,12 @@ extern char *hdskStateToStr(SSLHandshakeState state); #define SSLLogHdskMsg(msg, sent) #endif /* LOG_HDSK_STATE */ +#if LOG_RESUM_SESSION +#define SSLLogResumSess(m) printf(m) +#else +#define SSLLogResumSess(m) +#endif /* LOG_RESUM_SESSION */ + /* * A crufty little routine to write cert blobs to disk. * Implemented in appleCdsa.c. diff --git a/SecureTransport/privateInc/sslKeychain.h b/SecureTransport/privateInc/sslKeychain.h index 2edc3f2a..a6795779 100644 --- a/SecureTransport/privateInc/sslKeychain.h +++ b/SecureTransport/privateInc/sslKeychain.h @@ -21,7 +21,7 @@ Contains: Apple Keychain routines - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -35,14 +35,6 @@ #include "sslctx.h" #endif -#include -#include - -#if ST_KEYCHAIN_ENABLE -#include -#include -#endif /* ST_KEYCHAIN_ENABLE */ - #ifdef __cplusplus extern "C" { #endif @@ -65,8 +57,14 @@ parseIncomingCerts( SSLCertificate **destCert, /* &ctx->{localCert,encryptCert} */ CSSM_KEY_PTR *pubKey, /* &ctx->signingPubKey, etc. */ CSSM_KEY_PTR *privKey, /* &ctx->signingPrivKey, etc. */ - CSSM_CSP_HANDLE *cspHand, /* &ctx->signingKeyCsp, etc. */ - KCItemRef *privKeyRef); /* &ctx->signingKeyRef, etc. */ + CSSM_CSP_HANDLE *cspHand /* &ctx->signingKeyCsp, etc. */ + #if ST_KC_KEYS_NEED_REF + , + SecKeychainRef *privKeyRef); /* &ctx->signingKeyRef, etc. */ + #else + ); + #endif ST_KC_KEYS_NEED_REF + #endif /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */ /* @@ -76,7 +74,8 @@ OSStatus addBuiltInCerts ( SSLContextRef ctx); -#if ST_KEYCHAIN_ENABLE +#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS + /* * Given an open Keychain: * -- Get raw cert data, add to array of CSSM_DATAs in @@ -88,7 +87,7 @@ addBuiltInCerts ( OSStatus parseTrustedKeychain( SSLContextRef ctx, - KCRef keyChainRef); + SecKeychainRef keyChainRef); /* * Given a newly encountered root cert (obtained from a peer's cert chain), @@ -100,7 +99,7 @@ sslAddNewRoot( SSLContext *ctx, const CSSM_DATA_PTR rootCert); -#endif /* ST_KEYCHAIN_ENABLE */ +#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */ #ifdef __cplusplus } diff --git a/SecureTransport/privateInc/sslPriv.h b/SecureTransport/privateInc/sslPriv.h index 349bedfd..21392e28 100644 --- a/SecureTransport/privateInc/sslPriv.h +++ b/SecureTransport/privateInc/sslPriv.h @@ -67,11 +67,16 @@ typedef enum } SSLProtocolSide; typedef enum -{ SSL_Version_Undetermined = 0, +{ + /* These values never appear in the actual protocol */ + SSL_Version_Undetermined = 0, SSL_Version_3_0_With_2_0_Hello = 100, SSL_Version_3_0_Only = 101, + TLS_Version_1_0_Only = 202, + /* actual protocol values */ SSL_Version_2_0 = 0x0002, - SSL_Version_3_0 = 0x0300 + SSL_Version_3_0 = 0x0300, + TLS_Version_1_0 = 0x0301 /* TLS 1.0 == SSL 3.1 */ } SSLProtocolVersion; /* @@ -80,6 +85,16 @@ typedef enum */ typedef struct SSLContext SSLContext; +/* + * Some hard-coded constants. + */ + +/* The size of of client- and server-generated random numbers in hello messages. */ +#define SSL_CLIENT_SRVR_RAND_SIZE 32 + +/* The size of the pre-master and master secrets. */ +#define SSL_RSA_PREMASTER_SECRET_SIZE 48 +#define SSL_MASTER_SECRET_SIZE 48 #ifdef __cplusplus } diff --git a/SecureTransport/privateInc/sslalert.h b/SecureTransport/privateInc/sslalert.h index 41ed716d..3b777092 100644 --- a/SecureTransport/privateInc/sslalert.h +++ b/SecureTransport/privateInc/sslalert.h @@ -63,15 +63,28 @@ typedef enum { alert_close_notify = 0, alert_unexpected_message = 10, alert_bad_record_mac = 20, + alert_decryption_failed = 21, /* TLS */ + alert_record_overflow = 22, /* TLS */ alert_decompression_failure = 30, alert_handshake_failure = 40, alert_no_certificate = 41, - alert_bad_certificate = 42, + alert_bad_certificate = 42, /* SSLv3 only */ alert_unsupported_certificate = 43, alert_certificate_revoked = 44, alert_certificate_expired = 45, alert_certificate_unknown = 46, - alert_illegal_parameter = 47 + alert_illegal_parameter = 47, + /* remainder are TLS addenda */ + alert_unknown_ca = 48, + alert_access_denied = 49, + alert_decode_error = 50, + alert_decrypt_error = 51, + alert_export_restriction = 60, + alert_protocol_version = 70, + alert_insufficient_security = 71, + alert_internal_error = 80, + alert_user_canceled = 90, + alert_no_renegotiation = 100 } AlertDescription; SSLErr SSLProcessAlert(SSLRecord rec, SSLContext *ctx); diff --git a/SecureTransport/privateInc/sslalloc.h b/SecureTransport/privateInc/sslalloc.h index 9f6da39b..afe32b7f 100644 --- a/SecureTransport/privateInc/sslalloc.h +++ b/SecureTransport/privateInc/sslalloc.h @@ -21,7 +21,7 @@ Contains: memory allocator declarations - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -75,16 +75,16 @@ SSLErr SSLAllocBuffer(SSLBuffer *buf, UInt32 length, const SystemContext *ctx); SSLErr SSLFreeBuffer(SSLBuffer *buf, const SystemContext *ctx); SSLErr SSLReallocBuffer(SSLBuffer *buf, UInt32 newSize, const SystemContext *ctx); -/* - * Set up/tear down CF allocators. - */ -OSStatus cfSetUpAllocators(SSLContext *ctx); -void cfTearDownAllocators(SSLContext *ctx); - /* * Convenience routines. */ UInt8 *sslAllocCopy(const UInt8 *src, UInt32 len); +SSLErr SSLAllocCopyBuffer( + const SSLBuffer *src, + SSLBuffer **dst); // buffer itself and data mallocd and returned +SSLErr SSLCopyBuffer( + const SSLBuffer *src, + SSLBuffer *dst); // dataÊmallocd and returned #ifdef __cplusplus } diff --git a/SecureTransport/privateInc/sslctx.h b/SecureTransport/privateInc/sslctx.h index cd082838..24ba81c1 100644 --- a/SecureTransport/privateInc/sslctx.h +++ b/SecureTransport/privateInc/sslctx.h @@ -58,55 +58,11 @@ #include #include "sslBuildFlags.h" - -#ifdef _APPLE_CDSA_ - #include -#if ST_KEYCHAIN_ENABLE -#include -#endif /* ST_KEYCHAIN_ENABLE */ - -#endif /* _APPLE_CDSA_ */ - -#ifndef _APPLE_CDSA_ -#include "sslalloc.h" -#endif - #include "sslerrs.h" #include "sslPriv.h" - - -/* - * These were originally in ssl.h; they're not exposed as client-specified - * functions here. - */ -#ifndef _APPLE_CDSA_ -typedef SSLErr (*SSLRandomFunc) ( - SSLBuffer data, - void *randomRef); -typedef SSLErr (*SSLTimeFunc) ( - UInt32 *time, - void *timeRef); -typedef SSLErr (*SSLConvertTimeFunc) ( - UInt32 *time, - void *timeRef); -typedef SSLErr (*SSLAddSessionFunc) ( - SSLBuffer sessionKey, - SSLBuffer sessionData, - void *sessionRef); -typedef SSLErr (*SSLGetSessionFunc) ( - SSLBuffer sessionKey, - SSLBuffer *sessionData, - void *sessionRef); -typedef SSLErr (*SSLDeleteSessionFunc) ( - SSLBuffer sessionKey, - void *sessionRef); -typedef SSLErr (*SSLCheckCertificateFunc) ( - int certCount, - SSLBuffer *derCerts, - void *checkCertificateRef); -#endif /* _APPLE_CDSA_ */ +#include "tls_ssl.h" typedef struct { SSLReadFunc read; @@ -116,46 +72,17 @@ typedef struct struct SystemContext { - /* FIXME - this probably goes away; we keep it as a struct due - * to its pervasive use in calls to SSLAllocBuffer. We have to - * have *an* element in it for compiler reasons. + /* + * This struct is a remnant of the original SSLRef implementation; it + * held things like caller-provided memory allocator callbacks. + * We'll keep the struct (and an instance of it in SSLContext, below) + * around in case we want to use it in SSLAllocBuffer and its siblings. */ - #ifdef _APPLE_CDSA_ int foo; - #else - SSLAllocFunc alloc; - SSLFreeFunc free; - SSLReallocFunc realloc; - void *allocRef; - SSLTimeFunc time; - SSLConvertTimeFunc convertTime; - void *timeRef; - SSLRandomFunc random; - void *randomRef; - #endif /* _APPLE_CDSA_ */ }; typedef struct SystemContext SystemContext; -typedef struct -{ - #ifndef _APPLE_CDSA_ - /* these functions are hard-coded */ - SSLAddSessionFunc addSession; - SSLGetSessionFunc getSession; - SSLDeleteSessionFunc deleteSession; - #endif - void *sessionRef; -} SessionContext; - -#ifndef _APPLE_CDSA_ -/* not used, cert functions via CDSA */ -typedef struct -{ SSLCheckCertificateFunc checkCertFunc; - void *checkCertRef; -} CertificateContext; -#endif - /* * A carryover from original SSLRef 3.0 - we'll store the DER-encoded * certs in an SSLCertificate this way for now; there's a lot of code @@ -165,20 +92,23 @@ typedef struct SSLCertificate { struct SSLCertificate *next; SSLBuffer derCert; - #ifndef _APPLE_CDSA_ - /* but not decoded...we never do that! */ - X509Cert cert; - #endif /* _APPLE_CDSA_ */ } SSLCertificate; #include "cryptType.h" +/* + * An SSLContext contains four of these - one for each of {read,write} and for + * {current, pending}. + */ struct CipherContext -{ const HashReference *hash; - const SSLSymmetricCipher *symCipher; - - #ifdef _APPLE_CDSA_ - +{ + + const HashHmacReference *macRef; /* HMAC (TLS) or digest (SSL) */ + const SSLSymmetricCipher *symCipher; + + /* this is a context which is reused once per record */ + HashHmacContext macCtx; + /* * symKey is obtained from the CSP at cspHand. Normally this * cspHand is the same as ctx->cspHand; some day they might differ. @@ -193,18 +123,12 @@ struct CipherContext /* needed in CDSASymmInit */ uint8 encrypting; - #else - void *symCipherState; - #endif /* _APPLE_CDSA_*/ sslUint64 sequenceNum; uint8 ready; - #ifdef __APPLE__ + /* in SSL2 mode, the macSecret is the same size as the - * cipher key - which is 24 bytes in the 3DDES case. */ + * cipher key - which is 24 bytes in the 3DES case. */ uint8 macSecret[MAX_SYMKEY_SIZE]; - #else - uint8 macSecret[MAX_DIGEST_SIZE]; - #endif /* __APPLE__ */ }; /* typedef in cryptType.h */ @@ -224,39 +148,46 @@ typedef struct DNListElem struct SSLContext { /* - * For _APPLE_CDSA_, SystemContext is empty; we'll leave it in for now - * 'cause it gets passed around so often for SSLAllocBuffer(). + * For Apple CDSA version, SystemContext is empty; we'll leave it in for now + * because it gets passed around so often for SSLAllocBuffer(). */ SystemContext sysCtx; IOContext ioCtx; - SessionContext sessionCtx; - #ifndef _APPLE_CDSA_ - CertificateContext certCtx; - #endif + /* + * For the first two, SSL_Version_Undetermined means "get the best we + * can, up to macProtocolVersion". + */ SSLProtocolVersion reqProtocolVersion; /* requested by app */ SSLProtocolVersion negProtocolVersion; /* negotiated */ + SSLProtocolVersion maxProtocolVersion; /* max allowed by app */ SSLProtocolSide protocolSide; - - #ifdef _APPLE_CDSA_ - + const struct _SslTlsCallouts *sslTslCalls; /* selects between SSLv3 and TLSv1 */ + /* crypto state in CDSA-centric terms */ - CSSM_KEY_PTR signingPrivKey; /* our private signing key */ + CSSM_KEY_PTR signingPrivKey;/* our private signing key */ CSSM_KEY_PTR signingPubKey; /* our public signing key */ CSSM_CSP_HANDLE signingKeyCsp; /* associated DL/CSP */ - #if ST_KEYCHAIN_ENABLE - KCItemRef signingKeyRef; /* for signingPrivKey */ + #if ST_KEYCHAIN_ENABLE + #if ST_KC_KEYS_NEED_REF + SecKeychainRef signingKeyRef; /* for signingPrivKey */ + #else + void *signingKeyRef; /* TBD */ + #endif /* ST_KC_KEYS_NEED_REF */ #endif /* this stuff should probably be #if ST_SERVER_MODE_ENABLE.... */ - CSSM_KEY_PTR encryptPrivKey; /* our private encrypt key, for + CSSM_KEY_PTR encryptPrivKey;/* our private encrypt key, for * server-initiated key exchange */ CSSM_KEY_PTR encryptPubKey; /* public version of above */ CSSM_CSP_HANDLE encryptKeyCsp; #if ST_KEYCHAIN_ENABLE - /* but we'll just do this so we can compile it */ - KCItemRef encryptKeyRef; /* for encryptPrivKey */ + #if ST_KC_KEYS_NEED_REF + SecKeychainRef encryptKeyRef; /* for signingPrivKey */ + #else + void *encryptKeyRef; /* TBD */ + #endif /* ST_KC_KEYS_NEED_REF */ #endif /* ST_KEYCHAIN_ENABLE */ CSSM_KEY_PTR peerPubKey; @@ -284,10 +215,10 @@ struct SSLContext * Keychain to which newly encountered root certs are attempted * to be added. AccessCreds untyped for now. */ - #if ST_KEYCHAIN_ENABLE - KCRef newRootCertKc; + #if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS + SecKeychainRef newRootCertKc; void *accessCreds; - #endif /* ST_KEYCHAIN_ENABLE */ + #endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */ /* for symmetric cipher and RNG */ CSSM_CSP_HANDLE cspHand; @@ -296,27 +227,17 @@ struct SSLContext CSSM_TP_HANDLE tpHand; CSSM_CL_HANDLE clHand; + #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE + /* we manually attach to this for now; eventually we get it from KC */ + CSSM_CSP_HANDLE cspDlHand; + #endif + /* FIXME - how will we represent this? */ void *dhAnonParams; void *peerDHParams; - /* context and allocator for CF */ - CFAllocatorRef cfAllocatorRef; - CFAllocatorContext lCFAllocatorContext; - Boolean allowExpiredCerts; - #else - /* from SSLRef 3.0 */ - SSLRSAPrivateKey localKey; - SSLRSAPrivateKey exportKey; - SSLCertificate *localCert; - SSLCertificate *peerCert; - SSLRSAPublicKey peerKey; - SSLDHParams dhAnonParams; - SSLDHParams peerDHParams; - #endif _APPLE_CDSA_ - SSLBuffer sessionID; SSLBuffer dhPeerPublic; @@ -326,6 +247,9 @@ struct SSLContext SSLBuffer peerID; SSLBuffer resumableSession; + char *peerDomainName; + UInt32 peerDomainNameLen; + CipherContext readCipher; CipherContext writeCipher; CipherContext readPending; @@ -333,29 +257,26 @@ struct SSLContext uint16 selectedCipher; /* currently selected */ const SSLCipherSpec *selectedCipherSpec; /* ditto */ - SSLCipherSpec *validCipherSpecs; /* context's valid specs */ + SSLCipherSpec *validCipherSpecs; /* context's valid specs */ unsigned numValidCipherSpecs; /* size of validCipherSpecs */ SSLHandshakeState state; - #ifdef _APPLE_CDSA_ #if ST_SERVER_MODE_ENABLE SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */ Boolean tryClientAuth; #endif /* ST_SERVER_MODE_ENABLE */ - #else - int requestClientCert; - #endif int certRequested; int certSent; int certReceived; int x509Requested; DNListElem *acceptableDNList; - uint8 clientRandom[32]; - uint8 serverRandom[32]; + uint8 clientRandom[SSL_CLIENT_SRVR_RAND_SIZE]; + uint8 serverRandom[SSL_CLIENT_SRVR_RAND_SIZE]; SSLBuffer preMasterSecret; uint8 masterSecret[48]; + /* running digests of all handshake messages */ SSLBuffer shaState, md5State; SSLBuffer fragmentedMessageCache; @@ -373,12 +294,10 @@ struct SSLContext SSLBuffer receivedDataBuffer; uint32 receivedDataPos; - #ifdef _APPLE_CDSA_ Boolean allowAnyRoot; // don't require known roots #if SSL_DEBUG char *rootCertName; // if non-null, write root cert here #endif /* SSL_DEBUG */ - #endif /* _APPLE_CDSA_ */ }; diff --git a/SecureTransport/privateInc/sslhdshk.h b/SecureTransport/privateInc/sslhdshk.h index 786eed6b..243bc30b 100644 --- a/SecureTransport/privateInc/sslhdshk.h +++ b/SecureTransport/privateInc/sslhdshk.h @@ -154,13 +154,6 @@ SSLErr SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SS /** hdskkeys.c **/ SSLErr SSLEncodeRSAPremasterSecret(SSLContext *ctx); SSLErr SSLEncodeDHPremasterSecret(SSLContext *ctx); -SSLErr SSLCalculateMasterSecret(SSLContext *ctx); SSLErr SSLInitPendingCiphers(SSLContext *ctx); -#ifdef _APPLE_CDSA_ -/* FIXME - TBD */ -SSLErr ReadyRandom(void *randCtx, SSLContext *ctx); -#else -SSLErr ReadyRandom(SSLRandomCtx *rsaRandom, SSLContext *ctx); -#endif #endif /* _SSLHDSHK_H_ */ diff --git a/SecureTransport/privateInc/sslmd5.h b/SecureTransport/privateInc/sslmd5.h deleted file mode 100644 index d8d078f7..00000000 --- a/SecureTransport/privateInc/sslmd5.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* - File: sslmd5.h - - Contains: public API to low-level MD5 module - - Written by: Doug Mitchell, based on Netscape RSARef 3.0, based on RSA code - - Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. - -*/ -/* MD5.H - header file for MD5C.C - */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. - */ - -#ifndef _SSL_MD5_H_ -#define _SSL_MD5_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* these are from aglobal.h, which we really don't want to compile against */ -typedef unsigned long int UINT4; -#define PROTO_LIST(x) x -typedef unsigned char *POINTER; - -/* MD5 context. */ -typedef struct { - UINT4 state[4]; /* state (ABCD) */ - UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; - -void SSLMD5Init PROTO_LIST ((MD5_CTX *)); -void SSLMD5Update PROTO_LIST - ((MD5_CTX *, const unsigned char *, unsigned int)); -void SSLMD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); - -#ifdef __cplusplus -} -#endif - -#endif /* _SSL_MD5_H_ */ diff --git a/SecureTransport/privateInc/sslrec.h b/SecureTransport/privateInc/sslrec.h index c477adad..f83be164 100644 --- a/SecureTransport/privateInc/sslrec.h +++ b/SecureTransport/privateInc/sslrec.h @@ -71,6 +71,11 @@ typedef struct #define DEFAULT_BUFFER_SIZE 4096 SSLErr SSLReadRecord(SSLRecord *rec, SSLContext *ctx); -SSLErr SSLWriteRecord(SSLRecord rec, SSLContext *ctx); + +SSLErr SSLVerifyMac( + UInt8 type, + SSLBuffer data, + UInt8 *compareMAC, + SSLContext *ctx); #endif /* _SSLREC_H_ */ diff --git a/SecureTransport/privateInc/sslsess.h b/SecureTransport/privateInc/sslsess.h index deb13304..58e8e075 100644 --- a/SecureTransport/privateInc/sslsess.h +++ b/SecureTransport/privateInc/sslsess.h @@ -44,17 +44,17 @@ #define SSL_SESSION_ID_LEN 16 /* 16 <= SSL_SESSION_ID_LEN <= 32 */ -SSLErr SSLAddSessionID(const SSLContext *ctx); -SSLErr SSLGetSessionID(SSLBuffer *sessionData, const SSLContext *ctx); -SSLErr SSLDeleteSessionID(const SSLContext *ctx); -SSLErr SSLRetrieveSessionIDIdentifier( +SSLErr SSLAddSessionData(const SSLContext *ctx); +SSLErr SSLGetSessionData(SSLBuffer *sessionData, const SSLContext *ctx); +SSLErr SSLDeleteSessionData(const SSLContext *ctx); +SSLErr SSLRetrieveSessionID( const SSLBuffer sessionData, SSLBuffer *identifier, const SSLContext *ctx); -SSLErr SSLRetrieveSessionIDProtocolVersion( - const SSLBuffer sessionID, +SSLErr SSLRetrieveSessionProtocolVersion( + const SSLBuffer sessionData, SSLProtocolVersion *version, const SSLContext *ctx); -SSLErr SSLInstallSessionID(const SSLBuffer sessionData, SSLContext *ctx); +SSLErr SSLInstallSessionFromData(const SSLBuffer sessionData, SSLContext *ctx); #endif /* _SSLSESS_H_ */ diff --git a/SecureTransport/privateInc/sslutil.h b/SecureTransport/privateInc/sslutil.h index f07587b1..14c41116 100644 --- a/SecureTransport/privateInc/sslutil.h +++ b/SecureTransport/privateInc/sslutil.h @@ -52,6 +52,7 @@ UInt32 SSLDecodeInt(const unsigned char *p, int length); unsigned char *SSLEncodeInt(unsigned char *p, UInt32 value, int length); +UInt8* SSLEncodeUInt64(UInt8 *p, sslUint64 value); void IncrementUInt64(sslUint64 *v); UInt32 SSLGetCertificateChainLength(const SSLCertificate *c); diff --git a/SecureTransport/privateInc/symCipher.h b/SecureTransport/privateInc/symCipher.h index d3d2d7c3..b84286c1 100644 --- a/SecureTransport/privateInc/symCipher.h +++ b/SecureTransport/privateInc/symCipher.h @@ -21,7 +21,7 @@ Contains: CDSA-based symmetric cipher module - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. diff --git a/SecureTransport/privateInc/tls_hmac.h b/SecureTransport/privateInc/tls_hmac.h new file mode 100644 index 00000000..6e6b1c92 --- /dev/null +++ b/SecureTransport/privateInc/tls_hmac.h @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: tls_hmac.h + + Contains: Declarations of HMAC routines used by TLS + + Written by: Doug Mitchell +*/ + +#ifndef _TLS_HMAC_H_ +#define _TLS_HMAC_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "ssl.h" +#include "sslPriv.h" +//#include "sslctx.h" +#include "sslerrs.h" + +/* forward declaration of HMAC object */ +struct HMACReference; + +/* Opaque reference to an HMAC session context */ +struct HMACContext; +typedef struct HMACContext *HMACContextRef; + +/* The HMAC algorithms we support */ +typedef enum { + HA_Null = 0, // i.e., uninitialized + HA_SHA1, + HA_MD5 +} HMAC_Algs; + +/* For convenience..the max size of HMAC, in bytes, this module will ever return */ +#define TLS_HMAC_MAX_SIZE 20 + +/* Create an HMAC session */ +typedef SSLErr (*HMAC_AllocFcn) ( + const struct HMACReference *hmac, + SSLContext *ctx, + const void *keyPtr, + unsigned keyLen, + HMACContextRef *hmacCtx); // RETURNED + +/* Free a session */ +typedef SSLErr (*HMAC_FreeFcn) ( + HMACContextRef hmacCtx); + +/* Reusable init, using same key */ +typedef SSLErr (*HMAC_InitFcn) ( + HMACContextRef hmacCtx); + +/* normal crypt ops */ +typedef SSLErr (*HMAC_UpdateFcn) ( + HMACContextRef hmacCtx, + const void *data, + unsigned dataLen); + +typedef SSLErr (*HMAC_FinalFcn) ( + HMACContextRef hmacCtx, + void *hmac, // mallocd by caller + unsigned *hmacLen); // IN/OUT + +/* one-shot */ +typedef SSLErr (*HMAC_HmacFcn) ( + HMACContextRef hmacCtx, + const void *data, + unsigned dataLen, + void *hmac, // mallocd by caller + unsigned *hmacLen); // IN/OUT + +typedef struct HMACReference { + UInt32 macSize; + HMAC_Algs alg; + HMAC_AllocFcn alloc; + HMAC_FreeFcn free; + HMAC_InitFcn init; + HMAC_UpdateFcn update; + HMAC_FinalFcn final; + HMAC_HmacFcn hmac; +} HMACReference; + +extern const HMACReference TlsHmacNull; +extern const HMACReference TlsHmacSHA1; +extern const HMACReference TlsHmacMD5; + +#ifdef __cplusplus +} +#endif +#endif /* _TLS_HMAC_H_ */ \ No newline at end of file diff --git a/SecureTransport/privateInc/tls_ssl.h b/SecureTransport/privateInc/tls_ssl.h new file mode 100644 index 00000000..0b59ff1c --- /dev/null +++ b/SecureTransport/privateInc/tls_ssl.h @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: tls_ssl.h + + Contains: Declarations of callout struct to provide indirect calls to + SSLv3 and TLS routines. + + Written by: Doug Mitchell +*/ + +#ifndef _TLS_SSL_H_ +#define _TLS_SSL_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "ssl.h" +#include "sslPriv.h" +#include "sslctx.h" +#include "sslrec.h" +#include "cryptType.h" + +/*** + *** Each of {TLS, SSLv3} implements each of these functions. + ***/ + +/* unpack, decrypt, validate one record */ +typedef SSLErr (*decryptRecordFcn) ( + UInt8 type, + SSLBuffer *payload, + SSLContext *ctx); + +/* pack, encrypt, mac, queue one outgoing record */ +typedef SSLErr (*writeRecordFcn) ( + SSLRecord rec, + SSLContext *ctx); + +/* initialize a per-CipherContext HashHmacContext for use in MACing each record */ +typedef SSLErr (*initMacFcn) ( + CipherContext *cipherCtx, // macRef, macSecret valid on entry + // macCtx valid on return + SSLContext *ctx); + +/* free per-CipherContext HashHmacContext */ +typedef SSLErr (*freeMacFcn) ( + CipherContext *cipherCtx); + +/* compute MAC on one record */ +typedef SSLErr (*computeMacFcn) ( + UInt8 type, + SSLBuffer data, + SSLBuffer mac, // caller mallocs data + CipherContext *cipherCtx, // assumes macCtx, macRef + sslUint64 seqNo, + SSLContext *ctx); + +typedef SSLErr (*generateKeyMaterialFcn) ( + SSLBuffer key, // caller mallocs and specifies length of + // required key material here + SSLContext *ctx); + +typedef SSLErr (*generateExportKeyAndIvFcn) ( + SSLContext *ctx, // clientRandom, serverRandom valid + const SSLBuffer clientWriteKey, + const SSLBuffer serverWriteKey, + SSLBuffer finalClientWriteKey, // RETURNED, mallocd by caller + SSLBuffer finalServerWriteKey, // RETURNED, mallocd by caller + SSLBuffer finalClientIV, // RETURNED, mallocd by caller + SSLBuffer finalServerIV); // RETURNED, mallocd by caller + +/* + * On entry: clientRandom, serverRandom, preMasterSecret valid + * On return: masterSecret valid + */ +typedef SSLErr (*generateMasterSecretFcn) ( + SSLContext *ctx); + +typedef SSLErr (*computeFinishedMacFcn) ( + SSLContext *ctx, + SSLBuffer finished, // output - mallocd by caller + SSLBuffer shaMsgState, // clone of running digest of all handshake msgs + SSLBuffer md5MsgState, // ditto + Boolean isServer); + +typedef SSLErr (*computeCertVfyMacFcn) ( + SSLContext *ctx, + SSLBuffer finished, // output - mallocd by caller + SSLBuffer shaMsgState, // clone of running digest of all handshake msgs + SSLBuffer md5MsgState); // ditto + +typedef struct _SslTlsCallouts { + decryptRecordFcn decryptRecord; + writeRecordFcn writeRecord; + initMacFcn initMac; + freeMacFcn freeMac; + computeMacFcn computeMac; + generateKeyMaterialFcn generateKeyMaterial; + generateExportKeyAndIvFcn generateExportKeyAndIv; + generateMasterSecretFcn generateMasterSecret; + computeFinishedMacFcn computeFinishedMac; + computeCertVfyMacFcn computeCertVfyMac; +} SslTlsCallouts; + +/* From ssl3Callouts.c and tls1Callouts.c */ +extern const SslTlsCallouts Ssl3Callouts; +extern const SslTlsCallouts Tls1Callouts; + +/* one callout routine used in common (for now) */ +SSLErr ssl3WriteRecord( + SSLRecord rec, + SSLContext *ctx); + +#ifdef __cplusplus +} +#endif + +#endif /* _TLS_SSL_H_ */ diff --git a/SecureTransport/secureTransport.exp b/SecureTransport/secureTransport.exp index 69077021..81618ffa 100644 --- a/SecureTransport/secureTransport.exp +++ b/SecureTransport/secureTransport.exp @@ -6,12 +6,10 @@ _SSLSetProtocolVersion _SSLGetProtocolVersion _SSLSetConnection _SSLGetNegotiatedProtocolVersion -_SSLSetExportable -_SSLGetExportable -_SSLSetAllowExpiredCerts -_SSLGetAllowExpiredCerts -_SSLSetAllowAnyRoot -_SSLGetAllowAnyRoot +_SSLSetAllowsExpiredCerts +_SSLGetAllowsExpiredCerts +_SSLSetAllowsAnyRoot +_SSLGetAllowsAnyRoot _SSLGetPeerCertificates _SSLSetPeerID _SSLGetNegotiatedCipher diff --git a/SecureTransport/securetransport++.cpp b/SecureTransport/securetransport++.cpp index d052cde3..a00b3493 100644 --- a/SecureTransport/securetransport++.cpp +++ b/SecureTransport/securetransport++.cpp @@ -219,28 +219,33 @@ void SecureTransportCore::enabledCiphers( MacOSError::check(SSLSetEnabledCiphers(mContext, ciphers, numCiphers)); } -bool SecureTransportCore::allowExpiredCerts() const +bool SecureTransportCore::allowsExpiredCerts() const { Boolean allow; - MacOSError::check(SSLGetAllowExpiredCerts(mContext, &allow)); + MacOSError::check(SSLGetAllowsExpiredCerts(mContext, &allow)); return allow; } -void SecureTransportCore::allowExpiredCerts(bool allow) +void SecureTransportCore::allowsExpiredCerts(bool allow) { - MacOSError::check(SSLSetAllowExpiredCerts(mContext, allow)); + MacOSError::check(SSLSetAllowsExpiredCerts(mContext, allow)); } -bool SecureTransportCore::allowUnknownRoots() const +bool SecureTransportCore::allowsUnknownRoots() const { Boolean allow; - MacOSError::check(SSLGetAllowAnyRoot(mContext, &allow)); + MacOSError::check(SSLGetAllowsAnyRoot(mContext, &allow)); return allow; } -void SecureTransportCore::allowUnknownRoots(bool allow) +void SecureTransportCore::allowsUnknownRoots(bool allow) { - MacOSError::check(SSLSetAllowAnyRoot(mContext, allow)); + MacOSError::check(SSLSetAllowsAnyRoot(mContext, allow)); +} + +void SecureTransportCore::peerId(const void *id, size_t length) +{ + MacOSError::check(SSLSetPeerID(mContext, id, length)); } @@ -265,12 +270,12 @@ OSStatus SecureTransportCore::sslReadFunc(SSLConnectionRef connection, return errSSLClosedGraceful; } else return errSSLWouldBlock; - } catch (UnixError &err) { + } catch (const UnixError &err) { *length = 0; if (err.error == ECONNRESET) return errSSLClosedGraceful; throw; - } catch (CssmCommonError &err) { + } catch (const CssmCommonError &err) { *length = 0; return err.osStatus(); } catch (...) { @@ -287,8 +292,8 @@ OSStatus SecureTransportCore::sslWriteFunc(SSLConnectionRef connection, size_t lengthRequested = *length; *length = stc->ioWrite(data, lengthRequested); debug("sslconio", "%p wrote %ld of %ld bytes", stc, *length, lengthRequested); - return *length == lengthRequested ? noErr : errSSLWouldBlock; - } catch (CssmCommonError &err) { + return *length == lengthRequested ? OSStatus(noErr) : OSStatus(errSSLWouldBlock); + } catch (const CssmCommonError &err) { *length = 0; return err.osStatus(); } catch (...) { diff --git a/SecureTransport/securetransport++.h b/SecureTransport/securetransport++.h index 22e15917..69bb8d03 100644 --- a/SecureTransport/securetransport++.h +++ b/SecureTransport/securetransport++.h @@ -48,17 +48,20 @@ public: void version(SSLProtocol v); UInt32 numSupportedCiphers() const; - void supportedCiphers(SSLCipherSuite *ciphers, UInt32 &numCiphers) const; + void supportedCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; UInt32 numEnabledCiphers() const; - void enabledCiphers(SSLCipherSuite *ciphers, UInt32 &numCiphers) const; // get - void enabledCiphers(SSLCipherSuite *ciphers, UInt32 numCiphers); // set + void enabledCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; // get + void enabledCiphers(SSLCipherSuite *ciphers, size_t numCiphers); // set - bool allowExpiredCerts() const; - void allowExpiredCerts(bool allow); + bool allowsExpiredCerts() const; + void allowsExpiredCerts(bool allow); - bool allowUnknownRoots() const; - void allowUnknownRoots(bool allow); + bool allowsUnknownRoots() const; + void allowsUnknownRoots(bool allow); + + void peerId(const void *data, size_t length); + template void peerId(const T &obj) { peerId(&obj, sizeof(obj)); } size_t read(void *data, size_t length); size_t write(const void *data, size_t length); @@ -70,8 +73,8 @@ protected: virtual bool ioAtEnd() const = 0; private: - static OSStatus sslReadFunc(SSLConnectionRef, void *, UInt32 *); - static OSStatus sslWriteFunc(SSLConnectionRef, const void *, UInt32 *); + static OSStatus sslReadFunc(SSLConnectionRef, void *, size_t *); + static OSStatus sslWriteFunc(SSLConnectionRef, const void *, size_t *); bool continueHandshake(); diff --git a/SecureTransport/sha.c b/SecureTransport/sha.c deleted file mode 100644 index 01d87b35..00000000 --- a/SecureTransport/sha.c +++ /dev/null @@ -1,237 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* NIST Secure Hash Algorithm */ -/* heavily modified by Uwe Hollerbach uh@alumni.caltech edu */ -/* from Peter C. Gutmann's implementation as found in */ -/* Applied Cryptography by Bruce Schneier */ - -/* NIST's proposed modification to SHA of 7/11/94 may be */ -/* activated by defining USE_MODIFIED_SHA */ - -#include -#include -#include -#include "st_sha.h" - -/* SHA f()-functions */ - -#define f1(x,y,z) ((x & y) | (~x & z)) -#define f2(x,y,z) (x ^ y ^ z) -#define f3(x,y,z) ((x & y) | (x & z) | (y & z)) -#define f4(x,y,z) (x ^ y ^ z) - -/* SHA constants */ - -#define CONST1 0x5a827999L -#define CONST2 0x6ed9eba1L -#define CONST3 0x8f1bbcdcL -#define CONST4 0xca62c1d6L - -/* 32-bit rotate */ - -#define ROT32(x,n) ((x << n) | (x >> (32 - n))) - -#define FUNC(n,i) \ - temp = ROT32(A,5) + f##n(B,C,D) + E + W[i] + CONST##n; \ - E = D; D = C; C = ROT32(B,30); B = A; A = temp - -/* do SHA transformation */ - -static void sha_transform(SHA_INFO *sha_info) -{ - int i; - LONG temp, A, B, C, D, E, W[80]; - - for (i = 0; i < 16; ++i) { - W[i] = sha_info->data[i]; - } - for (i = 16; i < 80; ++i) { - W[i] = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16]; -#ifdef USE_MODIFIED_SHA - W[i] = ROT32(W[i], 1); -#endif /* USE_MODIFIED_SHA */ - } - A = sha_info->digest[0]; - B = sha_info->digest[1]; - C = sha_info->digest[2]; - D = sha_info->digest[3]; - E = sha_info->digest[4]; -#ifdef UNROLL_LOOPS - FUNC(1, 0); FUNC(1, 1); FUNC(1, 2); FUNC(1, 3); FUNC(1, 4); - FUNC(1, 5); FUNC(1, 6); FUNC(1, 7); FUNC(1, 8); FUNC(1, 9); - FUNC(1,10); FUNC(1,11); FUNC(1,12); FUNC(1,13); FUNC(1,14); - FUNC(1,15); FUNC(1,16); FUNC(1,17); FUNC(1,18); FUNC(1,19); - - FUNC(2,20); FUNC(2,21); FUNC(2,22); FUNC(2,23); FUNC(2,24); - FUNC(2,25); FUNC(2,26); FUNC(2,27); FUNC(2,28); FUNC(2,29); - FUNC(2,30); FUNC(2,31); FUNC(2,32); FUNC(2,33); FUNC(2,34); - FUNC(2,35); FUNC(2,36); FUNC(2,37); FUNC(2,38); FUNC(2,39); - - FUNC(3,40); FUNC(3,41); FUNC(3,42); FUNC(3,43); FUNC(3,44); - FUNC(3,45); FUNC(3,46); FUNC(3,47); FUNC(3,48); FUNC(3,49); - FUNC(3,50); FUNC(3,51); FUNC(3,52); FUNC(3,53); FUNC(3,54); - FUNC(3,55); FUNC(3,56); FUNC(3,57); FUNC(3,58); FUNC(3,59); - - FUNC(4,60); FUNC(4,61); FUNC(4,62); FUNC(4,63); FUNC(4,64); - FUNC(4,65); FUNC(4,66); FUNC(4,67); FUNC(4,68); FUNC(4,69); - FUNC(4,70); FUNC(4,71); FUNC(4,72); FUNC(4,73); FUNC(4,74); - FUNC(4,75); FUNC(4,76); FUNC(4,77); FUNC(4,78); FUNC(4,79); -#else /* !UNROLL_LOOPS */ - for (i = 0; i < 20; ++i) { - FUNC(1,i); - } - for (i = 20; i < 40; ++i) { - FUNC(2,i); - } - for (i = 40; i < 60; ++i) { - FUNC(3,i); - } - for (i = 60; i < 80; ++i) { - FUNC(4,i); - } -#endif /* !UNROLL_LOOPS */ - sha_info->digest[0] += A; - sha_info->digest[1] += B; - sha_info->digest[2] += C; - sha_info->digest[3] += D; - sha_info->digest[4] += E; -} - -/* HACK: OS X #defines LITTLE_ENDIAN (to 1234) in many places.... */ -#ifdef __APPLE__ -#undef LITTLE_ENDIAN -#endif -/* end hack */ - -#ifdef LITTLE_ENDIAN - -/* change endianness of data */ - -static void byte_reverse(LONG *buffer, int count) -{ - int i; - BYTE ct[4], *cp; - - count /= sizeof(LONG); - cp = (BYTE *) buffer; - for (i = 0; i < count; ++i) { - ct[0] = cp[0]; - ct[1] = cp[1]; - ct[2] = cp[2]; - ct[3] = cp[3]; - cp[0] = ct[3]; - cp[1] = ct[2]; - cp[2] = ct[1]; - cp[3] = ct[0]; - cp += sizeof(LONG); - } -} - -#endif /* LITTLE_ENDIAN */ - -/* initialize the SHA digest */ - -void sha_init(SHA_INFO *sha_info) -{ - sha_info->digest[0] = 0x67452301L; - sha_info->digest[1] = 0xefcdab89L; - sha_info->digest[2] = 0x98badcfeL; - sha_info->digest[3] = 0x10325476L; - sha_info->digest[4] = 0xc3d2e1f0L; - sha_info->count_lo = 0L; - sha_info->count_hi = 0L; -} - -/* update the SHA digest */ - -void sha_update(SHA_INFO *sha_info, BYTE *buffer, int count) -{ - if ((sha_info->count_lo + ((LONG) count << 3)) < sha_info->count_lo) { - ++sha_info->count_hi; - } - sha_info->count_lo += (LONG) count << 3; - sha_info->count_hi += (LONG) count >> 29; - while (count >= SHA_BLOCKSIZE) { - memcpy(sha_info->data, buffer, SHA_BLOCKSIZE); -#ifdef LITTLE_ENDIAN - byte_reverse(sha_info->data, SHA_BLOCKSIZE); -#endif /* LITTLE_ENDIAN */ - sha_transform(sha_info); - buffer += SHA_BLOCKSIZE; - count -= SHA_BLOCKSIZE; - } - memcpy(sha_info->data, buffer, count); -} - -/* finish computing the SHA digest */ - -void sha_final(SHA_INFO *sha_info) -{ - int count; - LONG lo_bit_count, hi_bit_count; - - lo_bit_count = sha_info->count_lo; - hi_bit_count = sha_info->count_hi; - count = (int) ((lo_bit_count >> 3) & 0x3f); - ((BYTE *) sha_info->data)[count++] = 0x80; - if (count > 56) { - memset((BYTE *) &sha_info->data + count, 0, 64 - count); -#ifdef LITTLE_ENDIAN - byte_reverse(sha_info->data, SHA_BLOCKSIZE); -#endif /* LITTLE_ENDIAN */ - sha_transform(sha_info); - memset(&sha_info->data, 0, 56); - } else { - memset((BYTE *) &sha_info->data + count, 0, 56 - count); - } -#ifdef LITTLE_ENDIAN - byte_reverse(sha_info->data, SHA_BLOCKSIZE); -#endif /* LITTLE_ENDIAN */ - sha_info->data[14] = hi_bit_count; - sha_info->data[15] = lo_bit_count; - sha_transform(sha_info); -#ifdef LITTLE_ENDIAN - byte_reverse(sha_info->digest, SHA_DIGESTSIZE); -#endif /* LITTLE_ENDIAN */ -} - -/* compute the SHA digest of a FILE stream */ - -#define BLOCK_SIZE 8192 - -void sha_stream(SHA_INFO *sha_info, FILE *fin) -{ - int i; - BYTE data[BLOCK_SIZE]; - - sha_init(sha_info); - while ((i = fread(data, 1, BLOCK_SIZE, fin)) > 0) { - sha_update(sha_info, data, i); - } - sha_final(sha_info); -} - -/* print a SHA digest */ - -void sha_print(SHA_INFO *sha_info) -{ - printf("%08lx %08lx %08lx %08lx %08lx\n", - sha_info->digest[0], sha_info->digest[1], sha_info->digest[2], - sha_info->digest[3], sha_info->digest[4]); -} diff --git a/SecureTransport/ssl2mesg.c b/SecureTransport/ssl2mesg.c index f879e5ab..9be54b22 100644 --- a/SecureTransport/ssl2mesg.c +++ b/SecureTransport/ssl2mesg.c @@ -89,6 +89,7 @@ #endif #include +#include SSLErr SSL2ProcessClientHello(SSLBuffer msg, SSLContext *ctx) @@ -107,25 +108,37 @@ SSL2ProcessClientHello(SSLBuffer msg, SSLContext *ctx) progress = msg.data; version = (SSLProtocolVersion)SSLDecodeInt(progress, 2); - /* FIXME - ensure client isn't slipping under a SSL_Version_3_0_Only spec... */ + if (version > ctx->maxProtocolVersion) { + version = ctx->maxProtocolVersion; + } + /* FIXME - I think this needs work for a SSL_Version_2_0 server, to ensure that + * the client isn't establishing a v3 session. */ if (ctx->negProtocolVersion == SSL_Version_Undetermined) - { if (version > SSL_Version_3_0) - version = SSL_Version_3_0; + { #if LOG_NEGOTIATE dprintf1("===SSL2 server: negVersion was undetermined; is %s\n", protocolVersStr(version)); #endif ctx->negProtocolVersion = version; + if(version >= TLS_Version_1_0) { + ctx->sslTslCalls = &Tls1Callouts; + } + else { + /* default from context init */ + assert(ctx->sslTslCalls == &Ssl3Callouts); + } } else if (ctx->negProtocolVersion == SSL_Version_3_0_With_2_0_Hello) { if (version < SSL_Version_3_0) { errorLog0("SSL2ProcessClientHello: version error\n"); return ERR(SSLProtocolErr); } + /* FIXME - I don't think path is ever taken - we NEVER set any + * protocol var to SSL_Version_3_0_With_2_0_Hello... */ #if LOG_NEGOTIATE dprintf0("===SSL2 server: negVersion was 3_0_With_2_0_Hello; is 3_0\n"); #endif - ctx->negProtocolVersion = SSL_Version_3_0; + ctx->negProtocolVersion = version; } progress += 2; @@ -150,46 +163,79 @@ SSL2ProcessClientHello(SSLBuffer msg, SSLContext *ctx) cipherList = progress; selectedCipher = SSL_NO_SUCH_CIPHERSUITE; - if (ctx->negProtocolVersion == SSL_Version_3_0) /* If we're negotiating an SSL 3.0 session, use SSL 3.0 suites first */ - { for (i = 0; i < cipherKindCount; i++) - { cipherKind = (SSL2CipherKind)SSLDecodeInt(progress, 3); + if (ctx->negProtocolVersion >= SSL_Version_3_0) { + /* If we're negotiating an SSL 3.0 session, use SSL 3.0 suites first */ + for (i = 0; i < cipherKindCount; i++) { + cipherKind = (SSL2CipherKind)SSLDecodeInt(progress, 3); progress += 3; if (selectedCipher != SSL_NO_SUCH_CIPHERSUITE) continue; if ((((UInt32)cipherKind) & 0xFF0000) != 0) continue; /* Skip SSL 2 suites */ matchingCipher = (SSLCipherSuite)((UInt32)cipherKind & 0x00FFFF); - for (j = 0; jnumValidCipherSpecs; j++) - if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher) - { selectedCipher = matchingCipher; + for (j = 0; jnumValidCipherSpecs; j++) { + if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher) { + selectedCipher = matchingCipher; break; } - } - } - - progress = cipherList; - for (i = 0; i < cipherKindCount; i++) - { cipherKind = (SSL2CipherKind)SSLDecodeInt(progress, 3); - progress += 3; - if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE) /* After we find one, just keep advancing progress past the unused ones */ - { if ((((UInt32)cipherKind) & 0xFF0000) != 0) /* If it's a real SSL2 spec, look for it in the list */ - { matchingCipher = SSL_NO_SUCH_CIPHERSUITE; - for (j = 0; j < SSL2CipherMapCount; j++) - if (cipherKind == SSL2CipherMap[j].cipherKind) - { matchingCipher = SSL2CipherMap[j].cipherSuite; - break; - } - } - else /* if the first byte is zero, it's an encoded SSL 3 CipherSuite */ - matchingCipher = (SSLCipherSuite)((UInt32)cipherKind & 0x00FFFF); - if (matchingCipher != SSL_NO_SUCH_CIPHERSUITE) - for (j = 0; j < ctx->numValidCipherSpecs; j++) - if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher) - { selectedCipher = matchingCipher; - break; - } - } - } + } /* searching thru all our valid ciphers */ + } /* for each client cipher */ + } /* v3 or greater */ + + if(selectedCipher == SSL_NO_SUCH_CIPHERSUITE) { + /* try again using SSL2 ciphers only */ + progress = cipherList; + for (i = 0; i < cipherKindCount; i++) { + cipherKind = (SSL2CipherKind)SSLDecodeInt(progress, 3); + progress += 3; + if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE) { + /* After we find one, just keep advancing progress past + * the unused ones */ + if ((((UInt32)cipherKind) & 0xFF0000) != 0) { + /* If it's a real SSL2 spec, look for it in the list */ + matchingCipher = SSL_NO_SUCH_CIPHERSUITE; + for (j = 0; j < SSL2CipherMapCount; j++) { + if (cipherKind == SSL2CipherMap[j].cipherKind) { + matchingCipher = SSL2CipherMap[j].cipherSuite; + break; + } + } + } /* real 3-byte SSL2 suite */ + else { + /* if the first byte is zero, it's an encoded SSL 3 CipherSuite */ + matchingCipher = (SSLCipherSuite)((UInt32)cipherKind & 0x00FFFF); + /* + * One more restriction - if we've negotiated a v2 session, + * ignore this matching cipher if it's not in the SSL2 map. + */ + if(ctx->negProtocolVersion < SSL_Version_3_0) { + int isInMap = 0; + for (j = 0; j < SSL2CipherMapCount; j++) { + if (matchingCipher == SSL2CipherMap[j].cipherSuite) { + isInMap = 1; + break; + } + } + if(!isInMap) { + /* Sorry, no can do */ + matchingCipher = SSL_NO_SUCH_CIPHERSUITE; + } + } /* SSL2 check */ + } /* two-byte suite */ + + /* now see if we are enabled for this cipher */ + if (matchingCipher != SSL_NO_SUCH_CIPHERSUITE) { + for (j = 0; j < ctx->numValidCipherSpecs; j++) { + if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher) { + selectedCipher = matchingCipher; + break; + } + } + } + } /* not ignoring this suite */ + } /* for each suite in the hello msg */ + } /* not found in SSL3 ciphersuites */ + if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE) return ERR(SSLNegotiationErr); @@ -207,14 +253,27 @@ SSL2ProcessClientHello(SSLBuffer msg, SSLContext *ctx) progress += sessionIDLen; ctx->ssl2ChallengeLength = challengeLen; - memset(ctx->clientRandom, 0, 32); - memcpy(ctx->clientRandom+32 - challengeLen, progress, challengeLen); + memset(ctx->clientRandom, 0, SSL_CLIENT_SRVR_RAND_SIZE); + memcpy(ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - challengeLen, + progress, challengeLen); progress += challengeLen; CASSERT(progress == msg.data + msg.length); return SSLNoErr; } +/* + * The SSL v2 spec says that the challenge string sent by the client can be + * between 16 and 32 bytes. However all Netscape enterprise servers actually + * require a 16 byte challenge. Q.v. cdnow.com, store.apple.com. + * Unfortunately this means that when we're trying to do a + * SSL_Version_3_0_With_2_0_Hello negotiation, we have to limit ourself to + * a 16-byte clientRandom, which we have to concatenate to 16 bytes of + * zeroes if we end up with a 3.0 or 3.1 connection. Thus we lose 16 bytes + * of entropy. + */ +#define SSL2_CHALLENGE_LEN 16 + SSLErr SSL2EncodeClientHello(SSLBuffer *msg, SSLContext *ctx) { SSLErr err; @@ -229,7 +288,8 @@ SSL2EncodeClientHello(SSLBuffer *msg, SSLContext *ctx) case SSL_Version_3_0_With_2_0_Hello: /* go for it, see if server can handle upgrading */ useSSL3Ciphers = 1; - version = SSL_Version_3_0; + /* could be SSLv3 or TLSv1 */ + version = ctx->maxProtocolVersion; break; case SSL_Version_2_0: useSSL3Ciphers = 0; @@ -237,6 +297,8 @@ SSL2EncodeClientHello(SSLBuffer *msg, SSLContext *ctx) break; case SSL_Version_3_0_Only: case SSL_Version_3_0: + case TLS_Version_1_0_Only: + case TLS_Version_1_0: default: ASSERTMSG("Bad protocol version for sending SSL 2 Client Hello"); break; @@ -261,16 +323,17 @@ SSL2EncodeClientHello(SSLBuffer *msg, SSLContext *ctx) sessionIDLen = 0; sessionIdentifier.data = 0; if (ctx->resumableSession.data != 0) - { if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) + { if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) return err; sessionIDLen = sessionIdentifier.length; } -/* msg length = 9 + 3 * totalCipherCount + sessionIDLen + 16 bytes of challenge - * Use exactly 16 bytes of challenge because Netscape products have a bug - * that requires this length - */ - if (ERR(err = SSLAllocBuffer(msg, 9 + (3*totalCipherCount) + sessionIDLen + 16, &ctx->sysCtx)) != 0) + /* msg length = 9 + 3 * totalCipherCount + sessionIDLen + 16 bytes of challenge + * Use exactly 16 bytes of challenge because Netscape products have a bug + * that requires this length + */ + if (ERR(err = SSLAllocBuffer(msg, 9 + (3*totalCipherCount) + sessionIDLen + + SSL2_CHALLENGE_LEN, &ctx->sysCtx)) != 0) { ERR(SSLFreeBuffer(&sessionIdentifier, &ctx->sysCtx)); return err; } @@ -280,16 +343,16 @@ SSL2EncodeClientHello(SSLBuffer *msg, SSLContext *ctx) progress = SSLEncodeInt(progress, version, 2); progress = SSLEncodeInt(progress, 3*totalCipherCount, 2); progress = SSLEncodeInt(progress, sessionIDLen, 2); - progress = SSLEncodeInt(progress, 16, 2); + progress = SSLEncodeInt(progress, SSL2_CHALLENGE_LEN, 2); -/* If we can send SSL3 ciphers, encode the two-byte cipher specs into three-byte - * CipherKinds which have a leading 0. - */ + /* If we can send SSL3 ciphers, encode the two-byte cipher specs into three-byte + * CipherKinds which have a leading 0. + */ if (useSSL3Ciphers != 0) for (i = 0; i < ctx->numValidCipherSpecs; i++) progress = SSLEncodeInt(progress, ctx->validCipherSpecs[i].cipherSpec, 3); -/* Now send those SSL2 specs for which we have implementations */ + /* Now send those SSL2 specs for which we have implementations */ for (i = 0; i < SSL2CipherMapCount; i++) for (j = 0; j < ctx->numValidCipherSpecs; j++) if (ctx->validCipherSpecs[j].cipherSpec == SSL2CipherMap[i].cipherSuite) @@ -304,22 +367,24 @@ SSL2EncodeClientHello(SSLBuffer *msg, SSLContext *ctx) } randomData.data = progress; - randomData.length = 16; - #ifdef _APPLE_CDSA_ + randomData.length = SSL2_CHALLENGE_LEN; if ((err = sslRand(ctx, &randomData)) != 0) - #else - if (ERR(err = ctx->sysCtx.random(randomData, ctx->sysCtx.randomRef)) != 0) - #endif { ERR(SSLFreeBuffer(msg, &ctx->sysCtx)); return err; } - progress += 16; - -/* Zero out the first 16 bytes of clientRandom, and store the challenge in the - second 16 bytes */ - memset(ctx->clientRandom, 0, 16); - memcpy(ctx->clientRandom+16, randomData.data, 16); - ctx->ssl2ChallengeLength = 16; + progress += SSL2_CHALLENGE_LEN; + + /* Zero out the first 16 bytes of clientRandom, and store + * the challenge in the second 16 bytes */ + #if (SSL2_CHALLENGE_LEN == SSL_CLIENT_SRVR_RAND_SIZE) + /* this path verified to fail with Netscape Enterprise servers 1/16/02 */ + memcpy(ctx->clientRandom, randomData.data, SSL2_CHALLENGE_LEN); + #else + memset(ctx->clientRandom, 0, SSL_CLIENT_SRVR_RAND_SIZE - SSL2_CHALLENGE_LEN); + memcpy(ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - SSL2_CHALLENGE_LEN, + randomData.data, SSL2_CHALLENGE_LEN); + #endif + ctx->ssl2ChallengeLength = SSL2_CHALLENGE_LEN; CASSERT(progress == msg->data + msg->length); @@ -334,7 +399,9 @@ SSL2ProcessClientMasterKey(SSLBuffer msg, SSLContext *ctx) int clearLength, encryptedLength, keyArgLength; UInt32 secretLength, localKeyModulusLen; UInt8 *progress; - + const CSSM_KEY *decryptKey; + CSSM_CSP_HANDLE decryptCspHand; + if (msg.length < 9) { errorLog0("SSL2ProcessClientMasterKey: msg.length error 1\n"); return ERR(SSLProtocolErr); @@ -356,74 +423,43 @@ SSL2ProcessClientMasterKey(SSLBuffer msg, SSLContext *ctx) return ERR(SSLProtocolErr); } -/* Master key == CLEAR_DATA || SECRET_DATA */ + /* Master key == CLEAR_DATA || SECRET_DATA */ memcpy(ctx->masterSecret, progress, clearLength); progress += clearLength; -#if RSAREF - localKeyModulusLen = (ctx->localKey.bits + 7)/8; -#elif BSAFE - { A_RSA_KEY *keyInfo; - int rsaResult; - - if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->localKey, KI_RSAPublic)) != 0) - return SSLUnknownErr; - localKeyModulusLen = keyInfo->modulus.len; - } -#elif _APPLE_CDSA_ - CASSERT(ctx->encryptPrivKey != NULL); - localKeyModulusLen = sslKeyLengthInBytes(ctx->encryptPrivKey); -#else -#error No Asymmetric crypto -#endif /* RSAREF / BSAFE */ + /* + * Just as in SSL2EncodeServerHello, which key we use depends on the + * app's config. + */ + if(ctx->encryptPrivKey) { + decryptKey = ctx->encryptPrivKey; + CASSERT(ctx->encryptKeyCsp != 0); + decryptCspHand = ctx->encryptKeyCsp; + } + else if(ctx->signingPrivKey) { + decryptKey = ctx->signingPrivKey; + CASSERT(ctx->signingKeyCsp != 0); + decryptCspHand = ctx->signingKeyCsp; + } + else { + /* really should not happen... */ + errorLog0("SSL2ProcessClientMasterKey: No server key!\n"); + return SSLBadStateErr; + } + localKeyModulusLen = sslKeyLengthInBytes(decryptKey); if (encryptedLength != localKeyModulusLen) { errorLog0("SSL2ProcessClientMasterKey: encryptedLength error 1\n"); return ERR(SSLProtocolErr); } -/* Allocate enough room to hold any decrypted value */ + /* Allocate enough room to hold any decrypted value */ if (ERR(err = SSLAllocBuffer(&secretData, encryptedLength, &ctx->sysCtx)) != 0) return err; -#if RSAREF -/* Replace this with code to do decryption at lower level & check PKCS1 padding - for rollback attack */ - if ((RSAPrivateDecrypt(secretData.data, &secretLength, progress, encryptedLength, &ctx->localKey)) != 0) - { ERR(err = SSLFreeBuffer(&secretData, &ctx->sysCtx)); - return ERR(SSLUnknownErr); - } -#elif BSAFE - { B_ALGORITHM_OBJ rsa; - B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_CRT_DECRYPT, 0 }; - int rsaResult; - unsigned int decryptLen; - - if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPrivate, 0)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_DecryptInit(rsa, ctx->localKey, chooser, NO_SURR)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_DecryptUpdate(rsa, secretData.data, &decryptLen, encryptedLength, - progress, encryptedLength, 0, NO_SURR)) != 0) - return SSLUnknownErr; - secretLength = decryptLen; - if ((rsaResult = B_DecryptFinal(rsa, secretData.data+secretLength, - &decryptLen, encryptedLength-secretLength, 0, NO_SURR)) != 0) - return SSLUnknownErr; - secretLength += decryptLen; - B_DestroyAlgorithmObject(&rsa); - } -#elif _APPLE_CDSA_ - /* - * note we use encryptPrivKey, not signingPrivKey - this really is - * a decrypt op. Servers have to be configured with valid encryption cert - * chain to work with SSL2. - */ err = sslRsaDecrypt(ctx, - ctx->encryptPrivKey, - ctx->encryptKeyCsp, + decryptKey, + decryptCspHand, progress, encryptedLength, secretData.data, @@ -433,7 +469,6 @@ SSL2ProcessClientMasterKey(SSLBuffer msg, SSLContext *ctx) SSLFreeBuffer(&secretData, &ctx->sysCtx); return err; } -#endif /* RSAREF / BSAFE */ progress += encryptedLength; @@ -450,7 +485,7 @@ SSL2ProcessClientMasterKey(SSLBuffer msg, SSLContext *ctx) return ERR(SSLProtocolErr); } -/* Stash the IV after the master key in master secret storage */ + /* Stash the IV after the master key in master secret storage */ memcpy(ctx->masterSecret + ctx->selectedCipherSpec->cipher->keySize, progress, keyArgLength); progress += keyArgLength; CASSERT(progress = msg.data + msg.length); @@ -465,26 +500,10 @@ SSL2EncodeClientMasterKey(SSLBuffer *msg, SSLContext *ctx) UInt32 outputLen, peerKeyModulusLen; SSLBuffer keyData; UInt8 *progress; - #ifndef _APPLE_CDSA_ - SSLRandomCtx rsaRandom; - int rsaResult; - #endif -#if RSAREF - peerKeyModulusLen = (ctx->peerKey.bits + 7)/8; -#elif BSAFE - { A_RSA_KEY *keyInfo; - int rsaResult; - - if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->peerKey, KI_RSAPublic)) != 0) - return SSLUnknownErr; - peerKeyModulusLen = keyInfo->modulus.len; - } -#elif _APPLE_CDSA_ peerKeyModulusLen = sslKeyLengthInBytes(ctx->peerPubKey); -#endif /* RSAREF / BSAFE */ -/* Length is 10 + clear key size + encrypted output size + iv size */ + /* Length is 10 + clear key size + encrypted output size + iv size */ length = 10; clearLen = ctx->selectedCipherSpec->cipher->keySize - ctx->selectedCipherSpec->cipher->secretKeySize; length += clearLen; @@ -512,55 +531,15 @@ SSL2EncodeClientMasterKey(SSLBuffer *msg, SSLContext *ctx) keyData.data = ctx->masterSecret; keyData.length = ctx->selectedCipherSpec->cipher->keySize + ctx->selectedCipherSpec->cipher->ivSize; CASSERT(keyData.length <= 48); /* Must be able to store it in the masterSecret array */ - #ifdef _APPLE_CDSA_ if ((err = sslRand(ctx, &keyData)) != 0) - #else - if (ERR(err = ctx->sysCtx.random(keyData, ctx->sysCtx.randomRef)) != 0) - #endif return err; memcpy(progress, ctx->masterSecret, clearLen); progress += clearLen; - #ifndef _APPLE_CDSA_ - if (ERR(err = ReadyRandom(&rsaRandom, ctx)) != 0) - return err; - #endif - -/* Replace this with code to do encryption at lower level & set PKCS1 padding + /* Replace this with code to do encryption at lower level & set PKCS1 padding for rollback attack */ -#if RSAREF - if ((rsaResult = RSAPublicEncrypt(progress, &outputLen, - ctx->masterSecret + clearLen, - ctx->selectedCipherSpec->cipher->keySize - clearLen, - &ctx->peerKey,&rsaRandom)) != 0) - { R_RandomFinal(&rsaRandom); - return ERR(SSLUnknownErr); - } -#elif BSAFE - { B_ALGORITHM_OBJ rsa; - B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_ENCRYPT, 0 }; - unsigned int encryptedOut; - - if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPublic, 0)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_EncryptInit(rsa, ctx->peerKey, chooser, NO_SURR)) != 0) - return SSLUnknownErr; - if ((rsaResult = B_EncryptUpdate(rsa, progress, - &encryptedOut, peerKeyModulusLen, ctx->masterSecret + clearLen, - ctx->selectedCipherSpec->cipher->keySize - clearLen, - rsaRandom, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen = encryptedOut; - if ((rsaResult = B_EncryptFinal(rsa, progress+outputLen, - &encryptedOut, peerKeyModulusLen-outputLen, rsaRandom, NO_SURR)) != 0) - return SSLUnknownErr; - outputLen += encryptedOut; - B_DestroyAlgorithmObject(&rsa); - } -#elif _APPLE_CDSA_ + /* * encrypt only the secret key portion of masterSecret, starting at * clearLen bytes @@ -576,15 +555,8 @@ SSL2EncodeClientMasterKey(SSLBuffer *msg, SSLContext *ctx) if(err) { return err; } -#endif progress += outputLen; - -#if RSAREF - R_RandomFinal(&rsaRandom); -#elif BSAFE - B_DestroyAlgorithmObject(&rsaRandom); -#endif /* copy clear IV to msg buf */ memcpy(progress, ctx->masterSecret + ctx->selectedCipherSpec->cipher->keySize, @@ -627,9 +599,6 @@ SSL2ProcessServerHello(SSLBuffer msg, SSLContext *ctx) int sessionIDMatch, certLen, cipherSpecsLen, connectionIDLen; int i, j; SSL2CipherKind cipherKind; - #ifndef __APPLE__ - SSLBuffer certBuf; - #endif SSLCertificate *cert; SSLCipherSuite matchingCipher = 0; // avoid compiler warning SSLCipherSuite selectedCipher; @@ -678,38 +647,19 @@ SSL2ProcessServerHello(SSLBuffer msg, SSLContext *ctx) return ERR(SSLNegotiationErr); cipherSpecsLen /= 3; - #ifdef __APPLE__ cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate)); if(cert == NULL) { return SSLMemoryErr; } - #else - if (ERR(err = SSLAllocBuffer(&certBuf, sizeof(SSLCertificate), &ctx->sysCtx)) != 0) - return err; - cert = (SSLCertificate*)certBuf.data; - #endif cert->next = 0; if (ERR(err = SSLAllocBuffer(&cert->derCert, certLen, &ctx->sysCtx)) != 0) { - #ifdef __APPLE__ sslFree(cert); - #else - ERR(SSLFreeBuffer(&certBuf, &ctx->sysCtx)); - #endif return err; } memcpy(cert->derCert.data, progress, certLen); progress += certLen; - #ifndef _APPLE_CDSA_ - /* not necessary */ - if (ERR(err = ASNParseX509Certificate(cert->derCert, &cert->cert, ctx)) != 0) - { ERR(SSLFreeBuffer(&cert->derCert, &ctx->sysCtx)); - ERR(SSLFreeBuffer(&certBuf, &ctx->sysCtx)); - return err; - } - #endif ctx->peerCert = cert; - #ifdef _APPLE_CDSA_ /* This cert never gets verified in original SSLRef3 code... */ if((err = sslVerifyCertChain(ctx, ctx->peerCert)) != 0) { return err; @@ -718,9 +668,6 @@ SSL2ProcessServerHello(SSLBuffer msg, SSLContext *ctx) &cert->derCert, &ctx->peerPubKey, &ctx->peerPubKeyCsp)) != 0) - #else - if (ERR(err = X509ExtractPublicKey(&cert->cert.pubKey, &ctx->peerKey)) != 0) - #endif return err; selectedCipher = SSL_NO_SUCH_CIPHERSUITE; @@ -745,7 +692,7 @@ SSL2ProcessServerHello(SSLBuffer msg, SSLContext *ctx) return ERR(SSLNegotiationErr); #if LOG_NEGOTIATE dprintf1("===SSL2 client: selectedCipher 0x%x\n", - selectedCipher); + (unsigned)selectedCipher); #endif ctx->selectedCipher = selectedCipher; @@ -774,11 +721,7 @@ SSL2EncodeServerHello(SSLBuffer *msg, SSLContext *ctx) ctx->ssl2ConnectionIDLength = SSL2_CONNECTION_ID_LENGTH; randomData.data = ctx->serverRandom; randomData.length = ctx->ssl2ConnectionIDLength; - #ifdef _APPLE_CDSA_ if ((err = sslRand(ctx, &randomData)) != 0) - #else - if (ERR(err = ctx->sysCtx.random(randomData, ctx->sysCtx.randomRef)) != 0) - #endif return err; if (ctx->ssl2SessionMatch != 0) @@ -798,20 +741,21 @@ SSL2EncodeServerHello(SSLBuffer *msg, SSLContext *ctx) else { /* First, find the last cert in the chain; it's the one we'll send */ - #if _APPLE_CDSA_ /* - * For Apple, we require an encryptCert here - we'll be encrypting - * with it, after all. + * Use encryptCert if we have it, but allow for the case of app + * specifying one cert which can encrypt and sign. */ - if(ctx->encryptCert == NULL) { - errorLog0("SSL2EncodeServerHello: No encryptCert!\n"); + if(ctx->encryptCert != NULL) { + cert = ctx->encryptCert; + } + else if(ctx->localCert != NULL) { + cert = ctx->localCert; + } + else { + /* really should not happen... */ + errorLog0("SSL2EncodeServerHello: No server cert!\n"); return SSLBadStateErr; } - cert = ctx->encryptCert; - #else - CASSERT(ctx->localCert != 0); - cert = ctx->localCert; - #endif _APPLE_CDSA_ while (cert->next != 0) cert = cert->next; @@ -852,8 +796,8 @@ SSL2ProcessServerVerify(SSLBuffer msg, SSLContext *ctx) { if (msg.length != ctx->ssl2ChallengeLength) return ERR(SSLProtocolErr); - if (memcmp(msg.data, ctx->clientRandom + 32 - ctx->ssl2ChallengeLength, - ctx->ssl2ChallengeLength) != 0) + if (memcmp(msg.data, ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - + ctx->ssl2ChallengeLength, ctx->ssl2ChallengeLength) != 0) return ERR(SSLProtocolErr); return SSLNoErr; @@ -867,8 +811,8 @@ SSL2EncodeServerVerify(SSLBuffer *msg, SSLContext *ctx) return err; msg->data[0] = ssl2_mt_server_verify; - memcpy(msg->data+1, ctx->clientRandom + 32 - ctx->ssl2ChallengeLength, - ctx->ssl2ChallengeLength); + memcpy(msg->data+1, ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - + ctx->ssl2ChallengeLength, ctx->ssl2ChallengeLength); return SSLNoErr; } diff --git a/SecureTransport/ssl2prot.c b/SecureTransport/ssl2prot.c index b96cb60f..9b20f24e 100644 --- a/SecureTransport/ssl2prot.c +++ b/SecureTransport/ssl2prot.c @@ -91,7 +91,9 @@ #include "appleCdsa.h" #endif +#include "digests.h" #include +#include #if LOG_HDSK_MSG @@ -155,10 +157,7 @@ SSL2ProcessMessage(SSLRecord rec, SSLContext *ctx) switch (msg) { case ssl2_mt_error: - #if _APPLE_CDSA_ - /* ref code returned an unitialized local err here */ err = SSLConnectionClosedError; - #endif break; case ssl2_mt_client_hello: if (ctx->state != HandshakeServerUninit) @@ -214,7 +213,7 @@ SSL2ProcessMessage(SSLRecord rec, SSLContext *ctx) if (err == 0) { /* FIXME - use requested or negotiated protocol version here? */ - if (msg == ssl2_mt_client_hello && ctx->negProtocolVersion == SSL_Version_3_0) + if (msg == ssl2_mt_client_hello && (ctx->negProtocolVersion >= SSL_Version_3_0)) { /* Promote this message to SSL 3 protocol */ if (ERR(err = SSL3ReceiveSSL2ClientHello(rec, ctx)) != 0) return err; @@ -244,9 +243,12 @@ SSL2AdvanceHandshake(SSL2MessageType msg, SSLContext *ctx) SSLChangeHdskState(ctx, HandshakeServerHelloUnknownVersion); break; case SSL_Version_3_0_With_2_0_Hello: - ctx->negProtocolVersion = SSL_Version_3_0; + assert((ctx->reqProtocolVersion == SSL_Version_3_0) || + (ctx->reqProtocolVersion == TLS_Version_1_0)); + ctx->negProtocolVersion = ctx->reqProtocolVersion; #if LOG_NEGOTIATE - dprintf0("===SSL client kickstart: negVersion is 3_0\n"); + dprintf2("===SSL client kickstart: negVersion is %d_%d\n", + ctx->negProtocolVersion >> 8, ctx->negProtocolVersion & 0xff); #endif SSLChangeHdskState(ctx, HandshakeServerHello); break; @@ -255,6 +257,8 @@ SSL2AdvanceHandshake(SSL2MessageType msg, SSLContext *ctx) break; case SSL_Version_3_0_Only: case SSL_Version_3_0: + case TLS_Version_1_0_Only: + case TLS_Version_1_0: default: ASSERTMSG("Bad protocol version for sending SSL 2 Client Hello"); break; @@ -272,6 +276,7 @@ SSL2AdvanceHandshake(SSL2MessageType msg, SSLContext *ctx) { SSLChangeHdskState(ctx, HandshakeSSL2ClientMasterKey); break; } + SSLLogResumSess("===RESUMING SSL2 server-side session\n"); if (ERR(err = SSL2InstallSessionKey(ctx)) != 0) return err; /* Fall through for matching session; lame, but true */ @@ -290,7 +295,9 @@ SSL2AdvanceHandshake(SSL2MessageType msg, SSLContext *ctx) return err; } else - { if (ERR(err = SSL2InstallSessionKey(ctx)) != 0) + { + SSLLogResumSess("===RESUMING SSL2 client-side session\n"); + if (ERR(err = SSL2InstallSessionKey(ctx)) != 0) return err; } if (ERR(err = SSL2InitCiphers(ctx)) != 0) @@ -303,13 +310,11 @@ SSL2AdvanceHandshake(SSL2MessageType msg, SSLContext *ctx) /* Handshake is complete; turn ciphers on */ ctx->writeCipher.ready = 1; ctx->readCipher.ready = 1; - #if _APPLE_CDSA_ /* original code never got out of ssl2_mt_client_finished state */ CASSERT(ctx->protocolSide == SSL_ServerSide); SSLChangeHdskState(ctx, HandshakeServerReady); - #endif /* _APPLE_CDSA_ */ if (ctx->peerID.data != 0) - ERR(SSLAddSessionID(ctx)); + ERR(SSLAddSessionData(ctx)); break; case ssl2_mt_server_verify: SSLChangeHdskState(ctx, HandshakeSSL2ServerFinished); @@ -322,13 +327,11 @@ SSL2AdvanceHandshake(SSL2MessageType msg, SSLContext *ctx) /* Handshake is complete; turn ciphers on */ ctx->writeCipher.ready = 1; ctx->readCipher.ready = 1; - #if _APPLE_CDSA_ /* original code never got out of ssl2_mt_server_finished state */ CASSERT(ctx->protocolSide == SSL_ClientSide); SSLChangeHdskState(ctx, HandshakeClientReady); - #endif /* _APPLE_CDSA_ */ if (ctx->peerID.data != 0) - ERR(SSLAddSessionID(ctx)); + ERR(SSLAddSessionData(ctx)); break; case ssl2_mt_error: case ssl2_mt_client_certificate: @@ -351,7 +354,8 @@ SSL2PrepareAndQueueMessage(EncodeSSL2MessageFunc encodeFunc, SSLContext *ctx) logSsl2Msg((SSL2MessageType)rec.contents.data[0], 1); - if (ERR(err = SSLWriteRecord(rec, ctx)) != 0) + assert(ctx->sslTslCalls != NULL); + if (ERR(err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0) { ERR(SSLFreeBuffer(&rec.contents, &ctx->sysCtx)); return err; } @@ -376,7 +380,7 @@ SSL2CompareSessionIDs(SSLContext *ctx) if (ctx->resumableSession.data == 0) return SSLNoErr; - if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, + if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) return err; @@ -396,7 +400,7 @@ SSL2InstallSessionKey(SSLContext *ctx) CASSERT(ctx->ssl2SessionMatch != 0); CASSERT(ctx->resumableSession.data != 0); - if (ERR(err = SSLInstallSessionID(ctx->resumableSession, ctx)) != 0) + if (ERR(err = SSLInstallSessionFromData(ctx->resumableSession, ctx)) != 0) return err; return SSLNoErr; } @@ -409,11 +413,7 @@ SSL2GenerateSessionID(SSLContext *ctx) return err; if (ERR(err = SSLAllocBuffer(&ctx->sessionID, SSL_SESSION_ID_LEN, &ctx->sysCtx)) != 0) return err; - #ifdef _APPLE_CDSA_ if ((err = sslRand(ctx, &ctx->sessionID)) != 0) - #else - if (ERR(err = ctx->sysCtx.random(ctx->sessionID, ctx->sysCtx.randomRef)) != 0) - #endif return err; return SSLNoErr; } @@ -440,7 +440,8 @@ SSL2InitCiphers(SSLContext *ctx) masterKey.data = ctx->masterSecret; masterKey.length = ctx->selectedCipherSpec->cipher->keySize; - challenge.data = ctx->clientRandom + 32 - ctx->ssl2ChallengeLength; + challenge.data = ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - + ctx->ssl2ChallengeLength; challenge.length = ctx->ssl2ChallengeLength; connectionID.data = ctx->serverRandom; connectionID.length = ctx->ssl2ConnectionIDLength; @@ -456,7 +457,7 @@ SSL2InitCiphers(SSLContext *ctx) while (keyMaterialLen) { hashDigest.data = progress; hashDigest.length = SSLHashMD5.digestSize; - if (ERR(err = SSLHashMD5.init(hashContext)) != 0 || + if (ERR(err = SSLHashMD5.init(hashContext, ctx)) != 0 || ERR(err = SSLHashMD5.update(hashContext, masterKey)) != 0 || ERR(err = SSLHashMD5.update(hashContext, variantData)) != 0 || ERR(err = SSLHashMD5.update(hashContext, challenge)) != 0 || @@ -478,8 +479,8 @@ SSL2InitCiphers(SSLContext *ctx) return err; } - ctx->readPending.hash = ctx->selectedCipherSpec->macAlgorithm; - ctx->writePending.hash = ctx->selectedCipherSpec->macAlgorithm; + ctx->readPending.macRef = ctx->selectedCipherSpec->macAlgorithm; + ctx->writePending.macRef = ctx->selectedCipherSpec->macAlgorithm; ctx->readPending.symCipher = ctx->selectedCipherSpec->cipher; ctx->writePending.symCipher = ctx->selectedCipherSpec->cipher; ctx->readPending.sequenceNum = ctx->readCipher.sequenceNum; diff --git a/SecureTransport/ssl2rec.c b/SecureTransport/ssl2rec.c index be1b8c52..f73acfb8 100644 --- a/SecureTransport/ssl2rec.c +++ b/SecureTransport/ssl2rec.c @@ -80,11 +80,9 @@ #include "digests.h" #endif -#ifdef _APPLE_CDSA_ #ifndef _APPLE_GLUE_H_ #include "appleGlue.h" #endif -#endif #include @@ -107,6 +105,7 @@ SSL2ReadRecord(SSLRecord *rec, SSLContext *ctx) case SSL_Version_2_0: break; case SSL_Version_3_0: /* We've negotiated a 3.0 session; we can send an alert */ + case TLS_Version_1_0: SSLFatalSessionAlert(alert_unexpected_message, ctx); return SSLProtocolErr; case SSL_Version_3_0_Only: /* We haven't yet negotiated, but we don't want to support 2.0; just die without an alert */ @@ -131,12 +130,8 @@ SSL2ReadRecord(SSLRecord *rec, SSLContext *ctx) { readData.length = 3 - ctx->amountRead; readData.data = ctx->partialReadBuffer.data + ctx->amountRead; len = readData.length; - #ifdef _APPLE_CDSA_ err = sslIoRead(readData, &len, ctx); if(err != 0) - #else - if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0) - #endif { if (err == SSLWouldBlockErr) ctx->amountRead += len; if (err == SSLIOErr && ctx->amountRead == 0) /* If the session closes on a record boundary, it's graceful */ @@ -164,7 +159,6 @@ SSL2ReadRecord(SSLRecord *rec, SSLContext *ctx) padding = progress[2]; } - #ifdef __APPLE__ /* * FIXME - what's the max record size? * and why doesn't SSLReadRecord parse the 2 or 3 byte header? @@ -174,7 +168,6 @@ SSL2ReadRecord(SSLRecord *rec, SSLContext *ctx) if((contentLen == 0) || (contentLen > 0xffff)) { return SSLProtocolErr; } - #endif progress += headerSize; @@ -187,12 +180,8 @@ SSL2ReadRecord(SSLRecord *rec, SSLContext *ctx) { readData.length = headerSize + contentLen - ctx->amountRead; readData.data = ctx->partialReadBuffer.data + ctx->amountRead; len = readData.length; - #ifdef _APPLE_CDSA_ err = sslIoRead(readData, &len, ctx); if(err != 0) - #else - if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0) - #endif { if (err == SSLWouldBlockErr) ctx->amountRead += len; return err; @@ -238,17 +227,12 @@ SSL2WriteRecord(SSLRecord rec, SSLContext *ctx) out->next = 0; out->sent = 0; - payloadSize = (UInt16) (rec.contents.length + ctx->writeCipher.hash->digestSize); + payloadSize = (UInt16) + (rec.contents.length + ctx->writeCipher.macRef->hash->digestSize); blockSize = ctx->writeCipher.symCipher->blockSize; if (blockSize > 0) { - #ifdef _APPLE_CDSA_ - /* HEY! this netscape code could never work with a block cipher... */ padding = blockSize - (payloadSize % blockSize); - #else - /* bogon */ - padding = blockSize - (payloadSize % blockSize) - 1; - #endif if (padding == blockSize) padding = 0; payloadSize += padding; @@ -274,7 +258,7 @@ SSL2WriteRecord(SSLRecord rec, SSLContext *ctx) payload.length = payloadSize; mac.data = progress; - mac.length = ctx->writeCipher.hash->digestSize; + mac.length = ctx->writeCipher.macRef->hash->digestSize; progress += mac.length; content.data = progress; @@ -290,8 +274,9 @@ SSL2WriteRecord(SSLRecord rec, SSLContext *ctx) secret.data = ctx->writeCipher.macSecret; secret.length = ctx->writeCipher.symCipher->keySize; if (mac.length > 0) - if (ERR(err = SSL2CalculateMAC(secret, content, ctx->writeCipher.sequenceNum.low, - ctx->writeCipher.hash, mac, ctx)) != 0) + if (ERR(err = SSL2CalculateMAC(secret, content, + ctx->writeCipher.sequenceNum.low, + ctx->writeCipher.macRef->hash, mac, ctx)) != 0) goto fail; /* APPLE_CDSA change...*/ @@ -341,9 +326,9 @@ SSL2DecryptRecord(SSLBuffer *payload, SSLContext *ctx) ctx)) != 0) return err; - if (ctx->readCipher.hash->digestSize > 0) /* Optimize away MAC for null case */ - { content.data = payload->data + ctx->readCipher.hash->digestSize; /* Data is after MAC */ - content.length = payload->length - ctx->readCipher.hash->digestSize; + if (ctx->readCipher.macRef->hash->digestSize > 0) /* Optimize away MAC for null case */ + { content.data = payload->data + ctx->readCipher.macRef->hash->digestSize; /* Data is after MAC */ + content.length = payload->length - ctx->readCipher.macRef->hash->digestSize; if (ERR(err = SSL2VerifyMAC(content, payload->data, ctx)) != 0) return err; /* Adjust payload to remove MAC; caller is still responsible for removing padding [if any] */ @@ -364,9 +349,9 @@ SSL2VerifyMAC(SSLBuffer content, UInt8 *compareMAC, SSLContext *ctx) secret.data = ctx->readCipher.macSecret; secret.length = ctx->readCipher.symCipher->keySize; mac.data = calculatedMAC; - mac.length = ctx->readCipher.hash->digestSize; + mac.length = ctx->readCipher.macRef->hash->digestSize; if (ERR(err = SSL2CalculateMAC(secret, content, ctx->readCipher.sequenceNum.low, - ctx->readCipher.hash, mac, ctx)) != 0) + ctx->readCipher.macRef->hash, mac, ctx)) != 0) return err; if (memcmp(mac.data, compareMAC, mac.length) != 0) { #if IGNORE_MAC_FAILURE diff --git a/SecureTransport/ssl3Callouts.c b/SecureTransport/ssl3Callouts.c new file mode 100644 index 00000000..f68a05fb --- /dev/null +++ b/SecureTransport/ssl3Callouts.c @@ -0,0 +1,718 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: ssl3Callouts.c + + Contains: SSLv3-specific routines for SslTlsCallouts. + + Written by: Doug Mitchell +*/ + +#include "sslalloc.h" +#include "tls_ssl.h" +#include "sslutil.h" +#include "digests.h" +#include "ssl2.h" +#include "sslDebug.h" +#include "sslalert.h" +#include +#include + +/* + * ssl3WriteRecord does not send alerts on failure, out of the assumption/fear + * that this might result in a loop (since sending an alert causes ssl3WriteRecord + * to be called). + * + * As far as I can tell, we can use this same routine for SSLv3 and TLSv1, as long + * as we're not trying to use the "variable length padding" feature of TLSv1. + * OpenSSL doesn't use that feature; for now, neither will we. Thus this routine + * is used for the SslTlsCallouts.writeRecord function for both protocols. + */ +SSLErr ssl3WriteRecord( + SSLRecord rec, + SSLContext *ctx) +{ + SSLErr err; + int padding = 0, i; + WaitingRecord *out, *queue; + SSLBuffer buf, payload, mac; + UInt8 *progress; + UInt16 payloadSize,blockSize; + + switch(rec.protocolVersion) { + case SSL_Version_2_0: + return SSL2WriteRecord(rec, ctx); + case SSL_Version_3_0: + case TLS_Version_1_0: + break; + default: + assert(0); + return SSLInternalError; + } + assert(rec.contents.length <= 16384); + + out = 0; + /* Allocate a WaitingRecord to store our ready-to-send record in */ + if ((err = SSLAllocBuffer(&buf, sizeof(WaitingRecord), &ctx->sysCtx)) != 0) + return err; + out = (WaitingRecord*)buf.data; + out->next = 0; + out->sent = 0; + /* Allocate enough room for the transmitted record, which will be: + * 5 bytes of header + + * encrypted contents + + * macLength + + * padding [block ciphers only] + + * padding length field (1 byte) [block ciphers only] + */ + payloadSize = (UInt16) (rec.contents.length + ctx->writeCipher.macRef->hash->digestSize); + blockSize = ctx->writeCipher.symCipher->blockSize; + if (blockSize > 0) + { padding = blockSize - (payloadSize % blockSize) - 1; + payloadSize += padding + 1; + } + out->data.data = 0; + if ((err = SSLAllocBuffer(&out->data, 5 + payloadSize, &ctx->sysCtx)) != 0) + goto fail; + + progress = out->data.data; + *(progress++) = rec.contentType; + progress = SSLEncodeInt(progress, rec.protocolVersion, 2); + progress = SSLEncodeInt(progress, payloadSize, 2); + + /* Copy the contents into the output buffer */ + memcpy(progress, rec.contents.data, rec.contents.length); + payload.data = progress; + payload.length = rec.contents.length; + + progress += rec.contents.length; + /* MAC immediately follows data */ + mac.data = progress; + mac.length = ctx->writeCipher.macRef->hash->digestSize; + progress += mac.length; + + /* MAC the data */ + if (mac.length > 0) /* Optimize away null case */ + { + assert(ctx->sslTslCalls != NULL); + if ((err = ctx->sslTslCalls->computeMac(rec.contentType, + payload, + mac, + &ctx->writeCipher, + ctx->writeCipher.sequenceNum, + ctx)) != 0) + goto fail; + } + + /* Update payload to reflect encrypted data: contents, mac & padding */ + payload.length = payloadSize; + + /* Fill in the padding bytes & padding length field with the padding value; the + * protocol only requires the last byte, + * but filling them all in avoids leaking data + */ + if (ctx->writeCipher.symCipher->blockSize > 0) + for (i = 1; i <= padding + 1; ++i) + payload.data[payload.length - i] = padding; + + /* Encrypt the data */ + if ((err = ctx->writeCipher.symCipher->encrypt(payload, + payload, + &ctx->writeCipher, + ctx)) != 0) + goto fail; + DUMP_BUFFER_NAME("encrypted data", payload); + + /* Enqueue the record to be written from the idle loop */ + if (ctx->recordWriteQueue == 0) + ctx->recordWriteQueue = out; + else + { queue = ctx->recordWriteQueue; + while (queue->next != 0) + queue = queue->next; + queue->next = out; + } + + /* Increment the sequence number */ + IncrementUInt64(&ctx->writeCipher.sequenceNum); + + return SSLNoErr; + +fail: + /* + * Only for if we fail between when the WaitingRecord is allocated and when + * it is queued + */ + SSLFreeBuffer(&out->data, &ctx->sysCtx); + buf.data = (UInt8*)out; + buf.length = sizeof(WaitingRecord); + SSLFreeBuffer(&buf, &ctx->sysCtx); + return ERR(err); +} + +static SSLErr ssl3DecryptRecord( + UInt8 type, + SSLBuffer *payload, + SSLContext *ctx) +{ + SSLErr err; + SSLBuffer content; + + if ((ctx->readCipher.symCipher->blockSize > 0) && + ((payload->length % ctx->readCipher.symCipher->blockSize) != 0)) + { SSLFatalSessionAlert(alert_unexpected_message, ctx); + return ERR(SSLProtocolErr); + } + + /* Decrypt in place */ + DUMP_BUFFER_NAME("encrypted data", (*payload)); + if ((err = ctx->readCipher.symCipher->decrypt(*payload, + *payload, + &ctx->readCipher, + ctx)) != 0) + { SSLFatalSessionAlert(alert_close_notify, ctx); + return ERR(err); + } + DUMP_BUFFER_NAME("decrypted data", (*payload)); + + /* Locate content within decrypted payload */ + content.data = payload->data; + content.length = payload->length - ctx->readCipher.macRef->hash->digestSize; + if (ctx->readCipher.symCipher->blockSize > 0) + { /* padding can't be equal to or more than a block */ + if (payload->data[payload->length - 1] >= ctx->readCipher.symCipher->blockSize) + { SSLFatalSessionAlert(alert_unexpected_message, ctx); + errorLog1("DecryptSSLRecord: bad padding length (%d)\n", + (unsigned)payload->data[payload->length - 1]); + return ERR(SSLProtocolErr); + } + content.length -= 1 + payload->data[payload->length - 1]; + /* Remove block size padding */ + } + + /* Verify MAC on payload */ + if (ctx->readCipher.macRef->hash->digestSize > 0) + /* Optimize away MAC for null case */ + if ((err = SSLVerifyMac(type, content, + payload->data + content.length, ctx)) != 0) + { SSLFatalSessionAlert(alert_bad_record_mac, ctx); + return ERR(err); + } + + *payload = content; /* Modify payload buffer to indicate content length */ + + return SSLNoErr; +} + +/* initialize a per-CipherContext HashHmacContext for use in MACing each record */ +static SSLErr ssl3InitMac ( + CipherContext *cipherCtx, // macRef, macSecret valid on entry + // macCtx valid on return + SSLContext *ctx) +{ + const HashReference *hash; + SSLBuffer *hashCtx; + SSLErr serr; + + assert(cipherCtx->macRef != NULL); + hash = cipherCtx->macRef->hash; + assert(hash != NULL); + + hashCtx = &cipherCtx->macCtx.hashCtx; + if(hashCtx->data != NULL) { + SSLFreeBuffer(hashCtx, &ctx->sysCtx); + } + serr = SSLAllocBuffer(hashCtx, hash->contextSize, &ctx->sysCtx); + if(serr) { + return serr; + } + return SSLNoErr; +} + +static SSLErr ssl3FreeMac ( + CipherContext *cipherCtx) +{ + SSLBuffer *hashCtx; + + assert(cipherCtx != NULL); + /* this can be called on a completely zeroed out CipherContext... */ + if(cipherCtx->macRef == NULL) { + return SSLNoErr; + } + hashCtx = &cipherCtx->macCtx.hashCtx; + if(hashCtx->data != NULL) { + sslFree(hashCtx->data); + hashCtx->data = NULL; + } + hashCtx->length = 0; + return SSLNoErr; +} + +static SSLErr ssl3ComputeMac ( + UInt8 type, + SSLBuffer data, + SSLBuffer mac, // caller mallocs data + CipherContext *cipherCtx, // assumes macCtx, macRef + sslUint64 seqNo, + SSLContext *ctx) +{ + SSLErr err; + UInt8 innerDigestData[MAX_DIGEST_SIZE]; + UInt8 scratchData[11], *progress; + SSLBuffer digest, digestCtx, scratch; + SSLBuffer secret; + + const HashReference *hash; + + assert(cipherCtx != NULL); + assert(cipherCtx->macRef != NULL); + hash = cipherCtx->macRef->hash; + assert(hash != NULL); + assert(hash->macPadSize <= MAX_MAC_PADDING); + assert(hash->digestSize <= MAX_DIGEST_SIZE); + digestCtx = cipherCtx->macCtx.hashCtx; // may be NULL, for null cipher + secret.data = cipherCtx->macSecret; + secret.length = hash->digestSize; + + /* init'd early in SSLNewContext() */ + assert(SSLMACPad1[0] == 0x36 && SSLMACPad2[0] == 0x5C); + + /* + * MAC = hash( MAC_write_secret + pad_2 + + * hash( MAC_write_secret + pad_1 + seq_num + type + + * length + content ) + * ) + */ + if ((err = hash->init(digestCtx, ctx)) != 0) + goto exit; + if ((err = hash->update(digestCtx, secret)) != 0) /* MAC secret */ + goto exit; + scratch.data = SSLMACPad1; + scratch.length = hash->macPadSize; + if ((err = hash->update(digestCtx, scratch)) != 0) /* pad1 */ + goto exit; + progress = scratchData; + progress = SSLEncodeUInt64(progress, seqNo); + *progress++ = type; + progress = SSLEncodeInt(progress, data.length, 2); + scratch.data = scratchData; + scratch.length = 11; + assert(progress = scratchData+11); + if ((err = hash->update(digestCtx, scratch)) != 0) + /* sequenceNo, type & length */ + goto exit; + if ((err = hash->update(digestCtx, data)) != 0) /* content */ + goto exit; + digest.data = innerDigestData; + digest.length = hash->digestSize; + if ((err = hash->final(digestCtx, digest)) != 0) /* figure inner digest */ + goto exit; + + if ((err = hash->init(digestCtx, ctx)) != 0) + goto exit; + if ((err = hash->update(digestCtx, secret)) != 0) /* MAC secret */ + goto exit; + scratch.data = SSLMACPad2; + scratch.length = hash->macPadSize; + if ((err = hash->update(digestCtx, scratch)) != 0) /* pad2 */ + goto exit; + if ((err = hash->update(digestCtx, digest)) != 0) /* inner digest */ + goto exit; + if ((err = hash->final(digestCtx, mac)) != 0) /* figure the mac */ + goto exit; + + err = SSLNoErr; /* redundant, I know */ + +exit: + return err; +} + +#define LOG_GEN_KEY 0 + +/* + * On input, the following are valid: + * MasterSecret[48] + * ClientHello.random[32] + * ServerHello.random[32] + * + * key_block = + * MD5(master_secret + SHA(`A' + master_secret + + * ServerHello.random + + * ClientHello.random)) + + * MD5(master_secret + SHA(`BB' + master_secret + + * ServerHello.random + + * ClientHello.random)) + + * MD5(master_secret + SHA(`CCC' + master_secret + + * ServerHello.random + + * ClientHello.random)) + [...]; + */ +static SSLErr ssl3GenerateKeyMaterial ( + SSLBuffer key, // caller mallocs and specifies length of + // required key material here + SSLContext *ctx) +{ + SSLErr err; + UInt8 leaderData[10]; /* Max of 10 hashes + * (* 16 bytes/hash = 160 bytes of key) */ + UInt8 shaHashData[20], md5HashData[16]; + SSLBuffer shaContext, md5Context; + UInt8 *keyProgress; + int i,j,remaining, satisfied; + SSLBuffer leader, masterSecret, serverRandom, clientRandom, shaHash, md5Hash; + + #if LOG_GEN_KEY + printf("GenerateKey: master "); + for(i=0; imasterSecret[i]); + } + printf("\n"); + #endif + + assert(key.length <= 16 * sizeof(leaderData)); + + leader.data = leaderData; + masterSecret.data = ctx->masterSecret; + masterSecret.length = SSL_MASTER_SECRET_SIZE; + serverRandom.data = ctx->serverRandom; + serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; + clientRandom.data = ctx->clientRandom; + clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; + shaHash.data = shaHashData; + shaHash.length = 20; + md5Hash.data = md5HashData; + md5Hash.length = 16; + + md5Context.data = 0; + shaContext.data = 0; + if ((err = ReadyHash(&SSLHashMD5, &md5Context, ctx)) != 0) + goto fail; + if ((err = ReadyHash(&SSLHashSHA1, &shaContext, ctx)) != 0) + goto fail; + + keyProgress = key.data; + remaining = key.length; + + for (i = 0; remaining > 0; ++i) + { for (j = 0; j <= i; j++) + leaderData[j] = 0x41 + i; /* 'A', 'BB', 'CCC', etc. */ + leader.length = i+1; + + if ((err = SSLHashSHA1.update(shaContext, leader)) != 0) + goto fail; + if ((err = SSLHashSHA1.update(shaContext, masterSecret)) != 0) + goto fail; + if ((err = SSLHashSHA1.update(shaContext, serverRandom)) != 0) + goto fail; + if ((err = SSLHashSHA1.update(shaContext, clientRandom)) != 0) + goto fail; + if ((err = SSLHashSHA1.final(shaContext, shaHash)) != 0) + goto fail; + if ((err = SSLHashMD5.update(md5Context, masterSecret)) != 0) + goto fail; + if ((err = SSLHashMD5.update(md5Context, shaHash)) != 0) + goto fail; + if ((err = SSLHashMD5.final(md5Context, md5Hash)) != 0) + goto fail; + + satisfied = 16; + if (remaining < 16) + satisfied = remaining; + memcpy(keyProgress, md5HashData, satisfied); + remaining -= satisfied; + keyProgress += satisfied; + + if(remaining > 0) { + /* at top of loop, this was done in ReadyHash() */ + if ((err = SSLHashMD5.init(md5Context, ctx)) != 0) + goto fail; + if ((err = SSLHashSHA1.init(shaContext, ctx)) != 0) + goto fail; + } + } + + assert(remaining == 0 && keyProgress == (key.data + key.length)); + err = SSLNoErr; +fail: + SSLFreeBuffer(&md5Context, &ctx->sysCtx); + SSLFreeBuffer(&shaContext, &ctx->sysCtx); + + #if LOG_GEN_KEY + printf("GenerateKey: DONE\n"); + #endif + return err; +} + +static SSLErr ssl3GenerateExportKeyAndIv ( + SSLContext *ctx, // clientRandom, serverRandom valid + const SSLBuffer clientWriteKey, + const SSLBuffer serverWriteKey, + SSLBuffer finalClientWriteKey, // RETURNED, mallocd by caller + SSLBuffer finalServerWriteKey, // RETURNED, mallocd by caller + SSLBuffer finalClientIV, // RETURNED, mallocd by caller + SSLBuffer finalServerIV) // RETURNED, mallocd by caller +{ + SSLErr err; + SSLBuffer hashCtx, serverRandom, clientRandom; + + /* random blobs are 32 bytes */ + serverRandom.data = ctx->serverRandom; + serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; + clientRandom.data = ctx->clientRandom; + clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; + + if ((err = SSLAllocBuffer(&hashCtx, SSLHashMD5.contextSize, &ctx->sysCtx)) != 0) + return err; + /* client write key */ + if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, clientWriteKey)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) + goto fail; + finalClientWriteKey.length = 16; + if ((err = SSLHashMD5.final(hashCtx, finalClientWriteKey)) != 0) + goto fail; + + /* optional client IV */ + if (ctx->selectedCipherSpec->cipher->ivSize > 0) + { if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) + goto fail; + finalClientIV.length = 16; + if ((err = SSLHashMD5.final(hashCtx, finalClientIV)) != 0) + goto fail; + } + + /* server write key */ + if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, serverWriteKey)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) + goto fail; + finalServerWriteKey.length = 16; + if ((err = SSLHashMD5.final(hashCtx, finalServerWriteKey)) != 0) + goto fail; + + /* optional server IV */ + if (ctx->selectedCipherSpec->cipher->ivSize > 0) + { if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0) + goto fail; + if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0) + goto fail; + finalServerIV.length = 16; + if ((err = SSLHashMD5.final(hashCtx, finalServerIV)) != 0) + goto fail; + } + + err = SSLNoErr; +fail: + SSLFreeBuffer(&hashCtx, &ctx->sysCtx); + return err; +} + +/* + * On entry: clientRandom, serverRandom, preMasterSecret valid + * On return: masterSecret valid + */ +static SSLErr ssl3GenerateMasterSecret ( + SSLContext *ctx) +{ + SSLErr err; + SSLBuffer shaState, md5State, clientRandom, + serverRandom, shaHash, md5Hash, leader; + UInt8 *masterProgress, shaHashData[20], leaderData[3]; + int i; + + md5State.data = shaState.data = 0; + if ((err = SSLAllocBuffer(&md5State, SSLHashMD5.contextSize, &ctx->sysCtx)) != 0) + goto fail; + if ((err = SSLAllocBuffer(&shaState, SSLHashSHA1.contextSize, &ctx->sysCtx)) != 0) + goto fail; + + clientRandom.data = ctx->clientRandom; + clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; + serverRandom.data = ctx->serverRandom; + serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; + shaHash.data = shaHashData; + shaHash.length = 20; + + masterProgress = ctx->masterSecret; + + for (i = 1; i <= 3; i++) + { if ((err = SSLHashMD5.init(md5State, ctx)) != 0) + goto fail; + if ((err = SSLHashSHA1.init(shaState, ctx)) != 0) + goto fail; + + leaderData[0] = leaderData[1] = leaderData[2] = 0x40 + i; /* 'A', 'B', etc. */ + leader.data = leaderData; + leader.length = i; + + if ((err = SSLHashSHA1.update(shaState, leader)) != 0) + goto fail; + if ((err = SSLHashSHA1.update(shaState, ctx->preMasterSecret)) != 0) + goto fail; + if ((err = SSLHashSHA1.update(shaState, clientRandom)) != 0) + goto fail; + if ((err = SSLHashSHA1.update(shaState, serverRandom)) != 0) + goto fail; + if ((err = SSLHashSHA1.final(shaState, shaHash)) != 0) + goto fail; + if ((err = SSLHashMD5.update(md5State, ctx->preMasterSecret)) != 0) + goto fail; + if ((err = SSLHashMD5.update(md5State, shaHash)) != 0) + goto fail; + md5Hash.data = masterProgress; + md5Hash.length = 16; + if ((err = SSLHashMD5.final(md5State, md5Hash)) != 0) + goto fail; + masterProgress += 16; + } + + err = SSLNoErr; +fail: + SSLFreeBuffer(&shaState, &ctx->sysCtx); + SSLFreeBuffer(&md5State, &ctx->sysCtx); + return err; +} + +/* common routine to compute a Mac for finished message and cert verify message */ +static SSLErr +ssl3CalculateFinishedMessage( + SSLContext *ctx, + SSLBuffer finished, // mallocd by caller + SSLBuffer shaMsgState, // running total + SSLBuffer md5MsgState, // ditto + UInt32 senderID) // optional, nonzero for finished message +{ + SSLErr err; + SSLBuffer hash, input; + UInt8 sender[4], md5Inner[16], shaInner[20]; + + // assert(finished.length == 36); + + if (senderID != 0) { + SSLEncodeInt(sender, senderID, 4); + input.data = sender; + input.length = 4; + if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) + return err; + if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) + return err; + } + input.data = ctx->masterSecret; + input.length = SSL_MASTER_SECRET_SIZE; + if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) + return err; + if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) + return err; + input.data = SSLMACPad1; + input.length = SSLHashMD5.macPadSize; + if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) + return err; + input.length = SSLHashSHA1.macPadSize; + if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) + return err; + hash.data = md5Inner; + hash.length = 16; + if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0) + return err; + hash.data = shaInner; + hash.length = 20; + if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0) + return err; + if ((err = SSLHashMD5.init(md5MsgState, ctx)) != 0) + return err; + if ((err = SSLHashSHA1.init(shaMsgState, ctx)) != 0) + return err; + input.data = ctx->masterSecret; + input.length = SSL_MASTER_SECRET_SIZE; + if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) + return err; + if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) + return err; + input.data = SSLMACPad2; + input.length = SSLHashMD5.macPadSize; + if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) + return err; + input.length = SSLHashSHA1.macPadSize; + if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) + return err; + input.data = md5Inner; + input.length = 16; + if ((err = SSLHashMD5.update(md5MsgState, input)) != 0) + return err; + hash.data = finished.data; + hash.length = 16; + if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0) + return err; + input.data = shaInner; + input.length = 20; + if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0) + return err; + hash.data = finished.data + 16; + hash.length = 20; + if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0) + return err; + return SSLNoErr; +} + + +static SSLErr ssl3ComputeFinishedMac ( + SSLContext *ctx, + SSLBuffer finished, // output - mallocd by caller + SSLBuffer shaMsgState, // clone of running digest of all handshake msgs + SSLBuffer md5MsgState, // ditto + Boolean isServer) // refers to message, not us +{ + return ssl3CalculateFinishedMessage(ctx, finished, shaMsgState, md5MsgState, + isServer ? SSL_Finished_Sender_Server : SSL_Finished_Sender_Client); +} + +static SSLErr ssl3ComputeCertVfyMac ( + SSLContext *ctx, + SSLBuffer finished, // output - mallocd by caller + SSLBuffer shaMsgState, // clone of running digest of all handshake msgs + SSLBuffer md5MsgState) // ditto +{ + return ssl3CalculateFinishedMessage(ctx, finished, shaMsgState, md5MsgState, 0); +} + +const SslTlsCallouts Ssl3Callouts = { + ssl3DecryptRecord, + ssl3WriteRecord, + ssl3InitMac, + ssl3FreeMac, + ssl3ComputeMac, + ssl3GenerateKeyMaterial, + ssl3GenerateExportKeyAndIv, + ssl3GenerateMasterSecret, + ssl3ComputeFinishedMac, + ssl3ComputeCertVfyMac +}; diff --git a/SecureTransport/sslBER_Dummy.c b/SecureTransport/sslBER_Dummy.c new file mode 100644 index 00000000..3829aef2 --- /dev/null +++ b/SecureTransport/sslBER_Dummy.c @@ -0,0 +1,49 @@ + +/* + File: sslBER_Dummy.cpp + + Contains: stubs of routines in sslBER.cpp to enable standalone + build for indexing purposes. + + Written by: Doug Mitchell + + Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. + +*/ + +#include "ssl.h" +#include "sslalloc.h" +#include "sslDebug.h" +#include "sslBER.h" + +#include + +/* + * Given a PKCS-1 encoded RSA public key, extract the + * modulus and public exponent. + * + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e } + */ + +SSLErr sslDecodeRsaBlob( + const SSLBuffer *blob, /* PKCS-1 encoded */ + SSLBuffer *modulus, /* data mallocd and RETURNED */ + SSLBuffer *exponent) /* data mallocd and RETURNED */ +{ + return SSLBadCert; +} + +/* + * Given a raw modulus and exponent, cook up a + * BER-encoded RSA public key blob. + */ +SSLErr sslEncodeRsaBlob( + const SSLBuffer *modulus, + const SSLBuffer *exponent, + SSLBuffer *blob) /* data mallocd and RETURNED */ +{ + return SSLMemoryErr; +} + diff --git a/SecureTransport/sslKeychain.c b/SecureTransport/sslKeychain.c index 2e35639e..256d78fd 100644 --- a/SecureTransport/sslKeychain.c +++ b/SecureTransport/sslKeychain.c @@ -21,7 +21,7 @@ Contains: Apple Keychain routines - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -36,52 +36,157 @@ #include "sslDebug.h" #include "sslKeychain.h" #include "sslutil.h" - -#if ST_KEYCHAIN_ENABLE -#include -#include -#endif /* ST_KEYCHAIN_ENABLE */ - #include +#include +#include +#include +/* these are to be replaced by Security/Security.h */ +#include +#include +#include +#include +#include +#include -#if ST_KEYCHAIN_ENABLE +#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS static OSStatus addCertData( SSLContext *ctx, KCItemRef kcItem, CSSM_DATA_PTR certData, Boolean *goodCert); /* RETURNED */ +#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */ + +#if (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) +#if ST_FAKE_KEYCHAIN /* - * Given a KCItemRef: is this item a cert? + * Routines which will be replaced by SecKeychainAPI. */ -static Boolean -isItemACert(KCItemRef kcItem) -{ - KCAttribute attr; - FourCharCode itemClass; - OSStatus ortn; - UInt32 len; + +/* + * Given a DLDB, find the first private key in the DB. It's the application's + * responsibility to ensure that there is only one private key. The returned + * PrintName attribute will be used to search for an associated cert using + * TBD. + * + * Caller must free returned key and PrintName. + */ +static OSStatus +findPrivateKeyInDb( + SSLContext *ctx, + CSSM_DL_DB_HANDLE dlDbHand, + CSSM_KEY_PTR *privKey, // mallocd and RETURNED + CSSM_DATA *printName) // referent mallocd and RETURNED +{ + CSSM_QUERY query; + CSSM_DB_UNIQUE_RECORD_PTR record = NULL; + CSSM_RETURN crtn; + CSSM_HANDLE resultHand; + CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; + CSSM_DB_ATTRIBUTE_DATA theAttr; + CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo = &theAttr.Info; + CSSM_DATA theData = {0, NULL}; + + /* search by record type, no predicates (though we do want the PrintName + * attr returned). */ + query.RecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; + query.Conjunctive = CSSM_DB_NONE; + query.NumSelectionPredicates = 0; + query.SelectionPredicate = NULL; + query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? + query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? + query.QueryFlags = CSSM_QUERY_RETURN_DATA; // FIXME - used? + + recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; + recordAttrs.SemanticInformation = 0; + recordAttrs.NumberOfAttributes = 1; + recordAttrs.AttributeData = &theAttr; - attr.tag = kClassKCItemAttr; - attr.length = sizeof(FourCharCode); - attr.data = &itemClass; + attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attrInfo->Label.AttributeName = "PrintName"; + attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - ortn = KCGetAttribute (kcItem, &attr, &len); - if (ortn == noErr) { - return((itemClass == kCertificateKCItemClass) ? true : false); + theAttr.NumberOfValues = 1; + theAttr.Value = NULL; + + crtn = CSSM_DL_DataGetFirst(dlDbHand, + &query, + &resultHand, + &recordAttrs, + &theData, + &record); + /* terminate query only on success */ + if(crtn == CSSM_OK) { + CSSM_DL_DataAbortQuery(dlDbHand, resultHand); + *privKey = (CSSM_KEY_PTR)theData.Data; + /* + * Both the struct and the referent are mallocd by DL. Give our + * caller the referent; free the struct. + */ + *printName = *theAttr.Value; + stAppFree(theAttr.Value, NULL); + return noErr; } else { - errorLog1("isItemACert: KCGetAttribute returned %d\n", ortn); - return false; + stPrintCdsaError("CSSM_DL_DataGetFirst", crtn); + errorLog0("findCertInDb: cert not found\n"); + return errSSLBadCert; } } -#endif /* ST_KEYCHAIN_ENABLE */ +static OSStatus +findCertInDb( + SSLContext *ctx, + CSSM_DL_DB_HANDLE dlDbHand, + const CSSM_DATA *printName, // obtained from findPrivateKeyInDb + CSSM_DATA *certData) // referent mallocd and RETURNED +{ + CSSM_QUERY query; + CSSM_SELECTION_PREDICATE predicate; + CSSM_DB_UNIQUE_RECORD_PTR record = NULL; + CSSM_RETURN crtn; + CSSM_HANDLE resultHand; + + predicate.DbOperator = CSSM_DB_EQUAL; + predicate.Attribute.Info.AttributeNameFormat = + CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + predicate.Attribute.Info.Label.AttributeName = "PrintName"; + predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; + /* hope this const_cast is OK */ + predicate.Attribute.Value = (CSSM_DATA_PTR)printName; + predicate.Attribute.NumberOfValues = 1; -#if (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) + query.RecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE; + query.Conjunctive = CSSM_DB_NONE; + query.NumSelectionPredicates = 1; + query.SelectionPredicate = &predicate; + query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? + query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? + query.QueryFlags = 0; // FIXME - used? + + crtn = CSSM_DL_DataGetFirst(dlDbHand, + &query, + &resultHand, + NULL, // no attrs returned + certData, + &record); + /* terminate query only on success */ + if(crtn == CSSM_OK) { + CSSM_DL_DataAbortQuery(dlDbHand, resultHand); + return noErr; + } + else { + stPrintCdsaError("CSSM_DL_DataGetFirst", crtn); + errorLog0("findCertInDb: cert not found\n"); + return errSSLBadCert; + } +} + + +#endif /* ST_FAKE_KEYCHAIN */ /* - * Given an array of certs (as KCItemRefs, specified by caller + * Given an array of certs (as SecIdentityRefs, specified by caller * in SSLSetCertificate or SSLSetEncryptionCertificate) and a * destination SSLCertificate: * @@ -90,6 +195,15 @@ isItemACert(KCItemRef kcItem) * -- validate cert chain * -- get pub, priv keys from certRef[0], store in *pubKey, *privKey */ + +#if ST_FAKE_KEYCHAIN +/* + * In this incarnation, the certs array actually holds one pointer to a + * CSSM_DL_DB_HANDLE. In that DL/DB is exactly one private key; that's + * our privKey. We use the KeyLabel of that key to look up a cert with + * the same label. We get the public key from the cert. Other certs and + * public keys in the DL/DB are ignored. + */ OSStatus parseIncomingCerts( SSLContext *ctx, @@ -97,28 +211,200 @@ parseIncomingCerts( SSLCertificate **destCert, /* &ctx->{localCert,encryptCert} */ CSSM_KEY_PTR *pubKey, /* &ctx->signingPubKey, etc. */ CSSM_KEY_PTR *privKey, /* &ctx->signingPrivKey, etc. */ - CSSM_CSP_HANDLE *cspHand, /* &ctx->signingKeyCsp, etc. */ - KCItemRef *privKeyRef) /* &ctx->signingKeyRef, etc. */ + CSSM_CSP_HANDLE *cspHand /* &ctx->signingKeyCsp, etc. */ + #if ST_KC_KEYS_NEED_REF + , + SecKeychainRef *privKeyRef) /* &ctx->signingKeyRef, etc. */ + #else + ) + #endif /* ST_KC_KEYS_NEED_REF */ { + CSSM_DL_DB_HANDLE_PTR dlDbHand = NULL; CFIndex numCerts; - CFIndex cert; + CSSM_KEY_PTR lookupPriv = NULL; + CSSM_DATA lookupLabel = {0, NULL}; + CSSM_DATA lookupCert = {0, NULL}; + OSStatus ortn; SSLCertificate *certChain = NULL; SSLCertificate *thisSslCert; - KCItemRef kcItem; - SSLBuffer *derSubjCert = NULL; - UInt32 certLen; - OSStatus ortn; SSLErr srtn; - FromItemGetPrivateKeyParams keyParams = {NULL, NULL}; - FromItemGetKeyInfoParams keyInfo = {NULL, NULL, 0}; - CSSM_CSP_HANDLE dummyCsp; + CSSM_CSP_HANDLE dummyCsp; + + assert(ctx != NULL); + assert(destCert != NULL); /* though its referent may be NULL */ + assert(pubKey != NULL); + assert(privKey != NULL); + assert(cspHand != NULL); + + sslDeleteCertificateChain(*destCert, ctx); + *destCert = NULL; + *pubKey = NULL; + *privKey = NULL; + *cspHand = 0; + + if(certs == NULL) { + dprintf0("parseIncomingCerts: NULL incoming cert (DLDB) array\n"); + return errSSLBadCert; + } + numCerts = CFArrayGetCount(certs); + if(numCerts != 1) { + dprintf0("parseIncomingCerts: empty incoming cert (DLDB) array\n"); + return errSSLBadCert; + } + dlDbHand = (CSSM_DL_DB_HANDLE_PTR)CFArrayGetValueAtIndex(certs, 0); + if(dlDbHand == NULL) { + errorLog0("parseIncomingCerts: bad cert (DLDB) array\n"); + return paramErr; + } + + /* get private key - app has to ensure there is only one (for now) */ + ortn = findPrivateKeyInDb(ctx, *dlDbHand, &lookupPriv, &lookupLabel); + if(ortn) { + errorLog0("parseIncomingCerts: no private key\n"); + return ortn; + } + assert(lookupPriv->KeyHeader.BlobType == CSSM_KEYBLOB_REFERENCE); + assert(lookupPriv->KeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY); + + /* get associated cert */ + ortn = findCertInDb(ctx, *dlDbHand, &lookupLabel, &lookupCert); + if(ortn) { + errorLog0("parseIncomingCerts: no cert\n"); + return ortn; + } + sslFree(lookupLabel.Data); + assert(lookupCert.Length > 100); // quickie check + + /* + * Cook up an SSLCertificate and its associated SSLBuffer. + */ + thisSslCert = sslMalloc(sizeof(SSLCertificate)); + if(thisSslCert == NULL) { + return memFullErr; + } + if(SSLAllocBuffer(&thisSslCert->derCert, lookupCert.Length, &ctx->sysCtx)) { + return memFullErr; + } + + /* copy cert data mallocd by DL */ + memmove(thisSslCert->derCert.data, lookupCert.Data, lookupCert.Length); + sslFree(lookupCert.Data); + + /* enqueue onto head of cert chain */ + thisSslCert->next = certChain; + certChain = thisSslCert; + + /* TBD - we might fetch other certs from CFArrayRef certs here and enqueue + * them on certChain */ + + /* now the public key of the first cert, from CL */ + srtn = sslPubKeyFromCert(ctx, + &certChain->derCert, + pubKey, + &dummyCsp); + if(srtn) { + errorLog1("sslPubKeyFromCert returned %d\n", srtn); + ortn = sslErrToOsStatus(srtn); + goto errOut; + } + assert((*pubKey)->KeyHeader.BlobType == CSSM_KEYBLOB_RAW); + assert((*pubKey)->KeyHeader.KeyClass == CSSM_KEYCLASS_PUBLIC_KEY); + + /* + * NOTE: as of 2/7/02, the size of the extracted public key will NOT + * always equal the size of the private key. Non-byte-aligned key sizes + * for RSA keys result in the extracted public key's size to be rounded + * UP to the next byte boundary. + */ + assert((*pubKey)->KeyHeader.LogicalKeySizeInBits == + ((lookupPriv->KeyHeader.LogicalKeySizeInBits + 7) & ~7)); + + /* SUCCESS */ + *destCert = certChain; + *privKey = lookupPriv; + + /* we get this at context create time */ + assert(ctx->cspDlHand != 0); + *cspHand = ctx->cspDlHand; + *privKeyRef = NULL; // not used + return noErr; + +errOut: + /* free certChain, everything in it, other vars, return ortn */ + sslDeleteCertificateChain(certChain, ctx); + if(lookupPriv != NULL) { + sslFreeKey(ctx->cspDlHand, &lookupPriv, NULL); + } + return ortn; +} + +#else /* !ST_FAKE_KEYCHAIN */ + +/* Convert a SecCertificateRef to an SSLCertificate * */ +static OSStatus secCertToSslCert( + SSLContext *ctx, + SecCertificateRef certRef, + SSLCertificate **sslCert) +{ + CSSM_DATA certData; // struct is transient, referent owned by + // Sec layer + OSStatus ortn; + SSLCertificate *thisSslCert = NULL; + + ortn = SecCertificateGetData(certRef, &certData); + if(ortn) { + errorLog1("SecCertificateGetData() returned %d\n", (int)ortn); + return ortn; + } + + thisSslCert = sslMalloc(sizeof(SSLCertificate)); + if(thisSslCert == NULL) { + return memFullErr; + } + if(SSLAllocBuffer(&thisSslCert->derCert, certData.Length, + &ctx->sysCtx)) { + return memFullErr; + } + memcpy(thisSslCert->derCert.data, certData.Data, certData.Length); + thisSslCert->derCert.length = certData.Length; + *sslCert = thisSslCert; + return noErr; +} + +OSStatus +parseIncomingCerts( + SSLContext *ctx, + CFArrayRef certs, + SSLCertificate **destCert, /* &ctx->{localCert,encryptCert} */ + CSSM_KEY_PTR *pubKey, /* &ctx->signingPubKey, etc. */ + CSSM_KEY_PTR *privKey, /* &ctx->signingPrivKey, etc. */ + CSSM_CSP_HANDLE *cspHand /* &ctx->signingKeyCsp, etc. */ + #if ST_KC_KEYS_NEED_REF + , + SecKeychainRef *privKeyRef) /* &ctx->signingKeyRef, etc. */ + #else + ) + #endif /* ST_KC_KEYS_NEED_REF */ +{ + CFIndex numCerts; + CFIndex cert; + SSLCertificate *certChain = NULL; + SSLCertificate *thisSslCert; + SecKeychainRef kcRef; + OSStatus ortn; + SSLErr srtn; + SecIdentityRef identity; + SecCertificateRef certRef; + SecKeyRef keyRef; + CSSM_DATA certData; + CSSM_CL_HANDLE clHand; // carefully derive from a SecCertificateRef + CSSM_RETURN crtn; CASSERT(ctx != NULL); CASSERT(destCert != NULL); /* though its referent may be NULL */ CASSERT(pubKey != NULL); CASSERT(privKey != NULL); CASSERT(cspHand != NULL); - CASSERT(privKeyRef != NULL); sslDeleteCertificateChain(*destCert, ctx); *destCert = NULL; @@ -137,57 +423,116 @@ parseIncomingCerts( } /* - * Convert: CFArray of KCItemRefs --> chain of SSLCertificates. + * Certs[0] is an SecIdentityRef from which we extract subject cert, + * privKey, pubKey, and cspHand. + * + * 1. ensure the first element is a SecIdentityRef. + */ + identity = (SecIdentityRef)CFArrayGetValueAtIndex(certs, 0); + if(identity == NULL) { + errorLog0("parseIncomingCerts: bad cert array (1)\n"); + return paramErr; + } + if(CFGetTypeID(identity) != SecIdentityGetTypeID()) { + errorLog0("parseIncomingCerts: bad cert array (2)\n"); + return paramErr; + } + + /* + * 2. Extract cert, keys, CSP handle and convert to local format. + */ + ortn = SecIdentityCopyCertificate(identity, &certRef); + if(ortn) { + errorLog0("parseIncomingCerts: bad cert array (3)\n"); + return ortn; + } + ortn = secCertToSslCert(ctx, certRef, &thisSslCert); + if(ortn) { + errorLog0("parseIncomingCerts: bad cert array (4)\n"); + return ortn; + } + /* enqueue onto head of cert chain */ + thisSslCert->next = certChain; + certChain = thisSslCert; + + /* fetch private key from identity */ + ortn = SecIdentityCopyPrivateKey(identity, &keyRef); + if(ortn) { + errorLog1("parseIncomingCerts: SecIdentityCopyPrivateKey err %d\n", + (int)ortn); + return ortn; + } + ortn = SecKeyGetCSSMKey(keyRef, (const CSSM_KEY **)privKey); + if(ortn) { + errorLog1("parseIncomingCerts: SecKeyGetCSSMKey err %d\n", + (int)ortn); + return ortn; + } + /* FIXME = release keyRef? */ + + /* obtain public key from cert */ + ortn = SecCertificateGetCLHandle(certRef, &clHand); + if(ortn) { + errorLog1("parseIncomingCerts: SecCertificateGetCLHandle err %d\n", + (int)ortn); + return ortn; + } + certData.Data = thisSslCert->derCert.data; + certData.Length = thisSslCert->derCert.length; + crtn = CSSM_CL_CertGetKeyInfo(clHand, &certData, pubKey); + if(crtn) { + errorLog0("parseIncomingCerts: CSSM_CL_CertGetKeyInfo err\n"); + return (OSStatus)crtn; + } + + #if ST_FAKE_GET_CSPDL_HANDLE + /* we get this at context create time until SecKeychainGetCSPHandle + * is working */ + assert(ctx->cspDlHand != 0); + *cspHand = ctx->cspDlHand; + #else /* ST_FAKE_GET_CSPDL_HANDLE */ + /* obtain keychain from key, CSP handle from keychain */ + ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef); + if(ortn) { + errorLog1("parseIncomingCerts: SecKeychainItemCopyKeychain err %d\n", + (int)ortn); + return ortn; + } + ortn = SecKeychainGetCSPHandle(kcRef, cspHand); + if(ortn) { + errorLog1("parseIncomingCerts: SecKeychainGetCSPHandle err %d\n", + (int)ortn); + return ortn; + } + #endif /* ST_FAKE_GET_CSPDL_HANDLE */ + + /* OK, that's the subject cert. Fetch optional remaining certs. */ + /* + * Convert: CFArray of SecCertificateRefs --> chain of SSLCertificates. * Incoming certs have root last; SSLCertificate chain has root * first. */ - for(cert=0; certderCert, certLen, &ctx->sysCtx)) { - return memFullErr; - } - - /* now the data itself */ - ortn = KCGetData (kcItem, - certLen, - thisSslCert->derCert.data, - &certLen); + /* Extract cert, convert to local format. + */ + ortn = secCertToSslCert(ctx, certRef, &thisSslCert); if(ortn) { - errorLog1("parseIncomingCerts: KCGetData(2) returned %d\n", ortn); - SSLFreeBuffer(&thisSslCert->derCert, &ctx->sysCtx); + errorLog0("parseIncomingCerts: bad cert array (7)\n"); return ortn; } - /* enqueue onto head of cert chain */ thisSslCert->next = certChain; certChain = thisSslCert; - - if(derSubjCert == NULL) { - /* Save this ptr for obtaining public key */ - derSubjCert = &thisSslCert->derCert; - } } /* validate the whole mess */ @@ -196,39 +541,7 @@ parseIncomingCerts( ortn = sslErrToOsStatus(srtn); goto errOut; } - - /* - * Get privKey, pubKey, KCItem of certs[0]. - * First, the private key, from the Keychain, using crufy private API. - */ - keyParams.item = (KCItemRef)CFArrayGetValueAtIndex(certs, 0); - ortn = KCDispatch(kKCFromItemGetPrivateKey, &keyParams); - if(ortn) { - errorLog1("KCDispatch(kKCFromItemGetPrivateKey) returned %d\n", ortn); - goto errOut; - } - keyInfo.item = keyParams.privateKeyItem; - ortn = KCDispatch(kKCFromItemGetKeyInfo, &keyInfo); - if(ortn) { - errorLog1("KCDispatch(kKCFromItemGetKeyInfo) returned %d\n", ortn); - goto errOut; - } - *privKey = (CSSM_KEY_PTR)keyInfo.keyPtr; - *cspHand = keyInfo.cspHandle; - *privKeyRef = keyParams.privateKeyItem; - - /* now the public key, from CL */ - /* FIXME - what if this CSP differs from the one we got from KC??? */ - srtn = sslPubKeyFromCert(ctx, - derSubjCert, - pubKey, - &dummyCsp); - if(srtn) { - errorLog1("sslPubKeyFromCert returned %d\n", srtn); - ortn = sslErrToOsStatus(srtn); - goto errOut; - } - + /* SUCCESS */ *destCert = certChain; return noErr; @@ -236,14 +549,10 @@ parseIncomingCerts( errOut: /* free certChain, everything in it, other vars, return ortn */ sslDeleteCertificateChain(certChain, ctx); - if(keyInfo.keyPtr != NULL) { - sslFreeKey(keyInfo.cspHandle, &keyInfo.keyPtr, NULL); - } - if(keyParams.privateKeyItem != NULL) { - KCReleaseItem(&keyParams.privateKeyItem); - } + /* FIXME - anything else? */ return ortn; } +#endif /* ST_FAKE_KEYCHAIN */ #endif /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */ /* @@ -251,7 +560,7 @@ errOut: */ OSStatus addBuiltInCerts (SSLContextRef ctx) { - #if ST_KEYCHAIN_ENABLE + #if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS OSStatus ortn; KCRef kc = nil; @@ -265,10 +574,10 @@ OSStatus addBuiltInCerts (SSLContextRef ctx) #else /* nothing for now */ return noErr; - #endif /* ST_KEYCHAIN_ENABLE */ + #endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */ } -#if ST_KEYCHAIN_ENABLE +#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS /* * Given an open Keychain: @@ -393,7 +702,7 @@ errOut: } /* - * Given a cert as a KCItemRef: + * Given a (supposedly) root cert as a KCItemRef: * -- verify that the cert self-verifies * -- add its DER-encoded data *certData. * -- Add its subjectName to acceptableDNList. @@ -559,5 +868,5 @@ sslAddNewRoot( return SSLNoErr; } -#endif /* ST_KEYCHAIN_ENABLE */ +#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */ diff --git a/SecureTransport/sslalert.c b/SecureTransport/sslalert.c index 27d4e6c6..ba555186 100644 --- a/SecureTransport/sslalert.c +++ b/SecureTransport/sslalert.c @@ -63,6 +63,8 @@ #include "sslDebug.h" #endif +#include + SSLErr SSLProcessAlert(SSLRecord rec, SSLContext *ctx) { SSLErr err = SSLNoErr; @@ -91,7 +93,7 @@ SSLProcessAlert(SSLRecord rec, SSLContext *ctx) */ if (level == alert_fatal) { - SSLDeleteSessionID(ctx); + SSLDeleteSessionData(ctx); dprintf1("***Fatal alert %d received", desc); return SSLFatalAlert; } @@ -105,7 +107,7 @@ SSLProcessAlert(SSLRecord rec, SSLContext *ctx) /* These must always be fatal; if we got here, the level is warning; * die anyway */ - SSLDeleteSessionID(ctx); + SSLDeleteSessionData(ctx); err = SSLFatalAlert; break; case alert_close_notify: @@ -138,13 +140,12 @@ SSLSendAlert(AlertLevel level, AlertDescription desc, SSLContext *ctx) { SSLRecord rec; SSLErr err; - CASSERT((ctx->negProtocolVersion == SSL_Version_3_0) || - (ctx->negProtocolVersion == SSL_Version_Undetermined) || - (ctx->negProtocolVersion == SSL_Version_3_0_Only)); + CASSERT((ctx->negProtocolVersion != SSL_Version_2_0)); if ((err = SSLEncodeAlert(&rec, level, desc, ctx)) != 0) return err; - if ((err = SSLWriteRecord(rec, ctx)) != 0) + assert(ctx->sslTslCalls != NULL); + if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0) return err; if ((err = SSLFreeBuffer(&rec.contents, &ctx->sysCtx)) != 0) return err; @@ -157,7 +158,14 @@ SSLEncodeAlert(SSLRecord *rec, AlertLevel level, AlertDescription desc, SSLConte { SSLErr err; rec->contentType = SSL_alert; - rec->protocolVersion = SSL_Version_3_0; + CASSERT((ctx->negProtocolVersion != SSL_Version_2_0)); + if(ctx->negProtocolVersion == SSL_Version_Undetermined) { + /* error while negotiating */ + rec->protocolVersion = ctx->maxProtocolVersion; + } + else { + rec->protocolVersion = ctx->negProtocolVersion; + } rec->contents.length = 2; if ((err = SSLAllocBuffer(&rec->contents, 2, &ctx->sysCtx)) != 0) return err; @@ -179,7 +187,7 @@ SSLFatalSessionAlert(AlertDescription desc, SSLContext *ctx) /* Make session unresumable; I'm not stopping if I get an error, because I'd like to attempt to send the alert anyway */ - err1 = SSLDeleteSessionID(ctx); + err1 = SSLDeleteSessionData(ctx); /* Second, send the alert */ err2 = SSLSendAlert(alert_fatal, desc, ctx); diff --git a/SecureTransport/sslalloc.c b/SecureTransport/sslalloc.c index 46870116..4d112206 100644 --- a/SecureTransport/sslalloc.c +++ b/SecureTransport/sslalloc.c @@ -21,7 +21,7 @@ Contains: memory allocator implementation - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -54,56 +54,8 @@ #include "sslctx.h" #include "sslDebug.h" -#ifdef _APPLE_CDSA_ - #include -#pragma mark *** CF Allocators *** - -/* copied from CSSMCFUtilities in the AppleCSP:CSPLib project.... */ - -static void* cfAllocate(CFIndex size, CFOptionFlags hint, void *info) -{ - return sslMalloc((Size)size); -} - -static void* cfReallocate(void *ptr, CFIndex newsize, CFOptionFlags hint, void *info) -{ - return sslRealloc(ptr, (Size)newsize, (Size)newsize); -} - -static void cfDeallocate(void *ptr, void *info) -{ - sslFree(ptr); -} - -/* - * Set up/tear down CF allocators. - */ -OSStatus cfSetUpAllocators(SSLContext *ctx) -{ - /* Initialize gCFAllocatorContext with the system default - allocator context. */ - CFAllocatorGetContext(kCFAllocatorSystemDefault, &ctx->lCFAllocatorContext); - - ctx->lCFAllocatorContext.allocate = cfAllocate; - ctx->lCFAllocatorContext.reallocate = cfReallocate; - ctx->lCFAllocatorContext.deallocate = cfDeallocate; - - ctx->cfAllocatorRef = CFAllocatorCreate(kCFAllocatorUseContext, - &ctx->lCFAllocatorContext); - if (!ctx->cfAllocatorRef) - return memFullErr; - - return noErr; -} - -void cfTearDownAllocators(SSLContext *ctx) -{ - if (ctx->cfAllocatorRef != NULL) - CFRelease(ctx->cfAllocatorRef); -} - #pragma mark *** Basic low-level malloc/free *** /* @@ -132,12 +84,12 @@ sslRealloc(void *oldPtr, UInt32 oldLen, UInt32 newLen) return realloc(oldPtr, newLen); } -#endif - #pragma mark *** SSLBuffer-level alloc/free *** -SSLErr -SSLAllocBuffer(SSLBuffer *buf, UInt32 length, const SystemContext *ctx) +SSLErr SSLAllocBuffer( + SSLBuffer *buf, + UInt32 length, + const SystemContext *ctx) { buf->data = sslMalloc(length); if(buf->data == NULL) { @@ -188,3 +140,35 @@ UInt8 *sslAllocCopy( memmove(dst, src, len); return dst; } + +SSLErr SSLAllocCopyBuffer( + const SSLBuffer *src, + SSLBuffer **dst) // buffer and data mallocd and returned +{ + SSLErr serr; + + SSLBuffer *rtn = sslMalloc(sizeof(SSLBuffer)); + if(rtn == NULL) { + return SSLMemoryErr; + } + serr = SSLCopyBuffer(src, rtn); + if(serr) { + sslFree(rtn); + } + else { + *dst = rtn; + } + return serr; +} + +SSLErr SSLCopyBuffer( + const SSLBuffer *src, + SSLBuffer *dst) // data mallocd and returned +{ + dst->data = sslAllocCopy(src->data, src->length); + if(dst->data == NULL) { + return SSLMemoryErr; + } + dst->length = src->length; + return SSLNoErr; +} diff --git a/SecureTransport/sslctx.c b/SecureTransport/sslctx.c index 1707af31..c2fb8e8d 100644 --- a/SecureTransport/sslctx.c +++ b/SecureTransport/sslctx.c @@ -21,7 +21,7 @@ Contains: SSLContext accessors - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -62,8 +62,9 @@ #include "sslKeychain.h" #include "sslutil.h" #include "cipherSpecs.h" - +#include "appleSession.h" #include +#include static void sslFreeDnList( SSLContext *ctx) @@ -107,6 +108,11 @@ static SSLErr sslFreeTrustedRoots( return SSLNoErr; } +/* + * Default attempted version. + */ +#define DEFAULT_MAX_VERSION TLS_Version_1_0 + OSStatus SSLNewContext (Boolean isServer, SSLContextRef *contextPtr) /* RETURNED */ @@ -131,37 +137,37 @@ SSLNewContext (Boolean isServer, /* different defaults for client and server ... */ if(isServer) { ctx->protocolSide = SSL_ServerSide; - ctx->reqProtocolVersion = SSL_Version_3_0; + ctx->reqProtocolVersion = DEFAULT_MAX_VERSION; } else { ctx->protocolSide = SSL_ClientSide; ctx->reqProtocolVersion = SSL_Version_Undetermined; } ctx->negProtocolVersion = SSL_Version_Undetermined; + ctx->maxProtocolVersion = DEFAULT_MAX_VERSION; + /* Default value so we can send and receive hello msgs */ + ctx->sslTslCalls = &Ssl3Callouts; /* Initialize the cipher state to NULL_WITH_NULL_NULL */ - ctx->selectedCipherSpec = &SSL_NULL_WITH_NULL_NULL_CipherSpec; - ctx->selectedCipher = ctx->selectedCipherSpec->cipherSpec; - ctx->writeCipher.hash = ctx->selectedCipherSpec->macAlgorithm; - ctx->readCipher.hash = ctx->selectedCipherSpec->macAlgorithm; - ctx->readCipher.symCipher = ctx->selectedCipherSpec->cipher; + ctx->selectedCipherSpec = &SSL_NULL_WITH_NULL_NULL_CipherSpec; + ctx->selectedCipher = ctx->selectedCipherSpec->cipherSpec; + ctx->writeCipher.macRef = ctx->selectedCipherSpec->macAlgorithm; + ctx->readCipher.macRef = ctx->selectedCipherSpec->macAlgorithm; + ctx->readCipher.symCipher = ctx->selectedCipherSpec->cipher; ctx->writeCipher.symCipher = ctx->selectedCipherSpec->cipher; - #if _APPLE_CDSA_ /* these two are invariant */ ctx->writeCipher.encrypting = 1; ctx->writePending.encrypting = 1; - #endif /* _APPLE_CDSA_ */ /* this gets init'd on first call to SSLHandshake() */ ctx->validCipherSpecs = NULL; ctx->numValidCipherSpecs = 0; + ctx->peerDomainName = NULL; + ctx->peerDomainNameLen = 0; + SSLInitMACPads(); - if(cfSetUpAllocators(ctx)) { - oerr = memFullErr; - goto errOut; - } /* attach to CSP, CL, TP */ serr = attachToAll(ctx); @@ -214,8 +220,8 @@ SSLDisposeContext (SSLContext *ctx) SSLFreeBuffer(&ctx->dhExchangePublic, &ctx->sysCtx); SSLFreeBuffer(&ctx->dhPrivate, &ctx->sysCtx); - SSLFreeBuffer(&ctx->shaState, &ctx->sysCtx); - SSLFreeBuffer(&ctx->md5State, &ctx->sysCtx); + CloseHash(&SSLHashSHA1, &ctx->shaState, ctx); + CloseHash(&SSLHashMD5, &ctx->md5State, ctx); SSLFreeBuffer(&ctx->sessionID, &ctx->sysCtx); SSLFreeBuffer(&ctx->peerID, &ctx->sysCtx); @@ -225,6 +231,11 @@ SSLDisposeContext (SSLContext *ctx) SSLFreeBuffer(&ctx->fragmentedMessageCache, &ctx->sysCtx); SSLFreeBuffer(&ctx->receivedDataBuffer, &ctx->sysCtx); + if(ctx->peerDomainName) { + sslFree(ctx->peerDomainName); + ctx->peerDomainName = NULL; + ctx->peerDomainNameLen = 0; + } SSLDisposeCipherSuite(&ctx->readCipher, ctx); SSLDisposeCipherSuite(&ctx->writeCipher, ctx); SSLDisposeCipherSuite(&ctx->readPending, ctx); @@ -235,13 +246,27 @@ SSLDisposeContext (SSLContext *ctx) ctx->numValidCipherSpecs = 0; /* free APPLE_CDSA stuff */ - #if ST_KEYCHAIN_ENABLE + #if 0 + /* As of 5/3/02, we don't need to free these keys; they belong + * to SecKeychain */ + #if ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF sslFreeKey(ctx->signingKeyCsp, &ctx->signingPrivKey, &ctx->signingKeyRef); sslFreeKey(ctx->encryptKeyCsp, &ctx->encryptPrivKey, &ctx->encryptKeyRef); #else - sslFreeKey(ctx->signingKeyCsp, &ctx->signingPrivKey, NULL); - sslFreeKey(ctx->encryptKeyCsp, &ctx->encryptPrivKey, NULL); - #endif /* ST_KEYCHAIN_ENABLE */ + sslFreeKey(ctx->signingKeyCsp, (CSSM_KEY_PTR *)&ctx->signingPrivKey, NULL); + sslFreeKey(ctx->encryptKeyCsp, (CSSM_KEY_PTR *)&ctx->encryptPrivKey, NULL); + #endif /* ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF */ + #endif /* 0 */ + + /* + * NOTE: currently, all public keys come from the CL via CSSM_CL_CertGetKeyInfo. + * We really don't know what CSP the CL used to generate a public key (in fact, + * it uses the raw CSP only to get LogicalKeySizeInBits, but we can't know + * that). Thus using e.g. signingKeyCsp (or any other CSP) to free + * signingPubKey is not tecnically accurate. However, our public keys + * are all raw keys, and all Apple CSPs dispose of raw keys in the same + * way. + */ sslFreeKey(ctx->signingKeyCsp, &ctx->signingPubKey, NULL); sslFreeKey(ctx->encryptKeyCsp, &ctx->encryptPubKey, NULL); sslFreeKey(ctx->peerPubKeyCsp, &ctx->peerPubKey, NULL); @@ -256,10 +281,10 @@ SSLDisposeContext (SSLContext *ctx) detachFromAll(ctx); - cfTearDownAllocators(ctx); memset(ctx, 0, sizeof(SSLContext)); sslFree(ctx); - return noErr; + sslCleanupSession(); + return noErr; } /* @@ -335,11 +360,70 @@ SSLSetConnection (SSLContextRef ctx, return noErr; } +OSStatus +SSLSetPeerDomainName (SSLContextRef ctx, + const char *peerName, + size_t peerNameLen) +{ + if(ctx == NULL) { + return paramErr; + } + if(sslIsSessionActive(ctx)) { + /* can't do this with an active session */ + return badReqErr; + } + + /* free possible existing name */ + if(ctx->peerDomainName) { + sslFree(ctx->peerDomainName); + } + + /* copy in */ + ctx->peerDomainName = sslMalloc(peerNameLen); + if(ctx->peerDomainName == NULL) { + return memFullErr; + } + memmove(ctx->peerDomainName, peerName, peerNameLen); + ctx->peerDomainNameLen = peerNameLen; + return noErr; +} + +/* + * Determine the buffer size needed for SSLGetPeerDomainName(). + */ +OSStatus +SSLGetPeerDomainNameLength (SSLContextRef ctx, + size_t *peerNameLen) // RETURNED +{ + if(ctx == NULL) { + return paramErr; + } + *peerNameLen = ctx->peerDomainNameLen; + return noErr; +} + +OSStatus +SSLGetPeerDomainName (SSLContextRef ctx, + char *peerName, // returned here + size_t *peerNameLen) // IN/OUT +{ + if(ctx == NULL) { + return paramErr; + } + if(*peerNameLen < ctx->peerDomainNameLen) { + return errSSLBufferOverflow; + } + memmove(peerName, ctx->peerDomainName, ctx->peerDomainNameLen); + *peerNameLen = ctx->peerDomainNameLen; + return noErr; +} + OSStatus SSLSetProtocolVersion (SSLContextRef ctx, SSLProtocol version) { SSLProtocolVersion versInt; + SSLProtocolVersion versMax; if(ctx == NULL) { return paramErr; @@ -353,21 +437,34 @@ SSLSetProtocolVersion (SSLContextRef ctx, switch(version) { case kSSLProtocolUnknown: versInt = SSL_Version_Undetermined; + versMax = DEFAULT_MAX_VERSION; break; case kSSLProtocol2: - versInt = SSL_Version_2_0; + versInt = versMax = SSL_Version_2_0; break; case kSSLProtocol3: /* this tells us to do our best but allows 2.0 */ versInt = SSL_Version_Undetermined; + versMax = SSL_Version_3_0; break; case kSSLProtocol3Only: versInt = SSL_Version_3_0_Only; + versMax = SSL_Version_3_0; + break; + case kTLSProtocol1: + /* this tells us to do our best but allows 2.0 */ + versInt = SSL_Version_Undetermined; + versMax = TLS_Version_1_0; + break; + case kTLSProtocol1Only: + versInt = TLS_Version_1_0_Only; + versMax = TLS_Version_1_0; break; default: return paramErr; } ctx->reqProtocolVersion = ctx->negProtocolVersion = versInt; + ctx->maxProtocolVersion = versMax; return noErr; } @@ -382,8 +479,14 @@ static SSLProtocol convertProtToExtern(SSLProtocolVersion prot) return kSSLProtocol2; case SSL_Version_3_0: return kSSLProtocol3; + case TLS_Version_1_0_Only: + return kTLSProtocol1Only; + case TLS_Version_1_0: + return kTLSProtocol1; + /* this can happen in an intermediate state while negotiation + * is in progress...right? */ case SSL_Version_3_0_With_2_0_Hello: - sslPanic("How did we get SSL_Version_3_0_With_2_0_Hello?"); + return kSSLProtocolUnknown; default: sslPanic("convertProtToExtern: bad prot"); } @@ -414,7 +517,7 @@ SSLGetNegotiatedProtocolVersion (SSLContextRef ctx, } OSStatus -SSLSetAllowExpiredCerts (SSLContextRef ctx, +SSLSetAllowsExpiredCerts(SSLContextRef ctx, Boolean allowExpired) { if(ctx == NULL) { @@ -429,7 +532,7 @@ SSLSetAllowExpiredCerts (SSLContextRef ctx, } OSStatus -SSLGetAllowExpiredCerts (SSLContextRef ctx, +SSLGetAllowsExpiredCerts (SSLContextRef ctx, Boolean *allowExpired) { if(ctx == NULL) { @@ -439,7 +542,7 @@ SSLGetAllowExpiredCerts (SSLContextRef ctx, return noErr; } -OSStatus SSLSetAllowAnyRoot( +OSStatus SSLSetAllowsAnyRoot( SSLContextRef ctx, Boolean anyRoot) { @@ -451,7 +554,7 @@ OSStatus SSLSetAllowAnyRoot( } OSStatus -SSLGetAllowAnyRoot( +SSLGetAllowsAnyRoot( SSLContextRef ctx, Boolean *anyRoot) { @@ -514,8 +617,13 @@ SSLSetCertificate (SSLContextRef ctx, &ctx->localCert, &ctx->signingPubKey, &ctx->signingPrivKey, - &ctx->signingKeyCsp, - &ctx->signingKeyRef); + &ctx->signingKeyCsp + #if ST_KC_KEYS_NEED_REF + , + &ctx->signingKeyRef + #else + ); + #endif } #endif /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */ @@ -542,12 +650,17 @@ SSLSetEncryptionCertificate (SSLContextRef ctx, &ctx->encryptCert, &ctx->encryptPubKey, &ctx->encryptPrivKey, - &ctx->encryptKeyCsp, + &ctx->encryptKeyCsp + #if ST_KC_KEYS_NEED_REF + , &ctx->encryptKeyRef); + #else + ); + #endif } #endif /* ST_SERVER_MODE_ENABLE*/ -#if ST_KEYCHAIN_ENABLE +#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS /* * Add (optional, additional) trusted root certs. @@ -597,19 +710,19 @@ SSLSetNewRootKC (SSLContextRef ctx, ctx->accessCreds = accessCreds; return noErr; } -#endif /* ST_KEYCHAIN_ENABLE */ +#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */ OSStatus SSLSetPeerID (SSLContext *ctx, - CFDataRef peerID) + const void *peerID, + size_t peerIDLen) { SSLErr serr; - uint32 len; /* copy peerId to context->peerId */ if((ctx == NULL) || (peerID == NULL) || - ((len = CFDataGetLength(peerID)) == 0)) { + (peerIDLen == 0)) { return paramErr; } if(sslIsSessionActive(ctx)) { @@ -617,12 +730,21 @@ SSLSetPeerID (SSLContext *ctx, return badReqErr; } SSLFreeBuffer(&ctx->peerID, &ctx->sysCtx); - serr = SSLAllocBuffer(&ctx->peerID, len, &ctx->sysCtx); + serr = SSLAllocBuffer(&ctx->peerID, peerIDLen, &ctx->sysCtx); if(serr) { return sslErrToOsStatus(serr); } - memmove(ctx->peerID.data, CFDataGetBytePtr(peerID), len); - ctx->peerID.length = len; + memmove(ctx->peerID.data, peerID, peerIDLen); + return noErr; +} + +OSStatus +SSLGetPeerID (SSLContextRef ctx, + const void **peerID, + size_t *peerIDLen) +{ + *peerID = ctx->peerID.data; // may be NULL + *peerIDLen = ctx->peerID.length; return noErr; } @@ -647,7 +769,7 @@ SSLGetNegotiatedCipher (SSLContextRef ctx, * it's used and sent to a client in SSLEncodeCertificateRequest(); * but the list is never used to decide what certs to send! * - * Also FIXME - this allocation of dnBufs is total horseshit. The + * Also FIXME - this allocation of dnBufs is preposterous. The * SSLBufs can never get freed. Why not just allocate the * raw DNListElems? Sheesh. */ @@ -684,7 +806,9 @@ SSLGetPeerCertificates (SSLContextRef ctx, uint32 numCerts; CFMutableArrayRef ca; CFIndex i; - CFDataRef cfd; + SecCertificateRef cfd; + OSStatus ortn; + CSSM_DATA certData; SSLCertificate *scert; if(ctx == NULL) { @@ -700,28 +824,30 @@ SSLGetPeerCertificates (SSLContextRef ctx, if(numCerts == 0) { return noErr; } - ca = CFArrayCreateMutable(ctx->cfAllocatorRef, + ca = CFArrayCreateMutable(kCFAllocatorDefault, (CFIndex)numCerts, &kCFTypeArrayCallBacks); if(ca == NULL) { return memFullErr; } /* - * We'll give the certs in the same order we store them - - * caller gets root first. OK? + * Caller gets leaf cert first, the opposite of the way we store them. */ scert = ctx->peerCert; for(i=0; icfAllocatorRef, - scert->derCert.data, - scert->derCert.length); - if(cfd == NULL) { + SSLBUF_TO_CSSM(&scert->derCert, &certData); + ortn = SecCertificateCreateFromData(&certData, + CSSM_CERT_X_509v3, + CSSM_CERT_ENCODING_DER, + &cfd); + if(ortn) { CFRelease(ca); - return memFullErr; + return ortn; } - CFArrayAppendValue(ca, cfd); + /* insert at head of array */ + CFArrayInsertValueAtIndex(ca, 0, cfd); scert = scert->next; } *certs = ca; diff --git a/SecureTransport/sslhdshk.c b/SecureTransport/sslhdshk.c index a43a2e09..0328d4ac 100644 --- a/SecureTransport/sslhdshk.c +++ b/SecureTransport/sslhdshk.c @@ -21,7 +21,7 @@ Contains: SSL 3.0 handshake state machine. - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -86,7 +86,9 @@ #include "appleCdsa.h" #endif +#include "digests.h" #include +#include #define REQUEST_CERT_CORRECT 0 @@ -210,7 +212,6 @@ SSLProcessHandshakeMessage(SSLHandshakeMsg message, SSLContext *ctx) ERR(err = SSLProcessCertificateRequest(message.contents, ctx)); break; case SSL_server_key_exchange: - #if _APPLE_CDSA_ /* * Since this message is optional, and completely at the * server's discretion, we need to be able to handle this @@ -223,10 +224,6 @@ SSLProcessHandshakeMessage(SSLHandshakeMsg message, SSLContext *ctx) default: goto wrongMessage; } - #else - if (ctx->state != HandshakeKeyExchange) - goto wrongMessage; - #endif /* _APPLE_CDSA_ */ ERR(err = SSLProcessServerKeyExchange(message.contents, ctx)); break; case SSL_server_hello_done: @@ -284,13 +281,15 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) CASSERT(ctx->protocolSide == SSL_ServerSide); if (ctx->sessionID.data != 0) /* If session ID != 0, client is trying to resume */ { if (ctx->resumableSession.data != 0) - { if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) + { if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) return err; if (sessionIdentifier.length == ctx->sessionID.length && memcmp(sessionIdentifier.data, ctx->sessionID.data, ctx->sessionID.length) == 0) { /* Everything matches; resume the session */ //DEBUGMSG("Using resumed SSL3 Session"); - if (ERR(err = SSLInstallSessionID(ctx->resumableSession, ctx)) != 0) + SSLLogResumSess("===RESUMING SSL3 server-side session\n"); + if (ERR(err = SSLInstallSessionFromData(ctx->resumableSession, + ctx)) != 0) { ERR(SSLFatalSessionAlert(alert_close_notify, ctx)); return err; } @@ -318,8 +317,12 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) SSLChangeHdskState(ctx, HandshakeChangeCipherSpec); break; } + else { + SSLLogResumSess( + "===FAILED TO RESUME SSL3 server-side session\n"); + } if (ERR(err = SSLFreeBuffer(&sessionIdentifier, &ctx->sysCtx)) != 0 || - ERR(err = SSLDeleteSessionID(ctx)) != 0) + ERR(err = SSLDeleteSessionData(ctx)) != 0) { ERR(SSLFatalSessionAlert(alert_close_notify, ctx)); return err; } @@ -337,11 +340,7 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) ERR(err = SSLAllocBuffer(&ctx->sessionID, SSL_SESSION_ID_LEN, &ctx->sysCtx)); if (err == 0) { - #ifdef _APPLE_CDSA_ if((err = sslRand(ctx, &ctx->sessionID)) != 0) - #else - if (ERR(err = ctx->sysCtx.random(ctx->sessionID, ctx->sysCtx.randomRef)) != 0) - #endif { ERR(SSLFatalSessionAlert(alert_close_notify, ctx)); return err; } @@ -372,45 +371,39 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) return err; break; } - #ifdef _APPLE_CDSA_ - /* - * At this point we decide whether to send a server key exchange - * method. For Apple servers, I think we'll ALWAYS do this, because - * of key usage restrictions (can't decrypt and sign with the same - * private key), but conceptually in this code, we do it if - * enabled by the presence of encryptPrivKey. - */ - #if SSL_SERVER_KEYEXCH_HACK - /* - * This is currently how we work with Netscape. It requires - * a CSP which can handle private keys which can both - * sign and decrypt. - */ - if((ctx->selectedCipherSpec->keyExchangeMethod != SSL_RSA) && - (ctx->encryptPrivKey != NULL)) { - err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx); - if(err) { - return err; - } - } - #else /* !SSL_SERVER_KEYEXCH_HACK */ - /* - * This is, I believe the "right" way, but Netscape doesn't - * work this way. - */ - if (ctx->encryptPrivKey != NULL) { - err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx); - if(err) { - return err; - } + /* + * At this point we decide whether to send a server key exchange + * method. For Apple servers, I think we'll ALWAYS do this, because + * of key usage restrictions (can't decrypt and sign with the same + * private key), but conceptually in this code, we do it if + * enabled by the presence of encryptPrivKey. + */ + #if SSL_SERVER_KEYEXCH_HACK + /* + * This is currently how we work with Netscape. It requires + * a CSP which can handle private keys which can both + * sign and decrypt. + */ + if((ctx->selectedCipherSpec->keyExchangeMethod != SSL_RSA) && + (ctx->encryptPrivKey != NULL)) { + err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx); + if(err) { + return err; + } + } + #else /* !SSL_SERVER_KEYEXCH_HACK */ + /* + * This is, I believe the "right" way, but Netscape doesn't + * work this way. + */ + if (ctx->encryptPrivKey != NULL) { + err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx); + if(err) { + return err; } - #endif /* SSL_SERVER_KEYEXCH_HACK */ - #else /* !_APPLE_CDSA_ */ - /* original SSLRef3.... */ - if (ctx->selectedCipherSpec->keyExchangeMethod != SSL_RSA) - if (ERR(err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx)) != 0) - return err; - #endif /* _APPLE_CDSA_ */ + } + #endif /* SSL_SERVER_KEYEXCH_HACK */ + #if ST_SERVER_MODE_ENABLE if (ctx->tryClientAuth) { if (ERR(err = SSLPrepareAndQueueMessage(SSLEncodeCertificateRequest, ctx)) != 0) @@ -431,14 +424,16 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) break; case SSL_server_hello: if (ctx->resumableSession.data != 0 && ctx->sessionID.data != 0) - { if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) + { if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0) { ERR(SSLFatalSessionAlert(alert_close_notify, ctx)); return err; } if (sessionIdentifier.length == ctx->sessionID.length && memcmp(sessionIdentifier.data, ctx->sessionID.data, ctx->sessionID.length) == 0) { /* Everything matches; resume the session */ - if (ERR(err = SSLInstallSessionID(ctx->resumableSession, ctx)) != 0 || + SSLLogResumSess("===RESUMING SSL3 client-side session\n"); + if (ERR(err = SSLInstallSessionFromData(ctx->resumableSession, + ctx)) != 0 || ERR(err = SSLInitPendingCiphers(ctx)) != 0 || ERR(err = SSLFreeBuffer(&sessionIdentifier, &ctx->sysCtx)) != 0) { ERR(SSLFatalSessionAlert(alert_close_notify, ctx)); @@ -447,6 +442,9 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) SSLChangeHdskState(ctx, HandshakeChangeCipherSpec); break; } + else { + SSLLogResumSess("===FAILED TO RESUME SSL3 client-side session\n"); + } if (ERR(err = SSLFreeBuffer(&sessionIdentifier, &ctx->sysCtx)) != 0) { ERR(SSLFatalSessionAlert(alert_close_notify, ctx)); return err; @@ -482,7 +480,6 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) if (ctx->state == HandshakeCertificate) switch (ctx->selectedCipherSpec->keyExchangeMethod) { case SSL_RSA: - #ifdef _APPLE_CDSA_ /* * I really think the two RSA cases should be * handled the same here - the server key exchange is @@ -491,16 +488,12 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) * we're a client here. */ case SSL_RSA_EXPORT: - #endif case SSL_DH_DSS: case SSL_DH_DSS_EXPORT: case SSL_DH_RSA: case SSL_DH_RSA_EXPORT: SSLChangeHdskState(ctx, HandshakeHelloDone); break; - #ifndef _APPLE_CDSA_ - case SSL_RSA_EXPORT: - #endif case SSL_DHE_DSS: case SSL_DHE_DSS_EXPORT: case SSL_DHE_RSA: @@ -541,11 +534,13 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) } if (ERR(err = SSLPrepareAndQueueMessage(SSLEncodeKeyExchange, ctx)) != 0) return err; - if (ERR(err = SSLCalculateMasterSecret(ctx)) != 0 || + assert(ctx->sslTslCalls != NULL); + if (ERR(err = ctx->sslTslCalls->generateMasterSecret(ctx)) != 0 || ERR(err = SSLInitPendingCiphers(ctx)) != 0) { ERR(SSLFatalSessionAlert(alert_close_notify, ctx)); return err; } + memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length); if (ERR(err = SSLFreeBuffer(&ctx->preMasterSecret, &ctx->sysCtx)) != 0) return err; if (ctx->certSent) @@ -559,8 +554,11 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) return err; } ctx->writeCipher = ctx->writePending; - ctx->writeCipher.ready = 0; /* Can't send data until Finished is sent */ - memset(&ctx->writePending, 0, sizeof(CipherContext)); /* Zero out old data */ + /* Can't send data until Finished is sent */ + ctx->writeCipher.ready = 0; + + /* Zero out old data */ + memset(&ctx->writePending, 0, sizeof(CipherContext)); if (ERR(err = SSLPrepareAndQueueMessage(SSLEncodeFinishedMessage, ctx)) != 0) return err; /* Finished has been sent; enable data dransfer on write channel */ @@ -571,11 +569,13 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) SSLChangeHdskState(ctx, HandshakeChangeCipherSpec); break; case SSL_client_key_exchange: - if (ERR(err = SSLCalculateMasterSecret(ctx)) != 0 || + assert(ctx->sslTslCalls != NULL); + if (ERR(err = ctx->sslTslCalls->generateMasterSecret(ctx)) != 0 || ERR(err = SSLInitPendingCiphers(ctx)) != 0) { ERR(SSLFatalSessionAlert(alert_close_notify, ctx)); return err; } + memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length); if (ERR(err = SSLFreeBuffer(&ctx->preMasterSecret, &ctx->sysCtx)) != 0) return err; if (ctx->certReceived) { @@ -612,7 +612,7 @@ SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx) SSLChangeHdskState(ctx, HandshakeClientReady); } if (ctx->peerID.data != 0) - ERR(SSLAddSessionID(ctx)); + ERR(SSLAddSessionData(ctx)); break; default: ASSERTMSG("Unknown State"); @@ -641,7 +641,8 @@ SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx) SSLLogHdskMsg((SSLHandshakeType)rec.contents.data[0], 1); } - if (ERR(err = SSLWriteRecord(rec, ctx)) != 0) + assert(ctx->sslTslCalls != NULL); + if (ERR(err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0) goto fail; err = SSLNoErr; @@ -785,4 +786,5 @@ void SSLLogHdskMsg(SSLHandshakeType msg, char sent) hdskMsgToStr(msg), (sent ? "sent" : "recv")); } -#endif /* LOG_HDSK_MSG */ \ No newline at end of file +#endif /* LOG_HDSK_MSG */ + diff --git a/SecureTransport/sslmd5.c b/SecureTransport/sslmd5.c deleted file mode 100644 index 2c077ed6..00000000 --- a/SecureTransport/sslmd5.c +++ /dev/null @@ -1,354 +0,0 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -/* sslmd5.c - RSA Data Security, Inc., MD5 message-digest algorithm - */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. - */ - -#if 0 -#ifdef BSAFE -#include "aglobal.h" -#else -#include "global.h" -#endif -#endif -#include "sslmd5.h" - -/* Constants for MD5Transform routine. - */ -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - -static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64])); -static void Encode PROTO_LIST - ((unsigned char *, UINT4 *, unsigned int)); -static void Decode PROTO_LIST - ((UINT4 *, const unsigned char *, unsigned int)); -static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); -static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); - -static const unsigned char PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* F, G, H and I are basic MD5 functions. - */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits. - */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. -Rotation is separate from addition to prevent recomputation. - */ -#define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define II(a, b, c, d, x, s, ac) { \ - (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } - -/* MD5 initialization. Begins an MD5 operation, writing a new context. - */ -void SSLMD5Init (context) -MD5_CTX *context; /* context */ -{ - context->count[0] = context->count[1] = 0; - /* Load magic initialization constants. -*/ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* MD5 block update operation. Continues an MD5 message-digest - operation, processing another message block, and updating the - context. - */ -void SSLMD5Update (context, input, inputLen) -MD5_CTX *context; /* context */ -unsigned const char *input; /* input block */ -unsigned int inputLen; /* length of input block */ -{ - unsigned int i, index, partLen; - - /* Compute number of bytes mod 64 */ - index = (unsigned int)((context->count[0] >> 3) & 0x3F); - - /* Update number of bits */ - if ((context->count[0] += ((UINT4)inputLen << 3)) < ((UINT4)inputLen << 3)) - context->count[1]++; - context->count[1] += ((UINT4)inputLen >> 29); - - partLen = 64 - index; - - /* Transform as many times as possible. */ - if (inputLen >= partLen) { - MD5_memcpy ((POINTER)&context->buffer[index], (POINTER)input, partLen); - MD5Transform (context->state, context->buffer); - - for (i = partLen; i + 63 < inputLen; i += 64) - MD5Transform (context->state, &input[i]); - - index = 0; - } - else - i = 0; - - /* Buffer remaining input */ - MD5_memcpy - ((POINTER)&context->buffer[index], (POINTER)&input[i], - inputLen-i); -} - -/* MD5 finalization. Ends an MD5 message-digest operation, writing the - the message digest and zeroizing the context. - */ -void SSLMD5Final (digest, context) -unsigned char digest[16]; /* message digest */ -MD5_CTX *context; /* context */ -{ - unsigned char bits[8]; - unsigned int index, padLen; - - /* Save number of bits */ - Encode (bits, context->count, 8); - - /* Pad out to 56 mod 64. -*/ - index = (unsigned int)((context->count[0] >> 3) & 0x3f); - padLen = (index < 56) ? (56 - index) : (120 - index); - SSLMD5Update (context, PADDING, padLen); - - /* Append length (before padding) */ - SSLMD5Update (context, bits, 8); - - /* Store state in digest */ - Encode (digest, context->state, 16); - - /* Zeroize sensitive information. -*/ - MD5_memset ((POINTER)context, 0, sizeof (*context)); -} - -/* MD5 basic transformation. Transforms state based on block. - */ -static void MD5Transform (state, block) -UINT4 state[4]; -const unsigned char block[64]; -{ - UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; - - Decode (x, block, 64); - - /* Round 1 */ - FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ - FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ - FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ - FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ - FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ - FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ - FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ - FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ - FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ - FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ - FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - - /* Round 2 */ - GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ - GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ - GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ - GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ - GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ - GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ - GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ - GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ - GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ - GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ - GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - - /* Round 3 */ - HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ - HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ - HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ - HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ - HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ - HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ - HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ - HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ - HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ - HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ - - /* Round 4 */ - II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ - II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ - II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ - II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ - II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ - II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ - II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ - II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ - II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ - II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. */ - MD5_memset ((POINTER)x, 0, sizeof (x)); -} - -/* Encodes input (UINT4) into output (unsigned char). Assumes len is - a multiple of 4. - */ -static void Encode (output, input, len) -unsigned char *output; -UINT4 *input; -unsigned int len; -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (unsigned char)(input[i] & 0xff); - output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); - output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); - output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); - } -} - -/* Decodes input (unsigned char) into output (UINT4). Assumes len is - a multiple of 4. - */ -static void Decode (output, input, len) -UINT4 *output; -const unsigned char *input; -unsigned int len; -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) - output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | - (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); -} - -/* Note: Replace "for loop" with standard memcpy if possible. - */ - -static void MD5_memcpy (output, input, len) -POINTER output; -POINTER input; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - output[i] = input[i]; -} - -/* Note: Replace "for loop" with standard memset if possible. - */ -static void MD5_memset (output, value, len) -POINTER output; -int value; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - ((char *)output)[i] = (char)value; -} diff --git a/SecureTransport/sslrec.c b/SecureTransport/sslrec.c index 2e792d94..f7e7cb3b 100644 --- a/SecureTransport/sslrec.c +++ b/SecureTransport/sslrec.c @@ -21,7 +21,7 @@ Contains: Encryption, decryption and MACing of data - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -88,13 +88,9 @@ #include "sslutil.h" #endif -#ifdef _APPLE_CDSA_ -#ifndef _APPLE_GLUE_H_ #include "appleGlue.h" -#endif -#endif - #include +#include /* * Lots of servers fail to provide closure alerts when they disconnect. @@ -103,11 +99,6 @@ */ #define SSL_ALLOW_UNNOTICED_DISCONNECT 1 -static SSLErr DecryptSSLRecord(UInt8 type, SSLBuffer *payload, SSLContext *ctx); -static SSLErr VerifyMAC(UInt8 type, SSLBuffer data, UInt8 *compareMAC, SSLContext *ctx); -static SSLErr ComputeMAC(UInt8 type, SSLBuffer data, SSLBuffer mac, sslUint64 seqNo, SSLBuffer secret, const HashReference *macHash, SSLContext *ctx); -static UInt8* SSLEncodeUInt64(UInt8 *p, sslUint64 value); - /* ReadSSLRecord * Attempt to read & decrypt an SSL record. */ @@ -136,12 +127,8 @@ SSLReadRecord(SSLRecord *rec, SSLContext *ctx) { readData.length = 1 - ctx->amountRead; readData.data = ctx->partialReadBuffer.data + ctx->amountRead; len = readData.length; - #ifdef _APPLE_CDSA_ err = sslIoRead(readData, &len, ctx); if(err != 0) - #else - if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0) - #endif { if (err == SSLWouldBlockErr) ctx->amountRead += len; else @@ -172,12 +159,8 @@ SSLReadRecord(SSLRecord *rec, SSLContext *ctx) { readData.length = 5 - ctx->amountRead; readData.data = ctx->partialReadBuffer.data + ctx->amountRead; len = readData.length; - #ifdef _APPLE_CDSA_ err = sslIoRead(readData, &len, ctx); if(err != 0) - #else - if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0) - #endif { switch(err) { case SSLWouldBlockErr: @@ -191,7 +174,7 @@ SSLReadRecord(SSLRecord *rec, SSLContext *ctx) (len == 0) && /* nothing new */ (ctx->state == HandshakeClientReady)) { /* handshake done */ /* - * This means that the server has discionected without + * This means that the server has disconnected without * sending a closure alert notice. This is technically * illegal per the SSL3 spec, but about half of the * servers out there do it, so we report it as a separate @@ -248,12 +231,8 @@ SSLReadRecord(SSLRecord *rec, SSLContext *ctx) { readData.length = 5 + contentLen - ctx->amountRead; readData.data = ctx->partialReadBuffer.data + ctx->amountRead; len = readData.length; - #ifdef _APPLE_CDSA_ err = sslIoRead(readData, &len, ctx); if(err != 0) - #else - if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0) - #endif { if (err == SSLWouldBlockErr) ctx->amountRead += len; else @@ -272,7 +251,9 @@ SSLReadRecord(SSLRecord *rec, SSLContext *ctx) * amount of plaintext data after adjusting for the block size and removing the MAC * (this function generates its own alerts) */ - if ((err = DecryptSSLRecord(rec->contentType, &cipherFragment, ctx)) != 0) + assert(ctx->sslTslCalls != NULL); + if ((err = ctx->sslTslCalls->decryptRecord(rec->contentType, + &cipherFragment, ctx)) != 0) return err; /* We appear to have sucessfully received a record; increment the sequence number */ @@ -290,250 +271,36 @@ SSLReadRecord(SSLRecord *rec, SSLContext *ctx) return SSLNoErr; } -/* SSLWriteRecord does not send alerts on failure, out of the assumption/fear - * that this might result in a loop (since sending an alert causes SSLWriteRecord - * to be called). - */ -SSLErr -SSLWriteRecord(SSLRecord rec, SSLContext *ctx) -{ SSLErr err; - int padding = 0, i; - WaitingRecord *out, *queue; - SSLBuffer buf, payload, secret, mac; - UInt8 *progress; - UInt16 payloadSize,blockSize; - - if (rec.protocolVersion == SSL_Version_2_0) - return SSL2WriteRecord(rec, ctx); - - CASSERT(rec.protocolVersion == SSL_Version_3_0); - CASSERT(rec.contents.length <= 16384); - - out = 0; - /* Allocate a WaitingRecord to store our ready-to-send record in */ - if ((err = SSLAllocBuffer(&buf, sizeof(WaitingRecord), &ctx->sysCtx)) != 0) - return ERR(err); - out = (WaitingRecord*)buf.data; - out->next = 0; - out->sent = 0; - /* Allocate enough room for the transmitted record, which will be: - * 5 bytes of header + - * encrypted contents + - * macLength + - * padding [block ciphers only] + - * padding length field (1 byte) [block ciphers only] - */ - payloadSize = (UInt16) (rec.contents.length + ctx->writeCipher.hash->digestSize); - blockSize = ctx->writeCipher.symCipher->blockSize; - if (blockSize > 0) - { padding = blockSize - (payloadSize % blockSize) - 1; - payloadSize += padding + 1; - } - out->data.data = 0; - if ((err = SSLAllocBuffer(&out->data, 5 + payloadSize, &ctx->sysCtx)) != 0) - goto fail; - - progress = out->data.data; - *(progress++) = rec.contentType; - progress = SSLEncodeInt(progress, rec.protocolVersion, 2); - progress = SSLEncodeInt(progress, payloadSize, 2); - - /* Copy the contents into the output buffer */ - memcpy(progress, rec.contents.data, rec.contents.length); - payload.data = progress; - payload.length = rec.contents.length; - - progress += rec.contents.length; - /* MAC immediately follows data */ - mac.data = progress; - mac.length = ctx->writeCipher.hash->digestSize; - progress += mac.length; - - /* MAC the data */ - if (mac.length > 0) /* Optimize away null case */ - { secret.data = ctx->writeCipher.macSecret; - secret.length = ctx->writeCipher.hash->digestSize; - if ((err = ComputeMAC(rec.contentType, payload, mac, ctx->writeCipher.sequenceNum, secret, ctx->writeCipher.hash, ctx)) != 0) - goto fail; - } - - /* Update payload to reflect encrypted data: contents, mac & padding */ - payload.length = payloadSize; - - /* Fill in the padding bytes & padding length field with the padding value; the - * protocol only requires the last byte, - * but filling them all in avoids leaking data - */ - if (ctx->writeCipher.symCipher->blockSize > 0) - for (i = 1; i <= padding + 1; ++i) - payload.data[payload.length - i] = padding; - - /* Encrypt the data */ - DUMP_BUFFER_NAME("cleartext data", payload); - /* _APPLE_CDSA_ change */ - if ((err = ctx->writeCipher.symCipher->encrypt(payload, - payload, - &ctx->writeCipher, - ctx)) != 0) - goto fail; - DUMP_BUFFER_NAME("encrypted data", payload); - - /* Enqueue the record to be written from the idle loop */ - if (ctx->recordWriteQueue == 0) - ctx->recordWriteQueue = out; - else - { queue = ctx->recordWriteQueue; - while (queue->next != 0) - queue = queue->next; - queue->next = out; - } - - /* Increment the sequence number */ - IncrementUInt64(&ctx->writeCipher.sequenceNum); - - return SSLNoErr; - -fail: /* Only for if we fail between when the WaitingRecord is allocated and when it is queued */ - SSLFreeBuffer(&out->data, &ctx->sysCtx); - buf.data = (UInt8*)out; - buf.length = sizeof(WaitingRecord); - SSLFreeBuffer(&buf, &ctx->sysCtx); - return ERR(err); -} - -static SSLErr -DecryptSSLRecord(UInt8 type, SSLBuffer *payload, SSLContext *ctx) -{ SSLErr err; - SSLBuffer content; - - if ((ctx->readCipher.symCipher->blockSize > 0) && - ((payload->length % ctx->readCipher.symCipher->blockSize) != 0)) - { SSLFatalSessionAlert(alert_unexpected_message, ctx); - return ERR(SSLProtocolErr); - } - - /* Decrypt in place */ - DUMP_BUFFER_NAME("encrypted data", (*payload)); - /* _APPLE_CDSA_ change */ - if ((err = ctx->readCipher.symCipher->decrypt(*payload, - *payload, - &ctx->readCipher, - ctx)) != 0) - { SSLFatalSessionAlert(alert_close_notify, ctx); - return ERR(err); - } - DUMP_BUFFER_NAME("decrypted data", (*payload)); - -/* Locate content within decrypted payload */ - content.data = payload->data; - content.length = payload->length - ctx->readCipher.hash->digestSize; - if (ctx->readCipher.symCipher->blockSize > 0) - { /* padding can't be equal to or more than a block */ - if (payload->data[payload->length - 1] >= ctx->readCipher.symCipher->blockSize) - { SSLFatalSessionAlert(alert_unexpected_message, ctx); - errorLog1("DecryptSSLRecord: bad padding length (%d)\n", - (unsigned)payload->data[payload->length - 1]); - return ERR(SSLProtocolErr); - } - content.length -= 1 + payload->data[payload->length - 1]; /* Remove block size padding */ - } - -/* Verify MAC on payload */ - if (ctx->readCipher.hash->digestSize > 0) /* Optimize away MAC for null case */ - if ((err = VerifyMAC(type, content, payload->data + content.length, ctx)) != 0) - { SSLFatalSessionAlert(alert_bad_record_mac, ctx); - return ERR(err); - } - - *payload = content; /* Modify payload buffer to indicate content length */ - - return SSLNoErr; -} - -static UInt8* -SSLEncodeUInt64(UInt8 *p, sslUint64 value) -{ p = SSLEncodeInt(p, value.high, 4); - return SSLEncodeInt(p, value.low, 4); -} - -static SSLErr -VerifyMAC(UInt8 type, SSLBuffer data, UInt8 *compareMAC, SSLContext *ctx) -{ SSLErr err; +/* common for sslv3 and tlsv1, except for the computeMac callout */ +SSLErr SSLVerifyMac( + UInt8 type, + SSLBuffer data, + UInt8 *compareMAC, + SSLContext *ctx) +{ + SSLErr err; UInt8 macData[MAX_DIGEST_SIZE]; SSLBuffer secret, mac; secret.data = ctx->readCipher.macSecret; - secret.length = ctx->readCipher.hash->digestSize; + secret.length = ctx->readCipher.macRef->hash->digestSize; mac.data = macData; - mac.length = ctx->readCipher.hash->digestSize; - - if ((err = ComputeMAC(type, data, mac, ctx->readCipher.sequenceNum, secret, ctx->readCipher.hash, ctx)) != 0) + mac.length = ctx->readCipher.macRef->hash->digestSize; + + assert(ctx->sslTslCalls != NULL); + if ((err = ctx->sslTslCalls->computeMac(type, + data, + mac, + &ctx->readCipher, + ctx->readCipher.sequenceNum, + ctx)) != 0) return ERR(err); if ((memcmp(mac.data, compareMAC, mac.length)) != 0) { - errorLog0("VerifyMAC: Mac verify failure\n"); + errorLog0("ssl3VerifyMac: Mac verify failure\n"); return ERR(SSLProtocolErr); } return SSLNoErr; } -static SSLErr -ComputeMAC(UInt8 type, SSLBuffer data, SSLBuffer mac, sslUint64 seqNo, SSLBuffer secret, - const HashReference *macHash, SSLContext *ctx) -{ SSLErr err; - UInt8 innerDigestData[MAX_DIGEST_SIZE]; - UInt8 scratchData[11], *progress; - SSLBuffer digest,digestCtx,scratch; - - CASSERT(macHash->macPadSize <= MAX_MAC_PADDING); - CASSERT(macHash->digestSize <= MAX_DIGEST_SIZE); - CASSERT(SSLMACPad1[0] == 0x36 && SSLMACPad2[0] == 0x5C); - - digestCtx.data = 0; - if ((err = SSLAllocBuffer(&digestCtx, macHash->contextSize, &ctx->sysCtx)) != 0) - goto exit; - -/* MAC = hash( MAC_write_secret + pad_2 + hash( MAC_write_secret + pad_1 + seq_num + type + length + content ) ) */ - if ((err = macHash->init(digestCtx)) != 0) - goto exit; - if ((err = macHash->update(digestCtx, secret)) != 0) /* MAC secret */ - goto exit; - scratch.data = SSLMACPad1; - scratch.length = macHash->macPadSize; - if ((err = macHash->update(digestCtx, scratch)) != 0) /* pad1 */ - goto exit; - progress = scratchData; - progress = SSLEncodeUInt64(progress, seqNo); - *progress++ = type; - progress = SSLEncodeInt(progress, data.length, 2); - scratch.data = scratchData; - scratch.length = 11; - CASSERT(progress = scratchData+11); - if ((err = macHash->update(digestCtx, scratch)) != 0) /* sequenceNo, type & length */ - goto exit; - if ((err = macHash->update(digestCtx, data)) != 0) /* content */ - goto exit; - digest.data = innerDigestData; - digest.length = macHash->digestSize; - if ((err = macHash->final(digestCtx, digest)) != 0) /* figure inner digest */ - goto exit; - - if ((err = macHash->init(digestCtx)) != 0) - goto exit; - if ((err = macHash->update(digestCtx, secret)) != 0) /* MAC secret */ - goto exit; - scratch.data = SSLMACPad2; - scratch.length = macHash->macPadSize; - if ((err = macHash->update(digestCtx, scratch)) != 0) /* pad2 */ - goto exit; - if ((err = macHash->update(digestCtx, digest)) != 0) /* inner digest */ - goto exit; - if ((err = macHash->final(digestCtx, mac)) != 0) /* figure the mac */ - goto exit; - - err = SSLNoErr; /* redundant, I know */ - -exit: - SSLFreeBuffer(&digestCtx, &ctx->sysCtx); - return ERR(err); -} + diff --git a/SecureTransport/sslsess.c b/SecureTransport/sslsess.c index be5973bb..a4f5b7af 100644 --- a/SecureTransport/sslsess.c +++ b/SecureTransport/sslsess.c @@ -69,12 +69,8 @@ #include "cipherSpecs.h" #endif -#ifdef _APPLE_CDSA_ -#ifndef _APPLE_SESSION_H_ #include "appleSession.h" -#endif -#endif - +#include #include #include @@ -83,6 +79,7 @@ typedef struct UInt8 sessionID[32]; SSLProtocolVersion protocolVersion; UInt16 cipherSuite; + UInt16 padding; /* so remainder is word aligned */ UInt8 masterSecret[48]; int certCount; UInt8 certs[1]; /* Actually, variable length */ @@ -96,7 +93,7 @@ typedef struct * I don' think this is an issue...is it? */ SSLErr -SSLAddSessionID(const SSLContext *ctx) +SSLAddSessionData(const SSLContext *ctx) { SSLErr err; uint32 sessionIDLen; SSLBuffer sessionID; @@ -129,7 +126,8 @@ SSLAddSessionID(const SSLContext *ctx) session->cipherSuite = ctx->selectedCipher; memcpy(session->masterSecret, ctx->masterSecret, 48); session->certCount = certCount; - + session->padding = 0; + certDest = session->certs; cert = ctx->peerCert; while (cert) @@ -139,11 +137,7 @@ SSLAddSessionID(const SSLContext *ctx) cert = cert->next; } - #ifdef _APPLE_CDSA_ - err = sslAddSession(ctx->peerID, sessionID, ctx->sessionCtx.sessionRef); - #else - err = ctx->sessionCtx.addSession(ctx->peerID, sessionID, ctx->sessionCtx.sessionRef); - #endif + err = sslAddSession(ctx->peerID, sessionID); SSLFreeBuffer(&sessionID, &ctx->sysCtx); return err; @@ -153,7 +147,7 @@ SSLAddSessionID(const SSLContext *ctx) * Retrieve resumable session data, from key ctx->peerID. */ SSLErr -SSLGetSessionID(SSLBuffer *sessionData, const SSLContext *ctx) +SSLGetSessionData(SSLBuffer *sessionData, const SSLContext *ctx) { SSLErr err; if (ctx->peerID.data == 0) @@ -161,12 +155,7 @@ SSLGetSessionID(SSLBuffer *sessionData, const SSLContext *ctx) sessionData->data = 0; - #ifdef _APPLE_CDSA_ - err = sslGetSession(ctx->peerID, sessionData, ctx->sessionCtx.sessionRef); - #else - ERR(err = ctx->sessionCtx.getSession(ctx->peerID, sessionData, ctx->sessionCtx.sessionRef)); - #endif - + err = sslGetSession(ctx->peerID, sessionData); if (sessionData->data == 0) return ERR(SSLSessionNotFoundErr); @@ -174,17 +163,13 @@ SSLGetSessionID(SSLBuffer *sessionData, const SSLContext *ctx) } SSLErr -SSLDeleteSessionID(const SSLContext *ctx) +SSLDeleteSessionData(const SSLContext *ctx) { SSLErr err; if (ctx->peerID.data == 0) return SSLSessionNotFoundErr; - #ifdef _APPLE_CDSA_ - err = sslDeleteSession(ctx->peerID, ctx->sessionCtx.sessionRef); - #else - err = ctx->sessionCtx.deleteSession(ctx->peerID, ctx->sessionCtx.sessionRef); - #endif + err = sslDeleteSession(ctx->peerID); return err; } @@ -192,7 +177,7 @@ SSLDeleteSessionID(const SSLContext *ctx) * Given a sessionData blob, obtain the associated sessionID (NOT the key...). */ SSLErr -SSLRetrieveSessionIDIdentifier( +SSLRetrieveSessionID( const SSLBuffer sessionData, SSLBuffer *identifier, const SSLContext *ctx) @@ -210,38 +195,85 @@ SSLRetrieveSessionIDIdentifier( * Obtain the protocol version associated with a specified resumable session blob. */ SSLErr -SSLRetrieveSessionIDProtocolVersion( - const SSLBuffer sessionID, +SSLRetrieveSessionProtocolVersion( + const SSLBuffer sessionData, SSLProtocolVersion *version, const SSLContext *ctx) { ResumableSession *session; - session = (ResumableSession*) sessionID.data; + session = (ResumableSession*) sessionData.data; *version = session->protocolVersion; return SSLNoErr; } /* - * Retrieve session state. Presumably, ctx->sessionID and + * Retrieve session state from specified sessionData blob, install into + * ctx. Presumably, ctx->sessionID and * ctx->negProtocolVersion are already init'd (from the above two functions). */ + +/* + * Netscape Enterprise Server is known to change cipherspecs upon session resumption. + * For example, connecting to cdnow.com with all ciphersuites enabled results in + * CipherSuite 4 (SSL_RSA_WITH_RC4_128_MD5) being selected on the first session, + * and CipherSuite 10 (SSL_RSA_WITH_3DES_EDE_CBC_SHA) being selected on subsequent + * sessions. This is contrary to the SSL3.0 spec, sesion 7.6.1.3, describing the + * Server Hello message. + * + * This anomaly does not occur if only RC4 ciphers are enabled in the Client Hello + * message. It also does not happen in SSL V2. + */ +#define ALLOW_CIPHERSPEC_CHANGE 1 + SSLErr -SSLInstallSessionID(const SSLBuffer sessionData, SSLContext *ctx) +SSLInstallSessionFromData(const SSLBuffer sessionData, SSLContext *ctx) { SSLErr err; ResumableSession *session; uint8 *storedCertProgress; SSLCertificate *cert, *lastCert; - #ifndef __APPLE__ - SSLBuffer certAlloc; - #endif int certCount; uint32 certLen; session = (ResumableSession*)sessionData.data; CASSERT(ctx->negProtocolVersion == session->protocolVersion); - - ctx->selectedCipher = session->cipherSuite; + + /* + * For SSLv3 and TLSv1, we know that selectedCipher has already been specified in + * SSLProcessServerHello(). An SSLv2 server hello message with a session + * ID hit contains no CipherKind field so we set it here. + */ + if(ctx->negProtocolVersion == SSL_Version_2_0) { + if(ctx->protocolSide == SSL_ClientSide) { + assert(ctx->selectedCipher == 0); + ctx->selectedCipher = session->cipherSuite; + } + else { + /* + * Else...what if they don't match? Could never happen, right? + * Wouldn't that mean the client is trying to switch ciphers on us? + */ + if(ctx->selectedCipher != session->cipherSuite) { + errorLog2("+++SSL2: CipherSpec change from %d to %d on session " + "resume\n", + session->cipherSuite, ctx->selectedCipher); + return SSLProtocolErr; + } + } + } + else { + assert(ctx->selectedCipher != 0); + if(ctx->selectedCipher != session->cipherSuite) { + #if ALLOW_CIPHERSPEC_CHANGE + dprintf2("+++WARNING: CipherSpec change from %d to %d on session resume\n", + session->cipherSuite, ctx->selectedCipher); + #else + errorLog2("+++SSL: CipherSpec change from %d to %d on session resume\n", + session->cipherSuite, ctx->selectedCipher); + return SSLProtocolErr; + #endif + } + } if ((err = FindCipherSpec(ctx)) != 0) { return err; } @@ -253,43 +285,20 @@ SSLInstallSessionID(const SSLBuffer sessionData, SSLContext *ctx) while (certCount--) { - #ifdef __APPLE__ cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate)); if(cert == NULL) { return SSLMemoryErr; } - #else - if ((err = SSLAllocBuffer(&certAlloc, sizeof(SSLCertificate), &ctx->sysCtx)) != 0) - return err; - cert = (SSLCertificate*)certAlloc.data; - #endif cert->next = 0; certLen = SSLDecodeInt(storedCertProgress, 4); storedCertProgress += 4; if ((err = SSLAllocBuffer(&cert->derCert, certLen, &ctx->sysCtx)) != 0) { - #ifdef __APPLE__ sslFree(cert); - #else - SSLFreeBuffer(&certAlloc,&ctx->sysCtx); - #endif return err; } memcpy(cert->derCert.data, storedCertProgress, certLen); storedCertProgress += certLen; - #ifndef _APPLE_CDSA_ - /* we don't decode */ - if ((err = ASNParseX509Certificate(cert->derCert, &cert->cert, ctx)) != 0) - { - SSLFreeBuffer(&cert->derCert,&ctx->sysCtx); - #ifdef __APPLE__ - sslFree(cert); - #else - SSLFreeBuffer(&certAlloc,&ctx->sysCtx); - #endif - return err; - } - #endif if (lastCert == 0) ctx->peerCert = cert; else diff --git a/SecureTransport/ssltrspt.c b/SecureTransport/ssltrspt.c index c069b794..b6354204 100644 --- a/SecureTransport/ssltrspt.c +++ b/SecureTransport/ssltrspt.c @@ -21,7 +21,7 @@ Contains: SSLContext transport layer - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -80,7 +80,6 @@ #include "ssl2.h" #endif -#ifdef _APPLE_CDSA_ #ifndef _APPLE_GLUE_H_ #include "appleGlue.h" #endif @@ -94,8 +93,8 @@ #endif #include -#endif +#include #include #define SSL_IO_TRACE 0 @@ -179,7 +178,8 @@ SSLWrite( else rec.contents.length = MAX_RECORD_LENGTH; - if (ERR(err = SSLWriteRecord(rec, ctx)) != 0) + assert(ctx->sslTslCalls != NULL); + if (ERR(err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0) goto exit; processed += rec.contents.length; @@ -275,7 +275,14 @@ SSLRead ( ctx->receivedDataPos = 0; } + /* + * This while statement causes a hang when using nonblocking low-level I/O! while (remaining > 0 && ctx->state != SSLGracefulClose) + ..what we really have to do is just return as soon as we read one + record. A performance hit in the nonblocking case, but that is + the only way this code can work in both modes... + */ + if (remaining > 0 && ctx->state != SSLGracefulClose) { CASSERT(ctx->receivedDataBuffer.data == 0); if (ERR(err = SSLReadRecord(&rec, ctx)) != 0) goto exit; @@ -379,6 +386,10 @@ SSLHandshake(SSLContext *ctx) return sslErrToOsStatus(err); } + /* one more flush at completion of successful handshake */ + if ((err = SSLServiceWriteQueue(ctx)) != 0) { + return sslErrToOsStatus(err); + } return noErr; } @@ -419,19 +430,40 @@ SSLInitConnection(SSLContext *ctx) } if (ctx->peerID.data != 0) - { ERR(SSLGetSessionID(&ctx->resumableSession, ctx)); + { ERR(SSLGetSessionData(&ctx->resumableSession, ctx)); /* Ignore errors; just treat as uncached session */ } -/* If we're a client, and we have a cached resumable session, we want - * to try to negotiate the same session type we negotiated before, - * because an SSL 3.0 session can only be resumed with an SSL 3.0 - * hello message. - */ - if (ctx->protocolSide == SSL_ClientSide && ctx->resumableSession.data != 0) - { if (ERR(err = SSLRetrieveSessionIDProtocolVersion(ctx->resumableSession, - &ctx->negProtocolVersion, ctx)) != 0) + /* + * If we have a cached resumable session, blow it off if it's a higher + * version than the max currently allowed. Note that this means that once + * a process negotiates a given version with a given server/port, it won't + * be able to negotiate a higher version. We might want to revisit this. + */ + if (ctx->resumableSession.data != 0) { + + SSLProtocolVersion savedVersion; + + if (ERR(err = SSLRetrieveSessionProtocolVersion(ctx->resumableSession, + &savedVersion, ctx)) != 0) { return err; + } + if(savedVersion > ctx->maxProtocolVersion) { + SSLLogResumSess("===Resumable session protocol mismatch\n"); + SSLFreeBuffer(&ctx->resumableSession, &ctx->sysCtx); + } + else { + SSLLogResumSess("===attempting to resume session\n"); + /* + * A bit of a special case for server side here. If currently + * configged to allow for SSL3/TLS1 with an SSL2 hello, we + * don't want to preclude the possiblity of an SSL2 hello... + * so we'll just leave the negProtocolVersion alone in the server case. + */ + if(ctx->protocolSide == SSL_ClientSide) { + ctx->negProtocolVersion = savedVersion; + } + } } /* If we're the client & handshake hasn't yet begun, start it by @@ -447,6 +479,8 @@ SSLInitConnection(SSLContext *ctx) break; case SSL_Version_3_0_Only: case SSL_Version_3_0: + case TLS_Version_1_0_Only: + case TLS_Version_1_0: if (ERR(err = SSLAdvanceHandshake(SSL_hello_request, ctx)) != 0) return err; break; @@ -461,20 +495,15 @@ SSLInitConnection(SSLContext *ctx) static SSLErr SSLServiceWriteQueue(SSLContext *ctx) -{ SSLErr err; - UInt32 written; +{ SSLErr err = SSLNoErr, werr = SSLNoErr; + UInt32 written = 0; SSLBuffer buf, recBuf; WaitingRecord *rec; - - while ((rec = ctx->recordWriteQueue) != 0) + + while (!werr && ((rec = ctx->recordWriteQueue) != 0)) { buf.data = rec->data.data + rec->sent; buf.length = rec->data.length - rec->sent; - #ifdef _APPLE_CDSA_ - err = sslIoWrite(buf, &written, ctx); - #else - err = ctx->ioCtx.write(buf, &written, ctx->ioCtx.ioRef); - #endif - // FIXME - detect & abort ERR(err); + werr = sslIoWrite(buf, &written, ctx); rec->sent += written; if (rec->sent >= rec->data.length) { CASSERT(rec->sent == rec->data.length); @@ -491,8 +520,8 @@ SSLServiceWriteQueue(SSLContext *ctx) return err; CASSERT(ctx->recordWriteQueue == 0 || ctx->recordWriteQueue->sent == 0); } - - return SSLNoErr; + + return werr; } #if LOG_RX_PROTOCOL @@ -536,12 +565,12 @@ SSLProcessProtocolMessage(SSLRecord rec, SSLContext *ctx) OSStatus SSLClose(SSLContext *ctx) { - SSLErr err = SSLNoErr; /* _APPLE_CDSA_ bug fix - was uninit'd */ + SSLErr err = SSLNoErr; if(ctx == NULL) { return paramErr; } - if (ctx->negProtocolVersion == SSL_Version_3_0) + if (ctx->negProtocolVersion >= SSL_Version_3_0) ERR(err = SSLSendAlert(alert_warning, alert_close_notify, ctx)); if (err == 0) ERR(err = SSLServiceWriteQueue(ctx)); @@ -550,3 +579,28 @@ SSLClose(SSLContext *ctx) err = SSLNoErr; /* Ignore errors related to closed streams */ return sslErrToOsStatus(err); } + +/* + * Determine how much data the client can be guaranteed to + * obtain via SSLRead() without blocking or causing any low-level + * read operations to occur. + * + * Implemented here because the relevant info in SSLContext (receivedDataBuffer + * and receivedDataPos) are only used in this file. + */ +OSStatus +SSLGetBufferedReadSize(SSLContextRef ctx, + size_t *bufSize) /* RETURNED */ +{ + if(ctx == NULL) { + return paramErr; + } + if(ctx->receivedDataBuffer.data == NULL) { + *bufSize = 0; + } + else { + CASSERT(ctx->receivedDataBuffer.length >= ctx->receivedDataPos); + *bufSize = ctx->receivedDataBuffer.length - ctx->receivedDataPos; + } + return noErr; +} diff --git a/SecureTransport/sslutil.c b/SecureTransport/sslutil.c index f03bb5c1..9118f89c 100644 --- a/SecureTransport/sslutil.c +++ b/SecureTransport/sslutil.c @@ -87,6 +87,13 @@ SSLEncodeInt(unsigned char *p, UInt32 value, int length) return retVal; } +UInt8* +SSLEncodeUInt64(UInt8 *p, sslUint64 value) +{ p = SSLEncodeInt(p, value.high, 4); + return SSLEncodeInt(p, value.low, 4); +} + + void IncrementUInt64(sslUint64 *v) { if (++v->low == 0) /* Must have just rolled over */ @@ -149,6 +156,8 @@ const char *protocolVersStr(SSLProtocolVersion prot) case SSL_Version_3_0_Only: return "SSL_Version_3_0_Only"; case SSL_Version_2_0: return "SSL_Version_2_0"; case SSL_Version_3_0: return "SSL_Version_3_0"; + case TLS_Version_1_0: return "TLS_Version_1_0"; + case TLS_Version_1_0_Only: return "TLS_Version_1_0_Only"; default: sslPanic("protocolVersStr: bad prot"); } return NULL; /* NOT REACHED */ diff --git a/SecureTransport/symCipher.c b/SecureTransport/symCipher.c index f7942005..a70b1d90 100644 --- a/SecureTransport/symCipher.c +++ b/SecureTransport/symCipher.c @@ -21,7 +21,7 @@ Contains: CDSA-based symmetric cipher module - Written by: Doug Mitchell, based on Netscape RSARef 3.0 + Written by: Doug Mitchell, based on Netscape SSLRef 3.0 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved. @@ -108,7 +108,6 @@ SSLErr CDSASymmInit( CSSM_DATA_PTR ivDataPtr = NULL; CSSM_KEY_PTR symKey = NULL; CSSM_CC_HANDLE ccHand = 0; - CSSM_KEYHEADER_PTR hdr; char *op; CASSERT(cipherCtx != NULL); @@ -127,24 +126,13 @@ SSLErr CDSASymmInit( if(symKey == NULL) { return SSLMemoryErr; } - memset(symKey, 0, sizeof(CSSM_KEY)); - serr = stSetUpCssmData(&symKey->KeyData, cipherCtx->symCipher->keySize); + serr = sslSetUpSymmKey(symKey, cipherCtx->symCipher->keyAlg, + CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, CSSM_TRUE, + key, cipherCtx->symCipher->keySize); if(serr) { sslFree(symKey); return serr; } - memmove(symKey->KeyData.Data, key, cipherCtx->symCipher->keySize); - - /* set up the header */ - hdr = &symKey->KeyHeader; - hdr->BlobType = CSSM_KEYBLOB_RAW; - hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - hdr->AlgorithmId = cipherCtx->symCipher->keyAlg; - hdr->KeyClass = CSSM_KEYCLASS_SESSION_KEY; - hdr->LogicalKeySizeInBits = cipherCtx->symCipher->keySize * 8; - hdr->KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE; - hdr->KeyUsage = CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT; - hdr->WrapAlgorithmId = CSSM_ALGID_NONE; cipherCtx->symKey = symKey; @@ -235,9 +223,10 @@ SSLErr CDSASymmEncrypt( { CSSM_RETURN crtn; CSSM_DATA ptextData; - CSSM_DATA ctextData = {0, NULL}; + CSSM_DATA ctextData; uint32 bytesEncrypted; SSLErr serr = SSLInternalError; + uint32 origLen = dest.length; /* * Valid on entry: @@ -248,6 +237,9 @@ SSLErr CDSASymmEncrypt( CASSERT(cipherCtx != NULL); logSymmData("Symm encrypt ptext", &src, 48); + /* this requirement allows us to avoid a malloc and copy */ + CASSERT(dest.length >= src.length); + #if SSL_DEBUG { unsigned blockSize = cipherCtx->symCipher->blockSize; @@ -271,6 +263,7 @@ SSLErr CDSASymmEncrypt( return SSLInternalError; } SSLBUF_TO_CSSM(&src, &ptextData); + SSLBUF_TO_CSSM(&dest, &ctextData); crtn = CSSM_EncryptDataUpdate(cipherCtx->ccHand, &ptextData, 1, @@ -283,25 +276,15 @@ SSLErr CDSASymmEncrypt( goto errOut; } - if(bytesEncrypted > dest.length) { - /* FIXME - can this happen? Should we remalloc? */ + if(bytesEncrypted > origLen) { + /* should never happen, callers always give us block-aligned + * plaintext and CSP padding is disabled. */ errorLog2("Symmetric encrypt overflow: bytesEncrypted %ld destLen %ld\n", bytesEncrypted, dest.length); serr = SSLDataOverflow; goto errOut; } - if(bytesEncrypted) { - memmove(dest.data, ctextData.Data, bytesEncrypted); - } dest.length = bytesEncrypted; - - /* CSP mallocd ctext */ - /* FIXME - once we're really sure that the caller always mallocs - * dest.data, we should avoid this malloc/copy */ - stFreeCssmData(&ctextData, CSSM_FALSE); - - /* FIXME - sure we don't need to do Final()? */ - logSymmData("Symm encrypt ctext", &dest, 48); serr = SSLNoErr; @@ -320,7 +303,8 @@ SSLErr CDSASymmDecrypt( CSSM_DATA ctextData; uint32 bytesDecrypted; SSLErr serr = SSLInternalError; - + uint32 origLen = dest.length; + /* * Valid on entry: * cipherCtx->cspHand @@ -332,6 +316,8 @@ SSLErr CDSASymmDecrypt( errorLog0("CDSASymmDecrypt: null args\n"); return SSLInternalError; } + /* this requirement allows us to avoid a malloc and copy */ + CASSERT(dest.length >= src.length); #if SSL_DEBUG { @@ -352,6 +338,7 @@ SSLErr CDSASymmDecrypt( #endif SSLBUF_TO_CSSM(&src, &ctextData); + SSLBUF_TO_CSSM(&dest, &ptextData); crtn = CSSM_DecryptDataUpdate(cipherCtx->ccHand, &ctextData, 1, @@ -364,21 +351,13 @@ SSLErr CDSASymmDecrypt( goto errOut; } - if(bytesDecrypted > dest.length) { + if(bytesDecrypted > origLen) { /* FIXME - can this happen? Should we remalloc? */ errorLog2("Symmetric decrypt overflow: bytesDecrypted %ld destLen %ld\n", bytesDecrypted, dest.length); serr = SSLDataOverflow; goto errOut; } - - if(bytesDecrypted) { - memmove(dest.data, ptextData.Data, bytesDecrypted); - } - - /* CSP mallocd ptext, remData */ - stFreeCssmData(&ptextData, CSSM_FALSE); - dest.length = bytesDecrypted; serr = SSLNoErr; logSymmData("Symm decrypt ptext(1)", &dest, 48); diff --git a/SecureTransport/tls1Callouts.c b/SecureTransport/tls1Callouts.c new file mode 100644 index 00000000..f423c8a1 --- /dev/null +++ b/SecureTransport/tls1Callouts.c @@ -0,0 +1,687 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: tls1Callouts.c + + Contains: TLSv1-specific routines for SslTlsCallouts. + + Written by: Doug Mitchell +*/ + +#include "tls_ssl.h" +#include "sslerrs.h" +#include "sslalloc.h" +#include "sslutil.h" +#include "digests.h" +#include "sslalert.h" +#include "sslDebug.h" +#include +#include + +#define TLS_ENC_DEBUG 0 +#if TLS_ENC_DEBUG +#define tlsDebug(format, args...) printf(format , ## args) +static void tlsDump(const char *name, void *b, unsigned len) +{ + unsigned char *cp = (unsigned char *)b; + unsigned i, dex; + + printf("%s\n", name); + for(dex=0; dex= outLen + unsigned outLen) // desired output size +{ + unsigned char aSubI[TLS_HMAC_MAX_SIZE]; /* A(i) */ + unsigned char digest[TLS_HMAC_MAX_SIZE]; + HMACContextRef hmacCtx; + SSLErr serr; + unsigned digestLen = hmac->macSize; + + serr = hmac->alloc(hmac, ctx, secret, secretLen, &hmacCtx); + if(serr) { + return serr; + } + + /* A(0) = seed */ + /* A(1) := HMAC_hash(secret, seed) */ + serr = hmac->hmac(hmacCtx, seed, seedLen, aSubI, &digestLen); + if(serr) { + goto fail; + } + assert(digestLen = hmac->macSize); + + /* starting at loopNum 1... */ + for (;;) { + /* + * This loop's chunk = HMAC_hash(secret, A(loopNum) + seed)) + */ + serr = hmac->init(hmacCtx); + if(serr) { + break; + } + serr = hmac->update(hmacCtx, aSubI, digestLen); + if(serr) { + break; + } + serr = hmac->update(hmacCtx, seed, seedLen); + if(serr) { + break; + } + serr = hmac->final(hmacCtx, digest, &digestLen); + if(serr) { + break; + } + assert(digestLen = hmac->macSize); + + if(outLen <= digestLen) { + /* last time, possible partial digest */ + memmove(out, digest, outLen); + break; + } + + memmove(out, digest, digestLen); + out += digestLen; + outLen -= digestLen; + + /* + * A(i) = HMAC_hash(secret, A(i-1)) + * Note there is a possible optimization involving obtaining this + * hmac by cloning the state of hmacCtx above after updating with + * aSubI, and getting the final version of that here. However CDSA + * does not support cloning of a MAC context (only for digest contexts). + */ + serr = hmac->hmac(hmacCtx, aSubI, digestLen, + aSubI, &digestLen); + if(serr) { + break; + } + assert(digestLen = hmac->macSize); + } +fail: + hmac->free(hmacCtx); + memset(aSubI, 0, TLS_HMAC_MAX_SIZE); + memset(digest, 0, TLS_HMAC_MAX_SIZE); + return serr; +} + +/* + * The TLS pseudorandom function, defined in RFC2246, section 5. + * This takes as its input a secret block, a label, and a seed, and produces + * a caller-specified length of pseudorandom data. + * + * Optimization TBD: make label optional, avoid malloc and two copies if it's + * not there, so callers can take advantage of fixed-size seeds. + */ +static SSLErr tlsPRF( + SSLContext *ctx, + const unsigned char *secret, + unsigned secretLen, + const unsigned char *label, // optional, NULL implies that seed contains + // the label + unsigned labelLen, + const unsigned char *seed, + unsigned seedLen, + unsigned char *out, // mallocd by called, length >= outLen + unsigned outLen) +{ + SSLErr serr = SSLInternalError; + const unsigned char *S1, *S2; // the two seeds + unsigned sLen; // effective length of each seed + unsigned char *labelSeed = NULL; // label + seed, passed to tlsPHash + unsigned labelSeedLen; + unsigned char *tmpOut = NULL; // output of P_SHA1 + unsigned i; + + /* two seeds for tlsPHash */ + sLen = secretLen / 2; // for partitioning + S1 = secret; + S2 = &secret[sLen]; + sLen += (secretLen & 1); // secret length odd, increment effective size + + if(label != NULL) { + /* concatenate label and seed */ + labelSeedLen = labelLen + seedLen; + labelSeed = sslMalloc(labelSeedLen); + if(labelSeed == NULL) { + return SSLMemoryErr; + } + memmove(labelSeed, label, labelLen); + memmove(labelSeed + labelLen, seed, seedLen); + } + else { + /* fast track - just use seed as is */ + labelSeed = (unsigned char *)seed; + labelSeedLen = seedLen; + } + + /* temporary output for SHA1, to be XORd with MD5 */ + tmpOut = sslMalloc(outLen); + if(tmpOut == NULL) { + serr = SSLMemoryErr; + goto fail; + } + serr = tlsPHash(ctx, &TlsHmacMD5, S1, sLen, labelSeed, labelSeedLen, + out, outLen); + if(serr) { + goto fail; + } + serr = tlsPHash(ctx, &TlsHmacSHA1, S2, sLen, labelSeed, labelSeedLen, + tmpOut, outLen); + if(serr) { + goto fail; + } + + /* XOR together to get final result */ + for(i=0; ireadCipher.symCipher->blockSize > 0) && + ((payload->length % ctx->readCipher.symCipher->blockSize) != 0)) { + SSLFatalSessionAlert(alert_unexpected_message, ctx); + return SSLProtocolErr; + } + + /* Decrypt in place */ + if ((err = ctx->readCipher.symCipher->decrypt(*payload, + *payload, + &ctx->readCipher, + ctx)) != 0) + { SSLFatalSessionAlert(alert_close_notify, ctx); + return err; + } + + /* Locate content within decrypted payload */ + content.data = payload->data; + content.length = payload->length - ctx->readCipher.macRef->hash->digestSize; + if (ctx->readCipher.symCipher->blockSize > 0) { + /* for TLSv1, padding can be anywhere from 0 to 255 bytes */ + UInt8 padSize = payload->data[payload->length - 1]; + UInt8 *padChars; + + /* verify that all padding bytes are equal - WARNING - OpenSSL code + * has a special case here dealing with some kind of bug related to + * even size packets...beware... */ + if(padSize > payload->length) { + SSLFatalSessionAlert(alert_unexpected_message, ctx); + errorLog1("tls1DecryptRecord: bad padding length (%d)\n", + (unsigned)payload->data[payload->length - 1]); + return SSLProtocolErr; + } + padChars = payload->data + payload->length - padSize; + while(padChars < (payload->data + payload->length)) { + if(*padChars++ != padSize) { + SSLFatalSessionAlert(alert_unexpected_message, ctx); + errorLog0("tls1DecryptRecord: bad padding value\n"); + return SSLProtocolErr; + } + } + /* Remove block size padding and its one-byte length */ + content.length -= (1 + padSize); + } + + /* Verify MAC on payload */ + if (ctx->readCipher.macRef->hash->digestSize > 0) + /* Optimize away MAC for null case */ + if ((err = SSLVerifyMac(type, content, + payload->data + content.length, ctx)) != 0) + { SSLFatalSessionAlert(alert_bad_record_mac, ctx); + return err; + } + + *payload = content; /* Modify payload buffer to indicate content length */ + + return SSLNoErr; +} + +/* initialize a per-CipherContext HashHmacContext for use in MACing each record */ +static SSLErr tls1InitMac ( + CipherContext *cipherCtx, // macRef, macSecret valid on entry + // macCtx valid on return + SSLContext *ctx) +{ + const HMACReference *hmac; + SSLErr serr; + + assert(cipherCtx->macRef != NULL); + hmac = cipherCtx->macRef->hmac; + assert(hmac != NULL); + + if(cipherCtx->macCtx.hmacCtx != NULL) { + hmac->free(cipherCtx->macCtx.hmacCtx); + cipherCtx->macCtx.hmacCtx = NULL; + } + serr = hmac->alloc(hmac, ctx, cipherCtx->macSecret, + cipherCtx->macRef->hmac->macSize, &cipherCtx->macCtx.hmacCtx); + + /* mac secret now stored in macCtx.hmacCtx, delete it from cipherCtx */ + memset(cipherCtx->macSecret, 0, sizeof(cipherCtx->macSecret)); + return serr; +} + +static SSLErr tls1FreeMac ( + CipherContext *cipherCtx) +{ + /* this can be called on a completely zeroed out CipherContext... */ + if(cipherCtx->macRef == NULL) { + return SSLNoErr; + } + assert(cipherCtx->macRef->hmac != NULL); + + if(cipherCtx->macCtx.hmacCtx != NULL) { + cipherCtx->macRef->hmac->free(cipherCtx->macCtx.hmacCtx); + cipherCtx->macCtx.hmacCtx = NULL; + } + return SSLNoErr; +} + +/* + * mac = HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type + + * TLSCompressed.version + TLSCompressed.length + + * TLSCompressed.fragment)); + */ + +/* sequence, type, version, length */ +#define HDR_LENGTH (8 + 1 + 2 + 2) +SSLErr tls1ComputeMac ( + UInt8 type, + SSLBuffer data, + SSLBuffer mac, // caller mallocs data + CipherContext *cipherCtx, // assumes macCtx, macRef + sslUint64 seqNo, + SSLContext *ctx) +{ + unsigned char hdr[HDR_LENGTH]; + unsigned char *p; + HMACContextRef hmacCtx; + SSLErr serr; + const HMACReference *hmac; + unsigned macLength; + + assert(cipherCtx != NULL); + assert(cipherCtx->macRef != NULL); + hmac = cipherCtx->macRef->hmac; + assert(hmac != NULL); + hmacCtx = cipherCtx->macCtx.hmacCtx; // may be NULL, for null cipher + + serr = hmac->init(hmacCtx); + if(serr) { + goto fail; + } + p = SSLEncodeUInt64(hdr, seqNo); + *p++ = type; + *p++ = TLS_Version_1_0 >> 8; + *p++ = TLS_Version_1_0 & 0xff; + *p++ = data.length >> 8; + *p = data.length & 0xff; + serr = hmac->update(hmacCtx, hdr, HDR_LENGTH); + if(serr) { + goto fail; + } + serr = hmac->update(hmacCtx, data.data, data.length); + if(serr) { + goto fail; + } + macLength = mac.length; + serr = hmac->final(hmacCtx, mac.data, &macLength); + if(serr) { + goto fail; + } + mac.length = macLength; +fail: + return serr; +} + +/* + * On input, the following are valid: + * MasterSecret[48] + * ClientHello.random[32] + * ServerHello.random[32] + * + * key_block = PRF(SecurityParameters.master_secret, + * "key expansion", + * SecurityParameters.server_random + + * SecurityParameters.client_random); + */ + +#define GKM_SEED_LEN (PLS_KEY_EXPAND_LEN + (2 * SSL_CLIENT_SRVR_RAND_SIZE)) + +SSLErr tls1GenerateKeyMaterial ( + SSLBuffer key, // caller mallocs and specifies length of + // required key material here + SSLContext *ctx) +{ + unsigned char seedBuf[GKM_SEED_LEN]; + SSLErr serr; + + /* use optimized label-less PRF */ + memmove(seedBuf, PLS_KEY_EXPAND, PLS_KEY_EXPAND_LEN); + memmove(seedBuf + PLS_KEY_EXPAND_LEN, ctx->serverRandom, + SSL_CLIENT_SRVR_RAND_SIZE); + memmove(seedBuf + PLS_KEY_EXPAND_LEN + SSL_CLIENT_SRVR_RAND_SIZE, + ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE); + serr = tlsPRF(ctx, + ctx->masterSecret, + SSL_MASTER_SECRET_SIZE, + NULL, // no label + 0, + seedBuf, + GKM_SEED_LEN, + key.data, // destination + key.length); + tlsDump("key expansion", key.data, key.length); + return serr; +} + +/* + * final_client_write_key = + * PRF(SecurityParameters.client_write_key, + * "client write key", + * SecurityParameters.client_random + + * SecurityParameters.server_random); + * final_server_write_key = + * PRF(SecurityParameters.server_write_key, + * "server write key", + * SecurityParameters.client_random + + * SecurityParameters.server_random); + * + * iv_block = PRF("", "IV block", SecurityParameters.client_random + + * SecurityParameters.server_random); + * + * iv_block is broken up into: + * + * client_write_IV[SecurityParameters.IV_size] + * server_write_IV[SecurityParameters.IV_size] + */ +SSLErr tls1GenerateExportKeyAndIv ( + SSLContext *ctx, // clientRandom, serverRandom valid + const SSLBuffer clientWriteKey, + const SSLBuffer serverWriteKey, + SSLBuffer finalClientWriteKey, // RETURNED, mallocd by caller + SSLBuffer finalServerWriteKey, // RETURNED, mallocd by caller + SSLBuffer finalClientIV, // RETURNED, mallocd by caller + SSLBuffer finalServerIV) // RETURNED, mallocd by caller +{ + unsigned char randBuf[2 * SSL_CLIENT_SRVR_RAND_SIZE]; + SSLErr serr; + unsigned char *ivBlock; + char *nullKey = ""; + + /* all three PRF calls use the same seed */ + memmove(randBuf, ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE); + memmove(randBuf + SSL_CLIENT_SRVR_RAND_SIZE, + ctx->serverRandom, SSL_CLIENT_SRVR_RAND_SIZE); + + serr = tlsPRF(ctx, + clientWriteKey.data, + clientWriteKey.length, + PLS_EXPORT_CLIENT_WRITE, + PLS_EXPORT_CLIENT_WRITE_LEN, + randBuf, + 2 * SSL_CLIENT_SRVR_RAND_SIZE, + finalClientWriteKey.data, // destination + finalClientWriteKey.length); + if(serr) { + return serr; + } + serr = tlsPRF(ctx, + serverWriteKey.data, + serverWriteKey.length, + PLS_EXPORT_SERVER_WRITE, + PLS_EXPORT_SERVER_WRITE_LEN, + randBuf, + 2 * SSL_CLIENT_SRVR_RAND_SIZE, + finalServerWriteKey.data, // destination + finalServerWriteKey.length); + if(serr) { + return serr; + } + if((finalClientIV.length == 0) && (finalServerIV.length == 0)) { + /* skip remainder as optimization */ + return SSLNoErr; + } + ivBlock = sslMalloc(finalClientIV.length + finalServerIV.length); + if(ivBlock == NULL) { + return SSLMemoryErr; + } + serr = tlsPRF(ctx, + nullKey, + 0, + PLS_EXPORT_IV_BLOCK, + PLS_EXPORT_IV_BLOCK_LEN, + randBuf, + 2 * SSL_CLIENT_SRVR_RAND_SIZE, + ivBlock, // destination + finalClientIV.length + finalServerIV.length); + if(serr) { + goto done; + } + memmove(finalClientIV.data, ivBlock, finalClientIV.length); + memmove(finalServerIV.data, ivBlock + finalClientIV.length, finalServerIV.length); +done: + sslFree(ivBlock); + return serr; +} + +/* + * On entry: clientRandom, serverRandom, preMasterSecret valid + * On return: masterSecret valid + * + * master_secret = PRF(pre_master_secret, "master secret", + * ClientHello.random + ServerHello.random) + * [0..47]; + */ + +SSLErr tls1GenerateMasterSecret ( + SSLContext *ctx) +{ + unsigned char randBuf[2 * SSL_CLIENT_SRVR_RAND_SIZE]; + SSLErr serr; + + memmove(randBuf, ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE); + memmove(randBuf + SSL_CLIENT_SRVR_RAND_SIZE, + ctx->serverRandom, SSL_CLIENT_SRVR_RAND_SIZE); + serr = tlsPRF(ctx, + ctx->preMasterSecret.data, + ctx->preMasterSecret.length, + PLS_MASTER_SECRET, + PLS_MASTER_SECRET_LEN, + randBuf, + 2 * SSL_CLIENT_SRVR_RAND_SIZE, + ctx->masterSecret, // destination + SSL_MASTER_SECRET_SIZE); + tlsDump("master secret", ctx->masterSecret, SSL_MASTER_SECRET_SIZE); + return serr; +} + +/* + * Given digests contexts representing the running total of all handshake messages, + * calculate mac for "finished" message. + * + * verify_data = 12 bytes = + * PRF(master_secret, finished_label, MD5(handshake_messages) + + * SHA-1(handshake_messages)) [0..11]; + */ +SSLErr tls1ComputeFinishedMac ( + SSLContext *ctx, + SSLBuffer finished, // output - mallocd by caller + SSLBuffer shaMsgState, // clone of running digest of all handshake msgs + SSLBuffer md5MsgState, // ditto + Boolean isServer) +{ + unsigned char digests[SSL_MD5_DIGEST_LEN + SSL_SHA1_DIGEST_LEN]; + SSLBuffer digBuf; + unsigned char *finLabel; + unsigned finLabelLen; + SSLErr serr; + + if(isServer) { + finLabel = PLS_SERVER_FINISH; + finLabelLen = PLS_SERVER_FINISH_LEN; + } + else { + finLabel = PLS_CLIENT_FINISH; + finLabelLen = PLS_CLIENT_FINISH_LEN; + } + + /* concatenate two digest results */ + digBuf.data = digests; + digBuf.length = SSL_MD5_DIGEST_LEN; + serr = SSLHashMD5.final(md5MsgState, digBuf); + if(serr) { + return serr; + } + digBuf.data += SSL_MD5_DIGEST_LEN; + digBuf.length = SSL_SHA1_DIGEST_LEN; + serr = SSLHashSHA1.final(shaMsgState, digBuf); + if(serr) { + return serr; + } + return tlsPRF(ctx, + ctx->masterSecret, + SSL_MASTER_SECRET_SIZE, + finLabel, + finLabelLen, + digests, + SSL_MD5_DIGEST_LEN + SSL_SHA1_DIGEST_LEN, + finished.data, // destination + finished.length); +} + +/* + * This one is trivial. + * + * mac := MD5(handshake_messages) + SHA(handshake_messages); + * + * I don't know why this one doesn't use an HMAC or the master secret (as SSLv3 + * does). + */ +SSLErr tls1ComputeCertVfyMac ( + SSLContext *ctx, + SSLBuffer finished, // output - mallocd by caller + SSLBuffer shaMsgState, // clone of running digest of all handshake msgs + SSLBuffer md5MsgState) // ditto +{ + SSLBuffer digBuf; + SSLErr serr; + + assert(finished.length == (SSL_MD5_DIGEST_LEN + SSL_SHA1_DIGEST_LEN)); + digBuf.data = finished.data; + digBuf.length = SSL_MD5_DIGEST_LEN; + serr = SSLHashMD5.final(md5MsgState, digBuf); + if(serr) { + return serr; + } + digBuf.data = finished.data + SSL_MD5_DIGEST_LEN; + digBuf.length = SSL_SHA1_DIGEST_LEN; + return SSLHashSHA1.final(shaMsgState, digBuf); +} + +const SslTlsCallouts Tls1Callouts = { + tls1DecryptRecord, + ssl3WriteRecord, + tls1InitMac, + tls1FreeMac, + tls1ComputeMac, + tls1GenerateKeyMaterial, + tls1GenerateExportKeyAndIv, + tls1GenerateMasterSecret, + tls1ComputeFinishedMac, + tls1ComputeCertVfyMac +}; diff --git a/SecureTransport/tls_hmac.c b/SecureTransport/tls_hmac.c new file mode 100644 index 00000000..e580d943 --- /dev/null +++ b/SecureTransport/tls_hmac.c @@ -0,0 +1,316 @@ +/* + * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: tls_hmac.c + + Contains: HMAC routines used by TLS + + Written by: Doug Mitchell +*/ + +#include "tls_hmac.h" +#include "appleCdsa.h" +#include "sslalloc.h" +#include "sslerrs.h" +#include "cryptType.h" +#include "digests.h" +#include +#include +#include + +/* Per-session state, opaque to callers; all fields set at alloc time */ +struct HMACContext { + SSLContext *ctx; + CSSM_CC_HANDLE ccHand; + const struct HMACReference *hmac; +}; + +#pragma mark *** Common CDSA_based HMAC routines *** + +/* Create an HMAC session */ +static SSLErr HMAC_Alloc( + const struct HMACReference *hmac, + SSLContext *ctx, + const void *keyPtr, + unsigned keyLen, + HMACContextRef *hmacCtx) // RETURNED +{ + CSSM_RETURN crtn; + CSSM_KEY cssmKey; + SSLErr serr; + CSSM_ALGORITHMS calg; + HMACContextRef href = sslMalloc(sizeof(struct HMACContext)); + + if(href == NULL) { + return SSLMemoryErr; + } + href->ctx = ctx; + href->ccHand = 0; + href->hmac = hmac; + + /* + * Since the key is present in the CDSA context, we cook up the context now. + * Currently we can't reuse an HMAC context if the key changes. + */ + switch(hmac->alg) { + case HA_SHA1: + calg = CSSM_ALGID_SHA1HMAC; + break; + case HA_MD5: + calg = CSSM_ALGID_MD5HMAC; + break; + default: + assert(0); + return SSLInternalError; + } + serr = sslSetUpSymmKey(&cssmKey, + calg, + CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY, + CSSM_FALSE, /* don't malloc/copy key */ + (uint8 *)keyPtr, + keyLen); + if(serr) { + return serr; + } + if(attachToCsp(ctx)) { + return serr; + } + crtn = CSSM_CSP_CreateMacContext(ctx->cspHand, + calg, + &cssmKey, + &href->ccHand); + if(crtn) { + return SSLCryptoError; + } + + /* success */ + *hmacCtx = href; + return SSLNoErr; +} + +/* free a session */ +static SSLErr HMAC_Free( + HMACContextRef hmacCtx) +{ + if(hmacCtx != NULL) { + if(hmacCtx->ccHand != 0) { + CSSM_DeleteContext(hmacCtx->ccHand); + hmacCtx->ccHand = 0; + } + sslFree(hmacCtx); + } + return SSLNoErr; +} + +/* Reusable init */ +static SSLErr HMAC_Init( + HMACContextRef hmacCtx) +{ + CSSM_RETURN crtn; + + if(hmacCtx == NULL) { + return SSLInternalError; + } + assert(hmacCtx->ctx != NULL); + assert(hmacCtx->hmac != NULL); + assert(hmacCtx->ccHand != 0); + + crtn = CSSM_GenerateMacInit(hmacCtx->ccHand); + if(crtn) { + return SSLCryptoError; + } + return SSLNoErr; +} + +/* normal crypt ops */ +static SSLErr HMAC_Update( + HMACContextRef hmacCtx, + const void *data, + unsigned dataLen) +{ + CSSM_RETURN crtn; + CSSM_DATA cdata; + + if(hmacCtx == NULL) { + return SSLInternalError; + } + assert(hmacCtx->ctx != NULL); + assert(hmacCtx->hmac != NULL); + assert(hmacCtx->ccHand != 0); + cdata.Data = (uint8 *)data; + cdata.Length = dataLen; + crtn = CSSM_GenerateMacUpdate(hmacCtx->ccHand, &cdata, 1); + if(crtn) { + return SSLCryptoError; + } + return SSLNoErr; +} + +static SSLErr HMAC_Final( + HMACContextRef hmacCtx, + void *hmac, // mallocd by caller + unsigned *hmacLen) // IN/OUT +{ + CSSM_RETURN crtn; + CSSM_DATA cdata; + + if(hmacCtx == NULL) { + return SSLInternalError; + } + if((hmac == NULL) || (hmacLen == 0)) { + return SSLInternalError; + } + assert(hmacCtx->ctx != NULL); + assert(hmacCtx->hmac != NULL); + assert(hmacCtx->ccHand != 0); + cdata.Data = (uint8 *)hmac; + cdata.Length = *hmacLen; + crtn = CSSM_GenerateMacFinal(hmacCtx->ccHand, &cdata); + if(crtn) { + return SSLCryptoError; + } + *hmacLen = cdata.Length; + return SSLNoErr; +} + +/* one-shot */ +static SSLErr HMAC_Hmac ( + HMACContextRef hmacCtx, + const void *data, + unsigned dataLen, + void *hmac, // mallocd by caller + unsigned *hmacLen) // IN/OUT +{ + SSLErr serr; + const HMACReference *hmacRef; + + if(hmacCtx == NULL) { + return SSLInternalError; + } + hmacRef = hmacCtx->hmac; + assert(hmacRef != NULL); + serr = hmacRef->init(hmacCtx); + if(serr) { + return serr; + } + serr = hmacRef->update(hmacCtx, data, dataLen); + if(serr) { + return serr; + } + return hmacRef->final(hmacCtx, hmac, hmacLen); +} + +#pragma mark *** Null HMAC *** + +static SSLErr HMAC_AllocNull( + const struct HMACReference *hmac, + SSLContext *ctx, + const void *keyPtr, + unsigned keyLen, + HMACContextRef *hmacCtx) // RETURNED +{ + *hmacCtx = NULL; + return SSLNoErr; +} + +static SSLErr HMAC_FreeNull( + HMACContextRef hmacCtx) +{ + return SSLNoErr; +} + +static SSLErr HMAC_InitNull( + HMACContextRef hmacCtx) + { + return SSLNoErr; +} + +static SSLErr HMAC_UpdateNull( + HMACContextRef hmacCtx, + const void *data, + unsigned dataLen) +{ + return SSLNoErr; +} + +static SSLErr HMAC_FinalNull( + HMACContextRef hmacCtx, + void *hmac, // mallocd by caller + unsigned *hmacLen) // IN/OUT +{ + return SSLNoErr; +} + +static SSLErr HMAC_HmacNull ( + HMACContextRef hmacCtx, + const void *data, + unsigned dataLen, + void *hmac, // mallocd by caller + unsigned *hmacLen) +{ + return SSLNoErr; +} + +const HMACReference TlsHmacNull = { + 0, + HA_Null, + HMAC_AllocNull, + HMAC_FreeNull, + HMAC_InitNull, + HMAC_UpdateNull, + HMAC_FinalNull, + HMAC_HmacNull +}; + +const HMACReference TlsHmacSHA1 = { + 20, + HA_SHA1, + HMAC_Alloc, + HMAC_Free, + HMAC_Init, + HMAC_Update, + HMAC_Final, + HMAC_Hmac +}; + +const HMACReference TlsHmacMD5 = { + 16, + HA_MD5, + HMAC_Alloc, + HMAC_Free, + HMAC_Init, + HMAC_Update, + HMAC_Final, + HMAC_Hmac +}; + +const HashHmacReference HashHmacNull = { + &SSLHashNull, + &TlsHmacNull +}; + +const HashHmacReference HashHmacMD5 = { + &SSLHashMD5, + &TlsHmacMD5 +}; + +const HashHmacReference HashHmacSHA1 = { + &SSLHashSHA1, + &TlsHmacSHA1 +}; diff --git a/Security.exp b/Security.exp index d2d2f086..d1dd42e7 100644 --- a/Security.exp +++ b/Security.exp @@ -1,15 +1,22 @@ +_gGuidCssm _gGuidAppleCSP +_gGuidAppleFileDL _gGuidAppleCSPDL _gGuidAppleFileDL _gGuidAppleX509CL _gGuidAppleX509TP _cssmPerror +_MDS_Initialize +_MDS_Terminate +_MDS_Install +_MDS_Uninstall _SSLNewContext _SSLDisposeContext _SSLGetSessionState _SSLSetIOFuncs _SSLSetProtocolVersion _SSLGetProtocolVersion +_SSLSetCertificate _SSLSetConnection _SSLGetNegotiatedProtocolVersion _SSLGetNumberSupportedCiphers @@ -17,16 +24,24 @@ _SSLGetSupportedCiphers _SSLSetEnabledCiphers _SSLGetNumberEnabledCiphers _SSLGetEnabledCiphers -_SSLSetAllowExpiredCerts -_SSLGetAllowExpiredCerts +_SSLSetAllowsExpiredCerts +_SSLGetAllowsExpiredCerts _SSLGetPeerCertificates _SSLSetPeerID +_SSLGetPeerID +_SSLSetPeerDomainName +_SSLGetPeerDomainNameLength +_SSLGetPeerDomainName _SSLGetNegotiatedCipher +_SSLSetEncryptionCertificate +_SSLGetBufferedReadSize _SSLHandshake _SSLWrite _SSLRead _SSLClose -_SSLSetAllowAnyRoot +_SSLSetAllowsAnyRoot +_SSLGetAllowsAnyRoot _SessionGetInfo _SessionCreate _checkpw +_checkpw_internal diff --git a/Security.pbproj/project.pbxproj b/Security.pbproj/project.pbxproj index f2af4207..1ea63805 100644 --- a/Security.pbproj/project.pbxproj +++ b/Security.pbproj/project.pbxproj @@ -3,7 +3,7 @@ archiveVersion = 1; classes = { }; - objectVersion = 34; + objectVersion = 38; objects = { 01379EAE001E00F311CD296C = { children = ( @@ -25,8 +25,8 @@ 01FA8062FFF2B54C11CD283A, 01FA806BFFF2B54C11CD283A, 01FA806CFFF2B54C11CD283A, - 01FA806DFFF2B54C11CD283A, 01FA806EFFF2B54C11CD283A, + 01FA806DFFF2B54C11CD283A, 01FA806FFFF2B54C11CD283A, 01FA8070FFF2B54C11CD283A, 01FA8071FFF2B54C11CD283A, @@ -59,6 +59,8 @@ 01FA803FFFF2B54C11CD283A, 01FA8043FFF2B54C11CD283A, 01FA8044FFF2B54C11CD283A, + 326618CC01C6844C05CA2E77, + 326618CD01C6844C05CA2E77, 01FA8045FFF2B54C11CD283A, 01FA8046FFF2B54C11CD283A, 01FA8047FFF2B54C11CD283A, @@ -119,11 +121,11 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; + DYLIB_CURRENT_VERSION = 53; FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\""; - HEADER_SEARCH_PATHS = "\"$(SYMROOT)/BSafe.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/BSafe.framework/Headers\" \"$(SRCROOT)/AppleCSP\" \"$(SRCROOT)/AppleCSP/open_ssl\" \"\""; + HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/BSafe.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/BSafe.framework/Headers\" \"$(SRCROOT)/AppleCSP\" \"$(SRCROOT)/AppleCSP/open_ssl\""; LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + OPTIMIZATION_CFLAGS = "-O3 -DNDEBUG"; OTHER_CFLAGS = "-DCRYPTKIT_CSP_ENABLE -DASC_CSP_ENABLE -DVDADER_RULES -DALLOW_ZERO_PASSWORD -DCRYPTKIT_DER_ENABLE"; OTHER_LDFLAGS = ""; OTHER_LIBTOOL_FLAGS = ""; @@ -184,7 +186,6 @@ 52BFC30A007A6A1B7F000001, 57FCEE95007B8B3D7F000001, 57FCEE9D007B8D4F7F000001, - 1691956A00947FD37F000001, 1691956C009480BC7F000001, 1691956E009485A47F000001, 169195B60094A63C7F000001, @@ -218,7 +219,6 @@ 28B044E50094DC627F000001, 48855E840095DC957F000001, 01D5634900974F7C7F000001, - 127F63C60098D55A7F000001, 07E4D6E500A0CD8D7F000001, 209FCB4F00A738117F000001, 59375E6C00A848827F000001, @@ -228,9 +228,17 @@ 0149035E00A9DC487F000001, 0149035F00A9DC487F000001, 0149036500A9DF347F000001, + 9D8F0D2901C815A600003D05, + 9D2C3D0101C826C800003D05, + 9D2C3D0301C82F6100003D05, + 9D206AA701EB68F200003D05, + 9D291880026B504700003D05, + 9D291889026B56DA00003D05, + 9D29188B026B56DA00003D05, + 9D29188D026B56DA00003D05, + 9D291891026B8BBD00003D05, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 014880D0005EAE4D11CD283A = { buildActionMask = 2147483647; @@ -345,23 +353,31 @@ 0149036100A9DC487F000001, 0149036200A9DC487F000001, 0149036300A9DC487F000001, + 9D8F0D2A01C815A600003D05, + 9D8F0D2B01C815A600003D05, + 9D29187A026B502600003D05, + 9D29187B026B502600003D05, + 9D29187C026B502600003D05, + 9D29187D026B502600003D05, + 9D29187E026B502600003D05, + 9D291888026B56DA00003D05, + 9D29188A026B56DA00003D05, + 9D29188C026B56DA00003D05, + 9D291890026B8BBD00003D05, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 014880D1005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 014880D2005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 014880D4005EAE4D11CD283A = { buildPhases = ( @@ -372,9 +388,9 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; + DYLIB_CURRENT_VERSION = 53; LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = "-DVDADER_RULES"; OTHER_LDFLAGS = ""; OTHER_LIBTOOL_FLAGS = ""; @@ -409,7 +425,6 @@ 0148812E005EB04411CD283A, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 014880D6005EAE4D11CD283A = { buildActionMask = 2147483647; @@ -426,21 +441,18 @@ 327DDDF500D707D805CD296C, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 014880D7005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 014880D8005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 014880DA005EAE4D11CD283A = { buildPhases = ( @@ -451,9 +463,9 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; + DYLIB_CURRENT_VERSION = 53; LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; OTHER_LIBTOOL_FLAGS = ""; @@ -479,7 +491,6 @@ 01488139005EB04411CD283A, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 014880DC005EAE4D11CD283A = { buildActionMask = 2147483647; @@ -487,21 +498,18 @@ 0148813A005EB04411CD283A, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 014880DD005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 014880DE005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 014880E0005EAE4D11CD283A = { buildPhases = ( @@ -512,9 +520,9 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; + DYLIB_CURRENT_VERSION = 53; LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = "-DVDADER_RULES"; OTHER_LDFLAGS = ""; OTHER_LIBTOOL_FLAGS = ""; @@ -549,7 +557,6 @@ 01488144005EB04411CD283A, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 014880E2005EAE4D11CD283A = { buildActionMask = 2147483647; @@ -567,23 +574,21 @@ 0148814F005EB04411CD283A, 01488150005EB04411CD283A, 01488151005EB04411CD283A, + F540EDC3027A41BF01CA2E66, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 014880E3005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 014880E4005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 014880E6005EAE4D11CD283A = { buildPhases = ( @@ -594,9 +599,9 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; + DYLIB_CURRENT_VERSION = 53; LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = "-DVDADER_RULES"; OTHER_LDFLAGS = ""; OTHER_LIBTOOL_FLAGS = ""; @@ -629,7 +634,6 @@ 01488159005EB04411CD283A, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 014880E8005EAE4D11CD283A = { buildActionMask = 2147483647; @@ -638,29 +642,26 @@ 0148815B005EB04411CD283A, 0148815C005EB04411CD283A, 0148815D005EB04411CD283A, - 0148815E005EB04411CD283A, - 0148815F005EB04411CD283A, - 01488160005EB04411CD283A, 01488161005EB04411CD283A, 01488162005EB04411CD283A, 01488163005EB04411CD283A, + 9D4B1BC80156C2E500A17CD1, + 9D14AC53020093D100003D05, + 9D9AEFBB02B6BC6C00003D05, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 014880E9005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 014880EA005EAE4D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 014880EC005EB04411CD283A = { fileRef = 07A0F5EE005DAEE111CD283A; @@ -1328,24 +1329,6 @@ settings = { }; }; - 0148815E005EB04411CD283A = { - fileRef = 07A0F6D7005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 0148815F005EB04411CD283A = { - fileRef = 07A0F6D9005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01488160005EB04411CD283A = { - fileRef = 07A0F6DA005DAEE111CD283A; - isa = PBXBuildFile; - settings = { - }; - }; 01488161005EB04411CD283A = { fileRef = 07A0F6DB005DAEE111CD283A; isa = PBXBuildFile; @@ -1524,6 +1507,7 @@ children = ( 01FA8215FFF2B54C11CD283A, 01FA823BFFF2B54C11CD283A, + 32361F0701F4B28E05CA2E77, 01FA823CFFF2B54C11CD283A, 01FA821AFFF2B54C11CD283A, 01FA821BFFF2B54C11CD283A, @@ -1556,39 +1540,10 @@ }; 0177F263FFFAA2D311CD283A = { children = ( - 0177F269FFFAA2D311CD283A, - 0177F26AFFFAA2D311CD283A, - 0177F27EFFFAA2D311CD283A, - 0177F27FFFFAA2D311CD283A, - 0177F286FFFAA2D311CD283A, - 0177F287FFFAA2D311CD283A, - 0177F28AFFFAA2D311CD283A, - 0177F28BFFFAA2D311CD283A, - 0177F290FFFAA2D311CD283A, - 0177F291FFFAA2D311CD283A, - 0177F292FFFAA2D311CD283A, - 0177F293FFFAA2D311CD283A, - 0177F29CFFFAA2D311CD283A, - 0177F29DFFFAA2D311CD283A, - 0177F29EFFFAA2D311CD283A, - 0177F29FFFFAA2D311CD283A, - 0177F2A0FFFAA2D311CD283A, - 0177F2A1FFFAA2D311CD283A, - 0177F2A2FFFAA2D311CD283A, - 0177F352FFFAC61911CD283A, - 0177F353FFFAC61911CD283A, - 0177F2B7FFFAA2D311CD283A, - 0177F2B8FFFAA2D311CD283A, - 0177F2C6FFFAA2D311CD283A, - 0177F2C7FFFAA2D311CD283A, - 0177F2C9FFFAA2D311CD283A, - F579CFD900E99FC401CD283A, - 0177F2CDFFFAA2D311CD283A, - 0177F2D1FFFAA2D311CD283A, - 0177F2D2FFFAA2D311CD283A, - 0177F2D3FFFAA2D311CD283A, - 0177F2D6FFFAA2D311CD283A, - 0177F2D7FFFAA2D311CD283A, + F5786181022EDE8901CA2E64, + F57861F9022F13DF01CA2E64, + F5786222022F2D9701CA2E64, + F5786223022F2DDB01CA2E64, ); isa = PBXGroup; path = Keychain; @@ -2051,21 +2006,6 @@ path = "https-proxy-protocol.cpp"; refType = 4; }; - 017A54F40094AAE57F000001 = { - fileRef = 017A54F20094AAE57F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 017A54F50094AAE57F000001 = { - fileRef = 017A54F30094AAE57F000001; - isa = PBXBuildFile; - settings = { - }; - }; 017B6CA6009748107F000001 = { isa = PBXFileReference; path = buffers.cpp; @@ -2101,21 +2041,6 @@ path = "ftp-proxy-protocol.cpp"; refType = 4; }; - 01827D0B008CB8707F000001 = { - fileRef = 01827D09008CB8707F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 01827D0C008CB8707F000001 = { - fileRef = 01827D0A008CB8707F000001; - isa = PBXBuildFile; - settings = { - }; - }; 01CE6B19FFF2B1BA11CD283A = { buildRules = ( ); @@ -2123,6 +2048,7 @@ COPY_PHASE_STRIP = NO; OPTIMIZATION_CFLAGS = "-O0 -fno-inline"; OTHER_CFLAGS = "\U0001 -DDEBUGDUMP"; + SECTORDER_FLAGS = ""; }; isa = PBXBuildStyle; name = Development; @@ -2132,8 +2058,6 @@ ); buildSettings = { COPY_PHASE_STRIP = YES; - OPTIMIZATION_CFLAGS = "-O2"; - OTHER_CFLAGS = "\U0001-DNDEBUG"; }; isa = PBXBuildStyle; name = Deployment; @@ -2155,6 +2079,8 @@ 01FA8902FFF2BCA811CD283A, 01FA8903FFF2BCA811CD283A, 01FA88F8FFF2BBEB11CD283A, + 9DC1DF0F0299BCB400003D05, + 3283A53602B96AED05CA2E77, ); isa = PBXAggregateTarget; name = world; @@ -2166,7 +2092,7 @@ target = 0867D69CFE84028FC02AAC07; }; 01CE6B1DFFF2B33A11CD283A = { - buildArgumentsString = "-f cdsa/generator.mk $ACTION \"SRCROOT=$SRCROOT\" \"SYMROOT=$SYMROOT\""; + buildArgumentsString = "-f cdsa/generator.mk $ACTION \"SRCROOT=$SRCROOT\" \"TARGET_BUILD_DIR=$TARGET_BUILD_DIR\" \"BUILT_PRODUCTS_DIR=$BUILT_PRODUCTS_DIR\""; buildPhases = ( ); buildSettings = { @@ -2207,6 +2133,7 @@ 01FA8003FFF2B54C11CD283A, 01FA8025FFF2B54C11CD283A, 01FA80AAFFF2B54C11CD283A, + 9D518682018F278000003D05, 01FA80C6FFF2B54C11CD283A, 01FA80D6FFF2B54C11CD283A, ); @@ -2379,9 +2306,12 @@ }; 01FA8003FFF2B54C11CD283A = { children = ( + 32623CFC024BBA3B05CA2E77, 01FA8004FFF2B54C11CD283A, 01FA8005FFF2B54C11CD283A, 01FA8006FFF2B54C11CD283A, + 32867BAB02316C3905CA2E77, + 32867BAC02316C3905CA2E77, 01FA8008FFF2B54C11CD283A, 01FA8009FFF2B54C11CD283A, 01FA800AFFF2B54C11CD283A, @@ -2408,6 +2338,8 @@ 01FA801FFFF2B54C11CD283A, 01FA8020FFF2B54C11CD283A, 01FA8021FFF2B54C11CD283A, + 32867BA70231611A05CA2E77, + 32867BA80231611A05CA2E77, 01FA8022FFF2B54C11CD283A, 01FA8023FFF2B54C11CD283A, ); @@ -2694,6 +2626,8 @@ 01FA8058FFF2B54C11CD283A, 01FA8059FFF2B54C11CD283A, 01FA805AFFF2B54C11CD283A, + 320F609D0234113505CA2E77, + 320F609E0234113505CA2E77, 01FA805BFFF2B54C11CD283A, 01FA805CFFF2B54C11CD283A, 01FA805DFFF2B54C11CD283A, @@ -2704,6 +2638,8 @@ 01FA8064FFF2B54C11CD283A, 01FA8065FFF2B54C11CD283A, 01FA8066FFF2B54C11CD283A, + 32867BB202316E3305CA2E77, + 32867BB302316E3305CA2E77, 01FA8067FFF2B54C11CD283A, 01FA8068FFF2B54C11CD283A, 01FA8069FFF2B54C11CD283A, @@ -2711,6 +2647,7 @@ 01FA8079FFF2B54C11CD283A, 01FA807AFFF2B54C11CD283A, 01FA807BFFF2B54C11CD283A, + 9D8B6A2A015A48F500A17CD1, 01FA807CFFF2B54C11CD283A, 01FA807DFFF2B54C11CD283A, 01FA807EFFF2B54C11CD283A, @@ -2731,6 +2668,7 @@ 025C84BB0027360A11CD296C, 01FA80A2FFF2B54C11CD283A, 01FA80A3FFF2B54C11CD283A, + F559B18C01D1510A01CA2E64, 01FA80A4FFF2B54C11CD283A, 01FA80A5FFF2B54C11CD283A, 01FA80A6FFF2B54C11CD283A, @@ -2738,6 +2676,7 @@ 01FA80A8FFF2B54C11CD283A, 3272260D00E3C7FB05CD296C, 014259A9001645E911CD296C, + 3244148B0236DD2705CA2E77, 014259AA001645E911CD296C, 33BD041F00838F447F000001, ); @@ -3273,6 +3212,7 @@ 01FA80B8FFF2B54C11CD283A, 01FA80B9FFF2B54C11CD283A, 01FA80BDFFF2B54C11CD283A, + 9D64BAEF019B173900003D05, ); isa = PBXGroup; path = cssm; @@ -3428,7 +3368,6 @@ 01FA8131FFF2B54C11CD283A, 01FA8132FFF2B54C11CD283A, 01FA8133FFF2B54C11CD283A, - 01FA8134FFF2B54C11CD283A, 01FA8135FFF2B54C11CD283A, 01FA8136FFF2B54C11CD283A, 01FA8137FFF2B54C11CD283A, @@ -3436,7 +3375,6 @@ 01FA8152FFF2B54C11CD283A, 01FA8153FFF2B54C11CD283A, 01FA8156FFF2B54C11CD283A, - 01FA8157FFF2B54C11CD283A, 01FA8158FFF2B54C11CD283A, 01FA8159FFF2B54C11CD283A, 01FA815AFFF2B54C11CD283A, @@ -3452,7 +3390,10 @@ 01FA8165FFF2B54C11CD283A, 01FA8166FFF2B54C11CD283A, 01FA8167FFF2B54C11CD283A, + 9D78BC7401EBB71A00003D05, 33BD042000838F447F000001, + 9D78BC7801EBCA2300003D05, + 9D78BC7A01ECA79D00003D05, ); isa = PBXGroup; path = SecureTransport; @@ -3470,7 +3411,7 @@ }; 01FA8129FFF2B54C11CD283A = { isa = PBXFileReference; - path = appleSession.c; + path = appleSession.cpp; refType = 4; }; 01FA812AFFF2B54C11CD283A = { @@ -3523,11 +3464,6 @@ path = LICENSE.txt; refType = 4; }; - 01FA8134FFF2B54C11CD283A = { - isa = PBXFileReference; - path = sslmd5.c; - refType = 4; - }; 01FA8135FFF2B54C11CD283A = { isa = PBXFileReference; path = ModuleAttacher.cpp; @@ -3551,8 +3487,6 @@ 01FA813CFFF2B54C11CD283A, 01FA813DFFF2B54C11CD283A, 01FA813EFFF2B54C11CD283A, - 01FA813FFFF2B54C11CD283A, - 01FA8140FFF2B54C11CD283A, 01FA8141FFF2B54C11CD283A, 01FA8142FFF2B54C11CD283A, 01FA8143FFF2B54C11CD283A, @@ -3570,6 +3504,8 @@ 01FA814FFFF2B54C11CD283A, 01FA8150FFF2B54C11CD283A, 01FA8151FFF2B54C11CD283A, + 9D78BC7201EBB3F900003D05, + 9D78BC7601EBBBED00003D05, ); isa = PBXGroup; path = privateInc; @@ -3605,16 +3541,6 @@ path = digests.h; refType = 4; }; - 01FA813FFFF2B54C11CD283A = { - isa = PBXFileReference; - path = sslmd5.h; - refType = 4; - }; - 01FA8140FFF2B54C11CD283A = { - isa = PBXFileReference; - path = st_sha.h; - refType = 4; - }; 01FA8141FFF2B54C11CD283A = { isa = PBXFileReference; path = ssl.h; @@ -3729,11 +3655,6 @@ path = secureTransport.exp; refType = 4; }; - 01FA8157FFF2B54C11CD283A = { - isa = PBXFileReference; - path = sha.c; - refType = 4; - }; 01FA8158FFF2B54C11CD283A = { isa = PBXFileReference; path = ssl2map.c; @@ -3830,6 +3751,7 @@ 01FA816EFFF2B54C11CD283A, 01FA816FFFF2B54C11CD283A, 01FA8170FFF2B54C11CD283A, + F540EDC4027A41E201CA2E66, 01FA8171FFF2B54C11CD283A, 01FA8172FFF2B54C11CD283A, 01FA8173FFF2B54C11CD283A, @@ -3943,6 +3865,7 @@ 01FA817EFFF2B54C11CD283A, 01FA817FFFF2B54C11CD283A, 01FA8180FFF2B54C11CD283A, + F540E6F9027A33DA01CA2E66, 01FA8181FFF2B54C11CD283A, 01FA8182FFF2B54C11CD283A, 01FA8183FFF2B54C11CD283A, @@ -4041,6 +3964,7 @@ 01FA818EFFF2B54C11CD283A, 01FA818FFFF2B54C11CD283A, 01FA8190FFF2B54C11CD283A, + F540E6F7027A33A501CA2E66, 01FA8191FFF2B54C11CD283A, 01FA8192FFF2B54C11CD283A, 01FA8193FFF2B54C11CD283A, @@ -4168,11 +4092,14 @@ 01FA81B2FFF2B54C11CD283A, 01FA81B3FFF2B54C11CD283A, 01FA823AFFF2B54C11CD283A, + 3253C16401C7D8A005CA2E77, + 3253C16501C7D8A005CA2E77, + 32361EEC01EB8FCF05CA2E77, + 32361EED01EB8FCF05CA2E77, 01379EAE001E00F311CD296C, 0165238D000BEC3311CD296C, 0165238E000BEC3311CD296C, 0165238F000BEC3311CD296C, - 01FA81BEFFF2B54C11CD283A, 01FA81A6FFF2B54C11CD283A, 01FA822AFFF2B54C11CD283A, ); @@ -4223,8 +4150,11 @@ 01FA81A6FFF2B54C11CD283A = { children = ( 01FA81A8FFF2B54C11CD283A, + F5A7F718023D96EA01CA2E64, 3267644800EBF3A905CD296C, 01FA81A7FFF2B54C11CD283A, + F5A7F716023D96EA01CA2E64, + F5A7F717023D96EA01CA2E64, 01FA81A9FFF2B54C11CD283A, 01FA81AAFFF2B54C11CD283A, 01FA81ABFFF2B54C11CD283A, @@ -4232,6 +4162,7 @@ 01FA81ADFFF2B54C11CD283A, 01FA81AEFFF2B54C11CD283A, 01FA81AFFFF2B54C11CD283A, + F5A7F715023D96EA01CA2E64, ); isa = PBXGroup; path = Authorization; @@ -4327,275 +4258,6 @@ path = key.h; refType = 4; }; - 01FA81BEFFF2B54C11CD283A = { - children = ( - 32615BB000E3B46905CD296C, - 32615BB200E3B4A105CD296C, - 01FA81C1FFF2B54C11CD283A, - 01FA81E3FFF2B54C11CD283A, - 01FA81F7FFF2B54C11CD283A, - ); - isa = PBXGroup; - path = MacYarrow; - refType = 4; - }; - 01FA81C1FFF2B54C11CD283A = { - children = ( - 01FA81C2FFF2B54C11CD283A, - 01FA81C3FFF2B54C11CD283A, - ); - isa = PBXGroup; - path = testHarness; - refType = 4; - }; - 01FA81C2FFF2B54C11CD283A = { - isa = PBXFileReference; - path = clientTest.cpp; - refType = 4; - }; - 01FA81C3FFF2B54C11CD283A = { - isa = PBXFileReference; - path = serverDaemon.cpp; - refType = 4; - }; - 01FA81E3FFF2B54C11CD283A = { - children = ( - 01FA81E4FFF2B54C11CD283A, - 01FA81E5FFF2B54C11CD283A, - 01FA81E6FFF2B54C11CD283A, - 01FA81E7FFF2B54C11CD283A, - 01FA81E8FFF2B54C11CD283A, - 01FA81E9FFF2B54C11CD283A, - 01FA81ECFFF2B54C11CD283A, - 01FA81EDFFF2B54C11CD283A, - 01FA81EEFFF2B54C11CD283A, - 01FA81EFFFF2B54C11CD283A, - 560B41E100E23FA50DCD28E8, - 560B41E200E23FA50DCD28E8, - ); - isa = PBXGroup; - path = YarrowServer; - refType = 4; - }; - 01FA81E4FFF2B54C11CD283A = { - isa = PBXFileReference; - path = debug.c; - refType = 4; - }; - 01FA81E5FFF2B54C11CD283A = { - isa = PBXFileReference; - path = debug.h; - refType = 4; - }; - 01FA81E6FFF2B54C11CD283A = { - isa = PBXFileReference; - path = entropyFile.h; - refType = 4; - }; - 01FA81E7FFF2B54C11CD283A = { - isa = PBXFileReference; - path = entropyFileOS9.c; - refType = 4; - }; - 01FA81E8FFF2B54C11CD283A = { - isa = PBXFileReference; - path = entropyFileUnix.c; - refType = 4; - }; - 01FA81E9FFF2B54C11CD283A = { - isa = PBXFileReference; - path = kdebug_private.h; - refType = 4; - }; - 01FA81ECFFF2B54C11CD283A = { - isa = PBXFileReference; - path = prefixDebug.h; - refType = 4; - }; - 01FA81EDFFF2B54C11CD283A = { - isa = PBXFileReference; - path = prefixRelease.h; - refType = 4; - }; - 01FA81EEFFF2B54C11CD283A = { - isa = PBXFileReference; - path = systemEntropy.c; - refType = 4; - }; - 01FA81EFFFF2B54C11CD283A = { - isa = PBXFileReference; - path = systemEntropy.h; - refType = 4; - }; - 01FA81F7FFF2B54C11CD283A = { - children = ( - 01FA81F8FFF2B54C11CD283A, - 01FA81F9FFF2B54C11CD283A, - 01FA81FAFFF2B54C11CD283A, - 01FA81FBFFF2B54C11CD283A, - 01FA81FCFFF2B54C11CD283A, - 01FA81FDFFF2B54C11CD283A, - 01FA81FEFFF2B54C11CD283A, - 01FA81FFFFF2B54C11CD283A, - 01FA8200FFF2B54C11CD283A, - 01FA8201FFF2B54C11CD283A, - 01FA8202FFF2B54C11CD283A, - 01FA8203FFF2B54C11CD283A, - 01FA8204FFF2B54C11CD283A, - 01FA8205FFF2B54C11CD283A, - 01FA8206FFF2B54C11CD283A, - 01FA8207FFF2B54C11CD283A, - 01FA8208FFF2B54C11CD283A, - 01FA8209FFF2B54C11CD283A, - 01FA820AFFF2B54C11CD283A, - 01FA820BFFF2B54C11CD283A, - 01FA820CFFF2B54C11CD283A, - 01FA820DFFF2B54C11CD283A, - 01FA820EFFF2B54C11CD283A, - 01FA820FFFF2B54C11CD283A, - 01FA8210FFF2B54C11CD283A, - 01FA8212FFF2B54C11CD283A, - 01FA8213FFF2B54C11CD283A, - ); - isa = PBXGroup; - path = zlib; - refType = 4; - }; - 01FA81F8FFF2B54C11CD283A = { - isa = PBXFileReference; - path = adler32.c; - refType = 4; - }; - 01FA81F9FFF2B54C11CD283A = { - isa = PBXFileReference; - path = algorithm.txt; - refType = 4; - }; - 01FA81FAFFF2B54C11CD283A = { - isa = PBXFileReference; - path = ChangeLog; - refType = 4; - }; - 01FA81FBFFF2B54C11CD283A = { - isa = PBXFileReference; - path = compress.c; - refType = 4; - }; - 01FA81FCFFF2B54C11CD283A = { - isa = PBXFileReference; - path = crc32.c; - refType = 4; - }; - 01FA81FDFFF2B54C11CD283A = { - isa = PBXFileReference; - path = deflate.c; - refType = 4; - }; - 01FA81FEFFF2B54C11CD283A = { - isa = PBXFileReference; - path = deflate.h; - refType = 4; - }; - 01FA81FFFFF2B54C11CD283A = { - isa = PBXFileReference; - path = infblock.c; - refType = 4; - }; - 01FA8200FFF2B54C11CD283A = { - isa = PBXFileReference; - path = infblock.h; - refType = 4; - }; - 01FA8201FFF2B54C11CD283A = { - isa = PBXFileReference; - path = infcodes.c; - refType = 4; - }; - 01FA8202FFF2B54C11CD283A = { - isa = PBXFileReference; - path = infcodes.h; - refType = 4; - }; - 01FA8203FFF2B54C11CD283A = { - isa = PBXFileReference; - path = inffast.c; - refType = 4; - }; - 01FA8204FFF2B54C11CD283A = { - isa = PBXFileReference; - path = inffast.h; - refType = 4; - }; - 01FA8205FFF2B54C11CD283A = { - isa = PBXFileReference; - path = inffixed.h; - refType = 4; - }; - 01FA8206FFF2B54C11CD283A = { - isa = PBXFileReference; - path = inflate.c; - refType = 4; - }; - 01FA8207FFF2B54C11CD283A = { - isa = PBXFileReference; - path = inftrees.c; - refType = 4; - }; - 01FA8208FFF2B54C11CD283A = { - isa = PBXFileReference; - path = inftrees.h; - refType = 4; - }; - 01FA8209FFF2B54C11CD283A = { - isa = PBXFileReference; - path = infutil.c; - refType = 4; - }; - 01FA820AFFF2B54C11CD283A = { - isa = PBXFileReference; - path = infutil.h; - refType = 4; - }; - 01FA820BFFF2B54C11CD283A = { - isa = PBXFileReference; - path = README; - refType = 4; - }; - 01FA820CFFF2B54C11CD283A = { - isa = PBXFileReference; - path = trees.c; - refType = 4; - }; - 01FA820DFFF2B54C11CD283A = { - isa = PBXFileReference; - path = trees.h; - refType = 4; - }; - 01FA820EFFF2B54C11CD283A = { - isa = PBXFileReference; - path = uncompr.c; - refType = 4; - }; - 01FA820FFFF2B54C11CD283A = { - isa = PBXFileReference; - path = zconf.h; - refType = 4; - }; - 01FA8210FFF2B54C11CD283A = { - isa = PBXFileReference; - path = zlib.h; - refType = 4; - }; - 01FA8212FFF2B54C11CD283A = { - isa = PBXFileReference; - path = zutil.c; - refType = 4; - }; - 01FA8213FFF2B54C11CD283A = { - isa = PBXFileReference; - path = zutil.h; - refType = 4; - }; 01FA8214FFF2B54C11CD283A = { isa = PBXFileReference; path = main.cpp; @@ -6120,18 +5782,6 @@ settings = { }; }; - 01FA851EFFF2B54C11CD283A = { - fileRef = 01FA813FFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 01FA851FFFF2B54C11CD283A = { - fileRef = 01FA8140FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; 01FA8520FFF2B54C11CD283A = { fileRef = 01FA8141FFF2B54C11CD283A; isa = PBXBuildFile; @@ -6239,7 +5889,7 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Private, + Public, ); }; }; @@ -6248,7 +5898,7 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Private, + Public, ); }; }; @@ -7399,14 +7049,6 @@ ); }; }; - 01FA875BFFF2B54C11CD283A = { - fileRef = 01FA8134FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; 01FA875CFFF2B54C11CD283A = { fileRef = 01FA8135FFF2B54C11CD283A; isa = PBXBuildFile; @@ -7423,14 +7065,6 @@ ); }; }; - 01FA875FFFF2B54C11CD283A = { - fileRef = 01FA8157FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; 01FA8760FFF2B54C11CD283A = { fileRef = 01FA8158FFF2B54C11CD283A; isa = PBXBuildFile; @@ -7864,7 +7498,7 @@ }; }; 01FA88F0FFF2B96911CD283A = { - buildArgumentsString = "-f SecurityServer/Makefile $ACTION \"SYMROOT=$(SYMROOT)\" \"SRCROOT=$(SRCROOT)\""; + buildArgumentsString = "-f SecurityServer/Makefile $ACTION \"SRCROOT=$SRCROOT\" \"TARGET_BUILD_DIR=$TARGET_BUILD_DIR\" \"BUILT_PRODUCTS_DIR=$BUILT_PRODUCTS_DIR\""; buildPhases = ( ); buildSettings = { @@ -7926,15 +7560,17 @@ 01FA8900FFF2BC5611CD283A, ); buildSettings = { + CURRENT_PROJECT_VERSION = 53; INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)"; - LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + LIBRARY_SEARCH_PATHS = ""; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = "-DDatabase=XDatabase"; OTHER_LDFLAGS = "-twolevel_namespace -lSecurityAgentClient"; OTHER_REZFLAGS = ""; PRODUCT_NAME = SecurityServer; REZ_EXECUTABLE = YES; SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(SRCROOT)/SecurityServer/SecurityServer.order\" -e start"; + VERSIONING_SYSTEM = "apple-generic"; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; }; dependencies = ( @@ -7967,21 +7603,13 @@ 125E85C5FFF3D5ED11CD283A, 125E85C6FFF3D5ED11CD283A, 125E85C7FFF3D5ED11CD283A, - 125E85EAFFF3D8B711CD283A, - 125E85EBFFF3D8B711CD283A, - 125E85ECFFF3D8B711CD283A, - 125E85EEFFF3D8B711CD283A, - 125E85F0FFF3D8B711CD283A, - 125E85F1FFF3D8B711CD283A, - 125E85F2FFF3D8B711CD283A, - 125E85F3FFF3D8B711CD283A, - 125E8605FFF3DAEF11CD283A, 4EB202E10058588E7F000001, - 568640ED00E23FD90DCD28E8, - 32615BB100E3B46A05CD296C, + 3253C16601C7D8A105CA2E77, + 32361EEE01EB8FD005CA2E77, + 32361F0A01F4B39505CA2E77, + F5A7F720023D974F01CA2E64, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 01FA88FEFFF2BC5611CD283A = { buildActionMask = 2147483647; @@ -8003,36 +7631,26 @@ 125E85CFFFF3D5ED11CD283A, 125E85D0FFF3D5ED11CD283A, 125E85D1FFF3D5ED11CD283A, - 125E85FAFFF3D8B711CD283A, - 125E85FBFFF3D8B711CD283A, - 125E85FDFFF3D8B711CD283A, - 125E85FFFFF3D8B711CD283A, - 125E8600FFF3D8B711CD283A, - 125E8601FFF3D8B711CD283A, - 125E8602FFF3D8B711CD283A, - 125E8603FFF3D8B711CD283A, - 568640EE00E23FD90DCD28E8, - 32615BB300E3B4A205CD296C, + 3253C16701C7D8A105CA2E77, + 32361EEF01EB8FD005CA2E77, + 32554D7C01F4C97405CA2E77, + F5A7F71F023D974E01CA2E64, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 01FA88FFFFF2BC5611CD283A = { buildActionMask = 2147483647; files = ( - 1A23E787009758847F000001, 1BA451B20097605B7F000001, 3949557400CC6A4511CD283A, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 01FA8900FFF2BC5611CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 01FA8901FFF2BCA811CD283A = { isa = PBXExecutableFileReference; @@ -8055,15 +7673,16 @@ 01FA890AFFF2BCA811CD283A, ); buildSettings = { + CURRENT_PROJECT_VERSION = 53; INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)"; - LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; - OTHER_CFLAGS = "$(AUX_CFLAGS)"; - OTHER_LDFLAGS = "-twolevel_namespace -lstdc++"; + LIBRARY_SEARCH_PATHS = ""; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; + OTHER_LDFLAGS = "-twolevel_namespace"; OTHER_REZFLAGS = ""; PRODUCT_NAME = AuthorizationTrampoline; REZ_EXECUTABLE = YES; SECTORDER_FLAGS = ""; + VERSIONING_SYSTEM = "apple-generic"; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; }; dependencies = ( @@ -8080,7 +7699,6 @@ files = ( ); isa = PBXHeadersBuildPhase; - name = Headers; }; 01FA8906FFF2BCA811CD283A = { buildActionMask = 2147483647; @@ -8088,7 +7706,6 @@ 01FA8907FFF2BCA811CD283A, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 01FA8907FFF2BCA811CD283A = { fileRef = 01FA81ACFFF2B54C11CD283A; @@ -8101,18 +7718,15 @@ 01FA8908FFF2BCA811CD283A = { buildActionMask = 2147483647; files = ( - 1A23E788009758847F000001, 1BA451B30097605B7F000001, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 01FA890AFFF2BCA811CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 01FA890DFFF2BD9911CD283A = { children = ( @@ -8130,6 +7744,7 @@ 01FA891AFFF2BE3511CD283A, 01FA891BFFF2BE3511CD283A, 01FA891CFFF2BE3511CD283A, + 32554D7901F4C97305CA2E77, 0177F2CCFFFAA2D311CD283A, 07A0F690005DAEE111CD283A, ); @@ -8142,6 +7757,7 @@ 01FA891FFFF2BE3511CD283A, 01FA8920FFF2BE3511CD283A, 01FA8926FFF2BE3511CD283A, + 32554D7A01F4C97305CA2E77, ); isa = PBXGroup; name = "derived headers"; @@ -8403,11 +8019,11 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; + DYLIB_CURRENT_VERSION = 53; INSTALL_PATH = /usr/local/lib; LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; - OTHER_CFLAGS = "-DNOSA -DAGENTPATH=\\\\\\\"/System/Library/CoreServices/SecurityAgent.app\\\\\\\" -DAGENTNAME=\\\\\\\"SecurityAgent\\\\\\\""; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; + OTHER_CFLAGS = "-DNOSA -DAGENTPATH=\\\\\\\"$(SYSTEM_LIBRARY_DIR)/CoreServices/SecurityAgent.app\\\\\\\" -DAGENTNAME=\\\\\\\"SecurityAgent\\\\\\\""; OTHER_LDFLAGS = ""; OTHER_LIBTOOL_FLAGS = ""; OTHER_REZFLAGS = ""; @@ -8431,7 +8047,6 @@ files = ( ); isa = PBXHeadersBuildPhase; - name = Headers; }; 030701E6FFF96F8511CD283A = { buildActionMask = 2147483647; @@ -8440,21 +8055,18 @@ 030701EAFFF96F9911CD283A, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 030701E7FFF96F8511CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 030701E8FFF96F8511CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 030701E9FFF96F9911CD283A = { fileRef = 01FA821CFFF2B54C11CD283A; @@ -8481,18 +8093,14 @@ 030701E3FFF96F8511CD283A, 325EAA3100D6B2BE05CD296C, 325EAA3200D6B2BE05CD296C, + F54323B4022DC91501CA2E64, + 9DC1DEF40299BBCD00003D05, ); isa = PBXGroup; name = Products; path = ""; refType = 4; }; - 034768DEFF38A45A11DB9C8B = { - isa = PBXFrameworkReference; - name = Security.framework; - path = /System/Library/Frameworks/Security.framework; - refType = 0; - }; 039FF1DB00724BE07F000001 = { children = ( 039FF1DC00724C3A7F000001, @@ -8522,6 +8130,7 @@ 0149035B00A9DC487F000001, 07A0F675005DAEE111CD283A, 07A0F674005DAEE111CD283A, + 9D206AA601EB68F200003D05, ); isa = PBXGroup; name = MiscCSPAlgs; @@ -8679,8 +8288,13 @@ 07A0F606005DAEE111CD283A, 07A0F66E005DAEE111CD283A, 07A0F680005DAEE111CD283A, + 9D291881026B56B800003D05, 07A0F685005DAEE111CD283A, 325EAA3700D6B47405CD296C, + 9D64BAF1019B176100003D05, + 9D64BAF2019B176100003D05, + 9D64BAF3019B176100003D05, + 9DA13D0401B4638200003D05, ); isa = PBXGroup; path = AppleCSP; @@ -8697,6 +8311,11 @@ 07A0F5F2005DAEE111CD283A, 07A0F5F3005DAEE111CD283A, 4AC94A7C0084BE397F000001, + 9D8F0D1D01C80C0C00003D05, + 9D2C3D0001C826C800003D05, + 9D8F0D1E01C80C0C00003D05, + 9D8F0D1F01C80C0C00003D05, + 9D2C3D0201C82F6000003D05, ); isa = PBXGroup; path = AES; @@ -8752,8 +8371,6 @@ 07A0F5FF005DAEE111CD283A, 07A0F600005DAEE111CD283A, 07A0F601005DAEE111CD283A, - 1691956900947FD37F000001, - 127F63C50098D55A7F000001, 07A0F602005DAEE111CD283A, 07A0F603005DAEE111CD283A, 1691956B009480BC7F000001, @@ -9089,6 +8706,10 @@ 07A0F69E005DAEE111CD283A, 07A0F69F005DAEE111CD283A, 327DDDE700D6FC1A05CD296C, + 9DAE2E3201A43D6B00003D05, + 9DAE2E3301A43D6B00003D05, + 9DAE2E3401A43D6B00003D05, + 9DAE2E3501A43D6B00003D05, ); isa = PBXGroup; path = AppleCSPDL; @@ -9202,6 +8823,8 @@ 07A0F6A9005DAEE111CD283A, 07A0F6AA005DAEE111CD283A, 3290383500D6BB3705CD296C, + 9DAE2E2D01A3378900003D05, + 9DAE2E2E01A3378900003D05, ); isa = PBXGroup; path = AppleDL; @@ -9255,10 +8878,13 @@ 07A0F6C4005DAEE111CD283A, 07A0F6C5005DAEE111CD283A, 07A0F6C6005DAEE111CD283A, + F540EDC2027A41BF01CA2E66, 07A0F6C7005DAEE111CD283A, 07A0F6C8005DAEE111CD283A, 07A0F6C9005DAEE111CD283A, 3290383600D6BB3705CD296C, + 9DAE2E2501A2E63700003D05, + 9DAE2E2601A2E63700003D05, ); isa = PBXGroup; path = AppleX509CL; @@ -9394,17 +9020,20 @@ 07A0F6D2005DAEE111CD283A, 07A0F6D5005DAEE111CD283A, 07A0F6D6005DAEE111CD283A, - 07A0F6D7005DAEE111CD283A, 07A0F6D8005DAEE111CD283A, - 07A0F6D9005DAEE111CD283A, - 07A0F6DA005DAEE111CD283A, 07A0F6DB005DAEE111CD283A, 07A0F6DC005DAEE111CD283A, + 9D4B1BC70156C2E500A17CD1, 07A0F6DD005DAEE111CD283A, 07A0F6DE005DAEE111CD283A, 07A0F6DF005DAEE111CD283A, 07A0F6E0005DAEE111CD283A, 3290383700D6BB3705CD296C, + 9DAE2E2901A2F93200003D05, + 9DAE2E2A01A2F93200003D05, + 9D09B90701B4314500003D05, + 9D14AC52020093D100003D05, + 9D9AEFBA02B6BC6C00003D05, ); isa = PBXGroup; path = AppleX509TP; @@ -9450,34 +9079,19 @@ path = tpdebugging.h; refType = 4; }; - 07A0F6D7005DAEE111CD283A = { - isa = PBXFileReference; - path = iSignRootCerts.c; - refType = 4; - }; 07A0F6D8005DAEE111CD283A = { isa = PBXFileReference; path = rootCerts.h; refType = 4; }; - 07A0F6D9005DAEE111CD283A = { + 07A0F6DB005DAEE111CD283A = { isa = PBXFileReference; - path = sslRootCerts.c; + path = TPCertInfo.cpp; refType = 4; }; - 07A0F6DA005DAEE111CD283A = { + 07A0F6DC005DAEE111CD283A = { isa = PBXFileReference; - path = tpCertGroup.cpp; - refType = 4; - }; - 07A0F6DB005DAEE111CD283A = { - isa = PBXFileReference; - path = TPCertInfo.cpp; - refType = 4; - }; - 07A0F6DC005DAEE111CD283A = { - isa = PBXFileReference; - path = TPCertInfo.h; + path = TPCertInfo.h; refType = 4; }; 07A0F6DD005DAEE111CD283A = { @@ -9665,6 +9279,8 @@ 3290381900D6BA5905CD296C, 3290382800D6BA5905CD296C, 3290382E00D6BA5905CD296C, + 9DC1DEF30299BBCD00003D05, + 322C5F3B02B9641F05CA2E77, ); }; 0867D691FE84028FC02AAC07 = { @@ -9682,6 +9298,8 @@ 07A0F6AB005DAEE111CD283A, 07A0F6CA005DAEE111CD283A, F5A5E50E00FB884E01CD29D4, + 9DC1DEEC0299BB8F00003D05, + 3283A53702B96AF805CA2E77, 01FA890DFFF2BD9911CD283A, 01FA890EFFF2BD9911CD283A, 030701E1FFF95F6F11CD283A, @@ -9696,7 +9314,6 @@ children = ( 325EAA2900D6B23F05CD296C, 125E85ADFFF3D44A11CD283A, - 1A23E785009758847F000001, 327DDDFA00D7E81F05CD296C, ); isa = PBXGroup; @@ -9713,19 +9330,22 @@ F5DDE3AE00B3358F01CD283A, ); buildSettings = { + CURRENT_PROJECT_VERSION = 53; DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; + DYLIB_CURRENT_VERSION = 53; FRAMEWORK_SEARCH_PATHS = ""; FRAMEWORK_VERSION = A; - HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/derived_src\""; + HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(BUILT_PRODUCTS_DIR)/derived_src\""; INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; - LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; - OTHER_CFLAGS = "-DLIMITED_SIGNING -DBUILTIN_PLUGINS -DVDADER_RULES"; - OTHER_LDFLAGS = "-lComCryption -lCryptKit -twolevel_namespace \"-L$(SYMROOT)\" -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\""; + LIBRARY_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)\""; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; + OTHER_CFLAGS = "-DLIMITED_SIGNING -DBUILTIN_PLUGINS -DVDADER_RULES -DCRYPTKIT_CSP_ENABLE -DASC_CSP_ENABLE"; + OTHER_LDFLAGS = "-lComCryption -lCryptKit -twolevel_namespace"; PREBINDING = YES; PRODUCT_NAME = Security; - SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/Security.order\""; + SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/Security.order\" -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\""; + VERSIONING_SYSTEM = "apple-generic"; + VERSION_INFO_PREFIX = Sec; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; WRAPPER_EXTENSION = framework; }; @@ -9737,10 +9357,10 @@ name = Security; productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; productName = Security; - productReference = 034768DEFF38A45A11DB9C8B; + productReference = F54323B4022DC91501CA2E64; productSettingsXML = " - - + + CFBundleDevelopmentRegion English @@ -9759,11 +9379,11 @@ CFBundlePackageType FMWK CFBundleShortVersionString - 1.0 + 1.1 CFBundleSignature ???? CFBundleVersion - Security 1.0 + 53 "; @@ -9890,8 +9510,6 @@ 01FA851BFFF2B54C11CD283A, 01FA851CFFF2B54C11CD283A, 01FA851DFFF2B54C11CD283A, - 01FA851EFFF2B54C11CD283A, - 01FA851FFFF2B54C11CD283A, 01FA8520FFF2B54C11CD283A, 01FA8521FFF2B54C11CD283A, 01FA8522FFF2B54C11CD283A, @@ -10006,29 +9624,9 @@ 33BD0452008390257F000001, 33BD0460008390B17F000001, 33BD0464008391C07F000001, - 0F404EDA008618137F000001, - 0F404EDB008618137F000001, - 0F404EDC008618137F000001, - 0F404EDD008618137F000001, - 0F404EDE008618137F000001, - 0F404EE0008618137F000001, - 0F404EE1008618137F000001, - 0F404EE2008618137F000001, - 0F404EE3008618137F000001, - 0F404EE4008618137F000001, - 0F404EE5008618137F000001, - 0F404EE8008618137F000001, - 2178153B008B941B7F000001, - 01827D0B008CB8707F000001, - 017A54F40094AAE57F000001, + F559B18D01D1510B01CA2E64, 017B6CA8009748107F000001, 2F4DD9A700A0A0767F000001, - 4D37AD4200AA03857F000001, - 4D37AD4300AA03857F000001, - 4D37AD4400AA03857F000001, - 4D37AD4500AA03857F000001, - 4D37AD4600AA03857F000001, - 3264486600D54DD305CD296C, 3290387000D6C5FE05CD296C, 327DDDE300D6F8A605CD296C, 327DDDE400D6F8A605CD296C, @@ -10037,17 +9635,85 @@ 3272260B00E3C75605CD296C, 3267644900EBF3AA05CD296C, F58785CA00FB966001CD29D4, + 9D8B6A2B015A48F500A17CD1, + 9D51868D018F27B500003D05, + 9D51868E018F27B500003D05, + 9D51868F018F27B500003D05, + 9D1DEC1A0198777400003D05, + 9D69C0270198A8E100003D05, + 9D69C02B019AF15E00003D05, + 9D64BAEC019AFD7900003D05, + 326618CE01C6844D05CA2E77, + 9D8F0D2001C80C0C00003D05, + 32554D7B01F4C97305CA2E77, + 9D78BC7301EBB3F900003D05, + 9D78BC7701EBBBED00003D05, + F54323C7022DC98301CA2E64, + F5786217022F1DA301CA2E64, + F54323C9022DC98301CA2E64, + F57861CC022F0F3801CA2E64, + F5786172022EDDE501CA2E64, + F5786180022EDE6401CA2E64, + F578617A022EDE2B01CA2E64, + F57861F8022F12FC01CA2E64, + F57861C0022EEF1B01CA2E64, + F578617C022EDE3F01CA2E64, + F57861C4022EEF3401CA2E64, + F57861CA022F0D0A01CA2E64, + F5786174022EDDFB01CA2E64, + F5786176022EDE0501CA2E64, + F5786178022EDE1701CA2E64, + F578617E022EDE5C01CA2E64, + F57861C2022EEF2601CA2E64, + F57861C8022EFAE501CA2E64, + F57861C6022EEF4701CA2E64, + 5BA4A43101F4E3F604CA2E82, + F5786226022F32E001CA2E64, + F578622E022F37EB01CA2E64, + F5786233022F39A101CA2E64, + F578623A022F48C601CA2E64, + F578623D023024CC01CA2E64, + F55B3B480230375401CA2E64, + F55B3B4C02303B2A01CA2E64, + F55B3B500230448601CA2E64, + F55B3B7B02304A6001CA2E64, + 32867BAA0231611A05CA2E77, + 32867BAE02316C3905CA2E77, + 32867BB502316E3305CA2E77, + 320F60A00234113505CA2E77, + 8F7ACD2C02357F2503CA2E8C, + 8F7ACD320235805903CA2E8C, + 3244148A0236DD1505CA2E77, + 3244148F023837A505CA2E77, + F5A7F71D023D972201CA2E64, + F5394A1C0279082901CA2E64, + F540EDC8027A43A501CA2E66, + 3206D1FE029996FC05CA2E77, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 0867D69EFE84028FC02AAC07 = { buildActionMask = 2147483647; files = ( 01FA8609FFF2B54C11CD283A, + 9D64BAF0019B173900003D05, + 9D64BAF4019B176200003D05, + 9D64BAF5019B176200003D05, + 9D64BAF6019B176200003D05, + 9DAE2E2701A2E63800003D05, + 9DAE2E2801A2E63800003D05, + 9DAE2E2B01A2F93200003D05, + 9DAE2E2C01A2F93200003D05, + 9D09B90801B4314500003D05, + 9DAE2E2F01A3378A00003D05, + 9DAE2E3001A3378A00003D05, + 9DAE2E3601A43D6B00003D05, + 9DAE2E3701A43D6B00003D05, + 9DAE2E3801A43D6B00003D05, + 9DAE2E3901A43D6B00003D05, + 9DA13D0501B4638200003D05, ); isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; }; 0867D69FFE84028FC02AAC07 = { buildActionMask = 2147483647; @@ -10144,10 +9810,8 @@ 01FA8758FFF2B54C11CD283A, 01FA8759FFF2B54C11CD283A, 01FA875AFFF2B54C11CD283A, - 01FA875BFFF2B54C11CD283A, 01FA875CFFF2B54C11CD283A, 01FA875DFFF2B54C11CD283A, - 01FA875FFFF2B54C11CD283A, 01FA8760FFF2B54C11CD283A, 01FA8761FFF2B54C11CD283A, 01FA8762FFF2B54C11CD283A, @@ -10242,28 +9906,8 @@ 33BD045D008390257F000001, 33BD0461008390B17F000001, 33BD0465008391C07F000001, - 0F404EEA008618137F000001, - 0F404EEB008618137F000001, - 0F404EEC008618137F000001, - 0F404EED008618137F000001, - 0F404EEE008618137F000001, - 0F404EF0008618137F000001, - 0F404EF1008618137F000001, - 0F404EF2008618137F000001, - 0F404EF3008618137F000001, - 0F404EF4008618137F000001, - 0F404EF5008618137F000001, - 0F404EF7008618137F000001, - 2178153C008B941B7F000001, - 01827D0C008CB8707F000001, - 017A54F50094AAE57F000001, 017B6CA9009748107F000001, 2F4DD9A800A0A0767F000001, - 4D37AD4700AA03857F000001, - 4D37AD4800AA03857F000001, - 4D37AD4900AA03857F000001, - 4D37AD4A00AA03857F000001, - 3264486700D54DD305CD296C, 3290387100D6C5FE05CD296C, 327DDDE500D6F8A605CD296C, 327DDDE600D6F8A605CD296C, @@ -10271,15 +9915,62 @@ 32604C2900E3C14505CD296C, 3272260C00E3C75705CD296C, F58785CB00FB966001CD29D4, + 9D518690018F27B500003D05, + 9D518692018F27B500003D05, + 9D518693018F27B500003D05, + 9D518694018F27B500003D05, + 9D1DEC1C0198796200003D05, + 9D69C0290198AB3700003D05, + 9D64BAEA019AF3B800003D05, + 9D64BAEE019AFE3700003D05, + 326618CF01C6844D05CA2E77, + 9D78BC7501EBB71A00003D05, + 9D78BC7901EBCA2400003D05, + 9D78BC7B01ECA79D00003D05, + 5BA4A43301F4E3F604CA2E82, + F54323C6022DC98301CA2E64, + F54323C8022DC98301CA2E64, + F57861FB022F1A9301CA2E64, + F57861FD022F1AA001CA2E64, + F57861FF022F1AAB01CA2E64, + F5786201022F1B4001CA2E64, + F5786203022F1B5001CA2E64, + F5786205022F1B5901CA2E64, + F5786207022F1B6501CA2E64, + F5786209022F1B6F01CA2E64, + F578620B022F1B7901CA2E64, + F578620D022F1B8701CA2E64, + F578620F022F1B9301CA2E64, + F5786211022F1B9C01CA2E64, + F5786213022F1BA801CA2E64, + F5786215022F1BB601CA2E64, + F5786227022F32E001CA2E64, + F578622F022F37EB01CA2E64, + F5786232022F39A101CA2E64, + F5786239022F48C601CA2E64, + F578623E023024CC01CA2E64, + F55B3B490230375401CA2E64, + F55B3B4D02303B2A01CA2E64, + F55B3B510230448601CA2E64, + F55B3B7C02304A6001CA2E64, + 32867BA90231611A05CA2E77, + 32867BAD02316C3905CA2E77, + 32867BB402316E3305CA2E77, + 320F609F0234113505CA2E77, + 8F7ACD2D02357F2503CA2E8C, + 8F7ACD330235805903CA2E8C, + 324414890236DD1505CA2E77, + 3244148E023837A505CA2E77, + 32623CFD024BBA3B05CA2E77, + F540E6FA027A33DA01CA2E66, + 3206D1FD029996FC05CA2E77, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 0867D6A0FE84028FC02AAC07 = { buildActionMask = 2147483647; files = ( 125E85AEFFF3D44A11CD283A, - 1A23E786009758847F000001, 325EAA2A00D6B24005CD296C, 325EAA2B00D6B24005CD296C, 325EAA2C00D6B24005CD296C, @@ -10288,14 +9979,12 @@ 327DDDFB00D7E81F05CD296C, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 0867D6A2FE84028FC02AAC07 = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; //080 //081 @@ -10506,186 +10195,6 @@ path = simplemanager.cpp; refType = 4; }; - 0F404EDA008618137F000001 = { - fileRef = 0F404EBF008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EDB008618137F000001 = { - fileRef = 0F404ECD008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EDC008618137F000001 = { - fileRef = 0F404ECF008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EDD008618137F000001 = { - fileRef = 0F404ED1008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EDE008618137F000001 = { - fileRef = 0F404ED3008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EE0008618137F000001 = { - fileRef = 0F404EC3008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EE1008618137F000001 = { - fileRef = 0F404EC5008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EE2008618137F000001 = { - fileRef = 0F404EB9008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EE3008618137F000001 = { - fileRef = 0F404ED6008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EE4008618137F000001 = { - fileRef = 0F404EC1008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EE5008618137F000001 = { - fileRef = 0F404EBB008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EE8008618137F000001 = { - fileRef = 0F404ECA008618137F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 0F404EEA008618137F000001 = { - fileRef = 0F404EC0008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EEB008618137F000001 = { - fileRef = 0F404ECE008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EEC008618137F000001 = { - fileRef = 0F404ED0008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EED008618137F000001 = { - fileRef = 0F404ED2008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EEE008618137F000001 = { - fileRef = 0F404ED4008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EF0008618137F000001 = { - fileRef = 0F404EC4008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EF1008618137F000001 = { - fileRef = 0F404EC7008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EF2008618137F000001 = { - fileRef = 0F404EBA008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EF3008618137F000001 = { - fileRef = 0F404ED7008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EF4008618137F000001 = { - fileRef = 0F404EC2008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EF5008618137F000001 = { - fileRef = 0F404EBC008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 0F404EF7008618137F000001 = { - fileRef = 0F404ECB008618137F000001; - isa = PBXBuildFile; - settings = { - }; - }; //0F0 //0F1 //0F2 @@ -10970,11 +10479,11 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; - HEADER_SEARCH_PATHS = "\"$(SYMROOT)/include\""; + DYLIB_CURRENT_VERSION = 53; + HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/include\""; INSTALL_PATH = /usr/local/lib; LIBRARY_STYLE = STATIC; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; OTHER_LIBTOOL_FLAGS = ""; @@ -11000,7 +10509,6 @@ 125E8606FFF3DB3E11CD283A, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 125E85D7FFF3D67D11CD283A = { buildActionMask = 2147483647; @@ -11008,7 +10516,6 @@ 125E85D8FFF3D67D11CD283A, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 125E85D8FFF3D67D11CD283A = { fileRef = 01FA8917FFF2BE3511CD283A; @@ -11023,158 +10530,27 @@ files = ( ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 125E85DAFFF3D67D11CD283A = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 125E85DCFFF3D76D11CD283A = { isa = PBXTargetDependency; target = 01FA88F0FFF2B96911CD283A; }; - 125E85EAFFF3D8B711CD283A = { - fileRef = 01FA81E5FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85EBFFF3D8B711CD283A = { - fileRef = 01FA81E6FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85ECFFF3D8B711CD283A = { - fileRef = 01FA81E9FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85EEFFF3D8B711CD283A = { - fileRef = 01FA81EFFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85F0FFF3D8B711CD283A = { - fileRef = 01FA81FEFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85F1FFF3D8B711CD283A = { - fileRef = 01FA820DFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85F2FFF3D8B711CD283A = { - fileRef = 01FA8210FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85F3FFF3D8B711CD283A = { - fileRef = 01FA8213FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 125E85FAFFF3D8B711CD283A = { - fileRef = 01FA81E4FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85FBFFF3D8B711CD283A = { - fileRef = 01FA81E8FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85FDFFF3D8B711CD283A = { - fileRef = 01FA81EEFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E85FFFFF3D8B711CD283A = { - fileRef = 01FA81F8FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E8600FFF3D8B711CD283A = { - fileRef = 01FA81FBFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E8601FFF3D8B711CD283A = { - fileRef = 01FA81FDFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E8602FFF3D8B711CD283A = { - fileRef = 01FA820CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 125E8603FFF3D8B711CD283A = { - fileRef = 01FA8212FFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; 125E8604FFF3D96711CD283A = { isa = PBXTargetDependency; target = 125E85D5FFF3D67D11CD283A; }; - 125E8605FFF3DAEF11CD283A = { - fileRef = 01FA823CFFF2B54C11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; 125E8606FFF3DB3E11CD283A = { fileRef = 01FA821BFFF2B54C11CD283A; isa = PBXBuildFile; settings = { }; }; - 127F63C50098D55A7F000001 = { - isa = PBXFileReference; - path = NullDigest.h; - refType = 4; - }; - 127F63C60098D55A7F000001 = { - fileRef = 127F63C50098D55A7F000001; - isa = PBXBuildFile; - settings = { - }; - }; //120 //121 //122 @@ -11185,18 +10561,6 @@ //162 //163 //164 - 1691956900947FD37F000001 = { - isa = PBXFileReference; - name = DigestObject.h; - path = AppleCSP/AppleCSP/DigestObject.h; - refType = 2; - }; - 1691956A00947FD37F000001 = { - fileRef = 1691956900947FD37F000001; - isa = PBXBuildFile; - settings = { - }; - }; 1691956B009480BC7F000001 = { isa = PBXFileReference; name = RawSigner.h; @@ -11276,6 +10640,7 @@ 07E4D6E400A0CD8D7F000001, 169195F30094A8577F000001, 169195F20094A8577F000001, + 9D29187F026B504700003D05, ); isa = PBXGroup; name = openssl; @@ -12200,40 +11565,6 @@ //162 //163 //164 -//1A0 -//1A1 -//1A2 -//1A3 -//1A4 - 1A23E785009758847F000001 = { - isa = PBXFileReference; - name = "libstdc++.a"; - path = "/usr/lib/gcc/darwin/2.95.2/libstdc++.a"; - refType = 0; - }; - 1A23E786009758847F000001 = { - fileRef = 1A23E785009758847F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1A23E787009758847F000001 = { - fileRef = 1A23E785009758847F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 1A23E788009758847F000001 = { - fileRef = 1A23E785009758847F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//1A0 -//1A1 -//1A2 -//1A3 -//1A4 //1B0 //1B1 //1B2 @@ -12323,21 +11654,6 @@ path = "http-proxy-protocol.cpp"; refType = 4; }; - 2178153B008B941B7F000001 = { - fileRef = 21781539008B941B7F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 2178153C008B941B7F000001 = { - fileRef = 2178153A008B941B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; //210 //211 //212 @@ -12507,6 +11823,7 @@ //2C4 2C5247EA007A39B47F000001 = { children = ( + 9D291872026B4FF900003D05, 07E4D6D300A0CA617F000001, 169195D00094A6FD7F000001, 169195890094A5A87F000001, @@ -12694,17 +12011,226 @@ //322 //323 //324 + 3206D1FB029996FC05CA2E77 = { + isa = PBXFileReference; + path = TrustItem.cpp; + refType = 4; + }; + 3206D1FC029996FC05CA2E77 = { + isa = PBXFileReference; + path = TrustItem.h; + refType = 4; + }; + 3206D1FD029996FC05CA2E77 = { + fileRef = 3206D1FB029996FC05CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 3206D1FE029996FC05CA2E77 = { + fileRef = 3206D1FC029996FC05CA2E77; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; 320C8FE900EA6AD705CD296C = { buildRules = ( ); buildSettings = { COPY_PHASE_STRIP = NO; - OPTIMIZATION_CFLAGS = "-O2"; - OTHER_CFLAGS = "\U0001-DNDEBUG -Wall -W -Winline -Wundef -Wno-unused -Wcast-qual -Wcast-align -Wmissing-noreturn"; + OTHER_CFLAGS = "\U0001-Wall -W -Winline -Wundef -Wno-unused -Wcast-qual -Wcast-align -Wmissing-noreturn"; }; isa = PBXBuildStyle; name = "Lint Screen"; }; + 320F609D0234113505CA2E77 = { + isa = PBXFileReference; + path = cssmcert.cpp; + refType = 4; + }; + 320F609E0234113505CA2E77 = { + isa = PBXFileReference; + path = cssmcert.h; + refType = 4; + }; + 320F609F0234113505CA2E77 = { + fileRef = 320F609D0234113505CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 320F60A00234113505CA2E77 = { + fileRef = 320F609E0234113505CA2E77; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 322C5F3B02B9641F05CA2E77 = { + buildArgumentsString = "-f $(SRCROOT)/keychains/Makefile $ACTION"; + buildPhases = ( + ); + buildSettings = { + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + OTHER_REZFLAGS = ""; + PRODUCT_NAME = "System Keychains"; + SECTORDER_FLAGS = ""; + WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; + }; + buildToolPath = /usr/bin/gnumake; + buildWorkingDirectory = ""; + dependencies = ( + ); + isa = PBXLegacyTarget; + name = "System Keychains"; + productName = "System Keychains"; + settingsToExpand = 6; + settingsToPassInEnvironment = 287; + settingsToPassOnCommandLine = 280; + shouldUseHeadermap = 0; + }; + 32361EEC01EB8FCF05CA2E77 = { + isa = PBXFileReference; + path = notifications.h; + refType = 4; + }; + 32361EED01EB8FCF05CA2E77 = { + isa = PBXFileReference; + path = notifications.cpp; + refType = 4; + }; + 32361EEE01EB8FD005CA2E77 = { + fileRef = 32361EEC01EB8FCF05CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 32361EEF01EB8FD005CA2E77 = { + fileRef = 32361EED01EB8FCF05CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 32361F0701F4B28E05CA2E77 = { + isa = PBXFileReference; + path = ucspNotify.defs; + refType = 4; + }; + 32361F0A01F4B39505CA2E77 = { + fileRef = 01FA823CFFF2B54C11CD283A; + isa = PBXBuildFile; + settings = { + }; + }; + 324414870236DD1505CA2E77 = { + isa = PBXFileReference; + path = cfutilities.cpp; + refType = 4; + }; + 324414880236DD1505CA2E77 = { + isa = PBXFileReference; + path = cfutilities.h; + refType = 4; + }; + 324414890236DD1505CA2E77 = { + fileRef = 324414870236DD1505CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 3244148A0236DD1505CA2E77 = { + fileRef = 324414880236DD1505CA2E77; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 3244148B0236DD2705CA2E77 = { + children = ( + 324414880236DD1505CA2E77, + 324414870236DD1505CA2E77, + ); + isa = PBXGroup; + name = CF; + refType = 4; + }; + 3244148C023837A505CA2E77 = { + isa = PBXFileReference; + path = TrustStore.cpp; + refType = 4; + }; + 3244148D023837A505CA2E77 = { + isa = PBXFileReference; + path = TrustStore.h; + refType = 4; + }; + 3244148E023837A505CA2E77 = { + fileRef = 3244148C023837A505CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 3244148F023837A505CA2E77 = { + fileRef = 3244148D023837A505CA2E77; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 3253C16401C7D8A005CA2E77 = { + isa = PBXFileReference; + path = entropy.h; + refType = 4; + }; + 3253C16501C7D8A005CA2E77 = { + isa = PBXFileReference; + path = entropy.cpp; + refType = 4; + }; + 3253C16601C7D8A105CA2E77 = { + fileRef = 3253C16401C7D8A005CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 3253C16701C7D8A105CA2E77 = { + fileRef = 3253C16501C7D8A005CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 32554D7901F4C97305CA2E77 = { + isa = PBXFileReference; + path = ucspNotifySender.cpp; + refType = 4; + }; + 32554D7A01F4C97305CA2E77 = { + isa = PBXFileReference; + path = ucspNotify.h; + refType = 4; + }; + 32554D7B01F4C97305CA2E77 = { + fileRef = 32554D7A01F4C97305CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 32554D7C01F4C97405CA2E77 = { + fileRef = 32554D7901F4C97305CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; 325EAA2100D6B08805CD296C = { isa = PBXBundleReference; path = AppleCSP.bundle; @@ -12719,13 +12245,15 @@ 325EAA2800D6B08805CD296C, ); buildSettings = { - LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + CURRENT_PROJECT_VERSION = 53; + LIBRARY_SEARCH_PATHS = ""; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; OTHER_LDFLAGS = "-bundle -undefined error"; OTHER_REZFLAGS = ""; PRODUCT_NAME = AppleCSP; SECTORDER_FLAGS = ""; + VERSIONING_SYSTEM = "apple-generic"; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; WRAPPER_EXTENSION = bundle; }; @@ -12737,8 +12265,8 @@ productName = "AppleCSP Plugin"; productReference = 325EAA2100D6B08805CD296C; productSettingsXML = " - - + + CFBundleDevelopmentRegion English @@ -12757,11 +12285,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - + 1.1 CFBundleSignature ???? CFBundleVersion - 0.0.1d1 + 53 "; @@ -12776,14 +12304,12 @@ files = ( ); isa = PBXHeadersBuildPhase; - name = Headers; }; 325EAA2500D6B08805CD296C = { buildActionMask = 2147483647; files = ( ); isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; }; 325EAA2600D6B08805CD296C = { buildActionMask = 2147483647; @@ -12791,7 +12317,6 @@ 325EAA3800D6B47505CD296C, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 325EAA2700D6B08805CD296C = { buildActionMask = 2147483647; @@ -12799,18 +12324,15 @@ 325EAA3300D6B2BF05CD296C, 325EAA3400D6B2BF05CD296C, 325EAA3500D6B2BF05CD296C, - 325EAA3600D6B2BF05CD296C, 3290381400D6B78A05CD296C, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 325EAA2800D6B08805CD296C = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 325EAA2900D6B23F05CD296C = { children = ( @@ -12894,12 +12416,6 @@ settings = { }; }; - 325EAA3600D6B2BF05CD296C = { - fileRef = 1A23E785009758847F000001; - isa = PBXBuildFile; - settings = { - }; - }; 325EAA3700D6B47405CD296C = { isa = PBXFileReference; path = AppleCSPPlugin.cpp; @@ -12936,24 +12452,14 @@ settings = { }; }; - 32615BB000E3B46905CD296C = { - isa = PBXFileReference; - path = yarrowseed.h; - refType = 4; - }; - 32615BB100E3B46A05CD296C = { - fileRef = 32615BB000E3B46905CD296C; - isa = PBXBuildFile; - settings = { - }; - }; - 32615BB200E3B4A105CD296C = { + 32623CFC024BBA3B05CA2E77 = { isa = PBXFileReference; - path = yarrowseed.cpp; - refType = 4; + name = aclclient.cpp; + path = cdsa/cdsa_client/aclclient.cpp; + refType = 2; }; - 32615BB300E3B4A205CD296C = { - fileRef = 32615BB200E3B4A105CD296C; + 32623CFD024BBA3B05CA2E77 = { + fileRef = 32623CFC024BBA3B05CA2E77; isa = PBXBuildFile; settings = { }; @@ -12968,8 +12474,18 @@ path = multiobserver.cpp; refType = 4; }; - 3264486600D54DD305CD296C = { - fileRef = 3264486400D54DD305CD296C; + 326618CC01C6844C05CA2E77 = { + isa = PBXFileReference; + path = acl_protectedpw.cpp; + refType = 4; + }; + 326618CD01C6844C05CA2E77 = { + isa = PBXFileReference; + path = acl_protectedpw.h; + refType = 4; + }; + 326618CE01C6844D05CA2E77 = { + fileRef = 326618CD01C6844C05CA2E77; isa = PBXBuildFile; settings = { ATTRIBUTES = ( @@ -12977,8 +12493,8 @@ ); }; }; - 3264486700D54DD305CD296C = { - fileRef = 3264486500D54DD305CD296C; + 326618CF01C6844D05CA2E77 = { + fileRef = 326618CC01C6844C05CA2E77; isa = PBXBuildFile; settings = { }; @@ -13145,6 +12661,104 @@ settings = { }; }; + 3283A53602B96AED05CA2E77 = { + isa = PBXTargetDependency; + target = 322C5F3B02B9641F05CA2E77; + }; + 3283A53702B96AF805CA2E77 = { + children = ( + 3283A53802B96B2A05CA2E77, + 3283A53902B96B2A05CA2E77, + ); + isa = PBXGroup; + path = keychains; + refType = 4; + }; + 3283A53802B96B2A05CA2E77 = { + isa = PBXFileReference; + path = Makefile; + refType = 4; + }; + 3283A53902B96B2A05CA2E77 = { + isa = PBXFileReference; + path = X509Anchors; + refType = 4; + }; + 32867BA70231611A05CA2E77 = { + isa = PBXFileReference; + path = tpclient.cpp; + refType = 4; + }; + 32867BA80231611A05CA2E77 = { + isa = PBXFileReference; + path = tpclient.h; + refType = 4; + }; + 32867BA90231611A05CA2E77 = { + fileRef = 32867BA70231611A05CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 32867BAA0231611A05CA2E77 = { + fileRef = 32867BA80231611A05CA2E77; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 32867BAB02316C3905CA2E77 = { + isa = PBXFileReference; + path = clclient.cpp; + refType = 4; + }; + 32867BAC02316C3905CA2E77 = { + isa = PBXFileReference; + path = clclient.h; + refType = 4; + }; + 32867BAD02316C3905CA2E77 = { + fileRef = 32867BAB02316C3905CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 32867BAE02316C3905CA2E77 = { + fileRef = 32867BAC02316C3905CA2E77; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 32867BB202316E3305CA2E77 = { + isa = PBXFileReference; + path = cssmtrust.cpp; + refType = 4; + }; + 32867BB302316E3305CA2E77 = { + isa = PBXFileReference; + path = cssmtrust.h; + refType = 4; + }; + 32867BB402316E3305CA2E77 = { + fileRef = 32867BB202316E3305CA2E77; + isa = PBXBuildFile; + settings = { + }; + }; + 32867BB502316E3305CA2E77 = { + fileRef = 32867BB302316E3305CA2E77; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; 3290381400D6B78A05CD296C = { fileRef = 1BA451B10097605B7F000001; isa = PBXBuildFile; @@ -13180,13 +12794,15 @@ 3290382100D6BA5905CD296C, ); buildSettings = { - LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + CURRENT_PROJECT_VERSION = 53; + LIBRARY_SEARCH_PATHS = ""; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined suppress"; + OTHER_LDFLAGS = "-bundle -undefined error"; OTHER_REZFLAGS = ""; PRODUCT_NAME = AppleDL; SECTORDER_FLAGS = ""; + VERSIONING_SYSTEM = "apple-generic"; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; WRAPPER_EXTENSION = bundle; }; @@ -13199,8 +12815,8 @@ productName = "AppleDL Plugin"; productReference = 3290381500D6BA5905CD296C; productSettingsXML = " - - + + CFBundleDevelopmentRegion English @@ -13219,11 +12835,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - + 1.1 CFBundleSignature ???? CFBundleVersion - 0.0.1d1 + 53 "; @@ -13234,14 +12850,12 @@ files = ( ); isa = PBXHeadersBuildPhase; - name = Headers; }; 3290381B00D6BA5905CD296C = { buildActionMask = 2147483647; files = ( ); isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; }; 3290381C00D6BA5905CD296C = { buildActionMask = 2147483647; @@ -13249,17 +12863,14 @@ 3290383C00D6BB3705CD296C, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 3290381D00D6BA5905CD296C = { buildActionMask = 2147483647; files = ( 3290381E00D6BA5905CD296C, - 3290381F00D6BA5905CD296C, 3290382000D6BA5905CD296C, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 3290381E00D6BA5905CD296C = { fileRef = 1BA451B10097605B7F000001; @@ -13267,12 +12878,6 @@ settings = { }; }; - 3290381F00D6BA5905CD296C = { - fileRef = 1A23E785009758847F000001; - isa = PBXBuildFile; - settings = { - }; - }; 3290382000D6BA5905CD296C = { fileRef = 014880C8005EAE4D11CD283A; isa = PBXBuildFile; @@ -13284,7 +12889,6 @@ files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 3290382200D6BA5905CD296C = { buildPhases = ( @@ -13295,13 +12899,15 @@ 3290382700D6BA5905CD296C, ); buildSettings = { - LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + CURRENT_PROJECT_VERSION = 53; + LIBRARY_SEARCH_PATHS = ""; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined suppress"; + OTHER_LDFLAGS = "-bundle -undefined error"; OTHER_REZFLAGS = ""; PRODUCT_NAME = AppleCSPDL; SECTORDER_FLAGS = ""; + VERSIONING_SYSTEM = "apple-generic"; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; WRAPPER_EXTENSION = bundle; }; @@ -13314,8 +12920,8 @@ productName = "AppleCSPDL Plugin"; productReference = 3290381600D6BA5905CD296C; productSettingsXML = " - - + + CFBundleDevelopmentRegion English @@ -13334,11 +12940,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - + 1.1 CFBundleSignature ???? CFBundleVersion - 0.0.1d1 + 53 "; @@ -13349,14 +12955,12 @@ files = ( ); isa = PBXHeadersBuildPhase; - name = Headers; }; 3290382400D6BA5905CD296C = { buildActionMask = 2147483647; files = ( ); isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; }; 3290382500D6BA5905CD296C = { buildActionMask = 2147483647; @@ -13364,24 +12968,20 @@ 327DDDE800D6FC1B05CD296C, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 3290382600D6BA5905CD296C = { buildActionMask = 2147483647; files = ( 3290384000D6BB3705CD296C, 3290384100D6BB3705CD296C, - 3290384200D6BB3705CD296C, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 3290382700D6BA5905CD296C = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 3290382800D6BA5905CD296C = { buildPhases = ( @@ -13392,13 +12992,15 @@ 3290382D00D6BA5905CD296C, ); buildSettings = { - LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; + CURRENT_PROJECT_VERSION = 53; + LIBRARY_SEARCH_PATHS = ""; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined suppress"; + OTHER_LDFLAGS = "-bundle -undefined error"; OTHER_REZFLAGS = ""; PRODUCT_NAME = AppleX509CL; SECTORDER_FLAGS = ""; + VERSIONING_SYSTEM = "apple-generic"; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; WRAPPER_EXTENSION = bundle; }; @@ -13411,8 +13013,8 @@ productName = "AppleX509CL Plugin"; productReference = 3290381700D6BA5905CD296C; productSettingsXML = " - - + + CFBundleDevelopmentRegion English @@ -13431,11 +13033,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - + 1.1 CFBundleSignature ???? CFBundleVersion - 0.0.1d1 + 53 "; @@ -13446,14 +13048,12 @@ files = ( ); isa = PBXHeadersBuildPhase; - name = Headers; }; 3290382A00D6BA5905CD296C = { buildActionMask = 2147483647; files = ( ); isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; }; 3290382B00D6BA5905CD296C = { buildActionMask = 2147483647; @@ -13461,24 +13061,20 @@ 3290384500D6BB3705CD296C, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 3290382C00D6BA5905CD296C = { buildActionMask = 2147483647; files = ( 3290384600D6BB3705CD296C, 3290384700D6BB3705CD296C, - 3290384800D6BB3705CD296C, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 3290382D00D6BA5905CD296C = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 3290382E00D6BA5905CD296C = { buildPhases = ( @@ -13489,14 +13085,14 @@ 3290383300D6BA5905CD296C, ); buildSettings = { - INSTALL_PATH = ""; - LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2; - OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG"; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = "-bundle -undefined suppress"; + CURRENT_PROJECT_VERSION = 53; + LIBRARY_SEARCH_PATHS = ""; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; + OTHER_LDFLAGS = "-bundle -undefined error"; OTHER_REZFLAGS = ""; PRODUCT_NAME = AppleX509TP; SECTORDER_FLAGS = ""; + VERSIONING_SYSTEM = "apple-generic"; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; WRAPPER_EXTENSION = bundle; }; @@ -13505,12 +13101,11 @@ ); isa = PBXBundleTarget; name = "AppleX509TP Plugin"; - productInstallPath = ""; productName = "AppleX509TP Plugin"; productReference = 3290381800D6BA5905CD296C; productSettingsXML = " - - + + CFBundleDevelopmentRegion English @@ -13529,11 +13124,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - + 1.1 CFBundleSignature ???? CFBundleVersion - 0.0.1d1 + 53 "; @@ -13544,14 +13139,14 @@ files = ( ); isa = PBXHeadersBuildPhase; - name = Headers; }; 3290383000D6BA5905CD296C = { buildActionMask = 2147483647; files = ( + 9D103F9F01AC72C200003D05, + 9D103FA001AC72C200003D05, ); isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; }; 3290383100D6BA5905CD296C = { buildActionMask = 2147483647; @@ -13559,24 +13154,20 @@ 3290384B00D6BB3705CD296C, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 3290383200D6BA5905CD296C = { buildActionMask = 2147483647; files = ( 3290384C00D6BB3705CD296C, 3290384D00D6BB3705CD296C, - 3290384E00D6BB3705CD296C, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 3290383300D6BA5905CD296C = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 3290383500D6BB3705CD296C = { isa = PBXFileReference; @@ -13654,12 +13245,6 @@ settings = { }; }; - 3290384200D6BB3705CD296C = { - fileRef = 1A23E785009758847F000001; - isa = PBXBuildFile; - settings = { - }; - }; 3290384300D6BB3705CD296C = { isa = PBXTargetDependency; target = 3290382800D6BA5905CD296C; @@ -13686,12 +13271,6 @@ settings = { }; }; - 3290384800D6BB3705CD296C = { - fileRef = 1A23E785009758847F000001; - isa = PBXBuildFile; - settings = { - }; - }; 3290384900D6BB3705CD296C = { isa = PBXTargetDependency; target = 3290382E00D6BA5905CD296C; @@ -13718,12 +13297,6 @@ settings = { }; }; - 3290384E00D6BB3705CD296C = { - fileRef = 1A23E785009758847F000001; - isa = PBXBuildFile; - settings = { - }; - }; 3290384F00D6BB7805CD296C = { isa = PBXTargetDependency; target = 3290385000D6BB7805CD296C; @@ -14480,75 +14053,6 @@ path = networkchooser.h; refType = 4; }; - 4D37AD4200AA03857F000001 = { - fileRef = 4D37AD3A00AA03857F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 4D37AD4300AA03857F000001 = { - fileRef = 4D37AD3C00AA03857F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 4D37AD4400AA03857F000001 = { - fileRef = 4D37AD3E00AA03857F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 4D37AD4500AA03857F000001 = { - fileRef = 4D37AD3F00AA03857F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 4D37AD4600AA03857F000001 = { - fileRef = 4D37AD4100AA03857F000001; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - Private, - ); - }; - }; - 4D37AD4700AA03857F000001 = { - fileRef = 4D37AD3900AA03857F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4D37AD4800AA03857F000001 = { - fileRef = 4D37AD3B00AA03857F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4D37AD4900AA03857F000001 = { - fileRef = 4D37AD3D00AA03857F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 4D37AD4A00AA03857F000001 = { - fileRef = 4D37AD4000AA03857F000001; - isa = PBXBuildFile; - settings = { - }; - }; //4D0 //4D1 //4D2 @@ -14652,38 +14156,6 @@ //522 //523 //524 -//560 -//561 -//562 -//563 -//564 - 560B41E100E23FA50DCD28E8 = { - isa = PBXFileReference; - path = MacYarrow_OSX.cpp; - refType = 4; - }; - 560B41E200E23FA50DCD28E8 = { - isa = PBXFileReference; - path = MacYarrow_OSX.h; - refType = 4; - }; - 568640ED00E23FD90DCD28E8 = { - fileRef = 560B41E200E23FA50DCD28E8; - isa = PBXBuildFile; - settings = { - }; - }; - 568640EE00E23FD90DCD28E8 = { - fileRef = 560B41E100E23FA50DCD28E8; - isa = PBXBuildFile; - settings = { - }; - }; -//560 -//561 -//562 -//563 -//564 //570 //571 //572 @@ -14810,6 +14282,41 @@ //592 //593 //594 +//5B0 +//5B1 +//5B2 +//5B3 +//5B4 + 5BA4A42D01F4E3F504CA2E82 = { + isa = PBXFileReference; + path = Identity.cpp; + refType = 4; + }; + 5BA4A42E01F4E3F504CA2E82 = { + isa = PBXFileReference; + path = Identity.h; + refType = 4; + }; + 5BA4A43101F4E3F604CA2E82 = { + fileRef = 5BA4A42E01F4E3F504CA2E82; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 5BA4A43301F4E3F604CA2E82 = { + fileRef = 5BA4A42D01F4E3F504CA2E82; + isa = PBXBuildFile; + settings = { + }; + }; +//5B0 +//5B1 +//5B2 +//5B3 +//5B4 //630 //631 //632 @@ -14831,30 +14338,48 @@ //632 //633 //634 -//F50 -//F51 -//F52 -//F53 -//F54 - F579CFD900E99FC401CD283A = { +//8F0 +//8F1 +//8F2 +//8F3 +//8F4 + 8F7ACD2A02357F2503CA2E8C = { isa = PBXFileReference; - path = Schema.m4; + path = SecACL.h; refType = 4; }; - F58785C800FB965F01CD29D4 = { + 8F7ACD2B02357F2503CA2E8C = { isa = PBXFileReference; - name = checkpw.c; - path = checkpw/checkpw.c; - refType = 2; + path = SecACL.cpp; + refType = 4; }; - F58785C900FB965F01CD29D4 = { + 8F7ACD2C02357F2503CA2E8C = { + fileRef = 8F7ACD2A02357F2503CA2E8C; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 8F7ACD2D02357F2503CA2E8C = { + fileRef = 8F7ACD2B02357F2503CA2E8C; + isa = PBXBuildFile; + settings = { + }; + }; + 8F7ACD300235805903CA2E8C = { isa = PBXFileReference; - name = checkpw.h; - path = checkpw/checkpw.h; - refType = 2; + path = ACL.h; + refType = 4; }; - F58785CA00FB966001CD29D4 = { - fileRef = F58785C900FB965F01CD29D4; + 8F7ACD310235805903CA2E8C = { + isa = PBXFileReference; + path = ACL.cpp; + refType = 4; + }; + 8F7ACD320235805903CA2E8C = { + fileRef = 8F7ACD300235805903CA2E8C; isa = PBXBuildFile; settings = { ATTRIBUTES = ( @@ -14862,29 +14387,2100 @@ ); }; }; - F58785CB00FB966001CD29D4 = { - fileRef = F58785C800FB965F01CD29D4; + 8F7ACD330235805903CA2E8C = { + fileRef = 8F7ACD310235805903CA2E8C; isa = PBXBuildFile; settings = { }; }; - F5A5E50E00FB884E01CD29D4 = { +//8F0 +//8F1 +//8F2 +//8F3 +//8F4 +//9D0 +//9D1 +//9D2 +//9D3 +//9D4 + 9D09B90701B4314500003D05 = { + isa = PBXFileReference; + path = tp_policyOids.mdsinfo; + refType = 4; + }; + 9D09B90801B4314500003D05 = { + fileRef = 9D09B90701B4314500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D103F9F01AC72C200003D05 = { + fileRef = 9DAE2E2A01A2F93200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D103FA001AC72C200003D05 = { + fileRef = 9DAE2E2901A2F93200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D14AC52020093D100003D05 = { + isa = PBXFileReference; + path = tpCredRequest.cpp; + refType = 4; + }; + 9D14AC53020093D100003D05 = { + fileRef = 9D14AC52020093D100003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D1DEC190198777400003D05 = { + isa = PBXFileReference; + name = MDSAttrStrings.h; + path = cdsa/mds/MDSAttrStrings.h; + refType = 4; + }; + 9D1DEC1A0198777400003D05 = { + fileRef = 9D1DEC190198777400003D05; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 9D1DEC1B0198796200003D05 = { + isa = PBXFileReference; + name = MDSAttrStrings.cpp; + path = cdsa/mds/MDSAttrStrings.cpp; + refType = 2; + }; + 9D1DEC1C0198796200003D05 = { + fileRef = 9D1DEC1B0198796200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D206AA601EB68F200003D05 = { + isa = PBXFileReference; + name = NullCryptor.h; + path = MiscCSPAlgs/NullCryptor.h; + refType = 4; + }; + 9D206AA701EB68F200003D05 = { + fileRef = 9D206AA601EB68F200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D291872026B4FF900003D05 = { children = ( - F58785C800FB965F01CD29D4, - F58785C900FB965F01CD29D4, + 9D291875026B502600003D05, + 9D291876026B502600003D05, + 9D291877026B502600003D05, + 9D291878026B502600003D05, + 9D291879026B502600003D05, ); isa = PBXGroup; - name = checkpw; + name = dh; refType = 4; }; - F5DDE3AE00B3358F01CD283A = { - buildActionMask = 2147483647; + 9D291875026B502600003D05 = { + isa = PBXFileReference; + name = dh_check.c; + path = dh/dh_check.c; + refType = 4; + }; + 9D291876026B502600003D05 = { + isa = PBXFileReference; + name = dh_err.c; + path = dh/dh_err.c; + refType = 4; + }; + 9D291877026B502600003D05 = { + isa = PBXFileReference; + name = dh_gen.c; + path = dh/dh_gen.c; + refType = 4; + }; + 9D291878026B502600003D05 = { + isa = PBXFileReference; + name = dh_key.c; + path = dh/dh_key.c; + refType = 4; + }; + 9D291879026B502600003D05 = { + isa = PBXFileReference; + name = dh_lib.c; + path = dh/dh_lib.c; + refType = 4; + }; + 9D29187A026B502600003D05 = { + fileRef = 9D291875026B502600003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29187B026B502600003D05 = { + fileRef = 9D291876026B502600003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29187C026B502600003D05 = { + fileRef = 9D291877026B502600003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29187D026B502600003D05 = { + fileRef = 9D291878026B502600003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29187E026B502600003D05 = { + fileRef = 9D291879026B502600003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29187F026B504700003D05 = { + isa = PBXFileReference; + name = dh.h; + path = openssl/dh.h; + refType = 4; + }; + 9D291880026B504700003D05 = { + fileRef = 9D29187F026B504700003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D291881026B56B800003D05 = { + children = ( + 9D291882026B56DA00003D05, + 9D291883026B56DA00003D05, + 9D291884026B56DA00003D05, + 9D291885026B56DA00003D05, + 9D291886026B56DA00003D05, + 9D291887026B56DA00003D05, + 9D29188E026B8BBD00003D05, + 9D29188F026B8BBD00003D05, + ); + isa = PBXGroup; + name = DiffieHellman; + path = AppleCSP; + refType = 2; + }; + 9D291882026B56DA00003D05 = { + isa = PBXFileReference; + name = DH_csp.cpp; + path = DiffieHellman/DH_csp.cpp; + refType = 4; + }; + 9D291883026B56DA00003D05 = { + isa = PBXFileReference; + name = DH_csp.h; + path = DiffieHellman/DH_csp.h; + refType = 4; + }; + 9D291884026B56DA00003D05 = { + isa = PBXFileReference; + name = DH_exchange.cpp; + path = DiffieHellman/DH_exchange.cpp; + refType = 4; + }; + 9D291885026B56DA00003D05 = { + isa = PBXFileReference; + name = DH_exchange.h; + path = DiffieHellman/DH_exchange.h; + refType = 4; + }; + 9D291886026B56DA00003D05 = { + isa = PBXFileReference; + name = DH_keys.cpp; + path = DiffieHellman/DH_keys.cpp; + refType = 4; + }; + 9D291887026B56DA00003D05 = { + isa = PBXFileReference; + name = DH_keys.h; + path = DiffieHellman/DH_keys.h; + refType = 4; + }; + 9D291888026B56DA00003D05 = { + fileRef = 9D291882026B56DA00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D291889026B56DA00003D05 = { + fileRef = 9D291883026B56DA00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29188A026B56DA00003D05 = { + fileRef = 9D291884026B56DA00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29188B026B56DA00003D05 = { + fileRef = 9D291885026B56DA00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29188C026B56DA00003D05 = { + fileRef = 9D291886026B56DA00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29188D026B56DA00003D05 = { + fileRef = 9D291887026B56DA00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D29188E026B8BBD00003D05 = { + isa = PBXFileReference; + name = DH_utils.cpp; + path = DiffieHellman/DH_utils.cpp; + refType = 4; + }; + 9D29188F026B8BBD00003D05 = { + isa = PBXFileReference; + name = DH_utils.h; + path = DiffieHellman/DH_utils.h; + refType = 4; + }; + 9D291890026B8BBD00003D05 = { + fileRef = 9D29188E026B8BBD00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D291891026B8BBD00003D05 = { + fileRef = 9D29188F026B8BBD00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D2C3D0001C826C800003D05 = { + isa = PBXFileReference; + path = gladmanContext.h; + refType = 4; + }; + 9D2C3D0101C826C800003D05 = { + fileRef = 9D2C3D0001C826C800003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D2C3D0201C82F6000003D05 = { + isa = PBXFileReference; + path = aesCommon.h; + refType = 4; + }; + 9D2C3D0301C82F6100003D05 = { + fileRef = 9D2C3D0201C82F6000003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D4B1BC70156C2E500A17CD1 = { + isa = PBXFileReference; + path = tpCertGroup.cpp; + refType = 4; + }; + 9D4B1BC80156C2E500A17CD1 = { + fileRef = 9D4B1BC70156C2E500A17CD1; + isa = PBXBuildFile; + settings = { + }; + }; + 9D518682018F278000003D05 = { + children = ( + 9D518683018F27B400003D05, + 9D1DEC1B0198796200003D05, + 9D1DEC190198777400003D05, + 9D518686018F27B400003D05, + 9D518687018F27B400003D05, + 9D518688018F27B400003D05, + 9D518689018F27B400003D05, + 9D51868A018F27B400003D05, + 9D51868B018F27B400003D05, + 9D69C0260198A8E000003D05, + 9D69C0280198AB3700003D05, + 9D69C02A019AF15E00003D05, + 9D64BAE9019AF3B800003D05, + 9D64BAEB019AFD7900003D05, + 9D64BAED019AFE3600003D05, + ); + isa = PBXGroup; + name = MDS; + path = ""; + refType = 2; + }; + 9D518683018F27B400003D05 = { + isa = PBXFileReference; + name = mdsapi.cpp; + path = cdsa/mds/mdsapi.cpp; + refType = 4; + }; + 9D518686018F27B400003D05 = { + isa = PBXFileReference; + name = MDSModule.cpp; + path = cdsa/mds/MDSModule.cpp; + refType = 4; + }; + 9D518687018F27B400003D05 = { + isa = PBXFileReference; + name = MDSModule.h; + path = cdsa/mds/MDSModule.h; + refType = 4; + }; + 9D518688018F27B400003D05 = { + isa = PBXFileReference; + name = MDSSchema.cpp; + path = cdsa/mds/MDSSchema.cpp; + refType = 4; + }; + 9D518689018F27B400003D05 = { + isa = PBXFileReference; + name = MDSSchema.h; + path = cdsa/mds/MDSSchema.h; + refType = 4; + }; + 9D51868A018F27B400003D05 = { + isa = PBXFileReference; + name = MDSSession.cpp; + path = cdsa/mds/MDSSession.cpp; + refType = 4; + }; + 9D51868B018F27B400003D05 = { + isa = PBXFileReference; + name = MDSSession.h; + path = cdsa/mds/MDSSession.h; + refType = 4; + }; + 9D51868D018F27B500003D05 = { + fileRef = 9D518687018F27B400003D05; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 9D51868E018F27B500003D05 = { + fileRef = 9D518689018F27B400003D05; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 9D51868F018F27B500003D05 = { + fileRef = 9D51868B018F27B400003D05; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 9D518690018F27B500003D05 = { + fileRef = 9D518683018F27B400003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D518692018F27B500003D05 = { + fileRef = 9D518686018F27B400003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D518693018F27B500003D05 = { + fileRef = 9D518688018F27B400003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D518694018F27B500003D05 = { + fileRef = 9D51868A018F27B400003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D64BAE9019AF3B800003D05 = { + isa = PBXFileReference; + name = MDSAttrUtils.cpp; + path = cdsa/mds/MDSAttrUtils.cpp; + refType = 4; + }; + 9D64BAEA019AF3B800003D05 = { + fileRef = 9D64BAE9019AF3B800003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D64BAEB019AFD7900003D05 = { + isa = PBXFileReference; + name = MDSDictionary.h; + path = cdsa/mds/MDSDictionary.h; + refType = 4; + }; + 9D64BAEC019AFD7900003D05 = { + fileRef = 9D64BAEB019AFD7900003D05; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 9D64BAED019AFE3600003D05 = { + isa = PBXFileReference; + name = MDSDictionary.cpp; + path = cdsa/mds/MDSDictionary.cpp; + refType = 4; + }; + 9D64BAEE019AFE3700003D05 = { + fileRef = 9D64BAED019AFE3600003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D64BAEF019B173900003D05 = { + isa = PBXFileReference; + path = cssm.mdsinfo; + refType = 4; + }; + 9D64BAF0019B173900003D05 = { + fileRef = 9D64BAEF019B173900003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D64BAF1019B176100003D05 = { + isa = PBXFileReference; + path = csp_capabilities.mdsinfo; + refType = 4; + }; + 9D64BAF2019B176100003D05 = { + isa = PBXFileReference; + path = csp_common.mdsinfo; + refType = 4; + }; + 9D64BAF3019B176100003D05 = { + isa = PBXFileReference; + path = csp_primary.mdsinfo; + refType = 4; + }; + 9D64BAF4019B176200003D05 = { + fileRef = 9D64BAF1019B176100003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D64BAF5019B176200003D05 = { + fileRef = 9D64BAF2019B176100003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D64BAF6019B176200003D05 = { + fileRef = 9D64BAF3019B176100003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D69C0260198A8E000003D05 = { + isa = PBXFileReference; + name = MDSAttrParser.h; + path = cdsa/mds/MDSAttrParser.h; + refType = 4; + }; + 9D69C0270198A8E100003D05 = { + fileRef = 9D69C0260198A8E000003D05; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 9D69C0280198AB3700003D05 = { + isa = PBXFileReference; + name = MDSAttrParser.cpp; + path = cdsa/mds/MDSAttrParser.cpp; + refType = 4; + }; + 9D69C0290198AB3700003D05 = { + fileRef = 9D69C0280198AB3700003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D69C02A019AF15E00003D05 = { + isa = PBXFileReference; + name = MDSAttrUtils.h; + path = cdsa/mds/MDSAttrUtils.h; + refType = 4; + }; + 9D69C02B019AF15E00003D05 = { + fileRef = 9D69C02A019AF15E00003D05; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 9D78BC7201EBB3F900003D05 = { + isa = PBXFileReference; + path = tls_hmac.h; + refType = 4; + }; + 9D78BC7301EBB3F900003D05 = { + fileRef = 9D78BC7201EBB3F900003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D78BC7401EBB71A00003D05 = { + isa = PBXFileReference; + path = tls_hmac.c; + refType = 4; + }; + 9D78BC7501EBB71A00003D05 = { + fileRef = 9D78BC7401EBB71A00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D78BC7601EBBBED00003D05 = { + isa = PBXFileReference; + path = tls_ssl.h; + refType = 4; + }; + 9D78BC7701EBBBED00003D05 = { + fileRef = 9D78BC7601EBBBED00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D78BC7801EBCA2300003D05 = { + isa = PBXFileReference; + path = ssl3Callouts.c; + refType = 4; + }; + 9D78BC7901EBCA2400003D05 = { + fileRef = 9D78BC7801EBCA2300003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D78BC7A01ECA79D00003D05 = { + isa = PBXFileReference; + path = tls1Callouts.c; + refType = 4; + }; + 9D78BC7B01ECA79D00003D05 = { + fileRef = 9D78BC7A01ECA79D00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D8B6A2A015A48F500A17CD1 = { + isa = PBXFileReference; + path = digestobject.h; + refType = 4; + }; + 9D8B6A2B015A48F500A17CD1 = { + fileRef = 9D8B6A2A015A48F500A17CD1; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + 9D8F0D1D01C80C0C00003D05 = { + isa = PBXFileReference; + path = gladmanContext.cpp; + refType = 4; + }; + 9D8F0D1E01C80C0C00003D05 = { + isa = PBXFileReference; + path = rijndaelGladman.c; + refType = 4; + }; + 9D8F0D1F01C80C0C00003D05 = { + isa = PBXFileReference; + path = rijndaelGladman.h; + refType = 4; + }; + 9D8F0D2001C80C0C00003D05 = { + fileRef = 9D8F0D1F01C80C0C00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D8F0D2901C815A600003D05 = { + fileRef = 9D8F0D1F01C80C0C00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D8F0D2A01C815A600003D05 = { + fileRef = 9D8F0D1D01C80C0C00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D8F0D2B01C815A600003D05 = { + fileRef = 9D8F0D1E01C80C0C00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9D9AEFBA02B6BC6C00003D05 = { + isa = PBXFileReference; + path = rootCerts.cpp; + refType = 4; + }; + 9D9AEFBB02B6BC6C00003D05 = { + fileRef = 9D9AEFBA02B6BC6C00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DA13D0401B4638200003D05 = { + isa = PBXFileReference; + path = csp_capabilities_common.mds; + refType = 4; + }; + 9DA13D0501B4638200003D05 = { + fileRef = 9DA13D0401B4638200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E2501A2E63700003D05 = { + isa = PBXFileReference; + path = cl_primary.mdsinfo; + refType = 4; + }; + 9DAE2E2601A2E63700003D05 = { + isa = PBXFileReference; + path = cl_common.mdsinfo; + refType = 4; + }; + 9DAE2E2701A2E63800003D05 = { + fileRef = 9DAE2E2601A2E63700003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E2801A2E63800003D05 = { + fileRef = 9DAE2E2501A2E63700003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E2901A2F93200003D05 = { + isa = PBXFileReference; + path = tp_common.mdsinfo; + refType = 4; + }; + 9DAE2E2A01A2F93200003D05 = { + isa = PBXFileReference; + path = tp_primary.mdsinfo; + refType = 4; + }; + 9DAE2E2B01A2F93200003D05 = { + fileRef = 9DAE2E2901A2F93200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E2C01A2F93200003D05 = { + fileRef = 9DAE2E2A01A2F93200003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E2D01A3378900003D05 = { + isa = PBXFileReference; + path = dl_common.mdsinfo; + refType = 4; + }; + 9DAE2E2E01A3378900003D05 = { + isa = PBXFileReference; + path = dl_primary.mdsinfo; + refType = 4; + }; + 9DAE2E2F01A3378A00003D05 = { + fileRef = 9DAE2E2D01A3378900003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E3001A3378A00003D05 = { + fileRef = 9DAE2E2E01A3378900003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E3201A43D6B00003D05 = { + isa = PBXFileReference; + path = cspdl_common.mdsinfo; + refType = 4; + }; + 9DAE2E3301A43D6B00003D05 = { + isa = PBXFileReference; + path = cspdl_csp_capabilities.mdsinfo; + refType = 4; + }; + 9DAE2E3401A43D6B00003D05 = { + isa = PBXFileReference; + path = cspdl_csp_primary.mdsinfo; + refType = 4; + }; + 9DAE2E3501A43D6B00003D05 = { + isa = PBXFileReference; + path = cspdl_dl_primary.mdsinfo; + refType = 4; + }; + 9DAE2E3601A43D6B00003D05 = { + fileRef = 9DAE2E3201A43D6B00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E3701A43D6B00003D05 = { + fileRef = 9DAE2E3301A43D6B00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E3801A43D6B00003D05 = { + fileRef = 9DAE2E3401A43D6B00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DAE2E3901A43D6B00003D05 = { + fileRef = 9DAE2E3501A43D6B00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DEEC0299BB8F00003D05 = { + children = ( + 9DC1DEED0299BB9E00003D05, + 9DC1DEEE0299BBA900003D05, + ); + isa = PBXGroup; + name = CertTool; + refType = 4; + }; + 9DC1DEED0299BB9E00003D05 = { + children = ( + 9DC1DEF60299BC6C00003D05, + 9DC1DEF70299BC6C00003D05, + 9DC1DEF80299BC6C00003D05, + ); + isa = PBXGroup; + name = CertTool; + refType = 4; + }; + 9DC1DEEE0299BBA900003D05 = { + children = ( + 9DC1DEFC0299BC7F00003D05, + 9DC1DEFD0299BC7F00003D05, + 9DC1DEFE0299BC7F00003D05, + 9DC1DEFF0299BC7F00003D05, + 9DC1DF050299BC9500003D05, + 9DC1DF060299BC9500003D05, + 9DC1DF070299BC9500003D05, + 9DC1DF080299BC9500003D05, + 9DC1DF090299BC9500003D05, + 9DC1DF0A0299BC9500003D05, + 9DC1DF0B0299BC9500003D05, + 9DC1DF0C0299BC9500003D05, + 9DC1DF0D0299BC9500003D05, + 9DC1DF0E0299BC9500003D05, + ); + isa = PBXGroup; + name = cdsaUtils; + path = ""; + refType = 4; + }; + 9DC1DEEF0299BBCD00003D05 = { + buildActionMask = 2147483647; + files = ( + 9DC1DEFB0299BC6C00003D05, + 9DC1DF010299BC7F00003D05, + 9DC1DF030299BC7F00003D05, + 9DC1DF130299BDE300003D05, + 9DC1DF150299BDE400003D05, + 9DC1DF170299BDE600003D05, + 9DC1DF190299BDEA00003D05, + 9DC1DF1B0299BDEB00003D05, + ); + isa = PBXHeadersBuildPhase; + }; + 9DC1DEF00299BBCD00003D05 = { + buildActionMask = 2147483647; + files = ( + 9DC1DEF90299BC6C00003D05, + 9DC1DEFA0299BC6C00003D05, + 9DC1DF000299BC7F00003D05, + 9DC1DF020299BC7F00003D05, + 9DC1DF120299BDE200003D05, + 9DC1DF140299BDE300003D05, + 9DC1DF160299BDE500003D05, + 9DC1DF180299BDE600003D05, + 9DC1DF1A0299BDEA00003D05, + ); + isa = PBXSourcesBuildPhase; + }; + 9DC1DEF10299BBCD00003D05 = { + buildActionMask = 2147483647; + files = ( + 9DC1DF100299BD8500003D05, + 9DC1DF110299BD8C00003D05, + ); + isa = PBXFrameworksBuildPhase; + }; + 9DC1DEF20299BBCD00003D05 = { + buildActionMask = 2147483647; + files = ( + ); + isa = PBXRezBuildPhase; + }; + 9DC1DEF30299BBCD00003D05 = { + buildPhases = ( + 9DC1DEEF0299BBCD00003D05, + 9DC1DEF00299BBCD00003D05, + 9DC1DEF10299BBCD00003D05, + 9DC1DEF20299BBCD00003D05, + ); + buildSettings = { + HEADER_SEARCH_PATHS = "$(SRCROOT)/CertTool"; + INSTALL_PATH = /usr/bin; + OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + OTHER_REZFLAGS = ""; + PRODUCT_NAME = certtool; + REZ_EXECUTABLE = YES; + SECTORDER_FLAGS = ""; + WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; + }; + dependencies = ( + ); + isa = PBXToolTarget; + name = CertTool; + productInstallPath = ""; + productName = CertTool; + productReference = 9DC1DEF40299BBCD00003D05; + shouldUseHeadermap = 0; + }; + 9DC1DEF40299BBCD00003D05 = { + isa = PBXExecutableFileReference; + path = certtool; + refType = 3; + }; + 9DC1DEF60299BC6C00003D05 = { + isa = PBXFileReference; + name = CertTool.cpp; + path = CertTool/CertTool/CertTool.cpp; + refType = 4; + }; + 9DC1DEF70299BC6C00003D05 = { + isa = PBXFileReference; + name = CertUI.cpp; + path = CertTool/CertTool/CertUI.cpp; + refType = 4; + }; + 9DC1DEF80299BC6C00003D05 = { + isa = PBXFileReference; + name = CertUI.h; + path = CertTool/CertTool/CertUI.h; + refType = 4; + }; + 9DC1DEF90299BC6C00003D05 = { + fileRef = 9DC1DEF60299BC6C00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DEFA0299BC6C00003D05 = { + fileRef = 9DC1DEF70299BC6C00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DEFB0299BC6C00003D05 = { + fileRef = 9DC1DEF80299BC6C00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DEFC0299BC7F00003D05 = { + isa = PBXFileReference; + name = cdsaUtils.c; + path = CertTool/cdsaUtils/cdsaUtils.c; + refType = 4; + }; + 9DC1DEFD0299BC7F00003D05 = { + isa = PBXFileReference; + name = cdsaUtils.h; + path = CertTool/cdsaUtils/cdsaUtils.h; + refType = 4; + }; + 9DC1DEFE0299BC7F00003D05 = { + isa = PBXFileReference; + name = cuEnc64.c; + path = CertTool/cdsaUtils/cuEnc64.c; + refType = 4; + }; + 9DC1DEFF0299BC7F00003D05 = { + isa = PBXFileReference; + name = cuEnc64.h; + path = CertTool/cdsaUtils/cuEnc64.h; + refType = 4; + }; + 9DC1DF000299BC7F00003D05 = { + fileRef = 9DC1DEFC0299BC7F00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF010299BC7F00003D05 = { + fileRef = 9DC1DEFD0299BC7F00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF020299BC7F00003D05 = { + fileRef = 9DC1DEFE0299BC7F00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF030299BC7F00003D05 = { + fileRef = 9DC1DEFF0299BC7F00003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF050299BC9500003D05 = { + isa = PBXFileReference; + name = fileIo.c; + path = CertTool/cdsaUtils/fileIo.c; + refType = 4; + }; + 9DC1DF060299BC9500003D05 = { + isa = PBXFileReference; + name = fileIo.h; + path = CertTool/cdsaUtils/fileIo.h; + refType = 4; + }; + 9DC1DF070299BC9500003D05 = { + isa = PBXFileReference; + name = oidParser.cpp; + path = CertTool/cdsaUtils/oidParser.cpp; + refType = 4; + }; + 9DC1DF080299BC9500003D05 = { + isa = PBXFileReference; + name = oidParser.h; + path = CertTool/cdsaUtils/oidParser.h; + refType = 4; + }; + 9DC1DF090299BC9500003D05 = { + isa = PBXFileReference; + name = pem.cpp; + path = CertTool/cdsaUtils/pem.cpp; + refType = 4; + }; + 9DC1DF0A0299BC9500003D05 = { + isa = PBXFileReference; + name = pem.h; + path = CertTool/cdsaUtils/pem.h; + refType = 4; + }; + 9DC1DF0B0299BC9500003D05 = { + isa = PBXFileReference; + name = printCert.cpp; + path = CertTool/cdsaUtils/printCert.cpp; + refType = 4; + }; + 9DC1DF0C0299BC9500003D05 = { + isa = PBXFileReference; + name = printCert.h; + path = CertTool/cdsaUtils/printCert.h; + refType = 4; + }; + 9DC1DF0D0299BC9500003D05 = { + isa = PBXFileReference; + name = timeStr.cpp; + path = CertTool/cdsaUtils/timeStr.cpp; + refType = 4; + }; + 9DC1DF0E0299BC9500003D05 = { + isa = PBXFileReference; + name = timeStr.h; + path = CertTool/cdsaUtils/timeStr.h; + refType = 4; + }; + 9DC1DF0F0299BCB400003D05 = { + isa = PBXTargetDependency; + target = 9DC1DEF30299BBCD00003D05; + }; + 9DC1DF100299BD8500003D05 = { + fileRef = 1BA451B10097605B7F000001; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF110299BD8C00003D05 = { + fileRef = 125E85ADFFF3D44A11CD283A; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF120299BDE200003D05 = { + fileRef = 9DC1DF050299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF130299BDE300003D05 = { + fileRef = 9DC1DF060299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF140299BDE300003D05 = { + fileRef = 9DC1DF070299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF150299BDE400003D05 = { + fileRef = 9DC1DF080299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF160299BDE500003D05 = { + fileRef = 9DC1DF090299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF170299BDE600003D05 = { + fileRef = 9DC1DF0A0299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF180299BDE600003D05 = { + fileRef = 9DC1DF0B0299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF190299BDEA00003D05 = { + fileRef = 9DC1DF0C0299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF1A0299BDEA00003D05 = { + fileRef = 9DC1DF0D0299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; + 9DC1DF1B0299BDEB00003D05 = { + fileRef = 9DC1DF0E0299BC9500003D05; + isa = PBXBuildFile; + settings = { + }; + }; +//9D0 +//9D1 +//9D2 +//9D3 +//9D4 +//F50 +//F51 +//F52 +//F53 +//F54 + F5394A1C0279082901CA2E64 = { + fileRef = 07A0F691005DAEE111CD283A; + isa = PBXBuildFile; + settings = { + }; + }; + F540E6F7027A33A501CA2E66 = { + isa = PBXFileReference; + path = pkcs10.h; + refType = 4; + }; + F540E6F9027A33DA01CA2E66 = { + isa = PBXFileReference; + path = pkcs10.cpp; + refType = 4; + }; + F540E6FA027A33DA01CA2E66 = { + fileRef = F540E6F9027A33DA01CA2E66; + isa = PBXBuildFile; + settings = { + }; + }; + F540EDC2027A41BF01CA2E66 = { + isa = PBXFileReference; + path = Session_CSR.cpp; + refType = 4; + }; + F540EDC3027A41BF01CA2E66 = { + fileRef = F540EDC2027A41BF01CA2E66; + isa = PBXBuildFile; + settings = { + }; + }; + F540EDC4027A41E201CA2E66 = { + isa = PBXFileReference; + path = pkcs10.asn; + refType = 4; + }; + F540EDC8027A43A501CA2E66 = { + fileRef = F540E6F7027A33A501CA2E66; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F54323B4022DC91501CA2E64 = { + isa = PBXFrameworkReference; + path = Security.framework; + refType = 3; + }; + F54323BD022DC98301CA2E64 = { + isa = PBXFileReference; + path = SecCFTypes.cpp; + refType = 4; + }; + F54323BE022DC98301CA2E64 = { + isa = PBXFileReference; + path = SecCFTypes.h; + refType = 4; + }; + F54323BF022DC98301CA2E64 = { + isa = PBXFileReference; + path = SecRuntime.cpp; + refType = 4; + }; + F54323C0022DC98301CA2E64 = { + isa = PBXFileReference; + path = SecRuntime.h; + refType = 4; + }; + F54323C6022DC98301CA2E64 = { + fileRef = F54323BD022DC98301CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F54323C7022DC98301CA2E64 = { + fileRef = F54323BE022DC98301CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F54323C8022DC98301CA2E64 = { + fileRef = F54323BF022DC98301CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F54323C9022DC98301CA2E64 = { + fileRef = F54323C0022DC98301CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F559B18C01D1510A01CA2E64 = { + isa = PBXFileReference; + path = trackingallocator.h; + refType = 4; + }; + F559B18D01D1510B01CA2E64 = { + fileRef = F559B18C01D1510A01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F55B3B460230375401CA2E64 = { + isa = PBXFileReference; + path = CertificateRequest.h; + refType = 4; + }; + F55B3B470230375401CA2E64 = { + isa = PBXFileReference; + path = CertificateRequest.cpp; + refType = 4; + }; + F55B3B480230375401CA2E64 = { + fileRef = F55B3B460230375401CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F55B3B490230375401CA2E64 = { + fileRef = F55B3B470230375401CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F55B3B4A02303B2A01CA2E64 = { + isa = PBXFileReference; + path = KeyItem.h; + refType = 4; + }; + F55B3B4B02303B2A01CA2E64 = { + isa = PBXFileReference; + path = KeyItem.cpp; + refType = 4; + }; + F55B3B4C02303B2A01CA2E64 = { + fileRef = F55B3B4A02303B2A01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F55B3B4D02303B2A01CA2E64 = { + fileRef = F55B3B4B02303B2A01CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F55B3B4E0230448601CA2E64 = { + isa = PBXFileReference; + path = Trust.h; + refType = 4; + }; + F55B3B4F0230448601CA2E64 = { + isa = PBXFileReference; + path = Trust.cpp; + refType = 4; + }; + F55B3B500230448601CA2E64 = { + fileRef = F55B3B4E0230448601CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F55B3B510230448601CA2E64 = { + fileRef = F55B3B4F0230448601CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F55B3B7902304A6001CA2E64 = { + isa = PBXFileReference; + path = TrustedApplication.h; + refType = 4; + }; + F55B3B7A02304A6001CA2E64 = { + isa = PBXFileReference; + path = TrustedApplication.cpp; + refType = 4; + }; + F55B3B7B02304A6001CA2E64 = { + fileRef = F55B3B7902304A6001CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F55B3B7C02304A6001CA2E64 = { + fileRef = F55B3B7A02304A6001CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786171022EDDE501CA2E64 = { + isa = PBXFileReference; + path = SecBase.h; + refType = 4; + }; + F5786172022EDDE501CA2E64 = { + fileRef = F5786171022EDDE501CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F5786173022EDDFB01CA2E64 = { + isa = PBXFileReference; + path = SecKeychain.h; + refType = 4; + }; + F5786174022EDDFB01CA2E64 = { + fileRef = F5786173022EDDFB01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F5786175022EDE0501CA2E64 = { + isa = PBXFileReference; + path = SecKeychainItem.h; + refType = 4; + }; + F5786176022EDE0501CA2E64 = { + fileRef = F5786175022EDE0501CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F5786177022EDE1701CA2E64 = { + isa = PBXFileReference; + path = SecKeychainSearch.h; + refType = 4; + }; + F5786178022EDE1701CA2E64 = { + fileRef = F5786177022EDE1701CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F5786179022EDE2B01CA2E64 = { + isa = PBXFileReference; + path = SecCertificate.h; + refType = 4; + }; + F578617A022EDE2B01CA2E64 = { + fileRef = F5786179022EDE2B01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F578617B022EDE3F01CA2E64 = { + isa = PBXFileReference; + path = SecIdentity.h; + refType = 4; + }; + F578617C022EDE3F01CA2E64 = { + fileRef = F578617B022EDE3F01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F578617D022EDE5C01CA2E64 = { + isa = PBXFileReference; + path = SecPolicy.h; + refType = 4; + }; + F578617E022EDE5C01CA2E64 = { + fileRef = F578617D022EDE5C01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F578617F022EDE6401CA2E64 = { + isa = PBXFileReference; + path = SecAccess.h; + refType = 4; + }; + F5786180022EDE6401CA2E64 = { + fileRef = F578617F022EDE6401CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F5786181022EDE8901CA2E64 = { + children = ( + F57861CB022F0F3801CA2E64, + F5786171022EDDE501CA2E64, + F578617F022EDE6401CA2E64, + 8F7ACD2A02357F2503CA2E8C, + F5786179022EDE2B01CA2E64, + F57861F7022F12FC01CA2E64, + F57861BF022EEF1B01CA2E64, + F578617B022EDE3F01CA2E64, + F57861C3022EEF3401CA2E64, + F57861C9022F0D0A01CA2E64, + F5786173022EDDFB01CA2E64, + F5786175022EDE0501CA2E64, + F5786177022EDE1701CA2E64, + F578617D022EDE5C01CA2E64, + F57861C1022EEF2601CA2E64, + F57861C7022EFAE501CA2E64, + F57861C5022EEF4701CA2E64, + ); + isa = PBXGroup; + name = "Public API"; + refType = 4; + }; + F57861BF022EEF1B01CA2E64 = { + isa = PBXFileReference; + path = SecCertificateRequest.h; + refType = 4; + }; + F57861C0022EEF1B01CA2E64 = { + fileRef = F57861BF022EEF1B01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F57861C1022EEF2601CA2E64 = { + isa = PBXFileReference; + path = SecPolicySearch.h; + refType = 4; + }; + F57861C2022EEF2601CA2E64 = { + fileRef = F57861C1022EEF2601CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F57861C3022EEF3401CA2E64 = { + isa = PBXFileReference; + path = SecIdentitySearch.h; + refType = 4; + }; + F57861C4022EEF3401CA2E64 = { + fileRef = F57861C3022EEF3401CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F57861C5022EEF4701CA2E64 = { + isa = PBXFileReference; + path = SecTrustedApplication.h; + refType = 4; + }; + F57861C6022EEF4701CA2E64 = { + fileRef = F57861C5022EEF4701CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F57861C7022EFAE501CA2E64 = { + isa = PBXFileReference; + path = SecTrust.h; + refType = 4; + }; + F57861C8022EFAE501CA2E64 = { + fileRef = F57861C7022EFAE501CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F57861C9022F0D0A01CA2E64 = { + isa = PBXFileReference; + path = SecKey.h; + refType = 4; + }; + F57861CA022F0D0A01CA2E64 = { + fileRef = F57861C9022F0D0A01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F57861CB022F0F3801CA2E64 = { + isa = PBXFileReference; + path = Security.h; + refType = 4; + }; + F57861CC022F0F3801CA2E64 = { + fileRef = F57861CB022F0F3801CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Public, + ); + }; + }; + F57861F7022F12FC01CA2E64 = { + isa = PBXFileReference; + path = SecCertificateBundle.h; + refType = 4; + }; + F57861F8022F12FC01CA2E64 = { + fileRef = F57861F7022F12FC01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F57861F9022F13DF01CA2E64 = { + children = ( + F5786216022F1DA301CA2E64, + F57861FA022F1A9301CA2E64, + 8F7ACD2B02357F2503CA2E8C, + F57861FC022F1AA001CA2E64, + F5786200022F1B4001CA2E64, + F57861FE022F1AAB01CA2E64, + F5786202022F1B5001CA2E64, + F5786204022F1B5901CA2E64, + F5786206022F1B6501CA2E64, + F5786208022F1B6F01CA2E64, + F578620A022F1B7901CA2E64, + F578620C022F1B8701CA2E64, + F578620E022F1B9301CA2E64, + F5786210022F1B9C01CA2E64, + F5786212022F1BA801CA2E64, + F5786214022F1BB601CA2E64, + ); + isa = PBXGroup; + name = "API Bridge"; + path = ""; + refType = 4; + }; + F57861FA022F1A9301CA2E64 = { + isa = PBXFileReference; + path = SecAccess.cpp; + refType = 4; + }; + F57861FB022F1A9301CA2E64 = { + fileRef = F57861FA022F1A9301CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F57861FC022F1AA001CA2E64 = { + isa = PBXFileReference; + path = SecCertificate.cpp; + refType = 4; + }; + F57861FD022F1AA001CA2E64 = { + fileRef = F57861FC022F1AA001CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F57861FE022F1AAB01CA2E64 = { + isa = PBXFileReference; + path = SecCertificateRequest.cpp; + refType = 4; + }; + F57861FF022F1AAB01CA2E64 = { + fileRef = F57861FE022F1AAB01CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786200022F1B4001CA2E64 = { + isa = PBXFileReference; + path = SecCertificateBundle.cpp; + refType = 4; + }; + F5786201022F1B4001CA2E64 = { + fileRef = F5786200022F1B4001CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786202022F1B5001CA2E64 = { + isa = PBXFileReference; + path = SecIdentity.cpp; + refType = 4; + }; + F5786203022F1B5001CA2E64 = { + fileRef = F5786202022F1B5001CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786204022F1B5901CA2E64 = { + isa = PBXFileReference; + path = SecIdentitySearch.cpp; + refType = 4; + }; + F5786205022F1B5901CA2E64 = { + fileRef = F5786204022F1B5901CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786206022F1B6501CA2E64 = { + isa = PBXFileReference; + path = SecKey.cpp; + refType = 4; + }; + F5786207022F1B6501CA2E64 = { + fileRef = F5786206022F1B6501CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786208022F1B6F01CA2E64 = { + isa = PBXFileReference; + path = SecKeychain.cpp; + refType = 4; + }; + F5786209022F1B6F01CA2E64 = { + fileRef = F5786208022F1B6F01CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F578620A022F1B7901CA2E64 = { + isa = PBXFileReference; + path = SecKeychainItem.cpp; + refType = 4; + }; + F578620B022F1B7901CA2E64 = { + fileRef = F578620A022F1B7901CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F578620C022F1B8701CA2E64 = { + isa = PBXFileReference; + path = SecKeychainSearch.cpp; + refType = 4; + }; + F578620D022F1B8701CA2E64 = { + fileRef = F578620C022F1B8701CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F578620E022F1B9301CA2E64 = { + isa = PBXFileReference; + path = SecPolicy.cpp; + refType = 4; + }; + F578620F022F1B9301CA2E64 = { + fileRef = F578620E022F1B9301CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786210022F1B9C01CA2E64 = { + isa = PBXFileReference; + path = SecPolicySearch.cpp; + refType = 4; + }; + F5786211022F1B9C01CA2E64 = { + fileRef = F5786210022F1B9C01CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786212022F1BA801CA2E64 = { + isa = PBXFileReference; + path = SecTrust.cpp; + refType = 4; + }; + F5786213022F1BA801CA2E64 = { + fileRef = F5786212022F1BA801CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786214022F1BB601CA2E64 = { + isa = PBXFileReference; + path = SecTrustedApplication.cpp; + refType = 4; + }; + F5786215022F1BB601CA2E64 = { + fileRef = F5786214022F1BB601CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786216022F1DA301CA2E64 = { + isa = PBXFileReference; + path = SecBridge.h; + refType = 4; + }; + F5786217022F1DA301CA2E64 = { + fileRef = F5786216022F1DA301CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F5786222022F2D9701CA2E64 = { + children = ( + F54323BD022DC98301CA2E64, + F54323BE022DC98301CA2E64, + F54323BF022DC98301CA2E64, + F54323C0022DC98301CA2E64, + F578623C023024CC01CA2E64, + F578623B023024CC01CA2E64, + 8F7ACD310235805903CA2E8C, + 8F7ACD300235805903CA2E8C, + F5786230022F39A101CA2E64, + F5786231022F39A101CA2E64, + F55B3B470230375401CA2E64, + F55B3B460230375401CA2E64, + 5BA4A42D01F4E3F504CA2E82, + 5BA4A42E01F4E3F504CA2E82, + F5786225022F32E001CA2E64, + F5786224022F32E001CA2E64, + 0177F292FFFAA2D311CD283A, + 0177F293FFFAA2D311CD283A, + 0177F29CFFFAA2D311CD283A, + 0177F29DFFFAA2D311CD283A, + 0177F2B7FFFAA2D311CD283A, + 0177F2B8FFFAA2D311CD283A, + F55B3B4B02303B2A01CA2E64, + F55B3B4A02303B2A01CA2E64, + F5786237022F48C601CA2E64, + F5786238022F48C601CA2E64, + F578622D022F37EB01CA2E64, + F578622C022F37EB01CA2E64, + 0177F286FFFAA2D311CD283A, + 0177F287FFFAA2D311CD283A, + 0177F290FFFAA2D311CD283A, + 0177F291FFFAA2D311CD283A, + 0177F2D6FFFAA2D311CD283A, + 0177F2D7FFFAA2D311CD283A, + F55B3B4F0230448601CA2E64, + F55B3B4E0230448601CA2E64, + F55B3B7A02304A6001CA2E64, + F55B3B7902304A6001CA2E64, + ); + isa = PBXGroup; + name = "API Classes"; + refType = 4; + }; + F5786223022F2DDB01CA2E64 = { + children = ( + 0177F269FFFAA2D311CD283A, + 0177F26AFFFAA2D311CD283A, + 0177F27EFFFAA2D311CD283A, + 0177F27FFFFAA2D311CD283A, + 0177F28AFFFAA2D311CD283A, + 0177F28BFFFAA2D311CD283A, + 0177F29EFFFAA2D311CD283A, + 0177F29FFFFAA2D311CD283A, + 0177F2A0FFFAA2D311CD283A, + 0177F2A1FFFAA2D311CD283A, + 0177F2A2FFFAA2D311CD283A, + 0177F352FFFAC61911CD283A, + 0177F353FFFAC61911CD283A, + 0177F2C6FFFAA2D311CD283A, + 0177F2C7FFFAA2D311CD283A, + 0177F2C9FFFAA2D311CD283A, + F579CFD900E99FC401CD283A, + 0177F2CDFFFAA2D311CD283A, + 0177F2D2FFFAA2D311CD283A, + 0177F2D1FFFAA2D311CD283A, + 0177F2D3FFFAA2D311CD283A, + 3244148C023837A505CA2E77, + 3244148D023837A505CA2E77, + 3206D1FB029996FC05CA2E77, + 3206D1FC029996FC05CA2E77, + ); + isa = PBXGroup; + name = Internal; + path = ""; + refType = 4; + }; + F5786224022F32E001CA2E64 = { + isa = PBXFileReference; + path = IdentityCursor.h; + refType = 4; + }; + F5786225022F32E001CA2E64 = { + isa = PBXFileReference; + path = IdentityCursor.cpp; + refType = 4; + }; + F5786226022F32E001CA2E64 = { + fileRef = F5786224022F32E001CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F5786227022F32E001CA2E64 = { + fileRef = F5786225022F32E001CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F578622C022F37EB01CA2E64 = { + isa = PBXFileReference; + path = PolicyCursor.h; + refType = 4; + }; + F578622D022F37EB01CA2E64 = { + isa = PBXFileReference; + path = PolicyCursor.cpp; + refType = 4; + }; + F578622E022F37EB01CA2E64 = { + fileRef = F578622C022F37EB01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F578622F022F37EB01CA2E64 = { + fileRef = F578622D022F37EB01CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786230022F39A101CA2E64 = { + isa = PBXFileReference; + path = Certificate.cpp; + refType = 4; + }; + F5786231022F39A101CA2E64 = { + isa = PBXFileReference; + path = Certificate.h; + refType = 4; + }; + F5786232022F39A101CA2E64 = { + fileRef = F5786230022F39A101CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5786233022F39A101CA2E64 = { + fileRef = F5786231022F39A101CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F5786237022F48C601CA2E64 = { + isa = PBXFileReference; + path = Policies.cpp; + refType = 4; + }; + F5786238022F48C601CA2E64 = { + isa = PBXFileReference; + path = Policies.h; + refType = 4; + }; + F5786239022F48C601CA2E64 = { + fileRef = F5786237022F48C601CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F578623A022F48C601CA2E64 = { + fileRef = F5786238022F48C601CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F578623B023024CC01CA2E64 = { + isa = PBXFileReference; + path = Access.h; + refType = 4; + }; + F578623C023024CC01CA2E64 = { + isa = PBXFileReference; + path = Access.cpp; + refType = 4; + }; + F578623D023024CC01CA2E64 = { + fileRef = F578623B023024CC01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F578623E023024CC01CA2E64 = { + fileRef = F578623C023024CC01CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F579CFD900E99FC401CD283A = { + isa = PBXFileReference; + path = Schema.m4; + refType = 4; + }; + F58785C800FB965F01CD29D4 = { + isa = PBXFileReference; + name = checkpw.c; + path = checkpw/checkpw.c; + refType = 2; + }; + F58785C900FB965F01CD29D4 = { + isa = PBXFileReference; + name = checkpw.h; + path = checkpw/checkpw.h; + refType = 2; + }; + F58785CA00FB966001CD29D4 = { + fileRef = F58785C900FB965F01CD29D4; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F58785CB00FB966001CD29D4 = { + fileRef = F58785C800FB965F01CD29D4; + isa = PBXBuildFile; + settings = { + }; + }; + F5A5E50E00FB884E01CD29D4 = { + children = ( + F58785C800FB965F01CD29D4, + F58785C900FB965F01CD29D4, + ); + isa = PBXGroup; + name = checkpw; + refType = 4; + }; + F5A7F715023D96EA01CA2E64 = { + isa = PBXFileReference; + path = authorization.plist; + refType = 4; + }; + F5A7F716023D96EA01CA2E64 = { + isa = PBXFileReference; + path = AuthorizationData.cpp; + refType = 4; + }; + F5A7F717023D96EA01CA2E64 = { + isa = PBXFileReference; + path = AuthorizationData.h; + refType = 4; + }; + F5A7F718023D96EA01CA2E64 = { + isa = PBXFileReference; + path = AuthorizationPlugin.h; + refType = 4; + }; + F5A7F71D023D972201CA2E64 = { + fileRef = F5A7F718023D96EA01CA2E64; + isa = PBXBuildFile; + settings = { + ATTRIBUTES = ( + Private, + ); + }; + }; + F5A7F71F023D974E01CA2E64 = { + fileRef = F5A7F716023D96EA01CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5A7F720023D974F01CA2E64 = { + fileRef = F5A7F717023D96EA01CA2E64; + isa = PBXBuildFile; + settings = { + }; + }; + F5DDE3AE00B3358F01CD283A = { + buildActionMask = 12; files = ( ); generatedFileNames = ( ); isa = PBXShellScriptBuildPhase; - name = "Shell Script"; neededFileNames = ( ); shellPath = /bin/sh; diff --git a/SecurityASN1/CVSVersionInfo.txt b/SecurityASN1/CVSVersionInfo.txt index 8f550aba..f56cb45b 100644 --- a/SecurityASN1/CVSVersionInfo.txt +++ b/SecurityASN1/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:59 mb Exp $ -# $Name: Security-30~1 $ +# $Name: $ ProjectName: SecurityASN1 ProjectVersion: 6 diff --git a/SecurityASN1/Makefile b/SecurityASN1/Makefile index 3acdaead..2113cd5c 100644 --- a/SecurityASN1/Makefile +++ b/SecurityASN1/Makefile @@ -4,16 +4,18 @@ ASN1_SRC= sm_vdatypes.asn sm_x501ud.asn sm_x411ub.asn sm_x411mtsas.asn \ sm_x501if.asn sm_x520sa.asn sm_x509cmn.asn sm_x509af.asn \ sm_x509ce.asn pkcs1oids.asn pkcs9oids.asn sm_cms.asn sm_ess.asn \ - pkcs7.asn pkcs8.asn appleoids.asn + pkcs7.asn pkcs8.asn appleoids.asn pkcs10.asn SNACC_SRC= $(SRCROOT)/.. GEN_SRC= $(ASN1_SRC:%.asn=%.cpp) GEN_HDR= $(ASN1_SRC:%.asn=%.h) -ASN_SRC_DIR= $(SRCROOT)/asn -GEN_SRC_DIR= $(SRCROOT)/c++ -GEN_HDR_DIR= $(SRCROOT)/inc +PKCS_HOME=$(shell echo `pwd`) + +ASN_SRC_DIR= $(PKCS_HOME)/asn +GEN_SRC_DIR= $(PKCS_HOME)/c++ +GEN_HDR_DIR= $(PKCS_HOME)/inc VPATH= $(ASN_SRC_DIR) @@ -31,7 +33,7 @@ ASN_USEFUL= asn-useful.asn1 # local build directory, # #LOCAL_BUILD= /Data_and_Apps/dmitchBuild -LOCAL_BUILD= $(SYMROOT) +LOCAL_BUILD= $(BUILT_PRODUCTS_DIR) CFLAGS= -g $(HDR_INCPATH) -DVDADER_RULES LDFLAGS= -lstdc++ -lsnacc++ -L$(LOCAL_BUILD) @@ -42,7 +44,7 @@ SNACC_FLAGS= -C -D -u $(ASN_USEFUL) first: $(GEN_SRC) move_genfiles -$(GEN_SRC): $(ASN1_SRC) +$(GEN_SRC): (cd $(ASN_SRC_DIR); $(SNACC) $(SNACC_FLAGS) $(ASN1_SRC)) move_genfiles: clean_genfiles diff --git a/SecurityASN1/PkcsCms.pbproj/project.pbxproj b/SecurityASN1/PkcsCms.pbproj/project.pbxproj index 0265a122..1fd0b62b 100644 --- a/SecurityASN1/PkcsCms.pbproj/project.pbxproj +++ b/SecurityASN1/PkcsCms.pbproj/project.pbxproj @@ -3,7 +3,7 @@ archiveVersion = 1; classes = { }; - objectVersion = 33; + objectVersion = 36; objects = { 01C17CFFFF16DC3011CD283A = { children = ( @@ -55,20 +55,19 @@ 022D30C7FEF8308ED0A17CE7, 01C17CFFFF16DC3011CD283A, 022D30AFFEF8301ED0A17CE7, - 141E8021FFE9D5767F000001, + 9D8FD570024790F700003D05, ); isa = PBXGroup; refType = 4; }; 022D30AEFEF82D08D0A17CE7 = { - buildArgumentsString = "-f $(SRCROOT)/Makefile $ACTION SRCROOT=$(SRCROOT) SYMROOT=$(SYMROOT)"; + buildArgumentsString = "-f $(SRCROOT)/Makefile $ACTION SRCROOT=$(SRCROOT) BUILT_PRODUCTS_DIR=$(BUILT_PRODUCTS_DIR)"; buildPhases = ( ); buildSettings = { FRAMEWORK_SEARCH_PATHS = ""; HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\""; LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = ""; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; OTHER_REZFLAGS = ""; @@ -108,10 +107,9 @@ DYLIB_CURRENT_VERSION = 1; FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\""; FRAMEWORK_VERSION = A; - HEADER_SEARCH_PATHS = "\"$(SRCROOT)/inc\" \"$(SYMROOT)/SecuritySNACCRuntime.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/SecuritySNACCRuntime.framework/Headers\""; + HEADER_SEARCH_PATHS = "\"$(SRCROOT)/inc\" \"$(BUILT_PRODUCTS_DIR)/SecuritySNACCRuntime.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/SecuritySNACCRuntime.framework/Headers\""; INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = ""; OTHER_CFLAGS = "-DVDADER_RULES"; OTHER_LDFLAGS = "\"-lstdc++\""; OTHER_LIBTOOL_FLAGS = ""; @@ -180,14 +178,12 @@ 022D30E5FEF8308ED0A17CE7, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 022D30B3FEF8301ED0A17CE7 = { buildActionMask = 2147483647; files = ( ); isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; }; 022D30B4FEF8301ED0A17CE7 = { buildActionMask = 2147483647; @@ -209,23 +205,20 @@ 022D30F4FEF8308ED0A17CE7, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 022D30B5FEF8301ED0A17CE7 = { buildActionMask = 2147483647; files = ( 01C17D01FF16DC3011CD283A, - 141E8022FFE9D5767F000001, + 9D8FD66D024790F800003D05, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 022D30B6FEF8301ED0A17CE7 = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; 022D30B7FEF8308ED0A17CE7 = { children = ( @@ -714,7 +707,6 @@ FRAMEWORK_SEARCH_PATHS = ""; HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\""; LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = ""; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; OTHER_REZFLAGS = ""; @@ -754,28 +746,6 @@ //052 //053 //054 -//140 -//141 -//142 -//143 -//144 - 141E8021FFE9D5767F000001 = { - isa = PBXFrameworkReference; - name = cdsa_utilities.framework; - path = /System/Library/PrivateFrameworks/cdsa_utilities.framework; - refType = 0; - }; - 141E8022FFE9D5767F000001 = { - fileRef = 141E8021FFE9D5767F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//140 -//141 -//142 -//143 -//144 //2B0 //2B1 //2B2 @@ -786,7 +756,7 @@ ); buildSettings = { COPY_PHASE_STRIP = NO; - OPTIMIZATION_CFLAGS = ""; + OPTIMIZATION_CFLAGS = "-O0"; }; isa = PBXBuildStyle; name = Development; @@ -800,6 +770,28 @@ isa = PBXBuildStyle; name = Deployment; }; +//2B0 +//2B1 +//2B2 +//2B3 +//2B4 +//9D0 +//9D1 +//9D2 +//9D3 +//9D4 + 9D8FD570024790F700003D05 = { + isa = PBXFrameworkReference; + name = Security.framework; + path = /System/Library/Frameworks/Security.framework; + refType = 0; + }; + 9D8FD66D024790F800003D05 = { + fileRef = 9D8FD570024790F700003D05; + isa = PBXBuildFile; + settings = { + }; + }; }; rootObject = 022D30ACFEF82B87D0A17CE7; } diff --git a/SecurityASN1/asn/appleoids.asn b/SecurityASN1/asn/appleoids.asn index b8d961fe..f21ccb43 100644 --- a/SecurityASN1/asn/appleoids.asn +++ b/SecurityASN1/asn/appleoids.asn @@ -6,6 +6,8 @@ BEGIN IMPORTS BigIntegerStr FROM VdaEnhancedTypes + pkcs + FROM PKCS1-OIDS ; -- base OIDs for Apple, Apple Data Security @@ -31,6 +33,10 @@ appleFeed OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 5 } appleFeedExp OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 6 } appleECDSA OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 7 } +-- PKCS3 OIDs +pkcs-3 OBJECT IDENTIFIER ::= { pkcs 3 } +dhKeyAgreement OBJECT IDENTIFIER ::= { pkcs-3 1 } + -- FEE ElGamal-style signature FEEElGamalSignature ::= SEQUENCE { u BigIntegerStr, @@ -163,5 +169,27 @@ DSAAlgParams ::= SEQUENCE g BigIntegerStr } +-- Diffie Hellman per PKCS3 + +DHPrivateKey ::= SEQUENCE +{ + dHOid OBJECT IDENTIFIER, -- dhKeyAgreement + params DHParameter, + secretPart BigIntegerStr +} + +DHParameterBlock ::= SEQUENCE +{ + oid OBJECT IDENTIFIER, -- pkcs-3 + params DHParameter +} + +DHParameter ::= SEQUENCE +{ + prime BigIntegerStr, -- p + base BigIntegerStr, -- g + privateValueLength BigIntegerStr OPTIONAL +} + END -- APPLE-OIDS diff --git a/SecurityASN1/asn/pkcs10.asn b/SecurityASN1/asn/pkcs10.asn new file mode 100644 index 00000000..73fdb819 --- /dev/null +++ b/SecurityASN1/asn/pkcs10.asn @@ -0,0 +1,53 @@ +-- PKCS10 ASN module + +PKCS5 +DEFINITIONS IMPLICIT TAGS ::= +BEGIN +-- EXPORTS All -- + +IMPORTS + -- Directory Information Framework (X.501) + Name, Attribute, Attributes + FROM InformationFramework + + -- Directory Authentication Framework (X.509) + AlgorithmIdentifier, SubjectPublicKeyInfo + FROM AuthenticationFramework + + -- CryptographicMessageSyntax (draft-ietf-smime-cms-13) + Signature, SignatureAlgorithmIdentifier + FROM CryptographicMessageSyntax +; + +CertificationRequestInfo ::= SEQUENCE { + version VersionP10, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + attributes [0] IMPLICIT Attributes +} + +VersionP10 ::= INTEGER +-- redefined, same as InformationFramework (sm_x501if.asn) +-- Attributes ::= SET OF Attribute + +-- Per PKCS10 spec +CertificationRequest ::= SEQUENCE { + certificationRequestInfo CertificationRequestInfo, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature Signature +} + +-- This is what we actually use to avoid unnecessary +-- setup and teardown of CertificationRequestInfo when +-- signing and verifying +CertificationRequestSigned ::= SEQUENCE { + certificationRequestInfo ANY, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature Signature +} + +-- duplicated from CryptographicMessageSyntax +-- SignatureAlgorithmIdentifier ::= AlgorithmIdentifier +-- Signature ::= BIT STRING + +END -- PKCS10 diff --git a/SecurityASN1/c++/appleoids.cpp b/SecurityASN1/c++/appleoids.cpp index 9349cb1f..3fe998bb 100644 --- a/SecurityASN1/c++/appleoids.cpp +++ b/SecurityASN1/c++/appleoids.cpp @@ -2,7 +2,7 @@ // // appleoids.cpp - class member functions for ASN.1 module APPLE-OIDS // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -130,7 +131,7 @@ void DSABsafeParams::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -143,7 +144,7 @@ void DSABsafeParams::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -156,7 +157,7 @@ void DSABsafeParams::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -168,7 +169,7 @@ void DSABsafeParams::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } bytesDecoded += seqBytesDecoded; @@ -180,7 +181,7 @@ void DSABsafeParams::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } else return; @@ -203,33 +204,12 @@ void DSABsafeParams::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DSABsafeParams::BDec: ERROR - wrong tag" << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DSABsafeParams::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DSABsafeParams::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DSABsafeParams::Print (ostream &os) const { #ifndef NDEBUG @@ -271,6 +251,232 @@ void DSABsafeParams::Print (ostream &os) const } // DSABsafeParams::Print +DHParameter::DHParameter() +{ + privateValueLength = NULL; +} + +DHParameter::DHParameter (const DHParameter &) +{ + Asn1Error << "use of incompletely defined DHParameter::DHParameter (const DHParameter &)" << endl; + abort(); +} + +DHParameter::~DHParameter() +{ + delete privateValueLength; +} + +AsnType *DHParameter::Clone() const +{ + return new DHParameter; +} + +AsnType *DHParameter::Copy() const +{ + return new DHParameter (*this); +} + +#if SNACC_DEEP_COPY +DHParameter &DHParameter::operator = (const DHParameter &that) +#else // SNACC_DEEP_COPY +DHParameter &DHParameter::operator = (const DHParameter &) +#endif // SNACC_DEEP_COPY +{ +#if SNACC_DEEP_COPY + if (this != &that) + { + prime = that.prime; + base = that.base; + if (that.privateValueLength) + { + if (!privateValueLength) + privateValueLength = new BigIntegerStr; + *privateValueLength = *that.privateValueLength; + } + else + { + delete privateValueLength; + privateValueLength = NULL; + } + } + + return *this; +#else // SNACC_DEEP_COPY + Asn1Error << "use of incompletely defined DHParameter &DHParameter::operator = (const DHParameter &)" << endl; + abort(); + // if your compiler complains here, check the -novolat option +#endif // SNACC_DEEP_COPY +} + +AsnLen +DHParameter::BEncContent (BUF_TYPE b) +{ + AsnLen totalLen = 0; + AsnLen l; + + if (NOT_NULL (privateValueLength)) + { + l = privateValueLength->BEncContent (b); + l += BEncDefLen (b, l); + + l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE); + totalLen += l; + } + + l = base.BEncContent (b); + l += BEncDefLen (b, l); + + l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE); + totalLen += l; + + l = prime.BEncContent (b); + l += BEncDefLen (b, l); + + l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE); + totalLen += l; + + return totalLen; +} // DHParameter::BEncContent + + +void DHParameter::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag1; + AsnLen seqBytesDecoded = 0; + AsnLen elmtLen1; + tag1 = BDecTag (b, seqBytesDecoded, env); + + if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) + || (tag1 == MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + prime.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-106); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) + || (tag1 == MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + base.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + if (seqBytesDecoded == elmtLen0) + { + bytesDecoded += seqBytesDecoded; + return; + } + else + { + tag1 = BDecTag (b, seqBytesDecoded, env); + + if ((elmtLen0 == INDEFINITE_LEN) && (tag1 == EOC_TAG_ID)) + { + BDEC_2ND_EOC_OCTET (b, seqBytesDecoded, env) + bytesDecoded += seqBytesDecoded; + return; + } + } + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-107); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) + || (tag1 == MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + privateValueLength = new BigIntegerStr; + privateValueLength->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + } + + bytesDecoded += seqBytesDecoded; + if (elmtLen0 == INDEFINITE_LEN) + { + BDecEoc (b, bytesDecoded, env); + return; + } + else if (seqBytesDecoded != elmtLen0) + { + Asn1Error << "ERROR - Length discrepancy on sequence." << endl; + SnaccExcep::throwMe(-108); + } + else + return; +} // DHParameter::BDecContent + +AsnLen DHParameter::BEnc (BUF_TYPE b) +{ + AsnLen l; + l = BEncContent (b); + l += BEncConsLen (b, l); + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + return l; +} + +void DHParameter::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag; + AsnLen elmtLen1; + + if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) + { + Asn1Error << "DHParameter::BDec: ERROR - wrong tag" << endl; + SnaccExcep::throwMe(-109); + } + elmtLen1 = BDecLen (b, bytesDecoded, env); + BDecContent (b, tag, elmtLen1, bytesDecoded, env); +} + +void DHParameter::Print (ostream &os) const +{ +#ifndef NDEBUG + os << "{ -- SEQUENCE --" << endl; + indentG += stdIndentG; + + { + Indent (os, indentG); + os << "prime "; + os << prime; + os << "," << endl; + } + + { + Indent (os, indentG); + os << "base "; + os << base; + os << "," << endl; + } + + if (NOT_NULL (privateValueLength)) + { + os << ","<< endl; + Indent (os, indentG); + os << "privateValueLength "; + os << *privateValueLength; + } + else + { + Indent (os, indentG); + os << "privateValueLength "; + os << "-- void --"; + os << endl; + } + + os << endl; + indentG -= stdIndentG; + Indent (os, indentG); + os << "}"; +#endif /* NDEBUG */ +} // DHParameter::Print + + FEECurveParameters::FEECurveParameters() { basePrime = NULL; @@ -465,7 +671,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-110); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))) @@ -477,7 +683,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-111); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))) @@ -489,7 +695,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -108); + SnaccExcep::throwMe(-112); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))) @@ -501,7 +707,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -109); + SnaccExcep::throwMe(-113); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))) @@ -513,7 +719,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -110); + SnaccExcep::throwMe(-114); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -526,7 +732,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -111); + SnaccExcep::throwMe(-115); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -539,7 +745,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -112); + SnaccExcep::throwMe(-116); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -552,7 +758,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -113); + SnaccExcep::throwMe(-117); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -565,7 +771,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -114); + SnaccExcep::throwMe(-118); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -578,7 +784,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -115); + SnaccExcep::throwMe(-119); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -591,7 +797,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -116); + SnaccExcep::throwMe(-120); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -604,7 +810,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -117); + SnaccExcep::throwMe(-121); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -617,7 +823,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -118); + SnaccExcep::throwMe(-122); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -645,7 +851,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -119); + SnaccExcep::throwMe(-123); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -665,7 +871,7 @@ void FEECurveParameters::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -120); + SnaccExcep::throwMe(-124); } else return; @@ -688,33 +894,12 @@ void FEECurveParameters::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "FEECurveParameters::BDec: ERROR - wrong tag" << endl; - longjmp (env, -121); + SnaccExcep::throwMe(-125); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int FEECurveParameters::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int FEECurveParameters::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void FEECurveParameters::Print (ostream &os) const { #ifndef NDEBUG @@ -942,7 +1127,7 @@ void DSAAlgorithmId::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -122); + SnaccExcep::throwMe(-126); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -954,7 +1139,7 @@ void DSAAlgorithmId::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -123); + SnaccExcep::throwMe(-127); } bytesDecoded += seqBytesDecoded; @@ -966,7 +1151,7 @@ void DSAAlgorithmId::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -124); + SnaccExcep::throwMe(-128); } else return; @@ -989,33 +1174,12 @@ void DSAAlgorithmId::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DSAAlgorithmId::BDec: ERROR - wrong tag" << endl; - longjmp (env, -125); + SnaccExcep::throwMe(-129); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DSAAlgorithmId::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DSAAlgorithmId::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DSAAlgorithmId::Print (ostream &os) const { #ifndef NDEBUG @@ -1135,7 +1299,7 @@ void FEEElGamalSignature::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -126); + SnaccExcep::throwMe(-130); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -1147,7 +1311,7 @@ void FEEElGamalSignature::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -127); + SnaccExcep::throwMe(-131); } bytesDecoded += seqBytesDecoded; @@ -1159,7 +1323,7 @@ void FEEElGamalSignature::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -128); + SnaccExcep::throwMe(-132); } else return; @@ -1182,33 +1346,12 @@ void FEEElGamalSignature::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "FEEElGamalSignature::BDec: ERROR - wrong tag" << endl; - longjmp (env, -129); + SnaccExcep::throwMe(-133); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int FEEElGamalSignature::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int FEEElGamalSignature::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void FEEElGamalSignature::Print (ostream &os) const { #ifndef NDEBUG @@ -1320,7 +1463,7 @@ void FEEECDSASignature::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -130); + SnaccExcep::throwMe(-134); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -1332,7 +1475,7 @@ void FEEECDSASignature::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -131); + SnaccExcep::throwMe(-135); } bytesDecoded += seqBytesDecoded; @@ -1344,7 +1487,7 @@ void FEEECDSASignature::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -132); + SnaccExcep::throwMe(-136); } else return; @@ -1367,33 +1510,12 @@ void FEEECDSASignature::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "FEEECDSASignature::BDec: ERROR - wrong tag" << endl; - longjmp (env, -133); + SnaccExcep::throwMe(-137); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int FEEECDSASignature::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int FEEECDSASignature::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void FEEECDSASignature::Print (ostream &os) const { #ifndef NDEBUG @@ -1558,7 +1680,7 @@ void FEEPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -134); + SnaccExcep::throwMe(-138); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -1571,7 +1693,7 @@ void FEEPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -135); + SnaccExcep::throwMe(-139); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -1584,7 +1706,7 @@ void FEEPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -136); + SnaccExcep::throwMe(-140); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -1612,7 +1734,7 @@ void FEEPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -137); + SnaccExcep::throwMe(-141); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -1632,7 +1754,7 @@ void FEEPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -138); + SnaccExcep::throwMe(-142); } else return; @@ -1655,33 +1777,12 @@ void FEEPublicKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "FEEPublicKey::BDec: ERROR - wrong tag" << endl; - longjmp (env, -139); + SnaccExcep::throwMe(-143); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int FEEPublicKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int FEEPublicKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void FEEPublicKey::Print (ostream &os) const { #ifndef NDEBUG @@ -1854,7 +1955,7 @@ void FEEPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -140); + SnaccExcep::throwMe(-144); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -1867,7 +1968,7 @@ void FEEPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -141); + SnaccExcep::throwMe(-145); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -1879,7 +1980,7 @@ void FEEPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -142); + SnaccExcep::throwMe(-146); } bytesDecoded += seqBytesDecoded; @@ -1891,7 +1992,7 @@ void FEEPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -143); + SnaccExcep::throwMe(-147); } else return; @@ -1914,33 +2015,12 @@ void FEEPrivateKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "FEEPrivateKey::BDec: ERROR - wrong tag" << endl; - longjmp (env, -144); + SnaccExcep::throwMe(-148); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int FEEPrivateKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int FEEPrivateKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void FEEPrivateKey::Print (ostream &os) const { #ifndef NDEBUG @@ -2090,7 +2170,7 @@ void DSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -145); + SnaccExcep::throwMe(-149); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -2103,7 +2183,7 @@ void DSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -146); + SnaccExcep::throwMe(-150); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -2115,7 +2195,7 @@ void DSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -147); + SnaccExcep::throwMe(-151); } bytesDecoded += seqBytesDecoded; @@ -2127,7 +2207,7 @@ void DSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -148); + SnaccExcep::throwMe(-152); } else return; @@ -2150,33 +2230,12 @@ void DSAPrivateKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DSAPrivateKey::BDec: ERROR - wrong tag" << endl; - longjmp (env, -149); + SnaccExcep::throwMe(-153); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DSAPrivateKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DSAPrivateKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DSAPrivateKey::Print (ostream &os) const { #ifndef NDEBUG @@ -2319,7 +2378,7 @@ void DSAPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -150); + SnaccExcep::throwMe(-154); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) @@ -2331,7 +2390,7 @@ void DSAPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -151); + SnaccExcep::throwMe(-155); } bytesDecoded += seqBytesDecoded; @@ -2343,7 +2402,7 @@ void DSAPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -152); + SnaccExcep::throwMe(-156); } else return; @@ -2366,33 +2425,12 @@ void DSAPublicKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DSAPublicKey::BDec: ERROR - wrong tag" << endl; - longjmp (env, -153); + SnaccExcep::throwMe(-157); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DSAPublicKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DSAPublicKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DSAPublicKey::Print (ostream &os) const { #ifndef NDEBUG @@ -2503,7 +2541,7 @@ void DSAPrivateKeyOcts::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -154); + SnaccExcep::throwMe(-158); } bytesDecoded += seqBytesDecoded; @@ -2515,7 +2553,7 @@ void DSAPrivateKeyOcts::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -155); + SnaccExcep::throwMe(-159); } else return; @@ -2538,33 +2576,12 @@ void DSAPrivateKeyOcts::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DSAPrivateKeyOcts::BDec: ERROR - wrong tag" << endl; - longjmp (env, -156); + SnaccExcep::throwMe(-160); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DSAPrivateKeyOcts::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DSAPrivateKeyOcts::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DSAPrivateKeyOcts::Print (ostream &os) const { #ifndef NDEBUG @@ -2669,7 +2686,7 @@ void DSASignature::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -157); + SnaccExcep::throwMe(-161); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -2681,7 +2698,7 @@ void DSASignature::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -158); + SnaccExcep::throwMe(-162); } bytesDecoded += seqBytesDecoded; @@ -2693,7 +2710,7 @@ void DSASignature::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -159); + SnaccExcep::throwMe(-163); } else return; @@ -2716,33 +2733,12 @@ void DSASignature::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DSASignature::BDec: ERROR - wrong tag" << endl; - longjmp (env, -160); + SnaccExcep::throwMe(-164); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DSASignature::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DSASignature::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DSASignature::Print (ostream &os) const { #ifndef NDEBUG @@ -2861,7 +2857,7 @@ void DSAAlgParams::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -161); + SnaccExcep::throwMe(-165); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -2874,7 +2870,7 @@ void DSAAlgParams::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -162); + SnaccExcep::throwMe(-166); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -2886,7 +2882,7 @@ void DSAAlgParams::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -163); + SnaccExcep::throwMe(-167); } bytesDecoded += seqBytesDecoded; @@ -2898,7 +2894,7 @@ void DSAAlgParams::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -164); + SnaccExcep::throwMe(-168); } else return; @@ -2921,34 +2917,220 @@ void DSAAlgParams::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DSAAlgParams::BDec: ERROR - wrong tag" << endl; - longjmp (env, -165); + SnaccExcep::throwMe(-169); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DSAAlgParams::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) +void DSAAlgParams::Print (ostream &os) const +{ +#ifndef NDEBUG + os << "{ -- SEQUENCE --" << endl; + indentG += stdIndentG; + + { + Indent (os, indentG); + os << "p "; + os << p; + os << "," << endl; + } + + { + Indent (os, indentG); + os << "q "; + os << q; + os << "," << endl; + } + + { + Indent (os, indentG); + os << "g "; + os << g; + } + + os << endl; + indentG -= stdIndentG; + Indent (os, indentG); + os << "}"; +#endif /* NDEBUG */ +} // DSAAlgParams::Print + + +DHPrivateKey::DHPrivateKey() +{ +#if TCL + params = new DHParameter; +#else + params = NULL; // incomplete initialization of mandatory element! +#endif // TCL +} + +DHPrivateKey::DHPrivateKey (const DHPrivateKey &) +{ + Asn1Error << "use of incompletely defined DHPrivateKey::DHPrivateKey (const DHPrivateKey &)" << endl; + abort(); +} + +DHPrivateKey::~DHPrivateKey() { - bytesEncoded = BEnc (b); - return !b.WriteError(); + delete params; +} + +AsnType *DHPrivateKey::Clone() const +{ + return new DHPrivateKey; } -int DSAAlgParams::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) +AsnType *DHPrivateKey::Copy() const { - ENV_TYPE env; - int val; + return new DHPrivateKey (*this); +} - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) +#if SNACC_DEEP_COPY +DHPrivateKey &DHPrivateKey::operator = (const DHPrivateKey &that) +#else // SNACC_DEEP_COPY +DHPrivateKey &DHPrivateKey::operator = (const DHPrivateKey &) +#endif // SNACC_DEEP_COPY +{ +#if SNACC_DEEP_COPY + if (this != &that) + { + dHOid = that.dHOid; + if (that.params) { - BDec (b, bytesDecoded, env); - return !b.ReadError(); + if (!params) + params = new DHParameter; + *params = *that.params; } else - return false; + { + delete params; + params = NULL; + } + secretPart = that.secretPart; + } + + return *this; +#else // SNACC_DEEP_COPY + Asn1Error << "use of incompletely defined DHPrivateKey &DHPrivateKey::operator = (const DHPrivateKey &)" << endl; + abort(); + // if your compiler complains here, check the -novolat option +#endif // SNACC_DEEP_COPY } -void DSAAlgParams::Print (ostream &os) const +AsnLen +DHPrivateKey::BEncContent (BUF_TYPE b) +{ + AsnLen totalLen = 0; + AsnLen l; + + l = secretPart.BEncContent (b); + l += BEncDefLen (b, l); + + l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE); + totalLen += l; + + BEncEocIfNec (b); + l = params->BEncContent (b); + l += BEncConsLen (b, l); + + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + totalLen += l; + + l = dHOid.BEncContent (b); + l += BEncDefLen (b, l); + + l += BEncTag1 (b, UNIV, PRIM, OID_TAG_CODE); + totalLen += l; + + return totalLen; +} // DHPrivateKey::BEncContent + + +void DHPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag1; + AsnLen seqBytesDecoded = 0; + AsnLen elmtLen1; + tag1 = BDecTag (b, seqBytesDecoded, env); + + if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + dHOid.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-170); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + params = new DHParameter; + params->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-171); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) + || (tag1 == MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + secretPart.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-172); + } + + bytesDecoded += seqBytesDecoded; + if (elmtLen0 == INDEFINITE_LEN) + { + BDecEoc (b, bytesDecoded, env); + return; + } + else if (seqBytesDecoded != elmtLen0) + { + Asn1Error << "ERROR - Length discrepancy on sequence." << endl; + SnaccExcep::throwMe(-173); + } + else + return; +} // DHPrivateKey::BDecContent + +AsnLen DHPrivateKey::BEnc (BUF_TYPE b) +{ + AsnLen l; + l = BEncContent (b); + l += BEncConsLen (b, l); + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + return l; +} + +void DHPrivateKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag; + AsnLen elmtLen1; + + if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) + { + Asn1Error << "DHPrivateKey::BDec: ERROR - wrong tag" << endl; + SnaccExcep::throwMe(-174); + } + elmtLen1 = BDecLen (b, bytesDecoded, env); + BDecContent (b, tag, elmtLen1, bytesDecoded, env); +} + +void DHPrivateKey::Print (ostream &os) const { #ifndef NDEBUG os << "{ -- SEQUENCE --" << endl; @@ -2956,22 +3138,29 @@ void DSAAlgParams::Print (ostream &os) const { Indent (os, indentG); - os << "p "; - os << p; + os << "dHOid "; + os << dHOid; os << "," << endl; } + if (NOT_NULL (params)) { Indent (os, indentG); - os << "q "; - os << q; + os << "params "; + os << *params; + } + else + { + Indent (os, indentG); + os << "params "; + os << "-- void --"; os << "," << endl; } { Indent (os, indentG); - os << "g "; - os << g; + os << "secretPart "; + os << secretPart; } os << endl; @@ -2979,6 +3168,194 @@ void DSAAlgParams::Print (ostream &os) const Indent (os, indentG); os << "}"; #endif /* NDEBUG */ -} // DSAAlgParams::Print +} // DHPrivateKey::Print + + +DHParameterBlock::DHParameterBlock() +{ +#if TCL + params = new DHParameter; +#else + params = NULL; // incomplete initialization of mandatory element! +#endif // TCL +} + +DHParameterBlock::DHParameterBlock (const DHParameterBlock &) +{ + Asn1Error << "use of incompletely defined DHParameterBlock::DHParameterBlock (const DHParameterBlock &)" << endl; + abort(); +} + +DHParameterBlock::~DHParameterBlock() +{ + delete params; +} + +AsnType *DHParameterBlock::Clone() const +{ + return new DHParameterBlock; +} + +AsnType *DHParameterBlock::Copy() const +{ + return new DHParameterBlock (*this); +} + +#if SNACC_DEEP_COPY +DHParameterBlock &DHParameterBlock::operator = (const DHParameterBlock &that) +#else // SNACC_DEEP_COPY +DHParameterBlock &DHParameterBlock::operator = (const DHParameterBlock &) +#endif // SNACC_DEEP_COPY +{ +#if SNACC_DEEP_COPY + if (this != &that) + { + oid = that.oid; + if (that.params) + { + if (!params) + params = new DHParameter; + *params = *that.params; + } + else + { + delete params; + params = NULL; + } + } + + return *this; +#else // SNACC_DEEP_COPY + Asn1Error << "use of incompletely defined DHParameterBlock &DHParameterBlock::operator = (const DHParameterBlock &)" << endl; + abort(); + // if your compiler complains here, check the -novolat option +#endif // SNACC_DEEP_COPY +} + +AsnLen +DHParameterBlock::BEncContent (BUF_TYPE b) +{ + AsnLen totalLen = 0; + AsnLen l; + + BEncEocIfNec (b); + l = params->BEncContent (b); + l += BEncConsLen (b, l); + + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + totalLen += l; + + l = oid.BEncContent (b); + l += BEncDefLen (b, l); + + l += BEncTag1 (b, UNIV, PRIM, OID_TAG_CODE); + totalLen += l; + + return totalLen; +} // DHParameterBlock::BEncContent + + +void DHParameterBlock::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag1; + AsnLen seqBytesDecoded = 0; + AsnLen elmtLen1; + tag1 = BDecTag (b, seqBytesDecoded, env); + + if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + oid.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-175); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + params = new DHParameter; + params->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-176); + } + + bytesDecoded += seqBytesDecoded; + if (elmtLen0 == INDEFINITE_LEN) + { + BDecEoc (b, bytesDecoded, env); + return; + } + else if (seqBytesDecoded != elmtLen0) + { + Asn1Error << "ERROR - Length discrepancy on sequence." << endl; + SnaccExcep::throwMe(-177); + } + else + return; +} // DHParameterBlock::BDecContent + +AsnLen DHParameterBlock::BEnc (BUF_TYPE b) +{ + AsnLen l; + l = BEncContent (b); + l += BEncConsLen (b, l); + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + return l; +} + +void DHParameterBlock::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag; + AsnLen elmtLen1; + + if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) + { + Asn1Error << "DHParameterBlock::BDec: ERROR - wrong tag" << endl; + SnaccExcep::throwMe(-178); + } + elmtLen1 = BDecLen (b, bytesDecoded, env); + BDecContent (b, tag, elmtLen1, bytesDecoded, env); +} + +void DHParameterBlock::Print (ostream &os) const +{ +#ifndef NDEBUG + os << "{ -- SEQUENCE --" << endl; + indentG += stdIndentG; + + { + Indent (os, indentG); + os << "oid "; + os << oid; + os << "," << endl; + } + + if (NOT_NULL (params)) + { + Indent (os, indentG); + os << "params "; + os << *params; + } + else + { + Indent (os, indentG); + os << "params "; + os << "-- void --"; + os << endl; + } + + os << endl; + indentG -= stdIndentG; + Indent (os, indentG); + os << "}"; +#endif /* NDEBUG */ +} // DHParameterBlock::Print diff --git a/SecurityASN1/c++/pkcs10.cpp b/SecurityASN1/c++/pkcs10.cpp new file mode 100644 index 00000000..dbc3a9b5 --- /dev/null +++ b/SecurityASN1/c++/pkcs10.cpp @@ -0,0 +1,738 @@ +// NOTE: this is a machine generated file--editing not recommended +// +// pkcs10.cpp - class member functions for ASN.1 module PKCS5 +// +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 +// UBC snacc written by Mike Sample +// A couple of enhancements made by IBM European Networking Center + + +#include "asn-incl.h" +#include "sm_vdatypes.h" +#include "sm_x501ud.h" +#include "sm_x411ub.h" +#include "sm_x411mtsas.h" +#include "sm_x501if.h" +#include "sm_x520sa.h" +#include "sm_x509cmn.h" +#include "sm_x509af.h" +#include "sm_x509ce.h" +#include "pkcs1oids.h" +#include "pkcs9oids.h" +#include "sm_cms.h" +#include "sm_ess.h" +#include "pkcs7.h" +#include "pkcs8.h" +#include "appleoids.h" +#include "pkcs10.h" + +//------------------------------------------------------------------------------ +// value defs + + +//------------------------------------------------------------------------------ +// class member definitions: + +CertificationRequestInfo::CertificationRequestInfo() +{ +#if TCL + subject = new Name; +#else + subject = NULL; // incomplete initialization of mandatory element! +#endif // TCL +#if TCL + subjectPublicKeyInfo = new SubjectPublicKeyInfo; +#else + subjectPublicKeyInfo = NULL; // incomplete initialization of mandatory element! +#endif // TCL +} + +CertificationRequestInfo::CertificationRequestInfo (const CertificationRequestInfo &) +{ + Asn1Error << "use of incompletely defined CertificationRequestInfo::CertificationRequestInfo (const CertificationRequestInfo &)" << endl; + abort(); +} + +CertificationRequestInfo::~CertificationRequestInfo() +{ + delete subject; + delete subjectPublicKeyInfo; +} + +AsnType *CertificationRequestInfo::Clone() const +{ + return new CertificationRequestInfo; +} + +AsnType *CertificationRequestInfo::Copy() const +{ + return new CertificationRequestInfo (*this); +} + +#if SNACC_DEEP_COPY +CertificationRequestInfo &CertificationRequestInfo::operator = (const CertificationRequestInfo &that) +#else // SNACC_DEEP_COPY +CertificationRequestInfo &CertificationRequestInfo::operator = (const CertificationRequestInfo &) +#endif // SNACC_DEEP_COPY +{ +#if SNACC_DEEP_COPY + if (this != &that) + { + version = that.version; + if (that.subject) + { + if (!subject) + subject = new Name; + *subject = *that.subject; + } + else + { + delete subject; + subject = NULL; + } + if (that.subjectPublicKeyInfo) + { + if (!subjectPublicKeyInfo) + subjectPublicKeyInfo = new SubjectPublicKeyInfo; + *subjectPublicKeyInfo = *that.subjectPublicKeyInfo; + } + else + { + delete subjectPublicKeyInfo; + subjectPublicKeyInfo = NULL; + } + attributes = that.attributes; + } + + return *this; +#else // SNACC_DEEP_COPY + Asn1Error << "use of incompletely defined CertificationRequestInfo &CertificationRequestInfo::operator = (const CertificationRequestInfo &)" << endl; + abort(); + // if your compiler complains here, check the -novolat option +#endif // SNACC_DEEP_COPY +} + +AsnLen +CertificationRequestInfo::BEncContent (BUF_TYPE b) +{ + AsnLen totalLen = 0; + AsnLen l; + + BEncEocIfNec (b); + l = attributes.BEncContent (b); + l += BEncConsLen (b, l); + + l += BEncTag1 (b, CNTX, CONS, 0); + totalLen += l; + + BEncEocIfNec (b); + l = subjectPublicKeyInfo->BEncContent (b); + l += BEncConsLen (b, l); + + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + totalLen += l; + + l = subject->BEncContent (b); + totalLen += l; + + l = version.BEncContent (b); + BEncDefLenTo127 (b, l); + l++; + + l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE); + totalLen += l; + + return totalLen; +} // CertificationRequestInfo::BEncContent + + +void CertificationRequestInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag1; + AsnLen seqBytesDecoded = 0; + AsnLen elmtLen1; + tag1 = BDecTag (b, seqBytesDecoded, env); + + if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + version.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-100); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + subject = new Name; + subject->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-101); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + subjectPublicKeyInfo = new SubjectPublicKeyInfo; + subjectPublicKeyInfo->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-102); + } + + if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + attributes.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-103); + } + + bytesDecoded += seqBytesDecoded; + if (elmtLen0 == INDEFINITE_LEN) + { + BDecEoc (b, bytesDecoded, env); + return; + } + else if (seqBytesDecoded != elmtLen0) + { + Asn1Error << "ERROR - Length discrepancy on sequence." << endl; + SnaccExcep::throwMe(-104); + } + else + return; +} // CertificationRequestInfo::BDecContent + +AsnLen CertificationRequestInfo::BEnc (BUF_TYPE b) +{ + AsnLen l; + l = BEncContent (b); + l += BEncConsLen (b, l); + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + return l; +} + +void CertificationRequestInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag; + AsnLen elmtLen1; + + if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) + { + Asn1Error << "CertificationRequestInfo::BDec: ERROR - wrong tag" << endl; + SnaccExcep::throwMe(-105); + } + elmtLen1 = BDecLen (b, bytesDecoded, env); + BDecContent (b, tag, elmtLen1, bytesDecoded, env); +} + +void CertificationRequestInfo::Print (ostream &os) const +{ +#ifndef NDEBUG + os << "{ -- SEQUENCE --" << endl; + indentG += stdIndentG; + + { + Indent (os, indentG); + os << "version "; + os << version; + os << "," << endl; + } + + if (NOT_NULL (subject)) + { + Indent (os, indentG); + os << "subject "; + os << *subject; + } + else + { + Indent (os, indentG); + os << "subject "; + os << "-- void --"; + os << "," << endl; + } + + if (NOT_NULL (subjectPublicKeyInfo)) + { + Indent (os, indentG); + os << "subjectPublicKeyInfo "; + os << *subjectPublicKeyInfo; + } + else + { + Indent (os, indentG); + os << "subjectPublicKeyInfo "; + os << "-- void --"; + os << "," << endl; + } + + { + Indent (os, indentG); + os << "attributes "; + os << attributes; + } + + os << endl; + indentG -= stdIndentG; + Indent (os, indentG); + os << "}"; +#endif /* NDEBUG */ +} // CertificationRequestInfo::Print + + +CertificationRequest::CertificationRequest() +{ +#if TCL + certificationRequestInfo = new CertificationRequestInfo; +#else + certificationRequestInfo = NULL; // incomplete initialization of mandatory element! +#endif // TCL +#if TCL + signatureAlgorithm = new SignatureAlgorithmIdentifier; +#else + signatureAlgorithm = NULL; // incomplete initialization of mandatory element! +#endif // TCL +} + +CertificationRequest::CertificationRequest (const CertificationRequest &) +{ + Asn1Error << "use of incompletely defined CertificationRequest::CertificationRequest (const CertificationRequest &)" << endl; + abort(); +} + +CertificationRequest::~CertificationRequest() +{ + delete certificationRequestInfo; + delete signatureAlgorithm; +} + +AsnType *CertificationRequest::Clone() const +{ + return new CertificationRequest; +} + +AsnType *CertificationRequest::Copy() const +{ + return new CertificationRequest (*this); +} + +#if SNACC_DEEP_COPY +CertificationRequest &CertificationRequest::operator = (const CertificationRequest &that) +#else // SNACC_DEEP_COPY +CertificationRequest &CertificationRequest::operator = (const CertificationRequest &) +#endif // SNACC_DEEP_COPY +{ +#if SNACC_DEEP_COPY + if (this != &that) + { + if (that.certificationRequestInfo) + { + if (!certificationRequestInfo) + certificationRequestInfo = new CertificationRequestInfo; + *certificationRequestInfo = *that.certificationRequestInfo; + } + else + { + delete certificationRequestInfo; + certificationRequestInfo = NULL; + } + if (that.signatureAlgorithm) + { + if (!signatureAlgorithm) + signatureAlgorithm = new SignatureAlgorithmIdentifier; + *signatureAlgorithm = *that.signatureAlgorithm; + } + else + { + delete signatureAlgorithm; + signatureAlgorithm = NULL; + } + signature = that.signature; + } + + return *this; +#else // SNACC_DEEP_COPY + Asn1Error << "use of incompletely defined CertificationRequest &CertificationRequest::operator = (const CertificationRequest &)" << endl; + abort(); + // if your compiler complains here, check the -novolat option +#endif // SNACC_DEEP_COPY +} + +AsnLen +CertificationRequest::BEncContent (BUF_TYPE b) +{ + AsnLen totalLen = 0; + AsnLen l; + + l = signature.BEncContent (b); + l += BEncDefLen (b, l); + + l += BEncTag1 (b, UNIV, PRIM, BITSTRING_TAG_CODE); + totalLen += l; + + BEncEocIfNec (b); + l = signatureAlgorithm->BEncContent (b); + l += BEncConsLen (b, l); + + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + totalLen += l; + + BEncEocIfNec (b); + l = certificationRequestInfo->BEncContent (b); + l += BEncConsLen (b, l); + + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + totalLen += l; + + return totalLen; +} // CertificationRequest::BEncContent + + +void CertificationRequest::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag1; + AsnLen seqBytesDecoded = 0; + AsnLen elmtLen1; + tag1 = BDecTag (b, seqBytesDecoded, env); + + if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + certificationRequestInfo = new CertificationRequestInfo; + certificationRequestInfo->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-106); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + signatureAlgorithm = new SignatureAlgorithmIdentifier; + signatureAlgorithm->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-107); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) + || (tag1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + signature.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-108); + } + + bytesDecoded += seqBytesDecoded; + if (elmtLen0 == INDEFINITE_LEN) + { + BDecEoc (b, bytesDecoded, env); + return; + } + else if (seqBytesDecoded != elmtLen0) + { + Asn1Error << "ERROR - Length discrepancy on sequence." << endl; + SnaccExcep::throwMe(-109); + } + else + return; +} // CertificationRequest::BDecContent + +AsnLen CertificationRequest::BEnc (BUF_TYPE b) +{ + AsnLen l; + l = BEncContent (b); + l += BEncConsLen (b, l); + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + return l; +} + +void CertificationRequest::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag; + AsnLen elmtLen1; + + if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) + { + Asn1Error << "CertificationRequest::BDec: ERROR - wrong tag" << endl; + SnaccExcep::throwMe(-110); + } + elmtLen1 = BDecLen (b, bytesDecoded, env); + BDecContent (b, tag, elmtLen1, bytesDecoded, env); +} + +void CertificationRequest::Print (ostream &os) const +{ +#ifndef NDEBUG + os << "{ -- SEQUENCE --" << endl; + indentG += stdIndentG; + + if (NOT_NULL (certificationRequestInfo)) + { + Indent (os, indentG); + os << "certificationRequestInfo "; + os << *certificationRequestInfo; + } + else + { + Indent (os, indentG); + os << "certificationRequestInfo "; + os << "-- void --"; + os << "," << endl; + } + + if (NOT_NULL (signatureAlgorithm)) + { + Indent (os, indentG); + os << "signatureAlgorithm "; + os << *signatureAlgorithm; + } + else + { + Indent (os, indentG); + os << "signatureAlgorithm "; + os << "-- void --"; + os << "," << endl; + } + + { + Indent (os, indentG); + os << "signature "; + os << signature; + } + + os << endl; + indentG -= stdIndentG; + Indent (os, indentG); + os << "}"; +#endif /* NDEBUG */ +} // CertificationRequest::Print + + +CertificationRequestSigned::CertificationRequestSigned() +{ +#if TCL + signatureAlgorithm = new SignatureAlgorithmIdentifier; +#else + signatureAlgorithm = NULL; // incomplete initialization of mandatory element! +#endif // TCL +} + +CertificationRequestSigned::CertificationRequestSigned (const CertificationRequestSigned &) +{ + Asn1Error << "use of incompletely defined CertificationRequestSigned::CertificationRequestSigned (const CertificationRequestSigned &)" << endl; + abort(); +} + +CertificationRequestSigned::~CertificationRequestSigned() +{ + delete signatureAlgorithm; +} + +AsnType *CertificationRequestSigned::Clone() const +{ + return new CertificationRequestSigned; +} + +AsnType *CertificationRequestSigned::Copy() const +{ + return new CertificationRequestSigned (*this); +} + +#if SNACC_DEEP_COPY +CertificationRequestSigned &CertificationRequestSigned::operator = (const CertificationRequestSigned &that) +#else // SNACC_DEEP_COPY +CertificationRequestSigned &CertificationRequestSigned::operator = (const CertificationRequestSigned &) +#endif // SNACC_DEEP_COPY +{ +#if SNACC_DEEP_COPY + if (this != &that) + { + certificationRequestInfo = that.certificationRequestInfo; + if (that.signatureAlgorithm) + { + if (!signatureAlgorithm) + signatureAlgorithm = new SignatureAlgorithmIdentifier; + *signatureAlgorithm = *that.signatureAlgorithm; + } + else + { + delete signatureAlgorithm; + signatureAlgorithm = NULL; + } + signature = that.signature; + } + + return *this; +#else // SNACC_DEEP_COPY + Asn1Error << "use of incompletely defined CertificationRequestSigned &CertificationRequestSigned::operator = (const CertificationRequestSigned &)" << endl; + abort(); + // if your compiler complains here, check the -novolat option +#endif // SNACC_DEEP_COPY +} + +AsnLen +CertificationRequestSigned::BEncContent (BUF_TYPE b) +{ + AsnLen totalLen = 0; + AsnLen l; + + l = signature.BEncContent (b); + l += BEncDefLen (b, l); + + l += BEncTag1 (b, UNIV, PRIM, BITSTRING_TAG_CODE); + totalLen += l; + + BEncEocIfNec (b); + l = signatureAlgorithm->BEncContent (b); + l += BEncConsLen (b, l); + + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + totalLen += l; + + ENC_LOAD_ANYBUF(&certificationRequestInfo, b, l); + totalLen += l; + + return totalLen; +} // CertificationRequestSigned::BEncContent + + +void CertificationRequestSigned::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag1; + AsnLen seqBytesDecoded = 0; + AsnLen elmtLen1; + // ANY type + DEC_LOAD_ANYBUF(&certificationRequestInfo, b, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + + + if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + signatureAlgorithm = new SignatureAlgorithmIdentifier; + signatureAlgorithm->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + tag1 = BDecTag (b, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-111); + } + + if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) + || (tag1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))) + { + elmtLen1 = BDecLen (b, seqBytesDecoded, env); + signature.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env); + } + else + { + Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; + SnaccExcep::throwMe(-112); + } + + bytesDecoded += seqBytesDecoded; + if (elmtLen0 == INDEFINITE_LEN) + { + BDecEoc (b, bytesDecoded, env); + return; + } + else if (seqBytesDecoded != elmtLen0) + { + Asn1Error << "ERROR - Length discrepancy on sequence." << endl; + SnaccExcep::throwMe(-113); + } + else + return; +} // CertificationRequestSigned::BDecContent + +AsnLen CertificationRequestSigned::BEnc (BUF_TYPE b) +{ + AsnLen l; + l = BEncContent (b); + l += BEncConsLen (b, l); + l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE); + return l; +} + +void CertificationRequestSigned::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) +{ + AsnTag tag; + AsnLen elmtLen1; + + if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) + { + Asn1Error << "CertificationRequestSigned::BDec: ERROR - wrong tag" << endl; + SnaccExcep::throwMe(-114); + } + elmtLen1 = BDecLen (b, bytesDecoded, env); + BDecContent (b, tag, elmtLen1, bytesDecoded, env); +} + +void CertificationRequestSigned::Print (ostream &os) const +{ +#ifndef NDEBUG + os << "{ -- SEQUENCE --" << endl; + indentG += stdIndentG; + + { + Indent (os, indentG); + os << "certificationRequestInfo "; + os << certificationRequestInfo; + os << "," << endl; + } + + if (NOT_NULL (signatureAlgorithm)) + { + Indent (os, indentG); + os << "signatureAlgorithm "; + os << *signatureAlgorithm; + } + else + { + Indent (os, indentG); + os << "signatureAlgorithm "; + os << "-- void --"; + os << "," << endl; + } + + { + Indent (os, indentG); + os << "signature "; + os << signature; + } + + os << endl; + indentG -= stdIndentG; + Indent (os, indentG); + os << "}"; +#endif /* NDEBUG */ +} // CertificationRequestSigned::Print + + diff --git a/SecurityASN1/c++/pkcs1oids.cpp b/SecurityASN1/c++/pkcs1oids.cpp index 12eb1615..23d1ba68 100644 --- a/SecurityASN1/c++/pkcs1oids.cpp +++ b/SecurityASN1/c++/pkcs1oids.cpp @@ -2,7 +2,7 @@ // // pkcs1oids.cpp - class member functions for ASN.1 module PKCS1-OIDS // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -116,7 +117,7 @@ void RSAPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -128,7 +129,7 @@ void RSAPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } bytesDecoded += seqBytesDecoded; @@ -140,7 +141,7 @@ void RSAPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } else return; @@ -163,33 +164,12 @@ void RSAPublicKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "RSAPublicKey::BDec: ERROR - wrong tag" << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int RSAPublicKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int RSAPublicKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void RSAPublicKey::Print (ostream &os) const { #ifndef NDEBUG @@ -350,7 +330,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -363,7 +343,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -376,7 +356,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-106); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -389,7 +369,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-107); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -402,7 +382,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -108); + SnaccExcep::throwMe(-108); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -415,7 +395,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -109); + SnaccExcep::throwMe(-109); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -428,7 +408,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -110); + SnaccExcep::throwMe(-110); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -441,7 +421,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -111); + SnaccExcep::throwMe(-111); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -453,7 +433,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -112); + SnaccExcep::throwMe(-112); } bytesDecoded += seqBytesDecoded; @@ -465,7 +445,7 @@ void RSAPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -113); + SnaccExcep::throwMe(-113); } else return; @@ -488,33 +468,12 @@ void RSAPrivateKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "RSAPrivateKey::BDec: ERROR - wrong tag" << endl; - longjmp (env, -114); + SnaccExcep::throwMe(-114); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int RSAPrivateKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int RSAPrivateKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void RSAPrivateKey::Print (ostream &os) const { #ifndef NDEBUG diff --git a/SecurityASN1/c++/pkcs7.cpp b/SecurityASN1/c++/pkcs7.cpp index 350c4f79..925396fc 100644 --- a/SecurityASN1/c++/pkcs7.cpp +++ b/SecurityASN1/c++/pkcs7.cpp @@ -2,7 +2,7 @@ // // pkcs7.cpp - class member functions for ASN.1 module PKCS7 // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -154,7 +155,7 @@ void EncryptedContentInfo1::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -182,7 +183,7 @@ void EncryptedContentInfo1::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0)) @@ -202,7 +203,7 @@ void EncryptedContentInfo1::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } else return; @@ -225,33 +226,12 @@ void EncryptedContentInfo1::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "EncryptedContentInfo1::BDec: ERROR - wrong tag" << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EncryptedContentInfo1::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EncryptedContentInfo1::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EncryptedContentInfo1::Print (ostream &os) const { #ifndef NDEBUG @@ -403,7 +383,7 @@ void EncryptedData1::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -415,7 +395,7 @@ void EncryptedData1::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } bytesDecoded += seqBytesDecoded; @@ -427,7 +407,7 @@ void EncryptedData1::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-106); } else return; @@ -450,33 +430,12 @@ void EncryptedData1::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "EncryptedData1::BDec: ERROR - wrong tag" << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-107); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EncryptedData1::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EncryptedData1::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EncryptedData1::Print (ostream &os) const { #ifndef NDEBUG diff --git a/SecurityASN1/c++/pkcs8.cpp b/SecurityASN1/c++/pkcs8.cpp index 627ec406..fb974516 100644 --- a/SecurityASN1/c++/pkcs8.cpp +++ b/SecurityASN1/c++/pkcs8.cpp @@ -2,7 +2,7 @@ // // pkcs8.cpp - class member functions for ASN.1 module PrivateKeyInformationSyntax // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -163,7 +164,7 @@ void PrivateKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -176,7 +177,7 @@ void PrivateKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -204,7 +205,7 @@ void PrivateKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0))) @@ -223,7 +224,7 @@ void PrivateKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } else return; @@ -246,33 +247,12 @@ void PrivateKeyInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "PrivateKeyInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int PrivateKeyInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PrivateKeyInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void PrivateKeyInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -431,7 +411,7 @@ void EncryptedPrivateKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -443,7 +423,7 @@ void EncryptedPrivateKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-106); } bytesDecoded += seqBytesDecoded; @@ -455,7 +435,7 @@ void EncryptedPrivateKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-107); } else return; @@ -478,33 +458,12 @@ void EncryptedPrivateKeyInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE e if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "EncryptedPrivateKeyInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -108); + SnaccExcep::throwMe(-108); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EncryptedPrivateKeyInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EncryptedPrivateKeyInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EncryptedPrivateKeyInfo::Print (ostream &os) const { #ifndef NDEBUG diff --git a/SecurityASN1/c++/pkcs9oids.cpp b/SecurityASN1/c++/pkcs9oids.cpp index ae085b29..193ba016 100644 --- a/SecurityASN1/c++/pkcs9oids.cpp +++ b/SecurityASN1/c++/pkcs9oids.cpp @@ -2,7 +2,7 @@ // // pkcs9oids.cpp - class member functions for ASN.1 module PKCS9-OIDS // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs diff --git a/SecurityASN1/c++/sm_cms.cpp b/SecurityASN1/c++/sm_cms.cpp index 60b6c6f2..e8b1a95e 100644 --- a/SecurityASN1/c++/sm_cms.cpp +++ b/SecurityASN1/c++/sm_cms.cpp @@ -2,7 +2,7 @@ // // sm_cms.cpp - class member functions for ASN.1 module CryptographicMessageSyntax // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -133,7 +134,7 @@ void OriginatorPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) @@ -145,7 +146,7 @@ void OriginatorPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } bytesDecoded += seqBytesDecoded; @@ -157,7 +158,7 @@ void OriginatorPublicKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } else return; @@ -180,33 +181,12 @@ void OriginatorPublicKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "OriginatorPublicKey::BDec: ERROR - wrong tag" << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int OriginatorPublicKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int OriginatorPublicKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void OriginatorPublicKey::Print (ostream &os) const { #ifndef NDEBUG @@ -268,7 +248,7 @@ void CertificateRevocationLists::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYP if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "CertificateRevocationLists::BDec: ERROR - wrong tag" << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -684,7 +664,7 @@ void CertificateRevocationLists::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnL if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -793,7 +773,7 @@ void IssuerAndSerialNumber::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-106); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -805,7 +785,7 @@ void IssuerAndSerialNumber::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-107); } bytesDecoded += seqBytesDecoded; @@ -817,7 +797,7 @@ void IssuerAndSerialNumber::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -108); + SnaccExcep::throwMe(-108); } else return; @@ -840,33 +820,12 @@ void IssuerAndSerialNumber::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "IssuerAndSerialNumber::BDec: ERROR - wrong tag" << endl; - longjmp (env, -109); + SnaccExcep::throwMe(-109); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int IssuerAndSerialNumber::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int IssuerAndSerialNumber::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void IssuerAndSerialNumber::Print (ostream &os) const { #ifndef NDEBUG @@ -1012,7 +971,7 @@ void OtherKeyAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -110); + SnaccExcep::throwMe(-110); } // ANY type @@ -1029,7 +988,7 @@ void OtherKeyAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -111); + SnaccExcep::throwMe(-111); } else return; @@ -1052,33 +1011,12 @@ void OtherKeyAttribute::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "OtherKeyAttribute::BDec: ERROR - wrong tag" << endl; - longjmp (env, -112); + SnaccExcep::throwMe(-112); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int OtherKeyAttribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int OtherKeyAttribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void OtherKeyAttribute::Print (ostream &os) const { #ifndef NDEBUG @@ -1142,7 +1080,7 @@ void DigestAlgorithmIdentifiers::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYP if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "DigestAlgorithmIdentifiers::BDec: ERROR - wrong tag" << endl; - longjmp (env, -113); + SnaccExcep::throwMe(-113); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -1558,7 +1496,7 @@ void DigestAlgorithmIdentifiers::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnL if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -114); + SnaccExcep::throwMe(-114); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -1688,7 +1626,7 @@ void EncapsulatedContentInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -115); + SnaccExcep::throwMe(-115); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0))) @@ -1700,7 +1638,7 @@ void EncapsulatedContentInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e && (tag1 != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -116); + SnaccExcep::throwMe(-116); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -1720,7 +1658,7 @@ void EncapsulatedContentInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -117); + SnaccExcep::throwMe(-117); } else return; @@ -1743,33 +1681,12 @@ void EncapsulatedContentInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE e if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "EncapsulatedContentInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -118); + SnaccExcep::throwMe(-118); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EncapsulatedContentInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EncapsulatedContentInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EncapsulatedContentInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -1929,7 +1846,7 @@ void SignerIdentifier::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, Asn default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -119); + SnaccExcep::throwMe(-119); break; } // end switch } // SignerIdentifier::BDecContent @@ -1954,27 +1871,6 @@ void SignerIdentifier::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int SignerIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int SignerIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void SignerIdentifier::Print (ostream &os) const { #ifndef NDEBUG @@ -2122,7 +2018,7 @@ void EncryptedContentInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -120); + SnaccExcep::throwMe(-120); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -2150,7 +2046,7 @@ void EncryptedContentInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -121); + SnaccExcep::throwMe(-121); } if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0)) @@ -2170,7 +2066,7 @@ void EncryptedContentInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -122); + SnaccExcep::throwMe(-122); } else return; @@ -2193,33 +2089,12 @@ void EncryptedContentInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "EncryptedContentInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -123); + SnaccExcep::throwMe(-123); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EncryptedContentInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EncryptedContentInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EncryptedContentInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -2393,7 +2268,7 @@ void RecipientIdentifier::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -124); + SnaccExcep::throwMe(-124); break; } // end switch } // RecipientIdentifier::BDecContent @@ -2418,27 +2293,6 @@ void RecipientIdentifier::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int RecipientIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int RecipientIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void RecipientIdentifier::Print (ostream &os) const { #ifndef NDEBUG @@ -2611,7 +2465,7 @@ void OriginatorIdentifierOrKey::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmt default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -125); + SnaccExcep::throwMe(-125); break; } // end switch } // OriginatorIdentifierOrKey::BDecContent @@ -2636,27 +2490,6 @@ void OriginatorIdentifierOrKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int OriginatorIdentifierOrKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int OriginatorIdentifierOrKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void OriginatorIdentifierOrKey::Print (ostream &os) const { #ifndef NDEBUG @@ -2827,7 +2660,7 @@ void RecipientKeyIdentifier::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -126); + SnaccExcep::throwMe(-126); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE)) @@ -2870,7 +2703,7 @@ void RecipientKeyIdentifier::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -127); + SnaccExcep::throwMe(-127); } else return; @@ -2893,33 +2726,12 @@ void RecipientKeyIdentifier::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE en if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "RecipientKeyIdentifier::BDec: ERROR - wrong tag" << endl; - longjmp (env, -128); + SnaccExcep::throwMe(-128); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int RecipientKeyIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int RecipientKeyIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void RecipientKeyIdentifier::Print (ostream &os) const { #ifndef NDEBUG @@ -3108,7 +2920,7 @@ void KEKIdentifier::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -129); + SnaccExcep::throwMe(-129); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE)) @@ -3151,7 +2963,7 @@ void KEKIdentifier::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -130); + SnaccExcep::throwMe(-130); } else return; @@ -3174,33 +2986,12 @@ void KEKIdentifier::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "KEKIdentifier::BDec: ERROR - wrong tag" << endl; - longjmp (env, -131); + SnaccExcep::throwMe(-131); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int KEKIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int KEKIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void KEKIdentifier::Print (ostream &os) const { #ifndef NDEBUG @@ -3361,7 +3152,7 @@ void ExtendedCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -132); + SnaccExcep::throwMe(-132); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -3374,7 +3165,7 @@ void ExtendedCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -133); + SnaccExcep::throwMe(-133); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))) @@ -3385,7 +3176,7 @@ void ExtendedCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -134); + SnaccExcep::throwMe(-134); } bytesDecoded += seqBytesDecoded; @@ -3397,7 +3188,7 @@ void ExtendedCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -135); + SnaccExcep::throwMe(-135); } else return; @@ -3420,33 +3211,12 @@ void ExtendedCertificateInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE e if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ExtendedCertificateInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -136); + SnaccExcep::throwMe(-136); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ExtendedCertificateInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ExtendedCertificateInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ExtendedCertificateInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -3686,7 +3456,7 @@ void SignerInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -137); + SnaccExcep::throwMe(-137); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) @@ -3701,7 +3471,7 @@ void SignerInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -138); + SnaccExcep::throwMe(-138); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -3714,7 +3484,7 @@ void SignerInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -139); + SnaccExcep::throwMe(-139); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0))) @@ -3735,7 +3505,7 @@ void SignerInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -140); + SnaccExcep::throwMe(-140); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -3763,7 +3533,7 @@ void SignerInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -141); + SnaccExcep::throwMe(-141); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1))) @@ -3782,7 +3552,7 @@ void SignerInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -142); + SnaccExcep::throwMe(-142); } else return; @@ -3805,33 +3575,12 @@ void SignerInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "SignerInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -143); + SnaccExcep::throwMe(-143); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int SignerInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int SignerInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void SignerInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -4059,7 +3808,7 @@ void KeyTransRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -144); + SnaccExcep::throwMe(-144); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) @@ -4074,7 +3823,7 @@ void KeyTransRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -145); + SnaccExcep::throwMe(-145); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4087,7 +3836,7 @@ void KeyTransRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -146); + SnaccExcep::throwMe(-146); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -4099,7 +3848,7 @@ void KeyTransRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -147); + SnaccExcep::throwMe(-147); } bytesDecoded += seqBytesDecoded; @@ -4111,7 +3860,7 @@ void KeyTransRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -148); + SnaccExcep::throwMe(-148); } else return; @@ -4134,33 +3883,12 @@ void KeyTransRecipientInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "KeyTransRecipientInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -149); + SnaccExcep::throwMe(-149); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int KeyTransRecipientInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int KeyTransRecipientInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void KeyTransRecipientInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -4339,7 +4067,7 @@ void KeyAgreeRecipientIdentifier::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen el default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -150); + SnaccExcep::throwMe(-150); break; } // end switch } // KeyAgreeRecipientIdentifier::BDecContent @@ -4364,27 +4092,6 @@ void KeyAgreeRecipientIdentifier::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TY BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int KeyAgreeRecipientIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int KeyAgreeRecipientIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void KeyAgreeRecipientIdentifier::Print (ostream &os) const { #ifndef NDEBUG @@ -4542,7 +4249,7 @@ void KEKRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -151); + SnaccExcep::throwMe(-151); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4555,7 +4262,7 @@ void KEKRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -152); + SnaccExcep::throwMe(-152); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4568,7 +4275,7 @@ void KEKRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -153); + SnaccExcep::throwMe(-153); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -4580,7 +4287,7 @@ void KEKRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -154); + SnaccExcep::throwMe(-154); } bytesDecoded += seqBytesDecoded; @@ -4592,7 +4299,7 @@ void KEKRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -155); + SnaccExcep::throwMe(-155); } else return; @@ -4615,33 +4322,12 @@ void KEKRecipientInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "KEKRecipientInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -156); + SnaccExcep::throwMe(-156); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int KEKRecipientInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int KEKRecipientInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void KEKRecipientInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -4822,7 +4508,7 @@ void ExtendedCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -157); + SnaccExcep::throwMe(-157); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4835,7 +4521,7 @@ void ExtendedCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -158); + SnaccExcep::throwMe(-158); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) @@ -4847,7 +4533,7 @@ void ExtendedCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -159); + SnaccExcep::throwMe(-159); } bytesDecoded += seqBytesDecoded; @@ -4859,7 +4545,7 @@ void ExtendedCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -160); + SnaccExcep::throwMe(-160); } else return; @@ -4882,33 +4568,12 @@ void ExtendedCertificate::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ExtendedCertificate::BDec: ERROR - wrong tag" << endl; - longjmp (env, -161); + SnaccExcep::throwMe(-161); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ExtendedCertificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ExtendedCertificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ExtendedCertificate::Print (ostream &os) const { #ifndef NDEBUG @@ -4984,7 +4649,7 @@ void SignerInfos::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "SignerInfos::BDec: ERROR - wrong tag" << endl; - longjmp (env, -162); + SnaccExcep::throwMe(-162); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -5400,7 +5065,7 @@ void SignerInfos::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -163); + SnaccExcep::throwMe(-163); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -5510,7 +5175,7 @@ void RecipientEncryptedKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -164); + SnaccExcep::throwMe(-164); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -5522,7 +5187,7 @@ void RecipientEncryptedKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -165); + SnaccExcep::throwMe(-165); } bytesDecoded += seqBytesDecoded; @@ -5534,7 +5199,7 @@ void RecipientEncryptedKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -166); + SnaccExcep::throwMe(-166); } else return; @@ -5557,33 +5222,12 @@ void RecipientEncryptedKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "RecipientEncryptedKey::BDec: ERROR - wrong tag" << endl; - longjmp (env, -167); + SnaccExcep::throwMe(-167); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int RecipientEncryptedKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int RecipientEncryptedKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void RecipientEncryptedKey::Print (ostream &os) const { #ifndef NDEBUG @@ -5765,7 +5409,7 @@ void CertificateChoices::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, A default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -168); + SnaccExcep::throwMe(-168); break; } // end switch } // CertificateChoices::BDecContent @@ -5790,27 +5434,6 @@ void CertificateChoices::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int CertificateChoices::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int CertificateChoices::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void CertificateChoices::Print (ostream &os) const { #ifndef NDEBUG @@ -5871,7 +5494,7 @@ void CertificateSet::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "CertificateSet::BDec: ERROR - wrong tag" << endl; - longjmp (env, -169); + SnaccExcep::throwMe(-169); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -6285,7 +5908,7 @@ void CertificateSet::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, || (tag1 == MAKE_TAG_ID (CNTX, CONS, 1)))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -170); + SnaccExcep::throwMe(-170); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -6454,7 +6077,7 @@ void OriginatorInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -171); + SnaccExcep::throwMe(-171); } else return; @@ -6477,33 +6100,12 @@ void OriginatorInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "OriginatorInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -172); + SnaccExcep::throwMe(-172); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int OriginatorInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int OriginatorInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void OriginatorInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -6578,7 +6180,7 @@ void RecipientEncryptedKeys::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE en if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "RecipientEncryptedKeys::BDec: ERROR - wrong tag" << endl; - longjmp (env, -173); + SnaccExcep::throwMe(-173); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -6982,7 +6584,7 @@ void RecipientEncryptedKeys::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -174); + SnaccExcep::throwMe(-174); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -7154,7 +6756,7 @@ void KeyAgreeRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -175); + SnaccExcep::throwMe(-175); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0))) @@ -7172,7 +6774,7 @@ void KeyAgreeRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -176); + SnaccExcep::throwMe(-176); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1))) @@ -7184,7 +6786,7 @@ void KeyAgreeRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm && (tag1 != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -177); + SnaccExcep::throwMe(-177); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -7206,7 +6808,7 @@ void KeyAgreeRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -178); + SnaccExcep::throwMe(-178); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -7217,7 +6819,7 @@ void KeyAgreeRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -179); + SnaccExcep::throwMe(-179); } bytesDecoded += seqBytesDecoded; @@ -7229,7 +6831,7 @@ void KeyAgreeRecipientInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -180); + SnaccExcep::throwMe(-180); } else return; @@ -7252,33 +6854,12 @@ void KeyAgreeRecipientInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "KeyAgreeRecipientInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -181); + SnaccExcep::throwMe(-181); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int KeyAgreeRecipientInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int KeyAgreeRecipientInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void KeyAgreeRecipientInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -7495,7 +7076,7 @@ void RecipientInfo::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLen default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -182); + SnaccExcep::throwMe(-182); break; } // end switch } // RecipientInfo::BDecContent @@ -7520,27 +7101,6 @@ void RecipientInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int RecipientInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int RecipientInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void RecipientInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -7601,7 +7161,7 @@ void RecipientInfos::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "RecipientInfos::BDec: ERROR - wrong tag" << endl; - longjmp (env, -183); + SnaccExcep::throwMe(-183); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -8015,7 +7575,7 @@ void RecipientInfos::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, || (tag1 == MAKE_TAG_ID (CNTX, CONS, 2)))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -184); + SnaccExcep::throwMe(-184); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -8111,7 +7671,7 @@ void ContentInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, Asn else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -185); + SnaccExcep::throwMe(-185); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0))) @@ -8125,7 +7685,7 @@ void ContentInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, Asn else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -186); + SnaccExcep::throwMe(-186); } bytesDecoded += seqBytesDecoded; @@ -8137,7 +7697,7 @@ void ContentInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, Asn else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -187); + SnaccExcep::throwMe(-187); } else return; @@ -8160,33 +7720,12 @@ void ContentInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ContentInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -188); + SnaccExcep::throwMe(-188); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ContentInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ContentInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ContentInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -8377,7 +7916,7 @@ void SignedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -189); + SnaccExcep::throwMe(-189); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))) @@ -8389,7 +7928,7 @@ void SignedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -190); + SnaccExcep::throwMe(-190); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -8402,7 +7941,7 @@ void SignedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -191); + SnaccExcep::throwMe(-191); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0))) @@ -8429,7 +7968,7 @@ void SignedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -192); + SnaccExcep::throwMe(-192); } bytesDecoded += seqBytesDecoded; @@ -8441,7 +7980,7 @@ void SignedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -193); + SnaccExcep::throwMe(-193); } else return; @@ -8464,33 +8003,12 @@ void SignedData::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "SignedData::BDec: ERROR - wrong tag" << endl; - longjmp (env, -194); + SnaccExcep::throwMe(-194); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int SignedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int SignedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void SignedData::Print (ostream &os) const { #ifndef NDEBUG @@ -8722,7 +8240,7 @@ void EnvelopedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -195); + SnaccExcep::throwMe(-195); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0))) @@ -8742,7 +8260,7 @@ void EnvelopedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -196); + SnaccExcep::throwMe(-196); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -8770,7 +8288,7 @@ void EnvelopedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -197); + SnaccExcep::throwMe(-197); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1))) @@ -8789,7 +8307,7 @@ void EnvelopedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -198); + SnaccExcep::throwMe(-198); } else return; @@ -8812,33 +8330,12 @@ void EnvelopedData::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "EnvelopedData::BDec: ERROR - wrong tag" << endl; - longjmp (env, -199); + SnaccExcep::throwMe(-199); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EnvelopedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EnvelopedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EnvelopedData::Print (ostream &os) const { #ifndef NDEBUG @@ -9042,7 +8539,7 @@ void DigestedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -200); + SnaccExcep::throwMe(-200); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -9055,7 +8552,7 @@ void DigestedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -201); + SnaccExcep::throwMe(-201); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -9068,7 +8565,7 @@ void DigestedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -202); + SnaccExcep::throwMe(-202); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -9080,7 +8577,7 @@ void DigestedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -203); + SnaccExcep::throwMe(-203); } bytesDecoded += seqBytesDecoded; @@ -9092,7 +8589,7 @@ void DigestedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -204); + SnaccExcep::throwMe(-204); } else return; @@ -9115,33 +8612,12 @@ void DigestedData::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DigestedData::BDec: ERROR - wrong tag" << endl; - longjmp (env, -205); + SnaccExcep::throwMe(-205); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DigestedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DigestedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DigestedData::Print (ostream &os) const { #ifndef NDEBUG @@ -9298,7 +8774,7 @@ void EncryptedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -206); + SnaccExcep::throwMe(-206); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -9310,7 +8786,7 @@ void EncryptedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -207); + SnaccExcep::throwMe(-207); } bytesDecoded += seqBytesDecoded; @@ -9322,7 +8798,7 @@ void EncryptedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, A else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -208); + SnaccExcep::throwMe(-208); } else return; @@ -9345,33 +8821,12 @@ void EncryptedData::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "EncryptedData::BDec: ERROR - wrong tag" << endl; - longjmp (env, -209); + SnaccExcep::throwMe(-209); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EncryptedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EncryptedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EncryptedData::Print (ostream &os) const { #ifndef NDEBUG @@ -9639,7 +9094,7 @@ void AuthenticatedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -210); + SnaccExcep::throwMe(-210); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0))) @@ -9659,7 +9114,7 @@ void AuthenticatedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -211); + SnaccExcep::throwMe(-211); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -9672,7 +9127,7 @@ void AuthenticatedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -212); + SnaccExcep::throwMe(-212); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1))) @@ -9693,7 +9148,7 @@ void AuthenticatedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -213); + SnaccExcep::throwMe(-213); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 2))) @@ -9729,7 +9184,7 @@ void AuthenticatedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -214); + SnaccExcep::throwMe(-214); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 3))) @@ -9748,7 +9203,7 @@ void AuthenticatedData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -215); + SnaccExcep::throwMe(-215); } else return; @@ -9771,33 +9226,12 @@ void AuthenticatedData::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AuthenticatedData::BDec: ERROR - wrong tag" << endl; - longjmp (env, -216); + SnaccExcep::throwMe(-216); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AuthenticatedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AuthenticatedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AuthenticatedData::Print (ostream &os) const { #ifndef NDEBUG @@ -9945,7 +9379,7 @@ void UserKeyingMaterials::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "UserKeyingMaterials::BDec: ERROR - wrong tag" << endl; - longjmp (env, -217); + SnaccExcep::throwMe(-217); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -10361,7 +9795,7 @@ void UserKeyingMaterials::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt && (tag1 != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -218); + SnaccExcep::throwMe(-218); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -10457,7 +9891,7 @@ void RC2CBCParameter::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -219); + SnaccExcep::throwMe(-219); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -10469,7 +9903,7 @@ void RC2CBCParameter::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -220); + SnaccExcep::throwMe(-220); } bytesDecoded += seqBytesDecoded; @@ -10481,7 +9915,7 @@ void RC2CBCParameter::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -221); + SnaccExcep::throwMe(-221); } else return; @@ -10504,33 +9938,12 @@ void RC2CBCParameter::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "RC2CBCParameter::BDec: ERROR - wrong tag" << endl; - longjmp (env, -222); + SnaccExcep::throwMe(-222); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int RC2CBCParameter::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int RC2CBCParameter::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void RC2CBCParameter::Print (ostream &os) const { #ifndef NDEBUG @@ -10681,7 +10094,7 @@ void ExtendedCertificateOrCertificate::BDecContent (BUF_TYPE b, AsnTag tag, AsnL default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -223); + SnaccExcep::throwMe(-223); break; } // end switch } // ExtendedCertificateOrCertificate::BDecContent @@ -10706,27 +10119,6 @@ void ExtendedCertificateOrCertificate::BDec (BUF_TYPE b, AsnLen &bytesDecoded, E BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int ExtendedCertificateOrCertificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ExtendedCertificateOrCertificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ExtendedCertificateOrCertificate::Print (ostream &os) const { #ifndef NDEBUG @@ -10853,7 +10245,7 @@ void DigestInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -224); + SnaccExcep::throwMe(-224); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -10865,7 +10257,7 @@ void DigestInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -225); + SnaccExcep::throwMe(-225); } bytesDecoded += seqBytesDecoded; @@ -10877,7 +10269,7 @@ void DigestInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -226); + SnaccExcep::throwMe(-226); } else return; @@ -10900,33 +10292,12 @@ void DigestInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DigestInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -227); + SnaccExcep::throwMe(-227); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DigestInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DigestInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DigestInfo::Print (ostream &os) const { #ifndef NDEBUG diff --git a/SecurityASN1/c++/sm_ess.cpp b/SecurityASN1/c++/sm_ess.cpp index 91ee7266..f6a22666 100644 --- a/SecurityASN1/c++/sm_ess.cpp +++ b/SecurityASN1/c++/sm_ess.cpp @@ -2,7 +2,7 @@ // // sm_ess.cpp - class member functions for ASN.1 module ExtendedSecurityServices // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -59,7 +60,7 @@ void SigningCertificateSeqOf1::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "SigningCertificateSeqOf1::BDec: ERROR - wrong tag" << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -463,7 +464,7 @@ void SigningCertificateSeqOf1::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -502,7 +503,7 @@ void MLReceiptPolicySeqOf1::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "MLReceiptPolicySeqOf1::BDec: ERROR - wrong tag" << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -906,7 +907,7 @@ void MLReceiptPolicySeqOf1::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -945,7 +946,7 @@ void MLReceiptPolicySeqOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "MLReceiptPolicySeqOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -1349,7 +1350,7 @@ void MLReceiptPolicySeqOf::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -1388,7 +1389,7 @@ void ReceiptsFromSeqOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ReceiptsFromSeqOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-106); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -1792,7 +1793,7 @@ void ReceiptsFromSeqOf::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-107); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -1831,7 +1832,7 @@ void ReceiptRequestSeqOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ReceiptRequestSeqOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -108); + SnaccExcep::throwMe(-108); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -2235,7 +2236,7 @@ void ReceiptRequestSeqOf::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -109); + SnaccExcep::throwMe(-109); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -2370,7 +2371,7 @@ void ESSPrivacyMark::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLe default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -110); + SnaccExcep::throwMe(-110); break; } // end switch } // ESSPrivacyMark::BDecContent @@ -2395,27 +2396,6 @@ void ESSPrivacyMark::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int ESSPrivacyMark::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ESSPrivacyMark::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ESSPrivacyMark::Print (ostream &os) const { #ifndef NDEBUG @@ -2525,7 +2505,7 @@ void SecurityCategory::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -111); + SnaccExcep::throwMe(-111); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1))) @@ -2539,7 +2519,7 @@ void SecurityCategory::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -112); + SnaccExcep::throwMe(-112); } bytesDecoded += seqBytesDecoded; @@ -2551,7 +2531,7 @@ void SecurityCategory::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -113); + SnaccExcep::throwMe(-113); } else return; @@ -2574,33 +2554,12 @@ void SecurityCategory::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "SecurityCategory::BDec: ERROR - wrong tag" << endl; - longjmp (env, -114); + SnaccExcep::throwMe(-114); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int SecurityCategory::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int SecurityCategory::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void SecurityCategory::Print (ostream &os) const { #ifndef NDEBUG @@ -2751,7 +2710,7 @@ void EntityIdentifier::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, Asn default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -115); + SnaccExcep::throwMe(-115); break; } // end switch } // EntityIdentifier::BDecContent @@ -2776,27 +2735,6 @@ void EntityIdentifier::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int EntityIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EntityIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EntityIdentifier::Print (ostream &os) const { #ifndef NDEBUG @@ -2945,7 +2883,7 @@ void ReceiptsFrom::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLen default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -116); + SnaccExcep::throwMe(-116); break; } // end switch } // ReceiptsFrom::BDecContent @@ -2970,27 +2908,6 @@ void ReceiptsFrom::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int ReceiptsFrom::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ReceiptsFrom::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ReceiptsFrom::Print (ostream &os) const { #ifndef NDEBUG @@ -3043,7 +2960,7 @@ void SecurityCategories::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "SecurityCategories::BDec: ERROR - wrong tag" << endl; - longjmp (env, -117); + SnaccExcep::throwMe(-117); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -3459,7 +3376,7 @@ void SecurityCategories::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -118); + SnaccExcep::throwMe(-118); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -3618,7 +3535,7 @@ void MLReceiptPolicy::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnL default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -119); + SnaccExcep::throwMe(-119); break; } // end switch } // MLReceiptPolicy::BDecContent @@ -3643,27 +3560,6 @@ void MLReceiptPolicy::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int MLReceiptPolicy::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int MLReceiptPolicy::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void MLReceiptPolicy::Print (ostream &os) const { #ifndef NDEBUG @@ -3812,7 +3708,7 @@ void ESSCertID::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -120); + SnaccExcep::throwMe(-120); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -3831,7 +3727,7 @@ void ESSCertID::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -121); + SnaccExcep::throwMe(-121); } else return; @@ -3854,33 +3750,12 @@ void ESSCertID::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ESSCertID::BDec: ERROR - wrong tag" << endl; - longjmp (env, -122); + SnaccExcep::throwMe(-122); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ESSCertID::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ESSCertID::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ESSCertID::Print (ostream &os) const { #ifndef NDEBUG @@ -3944,7 +3819,7 @@ void SigningCertificateSeqOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE e if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "SigningCertificateSeqOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -123); + SnaccExcep::throwMe(-123); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -4348,7 +4223,7 @@ void SigningCertificateSeqOf::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -124); + SnaccExcep::throwMe(-124); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -4556,14 +4431,14 @@ void ESSSecurityLabel::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 default: Asn1Error << "Unexpected Tag on SET elmt." << endl; - longjmp (env, -125); + SnaccExcep::throwMe(-125); } // end switch } // end for loop bytesDecoded += setBytesDecoded; if (mandatoryElmtsDecoded != 1) { Asn1Error << "ERROR - non-optional SET element missing." << endl; - longjmp (env, -126); + SnaccExcep::throwMe(-126); } } // ESSSecurityLabel::BDecContent @@ -4585,33 +4460,12 @@ void ESSSecurityLabel::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "ESSSecurityLabel::BDec: ERROR - wrong tag" << endl; - longjmp (env, -127); + SnaccExcep::throwMe(-127); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ESSSecurityLabel::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ESSSecurityLabel::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ESSSecurityLabel::Print (ostream &os) const { #ifndef NDEBUG @@ -4780,7 +4634,7 @@ void MLData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen & else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -128); + SnaccExcep::throwMe(-128); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE)) @@ -4808,7 +4662,7 @@ void MLData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen & else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -129); + SnaccExcep::throwMe(-129); } if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0)) @@ -4829,7 +4683,7 @@ void MLData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen & else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -130); + SnaccExcep::throwMe(-130); } else return; @@ -4852,33 +4706,12 @@ void MLData::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "MLData::BDec: ERROR - wrong tag" << endl; - longjmp (env, -131); + SnaccExcep::throwMe(-131); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int MLData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int MLData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void MLData::Print (ostream &os) const { #ifndef NDEBUG @@ -5034,7 +4867,7 @@ void ReceiptRequest::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -132); + SnaccExcep::throwMe(-132); } if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0)) @@ -5048,7 +4881,7 @@ void ReceiptRequest::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -133); + SnaccExcep::throwMe(-133); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -5059,7 +4892,7 @@ void ReceiptRequest::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -134); + SnaccExcep::throwMe(-134); } bytesDecoded += seqBytesDecoded; @@ -5071,7 +4904,7 @@ void ReceiptRequest::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -135); + SnaccExcep::throwMe(-135); } else return; @@ -5094,33 +4927,12 @@ void ReceiptRequest::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ReceiptRequest::BDec: ERROR - wrong tag" << endl; - longjmp (env, -136); + SnaccExcep::throwMe(-136); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ReceiptRequest::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ReceiptRequest::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ReceiptRequest::Print (ostream &os) const { #ifndef NDEBUG @@ -5260,7 +5072,7 @@ void Receipt::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -137); + SnaccExcep::throwMe(-137); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))) @@ -5272,7 +5084,7 @@ void Receipt::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -138); + SnaccExcep::throwMe(-138); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -5285,7 +5097,7 @@ void Receipt::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -139); + SnaccExcep::throwMe(-139); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -5297,7 +5109,7 @@ void Receipt::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -140); + SnaccExcep::throwMe(-140); } bytesDecoded += seqBytesDecoded; @@ -5309,7 +5121,7 @@ void Receipt::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -141); + SnaccExcep::throwMe(-141); } else return; @@ -5332,33 +5144,12 @@ void Receipt::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Receipt::BDec: ERROR - wrong tag" << endl; - longjmp (env, -142); + SnaccExcep::throwMe(-142); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int Receipt::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int Receipt::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void Receipt::Print (ostream &os) const { #ifndef NDEBUG @@ -5506,7 +5297,7 @@ void ContentHints::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -143); + SnaccExcep::throwMe(-143); } bytesDecoded += seqBytesDecoded; @@ -5518,7 +5309,7 @@ void ContentHints::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -144); + SnaccExcep::throwMe(-144); } else return; @@ -5541,33 +5332,12 @@ void ContentHints::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ContentHints::BDec: ERROR - wrong tag" << endl; - longjmp (env, -145); + SnaccExcep::throwMe(-145); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ContentHints::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ContentHints::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ContentHints::Print (ostream &os) const { #ifndef NDEBUG @@ -5692,7 +5462,7 @@ void ContentReference::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -146); + SnaccExcep::throwMe(-146); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -5705,7 +5475,7 @@ void ContentReference::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -147); + SnaccExcep::throwMe(-147); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) @@ -5717,7 +5487,7 @@ void ContentReference::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -148); + SnaccExcep::throwMe(-148); } bytesDecoded += seqBytesDecoded; @@ -5729,7 +5499,7 @@ void ContentReference::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -149); + SnaccExcep::throwMe(-149); } else return; @@ -5752,33 +5522,12 @@ void ContentReference::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ContentReference::BDec: ERROR - wrong tag" << endl; - longjmp (env, -150); + SnaccExcep::throwMe(-150); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ContentReference::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ContentReference::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ContentReference::Print (ostream &os) const { #ifndef NDEBUG @@ -5840,7 +5589,7 @@ void EquivalentLabels::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "EquivalentLabels::BDec: ERROR - wrong tag" << endl; - longjmp (env, -151); + SnaccExcep::throwMe(-151); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -6244,7 +5993,7 @@ void EquivalentLabels::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -152); + SnaccExcep::throwMe(-152); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -6283,7 +6032,7 @@ void MLExpansionHistory::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "MLExpansionHistory::BDec: ERROR - wrong tag" << endl; - longjmp (env, -153); + SnaccExcep::throwMe(-153); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -6687,7 +6436,7 @@ void MLExpansionHistory::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -154); + SnaccExcep::throwMe(-154); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -6814,7 +6563,7 @@ void SigningCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -155); + SnaccExcep::throwMe(-155); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -6833,7 +6582,7 @@ void SigningCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -156); + SnaccExcep::throwMe(-156); } else return; @@ -6856,33 +6605,12 @@ void SigningCertificate::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "SigningCertificate::BDec: ERROR - wrong tag" << endl; - longjmp (env, -157); + SnaccExcep::throwMe(-157); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int SigningCertificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int SigningCertificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void SigningCertificate::Print (ostream &os) const { #ifndef NDEBUG diff --git a/SecurityASN1/c++/sm_vdatypes.cpp b/SecurityASN1/c++/sm_vdatypes.cpp index 9d0fde91..cd1aa974 100644 --- a/SecurityASN1/c++/sm_vdatypes.cpp +++ b/SecurityASN1/c++/sm_vdatypes.cpp @@ -2,7 +2,7 @@ // // sm_vdatypes.cpp - class member functions for ASN.1 module VdaEnhancedTypes // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -61,30 +62,9 @@ void BigIntegerStr::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE))) { Asn1Error << "BigIntegerStr::BDec: ERROR - wrong tag" << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int BigIntegerStr::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int BigIntegerStr::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - diff --git a/SecurityASN1/c++/sm_x411mtsas.cpp b/SecurityASN1/c++/sm_x411mtsas.cpp index bbf0af10..f73d660b 100644 --- a/SecurityASN1/c++/sm_x411mtsas.cpp +++ b/SecurityASN1/c++/sm_x411mtsas.cpp @@ -2,7 +2,7 @@ // // sm_x411mtsas.cpp - class member functions for ASN.1 module MTSAbstractService // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -155,7 +156,7 @@ void CountryName::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLen & default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); break; } // end switch } // CountryName::BDecContent @@ -178,7 +179,7 @@ void CountryName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (APPL, CONS, 1)) { Asn1Error << "CountryName::BDec: ERROR - wrong tag" << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } extraLen1 = BDecLen (b, bytesDecoded, env); /* CHOICEs are a special case - grab identifying tag */ @@ -190,27 +191,6 @@ void CountryName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecEoc (b, bytesDecoded, env); } -int CountryName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int CountryName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void CountryName::Print (ostream &os) const { #ifndef NDEBUG @@ -359,7 +339,7 @@ void AdministrationDomainName::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtL default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); break; } // end switch } // AdministrationDomainName::BDecContent @@ -382,7 +362,7 @@ void AdministrationDomainName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (APPL, CONS, 2)) { Asn1Error << "AdministrationDomainName::BDec: ERROR - wrong tag" << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } extraLen1 = BDecLen (b, bytesDecoded, env); /* CHOICEs are a special case - grab identifying tag */ @@ -394,27 +374,6 @@ void AdministrationDomainName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE BDecEoc (b, bytesDecoded, env); } -int AdministrationDomainName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AdministrationDomainName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AdministrationDomainName::Print (ostream &os) const { #ifndef NDEBUG @@ -563,7 +522,7 @@ void PrivateDomainName::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, As default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); break; } // end switch } // PrivateDomainName::BDecContent @@ -588,27 +547,6 @@ void PrivateDomainName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int PrivateDomainName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PrivateDomainName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void PrivateDomainName::Print (ostream &os) const { #ifndef NDEBUG @@ -832,14 +770,14 @@ void PersonalName::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As default: Asn1Error << "Unexpected Tag on SET elmt." << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } // end switch } // end for loop bytesDecoded += setBytesDecoded; if (mandatoryElmtsDecoded != 1) { Asn1Error << "ERROR - non-optional SET element missing." << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-106); } } // PersonalName::BDecContent @@ -861,33 +799,12 @@ void PersonalName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "PersonalName::BDec: ERROR - wrong tag" << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-107); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int PersonalName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PersonalName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void PersonalName::Print (ostream &os) const { #ifndef NDEBUG @@ -1022,7 +939,7 @@ void DomainDefinedAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -108); + SnaccExcep::throwMe(-108); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, PRINTABLESTRING_TAG_CODE)) @@ -1034,7 +951,7 @@ void DomainDefinedAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -109); + SnaccExcep::throwMe(-109); } bytesDecoded += seqBytesDecoded; @@ -1046,7 +963,7 @@ void DomainDefinedAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -110); + SnaccExcep::throwMe(-110); } else return; @@ -1069,33 +986,12 @@ void DomainDefinedAttribute::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE en if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DomainDefinedAttribute::BDec: ERROR - wrong tag" << endl; - longjmp (env, -111); + SnaccExcep::throwMe(-111); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DomainDefinedAttribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DomainDefinedAttribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DomainDefinedAttribute::Print (ostream &os) const { #ifndef NDEBUG @@ -1208,7 +1104,7 @@ void ExtensionAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -112); + SnaccExcep::throwMe(-112); } if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1))) @@ -1222,7 +1118,7 @@ void ExtensionAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -113); + SnaccExcep::throwMe(-113); } bytesDecoded += seqBytesDecoded; @@ -1234,7 +1130,7 @@ void ExtensionAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -114); + SnaccExcep::throwMe(-114); } else return; @@ -1257,33 +1153,12 @@ void ExtensionAttribute::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ExtensionAttribute::BDec: ERROR - wrong tag" << endl; - longjmp (env, -115); + SnaccExcep::throwMe(-115); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ExtensionAttribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ExtensionAttribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ExtensionAttribute::Print (ostream &os) const { #ifndef NDEBUG @@ -1395,7 +1270,7 @@ void TeletexDomainDefinedAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -116); + SnaccExcep::throwMe(-116); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, TELETEXSTRING_TAG_CODE)) @@ -1407,7 +1282,7 @@ void TeletexDomainDefinedAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -117); + SnaccExcep::throwMe(-117); } bytesDecoded += seqBytesDecoded; @@ -1419,7 +1294,7 @@ void TeletexDomainDefinedAttribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -118); + SnaccExcep::throwMe(-118); } else return; @@ -1442,33 +1317,12 @@ void TeletexDomainDefinedAttribute::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_ if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "TeletexDomainDefinedAttribute::BDec: ERROR - wrong tag" << endl; - longjmp (env, -119); + SnaccExcep::throwMe(-119); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int TeletexDomainDefinedAttribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int TeletexDomainDefinedAttribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void TeletexDomainDefinedAttribute::Print (ostream &os) const { #ifndef NDEBUG @@ -1523,7 +1377,7 @@ void OrganizationUnitNames::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "OrganizationUnitNames::BDec: ERROR - wrong tag" << endl; - longjmp (env, -120); + SnaccExcep::throwMe(-120); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -1927,7 +1781,7 @@ void OrganizationUnitNames::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el && (tag1 != MAKE_TAG_ID (UNIV, CONS, PRINTABLESTRING_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -121); + SnaccExcep::throwMe(-121); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -1966,7 +1820,7 @@ void DomainDefinedAttributes::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE e if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DomainDefinedAttributes::BDec: ERROR - wrong tag" << endl; - longjmp (env, -122); + SnaccExcep::throwMe(-122); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -2370,7 +2224,7 @@ void DomainDefinedAttributes::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -123); + SnaccExcep::throwMe(-123); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -2409,7 +2263,7 @@ void ExtensionAttributes::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "ExtensionAttributes::BDec: ERROR - wrong tag" << endl; - longjmp (env, -124); + SnaccExcep::throwMe(-124); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -2825,7 +2679,7 @@ void ExtensionAttributes::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -125); + SnaccExcep::throwMe(-125); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -3332,7 +3186,7 @@ void StandardAttributes::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -126); + SnaccExcep::throwMe(-126); } else return; @@ -3355,33 +3209,12 @@ void StandardAttributes::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "StandardAttributes::BDec: ERROR - wrong tag" << endl; - longjmp (env, -127); + SnaccExcep::throwMe(-127); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int StandardAttributes::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int StandardAttributes::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void StandardAttributes::Print (ostream &os) const { #ifndef NDEBUG @@ -3703,7 +3536,7 @@ void ORAddress::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -128); + SnaccExcep::throwMe(-128); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -3745,7 +3578,7 @@ void ORAddress::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -129); + SnaccExcep::throwMe(-129); } else return; @@ -3768,33 +3601,12 @@ void ORAddress::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ORAddress::BDec: ERROR - wrong tag" << endl; - longjmp (env, -130); + SnaccExcep::throwMe(-130); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ORAddress::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ORAddress::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ORAddress::Print (ostream &os) const { #ifndef NDEBUG @@ -4051,14 +3863,14 @@ void TeletexPersonalName::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL default: Asn1Error << "Unexpected Tag on SET elmt." << endl; - longjmp (env, -131); + SnaccExcep::throwMe(-131); } // end switch } // end for loop bytesDecoded += setBytesDecoded; if (mandatoryElmtsDecoded != 1) { Asn1Error << "ERROR - non-optional SET element missing." << endl; - longjmp (env, -132); + SnaccExcep::throwMe(-132); } } // TeletexPersonalName::BDecContent @@ -4080,33 +3892,12 @@ void TeletexPersonalName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "TeletexPersonalName::BDec: ERROR - wrong tag" << endl; - longjmp (env, -133); + SnaccExcep::throwMe(-133); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int TeletexPersonalName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int TeletexPersonalName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void TeletexPersonalName::Print (ostream &os) const { #ifndef NDEBUG @@ -4184,7 +3975,7 @@ void TeletexOrganizationUnitNames::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_T if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "TeletexOrganizationUnitNames::BDec: ERROR - wrong tag" << endl; - longjmp (env, -134); + SnaccExcep::throwMe(-134); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -4588,7 +4379,7 @@ void TeletexOrganizationUnitNames::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, As && (tag1 != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -135); + SnaccExcep::throwMe(-135); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -4627,7 +4418,7 @@ void TeletexDomainDefinedAttributes::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "TeletexDomainDefinedAttributes::BDec: ERROR - wrong tag" << endl; - longjmp (env, -136); + SnaccExcep::throwMe(-136); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -5031,7 +4822,7 @@ void TeletexDomainDefinedAttributes::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -137); + SnaccExcep::throwMe(-137); } elmtLen1 = BDecLen (b, listBytesDecoded, env); diff --git a/SecurityASN1/c++/sm_x411ub.cpp b/SecurityASN1/c++/sm_x411ub.cpp index c9be1559..c9fe085e 100644 --- a/SecurityASN1/c++/sm_x411ub.cpp +++ b/SecurityASN1/c++/sm_x411ub.cpp @@ -2,7 +2,7 @@ // // sm_x411ub.cpp - class member functions for ASN.1 module UpperBounds // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs diff --git a/SecurityASN1/c++/sm_x501if.cpp b/SecurityASN1/c++/sm_x501if.cpp index 0211d218..f02e84e1 100644 --- a/SecurityASN1/c++/sm_x501if.cpp +++ b/SecurityASN1/c++/sm_x501if.cpp @@ -2,7 +2,7 @@ // // sm_x501if.cpp - class member functions for ASN.1 module InformationFramework // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -59,7 +60,7 @@ void AttributeTypeAndDistinguishedValueSetOfSeqSetOf::BDec (BUF_TYPE b, AsnLen & if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "AttributeTypeAndDistinguishedValueSetOfSeqSetOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -572,7 +573,7 @@ void AttributeTypeAndDistinguishedValueSetOfSeq::BDecContent (BUF_TYPE b, AsnTag else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } bytesDecoded += seqBytesDecoded; @@ -584,7 +585,7 @@ void AttributeTypeAndDistinguishedValueSetOfSeq::BDecContent (BUF_TYPE b, AsnTag else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } else return; @@ -607,33 +608,12 @@ void AttributeTypeAndDistinguishedValueSetOfSeq::BDec (BUF_TYPE b, AsnLen &bytes if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttributeTypeAndDistinguishedValueSetOfSeq::BDec: ERROR - wrong tag" << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AttributeTypeAndDistinguishedValueSetOfSeq::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AttributeTypeAndDistinguishedValueSetOfSeq::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AttributeTypeAndDistinguishedValueSetOfSeq::Print (ostream &os) const { #ifndef NDEBUG @@ -695,7 +675,7 @@ void AttributeTypeAndDistinguishedValueSetOf::BDec (BUF_TYPE b, AsnLen &bytesDec if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "AttributeTypeAndDistinguishedValueSetOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -1111,7 +1091,7 @@ void AttributeTypeAndDistinguishedValueSetOf::BDecContent (BUF_TYPE b, AsnTag / if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -1150,7 +1130,7 @@ void AttributeSetOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "AttributeSetOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-106); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -1641,7 +1621,7 @@ void Attribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-107); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))) @@ -1652,7 +1632,7 @@ void Attribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -108); + SnaccExcep::throwMe(-108); } bytesDecoded += seqBytesDecoded; @@ -1664,7 +1644,7 @@ void Attribute::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -109); + SnaccExcep::throwMe(-109); } else return; @@ -1687,33 +1667,12 @@ void Attribute::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Attribute::BDec: ERROR - wrong tag" << endl; - longjmp (env, -110); + SnaccExcep::throwMe(-110); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int Attribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int Attribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void Attribute::Print (ostream &os) const { #ifndef NDEBUG @@ -1866,7 +1825,7 @@ void AttributeTypeAndDistinguishedValue::BDecContent (BUF_TYPE b, AsnTag /*tag0* else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -111); + SnaccExcep::throwMe(-111); } // ANY type @@ -1928,7 +1887,7 @@ void AttributeTypeAndDistinguishedValue::BDecContent (BUF_TYPE b, AsnTag /*tag0* else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -112); + SnaccExcep::throwMe(-112); } else return; @@ -1951,33 +1910,12 @@ void AttributeTypeAndDistinguishedValue::BDec (BUF_TYPE b, AsnLen &bytesDecoded, if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttributeTypeAndDistinguishedValue::BDec: ERROR - wrong tag" << endl; - longjmp (env, -113); + SnaccExcep::throwMe(-113); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AttributeTypeAndDistinguishedValue::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AttributeTypeAndDistinguishedValue::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AttributeTypeAndDistinguishedValue::Print (ostream &os) const { #ifndef NDEBUG @@ -2063,7 +2001,7 @@ void RelativeDistinguishedName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "RelativeDistinguishedName::BDec: ERROR - wrong tag" << endl; - longjmp (env, -114); + SnaccExcep::throwMe(-114); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -2479,7 +2417,7 @@ void RelativeDistinguishedName::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLe if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -115); + SnaccExcep::throwMe(-115); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -2518,7 +2456,7 @@ void RDNSequence::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "RDNSequence::BDec: ERROR - wrong tag" << endl; - longjmp (env, -116); + SnaccExcep::throwMe(-116); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -2922,7 +2860,7 @@ void RDNSequence::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -117); + SnaccExcep::throwMe(-117); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -2961,7 +2899,7 @@ void Attributes::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "Attributes::BDec: ERROR - wrong tag" << endl; - longjmp (env, -118); + SnaccExcep::throwMe(-118); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -3377,7 +3315,7 @@ void Attributes::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -119); + SnaccExcep::throwMe(-119); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -3488,7 +3426,7 @@ void Name::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLen &bytesDe default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -120); + SnaccExcep::throwMe(-120); break; } // end switch } // Name::BDecContent @@ -3513,27 +3451,6 @@ void Name::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int Name::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int Name::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void Name::Print (ostream &os) const { #ifndef NDEBUG diff --git a/SecurityASN1/c++/sm_x501ud.cpp b/SecurityASN1/c++/sm_x501ud.cpp index 75c1c3ff..2191447f 100644 --- a/SecurityASN1/c++/sm_x501ud.cpp +++ b/SecurityASN1/c++/sm_x501ud.cpp @@ -2,7 +2,7 @@ // // sm_x501ud.cpp - class member functions for ASN.1 module UsefulDefinitions // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs diff --git a/SecurityASN1/c++/sm_x509af.cpp b/SecurityASN1/c++/sm_x509af.cpp index e9fe5039..0b7bc800 100644 --- a/SecurityASN1/c++/sm_x509af.cpp +++ b/SecurityASN1/c++/sm_x509af.cpp @@ -2,7 +2,7 @@ // // sm_x509af.cpp - class member functions for ASN.1 module AuthenticationFramework // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -59,7 +60,7 @@ void AttributeCertificateAssertionSetOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "AttributeCertificateAssertionSetOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -474,7 +475,7 @@ void AttributeCertificateAssertionSetOf::BDecContent (BUF_TYPE b, AsnTag /*tag0 if ((tag1 != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -513,7 +514,7 @@ void AttributeCertificateInfoSeqOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_ if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttributeCertificateInfoSeqOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -917,7 +918,7 @@ void AttributeCertificateInfoSeqOf::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, A if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -1040,7 +1041,7 @@ void AlgorithmIdentifier::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } // ANY type @@ -1057,7 +1058,7 @@ void AlgorithmIdentifier::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } else return; @@ -1080,33 +1081,12 @@ void AlgorithmIdentifier::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AlgorithmIdentifier::BDec: ERROR - wrong tag" << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-106); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AlgorithmIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AlgorithmIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AlgorithmIdentifier::Print (ostream &os) const { #ifndef NDEBUG @@ -1266,7 +1246,7 @@ void Time::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLen &bytesDe default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-107); break; } // end switch } // Time::BDecContent @@ -1291,27 +1271,6 @@ void Time::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int Time::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int Time::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void Time::Print (ostream &os) const { #ifndef NDEBUG @@ -1443,7 +1402,7 @@ void Extension::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -108); + SnaccExcep::throwMe(-108); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BOOLEAN_TAG_CODE))) @@ -1463,7 +1422,7 @@ void Extension::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -109); + SnaccExcep::throwMe(-109); } bytesDecoded += seqBytesDecoded; @@ -1475,7 +1434,7 @@ void Extension::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -110); + SnaccExcep::throwMe(-110); } else return; @@ -1498,33 +1457,12 @@ void Extension::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Extension::BDec: ERROR - wrong tag" << endl; - longjmp (env, -111); + SnaccExcep::throwMe(-111); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int Extension::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int Extension::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void Extension::Print (ostream &os) const { #ifndef NDEBUG @@ -1650,7 +1588,7 @@ void AttCertValidityPeriod::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -112); + SnaccExcep::throwMe(-112); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE)) @@ -1662,7 +1600,7 @@ void AttCertValidityPeriod::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -113); + SnaccExcep::throwMe(-113); } bytesDecoded += seqBytesDecoded; @@ -1674,7 +1612,7 @@ void AttCertValidityPeriod::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -114); + SnaccExcep::throwMe(-114); } else return; @@ -1697,33 +1635,12 @@ void AttCertValidityPeriod::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttCertValidityPeriod::BDec: ERROR - wrong tag" << endl; - longjmp (env, -115); + SnaccExcep::throwMe(-115); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AttCertValidityPeriod::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AttCertValidityPeriod::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AttCertValidityPeriod::Print (ostream &os) const { #ifndef NDEBUG @@ -1864,7 +1781,7 @@ void Validity::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -116); + SnaccExcep::throwMe(-116); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) @@ -1879,7 +1796,7 @@ void Validity::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -117); + SnaccExcep::throwMe(-117); } bytesDecoded += seqBytesDecoded; @@ -1891,7 +1808,7 @@ void Validity::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -118); + SnaccExcep::throwMe(-118); } else return; @@ -1914,33 +1831,12 @@ void Validity::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Validity::BDec: ERROR - wrong tag" << endl; - longjmp (env, -119); + SnaccExcep::throwMe(-119); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int Validity::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int Validity::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void Validity::Print (ostream &os) const { #ifndef NDEBUG @@ -2084,7 +1980,7 @@ void SubjectPublicKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -120); + SnaccExcep::throwMe(-120); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) @@ -2096,7 +1992,7 @@ void SubjectPublicKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -121); + SnaccExcep::throwMe(-121); } bytesDecoded += seqBytesDecoded; @@ -2108,7 +2004,7 @@ void SubjectPublicKeyInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -122); + SnaccExcep::throwMe(-122); } else return; @@ -2131,33 +2027,12 @@ void SubjectPublicKeyInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "SubjectPublicKeyInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -123); + SnaccExcep::throwMe(-123); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int SubjectPublicKeyInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int SubjectPublicKeyInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void SubjectPublicKeyInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -2219,7 +2094,7 @@ void Extensions::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Extensions::BDec: ERROR - wrong tag" << endl; - longjmp (env, -124); + SnaccExcep::throwMe(-124); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -2623,7 +2498,7 @@ void Extensions::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -125); + SnaccExcep::throwMe(-125); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -2741,7 +2616,7 @@ void IssuerSerial::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -126); + SnaccExcep::throwMe(-126); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -2769,7 +2644,7 @@ void IssuerSerial::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -127); + SnaccExcep::throwMe(-127); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) @@ -2789,7 +2664,7 @@ void IssuerSerial::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -128); + SnaccExcep::throwMe(-128); } else return; @@ -2812,33 +2687,12 @@ void IssuerSerial::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "IssuerSerial::BDec: ERROR - wrong tag" << endl; - longjmp (env, -129); + SnaccExcep::throwMe(-129); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int IssuerSerial::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int IssuerSerial::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void IssuerSerial::Print (ostream &os) const { #ifndef NDEBUG @@ -3001,7 +2855,7 @@ void AttributeCertificateAssertionChoice::BDecContent (BUF_TYPE b, AsnTag tag, A if (tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -130); + SnaccExcep::throwMe(-130); } elmtLen1 = BDecLen (b, bytesDecoded, env); @@ -3024,7 +2878,7 @@ void AttributeCertificateAssertionChoice::BDecContent (BUF_TYPE b, AsnTag tag, A default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -131); + SnaccExcep::throwMe(-131); break; } // end switch } // AttributeCertificateAssertionChoice::BDecContent @@ -3049,27 +2903,6 @@ void AttributeCertificateAssertionChoice::BDec (BUF_TYPE b, AsnLen &bytesDecoded BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int AttributeCertificateAssertionChoice::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AttributeCertificateAssertionChoice::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AttributeCertificateAssertionChoice::Print (ostream &os) const { #ifndef NDEBUG @@ -3218,7 +3051,7 @@ void AttributeCertificateInfoChoice::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen if (tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -132); + SnaccExcep::throwMe(-132); } elmtLen1 = BDecLen (b, bytesDecoded, env); @@ -3234,7 +3067,7 @@ void AttributeCertificateInfoChoice::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen if (tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -133); + SnaccExcep::throwMe(-133); } elmtLen1 = BDecLen (b, bytesDecoded, env); @@ -3247,7 +3080,7 @@ void AttributeCertificateInfoChoice::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -134); + SnaccExcep::throwMe(-134); break; } // end switch } // AttributeCertificateInfoChoice::BDecContent @@ -3272,27 +3105,6 @@ void AttributeCertificateInfoChoice::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int AttributeCertificateInfoChoice::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AttributeCertificateInfoChoice::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AttributeCertificateInfoChoice::Print (ostream &os) const { #ifndef NDEBUG @@ -3438,7 +3250,7 @@ void CRLToSignSeqOfSeq::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -135); + SnaccExcep::throwMe(-135); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) @@ -3469,7 +3281,7 @@ void CRLToSignSeqOfSeq::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -136); + SnaccExcep::throwMe(-136); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -3488,7 +3300,7 @@ void CRLToSignSeqOfSeq::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -137); + SnaccExcep::throwMe(-137); } else return; @@ -3511,33 +3323,12 @@ void CRLToSignSeqOfSeq::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CRLToSignSeqOfSeq::BDec: ERROR - wrong tag" << endl; - longjmp (env, -138); + SnaccExcep::throwMe(-138); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int CRLToSignSeqOfSeq::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int CRLToSignSeqOfSeq::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void CRLToSignSeqOfSeq::Print (ostream &os) const { #ifndef NDEBUG @@ -3615,7 +3406,7 @@ void CRLToSignSeqOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CRLToSignSeqOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -139); + SnaccExcep::throwMe(-139); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -4019,7 +3810,7 @@ void CRLToSignSeqOf::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -140); + SnaccExcep::throwMe(-140); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -4317,7 +4108,7 @@ void CertificateToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen if (tag1 != MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -141); + SnaccExcep::throwMe(-141); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -4339,7 +4130,7 @@ void CertificateToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -142); + SnaccExcep::throwMe(-142); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4352,7 +4143,7 @@ void CertificateToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -143); + SnaccExcep::throwMe(-143); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4365,7 +4156,7 @@ void CertificateToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -144); + SnaccExcep::throwMe(-144); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4378,7 +4169,7 @@ void CertificateToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -145); + SnaccExcep::throwMe(-145); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4391,7 +4182,7 @@ void CertificateToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -146); + SnaccExcep::throwMe(-146); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4419,7 +4210,7 @@ void CertificateToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -147); + SnaccExcep::throwMe(-147); } if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 1)) @@ -4478,7 +4269,7 @@ void CertificateToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -148); + SnaccExcep::throwMe(-148); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -4498,7 +4289,7 @@ void CertificateToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -149); + SnaccExcep::throwMe(-149); } else return; @@ -4521,33 +4312,12 @@ void CertificateToSign::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CertificateToSign::BDec: ERROR - wrong tag" << endl; - longjmp (env, -150); + SnaccExcep::throwMe(-150); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int CertificateToSign::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int CertificateToSign::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void CertificateToSign::Print (ostream &os) const { #ifndef NDEBUG @@ -4933,7 +4703,7 @@ void CRLToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -151); + SnaccExcep::throwMe(-151); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -4946,7 +4716,7 @@ void CRLToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -152); + SnaccExcep::throwMe(-152); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) @@ -4977,7 +4747,7 @@ void CRLToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -153); + SnaccExcep::throwMe(-153); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) @@ -5037,7 +4807,7 @@ void CRLToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -154); + SnaccExcep::throwMe(-154); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -5057,7 +4827,7 @@ void CRLToSign::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -155); + SnaccExcep::throwMe(-155); } else return; @@ -5080,33 +4850,12 @@ void CRLToSign::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CRLToSign::BDec: ERROR - wrong tag" << endl; - longjmp (env, -156); + SnaccExcep::throwMe(-156); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int CRLToSign::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int CRLToSign::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void CRLToSign::Print (ostream &os) const { #ifndef NDEBUG @@ -5460,7 +5209,7 @@ void AttributeCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -157); + SnaccExcep::throwMe(-157); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -5472,7 +5221,7 @@ void AttributeCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -158); + SnaccExcep::throwMe(-158); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -5485,7 +5234,7 @@ void AttributeCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -159); + SnaccExcep::throwMe(-159); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) @@ -5498,7 +5247,7 @@ void AttributeCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -160); + SnaccExcep::throwMe(-160); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -5511,7 +5260,7 @@ void AttributeCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -161); + SnaccExcep::throwMe(-161); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -5538,7 +5287,7 @@ void AttributeCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -162); + SnaccExcep::throwMe(-162); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) @@ -5581,7 +5330,7 @@ void AttributeCertificateInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -163); + SnaccExcep::throwMe(-163); } else return; @@ -5604,33 +5353,12 @@ void AttributeCertificateInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttributeCertificateInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -164); + SnaccExcep::throwMe(-164); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AttributeCertificateInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AttributeCertificateInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AttributeCertificateInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -5877,7 +5605,7 @@ void Certificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, Asn else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -165); + SnaccExcep::throwMe(-165); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -5890,7 +5618,7 @@ void Certificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, Asn else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -166); + SnaccExcep::throwMe(-166); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) @@ -5902,7 +5630,7 @@ void Certificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, Asn else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -167); + SnaccExcep::throwMe(-167); } bytesDecoded += seqBytesDecoded; @@ -5914,7 +5642,7 @@ void Certificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, Asn else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -168); + SnaccExcep::throwMe(-168); } else return; @@ -5937,33 +5665,12 @@ void Certificate::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Certificate::BDec: ERROR - wrong tag" << endl; - longjmp (env, -169); + SnaccExcep::throwMe(-169); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int Certificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int Certificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void Certificate::Print (ostream &os) const { #ifndef NDEBUG @@ -6039,7 +5746,7 @@ void CrossCertificates::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "CrossCertificates::BDec: ERROR - wrong tag" << endl; - longjmp (env, -170); + SnaccExcep::throwMe(-170); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -6455,7 +6162,7 @@ void CrossCertificates::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -171); + SnaccExcep::throwMe(-171); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -6602,7 +6309,7 @@ void CertificatePair::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -172); + SnaccExcep::throwMe(-172); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -6637,7 +6344,7 @@ void CertificatePair::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -173); + SnaccExcep::throwMe(-173); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -6657,7 +6364,7 @@ void CertificatePair::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -174); + SnaccExcep::throwMe(-174); } else return; @@ -6680,33 +6387,12 @@ void CertificatePair::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CertificatePair::BDec: ERROR - wrong tag" << endl; - longjmp (env, -175); + SnaccExcep::throwMe(-175); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int CertificatePair::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int CertificatePair::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void CertificatePair::Print (ostream &os) const { #ifndef NDEBUG @@ -6879,7 +6565,7 @@ void CertificateList::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -176); + SnaccExcep::throwMe(-176); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -6892,7 +6578,7 @@ void CertificateList::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -177); + SnaccExcep::throwMe(-177); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) @@ -6904,7 +6590,7 @@ void CertificateList::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -178); + SnaccExcep::throwMe(-178); } bytesDecoded += seqBytesDecoded; @@ -6916,7 +6602,7 @@ void CertificateList::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -179); + SnaccExcep::throwMe(-179); } else return; @@ -6939,33 +6625,12 @@ void CertificateList::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CertificateList::BDec: ERROR - wrong tag" << endl; - longjmp (env, -180); + SnaccExcep::throwMe(-180); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int CertificateList::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int CertificateList::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void CertificateList::Print (ostream &os) const { #ifndef NDEBUG @@ -7139,7 +6804,7 @@ void AttributeCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -181); + SnaccExcep::throwMe(-181); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -7152,7 +6817,7 @@ void AttributeCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -182); + SnaccExcep::throwMe(-182); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) @@ -7164,7 +6829,7 @@ void AttributeCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -183); + SnaccExcep::throwMe(-183); } bytesDecoded += seqBytesDecoded; @@ -7176,7 +6841,7 @@ void AttributeCertificate::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -184); + SnaccExcep::throwMe(-184); } else return; @@ -7199,33 +6864,12 @@ void AttributeCertificate::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttributeCertificate::BDec: ERROR - wrong tag" << endl; - longjmp (env, -185); + SnaccExcep::throwMe(-185); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AttributeCertificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AttributeCertificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AttributeCertificate::Print (ostream &os) const { #ifndef NDEBUG @@ -7301,7 +6945,7 @@ void CertificationPathSeqOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE en if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CertificationPathSeqOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -186); + SnaccExcep::throwMe(-186); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -7705,7 +7349,7 @@ void CertificationPathSeqOf::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -187); + SnaccExcep::throwMe(-187); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -7744,7 +7388,7 @@ void ForwardCertificationPath::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ForwardCertificationPath::BDec: ERROR - wrong tag" << endl; - longjmp (env, -188); + SnaccExcep::throwMe(-188); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -8148,7 +7792,7 @@ void ForwardCertificationPath::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -189); + SnaccExcep::throwMe(-189); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -8295,7 +7939,7 @@ void ACPathData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -190); + SnaccExcep::throwMe(-190); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -8330,7 +7974,7 @@ void ACPathData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -191); + SnaccExcep::throwMe(-191); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -8350,7 +7994,7 @@ void ACPathData::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnL else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -192); + SnaccExcep::throwMe(-192); } else return; @@ -8373,33 +8017,12 @@ void ACPathData::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ACPathData::BDec: ERROR - wrong tag" << endl; - longjmp (env, -193); + SnaccExcep::throwMe(-193); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ACPathData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ACPathData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void ACPathData::Print (ostream &os) const { #ifndef NDEBUG @@ -8474,7 +8097,7 @@ void AttributeCertificationPathSeqOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, EN if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttributeCertificationPathSeqOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -194); + SnaccExcep::throwMe(-194); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -8878,7 +8501,7 @@ void AttributeCertificationPathSeqOf::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -195); + SnaccExcep::throwMe(-195); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -9022,7 +8645,7 @@ void Certificates::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -196); + SnaccExcep::throwMe(-196); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -9041,7 +8664,7 @@ void Certificates::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -197); + SnaccExcep::throwMe(-197); } else return; @@ -9064,33 +8687,12 @@ void Certificates::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "Certificates::BDec: ERROR - wrong tag" << endl; - longjmp (env, -198); + SnaccExcep::throwMe(-198); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int Certificates::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int Certificates::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void Certificates::Print (ostream &os) const { #ifndef NDEBUG @@ -9266,7 +8868,7 @@ void CertificationPath::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -199); + SnaccExcep::throwMe(-199); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -9285,7 +8887,7 @@ void CertificationPath::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -200); + SnaccExcep::throwMe(-200); } else return; @@ -9308,33 +8910,12 @@ void CertificationPath::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CertificationPath::BDec: ERROR - wrong tag" << endl; - longjmp (env, -201); + SnaccExcep::throwMe(-201); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int CertificationPath::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int CertificationPath::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void CertificationPath::Print (ostream &os) const { #ifndef NDEBUG @@ -9510,7 +9091,7 @@ void AttributeCertificationPath::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -202); + SnaccExcep::throwMe(-202); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -9529,7 +9110,7 @@ void AttributeCertificationPath::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -203); + SnaccExcep::throwMe(-203); } else return; @@ -9552,33 +9133,12 @@ void AttributeCertificationPath::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYP if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttributeCertificationPath::BDec: ERROR - wrong tag" << endl; - longjmp (env, -204); + SnaccExcep::throwMe(-204); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AttributeCertificationPath::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AttributeCertificationPath::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AttributeCertificationPath::Print (ostream &os) const { #ifndef NDEBUG @@ -9859,7 +9419,7 @@ void AttributeCertificateAssertion::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, As && (tag1 != MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -205); + SnaccExcep::throwMe(-205); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -9894,7 +9454,7 @@ void AttributeCertificateAssertion::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, As if (tag1 != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -206); + SnaccExcep::throwMe(-206); } elmtLen2 = BDecLen (b, seqBytesDecoded, env); @@ -9914,7 +9474,7 @@ void AttributeCertificateAssertion::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -207); + SnaccExcep::throwMe(-207); } else return; @@ -9937,33 +9497,12 @@ void AttributeCertificateAssertion::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_ if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttributeCertificateAssertion::BDec: ERROR - wrong tag" << endl; - longjmp (env, -208); + SnaccExcep::throwMe(-208); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AttributeCertificateAssertion::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AttributeCertificateAssertion::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AttributeCertificateAssertion::Print (ostream &os) const { #ifndef NDEBUG diff --git a/SecurityASN1/c++/sm_x509ce.cpp b/SecurityASN1/c++/sm_x509ce.cpp index 2d50e092..576033a4 100644 --- a/SecurityASN1/c++/sm_x509ce.cpp +++ b/SecurityASN1/c++/sm_x509ce.cpp @@ -2,7 +2,7 @@ // // sm_x509ce.cpp - class member functions for ASN.1 module CertificateExtensions // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -143,7 +144,7 @@ void PolicyQualifierInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } // ANY type @@ -160,7 +161,7 @@ void PolicyQualifierInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtL else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } else return; @@ -183,33 +184,12 @@ void PolicyQualifierInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "PolicyQualifierInfo::BDec: ERROR - wrong tag" << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int PolicyQualifierInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PolicyQualifierInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void PolicyQualifierInfo::Print (ostream &os) const { #ifndef NDEBUG @@ -273,7 +253,7 @@ void AttributesSyntax::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AttributesSyntax::BDec: ERROR - wrong tag" << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -677,7 +657,7 @@ void AttributesSyntax::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -812,7 +792,7 @@ void DistributionPointName::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0 default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); break; } // end switch } // DistributionPointName::BDecContent @@ -837,27 +817,6 @@ void DistributionPointName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int DistributionPointName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DistributionPointName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DistributionPointName::Print (ostream &os) const { #ifndef NDEBUG @@ -966,7 +925,7 @@ void PolicyMappingsSyntaxSeq::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -106); + SnaccExcep::throwMe(-106); } if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))) @@ -977,7 +936,7 @@ void PolicyMappingsSyntaxSeq::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -107); + SnaccExcep::throwMe(-107); } bytesDecoded += seqBytesDecoded; @@ -989,7 +948,7 @@ void PolicyMappingsSyntaxSeq::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -108); + SnaccExcep::throwMe(-108); } else return; @@ -1012,33 +971,12 @@ void PolicyMappingsSyntaxSeq::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE e if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "PolicyMappingsSyntaxSeq::BDec: ERROR - wrong tag" << endl; - longjmp (env, -109); + SnaccExcep::throwMe(-109); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int PolicyMappingsSyntaxSeq::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PolicyMappingsSyntaxSeq::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void PolicyMappingsSyntaxSeq::Print (ostream &os) const { #ifndef NDEBUG @@ -1093,7 +1031,7 @@ void PolicyInformationSeqOf::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE en if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "PolicyInformationSeqOf::BDec: ERROR - wrong tag" << endl; - longjmp (env, -110); + SnaccExcep::throwMe(-110); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -1497,7 +1435,7 @@ void PolicyInformationSeqOf::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -111); + SnaccExcep::throwMe(-111); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -1623,7 +1561,7 @@ void PolicyInformation::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -112); + SnaccExcep::throwMe(-112); } if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) @@ -1642,7 +1580,7 @@ void PolicyInformation::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -113); + SnaccExcep::throwMe(-113); } else return; @@ -1665,33 +1603,12 @@ void PolicyInformation::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "PolicyInformation::BDec: ERROR - wrong tag" << endl; - longjmp (env, -114); + SnaccExcep::throwMe(-114); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int PolicyInformation::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PolicyInformation::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void PolicyInformation::Print (ostream &os) const { #ifndef NDEBUG @@ -1891,7 +1808,7 @@ void GeneralSubtree::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -115); + SnaccExcep::throwMe(-115); } if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0))) @@ -1933,7 +1850,7 @@ void GeneralSubtree::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -116); + SnaccExcep::throwMe(-116); } else return; @@ -1956,33 +1873,12 @@ void GeneralSubtree::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "GeneralSubtree::BDec: ERROR - wrong tag" << endl; - longjmp (env, -117); + SnaccExcep::throwMe(-117); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int GeneralSubtree::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int GeneralSubtree::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void GeneralSubtree::Print (ostream &os) const { #ifndef NDEBUG @@ -2250,7 +2146,7 @@ void DistributionPoint::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -118); + SnaccExcep::throwMe(-118); } else return; @@ -2273,33 +2169,12 @@ void DistributionPoint::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "DistributionPoint::BDec: ERROR - wrong tag" << endl; - longjmp (env, -119); + SnaccExcep::throwMe(-119); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int DistributionPoint::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DistributionPoint::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DistributionPoint::Print (ostream &os) const { #ifndef NDEBUG @@ -2391,7 +2266,7 @@ void CertificatePoliciesSyntax::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CertificatePoliciesSyntax::BDec: ERROR - wrong tag" << endl; - longjmp (env, -120); + SnaccExcep::throwMe(-120); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -2795,7 +2670,7 @@ void CertificatePoliciesSyntax::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLe if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -121); + SnaccExcep::throwMe(-121); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -2834,7 +2709,7 @@ void GeneralSubtrees::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "GeneralSubtrees::BDec: ERROR - wrong tag" << endl; - longjmp (env, -122); + SnaccExcep::throwMe(-122); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -3238,7 +3113,7 @@ void GeneralSubtrees::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0 if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -123); + SnaccExcep::throwMe(-123); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -3453,7 +3328,7 @@ void AuthorityKeyIdentifier::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -124); + SnaccExcep::throwMe(-124); } else return; @@ -3476,33 +3351,12 @@ void AuthorityKeyIdentifier::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE en if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "AuthorityKeyIdentifier::BDec: ERROR - wrong tag" << endl; - longjmp (env, -125); + SnaccExcep::throwMe(-125); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int AuthorityKeyIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int AuthorityKeyIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void AuthorityKeyIdentifier::Print (ostream &os) const { #ifndef NDEBUG @@ -3594,7 +3448,7 @@ void ExtKeyUsageSyntax::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "ExtKeyUsageSyntax::BDec: ERROR - wrong tag" << endl; - longjmp (env, -126); + SnaccExcep::throwMe(-126); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -3997,7 +3851,7 @@ void ExtKeyUsageSyntax::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe if ((tag1 != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -127); + SnaccExcep::throwMe(-127); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -4166,7 +4020,7 @@ void PrivateKeyUsagePeriod::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -128); + SnaccExcep::throwMe(-128); } else return; @@ -4189,33 +4043,12 @@ void PrivateKeyUsagePeriod::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "PrivateKeyUsagePeriod::BDec: ERROR - wrong tag" << endl; - longjmp (env, -129); + SnaccExcep::throwMe(-129); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int PrivateKeyUsagePeriod::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PrivateKeyUsagePeriod::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void PrivateKeyUsagePeriod::Print (ostream &os) const { #ifndef NDEBUG @@ -4290,7 +4123,7 @@ void PolicyMappingsSyntax::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "PolicyMappingsSyntax::BDec: ERROR - wrong tag" << endl; - longjmp (env, -130); + SnaccExcep::throwMe(-130); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -4694,7 +4527,7 @@ void PolicyMappingsSyntax::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -131); + SnaccExcep::throwMe(-131); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -4860,7 +4693,7 @@ void SupportedAlgorithm::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -132); + SnaccExcep::throwMe(-132); } if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0)) @@ -4903,7 +4736,7 @@ void SupportedAlgorithm::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLe else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -133); + SnaccExcep::throwMe(-133); } else return; @@ -4926,33 +4759,12 @@ void SupportedAlgorithm::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "SupportedAlgorithm::BDec: ERROR - wrong tag" << endl; - longjmp (env, -134); + SnaccExcep::throwMe(-134); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int SupportedAlgorithm::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int SupportedAlgorithm::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void SupportedAlgorithm::Print (ostream &os) const { #ifndef NDEBUG @@ -5168,7 +4980,7 @@ void BasicConstraintsSyntax::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -135); + SnaccExcep::throwMe(-135); } else return; @@ -5191,33 +5003,12 @@ void BasicConstraintsSyntax::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE en if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "BasicConstraintsSyntax::BDec: ERROR - wrong tag" << endl; - longjmp (env, -136); + SnaccExcep::throwMe(-136); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int BasicConstraintsSyntax::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int BasicConstraintsSyntax::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void BasicConstraintsSyntax::Print (ostream &os) const { #ifndef NDEBUG @@ -5422,7 +5213,7 @@ void NameConstraintsSyntax::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elm else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -137); + SnaccExcep::throwMe(-137); } else return; @@ -5445,33 +5236,12 @@ void NameConstraintsSyntax::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "NameConstraintsSyntax::BDec: ERROR - wrong tag" << endl; - longjmp (env, -138); + SnaccExcep::throwMe(-138); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int NameConstraintsSyntax::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int NameConstraintsSyntax::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void NameConstraintsSyntax::Print (ostream &os) const { #ifndef NDEBUG @@ -5676,7 +5446,7 @@ void PolicyConstraintsSyntax::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen e else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -139); + SnaccExcep::throwMe(-139); } else return; @@ -5699,33 +5469,12 @@ void PolicyConstraintsSyntax::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE e if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "PolicyConstraintsSyntax::BDec: ERROR - wrong tag" << endl; - longjmp (env, -140); + SnaccExcep::throwMe(-140); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int PolicyConstraintsSyntax::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PolicyConstraintsSyntax::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void PolicyConstraintsSyntax::Print (ostream &os) const { #ifndef NDEBUG @@ -5800,7 +5549,7 @@ void CertPolicySet::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CertPolicySet::BDec: ERROR - wrong tag" << endl; - longjmp (env, -141); + SnaccExcep::throwMe(-141); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -6203,7 +5952,7 @@ void CertPolicySet::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, if ((tag1 != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -142); + SnaccExcep::throwMe(-142); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -6242,7 +5991,7 @@ void CRLDistPointsSyntax::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "CRLDistPointsSyntax::BDec: ERROR - wrong tag" << endl; - longjmp (env, -143); + SnaccExcep::throwMe(-143); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -6646,7 +6395,7 @@ void CRLDistPointsSyntax::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmt if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -144); + SnaccExcep::throwMe(-144); } elmtLen1 = BDecLen (b, listBytesDecoded, env); @@ -6959,7 +6708,7 @@ void IssuingDistPointSyntax::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen el else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -145); + SnaccExcep::throwMe(-145); } else return; @@ -6982,33 +6731,12 @@ void IssuingDistPointSyntax::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE en if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "IssuingDistPointSyntax::BDec: ERROR - wrong tag" << endl; - longjmp (env, -146); + SnaccExcep::throwMe(-146); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int IssuingDistPointSyntax::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int IssuingDistPointSyntax::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void IssuingDistPointSyntax::Print (ostream &os) const { #ifndef NDEBUG diff --git a/SecurityASN1/c++/sm_x509cmn.cpp b/SecurityASN1/c++/sm_x509cmn.cpp index 215f1136..dca97bd7 100644 --- a/SecurityASN1/c++/sm_x509cmn.cpp +++ b/SecurityASN1/c++/sm_x509cmn.cpp @@ -2,7 +2,7 @@ // // sm_x509cmn.cpp - class member functions for ASN.1 module CommonX509Definitions // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -167,7 +168,7 @@ void EDIPartyName::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); } bytesDecoded += seqBytesDecoded; @@ -179,7 +180,7 @@ void EDIPartyName::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, As else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, -101); + SnaccExcep::throwMe(-101); } else return; @@ -202,33 +203,12 @@ void EDIPartyName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "EDIPartyName::BDec: ERROR - wrong tag" << endl; - longjmp (env, -102); + SnaccExcep::throwMe(-102); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EDIPartyName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EDIPartyName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EDIPartyName::Print (ostream &os) const { #ifndef NDEBUG @@ -565,7 +545,7 @@ void GeneralName::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLen & default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -103); + SnaccExcep::throwMe(-103); break; } // end switch } // GeneralName::BDecContent @@ -590,27 +570,6 @@ void GeneralName::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int GeneralName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int GeneralName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void GeneralName::Print (ostream &os) const { #ifndef NDEBUG @@ -719,7 +678,7 @@ void GeneralNames::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) { Asn1Error << "GeneralNames::BDec: ERROR - wrong tag" << endl; - longjmp (env, -104); + SnaccExcep::throwMe(-104); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); @@ -1135,7 +1094,7 @@ void GeneralNames::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, || (tag1 == MAKE_TAG_ID (CNTX, PRIM, 8)))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, -105); + SnaccExcep::throwMe(-105); } elmtLen1 = BDecLen (b, listBytesDecoded, env); diff --git a/SecurityASN1/c++/sm_x520sa.cpp b/SecurityASN1/c++/sm_x520sa.cpp index 63c4ab30..2a1c1a78 100644 --- a/SecurityASN1/c++/sm_x520sa.cpp +++ b/SecurityASN1/c++/sm_x520sa.cpp @@ -2,7 +2,7 @@ // // sm_x520sa.cpp - class member functions for ASN.1 module SelectedAttributeTypes // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -24,6 +24,7 @@ #include "pkcs7.h" #include "pkcs8.h" #include "appleoids.h" +#include "pkcs10.h" //------------------------------------------------------------------------------ // value defs @@ -227,7 +228,7 @@ void DirectoryString::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnL default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, -100); + SnaccExcep::throwMe(-100); break; } // end switch } // DirectoryString::BDecContent @@ -252,27 +253,6 @@ void DirectoryString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int DirectoryString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int DirectoryString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void DirectoryString::Print (ostream &os) const { #ifndef NDEBUG diff --git a/SecurityASN1/inc/appleoids.h b/SecurityASN1/inc/appleoids.h index fbcef0a2..9f96e215 100644 --- a/SecurityASN1/inc/appleoids.h +++ b/SecurityASN1/inc/appleoids.h @@ -2,7 +2,7 @@ // // appleoids.h - class definitions for ASN.1 module APPLE-OIDS // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -16,6 +16,7 @@ class FEEPrimeType; class FEECurveType; class DSABsafeParams; +class DHParameter; class FEECurveParameters; class DSAAlgorithmId; class FEEElGamalSignature; @@ -27,6 +28,8 @@ class DSAPublicKey; class DSAPrivateKeyOcts; class DSASignature; class DSAAlgParams; +class DHPrivateKey; +class DHParameterBlock; //------------------------------------------------------------------------------ // class definitions: @@ -82,9 +85,30 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); + void Print (ostream &os) const; +}; + + +class DHParameter: public AsnType +{ +public: + BigIntegerStr prime; + BigIntegerStr base; + BigIntegerStr *privateValueLength; + + DHParameter(); + DHParameter (const DHParameter &); + virtual ~DHParameter(); + virtual AsnType *Clone() const; + + virtual AsnType *Copy() const; + DHParameter &operator = (const DHParameter &); + AsnLen BEncContent (BUF_TYPE b); + void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); + + AsnLen BEnc (BUF_TYPE b); + void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); void Print (ostream &os) const; }; @@ -121,9 +145,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -147,9 +168,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -173,9 +191,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -199,9 +214,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -228,9 +240,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -255,9 +264,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -282,9 +288,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -308,9 +311,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -333,9 +333,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -359,9 +356,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -386,9 +380,53 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); + void Print (ostream &os) const; +}; + + +class DHPrivateKey: public AsnType +{ +public: + AsnOid dHOid; + DHParameter *params; + BigIntegerStr secretPart; + + DHPrivateKey(); + DHPrivateKey (const DHPrivateKey &); + virtual ~DHPrivateKey(); + virtual AsnType *Clone() const; + + virtual AsnType *Copy() const; + + DHPrivateKey &operator = (const DHPrivateKey &); + AsnLen BEncContent (BUF_TYPE b); + void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); + + AsnLen BEnc (BUF_TYPE b); + void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); + void Print (ostream &os) const; +}; + + +class DHParameterBlock: public AsnType +{ +public: + AsnOid oid; + DHParameter *params; + + DHParameterBlock(); + DHParameterBlock (const DHParameterBlock &); + virtual ~DHParameterBlock(); + virtual AsnType *Clone() const; + virtual AsnType *Copy() const; + + DHParameterBlock &operator = (const DHParameterBlock &); + AsnLen BEncContent (BUF_TYPE b); + void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); + + AsnLen BEnc (BUF_TYPE b); + void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); void Print (ostream &os) const; }; @@ -424,6 +462,10 @@ public: #define appleFeedExp AsnOid(appleFeedExp_arc) #define appleECDSA_arc 1, 2, 840, 113635, 100, 2, 7 #define appleECDSA AsnOid(appleECDSA_arc) +#define pkcs_3_arc 1, 2, 840, 113549, 1, 3 +#define pkcs_3 AsnOid(pkcs_3_arc) +#define dhKeyAgreement_arc 1, 2, 840, 113549, 1, 3, 1 +#define dhKeyAgreement AsnOid(dhKeyAgreement_arc) //------------------------------------------------------------------------------ #endif /* conditional include of appleoids.h */ diff --git a/SecurityASN1/inc/pkcs10.h b/SecurityASN1/inc/pkcs10.h new file mode 100644 index 00000000..01093ca3 --- /dev/null +++ b/SecurityASN1/inc/pkcs10.h @@ -0,0 +1,110 @@ +// NOTE: this is a machine generated file--editing not recommended +// +// pkcs10.h - class definitions for ASN.1 module PKCS5 +// +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 +// UBC snacc by Mike Sample +// A couple of enhancements made by IBM European Networking Center + +#ifndef _pkcs10_h_ +#define _pkcs10_h_ + + +//------------------------------------------------------------------------------ +// class declarations: + +class CertificationRequestInfo; +class CertificationRequest; +class CertificationRequestSigned; + +//------------------------------------------------------------------------------ +// class definitions: + +typedef enum PKCS5AnyId +{ + +} PKCS5AnyId; + + +/* INTEGER */ +typedef AsnInt VersionP10; + +class CertificationRequestInfo: public AsnType +{ +public: + VersionP10 version; + Name *subject; + SubjectPublicKeyInfo *subjectPublicKeyInfo; + Attributes attributes; + + CertificationRequestInfo(); + CertificationRequestInfo (const CertificationRequestInfo &); + virtual ~CertificationRequestInfo(); + virtual AsnType *Clone() const; + + virtual AsnType *Copy() const; + + CertificationRequestInfo &operator = (const CertificationRequestInfo &); + AsnLen BEncContent (BUF_TYPE b); + void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); + + AsnLen BEnc (BUF_TYPE b); + void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); + void Print (ostream &os) const; +}; + + +class CertificationRequest: public AsnType +{ +public: + CertificationRequestInfo *certificationRequestInfo; + SignatureAlgorithmIdentifier *signatureAlgorithm; + Signature signature; + + CertificationRequest(); + CertificationRequest (const CertificationRequest &); + virtual ~CertificationRequest(); + virtual AsnType *Clone() const; + + virtual AsnType *Copy() const; + + CertificationRequest &operator = (const CertificationRequest &); + AsnLen BEncContent (BUF_TYPE b); + void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); + + AsnLen BEnc (BUF_TYPE b); + void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); + void Print (ostream &os) const; +}; + + +class CertificationRequestSigned: public AsnType +{ +public: + AsnAny certificationRequestInfo; + SignatureAlgorithmIdentifier *signatureAlgorithm; + Signature signature; + + CertificationRequestSigned(); + CertificationRequestSigned (const CertificationRequestSigned &); + virtual ~CertificationRequestSigned(); + virtual AsnType *Clone() const; + + virtual AsnType *Copy() const; + + CertificationRequestSigned &operator = (const CertificationRequestSigned &); + AsnLen BEncContent (BUF_TYPE b); + void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); + + AsnLen BEnc (BUF_TYPE b); + void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); + void Print (ostream &os) const; +}; + + +//------------------------------------------------------------------------------ +// externs for value defs + +//------------------------------------------------------------------------------ + +#endif /* conditional include of pkcs10.h */ diff --git a/SecurityASN1/inc/pkcs1oids.h b/SecurityASN1/inc/pkcs1oids.h index 7fc99ef3..7c56584a 100644 --- a/SecurityASN1/inc/pkcs1oids.h +++ b/SecurityASN1/inc/pkcs1oids.h @@ -2,7 +2,7 @@ // // pkcs1oids.h - class definitions for ASN.1 module PKCS1-OIDS // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -38,9 +38,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -71,9 +68,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/pkcs7.h b/SecurityASN1/inc/pkcs7.h index 25895ea6..3aedd6c6 100644 --- a/SecurityASN1/inc/pkcs7.h +++ b/SecurityASN1/inc/pkcs7.h @@ -2,7 +2,7 @@ // // pkcs7.h - class definitions for ASN.1 module PKCS7 // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -62,9 +62,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -88,9 +85,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/pkcs8.h b/SecurityASN1/inc/pkcs8.h index 8f5ef9cf..dd9bd68e 100644 --- a/SecurityASN1/inc/pkcs8.h +++ b/SecurityASN1/inc/pkcs8.h @@ -2,7 +2,7 @@ // // pkcs8.h - class definitions for ASN.1 module PrivateKeyInformationSyntax // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -43,9 +43,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -69,9 +66,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/pkcs9oids.h b/SecurityASN1/inc/pkcs9oids.h index 45d641bd..c3f72cf8 100644 --- a/SecurityASN1/inc/pkcs9oids.h +++ b/SecurityASN1/inc/pkcs9oids.h @@ -2,7 +2,7 @@ // // pkcs9oids.h - class definitions for ASN.1 module PKCS9-OIDS // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center diff --git a/SecurityASN1/inc/sm_cms.h b/SecurityASN1/inc/sm_cms.h index 162c5d4e..dbc362f1 100644 --- a/SecurityASN1/inc/sm_cms.h +++ b/SecurityASN1/inc/sm_cms.h @@ -2,7 +2,7 @@ // // sm_cms.h - class definitions for ASN.1 module CryptographicMessageSyntax // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -130,9 +130,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -234,9 +231,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -260,9 +254,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -349,9 +340,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -386,9 +374,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -413,9 +398,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -450,9 +432,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -489,9 +468,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -516,9 +492,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -543,9 +516,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -570,9 +540,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -601,9 +568,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -629,9 +593,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -666,9 +627,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -694,9 +652,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -721,9 +676,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -810,9 +762,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -849,9 +798,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -938,9 +884,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1030,9 +973,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1069,9 +1009,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1158,9 +1095,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1188,9 +1122,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1217,9 +1148,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1245,9 +1173,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1271,9 +1196,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1304,9 +1226,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1408,9 +1327,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1445,9 +1361,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1471,9 +1384,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/sm_ess.h b/SecurityASN1/inc/sm_ess.h index 7cc315ef..6c17a968 100644 --- a/SecurityASN1/inc/sm_ess.h +++ b/SecurityASN1/inc/sm_ess.h @@ -2,7 +2,7 @@ // // sm_ess.h - class definitions for ASN.1 module ExtendedSecurityServices // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -439,9 +439,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -465,9 +462,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -502,9 +496,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -539,9 +530,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -641,9 +629,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -667,9 +652,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -758,9 +740,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -785,9 +764,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -812,9 +788,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -840,9 +813,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -866,9 +836,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -893,9 +860,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1045,9 +1009,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/sm_vdatypes.h b/SecurityASN1/inc/sm_vdatypes.h index f48f6424..5f2a1e0c 100644 --- a/SecurityASN1/inc/sm_vdatypes.h +++ b/SecurityASN1/inc/sm_vdatypes.h @@ -2,7 +2,7 @@ // // sm_vdatypes.h - class definitions for ASN.1 module VdaEnhancedTypes // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -34,9 +34,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; diff --git a/SecurityASN1/inc/sm_x411mtsas.h b/SecurityASN1/inc/sm_x411mtsas.h index 4a2bde91..abc40e4c 100644 --- a/SecurityASN1/inc/sm_x411mtsas.h +++ b/SecurityASN1/inc/sm_x411mtsas.h @@ -2,7 +2,7 @@ // // sm_x411mtsas.h - class definitions for ASN.1 module MTSAbstractService // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -68,9 +68,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -105,9 +102,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -148,9 +142,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -182,9 +173,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -211,9 +199,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -237,9 +222,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -266,9 +248,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -491,9 +470,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -518,9 +494,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -555,9 +528,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/sm_x411ub.h b/SecurityASN1/inc/sm_x411ub.h index fc4fd2e6..56cebf81 100644 --- a/SecurityASN1/inc/sm_x411ub.h +++ b/SecurityASN1/inc/sm_x411ub.h @@ -2,7 +2,7 @@ // // sm_x411ub.h - class definitions for ASN.1 module UpperBounds // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center diff --git a/SecurityASN1/inc/sm_x501if.h b/SecurityASN1/inc/sm_x501if.h index df4239bb..32f3cce3 100644 --- a/SecurityASN1/inc/sm_x501if.h +++ b/SecurityASN1/inc/sm_x501if.h @@ -2,7 +2,7 @@ // // sm_x501if.h - class definitions for ASN.1 module InformationFramework // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -121,9 +121,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -273,9 +270,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -301,9 +295,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -525,9 +516,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/sm_x501ud.h b/SecurityASN1/inc/sm_x501ud.h index b2a4e1a1..3e035db3 100644 --- a/SecurityASN1/inc/sm_x501ud.h +++ b/SecurityASN1/inc/sm_x501ud.h @@ -2,7 +2,7 @@ // // sm_x501ud.h - class definitions for ASN.1 module UsefulDefinitions // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center diff --git a/SecurityASN1/inc/sm_x509af.h b/SecurityASN1/inc/sm_x509af.h index 71dadac2..586583ad 100644 --- a/SecurityASN1/inc/sm_x509af.h +++ b/SecurityASN1/inc/sm_x509af.h @@ -2,7 +2,7 @@ // // sm_x509af.h - class definitions for ASN.1 module AuthenticationFramework // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -220,9 +220,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -257,9 +254,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -284,9 +278,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -310,9 +301,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -336,9 +324,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -362,9 +347,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -452,9 +434,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -489,9 +468,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -526,9 +502,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -553,9 +526,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -650,9 +620,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -681,9 +648,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -714,9 +678,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -741,9 +702,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -830,9 +788,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -857,9 +812,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -884,9 +836,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1036,9 +985,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1125,9 +1071,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1151,9 +1094,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1177,9 +1117,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1205,9 +1142,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/sm_x509ce.h b/SecurityASN1/inc/sm_x509ce.h index 761a722e..918ed70a 100644 --- a/SecurityASN1/inc/sm_x509ce.h +++ b/SecurityASN1/inc/sm_x509ce.h @@ -2,7 +2,7 @@ // // sm_x509ce.h - class definitions for ASN.1 module CertificateExtensions // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -151,9 +151,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -251,9 +248,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -277,9 +271,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -366,9 +357,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -393,9 +381,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -420,9 +405,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -573,9 +555,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -665,9 +644,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -755,9 +731,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -790,9 +763,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -816,9 +786,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -842,9 +809,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -1000,9 +964,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/sm_x509cmn.h b/SecurityASN1/inc/sm_x509cmn.h index 657be718..123a2007 100644 --- a/SecurityASN1/inc/sm_x509cmn.h +++ b/SecurityASN1/inc/sm_x509cmn.h @@ -2,7 +2,7 @@ // // sm_x509cmn.h - class definitions for ASN.1 module CommonX509Definitions // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -42,9 +42,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -93,9 +90,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecurityASN1/inc/sm_x520sa.h b/SecurityASN1/inc/sm_x520sa.h index 33de4c75..f915e222 100644 --- a/SecurityASN1/inc/sm_x520sa.h +++ b/SecurityASN1/inc/sm_x520sa.h @@ -2,7 +2,7 @@ // // sm_x520sa.h - class definitions for ASN.1 module SelectedAttributeTypes // -// This file was generated by snacc on Wed Jun 27 16:40:55 2001 +// This file was generated by snacc on Mon Apr 22 22:34:19 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -57,9 +57,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecuritySNACCRuntime/Apple_README b/SecuritySNACCRuntime/Apple_README index 9026bdd3..4339d806 100644 --- a/SecuritySNACCRuntime/Apple_README +++ b/SecuritySNACCRuntime/Apple_README @@ -1,23 +1,22 @@ MacOS X Porting notes - 20 June 2001 dmitch + 20 March 2002 dmitch -- snacc.pbproj contains the following targets: world: aggregate target, builds UnixBuild and snaccRuntime UnixBuild: Legacy target, invokes MacOSX-Install, a custom - script to config and build the snacc compiler and the - Unix versions of the various libraries. This does not install - the snacc binary; maybe it should. - - Due to many brain dead Makefiles, this target always rebuilds - a ton of stuff even if nothing has changed. Feel free to rewrite - all the Makefiles to fix this. - - snaccRuntime: builds the runtime support library as an OSX + script to config and build the snacc compiler. This does + not install the snacc binary; maybe it should. + + snaccRuntime: builds the runtime support library as an OSX framework using the same source as c++-lib. Currently obsolete; this is now part of Security.framework. - + + asn-useful - recompiles the sole ASN1 source in this modules + asn-usefule.asn1. Do this after building and installing + a new compiler. + -- There are a few header files which have duplicate copies in the snacc-1.3vda root directory and in c++-lib/inc. They're needed in the root by the compiler build and various configure @@ -41,4 +40,14 @@ -- When running the snacc compiler to generate C++ source, you must specify the (undocumented) -D argument to enable VDADER_RULES. When compiling that source, you must do a -DVDADER_RULES. + +-- As of 20 March 2002, the BDec routines now throw SnaccExcep exceptions; + there are no more setjmp/longjmp catchers. This is controlled by the + SNACC_EXCEPTION_ENABLE flag found in both asn-config.h files. + +-- As of 20 March 2002, there are no more BEncPdu or BDecPdu functions + anywhere. These were convenience routines and added about 47 KBytes + to Security.framework. This is controlled by the SNACC_ENABLE_PDU + flag found in both asn-config.h files. + \ No newline at end of file diff --git a/SecuritySNACCRuntime/CVSVersionInfo.txt b/SecuritySNACCRuntime/CVSVersionInfo.txt index 25337447..56be069d 100644 --- a/SecuritySNACCRuntime/CVSVersionInfo.txt +++ b/SecuritySNACCRuntime/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:14:04 mb Exp $ -# $Name: Security-30~1 $ +# $Name: $ ProjectName: SecuritySNACCRuntime ProjectVersion: 6.1 diff --git a/SecuritySNACCRuntime/MacOSX-Install b/SecuritySNACCRuntime/MacOSX-Install index 5151357a..84f54770 100755 --- a/SecuritySNACCRuntime/MacOSX-Install +++ b/SecuritySNACCRuntime/MacOSX-Install @@ -3,11 +3,12 @@ export LEXLIB="-ll" export CFLAGS="-DMACOS -DYYTEXT_POINTER" export srcdir=`pwd` echo === running configure.... +chmod a+x configure ./configure rm -f c++-lib/inc/config.h cp -p config.h c++-lib/inc echo === running make depend for $srcdir.... make depend srcdir=$srcdir -echo === running make all.... +echo === running make compiler.... #make all srcdir=$srcdir make compiler srcdir=$srcdir diff --git a/SecuritySNACCRuntime/MacOSX-make b/SecuritySNACCRuntime/MacOSX-make index 760143f5..396f6d30 100644 --- a/SecuritySNACCRuntime/MacOSX-make +++ b/SecuritySNACCRuntime/MacOSX-make @@ -9,4 +9,13 @@ clean: echo === Cleaning snacc source via Makefile === (cd $(SRCROOT); make clean srcdir=$(SRCROOT)) +# +# used very infrequently to recompile asn-useful.asn +# +asn-useful: + (cd c++-lib; \ + rm -f inc/asn-useful src/asn-useful.cpp c++/asn-useful.cpp stamp-useful; \ + make stamp-useful; \ + cp src/asn-useful.cpp c++) + # FIXME - install? diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-any.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-any.cpp index 9b183df8..c1ed266e 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-any.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-any.cpp @@ -53,8 +53,14 @@ // // // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-any.cpp,v 1.3 2001/06/27 23:09:14 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-any.cpp,v 1.4 2002/03/21 05:38:44 dmitch Exp $ // $Log: asn-any.cpp,v $ +// Revision 1.4 2002/03/21 05:38:44 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.3.44.1 2002/03/20 00:36:48 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.3 2001/06/27 23:09:14 dmitch // Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration. // @@ -273,13 +279,21 @@ void AsnAny::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) { if (ai == NULL) + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-81); + #else longjmp (env, -81); - + #endif + // XXX This is wrong. value = static_cast(ai->typeToClone->Clone()); if (value == NULL) + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-82); + #else longjmp (env, -82); + #endif else value->BDec (b, bytesDecoded, env); } diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-bits.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-bits.cpp index 82280899..c3a90215 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-bits.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-bits.cpp @@ -32,8 +32,14 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-bits.cpp,v 1.3 2001/06/28 23:36:11 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-bits.cpp,v 1.4 2002/03/21 05:38:44 dmitch Exp $ // $Log: asn-bits.cpp,v $ +// Revision 1.4 2002/03/21 05:38:44 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.3.44.1 2002/03/20 00:36:48 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.3 2001/06/28 23:36:11 dmitch // Removed SccsId statics. numToHexCharTblG table now const. Radar 2705410. // @@ -346,7 +352,11 @@ void AsnBits::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byt if (b.ReadError()) { Asn1Error << "BDecBitString: ERROR - decoded past end of data" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-1); + #else longjmp (env, -1); + #endif } } @@ -371,7 +381,11 @@ void AsnBits::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))) { Asn1Error << "AsnBits::BDec: ERROR tag on BIT STRING is wrong." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-50); + #else longjmp (env,-50); + #endif } elmtLen = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen, bytesDecoded, env); @@ -431,7 +445,11 @@ void AsnBits::FillBitStringStk (BUF_TYPE b, AsnLen elmtLen0, * on last piece of bits string */ Asn1Error << "BDecConsBitString: ERROR - a component of a constructed BIT STRING that is not the last has non-zero unused bits" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-2); + #else longjmp (env, -2); + #endif } if (elmtLen1 != 0) @@ -452,7 +470,11 @@ void AsnBits::FillBitStringStk (BUF_TYPE b, AsnLen elmtLen0, if (refdLen == 0) /* end of data */ { Asn1Error << "BDecConsOctetString: ERROR - expecting more data" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-3); + #else longjmp (env, -3); + #endif } refdLen = lenToRef - totalRefdLen; } @@ -475,7 +497,11 @@ void AsnBits::FillBitStringStk (BUF_TYPE b, AsnLen elmtLen0, else /* wrong tag */ { Asn1Error << "BDecConsBitString: ERROR - decoded non-BIT STRING tag inside a constructed BIT STRING" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-4); + #else longjmp (env, -4); + #endif } } /* end of for */ @@ -524,7 +550,7 @@ void AsnBits::Print (ostream &os) const size_t octetLen = (bitLen+7)/8; os << "'"; - for (int i = 0; i < octetLen; i++) + for (unsigned i = 0; i < octetLen; i++) os << TO_HEX (bits[i] >> 4) << (TO_HEX (bits[i])); os << "'H -- BIT STRING bitlen = " << bitLen << " --"; #endif /* NDEBUG */ diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-bool.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-bool.cpp index 846a3b9a..91c7cc0c 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-bool.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-bool.cpp @@ -31,8 +31,14 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-bool.cpp,v 1.2 2001/06/27 23:09:14 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-bool.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $ // $Log: asn-bool.cpp,v $ +// Revision 1.3 2002/03/21 05:38:44 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.2 2001/06/27 23:09:14 dmitch // Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration. // @@ -122,7 +128,11 @@ void AsnBool::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, BOOLEAN_TAG_CODE)) { Asn1Error << "AsnBool::BDec: ERROR tag on BOOLEAN wrong." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-51); + #else longjmp (env, -51); + #endif } elmtLen = BDecLen (b, bytesDecoded, env); @@ -137,7 +147,11 @@ void AsnBool::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byt if (elmtLen != 1) { Asn1Error << "AsnBool::BDecContent: ERROR - boolean value too long." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-5); + #else longjmp (env, -5); + #endif } value = (b.GetByte() != 0); @@ -146,7 +160,11 @@ void AsnBool::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byt if (b.ReadError()) { Asn1Error << "AsnBool::BDecContent: ERROR - decoded past end of data " << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-6); + #else longjmp (env, -6); + #endif } } diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-enum.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-enum.cpp index 751d7adb..ace7dd61 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-enum.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-enum.cpp @@ -31,8 +31,14 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-enum.cpp,v 1.2 2001/06/26 23:49:52 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-enum.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $ // $Log: asn-enum.cpp,v $ +// Revision 1.3 2002/03/21 05:38:44 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.2 2001/06/26 23:49:52 dmitch // Was cerr, is Asn1Error. // @@ -113,7 +119,11 @@ void AsnEnum::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, ENUM_TAG_CODE)) { Asn1Error << "AsnEnum::BDec: ERROR tag on ENUMERATED is wrong." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-52); + #else longjmp (env,-52); + #endif } elmtLen = BDecLen (b, bytesDecoded, env); diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-int.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-int.cpp index 218214be..3b6d65eb 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-int.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-int.cpp @@ -31,8 +31,14 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-int.cpp,v 1.2 2001/06/27 23:09:14 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-int.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $ // $Log: asn-int.cpp,v $ +// Revision 1.3 2002/03/21 05:38:44 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.2 2001/06/27 23:09:14 dmitch // Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration. // @@ -112,7 +118,7 @@ AsnType *AsnInt::Copy() const AsnLen AsnInt::BEncContent (BUF_TYPE b) { AsnLen len; - int i; + unsigned i; AsnUIntType mask; AsnUIntType dataCpy; @@ -159,13 +165,17 @@ AsnLen AsnInt::BEncContent (BUF_TYPE b) // integer value. void AsnInt::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env) { - int i; + unsigned i; AsnUIntType byte; if (elmtLen > sizeof (AsnIntType)) { Asn1Error << "AsnInt::BDecContent: ERROR - integer is too big to decode." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-7); + #else longjmp (env, -7); + #endif } /* @@ -189,7 +199,11 @@ void AsnInt::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byte if (b.ReadError()) { Asn1Error << "AsnInt::BDecContent: ERROR - decoded past end of data." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-8); + #else longjmp (env, -8); + #endif } @@ -211,7 +225,11 @@ void AsnInt::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)) { Asn1Error << "AsnInt::BDec: ERROR tag on INTEGER is wrong." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-53); + #else longjmp (env,-53); + #endif } elmtLen = BDecLen (b, bytesDecoded, env); diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-len.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-len.cpp index ee10d337..cc8b4013 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-len.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-len.cpp @@ -31,48 +31,6 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-len.cpp,v 1.1.1.1 2001/05/18 23:14:05 mb Exp $ -// $Log: asn-len.cpp,v $ -// Revision 1.1.1.1 2001/05/18 23:14:05 mb -// Move from private repository to open source repository -// -// Revision 1.2 2001/05/05 00:59:17 rmurphy -// Adding darwin license headers -// -// Revision 1.1 2000/06/15 18:44:57 dmitch -// These snacc-generated source files are now checked in to allow cross-platform build. -// -// Revision 1.2 2000/06/08 20:05:35 dmitch -// Mods for X port. These files are actually machine generated and probably don't need to be in CVS.... -// -// Revision 1.1.1.1 2000/03/09 01:00:06 rmurphy -// Base Fortissimo Tree -// -// Revision 1.1 1999/02/25 05:21:51 mb -// Added snacc c++ library -// -// Revision 1.5 1997/02/16 20:26:04 rj -// check-in of a few cosmetic changes -// -// Revision 1.4 1995/07/24 20:33:15 rj -// changed `_' to `-' in file names. -// -// Revision 1.3 1994/10/08 04:18:24 rj -// code for meta structures added (provides information about the generated code itself). -// -// code for Tcl interface added (makes use of the above mentioned meta code). -// -// virtual inline functions (the destructor, the Clone() function, BEnc(), BDec() and Print()) moved from inc/*.h to src/*.C because g++ turns every one of them into a static non-inline function in every file where the .h file gets included. -// -// made Print() const (and some other, mainly comparison functions). -// -// several `unsigned long int' turned into `size_t'. -// -// Revision 1.2 1994/08/28 10:01:13 rj -// comment leader fixed. -// -// Revision 1.1 1994/08/28 09:21:00 rj -// first check-in. for a list of changes to the snacc-1.1 distribution please refer to the ChangeLog. #include "asn-config.h" #include "asn-len.h" @@ -136,14 +94,18 @@ BDecLen (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) { AsnLen len; unsigned char byte; - int lenBytes; + unsigned lenBytes; byte = b.GetByte(); if (b.ReadError()) { Asn1Error << "BDecLen: decoded past end of data" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-9); + #else longjmp (env, -9); + #endif } bytesDecoded++; @@ -163,7 +125,11 @@ BDecLen (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (lenBytes > sizeof (long int)) { Asn1Error << "BDecLen: ERROR - length overflow" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-10); + #else longjmp (env, -10); + #endif } bytesDecoded += lenBytes; @@ -175,7 +141,11 @@ BDecLen (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (b.ReadError()) { Asn1Error << "BDecLen: decoded past end of data" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-11); + #else longjmp (env, -11); + #endif } return len; @@ -208,7 +178,11 @@ BDecEoc (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((b.GetByte() != 0) || (b.GetByte() != 0) || b.ReadError()) { Asn1Error << "BDecEoc: ERROR - non zero byte in EOC or end of data reached" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-12); + #else longjmp (env, -12); + #endif } bytesDecoded += 2; } /* BDecEoc */ diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-null.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-null.cpp index 99e133d5..728afb05 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-null.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-null.cpp @@ -31,8 +31,14 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-null.cpp,v 1.2 2001/06/27 23:09:14 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-null.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $ // $Log: asn-null.cpp,v $ +// Revision 1.3 2002/03/21 05:38:44 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.2 2001/06/27 23:09:14 dmitch // Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration. // @@ -105,7 +111,11 @@ void AsnNull::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byt if (elmtLen != 0) { Asn1Error << "AsnNull::BDecContent: ERROR - NULL values len is non-zero" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-13); + #else longjmp (env, -13); + #endif } } /* AsnNull::BDecContent */ @@ -125,7 +135,11 @@ void AsnNull::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, NULLTYPE_TAG_CODE)) { Asn1Error << "AsnNull::BDec: ERROR tag on NULL is wrong." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-55); + #else longjmp (env, -55); + #endif } elmtLen = BDecLen (b, bytesDecoded, env); diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-octs.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-octs.cpp index 53ab22c6..250b198f 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-octs.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-octs.cpp @@ -32,8 +32,14 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-octs.cpp,v 1.2 2001/06/27 23:09:15 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-octs.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $ // $Log: asn-octs.cpp,v $ +// Revision 1.3 2002/03/21 05:38:44 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.2 2001/06/27 23:09:15 dmitch // Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration. // @@ -227,7 +233,7 @@ void AsnOcts::ReSet (const char *str) void AsnOcts::Print (ostream &os) const { #ifndef NDEBUG - int i; + unsigned i; os << "'"; for (i = 0; i < octetLen; i++) os << TO_HEX (octs[i] >> 4) << (TO_HEX (octs[i])); @@ -279,7 +285,11 @@ void AsnOcts::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byt if (b.ReadError()) { Asn1Error << "BDecOctetString: ERROR - decoded past end of data" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-14); + #else longjmp (env, -14); + #endif } /* add null terminator - this is not included in the str's len */ @@ -308,7 +318,11 @@ void AsnOcts::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) (tag != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))) { Asn1Error << "AsnOcts::BDec: ERROR tag on OCTET STRING is wrong." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-56); + #else longjmp (env,-56); + #endif } elmtLen = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen, bytesDecoded, env); @@ -368,7 +382,11 @@ FillOctetStringStk (BUF_TYPE b, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE if (refdLen == 0) /* end of data */ { Asn1Error << "BDecConsOctetString: ERROR - attempt to decode past end of data" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-15); + #else longjmp (env, -15); + #endif } refdLen = elmtLen1 - totalRefdLen; } @@ -392,7 +410,11 @@ FillOctetStringStk (BUF_TYPE b, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE else /* wrong tag */ { Asn1Error << "BDecConsOctetString: ERROR - decoded non-OCTET STRING tag inside a constructed OCTET STRING" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-16); + #else longjmp (env, -16); + #endif } } /* end of for */ diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-oid.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-oid.cpp index a89ce869..086873a8 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-oid.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-oid.cpp @@ -32,8 +32,14 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-oid.cpp,v 1.3 2001/06/27 23:09:15 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-oid.cpp,v 1.4 2002/03/21 05:38:45 dmitch Exp $ // $Log: asn-oid.cpp,v $ +// Revision 1.4 2002/03/21 05:38:45 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.3.44.1 2002/03/20 00:36:50 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.3 2001/06/27 23:09:15 dmitch // Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration. // @@ -198,7 +204,7 @@ void AsnOid::Set (unsigned long int a1, unsigned long int a2, long int a3, long // write bytes except the last/least significant of the head arc number // more bit is on totalLen = elmtLen; - int i; + unsigned i; for (i = 1; i < elmtLen; i++) { *(tmpBuf++) = 0x80 | (headArcNum >> ((elmtLen-i)*7)); @@ -215,7 +221,7 @@ void AsnOid::Set (unsigned long int a1, unsigned long int a2, long int a3, long ; totalLen += elmtLen; tmpArcNum = arcNumArr[i]; - for (int j = 1; j < elmtLen; j++) + for (unsigned j = 1; j < elmtLen; j++) { *(tmpBuf++) = 0x80 | (tmpArcNum >> ((elmtLen-j)*7)); } @@ -280,7 +286,7 @@ void AsnOid::ReSet (unsigned long int a1, unsigned long int a2, long int a3, lon // returns the number of arc numbers in the OID value unsigned long int AsnOid::NumArcs() const { - int i; + unsigned i; int numArcs; for (numArcs=0, i=0; i < octetLen; ) @@ -324,7 +330,11 @@ void AsnOid::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byte if (b.ReadError()) { Asn1Error << "BDecOctetString: ERROR - decoded past end of data" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-17); + #else longjmp (env, -17); + #endif } bytesDecoded += elmtLen; } /* AsnOid::BDecContent */ @@ -344,7 +354,11 @@ void AsnOid::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE)) { Asn1Error << "AsnOid::BDec: ERROR tag on OBJECT IDENTIFIER is wrong." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-57); + #else longjmp (env,-57); + #endif } elmtLen = BDecLen (b, bytesDecoded, env); @@ -364,7 +378,7 @@ void AsnOid::Print (ostream &os) const #ifndef NDEBUG unsigned short int firstArcNum; unsigned long int arcNum; - int i; + unsigned i; // print oid in os << "{"; diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-real.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-real.cpp index 7774792c..6e84385d 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-real.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-real.cpp @@ -32,8 +32,14 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-real.cpp,v 1.3 2001/06/27 23:09:15 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-real.cpp,v 1.4 2002/03/21 05:38:45 dmitch Exp $ // $Log: asn-real.cpp,v $ +// Revision 1.4 2002/03/21 05:38:45 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.3.44.1 2002/03/20 00:36:50 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.3 2001/06/27 23:09:15 dmitch // Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration. // @@ -553,7 +559,7 @@ double AsnPlusInfinity() { double d; unsigned char *c; - int i; + unsigned i; c = (unsigned char*)&d; c[0] = 0x7f; @@ -584,7 +590,7 @@ AsnLen AsnReal::BEncContent (BUF_TYPE b) unsigned int expLen; int sign; unsigned char buf[sizeof (double)]; - int i, mantissaLen; + unsigned i, mantissaLen; unsigned char firstOctet; /* no contents for 0.0 reals */ @@ -715,7 +721,7 @@ AsnLen AsnReal::BEncContent (BUF_TYPE b) for (i = expLen; i > 0; i--) { b.PutByteRvs (exponent); - exponent >> 8; + exponent >>= 8; } /* write the exponents length if nec */ @@ -745,7 +751,7 @@ void AsnReal::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byt { unsigned char firstOctet; unsigned char firstExpOctet; - int i; + unsigned i; unsigned int expLen; double mantissa; unsigned short base; @@ -771,7 +777,11 @@ void AsnReal::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byt else { Asn1Error << "AsnReal::BDecContent: ERROR - unrecognized 1 octet length real number" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-18); + #else longjmp (env, -18); + #endif } } else @@ -838,8 +848,12 @@ void AsnReal::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byt default: Asn1Error << "AsnReal::BDecContent: ERROR - unsupported base for a binary real number." << endl; - longjmp (env, -19); - break; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-19); + #else + longjmp (env, -19); + #endif + break; } @@ -856,7 +870,11 @@ void AsnReal::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &byt else /* decimal version */ { Asn1Error << "AsnReal::BDecContent: ERROR - decimal REAL form is not currently supported" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-20); + #else longjmp (env, -20); + #endif } } @@ -877,7 +895,11 @@ void AsnReal::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, REAL_TAG_CODE)) { Asn1Error << "AsnReal::BDec: ERROR tag on REAL is wrong." << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-58); + #else longjmp (env,-58); + #endif } elmtLen = BDecLen (b, bytesDecoded, env); diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-tag.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-tag.cpp index 31bcbea9..05fd6382 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-tag.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-tag.cpp @@ -31,51 +31,6 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-tag.cpp,v 1.1.1.1 2001/05/18 23:14:06 mb Exp $ -// $Log: asn-tag.cpp,v $ -// Revision 1.1.1.1 2001/05/18 23:14:06 mb -// Move from private repository to open source repository -// -// Revision 1.2 2001/05/05 00:59:17 rmurphy -// Adding darwin license headers -// -// Revision 1.1 2000/06/15 18:44:58 dmitch -// These snacc-generated source files are now checked in to allow cross-platform build. -// -// Revision 1.2 2000/06/08 20:05:36 dmitch -// Mods for X port. These files are actually machine generated and probably don't need to be in CVS.... -// -// Revision 1.1.1.1 2000/03/09 01:00:06 rmurphy -// Base Fortissimo Tree -// -// Revision 1.1 1999/02/25 05:21:54 mb -// Added snacc c++ library -// -// Revision 1.6 1997/09/03 12:10:30 wan -// Patch to tag decoding for tags > 2^14 (thanks to Enrico Badella) -// -// Revision 1.5 1997/02/16 20:26:06 rj -// check-in of a few cosmetic changes -// -// Revision 1.4 1995/07/24 20:33:17 rj -// changed `_' to `-' in file names. -// -// Revision 1.3 1994/10/08 04:18:30 rj -// code for meta structures added (provides information about the generated code itself). -// -// code for Tcl interface added (makes use of the above mentioned meta code). -// -// virtual inline functions (the destructor, the Clone() function, BEnc(), BDec() and Print()) moved from inc/*.h to src/*.C because g++ turns every one of them into a static non-inline function in every file where the .h file gets included. -// -// made Print() const (and some other, mainly comparison functions). -// -// several `unsigned long int' turned into `size_t'. -// -// Revision 1.2 1994/08/28 10:01:20 rj -// comment leader fixed. -// -// Revision 1.1 1994/08/28 09:21:09 rj -// first check-in. for a list of changes to the snacc-1.1 distribution please refer to the ChangeLog. #include "asn-config.h" #include "asn-len.h" @@ -90,7 +45,7 @@ BDecTag (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) { AsnTag tagId; AsnTag tmpTagId; - int i; + unsigned i; tagId = ((AsnTag) b.GetByte()) << ((sizeof (AsnTag)-1) *8); bytesDecoded++; @@ -114,14 +69,22 @@ BDecTag (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if (i > (sizeof (AsnTag)+1)) { Asn1Error << "BDecTag: ERROR - tag value overflow" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-21); + #else longjmp (env, -21); + #endif } } if (b.ReadError()) { Asn1Error << "BDecTag: ERROR - decoded past the end of data" << endl; + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-22); + #else longjmp (env, -22); + #endif } return tagId; diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-type.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-type.cpp index 790d10e4..27221f5e 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-type.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-type.cpp @@ -48,8 +48,14 @@ // // MS 92 // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-type.cpp,v 1.2 2001/06/27 23:09:15 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-type.cpp,v 1.3 2002/03/21 05:38:45 dmitch Exp $ // $Log: asn-type.cpp,v $ +// Revision 1.3 2002/03/21 05:38:45 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.2.44.1 2002/03/20 00:36:50 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// // Revision 1.2 2001/06/27 23:09:15 dmitch // Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration. // @@ -133,7 +139,11 @@ AsnType *AsnType::Copy() const void AsnType::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) { Asn1Error << "ERROR - Attempt to decode an improperly formed ANY type (programming error)." << endl; - longjmp (env, -80); + #if SNACC_EXCEPTION_ENABLE + SnaccExcep::throwMe(-80); + #else + longjmp (env, -80); + #endif } AsnLen AsnType::BEnc (BUF_TYPE b) diff --git a/SecuritySNACCRuntime/c++-lib/c++/asn-useful.cpp b/SecuritySNACCRuntime/c++-lib/c++/asn-useful.cpp index 2c09583a..3e53655b 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/asn-useful.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/asn-useful.cpp @@ -1,26 +1,8 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - // NOTE: this is a machine generated file--editing not recommended // // asn-useful.cpp - class member functions for ASN.1 module ASN-USEFUL // -// This file was generated by snacc on Wed Jun 14 14:50:26 2000 +// This file was generated by snacc on Wed Mar 20 11:39:57 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -64,33 +46,12 @@ void ObjectDescriptor::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, OD_TAG_CODE))) { Asn1Error << "ObjectDescriptor::BDec: ERROR - wrong tag" << endl; - longjmp (env, 50); + SnaccExcep::throwMe(50); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ObjectDescriptor::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ObjectDescriptor::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *UTF8String::Clone() const { return new UTF8String; @@ -120,33 +81,12 @@ void UTF8String::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, 12))) { Asn1Error << "UTF8String::BDec: ERROR - wrong tag" << endl; - longjmp (env, 49); + SnaccExcep::throwMe(49); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int UTF8String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int UTF8String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *NumericString::Clone() const { return new NumericString; @@ -176,33 +116,12 @@ void NumericString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, NUMERICSTRING_TAG_CODE))) { Asn1Error << "NumericString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 48); + SnaccExcep::throwMe(48); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int NumericString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int NumericString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *PrintableString::Clone() const { return new PrintableString; @@ -232,33 +151,12 @@ void PrintableString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, PRINTABLESTRING_TAG_CODE))) { Asn1Error << "PrintableString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 47); + SnaccExcep::throwMe(47); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int PrintableString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PrintableString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *TeletexString::Clone() const { return new TeletexString; @@ -288,33 +186,12 @@ void TeletexString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE))) { Asn1Error << "TeletexString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 46); + SnaccExcep::throwMe(46); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int TeletexString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int TeletexString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *T61String::Clone() const { return new T61String; @@ -344,33 +221,12 @@ void T61String::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE))) { Asn1Error << "T61String::BDec: ERROR - wrong tag" << endl; - longjmp (env, 45); + SnaccExcep::throwMe(45); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int T61String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int T61String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *VideotexString::Clone() const { return new VideotexString; @@ -400,33 +256,12 @@ void VideotexString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, VIDEOTEXSTRING_TAG_CODE))) { Asn1Error << "VideotexString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 44); + SnaccExcep::throwMe(44); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int VideotexString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int VideotexString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *IA5String::Clone() const { return new IA5String; @@ -456,33 +291,12 @@ void IA5String::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE))) { Asn1Error << "IA5String::BDec: ERROR - wrong tag" << endl; - longjmp (env, 43); + SnaccExcep::throwMe(43); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int IA5String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int IA5String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *GraphicString::Clone() const { return new GraphicString; @@ -512,33 +326,12 @@ void GraphicString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, GRAPHICSTRING_TAG_CODE))) { Asn1Error << "GraphicString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 42); + SnaccExcep::throwMe(42); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int GraphicString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int GraphicString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *VisibleString::Clone() const { return new VisibleString; @@ -568,33 +361,12 @@ void VisibleString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, VISIBLESTRING_TAG_CODE))) { Asn1Error << "VisibleString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 41); + SnaccExcep::throwMe(41); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int VisibleString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int VisibleString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *ISO646String::Clone() const { return new ISO646String; @@ -624,33 +396,12 @@ void ISO646String::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, VISIBLESTRING_TAG_CODE))) { Asn1Error << "ISO646String::BDec: ERROR - wrong tag" << endl; - longjmp (env, 40); + SnaccExcep::throwMe(40); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ISO646String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ISO646String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *GeneralString::Clone() const { return new GeneralString; @@ -680,33 +431,12 @@ void GeneralString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, GENERALSTRING_TAG_CODE))) { Asn1Error << "GeneralString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 39); + SnaccExcep::throwMe(39); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int GeneralString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int GeneralString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *UTCTime::Clone() const { return new UTCTime; @@ -736,33 +466,12 @@ void UTCTime::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE))) { Asn1Error << "UTCTime::BDec: ERROR - wrong tag" << endl; - longjmp (env, 38); + SnaccExcep::throwMe(38); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int UTCTime::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int UTCTime::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *GeneralizedTime::Clone() const { return new GeneralizedTime; @@ -792,33 +501,12 @@ void GeneralizedTime::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))) { Asn1Error << "GeneralizedTime::BDec: ERROR - wrong tag" << endl; - longjmp (env, 37); + SnaccExcep::throwMe(37); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int GeneralizedTime::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int GeneralizedTime::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *UniversalString::Clone() const { return new UniversalString; @@ -848,33 +536,12 @@ void UniversalString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, UNIVERSALSTRING_TAG_CODE))) { Asn1Error << "UniversalString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 36); + SnaccExcep::throwMe(36); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int UniversalString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int UniversalString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *BMPString::Clone() const { return new BMPString; @@ -904,33 +571,12 @@ void BMPString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, BMPSTRING_TAG_CODE))) { Asn1Error << "BMPString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 35); + SnaccExcep::throwMe(35); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int BMPString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int BMPString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - EXTERNALChoice::EXTERNALChoice() { choiceId = single_ASN1_typeCid; @@ -1066,7 +712,7 @@ void EXTERNALChoice::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLe && (tag != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, 34); + SnaccExcep::throwMe(34); } elmtLen1 = BDecLen (b, bytesDecoded, env); @@ -1093,7 +739,7 @@ void EXTERNALChoice::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLe default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, 33); + SnaccExcep::throwMe(33); break; } // end switch } // EXTERNALChoice::BDecContent @@ -1118,30 +764,9 @@ void EXTERNALChoice::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int EXTERNALChoice::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EXTERNALChoice::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EXTERNALChoice::Print (ostream &os) const { -#ifndef NDEBUG +#ifndef NDEBUG switch (choiceId) { case single_ASN1_typeCid: @@ -1169,7 +794,7 @@ void EXTERNALChoice::Print (ostream &os) const break; } // end of switch - #endif /* NDEBUG */ +#endif /* NDEBUG */ } // EXTERNALChoice::Print EXTERNAL::EXTERNAL() @@ -1357,7 +982,7 @@ void EXTERNAL::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, 32); + SnaccExcep::throwMe(32); } bytesDecoded += seqBytesDecoded; @@ -1369,7 +994,7 @@ void EXTERNAL::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, 31); + SnaccExcep::throwMe(31); } else return; @@ -1392,36 +1017,15 @@ void EXTERNAL::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, EXTERNAL_TAG_CODE)) { Asn1Error << "EXTERNAL::BDec: ERROR - wrong tag" << endl; - longjmp (env, 30); + SnaccExcep::throwMe(30); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EXTERNAL::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EXTERNAL::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EXTERNAL::Print (ostream &os) const { -#ifndef NDEBUG +#ifndef NDEBUG os << "{ -- SEQUENCE --" << endl; indentG += stdIndentG; @@ -1485,7 +1089,7 @@ void EXTERNAL::Print (ostream &os) const indentG -= stdIndentG; Indent (os, indentG); os << "}"; - #endif /* NDEBUG */ +#endif /* NDEBUG */ } // EXTERNAL::Print diff --git a/SecuritySNACCRuntime/c++-lib/c++/str-stk.cpp b/SecuritySNACCRuntime/c++-lib/c++/str-stk.cpp index b893cb60..0f26df46 100644 --- a/SecuritySNACCRuntime/c++-lib/c++/str-stk.cpp +++ b/SecuritySNACCRuntime/c++-lib/c++/str-stk.cpp @@ -31,8 +31,18 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/str-stk.cpp,v 1.1.1.1 2001/05/18 23:14:06 mb Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/str-stk.cpp,v 1.2 2002/02/07 04:30:04 mb Exp $ // $Log: str-stk.cpp,v $ +// Revision 1.2 2002/02/07 04:30:04 mb +// Fixes required to build with gcc3. +// Merged from branch PR-2848996 +// Bug #: 2848996 +// Submitted by: +// Reviewed by: Turly O'Connor +// +// Revision 1.1.1.1.12.1 2002/02/06 23:45:03 mb +// Changes to allow building with gcc3 +// // Revision 1.1.1.1 2001/05/18 23:14:06 mb // Move from private repository to open source repository // @@ -113,7 +123,7 @@ void StrStk::Push (char *str, size_t strLen) struct Elmt *tmpStk; // alloc bigger stack and copy old elmts to it tmpStk = new struct Elmt[size + growSize]; - for (int i = 0; i < size; i++) + for (size_t i = 0; i < size; i++) tmpStk[i] = stk[i]; delete stk; stk = tmpStk; diff --git a/SecuritySNACCRuntime/c++-lib/dependencies b/SecuritySNACCRuntime/c++-lib/dependencies index bc4a7f58..e69de29b 100644 --- a/SecuritySNACCRuntime/c++-lib/dependencies +++ b/SecuritySNACCRuntime/c++-lib/dependencies @@ -1,792 +0,0 @@ -c++/asn-any.o: src/asn-any.cpp inc/asn-incl.h inc/asn-config.h \ - /usr/include/ctype.h /usr/include/runetype.h \ - /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ - /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \ - inc/asn-bool.h inc/asn-real.h inc/asn-oid.h inc/asn-octs.h \ - inc/asn-bits.h inc/str-stk.h inc/asn-enum.h inc/asn-null.h \ - inc/asn-any.h inc/hash.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/../assert.h \ - /usr/include/gcc/darwin/2.95.2/g++/exception \ - /usr/include/gcc/darwin/2.95.2/g++/new \ - /usr/include/gcc/darwin/2.95.2/g++/string \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \ - /usr/include/gcc/darwin/2.95.2/g++/cstddef \ - /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \ - /usr/include/gcc/darwin/2.95.2/g++/cctype \ - /usr/include/gcc/darwin/2.95.2/g++/cstring \ - /usr/include/gcc/darwin/2.95.2/g++/alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/iterator \ - /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \ - /usr/include/gcc/darwin/2.95.2/g++/cassert \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \ - /usr/include/errno.h /usr/include/sys/errno.h \ - /System/Library/Frameworks/System.framework/Headers/pthread.h \ - /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \ - /System/Library/Frameworks/System.framework/Headers/sched.h \ - /usr/include/time.h \ - /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \ - /usr/include/ppc/limits.h \ - /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine.h \ - /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \ - /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/port.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/policy.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \ - /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \ - /usr/include/limits.h /usr/include/sys/syslimits.h \ - /usr/include/sys/time.h inc/asn-useful.h inc/print.h \ - inc/sm_vdasnacc.h -c++/asn-bits.o: src/asn-bits.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-bits.h \ - inc/str-stk.h -c++/asn-bool.o: src/asn-bool.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-bool.h -c++/asn-enum.o: src/asn-enum.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \ - inc/asn-enum.h -c++/asn-int.o: src/asn-int.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h -c++/asn-len.o: src/asn-len.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h -c++/asn-list.o: src/asn-list.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-list.h -c++/asn-null.o: src/asn-null.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-null.h -c++/asn-octs.o: src/asn-octs.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-bits.h \ - inc/str-stk.h inc/asn-octs.h -c++/asn-oid.o: src/asn-oid.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h \ - /usr/include/gcc/darwin/2.95.2/g++/strstream.h \ - /usr/include/gcc/darwin/2.95.2/g++/strfile.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-oid.h \ - inc/print.h -c++/asn-real.o: src/asn-real.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-real.h -c++/asn-tag.o: src/asn-tag.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h -c++/asn-type.o: src/asn-type.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h -c++/hash.o: src/hash.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/hash.h -c++/meta.o: src/meta.cpp inc/asn-incl.h inc/asn-config.h \ - /usr/include/ctype.h /usr/include/runetype.h \ - /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ - /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \ - inc/asn-bool.h inc/asn-real.h inc/asn-oid.h inc/asn-octs.h \ - inc/asn-bits.h inc/str-stk.h inc/asn-enum.h inc/asn-null.h \ - inc/asn-any.h inc/hash.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/../assert.h \ - /usr/include/gcc/darwin/2.95.2/g++/exception \ - /usr/include/gcc/darwin/2.95.2/g++/new \ - /usr/include/gcc/darwin/2.95.2/g++/string \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \ - /usr/include/gcc/darwin/2.95.2/g++/cstddef \ - /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \ - /usr/include/gcc/darwin/2.95.2/g++/cctype \ - /usr/include/gcc/darwin/2.95.2/g++/cstring \ - /usr/include/gcc/darwin/2.95.2/g++/alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/iterator \ - /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \ - /usr/include/gcc/darwin/2.95.2/g++/cassert \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \ - /usr/include/errno.h /usr/include/sys/errno.h \ - /System/Library/Frameworks/System.framework/Headers/pthread.h \ - /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \ - /System/Library/Frameworks/System.framework/Headers/sched.h \ - /usr/include/time.h \ - /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \ - /usr/include/ppc/limits.h \ - /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine.h \ - /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \ - /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/port.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/policy.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \ - /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \ - /usr/include/limits.h /usr/include/sys/syslimits.h \ - /usr/include/sys/time.h inc/asn-useful.h inc/print.h -c++/print.o: src/print.cpp inc/asn-incl.h inc/asn-config.h \ - /usr/include/ctype.h /usr/include/runetype.h \ - /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ - /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \ - inc/asn-bool.h inc/asn-real.h inc/asn-oid.h inc/asn-octs.h \ - inc/asn-bits.h inc/str-stk.h inc/asn-enum.h inc/asn-null.h \ - inc/asn-any.h inc/hash.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/../assert.h \ - /usr/include/gcc/darwin/2.95.2/g++/exception \ - /usr/include/gcc/darwin/2.95.2/g++/new \ - /usr/include/gcc/darwin/2.95.2/g++/string \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \ - /usr/include/gcc/darwin/2.95.2/g++/cstddef \ - /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \ - /usr/include/gcc/darwin/2.95.2/g++/cctype \ - /usr/include/gcc/darwin/2.95.2/g++/cstring \ - /usr/include/gcc/darwin/2.95.2/g++/alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/iterator \ - /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \ - /usr/include/gcc/darwin/2.95.2/g++/cassert \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \ - /usr/include/errno.h /usr/include/sys/errno.h \ - /System/Library/Frameworks/System.framework/Headers/pthread.h \ - /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \ - /System/Library/Frameworks/System.framework/Headers/sched.h \ - /usr/include/time.h \ - /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \ - /usr/include/ppc/limits.h \ - /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine.h \ - /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \ - /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/port.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/policy.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \ - /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \ - /usr/include/limits.h /usr/include/sys/syslimits.h \ - /usr/include/sys/time.h inc/asn-useful.h inc/print.h -c++/tcl-if.o: src/tcl-if.cpp /usr/include/fcntl.h /usr/include/sys/fcntl.h \ - /usr/include/sys/types.h /usr/include/sys/cdefs.h \ - /usr/include/machine/types.h /usr/include/ppc/types.h \ - /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ - /usr/include/machine/endian.h /usr/include/ppc/endian.h \ - /usr/include/gcc/darwin/2.95.2/g++/../assert.h /usr/include/unistd.h \ - /usr/include/sys/unistd.h /usr/include/signal.h \ - /usr/include/sys/signal.h /usr/include/machine/signal.h \ - /usr/include/ppc/signal.h /usr/include/stdlib.h \ - /usr/include/gcc/darwin/2.95.2/g++/strstream.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h /usr/include/stddef.h \ - /usr/include/stdio.h /usr/include/gcc/darwin/2.95.2/g++/strfile.h \ - /usr/include/gcc/darwin/2.95.2/g++/fstream.h /usr/include/string.h \ - inc/asn-incl.h inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/memory.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/math.h inc/snacc.h inc/config.h inc/policy.h \ - inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h inc/asn-int.h inc/asn-bool.h inc/asn-real.h inc/asn-oid.h \ - inc/asn-octs.h inc/asn-bits.h inc/str-stk.h inc/asn-enum.h \ - inc/asn-null.h inc/asn-any.h inc/hash.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/exception \ - /usr/include/gcc/darwin/2.95.2/g++/new \ - /usr/include/gcc/darwin/2.95.2/g++/string \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \ - /usr/include/gcc/darwin/2.95.2/g++/cstddef \ - /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \ - /usr/include/gcc/darwin/2.95.2/g++/cctype \ - /usr/include/gcc/darwin/2.95.2/g++/cstring \ - /usr/include/gcc/darwin/2.95.2/g++/alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/iterator \ - /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \ - /usr/include/gcc/darwin/2.95.2/g++/cassert \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \ - /usr/include/errno.h /usr/include/sys/errno.h \ - /System/Library/Frameworks/System.framework/Headers/pthread.h \ - /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \ - /System/Library/Frameworks/System.framework/Headers/sched.h \ - /usr/include/time.h \ - /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \ - /usr/include/ppc/limits.h \ - /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine.h \ - /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \ - /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/port.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/policy.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \ - /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \ - /usr/include/limits.h /usr/include/sys/syslimits.h \ - /usr/include/sys/time.h inc/asn-useful.h inc/print.h inc/tcl-if.h \ - inc/init.h -c++/str-stk.o: src/str-stk.cpp inc/asn-config.h /usr/include/ctype.h \ - /usr/include/runetype.h /usr/include/machine/ansi.h \ - /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/str-stk.h -tkAppInit.o : -c++/asn-useful.o: src/asn-useful.cpp inc/asn-incl.h inc/asn-config.h \ - /usr/include/ctype.h /usr/include/runetype.h \ - /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ - /usr/include/sys/cdefs.h \ - /usr/include/gcc/darwin/2.95.2/g++/iostream.h \ - /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \ - /usr/include/gcc/darwin/2.95.2/g++/libio.h \ - /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \ - /usr/include/sys/types.h /usr/include/machine/types.h \ - /usr/include/ppc/types.h /usr/include/machine/endian.h \ - /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \ - /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \ - /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ - /usr/include/machine/signal.h /usr/include/ppc/signal.h \ - /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \ - inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \ - /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \ - /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \ - inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \ - /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \ - inc/asn-bool.h inc/asn-real.h inc/asn-oid.h inc/asn-octs.h \ - inc/asn-bits.h inc/str-stk.h inc/asn-enum.h inc/asn-null.h \ - inc/asn-any.h inc/hash.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \ - /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \ - /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \ - /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/../assert.h \ - /usr/include/gcc/darwin/2.95.2/g++/exception \ - /usr/include/gcc/darwin/2.95.2/g++/new \ - /usr/include/gcc/darwin/2.95.2/g++/string \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \ - /usr/include/gcc/darwin/2.95.2/g++/cstddef \ - /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \ - /usr/include/gcc/darwin/2.95.2/g++/cctype \ - /usr/include/gcc/darwin/2.95.2/g++/cstring \ - /usr/include/gcc/darwin/2.95.2/g++/alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \ - /usr/include/gcc/darwin/2.95.2/g++/iterator \ - /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \ - /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \ - /usr/include/gcc/darwin/2.95.2/g++/cassert \ - /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \ - /usr/include/errno.h /usr/include/sys/errno.h \ - /System/Library/Frameworks/System.framework/Headers/pthread.h \ - /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \ - /System/Library/Frameworks/System.framework/Headers/sched.h \ - /usr/include/time.h \ - /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \ - /usr/include/ppc/limits.h \ - /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine.h \ - /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \ - /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \ - /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/port.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \ - /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/policy.h \ - /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \ - /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \ - /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \ - /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \ - /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \ - /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \ - /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \ - /usr/include/limits.h /usr/include/sys/syslimits.h \ - /usr/include/sys/time.h inc/asn-useful.h inc/print.h diff --git a/SecuritySNACCRuntime/c++-lib/inc/asn-config.h b/SecuritySNACCRuntime/c++-lib/inc/asn-config.h index 7e7b846f..0053ec72 100644 --- a/SecuritySNACCRuntime/c++-lib/inc/asn-config.h +++ b/SecuritySNACCRuntime/c++-lib/inc/asn-config.h @@ -31,8 +31,54 @@ // useful, but WITHOUT ANY WARRANTY; without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/asn-config.h,v 1.3 2001/06/27 23:09:16 dmitch Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/asn-config.h,v 1.7 2002/06/12 18:36:31 dmitch Exp $ // $Log: asn-config.h,v $ +// Revision 1.7 2002/06/12 18:36:31 dmitch +// Radar 2951933: Avoid including iostream in asn-config.h for NDEBUG builds. +// +// Revision 1.6.94.4 2002/06/11 22:59:03 dmitch +// Radar 2951933. +// +// Revision 1.6.94.3 2002/06/11 22:34:50 dmitch +// More endl cleanup. +// +// Revision 1.6.94.2 2002/06/11 22:27:28 dmitch +// Clean up endl declaration for NDEBUG case. +// +// Revision 1.6.94.1 2002/06/10 23:19:08 dmitch +// Radar 2934358 - avoid #include \ in asn-config.h +// +// Revision 1.6 2002/04/18 18:58:08 dmitch +// Radar 2904404 - avoid deprecated iostream.h +// +// Revision 1.5.24.1 2002/04/17 00:48:53 dmitch +// Radar 2904404 - avoid deprecated iostream.h. +// +// Revision 1.5 2002/03/21 05:38:47 dmitch +// Radar 2868524: no more setjmp/longjmp in SNACC-generated code. +// +// Revision 1.4.32.4 2002/03/20 20:56:37 dmitch +// Further refinements for Radar 2868524: no more BDecPdu or BEncPdu. +// +// Revision 1.4.32.3 2002/03/20 02:54:08 dmitch +// Avoid the unused and uninitialized ENV_TYPE var in BDecPdu. +// +// Revision 1.4.32.2 2002/03/20 01:28:02 dmitch +// Added throw() to SnaccExcep destructor. +// +// Revision 1.4.32.1 2002/03/20 00:36:52 dmitch +// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. +// +// Revision 1.4 2002/02/07 04:30:04 mb +// Fixes required to build with gcc3. +// Merged from branch PR-2848996 +// Bug #: 2848996 +// Submitted by: +// Reviewed by: Turly O'Connor +// +// Revision 1.3.10.1 2002/02/06 23:45:04 mb +// Changes to allow building with gcc3 +// // Revision 1.3 2001/06/27 23:09:16 dmitch // Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration. // @@ -94,7 +140,22 @@ #define _asn_config_h_ #include /* for isprint() in < + +#ifdef NDEBUG +/* just get forward declarations */ +#include +namespace std { + extern ostream& endl(ostream& outs); +} +#else +#include +#endif +/* assume these... */ +using std::iostream; +using std::ostream; +using std::istream; +using std::endl; + #include #include #include @@ -102,6 +163,8 @@ #include "snacc.h" +using std::streamsize; + // used not only by AsnInt (asn-int.h), but by AsnNameDesc (meta.h) as well: #if SIZEOF_INT == 4 # define I int @@ -131,7 +194,7 @@ * - configure error handler */ #ifndef NDEBUG -#define Asn1Error cerr +#define Asn1Error std::cerr #else /* silent ostream */ @@ -184,8 +247,34 @@ extern Asn1ErrorClass Asn1Error; #include "asn-buf.h" #define BUF_TYPE AsnBuf & + +/* + * Enables throw/catch as replacement for setjmp/longjmp in C++ lib. + * BDecPdu still returns int (1 = OK, 0 = fail) in either config. + * The compiler gets this symbol from c-lib/inc/asn-config.h; runtime + * support gets this symbol from this file. There is currently no + * straightforward way to have one symbol used in both environments. + */ +#define SNACC_EXCEPTION_ENABLE 1 + +/* + * With the SNACC_EXCEPTION_ENABLE mods, ENV_TYPE is not used, though + * it still appears in the BDec*() function. + */ +#if SNACC_EXCEPTION_ENABLE +#define ENV_TYPE int +#else #define ENV_TYPE jmp_buf +#endif /* SNACC_EXCEPTION_ENABLE */ +/* + * Enable BEncPdu, BDecPdu. Same remarks apply as above w.r.t the + * c++ config file. + */ +#define SNACC_ENABLE_PDU 0 +#if SNACC_ENABLE_PDU + +#if SNACC_EXCEPTION_ENABLE /* return true if succeeded, false otherwise */ #define PDU_MEMBER_MACROS\ int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)\ @@ -196,7 +285,28 @@ extern Asn1ErrorClass Asn1Error; \ int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)\ {\ - jmp_buf env;\ +\ + bytesDecoded = 0;\ + try\ + {\ + BDec (b, bytesDecoded, 0);\ + return !b.ReadError();\ + }\ + catch(...) {\ + return false;\ + }\ + } +#else /* SNACC_EXCEPTION_ENABLE */ +#define PDU_MEMBER_MACROS\ + int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)\ + {\ + bytesEncoded = BEnc (b);\ + return !b.WriteError();\ + }\ +\ + int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)\ + {\ + ENV_TYPE env;\ int val;\ \ bytesDecoded = 0;\ @@ -208,6 +318,29 @@ extern Asn1ErrorClass Asn1Error; else\ return false;\ } +#endif /* SNACC_EXCEPTION_ENABLE */ +#else /* !SNACC_ENABLE_PDU */ +/* empty */ +#define PDU_MEMBER_MACROS +#endif +/* + * SNACC exception class + */ +#if SNACC_EXCEPTION_ENABLE + +#include + +class SnaccExcep : public std::exception { +protected: + SnaccExcep(int err) : mErrNum(err) { } +public: + virtual ~SnaccExcep() throw() {}; + virtual int errNum() { return mErrNum; } + static void throwMe(int err); // implemented in cdsaUtils.cpp +protected: + int mErrNum; +}; +#endif /* SNACC_EXCEPTION_ENABLE */ #endif /* conditional include */ diff --git a/SecuritySNACCRuntime/c++-lib/inc/asn-octs.h b/SecuritySNACCRuntime/c++-lib/inc/asn-octs.h index 2dde1693..183b8ccb 100644 --- a/SecuritySNACCRuntime/c++-lib/inc/asn-octs.h +++ b/SecuritySNACCRuntime/c++-lib/inc/asn-octs.h @@ -57,8 +57,14 @@ // // // -// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/asn-octs.h,v 1.1.1.1 2001/05/18 23:14:06 mb Exp $ +// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/asn-octs.h,v 1.2 2002/04/18 18:58:08 dmitch Exp $ // $Log: asn-octs.h,v $ +// Revision 1.2 2002/04/18 18:58:08 dmitch +// Radar 2904404 - avoid deprecated iostream.h +// +// Revision 1.1.1.1.70.1 2002/04/17 00:48:53 dmitch +// Radar 2904404 - avoid deprecated iostream.h. +// // Revision 1.1.1.1 2001/05/18 23:14:06 mb // Move from private repository to open source repository // @@ -162,6 +168,8 @@ public: size_t Len() const { return octetLen; } operator const char* () const { return octs; } operator char* () { return octs; } + + const char * Octs() const { return octs; } #ifdef VDADER_RULES bool operator == (const AsnOcts &o) const { if (OctsEquiv(o)) return true; else return false; } diff --git a/SecuritySNACCRuntime/c++-lib/inc/asn-useful.h b/SecuritySNACCRuntime/c++-lib/inc/asn-useful.h index 49835d5b..daadb7b5 100644 --- a/SecuritySNACCRuntime/c++-lib/inc/asn-useful.h +++ b/SecuritySNACCRuntime/c++-lib/inc/asn-useful.h @@ -1,26 +1,8 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - // NOTE: this is a machine generated file--editing not recommended // // asn-useful.h - class definitions for ASN.1 module ASN-USEFUL // -// This file was generated by snacc on Thu Dec 21 14:15:26 2000 +// This file was generated by snacc on Wed Mar 20 10:07:04 2002 // UBC snacc by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -69,9 +51,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -91,9 +70,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -113,9 +89,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -135,9 +108,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -157,9 +127,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -179,9 +146,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -201,9 +165,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -223,9 +184,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -245,9 +203,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -267,9 +222,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -289,9 +241,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -311,9 +260,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -333,9 +279,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -355,9 +298,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -377,9 +317,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -399,9 +336,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - }; @@ -437,9 +371,6 @@ public: void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env); AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; @@ -465,9 +396,6 @@ public: AsnLen BEnc (BUF_TYPE b); void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env); - int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded); - int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded); - void Print (ostream &os) const; }; diff --git a/SecuritySNACCRuntime/c++-lib/inc/config.h b/SecuritySNACCRuntime/c++-lib/inc/config.h index 51b701f7..531ed594 100644 --- a/SecuritySNACCRuntime/c++-lib/inc/config.h +++ b/SecuritySNACCRuntime/c++-lib/inc/config.h @@ -1,21 +1,3 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* config.h. Generated automatically by configure. */ /* config.h.in. Generated automatically from configure.in by autoheader. */ @@ -61,42 +43,6 @@ /* * file: acconfig.h - * - * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/config.h,v 1.1.1.1 2001/05/18 23:14:06 mb Exp $ - * $Log: config.h,v $ - * Revision 1.1.1.1 2001/05/18 23:14:06 mb - * Move from private repository to open source repository - * - * Revision 1.3 2001/05/05 00:59:18 rmurphy - * Adding darwin license headers - * - * Revision 1.2 2000/12/22 00:21:57 dmitch - * Misc. update and sync for clean build on Cheetah 1D7. - * - * Revision 1.1.1.1 1999/03/16 18:05:47 aram - * Originals from SMIME Free Library. - * - * Revision 1.7 1997/03/03 11:58:26 wan - * Final pre-delivery stuff (I hope). - * - * Revision 1.6 1997/02/28 13:39:34 wan - * Modifications collected for new version 1.3: Bug fixes, tk4.2. - * - * Revision 1.5 1997/02/15 20:01:37 rj - * check whether the compiler supports volatile functions (and whether abort() is volatile). - * - * Revision 1.4 1995/02/20 11:16:57 rj - * cpp switch HAVE_VARIABLE_SIZED_AUTOMATIC_ARRAYS added. - * - * Revision 1.3 1995/02/13 14:46:49 rj - * settings for IEEE_REAL_FMT/IEEE_REAL_LIB moved from {c_lib,c++_lib}/inc/asn_config.h to acconfig.h. - * - * Revision 1.2 1994/10/08 04:38:56 rj - * slot for autoconf Tcl detection added. - * - * Revision 1.1 1994/09/01 00:51:19 rj - * first check-in (new file). - * */ /* diff --git a/SecuritySNACCRuntime/c++-lib/inc/sm_vdasnacc.h b/SecuritySNACCRuntime/c++-lib/inc/sm_vdasnacc.h index aae41213..69620140 100644 --- a/SecuritySNACCRuntime/c++-lib/inc/sm_vdasnacc.h +++ b/SecuritySNACCRuntime/c++-lib/inc/sm_vdasnacc.h @@ -201,7 +201,6 @@ long SM_Buffer2BigIntegerStr( CSM_Buffer *asn1Data, #define NULL_STR (Str_struct *) NULL - //extern "C" { //#include /**** Standard I/O includes ****/ //long vdasnacc_sortSetOf(Str_struct **strEnc, int icount); @@ -210,6 +209,8 @@ long SM_Buffer2BigIntegerStr( CSM_Buffer *asn1Data, //void free_Str_content(Str_struct *str); //} +#if SNACC_ENABLE_PDU +/* Note no equivalent if !SNACC_ENABLE_PDU */ #define ENCODE_ANY(encodedData,asnAny)\ {\ CSM_Buffer *blob=new CSM_Buffer;\ @@ -231,12 +232,6 @@ long SM_Buffer2BigIntegerStr( CSM_Buffer *asn1Data, DECODE_BUF((decodeData), blob)\ } -// This macro is usually only necessary if a SNACC AsnBuf is used -// immediately after being loaded by an application (e.g. consecutive -// encode decode operations). -#define SNACC_BUFRESET_READ(pSnaccBuf) (pSnaccBuf)->ResetInReadMode(); -#define SNACC_BUFRESET_WRITE(pSnaccBuf) (pSnaccBuf)->ResetInWriteRvsMode(); - #define ENCODE_BUF_NO_ALLOC(encodeData, blob)\ {\ char *pchBuffer = (char *)calloc(1, \ @@ -287,6 +282,14 @@ long SM_Buffer2BigIntegerStr( CSM_Buffer *asn1Data, free(pchBuffer);\ } +#endif /* SNACC_ENABLE_PDU */ + +// This macro is usually only necessary if a SNACC AsnBuf is used +// immediately after being loaded by an application (e.g. consecutive +// encode decode operations). +#define SNACC_BUFRESET_READ(pSnaccBuf) (pSnaccBuf)->ResetInReadMode(); +#define SNACC_BUFRESET_WRITE(pSnaccBuf) (pSnaccBuf)->ResetInWriteRvsMode(); + #define SM_ASSIGN_ANYBUF(lpBuf, asnAny)\ {\ (asnAny)->value = (AsnType *)new CSM_Buffer(*(lpBuf));\ diff --git a/SecuritySNACCRuntime/c++-lib/src/asn-useful.cpp b/SecuritySNACCRuntime/c++-lib/src/asn-useful.cpp index bf34dbf9..3e53655b 100644 --- a/SecuritySNACCRuntime/c++-lib/src/asn-useful.cpp +++ b/SecuritySNACCRuntime/c++-lib/src/asn-useful.cpp @@ -1,26 +1,8 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - // NOTE: this is a machine generated file--editing not recommended // // asn-useful.cpp - class member functions for ASN.1 module ASN-USEFUL // -// This file was generated by snacc on Wed Jun 14 14:50:26 2000 +// This file was generated by snacc on Wed Mar 20 11:39:57 2002 // UBC snacc written by Mike Sample // A couple of enhancements made by IBM European Networking Center @@ -64,33 +46,12 @@ void ObjectDescriptor::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, OD_TAG_CODE))) { Asn1Error << "ObjectDescriptor::BDec: ERROR - wrong tag" << endl; - longjmp (env, 50); + SnaccExcep::throwMe(50); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ObjectDescriptor::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ObjectDescriptor::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *UTF8String::Clone() const { return new UTF8String; @@ -120,33 +81,12 @@ void UTF8String::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, 12))) { Asn1Error << "UTF8String::BDec: ERROR - wrong tag" << endl; - longjmp (env, 49); + SnaccExcep::throwMe(49); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int UTF8String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int UTF8String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *NumericString::Clone() const { return new NumericString; @@ -176,33 +116,12 @@ void NumericString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, NUMERICSTRING_TAG_CODE))) { Asn1Error << "NumericString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 48); + SnaccExcep::throwMe(48); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int NumericString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int NumericString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *PrintableString::Clone() const { return new PrintableString; @@ -232,33 +151,12 @@ void PrintableString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, PRINTABLESTRING_TAG_CODE))) { Asn1Error << "PrintableString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 47); + SnaccExcep::throwMe(47); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int PrintableString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int PrintableString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *TeletexString::Clone() const { return new TeletexString; @@ -288,33 +186,12 @@ void TeletexString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE))) { Asn1Error << "TeletexString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 46); + SnaccExcep::throwMe(46); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int TeletexString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int TeletexString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *T61String::Clone() const { return new T61String; @@ -344,33 +221,12 @@ void T61String::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE))) { Asn1Error << "T61String::BDec: ERROR - wrong tag" << endl; - longjmp (env, 45); + SnaccExcep::throwMe(45); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int T61String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int T61String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *VideotexString::Clone() const { return new VideotexString; @@ -400,33 +256,12 @@ void VideotexString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, VIDEOTEXSTRING_TAG_CODE))) { Asn1Error << "VideotexString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 44); + SnaccExcep::throwMe(44); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int VideotexString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int VideotexString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *IA5String::Clone() const { return new IA5String; @@ -456,33 +291,12 @@ void IA5String::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE))) { Asn1Error << "IA5String::BDec: ERROR - wrong tag" << endl; - longjmp (env, 43); + SnaccExcep::throwMe(43); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int IA5String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int IA5String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *GraphicString::Clone() const { return new GraphicString; @@ -512,33 +326,12 @@ void GraphicString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, GRAPHICSTRING_TAG_CODE))) { Asn1Error << "GraphicString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 42); + SnaccExcep::throwMe(42); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int GraphicString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int GraphicString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *VisibleString::Clone() const { return new VisibleString; @@ -568,33 +361,12 @@ void VisibleString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, VISIBLESTRING_TAG_CODE))) { Asn1Error << "VisibleString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 41); + SnaccExcep::throwMe(41); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int VisibleString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int VisibleString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *ISO646String::Clone() const { return new ISO646String; @@ -624,33 +396,12 @@ void ISO646String::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, VISIBLESTRING_TAG_CODE))) { Asn1Error << "ISO646String::BDec: ERROR - wrong tag" << endl; - longjmp (env, 40); + SnaccExcep::throwMe(40); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int ISO646String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int ISO646String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *GeneralString::Clone() const { return new GeneralString; @@ -680,33 +431,12 @@ void GeneralString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, GENERALSTRING_TAG_CODE))) { Asn1Error << "GeneralString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 39); + SnaccExcep::throwMe(39); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int GeneralString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int GeneralString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *UTCTime::Clone() const { return new UTCTime; @@ -736,33 +466,12 @@ void UTCTime::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE))) { Asn1Error << "UTCTime::BDec: ERROR - wrong tag" << endl; - longjmp (env, 38); + SnaccExcep::throwMe(38); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int UTCTime::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int UTCTime::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *GeneralizedTime::Clone() const { return new GeneralizedTime; @@ -792,33 +501,12 @@ void GeneralizedTime::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))) { Asn1Error << "GeneralizedTime::BDec: ERROR - wrong tag" << endl; - longjmp (env, 37); + SnaccExcep::throwMe(37); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int GeneralizedTime::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int GeneralizedTime::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *UniversalString::Clone() const { return new UniversalString; @@ -848,33 +536,12 @@ void UniversalString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, UNIVERSALSTRING_TAG_CODE))) { Asn1Error << "UniversalString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 36); + SnaccExcep::throwMe(36); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int UniversalString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int UniversalString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - AsnType *BMPString::Clone() const { return new BMPString; @@ -904,33 +571,12 @@ void BMPString::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) && (tag != MAKE_TAG_ID (UNIV, CONS, BMPSTRING_TAG_CODE))) { Asn1Error << "BMPString::BDec: ERROR - wrong tag" << endl; - longjmp (env, 35); + SnaccExcep::throwMe(35); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int BMPString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int BMPString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - EXTERNALChoice::EXTERNALChoice() { choiceId = single_ASN1_typeCid; @@ -1066,7 +712,7 @@ void EXTERNALChoice::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLe && (tag != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))) { Asn1Error << "Unexpected Tag" << endl; - longjmp (env, 34); + SnaccExcep::throwMe(34); } elmtLen1 = BDecLen (b, bytesDecoded, env); @@ -1093,7 +739,7 @@ void EXTERNALChoice::BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen0, AsnLe default: Asn1Error << "ERROR - unexpected tag in CHOICE" << endl; - longjmp (env, 33); + SnaccExcep::throwMe(33); break; } // end switch } // EXTERNALChoice::BDecContent @@ -1118,29 +764,9 @@ void EXTERNALChoice::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) BDecContent (b, tag, elmtLen, bytesDecoded, env); } -int EXTERNALChoice::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EXTERNALChoice::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EXTERNALChoice::Print (ostream &os) const { +#ifndef NDEBUG switch (choiceId) { case single_ASN1_typeCid: @@ -1168,6 +794,7 @@ void EXTERNALChoice::Print (ostream &os) const break; } // end of switch +#endif /* NDEBUG */ } // EXTERNALChoice::Print EXTERNAL::EXTERNAL() @@ -1355,7 +982,7 @@ void EXTERNAL::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else { Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl; - longjmp (env, 32); + SnaccExcep::throwMe(32); } bytesDecoded += seqBytesDecoded; @@ -1367,7 +994,7 @@ void EXTERNAL::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen else if (seqBytesDecoded != elmtLen0) { Asn1Error << "ERROR - Length discrepancy on sequence." << endl; - longjmp (env, 31); + SnaccExcep::throwMe(31); } else return; @@ -1390,35 +1017,15 @@ void EXTERNAL::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env) if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, EXTERNAL_TAG_CODE)) { Asn1Error << "EXTERNAL::BDec: ERROR - wrong tag" << endl; - longjmp (env, 30); + SnaccExcep::throwMe(30); } elmtLen1 = BDecLen (b, bytesDecoded, env); BDecContent (b, tag, elmtLen1, bytesDecoded, env); } -int EXTERNAL::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded) -{ - bytesEncoded = BEnc (b); - return !b.WriteError(); -} - -int EXTERNAL::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded) -{ - ENV_TYPE env; - int val; - - bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { - BDec (b, bytesDecoded, env); - return !b.ReadError(); - } - else - return false; -} - void EXTERNAL::Print (ostream &os) const { +#ifndef NDEBUG os << "{ -- SEQUENCE --" << endl; indentG += stdIndentG; @@ -1482,6 +1089,7 @@ void EXTERNAL::Print (ostream &os) const indentG -= stdIndentG; Indent (os, indentG); os << "}"; +#endif /* NDEBUG */ } // EXTERNAL::Print diff --git a/SecuritySNACCRuntime/c++-lib/src/cdsaUtils.cpp b/SecuritySNACCRuntime/c++-lib/src/cdsaUtils.cpp index d9b9fc82..55583c13 100644 --- a/SecuritySNACCRuntime/c++-lib/src/cdsaUtils.cpp +++ b/SecuritySNACCRuntime/c++-lib/src/cdsaUtils.cpp @@ -59,8 +59,8 @@ void SC_decodeAsnBitsToCssmData( * All AsnType subclasses implement this either via PDU_MEMBER_MACROS * for SecuritySNACCRuntime built-in types, or explicitly for all * other classes using asn-useful.h. To faciliate a global "one - * routine for encode/decode" which operattes on AsnType &'s, we have - * to explicitly provide this here. Why this is no in AsnType, I don't + * routine for encode/decode" which operates on AsnType &'s, we have + * to explicitly provide this here. Why this is not in AsnType, I don't * know. */ static int SC_BDecPDU( @@ -69,16 +69,15 @@ static int SC_BDecPDU( AsnLen &bytesDecoded) { ENV_TYPE env; - int val; bytesDecoded = 0; - if ((val = setjmp (env)) == 0) - { + try { asnObj.BDec(b, bytesDecoded, env); return !b.ReadError(); } - else + catch(...) { return false; + } } static int SC_BEncPdu( @@ -188,3 +187,11 @@ void SC_encodeLength( contentLen >>= 8; } } + +/* + * Explicitly non-inlined SnaccError throw + */ +void SnaccExcep::throwMe(int err) +{ + throw SnaccExcep(err); +} diff --git a/SecuritySNACCRuntime/c++-lib/src/sm_buffer.cpp b/SecuritySNACCRuntime/c++-lib/src/sm_buffer.cpp index 68f9ae96..b0d87e9d 100644 --- a/SecuritySNACCRuntime/c++-lib/src/sm_buffer.cpp +++ b/SecuritySNACCRuntime/c++-lib/src/sm_buffer.cpp @@ -41,7 +41,9 @@ static char SccsId[ ] = "@(#) sm_buffer.cpp 1.17 5/7/98 16:36:20"; #endif #include "sm_vdasnacc.h" +#ifndef NDEBUG #include +#endif #if defined(macintosh) || defined(__APPLE__) diff --git a/SecuritySNACCRuntime/c++-lib/stamp-useful b/SecuritySNACCRuntime/c++-lib/stamp-useful index 6b0f2e8b..d20c726e 100644 --- a/SecuritySNACCRuntime/c++-lib/stamp-useful +++ b/SecuritySNACCRuntime/c++-lib/stamp-useful @@ -1 +1 @@ -Thu Dec 21 14:52:17 PST 2000 +Wed Mar 20 11:39:57 PST 2002 diff --git a/SecuritySNACCRuntime/c-lib/asn-useful.c b/SecuritySNACCRuntime/c-lib/asn-useful.c index a1439b56..2ce63e57 100644 --- a/SecuritySNACCRuntime/c-lib/asn-useful.c +++ b/SecuritySNACCRuntime/c-lib/asn-useful.c @@ -1,27 +1,9 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* * asn-useful.c * * "ASN-USEFUL" ASN.1 module encode/decode/print/free C src. * - * This file was generated by snacc on Thu Jun 8 12:35:27 2000 + * This file was generated by snacc on Tue Mar 19 07:24:46 2002 * * UBC snacc written by Mike Sample * diff --git a/SecuritySNACCRuntime/c-lib/asn-useful.h b/SecuritySNACCRuntime/c-lib/asn-useful.h index 0f2f3f98..d11f83b0 100644 --- a/SecuritySNACCRuntime/c-lib/asn-useful.h +++ b/SecuritySNACCRuntime/c-lib/asn-useful.h @@ -1,27 +1,9 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* * asn-useful.h * * "ASN-USEFUL" ASN.1 module C type definitions and prototypes * - * This .h file was generated by snacc on Thu Jun 8 12:35:27 2000 + * This .h file was generated by snacc on Tue Mar 19 07:24:46 2002 * * UBC snacc written compiler by Mike Sample * diff --git a/SecuritySNACCRuntime/c-lib/dependencies b/SecuritySNACCRuntime/c-lib/dependencies index 8c9eaed9..3dfeeee2 100644 --- a/SecuritySNACCRuntime/c-lib/dependencies +++ b/SecuritySNACCRuntime/c-lib/dependencies @@ -1,341 +1,169 @@ -asn-len.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h -asn-tag.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h -asn-int.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h -asn-bool.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-bool.h -asn-bits.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h -asn-octs.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ + /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \ + inc/asn-bits.h +asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h -asn-oid.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h -asn-real.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-real.h -asn-null.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-null.h -asn-list.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-list.h -asn-enum.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h inc/asn-enum.h -str-stk.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/str-stk.h -nibble-alloc.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h -print.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/exp-buf.h \ + inc/print.h /usr/include/string.h +print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h -asn-any.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \ inc/hash.h -hash.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/hash.h -exp-buf.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +exp-buf.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/gen-buf.h sbuf.o : tbl-dec.o : @@ -345,367 +173,186 @@ tbl-gen.o : tbl-dbg.o : tbl-print.o : tbl-util.o : -asn-useful.o : inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h +asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/exp-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h tbl.o : -asn-len.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h -asn-tag.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h -asn-int.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h -asn-bool.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-bool.h -asn-bits.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h -asn-octs.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ + /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \ + inc/asn-bits.h +asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h -asn-oid.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h -asn-real.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-real.h -asn-null.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-null.h -asn-list.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-list.h -asn-enum.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h inc/asn-enum.h -str-stk.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/str-stk.h -nibble-alloc.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h -print.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/exp-buf.h \ + inc/print.h /usr/include/string.h +print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h -asn-any.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \ inc/hash.h -hash.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/hash.h -exp-buf.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +exp-buf.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/gen-buf.h sbuf.o : tbl-dec.o : @@ -715,348 +362,177 @@ tbl-gen.o : tbl-dbg.o : tbl-print.o : tbl-util.o : -asn-useful.o : inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h +asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/exp-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h tbl.o : -asn-len.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h -asn-tag.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h -asn-int.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h -asn-bool.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-bool.h -asn-bits.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h -asn-octs.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ + /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \ + inc/asn-bits.h +asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h -asn-oid.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h -asn-real.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-real.h -asn-null.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-null.h -asn-list.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-list.h -asn-enum.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h inc/asn-enum.h -str-stk.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/str-stk.h -nibble-alloc.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h -print.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/min-buf.h \ + inc/print.h /usr/include/string.h +print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h -asn-any.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \ inc/hash.h -hash.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/hash.h exp-buf.o : sbuf.o : @@ -1067,348 +543,177 @@ tbl-gen.o : tbl-dbg.o : tbl-print.o : tbl-util.o : -asn-useful.o : inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h +asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/min-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h tbl.o : -asn-len.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h -asn-tag.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h -asn-int.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h -asn-bool.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-bool.h -asn-bits.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h -asn-octs.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ + /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \ + inc/asn-bits.h +asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h -asn-oid.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h -asn-real.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-real.h -asn-null.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-null.h -asn-list.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-list.h -asn-enum.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h inc/asn-enum.h -str-stk.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/str-stk.h -nibble-alloc.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h -print.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/sbuf.h \ + inc/print.h /usr/include/string.h +print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h -asn-any.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \ inc/hash.h -hash.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/hash.h exp-buf.o : sbuf.o : @@ -1419,593 +724,317 @@ tbl-gen.o : tbl-dbg.o : tbl-print.o : tbl-util.o : -asn-useful.o : inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h +asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/sbuf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h tbl.o : -asn-len.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h -asn-tag.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h -asn-int.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h -asn-bool.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-bool.h -asn-bits.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h -asn-octs.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ + /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \ + inc/asn-bits.h +asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h -asn-oid.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h -asn-real.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-real.h -asn-null.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-null.h -asn-list.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-list.h -asn-enum.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-int.h inc/asn-enum.h -str-stk.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/str-stk.h -nibble-alloc.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h -print.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \ + inc/print.h /usr/include/string.h +print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h -asn-any.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \ inc/hash.h -hash.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/hash.h -exp-buf.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +exp-buf.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/exp-buf.h -sbuf.o : inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +sbuf.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/sbuf.h -tbl-dec.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \ - inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h -tbl-enc.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \ - inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h -tbl-free.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \ - inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h -tbl-gen.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - inc/tbl-gen.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \ - inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h +tbl-dec.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \ + inc/tbl-print.h inc/tbl-free.h +tbl-enc.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \ + inc/tbl-print.h inc/tbl-free.h +tbl-free.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \ + inc/tbl-print.h inc/tbl-free.h +tbl-gen.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h inc/tbl-gen.h inc/tbl-incl.h inc/asn-incl.h \ + inc/asn-config.h /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \ + inc/tbl-print.h inc/tbl-free.h tbl-dbg.o : inc/tbl-dbg.h inc/tbl-gen.h inc/tbl-incl.h inc/asn-incl.h \ - inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \ - inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h -tbl-print.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ + inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \ inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h -tbl-util.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \ - inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h inc/sbuf.h -asn-useful.o : inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h -tbl.o : inc/asn-incl.h inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \ - inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \ - inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \ - inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h +tbl-print.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \ + inc/tbl-print.h inc/tbl-free.h +tbl-util.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \ + inc/tbl-print.h inc/tbl-free.h inc/sbuf.h +asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h +tbl.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \ + inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \ + inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \ + inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \ + inc/asn-useful.h inc/tbl.h diff --git a/SecuritySNACCRuntime/c-lib/inc/asn-config.h b/SecuritySNACCRuntime/c-lib/inc/asn-config.h index ac9e7e68..ed0ee03e 100644 --- a/SecuritySNACCRuntime/c-lib/inc/asn-config.h +++ b/SecuritySNACCRuntime/c-lib/inc/asn-config.h @@ -32,39 +32,6 @@ * This source code is distributed in the hope that it will be * useful, but WITHOUT ANY WARRANTY; without even the implied warranty * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * - * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c-lib/inc/asn-config.h,v 1.1.1.1 2001/05/18 23:14:08 mb Exp $ - * $Log: asn-config.h,v $ - * Revision 1.1.1.1 2001/05/18 23:14:08 mb - * Move from private repository to open source repository - * - * Revision 1.2 2001/05/05 00:59:22 rmurphy - * Adding darwin license headers - * - * Revision 1.1.1.1 1999/03/16 18:06:20 aram - * Originals from SMIME Free Library. - * - * Revision 1.6 1997/03/13 09:15:16 wan - * Improved dependency generation for stupid makedepends. - * Corrected PeekTag to peek into buffer only as far as necessary. - * Added installable error handler. - * Fixed small glitch in idl-code generator (Markku Savela ). - * - * Revision 1.5 1995/07/24 21:01:11 rj - * changed `_' to `-' in file names. - * - * Revision 1.4 1995/02/13 14:47:33 rj - * settings for IEEE_REAL_FMT/IEEE_REAL_LIB moved from {c_lib,c++_lib}/inc/asn_config.h to acconfig.h. - * - * Revision 1.3 1994/10/08 04:46:20 rj - * config.h -> snacc.h, which now is the toplevel config file. - * - * Revision 1.2 1994/08/31 23:53:05 rj - * redundant code moved into ../../config.h.bot - * - * Revision 1.1 1994/08/28 09:21:25 rj - * first check-in. for a list of changes to the snacc-1.1 distribution please refer to the ChangeLog. - * */ #ifndef _asn_config_h_ @@ -245,4 +212,19 @@ Asn1ErrorHandler Asn1InstallErrorHandler PROTO ((Asn1ErrorHandler handler)); #include "print.h" /* for printing set up */ +/* + * Enables throw/catch as replacement for setjmp/longjmp in C++ lib. + * BDecPdu still returns int (1 = OK, 0 = fail) in either config. + * The compiler gets this symbol from this file; runtime support uses + * the same symbol in c++_lib/inc/asn-config.h There is currently no + * straightforward way to have one symbol used in both environments. + */ +#define SNACC_EXCEPTION_ENABLE 1 + +/* + * Enable BEncPdu, BDecPdu. Same remarks apply as above w.r.t the + * c++ config file. + */ +#define SNACC_ENABLE_PDU 0 + #endif /* conditional include */ diff --git a/SecuritySNACCRuntime/c-lib/inc/asn-useful.h b/SecuritySNACCRuntime/c-lib/inc/asn-useful.h index 0f2f3f98..d11f83b0 100644 --- a/SecuritySNACCRuntime/c-lib/inc/asn-useful.h +++ b/SecuritySNACCRuntime/c-lib/inc/asn-useful.h @@ -1,27 +1,9 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* * asn-useful.h * * "ASN-USEFUL" ASN.1 module C type definitions and prototypes * - * This .h file was generated by snacc on Thu Jun 8 12:35:27 2000 + * This .h file was generated by snacc on Tue Mar 19 07:24:46 2002 * * UBC snacc written compiler by Mike Sample * diff --git a/SecuritySNACCRuntime/c-lib/inc/tbl.h b/SecuritySNACCRuntime/c-lib/inc/tbl.h index 45cdc3be..b69de422 100644 --- a/SecuritySNACCRuntime/c-lib/inc/tbl.h +++ b/SecuritySNACCRuntime/c-lib/inc/tbl.h @@ -1,27 +1,9 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* * tbl.h * * "TBL" ASN.1 module C type definitions and prototypes * - * This .h file was generated by snacc on Thu Jun 8 12:35:28 2000 + * This .h file was generated by snacc on Tue Mar 19 07:24:47 2002 * * UBC snacc written compiler by Mike Sample * diff --git a/SecuritySNACCRuntime/c-lib/src/asn-useful.c b/SecuritySNACCRuntime/c-lib/src/asn-useful.c index a1439b56..2ce63e57 100644 --- a/SecuritySNACCRuntime/c-lib/src/asn-useful.c +++ b/SecuritySNACCRuntime/c-lib/src/asn-useful.c @@ -1,27 +1,9 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* * asn-useful.c * * "ASN-USEFUL" ASN.1 module encode/decode/print/free C src. * - * This file was generated by snacc on Thu Jun 8 12:35:27 2000 + * This file was generated by snacc on Tue Mar 19 07:24:46 2002 * * UBC snacc written by Mike Sample * diff --git a/SecuritySNACCRuntime/c-lib/src/tbl.c b/SecuritySNACCRuntime/c-lib/src/tbl.c index c2daa0fe..957e98bb 100644 --- a/SecuritySNACCRuntime/c-lib/src/tbl.c +++ b/SecuritySNACCRuntime/c-lib/src/tbl.c @@ -1,28 +1,10 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - #if TTBL /* * tbl.c * * "TBL" ASN.1 module encode/decode/print/free C src. * - * This file was generated by snacc on Thu Jun 8 12:35:28 2000 + * This file was generated by snacc on Tue Mar 19 07:24:47 2002 * * UBC snacc written by Mike Sample * diff --git a/SecuritySNACCRuntime/c-lib/stamp-tbl b/SecuritySNACCRuntime/c-lib/stamp-tbl index b5b986da..1924b425 100644 --- a/SecuritySNACCRuntime/c-lib/stamp-tbl +++ b/SecuritySNACCRuntime/c-lib/stamp-tbl @@ -1 +1 @@ -Thu Jun 8 12:37:29 PDT 2000 +Wed Mar 20 11:39:20 PST 2002 diff --git a/SecuritySNACCRuntime/c-lib/stamp-useful b/SecuritySNACCRuntime/c-lib/stamp-useful index a707c1a4..1924b425 100644 --- a/SecuritySNACCRuntime/c-lib/stamp-useful +++ b/SecuritySNACCRuntime/c-lib/stamp-useful @@ -1 +1 @@ -Thu Jun 8 12:37:28 PDT 2000 +Wed Mar 20 11:39:20 PST 2002 diff --git a/SecuritySNACCRuntime/c-lib/tbl.c b/SecuritySNACCRuntime/c-lib/tbl.c index c2daa0fe..957e98bb 100644 --- a/SecuritySNACCRuntime/c-lib/tbl.c +++ b/SecuritySNACCRuntime/c-lib/tbl.c @@ -1,28 +1,10 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - #if TTBL /* * tbl.c * * "TBL" ASN.1 module encode/decode/print/free C src. * - * This file was generated by snacc on Thu Jun 8 12:35:28 2000 + * This file was generated by snacc on Tue Mar 19 07:24:47 2002 * * UBC snacc written by Mike Sample * diff --git a/SecuritySNACCRuntime/c-lib/tbl.h b/SecuritySNACCRuntime/c-lib/tbl.h index 45cdc3be..b69de422 100644 --- a/SecuritySNACCRuntime/c-lib/tbl.h +++ b/SecuritySNACCRuntime/c-lib/tbl.h @@ -1,27 +1,9 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* * tbl.h * * "TBL" ASN.1 module C type definitions and prototypes * - * This .h file was generated by snacc on Thu Jun 8 12:35:28 2000 + * This .h file was generated by snacc on Tue Mar 19 07:24:47 2002 * * UBC snacc written compiler by Mike Sample * diff --git a/SecuritySNACCRuntime/compiler/back-ends/c++-gen/gen-code.c b/SecuritySNACCRuntime/compiler/back-ends/c++-gen/gen-code.c index 4ba6419e..8a77a95f 100644 --- a/SecuritySNACCRuntime/compiler/back-ends/c++-gen/gen-code.c +++ b/SecuritySNACCRuntime/compiler/back-ends/c++-gen/gen-code.c @@ -39,8 +39,20 @@ * INSERT_VDA_COMMENTS * * - * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/compiler/back-ends/c++-gen/gen-code.c,v 1.3 2001/06/27 23:51:42 dmitch Exp $ + * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/compiler/back-ends/c++-gen/gen-code.c,v 1.4 2002/03/21 05:38:53 dmitch Exp $ * $Log: gen-code.c,v $ + * Revision 1.4 2002/03/21 05:38:53 dmitch + * Radar 2868524: no more setjmp/longjmp in SNACC-generated code. + * + * Revision 1.3.44.3 2002/03/20 20:56:39 dmitch + * Further refinements for Radar 2868524: no more BDecPdu or BEncPdu. + * + * Revision 1.3.44.2 2002/03/20 02:53:09 dmitch + * Avoid the unused and uninitialized jmp_buf var in BDecPdu. + * + * Revision 1.3.44.1 2002/03/20 00:36:59 dmitch + * Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp. + * * Revision 1.3 2001/06/27 23:51:42 dmitch * Reimplement partial fix for Radar 2664258: Print() routines are now empty stubs in NDEBUG config. * @@ -472,7 +484,6 @@ PrintMakeTag PARAMS ((f, tag), } /* PrintMakeTag */ - static void PrintPduMemberFcns PARAMS ((src, hdr, r, cln), FILE *src _AND_ @@ -480,6 +491,7 @@ PrintPduMemberFcns PARAMS ((src, hdr, r, cln), CxxRules *r _AND_ char *cln) { +#if SNACC_ENABLE_PDU if (printEncodersG) { fprintf (hdr, " int B%s (%s b, %s &bytesEncoded);\n", r->encodePduBaseName, bufTypeNameG, lenTypeNameG); @@ -497,9 +509,22 @@ PrintPduMemberFcns PARAMS ((src, hdr, r, cln), fprintf (src, "int %s::B%s (%s b, %s &bytesDecoded)\n", cln, r->decodePduBaseName, bufTypeNameG, lenTypeNameG); fprintf (src, "{\n"); + #if !SNACC_EXCEPTION_ENABLE fprintf (src, " %s env;\n", envTypeNameG); fprintf (src, " int val;\n\n"); + #endif fprintf (src, " bytesDecoded = 0;\n"); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " try\n"); + fprintf (src, " {\n"); + fprintf (src, " BDec (b, bytesDecoded, 0);\n"); + fprintf (src, " return !b.ReadError();\n"); + fprintf (src, " }\n"); + fprintf (src, " catch(...)\n"); + fprintf (src, " {\n"); + fprintf (src, " return false;\n"); + fprintf (src, " }\n"); + #else /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " if ((val = setjmp (env)) == 0)\n"); fprintf (src, " {\n"); fprintf (src, " BDec (b, bytesDecoded, env);\n"); @@ -511,11 +536,12 @@ PrintPduMemberFcns PARAMS ((src, hdr, r, cln), fprintf (src, " { cerr << \"longjmp return value is \" << val << endl;\n"); fprintf (src, " return false; }\n"); */ + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, "}\n\n"); } fprintf (hdr, "\n"); - +#endif /* SNACC_ENABLE_PDU */ } /* PrintPduMemberFcns */ @@ -1055,7 +1081,11 @@ PrintCxxSimpleDef PARAMS ((hdr, src, if_IBM_ENC (hdrdb COMMA srcdb COMMA) if_MET } fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n"); fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel); @@ -1737,7 +1767,11 @@ else fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n\n"); fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel); @@ -1866,7 +1900,11 @@ else fprintf (src, " default:\n"); fprintf (src, " Asn1Error << \"ERROR - unexpected tag in CHOICE\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " break;\n"); fprintf (src, " } // end switch\n"); @@ -1933,7 +1971,11 @@ else fprintf (src, "MAKE_TAG_ID (%s, %s, %d))", classStr, formStr, tag->code); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n"); fprintf (src, " extraLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel); } @@ -2567,7 +2609,11 @@ else fprintf (src, " else if (elmtLen0 != 0)\n"); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"Expected an empty sequence\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n"); /* @@ -2745,7 +2791,11 @@ else fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n\n"); fprintf (src, " elmtLen%d = BDecLen (b, seqBytesDecoded, env);\n", ++elmtLevel); } @@ -2948,7 +2998,11 @@ else fprintf (src, " else\n"); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"ERROR - SEQUENCE is missing non-optional elmt.\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n\n"); } else @@ -2967,7 +3021,11 @@ else fprintf (src, " else if (seqBytesDecoded != elmtLen0)\n"); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"ERROR - Length discrepancy on sequence.\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n"); fprintf (src, " else\n"); fprintf (src, " return;\n"); @@ -3036,7 +3094,11 @@ else fprintf (src, "MAKE_TAG_ID (%s, %s, %d))\n", classStr, formStr, tag->code); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n"); fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel); @@ -3768,7 +3830,11 @@ else fprintf (src, " else if (elmtLen0 != 0)\n"); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"Expected an empty sequence\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n"); /* forget about potential extension types for now @@ -3908,7 +3974,11 @@ else fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n\n"); fprintf (src, " elmtLen%d = BDecLen (b, setBytesDecoded, env);\n", ++elmtLevel); @@ -4040,14 +4110,22 @@ else } /* for each elmt */ fprintf (src, " default:\n"); fprintf (src, " Asn1Error << \"Unexpected Tag on SET elmt.\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " } // end switch\n"); fprintf (src, " } // end for loop\n"); fprintf (src, " bytesDecoded += setBytesDecoded;\n"); fprintf (src, " if (mandatoryElmtsDecoded != %d)\n", mandatoryElmtCount); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"ERROR - non-optional SET element missing.\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n"); } /* if not empty set clause */ @@ -4115,7 +4193,11 @@ else fprintf (src, "MAKE_TAG_ID (%s, %s, %d))\n", classStr, formStr, tag->code); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n"); fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel); @@ -4526,7 +4608,11 @@ PrintCxxListClass PARAMS ((src, hdr, if_IBM_ENC (srcdb COMMA hdrdb COMMA) mods, fprintf (src, "MAKE_TAG_ID (%s, %s, %d))\n", classStr, formStr, tag->code); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n"); fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel); @@ -4612,7 +4698,11 @@ PrintCxxListTagAndLenDecCode PARAMS ((src, td, t), fprintf (src, "))\n"); fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n\n"); fprintf (src, " elmtLen%d = BDecLen (b, listBytesDecoded, env);\n", ++elmtLevel); } @@ -4638,7 +4728,11 @@ PrintCxxListTagAndLenDecCode PARAMS ((src, td, t), fprintf (src, " {\n"); fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n"); - fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #if SNACC_EXCEPTION_ENABLE + fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--); + #else + fprintf (src, " longjmp (env, %d);\n", longJmpValG--); + #endif /* SNACC_EXCEPTION_ENABLE */ fprintf (src, " }\n\n"); fprintf (src, " elmtLen%d = BDecLen (b, listBytesDecoded, env);\n", ++elmtLevel); diff --git a/SecuritySNACCRuntime/compiler/core/tbl.c b/SecuritySNACCRuntime/compiler/core/tbl.c index ca825f8d..d6c57e26 100644 --- a/SecuritySNACCRuntime/compiler/core/tbl.c +++ b/SecuritySNACCRuntime/compiler/core/tbl.c @@ -3,7 +3,7 @@ * * "TBL" ASN.1 module encode/decode/print/free C src. * - * This file was generated by snacc on Tue Jun 19 16:55:23 2001 + * This file was generated by snacc on Tue Mar 19 07:24:43 2002 * * UBC snacc written by Mike Sample * diff --git a/SecuritySNACCRuntime/compiler/core/tbl.h b/SecuritySNACCRuntime/compiler/core/tbl.h index 2a81b7c7..6d4b19e2 100644 --- a/SecuritySNACCRuntime/compiler/core/tbl.h +++ b/SecuritySNACCRuntime/compiler/core/tbl.h @@ -3,7 +3,7 @@ * * "TBL" ASN.1 module C type definitions and prototypes * - * This .h file was generated by snacc on Tue Jun 19 16:55:23 2001 + * This .h file was generated by snacc on Tue Mar 19 07:24:43 2002 * * UBC snacc written compiler by Mike Sample * diff --git a/SecuritySNACCRuntime/compiler/dependencies b/SecuritySNACCRuntime/compiler/dependencies index 6871fc24..8267080e 100644 --- a/SecuritySNACCRuntime/compiler/dependencies +++ b/SecuritySNACCRuntime/compiler/dependencies @@ -1,1232 +1,766 @@ -lex-asn1.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +lex-asn1.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/exports.h core/parse-asn1.h core/parser.h \ - core/lex-stuff.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/errno.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/errno.h -parse-asn1.o : ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - ../policy.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h \ - ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h \ - ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h \ - ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h \ - ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h \ - ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h core/asn1module.h \ - core/lib-types.h core/snacc-util.h core/exports.h core/parser.h \ - core/lex-stuff.h -define.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ - core/define.h -dependency.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + core/lex-stuff.h /usr/include/errno.h /usr/include/sys/errno.h +parse-asn1.o : ../snacc.h ../config.h /usr/include/stdlib.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/sys/cdefs.h ../policy.h /usr/include/string.h \ + /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ + core/asn1module.h core/lib-types.h core/snacc-util.h core/exports.h \ + core/parser.h core/lex-stuff.h +define.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ + /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \ + ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \ + ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \ + ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \ + ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \ + ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \ + ../c-lib/inc/asn-useful.h core/define.h +dependency.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ + ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ + ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ + ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ + ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/snacc-util.h core/dependency.h -do-macros.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +do-macros.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/ctype.h /usr/include/runetype.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/define.h back-ends/str-util.h core/normalize.h \ core/snacc-util.h core/do-macros.h -err-chk.o : /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +err-chk.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/snacc-util.h back-ends/tag-util.h core/define.h \ core/err-chk.h -exports.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +exports.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/snacc-util.h core/exports.h -gen-tbls.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-tbls.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/tbl.h core/gen-tbls.h lib-types.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ - core/asn1module.h core/lib-types.h -link-types.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \ + ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \ + ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \ + ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \ + ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \ + ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \ + ../c-lib/inc/asn-useful.h core/asn1module.h core/lib-types.h +link-types.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ + ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ + ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ + ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ + ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/snacc-util.h core/link-types.h -link-values.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +link-values.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/snacc-util.h core/link-values.h -mem.o : ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - ../policy.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/mem.h -meta.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +mem.o : ../snacc.h ../config.h /usr/include/stdlib.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/sys/cdefs.h ../policy.h /usr/include/stdio.h \ + /usr/include/sys/types.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/mem.h +meta.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h core/meta.h -normalize.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +normalize.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/oid.h core/lib-types.h core/snacc-util.h \ core/normalize.h -oid.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +oid.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/oid.h -print.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +print.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/lib-types.h core/print.h -recursive.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +recursive.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/recursive.h core/snacc-util.h -snacc.o : ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - ../policy.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/time.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/time.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/limits.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/limits.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h \ - ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h \ - ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h \ - ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h \ - ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h \ - ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h ../version.h \ - core/asn1module.h core/exports.h core/parser.h core/dependency.h \ - core/link-types.h core/link-values.h core/err-chk.h core/print.h \ - core/recursive.h core/define.h core/normalize.h core/do-macros.h \ - core/snacc-util.h core/meta.h back-ends/str-util.h \ +snacc.o : ../snacc.h ../config.h /usr/include/stdlib.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/sys/cdefs.h ../policy.h /usr/include/sys/time.h \ + /usr/include/sys/types.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/time.h \ + /usr/include/machine/limits.h /usr/include/ppc/limits.h \ + /usr/include/string.h /usr/include/stdio.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ + ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ + ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ + ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ + ../version.h core/asn1module.h core/exports.h core/parser.h \ + core/dependency.h core/link-types.h core/link-values.h core/err-chk.h \ + core/print.h core/recursive.h core/define.h core/normalize.h \ + core/do-macros.h core/snacc-util.h core/meta.h back-ends/str-util.h \ back-ends/c-gen/rules.h back-ends/c-gen/type-info.h \ back-ends/c-gen/gen-code.h back-ends/c++-gen/rules.h \ back-ends/c++-gen/types.h back-ends/c++-gen/gen-code.h core/gen-tbls.h \ back-ends/idl-gen/rules.h back-ends/idl-gen/types.h \ back-ends/idl-gen/gen-code.h -snacc-util.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +snacc-util.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/lib-types.h core/define.h core/snacc-util.h -val-parser.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +val-parser.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/snacc-util.h core/oid.h core/val-parser.h str-util.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/unistd.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - core/asn1module.h core/define.h back-ends/c-gen/rules.h \ - back-ends/c-gen/type-info.h back-ends/c-gen/kwd.h \ - back-ends/c++-gen/kwd.h back-ends/str-util.h -tag-util.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \ + ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \ + ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \ + ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \ + ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \ + ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \ + ../c-lib/inc/asn-useful.h /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/unistd.h /usr/include/string.h core/asn1module.h \ + core/define.h back-ends/c-gen/rules.h back-ends/c-gen/type-info.h \ + back-ends/c-gen/kwd.h back-ends/c++-gen/kwd.h back-ends/str-util.h +tag-util.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ + ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ + ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ + ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ + ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/define.h core/lib-types.h back-ends/c-gen/rules.h \ back-ends/c-gen/type-info.h back-ends/str-util.h core/snacc-util.h \ back-ends/c-gen/util.h back-ends/tag-util.h cond.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ - back-ends/cond.h -type-info.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \ + ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \ + ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \ + ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \ + ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \ + ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \ + ../c-lib/inc/asn-useful.h back-ends/cond.h +type-info.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ + ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ + ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ + ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ + ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/snacc-util.h core/define.h back-ends/str-util.h \ back-ends/c-gen/rules.h back-ends/c-gen/type-info.h -util.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +util.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h back-ends/c-gen/rules.h core/snacc-util.h \ back-ends/c-gen/util.h rules.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ - core/asn1module.h back-ends/c-gen/rules.h -gen-code.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \ + ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \ + ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \ + ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \ + ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \ + ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \ + ../c-lib/inc/asn-useful.h core/asn1module.h back-ends/c-gen/rules.h +gen-code.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ + ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ + ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ + ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ + ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/print.h back-ends/c-gen/rules.h \ back-ends/c-gen/type-info.h back-ends/c-gen/util.h back-ends/cond.h \ back-ends/c-gen/gen-type.h back-ends/c-gen/gen-enc.h \ back-ends/c-gen/gen-dec.h back-ends/c-gen/gen-vals.h \ back-ends/c-gen/gen-free.h back-ends/c-gen/gen-print.h \ back-ends/c-gen/gen-any.h back-ends/c-gen/gen-code.h -gen-type.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-type.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/print.h back-ends/c-gen/rules.h \ back-ends/c-gen/type-info.h back-ends/c-gen/util.h \ back-ends/c-gen/gen-type.h -gen-enc.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-enc.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/define.h back-ends/c-gen/rules.h \ back-ends/c-gen/type-info.h back-ends/str-util.h back-ends/c-gen/util.h \ back-ends/tag-util.h core/snacc-util.h back-ends/c-gen/gen-enc.h -gen-dec.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-dec.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/define.h core/lib-types.h back-ends/c-gen/rules.h \ back-ends/c-gen/type-info.h back-ends/str-util.h core/snacc-util.h \ back-ends/c-gen/util.h back-ends/tag-util.h back-ends/c-gen/gen-dec.h -gen-vals.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-vals.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/oid.h core/asn1module.h core/define.h core/lib-types.h \ back-ends/c-gen/rules.h back-ends/c-gen/type-info.h back-ends/str-util.h \ core/snacc-util.h back-ends/c-gen/util.h back-ends/c-gen/kwd.h \ back-ends/c-gen/gen-vals.h -gen-free.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-free.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/define.h back-ends/c-gen/rules.h \ back-ends/c-gen/type-info.h back-ends/str-util.h back-ends/c-gen/util.h \ back-ends/c-gen/gen-free.h -gen-print.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-print.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/define.h back-ends/c-gen/rules.h \ back-ends/c-gen/type-info.h back-ends/str-util.h back-ends/c-gen/util.h \ back-ends/c-gen/gen-print.h -gen-any.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-any.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h back-ends/c-gen/rules.h core/define.h \ back-ends/str-util.h back-ends/c-gen/gen-vals.h core/lib-types.h \ back-ends/c-gen/gen-any.h -kwd.o : ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - ../policy.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ +kwd.o : ../snacc.h ../config.h /usr/include/stdlib.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/sys/cdefs.h ../policy.h /usr/include/string.h \ back-ends/c-gen/kwd.h -kwd.o : ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - ../policy.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ +kwd.o : ../snacc.h ../config.h /usr/include/stdlib.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/sys/cdefs.h ../policy.h /usr/include/string.h \ back-ends/c++-gen/kwd.h -types.o : /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +types.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/define.h core/asn1module.h core/snacc-util.h back-ends/str-util.h \ back-ends/c++-gen/rules.h back-ends/c++-gen/kwd.h \ back-ends/c++-gen/types.h rules.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ - core/asn1module.h back-ends/c++-gen/rules.h -gen-code.o : ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - ../policy.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/time.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/time.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/limits.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/limits.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h \ - ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h \ - ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h \ - ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h \ - ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h \ - ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h core/asn1module.h \ - core/define.h core/lib-types.h back-ends/c++-gen/rules.h \ - back-ends/c++-gen/types.h back-ends/cond.h back-ends/str-util.h \ - core/snacc-util.h core/print.h back-ends/tag-util.h core/meta.h \ - back-ends/c++-gen/gen-vals.h back-ends/c++-gen/gen-any.h \ + /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \ + ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \ + ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \ + ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \ + ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \ + ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \ + ../c-lib/inc/asn-useful.h core/asn1module.h back-ends/c++-gen/rules.h +gen-code.o : ../snacc.h ../config.h /usr/include/stdlib.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/sys/cdefs.h ../policy.h /usr/include/sys/time.h \ + /usr/include/sys/types.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h /usr/include/time.h \ + /usr/include/machine/limits.h /usr/include/ppc/limits.h \ + /usr/include/string.h /usr/include/stdio.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ + ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ + ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ + ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ + core/asn1module.h core/define.h core/lib-types.h \ + back-ends/c++-gen/rules.h back-ends/c++-gen/types.h back-ends/cond.h \ + back-ends/str-util.h core/snacc-util.h core/print.h back-ends/tag-util.h \ + core/meta.h back-ends/c++-gen/gen-vals.h back-ends/c++-gen/gen-any.h \ back-ends/c++-gen/gen-code.h -gen-vals.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-vals.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/oid.h core/define.h core/lib-types.h \ back-ends/str-util.h core/snacc-util.h back-ends/c++-gen/rules.h \ back-ends/c++-gen/gen-vals.h -gen-any.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-any.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/define.h back-ends/str-util.h \ back-ends/c++-gen/rules.h back-ends/c++-gen/gen-vals.h core/lib-types.h \ back-ends/c++-gen/gen-any.h rules.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ - core/asn1module.h back-ends/idl-gen/rules.h -types.o : /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \ + ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \ + ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \ + ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \ + ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \ + ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \ + ../c-lib/inc/asn-useful.h core/asn1module.h back-ends/idl-gen/rules.h +types.o : /usr/include/ctype.h /usr/include/runetype.h \ + /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ + ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ + ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ + ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ + ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/define.h core/asn1module.h core/snacc-util.h back-ends/str-util.h \ back-ends/idl-gen/rules.h back-ends/c++-gen/kwd.h \ back-ends/idl-gen/types.h -gen-any.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-any.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/define.h back-ends/str-util.h \ back-ends/idl-gen/rules.h back-ends/idl-gen/gen-vals.h core/lib-types.h \ back-ends/idl-gen/gen-any.h -gen-code.o : ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - ../policy.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/string.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h \ - ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h \ - ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h \ - ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h \ - ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h \ - ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h core/asn1module.h \ - core/define.h core/lib-types.h back-ends/idl-gen/rules.h \ - back-ends/idl-gen/types.h back-ends/cond.h back-ends/str-util.h \ - core/snacc-util.h core/print.h back-ends/tag-util.h \ +gen-code.o : ../snacc.h ../config.h /usr/include/stdlib.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/sys/cdefs.h ../policy.h /usr/include/string.h \ + /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ + ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ + ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ + ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ + ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ + core/asn1module.h core/define.h core/lib-types.h \ + back-ends/idl-gen/rules.h back-ends/idl-gen/types.h back-ends/cond.h \ + back-ends/str-util.h core/snacc-util.h core/print.h back-ends/tag-util.h \ back-ends/idl-gen/gen-vals.h back-ends/idl-gen/gen-any.h \ back-ends/idl-gen/gen-code.h -gen-vals.o : \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ +gen-vals.o : /usr/include/stdio.h /usr/include/sys/types.h \ + /usr/include/sys/cdefs.h /usr/include/machine/types.h \ + /usr/include/ppc/types.h /usr/include/machine/ansi.h \ + /usr/include/ppc/ansi.h /usr/include/machine/endian.h \ + /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \ + ../c-lib/inc/asn-config.h /usr/include/setjmp.h \ + /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \ + /usr/include/machine/signal.h /usr/include/ppc/signal.h \ + /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ + ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \ core/asn1module.h core/oid.h core/define.h core/lib-types.h \ back-ends/str-util.h core/snacc-util.h back-ends/idl-gen/rules.h \ back-ends/idl-gen/gen-vals.h tbl.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/math.h \ - ../snacc.h ../config.h \ - /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \ - ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \ - ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \ - ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \ - ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \ - ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \ - ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \ - core/tbl.h + /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/types.h /usr/include/ppc/types.h \ + /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \ + /usr/include/machine/endian.h /usr/include/ppc/endian.h \ + /usr/include/setjmp.h /usr/include/machine/setjmp.h \ + /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \ + /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \ + /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \ + ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \ + ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \ + ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \ + ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \ + ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \ + ../c-lib/inc/asn-useful.h core/tbl.h diff --git a/SecuritySNACCRuntime/compiler/stamp-tbl b/SecuritySNACCRuntime/compiler/stamp-tbl index 27c972b4..c2f311f9 100644 --- a/SecuritySNACCRuntime/compiler/stamp-tbl +++ b/SecuritySNACCRuntime/compiler/stamp-tbl @@ -1 +1 @@ -Thu Jun 8 12:35:10 PDT 2000 +Wed Mar 20 11:39:19 PST 2002 diff --git a/SecuritySNACCRuntime/compiler/tbl.c b/SecuritySNACCRuntime/compiler/tbl.c index f3c49457..d6c57e26 100644 --- a/SecuritySNACCRuntime/compiler/tbl.c +++ b/SecuritySNACCRuntime/compiler/tbl.c @@ -1,27 +1,9 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* * tbl.c * * "TBL" ASN.1 module encode/decode/print/free C src. * - * This file was generated by snacc on Thu Jun 8 12:35:09 2000 + * This file was generated by snacc on Tue Mar 19 07:24:43 2002 * * UBC snacc written by Mike Sample * diff --git a/SecuritySNACCRuntime/compiler/tbl.h b/SecuritySNACCRuntime/compiler/tbl.h index ac96eddd..6d4b19e2 100644 --- a/SecuritySNACCRuntime/compiler/tbl.h +++ b/SecuritySNACCRuntime/compiler/tbl.h @@ -1,27 +1,9 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* * tbl.h * * "TBL" ASN.1 module C type definitions and prototypes * - * This .h file was generated by snacc on Thu Jun 8 12:35:09 2000 + * This .h file was generated by snacc on Tue Mar 19 07:24:43 2002 * * UBC snacc written compiler by Mike Sample * diff --git a/SecuritySNACCRuntime/config.cache b/SecuritySNACCRuntime/config.cache index cfe49c35..f51a7c70 100644 --- a/SecuritySNACCRuntime/config.cache +++ b/SecuritySNACCRuntime/config.cache @@ -20,18 +20,22 @@ ac_cv_func_memcmp=${ac_cv_func_memcmp=yes} ac_cv_func_memcpy=${ac_cv_func_memcpy=yes} ac_cv_func_memset=${ac_cv_func_memset=yes} ac_cv_func_vprintf=${ac_cv_func_vprintf=yes} -ac_cv_have_x=${ac_cv_have_x='have_x=no'} +ac_cv_have_x=${ac_cv_have_x=have_x=no} ac_cv_header_dirent_dirent_h=${ac_cv_header_dirent_dirent_h=yes} ac_cv_header_fcntl_h=${ac_cv_header_fcntl_h=yes} ac_cv_header_malloc_h=${ac_cv_header_malloc_h=no} ac_cv_header_memory_h=${ac_cv_header_memory_h=yes} ac_cv_header_stdc=${ac_cv_header_stdc=yes} ac_cv_header_string_h=${ac_cv_header_string_h=yes} +ac_cv_header_tcl_h=${ac_cv_header_tcl_h=yes} ac_cv_header_time=${ac_cv_header_time=yes} ac_cv_header_unistd_h=${ac_cv_header_unistd_h=yes} ac_cv_lib_dir_opendir=${ac_cv_lib_dir_opendir=no} ac_cv_lib_fl_yywrap=${ac_cv_lib_fl_yywrap=no} +ac_cv_lib_ld_ldopen=${ac_cv_lib_ld_ldopen=no} ac_cv_lib_m_sin=${ac_cv_lib_m_sin=no} +ac_cv_lib_tcl_Tcl_CreateInterp=${ac_cv_lib_tcl_Tcl_CreateInterp=yes} +ac_cv_lib_tk_Tk_CreateWindow=${ac_cv_lib_tk_Tk_CreateWindow=no} ac_cv_path_install=${ac_cv_path_install='/usr/bin/install -c'} ac_cv_prog_AR=${ac_cv_prog_AR=ar} ac_cv_prog_CC=${ac_cv_prog_CC=cc} @@ -41,6 +45,7 @@ ac_cv_prog_LEX=${ac_cv_prog_LEX=flex} ac_cv_prog_MKDEP=${ac_cv_prog_MKDEP=mkdep} ac_cv_prog_PATCH=${ac_cv_prog_PATCH=patch} ac_cv_prog_RANLIB=${ac_cv_prog_RANLIB=ranlib} +ac_cv_prog_TCLSH=${ac_cv_prog_TCLSH=tclsh} ac_cv_prog_YACC=${ac_cv_prog_YACC='bison -y'} ac_cv_prog_cc_cc_c_o=${ac_cv_prog_cc_cc_c_o=yes} ac_cv_prog_cc_cross=${ac_cv_prog_cc_cross=no} diff --git a/SecuritySNACCRuntime/config.h b/SecuritySNACCRuntime/config.h index 33b8a726..531ed594 100644 --- a/SecuritySNACCRuntime/config.h +++ b/SecuritySNACCRuntime/config.h @@ -1,21 +1,3 @@ -/* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - /* config.h. Generated automatically by configure. */ /* config.h.in. Generated automatically from configure.in by autoheader. */ @@ -61,42 +43,6 @@ /* * file: acconfig.h - * - * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/config.h,v 1.1.1.1 2001/05/18 23:14:04 mb Exp $ - * $Log: config.h,v $ - * Revision 1.1.1.1 2001/05/18 23:14:04 mb - * Move from private repository to open source repository - * - * Revision 1.5 2001/05/05 00:59:16 rmurphy - * Adding darwin license headers - * - * Revision 1.4 2000/12/21 23:56:19 dmitch - * Misc. updates for clean build on Cheetah 1D7. - * - * Revision 1.1.1.1 1999/03/16 18:05:47 aram - * Originals from SMIME Free Library. - * - * Revision 1.7 1997/03/03 11:58:26 wan - * Final pre-delivery stuff (I hope). - * - * Revision 1.6 1997/02/28 13:39:34 wan - * Modifications collected for new version 1.3: Bug fixes, tk4.2. - * - * Revision 1.5 1997/02/15 20:01:37 rj - * check whether the compiler supports volatile functions (and whether abort() is volatile). - * - * Revision 1.4 1995/02/20 11:16:57 rj - * cpp switch HAVE_VARIABLE_SIZED_AUTOMATIC_ARRAYS added. - * - * Revision 1.3 1995/02/13 14:46:49 rj - * settings for IEEE_REAL_FMT/IEEE_REAL_LIB moved from {c_lib,c++_lib}/inc/asn_config.h to acconfig.h. - * - * Revision 1.2 1994/10/08 04:38:56 rj - * slot for autoconf Tcl detection added. - * - * Revision 1.1 1994/09/01 00:51:19 rj - * first check-in (new file). - * */ /* diff --git a/SecuritySNACCRuntime/config.log b/SecuritySNACCRuntime/config.log index 10601e2c..25dc28b7 100644 --- a/SecuritySNACCRuntime/config.log +++ b/SecuritySNACCRuntime/config.log @@ -63,6 +63,10 @@ configure:2652: checking for memcpy configure:2652: checking for memcmp configure:2709: checking for X configure:3543: checking for tclsh +configure:3576: checking for tcl.h +configure:3603: checking for ldopen in -lld +configure:3643: checking for Tcl_CreateInterp in -ltcl +configure:3680: checking for Tk_CreateWindow in -ltk configure:3800: checking for latex configure:3835: checking for bibtex configure:3870: checking for dvips diff --git a/SecuritySNACCRuntime/config.status b/SecuritySNACCRuntime/config.status index 20be1ebd..c930c52f 100644 --- a/SecuritySNACCRuntime/config.status +++ b/SecuritySNACCRuntime/config.status @@ -2,7 +2,7 @@ # Generated automatically by configure. # Run this file to recreate the current configuration. # This directory was configured as follows, -# on host dougsx: +# on host localhost: # # ./configure # @@ -60,8 +60,7 @@ s%@infodir@%${prefix}/info%g s%@mandir@%${prefix}/man%g s%@SET_MAKE@%%g s%@CC@%cc%g -s%@MKDEP_CCINC@%-I/usr/local/include -I/usr/libexec/ppc/2.95.2 -/usr/libexec/ppc/include -F/System/Library/PrivateFrameworks%g +s%@MKDEP_CCINC@%-I/usr/local/include -I/usr/libexec/gcc/darwin/ppc/2.95.2/include -F/System/Library/PrivateFrameworks%g s%@CPP@%cc -E -traditional-cpp%g s%@CXX@%c++%g s%@SNACC_NOVOLAT@%%g @@ -81,7 +80,7 @@ s%@X_CFLAGS@%%g s%@X_PRE_LIBS@%%g s%@X_LIBS@%%g s%@X_EXTRA_LIBS@%%g -s%@TCLSH@%false%g +s%@TCLSH@%tclsh%g s%@TCLLIBS@%%g s%@TREELIBS@%%g s%@LATEX@%false%g diff --git a/SecuritySNACCRuntime/makehead b/SecuritySNACCRuntime/makehead index 017a79fe..fd0a9c6b 100644 --- a/SecuritySNACCRuntime/makehead +++ b/SecuritySNACCRuntime/makehead @@ -2,47 +2,6 @@ # (unless it is the file Generated automatically from makehead.in by configure.) # # INSERT_VDA_COMMENTS -# -# $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/makehead,v 1.1.1.1 2001/05/18 23:14:04 mb Exp $ -# $Log: makehead,v $ -# Revision 1.1.1.1 2001/05/18 23:14:04 mb -# Move from private repository to open source repository -# -# Revision 1.4 2000/06/15 18:50:16 dmitch -# Doc change only. -# -# Revision 1.1.1.1 1999/03/16 18:05:49 aram -# Originals from SMIME Free Library. -# -# Revision 1.7 1997/02/16 16:44:50 rj -# made return *this after calling abort()'' a compile time option. -# -# Revision 1.6 1995/09/07 18:38:39 rj -# PSBOOK and PSNUP added. (they get used in .../doc/makefile) -# -# manext and mandir split into two pairs, for sections 1 and n. -# -# Revision 1.5 1995/07/24 14:59:35 rj -# new macros added: -# libexecdir for architecture-specific stuff -# tcldir under libdir (architecture independent) -# TCLSH -# DEPENDENCIES for c*-lib's multiple dependencies via recursive make calls -# TREELIBS for tree-3.6 widget libs -# PATCH for c-lib to patch tbl.h -# TCL-P utility prog that returns whether the tcl interface should be made as exit code -# -# Revision 1.4 1995/02/18 11:53:46 rj -# added a small hack to find gcc's hidden include directory to pass it to makedepend. this shall enable X11's makedepend to find .h files a little more the way gcc does. -# -# Revision 1.3 1995/02/13 14:53:58 rj -# CFLAGS, CXXFLAGS and LDFLAGS moved from the various makefiles to here. -# -# Revision 1.2 1994/10/08 04:30:32 rj -# Tcl and X11 libs added -# -# Revision 1.1 1994/09/01 00:51:23 rj -# first check-in (new file). # srcdir = . @@ -65,11 +24,11 @@ SHELL = /bin/sh ECHO = echo -TCLSH = false +TCLSH = tclsh SNACC_NOVOLAT = MKDEP = mkdep -MKDEP_CCINC = -I/usr/local/include -I/usr/libexec/ppc/2.95.2/include +MKDEP_CCINC = -I/usr/local/include -I/usr/libexec/gcc/darwin/ppc/2.95.2/include -F/System/Library/PrivateFrameworks DEPENDENCIES = dependencies diff --git a/SecuritySNACCRuntime/snacc.pbproj/project.pbxproj b/SecuritySNACCRuntime/snacc.pbproj/project.pbxproj index 76fac8f3..1f5405d6 100644 --- a/SecuritySNACCRuntime/snacc.pbproj/project.pbxproj +++ b/SecuritySNACCRuntime/snacc.pbproj/project.pbxproj @@ -3,13 +3,14 @@ archiveVersion = 1; classes = { }; - objectVersion = 31; + objectVersion = 36; objects = { 00FA20B2FFD8762011CD2A97 = { buildRules = ( ); buildSettings = { COPY_PHASE_STRIP = NO; + OPTIMIZATION_CFLAGS = "-O0"; }; isa = PBXBuildStyle; name = Development; @@ -23,11 +24,31 @@ isa = PBXBuildStyle; name = Deployment; }; +//000 +//001 +//002 +//003 +//004 +//050 +//051 +//052 +//053 +//054 0509B1B6FF15460611CD283A = { isa = PBXFrameworkReference; path = SecuritySNACCRuntime.framework; refType = 3; }; +//050 +//051 +//052 +//053 +//054 +//150 +//151 +//152 +//153 +//154 15CACFCEFF6579E2D0A17CE7 = { isa = PBXFileReference; name = cdsaUtils.cpp; @@ -39,12 +60,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -61,30 +76,18 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); - }; - }; - 15CACFD2FF657BF5D0A17CE7 = { - isa = PBXFrameworkReference; - name = cdsa_utilities.framework; - path = /System/Library/PrivateFrameworks/cdsa_utilities.framework; - refType = 0; - }; - 15CACFD3FF657BF5D0A17CE7 = { - fileRef = 15CACFD2FF657BF5D0A17CE7; - isa = PBXBuildFile; - settings = { - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; +//150 +//151 +//152 +//153 +//154 +//3D0 +//3D1 +//3D2 +//3D3 +//3D4 3D3E9FE5FEF01C90D0A17CE7 = { buildStyles = ( 00FA20B2FFD8762011CD2A97, @@ -93,7 +96,7 @@ isa = PBXProject; mainGroup = 3D3E9FE6FEF01C90D0A17CE7; productRefGroup = 5D41A7C1FEF026FFD0A17CE7; - projectDirPath = .; + projectDirPath = ""; targets = ( 6B215E98FEF02818D0A17CE7, 5D41A7C3FEF026FFD0A17CE7, @@ -107,7 +110,7 @@ 6B215E9BFEF02ACDD0A17CE7, 6B215E9CFEF02ACDD0A17CE7, 15CACFCEFF6579E2D0A17CE7, - 15CACFD2FF657BF5D0A17CE7, + 9D176EDF02478EF100003D05, ); isa = PBXGroup; refType = 4; @@ -175,7 +178,6 @@ FRAMEWORK_SEARCH_PATHS = ""; HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\""; LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = ""; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; OTHER_REZFLAGS = ""; @@ -184,8 +186,6 @@ WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; }; buildToolPath = /usr/bin/make; - conditionalBuildSettings = { - }; dependencies = ( ); isa = PBXLegacyTarget; @@ -196,6 +196,16 @@ settingsToPassOnCommandLine = 280; shouldUseHeadermap = 0; }; +//3D0 +//3D1 +//3D2 +//3D3 +//3D4 +//5D0 +//5D1 +//5D2 +//5D3 +//5D4 5D41A792FEF026FFD0A17CE7 = { isa = PBXFileReference; name = "asn-any.cpp"; @@ -497,24 +507,21 @@ buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; DYLIB_CURRENT_VERSION = 1; - FRAMEWORK_SEARCH_PATHS = "\"$(SYMROOT)\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\""; + FRAMEWORK_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\""; FRAMEWORK_VERSION = A; HEADER_SEARCH_PATHS = ""; INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = ""; OTHER_CFLAGS = "-DVDADER_RULES"; - OTHER_LDFLAGS = "-lstdc++ -sectorder __TEXT __text $(APPLE_INTERNAL_DIR)/OrderFiles/SecuritySNACCRuntime.order"; + OTHER_LDFLAGS = "\"-lstdc++\""; OTHER_LIBTOOL_FLAGS = ""; OTHER_REZFLAGS = ""; PRINCIPAL_CLASS = ""; PRODUCT_NAME = SecuritySNACCRuntime; - SECTORDER_FLAGS = ""; + SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/SecuritySNACCRuntime.order\""; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; WRAPPER_EXTENSION = framework; }; - conditionalBuildSettings = { - }; dependencies = ( ); isa = PBXFrameworkTarget; @@ -587,7 +594,6 @@ 15CACFD1FF657A5BD0A17CE7, ); isa = PBXHeadersBuildPhase; - name = Headers; }; 5D41A7C5FEF026FFD0A17CE7 = { fileRef = 5D41A7A5FEF026FFD0A17CE7; @@ -596,11 +602,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7C6FEF026FFD0A17CE7 = { @@ -610,11 +611,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7C7FEF026FFD0A17CE7 = { @@ -624,11 +620,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7C8FEF026FFD0A17CE7 = { @@ -638,11 +629,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7C9FEF026FFD0A17CE7 = { @@ -652,11 +638,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7CAFEF026FFD0A17CE7 = { @@ -666,11 +647,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7CBFEF026FFD0A17CE7 = { @@ -680,11 +656,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7CCFEF026FFD0A17CE7 = { @@ -694,11 +665,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7CDFEF026FFD0A17CE7 = { @@ -708,11 +674,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7CEFEF026FFD0A17CE7 = { @@ -722,11 +683,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7CFFEF026FFD0A17CE7 = { @@ -736,11 +692,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D0FEF026FFD0A17CE7 = { @@ -750,11 +701,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D1FEF026FFD0A17CE7 = { @@ -764,11 +710,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D2FEF026FFD0A17CE7 = { @@ -778,11 +719,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D3FEF026FFD0A17CE7 = { @@ -792,11 +728,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D4FEF026FFD0A17CE7 = { @@ -806,11 +737,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D5FEF026FFD0A17CE7 = { @@ -820,11 +746,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D6FEF026FFD0A17CE7 = { @@ -834,11 +755,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D7FEF026FFD0A17CE7 = { @@ -848,11 +764,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D8FEF026FFD0A17CE7 = { @@ -862,11 +773,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7D9FEF026FFD0A17CE7 = { @@ -876,11 +782,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7DAFEF026FFD0A17CE7 = { @@ -890,11 +791,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7DBFEF026FFD0A17CE7 = { @@ -904,11 +800,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7DCFEF026FFD0A17CE7 = { @@ -918,11 +809,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7DDFEF026FFD0A17CE7 = { @@ -932,11 +818,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7DEFEF026FFD0A17CE7 = { @@ -946,11 +827,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7DFFEF026FFD0A17CE7 = { @@ -960,11 +836,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7E0FEF026FFD0A17CE7 = { @@ -974,11 +845,6 @@ ATTRIBUTES = ( Public, ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, - ); }; }; 5D41A7E1FEF026FFD0A17CE7 = { @@ -986,7 +852,6 @@ files = ( ); isa = PBXResourcesBuildPhase; - name = "Bundle Resources"; }; 5D41A7E2FEF026FFD0A17CE7 = { buildActionMask = 2147483647; @@ -1015,19 +880,12 @@ 15CACFCFFF6579E2D0A17CE7, ); isa = PBXSourcesBuildPhase; - name = Sources; }; 5D41A7E3FEF026FFD0A17CE7 = { fileRef = 5D41A792FEF026FFD0A17CE7; isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1036,12 +894,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1050,12 +902,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1064,12 +910,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1078,12 +918,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1092,12 +926,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1106,12 +934,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1120,12 +942,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1134,12 +950,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1148,12 +958,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1162,12 +966,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1176,12 +974,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1190,12 +982,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1204,12 +990,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1218,12 +998,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1232,12 +1006,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1246,12 +1014,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1260,12 +1022,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1274,30 +1030,32 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; 5D41A7F6FEF026FFD0A17CE7 = { buildActionMask = 2147483647; files = ( - 15CACFD3FF657BF5D0A17CE7, + 9D176FDC02478EF100003D05, ); isa = PBXFrameworksBuildPhase; - name = "Frameworks & Libraries"; }; 5D41A7F7FEF026FFD0A17CE7 = { buildActionMask = 2147483647; files = ( ); isa = PBXRezBuildPhase; - name = "ResourceManager Resources"; }; +//5D0 +//5D1 +//5D2 +//5D3 +//5D4 +//6B0 +//6B1 +//6B2 +//6B3 +//6B4 6B215E98FEF02818D0A17CE7 = { buildPhases = ( ); @@ -1305,7 +1063,6 @@ FRAMEWORK_SEARCH_PATHS = ""; HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\""; LIBRARY_SEARCH_PATHS = ""; - OPTIMIZATION_CFLAGS = ""; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; OTHER_REZFLAGS = ""; @@ -1313,8 +1070,6 @@ SECTORDER_FLAGS = ""; WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; }; - conditionalBuildSettings = { - }; dependencies = ( 6B215E9AFEF02818D0A17CE7, ); @@ -1344,12 +1099,6 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; @@ -1358,15 +1107,31 @@ isa = PBXBuildFile; settings = { ATTRIBUTES = ( - Debug, - ); - INCLUDED_OSS = ( - MACOS, - WINDOWS, - PDOUNIX, ); }; }; +//6B0 +//6B1 +//6B2 +//6B3 +//6B4 +//9D0 +//9D1 +//9D2 +//9D3 +//9D4 + 9D176EDF02478EF100003D05 = { + isa = PBXFrameworkReference; + name = Security.framework; + path = /System/Library/Frameworks/Security.framework; + refType = 0; + }; + 9D176FDC02478EF100003D05 = { + fileRef = 9D176EDF02478EF100003D05; + isa = PBXBuildFile; + settings = { + }; + }; }; rootObject = 3D3E9FE5FEF01C90D0A17CE7; } diff --git a/SecuritySNACCRuntime/stamp-h b/SecuritySNACCRuntime/stamp-h index 371c8388..3cd61a14 100644 --- a/SecuritySNACCRuntime/stamp-h +++ b/SecuritySNACCRuntime/stamp-h @@ -1 +1 @@ -Thu Dec 21 15:42:05 PST 2000 +Tue Mar 19 10:27:31 PST 2002 diff --git a/SecurityServer/Authorization/Authorization.cpp b/SecurityServer/Authorization/Authorization.cpp index d20612c4..2b518cf7 100644 --- a/SecurityServer/Authorization/Authorization.cpp +++ b/SecurityServer/Authorization/Authorization.cpp @@ -175,22 +175,19 @@ OSStatus SessionCreate(SessionCreationFlags flags, SessionAttributeBits attributes) { BEGIN_API - - // just to be on the safe side, drop any cached connection to the SecurityServer - server.reset(); // unless the (expert) caller has already done so, create a sub-bootstrap and set it // note that this is inherently thread-unfriendly; we can't do anything about that // (caller's responsibility) Bootstrap bootstrap; if (!(flags & sessionKeepCurrentBootstrap)) { - TaskPort self; - bootstrap = bootstrap.subset(self); - self.bootstrap(bootstrap); + TaskPort self; + bootstrap = bootstrap.subset(TaskPort()); + self.bootstrap(bootstrap); } // now call the SecurityServer and tell it to initialize the (new) session server().setupSession(flags, attributes); - + END_API(CSSM) } diff --git a/SecurityServer/Authorization/Authorization.h b/SecurityServer/Authorization/Authorization.h index c8e23abc..58c49014 100644 --- a/SecurityServer/Authorization/Authorization.h +++ b/SecurityServer/Authorization/Authorization.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -17,15 +17,12 @@ /* - * Authorization.h - * Authorization -- APIs for implementing access control in applications and daemons. - * - * Copyright (C) 2000, 2001 by Apple Computer, Inc., all rights reserved - * + * Authorization.h -- APIs for implementing access control in applications + * and daemons. */ -#if !defined(__Authorization__) -#define __Authorization__ 1 +#ifndef _SECURITY_AUTHORIZATION_H_ +#define _SECURITY_AUTHORIZATION_H_ #include #include @@ -45,7 +42,7 @@ extern "C" { If any of the operations that the preference panel wishes to perform are currently not allowed the lock icon in the window would show up in the locked state. Otherwise it would show up unlocked. - When the user locks the lock AuthorizationFree() is called with the kAuthorizationFreeFlagDestroy to destroy any authorization rights that have been aquired. + When the user locks the lock AuthorizationFree() is called with the kAuthorizationFlagDestroyRights to destroy any authorization rights that have been aquired. When the user unlocks the lock AuthorizationCreate() is called with the kAuthorizationFlagInteractionAllowed and kAuthorizationFlagExtendRights flags to obtain all required rights. The old authorization object can be freed by calling AuthorizationFree() with no flags. @@ -238,7 +235,7 @@ OSStatus AuthorizationCreate(const AuthorizationRights *rights, /*! @function AuthorizationFree - Destroy an AutorizationRef object. If the kAuthorizationFreeFlagDestroy flag is passed, + Destroy an AutorizationRef object. If the kAuthorizationFlagDestroyRights flag is passed, any rights associated with the authorization are lost. Otherwise, only local resources are released, and the rights may still be available to other clients. @@ -328,7 +325,13 @@ OSStatus AuthorizationCopyInfo(AuthorizationRef authorization, @param authorization The (valid) authorization reference to externalize @param extForm Pointer to an AuthorizationExternalForm variable to fill. - @result TBD + @result errAuthorizationSuccess 0 No error. + + errAuthorizationExternalizeNotAllowed -60009 Externalizing this authorization is not allowed. + + errAuthorizationInvalidRef -60002 The authorization parameter is invalid. + + */ OSStatus AuthorizationMakeExternalForm(AuthorizationRef authorization, AuthorizationExternalForm *extForm); @@ -345,7 +348,7 @@ OSStatus AuthorizationMakeExternalForm(AuthorizationRef authorization, @param extForm Pointer to an AuthorizationExternalForm value. @param authorization Will be filled with a valid AuthorizationRef on success. - @result TBD + @result errAuthorizationInternalizeNotAllowed -60010 Internalizing this authorization is not allowed. */ OSStatus AuthorizationCreateFromExternalForm(const AuthorizationExternalForm *extForm, AuthorizationRef *authorization); @@ -405,4 +408,4 @@ OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization, } #endif -#endif /* ! __Authorization__ */ +#endif /* !_SECURITY_AUTHORIZATION_H_ */ diff --git a/SecurityServer/Authorization/AuthorizationData.cpp b/SecurityServer/Authorization/AuthorizationData.cpp new file mode 100644 index 00000000..50ff00f7 --- /dev/null +++ b/SecurityServer/Authorization/AuthorizationData.cpp @@ -0,0 +1,211 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * AuthorizationData.cpp + * Authorization + * + * Created by Michael Brouwer on Thu Oct 12 2000. + * Copyright (c) 2000 Apple Computer Inc. All rights reserved. + * + */ + +#include "AuthorizationData.h" + + +namespace Authorization { + + +// +// Right class +// +Right & +Right::overlay(AuthorizationItem &item) +{ + return static_cast(item); +} + +Right * +Right::overlay(AuthorizationItem *item) +{ + return static_cast(item); +} + +Right::Right() +{ + name = ""; + valueLength = 0; + value = NULL; + flags = 0; +} + +Right::Right(AuthorizationString inName, size_t inValueLength, const void *inValue) +{ + name = inName; + valueLength = inValueLength; + value = const_cast(inValue); +} + +Right::~Right() +{ +} + +bool +Right::operator < (const Right &other) const +{ + return strcmp(name, other.name) < 0; +} + + +// +// RightSet class +// +const AuthorizationRights RightSet::gEmptyRights = { 0, NULL }; + +RightSet::RightSet(const AuthorizationRights *rights) : +mRights(const_cast(rights ? rights : &gEmptyRights)) +{ +} + +RightSet::RightSet(const RightSet &other) +{ + mRights = other.mRights; +} + +RightSet::~RightSet() +{ +} + +RightSet::const_reference +RightSet::back() const +{ + // @@@ Should this if empty::throwMe()? + return static_cast(mRights->items[size() - 1]); +} + + +// +// MutableRightSet class +// +MutableRightSet::MutableRightSet(size_t count, const Right &element) : +mCapacity(count) +{ + mRights = new AuthorizationRights(); + mRights->items = reinterpret_cast(malloc(sizeof(Right) * mCapacity)); + if (!mRights->items) + { + delete mRights; + throw std::bad_alloc(); + } + + mRights->count = count; + for (size_type ix = 0; ix < count; ++ix) + mRights->items[ix] = element; +} + +MutableRightSet::MutableRightSet(const RightSet &other) +{ + size_type count = other.size(); + mCapacity = count; + mRights = new AuthorizationRights(); + + mRights->items = reinterpret_cast(malloc(sizeof(Right) * mCapacity)); + if (!mRights->items) + { + delete mRights; + throw std::bad_alloc(); + } + + mRights->count = count; + for (size_type ix = 0; ix < count; ++ix) + mRights->items[ix] = other.mRights->items[ix]; +} + +MutableRightSet::~MutableRightSet() +{ + free(mRights->items); + delete mRights; +} + +MutableRightSet & +MutableRightSet::operator = (const RightSet &other) +{ + size_type count = other.size(); + if (capacity() < count) + grow(count); + + mRights->count = count; + for (size_type ix = 0; ix < count; ++ix) + mRights->items[ix] = other.mRights->items[ix]; + + return *this; +} + +void +MutableRightSet::swap(MutableRightSet &other) +{ + AuthorizationRights *rights = mRights; + size_t capacity = mCapacity; + mRights = other.mRights; + mCapacity = other.mCapacity; + other.mRights = rights; + other.mCapacity = capacity; +} + +MutableRightSet::reference +MutableRightSet::back() +{ + // @@@ Should this if empty::throwMe()? + return static_cast(mRights->items[size() - 1]); +} + +void +MutableRightSet::push_back(const_reference right) +{ + if (size() >= capacity()) + grow(capacity() + 1); + + mRights->items[mRights->count] = right; + mRights->count++; +} + +void +MutableRightSet::pop_back() +{ + // @@@ Should this if empty::throwMe()? + if (!empty()) + mRights->count--; +} + +void +MutableRightSet::grow(size_type min_capacity) +{ + size_type newCapacity = mCapacity * mCapacity; + if (newCapacity < min_capacity) + newCapacity = min_capacity; + + void *newItems = realloc(mRights->items, sizeof(*mRights->items) * newCapacity); + if (!newItems) + throw std::bad_alloc(); + + mRights->items = reinterpret_cast(newItems); + mCapacity = newCapacity; +} + + +} // end namespace Authorization diff --git a/SecurityServer/Authorization/AuthorizationData.h b/SecurityServer/Authorization/AuthorizationData.h new file mode 100644 index 00000000..9753fc34 --- /dev/null +++ b/SecurityServer/Authorization/AuthorizationData.h @@ -0,0 +1,155 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * AuthorizationData.h + * Authorization + * + * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved + * + */ + +#ifndef _H_AUTHORIZATIONDATA +#define _H_AUTHORIZATIONDATA 1 + +#include +#include + +// ptrdiff_t needed, so including STL type closest +#include + +namespace Authorization +{ + + +class MutableRightSet; +class RightSet; + +class Right : protected AuthorizationItem +{ + friend class MutableRightSet; + friend class RightSet; +public: + static Right &overlay(AuthorizationItem &item); + static Right *overlay(AuthorizationItem *item); + Right(); + Right(AuthorizationString name, size_t valueLength, const void *value); + ~Right(); + + bool operator < (const Right &other) const; + AuthorizationString rightName() const { return name; } + size_t argumentLength() const { return valueLength; } + const void *argument() const { return value; } +}; + + +/* A RightSet is a Container and a Back Insertion Sequence, but it is not a Sequence. Also it only + implements the const members of Container and Back Insertion Sequence. */ +class RightSet +{ + friend class MutableRightSet; +public: + // Container required memebers + typedef Right value_type; + typedef const Right &const_reference; + typedef const Right *const_pointer; + typedef const_pointer const_iterator; + typedef ptrdiff_t difference_type; + typedef size_t size_type; + + RightSet(const AuthorizationRights *rights = NULL); + RightSet(const RightSet &other); + ~RightSet(); + + size_type size() const { return mRights->count; } + size_type max_size() const { return INT_MAX; } + const_iterator begin() const { return static_cast(mRights->items); } + const_iterator end() const { return static_cast(&mRights->items[mRights->count]); } + bool empty() const { return size() == 0; } + + // Back Insertion Sequence required memebers + const_reference back() const; + + // Other convenience members + operator const AuthorizationRights *() const { return mRights; } +private: + RightSet &operator = (const RightSet &other); + +protected: + static const AuthorizationRights gEmptyRights; + AuthorizationRights *mRights; +}; + + +/* A MutableRightSet is a Container and a Back Insertion Sequence, but it is not a Sequence. */ +class MutableRightSet : public RightSet +{ +public: + // Container required memebers + typedef Right &reference; + typedef Right *pointer; + typedef pointer iterator; + + MutableRightSet(size_t count = 0, const Right &element = Right()); + MutableRightSet(const RightSet &other); + ~MutableRightSet(); + + MutableRightSet &operator = (const RightSet &other); + + iterator begin() { return static_cast(mRights->items); } + iterator end() { return static_cast(&mRights->items[mRights->count]); } + void swap(MutableRightSet &other); + + // Back Insertion Sequence required memebers + reference back(); + void push_back(const_reference right); + void pop_back(); + + // Other convenience members + size_type capacity() const { return mCapacity; } +private: + void grow(size_type min_capacity); + + size_type mCapacity; +}; + +typedef RightSet AuthItemSet; +typedef MutableRightSet MutableAuthItemSet; + +class FindAuthItemByRightName +{ +public: + FindAuthItemByRightName(const char *find_name) : name(find_name) { } + + bool operator()( const Right& right ) + { + return (!strcmp(name, right.rightName())); + } + bool operator()( const AuthorizationItem* item ) + { + return (!strcmp(name, item->name)); + } + +private: + const char *name; +}; + + +}; // namespace Authorization + +#endif /* ! _H_AUTHORIZATIONDATA */ diff --git a/SecurityServer/Authorization/AuthorizationEngine.cpp b/SecurityServer/Authorization/AuthorizationEngine.cpp index ad158fff..947a38a7 100644 --- a/SecurityServer/Authorization/AuthorizationEngine.cpp +++ b/SecurityServer/Authorization/AuthorizationEngine.cpp @@ -24,15 +24,17 @@ * Copyright (c) 2000 Apple Computer Inc. All rights reserved. * */ - #include "AuthorizationEngine.h" +#include #include "server.h" #include "authority.h" #include #include +#include #include +#include "session.h" #include #include @@ -44,17 +46,16 @@ #include #include #include +#include -// for longname lookup -#include -// private header (lu_utils.h from lookup project) -extern "C" { -int lookupd_query(ni_proplist *l, ni_proplist ***out); -ni_proplist *lookupd_make_query(char *cat, char *fmt, ...); -int _lu_running(void); +// checkpw() that uses provided struct passwd +extern "C" +{ +int checkpw_internal( const char* userName, const char* password, const struct passwd *pw ); } -using namespace Authorization; +namespace Authorization { + // // Errors to be thrown @@ -63,13 +64,13 @@ Error::Error(int err) : error(err) { } -const char *Error::what() const +const char *Error::what() const throw() { return "Authorization error"; } -CSSM_RETURN Error::cssmError() const +CSSM_RETURN Error::cssmError() const throw() { return error; } // @@@ eventually... -OSStatus Error::osStatus() const +OSStatus Error::osStatus() const throw() { return error; } void Error::throwMe(int err) { throw Error(err); } @@ -93,60 +94,34 @@ mShared(shared), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false) const char *user = username.c_str(); struct passwd *pw = getpwnam(user); - do - { - if ( !pw && _lu_running() ) { - // try lookup query to find passed username as a long name (realname in NI-speak) - ni_proplist **out = NULL; - // query "user" records. "k" specifies position of keys in varargs - ni_proplist *in = lookupd_make_query("user", "kv", "realname", user); - if (!in) break; - - int results = lookupd_query(in, &out); - ni_proplist_free(in); - if (!out) break; - - // Find the first, if any, name value in returned records, getpwnam, and dispose of them - for (int i=0; ini_proplist_len; j++) { - if ( !strcmp(nipl->ni_proplist_val[j].nip_name, "name") && - (nipl->ni_proplist_val[j].nip_val.ni_namelist_len > 0) ) - pw = getpwnam( *(nipl->ni_proplist_val[j].nip_val.ni_namelist_val) ); - } - ni_proplist_free(nipl); - } - free(out); - } + do { - if (!pw) - { - debug("autheval", "user %s not found, creating invalid credential", user); - break; - } + if (!pw) + { + debug("autheval", "user %s not found, creating invalid credential", user); + break; + } - if (pw->pw_passwd != NULL && pw->pw_passwd[0]) - { - const char *passwd = password.c_str(); - if (strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd)) - { - debug("autheval", "password for user %s is invalid, creating invalid credential", user); + const char *passwd = password.c_str(); + int checkpw_status = checkpw_internal(user, passwd, pw); + + if (checkpw_status != CHECKPW_SUCCESS) + { + debug("autheval", "checkpw() for user %s failed with error %d, creating invalid credential", user, checkpw_status); break; - } - } + } - debug("autheval", "password for user %s is ok, creating%s credential", + debug("autheval", "checkpw() for user %s succeeded, creating%s credential", user, mShared ? " shared" : ""); mUsername = string ( pw->pw_name ); mUid = pw->pw_uid; mGid = pw->pw_gid; mValid = true; - } + + endpwent(); + } while (0); - - if (pw) - endpwent(); } @@ -247,183 +222,6 @@ Credential::operator < (const Credential &other) const } -// -// Right class -// -Right & -Right::overlay(AuthorizationItem &item) -{ - return static_cast(item); -} - -Right * -Right::overlay(AuthorizationItem *item) -{ - return static_cast(item); -} - -Right::Right() -{ - name = ""; - valueLength = 0; - value = NULL; - flags = 0; -} - -Right::Right(AuthorizationString inName, size_t inValueLength, const void *inValue) -{ - name = inName; - valueLength = inValueLength; - value = const_cast(inValue); -} - -Right::~Right() -{ -} - -bool -Right::operator < (const Right &other) const -{ - return strcmp(name, other.name) < 0; -} - - -// -// RightSet class -// -const AuthorizationRights RightSet::gEmptyRights = { 0, NULL }; - -RightSet::RightSet(const AuthorizationRights *rights) : -mRights(const_cast(rights ? rights : &gEmptyRights)) -{ -} - -RightSet::RightSet(const RightSet &other) -{ - mRights = other.mRights; -} - -RightSet::~RightSet() -{ -} - -RightSet::const_reference -RightSet::back() const -{ - // @@@ Should this if empty::throwMe()? - return static_cast(mRights->items[size() - 1]); -} - - -// -// MutableRightSet class -// -MutableRightSet::MutableRightSet(size_t count, const Right &element) : -mCapacity(count) -{ - mRights = new AuthorizationRights(); - mRights->items = reinterpret_cast(malloc(sizeof(Right) * mCapacity)); - if (!mRights->items) - { - delete mRights; - throw std::bad_alloc(); - } - - mRights->count = count; - for (size_type ix = 0; ix < count; ++ix) - mRights->items[ix] = element; -} - -MutableRightSet::MutableRightSet(const RightSet &other) -{ - size_type count = other.size(); - mCapacity = count; - mRights = new AuthorizationRights(); - - mRights->items = reinterpret_cast(malloc(sizeof(Right) * mCapacity)); - if (!mRights->items) - { - delete mRights; - throw std::bad_alloc(); - } - - mRights->count = count; - for (size_type ix = 0; ix < count; ++ix) - mRights->items[ix] = other.mRights->items[ix]; -} - -MutableRightSet::~MutableRightSet() -{ - free(mRights->items); - delete mRights; -} - -MutableRightSet & -MutableRightSet::operator = (const RightSet &other) -{ - size_type count = other.size(); - if (capacity() < count) - grow(count); - - mRights->count = count; - for (size_type ix = 0; ix < count; ++ix) - mRights->items[ix] = other.mRights->items[ix]; - - return *this; -} - -void -MutableRightSet::swap(MutableRightSet &other) -{ - AuthorizationRights *rights = mRights; - size_t capacity = mCapacity; - mRights = other.mRights; - mCapacity = other.mCapacity; - other.mRights = rights; - other.mCapacity = capacity; -} - -MutableRightSet::reference -MutableRightSet::back() -{ - // @@@ Should this if empty::throwMe()? - return static_cast(mRights->items[size() - 1]); -} - -void -MutableRightSet::push_back(const_reference right) -{ - if (size() >= capacity()) - grow(capacity() + 1); - - mRights->items[mRights->count] = right; - mRights->count++; -} - -void -MutableRightSet::pop_back() -{ - // @@@ Should this if empty::throwMe()? - if (!empty()) - mRights->count--; -} - -void -MutableRightSet::grow(size_type min_capacity) -{ - size_type newCapacity = mCapacity * mCapacity; - if (newCapacity < min_capacity) - newCapacity = min_capacity; - - void *newItems = realloc(mRights->items, sizeof(*mRights->items) * newCapacity); - if (!newItems) - throw std::bad_alloc(); - - mRights->items = reinterpret_cast(newItems); - mCapacity = newCapacity; -} - - // // Rule class // @@ -433,6 +231,7 @@ CFStringRef Rule::kSharedID = CFSTR("shared"); CFStringRef Rule::kAllowRootID = CFSTR("allow-root"); CFStringRef Rule::kDenyID = CFSTR("deny"); CFStringRef Rule::kAllowID = CFSTR("allow"); +CFStringRef Rule::kEvalMechID = CFSTR("eval"); Rule::Rule() : @@ -462,54 +261,86 @@ Rule::Rule(CFTypeRef cfRule) } else if (CFGetTypeID(cfRule) == CFDictionaryGetTypeID()) { - mType = kUserInGroup; CFDictionaryRef dict = reinterpret_cast(cfRule); CFTypeRef groupTag = CFDictionaryGetValue(dict, kUserInGroupID); - if (!groupTag || CFGetTypeID(groupTag) != CFStringGetTypeID()) - Error::throwMe(); - CFStringRef group = reinterpret_cast(groupTag); - char buffer[512]; - const char *ptr = CFStringGetCStringPtr(group, kCFStringEncodingUTF8); - if (ptr == NULL) - { - if (CFStringGetCString(group, buffer, 512, kCFStringEncodingUTF8)) - ptr = buffer; - else - Error::throwMe(); - } - - mGroupName = string(ptr); - - mMaxCredentialAge = DBL_MAX; - CFTypeRef timeoutTag = CFDictionaryGetValue(dict, kTimeoutID); - if (timeoutTag) - { - if (CFGetTypeID(timeoutTag) != CFNumberGetTypeID()) - Error::throwMe(); - CFNumberGetValue(reinterpret_cast(timeoutTag), kCFNumberDoubleType, &mMaxCredentialAge); - } - - CFTypeRef sharedTag = CFDictionaryGetValue(dict, kSharedID); - mShared = false; - if (sharedTag) - { - if (CFGetTypeID(sharedTag) != CFBooleanGetTypeID()) - Error::throwMe(); - mShared = CFBooleanGetValue(reinterpret_cast(sharedTag)); - } + // Probably a user in group rule + if (groupTag) + { + if (CFGetTypeID(groupTag) != CFStringGetTypeID()) + Error::throwMe(); + + mType = kUserInGroup; + + CFStringRef group = reinterpret_cast(groupTag); + char buffer[512]; + const char *ptr = CFStringGetCStringPtr(group, kCFStringEncodingUTF8); + if (ptr == NULL) + { + if (CFStringGetCString(group, buffer, 512, kCFStringEncodingUTF8)) + ptr = buffer; + else + Error::throwMe(); + } + + mGroupName = string(ptr); + + mMaxCredentialAge = DBL_MAX; + CFTypeRef timeoutTag = CFDictionaryGetValue(dict, kTimeoutID); + if (timeoutTag) + { + if (CFGetTypeID(timeoutTag) != CFNumberGetTypeID()) + Error::throwMe(); + CFNumberGetValue(reinterpret_cast(timeoutTag), kCFNumberDoubleType, &mMaxCredentialAge); + } + + CFTypeRef sharedTag = CFDictionaryGetValue(dict, kSharedID); + mShared = false; + if (sharedTag) + { + if (CFGetTypeID(sharedTag) != CFBooleanGetTypeID()) + Error::throwMe(); + mShared = CFBooleanGetValue(reinterpret_cast(sharedTag)); + } + + CFTypeRef allowRootTag = CFDictionaryGetValue(dict, kAllowRootID); + mAllowRoot = false; + if (allowRootTag) + { + if (CFGetTypeID(allowRootTag) != CFBooleanGetTypeID()) + Error::throwMe(); + mAllowRoot = CFBooleanGetValue(reinterpret_cast(allowRootTag)); + } + debug("authrule", "rule user in group \"%s\" timeout %g%s%s", + mGroupName.c_str(), mMaxCredentialAge, mShared ? " shared" : "", + mAllowRoot ? " allow-root" : ""); + } + else + { + CFTypeRef mechTag = CFDictionaryGetValue(dict, kEvalMechID); + if (mechTag) + { + if (CFGetTypeID(mechTag) != CFStringGetTypeID()) + Error::throwMe(); + + mType = kEvalMech; + + CFStringRef eval = reinterpret_cast(mechTag); + char buffer[512]; + const char *ptr = CFStringGetCStringPtr(eval, kCFStringEncodingUTF8); + if (ptr == NULL) + { + if (CFStringGetCString(eval, buffer, 512, kCFStringEncodingUTF8)) + ptr = buffer; + else + Error::throwMe(); + } + mEvalDef = string(ptr); + } + else + Error::throwMe(); + } - CFTypeRef allowRootTag = CFDictionaryGetValue(dict, kAllowRootID); - mAllowRoot = false; - if (allowRootTag) - { - if (CFGetTypeID(allowRootTag) != CFBooleanGetTypeID()) - Error::throwMe(); - mAllowRoot = CFBooleanGetValue(reinterpret_cast(allowRootTag)); - } - debug("authrule", "rule user in group \"%s\" timeout %g%s%s", - mGroupName.c_str(), mMaxCredentialAge, mShared ? " shared" : "", - mAllowRoot ? " allow-root" : ""); } } @@ -518,7 +349,8 @@ mType(other.mType), mGroupName(other.mGroupName), mMaxCredentialAge(other.mMaxCredentialAge), mShared(other.mShared), -mAllowRoot(other.mAllowRoot) +mAllowRoot(other.mAllowRoot), +mEvalDef(other.mEvalDef) { } @@ -530,6 +362,7 @@ Rule::operator = (const Rule &other) mMaxCredentialAge = other.mMaxCredentialAge; mShared = other.mShared; mAllowRoot = other.mAllowRoot; + mEvalDef = other.mEvalDef; return *this; } @@ -537,11 +370,279 @@ Rule::~Rule() { } + +OSStatus +Rule::evaluateMechanism(const AuthorizationEnvironment *environment, AuthorizationToken &auth, CredentialSet &outCredentials) +{ + assert(mType == kEvalMech); + + if (mEvalDef.length() == 0) // no definition + return kAuthorizationResultAllow; + + // mechanisms are split by commas + vector mechanismNames; + { + string::size_type cursor = 0, comma = 0; + string token = ""; + + while (cursor < mEvalDef.length()) + { + comma = mEvalDef.find(',', cursor); + if (comma == string::npos) + comma = mEvalDef.length(); + + token = mEvalDef.substr(cursor, comma - cursor); + + // skip empty tokens + if (token.length() > 0) + mechanismNames.push_back(token); + + cursor = comma + 1; + } + } + + // @@@ configuration does not support arguments + const AuthorizationValueVector arguments = { 0, NULL }; + MutableAuthItemSet *context = NULL; + AuthItemSet *hints = NULL; + AuthorizationItemSet *outHints = NULL, *outContext = NULL; + bool userInteraction = true; + + CssmAllocator& alloc = CssmAllocator::standard(); + + AuthorizationResult result = kAuthorizationResultAllow; + vector::iterator currentMechanism = mechanismNames.begin(); + + while ( (result == kAuthorizationResultAllow) && + (currentMechanism != mechanismNames.end()) ) // iterate mechanisms + { + AuthorizationItemSet *inHints, *inContext; + + // release after invocation, ignored for first pass + if (outContext) + { + inContext = outContext; + debug("SSevalMech", "set up context %p as input", inContext); + delete context; + context = new MutableAuthItemSet(inContext); + } + else + { + inContext = &auth.infoSet(); // returns deep copy + debug("SSevalMech", "set up stored context %p as input", inContext); + delete context; + context = new MutableAuthItemSet(inContext); + } + + if (outHints) + { + inHints = outHints; + debug("SSevalMech", "set up hints %p as input", inHints); + delete hints; + hints = new AuthItemSet(outHints); + } + else + { + inHints = NULL; + debug("SSevalMech", "set up environment hints %p as input", environment); + delete hints; + hints = new AuthItemSet(environment); + } + + string::size_type extPlugin = currentMechanism->find(':'); + if (extPlugin != string::npos) + { + // no whitespace removal + string pluginIn(currentMechanism->substr(0, extPlugin)); + string mechanismIn(currentMechanism->substr(extPlugin + 1)); + debug("SSevalMech", "external mech %s:%s", pluginIn.c_str(), mechanismIn.c_str()); + + bool mechExecOk = false; // successfully ran a mechanism + + try + { + Process &cltProc = Server::active().connection().process; + // Authorization preserves creator's UID in setuid processes + uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid(); + debug("SSevalMech", "Mechanism invocation by process %d (UID %d)", cltProc.pid(), cltUid); + QueryInvokeMechanism client(cltUid, auth); + + mechExecOk = client(pluginIn, mechanismIn, &arguments, *hints, *context, &result, outHints, outContext); + debug("SSevalMech", "new context %p, new hints %p", outContext, outHints); + } + catch (...) { + debug("SSevalMech", "exception from mech eval or client death"); + // various server problems, but only if it really failed + if (mechExecOk != true) + result = kAuthorizationResultUndefined; + } + + debug("SSevalMech", "evaluate(plugin: %s, mechanism: %s) %s, result: %lu.", pluginIn.c_str(), mechanismIn.c_str(), (mechExecOk == true) ? "succeeded" : "failed", result); + debug("SSevalMech", "mech eval okay"); + + // Things worked and there is new context, so get rid of old + if (mechExecOk) + { + if (inContext) + { + debug("SSevalMech", "release input context %p", inContext); + alloc.free(inContext); + } + if (inHints) + { + debug("SSevalMech", "release input hints %p", inHints); + alloc.free(inHints); + } + } + else + { + // reset previous context and hints + debug("SSevalMech", "resetting previous input context %p and hints %p", inContext, inHints); + outContext = inContext; + outHints = inHints; + } + } + else + { + // internal mechanisms - no glue + if (*currentMechanism == "authinternal") + { + debug("SSevalMech", "evaluate authinternal"); + result = kAuthorizationResultDeny; + do { + MutableAuthItemSet::iterator found = find_if(context->begin(), context->end(), FindAuthItemByRightName(kAuthorizationEnvironmentUsername) ); + if (found == context->end()) + break; + string username(static_cast(found->argument()), found->argumentLength()); + debug("SSevalMech", "found username"); + found = find_if(context->begin(), context->end(), FindAuthItemByRightName(kAuthorizationEnvironmentPassword) ); + if (found == context->end()) + break; + string password(static_cast(found->argument()), found->argumentLength()); + debug("SSevalMech", "found password"); + Credential newCredential(username, password, true); // create a new shared credential + if (newCredential->isValid()) + { + outCredentials.clear(); // only keep last one + debug("SSevalMech", "inserting new credential"); + outCredentials.insert(newCredential); + result = kAuthorizationResultAllow; + } else + result = kAuthorizationResultDeny; + } while (0); + } + else + if (*currentMechanism == "push_hints_to_context") + { + debug("SSevalMech", "evaluate push_hints_to_context"); + userInteraction = false; // we can't talk to the user + result = kAuthorizationResultAllow; // snarfcredential doesn't block evaluation, ever, it may restart + // clean up current context + if (inContext) + { + debug("SSevalMech", "release input context %p", inContext); + alloc.free(inContext); + } + // create out context from input hints, no merge + // @@@ global copy template not being invoked... + outContext = Copier(*hints).keep(); + } + else + if (*currentMechanism == "switch_to_user") + { + try { + Process &cltProc = Server::active().connection().process; + // Authorization preserves creator's UID in setuid processes + uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid(); + debug("SSevalMech", "terminating agent at request of process %d (UID %d)\n", cltProc.pid(), cltUid); + QueryTerminateAgent client(cltUid, auth); + client(); + } catch (...) { + // Not our agent + } + result = kAuthorizationResultAllow; + } + + + + } + + + // we own outHints and outContext + switch(result) + { + case kAuthorizationResultAllow: + debug("SSevalMech", "result allow"); + currentMechanism++; + break; + case kAuthorizationResultDeny: + debug("SSevalMech", "result deny"); + if (inContext) + { + debug("SSevalMech", "abort eval, release input context %p", inContext); + alloc.free(inContext); + } + if (inHints) + { + debug("SSevalMech", "abort eval, release input hints %p", inHints); + alloc.free(inHints); + } + outContext = outHints = NULL; // making sure things get reset + if (userInteraction) + { + currentMechanism = mechanismNames.begin(); + result = kAuthorizationResultAllow; // stay in loop + } + break; + case kAuthorizationResultUndefined: + debug("SSevalMech", "result undefined"); + break; // abort evaluation + case kAuthorizationResultUserCanceled: + debug("SSevalMech", "result canceled"); + break; // stop evaluation, return some sideband + default: + break; // abort evaluation + } + } + + // End of evaluation, if last step produced meaningful data, incorporate + if ((result == kAuthorizationResultAllow) || + (result == kAuthorizationResultUserCanceled)) // @@@ can only pass back sideband through context + { + debug("SSevalMech", "make new context %p available", outContext); + auth.setInfoSet(*outContext); + outContext = NULL; + } + + // clean up last outContext and outHints, if any + if (outContext) + { + debug("SSevalMech", "release output context %p", outContext); + alloc.free(outContext); + } + if (outHints) + { + debug("SSevalMech", "release output hints %p", outHints); + alloc.free(outHints); + } + + // deny on user cancel + switch(result) + { + case kAuthorizationResultUndefined: + return errAuthorizationDenied; + case kAuthorizationResultDeny: + return errAuthorizationDenied; + default: + return errAuthorizationSuccess; // @@@ cancel should return cancelled + } +} + OSStatus Rule::evaluate(const Right &inRight, const AuthorizationEnvironment *environment, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, - const AuthorizationToken &auth) + AuthorizationToken &auth) { switch (mType) { @@ -554,7 +655,10 @@ Rule::evaluate(const Right &inRight, case kUserInGroup: debug("autheval", "rule is user in group"); break; - default: + case kEvalMech: + debug("autheval", "rule evalutes mechanisms"); + return evaluateMechanism(environment, auth, credentials); + default: Error::throwMe(); } @@ -575,7 +679,11 @@ Rule::evaluate(const Right &inRight, { OSStatus status = evaluate(inRight, environment, now, *it, true); if (status != errAuthorizationDenied) + { + // add credential to authinfo + auth.setCredentialInfo(*it); return status; + } } // Second -- go though the credentials passed in to this authorize operation by the state management layer. @@ -589,6 +697,9 @@ Rule::evaluate(const Right &inRight, // Add the credential we used to the output set. // @@@ Deal with potential credential merges. credentials.insert(*it); + // add credential to authinfo + auth.setCredentialInfo(*it); + return status; } else if (status != errAuthorizationDenied) @@ -604,14 +715,15 @@ Rule::evaluate(const Right &inRight, if (!(flags & kAuthorizationFlagInteractionAllowed)) return errAuthorizationInteractionNotAllowed; - QueryAuthorizeByGroup query; + Process &cltProc = Server::active().connection().process; + // Authorization preserves creator's UID in setuid processes + uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid(); + IFDEBUG(debug("autheval", "Auth query from process %d (UID %d)", cltProc.pid(), cltUid)); + QueryAuthorizeByGroup query(cltUid, auth); string usernamehint; - // @@@ This should really be the loginname of the proccess that originally created the AuthorizationRef. - // For now we get the pw_name of the user with the uid of the calling process. - uid_t uid = query.uid(); - if (uid) - { + // username hint is taken from the user who created the authorization, unless it's clearly ineligible + if (uid_t uid = auth.creatorUid()) { struct passwd *pw = getpwuid(uid); if (pw != NULL) { @@ -621,14 +733,17 @@ Rule::evaluate(const Right &inRight, // Check if username will authorize the request and set username to // be used as a hint to the user if so if (evaluate(inRight, environment, now, Credential(pw->pw_name, pw->pw_uid, pw->pw_gid, mShared), true) == errAuthorizationSuccess) { + // user long name as hint usernamehint = string( pw->pw_gecos ); +#if 0 // minus other gecos crud size_t comma = usernamehint.find(','); if (comma) usernamehint = usernamehint.substr(0, comma); // or fallback to short username - if (usernamehint.size() == 0) +#endif + if (usernamehint.size() == 0) usernamehint = string( pw->pw_name ); } //fi } //fi @@ -658,6 +773,10 @@ Rule::evaluate(const Right &inRight, // @@@ Deal with potential credential merges. credentials.insert(newCredential); query.done(); + + // add credential to authinfo + auth.setCredentialInfo(newCredential); + return errAuthorizationSuccess; } else if (status != errAuthorizationDenied) @@ -714,7 +833,8 @@ Rule::evaluate(const Right &inRight, const AuthorizationEnvironment *environment return errAuthorizationDenied; // Is this the default group of this user? - // declares gr_gid int, as opposed to advertised (getgrent(3)) gid_t + // PR-2875126 declares gr_gid int, as opposed to advertised (getgrent(3)) gid_t + // When this is fixed this warning should go away. if (credential->gid() == gr->gr_gid) { debug("autheval", "user %s has group %s(%d) as default group, granting right %s", @@ -801,7 +921,8 @@ Engine::~Engine() void Engine::updateRules(CFAbsoluteTime now) { - if (mRules.empty()) + StLock _(mLock); + if (mRules.empty()) readRules(); else { @@ -957,6 +1078,8 @@ Rule Engine::getRule(const Right &inRight) const { string key(inRight.rightName()); + // Lock the rulemap + StLock _(mLock); for (;;) { RuleMap::const_iterator it = mRules.find(key); @@ -997,7 +1120,7 @@ Engine::getRule(const Right &inRight) const OSStatus Engine::authorize(const RightSet &inRights, const AuthorizationEnvironment *environment, AuthorizationFlags flags, const CredentialSet *inCredentials, CredentialSet *outCredentials, - MutableRightSet *outRights, const AuthorizationToken &auth) + MutableRightSet *outRights, AuthorizationToken &auth) { CredentialSet credentials; MutableRightSet rights; @@ -1074,3 +1197,5 @@ Engine::authorize(const RightSet &inRights, const AuthorizationEnvironment *envi return status; } + +} // end namespace Authorization diff --git a/SecurityServer/Authorization/AuthorizationEngine.h b/SecurityServer/Authorization/AuthorizationEngine.h index c0748e86..fcd47d33 100644 --- a/SecurityServer/Authorization/AuthorizationEngine.h +++ b/SecurityServer/Authorization/AuthorizationEngine.h @@ -24,11 +24,15 @@ * */ -#if !defined(__AuthorizationEngine__) -#define __AuthorizationEngine__ 1 +#ifndef _H_AUTHORIZATIONENGINE +#define _H_AUTHORIZATIONENGINE 1 #include +#include +#include "AuthorizationData.h" + #include +#include #include #include "agentquery.h" @@ -51,9 +55,9 @@ protected: Error(int err); public: const int error; - virtual CSSM_RETURN cssmError() const; - virtual OSStatus osStatus() const; - virtual const char *what () const; + virtual CSSM_RETURN cssmError() const throw(); + virtual OSStatus osStatus() const throw(); + virtual const char *what () const throw(); // @@@ Default value should be internal error. static void throwMe(int err = -1) __attribute((noreturn)); }; @@ -124,98 +128,6 @@ public: }; -class MutableRightSet; -class RightSet; - -class Right : protected AuthorizationItem -{ - friend MutableRightSet; - friend RightSet; -public: - static Right &overlay(AuthorizationItem &item); - static Right *overlay(AuthorizationItem *item); - Right(); - Right(AuthorizationString name, size_t valueLength, const void *value); - ~Right(); - - bool operator < (const Right &other) const; - AuthorizationString rightName() const { return name; } - size_t argumentLength() const { return valueLength; } - const void *argument() const { return value; } -}; - - -/* A RightSet is a Container and a Back Insertion Sequence, but it is not a Sequence. Also it only - implements the const members of Container and Back Insertion Sequence. */ -class RightSet -{ - friend class MutableRightSet; -public: - // Container required memebers - typedef Right value_type; - typedef const Right &const_reference; - typedef const Right *const_pointer; - typedef const_pointer const_iterator; - typedef ptrdiff_t difference_type; - typedef size_t size_type; - - RightSet(const AuthorizationRights *rights = NULL); - RightSet(const RightSet &other); - ~RightSet(); - - size_type size() const { return mRights->count; } - size_type max_size() const { return INT_MAX; } - const_iterator begin() const { return static_cast(mRights->items); } - const_iterator end() const { return static_cast(&mRights->items[mRights->count]); } - bool empty() const { return size() == 0; } - - // Back Insertion Sequence required memebers - const_reference back() const; - - // Other convenience members - operator const AuthorizationRights *() const { return mRights; } -private: - RightSet &operator = (const RightSet &other); - -protected: - static const AuthorizationRights gEmptyRights; - AuthorizationRights *mRights; -}; - - -/* A MutableRightSet is a Container and a Back Insertion Sequence, but it is not a Sequence. */ -class MutableRightSet : public RightSet -{ -public: - // Container required memebers - typedef Right &reference; - typedef Right *pointer; - typedef pointer iterator; - - MutableRightSet(size_t count = 0, const Right &element = Right()); - MutableRightSet(const RightSet &other); - ~MutableRightSet(); - - MutableRightSet &operator = (const RightSet &other); - - iterator begin() { return static_cast(mRights->items); } - iterator end() { return static_cast(&mRights->items[mRights->count]); } - void swap(MutableRightSet &other); - - // Back Insertion Sequence required memebers - reference back(); - void push_back(const_reference right); - void pop_back(); - - // Other convenience members - size_type capacity() const { return mCapacity; } -private: - void grow(size_type min_capacity); - - size_type mCapacity; -}; - - typedef set CredentialSet; @@ -231,7 +143,7 @@ public: OSStatus evaluate(const Right &inRight, const AuthorizationEnvironment *environment, AuthorizationFlags flags, CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials, - const AuthorizationToken &auth); + AuthorizationToken &auth); private: OSStatus evaluate(const Right &inRight, const AuthorizationEnvironment *environment, @@ -239,18 +151,22 @@ private: OSStatus obtainCredential(QueryAuthorizeByGroup &client, const Right &inRight, const AuthorizationEnvironment *environment, const char *usernameHint, Credential &outCredential, SecurityAgent::Reason reason); + OSStatus evaluateMechanism(const AuthorizationEnvironment *environment, AuthorizationToken &auth, CredentialSet &outCredentials); + enum Type { kDeny, kAllow, - kUserInGroup + kUserInGroup, + kEvalMech } mType; string mGroupName; CFTimeInterval mMaxCredentialAge; bool mShared; bool mAllowRoot; + string mEvalDef; static CFStringRef kUserInGroupID; static CFStringRef kTimeoutID; @@ -258,6 +174,8 @@ private: static CFStringRef kAllowRootID; static CFStringRef kDenyID; static CFStringRef kAllowID; + static CFStringRef kEvalMechID; + }; @@ -287,7 +205,7 @@ public: OSStatus authorize(const RightSet &inRights, const AuthorizationEnvironment *environment, AuthorizationFlags flags, const CredentialSet *inCredentials, CredentialSet *outCredentials, - MutableRightSet *outRights, const AuthorizationToken &auth); + MutableRightSet *outRights, AuthorizationToken &auth); private: void updateRules(CFAbsoluteTime now); void readRules(); @@ -301,12 +219,12 @@ private: CFAbsoluteTime mLastChecked; struct timespec mRulesFileMtimespec; - typedef map RightMap; typedef map RuleMap; RuleMap mRules; + mutable Mutex mLock; }; }; // namespace Authorization -#endif /* ! __AuthorizationEngine__ */ +#endif /* ! _H_AUTHORIZATIONENGINE */ diff --git a/SecurityServer/Authorization/AuthorizationPlugin.h b/SecurityServer/Authorization/AuthorizationPlugin.h index af0c5a1f..06c3a5ee 100644 --- a/SecurityServer/Authorization/AuthorizationPlugin.h +++ b/SecurityServer/Authorization/AuthorizationPlugin.h @@ -73,6 +73,14 @@ enum */ typedef const AuthorizationString AuthorizationMechanismId; +/*! +@typedef AuthorizationPluginId + @@@ Not used by plugin writers + */ +typedef const AuthorizationString AuthorizationPluginId; + + + /*! @typedef AuthorizationPluginRef An instance of a plugin (even though there will probably only be one). diff --git a/SecurityServer/Authorization/AuthorizationTags.h b/SecurityServer/Authorization/AuthorizationTags.h index 2b6537af..e472bd23 100644 --- a/SecurityServer/Authorization/AuthorizationTags.h +++ b/SecurityServer/Authorization/AuthorizationTags.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). @@ -17,15 +17,12 @@ /* - * AuthorizationTags.h - * Authorization -- Right tags for implementing access control in applications and daemons - * - * Copyright: (c) 2000, 2001 by Apple Computer, Inc., all rights reserved - * + * AuthorizationTags.h -- Right tags for implementing access control in + * applications and daemons */ -#if !defined(__AuthorizationTags__) -#define __AuthorizationTags__ 1 +#ifndef _SECURITY_AUTHORIZATIONTAGS_H_ +#define _SECURITY_AUTHORIZATIONTAGS_H_ /*! @@ -62,4 +59,4 @@ */ #define kAuthorizationRightExecute "system.privilege.admin" -#endif /* ! __AuthorizationTags__ */ +#endif /* !_SECURITY_AUTHORIZATIONTAGS_H_ */ diff --git a/SecurityServer/Authorization/AuthorizationWalkers.h b/SecurityServer/Authorization/AuthorizationWalkers.h index cef82848..4c5633a0 100644 --- a/SecurityServer/Authorization/AuthorizationWalkers.h +++ b/SecurityServer/Authorization/AuthorizationWalkers.h @@ -28,7 +28,9 @@ #define __AuthorizationWalkers__ 1 #include +#include #include +#include // char * walker namespace Security { @@ -54,6 +56,24 @@ AuthorizationItemSet *walk(Action &operate, AuthorizationItemSet * &itemSet) return itemSet; } +template +void walk(Action &operate, AuthorizationValue &authvalue) +{ + operate(authvalue.data, authvalue.length); +} + +template +AuthorizationValueVector *walk(Action &operate, AuthorizationValueVector * &valueVector) +{ + operate(valueVector); + operate(valueVector->values, valueVector->count * sizeof(AuthorizationValue)); + for (uint32 n = 0; n < valueVector->count; n++) + walk(operate, valueVector->values[n]); + return valueVector; +} + + + } // end namespace DataWalkers } // end namespace Security diff --git a/SecurityServer/Authorization/authorization.plist b/SecurityServer/Authorization/authorization.plist index 3359602a..0d0808df 100644 --- a/SecurityServer/Authorization/authorization.plist +++ b/SecurityServer/Authorization/authorization.plist @@ -74,6 +74,74 @@ + + system.login.console + + eval + loginwindow_builtin:login,authinternal,loginwindow_builtin:success + + + system.login.pam + + eval + push_hints_to_context,authinternal + + system.login.tty + + eval + push_hints_to_context,authinternal + + system.login.done + + eval + switch_to_user + + + + + system.preferences + + group + admin + shared + + allow-root + + + + + system.printingmanager + + group + admin + shared + + timeout + 0 + + + + sys.openfile. + + group + admin + shared + + timeout + 300 + + MDS_OBJECT_RECORDTYPE, MDS_CDSADIR_CSSM_RECORDTYPE; + break; + case Plugin: + parse this info --> MDS_OBJECT_RECORDTYPE, MDS_CDSADIR_COMMON_RECORDTYPE; + case PluginInfo: + recordType = lookup("MdsRecordType"); + dispatch to recordtype-specific parsing; + } + } +} +************/ + +#define RELEASE_EACH_URL 0 + +void MDSAttrParser::parseAttrs() +{ + /* get all *.mdsinfo files */ + /* + * FIXME - this leaks like crazy even though we CFRelease the array. + * With RELEASE_EACH_URL true, we attempt to release each element of + * the array, but that results in a ton of mallocDebug errors. I believe + * this is a CF leak. + */ + CFArrayRef bundleInfoFiles = CFBundleCopyResourceURLsOfType(mBundle, + CFSTR(MDS_INFO_TYPE), + NULL); // any subdir + if(bundleInfoFiles == NULL) { + Syslog::alert("MDSAttrParser: no mdsattr files for %s", mPath); + return; + } + assert(CFGetTypeID(bundleInfoFiles) == CFArrayGetTypeID()); + + /* process each .mdsinfo file */ + for(CFIndex i=0; i( + CFArrayGetValueAtIndex(bundleInfoFiles, i)); + if(infoUrl == NULL) { + MPDebug("MDSAttrParser: CFBundleCopyResourceURLsOfType screwup 1"); + continue; + } + if(CFGetTypeID(infoUrl) != CFURLGetTypeID()) { + MPDebug("MDSAttrParser: CFBundleCopyResourceURLsOfType screwup 2"); + continue; + } + + /* Get contents of mdsinfo file as dictionary */ + mdsDict = new MDSDictionary(infoUrl, mPath); + if(mdsDict == NULL) { + goto abortInfoFile; + } + MPDebug("Parsing mdsinfo file %s", mdsDict->fileDesc()); + + /* Determine what kind of info file this is and dispatch accordingly */ + infoType = (CFStringRef)mdsDict->lookup(CFSTR(MDS_INFO_FILE_TYPE), + true, CFStringGetTypeID()); + if(infoType == NULL) { + logFileError("Malformed MDS Info file", infoUrl, NULL, NULL); + goto abortInfoFile; + } + + /* be robust here, errors in these low-level routines do not affect + * the rest of our task */ + try { + if(CFStringCompare(infoType, CFSTR(MDS_INFO_FILE_TYPE_CSSM), 0) + == kCFCompareEqualTo) { + parseCssmInfo(mdsDict); + } + else if(CFStringCompare(infoType, CFSTR(MDS_INFO_FILE_TYPE_PLUGIN), 0) + == kCFCompareEqualTo) { + parsePluginCommon(mdsDict); + } + else if(CFStringCompare(infoType, CFSTR(MDS_INFO_FILE_TYPE_RECORD), 0) + == kCFCompareEqualTo) { + parsePluginSpecific(mdsDict); + } + else { + logFileError("Malformed MDS Info file", infoUrl, NULL, NULL); + } + } + catch(...) { + + } +abortInfoFile: + delete mdsDict; + } /* for each mdsinfo */ + /* FIXME - do we have to release each element of the array? */ + #if RELEASE_EACH_URL + for(CFIndex i=0; ilookup(MDS_INFO_FILE_RECORD_TYPE, + true, CFStringGetTypeID()); + if(recordTypeStr == NULL) { + MPDebug("%s: no %s record found\n", mdsDict->fileDesc(), + MDS_INFO_FILE_RECORD_TYPE); + return; + } + + /* convert to a known schema */ + const char *recordTypeCStr = MDSCFStringToCString(recordTypeStr); + const RelationInfo *relationInfo = MDSRecordTypeNameToRelation(recordTypeCStr); + if(relationInfo == NULL) { + Syslog::alert("MDS file %s has unsupported record type %s", + mdsDict->fileDesc(), recordTypeCStr); + MPDebug("MDS file %s has unsupported record type %s", + mdsDict->fileDesc(), recordTypeCStr); + delete [] recordTypeCStr; + return; + } + MPDebug("Parsing MDS file %s, recordType %s", mdsDict->fileDesc(), recordTypeCStr); + delete [] recordTypeCStr; + + /* handle special cases here */ + switch(relationInfo->DataRecordType) { + case MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE: + parseCspCapabilitiesRecord(mdsDict); + break; + case MDS_CDSADIR_TP_OIDS_RECORDTYPE: + parseTpPolicyOidsRecord(mdsDict); + break; + default: + /* all (normal) linear schema */ + parseMdsRecord(mdsDict, relationInfo, mCdsaDirHand); + } +} + + +/* + * Given an open MDSDictionary, create an MDS_OBJECT_RECORDTYPE record and + * add it to mObjectHand. Used when parsing both CSSM records and MOduleCommon + * records. + */ +void MDSAttrParser::parseObjectRecord( + MDSDictionary *mdsDict) +{ + assert(mdsDict != NULL); + assert(mObjectHand != 0); + parseMdsRecord(mdsDict, &kObjectRelation, mObjectHand); + +} + +/* + * Given an open dictionary and a RelationInfo defining a schema, fetch all + * attributes associated with the specified schema from the dictionary + * and write them to specified DB. + */ +void MDSAttrParser::parseMdsRecord( + MDSDictionary *mdsDict, + const RelationInfo *relInfo, + CSSM_DB_HANDLE dbHand) +{ + assert(mdsDict != NULL); + assert(relInfo != NULL); + assert(dbHand != 0); + + /* + * malloc an CSSM_DB_ATTRIBUTE_DATA array associated with specified schema. + */ + unsigned numSchemaAttrs = relInfo->NumberOfAttributes; + CSSM_DB_ATTRIBUTE_DATA *dbAttrs = new CSSM_DB_ATTRIBUTE_DATA[numSchemaAttrs]; + + /* + * Grind thru the attributes in the specified schema. Do not assume the presence + * of any given attribute. + */ + uint32 foundAttrs = 0; + mdsDict->lookupAttributes(relInfo, dbAttrs, foundAttrs); + + /* write to the DB */ + MDSInsertRecord(dbAttrs, foundAttrs, relInfo->DataRecordType, mDl, dbHand); + + MDSFreeDbRecordAttrs(dbAttrs, foundAttrs); + delete [] dbAttrs; +} + +/* + * Parse CSP capabilities. This is much more complicated than most records. + * The propertly list (*.mdsinfo) is set up like this: + * + * root(Dictionary) { + * ModuleID(String) + * SSID(Number) + * Capabilities(Array) { + * index 0(Dictionary) { + * AlgType(String) -- CSSM_ALGID_SHA1 + * ContextType(String) -- CSSM_ALGCLASS_DIGEST + * UseeTag(String) -- CSSM_USEE_NONE + * Description(String) -- "SHA1 Digest" + * Attributes(Array) + * index 0(Dictionary) + * AttributeType(String) -- CSSM_ATTRIBUTE_OUTPUT_SIZE + * AttributeValue(Array) { + * index 0(Number) -- 20 + * ... + * } + * index n ... + * } + * index n... + * } + * } + * + * The plist can specify multiple Capabilities, multiple Attributes for each + * Capability, and multiple values for each Attribute. (Note that MULTI_UINT32 + * in the DB is represented in the plist as an Array of Numbers.) Each element + * of each Attributes array maps to one record in the DB. The GroupID attribute + * of a record is the index into the plist's Capabilities array. + */ +void MDSAttrParser::parseCspCapabilitiesRecord( + MDSDictionary *mdsDict) +{ + /* + * Malloc an attribute array big enough for the whole schema. We're going + * to re-use this array every time we write a new record. Portions of + * the array are invariant for some inner loops. + */ + const RelationInfo *topRelInfo = + MDSRecordTypeToRelation(MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE); + assert(topRelInfo != NULL); + uint32 numInAttrs = topRelInfo->NumberOfAttributes; + CSSM_DB_ATTRIBUTE_DATA_PTR outAttrs = new CSSM_DB_ATTRIBUTE_DATA[numInAttrs]; + + /* these attrs are only set once, then they remain invariant */ + uint32 numTopLevelAttrs; + mdsDict->lookupAttributes(&CSPCapabilitiesDict1RelInfo, outAttrs, + numTopLevelAttrs); + + bool fetchedFromDisk = false; + + /* obtain Capabilities array */ + CFArrayRef capArray = (CFArrayRef)mdsDict->lookupWithIndirect("Capabilities", + mBundle, + CFArrayGetTypeID(), + fetchedFromDisk); + if(capArray == NULL) { + /* well we did not get very far.... */ + MPDebug("parseCspCapabilitiesRecord: no (or bad) Capabilities"); + delete [] outAttrs; + return; + } + + /* + * Descend into Capabilities array. Each element is a dictionary defined + * by CSPCapabilitiesDict2RelInfo. + */ + CFIndex capArraySize = CFArrayGetCount(capArray); + CFIndex capDex; + for(capDex=0; capDex + * Value(Data) -- optional, OID-specific + * index n... + * } + * } + * + * The plist can specify multiple Policies. Each element of the Policies + * array maps to one record in the DB. + */ +void MDSAttrParser::parseTpPolicyOidsRecord( + MDSDictionary *mdsDict) +{ + /* + * Malloc an attribute array big enough for the whole schema. We're going + * to re-use this array every time we write a new record. Portions of + * the array are invariant for some inner loops. + */ + const RelationInfo *topRelInfo = + MDSRecordTypeToRelation(MDS_CDSADIR_TP_OIDS_RECORDTYPE); + assert(topRelInfo != NULL); + uint32 numInAttrs = topRelInfo->NumberOfAttributes; + CSSM_DB_ATTRIBUTE_DATA_PTR outAttrs = new CSSM_DB_ATTRIBUTE_DATA[numInAttrs]; + + /* these attrs are only set once, then they remain invariant */ + uint32 numTopLevelAttrs; + mdsDict->lookupAttributes(&TpPolicyOidsDict1RelInfo, outAttrs, + numTopLevelAttrs); + + /* obtain Policies array */ + CFArrayRef policyArray = (CFArrayRef)mdsDict->lookup("Policies", + true, CFArrayGetTypeID()); + if(policyArray == NULL) { + /* well we did not get very far.... */ + MPDebug("parseTpPolicyOidsRecord: no (or bad) Policies"); + delete [] outAttrs; + return; + } + + /* + * Descend into Policies array. Each element is a dictionary defined + * by TpPolicyOidsDict2RelInfo. + */ + CFIndex policyArraySize = CFArrayGetCount(policyArray); + CFIndex policyDex; + for(policyDex=0; policyDex +#include "MDSSession.h" +#include "MDSDictionary.h" +#include "MDSAttrStrings.h" +#include + +/* + * Hard-coded strings, which we attempt to keep to a minimum + */ + +/* extension of a bundle's MDS files */ +#define MDS_INFO_TYPE "mdsinfo" + +/* key in an MDS info file determining whether it's for CSSM, plugin, or + * Plugin-specific MDS record type */ +#define MDS_INFO_FILE_TYPE "MdsFileType" + +/* Values for MDS_INFO_FILE_TYPE */ +#define MDS_INFO_FILE_TYPE_CSSM "CSSM" +#define MDS_INFO_FILE_TYPE_PLUGIN "PluginCommon" +#define MDS_INFO_FILE_TYPE_RECORD "PluginSpecific" + +/* For MDS_INFO_FILE_TYPE_RECORD files, this key is used to find the + * CSSM_DB_RECORDTYPE associated with the file's info. */ +#define MDS_INFO_FILE_RECORD_TYPE "MdsRecordType" + +/* key for file description string, for debugging and documentation (since + * PropertyListEditor does not support comments) */ +#define MDS_INFO_FILE_DESC "MdsFileDescription" + + +namespace Security +{ + +/* + * The purpose of the MDSAttrParser class is to process a set of plist files + * in a specified bundle or framework, parsing them to create data which + * is written to a pair of open DBs. Each plist file represents the bundle's + * entries for one or more MDS relations. Typically a bundle will have + * multiple plist files. + */ + +/* base class for all parsers */ +class MDSAttrParser +{ +public: + MDSAttrParser( + const char *bundlePath, + MDSSession &dl, + CSSM_DB_HANDLE objectHand, + CSSM_DB_HANDLE cdsaDirHand); + virtual ~MDSAttrParser(); + + /* the bulk of the work */ + void parseAttrs(); + +private: + void logFileError( + const char *op, + CFURLRef file, + CFStringRef errStr, // optional if you have it + SInt32 *errNo); // optional if you have it + + /* + * Parse a CSSM info file. + */ + void parseCssmInfo( + MDSDictionary *theDict); + + /* + * Parse a Plugin Common info file. + */ + void parsePluginCommon( + MDSDictionary *theDict); + + /* + * Parse a Plugin-specific file. + */ + void parsePluginSpecific( + MDSDictionary *theDict); + + /* + * Given an open dictionary (representing a parsed XML file), create + * an MDS_OBJECT_RECORDTYPE record and add it to mObjectHand. This is + * used by both parseCssmInfo and parsePluginCommon. + */ + void parseObjectRecord( + MDSDictionary *dict); + + /* + * Given an open dictionary and a RelationInfo defining a schema, fetch all + * attributes associated with the specified schema from the dictionary + * and write them to specified DB. + */ + void parseMdsRecord( + MDSDictionary *mdsDict, + const RelationInfo *relInfo, + CSSM_DB_HANDLE dbHand); + + /* + * Special case handlers for MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE and + * MDS_CDSADIR_TP_OIDS_RECORDTYPE. + */ + void parseCspCapabilitiesRecord( + MDSDictionary *mdsDict); + void parseTpPolicyOidsRecord( + MDSDictionary *mdsDict); + +private: + /* could be Security.framework or a loadable bundle anywhere */ + CFBundleRef mBundle; + char *mPath; + + /* a DL session and two open DBs - one for object directory, one for + * CDSA directory */ + MDSSession &mDl; + CSSM_DB_HANDLE mObjectHand; + CSSM_DB_HANDLE mCdsaDirHand; +}; + + +} // end namespace Security + +#endif /* _MDS_ATTR_PARSER_H_ */ diff --git a/cdsa/mds/MDSAttrStrings.cpp b/cdsa/mds/MDSAttrStrings.cpp new file mode 100644 index 00000000..c2afd93f --- /dev/null +++ b/cdsa/mds/MDSAttrStrings.cpp @@ -0,0 +1,778 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: MDSAttrStrings.cpp + + Contains: Static tables to map attribute names to numeric values. + + Copyright: (c) 2001 Apple Computer, Inc., all rights reserved. +*/ + +#include "MDSAttrStrings.h" +#include "MDSAttrUtils.h" +#include +#include +#include // CSSM_KR_POLICY_TYPE +#include // isDigit +#include // strcmp +#include // atoi + +namespace Security +{ + +/* declare one entry in a table of MDSNameValuePairs */ +#define MNVP(attr) {attr, #attr} + +/* the NULL entry which terminates all MDSNameValuePair tables */ +#define MNVP_END {0, NULL} + +/*** + *** common attributes + ***/ + +/* CSSM_SERVICE_MASK */ +const MDSNameValuePair MDSServiceNames[] = +{ + MNVP(CSSM_SERVICE_CSSM), + MNVP(CSSM_SERVICE_CSP), + MNVP(CSSM_SERVICE_DL), + MNVP(CSSM_SERVICE_CL), + MNVP(CSSM_SERVICE_TP), + MNVP(CSSM_SERVICE_AC), + MNVP(CSSM_SERVICE_KR), + MNVP_END +}; + +/* CSSM_ACL_SUBJECT_TYPE */ +const MDSNameValuePair MDSAclSubjectTypeNames[] = +{ + MNVP(CSSM_ACL_SUBJECT_TYPE_ANY), + MNVP(CSSM_ACL_SUBJECT_TYPE_THRESHOLD), + MNVP(CSSM_ACL_SUBJECT_TYPE_PASSWORD), + MNVP(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD), + MNVP(CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD), + MNVP(CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY), + MNVP(CSSM_ACL_SUBJECT_TYPE_HASHED_SUBJECT), + MNVP(CSSM_ACL_SUBJECT_TYPE_BIOMETRIC), + MNVP(CSSM_ACL_SUBJECT_TYPE_PROTECTED_BIOMETRIC), + MNVP(CSSM_ACL_SUBJECT_TYPE_PROMPTED_BIOMETRIC), + MNVP(CSSM_ACL_SUBJECT_TYPE_LOGIN_NAME), + MNVP(CSSM_ACL_SUBJECT_TYPE_EXT_PAM_NAME), + /* from cssmapple.h */ + MNVP(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT), + MNVP(CSSM_ACL_SUBJECT_TYPE_PROCESS), + MNVP(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE), + MNVP(CSSM_ACL_SUBJECT_TYPE_COMMENT), + MNVP_END +}; + +/* CSSM_ACL_AUTHORIZATION_TAG */ +const MDSNameValuePair MDSAclAuthTagNames[] = +{ + MNVP(CSSM_ACL_AUTHORIZATION_ANY), + MNVP(CSSM_ACL_AUTHORIZATION_LOGIN), + MNVP(CSSM_ACL_AUTHORIZATION_GENKEY), + MNVP(CSSM_ACL_AUTHORIZATION_DELETE), + MNVP(CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED), + MNVP(CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR), + MNVP(CSSM_ACL_AUTHORIZATION_IMPORT_WRAPPED), + MNVP(CSSM_ACL_AUTHORIZATION_IMPORT_CLEAR), + MNVP(CSSM_ACL_AUTHORIZATION_SIGN), + MNVP(CSSM_ACL_AUTHORIZATION_ENCRYPT), + MNVP(CSSM_ACL_AUTHORIZATION_DECRYPT), + MNVP(CSSM_ACL_AUTHORIZATION_MAC), + MNVP(CSSM_ACL_AUTHORIZATION_DERIVE), + MNVP(CSSM_ACL_AUTHORIZATION_DBS_CREATE), + MNVP(CSSM_ACL_AUTHORIZATION_DBS_DELETE), + MNVP(CSSM_ACL_AUTHORIZATION_DB_READ), + MNVP(CSSM_ACL_AUTHORIZATION_DB_INSERT), + MNVP(CSSM_ACL_AUTHORIZATION_DB_MODIFY), + MNVP(CSSM_ACL_AUTHORIZATION_DB_DELETE), + /* from cssmapple.h */ + MNVP(CSSM_ACL_AUTHORIZATION_CHANGE_ACL), + MNVP(CSSM_ACL_AUTHORIZATION_CHANGE_OWNER), + MNVP_END +}; + +/*** + *** CSP attributes + ***/ + +/* CSSM_CONTEXT_TYPE */ +const MDSNameValuePair MDSContextTypeNames[] = +{ + MNVP(CSSM_ALGCLASS_NONE), + MNVP(CSSM_ALGCLASS_CUSTOM), + MNVP(CSSM_ALGCLASS_SIGNATURE), + MNVP(CSSM_ALGCLASS_SYMMETRIC), + MNVP(CSSM_ALGCLASS_DIGEST), + MNVP(CSSM_ALGCLASS_RANDOMGEN), + MNVP(CSSM_ALGCLASS_UNIQUEGEN), + MNVP(CSSM_ALGCLASS_MAC), + MNVP(CSSM_ALGCLASS_ASYMMETRIC), + MNVP(CSSM_ALGCLASS_KEYGEN), + MNVP(CSSM_ALGCLASS_DERIVEKEY), + MNVP(CSSM_ALGCLASS_NONE), + MNVP_END +}; + +/* CSSM_ATTRIBUTE_TYPE */ +const MDSNameValuePair MDSAttributeTypeNames[] = +{ + MNVP(CSSM_ATTRIBUTE_NONE), + MNVP(CSSM_ATTRIBUTE_CUSTOM), + MNVP(CSSM_ATTRIBUTE_DESCRIPTION), + MNVP(CSSM_ATTRIBUTE_KEY), + MNVP(CSSM_ATTRIBUTE_INIT_VECTOR), + MNVP(CSSM_ATTRIBUTE_SALT), + MNVP(CSSM_ATTRIBUTE_PADDING), + MNVP(CSSM_ATTRIBUTE_RANDOM), + MNVP(CSSM_ATTRIBUTE_SEED), + MNVP(CSSM_ATTRIBUTE_PASSPHRASE), + MNVP(CSSM_ATTRIBUTE_KEY_LENGTH), + MNVP(CSSM_ATTRIBUTE_KEY_LENGTH_RANGE), + MNVP(CSSM_ATTRIBUTE_BLOCK_SIZE), + MNVP(CSSM_ATTRIBUTE_OUTPUT_SIZE), + MNVP(CSSM_ATTRIBUTE_ROUNDS), + MNVP(CSSM_ATTRIBUTE_IV_SIZE), + MNVP(CSSM_ATTRIBUTE_ALG_PARAMS), + MNVP(CSSM_ATTRIBUTE_LABEL), + MNVP(CSSM_ATTRIBUTE_KEY_TYPE), + MNVP(CSSM_ATTRIBUTE_MODE), + MNVP(CSSM_ATTRIBUTE_EFFECTIVE_BITS), + MNVP(CSSM_ATTRIBUTE_START_DATE), + MNVP(CSSM_ATTRIBUTE_END_DATE), + MNVP(CSSM_ATTRIBUTE_KEYUSAGE), + MNVP(CSSM_ATTRIBUTE_KEYATTR), + MNVP(CSSM_ATTRIBUTE_VERSION), + MNVP(CSSM_ATTRIBUTE_PRIME), + MNVP(CSSM_ATTRIBUTE_SUBPRIME), + MNVP(CSSM_ATTRIBUTE_ALG_ID), + MNVP(CSSM_ATTRIBUTE_ITERATION_COUNT), + MNVP(CSSM_ATTRIBUTE_ROUNDS_RANGE), + MNVP(CSSM_ATTRIBUTE_KRPROFILE_LOCAL), + MNVP(CSSM_ATTRIBUTE_KRPROFILE_REMOTE), + MNVP(CSSM_ATTRIBUTE_CSP_HANDLE), + MNVP(CSSM_ATTRIBUTE_DL_DB_HANDLE), + MNVP(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS), + MNVP(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT), + MNVP(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT), + MNVP(CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT), + MNVP(CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT), + MNVP_END +}; + +/* CSSM_PADDING */ +const MDSNameValuePair MDSPaddingNames[] = +{ + MNVP(CSSM_PADDING_NONE), + MNVP(CSSM_PADDING_CUSTOM), + MNVP(CSSM_PADDING_ZERO), + MNVP(CSSM_PADDING_ONE), + MNVP(CSSM_PADDING_ALTERNATE), + MNVP(CSSM_PADDING_FF), + MNVP(CSSM_PADDING_PKCS5), + MNVP(CSSM_PADDING_PKCS7), + MNVP(CSSM_PADDING_CIPHERSTEALING), + MNVP(CSSM_PADDING_RANDOM), + MNVP(CSSM_PADDING_PKCS1), + MNVP_END +}; + +/* CSSM_CSP_FLAGS */ +const MDSNameValuePair MDSCspFlagsNames[] = +{ + MNVP(CSSM_CSP_TOK_WRITE_PROTECTED), + MNVP(CSSM_CSP_TOK_LOGIN_REQUIRED), + MNVP(CSSM_CSP_TOK_USER_PIN_INITIALIZED), + MNVP(CSSM_CSP_TOK_PROT_AUTHENTICATION), + MNVP(CSSM_CSP_TOK_USER_PIN_EXPIRED), + MNVP(CSSM_CSP_TOK_SESSION_KEY_PASSWORD), + MNVP(CSSM_CSP_TOK_PRIVATE_KEY_PASSWORD), + MNVP(CSSM_CSP_STORES_PRIVATE_KEYS), + MNVP(CSSM_CSP_STORES_PUBLIC_KEYS), + MNVP(CSSM_CSP_STORES_SESSION_KEYS), + MNVP(CSSM_CSP_STORES_CERTIFICATES), + MNVP(CSSM_CSP_STORES_GENERIC), + MNVP_END +}; + +/* CSSM_ALGORITHMS */ +const MDSNameValuePair MDSAlgorithmNames[] = +{ + MNVP(CSSM_ALGID_NONE), + MNVP(CSSM_ALGID_CUSTOM), + MNVP(CSSM_ALGID_DH), + MNVP(CSSM_ALGID_PH), + MNVP(CSSM_ALGID_KEA), + MNVP(CSSM_ALGID_MD2), + MNVP(CSSM_ALGID_MD4), + MNVP(CSSM_ALGID_MD5), + MNVP(CSSM_ALGID_SHA1), + MNVP(CSSM_ALGID_NHASH), + MNVP(CSSM_ALGID_HAVAL), + MNVP(CSSM_ALGID_RIPEMD), + MNVP(CSSM_ALGID_IBCHASH), + MNVP(CSSM_ALGID_RIPEMAC), + MNVP(CSSM_ALGID_DES), + MNVP(CSSM_ALGID_DESX), + MNVP(CSSM_ALGID_RDES), + MNVP(CSSM_ALGID_3DES_3KEY_EDE), + MNVP(CSSM_ALGID_3DES_2KEY_EDE), + MNVP(CSSM_ALGID_3DES_1KEY_EEE), + MNVP(CSSM_ALGID_3DES_3KEY), + MNVP(CSSM_ALGID_3DES_3KEY_EEE), + MNVP(CSSM_ALGID_3DES_2KEY), + MNVP(CSSM_ALGID_3DES_2KEY_EEE), + MNVP(CSSM_ALGID_3DES_1KEY), + MNVP(CSSM_ALGID_IDEA), + MNVP(CSSM_ALGID_RC2), + MNVP(CSSM_ALGID_RC5), + MNVP(CSSM_ALGID_RC4), + MNVP(CSSM_ALGID_SEAL), + MNVP(CSSM_ALGID_CAST), + MNVP(CSSM_ALGID_BLOWFISH), + MNVP(CSSM_ALGID_SKIPJACK), + MNVP(CSSM_ALGID_LUCIFER), + MNVP(CSSM_ALGID_MADRYGA), + MNVP(CSSM_ALGID_FEAL), + MNVP(CSSM_ALGID_REDOC), + MNVP(CSSM_ALGID_REDOC3), + MNVP(CSSM_ALGID_LOKI), + MNVP(CSSM_ALGID_KHUFU), + MNVP(CSSM_ALGID_KHAFRE), + MNVP(CSSM_ALGID_MMB), + MNVP(CSSM_ALGID_GOST), + MNVP(CSSM_ALGID_SAFER), + MNVP(CSSM_ALGID_CRAB), + MNVP(CSSM_ALGID_RSA), + MNVP(CSSM_ALGID_DSA), + MNVP(CSSM_ALGID_MD5WithRSA), + MNVP(CSSM_ALGID_MD2WithRSA), + MNVP(CSSM_ALGID_ElGamal), + MNVP(CSSM_ALGID_MD2Random), + MNVP(CSSM_ALGID_MD5Random), + MNVP(CSSM_ALGID_SHARandom), + MNVP(CSSM_ALGID_DESRandom), + MNVP(CSSM_ALGID_SHA1WithRSA), + MNVP(CSSM_ALGID_CDMF), + MNVP(CSSM_ALGID_CAST3), + MNVP(CSSM_ALGID_CAST5), + MNVP(CSSM_ALGID_GenericSecret), + MNVP(CSSM_ALGID_ConcatBaseAndKey), + MNVP(CSSM_ALGID_ConcatKeyAndBase), + MNVP(CSSM_ALGID_ConcatBaseAndData), + MNVP(CSSM_ALGID_ConcatDataAndBase), + MNVP(CSSM_ALGID_XORBaseAndData), + MNVP(CSSM_ALGID_ExtractFromKey), + MNVP(CSSM_ALGID_SSL3PreMasterGen), + MNVP(CSSM_ALGID_SSL3MasterDerive), + MNVP(CSSM_ALGID_SSL3KeyAndMacDerive), + MNVP(CSSM_ALGID_SSL3MD5_MAC), + MNVP(CSSM_ALGID_SSL3SHA1_MAC), + MNVP(CSSM_ALGID_PKCS5_PBKDF1_MD5), + MNVP(CSSM_ALGID_PKCS5_PBKDF1_MD2), + MNVP(CSSM_ALGID_PKCS5_PBKDF1_SHA1), + MNVP(CSSM_ALGID_WrapLynks), + MNVP(CSSM_ALGID_WrapSET_OAEP), + MNVP(CSSM_ALGID_BATON), + MNVP(CSSM_ALGID_ECDSA), + MNVP(CSSM_ALGID_MAYFLY), + MNVP(CSSM_ALGID_JUNIPER), + MNVP(CSSM_ALGID_FASTHASH), + MNVP(CSSM_ALGID_3DES), + MNVP(CSSM_ALGID_SSL3MD5), + MNVP(CSSM_ALGID_SSL3SHA1), + MNVP(CSSM_ALGID_FortezzaTimestamp), + MNVP(CSSM_ALGID_SHA1WithDSA), + MNVP(CSSM_ALGID_SHA1WithECDSA), + MNVP(CSSM_ALGID_DSA_BSAFE), + MNVP(CSSM_ALGID_ECDH), + MNVP(CSSM_ALGID_ECMQV), + MNVP(CSSM_ALGID_PKCS12_SHA1_PBE), + MNVP(CSSM_ALGID_ECNRA), + MNVP(CSSM_ALGID_SHA1WithECNRA), + MNVP(CSSM_ALGID_ECES), + MNVP(CSSM_ALGID_ECAES), + MNVP(CSSM_ALGID_SHA1HMAC), + MNVP(CSSM_ALGID_FIPS186Random), + MNVP(CSSM_ALGID_ECC), + MNVP(CSSM_ALGID_MQV), + MNVP(CSSM_ALGID_NRA), + MNVP(CSSM_ALGID_IntelPlatformRandom), + MNVP(CSSM_ALGID_UTC), + MNVP(CSSM_ALGID_HAVAL3), + MNVP(CSSM_ALGID_HAVAL4), + MNVP(CSSM_ALGID_HAVAL5), + MNVP(CSSM_ALGID_TIGER), + MNVP(CSSM_ALGID_MD5HMAC), + MNVP(CSSM_ALGID_PKCS5_PBKDF2), + MNVP(CSSM_ALGID_RUNNING_COUNTER), + + /* from cssmapple.h */ + MNVP(CSSM_ALGID_APPLE_YARROW), + MNVP(CSSM_ALGID_AES), + MNVP(CSSM_ALGID_FEE), + MNVP(CSSM_ALGID_FEE_MD5), + MNVP(CSSM_ALGID_FEE_SHA1), + MNVP(CSSM_ALGID_FEED), + MNVP(CSSM_ALGID_FEEDEXP), + MNVP(CSSM_ALGID_ASC), + MNVP(CSSM_ALGID_SHA1HMAC_LEGACY), + MNVP_END +}; + +/* CSSM_ENCRYPT_MODE */ +const MDSNameValuePair MDSEncryptModeNames[] = +{ + MNVP(CSSM_ALGMODE_NONE), + MNVP(CSSM_ALGMODE_CUSTOM), + MNVP(CSSM_ALGMODE_ECB), + MNVP(CSSM_ALGMODE_ECBPad), + MNVP(CSSM_ALGMODE_CBC), + MNVP(CSSM_ALGMODE_CBC_IV8), + MNVP(CSSM_ALGMODE_CBCPadIV8), + MNVP(CSSM_ALGMODE_CFB), + MNVP(CSSM_ALGMODE_CFB_IV8), + MNVP(CSSM_ALGMODE_CFBPadIV8), + MNVP(CSSM_ALGMODE_OFB), + MNVP(CSSM_ALGMODE_OFB_IV8), + MNVP(CSSM_ALGMODE_OFBPadIV8), + MNVP(CSSM_ALGMODE_COUNTER), + MNVP(CSSM_ALGMODE_BC), + MNVP(CSSM_ALGMODE_PCBC), + MNVP(CSSM_ALGMODE_CBCC), + MNVP(CSSM_ALGMODE_OFBNLF), + MNVP(CSSM_ALGMODE_PBC), + MNVP(CSSM_ALGMODE_PFB), + MNVP(CSSM_ALGMODE_CBCPD), + MNVP(CSSM_ALGMODE_PUBLIC_KEY), + MNVP(CSSM_ALGMODE_PRIVATE_KEY), + MNVP(CSSM_ALGMODE_SHUFFLE), + MNVP(CSSM_ALGMODE_ECB64), + MNVP(CSSM_ALGMODE_CBC64), + MNVP(CSSM_ALGMODE_OFB64), + MNVP(CSSM_ALGMODE_CFB32), + MNVP(CSSM_ALGMODE_CFB16), + MNVP(CSSM_ALGMODE_CFB8), + MNVP(CSSM_ALGMODE_WRAP), + MNVP(CSSM_ALGMODE_PRIVATE_WRAP), + MNVP(CSSM_ALGMODE_RELAYX), + MNVP(CSSM_ALGMODE_ECB128), + MNVP(CSSM_ALGMODE_ECB96), + MNVP(CSSM_ALGMODE_CBC128), + MNVP(CSSM_ALGMODE_OAEP_HASH), + MNVP(CSSM_ALGMODE_PKCS1_EME_V15), + MNVP(CSSM_ALGMODE_PKCS1_EME_OAEP), + MNVP(CSSM_ALGMODE_PKCS1_EMSA_V15), + MNVP(CSSM_ALGMODE_ISO_9796), + MNVP(CSSM_ALGMODE_X9_31), + MNVP_END +}; + +/* CSSM_CSPTYPE */ +const MDSNameValuePair MDSCspTypeNames[] = +{ + MNVP(CSSM_CSP_SOFTWARE), + MNVP(CSSM_CSP_HARDWARE), + MNVP(CSSM_CSP_HYBRID), + MNVP_END +}; + +/* CSSM_USEE_TAG */ +const MDSNameValuePair MDSUseeTagsNames[] = +{ + MNVP(CSSM_USEE_NONE), + MNVP(CSSM_USEE_DOMESTIC), + MNVP(CSSM_USEE_FINANCIAL), + MNVP(CSSM_USEE_KRLE), + MNVP(CSSM_USEE_KRENT), + MNVP(CSSM_USEE_SSL), + MNVP(CSSM_USEE_AUTHENTICATION), + MNVP(CSSM_USEE_KEYEXCH), + MNVP(CSSM_USEE_MEDICAL), + MNVP(CSSM_USEE_INSURANCE), + MNVP(CSSM_USEE_WEAK), + MNVP_END +}; + +/* CSSM_CSP_READER_FLAGS */ +const MDSNameValuePair MDSCspReaderFlagsNames[] = +{ + MNVP(CSSM_CSP_RDR_TOKENPRESENT), + MNVP(CSSM_CSP_RDR_EXISTS), + MNVP(CSSM_CSP_RDR_HW), + MNVP_END +}; + +/* CSSM_SC_FLAGS */ +const MDSNameValuePair MDSCspScFlagsNames[] = +{ + MNVP(CSSM_CSP_TOK_RNG), + MNVP(CSSM_CSP_TOK_CLOCK_EXISTS), + MNVP_END +}; + +/* CSSM_SAMPLE_TYPE */ +const MDSNameValuePair MDSSampleTypeNames[] = +{ + MNVP(CSSM_SAMPLE_TYPE_PASSWORD), + MNVP(CSSM_SAMPLE_TYPE_HASHED_PASSWORD), + MNVP(CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD), + MNVP(CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD), + MNVP(CSSM_SAMPLE_TYPE_SIGNED_NONCE), + MNVP(CSSM_SAMPLE_TYPE_SIGNED_SECRET), + MNVP(CSSM_SAMPLE_TYPE_BIOMETRIC), + MNVP(CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC), + MNVP(CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC), + MNVP(CSSM_SAMPLE_TYPE_THRESHOLD), + /* from cssmapple.h */ + MNVP(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT), + MNVP(CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK), + MNVP(CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK), + MNVP(CSSM_SAMPLE_TYPE_PROCESS), + MNVP(CSSM_SAMPLE_TYPE_COMMENT), + MNVP(CSSM_SAMPLE_TYPE_RETRY_ID), + MNVP_END +}; + +/* CSSM_CERT_TYPE, CSSM_CERT_ENCODING (cert type in high 16 bits) */ +const MDSNameValuePair MDSCertTypeNames[] = +{ + /* CSSM_CERT_TYPE */ + MNVP(CSSM_CERT_UNKNOWN), + MNVP(CSSM_CERT_X_509v1), + MNVP(CSSM_CERT_X_509v2), + MNVP(CSSM_CERT_X_509v3), + MNVP(CSSM_CERT_PGP), + MNVP(CSSM_CERT_PGP), + MNVP(CSSM_CERT_SDSIv1), + MNVP(CSSM_CERT_Intel), + MNVP(CSSM_CERT_X_509_ATTRIBUTE), + MNVP(CSSM_CERT_X9_ATTRIBUTE), + MNVP(CSSM_CERT_TUPLE), + MNVP(CSSM_CERT_ACL_ENTRY), + MNVP(CSSM_CERT_MULTIPLE), + /* CSSM_CERT_ENCODING */ + MNVP(CSSM_CERT_ENCODING_UNKNOWN), + MNVP(CSSM_CERT_ENCODING_CUSTOM), + MNVP(CSSM_CERT_ENCODING_BER), + MNVP(CSSM_CERT_ENCODING_DER), + MNVP(CSSM_CERT_ENCODING_NDR), + MNVP(CSSM_CERT_ENCODING_SEXPR), + MNVP(CSSM_CERT_ENCODING_PGP), + MNVP(CSSM_CERT_ENCODING_MULTIPLE), + MNVP_END +}; + +/* CSSM_CRL_TYPE, CSSM_CRL_ENCODING (CRL type in high 16 bits) */ +const MDSNameValuePair MDSCrlTypeNames[] = +{ + /* CSSM_CRL_TYPE */ + MNVP(CSSM_CRL_TYPE_UNKNOWN), + MNVP(CSSM_CRL_TYPE_X_509v1), + MNVP(CSSM_CRL_TYPE_X_509v2), + MNVP(CSSM_CRL_TYPE_SPKI), + MNVP(CSSM_CRL_TYPE_MULTIPLE), + /* CSSM_CRL_ENCODING */ + MNVP(CSSM_CRL_ENCODING_UNKNOWN), + MNVP(CSSM_CRL_ENCODING_CUSTOM), + MNVP(CSSM_CRL_ENCODING_BER), + MNVP(CSSM_CRL_ENCODING_DER), + MNVP(CSSM_CRL_ENCODING_BLOOM), + MNVP(CSSM_CRL_ENCODING_SEXPR), + MNVP(CSSM_CRL_ENCODING_MULTIPLE), + MNVP_END +}; + +/* CSSM_CERT_BUNDLE_TYPE, CSSM_CERT_BUNDLE_ENCODING (bundle type in high 16 bits) */ +const MDSNameValuePair MDSCertBundleTypeNames[] = +{ + /* CSSM_CERT_BUNDLE_TYPE */ + MNVP(CSSM_CERT_BUNDLE_UNKNOWN), + MNVP(CSSM_CERT_BUNDLE_CUSTOM), + MNVP(CSSM_CERT_BUNDLE_PKCS7_SIGNED_DATA), + MNVP(CSSM_CERT_BUNDLE_PKCS7_SIGNED_ENVELOPED_DATA), + MNVP(CSSM_CERT_BUNDLE_PKCS12), + MNVP(CSSM_CERT_BUNDLE_PFX), + MNVP(CSSM_CERT_BUNDLE_SPKI_SEQUENCE), + MNVP(CSSM_CERT_BUNDLE_PGP_KEYRING), + /* CSSM_CERT_BUNDLE_ENCODING */ + MNVP(CSSM_CERT_BUNDLE_ENCODING_UNKNOWN), + MNVP(CSSM_CERT_BUNDLE_ENCODING_CUSTOM), + MNVP(CSSM_CERT_BUNDLE_ENCODING_BER), + MNVP(CSSM_CERT_BUNDLE_ENCODING_DER), + MNVP(CSSM_CERT_BUNDLE_ENCODING_SEXPR), + MNVP(CSSM_CERT_BUNDLE_PFX), + MNVP(CSSM_CERT_BUNDLE_ENCODING_PGP), + MNVP_END +}; + +/* CSSM_CL_TEMPLATE_TYPE */ +const MDSNameValuePair MDSCertTemplateTypeNames[] = +{ + MNVP(CSSM_CL_TEMPLATE_INTERMEDIATE_CERT), + MNVP(CSSM_CL_TEMPLATE_PKIX_CERTTEMPLATE), + MNVP_END +}; + +/* CSSM_TP_AUTHORITY_REQUEST_CERTISSUE */ +const MDSNameValuePair MDSTpAuthRequestNames[] = +{ + MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTISSUE), + MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTREVOKE), + MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTSUSPEND), + MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTRESUME), + MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTVERIFY), + MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTNOTARIZE), + MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTUSERECOVER), + MNVP(CSSM_TP_AUTHORITY_REQUEST_CRLISSUE), + MNVP_END +}; + +/* CSSM_DLTYPE */ +const MDSNameValuePair MDSDlTypeNames[] = +{ + MNVP(CSSM_DL_UNKNOWN), + MNVP(CSSM_DL_CUSTOM), + MNVP(CSSM_DL_LDAP), + MNVP(CSSM_DL_ODBC), + MNVP(CSSM_DL_PKCS11), + MNVP(CSSM_DL_FFS), + MNVP(CSSM_DL_MEMORY), + MNVP(CSSM_DL_REMOTEDIR), + MNVP_END +}; + +/* CSSM_DB_CONJUNCTIVE */ +const MDSNameValuePair MDSDbConjunctiveNames[] = +{ + MNVP(CSSM_DB_NONE), + MNVP(CSSM_DB_AND), + MNVP(CSSM_DB_OR), + MNVP_END +}; + +/* CSSM_DB_OPERATOR */ +const MDSNameValuePair MDSDbOperatorNames[] = +{ + MNVP(CSSM_DB_EQUAL), + MNVP(CSSM_DB_NOT_EQUAL), + MNVP(CSSM_DB_LESS_THAN), + MNVP(CSSM_DB_GREATER_THAN), + MNVP(CSSM_DB_CONTAINS), + MNVP(CSSM_DB_CONTAINS_INITIAL_SUBSTRING), + MNVP(CSSM_DB_CONTAINS_FINAL_SUBSTRING), + MNVP_END +}; + +/* CSSM_NET_PROTOCOL */ +const MDSNameValuePair MDSNetProtocolNames[] = +{ + MNVP(CSSM_NET_PROTO_NONE), + MNVP(CSSM_NET_PROTO_CUSTOM), + MNVP(CSSM_NET_PROTO_UNSPECIFIED), + MNVP(CSSM_NET_PROTO_LDAP), + MNVP(CSSM_NET_PROTO_LDAPS), + MNVP(CSSM_NET_PROTO_LDAPNS), + MNVP(CSSM_NET_PROTO_X500DAP), + MNVP(CSSM_NET_PROTO_FTP), + MNVP(CSSM_NET_PROTO_FTPS), + MNVP(CSSM_NET_PROTO_OCSP), + MNVP(CSSM_NET_PROTO_CMP), + MNVP(CSSM_NET_PROTO_CMPS), + MNVP_END +}; + +/* CSSM_DB_RETRIEVAL_MODES */ +const MDSNameValuePair MDSDbRetrievalModeNames[] = +{ + MNVP(CSSM_DB_TRANSACTIONAL_MODE), + MNVP(CSSM_DB_FILESYSTEMSCAN_MODE), + MNVP_END +}; + +/* CSSM_KR_POLICY_TYPE */ +/* FIXME the spec is kind of ambiguous - do we want + * CSSM_KR_POLICY_TYPE or CSSM_KR_POLICY_FLAGS? */ +const MDSNameValuePair MDSKrPolicyTypeNames[] = +{ + MNVP(CSSM_KR_INDIV_POLICY), + MNVP(CSSM_KR_ENT_POLICY), + MNVP(CSSM_KR_LE_MAN_POLICY), + MNVP(CSSM_KR_LE_USE_POLICY), + MNVP_END +}; + + +#if 0 +/* not used; superceded by MDSRecordTypeNameToRelation() */ +/* CSSM_DB_RECORDTYPE */ +const MDSNameValuePair MDSRecordTypeNames[] = +{ + MNVP(MDS_CDSADIR_CSSM_RECORDTYPE), + MNVP(MDS_CDSADIR_KRMM_RECORDTYPE), + MNVP(MDS_CDSADIR_EMM_RECORDTYPE), + MNVP(MDS_CDSADIR_COMMON_RECORDTYPE), + MNVP(MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE), + MNVP(MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE), + MNVP(MDS_CDSADIR_CSP_ENCAPSULATED_PRODUCT_RECORDTYPE), + MNVP(MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE), + MNVP(MDS_CDSADIR_DL_PRIMARY_RECORDTYPE), + MNVP(MDS_CDSADIR_DL_ENCAPSULATED_PRODUCT_RECORDTYPE), + MNVP(MDS_CDSADIR_CL_PRIMARY_RECORDTYPE), + MNVP(MDS_CDSADIR_CL_ENCAPSULATED_PRODUCT_RECORDTYPE), + MNVP(MDS_CDSADIR_TP_PRIMARY_RECORDTYPE), + MNVP(MDS_CDSADIR_TP_OIDS_RECORDTYPE), + MNVP(MDS_CDSADIR_TP_ENCAPSULATED_PRODUCT_RECORDTYPE), + MNVP(MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE), + MNVP(MDS_CDSADIR_AC_PRIMARY_RECORDTYPE), + MNVP(MDS_CDSADIR_KR_PRIMARY_RECORDTYPE), + MNVP(MDS_CDSADIR_EMM_RECORDTYPE), + MNVP(MDS_CDSADIR_MDS_SCHEMA_RELATIONS), + MNVP(MDS_CDSADIR_MDS_SCHEMA_ATTRIBUTES), + MNVP(MDS_CDSADIR_MDS_SCHEMA_INDEXES), + MNVP_END +}; +#endif + +static bool isNumericStr( + const char *str, + bool hexOK) +{ + while(*str) { + char c = *str++; + if(isdigit(c)) { + continue; + } + if(hexOK) { + if((c >= 'a') && (c <= 'f')) { + continue; + } + if((c >= 'A') && (c <= 'F')) { + continue; + } + } + return false; + } + return true; +} + +/* convert ASCII hex digit - assumed validated already */ +unsigned char hexDigit( + unsigned char d) +{ + if((d >= '0') && (d <= '9')) { + return d - '0'; + } + else if((d >= 'a') && (d <= 'f')) { + return d - 'a' + 10; + } + else { + return d - 'A' + 10; + } +} + +static unsigned strToHex( + const char *str) +{ + unsigned rtn = 0; + while(*str) { + rtn <<= 4; + rtn |= hexDigit(*str++); + } + return rtn; +} + +/* + * Core routine to convert a single string token to a uint32. Incoming token can + * be in the form of a string from the specified MDSNameValuePair table or a literal + * number, either in hex (prefix "0x") or decimal. Tokens in any form may be + * prefixed by "<<" indicating the value is to be shifted left by 16 bits. + */ +CSSM_RETURN MDSAttrNameToValue( + const char *name, + const MDSNameValuePair *table, // optional, string must be decimal or hex if NULL + uint32 &value) // RETURNED +{ + if(name == NULL) { + return CSSMERR_CSSM_MDS_ERROR; + } + if(*name == '\0') { + /* empty string, legal */ + value = 0; + return CSSM_OK; + } + + /* prefixed by "<<"? */ + bool shiftBy16 = false; + if((name != NULL) && (name[0] == '<') && (name[1] == '<')) { + shiftBy16 = true; + name += 2; + } + + /* attempt to find the string in lookup table */ + if(table != NULL) { + while(table->name != NULL) { + if(!strcmp(table->name, name)) { + value = table->value; + if(shiftBy16) { + value <<= 16; + } + return CSSM_OK; + } + table++; + } + } + + /* not found - is the string a number? */ + if(isdigit(name[0])) { + bool isNum; + bool isHex = false; + if((name[0] == '0') && (name[1] == 'x')) { + /* hex - skip first two chars */ + isHex = true; + name += 2; + isNum = isNumericStr(name, true); + } + else { + isNum = isNumericStr(name, false); + } + if(!isNum) { + return CSSMERR_CSSM_MDS_ERROR; + } + if(isHex) { + value = strToHex(name); + } + else { + value = atoi(name); + } + if(shiftBy16) { + value <<= 16; + } + return CSSM_OK; + } + else { + /* not a number */ + return CSSMERR_CSSM_MDS_ERROR; + } +} + + +} // end namespace Security diff --git a/cdsa/mds/MDSAttrStrings.h b/cdsa/mds/MDSAttrStrings.h new file mode 100644 index 00000000..36c2859e --- /dev/null +++ b/cdsa/mds/MDSAttrStrings.h @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: MDSAttrStrings.h + + Contains: Static tables to map attribute names to numeric values. + + Copyright: (c) 2001 Apple Computer, Inc., all rights reserved. +*/ + +#ifndef _MDS_ATTR_STRINGS_H_ +#define _MDS_ATTR_STRINGS_H_ 1 + +#include + +namespace Security +{ + +/* + * Each type of attribute has a name/value pair in a table of these: + */ +typedef struct { + uint32 value; + const char *name; +} MDSNameValuePair; + +/* + * Various tables. + */ + +/* attributes in Object and Common relations */ +extern const MDSNameValuePair MDSServiceNames[]; // CSSM_SERVICE_MASK + +/* CSP attributes */ +extern const MDSNameValuePair MDSContextTypeNames[]; // CSSM_CONTEXT_TYPE +extern const MDSNameValuePair MDSAttributeTypeNames[]; // CSSM_ATTRIBUTE_TYPE +extern const MDSNameValuePair MDSPaddingNames[]; // CSSM_PADDING +extern const MDSNameValuePair MDSCspFlagsNames[]; // CSSM_CSP_FLAGS +extern const MDSNameValuePair MDSAlgorithmNames[]; // CSSM_ALGORITHMS +extern const MDSNameValuePair MDSEncryptModeNames[]; // CSSM_ENCRYPT_MODE +extern const MDSNameValuePair MDSCspTypeNames[]; // CSSM_CSPTYPE +extern const MDSNameValuePair MDSUseeTagsNames[]; // CSSM_USEE_TAG +extern const MDSNameValuePair MDSCspReaderFlagsNames[]; // CSSM_CSP_READER_FLAGS +extern const MDSNameValuePair MDSCspScFlagsNames[]; // CSSM_SC_FLAGS + +/* CL attributes */ +extern const MDSNameValuePair MDSCertTypeNames[]; // CSSM_CERT_TYPE +extern const MDSNameValuePair MDSCrlTypeNames[]; // CSSM_CRL_TYPE +extern const MDSNameValuePair MDSCertBundleTypeNames[]; // CSSM_CERT_BUNDLE_TYPE +extern const MDSNameValuePair MDSCertTemplateTypeNames[]; + // CSSM_CL_TEMPLATE_TYPE + +/* TP attributes */ +/* CSSM_TP_AUTHORITY_REQUEST_CERTISSUE */ +extern const MDSNameValuePair MDSTpAuthRequestNames[]; + // CSSM_TP_AUTHORITY_REQUEST_CERTISSUE + +/* DL attributes */ +extern const MDSNameValuePair MDSDlTypeNames[]; // CSSM_DLTYPE +extern const MDSNameValuePair MDSDbConjunctiveNames[]; // CSSM_DB_CONJUNCTIVE +extern const MDSNameValuePair MDSDbOperatorNames[]; // CSSM_DB_OPERATOR +extern const MDSNameValuePair MDSNetProtocolNames[]; // CSSM_NET_PROTOCOL +extern const MDSNameValuePair MDSDbRetrievalModeNames[];// CSSM_DB_RETRIEVAL_MODES + +/* misc. */ +extern const MDSNameValuePair MDSAclSubjectTypeNames[]; // CSSM_ACL_SUBJECT_TYPE +extern const MDSNameValuePair MDSAclAuthTagNames[]; // CSSM_ACL_AUTHORIZATION_TAG +extern const MDSNameValuePair MDSSampleTypeNames[]; // CSSM_SAMPLE_TYPE +extern const MDSNameValuePair MDSKrPolicyTypeNames[]; // CSSM_KR_POLICY_TYPE + +// extern const MDSNameValuePair MDSRecordTypeNames[]; // CSSM_DB_RECORDTYPE + +/* + * Use this function to convert a name, e.g. "CSSM_ALGCLASS_SIGNATURE", to + * its associated value as a uint32. Caller specifies proper lookup table + * as an optimization to avoid grunging thru entire CDSA namespace on every + * lookup. + * + * If the specified name is not found, or if no MDSNameValuePair is specified, + * an attempt will be made to convert the incoming string to a number as if + * it were an ASCII hex (starts with "0x") or decimal (starts with any other numeric + * string) string. If that fails, CSSMERR_CSSM_MDS_ERROR is returned. + * + * Values can be prefixed with "<<" indicating that the indicated + * value is to be shifted 16 bits. Cf. CL Primary Relation, {Cert,Crl}TypeFormat. + * This applies to both numeric and string tokens. + */ +CSSM_RETURN MDSAttrNameToValue( + const char *name, + const MDSNameValuePair *table, + uint32 &value); // RETURNED + +} // end namespace Security + +#endif /* _MDS_ATTR_STRINGS_H_ */ diff --git a/cdsa/mds/MDSAttrUtils.cpp b/cdsa/mds/MDSAttrUtils.cpp new file mode 100644 index 00000000..258e640b --- /dev/null +++ b/cdsa/mds/MDSAttrUtils.cpp @@ -0,0 +1,290 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: MDSAttrUtils.cpp + + Contains: Stateless functions used by MDSAttrParser. + + Copyright: (c) 2001 Apple Computer, Inc., all rights reserved. +*/ + +#include "MDSAttrUtils.h" +#include +#include + +namespace Security +{ + +/* + * Fill in one CSSM_DB_ATTRIBUTE_DATA with specified data, type and attribute name. + * CSSM_DB_ATTRIBUTE_DATA.Value and its referent are new[]'d and copied. + * Assumes: + * -- AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING + * -- NumberOfValues = 1 + */ +void MDSRawValueToDbAttr( + const void *value, + size_t len, + CSSM_DB_ATTRIBUTE_FORMAT attrFormat, // CSSM_DB_ATTRIBUTE_FORMAT_STRING, etc. + const char *attrName, + CSSM_DB_ATTRIBUTE_DATA &attr, + uint32 numValues) +{ + CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo = &attr.Info; + attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attrInfo->Label.AttributeName = const_cast(attrName); + attrInfo->AttributeFormat = attrFormat; + attr.NumberOfValues = numValues; + attr.Value = new CSSM_DATA[1]; + attr.Value->Data = new uint8[len]; + attr.Value->Length = len; + memcpy(attr.Value->Data, value, len); +} + + +/* + * Free data new[]'d in the above function. + */ +void MDSFreeDbRecordAttrs( + CSSM_DB_ATTRIBUTE_DATA *attrs, + unsigned numAttrs) +{ + uint32 i; + for(i=0; iValue != NULL); + delete [] attrs->Value->Data; + attrs->Value->Data = NULL; + attrs->Value->Length = 0; + delete [] attrs->Value; + attrs->Value = NULL; + attrs++; + } +} + +/* safely get a new[]'d C string from a CFString */ +char *MDSCFStringToCString( + CFStringRef cfStr) +{ + char *rtn = NULL; + unsigned len = CFStringGetLength(cfStr) + 1; + rtn = new char[len]; + if(rtn) { + CFStringGetCString(cfStr, rtn, len, CFStringGetSystemEncoding()); + } + return rtn; +} + +/* copy a new[]'d C string from a C string */ +char *MDSCopyCstring( + const char *inStr) +{ + char *outStr = new char[::strlen(inStr) + 1]; + strcpy(outStr, inStr); + return outStr; +} + +/* + * Given a CFTypeRef which is either a CFString, a CFNumber, or a CFBoolean, + * do our best to convert it to a uint32. If it's a CFString, we'll use a + * MDSNameValuePair to convert it. CFStrings expressed as decimal numbers + * are also converted properly. (MAYBE we'll convert hex strings too...TBD...) + * Returns true if conversion was successful. + */ +bool MDSCfTypeToInt( + CFTypeRef cfValue, + const MDSNameValuePair *nameValues, // optional for converting strings to numbers + const char *key, // for debug logging only + uint32 &iValue) // RETURNED +{ + assert(cfValue != NULL); + CFTypeID valueType = CFGetTypeID(cfValue); + if(valueType == CFStringGetTypeID()) { + CSSM_RETURN crtn = MDSStringToUint32((CFStringRef)cfValue, + nameValues, iValue); + if(crtn) { + MPDebug("cfTypeToInt: key %s uint32 form, string data (%s), " + "bad conv", key, + CFStringGetCStringPtr((CFStringRef)cfValue, + CFStringGetSystemEncoding())); + return false; + } + return true; + } /* stored as string */ + else if(valueType == CFNumberGetTypeID()) { + /* be paranoid - there is no unsigned type for CFNumber */ + CFNumberRef cfNum = (CFNumberRef)cfValue; + CFNumberType numType = CFNumberGetType(cfNum); + switch(numType) { + case kCFNumberSInt8Type: + case kCFNumberSInt16Type: + case kCFNumberSInt32Type: + case kCFNumberCharType: + case kCFNumberShortType: + case kCFNumberIntType: + case kCFNumberLongType: + case kCFNumberSInt64Type: // apparently the default + /* OK */ + break; + default: + MPDebug("MDS cfTypeToInt: Bad CFNumber type (%d) key %s", numType, key); + return false; + } + Boolean brtn = CFNumberGetValue(cfNum, kCFNumberLongType, &iValue); + if(!brtn) { + MPDebug("MDS cfTypeToInt: Bad CFNumber conversion"); + return false; + } + return true; + } /* stored as number */ + else if(valueType == CFBooleanGetTypeID()) { + Boolean b = CFBooleanGetValue((CFBooleanRef)cfValue); + iValue = b ? 1 : 0; + return true; + } + else { + MPDebug("MDS cfTypeToInt: key %s, uint32 form, bad CF type (%d)", + key, (int)valueType); + return false; + } +} + +/* + * Insert a record, defined by a CSSM_DB_ATTRIBUTE_DATA array, into specified + * DL and DB. Returns true on success. + */ +bool MDSInsertRecord( + const CSSM_DB_ATTRIBUTE_DATA *inAttr, + unsigned numAttrs, + CSSM_DB_RECORDTYPE recordType, + MDSSession &dl, + CSSM_DB_HANDLE dbHand) +{ + CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrData; + CSSM_DB_UNIQUE_RECORD_PTR uid = NULL; + bool ourRtn = true; + + recordAttrData.DataRecordType = recordType; + recordAttrData.SemanticInformation = 0; + recordAttrData.NumberOfAttributes = numAttrs; + recordAttrData.AttributeData = + const_cast(inAttr); + + try { + dl.DataInsert(dbHand, + recordType, + &recordAttrData, + NULL, + uid); + } + catch (const CssmError &cerr) { + MPDebug("MDSInsertRecord: DataInsert: %s", + cssmErrorString(cerr).c_str()); + ourRtn = false; + } + catch(...) { + MPDebug("MDSInsertRecord: DataInsert: unknown exception"); + ourRtn = false; + } + if(uid != NULL) { + dl.FreeUniqueRecord(dbHand, *uid); + } + return ourRtn; +} + +/* + * Convert a number expressed as a CFString to a uint32 using the specified + * name/value conversion table. The string may have multiple fields from that + * table, ORd together in normal C syntax. Like + * + * CSSM_SERVICE_CSP | CSSM_SERVICE_DL + * + * Individual tokens can also be expressed numerically, either in decimal or + * (if prefaced by "0x" hex. Numeric tokens and symbolic string tokens can + * be intermixed in the same incoming string. + * + * Individual tokens can be prefixed with "<<" indicating that the indicated + * value is to be shifted 16 bits. Cf. CL Primary Relation, {Cert,Crl}TypeFormat. + * This applies to both numeric and string tokens. + */ +CSSM_RETURN MDSStringToUint32( + CFStringRef str, + const MDSNameValuePair *table, // optional, string must be decimal + uint32 &value) +{ + char *cstr = MDSCFStringToCString(str); + if(cstr == NULL) { + /* should "never" happen...right? */ + MPDebug("MDSStringToUint32: CFString conversion error"); + return CSSMERR_CSSM_MDS_ERROR; + } + + char tokenStr[200]; + char *src = cstr; + char *dst = tokenStr; + char c; + CSSM_RETURN crtn = CSSM_OK; + + value = 0; + while(*src != '\0') { + /* Get one token from src --> tokenStr[] */ + /* First skip whitespace and '|' */ + for( ; *src != '\0'; src++) { + c = *src; + if(!isspace(c) && (c != '|')) { + /* first char of token */ + *dst++ = c; + src++; + break; + } + } + if((*src == '\0') && (dst == tokenStr)) { + /* done */ + break; + } + + /* dst[-1] is the first good character of token; copy until + * space or '|' */ + for( ; *src != '\0'; src++) { + c = *src; + if(isspace(c) || (c == '|')) { + break; + } + else { + *dst++ = c; + } + } + + /* NULL terminate token string, convert to numeric value */ + *dst = '\0'; + uint32 tokenVal = 0; + CSSM_RETURN crtn = MDSAttrNameToValue(tokenStr, table, tokenVal); + if(crtn) { + /* punt */ + break; + } + value |= tokenVal; + + /* restart */ + dst = tokenStr; + } + delete [] cstr; + return crtn; +} + +} // end namespace Security diff --git a/cdsa/mds/MDSAttrUtils.h b/cdsa/mds/MDSAttrUtils.h new file mode 100644 index 00000000..27741015 --- /dev/null +++ b/cdsa/mds/MDSAttrUtils.h @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: MDSAttrUtils.h + + Contains: Stateless functions used by MDSAttrParser. + + Copyright: (c) 2001 Apple Computer, Inc., all rights reserved. +*/ + +#ifndef _MDS_ATTR_UTILS_H_ +#define _MDS_ATTR_UTILS_H_ 1 + +#include +#include +#include +#include "MDSAttrStrings.h" +#include "MDSSession.h" + +/* log parsing events */ +#define MPDebug(args...) debug("MDS_Parse", ## args) + +/* log scanning events */ +#define MSDebug(args...) debug("MDS_Scan", ## args) + +/* + * I can't believe that CFRelease does not do this... + */ +#define CF_RELEASE(c) if(c != NULL) { CFRelease(c); c = NULL; } + +namespace Security +{ + +/* + * Fill in one CSSM_DB_ATTRIBUTE_DATA with specified data, type and attribute name. + * CSSM_DB_ATTRIBUTE_DATA.Value and its referent are new[]'d and copied. + * Assumes: + * -- AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING + */ +extern void MDSRawValueToDbAttr( + const void *value, + size_t len, + CSSM_DB_ATTRIBUTE_FORMAT attrFormat, // CSSM_DB_ATTRIBUTE_FORMAT_STRING, etc. + const char *attrName, + CSSM_DB_ATTRIBUTE_DATA &attr, + uint32 numValues = 1); + +/* + * Free data new[]'d in the above function. + */ +extern void MDSFreeDbRecordAttrs( + CSSM_DB_ATTRIBUTE_DATA *attrs, + unsigned numAttrs); + + +/* safely get a new[]'d C string from a CFString */ +char *MDSCFStringToCString( + CFStringRef cfStr); + +/* copy a new[]'d C string from a C string */ +char *MDSCopyCstring( + const char *inStr); + +/* + * Given a CFTypeRef which is either a CFString or a CFNumber, do our best to + * convert it to a uint32. If it's a CFString, we'll use a MDSNameValuePair + * to convert it. CFStrings expressed as decimal numbers are also converted + * properly. (MAYBE we'll convert hex strings too...TBD...) + * Returns true if conversion was successful. + */ +bool MDSCfTypeToInt( + CFTypeRef cfValue, + const MDSNameValuePair *nameValues, // optional for converting strings to numbers + const char *key, // for debug logging only + uint32 &value); // RETURNED + +/* + * Insert a record, defined by a CSSM_DB_ATTRIBUTE_DATA array, into specified + * DL and DB. Returns true on success. + */ +bool MDSInsertRecord( + const CSSM_DB_ATTRIBUTE_DATA *inAttr, + unsigned numAttrs, + CSSM_DB_RECORDTYPE recordType, + MDSSession &dl, + CSSM_DB_HANDLE dbHand); + +/* + * Convert a number expressed as a CFString to a uint32 using the specified + * name/value conversion table. The string may have multiple fields from that + * table, ORd together in normal C syntax. Like + * + * CSSM_SERVICE_CSP | CSSM_SERVICE_DL + */ +CSSM_RETURN MDSStringToUint32( + CFStringRef str, + const MDSNameValuePair *table, + uint32 &value); // RETURNED + + +} // end namespace Security + +#endif /* _MDS_ATTR_UTILS_H_ */ diff --git a/cdsa/mds/MDSDictionary.cpp b/cdsa/mds/MDSDictionary.cpp new file mode 100644 index 00000000..583e0071 --- /dev/null +++ b/cdsa/mds/MDSDictionary.cpp @@ -0,0 +1,533 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: MDSDictionary.cpp + + Contains: Internal representation of one MDS info file in the form of + a CFDictionary. + + Copyright: (c) 2001 Apple Computer, Inc., all rights reserved. +*/ + +#include "MDSDictionary.h" +#include "MDSAttrParser.h" +#include "MDSAttrUtils.h" +#include +#include +#include + +namespace Security +{ + +/* heavyweight constructor from file */ +MDSDictionary::MDSDictionary( + CFURLRef fileUrl, + const char *fullPath) // could get from fileUrl, but very messy! + : mDict(NULL), + mWeOwnDict(false), + mUrlPath(NULL), + mFileDesc(NULL) +{ + CFDataRef dictData = NULL; + CFStringRef cfErr = NULL; + + assert(fileUrl != NULL); + mUrlPath = MDSCopyCstring(fullPath); + MPDebug("Creating MDSDictionary from %s", mUrlPath); + + /* Load data from URL */ + SInt32 uerr; + Boolean brtn = CFURLCreateDataAndPropertiesFromResource( + NULL, + fileUrl, + &dictData, + NULL, // properties + NULL, // desiredProperties + &uerr); + if(!brtn) { + Syslog::alert("Error reading MDS file %s: %d", mUrlPath, uerr); + CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR); + } + + /* if it's not a dictionary, we don't want it */ + mDict = reinterpret_cast( + CFPropertyListCreateFromXMLData(NULL, + dictData, + kCFPropertyListImmutable, + &cfErr)); + CFRelease(dictData); + if(mDict == NULL) { + Syslog::alert("Malformed MDS file %s (1)", mUrlPath); + CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR); + } + + /* henceforth we must release this dictionary */ + mWeOwnDict = true; + if(CFGetTypeID(mDict) != CFDictionaryGetTypeID()) { + Syslog::alert("Malformed MDS file %s (2)", mUrlPath); + CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR); + } + CF_RELEASE(cfErr); + + /* get file description for error logging and debugging */ + CFStringRef cfStr = (CFStringRef)lookup(CFSTR(MDS_INFO_FILE_DESC), + true, CFStringGetTypeID()); + if(cfStr) { + unsigned len = CFStringGetLength(cfStr) + 1; + mFileDesc = new char[len]; + if(mFileDesc) { + CFStringGetCString(cfStr, mFileDesc, len, + CFStringGetSystemEncoding()); + } + } +} + +/* lightweight constructor from existing CFDictionary */ +MDSDictionary::MDSDictionary(CFDictionaryRef theDict) + : mDict(theDict), + mWeOwnDict(false), + mUrlPath(NULL), + mFileDesc(NULL) +{ + /* note caller owns and releases the dictionary */ + if(mDict == NULL) { + MPDebug("Malformed MDS file (3)"); + CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR); + } + if(CFGetTypeID(mDict) != CFDictionaryGetTypeID()) { + MPDebug("Malformed MDS file (4)"); + CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR); + } +} + +MDSDictionary::~MDSDictionary() +{ + if(mWeOwnDict) { + CF_RELEASE(mDict); + } + mDict = NULL; + delete [] mUrlPath; + delete [] mFileDesc; +} + +/* lookup by either C string or CFStringRef - returns NULL on error */ +const void *MDSDictionary::lookup( + const char *key, + bool checkType, + CFTypeID type) +{ +#if 0 + CFStringRef cfKey = CFStringCreateWithCStringNoCopy(NULL, + key, + CFStringGetSystemEncoding(), + kCFAllocatorNull); +#else + CFStringRef cfKey = CFStringCreateWithCString(NULL, + key, + CFStringGetSystemEncoding()); +#endif + if(cfKey == NULL) { + MPDebug("MDSDictionary::lookup: error creating CFString for key"); + return NULL; + } + const void *rtn = lookup(cfKey, checkType, type); + CFRelease(cfKey); + return rtn; + +} + +const void *MDSDictionary::lookup( + CFStringRef key, + bool checkType, + CFTypeID type) +{ + assert(mDict != NULL); + const void *rtn = CFDictionaryGetValue(mDict, key); + if(rtn && checkType) { + if(CFGetTypeID((CFTypeRef)rtn) != type) { + return NULL; + } + } + return rtn; +} + +/* + * Common means to perform a lookup in a dictionary given a C-string key and + * placing the value - if present - in a CSSM_DB_ATTRIBUTE_DATA. Any errors + * are only logged via MPDebug. Returns true if the value was found and + * successfully placed in supplied CSSM_DB_ATTRIBUTE_DATA. + * + * For now we assume that the key in the dictionary is the same as the key + * in the DB to which we're writing. + * + * We're also assuming that all DB keys are of format CSSM_DB_ATTRIBUTE_NAME_AS_STRING. + */ +bool MDSDictionary::lookupToDbAttr( + const char *key, + CSSM_DB_ATTRIBUTE_DATA &attr, + CSSM_DB_ATTRIBUTE_FORMAT attrFormat, + const MDSNameValuePair *nameValues) // optional for converting strings to numbers +{ + assert(mDict != NULL); + assert(&attr != NULL); + + CFTypeRef value; // polymorphic dictionary value + bool ourRtn = false; + const void *srcPtr = NULL; // polymorphic raw source bytes + unsigned srcLen; + CSSM_STRING cstr; + uint32 ival = 0; + uint32 *ivalArray = NULL; + uint32 numValues = 1; // the default for MDSRawValueToDbAttr + + value = (CFTypeRef)lookup(key); + if(value == NULL) { + /* + * Special case here: we implicitly provide a value for the "Path" key + * if it's not in the dictionary and we have it. + */ + if((attrFormat == CSSM_DB_ATTRIBUTE_FORMAT_STRING) && + !strcmp(key, "Path") && + (mUrlPath != NULL)) { + MDSRawValueToDbAttr(mUrlPath, + strlen(mUrlPath) + 1, + attrFormat, + key, + attr, + 1); // numValues + return true; + } + else { + return false; + } + } + CFTypeID valueType = CFGetTypeID(value); + + /* + * We have the value; could be any type. Handle it based on caller's + * CSSM_DB_ATTRIBUTE_FORMAT. + */ + switch(attrFormat) { + case CSSM_DB_ATTRIBUTE_FORMAT_STRING: + { + Boolean brtn; + + if(valueType != CFStringGetTypeID()) { + MPDebug("lookupToDbAttr: string format mismatch"); + break; + } + brtn = CFStringGetCString((CFStringRef)value, cstr, + CSSM_MODULE_STRING_SIZE, CFStringGetSystemEncoding()); + if(!brtn) { + /* this could be "string too large for a CSSM_STRING" */ + MPDebug("lookupToDbAttr: CFStringGetCString error"); + } + else { + srcPtr = cstr; + srcLen = strlen(cstr) + 1; + ourRtn = true; + } + break; + } + case CSSM_DB_ATTRIBUTE_FORMAT_UINT32: + { + bool brtn = MDSCfTypeToInt(value, nameValues, key, ival); + if(!brtn) { + MPDebug("MDS lookupToDbAttr: Bad number conversion"); + return false; + } + srcPtr = &ival; + srcLen = sizeof(uint32); + ourRtn = true; + break; + } + case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32: + { + /* + * This is expressed in the dictionary as an array of numbers. + * as in CSSM_DB_ATTRIBUTE_FORMAT_UINT32, each number can be + * expressed as either a string or a number. + */ + if(valueType != CFArrayGetTypeID()) { + /* + * Let's be extremely slick and allow one number here, either + * in string or number form.... + */ + bool brtn = MDSCfTypeToInt(value, nameValues, key, ival); + if(!brtn) { + MPDebug("MDS lookupToDbAttr: Bad array element"); + return false; + } + srcPtr = &ival; + srcLen = sizeof(uint32); + ourRtn = true; + break; + } + CFArrayRef cfArray = (CFArrayRef)value; + numValues = CFArrayGetCount(cfArray); + if(numValues == 0) { + /* degenerate case, legal - right? Can AppleDatabase do this? */ + srcPtr = NULL; + srcLen = 0; + ourRtn = true; + break; + } + + /* + * malloc an array of uint32s + * convert each element in cfArray to a uint32 + * store as CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32 + * + * Note this does not have to be endian independent; the MDS DBs + * are not portable across machines let alone platforms. + */ + ivalArray = new uint32[numValues]; + unsigned dex; + bool brtn; + for(dex=0; dexAttributeInfo; + const MDSNameValuePair **nameValues = relInfo->nameValues; + + assert(relInfo != NULL); + numAttrs = 0; + for(dex=0; dexNumberOfAttributes; dex++) { + bool brtn; + const MDSNameValuePair *nvp; + + /* the array itself, or any element in it, can be NULL */ + if(nameValues != NULL) { + nvp = nameValues[dex]; + } + else { + nvp = NULL; + } + brtn = lookupToDbAttr(inAttr->Label.AttributeName, + *outAttrs, + inAttr->AttributeFormat, + nvp); + if(brtn) { + /* successfully added to dbAttrs */ + outAttrs++; + numAttrs++; + } + inAttr++; // regardless + } +} + +/* + * Lookup with file-based indirection. Allows multiple mdsinfo files to share commmon + * info from a separate plist file. + * + * Do a lookup for specified key. If not found, return NULL. If found: + * { + * if type of value matches desiredType { + * return the value; + * } + * else if type of value is string { + * if string starts with "file:" { + * attempt to read property list with that filename relative to + * specified bundle; + * if CFType of that propList matches desiredType { + * return newly read propList; + * } + * } + * } + * ...else return error; + */ +const CFPropertyListRef MDSDictionary::lookupWithIndirect( + const char *key, + CFBundleRef bundle, + CFTypeID desiredType, + bool &fetchedFromDisk) // true --> caller must CFRelease the returned + // value + // false -> it's part of this dictionary +{ + CFPropertyListRef ourRtn = NULL; + CFDataRef dictData = NULL; + CFStringRef cfErr = NULL; + SInt32 uerr; + Boolean brtn; + + + assert(key != NULL); + assert(bundle != NULL); + + fetchedFromDisk = false; + + /* basic local lookup */ + CFStringRef cfKey = CFStringCreateWithCString(NULL, + key, + CFStringGetSystemEncoding()); + if(cfKey == NULL) { + MPDebug("CFStringCreateWithCString error"); + return NULL; + } + const void *rtn = CFDictionaryGetValue(mDict, cfKey); + CFRelease(cfKey); + if(rtn == NULL) { + return NULL; + } + CFTypeID foundType = CFGetTypeID((CFTypeRef)rtn); + if(foundType == desiredType) { + /* found what we're looking for; done */ + return (CFPropertyListRef)rtn; + } + + /* is it a string which starts with "file:"? */ + if(foundType != CFStringGetTypeID()) { + return NULL; + } + const char *cVal = MDSCFStringToCString((CFStringRef)rtn); + if(cVal == NULL) { + MPDebug("MDSCFStringToCString error in lookupWithIndirect"); + return NULL; + } + if(strstr(cVal, "file:") != cVal) { + delete [] cVal; + return NULL; + } + /* delete [] cval on return */ + + /* OK, this specifies a resource file in the bundle. Fetch it. */ + CFStringRef cfFileName = CFStringCreateWithCString(NULL, + cVal + 5, + CFStringGetSystemEncoding()); + if(cfFileName == NULL) { + MPDebug("lookupWithIndirect: bad file name spec"); + goto abort; + } + CFURLRef fileUrl; + fileUrl = CFBundleCopyResourceURL(bundle, + cfFileName, + NULL, + NULL); + if(fileUrl == NULL) { + MPDebug("lookupWithIndirect: file %s not found", cVal); + goto abort; + } + + MPDebug("Fetching indirect resource %s", cVal); + + /* Load data from URL */ + brtn = CFURLCreateDataAndPropertiesFromResource( + NULL, + fileUrl, + &dictData, + NULL, // properties + NULL, // desiredProperties + &uerr); + if(!brtn) { + MPDebug("lookupWithIndirect: error %d reading %s", (int)uerr, cVal); + goto abort; + } + + /* if it's not a property list, we don't want it */ + ourRtn = CFPropertyListCreateFromXMLData(NULL, + dictData, + kCFPropertyListImmutable, + &cfErr); + if(ourRtn == NULL) { + MPDebug("lookupWithIndirect: %s malformed (not a prop list)", cVal); + goto abort; + } + + /* if it doesn't match the caller's spec, we don't want it */ + if(CFGetTypeID(ourRtn) != desiredType) { + MPDebug("lookupWithIndirect: %s malformed (mismatch)", cVal); + CF_RELEASE(ourRtn); + ourRtn = NULL; + goto abort; + } + + MPDebug("lookupWithIndirect: resource %s FOUND", cVal); + fetchedFromDisk = true; + +abort: + delete [] cVal; + CF_RELEASE(cfFileName); + CF_RELEASE(fileUrl); + CF_RELEASE(dictData); + CF_RELEASE(cfErr); + return ourRtn; +} + +} // end namespace Security diff --git a/cdsa/mds/MDSDictionary.h b/cdsa/mds/MDSDictionary.h new file mode 100644 index 00000000..c881e242 --- /dev/null +++ b/cdsa/mds/MDSDictionary.h @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + File: MDSDictionary.h + + Contains: Internal representation of one MDS info file. + + Copyright: (c) 2001 Apple Computer, Inc., all rights reserved. +*/ + +#ifndef _MDS_DICTIONARY_H_ +#define _MDS_DICTIONARY_H_ 1 + +#include +#include +#include +#include + +namespace Security +{ + +class MDSDictionary +{ +public: + /* heavyweight constructor from file */ + MDSDictionary( + CFURLRef fileUrl, + const char *fullPath); + + /* lightweight constructor from existing CFDictionary */ + MDSDictionary( + CFDictionaryRef theDict); + + ~MDSDictionary(); + + /* + * Lookup by either C string or CFStringRef. Optionally checks for + * CFTypeID of resulting value. Both return NULL on error (either key not + * found or wrong CFTypeID). + */ + const void *lookup( + const char *key, + bool checkType = false, // since we really don't know if 0 is a valid type + CFTypeID type = 0); + const void *lookup( + CFStringRef key, + bool checkType = false, + CFTypeID type = 0); + + /* + * Common means to perform a lookup in a dictionary given a C-string key and + * placing the value - if present - in a CSSM_DB_ATTRIBUTE_DATA. Any errors + * are only logged via MPDebug. Returns true if the value was found and + * successfully placed in supplied CSSM_DB_ATTRIBUTE_DATA. + * + * For now we assume that the key in the dictionary is the same as the key + * in the DB to which we're writing. + * + * A MDSNameValuePair array may be specified to facilitate conversion of + * values which appears in the dictionary as strings but which are stored + * in the DB as integers. + * + * We're also assuming that all DB keys are of format + * CSSM_DB_ATTRIBUTE_NAME_AS_STRING. + */ + bool lookupToDbAttr( + const char *key, + CSSM_DB_ATTRIBUTE_DATA &attr, + CSSM_DB_ATTRIBUTE_FORMAT attrFormat, + const MDSNameValuePair *nameValues = NULL); + + /* + * Given a RelationInfo and an array of CSSM_DB_ATTRIBUTE_DATAs, fill in + * the CSSM_DB_ATTRIBUTE_DATA array with as many fields as we can find in + * the dictionary. All fields are treated as optional. + */ + void lookupAttributes( + const RelationInfo *relInfo, + CSSM_DB_ATTRIBUTE_DATA_PTR outAttrs, // filled in on return + uint32 &numAttrs); // RETURNED + + CFDictionaryRef dict() { return mDict; } + const char *urlPath() { return mUrlPath; } + const char *fileDesc() { return mFileDesc; } + + /* + * Lookup with file-based indirection. Allows multiple mdsinfo file to share + * commmon info from a separate plist file. + */ + const CFPropertyListRef lookupWithIndirect( + const char *key, + CFBundleRef bundle, + CFTypeID desiredType, + bool &fetchedFromDisk); // true --> caller must CFRelease the returned + // value + // false -> it's part of this dictionary +private: + CFDictionaryRef mDict; + bool mWeOwnDict; + char *mUrlPath; + char *mFileDesc; +}; + +} // end namespace Security + +#endif /* _MDS_DICTIONARY_H_ */ diff --git a/cdsa/mds/MDSModule.cpp b/cdsa/mds/MDSModule.cpp index 374322f6..81c92dfa 100644 --- a/cdsa/mds/MDSModule.cpp +++ b/cdsa/mds/MDSModule.cpp @@ -21,18 +21,35 @@ #include #include +namespace Security +{ + ModuleNexus MDSModule::mModuleNexus; // Names and IDs of tables used in the MDS databases #define TABLE(t) { t, #t } +/* + * For now, to allow compatibility with AppleFileDL, we use the same record IDs + * it uses when constructing an AppleDatabaseManager. See Radar 2817921 for details. + * The fix requires that AppleDatabase be able to fetch its meta-table relationIDs + * from an existing DB at DbOpen time; I'm not sure that's possible. + */ +#define USE_FILE_DL_TABLES 1 + static const AppleDatabaseTableName kTableNames[] = { // the meta-tables. the parsing module is not used by MDS, but is required // by the implementation of the database + #if USE_FILE_DL_TABLES + TABLE(CSSM_DL_DB_SCHEMA_INFO), + TABLE(CSSM_DL_DB_SCHEMA_ATTRIBUTES), + TABLE(CSSM_DL_DB_SCHEMA_INDEXES), + #else TABLE(MDS_CDSADIR_MDS_SCHEMA_RELATIONS), TABLE(MDS_CDSADIR_MDS_SCHEMA_ATTRIBUTES), TABLE(MDS_CDSADIR_MDS_SCHEMA_INDEXES), + #endif TABLE(CSSM_DL_DB_SCHEMA_PARSING_MODULE), // the MDS-specific tables @@ -67,10 +84,43 @@ MDSModule::get () } MDSModule::MDSModule () - : mDatabaseManager(kTableNames) + : mDatabaseManager(kTableNames), + mLastScanTime((time_t)0) { + mDbPath[0] = '\0'; } +/* + * Called upon unload or process death by CleanModuleNexus. + */ MDSModule::~MDSModule () { + /* TBD - close all DBs */ +} + +void MDSModule::lastScanIsNow() +{ + mLastScanTime = Time::now(); } + +double MDSModule::timeSinceLastScan() +{ + Time::Interval delta = Time::now() - mLastScanTime; + return delta.seconds(); +} + +void MDSModule::getDbPath( + char *path) +{ + StLock _(mDbPathLock); + strcpy(path, mDbPath); +} + +void MDSModule::setDbPath(const char *path) +{ + StLock _(mDbPathLock); + assert(strlen(path) <= MAXPATHLEN); + strcpy(mDbPath, path); +} + +} // end namespace Security diff --git a/cdsa/mds/MDSModule.h b/cdsa/mds/MDSModule.h index e70cab58..9c592002 100644 --- a/cdsa/mds/MDSModule.h +++ b/cdsa/mds/MDSModule.h @@ -21,6 +21,12 @@ #include #include +#include +#include +#include + +namespace Security +{ class MDSModule { @@ -30,12 +36,27 @@ public: MDSModule (); ~MDSModule (); - DatabaseManager &databaseManager () { return mDatabaseManager; } - + DatabaseManager &databaseManager () { return mDatabaseManager; } + void lastScanIsNow(); + double timeSinceLastScan(); + void getDbPath(char *path); + void setDbPath(const char *path); + private: static ModuleNexus mModuleNexus; - AppleDatabaseManager mDatabaseManager; + AppleDatabaseManager mDatabaseManager; + + /* + * Manipulated by MDSSession objects when they hold the system-wide per-user + * MDS file lock. mDbPath readable any time; it's protected process-wide + * by mDbPathLock. + */ + char mDbPath[MAXPATHLEN + 1]; + Time::Absolute mLastScanTime; + Mutex mDbPathLock; }; +} // end namespace Security + #endif // _MDSMODULE_H_ diff --git a/cdsa/mds/MDSSchema.cpp b/cdsa/mds/MDSSchema.cpp index 98f2c458..104fb619 100644 --- a/cdsa/mds/MDSSchema.cpp +++ b/cdsa/mds/MDSSchema.cpp @@ -25,90 +25,799 @@ #include "MDSSchema.h" #include +#include + +namespace Security +{ + +/* + * There appears to be a bug in AppleDatabase which prevents our assigning + * schema to the meta-tables. + */ +#define DEFINE_META_TABLES 0 + +/* indicates "no MDSNameValuePair table" in a RELATION_INFO declaration. */ +#define NO_NVP NULL // // Schema for the lone table in the Object Directory Database. // - -static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO kAttributesObjectRelation[] = { - SCHEMA_ATTRIBUTE(0, ModuleId, STRING), - SCHEMA_ATTRIBUTE(1, Manifest, BLOB), - SCHEMA_ATTRIBUTE(2, ModuleName, STRING), - SCHEMA_ATTRIBUTE(3, Path, STRING), - SCHEMA_ATTRIBUTE(4, ProductVersion, STRING) +static const CSSM_DB_ATTRIBUTE_INFO objectAttrs[] = { + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(Path, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + + /* not in the CDSA spec; denotes a plugin which is statically linked to CSSM */ + DB_ATTRIBUTE(BuiltIn, UINT32), }; -static const CSSM_DB_SCHEMA_INDEX_INFO kIndexObjectRelation[] = { - UNIQUE_INDEX_ATTRIBUTE(0) +static const CSSM_DB_INDEX_INFO objectIndex[] = { + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING) }; const RelationInfo kObjectRelation = - RELATION_INFO(MDS_OBJECT_RECORDTYPE, kAttributesObjectRelation, kIndexObjectRelation); + RELATION_INFO(MDS_OBJECT_RECORDTYPE, + objectAttrs, + NO_NVP, // no symbolic names + objectIndex); // // Schema for the various tables in the CDSA Directory Database. // // CSSM Relation. +static const CSSM_DB_ATTRIBUTE_INFO cssmAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(CDSAVersion, STRING), + DB_ATTRIBUTE(Vendor, STRING), + DB_ATTRIBUTE(Desc, STRING), + DB_ATTRIBUTE(NativeServices, UINT32), +}; -static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO kAttributesCSSMRelation[] = +static const MDSNameValuePair *cssmNvp[] = { + NULL, NULL, NULL, NULL, + MDSServiceNames +}; + +static const CSSM_DB_INDEX_INFO cssmIndex[] = { - SCHEMA_ATTRIBUTE(0, ModuleID, STRING), - SCHEMA_ATTRIBUTE(1, CDSAVersion, STRING), - SCHEMA_ATTRIBUTE(2, Vendor, STRING), - SCHEMA_ATTRIBUTE(3, Desc, STRING), - SCHEMA_ATTRIBUTE(4, NativeServices, UINT32) + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING) }; -static const CSSM_DB_SCHEMA_INDEX_INFO kIndexCSSMRelation[] = +// KRMM Relation. +static const CSSM_DB_ATTRIBUTE_INFO krmmAttrs[] = { - UNIQUE_INDEX_ATTRIBUTE(0) + DB_ATTRIBUTE(CSSMGuid, STRING), + DB_ATTRIBUTE(PolicyType, UINT32), + DB_ATTRIBUTE(PolicyName, STRING), + DB_ATTRIBUTE(PolicyPath, STRING), + DB_ATTRIBUTE(PolicyInfo, BLOB), + DB_ATTRIBUTE(PolicyManifest, BLOB), + /* + * This attribute is not defined in the CDSA spec. It's only here, in the schema, + * to avoid throwing exceptions when searching a DB for any records associated + * with a specified GUID - in all other schemas, a guid is specified as a + * ModuleID. + */ + DB_ATTRIBUTE(ModuleID, STRING), }; -const RelationInfo kCSSMRelation = - RELATION_INFO(MDS_CDSADIR_CSSM_RECORDTYPE, kAttributesCSSMRelation, kIndexCSSMRelation); +static const MDSNameValuePair *krmmNvp[] = { + NULL, MDSKrPolicyTypeNames, NULL, NULL, + NULL, NULL, +}; -// KRMM Relation. - -static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO kAttributesKRMMRelation[] = +static const CSSM_DB_INDEX_INFO krmmIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(CSSMGuid, STRING), + UNIQUE_INDEX_ATTRIBUTE(PolicyType, UINT32) +}; + +// EMM Relation. +static const CSSM_DB_ATTRIBUTE_INFO emmAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(Path, STRING), + DB_ATTRIBUTE(CDSAVersion, STRING), + DB_ATTRIBUTE(EMMSpecVersion, STRING), + DB_ATTRIBUTE(Desc, STRING), + DB_ATTRIBUTE(PolicyStmt, BLOB), + DB_ATTRIBUTE(EmmVersion, STRING), + DB_ATTRIBUTE(EmmVendor, STRING), + DB_ATTRIBUTE(EmmType, UINT32), // does this need a name/value table? +}; + +static const CSSM_DB_INDEX_INFO emmIndex[] = { - SCHEMA_ATTRIBUTE(0, CSSMGuid, STRING), - SCHEMA_ATTRIBUTE(1, PolicyType, UINT32), - SCHEMA_ATTRIBUTE(2, PolicyName, STRING), - SCHEMA_ATTRIBUTE(3, PolicyPath, STRING), - SCHEMA_ATTRIBUTE(4, PolicyInfo, BLOB), - SCHEMA_ATTRIBUTE(5, PolicyManifest, BLOB) + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING) }; -static const CSSM_DB_SCHEMA_INDEX_INFO kIndexKRMMRelation[] = +// Primary EMM Service Provider Relation. +static const CSSM_DB_ATTRIBUTE_INFO emmPrimaryAttrs[] = { - UNIQUE_INDEX_ATTRIBUTE(0), - UNIQUE_INDEX_ATTRIBUTE(1) + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(ServiceType, UINT32), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(Vendor, STRING), + DB_ATTRIBUTE(SampleTypes, MULTI_UINT32), + DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32), + DB_ATTRIBUTE(AuthTags, MULTI_UINT32), + DB_ATTRIBUTE(EmmSpecVersion, STRING), }; -const RelationInfo kKRMMRelation = - RELATION_INFO(MDS_CDSADIR_KRMM_RECORDTYPE, kAttributesKRMMRelation, kIndexKRMMRelation); +static const MDSNameValuePair *emmPrimaryNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, MDSSampleTypeNames, + MDSAclSubjectTypeNames, + MDSAclAuthTagNames, + NULL +}; + +static const CSSM_DB_INDEX_INFO emmPrimaryIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32), + UNIQUE_INDEX_ATTRIBUTE(ServiceType, UINT32) +}; // Common Relation. +static const CSSM_DB_ATTRIBUTE_INFO commonAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(Path, STRING), + DB_ATTRIBUTE(CDSAVersion, STRING), + DB_ATTRIBUTE(Desc, STRING), + DB_ATTRIBUTE(DynamicFlag, UINT32), + DB_ATTRIBUTE(MultiThreadFlag, UINT32), + DB_ATTRIBUTE(ServiceMask, UINT32), +}; + +static const MDSNameValuePair *commonNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + MDSServiceNames +}; + +static const CSSM_DB_INDEX_INFO commonIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING) +}; + +// CSP Primary Relation. +static const CSSM_DB_ATTRIBUTE_INFO cspPrimaryAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(Vendor, STRING), + DB_ATTRIBUTE(CspType, UINT32), + DB_ATTRIBUTE(CspFlags, UINT32), + DB_ATTRIBUTE(CspCustomFlags, UINT32), + DB_ATTRIBUTE(UseeTags, MULTI_UINT32), + DB_ATTRIBUTE(SampleTypes, MULTI_UINT32), + DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32), + DB_ATTRIBUTE(AuthTags, MULTI_UINT32), +}; + +static const MDSNameValuePair *cspPrimaryNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, + MDSCspTypeNames, + MDSCspFlagsNames, + NULL, + MDSUseeTagsNames, + MDSSampleTypeNames, + MDSAclSubjectTypeNames, + MDSAclAuthTagNames +}; + +static const CSSM_DB_INDEX_INFO cspPrimaryIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; + +// CSP Capabilities Relation. +static const CSSM_DB_ATTRIBUTE_INFO cspCapabilitiesAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(UseeTag, UINT32), + DB_ATTRIBUTE(ContextType, UINT32), + DB_ATTRIBUTE(AlgType, UINT32), + DB_ATTRIBUTE(GroupId, UINT32), + DB_ATTRIBUTE(AttributeType, UINT32), + DB_ATTRIBUTE(AttributeValue, MULTI_UINT32), + DB_ATTRIBUTE(Description, STRING), +}; +static const MDSNameValuePair *cspCapabilitiesNvp[] = { + NULL, + NULL, + MDSUseeTagsNames, + MDSContextTypeNames, + MDSAlgorithmNames, + NULL, + MDSAttributeTypeNames, + NULL, + NULL +}; + +static const CSSM_DB_INDEX_INFO cspCapabilitiesIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32), + UNIQUE_INDEX_ATTRIBUTE(UseeTag, UINT32), + UNIQUE_INDEX_ATTRIBUTE(ContextType, UINT32), + UNIQUE_INDEX_ATTRIBUTE(AlgType, UINT32), + UNIQUE_INDEX_ATTRIBUTE(GroupId, UINT32), + UNIQUE_INDEX_ATTRIBUTE(AttributeType, STRING) +}; + +// special case "subschema" for parsing CSPCapabilities. These arrays correspond +// dictionaries within a CSPCapabilities info file; they are not part of +// our DB's schema. They are declared only to streamline the +// MDSAttrParser::parseCspCapabilitiesRecord function. No index info is needed. + +// top-level info, applied to the dictionary for the whole file. +static const CSSM_DB_ATTRIBUTE_INFO kAttributesCSPCapabilitiesDict1[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), +}; +const RelationInfo CSPCapabilitiesDict1RelInfo = + RELATION_INFO( + MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, // actually a don't care + kAttributesCSPCapabilitiesDict1, + NULL, // no NVP needed + NULL); // no index + +// "Capabilities" is an array of dictionaries of these +static const CSSM_DB_ATTRIBUTE_INFO kAttributesCSPCapabilitiesDict2[] = +{ + DB_ATTRIBUTE(AlgType, UINT32), + DB_ATTRIBUTE(ContextType, UINT32), + DB_ATTRIBUTE(UseeTag, UINT32), + DB_ATTRIBUTE(Description, STRING), +}; +static const MDSNameValuePair *CSPCapabilitiesDict2Nvp[] = { + MDSAlgorithmNames, + MDSContextTypeNames, + MDSUseeTagsNames, + NULL +}; +const RelationInfo CSPCapabilitiesDict2RelInfo = + RELATION_INFO( + MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, // actually a don't care + kAttributesCSPCapabilitiesDict2, + CSPCapabilitiesDict2Nvp, + NULL); // no index + +// Within a Capabilities array, the Attributes array is an array of +// Dictionaries of these. +static const CSSM_DB_ATTRIBUTE_INFO kAttributesCSPCapabilitiesDict3[] = +{ + DB_ATTRIBUTE(AttributeType, UINT32), + DB_ATTRIBUTE(AttributeValue, MULTI_UINT32), +}; +static const MDSNameValuePair *CSPCapabilitiesDict3Nvp[] = { + MDSAttributeTypeNames, + NULL +}; +const RelationInfo CSPCapabilitiesDict3RelInfo = + RELATION_INFO( + MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, // actually a don't care + kAttributesCSPCapabilitiesDict3, + CSPCapabilitiesDict3Nvp, + NULL); + + + +// CSP Encapsulated Products Relation. +static const CSSM_DB_ATTRIBUTE_INFO cspEncapsulatedAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(ProductDesc, STRING), + DB_ATTRIBUTE(ProductVendor, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(ProductFlags, UINT32), + DB_ATTRIBUTE(CustomFlags, UINT32), + DB_ATTRIBUTE(StandardDesc, STRING), + DB_ATTRIBUTE(StandardVersion, STRING), + DB_ATTRIBUTE(ReaderDesc, STRING), + DB_ATTRIBUTE(ReaderVendor, STRING), + DB_ATTRIBUTE(ReaderVersion, STRING), + DB_ATTRIBUTE(ReaderFirmwareVersion, STRING), + DB_ATTRIBUTE(ReaderFlags, UINT32), + DB_ATTRIBUTE(ReaderCustomFlags, UINT32), + DB_ATTRIBUTE(ReaderSerialNumber, STRING), +}; + +static const MDSNameValuePair *cspEncapsulatedNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, MDSCspReaderFlagsNames, NULL, NULL +}; + +static const CSSM_DB_INDEX_INFO cspEncapsulatedIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; + +// CSP Smartcardinfo Relation. +static const CSSM_DB_ATTRIBUTE_INFO cspSmartCardAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(ScDesc, STRING), + DB_ATTRIBUTE(ScVendor, STRING), + DB_ATTRIBUTE(ScVersion, STRING), + DB_ATTRIBUTE(ScFirmwareVersion, STRING), + DB_ATTRIBUTE(ScFlags, UINT32), + DB_ATTRIBUTE(ScCustomFlags, UINT32), + DB_ATTRIBUTE(ScSerialNumber, STRING), +}; +static const MDSNameValuePair *cspSmartCardNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, MDSCspScFlagsNames, NULL, + NULL, +}; + +static const CSSM_DB_INDEX_INFO cspSmartCardIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32), + UNIQUE_INDEX_ATTRIBUTE(ScDesc, STRING), + UNIQUE_INDEX_ATTRIBUTE(ScVendor, STRING), + UNIQUE_INDEX_ATTRIBUTE(ScVersion, STRING), + UNIQUE_INDEX_ATTRIBUTE(ScFirmwareVersion, STRING), + UNIQUE_INDEX_ATTRIBUTE(ScFlags, UINT32) +}; + +// DL Primary Relation. +static const CSSM_DB_ATTRIBUTE_INFO dlPrimaryAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(Vendor, STRING), + DB_ATTRIBUTE(DLType, UINT32), + DB_ATTRIBUTE(QueryLimitsFlag, UINT32), // a completely bogus attr; see spec + DB_ATTRIBUTE(SampleTypes, MULTI_UINT32), + DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32), + DB_ATTRIBUTE(AuthTags, MULTI_UINT32), + DB_ATTRIBUTE(ConjunctiveOps, MULTI_UINT32), + DB_ATTRIBUTE(RelationalOps, MULTI_UINT32), +}; +static const MDSNameValuePair *dlPrimaryNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, MDSDlTypeNames, NULL, + MDSSampleTypeNames, + MDSAclSubjectTypeNames, + MDSAclAuthTagNames, + MDSDbConjunctiveNames, + MDSDbOperatorNames +}; +static const CSSM_DB_INDEX_INFO dlPrimaryIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; + +// DL Encapsulated Products Relation. +static const CSSM_DB_ATTRIBUTE_INFO dlEncapsulatedAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(ProductDesc, STRING), + DB_ATTRIBUTE(ProductVendor, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(ProductFlags, UINT32), + DB_ATTRIBUTE(StandardDesc, STRING), + DB_ATTRIBUTE(StandardVersion, STRING), + DB_ATTRIBUTE(Protocol, UINT32), + DB_ATTRIBUTE(RetrievalMode, UINT32), +}; + +static const MDSNameValuePair *dlEncapsulatedNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + MDSNetProtocolNames, + MDSDbRetrievalModeNames +}; + +static const CSSM_DB_INDEX_INFO dlEncapsulatedIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; + +// CL Primary Relation. +static const CSSM_DB_ATTRIBUTE_INFO clPrimaryAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(Vendor, STRING), + DB_ATTRIBUTE(CertTypeFormat, UINT32), + DB_ATTRIBUTE(CrlTypeFormat, UINT32), + DB_ATTRIBUTE(CertFieldNames, BLOB), + DB_ATTRIBUTE(BundleTypeFormat, MULTI_UINT32), + DB_ATTRIBUTE(XlationTypeFormat, MULTI_UINT32), + DB_ATTRIBUTE(TemplateFieldNames, BLOB), +}; + +static const MDSNameValuePair *clPrimaryNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, MDSCertTypeNames, MDSCrlTypeNames, + NULL, + MDSCertBundleTypeNames, + MDSCertTypeNames, // translation type - same as cert type - right? + NULL +}; + +static const CSSM_DB_INDEX_INFO clPrimaryIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; + +// CL Encapsulated Products Relation. +static const CSSM_DB_ATTRIBUTE_INFO clEncapsulatedAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(ProductDesc, STRING), + DB_ATTRIBUTE(ProductVendor, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(ProductFlags, UINT32), + DB_ATTRIBUTE(StandardDesc, STRING), + DB_ATTRIBUTE(StandardVersion, STRING), +}; + +static const CSSM_DB_INDEX_INFO clEncapsulatedIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; -static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO kAttributesCommonRelation[] = +// TP Primary Relation. +static const CSSM_DB_ATTRIBUTE_INFO tpPrimaryAttrs[] = { - SCHEMA_ATTRIBUTE(0, ModuleID, STRING), - SCHEMA_ATTRIBUTE(1, Manifest, BLOB), - SCHEMA_ATTRIBUTE(2, ModuleName, STRING), - SCHEMA_ATTRIBUTE(3, Path, STRING), - SCHEMA_ATTRIBUTE(4, CDSAVersion, STRING), - SCHEMA_ATTRIBUTE(5, Desc, STRING), - SCHEMA_ATTRIBUTE(6, DynamicFlag, UINT32), - SCHEMA_ATTRIBUTE(7, MultiThreadFlag, UINT32), - SCHEMA_ATTRIBUTE(8, ServiceMask, UINT32) + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(Vendor, STRING), + DB_ATTRIBUTE(CertTypeFormat, UINT32), + DB_ATTRIBUTE(SampleTypes, MULTI_UINT32), + DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32), + DB_ATTRIBUTE(AuthTags, MULTI_UINT32), }; -static const CSSM_DB_SCHEMA_INDEX_INFO kIndexCommonRelation[] = +static const MDSNameValuePair *tpPrimaryNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, + MDSCertTypeNames, + MDSSampleTypeNames, + MDSAclSubjectTypeNames, + MDSAclAuthTagNames, +}; + +static const CSSM_DB_INDEX_INFO tpPrimaryIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; + +// TP Policy-OIDs Relation. +static const CSSM_DB_ATTRIBUTE_INFO tpPolicyOidsAttrs[] = { - UNIQUE_INDEX_ATTRIBUTE(0) + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(OID, BLOB), + DB_ATTRIBUTE(Value, BLOB), }; -const RelationInfo kCommonRelation = - RELATION_INFO(MDS_CDSADIR_COMMON_RECORDTYPE, kAttributesCommonRelation, kIndexCommonRelation); +static const CSSM_DB_INDEX_INFO tpPolicyOidsIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32), + UNIQUE_INDEX_ATTRIBUTE(OID, BLOB) +}; + +// special case "subschema" for parsing tpPolicyOidsAttrs. These arrays correspond +// dictionaries within a tpPolicyOidsAttrs info file; they are not part of +// our DB's schema. They are declared only to streamline the +// MDSAttrParser::parseTpPolicyOidsRecord function. No index info is needed. + +// top-level info, applied to the dictionary for the whole file. +static const CSSM_DB_ATTRIBUTE_INFO tpPolicyOidsDict1[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), +}; +const RelationInfo TpPolicyOidsDict1RelInfo = + RELATION_INFO( + MDS_CDSADIR_TP_OIDS_RECORDTYPE, // actually a don't care + tpPolicyOidsDict1, + NULL, // no NVP needed + NULL); // no index + +// One element of the "Policies" array maps to one of these. +static const CSSM_DB_ATTRIBUTE_INFO tpPolicyOidsDict2[] = +{ + DB_ATTRIBUTE(OID, BLOB), + DB_ATTRIBUTE(Value, BLOB), +}; +const RelationInfo TpPolicyOidsDict2RelInfo = + RELATION_INFO( + MDS_CDSADIR_TP_OIDS_RECORDTYPE, // actually a don't care + tpPolicyOidsDict2, + NULL, // no NVP needed + NULL); // no index + +// TP Encapsulated Products Relation. +static const CSSM_DB_ATTRIBUTE_INFO tpEncapsulatedAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(ProductDesc, STRING), + DB_ATTRIBUTE(ProductVendor, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(ProductFlags, UINT32), // vendor-specific, right? + DB_ATTRIBUTE(AuthorityRequestType, MULTI_UINT32), + DB_ATTRIBUTE(StandardDesc, STRING), + DB_ATTRIBUTE(StandardVersion, STRING), + DB_ATTRIBUTE(ProtocolDesc, STRING), + DB_ATTRIBUTE(ProtocolFlags, UINT32), + DB_ATTRIBUTE(CertClassName, STRING), + DB_ATTRIBUTE(RootCertificate, BLOB), + DB_ATTRIBUTE(RootCertTypeFormat, UINT32), +}; +static const MDSNameValuePair *tpEncapsulatedNvp[] = { + NULL, NULL, NULL, NULL, + NULL, NULL, MDSTpAuthRequestNames, NULL, + NULL, NULL, NULL, NULL, + NULL, MDSCertTypeNames +}; + +static const CSSM_DB_INDEX_INFO tpEncapsulatedIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; + +#if DEFINE_META_TABLES +// MDS Schema Relations (meta) Relation. +static const CSSM_DB_ATTRIBUTE_INFO mdsSchemaRelationsAttrs[] = +{ + DB_ATTRIBUTE(RelationID, UINT32), + DB_ATTRIBUTE(RelationName, STRING), +}; + +static const CSSM_DB_INDEX_INFO mdsSchemaRelationsIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(RelationID, UINT32), +}; + +// MDS Schema Attributes (meta) Relation. +static const CSSM_DB_ATTRIBUTE_INFO mdsSchemaAttributesAttrs[] = +{ + DB_ATTRIBUTE(RelationID, UINT32), + DB_ATTRIBUTE(AttributeID, UINT32), + DB_ATTRIBUTE(AttributeNameFormat, UINT32), + DB_ATTRIBUTE(AttributeName, STRING), + DB_ATTRIBUTE(AttributeNameID, BLOB), + DB_ATTRIBUTE(AttributeFormat, UINT32), +}; + +static const CSSM_DB_INDEX_INFO mdsSchemaAttributesIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(RelationID, UINT32), + UNIQUE_INDEX_ATTRIBUTE(AttributeID, UINT32) +}; + +// MDS Schema Indexes (meta) Relation. +static const CSSM_DB_ATTRIBUTE_INFO mdsSchemaIndexesAttrs[] = +{ + DB_ATTRIBUTE(RelationID, UINT32), + DB_ATTRIBUTE(IndexID, UINT32), + DB_ATTRIBUTE(AttributeID, UINT32), + DB_ATTRIBUTE(IndexType, UINT32), + DB_ATTRIBUTE(IndexedDataLocation, UINT32), +}; + +static const CSSM_DB_INDEX_INFO mdsSchemaIndexesIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(RelationID, UINT32), + UNIQUE_INDEX_ATTRIBUTE(IndexID, UINT32) +}; + +#endif /* DEFINE_META_TABLES */ + +// AC Primary Relation. +static const CSSM_DB_ATTRIBUTE_INFO acPrimaryAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(ProductVersion, STRING), + DB_ATTRIBUTE(Vendor, STRING), +}; + +static const CSSM_DB_INDEX_INFO acPrimaryIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; + +// KR Primary Relation. +static const CSSM_DB_ATTRIBUTE_INFO krPrimaryAttrs[] = +{ + DB_ATTRIBUTE(ModuleID, STRING), + DB_ATTRIBUTE(SSID, UINT32), + DB_ATTRIBUTE(Manifest, BLOB), + DB_ATTRIBUTE(ModuleName, STRING), + DB_ATTRIBUTE(CompatCSSMVersion, STRING), + DB_ATTRIBUTE(Version, STRING), + DB_ATTRIBUTE(Vendor, STRING), + DB_ATTRIBUTE(Description, STRING), + DB_ATTRIBUTE(ConfigFileLocation, STRING), +}; + +static const CSSM_DB_INDEX_INFO krPrimaryIndex[] = +{ + UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), + UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) +}; + +// list of all built-in schema for the CDSA Directory DB. +const RelationInfo kMDSRelationInfo[] = +{ + RELATION_INFO(MDS_CDSADIR_CSSM_RECORDTYPE, + cssmAttrs, + cssmNvp, + cssmIndex), + RELATION_INFO(MDS_CDSADIR_KRMM_RECORDTYPE, + krmmAttrs, + krmmNvp, + krmmIndex), + RELATION_INFO(MDS_CDSADIR_EMM_RECORDTYPE, + emmAttrs, + NO_NVP, // FIXME - what is the uint32 EmmType here? + emmIndex), + RELATION_INFO(MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE, + emmPrimaryAttrs, + emmPrimaryNvp, + emmPrimaryIndex), + RELATION_INFO(MDS_CDSADIR_COMMON_RECORDTYPE, + commonAttrs, + commonNvp, + commonIndex), + RELATION_INFO(MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE, + cspPrimaryAttrs, + cspPrimaryNvp, + cspPrimaryIndex), + RELATION_INFO(MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, + cspCapabilitiesAttrs, + cspCapabilitiesNvp, + cspCapabilitiesIndex), + RELATION_INFO(MDS_CDSADIR_CSP_ENCAPSULATED_PRODUCT_RECORDTYPE, + cspEncapsulatedAttrs, + cspEncapsulatedNvp, + cspEncapsulatedIndex), + RELATION_INFO(MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE, + cspSmartCardAttrs, + cspSmartCardNvp, + cspSmartCardIndex), + RELATION_INFO(MDS_CDSADIR_DL_PRIMARY_RECORDTYPE, + dlPrimaryAttrs, + dlPrimaryNvp, + dlPrimaryIndex), + RELATION_INFO(MDS_CDSADIR_DL_ENCAPSULATED_PRODUCT_RECORDTYPE, + dlEncapsulatedAttrs, + dlEncapsulatedNvp, + dlEncapsulatedIndex), + RELATION_INFO(MDS_CDSADIR_CL_PRIMARY_RECORDTYPE, + clPrimaryAttrs, + clPrimaryNvp, + clPrimaryIndex), + RELATION_INFO(MDS_CDSADIR_CL_ENCAPSULATED_PRODUCT_RECORDTYPE, + clEncapsulatedAttrs, + NO_NVP, // none needed + clEncapsulatedIndex), + RELATION_INFO(MDS_CDSADIR_TP_PRIMARY_RECORDTYPE, + tpPrimaryAttrs, + tpPrimaryNvp, + tpPrimaryIndex), + RELATION_INFO(MDS_CDSADIR_TP_OIDS_RECORDTYPE, + tpPolicyOidsAttrs, + NO_NVP, // none needed + tpPolicyOidsIndex), + RELATION_INFO(MDS_CDSADIR_TP_ENCAPSULATED_PRODUCT_RECORDTYPE, + tpEncapsulatedAttrs, + tpEncapsulatedNvp, + tpEncapsulatedIndex), + #if DEFINE_META_TABLES + RELATION_INFO(MDS_CDSADIR_MDS_SCHEMA_RELATIONS, + mdsSchemaRelationsAttrs, + NO_NVP, + mdsSchemaRelationsIndex), + RELATION_INFO(MDS_CDSADIR_MDS_SCHEMA_ATTRIBUTES, + mdsSchemaAttributesAttrs, + NO_NVP, + mdsSchemaAttributesIndex), + RELATION_INFO(MDS_CDSADIR_MDS_SCHEMA_INDEXES, + mdsSchemaIndexesAttrs, + NO_NVP, + mdsSchemaIndexesIndex), + #endif /* DEFINE_META_TABLES */ + RELATION_INFO(MDS_CDSADIR_AC_PRIMARY_RECORDTYPE, + acPrimaryAttrs, + NO_NVP, // none needed + acPrimaryIndex), + RELATION_INFO(MDS_CDSADIR_KR_PRIMARY_RECORDTYPE, + krPrimaryAttrs, + NO_NVP, // none needed + krPrimaryIndex) +}; + +const unsigned kNumMdsRelations = sizeof(kMDSRelationInfo) / sizeof(RelationInfo); + +// Map a CSSM_DB_RECORDTYPE to a RelationInfo *. +extern const RelationInfo *MDSRecordTypeToRelation( + CSSM_DB_RECORDTYPE recordType) +{ + const RelationInfo *relInfo = kMDSRelationInfo; + unsigned dex; + + for(dex=0; dexDataRecordType == recordType) { + return relInfo; + } + relInfo++; + } + if(recordType == MDS_OBJECT_RECORDTYPE) { + return &kObjectRelation; + } + return NULL; +} + +// same as above, based on record type as string. +extern const RelationInfo *MDSRecordTypeNameToRelation( + const char *recordTypeName) +{ + const RelationInfo *relInfo = kMDSRelationInfo; + unsigned dex; + + for(dex=0; dexrelationName)) { + return relInfo; + } + relInfo++; + } + return NULL; +} +} // end namespace Security diff --git a/cdsa/mds/MDSSchema.h b/cdsa/mds/MDSSchema.h index e8c1fff8..1ec88964 100644 --- a/cdsa/mds/MDSSchema.h +++ b/cdsa/mds/MDSSchema.h @@ -27,40 +27,81 @@ #define _MDSSCHEMA_H #include +#include -// Structure used to store information which is needed to create -// a relation with indexes. +namespace Security +{ +// Structure used to store information which is needed to create +// a relation with indexes. The info in one of these structs maps to one +// record type in a CSSM_DBINFO - both record attribute info and index info. +// The nameValues field refers to an array of MDSNameValuePair array pointers +// which are used to convert attribute values from strings to uint32s via +// MDS_StringToUint32. The nameValues array is parallel to the AttributeInfo +// array. struct RelationInfo { - CSSM_DB_RECORDTYPE relationId; + CSSM_DB_RECORDTYPE DataRecordType; const char *relationName; - uint32 numAttributes; - const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *attributes; - uint32 numIndexes; - const CSSM_DB_SCHEMA_INDEX_INFO *indexes; + uint32 NumberOfAttributes; + const CSSM_DB_ATTRIBUTE_INFO *AttributeInfo; + const MDSNameValuePair **nameValues; + uint32 NumberOfIndexes; + const CSSM_DB_INDEX_INFO *IndexInfo; }; // Macros used to simplify declarations of attributes and indexes. -#define SCHEMA_ATTRIBUTE(id, name, type) \ - { id, #name, { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_ ## type } - -#define UNIQUE_INDEX_ATTRIBUTE(attributeId) \ - { attributeId, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE } +// declare a CSSM_DB_ATTRIBUTE_INFO +#define DB_ATTRIBUTE(name, type) \ + { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \ + {#name}, \ + CSSM_DB_ATTRIBUTE_FORMAT_ ## type \ + } -#define RELATION_INFO(relationId, attributes, indexes) \ +// declare a CSSM_DB_INDEX_INFO +#define UNIQUE_INDEX_ATTRIBUTE(name, type) \ + { CSSM_DB_INDEX_UNIQUE, \ + CSSM_DB_INDEX_ON_ATTRIBUTE, \ + { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \ + {#name}, \ + CSSM_DB_ATTRIBUTE_FORMAT_ ## type \ + } \ + } + +// declare a RelationInfo +#define RELATION_INFO(relationId, attributes, nameValues, indexes) \ { relationId, \ #relationId, \ - sizeof(attributes) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO), \ + sizeof(attributes) / sizeof(CSSM_DB_ATTRIBUTE_INFO), \ attributes, \ - sizeof(indexes) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO), \ + nameValues, \ + sizeof(indexes) / sizeof(CSSM_DB_INDEX_INFO), \ indexes } -// Declarations of schema for MDS relations. - +// Object directory DB - one built-in schema. extern const RelationInfo kObjectRelation; -extern const RelationInfo kCSSMRelation; -extern const RelationInfo kKRMMRelation; -extern const RelationInfo kCommonRelation; + +// list of all built-in schema for the CDSA Directory DB. +extern const RelationInfo kMDSRelationInfo[]; +extern const unsigned kNumMdsRelations; // size of kMDSRelationInfo[] + +// special case "subschema" for parsing CSPCapabilities. +extern const RelationInfo CSPCapabilitiesDict1RelInfo; +extern const RelationInfo CSPCapabilitiesDict2RelInfo; +extern const RelationInfo CSPCapabilitiesDict3RelInfo; + +// special case "subschema" for parsing TPPolicyOids. +extern const RelationInfo TpPolicyOidsDict1RelInfo; +extern const RelationInfo TpPolicyOidsDict2RelInfo; + +// Map a CSSM_DB_RECORDTYPE to a RelationInfo *. +extern const RelationInfo *MDSRecordTypeToRelation( + CSSM_DB_RECORDTYPE recordType); + +// same as above, based on record type as string. +extern const RelationInfo *MDSRecordTypeNameToRelation( + const char *recordTypeName); + +} // end namespace Security #endif // _MDSSCHEMA_H diff --git a/cdsa/mds/MDSSession.cpp b/cdsa/mds/MDSSession.cpp index ba9d79c0..7e421d72 100644 --- a/cdsa/mds/MDSSession.cpp +++ b/cdsa/mds/MDSSession.cpp @@ -20,90 +20,309 @@ #include #include "MDSModule.h" +#include "MDSAttrParser.h" +#include "MDSAttrUtils.h" #include #include #include #include +#include +#include #include +#include #include #include +#include #include -// Location of security plugins. +/* + * The layout of the various MDS DB files on disk is as follows: + * + * /var/tmp/mds -- owner = root, mode = 01777, world writable, sticky + * mdsObject.db -- owner = root, mode = 0644, object DB + * mdsDirectory.db -- owner = root, mode = 0644, MDS directory DB + * mds.lock -- temporary, owner = root, protects creation of + * previous two files + * / -- owner = , mode = 0644 + * mdsObject.db -- owner = , mode = 0644, object DB + * mdsDirectory.db -- owner = , mode = 0644, MDS directory DB + * mds.lock -- temporary, owner = , protects creation of + * previous two files + * + * The /var/tmp/mds directory and the two db files in it are created by root + * via SS or an AEWP call. Each user except for root has their own private + * directory with two DB files and a lock. The first time a user accesses MDS, + * the per-user directory is created and the per-user DB files are created as + * copies of the system DB files. Fcntl() with a F_RDLCK is used to lock the system + * DB files when they are the source of these copies; this is the same mechanism + * used by the underlying AtomincFile. + * + * The sticky bit in /var/tmp/mds ensures that users cannot delete, rename, and/or + * replace the root-owned DB files in that directory, and that users can not + * modify other user's private MDS directories. + */ +namespace Security +{ -#define kPluginPath "/System/Library/Security/" +/* + * Nominal location of Security.framework. + */ +#define MDS_SYSTEM_PATH "/System/Library/Frameworks" +#define MDS_SYSTEM_FRAME "Security.framework" -// Location of MDS database and lock files. +/* + * Nominal location of standard plugins. + */ +#define MDS_BUNDLE_PATH "/System/Library/Security" +#define MDS_BUNDLE_EXTEN ".bundle" -#define kDatabasePath "/var/tmp/" -#define kLockFilename kDatabasePath "mds.lock" -// Minimum interval, in seconds, between rescans for plugin changes. +/* + * Location of system MDS database and lock files. + */ +#define MDS_SYSTEM_DB_DIR "/private/var/tmp/mds" +#define MDS_LOCK_FILE_NAME "mds.lock" +#define MDS_OBJECT_DB_NAME "mdsObject.db" +#define MDS_DIRECT_DB_NAME "mdsDirectory.db" +#define MDS_LOCK_FILE_PATH MDS_SYSTEM_DB_DIR "/" MDS_LOCK_FILE_NAME +#define MDS_OBJECT_DB_PATH MDS_SYSTEM_DB_DIR "/" MDS_OBJECT_DB_NAME +#define MDS_DIRECT_DB_PATH MDS_SYSTEM_DB_DIR "/" MDS_DIRECT_DB_NAME -#define kScanInterval 10 +/* + * Location of per-user bundles, relative to home directory. + * PEr-user DB files are in MDS_SYSTEM_DB_DIR//. + */ +#define MDS_USER_DB_DIR "Library/Security" +#define MDS_USER_BUNDLE "Library/Security" + +/* time to wait in ms trying to acquire lock */ +#define DB_LOCK_TIMEOUT (2 * 1000) + +/* Minimum interval, in seconds, between rescans for plugin changes */ +#define MDS_SCAN_INTERVAL 10 + +/* initial debug - start from scratch each time */ +#define START_FROM_SCRATCH 0 + +/* debug - skip file-level locking */ +#define SKIP_FILE_LOCKING 0 + +/* Only allow root to create and update system DB files - in the final config this + * will be true */ +#define SYSTEM_MDS_ROOT_ONLY 0 + +/* + * Early development; no Security Server/root involvement with system DB creation. + * If this is true, SYSTEM_MDS_ROOT_ONLY must be false (though both can be + * false for intermediate testing). + */ +#define SYSTEM_DBS_VIA_USER 1 + +/* when true, turn autocommit off when building system DB */ +#define AUTO_COMMIT_OPT 1 -// -// Get the current time in a format that matches that in which -// a file's modification time is expressed. -// -static void -getCurrentTime(struct timespec &now) +/* + * Determine if both of the specified DB files exist as + * accessible regular files. Returns true if they do. If the purge argument + * is true, we'll ensure that either both or neither of the files exist on + * exit. + */ +static bool doFilesExist( + const char *objDbFile, + const char *directDbFile, + bool purge) // false means "passive" check { - struct timeval tv; - gettimeofday(&tv, NULL); - TIMEVAL_TO_TIMESPEC(&tv, &now); + struct stat sb; + bool objectExist = false; + bool directExist = false; + + if (stat(objDbFile, &sb) == 0) { + /* Object DB exists */ + if(!(sb.st_mode & S_IFREG)) { + MSDebug("deleting non-regular file %s", objDbFile); + if(purge && unlink(objDbFile)) { + MSDebug("unlink(%s) returned %d", objDbFile, errno); + CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR); + } + } + else { + objectExist = true; + } + } + if (stat(directDbFile, &sb) == 0) { + /* directory DB exists */ + if(!(sb.st_mode & S_IFREG)) { + MSDebug("deleting non-regular file %s", directDbFile); + if(purge & unlink(directDbFile)) { + MSDebug("unlink(%s) returned %d", directDbFile, errno); + CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR); + } + } + directExist = true; + } + if(objectExist && directExist) { + /* both databases exist as regular files */ + return true; + } + else if(!purge) { + return false; + } + + /* at least one does not exist - ensure neither of them do */ + if(objectExist) { + if(unlink(objDbFile)) { + MSDebug("unlink(%s) returned %d", objDbFile, errno); + CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR); + } + } + if(directExist) { + if(unlink(directDbFile)) { + MSDebug("unlink(%s) returned %d", directDbFile, errno); + CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR); + } + } + return false; } -// -// Create an MDS session. -// +/* + * Determine if specified directory exists. + */ +static bool doesDirectExist( + const char *dirPath) +{ + struct stat sb; + + if (stat(dirPath, &sb)) { + return false; + } + if(!(sb.st_mode & S_IFDIR)) { + return false; + } + return true; +} +/* + * Create specified directory if it doesn't already exist. + * Zero for mode means "use the default provided by 0755 modified by umask". + */ +static int createDir( + const char *dirPath, + mode_t dirMode = 0) +{ + if(doesDirectExist(dirPath)) { + return 0; + } + int rtn = mkdir(dirPath, 0755); + if(rtn) { + if(errno == EEXIST) { + /* this one's OK */ + rtn = 0; + } + else { + rtn = errno; + MSDebug("mkdir(%s) returned %d", dirPath, errno); + } + } + if((rtn == 0) && (dirMode != 0)) { + rtn = chmod(dirPath, dirMode); + if(rtn) { + MSDebug("chmod(%s) returned %d", dirPath, errno); + } + } + return rtn; +} + +/* + * Create an MDS session. + */ MDSSession::MDSSession (const Guid *inCallerGuid, const CSSM_MEMORY_FUNCS &inMemoryFunctions) : - DatabaseSession(MDSModule::get().databaseManager()), - mCssmMemoryFunctions (inMemoryFunctions), + DatabaseSession(MDSModule::get().databaseManager()), + mCssmMemoryFunctions (inMemoryFunctions), + mModule(MDSModule::get()), mLockFd(-1) { - fprintf(stderr, "MDSSession::MDSSession\n"); + MSDebug("MDSSession::MDSSession"); + #if START_FROM_SCRATCH + unlink(MDS_LOCK_FILE_PATH); + unlink(MDS_OBJECT_DB_PATH); + unlink(MDS_DIRECT_DB_PATH); + #endif + mCallerGuidPresent = inCallerGuid != nil; if (mCallerGuidPresent) mCallerGuid = *inCallerGuid; - - // make sure the MDS databases have been created, and the required - // tables have been constructed - initializeDatabases(); - // schedule a scan for plugin changes - getCurrentTime(mLastScanTime); + /* + * Create DB files if necessary; make sure they are up-to-date + */ + // no! done in either install or open! updateDataBases(); } MDSSession::~MDSSession () { - fprintf(stderr, "MDSSession::~MDSSession\n"); - releaseLock(); + MSDebug("MDSSession::~MDSSession"); + releaseLock(mLockFd); } void MDSSession::terminate () { - fprintf(stderr, "MDSSession::terminate\n"); - + MSDebug("MDSSession::terminate"); + releaseLock(mLockFd); closeAll(); } -// -// In this implementation, install() does nothing, since the databases -// are implicitly created as needed by initialize(). -// - +/* + * Called by security server or AEWP-executed privileged tool. + */ void MDSSession::install () { - // this space intentionally left blank + if((getuid() != (uid_t)0) && SYSTEM_MDS_ROOT_ONLY) { + CssmError::throwMe(CSSMERR_DL_OS_ACCESS_DENIED); + } + + int sysFdLock = -1; + try { + /* before we obtain the lock, ensure the the system MDS DB directory exists */ + if(createDir(MDS_SYSTEM_DB_DIR, 01777)) { + MSDebug("Error creating system MDS dir; aborting."); + CssmError::throwMe(CSSMERR_DL_OS_ACCESS_DENIED); + } + + if(!obtainLock(MDS_LOCK_FILE_PATH, sysFdLock, DB_LOCK_TIMEOUT)) { + CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR); + } + if(!systemDatabasesPresent(true)) { + bool created = createSystemDatabases(); + if(created) { + /* + * Skip possible race condition in which this is called twice, + * both via SS by user procs who say "no system DBs present" + * in their updateDataBases() method. + * + * Do initial population of system DBs. + */ + DbFilesInfo dbFiles(*this, MDS_SYSTEM_DB_DIR); + #if AUTO_COMMIT_OPT + dbFiles.autoCommit(CSSM_FALSE); + #endif + dbFiles.updateSystemDbInfo(MDS_SYSTEM_PATH, MDS_BUNDLE_PATH); + } + } + } + catch(...) { + if(sysFdLock != -1) { + releaseLock(sysFdLock); + } + throw; + } + releaseLock(sysFdLock); } // @@ -117,55 +336,101 @@ MDSSession::uninstall () CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); } -// -// Obtain and free a list of names of current databases. -// - -void -MDSSession::GetDbNames(CSSM_NAME_LIST_PTR &outNameList) +/* + * Common private open routine given a full specified path. + * + * FIXME: both of these dbOpen routines leak like crazy even though + * we know we close properly. + * Typical stack trace (from MallocDebug) of a leak is + * + * DatabaseSession::DbOpen(char const *, cssm_net_address const...) + * DatabaseManager::dbOpen(Security::DatabaseSession &, ...) + * Database::_dbOpen(Security::DatabaseSession &, unsigned long, ...) + * AppleDatabase::dbOpen(Security::DbContext &) + * DbModifier::openDatabase(void) + * DbModifier::getDbVersion(void) + * DbVersion::DbVersion(Security::AtomicFile &, ...) + * DbVersion::open(void) + * MetaRecord::unpackRecord(Security::ReadSection const &, ...) + * MetaRecord::unpackAttribute(Security::ReadSection const &, ...) + * MetaAttribute::unpackAttribute(Security::ReadSection const &, ..) + * TypedMetaAttribute::unpackValue(...) + * TrackingAllocator::malloc(unsigned long) + */ +CSSM_DB_HANDLE MDSSession::dbOpen( + const char *dbName) { - outNameList = mDatabaseManager.getDbNames(*this); + MSDebug("Opening %s", dbName); + CSSM_DB_HANDLE dbHand; + DatabaseSession::DbOpen(dbName, + NULL, // DbLocation + CSSM_DB_ACCESS_READ, + NULL, // AccessCred - hopefully optional + NULL, // OpenParameters + dbHand); + return dbHand; } -void -MDSSession::FreeNameList(CSSM_NAME_LIST &inNameList) + +/* DatabaseSession routines we need to override */ +void MDSSession::DbOpen(const char *DbName, + const CSSM_NET_ADDRESS *DbLocation, + CSSM_DB_ACCESS_TYPE AccessRequest, + const AccessCredentials *AccessCred, + const void *OpenParameters, + CSSM_DB_HANDLE &DbHandle) { - mDatabaseManager.freeNameList(*this, inNameList); + /* make sure DBs are up-to-date */ + updateDataBases(); + + /* + * Only task here is map incoming DbName - specified in the CDSA + * spec - to a filename we actually use (which is a path to either + * a system MDS DB file or a per-user MDS DB file). + */ + if(DbName == NULL) { + CssmError::throwMe(CSSMERR_DL_INVALID_DB_NAME); + } + const char *dbName; + if(!strcmp(DbName, MDS_OBJECT_DIRECTORY_NAME)) { + dbName = MDS_OBJECT_DB_NAME; + } + else if(!strcmp(DbName, MDS_CDSA_DIRECTORY_NAME)) { + dbName = MDS_DIRECT_DB_NAME; + } + else { + CssmError::throwMe(CSSMERR_DL_INVALID_DB_NAME); + } + char fullPath[MAXPATHLEN]; + dbFullPath(dbName, fullPath); + DatabaseSession::DbOpen(fullPath, DbLocation, AccessRequest, AccessCred, + OpenParameters, DbHandle); } -// -// Scan the plugin directory. -// - -static bool intervalHasElapsed(const struct timespec &then, const struct timespec &now, - int intervalSeconds) +void +MDSSession::GetDbNames(CSSM_NAME_LIST_PTR &outNameList) { - return (now.tv_sec - then.tv_sec > intervalSeconds) || - ((now.tv_sec - then.tv_sec == intervalSeconds) && (now.tv_nsec >= then.tv_nsec)); + outNameList = new CSSM_NAME_LIST[1]; + outNameList->NumStrings = 2; + outNameList->String = new (char *)[2]; + outNameList->String[0] = MDSCopyCstring(MDS_OBJECT_DIRECTORY_NAME); + outNameList->String[1] = MDSCopyCstring(MDS_CDSA_DIRECTORY_NAME); } -static bool operator <=(const struct timespec &a, const struct timespec &b) +void +MDSSession::FreeNameList(CSSM_NAME_LIST &inNameList) { - return (a.tv_sec < b.tv_sec) || ((a.tv_sec == b.tv_sec) && (a.tv_nsec <= b.tv_nsec)); + delete [] inNameList.String[0]; + delete [] inNameList.String[1]; + delete [] inNameList.String; } -class PluginInfo +void MDSSession::GetDbNameFromHandle(CSSM_DB_HANDLE DBHandle, + char **DbName) { -public: - PluginInfo(const char *pluginName, const struct timespec &modTime) : mModTime(modTime) { - mPluginName = new char[strlen(pluginName) + 1]; - strcpy(mPluginName, pluginName); - } - - ~PluginInfo() { delete [] mPluginName; } - - const char *name() { return mPluginName; } - const struct timespec &modTime() { return mModTime; } - -private: - char *mPluginName; - struct timespec mModTime; -}; + printf("GetDbNameFromHandle: code on demand\n"); + CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR); +} // // Attempt to obtain an exclusive lock over the the MDS databases. The @@ -173,24 +438,27 @@ private: // trying to obtain the lock. A value of zero means to return failure // right away if the lock cannot be obtained. // - bool -MDSSession::obtainLock(int timeout /* = 0 */) +MDSSession::obtainLock( + const char *lockFile, // e.g. MDS_LOCK_FILE_PATH + int &fd, // IN/OUT + int timeout) // default 0 { + #if SKIP_FILE_LOCKING + return true; + #else + static const int kRetryDelay = 250; // ms - if (mLockFd >= 0) - // this session already holds the lock - return true; - - mLockFd = open(kLockFilename, O_CREAT | O_EXCL, 0544); - while (mLockFd == -1 && timeout >= kRetryDelay) { + fd = open(MDS_LOCK_FILE_PATH, O_CREAT | O_EXCL, 0544); + while (fd == -1 && timeout >= kRetryDelay) { timeout -= kRetryDelay; usleep(1000 * kRetryDelay); - mLockFd = open(kLockFilename, O_CREAT | O_EXCL, 0544); + mLockFd = open(MDS_LOCK_FILE_PATH, O_CREAT | O_EXCL, 0544); } - return (mLockFd != -1); + return (fd != -1); + #endif /* SKIP_FILE_LOCKING */ } // @@ -199,204 +467,928 @@ MDSSession::obtainLock(int timeout /* = 0 */) // void -MDSSession::releaseLock() +MDSSession::releaseLock(int &fd) { - if (mLockFd != -1) { - close(mLockFd); - unlink(kLockFilename); - mLockFd = -1; + #if !SKIP_FILE_LOCKING + if (fd != -1) { + close(fd); + unlink(MDS_LOCK_FILE_PATH); + fd = -1; } + #endif } -// -// If necessary, create the two MDS databases and construct the required -// tables in each database. -// +/* given DB file name, fill in fully specified path */ +void MDSSession::dbFullPath( + const char *dbName, + char fullPath[MAXPATHLEN+1]) +{ + mModule.getDbPath(fullPath); + assert(fullPath[0] != '\0'); + strcat(fullPath, "/"); + strcat(fullPath, dbName); +} -void -MDSSession::initializeDatabases() +/* + * See if any per-user bundles exist in specified directory. Returns true if so. + * First the check for one entry.... + */ +static bool isBundle( + const struct dirent *dp) +{ + if(dp == NULL) { + return false; + } + /* NFS directories show up as DT_UNKNOWN */ + switch(dp->d_type) { + case DT_UNKNOWN: + case DT_DIR: + break; + default: + return false; + } + int suffixLen = strlen(MDS_BUNDLE_EXTEN); + int len = strlen(dp->d_name); + + return (len >= suffixLen) && + !strcmp(dp->d_name + len - suffixLen, MDS_BUNDLE_EXTEN); +} + +/* now the full directory search */ +static bool checkUserBundles( + const char *bundlePath) { - printf("MDSSession::initializeDatabases\n"); + MSDebug("searching for user bundles in %s", bundlePath); + DIR *dir = opendir(bundlePath); + if (dir == NULL) { + return false; + } + struct dirent *dp; + bool rtn = false; + while ((dp = readdir(dir)) != NULL) { + if(isBundle(dp)) { + /* any other checking to do? */ + rtn = true; + break; + } + } + closedir(dir); + MSDebug("...%s bundle(s) found", rtn ? "" : "No"); + return rtn; +} + +#define COPY_BUF_SIZE 1024 + +/* Single file copy with locking */ +static void safeCopyFile( + const char *fromPath, + const char *toPath) +{ + /* open source for reading */ + int srcFd = open(fromPath, O_RDONLY, 0); + if(srcFd < 0) { + /* FIXME - what error would we see if the file is locked for writing + * by someone else? We definitely have to handle that. */ + int error = errno; + MSDebug("Error %d opening system DB file %s\n", error, fromPath); + UnixError::throwMe(error); + } - static int kLockTimeout = 2000; // ms + /* acquire the same kind of lock AtomicFile uses */ + struct flock fl; + fl.l_start = 0; + fl.l_len = 1; + fl.l_pid = getpid(); + fl.l_type = F_RDLCK; // AtomicFile gets F_WRLCK + fl.l_whence = SEEK_SET; + + // Keep trying to obtain the lock if we get interupted. + for (;;) { + if (::fcntl(srcFd, F_SETLKW, reinterpret_cast(&fl)) == -1) { + int error = errno; + if (error == EINTR) { + continue; + } + MSDebug("Error %d locking system DB file %s\n", error, fromPath); + UnixError::throwMe(error); + } + else { + break; + } + } + + /* create destination */ + int destFd = open(toPath, O_WRONLY | O_APPEND | O_CREAT | O_TRUNC | O_EXCL, 0644); + if(destFd < 0) { + int error = errno; + MSDebug("Error %d opening user DB file %s\n", error, toPath); + UnixError::throwMe(error); + } - // obtain an exclusive lock. in this case we really want the lock, so - // if it's not immediately available we wait around for a bit + /* copy */ + char buf[COPY_BUF_SIZE]; + while(1) { + int bytesRead = read(srcFd, buf, COPY_BUF_SIZE); + if(bytesRead == 0) { + break; + } + if(bytesRead < 0) { + int error = errno; + MSDebug("Error %d reading system DB file %s\n", error, fromPath); + UnixError::throwMe(error); + } + int bytesWritten = write(destFd, buf, bytesRead); + if(bytesWritten < 0) { + int error = errno; + MSDebug("Error %d writing user DB file %s\n", error, toPath); + UnixError::throwMe(error); + } + } - if (!obtainLock(kLockTimeout)) - // something is wrong; either a stale lock file is lying around or - // some other process is stuck updating the databases - CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR); + /* unlock source and close both */ + fl.l_type = F_UNLCK; + if (::fcntl(srcFd, F_SETLK, reinterpret_cast(&fl)) == -1) { + MSDebug("Error %d unlocking system DB file %s\n", errno, fromPath); + } + close(srcFd); + close(destFd); +} + +/* Copy system DB files to specified user dir. */ +static void copySystemDbs( + const char *userDbFileDir) +{ + char toPath[MAXPATHLEN+1]; - try { - // check for the existence of the MDS database file; if it exists, - // assume that the databases have already been properly created + sprintf(toPath, "%s/%s", userDbFileDir, MDS_OBJECT_DB_NAME); + safeCopyFile(MDS_OBJECT_DB_PATH, toPath); + sprintf(toPath, "%s/%s", userDbFileDir, MDS_DIRECT_DB_NAME); + safeCopyFile(MDS_DIRECT_DB_PATH, toPath); +} + +/* + * Ensure current DB files exist and are up-to-date. + * Called from MDSSession constructor and from DataGetFirst, DbOpen, and any + * other public functions which access a DB from scratch. + */ +void MDSSession::updateDataBases() +{ + bool isRoot = (getuid() == (uid_t)0); + bool createdSystemDb = false; - // look for added/removed/changed plugins + /* + * The first thing we do is to ensure that system DBs are present. + * This call right here is the reason for the purge argument in + * systemDatabasesPresent(); if we're a user proc, we can't grab the system + * MDS lock. + */ + if(!systemDatabasesPresent(false)) { + if(isRoot || SYSTEM_DBS_VIA_USER) { + /* Either doing actual MDS op as root, or development case: + * install as current user */ + install(); + } + else { + /* This path TBD; it involves either a SecurityServer RPC or + * a privileged tool exec'd via AEWP. */ + assert(0); + } + /* remember this - we have to delete possible existing user DBs */ + createdSystemDb = true; + } - scanPluginDirectory(); + /* if we scanned recently, we're done */ + double delta = mModule.timeSinceLastScan(); + if(delta < (double)MDS_SCAN_INTERVAL) { + return; } - catch (...) { - releaseLock(); + + /* + * Obtain various per-user paths. Root is a special case but follows most + * of the same logic from here on. + */ + char userDbFileDir[MAXPATHLEN+1]; + char userObjDbFilePath[MAXPATHLEN+1]; + char userDirectDbFilePath[MAXPATHLEN+1]; + char userBundlePath[MAXPATHLEN+1]; + char userDbLockPath[MAXPATHLEN+1]; + + if(isRoot) { + strcat(userDbFileDir, MDS_SYSTEM_DB_DIR); + /* no userBundlePath */ + } + else { + char *userHome = getenv("HOME"); + if(userHome == NULL) { + /* FIXME - what now, batman? */ + MSDebug("updateDataBases: no HOME"); + userHome = "/"; + } + sprintf(userBundlePath, "%s/%s", userHome, MDS_USER_BUNDLE); + + /* DBs go in a per-UID directory in the system MDS DB directory */ + sprintf(userDbFileDir, "%s/%d", MDS_SYSTEM_DB_DIR, (int)(getuid())); + } + sprintf(userObjDbFilePath, "%s/%s", userDbFileDir, MDS_OBJECT_DB_NAME); + sprintf(userDirectDbFilePath, "%s/%s", userDbFileDir, MDS_DIRECT_DB_NAME); + sprintf(userDbLockPath, "%s/%s", userDbFileDir, MDS_LOCK_FILE_NAME); + + /* + * Create the per-user directory first...that's where the lock we'll be using + * lives. Our createDir() is tolerant of EEXIST errors. + */ + if(!isRoot) { + if(createDir(userDbFileDir)) { + /* We'll just have to limp along using the read-only system DBs */ + Syslog::alert("Error creating %s", userDbFileDir); + MSDebug("Error creating user DBs; using system DBs"); + mModule.setDbPath(MDS_SYSTEM_DB_DIR); + return; + } + } + + /* always release mLockFd no matter what happens */ + if(!obtainLock(userDbLockPath, mLockFd, DB_LOCK_TIMEOUT)) { + CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR); + } + try { + if(!isRoot) { + if(createdSystemDb) { + /* initial creation of system DBs by user - start from scratch */ + unlink(userObjDbFilePath); + unlink(userDirectDbFilePath); + } + + /* + * System DBs exist and are as up-to-date as we are allowed to make them. + * Create per-user DBs if they don't exist. + */ + if(createdSystemDb || //Êoptimization - if this is true, the + // per-user DBs do not exist since we just + // deleted them + !doFilesExist(userObjDbFilePath, userDirectDbFilePath, + true)) { + + /* copy system DBs to user DBs */ + MSDebug("copying system DBs to user at %s", userDbFileDir); + copySystemDbs(userDbFileDir); + } + else { + MSDebug("Using existing user DBs at %s", userDbFileDir); + } + } + else { + MSDebug("Using system DBs only"); + } + + /* + * Update per-user DBs from all three sources (System.framework, + * System bundles, user bundles) as appropriate. Note that if we + * just created the system DBs, we don't have to update with + * respect to system framework or system bundles. + */ + DbFilesInfo dbFiles(*this, userDbFileDir); + if(!createdSystemDb) { + dbFiles.removeOutdatedPlugins(); + dbFiles.updateSystemDbInfo(MDS_SYSTEM_PATH, MDS_BUNDLE_PATH); + } + if(!isRoot) { + /* root doesn't have user bundles */ + if(checkUserBundles(userBundlePath)) { + dbFiles.updateForBundleDir(userBundlePath); + } + } + mModule.setDbPath(userDbFileDir); + } /* main block protected by mLockFd */ + catch(...) { + releaseLock(mLockFd); throw; } + mModule.lastScanIsNow(); + releaseLock(mLockFd); +} - // release the exclusive lock +/* + * Remove all records with specified guid (a.k.a. ModuleID) from specified DB. + */ +void MDSSession::removeRecordsForGuid( + const char *guid, + CSSM_DB_HANDLE dbHand) +{ + CSSM_QUERY query; + CSSM_DB_UNIQUE_RECORD_PTR record = NULL; + CSSM_HANDLE resultHand; + CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; + CSSM_SELECTION_PREDICATE predicate; + CSSM_DATA predData; - releaseLock(); + /* don't want any attributes back, just a record ptr */ + recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_ANY; + recordAttrs.SemanticInformation = 0; + recordAttrs.NumberOfAttributes = 0; + recordAttrs.AttributeData = NULL; + + /* one predicate, == guid */ + predicate.DbOperator = CSSM_DB_EQUAL; + predicate.Attribute.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + predicate.Attribute.Info.Label.AttributeName = "ModuleID"; + predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING; + predData.Data = (uint8 *)guid; + predData.Length = strlen(guid) + 1; + predicate.Attribute.Value = &predData; + predicate.Attribute.NumberOfValues = 1; + + query.RecordType = CSSM_DL_DB_RECORD_ANY; + query.Conjunctive = CSSM_DB_NONE; + query.NumSelectionPredicates = 1; + query.SelectionPredicate = &predicate; + query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? + query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? + query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? + + /* + * Each search starts from scratch - not sure if we can delete a record + * associated with an active query and continue on with that query. + */ + try { + for(;;) { + DLQuery perryQuery(query); + resultHand = DataGetFirst(dbHand, + &perryQuery, + &recordAttrs, + NULL, // No data + record); + if(resultHand) { + try { + MSDebug("...deleting a record for guid %s", guid); + DataDelete(dbHand, *record); + DataAbortQuery(dbHand, resultHand); + } + catch(...) { + MSDebug("exception (1) while deleting record for guid %s", guid); + /* proceed.... */ + } + } + else if(record) { + FreeUniqueRecord(dbHand, *record); + break; + } + } /* main loop */ + } + catch (...) { + MSDebug("exception (2) while deleting record for guid %s", guid); + } } -// -// Update the databases due to added/removed/changed plugins. This obtains -// an exclusive lock over the databases, if possible, and then scans the -// module path. If the lock cannot be obtained, it does nothing. The intent -// is that this will be called periodically, so a failure at any given time -// is not a big deal and may simply imply that another process is already -// updating the MDS databases. -// +/* + * Determine if system databases are present. + * If the purge argument is true, we'll ensure that either both or neither + * DB files exist on exit; in that case caller need to hold MDS_LOCK_FILE_PATH. + */ +bool MDSSession::systemDatabasesPresent(bool purge) +{ + bool rtn = false; + + try { + /* this can throw on a failed attempt to delete sole existing file */ + if(doFilesExist(MDS_OBJECT_DB_PATH, MDS_DIRECT_DB_PATH, purge)) { + rtn = true; + } + } + catch(...) { + + } + return rtn; +} +/* + * Given a DB name (which is used as an absolute path) and an array of + * RelationInfos, create a DB. + */ void -MDSSession::updateDatabases() +MDSSession::createSystemDatabase( + const char *dbName, + const RelationInfo *relationInfo, + unsigned numRelations, + CSSM_DB_HANDLE &dbHand) // RETURNED { - // get the current time in the appropriate format + CSSM_DBINFO dbInfo; + CSSM_DBINFO_PTR dbInfoP = &dbInfo; - struct timespec now; - getCurrentTime(now); + memset(dbInfoP, 0, sizeof(CSSM_DBINFO)); + dbInfoP->NumberOfRecordTypes = numRelations; + dbInfoP->IsLocal = CSSM_TRUE; // TBD - what does this mean? + dbInfoP->AccessPath = NULL; // TBD - if (!intervalHasElapsed(mLastScanTime, now, kScanInterval)) - // its not yet time to rescan - return; - - // regardless of what happens, we don't want to scan again for a while, so reset - // the last scan time before proceeding + /* alloc numRelations elements for parsingModule, recordAttr, and recordIndex + * info arrays */ + unsigned size = sizeof(CSSM_DB_PARSING_MODULE_INFO) * numRelations; + dbInfoP->DefaultParsingModules = (CSSM_DB_PARSING_MODULE_INFO_PTR)malloc(size); + memset(dbInfoP->DefaultParsingModules, 0, size); + size = sizeof(CSSM_DB_RECORD_ATTRIBUTE_INFO) * numRelations; + dbInfoP->RecordAttributeNames = (CSSM_DB_RECORD_ATTRIBUTE_INFO_PTR)malloc(size); + memset(dbInfoP->RecordAttributeNames, 0, size); + size = sizeof(CSSM_DB_RECORD_INDEX_INFO) * numRelations; + dbInfoP->RecordIndexes = (CSSM_DB_RECORD_INDEX_INFO_PTR)malloc(size); + memset(dbInfoP->RecordIndexes, 0, size); - mLastScanTime = now; + /* cook up attribute and index info for each relation */ + unsigned relation; + for(relation=0; relationRecordAttributeNames[relation]; // dest 1 + CSSM_DB_RECORD_INDEX_INFO_PTR indexInfo = + &dbInfoP->RecordIndexes[relation]; // dest 2 + + attrInfo->DataRecordType = relp->DataRecordType; + attrInfo->NumberOfAttributes = relp->NumberOfAttributes; + attrInfo->AttributeInfo = (CSSM_DB_ATTRIBUTE_INFO_PTR)relp->AttributeInfo; + + indexInfo->DataRecordType = relp->DataRecordType; + indexInfo->NumberOfIndexes = relp->NumberOfIndexes; + indexInfo->IndexInfo = (CSSM_DB_INDEX_INFO_PTR)relp->IndexInfo; + } - // obtain a lock to avoid having multiple processes scanning for changed plugins; - // if the lock cannot be obtained immediately, just return and do nothing + try { + DbCreate(dbName, + NULL, // DbLocation + *dbInfoP, + CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, + NULL, // CredAndAclEntry + NULL, // OpenParameters + dbHand); + } + catch(...) { + MSDebug("Error on DbCreate"); + free(dbInfoP->DefaultParsingModules); + free(dbInfoP->RecordAttributeNames); + free(dbInfoP->RecordIndexes); + throw; + } + free(dbInfoP->DefaultParsingModules); + free(dbInfoP->RecordAttributeNames); + free(dbInfoP->RecordIndexes); - if (!obtainLock()) - return; +} - // we want to make sure that the lock gets released at all costs, hence - // this try block: +/* + * Create system databases from scratch if they do not already exist. + * MDS_LOCK_FILE_PATH held on entry and exit. MDS_SYSTEM_DB_DIR assumed to + * exist (that's our caller's job, before acquiring MDS_LOCK_FILE_PATH). + * Returns true if we actually built the files, false if they already + * existed. + */ +bool MDSSession::createSystemDatabases() +{ + CSSM_DB_HANDLE objectDbHand = 0; + CSSM_DB_HANDLE directoryDbHand = 0; + assert((getuid() == (uid_t)0) || !SYSTEM_MDS_ROOT_ONLY); + if(systemDatabasesPresent(true)) { + /* both databases exist as regular files - we're done */ + MSDebug("system DBs already exist"); + return false; + } + + /* create two DBs - any exception here results in deleting both of them */ + MSDebug("Creating MDS DBs"); try { - scanPluginDirectory(); + createSystemDatabase(MDS_OBJECT_DB_PATH, &kObjectRelation, 1, objectDbHand); + DbClose(objectDbHand); + objectDbHand = 0; + createSystemDatabase(MDS_DIRECT_DB_PATH, kMDSRelationInfo, kNumMdsRelations, + directoryDbHand); + DbClose(directoryDbHand); + directoryDbHand = 0; } catch (...) { - releaseLock(); + MSDebug("Error creating MDS DBs - deleting both DB files"); + unlink(MDS_OBJECT_DB_PATH); + unlink(MDS_DIRECT_DB_PATH); throw; } + return true; +} + +/* + * DbFilesInfo helper class + */ + +/* Note both DB files MUST exist at construction time */ +MDSSession::DbFilesInfo::DbFilesInfo( + MDSSession &session, + const char *dbPath) : + mSession(session), + mObjDbHand(0), + mDirectDbHand(0), + mLaterTimestamp(0) +{ + assert(strlen(dbPath) < MAXPATHLEN); + strcpy(mDbPath, dbPath); - releaseLock(); + /* stat the two DB files, snag the later timestamp */ + char path[MAXPATHLEN]; + sprintf(path, "%s/%s", mDbPath, MDS_OBJECT_DB_NAME); + struct stat sb; + int rtn = ::stat(path, &sb); + if(rtn) { + int error = errno; + MSDebug("Error %d statting DB file %s", error, path); + UnixError::throwMe(error); + } + mLaterTimestamp = sb.st_mtimespec.tv_sec; + sprintf(path, "%s/%s", mDbPath, MDS_DIRECT_DB_NAME); + rtn = ::stat(path, &sb); + if(rtn) { + int error = errno; + MSDebug("Error %d statting DB file %s", error, path); + UnixError::throwMe(error); + } + if(sb.st_mtimespec.tv_sec > mLaterTimestamp) { + mLaterTimestamp = sb.st_mtimespec.tv_sec; + } } -// -// Determine if a filesystem object is a bundle that should be considered -// as a potential CDSA module by MDS. -// +#define AUTO_COMMIT_OFF_ON_CLOSE 1 + +MDSSession::DbFilesInfo::~DbFilesInfo() +{ + if(mObjDbHand != 0) { + #if AUTO_COMMIT_OPT && AUTO_COMMIT_OFF_ON_CLOSE + mSession.PassThrough(mObjDbHand, + CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT, + reinterpret_cast(CSSM_TRUE), + NULL); + #endif + mSession.DbClose(mObjDbHand); + mObjDbHand = 0; + } + if(mDirectDbHand != 0) { + #if AUTO_COMMIT_OPT && AUTO_COMMIT_OFF_ON_CLOSE + mSession.PassThrough(mDirectDbHand, + CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT, + reinterpret_cast(CSSM_TRUE), + NULL); + #endif + mSession.DbClose(mDirectDbHand); + mDirectDbHand = 0; + } +} -static bool -isBundle(const char *path) +/* lazy evaluation of both DB handlesÊ*/ +CSSM_DB_HANDLE MDSSession::DbFilesInfo::objDbHand() { - static const char *bundleSuffix = ".bundle"; + if(mObjDbHand != 0) { + return mObjDbHand; + } + char fullPath[MAXPATHLEN + 1]; + sprintf(fullPath, "%s/%s", mDbPath, MDS_OBJECT_DB_NAME); + mObjDbHand = mSession.dbOpen(fullPath); + return mObjDbHand; +} + +CSSM_DB_HANDLE MDSSession::DbFilesInfo::directDbHand() +{ + if(mDirectDbHand != 0) { + return mDirectDbHand; + } + char fullPath[MAXPATHLEN + 1]; + sprintf(fullPath, "%s/%s", mDbPath, MDS_DIRECT_DB_NAME); + mDirectDbHand = mSession.dbOpen(fullPath); + return mDirectDbHand; +} - int suffixLen = strlen(bundleSuffix); - int len = strlen(path); +/* + * Update the info for System.framework and the system bundles. + */ +void MDSSession::DbFilesInfo::updateSystemDbInfo( + const char *systemPath, // e.g., /System/Library/Frameworks + const char *bundlePath) // e.g., /System/Library/Security +{ + /* System.framework - CSSM and built-in modules */ + char fullPath[MAXPATHLEN]; + sprintf(fullPath, "%s/%s", systemPath, MDS_SYSTEM_FRAME); + updateForBundle(fullPath); - return (len >= suffixLen) && !strcmp(path + len - suffixLen, bundleSuffix); + /* Standard loadable bundles */ + updateForBundleDir(bundlePath); } -// -// Scan the module directory looking for added/removed/changed plugins, and -// update the MDS databases accordingly. This assumes that an exclusive lock -// has already been obtained, and that the databases and the required tables -// already exist. -// -void -MDSSession::scanPluginDirectory() +MDSSession::DbFilesInfo::TbdRecord::TbdRecord( + const CSSM_DATA &guid) { - printf("MDSSession::scanPluginDirectory\n"); + assert(guid.Length <= MAX_GUID_LEN); + assert(guid.Length != 0); + memmove(mGuid, guid.Data, guid.Length); + if(mGuid[guid.Length - 1] != '\0') { + mGuid[guid.Length] = '\0'; + } +} - // check the modification time on the plugin directory: if it has not changed - // since the last scan, we're done - +/* + * Test if plugin specified by pluginPath needs to be deleted from DBs. + * If so, add to tbdVector. + */ +void MDSSession::DbFilesInfo::checkOutdatedPlugin( + const CSSM_DATA &pathValue, + const CSSM_DATA &guidValue, + TbdVector &tbdVector) +{ + /* stat the specified plugin */ struct stat sb; - if (stat(kPluginPath, &sb)) { - // can't stat the plugin directory... - Syslog::warning("MDS: cannot stat plugin directory \"%s\"", kPluginPath); - return; + bool obsolete = false; + int rtn = ::stat((char *)pathValue.Data, &sb); + if(rtn) { + /* not there or inaccessible; delete */ + obsolete = true; + } + else if(sb.st_mtimespec.tv_sec > mLaterTimestamp) { + /* timestamp of plugin's main directory later than that of DBs */ + obsolete = true; + } + if(obsolete) { + TbdRecord *tbdRecord = new TbdRecord(guidValue); + tbdVector.push_back(tbdRecord); + MSDebug("checkOutdatedPlugin: flagging %s obsolete", pathValue.Data); } +} - if (sb.st_mtimespec <= mLastScanTime) - // no changes, we're done until its time for the next scan - return; +/* + * Examine dbFiles.objDbHand; remove all fields associated with any bundle + * i.e., with any path) which are either not present on disk, or which + * have changed since dbFiles.laterTimestamp(). + */ +void MDSSession::DbFilesInfo::removeOutdatedPlugins() +{ + CSSM_QUERY query; + CSSM_DB_UNIQUE_RECORD_PTR record = NULL; + CSSM_HANDLE resultHand; + CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; + CSSM_DB_ATTRIBUTE_DATA theAttrs[2]; + CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo; + TbdVector tbdRecords; - // attempt to open the plugin directory + /* + * First, scan object directory. All we need are the path and GUID attributes. + */ + recordAttrs.DataRecordType = MDS_OBJECT_RECORDTYPE; + recordAttrs.SemanticInformation = 0; + recordAttrs.NumberOfAttributes = 2; + recordAttrs.AttributeData = theAttrs; - DIR *dir = opendir(kPluginPath); - if (dir == NULL) { - // no plugin directory, hence no modules. clear the MDS directory - // and log a warning - Syslog::warning("MDS: cannot open plugin directory \"%s\"", kPluginPath); + attrInfo = &theAttrs[0].Info; + attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attrInfo->Label.AttributeName = "ModuleID"; + attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING; + theAttrs[0].NumberOfValues = 0; + theAttrs[0].Value = NULL; + attrInfo = &theAttrs[1].Info; + attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attrInfo->Label.AttributeName = "Path"; + attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING; + theAttrs[1].NumberOfValues = 0; + theAttrs[1].Value = NULL; + + /* just search by recordType, no predicates */ + query.RecordType = MDS_OBJECT_RECORDTYPE; + query.Conjunctive = CSSM_DB_NONE; + query.NumSelectionPredicates = 0; + query.SelectionPredicate = NULL; + query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? + query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? + query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? + + DLQuery perryQuery(query); + try { + resultHand = mSession.DataGetFirst(objDbHand(), + &perryQuery, + &recordAttrs, + NULL, // No data + record); + } + catch(...) { + MSDebug("removeOutdatedPlugins: DataGetFirst threw"); + return; // ??? + } + if(record) { + mSession.FreeUniqueRecord(mObjDbHand, *record); + } + if(resultHand) { + if(theAttrs[0].NumberOfValues && theAttrs[1].NumberOfValues) { + checkOutdatedPlugin(*theAttrs[1].Value, *theAttrs[0].Value, + tbdRecords); + } + else { + MSDebug("removeOutdatedPlugins: incomplete record found (1)!"); + } + for(unsigned dex=0; dex<2; dex++) { + if(theAttrs[dex].Value) { + if(theAttrs[dex].Value->Data) { + mSession.free(theAttrs[dex].Value->Data); + } + mSession.free(theAttrs[dex].Value); + } + } + } + else { + /* empty Object DB - we're done */ + MSDebug("removeOutdatedPlugins: empty object DB"); return; } - // build a list of the plugins are are currently in the directory, along with - // their modification times + /* now the rest of the object DB records */ + for(;;) { + bool brtn = mSession.DataGetNext(objDbHand(), + resultHand, + &recordAttrs, + NULL, + record); + if(!brtn) { + /* end of data */ + break; + } + if(record) { + mSession.FreeUniqueRecord(mObjDbHand, *record); + } + if(theAttrs[0].NumberOfValues && theAttrs[1].NumberOfValues) { + checkOutdatedPlugin(*theAttrs[1].Value, + *theAttrs[0].Value, + tbdRecords); + } + else { + MSDebug("removeOutdatedPlugins: incomplete record found (2)!"); + } + for(unsigned dex=0; dex<2; dex++) { + if(theAttrs[dex].Value) { + if(theAttrs[dex].Value->Data) { + mSession.free(theAttrs[dex].Value->Data); + } + mSession.free(theAttrs[dex].Value); + } + } + } + /* no DataAbortQuery needed; we scanned until completion */ + /* + * We have a vector of plugins to be deleted. Remove all records from both + * DBs associated with the plugins, as specified by guid. + */ + unsigned numRecords = tbdRecords.size(); + for(unsigned i=0; iguid(), objDbHand()); + mSession.removeRecordsForGuid(tbdRecord->guid(), directDbHand()); + } + for(unsigned i=0; id_name, PATH_MAX - strlen(kPluginPath)); - - struct stat sb; - if (stat(tempPath, &sb) == 0) { - // do some checking to determine that this path refers to an - // actual bundle that is likely to be a module - if (isBundle(tempPath)) - pluginList.push_back(new PluginInfo(tempPath, sb.st_mtimespec)); + if(isBundle(dp)) { + sprintf(fullPath, "%s/%s", bundleDirPath, dp->d_name); + updateForBundle(fullPath); } } - closedir(dir); - - // step 1: for any plugin in the common relation which is no longer present, - // or which is present but which has been modified since the last scan, remove - // all its records from the MDS database - - removeOutdatedPlugins(pluginList); - - // step 2: for any plugin present but not in the common relation (note it may - // have been removed in step 1 because it was out-of-date), insert its records - // into the MDS database +} - insertNewPlugins(pluginList); +/* + * lookup by path - just returns true if there is a record assoociated with the path + * in mObjDbHand. + */ +bool MDSSession::DbFilesInfo::lookupForPath( + const char *path) +{ + CSSM_QUERY query; + CSSM_DB_UNIQUE_RECORD_PTR record = NULL; + CSSM_HANDLE resultHand = 0; + CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; + CSSM_DB_ATTRIBUTE_DATA theAttr; + CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo = &theAttr.Info; + CSSM_SELECTION_PREDICATE predicate; + CSSM_DATA predData; - // free the list of current plugins + recordAttrs.DataRecordType = MDS_OBJECT_RECORDTYPE; + recordAttrs.SemanticInformation = 0; + recordAttrs.NumberOfAttributes = 1; + recordAttrs.AttributeData = &theAttr; - for_each_delete(pluginList.begin(), pluginList.end()); + attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + attrInfo->Label.AttributeName = "Path"; + attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING; + + theAttr.NumberOfValues = 0; + theAttr.Value = NULL; + + predicate.DbOperator = CSSM_DB_EQUAL; + predicate.Attribute.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; + predicate.Attribute.Info.Label.AttributeName = "Path"; + predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING; + predData.Data = (uint8 *)path; + predData.Length = strlen(path) + 1; + predicate.Attribute.Value = &predData; + predicate.Attribute.NumberOfValues = 1; + + query.RecordType = MDS_OBJECT_RECORDTYPE; + query.Conjunctive = CSSM_DB_NONE; + query.NumSelectionPredicates = 1; + query.SelectionPredicate = &predicate; + query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? + query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? + query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? + + bool ourRtn = true; + try { + DLQuery perryQuery(query); + resultHand = mSession.DataGetFirst(objDbHand(), + &perryQuery, + &recordAttrs, + NULL, // No data + record); + } + catch (...) { + ourRtn = false; + } + if(record) { + mSession.FreeUniqueRecord(mObjDbHand, *record); + } + else { + ourRtn = false; + } + if(resultHand && ourRtn) { + /* more resulting pending; terminate the search */ + try { + mSession.DataAbortQuery(mObjDbHand, resultHand); + } + catch(...) { + MSDebug("exception on DataAbortQuery in lookupForPath"); + } + } + if(theAttr.Value) { + if(theAttr.Value->Data) { + mSession.free(theAttr.Value->Data); + } + mSession.free(theAttr.Value); + } + return ourRtn; } -void -MDSSession::removeOutdatedPlugins(const PluginInfoList &pluginList) +/* update entry for one bundle, which is known to exist */ +void MDSSession::DbFilesInfo::updateForBundle( + const char *bundlePath) { - PluginInfoList::const_iterator it; - for (it = pluginList.begin(); it != pluginList.end(); it++) - fprintf(stderr, "%s\n", (*it)->name()); + MSDebug("...updating DBs for bundle %s", bundlePath); + + /* Quick lookup - do we have ANY entry for a bundle with this path? */ + if(lookupForPath(bundlePath)) { + /* Yep, we're done */ + return; + } + MDSAttrParser parser(bundlePath, + mSession, + objDbHand(), + directDbHand()); + parser.parseAttrs(); } -void -MDSSession::insertNewPlugins(const PluginInfoList &pluginList) +/* DB autocommit on/off */ +void MDSSession::DbFilesInfo::autoCommit(CSSM_BOOL val) { + try { + mSession.PassThrough(objDbHand(), + CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT, + reinterpret_cast(val), + NULL); + mSession.PassThrough(directDbHand(), + CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT, + reinterpret_cast(val), + NULL); + } + catch (...) { + MSDebug("DbFilesInfo::autoCommit error!"); + /* but proceed */ + } } + +} // end namespace Security diff --git a/cdsa/mds/MDSSession.h b/cdsa/mds/MDSSession.h index 4bf21221..36e0e360 100644 --- a/cdsa/mds/MDSSession.h +++ b/cdsa/mds/MDSSession.h @@ -22,11 +22,16 @@ #include #include #include +#include +#include #include #include +#include +#include #include -typedef list PluginInfoList; +namespace Security +{ class MDSSession: public DatabaseSession, public HandleObject { @@ -40,31 +45,117 @@ public: void install (); void uninstall (); - void GetDbNames(CSSM_NAME_LIST_PTR &outNameList); - void FreeNameList(CSSM_NAME_LIST &inNameList); + CSSM_DB_HANDLE MDSSession::dbOpen( + const char *dbName); + + // some DatabaseSession routines we need to override + void DbOpen(const char *DbName, + const CSSM_NET_ADDRESS *DbLocation, + CSSM_DB_ACCESS_TYPE AccessRequest, + const AccessCredentials *AccessCred, + const void *OpenParameters, + CSSM_DB_HANDLE &DbHandle); + void GetDbNames(CSSM_NAME_LIST_PTR &NameList); + void FreeNameList(CSSM_NAME_LIST &NameList); + void GetDbNameFromHandle(CSSM_DB_HANDLE DBHandle, + char **DbName); // implement CssmHeap::Allocator - void *malloc(size_t size) { return mCssmMemoryFunctions.malloc(size); }; - void free(void *addr) { mCssmMemoryFunctions.free(addr); } - void *realloc(void *addr, size_t size) { return mCssmMemoryFunctions.realloc(addr, size); } + void *malloc(size_t size) throw(std::bad_alloc) + { return mCssmMemoryFunctions.malloc(size); } + void free(void *addr) throw() + { mCssmMemoryFunctions.free(addr); } + void *realloc(void *addr, size_t size) throw(std::bad_alloc) + { return mCssmMemoryFunctions.realloc(addr, size); } -private: - bool obtainLock(int timeout = 0); - void releaseLock(); + MDSModule &module() { return mModule; } + void removeRecordsForGuid( + const char *guid, + CSSM_DB_HANDLE dbHand); + + + /* + * represents two DB files in any location and state + */ + class DbFilesInfo + { + public: + DbFilesInfo(MDSSession &session, const char *dbPath); + ~DbFilesInfo(); + /* these three may not be needed */ + CSSM_DB_HANDLE objDbHand(); + CSSM_DB_HANDLE directDbHand(); + time_t laterTimestamp() { return mLaterTimestamp; } + + /* public functions used by MDSSession */ + void updateSystemDbInfo( + const char *systemPath, // e.g., /System/Library/Frameworks + const char *bundlePath); // e.g., /System/Library/Security + void removeOutdatedPlugins(); + void updateForBundleDir( + const char *bundleDirPath); + void updateForBundle( + const char *bundlePath); + void autoCommit(CSSM_BOOL val); // DB autocommit on/off + private: + bool lookupForPath( + const char *path); - void initializeDatabases(); - void updateDatabases(); + /* object and list to keep track of "to be deleted" records */ + #define MAX_GUID_LEN 64 /* normally 37 */ + class TbdRecord + { + public: + TbdRecord(const CSSM_DATA &guid); + ~TbdRecord() { } + const char *guid() { return mGuid; } + private: + char mGuid[MAX_GUID_LEN]; + }; + typedef vector TbdVector; - void scanPluginDirectory(); - void removeOutdatedPlugins(const PluginInfoList &pluginList); - void insertNewPlugins(const PluginInfoList &pluginList); + void checkOutdatedPlugin( + const CSSM_DATA &pathValue, + const CSSM_DATA &guidValue, + TbdVector &tbdVector); + + MDSSession &mSession; + char mDbPath[MAXPATHLEN]; + CSSM_DB_HANDLE mObjDbHand; + CSSM_DB_HANDLE mDirectDbHand; + time_t mLaterTimestamp; + }; /* DbFilesInfo */ +private: + bool obtainLock( + const char *lockFile, + int &fd, + int timeout = 0); + void releaseLock( + int &fd); + + /* given DB file name, fill in fully specified path */ + void dbFullPath( + const char *dbName, + char fullPath[MAXPATHLEN+1]); + + void updateDataBases(); + + bool systemDatabasesPresent(bool purge); + void createSystemDatabase( + const char *dbName, + const RelationInfo *relationInfo, + unsigned numRelations, + CSSM_DB_HANDLE &dbHand); // RETURNED + bool createSystemDatabases(); const CssmMemoryFunctions mCssmMemoryFunctions; - Guid mCallerGuid; - bool mCallerGuidPresent; + Guid mCallerGuid; + bool mCallerGuidPresent; - struct timespec mLastScanTime; - int mLockFd; + MDSModule &mModule; + int mLockFd; // per-user MDS DB lock }; +} // end namespace Security + #endif //_MDSSESSION_H_ diff --git a/cdsa/mds/mdsapi.cpp b/cdsa/mds/mdsapi.cpp index e1098f81..a5c90476 100644 --- a/cdsa/mds/mdsapi.cpp +++ b/cdsa/mds/mdsapi.cpp @@ -134,17 +134,6 @@ static CSSM_RETURN CSSMAPI cssm_DataGetFromUniqueRecordId(CSSM_DL_DB_HANDLE DLDB END_API(MDS) } -#if 0 -static CSSM_RETURN CSSMAPI cssm_GetDbOwner(CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_ACL_OWNER_PROTOTYPE_PTR Owner) -{ - BEGIN_API - findHandle(DLDBHandle.DLHandle).GetDbOwner(DLDBHandle.DBHandle, - Required(Owner)); - END_API(MDS) -} -#endif - static CSSM_RETURN CSSMAPI cssm_CreateRelation(CSSM_DL_DB_HANDLE DLDBHandle, CSSM_DB_RECORDTYPE RelationID, const char *RelationName, @@ -164,45 +153,6 @@ static CSSM_RETURN CSSMAPI cssm_CreateRelation(CSSM_DL_DB_HANDLE DLDBHandle, END_API(MDS) } -#if 0 -static CSSM_RETURN CSSMAPI cssm_GetDbAcl(CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_STRING *SelectionTag, - uint32 *NumberOfAclInfos, - CSSM_ACL_ENTRY_INFO_PTR *AclInfos) -{ - BEGIN_API - findHandle(DLDBHandle.DLHandle).GetDbAcl(DLDBHandle.DBHandle, - SelectionTag, - Required(NumberOfAclInfos), - Required(AclInfos)); - END_API(MDS) -} - -static CSSM_RETURN CSSMAPI cssm_ChangeDbOwner(CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_OWNER_PROTOTYPE *NewOwner) -{ - BEGIN_API - findHandle(DLDBHandle.DLHandle).ChangeDbOwner(DLDBHandle.DBHandle, - AccessCredentials::required(AccessCred), - Required(NewOwner)); - END_API(MDS) -} - -static CSSM_RETURN CSSMAPI cssm_PassThrough(CSSM_DL_DB_HANDLE DLDBHandle, - uint32 PassThroughId, - const void *InputParams, - void **OutputParams) -{ - BEGIN_API - findHandle(DLDBHandle.DLHandle).PassThrough(DLDBHandle.DBHandle, - PassThroughId, - InputParams, - OutputParams); - END_API(MDS) -} -#endif - static CSSM_RETURN CSSMAPI cssm_FreeUniqueRecord(CSSM_DL_DB_HANDLE DLDBHandle, CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord) { @@ -246,40 +196,6 @@ static CSSM_RETURN CSSMAPI cssm_DataGetNext(CSSM_DL_DB_HANDLE DLDBHandle, END_API(MDS) } -#if 0 -static CSSM_RETURN CSSMAPI cssm_DbDelete(CSSM_DL_HANDLE DLHandle, - const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const CSSM_ACCESS_CREDENTIALS *AccessCred) -{ - BEGIN_API - findHandle(DLHandle).DbDelete(DbName, - DbLocation, - AccessCredentials::optional(AccessCred)); - END_API(MDS) -} - -static CSSM_RETURN CSSMAPI cssm_DbCreate(CSSM_DL_HANDLE DLHandle, - const char *DbName, - const CSSM_NET_ADDRESS *DbLocation, - const CSSM_DBINFO *DBInfo, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, - const void *OpenParameters, - CSSM_DB_HANDLE *DbHandle) -{ - BEGIN_API - findHandle(DLHandle).DbCreate(DbName, - DbLocation, - Required(DBInfo), - AccessRequest, - CredAndAclEntry, - OpenParameters, - Required(DbHandle)); - END_API(MDS) -} -#endif - static CSSM_RETURN CSSMAPI cssm_GetDbNames(CSSM_DL_HANDLE DLHandle, CSSM_NAME_LIST_PTR *NameList) { @@ -295,30 +211,6 @@ static CSSM_RETURN CSSMAPI cssm_DbClose(CSSM_DL_DB_HANDLE DLDBHandle) END_API(MDS) } -#if 0 -static CSSM_RETURN CSSMAPI cssm_ChangeDbAcl(CSSM_DL_DB_HANDLE DLDBHandle, - const CSSM_ACCESS_CREDENTIALS *AccessCred, - const CSSM_ACL_EDIT *AclEdit) -{ - BEGIN_API - findHandle(DLDBHandle.DLHandle).ChangeDbAcl(DLDBHandle.DBHandle, - AccessCredentials::required(AccessCred), - Required(AclEdit)); - END_API(MDS) -} - -static CSSM_RETURN CSSMAPI cssm_Authenticate(CSSM_DL_DB_HANDLE DLDBHandle, - CSSM_DB_ACCESS_TYPE AccessRequest, - const CSSM_ACCESS_CREDENTIALS *AccessCred) -{ - BEGIN_API - findHandle(DLDBHandle.DLHandle).Authenticate(DLDBHandle.DBHandle, - AccessRequest, - AccessCredentials::required(AccessCred)); - END_API(MDS) -} -#endif - static CSSM_RETURN CSSMAPI cssm_FreeNameList(CSSM_DL_HANDLE DLHandle, CSSM_NAME_LIST_PTR NameList) { diff --git a/checkpw/checkpw.c b/checkpw/checkpw.c index ab9d56cf..d0a0ef76 100644 --- a/checkpw/checkpw.c +++ b/checkpw/checkpw.c @@ -64,6 +64,7 @@ typedef struct sComData unsigned long fMsgID; unsigned long fPID; unsigned long fPort; + unsigned long fIPAddress; sObject obj[ 10 ]; char data[ 1 ]; } sComData; @@ -100,8 +101,21 @@ enum eDSServerCalls { int checkpw( const char* userName, const char* password ) { - int siResult = CHECKPW_FAILURE; struct passwd* pw = NULL; + int status; + + pw = getpwnam( userName ); + if (pw == NULL) + return CHECKPW_UNKNOWNUSER; + + status = checkpw_internal(userName, password, pw); + endpwent(); + return status; +} + +int checkpw_internal( const char* userName, const char* password, const struct passwd* pw ) +{ + int siResult = CHECKPW_FAILURE; kern_return_t result = err_none; mach_port_t bsPort = 0; mach_port_t serverPort = 0; @@ -112,12 +126,6 @@ int checkpw( const char* userName, const char* password ) long curr = 0; unsigned long i = 0; - pw = getpwnam( userName ); - if (pw == NULL) - { - return CHECKPW_UNKNOWNUSER; - } - do { // Special case for empty password (this explicitly denies UNIX-like behavior) @@ -136,11 +144,7 @@ int checkpw( const char* userName, const char* password ) break; } - // Special marker for Directory Services - if (strcmp(pw->pw_passwd,"********") != 0) { - siResult = CHECKPW_BADPASSWORD; - break; - } + // Try Directory Services directly result = mach_port_allocate( mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &replyPort ); if ( result != err_none ) { @@ -245,8 +249,6 @@ int checkpw( const char* userName, const char* password ) if ( replyPort != 0 ) mach_port_deallocate( mach_task_self(), replyPort ); - if (pw) - endpwent(); return siResult; -} \ No newline at end of file +} diff --git a/checkpw/checkpw.h b/checkpw/checkpw.h index 97d34175..8e17d758 100644 --- a/checkpw/checkpw.h +++ b/checkpw/checkpw.h @@ -26,6 +26,8 @@ #ifndef __CHKUSRNAMPASSWD_H__ #define __CHKUSRNAMPASSWD_H__ +#include + #ifdef __cplusplus extern "C" { #endif diff --git a/keychains/Makefile b/keychains/Makefile new file mode 100644 index 00000000..b1275035 --- /dev/null +++ b/keychains/Makefile @@ -0,0 +1,45 @@ +# +# Makefile to install the system-startup code for SecurityServer +# +KEYCHAINS_SRC=$(SRCROOT)/keychains + +SYSTEM_LIBRARY_DIR=$(DSTROOT)/System/Library +KEYCHAINS_DIR=$(SYSTEM_LIBRARY_DIR)/Keychains +X509ANCHORS=$(KEYCHAINS_DIR)/X509Anchors + + +# +# The other phases do nothing +# +build: + @echo null build. + +debug: + @echo null debug. + +profile: + @echo null profile. + +installhdrs: + @echo null installhdrs. + +installsrc: + @echo null installsrc. + +clean: + @echo null clean. + + +# +# Install +# +install: + if [ ! -d $(KEYCHAINS_DIR) ]; then \ + mkdir -p $(KEYCHAINS_DIR); \ + chown root.admin $(KEYCHAINS_DIR); \ + chmod 755 $(KEYCHAINS_DIR); \ + fi + cp $(KEYCHAINS_SRC)/X509Anchors $(X509ANCHORS) + chown root.admin $(X509ANCHORS) + chmod 664 $(X509ANCHORS) + ls -l $(X509ANCHORS) diff --git a/keychains/X509Anchors b/keychains/X509Anchors new file mode 100644 index 0000000000000000000000000000000000000000..dd693b78c70f8717a9cfca4f55bce628825fb19e GIT binary patch literal 153168 zcmeFa2|U!>|35xsU$ZY|8!446Gj?tEt!&w{mF#5Au2e+Yk!aB#N=m7yl!_uP6h%=; zS|lyB(xU(C%*?wxG->AZx%d9>{d|At;pP2)o%eaY-e-F~&-y+SoZu6P!{d+>1QI3R zu{i6(l@AE6tiCv$lrj!yoexxp!`YhPaCQ|qoV_McDGuk*gu^*z<5-;RAS{F|%d6yixv*{|eT;JNhA@`jF%_LfFYj;0Rq9O*#eex(EXkNsJP zrHzTH3t0g?hcw|>N6~?v5q{QTXK3$WX=CnbZENCWWeQ;?13@0qk4q9fpgI(e9f)q6 zlPKvyK~XpkpkIZ<{D}~T6A0x4t&<04ViGP1`Ei&S8HI#u;&M|d`=N3TRKq$Sm4$~nBo-#CfhUu`kbT)J}r7D3iNDmJX z$`4wH=@9}?xu5koxLRAALN&mmgX%Jl7YOA8tt0D6BAX6w{Lgw^w1|41#-{d;mS&d5 z5HYeS${TPJSK%KX2-1sB0=^RNk)!hXN=lZq7{E0N2zZpGtiZDZ&k8)s9yZ|Fl7K2H z$z(TxEAZ^VqvGWNo&$J}N=o!O4d9vt1U!lg7w}xba{-UCoEvy<;JJZES;qrB5AZy| zqb%SBo)>st;Q4^(1D+3fKH&L*=Leo2cz)o=06zx!F~E-j9u>U+@B+XK0FR1M5O_i0 z1%XG!Aq2b-@It@~11}7`Fz~{_ivTYIya@0jzyplnM1dCtUKDsS;KhI!16~Yxap1*) z7YAM(cnRPofR_Ls2UoH~WkBmxfFS{C0qFtFOoD&NdHMK6Q|`#+W&rm{mSOp*SRcO; z@+?fqvr^xWz0&|>QH5ai{cP0t)5@a?#E3kKC%yEuGb0}x5;`*d^zesX{!`xX>l=yU z0S?9400`M5!|{)b3JQSm$YJux02q~Lr<4E4U>KF>pr#*%$KH<&j8S<`FG~7p<&i-$ zD$hktKdn46U`FK0Vd&IsBY}0A&>eR7~Wv=icH9(z6ORjnEWIr4u&_F z{1hhSk?ml3gUKr~A&+ba!y8O~DiiX^b`ahmSxjCT?oqkWI(qnn+DYU_;tvYTjQmLa zQDstoB>t!|DL)c_h)l|l#2++HU?%+|@kgCW`H}de!KD01{Ly4W9@UwV_=CnsjHaI+ z{%A8HPY-`|n2<;D9Em?Lzr}F;>ERC=A2OPLdiXPq33+<>Go1-}diXPg33+<>Gm{B< zdiXO7Adl6L@lXqf5o|T$@+V?v%Ahf~Mqh^RcvR~X`fow4o&dI{YH6QFHC zaL;Z4lnK-ZO`9@MB2W`lsR=;QK$S2rF9-zjAn-!K3jr?#yb$ohzzYK}47@P#BEX9PFH%bBYKcPnM3aCZ9cbt#2D}*XV!)%J zm^kp_z>5Pf!3X34R0uQxLnRZSY@kjU_Gkj70yV%82Hr6)9_T7ee~1FX`=rjmk`fmX z$V-E~^m|wy0^KrefSPbPS&)$h8CiIb9K1))1qi~)K{$d5P$m$(M;`K0J_!ikGhP}f z0;n2?Q-Jpc@>aX*#Ojn!>JO0 zLV!R<4P?~dJ!lgn=d84?YegpO# zZpn^bd1Gx{wmPZ`{hUIF10d9KU|2rLCo~$u)5>FWxZwT6 z{W|@T(UA}e$s;lVk_2M-{V-%e=1MC+mKpgdpU4QRJbEXptJoYa-2QO1@&D0&Cs7_F zyhe`OE;1-A`j5sIOAegR(KK`W2elNf%#PfXOv_oMYBhUFt7!$;OF z0yFZ|^;i^tEdS)0k*DtGpp_rbjC_D!7?yw7`xTgwXQ6`)6PS^wgAEgzk*9+Vip_GC3})o%U>m}&(cVvsZ7AIDunny}F`^G)8wxiX zwxM;X(R9IMvP0O0r-N+<@RVVBI@o5&j65A|Gh#-b4z?LHBTon0Oqh|U?n9%sZBwS? zDf`f9<;|Fpr-NUBQLg7%E zBJ4%F#u!FKgalFMmK?nTz=xs}#mydw5uI3i5&j~bJgCk^`gui%qmem9A4;zS5F`4q z^m0RZa#?^rY?1`=D7}an(S@ZK%@HD5e$eF*w8YOc%qS?DIyT01qWL#wbfS4eBr9m@ z@9*am9Te+FRZjIsdFTwph)ygI`KYqo4$)qb(J=EzsWRkpMtO+V(-_f*=~njb{z<#zB3iwZ*N1qK|Jf39%Ph(4@LP(4Jl0)`=RUI|gd zv?6~LM>ilwbYgK7gz!j~*EBvl(#t0rGde7e?hNX~;wVJbCurjr>lZm(Dbk6`#DhVd zSeXb@bwZi=L?%R#5ew5bpGjRJm@X5)pL8u?QkN)I7l(--fZrcjh1xz(26dT2I8?4^ z4iTk^%^@fN&AVdhTL|}zlqZ%~Xf6@Sa=;XBkbeT)QFv50ynq0!#Koc;XGjh(4@tpm|25kDn4Z8jTcxly5!^>csMGELA7lyhyJI>OHDsz6|QY z@(s;FlJm_eERLdy!XsU%WKlau>qx+$@tYnHZC?V}6LLrwy}pD$_%osll>yR)`anq6 zulf?G1!6=WN+;5XbRnYGmk0!ZMs#6uLuF5i8~wgS5QF-#xS@9=ef0Vgix|{}#f_b+ z>sNh=U^d%NEs1wUWK5CkO)t5lv$4nmbQ}xm7OQ5b4Bf7A-{jM*88bwC*VP(Qd zUm}Jnw^iDeAx!|DbjeTn4^>csNxSAB^U4C=x1 zZM42b66iv06RjfwL$5D^>OXSG2I%!AlEI%5U8oF@uHW?~Rx+p$r4#8x@j^teFOh=$ zfoL7QbYgM)U0)&<6fvR?iyN{%6gPT(iB$~h!s3SBi*)^}FOkNeJ}hpd^(9s_sB12S zLuJ57Ut$e|Izl)-k9HOD`jRiS#fkB;E9{#Q` zv5`T2SRV32cyb=nnU_dsP!|@r-}NOj7}STA2_t=pOa^sgar|9hViSYWd(e$|)Q!k`{3uSV-jY-LavRyTgv zm)ORjKCEsq(wErIpiV5`e$|)AWl#^6Z=>}kc7QH~|Fn(-%ujuZBP)`--sYxoUjLR5lmde?T`88y~rPV(70cg0rh(kq>IB6 zzMY{=r;&A`JlhAvh%Ry&P`@1^mw^M!^?8NZ#Dsd2HKP873($TB^*NzDqkc<*^odf_ z3C*>oFRT#3TFeiLA`U4Ug|d{NH4!#j5n;EfLaT$C^Xpw4#gGqH;|hQg!+NV z5vU{sSJZDsjv5Xh5BI3eL5@Hrns9iOcGRY$xUK=(3v>pk0q8kJ9bOWyL?8>Gh2XCV zgdBPodJl>hDhqVa4TSm~NGEF7`GJrF9Y5lRWAcy=Bj~u$9v>}K5 z5oRHW{84(5L;eVZz>)J^kaCYBz!lN|%XdnC{nhy{1bK}dflB``-~aM_$0a2}W>Xyj zu83&z9k&p8WX}jY5Pk;&NdqB=2Vz0{LTJuNLw5DU{;7LLP*~*u!~XvWk0&Hi^q?>V zD$%?jy@G7l7I2LR$^H~3P_e3D%kN_t+PH=7&+7E~JeW1M?X#WLu4+RQ` z;)CRn!;gsP54@l``wE5sffv+$c1RZaBg{k&Pu*jJ?vX#jQRMJ6XHX%33|sLuXGaEU!ayAE=o1{S zOc{qe2VtrzaJZ{%INVJu9IkmX4)*}`b^-s~4u^XMad{8d@47fV4;vhb+JM8uH;H(q zBphC=6o;Q>fWsSSlXJf|^O-Z~&ZVpx_HVzRMCkK)wQ5-Qm zA_C@)rUc{gNT_4vkAz6l#Bt~etB45sNdokv93x|*q6zll;n74{34T3oqPn_4kz&q4kD-2SP~vN}_wR`)FDyPmtJV8sWq?7Zgv zW-D6)tr~U2I0BEIA1FE5H|0Z)8@ISu9MAZPO}3^*wdbF1c{tcqm~K=zp;C6!q}gSm z97#TU)%zFdva+z^p}#adds!h~!Y5;{c*;ETf-YoJ@|>k40R^A#neSK!-)k41Ykgd> z)%wNMDV=v0MI}G0T$^{Nzq6oVyiTsqB@067gUH8MKei@bIDX9GzG$iZnY+zf9uL{@ zxq6?9kc>}M%w>}%hsLqF0%U<5uz6AWWpLjE;hliMpM4o| zC7UF1B`a<(D+?a%VpzekgI)O1*oA{BNt7r|u?t@K_={5S4UI@LL@DIUDsIS1dl#ilYIW}?mI&&&Q)SJA1m$>Qx*KekwIkZI9Tda`u+IM zqce`hopP=zJG{RqXxhv%8VTz95i7H{dxdT!a%C*mKVUI$?7+mfIsP66(HYy0ULCCD z7~g#)>S2NE7yGv3Vt$0rTK+*D50(4FDu@r1CkQ|2)zS*gyn!p(DnBz?Ucpau>bZE= zyt|KL^>Xtq(>FvP3(L>VYu#~M*JHd=J^RP_{*S&ayI+T5Ch%{DF?(6v=p*4bto?TA#HpvT=bFd+9n>Fc^e^VE2;QFdMt|8mN%iYXuRK2NYnC&h z7}V;NvQ&8s=XY0Sle{ZWdk(ej^GR}(Um$3(rO?B@+`0CJqM)%$E!jrjGM$?dQ;f1oqh2 z%Fw}q3KCRI{X5?UHGu38ma^hFf}p=bc6c0zT_^P(UFgoRwq2J;3=}+S{p1sAfspxguxWAIC2ob0+`>b&4 zX2%X8jjj1ptd?!wbAEQk=2xua9%tNo8fxcuck7gFx1bs+_U(Iyvx#B4hzbn^Z#+V~sMGHhTcCX&I$gb^PuFWy_lLr=O?_7M+ zZXr*t$Sz&ZG?v1i!XQP-%)?eCwhD)**`~HUyt(I5Q24ofM)!hEp41k<4mI?QbX&}& zb27m%-*s=c&L^B2|D~+R`whC04@3)1tLG~%J6(FW`t^}|5tGx`rnVd7CVuuR4_f4+ zAawemMuu~Y>xcR&_smZ7O!Yf;$0%Iv#F?dE-t^3OXx4O_M8)YgVsa}DP8XlwwnVd3 z@zdvOMaMU+=Q}6da2)qLoZe2w=}pAs^dwPw8umryFaFzWz%LNHWJl+!iI?swbO~(X z$l7JNZD(t0LUOCDyC|oEwqHg`OWe65h9Tw)Q|6Wos?Y5H`cYA&Hc7nTqTAQix8f7l z%I9`jaq^^TRlMz(TYY=W>9*xIuOq%m>-F-n%oSBhKQG={_0TM)dqVNc_eQ0wHb)2s zoZZEtHCyt|)FpLujrJ|^X?%8WU(M7@+80FlpPlzvp0M;FH^0H*MeP~uE`R*EVVn{B z+$Pfxdk%Wb2Z|AlXKe3IJU^l3&?bqfHTup{BwfkU#R9qYSI6v5SCx9SVOz=#Ia0rg z)fKiV%h-hiwFBoRl7dxx>a51NP6H%Ag+o9>MQ|MM|F8Fs!1K8!lx%>0 zGe;1CdXFx2YdPRD>SLq4rOs2Z0cIn|P#;^2xRT}DukhTL5j_7*ADcjwrNFqv4;ZIR zp%dtVI7tf)O|dSvCSr+yPb_|i+&$xn87XT-s|YPKc4SB`XN^90Kj@BG!9e;YKB3IH z1#13|22L*?$jx?sy+7Ca56)k$=(SsVpzGy<Q`-Bvxhh0SxbqF76DL66^w+PrRT zg<-y6E{;A>XszW2fi~os7>+CD^+Qy@_u~`Pgic*+7)Ol{C0;DB;PPx9zyzY|~!9 z>>z`)mCdDR&MspUD(oe(Z^^cCkx$>#u<#odxf_YeH))VNd6rH~R*78P9*@$)QAOP! zH5aOV{vC3sQ;|E3n4FR%N>9VSzX0!-*Hy z#Dsqr{5spQ!L#r48||oNQrf0hov&e+`A=}|D#4VTXGct)`L(zkp1PJMgWH(Ao6 z?@C3(Ma`rwmu4RiO|Q)~?NAFiV#=1cq|GVonz?_=xDBzR&iVC@vWPGOPZ( zQLc%6s7KA?@iLy~!reDL=YMV~I*CT?Y269kNE{5&ts{Y54>k2#GmdVmc8VYR;m{N-uZHI@462{VXtiYH{BMNRIwDp zU&q4ML($h?-AoR%a?Ps6_8 z{Gh+BH)^U!_ zXwkq&k7ZBqe_q|ouVo+5uzPDP`)2)|TKuyhC*2i-UfZud_B?QX)=D3XqAo6rSw(M8 ztnxlkda(7p&d$Ix73XCor}g(9=e*lv+ty*an5e!&N|k%?qW!+tmy%|2c&IuVR7rh^ zFfD1D|M_F2Tik7*`dcn*aYjD+33?4CB`d=W$3AcGtXkvND7$#G+yr9uQ`y3f8IyEY zq#WHHcdL(h{QI2k&#&wwBL{}fqgXIG+-RkRLGADHnFcU0p}9_mR`3H_rY6H68uxd< zk71mqSDOKEzd|mt15wxPSih5V4aYVUaM=)ux@Lngn_V8Lo${RhDPZ&$=sQ2A;53`| z(~Y}FOw|#SOKGs$$(1yfI0eBjkH~mK6KhKwO9w}LLt~h+C)kiLFl;e_B^_IPdsABn zk{sEVVVXqT!PMT_62dtUOs!0f9qnyxER7+6GEs>F;tGERK=RlRn~^oE5DZmqREuDz3@G=iKH;INF$v_QB0Zu8QBR#j)FtYm zr6OAP-&YV?yDq!Mtr)_UqXACJmSvTF}P_#}8Pu!&FGlv!zw{I1>eSN>`nX|jDU2uKg z8u@nJDt~G71*NN3-W7Nlpm^ZC_VIV~GwtTasw+=dEAsSO@Yu0gc>Z_(jY736muNqH zWF=l5-LA6eO~dg%je|oMbpniqRTE}sA4~nhDa2(%+#J(`cf48CA)3~A^yrSri2^2Z zUGGAUCG1qStlhmWR$V-|0@u-5N?_k4(ViqG`dZttT0Y}-D{l7KD~r7fgy!R>KRFm3 zGHrHPO6L-ihrHha*J`8H0Z%E-hzL>W=SgvzH8X4qdb^zEc#i?U6)9nv{%S0@NSxTbU{P$+A;T93X-f5VkbsX6VR zyvDx_N)t0U*;TM8?%m0^j+5?ND*29muh)?no7TEBavqQ7hYxBEdVx|8Oba9*Cpk{v zESM>JNfcjH5Ua9G;ED6Q?@>zO=~XRBU(RL9NR6}H$>vjSB=au(+)2yX?dGp6&$6f} zZK!2+F7FC#s47V-+c0O^(T&n;Qmww(9ow!L%XKNKcyfZ%9hGMY1~3f%wJlM=;`Be; zWGIM3{zXIs%Dt+wt+lF?D~kQUIqqaohBSzNxG(BBZc9wf9Nm(^{;ZyzTX5abKWFQN zXK1KH-Iu|NzAXaBS`Ks`sEW!zqP7M5;Ccw?8eo4MV8167`(ZAPJArACHHvNs`n_x|-VLwS09gq814j z_bF@nf91P>hoX6G=f)r2Hgn!{#mL;Ugr+H7kDliw9WQz8o<4O-uJ6Nr^Iw&4vxh#I zta{UXzxPn-n)|}Ny1nwdDh;RN?U$~JyCa=Zd$xQ{*&^=lsOLfk2OI0Idv8>En!$U( z?slQw<;gET9G`I3q;Yx_6g4Fp({#n3?s6rrGn9m5*mE_^@kt+11^Ns#o)O+i;1_3H=rk8a&SDyzeu)(>MFx?omA_ zb^5K{ny9QxU5~{#=Bl$CPM2)&5fpm8TPjApu^{lOzd}t24kGr>P2gLk4LAaXh8RDuo3iP#+QCP`N)kc<2tT=o4Z$)XeWcUA%^LV zpW1HS{_V^TPnDG`z9daA-&J4q{efmkt*7j^Nbdt-a(ZQ7P8K?4_nIJ81-_i3eIY>X<{zK@_aGU9eG`lQ!A9iGU-#p9a!2%QEZ^Qwo)y|Xrv%e6n zXS{#qdGp+@hGT%S=dNyJOY5 z+6}91I*;u(D~c_==MaXQ^;qF#t+bl$8`p%vF{zeEO$VGpx)Nt^j)`=<`0z@)$3Y^& zL(Gchc0$7C7dvvK<}X?A&tJW<$>GG}WzUSZ$G2Bs+S4ke-O15)?yE$&yGMLLkRVan z!65j%(z_S(%ijf0)kt5M8UKh3S3mlRqg8ukc%#*AQ!8^r=#>q(DzvMM)~cw1kX4a4 zeA(GsS{vHCf>j~)f4P1(1QhTd(Pt)sYY!*sN@-cBj(Iyn=XMcsK_hgv65$!z8%f16 zHd(j_hwTGHV{9^C0ORZg2yac{Is9NwbR1w33yTnLy?cyvs^cnN+^u7}7B`RQkEnFS zqE*BEqQ3pxZwnP3^_qe?Tr#vTwT+s3fXVbh4Zl`x%>t7e`JaWC5LnfzdU{`#7woSyFavgyZno@L$e(3-FA(CFeB{NUJ=~5 zGn4i`xe&1B`rew8JKL|t?CvGzdgj%)9*rNXuh8T1V9NPor>jzq8+<-KKk%YfN7y58 ziY!a(1G(v?_XM2Hlf~F(A4{3kSmUy$s{Lcp!92qP%e@#XSJp4!F@&C%;K)!x7qcXL(bg(qH0rR(kDYZXl=$xq!2o%`0p>8~& zK@ejML58V72x4nbFm!UXu(h{zgSk{E2UCKrjg>1cf?&$AU1!vlu^-@$P57bBznCsZ zS2BW-v*v#?O+U8;l(dQ(vk{hAofiq)p>3XkOS%#-#QgzUKaO~K%nbznT;$kfsMq;$ z?*;U$w#N(Fp0UvO;8_H{B5qi2@Z4rPrMu)ntDXCj5wRJ?e!2Lro8JiTz#E zbBu@oQnT`dfO3_m*^}A}E_9YyXPoqMo^dzv^85N(X*c$->3YG;b+PJzx!nRY zz4gso&X$FXUKG4JNn|&>`3}+&kruhuJ1jcuiVEl}bC6YyWYwmnyv-uG9TjgbTg)o5(+4)3qP@a9m4e4rynR45Qte%Veq+j7m|490H`}5P-_A=?LJj?oe ze0^a3p`f#Qy)yhe^9cv4_SQ6-SxJQ6KH{&xWkY9bllJ%Vt~G-~3kyBjmc1SKaiWoz zK=tf1v)2By>Csdan^C#Z+SpR&e2;wAJ^!7jJ8I4}JeltqJHAqJFm>9r!3||!UM}o^ zev_@_YWqRf4C1?O5A&bplOEoY<~3`JBA zHzYo}-spUESki+@CI@et%x{v)+{Q0!lzkkh%+?T{$HG3|$EQA}>`PUscW_Y5xA_r< zUBrYtEd9N)!ZDc6Z> zpSQK-y;4fjUySr{;!q9P{qQH^@#HT9P3=PB`$)7ys>|qNW~4yN?D*Bu{nIxwb&*{gtkL9*#Q> zIO1;g^;gwyBaWM{E&d=c?8Ud@6PND4VKEn3SJ{7(RBS8#$ad#30lrDl7oa-JnNwsTTn&*@**PU*$|s@-9#4*nb39Z1msT)Xohq)7-j zvL%4R11H)iVFy(!$Qvwg>GAr=HRAAGJL%_a0my7PAO{t2(hx zEqlSee_7k3`G2YHVJ@-1YkP`s6bJ=faXs9hQ8re<`DR_29O21s#fft|qx{yob~L0s z`5;hsuDCz(x%}5B&-q>_nvNeEn^h`un&8g;+3RTG+k%a&E-BsZ@YlY*gXMi;*22V{ zL8TcJWE;}#KdSFEbdeo@zTVV3hbyeXzujSfU7ui^W7K-KeP$XO9ufxSyRGlMyWo`a z{P@~*x5V5n<1?qPnfUg$!x|Po-uSoAbR^~w%{ZSVg&t_xqWWBUKkCr&Cj2UV_RP`K2Hp`b$^m?Gs)@jcrn)**UNaC zWit~7B&(v8iVl~N9~ z&t1ua6AB1^x5mrdlXY{mJAY??(>`^rRVSuBC|P;9@di(Y?FRRnIk@R^N-Ga6*Iw1O zd`1AS?8$Wd&cfdLVuM#g`-)}8tU7%tH%ipaJ;QKvW%F|t>-+`vMXj%HwzV|RFp`m| z5}t3Wds+A0*Hx-1W)>&z5j?ZBGrAK5wk_EHysshu+y{sAN;h3gj)koVId@wYS0evv zz|ebTdCQ6Fb7pq$NHrPw!sy-)@ssX%fATkew>xDPq3E*K!c8|398 z|M)QvB*i*LGNgVD60sG)Pg$&X3l4VC^}WMbN7DMbWldi|=d}9GE$6?WU}s znw}~KmwILpr%_gNG?-t6Q76&N;!@UubQxabkJ$ zlJsMR=YJrLqn!y-)NuBKxXPK7rt7x_Dq>03vs+{~Z*XR*Xbm41Zm%5{dori(q81Mk9P>&Zu{zKmy%m%ReALRv0GP7dk@S{ z-#M$#cS3AI{o!%pr&^ZI^$I(%V)fOo(@!etYCAn|+^bD>&}Fxau3d^iq!DPQNIZ{>li?ZKcTPPMkCl4v66^0UQV1}T6)-Xc*2Bxy7S^rVvu}wR_ZjzykafrY zG>~Lw@^V=1_!oiXKPZi(f#kt8c=>4M?s2Sr+a7J5At2Ayzw^P?p4_jO;7q6sp7vMk zWR-=TmCxXVlI6waKEoT#FB4xNx^n@OW&CN zUq~U>o`r9p#QEXbd#m`}p}l5lpUcy(IletneXPk$+U=Sc@jHLW2bD3QH&?{{3M3;{ z2Uj%qFaA=!`(w?5x$6wJoe3P+A)V6Fwd?%%SNop%zfj|TfBoKzf~h$lCoD{}Hc?F} zs8-o~=V*LTc;x+%qg;JHSvt?oRTCwOhwxUzJnhJ6zpM z=ekZi$t(I^_+h}__r>bI3yzybPTC;6w8o_LD45QVe&}C>k<82v53_=Q7)Ji1((yBD zp^^lgtn7c~c%(n>$p_oOB9DX&b6#7#3AHbY_GnYj2>nm`lFM3$IByloo)%09_;PTq z=9NDUCYhOQ8&*O7MKJjfO5$WGxo#t-i?1S>g_`R(tswQ)bvb z*Sr@mS9mtmcvDV>>AVHYYrb61XX|~jRmYJSehzQ0u2J7MZ-;M?*T4=L>9w{V0l$LD zxz_a;JZ@|oyHo50UN2tNS|A`IV*3?Ax9ofeYsb*3$N1+PtoOZh?{$Z>SC;32Y8gQ< z?K{eoW;~z5T`uGsT~`*hN7~|0g%|#Hm&5_S#|B)}$8`6aL@DL=2W7okEP7e*$l`;W zxWk_;<~VuQb)I4Z?&AReehuQ}rXrWUyLJU_`bM^`zql{S%xvZ`Gx&$$VLb&zpK)@_&Mn>TA+-Z-3|&F&|h_P0*P* z@TXxUGjl@2D#yPFBmY5Z91SDS_C2{ZSbcPrV>#!%!Hk*}fkFe-5+x>WkBL#uO5RFm z8tSB9O?F>?eo@=WO%tvgde8XEg1;y&PReHA8XLC1_`H`yhz&8VZ?2A#U2UOva+~|? zqN=^6VZCZk=hYmaY7p_j&3a$D+<8{H7S^T=tL=*`x>nY?Jl{4g?M|BRJKPkxUt#2` z4Z>9i%k9LL+?aLbjPbg*qIS`#)zMJw*J!(=*&@AKVk4J0P=5{+I_ALE4=UtUwO2@`^ zJ7=ufsOS2%NPqmseO3N;$&psC#{1gZUQgO|YRcb%k<84x4Kss(7)Ji1(jhn!wGc+K z@x*-XJZQ##+|N6u{Bq$jiL@ThG0s zV

iGl0h7s@UdqR*^9#=y+B*rx$%p@1jZm28Kw~BWVz|)#2Md%8^Kau*CoR1;1VV zS+(q@sF~zjw%zjU4>!D4&wui{FX8f0^@rno=REmnZq5dWgl2@_smUAI7q&9d?9-K0 zL8Ss*;p2+Fg%&|>p+1~l-*s)<*(6Wwc{ri?gSIwd_UyH%ChZYo?<7ilsYkpiSjv~@ z{P8khnR@5s1wJ;*&c9Qb!TE|??C~K*i~WvL@8{V@@QnLpxvEmOS1CSq(z%|3`%RYB zS$DdVk3?tBI30d@%7DqDZ-o`4tE{T4^|m&pWdfgoF7pY$Q!g%rEW%S z-J0s!aX)(bR`-E?$&Qdk?mdV5y=#x;*pjC4obl7os){xLyjjNG;_ZjNn|dj;`yN0U z`|O*vBCE$XS;Xp=NE59LUH!^=$-G(o>$f89obBIY9k)JIE2!AN z(DoGXg7AWIwu4%Gcef~5&L8{z;L03#Gr=Kcl{WjP&ysJd1V4uLr#26XckwL`@33$x zyd*niR$<@zt&(9iJx7mCW&I#AH^Mq@z)r2}!r0xfKRL>ktZ*K}36*}0zE>UZ5uB+F zrUV8>r4cn9J;E6dug{j|mX2^10@`V9=;&l`O5Ig$Z2ObJz`;NigCVQ=)Aamo;1vDT z@9>iMQdsmIUUCWb9$iG~RS4*tU4>_8$HrI`2(qG$az*E~p?%0~@>E_A?t36S;16=_ z#{qX*0Cy^3p07dHU_GD>`h*6)3LJipH98JC`4G)wNK6!opM2H}8$1B1GK!qTRL_!~dk&ox($FPgykIq!a4lw7&iwpaB z8TbYTLV*gcX`5lnnzM^=lyI^Kj zbzrkyxI<02r3m+#W6BmAMHl5sc)AVVQH@b+ne5%TS?#NJ)8W-mxoWp}XX(eB@10mG zR<&d7%-bd#??n?rbyzZjHoLE@9=q%Pi7{WrL&}e{XQec*QeK!n%hYLa>tQbWXA7TC zkAAz|Zf;-$tIF}D3wbT}B_{R8vm?@7R^>dhQNF8U7=Aak`|386>*jD0b3u^et>810 zyf44Mwj@j8l}NzKqo%5+PnSpPuiBOEE%+m?;GxAG*8=q(P$ zUtaGp!>8wULgkYSS?az^PReb~_CEjO1VJq4%htE?YChTqx{u8SWZIA9T<@Nfx%Bv) zLrpckx%Z2j^Rh+FHmbn-p@LYCd>>9Gj$G*6jGae9t|6rS^JQ zimlPMFN(bP+d}Ui+U{f@&@-7etLWz zRJRwqmhoCQ86I6_VeHy=y0B}1$K{NBXZCp?2(+_*a*K2@d)56tX6h2oPv7?X&lLV{ z{9xOgxLY@pH)VxAK26&7*e)~;4YonN}O@UV)wcQ zzJvP~$Gu^jB*)qNMDbHp^feR7asGEYjgM`b-grZ~CE9VCwDt9-zF6%<475A6ull5e4dziAdQx>Zi|$#b2yqPcu5{5*x9W2~ zBD+(~Id^H*Z0Uk;PTDuWZn1t}()aRo$jVo0r0qslhfeUH5u4xt@a(m+*-gINPAVQE zUj269<>4*z#VanwpQ0M_KMKcxvT7=hGh)?{p1-}_`7h&(;rJh@3W)$GddzrEx5J$= zrLx!0S=xJeS|!HWy@Vzg{o)GR6Dx%RL4P`!dOZa9#X!fY{51#*dy`n9KhC-js0#Yx z0q~O>4U~BR{7>NRMbig|*7}d%>TyzaP$ig$$HFQ1q3~mbBt9Y!Wk(XLNw^6OXE(=^ z=I2}B8G-WArv^4TK%E)TBEe(;055h}GD(xl690xMj5fbmMjZ0J@S-mCRkHG@6+L6m zjtN>c`O%?6H*#F$`k&mEAc1l z9s|N9a|gudZB#3@{;XP<{anebX&%4%%`j!P<=X=4a9oE^Z4uYHv})5+_q{x|{`TJQ zykc@Bj#el+Pbuh}>OdK{s}WUbj^7E{S>9$!@i@b)+x9w1*XxHJ-|SKRSu*#WbX54a2}T*K z_sqR@A#G33y>%A0T&+RbNA#ZwsB9IOygAm^`{DP!^PZ1PSGRslA!gTMf6B zWa|hv=8CjBf6ZkLEK9s}rh#yAdZ^v$F3mTJ^|`ZjmhO8xZf<->%!9L|``|!+j;eOQc+(2oUSZQ4#AWH*FG%}cm^LZyQuDgP`(;`gl0lJNnAkcHZqi-+N@AAMc&sw$Gx}RNYpoyjFNYqx19S3)b5n zArBpf+4YE0Ko$2dv1{^s;DiD6a|hG|Vg9c7;Hd+q-`X|7zb`bY_L*w!+QY;L&3Lny zV;;gBJ$c?9?U94IGUQm%-ePq10)p@M(H>$lzX|T2LU=TfW(b7l?FrCkuce-2rPcBN z)=1N~8Qx@553S;XL#r0Y1o?Z#lT?UPDNXeRst>`z&j(H8qaTf?oZRB~$GI(-9jmL8 zwBgqa(C>x8-d^1wEb-5N-)Kf#HUGFv0GIdcy}2rKT%nsp1Gn+W4&7%97fJP&zucI3 za}Rsx8GN6O=F6^iIc&a1`hy)j*-zdGNV;gml0MXq=YIJJCu;lkOCMjm@mcq&kK~df zwu{Z%EZ#4$b`Ob7iL=n|k-PkLl8yR!_UzkL?7et?9lf`mM9JoMN;q z@!Zg7VkbtR7FUi94hSat?e*E~mG4QM|L0~tHa)^B!e(r5MI!$mqKqILoU@oL0JDw5 z%3;{AfT3T3gWvpu{#uf##k0V{skcw$+%s=cAPCxOY|Gr!MAMm|`*?U~VjN}u^W!p3 zLmV5-*hsNEYp4=^SXnqKN7O#_>w_*gr@Z+3siW*BOSweZs>briojG+AN&L72Sz#+q zW%=y3%W2FFe%#ADSMNBT@LxQyqf)+irqV$LOFUbe(bBK4SL_$JFAE5` zWAI?QqRWZNaWjvK#(CZStmHpwFaPI*Q64WM`m^QzOguk-eKRHS(Eim4ZxY_v9^s7B zMTSHrhH5y3wHu`t&vmjiGjyS~8j26W!PFSd<^MRI7=FEydhUs%>tCdk4H-P>rsB>b z1Gq;H`V(_0ca;C40-7m=efRYnZ=|+a+{kZ!wA()w&ZZ*wM$n!!>N!;`=yz7Yu`~iT z1GQ3k_*qE`7FEF&jTw3Xb26dM4^qbo!+ygJ{iY}Fv4k*Ap#E|vkBGi3yXe6F;PKbeo;|?>MA5M0O`T9Aqh^+qnsH9t5|=qf9bnN1EaIu5}7Q1 z$2Fa1SYDdj{P19-PDW#Qa+IO{!X3NzNhrn_*B*ban5|ycp|NqA+Jm>bOWdNi<$3gc zSr;Yc(S7-1Qb_%w_jjjOej40f{Ig3EkleyD`XN0VCb4-nRP*sz8E7J5vp=)Km z#xDK5ExoHWS_> zq+Kxl)|Eobm%{HS=LH9b&>#Zc$20>9C~#!w#4h~YqS_ap_sbjn1c-NM-RBpz4BNDM zk|^m-^(Ph6ftR%x_Z#vnlx7W%#RZ(lAFJi++&(z4t!P3SQemM_S)W1Rh zh_m6tDCSDG|1bi^z*Tg9>VfkFgT;rhDJ9k1c?7x@ZJOQ$QhvDts==M+jnJZQinGxu~q~ZT1FCER| zZ>o*0kT@OJvH6gv8^46D<~Y7>@5i^gHdP0j^_6PXtYRfxIc8cQKiAZ-SKLKgJ-o}# z+jsEW+?_=eTHo(VQCiI-e@9qXGh`z!%x!P0(d%*YIfM3APHr^xI}=-I^BI@i;89WTq&Z$C1&y>wM` z=ghC(goCMbT>SdG26N=~KQt|Oku_iKILl>US=oTno5kG~mp>l2H0!#zH~6XZlH5t# z63x6tyRUr>V--$F(v`7Tx$&#SkkXc^W!?u4%sjs$%eCH3Y2^u>1aj@fY<~30L#fD4 zqg2e{7EQKynuiFZCW>MA@9HyY*CpBE=P=E)1;y ztj)^Fav9qBXn2P91QCG1{c?P<5uQDQ@LE7Kf##1GU+6^KDjU(m8`)F(<2cIU#!T~L zcEcYGZ{F2^H18U4`nRSgT01A9)*fU3^!JTs;7|1QHp|*`NKMurIFUD{=2iL$q4Pt% z-KEi&GQP8Sx9;M&D123a%-g$-6HW+qG)8f+YdWsHjhkQA&g?|W0n?4%f#+695hB!! z4C)VT@vL5~qtEv4wBZCj&T+D;UM_oud7llyLn$6TTo80IAFKv#3CQF|2BLZ*}I0RfXqH8+8hB>OK6jJM%C+f z-H4jd?6PaicI~}=h0C(lf5(A4?|Iv56z4tKM0|nTNQN*-oostQk1c2lZ5YbXTFkHq z!}}RX?N8&CKS3uOGIr37jV-YG$)Cm+%S}2L>3_}C6}aN|@aE3oop1VeJRnQjK=%J* z?>XS9?EZJT_R1#fMncxLSF%_3N=kHb?Y&2Kv`~qX?3GYa64FqSicl&INm9xTNr?Y> z?!D?(X#C#M`~Kg@=Xmb9&pFR?&U3%}e9!mG2FfZ>z(Ht(J7Oj^YQU&D# zwocRlWQ)x}wzvv%q8H*58%VAQ_)@O;y#AmKv@LZnUvDp8l)sCYr#L^74{Oxm!d&^3 zegI+S6xyFRB{uGDcT*ukgl(OK1fUO7+@!VZS&CNu@eufVC_1cpx&JA zMNj?m7>VMPW=d(04YACU(F|l+VN!E9gFF6cV|XJl$@WU2~#;iWUQ)R!h;x96yAPQ>c`&UA2+!lr z9{^r|1g{o)zu+JO_)i4z8$a$o;W>cc2tpXaSFnMM&d0-TO|ylBB4iBYYO1E{n)*hD zstezd;(y16WPvc9f?D?1K8T|IaFjqCieCT>5ZKgFATNnLuKEv|#d3tB z%*fO~TmDVb6TWM8X~KcO4pwt! zM>lVHS6b_e<8uU^Jco!GNX;!9jy=8guzHu;xqs>-w|=wes@SK zfv2>onVROX&0f_?#cLEKDx6(f6R@t@7}0e~!QNThS=&mds)I4nT>ht__#Zb` z96cdm3{cj&WVCyix4QIG<3=w<#@*wVO5fKpb9_TlKYDj@F_dvyw233&W2vhwt z9{D}*uSd^W;<^S9Gmgd@-8LO?$)ni=?c$aS$F@_eJnLE^Ve?qY$y@lN)X|=ticGmQ z-`KMj>p5v3w(fDdw`&reB$zDYnR#e`^>6~exF_R4ZI!ImdxcoS`jT9WapD}8iFFv+_{qTw-g*w6Z%_LH}CB|#r~YB!PSJ`@~{ z%C%fYRN(dwEvwtjF0sQFc{=B93)QIS4rPLa-aT%+1=*{{wOYD`M)w^G*CLah-cGeo z*XU7pqFHQaY`eH_t-#Ei$CZO+uET3Ct}z;cCXlaePqS3 zr^hov(G3@v5s%&^#5Qbk5R%+H`&dMYsVh`#!`^3SazwdKktQG0r|=qZy&ps~zJ-K8 zG3nBUK-LZ@auPsHTv@p^vS8Yo{m&?|5tGXktj%beBaAgo&5R788~<7Ng+qh{+#jbq zeadA7bf<6?=)t&yaWQBCbg3L%hx#t81LJfjqD=70azVjLXBheh=fl!7=#KCsfSv)} ziBJtk&lGRoF#VdIIsOzq`@9JP_Y;|+eSwpgIF!#CKilRC7f(kodz6Zshl7YcO4Pv( zD=7g%Nd|awfkc~_bz(?v!c~!f)i}OK`HoT+R_3rUD)P{6i#$B1IqH*HUT}T?`5SWG zoM-WauNR}CaSxMZT3uC?E z3%|2(FquU8^n+63>@ucd!n6Qtb;;h7H&X%)CDcbLq#nu_&5&Pdvqq#naFh2-Avj23 z+nr{t)tfGpl=;y|zdzeCcj{1z!`&yd0d(P5$_Ly6miH`)0c#EGjTJ01V;)}FQl3Z; z-+AFuuM#`GTpyvLvdWB#duj3Qewo~oVfwAI`I=s8V@mZwbE$sm_nG)*;stEV3d;=X z-$zgCoNZXiVqCJBlCeB^rCGDCh}B71MIn=0dhDlGt>M_e|DZC}`d9Z)U!T0;GahB) zY<*48yZPW?hWL8R&W)2tCrTnRJ-c}kx7qbM(^yKKdUmK}=+bX^-VwGsNkDvu`_tQN zIrvIdtNU_FX*OsJZe!iSYwTb~ekOL~{flc|kG|{9AgwSxTP1Q1_0+v@93C&bRb75< zd(2E<)}TU;*#Wx~uN6J(*6l?Pa*W;NljZU%?C)2kzjm%3h7O&%d<94i;8>tp-#|RL z=KMcHHPA#fO~1u1T|+G+byXEC4vK2%{l(9MLxco8lM$|b^X!|j>d^eMs`z7X)%7~N zoczEmsRP$IK>@S~ItW#9=VdfbO%Fg(fSm4twLLi6P;?XUzQuo=ywGcZDXV8&FN@GPb(VvTjhap%pfItBQ&%(Mg zH`Qr(|EfaSEZKDJ99`5RFpM|6B9ou1Yt4xG!1kD@q0GcCt=N^4h4pI>p#(bZe2 zxtr0RROM|Ocd+hECpo$z*RQ*Blf0W}{Up=9;$r0zdXhx(vdD6&2m7R)c9FL*(mglS z+~~p`Oc?d(iS_}(^D;N=ts9;_5ZM`)drqP}3|YHYOuS?`-|5k}-tpikfy_Dj%GG-t zox6wCC26+4F1kg!!yr_0KAC+&=0s;IkBl>&`*yYF@eI*xq{@utv_|v$lLJ3IuiNl? zUrSCD#rp=qw=q0ht1G&qdGo{gn6!`~%u{cO^->}^uW&T=o|{;qvX0@ZEw@>}&WrfU zuw3c#FuvOAyGfA_LKBbl5GUWfU2HT8K1$Pbyc#Fed=o>;v zms$l14ws2C0q(8?xLZiLLWF&G150B5fq_@^@Ahh5r2L~$_eZ0b{b{KC!vk0jb*nb- z&8K$djg4|^mESqBib0Y@pD%C7g8p#Bv8bBq*m^|Hv=|fh_S|i55h23UB(w@AC)vF! z?#zn`nA*mM>s<>yH|5A3Wj=fEN|MzEMoX>s^n({w4-lPaiaKaL@T!^2U3vYP4YTul z?!5PmW7cS}CGlSMdBe6^8=e(#si}zI+lUl6)ZN1_G%a86|G=h`%^`2o1`*k3lG?Oo zL+?u-bG_J0V!e(3rl#p_<`HEQhgT`i+qX$F(Yc(;v`fqngSQ zY-R}G0x1N8v)tf1KX!>DE}4rkBn(+jlz~dPSIydX{)${c26(8}a z9dEW3d`pc2I9mX&AwYp*qJo1E@=Jxz0ic9{0&o{ohkUH)Kmp%D2T>y6vr>T1<`S+T zJmDB&s5xh2>9sD6&8F)MXWKaXE%t7fRmL)k-}J6nGfgk zjn(e)Jiozm$ydJLQsUys&muA=cc<(^Fz2sCCx+|}bG)p@>xxx`Cjyjv6b+50Ne&SwpzNFjwyn@)lZB@th48{=e zTWlj8!jhg4SU;E!x+%|Wg$Kl_OR0t7e=ndA~x?=eX%;R1VZ0bRYcXn1M~)q z7J^8A{6)`|V6kFhfjYDrz=-S-&2mA%AY=%U`IwGE*rh6B{2A@=( zYIqp3K7#qV+)knQgx3si(;TzDzcN|qjvm%z7Xvc@Y(W>P^4Z&)2rkJi?(FaH?WZ6n z78DdD`sJ@DX7A)8V&~#1X77x)cN6hN2a1Akl=1HX|Ft`;`#c6xxEQm@4~)SS?THS; zK7ak^-ehobW-+Mu;uCNRaB)DpLz@A_Ts$4n!J^Lo9_~nq&;6<4e9X(hJYoUn7xR(F zTcrUw3t2Z3atSv1IppMiOeo-0J{9Hurtd~*%)Gt`&#|HHm&aPkhUjnd)?FSQ5bHQs zxAi>7hlf^5&OXzlhEu*wm8612Oq9PX(a zs9Bh5;}aR&H(wGND5ttQ*iEZxib>mx+0g>XJje!&(17SZF7K}yLfb&?Ya)Z!7rUh! zM`Sb%K<}R-GFYPeZ<`N{96K*YHC1v|z8gn%4>lDG`V=s&vvYe2Vy<9v$3y-!xRjf} z%zG$)bKWEQhwvV-;Sj7SfxIGE-UC&aga5yS$^QC8m*YKc6xC1me-v&{%Mzd>@_k>@ zcy_A#e))YN=@|)HZmwAK8S};mg`QgHV8nHEG}b^SWIP-c&*~rPz}C+e`lu%tMH9D! zVZe&KX8UVNIga`9Ea|fyfpV!s{OfE>g+gA(*B^Y;JmGV*B~H6~UU&Bk#*+GZkAchM znhxC?2+wAzU^UbH|9H<&@g58){3P!QjoO-%Zb8h^I>an@;2mFCTVnmGk6h6~?jD*Y z%y}<&oIR9aXgcD3di8tM2=xhi&JXhk1a?%r9TU+%6=CH#Zqh5D5#Ge_*w!?dP?&V} zksMj#D&j+j-+2&*2U&Kb>3Gj~1S{~$nTHSE@BheBNLp2a3W`g~o*0&sNn1su;4lhN ztA8x-!QtM&hWGrB^MOGLdcnacoXn$s@Ckc<+#D0zB)Rhi{Z-~8fcNNtYrLQcL5+Z( zBab@+8w4EKCE(GxdM?m=(4aj|KOzwax#OjQ-jjvXd%oER8eR9->ODM21Xk~1TU75s z{+u9!r|n2eOG(Ln<~Z0Y@*h6E<@ii@_{)oz?v09h7}B&qOQeicH1FT@ygXZ=VNYYt z8A<+k{5MzXo71~hp4K|Usdr{#6{Q}bXzmrMjJTX@!E}!wyYUN=uVpnks(VV}a z=UXMPD%X-)W)?W&w@TpR>C@J)9b zZk_ay@Kg#)O^CbRchWdBU_;nEC4a~pg95Ah!Od^h6w1dIvUJTP$Oj3Qoqg`pf!LK25ld z<0FvInlSd~{bfG#MZ9s0{p|PRBjW!9ACZxi#OEVWbvfw%Q#6+^p&JTYj594RxXk>N zzK&dukCY1zR0f_o`Jie`rOm4gy%ia{aLX;Zr4J(+*gw{yN;_Zqbc+zAY&Fpd=N$>K z+p&Kg1-BKQzgSXK;YTE)lAvje?@HZO8FjZzlXPhfbL%LY{YhK)ov!ubnY8J~lOVC?NMxKtHowPRmx$>5yaWVVqo7 z32GcKZoY3v`)Vw#dPM)(Wo4_A^5=GtXO+G^F6!p;{6zEEn_zNcgq)fWYsB@_hhN?! zBqrIIZ~M07$~B|8_an@-nS&*9txAHc-@>8Im*Duv@{yk;B+y)cJ3jIYbAS;-GXeSt zH?b9A*3ROKX{VlioIh|esAmlo_$@K|2=Egm5W%$ib$x{B8(Y}##YZIm2R-y?Q!ueGzSaiiTk#|t+P@C=r4 znmkZCV{$syaO*AI@=<+@J~xr;ag<1oWW$(_n}kE}y)Hg^*2`E;Y&MoYv2pL_thj^i zl`$Jn8k{fIvt+KDo7$8$C74(q))IWfsBEtj)!U4jS<9oA)<)F-=_6mRx%?0xfdJsg z_{eVdiILZG&)umeTfB5{3pURb(SAr=pQ?3#R$F5C=_V3X=$%*841_6^5BF}=o;d%i z!8UBdUjO8FsW;Sl$Il4IjrY#+o3BVN-$fO@s_i}v>y$&U-}Jm3H5 z$@=_VYU1zOdm~SFCJ}7*Pb)WSoaYU*_9F6Bz{`dX`!YiDK2#^?*htJL2~9P$wm zC`}ZI?>;}=OBIg1f7P^f-&Xz%x6Apjh}|r8HO_dxacI4h6lxrVO*QwdA&^~{)48(g z5XXcBV}^X{x#3ZD-77Zzw?e$kF3srf5$@D`Xfa0bjU_bySbgLtF%6pSZ^uV|VGaxN zwHOD{#8oO@>JNJQZV3q1We`p|XISI-2;^%mhW&Ye*{=1)=JMZ=k4XJ89|55_C7@XS zpH}3d>hH!!es+4x@sUen_V;DNPE+5tc<12$l5cBcWfNm9pIq#~M!Q0b~v@{daj1-`g&BIxvxHNF4UhALXqbl-#O`|TW=Xf+GFo^@4wsd!q}hxq1i zE2$0Sq~C3}d6w{E4>?1_2C*kfd)ZDr*t=SDMt`EkTAEW(-(-Bu-Qqueg z#R>wgiW~;+F?(O=N|mH4pk6)TU|gwAH>Q4(+9!=?5O!+t{dH@fs{sc#vGsT5OjN$D zTd`sMU?qv}d2Yu$7yPw*(mxD5DD~j3?co%Dge5fpSU&QTmFKuh6(iwbz(nbtT zE`yYUZb8H#VqtD50^LH(#n;bYMBUv5xDaD@5`eRdJtjyS0_Ev|(1fBZVHVouk+Q(8 zSXM#~lMWUHeZ*8HWu)Z*Bl)LI=zCEIPRqv?jD?q~D%xquo@}Y#7EmXT{;*-Cc3w@h zPP1#;Jp*aBngX@H+q%#9h;ePdBTjnVurk&mQ&jL?p2M}c3vnjWAq9rc`@=Xw3zCaj z#?qL^4mRH?kVrjGWrVztmP5I>&yzh*YdW|t&#TnRrckW)<|B_1v4OJOGp;4)M4hDf zhV*c`?0WuEt0kxK%|*)FfeN8CN8ijo;@_g=$IbIn2i2%Q?ov@K%3jqWju5Vk*^^X2 zQ}|%F`YiM2Q=C2z=&T;q?xa37J>GL=w4lK$;r@Mdg{Kq+wM0Q@&`lq??)ux6u-xu zcm52K03b2&C<;1bgTC;=p$HgcLL@L^Vp0&`e&N#>76E{An3ygV9;mHFDRsLxMyKc&h0fc_#%PeD2--n6sO7hQac(jpY+u^7u zF?lC8T-YNtPf1?c_y7Ude9;mGtF0CCyj}7jdG5ujfr&Mo%xfdvk*Ts`lJsSfUDw;` z5=_!gx8)ybJ29D^6?>42Q>|L-l$+z|(a1NwM1*~WCiNxvq%(b0h<4YCb2hASHqGkJ zi)*kZD++#TW>nFC?k;22!J?}Uy=4(TEp^$iiP)QGUYCj2pW4pkPk7|&Y3-sb5~v5) zy>wQa@aNv!X)zYIFHMO#YdD~4sx4`3yz!*KmSdyiGAy%KiSOPd+F*{MUJE?y=O_S{ z@KyXUqJNnU5|47}XyQ{YO>;{lQ$0M&rDJYx3|z}CEiFYq5jatGBZI{#m#(Rqxrn;H zE^vs(MDhn`U3E;fKZL5G213(7RagI?J??K9378HPcZLWre*hF?I0`#W%zwuAfLR1t z6>Ns?4f~UzJ!aE41;oH_P6F)>g#5z9v28IqO~6Muh#?BE0R`-tfetv}YsA2>jD!so zu)aeAHZj2c0dKSZmba~)LsNYGhPNGFU}q$No&ANpjT=J|0B>Xdl91@2d>w*NzSzAn zSgs`pauY!Q$v7q^2Lj+g{>i`X$iK&}D&Aj}Q?4wIY?Y5Oacc9(zB9jR{8hHlAoXtZ zBQXv15l zc{I$p{swa2<36F#yIW=?Rk(8QrLolQ-FbEQ-K{xEr%OsElU#O@G)(VaHBOf4B1$fK zRFGPWHlbNps@%oo!UvKT=M#?lb?eJe7bteoG<7QtZ-?t=QrNg1xIcV-NFcG)VCQbX zHqU}KF6Oqoo<9V{5OU(zS`W?%Wp>-Q>#ufq&Q9dz*|?xknW_ zEYF8C%G(L0-$+Sbo6kcvzk5x%Ew7OF118Snu30A3YfZAEKXfSCc+*F&kjUUVpE>1N z42aPJuUZ15F$639hw=6g=ShoD91Ks=Q8m@DR5jK7M~n}j$6yFL7&VT^sO-ng0NSTY zqPzn489FfzcZFQO8&Yl%pWeT5!hM)CYBd5jQJ5UW4&e92>QDi}i5 z+uI$dJz-N zOB@t?QlcU-*?Ew6!;L`Y-i#{Q5Tcq=mqb#&DmJGVl%(%^bCJ_dz~Hx_XSu>OcW2>0Hjsk+CEW%n0GTx&?8Smr;=>WK+&e z2cm8j-Wyg_nAicg*=BVtLCSZyI=G=-k$!_$1e(95z@nkXOTD0hQ~1bb(}G}qrZXyO zWNzw>u=3EbcWxX!%C|=5i`x|R0-3Vzv^R?OKDK0+$gB41k1ta8F75M9F4f>tF`miD zw|n94nbY+2d6e4pYq9>@67YT76VGwvORr<<%DQ^;a3PNO96&}V{jjDq9e?BTv)b3e z@AQiAGj)&N?QvyXhcv?S9v!3>QX@w#MX3j=4vQm$S- zo+HxTF38O}w@>+evF6&yc2A4d&(9Oih$~<0uNzbmnu2v~lzVYgBjzj$vC0WOIZF9T zYO3%`M!vNQcih2LlBY%;{Ku;bXPI04#FeYj{H+~kD@V&bvyF(Uh@y|}5WKeef`g^+ z3B^`f)}pk=6C{;S$nxR$1PczO(>rZQ*ru8JmN&heAjA1=n(^I{B++Dah0gj_7nzW2 zsn1g7yD6WHw0y^XXnVI;R}4}Z&91Vc#kt0J&?j)vJc&Dw3g$XpBv;0LZ3mz~3q0iq zFc?FvzKR*V44(es{ACepgW)f@ZJr2KV`F`s#$)!68!JBF!4P>c103IR9mUKB!*^WU zaG#+Q;~GJj5y6%9BLNkC?_K!v)fk^`8w30UQuCm_F_KUtz-L@>XB^LgSK#V^M`8BI zz(5}+P{7_8xFg^@hTrlXk!NRY*}vgCsehAh!--_a@*T!6`HqpDE7~5L{{Y8YKpqxo zoo7L_kwQw!0L|t%9ryQm%k7eA<@|h9aEUm9MJinuKP@*$x5CjFXXND#D9*QHG}9MD z-WT$YSeP8z(ek*r#&f-RCk4Xk`ozOaDFfQ@^@O+A=55^xC!a)SvhF#2x`bm^^-iwL ztr?{QwXYs}OHaRewg2kT{G)f*y`w)8RB?{{ne$7I>hTo&U9PTklz}%cPVl^NswrJ* z6I35Z+C}YtX_(}CkgICeG1><+!znE1X5%gvlwRWy?|M+x{$g~bn|a@9(}NFkJ9g)i zieBo0(W`N-?CDIEdh8G)FkdT5ccrg?OR~<4HsuxfM<*m=RmThaRJ}i<_j^oFn_T;F z;gAp;T==fXu_vREUa{!suBAKU18}_M6f(N(hk47RAqRiP490b(T}O^z*dk!CcioLn zq#BmD0IdcIw3-~rcuW)mU}*WC6%Gqv7o=cxO%fn`n*+qka)|nD8`cvBeNAcAKdu(L`Wp`6HWG2OEv6pQLH)faRyD{5B3txdER@U$y}B!oWt9faln*2rJE(i@9LTQdLLp0LGT3zQ_kY` zEd<<67z(t&dltoF&?4=JG4&7UHH%Of46iX#+n}iqSq^{avElO)4B-aj{jLrpbXBXg zmgWX}tyX)8_BFfbJ&$Iq0q=nL4YWT-3KVb<1>w%XPPP!Q9`k(*Xe$Ux94JRXfnwGB zfml#maJ&SHQ7SJhDJv~2DJKI}z7)rh7I>^g%T$~Jtb1Y>cPKEqFbussT>KXDa#Aud zsH!7OQT8CP20~;ZWA{QAA_lxJ&`J#yyB}&1%U#dLoRf84{t889*_OtqigV_Zq2DJ zyyPxB!=;jYE>kp&K4v_3ZNTzGUUM;1Due3jRbIxnt1tR!dNVq{GTv<{lRX=i%O@lo zt!FacCS#V>L9qRPGQze=CU2cMjqJ1ILegutX;z=!-Fq}uSo@d?!%LM_`C=jImbZ6l zIRv@gBRNEQlhA;gxO01YrG(mh#*}g$l@&#Y>jaCQ7P-JWq}1DRAz_q}O89g!U@k+$oi&Hc*9%DIuV4Ur_M#`B&)9?61_)z{2=!X0l&?2^{K(F z=OtZVPS0s)xC)TfO`fT+`G}VAky;xI3rTt8|J1`eY+@vDYBk;ARM`xw`Af+a$v0T# za;%+7dYdL=ot;Kst+s8;yP3$?{ZYrFKSzqSYehVyvb>Kn&KdiBmxVv!fVR7-AzJA6H}P8O#|U_%OavNAW0_ zj)gcK2Abid3}k8n4k&N5pZ`MAB?<;Eprh)0*}EZhQ0`u#D1SSbP=Ao)3+3d3&~x+` z6<>*Dg{U7T1D!d_6J!(i4@7x}xVfMlyxc(KDhcQs5rfdeO*DhOeL=e6P=o+>Kb*QC z;_Gg>6>A9zY0zIz924GN9w`BmaAT{;=-+zu%Xu~p43@j2_VDtZ+J@+Tm_2)t^6}Qh z^4v2j3Ng1o20ROvAd24{pL$@(Y&uhA_GN$9!!4mi7q*ToQe8C(IeNk(=XD#=ic=J| zjA{=}*U<4?zk_IwDM&v)R~;Rg>3Z&tOu+hzc=Ab4j|jtap@S!Vc1*%0$@nA&{L7d% z8ega!IFbgE6lr0wc}#L+lEplFVhFe4ZE(wo3-xk$LV>D3%FhL%g?9Hx z`=i~_E_UDs;N4XZg9~&k2Nx&sg}aL%^c)xPMDS!s zFDH}(Xyl17UGS8YwiFIMZsCj!OPwcVejGr-cumTDFnO} zUuQIQPw1Hoqf)`^fk2Bu&LG%6q6l3BkX+4N)zEwu0`f<3@$(BndD^2fUL#=99sw5j z5nhf6e`oMQ@FLcMh6uj^jNXa>PlH+-;(l3mkRS{d2p)m5a|ibU(^zikAj+Oy$ikRF zV|$Pa3~#ieU(qWlUf7Bgkq@XOq9{7!--e`}J<-u}M&{ZfoqFq*^oPWv*%yt$5wj~U=mGvc02W*^k$YI!5UCo?{B6f;uYU?Z{C6r2oCrZLQAkqr)DX9DmHG}$P zEl08}G*pc>&CKx$uBN%Zk-8p2M^)cwv#Pn8?q+k4<4#pu7on$R{sqBRH3V6)%{QtV zTIuPkY8dI^6I|R)G&dQ8l9>QMTblmS4R;LkOSGD;y5V4zC;0X zZj;V~;*8^$UnJ0joW5dU9C!@#%M5xbUwc3hJW===^gexu3*Sk>zy~G6`-J1(0YIbm zb9V7`0?{UY16}L^1@jYi7Zt~u4JjCTzRHe=P#4t|)e=P@)I?;E@)Gh=(h?wLCbU`! zIPY5M=IW{lb!QY%Gobu@eoMufUFbygQ=NVwbsv;;3&g4f(JG~(&69w6gVcSv>VNO= zJE;$slNpZ7AJX0BEh(_Q-|~r0vdB}B(2&|d>?;dCMmdn23mUJ__juy=y+O{A%~fnD^OP;j=^CXHy^iQ@hVbKSCJOCj%fMjQP`N3L+TZ zXZT{0;7aKEbZ}t*i2gchBNB6se(`JS`0}F+v(#t0g-5oqVhNyTKvKXLCa~E;#XuBZ z@@?@tu=pu87$KaKnSGHqps57dJRydZ``i`|7h)D%rY)|Ix~e+Ha;o&XCoqmOgFp|T zB{JMd7M=oPzJfGePy%GAGZZ~l8L9BOJ1Ja*S!mhrAZRPf{c~TuL6d!F(B58P={jVg zE7A-4UAW;OWfD>>MYgtAWVsy>J_R`3_p&1oEBXYA<`2f&8{ml}-i)3SO(V50E96oF{WdIP^Ll zjaF=udi5lbj$QT`O?yhRmG9%@=;M_GiuD;zZDR4L(06^WS5IpYtWgjY-FJh1mw8UD z+!ek=?@QS;t#Ys}vU;)#dnj!M?3$HGveLrwE}mZGo(PG z!Ge6ZL=MvL5UgcW>3$^$KyhHfQXs#@5g?`{9lxL0(rF=T!r?_$zt1*PGZkwz)nOa z4~i15ZUN+6AJ9G#6kso+I16OlF;H-J?k^KXW93}>-%!r|90Pwr&IOu`CWwvlDVF*d zsT9Ohf_kpK&qpdQ1%FB@+$)3`f(rhBwOMkCDEQeby#i#;BUwR(9`RM&#MkW>NGp-MZ zE}n6%BNX9?6B#)?-+K7bfc91{vrAjepYr?LvqhwKh#%@}HM&_EAa-!Su$4adrHumn zciHtYaFN`N+4!+ngfE~>k;gR~X9t6u0-4qjPp0+Qk`GHl$!5ZXt4^^d zlW0HpMh0MoT2CZMN|1xh5sm-3$;;$OMX>AqvlXIfjgQN9`bP{XZb-OH&VB4nd8C#AwU zyZaUu<0(qVWd2KtwM#PpCE9<7`9tsSJ4F5e^}G36 zmK9LJKpRGu6bz9-VoJ=@p!yB~ct+8e1@&&PiK14_qw z=q69wS^pz4TdL!-8g(--)~M&J3$c2K)39WmkJgz^Fwfe-!F`c;b6^oQ?@;WCkk*U& z+spLIy6<0*<`mez_jUxVJ|pT(wbLcTf2?O8$?stR&7f z`-`&dLib;jWwE_~U6#d8{^w;`Y`;H1mgPB*^3=X6ptcd&MXBjGsxv6J+C)1Uaa(Ck zEMr^vqn>@cJ*bSIpL#WbV5jee8|athUb=ontY!ac*V+s1b=%y7rJr4UlC{pc!S894 z{=MwJ@Q7!8L&Wn3_473(sLcx|ue6S6B(J;cv+Lc<&Rgyjk?D4~9JeJ|o+Dh@*Qkp$ zfGl6%x6}T!WLbb>OUR~660RlMe}|1hukIfv%l@VB=Er5(#h50LWjnzO76%2`V4-7K z{{!FvNCEu!C~`rm|GxhL<8Nq}6+?;uogDZdtiiX-sxEDq#dRS1;SS#cXnbi_LR<=8 zn#ELsxbxq8Tf`c-tZlXxG2XUKr-bkt)58~HiCGqOB7)5(j?M(=M~oKPZ%%d(JWjkH z@W^E1TJwy^1!-=EbFUpy+f!7=XSRtYuu6>=TVz#Lda2M7X*#+3`fhR5IiwcHdO5ns z&UNQ$)nQTjgdO*6I*lyd29rz^-k*7u#ah%_zva{mE8phn$qARrn-vT4>=s~~wZyZ{ ziZu_qJ6$xIDp|KHk$&cSrv8=*8}I{bL1rPyHmd|G@==V7H3RZ22e8eu{s#~5ssBG& zXTR|?fXsRjefqORTD)AX@UL^Veq~|BH_xhyV`N&@&&FLMxD>Mlo~?3W;T+dX>?`{$ zxB=Eci^s5r$D07zcP4;mp~XEO8H6>_dLuoN-?|Ze zJ%vSH0N(yK+@QZ_qs6_sKR~c$ODxzSD)!vPCab{u)>Zy7CuW~h>&```O_cAJIIeT9 zy5?1z!TzhTfl|xzN8z##t1=aY{PXhZTP(@}h*L4o9=TBsrbEO|yXf;!wJV&m)uBXGz>Gd{P)A?e}c7 z%M-A_&knh?Ah3j>y0jp$M2GJP0zj_)@7=^NPTYYY3d4w_pZpEhMB(bd-{4Cd?PAOm zC)Yx8L9i#d# zTcpst)C(O54LG@r;QYwC;cRh7l+MA_}2F`3e+LiRlH3Y3P14hFi-xy zX8VfLheEuRT}6kxiFcSY*DBmkT#Ge3{tt5Pg0=Nm<=Tb*zbMz@%(cHR*J5A5FUYlj zn8B9Si(FPE{Z0y9d*rRy@Hdsmo_8L6`e?Ol06UT<<~_OmoCiZ-yX~lZ&gHAZ)4bqYIxN}avi=B!5ftU~jd&!z3VULWJWsAd==gq6@nu}71c3Y85lJ)N5 zKbs=pY^|Gl(tsn#X4>(w(r#_9>k6^D+3!S#byz800e{FU5tKOy^Z1j~J)@R;5XGZaF8ygjQF*;s0l@qcfQ}g*G zY*eG~z=Ev18`yB;@NBpT9;(%49KYGdA}zHP6U@{ zmi-~S?iY8#8h7!;eo{EtHn;43Fvi_QZh|)-vhU0XYvKLo9?0luterO$8H|+60nP~V z%bBW|dMoR46msO^W$-4kjIsBNK|mP<{s4>bwR}SVZ7_0u)~!bV?H+zq{C9PbXN~AA z*x0V~?iDyb9ZVY`%s-i#OfbpXw3?v7c1lFwes({T4S(9p!ikf2WGc?`anl4V&?Oy| zJ9+oQ@%Uj5rMp{_=5I|N(akXGxh~-CYNVj|CZgt*f58TO&6I<4ZLx<+3gTYvMdjpK zF`z54!o~MwkXeURC&1GQ=+T4y1g ziJn)eE7~a})XQZdP?72~fr_L+~c~APp(f{y-CQsLd^|MPJ;}_AAFPIcAJx<$iA$M)4$ikkoJQzOF>shay zG;0#fotzbWW$t15@f&rU3FeO%r}@uJ3a@99r>=rq6w{<3)Xr4!orp;H+Gv^W)}IlyL;S6Y0YIunntHE-eM}hF4+0To1U`r7Wb|vY(&rqP|)02TTrfR+9*dl zcaefTp*;=cyJ8g2HM%1|OG_uLezmLg;B|}j+S^%I5l}+Tbw^B4+Paud3{RaF z+&0jwE53^Q{@E3(&sE9YpRY{cs24;ynR7Iqe`mjipwE^4*_y#Cdzc)Q+Gsj+0<%vx zw28jCPrGr@A#(Fk#!WE(2nOTpZfjpUue)TOL&4rd6Z-mj)YaFoCqKH=WwrGQ@C%ts zs4>O_yxcG<sTCjo&8v~3(JTWJN?VgvXw%Tl@yAaz6;!%smcKWA|8wd%Q7tbh8 zH*zeSdPF{IcISQ-*&{{jmotHVj@TSrl?Da3-<^mL`!f-tfyvng6rAiq1nhWl6lf2% z1qU&36(d>&Lg3+Y{(ZR*9upt&7M>`wSyh|~$pA<@5Jjjgfx!&KX+x-kD2aFxpP(wj z+$+d)AsiwF2#4s53i3xI)IqRB5U>uI*u({pYoOauGH`!sZ2J@gO2Z}4#SfU@7P4v) zF|gw9VvP3n13{+T5o#b*o;_IU!Q2ebKE&pYYawC>wNUZLJYCe@%LB5t$;%+c!5`*; zR+EuXuqJ3N8Cp$_{#VU*xi#Rrx`SpOmyL~Lm|p6nNEdCs=%qGIt34bP;MM;p(b_Bii<>V@*HW9Q1BZM_&A%a?NJaWriR zsfW>oJkw@VSlCmE`v!88^wuQC-NaiiFzV%Y3)U*CCcd}dnA^<*0;5640=;BsUK+xn zcDI)UBcK?9cqagAjWzL+22>H|MwW*7NTZ`_X|9P-2LbOa^g)zYZG5EpViDz2yc7-H zjk;zawh2DcVDDnAX=-Lk0VvQ6N?L&p5Ao}t^R3iT`^N!SD< zv(nexb3HG&n#?urdc~vsv;!YQ9`|j&#!>TA^!55+a)ja3yF-Oec54ep4d}MDc_nV! zgeqHe-c;I}tQ9#^yy4IuZaX#J1QyzfT89jlGHt=`%ru)j?%RB<^U9ut^uF>W(B?i% zEznPx`6B%z!$i@;?G;l`Y}7@+)6Kb}(mkXBd#SoicDTKm zYQG(nhclck&{r2y6E%a$BttDNs^OA`Q;!gUc0%Dyp%_lepn!u&1a}5<>jJ&Sd=K^s!2$gx*2P{Y zHUYF&5YXD>C24Kz-%M*k5I8KYUHLVwHTFe&xCD4WPy!`c#3QxrpGYkT5e~KaDN6gV zoAGjV_J-rbDN>Erngr3&+z|#%cjE4+{LCgYs&ww|ibHcN!s)a6j;f{4Z4vAgsHoyEReRryOjMOX6De0+D&2yG=g`82EJc9J@aYiQ3^G$J^)1p4i zU-aix8lOY*waZF5O&9uvAW?$8m!Api&uo05Q0&zwVP*O_K)~3FYKoHWMcKnshZ4n% zACq2v!(A%*?46J}P!usp1pYy^7DS3%2F@@|3GN`HmjVZh~4fGboP@BJ!tB{C9^(yAGVvmsd^!bicd!X&_J zBgz3pOxJhu03qrf#QBiCSnZ#~)XU3%Nq?Kqn|?ptVY&8LPa348xV*TWBsd`L9z>-R zm&H~8{sDe(P2m#iY^qtUivs{^0`)(*u zY5T*cDXxloEcN&HT|mnzq_!zp$QX8qSca;@ZZbGC*l-fpQzrJrU80&xhx_jra z;D)%hB#a--U*3I$Cf#cvFB)U(p#>m@U4kG+5`iTM;4XuS#ESqsBR%HAIB4KhH0 zi~^V}0%+(ao(L2+!zz>@0C=5wI)LQf2q-%P=-}yqu=nzGaDk%d`azvQ1_EKc)B})9 znzt{?-X98;E{tja#kfA()6fWGOfXzgpzYz_9EfVn481uJgf=KBNOa-7iQ0MKxhCz^ z^BB4-SVO`#C@+6}^zaVXTO-}b=#$XvnyBQIagnd zL1=Hirx6j#?A#r0VB#HY$tlV8k?=?cRSN~N(e?951p(6=JSw7+$T!wxtlT!Ywf;fq z6T0BG`&;YJ-8&(1gh*jevpJu8ikbYJc9c!4qX&0Fa+%eWpE_ffbWi_F<6*gCe`pkuJ% z`ODBY8Qwh`{AE4>TEC!k@ht_{UwA-bnZt5Fv4zn_RSjJ;gubqUuDPZLKBdQGBKpE^ zrD|cWgN?w8N9h;tfX!UAc>CXL92j^5L&D`YGDcvB2mA;~3>Q8_UoDC>K$ii0851W# z6>0>25*FMU@LnP-Pyqjh4x(_N`vAR%81QN6Am#+R4+Ef-+i|)N3?IfZcBX519Qo&L z_qarQ6by_wt>v@r9${~fZ;AXA+!2D5Z_W2ODS(J!1@1;r6SOZRv#mj{##ee+{4iHU z?76Ug?kvJT zC7z2m;Kpk*)H@Onq$d*_;cL^&c8?8?WIcDK(vWMJyV&bM?%gm~;U-umrrV_0!4KzK zaaioteviunYDXUEt3SQ^Zk305_SUPLdM>|sxTU=MNo82KjKY<(jy&}DcT)e9HHmau z-^F?+wOMO8F4kZbGU?{SVlUm5FCUroZu55EfuhS@*`%}HN|$17d%=n+-{#r9qmf%MJm?wx&wVBdSQpfvHd$;0RR z!dAy0)tnAspHv$gxjx4FVRv2r{2pFWZ*2%U7U&uq^HN|1wIU$6j*MO!dcLRM;33J^ zwt9rRIzEzoLB_r{*W)1x_C`<>P1B!1l7HJ=z#={7V0^o$a-A#TrB0rN5OnLViPAb& ziXuS!wt=hA9$Ym{D*_@YZ!$O*);b}Z5vG0s&`hxYNsObd#JYfH@&lT=e@U8o`|qcj zP}Ts9dH&OqC(csznRY_!r+5YkFe@UE0|6QxsvQt6nnF=_f&jh7R&prN^}6B!N@K0yj3QhN86m* zYN?Y+82vg9-a5RNAj8^_s&1OebaqU`^AX(!PqJ(=k=_p_3h{nbT4tM?b`xKSrK|Q+ zE+I{vP&0U?lF1?aQ*?BVjxh6;P1F6%{!}F;w&u!X4{ii+v$64%wdVOwkdDUN3>otmQ5W%kIDe~%lo5kk3v?7(^TYz- zw;%=~T01g&X*l}J=qMiI;7mn03(;qK`ooBWp&$R+d3~a<2>Tp4zZ+Qvj$NvOrZDkS zYpydA0(;MDFnwq*m^$_~5F6pniGY>@nhNFIgbrfJ&lUKXkP>6-q(G@AhSDQd;^?c( zH!|rFJo@@4=Gz3>Zm={|aKXFDBGeu2|H+9}Z5bz4kZn^OWZA?yu|nB4F;!&rZ#?$p zs9wbz_#h&O_sTxGZLQa}&fH_4o2faH1%JX3nXn-`ZMdN0=AQp+?@HjRsM_}okRX_% z7sUm2BsDO>K~cc`l*>+Bmf)hOe2NPyZlU0=g{FpKer_cxDt(}mT4K52j^%=iiCJH0 zYPhAD%AzKJCHp_`+&PyEaTVMGf1Ka%xifdpnK|b@%R6VzJoCPmJFMS(-*kd%MP^j) zP?waOi&OsWA0FF0)B9-msENyWUi7dmQKkI&Fk@N#rg+17ty7DPdS)4${rZ1jcbYob zqOO<4(V=$};%N_N9Pe2-b4>U2;w~z0)ujpX=F2vwJ2zf*$o7-$Hko63tcg95J8O;0w~?3J zqIX#@yfowIt`jdLZ#}a*dhC+sqDxEhXZuUjzgqOwNhjO;JN{=G?j3lkrStErf1LJl zn$4=lZ=F1u^9Hvp`QqYkZw%QO#*gY^8#MR*Lf(heD!T_)UXy8*anhp{)-z>f>L^>8 zkr~=g<*C-PF-h6}osC)D%g5uvfr7;@gZ#_MYcH0}4Z5}6XZ`A_Yv!(l|LIRn5NFKs z!*e9RH5U@zEAQ3CE8^KI4%l26@G%ar}fNj-QBh6Oren za3GW8C))r^Ietn#U^;MvQZ++UNMr z_j(una(TDB`Z$O64%OYfL zhUlG_TbiG?b=>BBbeduI&V7$6gCMrjw1;JIh*I!Ss+DkY=N?MF=j4Ww*T2ma?W71# z$ps!Q0F_xd(yo^yGX!&kFNVDv;Q4SspLcpBHXCp*6UX8KYKuwYgtC1?e}8*jY^UiI zt;+SckU&)^^~eypkfkr;%O&(y1-gM+N-Orr8vSz(ZMY18%0h39bP7|}XYeCGM=X7X zOa>Q1JiSq89!hfN$HtGDqJg%K+)-9sT<-mbiu#(9;7iaW5RRW8_pvw?St>7Wv*rDb z;>^!=%8r5is%S>lWuh<&RV#g1ZpMoGAxf26P$~UD*(IlfGCj;x(Za*m+gFYHp@FDW zhX#Y`D~)IOKzsI$gqgy`BSh`46v7-Fnur#ZfuZ769Fi(kbDSP-b(VY@4H@JLU+pnb z!(+!!h>4|Fo+xueE~k}i0@`3Y{*bbx20-}76DQsM}C0R256 z&fH(Nee^279&kY_DL=_IRfteo6{9g764EBQ@=BmTj*C+NIcWQ}w@xQvyTeKL* zEQy(RfAr`NH$gyzJm4wYva-tig~(|>pBBM=LodA2%}o zKI~j7KkPh3ca0+Lp&fQroAyvm(j*R{A(zm9Lhsq?IcD66P0l{wZBEr3zkv<)-D)p$ zRWyMtv-zOtW4`kTCVJXlO<#LDsQ*;RS!3F`DjGrC#w*^f<__FeKBAdKW4fiC zBzv;kuNu4w&Zz78J14M>04mI*bgEGHiV`zHy4klZ8zFeQg@(YLbVvwfv!mxcBd6#S zTd`&J6(YW^BZr5dLp{-yN^Pnz^z-*{Xn^H#>B4pJ&kobr(mA!}fZ*3#sq*!L_v>Kt zi7kD#h0AkB-CKas!Eqx1k|k6O(a8tXQu(RTRG}zWWa+_=s20fAQ1M8C=;0NCH_~il zv7x;Bh@m=pc?COw?W~c>RI2)bK!0Ct0n8K%rMnQUbVoHoe`;7fN_L8&Lgy69#hkvw zbaCq9)YYkrb2sec*l2+A?I(umuFe@K%C@IIz;Hg8XDRDt^Yiid{Gj?ACqjkgGu?) zA`-%6fcnocaj1^GaFcBzl35CjMKh&`htyjHrJIAy;xJQKXpgGZL4rItcaR_64HcH! zXvtMQeMHGxwzRHU-owSnXOMU4`%G=#YzCu~IcsN@_Xu&APTr5#L8T9zvJTR`EtMoU zt-HAWyd^~)hw_FN=Dq=5f$mCIO)7g2dTud#^XQRaZ0T{6>O4vuu9NqZ)_JK`)XM#K zsH7Ls;yRL-*86NZ|8e3wmC0Y$hh~bF+6+9y=)+t*rt3C->A?Pbx(ds&R4zw#;Yc!W z;ug7FiQ>$Ubt(u-z)Y-5gTh2%5USR{nn8A_q@mMT?c+&Lw(^=J8zpj2HB&V8LH&VV z+^0_;du=j%Qq}S}GgMfFssrpO&dWDAL~R%7_Lir+8s#(h*jq0lh-;>;B~bzSx){WE=URB8ha{YVw)?k9ML;iI0AkbcaL2i96DcyoktPZJ@80|3== zxi!WY*+1wDPibytUABM7Lqkvo1*v@9rM3MKDsq{AF8XD5nS^6G0Lif#M0=gOf01&O znpG()hr7xbQvzvbjjb$+pbYR3q>o%tXawD{+pgX4BlB>KwM|X8xsnB0sBN~3Gq>or zO<(EbUP&ujD?R*u1AIf&H1Q1#5CWtPZYCaNz#%x;GcZJF6_D<)zDO4$c&ecKf&&A5 z-I1W9*g?~gUMo#N=d;Hf>B@G3(muc*?{aL#*X!usottU$8A!=pHT$G??L+BNh%@ST z<)c;DvVOKtoVi;^77tH0lO`K;N`JS|U~hKBxb%p;2x_WuP`hiEFx}B5@ScKJKG`b` zylT?CeUc6LVU>lzvfZi6YMp6 zmA!Vsz``2oUHz55DtqkMBih~G*WSxsaI@9zPmc|8kV;tkxGp->UEl4e6PR&F^^Pf#W~;)XQ>#Jm4AtzVxzU zj!#6&L=ym9>%^vj0DxbeC<4xaD*#S)Vh|7pL;xdzXkaoB2gCylfkYq~NCVP=3?LK8 z0&;*{AP=|(6adBGv2%b4U=B0|1i%Im0cXG!@BxB=FdzaL0Yn3nfjA%@SO_En$v_&A z4w)&K0J?ncdibx)_il*)jeuqVz0xbs7pHopWfGbr(_=V2wi55#7%&GEfCWGtapHno z0!;yWpI`;F0jz=7fVMz8fN{J@e-ba8_~35<9RcEp6Q8?0$D1e=G#-cxP8@J2z!`7> zx&vFWKR%j0uBB;y=dqigciaFELRa0O(kjL?>JpiOlwgNC_lJWh-XAwX)$N#qnu#w|a5SN0nl#1^wQs;C08l1ld z*I66R@$1mL)?sX=g>n4nCctivUmwl!8#)5lIDRAIzQF%4ojD$COMX)p$EV|3n{n<} zHURSbI+NqK;Mmro9KQ|ewwnVuHv`9aBy#*toWD!O@w<_Jj}gc3ZOifdQ0`2m-#?q< zzoGYBH0~(Sm}6s&#vP3x8kaOaX)Kl>%WSMtThKV6@kwKa>XgPmjVBt1G$v_0(O4v% zK;x6?2^zCB4oMHZ29zJu<@F1VPo@LP>mnME))rRe(4lOGj<>pyQE6y@=}xle!31Ftq8%~`85 z-)RKocv0U%JzZXvCF4RMgs01^vP9TNB#$^{C+PU`BxYIS`x}qojGgCC|`BwrcoKI zI|nTlWvmIjvyCWcIj&h1mJ46}_pB9^_eFBbs?3d}HKLmK&Fw!@=BNCwHUsrsQ@Msz z_L|Bm+>Nr=WFFxGl>cSm4pvJ!o`5e{E#-Iuj$pNv18*g($_uQPay$VSFbm`SWwEXB zl(JNIv4*}Df9`f7o>G>|E(X;ES*r52^K);PY>bzei7%T2d0sY-Y_*i>DS5F!pq;9{ z?TM;b+M$=~2sJ{ks@xfBl3Z1}OVlK}s&dEBk?UpTn&)DSy{!CllI>;Xl#^^PDUY1D z0tKWAxR{NqAs4gMKqKQ~KAH<&F(3M=xZ^dje)Q9NE3O~?=^xKf<)r$lVZ3Mk9YPQ9 zS^o)-t)ZG&Kl(d_p8C;$!sF|wE%Z+<7yR+{WP^ID<$qU-|1I%DiQ7nlC)?lH_Tcz~ zIUIk;3K$I>;P}JXKRg-8<@hXcFtd_4{s_)E0*>Voq&3>h<_#3n~Vonu+P|FXk$O^DbqJ+ufifrepP;a&T(C1@U zFC2AS%MaBU)6-`sF9LN`%MY#WA{HtOVFd8xT-3@gEJ;~CWnPtC?0H09wfs=Y#wV;L z{@p%eEk6|I+Mcfs!f15OT7IZreIv1{!Fc!mKxGzR!#i^`@QAq-M3$$)+3%$k6qJRerWZuEmSePOFB@w4 zp&Iky8k^juAA>WGJF@GzYVCXLDLIvuU971IoXW~B2Gs;vs>1fE<%g0gBd-WL=9evF zBF9gR9B)Tfm}6XHM+}-28!5XPlx+Fd@e>L`@iDr@4QXyK`ymo7eI~gS7t5%CuW^u_-l-siNWE+N}zWCObcd6E@apk|#Sj z#PACCl-!0;yV2L-I_+i^9XUScow0*P+YK8Z898Q9)aWuzR|ENv`q_FF^B?u6e=IAD z)9@c_7JpVhTd(5!(VxDu^;63a)oVkzmLICCj2c8m$GDOXvd4~nWDLevEkBg}+CO%r zkqzoverRQC3MMP*dk!Oj0v|JW@OW&&=gcnvN;tj%Jj()bFbf0#{LTVr0Q|~=ARrtV z0f1*&kPPewask-%EHnp@z7U+uLNyQpfTLMB89@3%a5f8*fHYtWkO^c1IKS{RfV_*4 zcM8a1gZdb%H`?@CBCs!b3FPLnJG8>@8FEs|fQ~=|fHf;&yb3$c|tA*;KE( z8U3S2e+Y}R6f|+icfQxV;Frt0)eo&Vem#DDsBT;p!572c z4e)$8pwBx!5}OS;mno-_FRAGZavezJ*SAj{key2%jP29lVEZ(v5TtzVT9mwH`BBQE z->?34H^Fl+jTPy*h)~Y|vUI$2{DS4*-~CQeHZKKbh~q^2eD^&GN^YpV0EhnO{Zexa#or^@%;l zomygE{IBlw7Acl3W|+NmA3Hwd^h4tl zX|1-KPZ|DT-8{!bX!4e7JxGV9eghifd0Lg1wh{xlOD7MNdGtkq|>PEHUJxXOgGXv zB3(v0k8~C3GSZi%=g3|&U5nW}cEEmTfZ0P9uuuBVkgMam5L*g7SEm=9!-9aFDx?Xb z^b~NN072T*{LsF9ouC}~IMR&LlUHTZye(gb@`{RMf3Ot*Ij^_V<>QowjHUjXB(~M;DA}?+E%jGrFl@1_0DveH=qmrf6njZlhxy&OAGoS{df%!lhZ~({yN;v+nrhp?51dImafm9$9I13a*dszS?paMn! zvw>vDOmiv$XaG>%lRhK8Me{z=Z=?g;0%X^nbRp?F(vR%`Yk+hc&F>rmBcKgn0?<5- z0_jAW$29~<|IuxgbS3Fe(xuKo7k~%ozDje;*8$SEjQ}?HdlmaMkF^210@QXicWe(h z0i?H00qRdK0L^dd9zyzW#lHia(X6NnffwqOO4q|bJfhj4Y zj@=kz9AP>7#`1l`54shNWN}8O6H4;ddA+hZa`5}dZ#jN2<6%7A$E0f-^*Xxs`m~Ix zDI2%VU03MtmwRq_j5eeeS^K?7$BtPR?MwY~&WTv3ShMrBZvO+wy_j zH$C$wY`$_Ys$GhkMP5V^i+kf+uMIovABpVXb#jXLfx#CqoGHm*aUJW|9TpRx+s0(4 zceDJ-<3C9qF#Q{C++u6@C1+ct%z4`}E*=d-v@**8WH-y2xGzDN8=jUF6c zsp@}c0E-jCZxDA{Zse_gPc|xP2RR?#V0Kd zlvjS9!p@t}%V%HUy!dGMuIGaez4NBUr9Xn9d^FdbGWh!PM$WlOLvA>)u77ZEeRUg~ zf3diCJ@Q8ODp}~<;84F`zDpXFlwar+&f;eFbjn?v-g?sN@GTo+)?fX@F{0Cb7MI{R z=H@Be9d(-BaB=y(VA<@E$MUuEEjsPCJL&VIIaW@J;66=~Uu|XEvL`$5$O}x=r3c-t^1t4 zes&jsT#z12`a`Oh^{bt}3yQkDsQK*+%MT@FyWJf#bS{hgVo%~!$1Uye-9OM?oo~1& zukA6lw*5A_`&|t=RewvXqq}^A!w0ISPYSxh&iiVP_imfkEq5IcyPVUfL!;t$&Z8~Yk^!EW(-3oMdq~B463&`i}cg7p@$$vE7|yP&^_@+wM0NmR`HAgwH>8vVX#~{@XjfHTDa- zH%N7T>)e#gQ&ZCY-}T-dz4q#%4qxs(e}u&qGz=Fu6y!Yomx){c$Kx)I-*45Zw>Iwm z>oHlq`mgBkH1MwKKmG3And`HM#T9BveYw{2r$nBJzq4U?Q`5C9?)HDjC*I0v zF)Pl>f7^2L^-oPZjo0eIyJsxa%|DrN(9b#j{|XoXmh=gCHI1EDJfKZVT1w+zi?=r1 z_0Y}e-~J0`O=WQpQr;Z9-|4sBublC1BBZP`{cP|DhfCw;-y5Fby57IrCNb{%@;CE3 zjkw0*N>L6q z%T~h@p1<6F5ocOUn4Gz$boQ~tFRlM7 zI%VjF*7nSB0CQlyv#s%32iPt7BBlSF|>i$w0m3+uUVax5J$0xqstl775eef-j zEs8s?U7hy$pC3)kk`-4?JYUAmd%30R;nOJj N7K1sL=Py;g0RXU;zfAxD literal 0 HcmV?d00001 diff --git a/keychains/roots/AddTrust Class 1 CA Root.crt b/keychains/roots/AddTrust Class 1 CA Root.crt new file mode 100644 index 0000000000000000000000000000000000000000..d6a842059130eec14002d35430445576f0e55036 GIT binary patch literal 1052 zcmXqLVv#UtVrE#t%*4pV#K>sC%f_kI=F#?@mywZ`mBAp@klTQhjX9KsO_(Xz)lkGh z2*lwM=5|a;2`MTqE>UoFGL$ut28nVDi@-%gLIM>0QcKG7i?R(B4dg-6%)%0IY3H28 z;$j6u1!qTvp#1z2137VC0|Nt7V*^72V+&)$C~;mRWG=m&(Zr~P8~}{049rc8{0s(7 zj9g4jjEoG^rd?6=On8+2!jYZl-jN4)gq6=8G(G*_@>Gp%g-j4O@o3z{a)Ow8>y;OH;3U*-`m`9t-NcUsKSlKvU%PW(K;ru2MG z@%^QGzk}{<6irq5Wtx_G@4n8*ygdfDbyS3Izcw|^m~fh5!*oU45=G@y6YbpXvE87tr2(r63p1Cb z(<$D8QHvbyz;q9cc18xB+!Sf~v%GhAGX9#DY+~f$K6Bmlw||SomKD24eR+NN<=1P! zUC(HCy2S2xv$TEjZjWzBo1ARUV{vuohn->CEAxx|JdGb0)o3Zt+GF=$L+kD0|1!$E zoWnWOeZ7;|bbtKMnVTSYL&m#ytD*kQ3pKGn?qxSiRG5eBzc6M`zb|(@TWf0By8iIR zAHD=_SsBc6{(=AHs^IRwyJf=6KK=)Ngj)ar literal 0 HcmV?d00001 diff --git a/keychains/roots/AddTrust External CA Root.crt b/keychains/roots/AddTrust External CA Root.crt new file mode 100644 index 0000000000000000000000000000000000000000..8a99c54a99fbe7d188e8349044bbf835338815b0 GIT binary patch literal 1082 zcmXqLVlgvlVwPLL%*4pV#K>sC%f_kI=F#?@mywZ`mBAq2klTQhjX9KsO_(Xz)lkGh z2*lwM=5|a;2`MTqE>UoFGE_5A0f}-8%fdxnD@sy}@)C0tLP7!*{8CHG^NX?#l?)U> z>X?NkG1WOcDg@={ml(*2^BNc!m>L@x8kkrZTSSTT8XjN?rvBY=YQMRKuAJRO$F&7v$3OVnzc89ta_Yo{keA2e z`77qma!f!mNNh*Jt^yXWhK4aLSy*%>fBq$A#xwu(vU-c)21|O=7}o zpAG)XtF8Q7ZrndN|6ykS?(0t1vt6DXU;8fCF}^6Oki&d)W$Kd11yjtwGwAaknpAY_ zf<@77krl2-Vzp|wZ@G5l-I}w)F56FP-*skC{gt>gGb=(_aQkxO{;<->uV*!{yKU#v zPTh9dDPMHcj_TjoB)8i0+;|888*y*(5iaqn(`z5X>60`I?kALv!$}}rd+fLyRuno|Argo zyVp48xF<9RZun_r`~1&0HR0n8VoUc&{b@g6QQ4_D>yZyTSDWdcPxk_kT$;B1PMzPo zg1<7BuX&gPMRfc2iaj`Z->vky%Gx(yoVK)1E)YoHHJ8oQOX9M2)tNx2g;mKHpY2|F zRQr(GK4IQxdz0%btCw@~I;_sR+uwEg+qWJmC)U6#u3zUbPg2YfRdBYM`MhSY%8iv1 z#fv-a!=w!@B(@at&pLa8Z(g6C^uwMR&8OuJKf3rFV=4A5OW;5LW3PBaw%*G#K73KL eD)|+-^sdfJR+9^zH04HD}zCbA-4f18*?ZNn=n(btD%U2 z5QxJi%ixJT%zFUWGHJO4HD%R7J-X~gajz~rIwWE7iAkN7|4O7nT5sS(gCGO zIhn}{&W;K}`S~RVa^k!O1_q|a28ISEhNcEl;=D%4Tspa;iBSpJ`;4p%%uS5^3bAUB*t_}4 zd0#9~FWi~`sqSZNyISHrnIDhdENlFscvR(#AdmfRwW6xyjMLf0e_of+F{tIMl1q|1 z=6&FAZBqGV7diEB_TDa=w_Dt_lux)CIH{O<3q$7P&mw;BF5clhUvALo7a%)%l+B*##$CtNX3!Ohb>%|GdlwHpy zHSGmAS4?P82#OYbUvZ)N+f|PV7Yt<1H~dWaSNWvl(_MzwQ(RxCPRVrGb>Qlj9lL5- z1XsK^WSus}FG8_z{)L3UOw5c7jEfsD8Z@3WkOju5EFX&)i%6rL`He{%iIX51pQwI+#qRw78YQtVl&_eafBHe|Ff_fFas%r#y*gUGD~BdL1S|RRudLxEJ>qJ zv;$)nIo5%R9vJJ449wp}y?&_NQVtWFTz1z?W9K^Q9fv=r>{5`Zn5wBB&bp^Y>&wo- z&|B?H_xQ!c4S%ev)Z-N1y?&E|q|npJKfQl8zi_#_$x(HGM``|lfj?d$7vewsdT&-- zD{ba_Ofh$h=nlX0b7Gd-MltlUJ+{d?Y zLWztkRD=r{1l8hynFbv7IK$@tLj6WTZ+yzLg)VAwN^d5e{qHo(MKL$#=wl_>cz2=a a=i+03-B`8JSodbxCqFA=9_`J#6W9R8n17W3 literal 0 HcmV?d00001 diff --git a/keychains/roots/AddTrust Qualified CA Root.crt b/keychains/roots/AddTrust Qualified CA Root.crt new file mode 100644 index 0000000000000000000000000000000000000000..f861b27c377ab23e69782cccdb90d7ef70521529 GIT binary patch literal 1058 zcmXqLVv#dwVrE;w%*4pV#K>sC%f_kI=F#?@mywZ`mBAq0klTQhjX9KsO_(Xz)lkGh z2*lwM=5|a;2`MTqE>UoFGL$ut28nVDi@-%gLIM>0QcKG7i?R)s4HQAr%)(M|>A=#& zoXoV$)D#70M}?sL{1O8>ab5!h15;xILjw~NQ-dgRUL#~K{T$N7sDvB{jI0dIO^o~u z22G4yOihf83{T`{{ky{%)xKoD`#!<=^(`j1lWZz0w!bvk`i4hF>xkI@2X6{rcYPJi zd+X0T@sf~)uBRyDp(RSf#|2aVD+$fo*%zbFalSBXb2?+>$5^+|8!DE5<8!KdTrYj* z!iVh|f3;rC+q_{X%c{TMj&IqxLuwyB@(Wb!>@vOT`ITNA8TvUpQ*XRvVrFDuT-z#oY%7JEAVi6;75{ eF(`Q|x8k0Sx_N!`x_Ra2KNxKM?>+Oyv4sFyv4XDv literal 0 HcmV?d00001 diff --git a/keychains/roots/AdminNacCA.crt b/keychains/roots/AdminNacCA.crt new file mode 100644 index 0000000000000000000000000000000000000000..f2c8992b4c6998775e7e03fc63745dd33d8ec1b7 GIT binary patch literal 1023 zcmXqLV*YK=#PoOpGZP~d6N}l?-gySRY@Awc9&O)w85vnw84Mb?7;+nMvN4CUun9AT zMjC1xXo5Ig!b*-VzMg)b!68A8&Yu2$3VvY9(MQ3>Rl(UmD9F`6*iha;7NnS4SS;8z zD9jV6E?B|U$JIF`$luS?8K^+VKntXRSy&mN0HohFD8$pv(-~s2u7abUpPsXxp{9X4 z8yDv!wa&?(bW#|ZMI@8+i;7b76>4yzaE{q z=a{{o`8Gq;dk^#T;hn$lo}46bubg?R%mlmR+tO97Lub6dY4cC*NtdC_^<9lPe9+!y)cX3?jv)-)OSxGn8X*ZA+Jt1a7Ww()c9gn+;@BOPn~ zRq=^&k3+5s#s25*6+GTlWp@9ekJyotySiELFKql^y!_vO^K@q+y-Kes>sx-a3v&1w zOfG%N7;^6DJ(0E#>(0VJM0=^ z=Kbu<$EY*KM)PK^Sa-SX_4|JfI*$cRHo4E2QO$bcvbEo5U*qQs2M%(dWfoiD6dLAt z@bMOfwehpJg~odb2)$R?99DCNReIA&t(6&qlj`(e+Pi$baBPCK_ucP_N^dgTL>)Fi zTAEe_aUgmKl< zGTmDKCt;ue7i;DB9lX)-d-nucX(`V+EXhZlWIyNc-t6gh*Zr;ME+$>Ap5x46J0E3S jIJlv0Ymc|px?Y)%7N5TX>u0K!aU5z`t5F$xS@#(LE8cPP literal 0 HcmV?d00001 diff --git a/keychains/roots/BTCTRT.cer b/keychains/roots/BTCTRT.cer new file mode 100644 index 0000000000000000000000000000000000000000..da96dbb2c93d063581e5a96ebb4e258c37923087 GIT binary patch literal 891 zcmXqLVlFpmVv1kD%*4pV#KOeDu+xB-jZ>@5qwPB{BO@y-gF%!bw*e;`b0`a&Fq5aN zp^$+9h{Gk!>6DmLl9`)dlxiq!AP5rU7UpuUOiC>ZDJm^4F;p^800}Y+OTrZ@Afy$7 z^7Bg!!|F<^IChw;MQFb8lbttNLc@n^wolb5B&#(PO+Vy_3-8?#l#`0j4ZA-VJ!F6KYLwB<*Txh2chm4;Ok`xj_^5t{jZv1`*~o4BuY=WRVPuSW00l6ig{BHp=w z3v#oilJ}-Oliz;s!>9RryQQ~(3g{@Fbm-AzvEErmOso4O?!FWdd{<|>dct};gDF)P zjBS^v@_+r)H!tbDyNeEE>~7huMwi?#S?FE(*LcS$OK$5so2!4GH_A#LR&jcjY`GEu Dq-#{f literal 0 HcmV?d00001 diff --git a/keychains/roots/Belgacom_selfsigned_primary.crt b/keychains/roots/Belgacom_selfsigned_primary.crt new file mode 100644 index 0000000000000000000000000000000000000000..57b5a5a07f5e140c755b1c59fce00b0dd23332c6 GIT binary patch literal 842 zcmXqLVsAwLl8>d#AN85K^Mn+av27?GgZUas>=1>+kVJ0V6 zLqP+65Qj^c!zncBg2;BNomosXP>p7SsA^{&rEyi<(8}c(uvcHE}t-N&bl*=^GW%#!-`k_xd}C2 zKll8i_L^w6({YE_oIWOX@7UjS78|{L=5$K`DCyliapHk}>bp8#)$o4q-zLcZ@7=DF zi0EIR%sEnh?%4|lY?kVG{&eP4kfinN_I!Rd?(n7-2eqruTQ?YIWh}mBST4Z(lEw9; zLD$aAY_n*N?8@t}muy{-dqjBiE}q+q>s3k(@+_6K@A}^TyJL2|Zd3j52J4-3&#wA^ z+a%|ByxfeUq-A;XmRo;sUJ=^ABuf2mfB4Sp4esyH9^-TR`eyb|vzlGfrvqlyrZjFX zFtt%y^?_&3rlyGsoyXVaGBGnUFfNub5Hk>A<4kDtU~K#0#0UicSy-5v7}$}+4wyuM zVaLdjn(>8;S9DU~%iGo`URO#UKkz8%>Ba21(RE9=THm@LZ66=KcXInQmiir@l`@J! z_g?;O%(U+d`kFf@-_Lrb$s^Bst3#N+T($GN9p@tS*WgEJdzgCKl-~xvHecSxpWA)@ z!up>+OwXT+33*9GzIlJ*#bJXF%5EL=r?0(#&aOFL_{gzGliUQAXNDZ?I^NUn_h9`z zw^d~;t_SBa*gaO>d|XD~|9xcTPreqMIW+&KpxFbqN4x)s=SRm>q-P2k=ma}t|JVBb RO0n*9wzhF!!i0*4D*>BcOc4M8 literal 0 HcmV?d00001 diff --git a/keychains/roots/C1_PCA_G3v2.509 b/keychains/roots/C1_PCA_G3v2.509 new file mode 100644 index 0000000000000000000000000000000000000000..dcb99fe9a6299ec48d8499f5338385b798e77077 GIT binary patch literal 1054 zcmXqLVv#avVrF6zWay4A4QmN$3KQ|o_Wc7hVlloAPH_^F_?rxNKt8ViGp8h zNqK%zwxN}Q1w?_NMzW@Yp{1pz0!$^u2nAgQxBMc7#L|+C{G!aN)D(r%;#7tFyqroy zR|98|US?q%m=*=+oW$Z{1w(~^(xjZsWQBmD%-qDHN(JZCqLR$C%;dz9%=|nBM~GP^ zl|ZxIjSb|)c`Yps4Ge$?1fs-wjm-?q4b6;>qvh97r`kX!67U-%~BTkez-5|(fOIZ1@wf8ygQP~pc| zW|}Nyb~kMgBa7MM(2T2#%sAJqR#XdNTWfzx^4o z)y-9IYW#(7m#z&COJa1_a(VgBzJyzN_RcT9(wi>EZ`yXLBWCmbv!|~tznL(##p=gF zbJ@gG&o>->I`LM>vNeW{>!#m3%duw1f$0tPc|}W}X9`bEl|M4s=5J*`%N0BSSKsHI zJDXnPpUU)qVrxk8@&9Ju+jQSti1Yt1IKPPP+779YKD=tFk6aq$j?aI5_XXFjH%k>7 zGBXzX*FDTW&+hoExo?lf-3@wz8?!e#otd@gr-xFdmn8ot89RlNn^}kVebT594y*Lf w4R|HJVQctC^Rx)%&v*FmbG09N-^O~?LL_14V()uw(+YJy-QFg@Eeg&#iN(bVMhXF?NjaIx3IRo#xrs%U3eKrTC7EfN$%!SI`FRSC5VJ}u zfo8iK8_0?CT3Q+!7yuCnM2Yhnn;DoJni(0JTAEr$4KL3&F)ATPCL=2Ya}y&!gFzD` z7gG}>Bg1+w-a}V)Zl~|meL6+`?$Uh^Hu&~$P7JfTR&)5vS-ZB=i#i@Xys;$n=+;O3 z4=!^Lh;y^-zB+B!)_jru0_W6)=drraHmnl9A%F8SlX>@A9rq7?jcm(#4R~IEx8YZi zy;J1&ZYk4==))(&GJTFp9GqCqeN~uY_MZ2LJ?z{P6k4^ePS|#~d%+o_yW9Udgl-Cu z30rrjx7_!*g70#}viBL2x+chRG=^{-UM8E02!?ppj>mUqq)g=Gg99KGn~Bc6L{O`83*o(C;g%>FAy9{nkp zup*wN_LI~%Ri{M$BVIe~I+>Um85og62$xvyPUb-;PZ_8OP(z;ynk7S+wD$~g8jO8 ztTs!G?YS-26jT&@&(ywea42NM3hU5?|HL%TI_)jVYq+iMvizJ&>=o$=GkE2krfg); zVYyJUn2A*>Ir(h!*53znld>~Q|Hc+L?)c;+SR8Oj^Tf+VJN*9;*q4EOMO|+I-5O^TnMT zi{ENB*w<<>k9e1zS#j7WGPLvA zi{KcUS93okiE%GK8PD_K-l4K{>%V7x`sKK6k+I0hr&Y<9=Ovk6ZB3oW_bgbYL^@7Z zC^-7K&hutZYteOG89T$LGchwVFd~N#Fu4Omh><~1WZJ>ilQ_QH>z~~8?@84BlzX=o z{o7`ml$nL!y&$T8bZxz;ym?Zw-IeF@=fs(BoBqUM{{rZ#TE?t0-YPo`n3Z z2ev9J>9KR4URiS5eYfnv>r1oG=wEXB>v?y1=lS4Ww-}-{_BY-Cu}fGspsnd|pFzK- z+XgvX(_0ovViI0!pKS}wxwk&)HRA<2m48+JLQ+B*JAS9l6cKTaS@(Qhrg)=vl=;ax ztuMzOEsP17y)1;`{D+SRkIyiWvNjXDy*TgH-?f_#-FnaDF5GqC<7UIP{xT2!=d9=F tnftwh_r@2~u!dXPbH)4T$~C4u{CCuK*V^ozTvdMl-YxIEKi1wA1OR@tik$!e literal 0 HcmV?d00001 diff --git a/keychains/roots/C4_PCA_G3v2.509 b/keychains/roots/C4_PCA_G3v2.509 new file mode 100644 index 0000000000000000000000000000000000000000..e079369bf519b9b2d8434335fabf0a3df8eba3b6 GIT binary patch literal 1054 zcmXqLVv#avVrF6zWO%b+d3RoE7UTINHD~mv#9cSwW#iOp^Jx3d%gD&e%3#oV%8=WD zlZ`o)g-w_#G}utwKorE`66Om_Ey@heOwZF%@XSlrGn6-w1xauVi@_umLW)X@OBDQ4 zOUm<$vJI^aEFcODHIg+I3@t4!6<{hMMkweixaAiqB$k$BPP-qpA&NtR98BD`H8n)6rUx)q<6_O>3n?i{rLdSmC8H%-Sb*-n*xdceQsLzLmszWGXUQ1!G@PD1S*v+9 zYhV)-gJ630=Z-}8c;?Ahqj?{Eyt2^9v~`o!?F~((aKL2UeYj*S4bX_5Sl3D-rO8yyfGhckTuw?hw;JsSsA~&qhtIyeeNseKI v;@cmNNliO%Y&x>rE#R}^(SF7iC9l6$sNZ`2Jlv@)=O=r+_y)>JUG zw6st_H6N(VEx$-15u&XsHASJcI8`A(FQ?K_-ar~Eu)5o9~FY_ar`=r@Y0ns(JJbK|(??oS6Atb?vP|^+3D?)lV*BRUeMnI$TY7f2RQ|Rb z)q#n5%j(-tJlg)$3^8_c=|q_(>GU~ z)h&HqCpyo%=yl!e7+ucxYuUL8HBZ+aouJGU<8@*E#@Nrtw{hKmAUc`%F7uw_WnEkE z`X8PxT)Kntz_XLl*-LkH-dVHcZqZx6h2Q=6uw8z2BBiAI&{W4csl^c=C(N?R+BoCn Yk@h|3U2|O@WZ0>naHeDa!YVh;9nl3jUF!{a**LY@JlekVGBUEVG8i--G~_nm zWMd9xVH0Kw4K@@v5Cw6#g!#f!i!y^V)AMu`JoA$E3~daoKoZ=-#?Cp3#l;Fn3IU}_ zIhn}{0Y#a)iA9wP&Z$KunQ58Hi6xo&c?yoDB^mienI)A9x(e<_hE@g^5Z#6v$(jm= zmX;O@sOAHex#brrBto=RrKTv97N;uY=jBuy${WZ+^oqf>D1;Q17MCdarIwWE7iAmB ziSt@o7?>Jb7=S^PIIod~frWvgk+G?zsb$o#@MGhA#w-UM4c2h_|Kd3RhKXKTzxqcGa~~dvh#omiy7#yBE6sW7e5yMJ~Hpy z(YU}ahZ#FEe$19>zVT@8-v4hGK1+M0&-vxl^;b)^r+!mOX!CW^YhHRpcfsX#6`A=( zw{q5Td`O;T{%rRV1M#)xXFN?;oxjn4ao=`{Y3{{YAxb7Gy4%ENM@DZ6jI`R!E%HU^ Ye)@thYmHLkHo6t5_Xt%Vb=k5G0N@}G%m4rY literal 0 HcmV?d00001 diff --git a/keychains/roots/Class3_PCA_G2_v2.509 b/keychains/roots/Class3_PCA_G2_v2.509 new file mode 100644 index 0000000000000000000000000000000000000000..642b24a6ea071acc21607ae6211338962062ccfb GIT binary patch literal 774 zcmXqLVrDXEV#;O`sJ;1*{rn2K?E;nQzn6EK95di$xRnxarzoT`wYms4pdZy*cND+be|5K>fHT%zEYT2h{0lx-j< z&TDC5U}|V#00vRwyhauV76yh!#-^60mQlmPkB#$@V~&xPfw{347<-*ejg1Uv;w}ot z#$;YteR*e=&rJEq83uh~tqN|r?)Fz&6bDMk@49(;j>dR6MxK>mFe`4NoQhaWMD*g9x!1s1Kkzqdv;&U=^2u9L^m;7 zR_OWirxz5=JSGq|Wl6AaNUrvJ-dKn3l*`xO-3v>c6u<0&m*J8)R@J%8;|tTpRn=A`$9B8M&46fU30ng67aZS$_kaJ5Q? VZ$Ee!85?L^SrxHh?%d3Ye*uNI2VwvK literal 0 HcmV?d00001 diff --git a/keychains/roots/Class4_PCA_G2_v2.509 b/keychains/roots/Class4_PCA_G2_v2.509 new file mode 100644 index 0000000000000000000000000000000000000000..3cc5ab6770e6df8d0ca165d8e0e3baf94500e43b GIT binary patch literal 774 zcmXqLVrDXEV#;O`FzV==b?NJCVfP>PM-)a=jkYT<|XSH+89`YB)El*opTb4ixo^10!ou| zGLsboiZXK(iz*eIQ;SM6(=wA2OEUBG6dX%SGV+TuODYv~72J&stqd$6x(zjwH5Cjk zEiDvK%?B!T%P&$$glMZuO;IQZAHEh*10$~KS_ z=e4vjFg3I=0D~xTULy+w3j;$VV^d30%cx=D$Hw`{F~`Wtz}(mijJ-~##zux+AD*25 zd1PH{$WHd~pZ!PcGX#Ge5#Qi)=dnTYRjnkg9T(2Xyw!-V+naS~^F)BoV zh#5{{onDr=Xzkua@f<&cwhw{kS^>vbBsJcN_F8pt!Ir$&`cK1;Zq#-txE%~Iur3?hE?0;HjB>;n(|D{j0}v(&I2YaW}v%TdxQ=y-x(lUb=q#t z4(F~rtL}>I>TIlIv{5cp?9gwzll+Uxb&YG}b*%`O=!f VJeU^HSmg6oDaGIaRKvt=ngACd4a)!k literal 0 HcmV?d00001 diff --git a/keychains/roots/DST Root CA X4.cer b/keychains/roots/DST Root CA X4.cer new file mode 100644 index 0000000000000000000000000000000000000000..0c4ec14f83461d9095bf11e6117ba57dc638fde1 GIT binary patch literal 831 zcmXqLVzxGDVp3kf%*4pVB*<_<&Mkm}L9>T}fq@Bx4S3l&wc0$|zVk9Nva&K5*c+-C zD6uhzvTzAYyJV(kmL%pV1ZSq_C6<&Hr7DCJl@^yMIOppbiW`W6R51(lxdewO1m))g zg&h?lObq12c?}E>K2#oFXLMibwfB>6?(QsX{RaK{mya&~u`sWx#_jvD z76GlL3@aY*`H?crr_n(xlMh(AnOAInM9+4_e-mJ z7KeR1%(K<#fks@iU+vz{$~Nq8IYl3@RP$IABK;-Yzko~XyJzbGxz}11E$X{pF1>Zd z^T?#j&l}g2OtIOXe^~Q}OIF=f9qGt+>E?-=UK33ug<^{&=3H!eyr+vPp(^gJr1JOT z8?Gis!EFz@&&y0c?Xz)Be(H@_^emG~@?DgR`FpiTKs@G3?>E9^qb6!Gw-NzQGG_{NGPCmO+ z(H^+W*XUi$2V297+j)*y++Ylik!H5&3%x zALGgsf7lPXUlsfFca_=HnSaYdrr+0Jx@S>>|2FQp{H0RcY?0`l6Zem;9K6umaG579`V%W-}4AvaY#L2%2TlIuq*VzMWgJp=$9pG2bo literal 0 HcmV?d00001 diff --git a/keychains/roots/DST RootCA X1.cer b/keychains/roots/DST RootCA X1.cer new file mode 100644 index 0000000000000000000000000000000000000000..48e0df3277bf1e9e21a7593f88bfb05d6b862bb7 GIT binary patch literal 988 zcmXqLV!mO}#B_j3kl})yLpK8hQw;-<0AfZ1UN%mxHjlRNyo`*jtPBQ?D-F2~IN6v( zS=fY`N{bD74Y)xZ4q=wilEe%{aRX5hmtB}II5DS0!6z|0Rlzy4q|#8uKnWzlB`ocd znVwman4=J!nVy$eQd*R%5K>fHT%zEduV*M|zznWmSVpKBl|&TDC5Xk=h$Xkln!Y8oZZ zYhYn$XawYdxkJh?O^iy&QNhT{z}&>h&tTBR$i>ve$jET%nA*1IOKlGx$+#MjAAB_5 zQy_%?&`7#CS^tmkmDTM}IgZbKKFPjx?`zd9q6cS7+Fo+$ zyp3j``PGo}ZZEa?1U-j>^(Zwe#6K)RPW>IaxJH z`K@qz(>hl@*Qa$w_N{ZLBndpTnYeImIl}|dH=kP?imLkZ5~d$li4-ttj()gwN#?e2 zQ<;j$W0&=62~!AAjyWZA;)bYB>!?3=x6ZM?Mam6=l) zbqZ zj=r9CYt_}oQ$*Z)b>%->U7Kw6&93s#i)R~3-@dawS#UgdRin3?s?6~m(Z^H$_*WU3 zPvH_*nIzm2aVa@p`}?!#ByM5x4ZJ}<|NiC2Jers%`*%sw^^9MARsNSaZcV=PVUl3g Rg*!!)d5R||wPsxS0sym)Xw?7! literal 0 HcmV?d00001 diff --git a/keychains/roots/DST RootCA X2.cer b/keychains/roots/DST RootCA X2.cer new file mode 100644 index 0000000000000000000000000000000000000000..b9df43b23a96ef279812df596996f0da85030a48 GIT binary patch literal 988 zcmXqLV!mO}#B_j3kl})yLpK9Mc`gG310xW#81S-jYPET^edlFlWMySAXk2N?ZNSOK z9LmBb%v4%z$ZNn2;&2GFgq9>`7>XN+g1GF$e8Gu1B?>-?*{KT7nI)BmDh5g*2`*u2 zm(29clEfT^;LP;A#FEmYRE3bD(&7>Y=X^awK?8n}DsEv8m*5a*M}-I@LoovpkPx#l zFHlG!C_ldhBCcp44|f?SqnJ=~qC-k%dU0lY3CJ|PE~X|%Mut13A9@ayPMdWgNnY*yk%zNh zJqRm~o_UthWd+B!tIKamu}D}>@~T+ec<5_+Rlt^l|Fc#fJANv!+23i#Z#C{)cXF?- zoEaLF{!)W^(w(OpSZDEz{>+Xn3j6fS^3SS_cl`1K&H8`l{t};dx9RaS*V+T#4KDI; zbsn_*oftDIBvbWiQs$kf?-+vi8gs8LWoliX5}3zO zSypOnXXfQNeeC&7M)LrHH)j&X9ImW4EUEruZ@Bz|d$F;l^clab>z>VmZ2w+2MHn0T zd@x} literal 0 HcmV?d00001 diff --git a/keychains/roots/DoDCLASS3RootCA.cer b/keychains/roots/DoDCLASS3RootCA.cer new file mode 100644 index 0000000000000000000000000000000000000000..f2b0490eda2463e73e056aa4db4fc0eb1dd7a206 GIT binary patch literal 619 zcmXqLVoEn?V!W_`nTe5!iIK&CmyJ`a&7D}zCzA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPULE;5?dm73ZNP*;-g@u7~3eG-` z!NCf~3PJh#B?``t26E!O1_lPEhL(oLhQ8+UZLM!n~IIsJ;JRSYI z8R=&jI96|)CT4o5b>h?L1zg9|f|5QbmQEF4w?`{XbLj)^U?yfp2FAtu2D%2az(ADc zV-aH!$(ghCLrj0JWA71h>j~k9_!pne{b#@fk``uRHDG3B{EzG(U_3GdJ+i*g<>z$e zGZ~pZ&g_o6Iutf5F*u%>u^?3DtbN|b$uVnxNzB?UQ=I=-#i_r2e&G3iZS!AV@AB~H zxS2U+jr}uz-Rb-qlgs>*?*CtKHu1-@HXcJ0g*)~7D}GzUXadGvz%}ryj4~Ut#pT3IH6e%W41s literal 0 HcmV?d00001 diff --git a/keychains/roots/DoDPKIMedRootCA.cer b/keychains/roots/DoDPKIMedRootCA.cer new file mode 100644 index 0000000000000000000000000000000000000000..b9191b809266b7837e0235dd5c8bb8e0b8943103 GIT binary patch literal 619 zcmXqLVoEn?V!W_`nTe5!iBZacmyJ`a&7D}zCzA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPULE;5?dm73ZNP*;-g@u7~3P2GB z-_#U^p#1z21!qSCIdNV~3j+%SGec7YLj!{-ab6(D!oVELrH2z5=Og=@k(GhDv6sQ1 zv6HE>kzr@n#;s-Z5+XLRy}md=UrRK72P7@b!fL?G$oL=GKfrio271KE&ah|I z2`HGyne0I+=H7>aTl8?ik3d>h}2bM(9Q!(`LIr zX*+X2g?f5VUv>3m*NO7A^UfJR%jjCd)2}nf*@QJ^+O6(2KHpYnCzTxgbC-K&^8c4| fFE+lmzO&F{i>r~p*3RQXaTmj0)WvoCuaN=(o&(i9 literal 0 HcmV?d00001 diff --git a/keychains/roots/Equifax_Secure_Certificate_Auth b/keychains/roots/Equifax_Secure_Certificate_Auth new file mode 100644 index 0000000000000000000000000000000000000000..c44db27440eea7a3bb31f074f7e78371561bc439 GIT binary patch literal 804 zcmXqLVpcF{V(MJL%*4pV#A15y%XtG{HcqWJkGAi;jEtyK7--W?Eu}p{{{8NQ7Hh1uCKtoSIx(l&avIT2zvmmYJMblB(cXT9T1p zlvz?~AScdiX<=YtWMpV&VrXg@CC+Pz%%!@0jq{Ox#K_9P+}O)t(Ade;*vN1&c4I_3 zN7B0mvvlP-awm#p%;1vycZ(%oxFt#P@Wq;Q^I0G4VEo``^5#+3RF;%AAG3qwSvQ|f zZ`kj|)c5Z$Bj=lk3?lx2et+P(>%1#k`=NY8!A#Nc$zmV*r)OvT#K>w;01QT1d6rCrbc56d z$qN#f#2ds?H}DO44Y)yZ#VpL?9OPqYAO*5ffJN9qu#w-$05u*!3T63OSb!;m%|IT+ zQD%`a5Ni9zim?Tynv|}XXQT;yqDaXH{;!k|4}C{hi*zM48M0k@wKhia%E3OmNuvA zKkw=ni3M#G59>|3#*q$nWUW&26x8^2fl-yEKukz*hW zQozR|#)4fMHNu&J{x^8U7`W>AtN2?xFQoDtT(i5yE8>|qak9FI;rk=sbzOhFIlh09 zBd_w7Nk1hS()Tj1Kl`BYPt^I8BM+v{xUksa5o6bTb@q>`j9o6eY^kL|2igP_6ytNU x`E%BB%B=siNW$bu>5^iZkG*%^ul>2XY|Etmccu!+?K^$KI;tf>GHlAqPyl$_>sSB) literal 0 HcmV?d00001 diff --git a/keychains/roots/Equifax_Secure_eBusiness_CA-1.c b/keychains/roots/Equifax_Secure_eBusiness_CA-1.c new file mode 100644 index 0000000000000000000000000000000000000000..79b0a3f98764a07fdf6cae1a80eebf704d1f8796 GIT binary patch literal 646 zcmXqLVrnvIVtl=TnTe5!iIK&CmyJ`a&7A-4f18*?ZNn=n&ou%V2B z6o|tmEbLlXnwgeZp%9#!Tw0W>;F*`KXQ*bN0+MAGmPM0Ibt)~+%u6jUR&aLIH8hYD z=e4vnFf%eVFfjmvC~;mR10*hOENz^R>^DYM2Ij_I27|^_GV!Yaq78vdHv|ahSG);D}~qW z>v(UKw>nj0}v6(+pA!1lc$f+B_KBemDWcpM{x;f!%-~7^bqq zjEw(TSPhtglz}`*K$%6tK&(N;tHLNq@OGq_S={}DB4!R*?lnFO4P-$I_*lePuuG#x zF*DHrrO_*9GYdX@8Rm2L=SrUgyt6)^NzHtwT6QLK`?Zk6vS(+mk-WR5_38uLKS>J9 zTf8GuKR)_7Rnh+ImAVKy_x2FGh=p6X{?K|~_eyag58>d#AN85K^Mn+av1_M7sZUas>=1>+kVW!Yv zLvaI95Qj^c&$X~LGcB<~AviU;v?$e3%|Hbt!7VI{Dxr|-R9c*wms(t`;OwYtWFRNb zYiVg_|2(4e<17HeZ{>@%!~|-i<=lZ4VoBP4GMtaCo9jAX^?J^x*&N$;*xlS zSn3A8A+G^9D3X|kS)7A>3=O0}HVUu^8wfV?8yTR+14yAPKMM;mWw05@gE-185(Z)o zA_4QbU#*YZso=3JAnWws8wyp+o5~DiK??X-#8|LP^MIs z3@kt=NwbC->lq|7GqD{&jw@j5V+KYNPg~R47k*M-`#RMhnMT-ZZei~?3z)h;@8G=G zM<#4)U9o$+(*u5X%lp6QP1tntpk45MW|s|h-e2;c)W|=7wDHM~S?>?;J$H}W$mHfd zjkm_xN3LAA6^dA0%c*<1;Hz-gl!fX`t`!{3owD_0?c4>Ij&XS2Oq;#z@)zzqN7cd~ JPBeIR767vB2!{Xw literal 0 HcmV?d00001 diff --git a/keychains/roots/GTEGB18.cer b/keychains/roots/GTEGB18.cer new file mode 100644 index 0000000000000000000000000000000000000000..e37fa29b1df9b2542fa399b40a0c7c8c03ae045b GIT binary patch literal 606 zcmXqLVu~_oVm!>m#JJRemyJ`a&7L6q z%nM2UCF>a~ z8z_PlG7C$gDRj@tPfE;D2+GedF_07IwX`s>Ff=wWFtRi-h!W>D1apmyO+nm&a#rJf zo>T+y?ADU|vC)9769?U*J_-Ag!luPS-b34)-p1s{P^?Z@xsiiVSyJDE0r#LC%u zk(~#OK4zf1a$iexzKpvWcspGwafz0VNBQFgHOuZ5FA`yHwf()C&){gYm~o>p$GmD2 zzxxg+O0Ms$z4N6kw03rKh{VeeuRh0YyxHv}xAVYMzg@qsKC1bek+{F_4eRvy=ndBw sx0)PLS?XQ!^+wfxM_)!bF}0FW`)4*&oF literal 0 HcmV?d00001 diff --git a/keychains/roots/IPSServidores.CRT b/keychains/roots/IPSServidores.CRT new file mode 100644 index 0000000000000000000000000000000000000000..a32684f6b3864dc99b7c5b8128e546b43302d073 GIT binary patch literal 699 zcmXqLV%l!d#H7H)$Y8+B#;Mij(e|B}k&%U!!Ju)mA-4f18*?ZNn=q4Wu%VEF0EojO z%<1G9@8<{;V@DQ~G!O@=;}RC|3TPE9W@%1lX2QE+xNlrRtjNpTDFJEs`*1D#BbjSOr2 zgG%OGzUsT9dSuUx*cmA*oHmM^&q!|Vo6^^Q@rSwH!V|g?OBzh07nbJ8y7I^;CTGRv z&*t(ucw$GQvT5W0e`_iVbTb}WvCo*w6ms{h^7e+{>nF@zi`Z0zb_pjccIB07JUGg4 z^4IK!YyHC=X74vYJf_h1VvEI|hj!lt@Ab@OWMXDyU_^EvFmW&g-KF#SaAkzby<^rF zA2?<1c$c!-Hi>cP=9c@)wRdNn7g+g^;fB&QR$=y#@T1G`oxZuF!|B`1+al%i+y1HA zK3rtSyt46L7At52Na<(nSY?YPDI2p5}!>|M7njCXf6>Dky;6wIrUxUl-i Zj&gRl!jGr8lVh@e7EQUz=)d5$69Coa-aY^T literal 0 HcmV?d00001 diff --git a/keychains/roots/KMD-CA-KPerson.crt b/keychains/roots/KMD-CA-KPerson.crt new file mode 100644 index 0000000000000000000000000000000000000000..3a6ae297c879aeef6e9434d20f155201a9498f30 GIT binary patch literal 890 zcmXqLVlFdiVv1Y9%*4pV#9}4Q!fL?F#;Mij(e|B}k&%^^!649(+klgeIh2J>n90T4 zkjH=v#NiTV_V#r#+!G+qUTiI)6=OKU}bJuEmU^ z=B=T2vivvCccowL_?FtIIms+gqq zxFxU&UK@inh+b`unhu?G^UMqxBuKAM7(XH0E@$ zTsK|&AgLtf(fQNM=VtGGCeB-T`mN5i%bPE^w;idTyCm=QlO2~c56`j7pYzyH#9K+O z&g$@!FY9jaZeQ`k>L(L3BLm~&FoO^SAz=K;3NtePXW=kl15!+k3MGad6d62X+i-dt#19k0S7u~IeOWbs+V%eTaVOjt6wQ~G*?8k|!dL4zU#8qxS!TxXd71Mvo1dUZ_V2h7 z&kGl>{QvB*pCNG35jL0Hx6_MbzPjJ}D7dQpuhOmvHqV=y9~u^hD>5(1{+ep;d0*P7 zCEj4uf{$l;KIFC7GfXacnBA!pahU(A;pzAEzcs%%xOr~#MMKYB z8oyuN-tuNm);q0Tn=<1oCZ^jI^)u|RIjZ|$ZIkqsPJ!6t?*-oFaO+i1 z^U>%OZR4mvw{>kr?^d~abwAj=Ku>Nx`=sSQT=}oFu9fqBj%HKu?c2Y%OyUX;04e@k AI{*Lx literal 0 HcmV?d00001 diff --git a/keychains/roots/KMD-CA-Server.crt b/keychains/roots/KMD-CA-Server.crt new file mode 100644 index 0000000000000000000000000000000000000000..e09eded5c1b3a1391c5028bfba6b027941241928 GIT binary patch literal 862 zcmXqLVvaIsVscu*%*4pV#A1EwWRL+b8>d#AN85K^Mn+av27@$1ZUas>=1>+kVI~)E zLmmSz5Qj^c+1uB}kRPZT$m14f1M+m89Sy|{L_h+}!n_axh2YepveY6&1p_%YF3w46 zos&Q5q%bmz2xR7^o4nyg9n+8Nlg!>TMjBoI zS1oa}h~-lMn@Mc;o35{Boxeu(9n*|bUT5RS>rPE6^D}b(z-4mNa@lXrLlik7U==#I>E@y64ZT7v?R)n>wv`sLc*67ij@_$o{XI&FjH*3>~TeEbHpV0TlZysBZN{I)oisBa8P$3n3##1+P zow>Dk;AwB^^@?gT6DCZy=dpW!ZPW2@CksC}1ZKn>(JVMK`OO?dyYL%f-)4VVRW~>9 zzOuqOX&>1c;;Yjiwm8i36!Lm>rCOy=!>}di-Z?E9)zywWo-SC;=jE=MAkm^6kP^(f zxjF3GKCP_TU+>Rh-x#!Yo9_0+dpS=(v$UDVI$LU8Z2J9l-W#h0!4s3#zO>HUW7D1b cM&{EgRdc!gr7vDs3mw^hkTJFD_klwb0ifJN9RL6T literal 0 HcmV?d00001 diff --git a/keychains/roots/PCA1ss_v4.509 b/keychains/roots/PCA1ss_v4.509 new file mode 100644 index 0000000000000000000000000000000000000000..759f894454c468a22030059cffca2bbcc08a6920 GIT binary patch literal 577 zcmXqLVzM=8VqC@~$Z&R7eb|TlPxgfTQ(CjRXjP~IFB_*;n@8JsUPeYHRtAH3Lv903 zHs(+kHesgFU_)^OQ4ohqm@h1~C^I-SJx@o$GcQ@s(A>ZjB*87L=bV#RT&!TI5Kx+w zlbNg#P?VXQSX8OtoLW?pnUYW;3>rI`8XFm&O772H9G0j%)1&ZP`n{dKueZ-@ zYv7v5_sc?cy<11q)8Z8iW~;>V%AZNioyZJBLgF{^MFyp40M-|{f_Qq8Ta2g8}r4!Ty~nh#kb1%|0L-zW@~Ru zRWi#E%&BoY^LdWm5q5i#4gCK9Crm2)`Dl;V%l@+q8o0h6)%@6`6uV>N-A3ib)vBUy z29;tzUa@*lsh2$@bK>##F9HrW!iVGKgI{<&Y1>l0&~!t!>aHD^`&Qdq%w;fPnDO~y G;S>PVCenTY literal 0 HcmV?d00001 diff --git a/keychains/roots/PCA2ss_v4.509 b/keychains/roots/PCA2ss_v4.509 new file mode 100644 index 0000000000000000000000000000000000000000..8db922981114008c39b5190e970f1e847dd4ec9d GIT binary patch literal 576 zcmXqLVzM!4VqD53pey~yOT2gS#MjUNf9-bN$8EsN#;Mij(e|B}k&%g&!64p{+klge zIh2J>m?<>aP~1Qi#NiU=3rj7^49-l?(^2ruOV%?qH!uZBa0}}>=Oh*vD;OyRlqTh5 zCMyIKW#%RpRVp~A7L{bCWhN(EReSnx|* zKid!WMS6*ZyIq_$d7tA%=G~$VlVe^#Kf{q@Z@1a&&wuY6<*NZrYA%v}%7+VINvgQB z%q!i0Vi|)x6Eh@>4ee D8=TE8 literal 0 HcmV?d00001 diff --git a/keychains/roots/PCA3ss_v4.509 b/keychains/roots/PCA3ss_v4.509 new file mode 100644 index 0000000000000000000000000000000000000000..c61d2958f7551844584f87b277b2f2ec0de5a4cb GIT binary patch literal 576 zcmXqLVzM!4VqD53P_XNXtiVl8lWi8Ks+rI1+Hb(i#;Mij(e|B}k&%g&!64p{+klge zIh2J>m?<>aP~1Qi#NiU=3rj7^49-l?(^2ruOV%?qH!uZBa0}}>=Oh*vD;O&TlqTh5 zCMyIKW#%RpRVp~A7L{bCWhN(#8@*@)h;-ChwfZuu8f1+M3oy$*#wX)X#kJIaXSD z$@0Cw(}&XgToaD&+;(5>tbZ!5#&^m@-|{ai zOz}z8Ys_$6&cw{fz=-TTV3aTe-L>0CNc+5w8iT)x@ZDv<|8NPm^nBKkNuQ)&v+d}w z`yXCR-6Pwdqq8FLO!18+2ZBHNT~j+y#u(l>DNga@#f|@;Ur>xVn<@U-MP`nqi)Clb zojDBrVZBT<-!7Wq>hol`z!KXJM$CL4&;59DGO*`a()?%h57cfinsd_3Dto@)ivKCR FDFB5J(X9Xg literal 0 HcmV?d00001 diff --git a/keychains/roots/SecureServer.509 b/keychains/roots/SecureServer.509 new file mode 100644 index 0000000000000000000000000000000000000000..b76137b1ca59e37a3febb8a4a766b20e83587d96 GIT binary patch literal 568 zcmXqLVlpvkVqC~1z_d24&d>E0H&pbJ3joReFS?(y`l?zIzg)lAHc z42;N514ajP9YgBfx`&(IYm&zE_vGHrM<5I)#;OIT_FL!{W#5OYx=gXRH4_?Q5v{6951o(Z^c= literal 0 HcmV?d00001 diff --git a/keychains/roots/TC_RootLRA-Admin_DER_Class2.der b/keychains/roots/TC_RootLRA-Admin_DER_Class2.der new file mode 100644 index 0000000000000000000000000000000000000000..d46fdbf75290f3e15abbe82b14fb562b6fcf912a GIT binary patch literal 1111 zcmXqLVhJ{AV&1cWnTe5!iILNQmyJ`a&7E-lI| zsZ_|!Q*cQvNmTGlEh*10$}U!L&rR|$)G^Qk>E#wyM$_w@lUQ7=V5Hy^}aTIpbmE~C!?5Da%xdYW?E))Vo9n)3CQAPu*G^QsRnZ5yp|RQ#s-##CI;q4rcvU& z2BwBa#)eSt@bPHleB?M}WMyD(>;=YSCsSi1!_66%_dhy+P|URQjqZBrJ;fs_=9Avd zw}WBZ zG1sIfXu2Vrq*mxJj)D>=$?fP5ydGB7XIy7qHMpuA?MZ8lT}UseRP$UzpXj&={(0E-lI| zsZ_|!Q*cQvNmTGlEh*10$}U!L&rR|$)G^Qk>E#wyM$_w@lUQ7=V65O1}aTIpbmE~C!?5Da%xdYW?E))Vo9n)3CQAPu*G^QsRnZ5yp|RQ#s-##CI%KpMp5Ft z2BwBa#)eSt@bPHleB?M}WMyD(>;=YSCsSi1!v(G#cP9MRxj18<1`l)5_f^NX{@8JC z!!>Qw-$wlMa?K&XLylcvn&-Bik#)~Mz8H%iuSKSpw@H-Lr%1k#th)7ZVIp5^i}346 z&Yd+cjV)yUf1YQ$^-7t=)VJz3@vF5fU$z~beCy1Y!c%8k-FN)=?0h1!>fry}*9Shk zrrh^p+B(l+ITJG@1LNW*Mqh&_Mo$9=HqL}L55~41PK?Yf#$tvUB_##LR{Hwo<>h*) zv8SJ$o~fIZnWvwek(!*XTa;R+2NbbKHi3ma6KoJ}U}w=6(7 z48`<8y0Lp8y)-i=H77GKwOBthFD11?FQX(k$G`}opO-~d3{RR@fTei@L4+Pg78YhE z26p852Ig62U_@6n#4eZ>$|`gIt(e8cuc~V<^d4OQSFW)YP9UgUasr2zAiHDbKqkQm)aBRX%|ks=~>!$_?87nuOjQT>0fi1 tYRkj#rwS_XzEWYOY!OoX_S%cT;!D}LZA>h0oihK+I}5WJihNcn9{@l;c&7jW literal 0 HcmV?d00001 diff --git a/keychains/roots/TC_RootServer_DER_Class0.der b/keychains/roots/TC_RootServer_DER_Class0.der new file mode 100644 index 0000000000000000000000000000000000000000..1f2c2dd96aaf84a7259046b665c7f93a0421556a GIT binary patch literal 1081 zcmXqLVlg#nVxG5vnTe5!iILHOmyJ`a&7E-lI| zsZ_|!Q*cQvNmTGlEh*10$}U!L&rR|$R5DNi>E#xdMAPe>lUQ7=V4&daXsBtR4tFFc zqnK23YEemMT4r)$NvcB$$hu^(b$ThO26E!OmKFxa29}1#rY0s9QR2J?riMnwhEVQM z_g>?C-Zou16c@YaH!5wsW(w z`d9T+Qa&L<*;_WbZI<=k{6&%5n@MlsA(J_+3yxF>-oBl!uFa_>;pcE>exYRg%#uYl z_6KitE1yWV?owPGb5HI|@0~3YhgpliWNlgai;+W{kw4cwdX+_6y5;q!@xPwbomtGp z%*epFxQWr(po!7mz=4f3q0NJ_?S~U1GmEj9VMa+wL9vy-etCJh9%`KFC#PrXCS~U7 zCugK4XX_TFmgxaSP)uMU&jcHU8`xR&#dL{qLr`j7YB|JyJA`fy7DF+8kZ$ZANH5Jy zNzKX3OD)#V%u7kF(90;v%`wnG=;vjT7Q>ys4FnM?8Ch7EnHboSV;Pt$nSs&k%U&PP zX&^ai6{~yIl+qBbb?5)w;Bk8BYN4$%b17`g!PiI5 zE?jxz=)4SdBX(0)mLKto3lijH7(7@aE*(9+F4ri}wtQ+&>+z@S0_K)_RsZK!uYBdZ fB=Y~8s8?!BEt{8ItT?xPW!;{;+NXpjGkXC5m84`# literal 0 HcmV?d00001 diff --git a/keychains/roots/TC_RootServer_DER_Class1.der b/keychains/roots/TC_RootServer_DER_Class1.der new file mode 100644 index 0000000000000000000000000000000000000000..4c6ce70c72898e5ef55c191118d1972d8a143e31 GIT binary patch literal 1081 zcmXqLVlg#nVxG5vnTe4JhzxkyIJMe5+P?ELGP1BT7&PuNiyBo9L+0|k&?Zed9@z0Ns_#l;GS3eJv(ng;4{M{+WX zNhPNim1L%6CMTApI+TE{O9oq~my&8AC(dhWVPI@vX=rR}W^5cK&TC+5Xk=^%i+JpJU1 z)Z}d4qSP`ypa_ZyEaaJBgKz^oi@umH5pD=d%}XtZ*l&l>&B0^RnJK9` znR%(j`k8qtsTFz|CAm2U8VLQoEYf1Q)3<>jLM0;$3o{b~J8~=ob0sq{dRd)<)Ryq5 zGrFvaQPnu);uONMQ}(D`PGs7V&3*yPfBcwMx^P)F<@OfNd8E-lI| zsZ_|!Q*cQvNmTGlEh*10$}U!L&rR|$R5DNi>E#xdMAPe>lUQ7=V5H#eXsBtR4tFFc zqnK23YEemMT4r)$NvcB$$hu^(b$ThO26E!OmKFxa29}1#rsgIlQR2J?riMnwhEVQM z_g>?C*R}Dn!?uk?q1;?F1F|2kBE6cG^HPiTGxJhXEA%o-a&rtc5c+vpq{VQjZv#PuN=6nIW+n!9tH~JW&N@i^EKlWd_I;NPR;^b{V00>!fDgXcg literal 0 HcmV?d00001 diff --git a/keychains/roots/TC_RootServer_DER_Class3.der b/keychains/roots/TC_RootServer_DER_Class3.der new file mode 100644 index 0000000000000000000000000000000000000000..23b266d61c5bb5ec27cea69836621fd79398350e GIT binary patch literal 1081 zcmXqLVlg#nVxG5vnTe5!iIK&CmyJ`a&7E-lI| zsZ_|!Q*cQvNmTGlEh*10$}U!L&rR|$R5DNi>E#xdMAPe>lUQ7=V65QmXsBtR4tFFc zqnK23YEemMT4r)$NvcB$$hu^(b$ThO26E!OmKFxa29}1#rWPiaQR2J?riMnwhEVQM z_g>?CH!;F%Wf?_Lu{qpj1J=8eUPfpL&P0GyE zPtHh9&eknTEz<*vpqRiyo(VPxH?Xtli|G>KhM?5E)N+XZb_m@ZEQVtGAl=wKkY1XZ zlA4p5ms+f!nU|7Up_fsTn`5AX(9g>vErvUN8wes)GP1BRGcm9u$1*TiG6SQxr7a+- za)J6o)m@w$P56a5-|C)P{A}t^gEeQxm!7koKKD&czgqo)#8XP&C*HL&i<~vP^!uJC zC*Hnc+NQMpv(Cp8lPYqzy*sM$ra{4fXEw)k{pD?PwHrC+hwNl9w^?vQ>cljeFGeDB gET?XN_rcloP~3~tmHEN@e|vW6-0;2``bnq&0BDYDQ2+n{ literal 0 HcmV?d00001 diff --git a/keychains/roots/TC_RootServer_DER_Class4.der b/keychains/roots/TC_RootServer_DER_Class4.der new file mode 100644 index 0000000000000000000000000000000000000000..17e22b35773b79fba2f89a14a80c9a60b0363403 GIT binary patch literal 1081 zcmXqLVlg#nVxG5vnTe5!iILTSmyJ`a&7E-lI| zsZ_|!Q*cQvNmTGlEh*10$}U!L&rR|$R5DNi>E#xdMAPe>lUQ7=V4~pcXsBtR4tFFc zqnK23YEemMT4r)$NvcB$$hu^(b$ThO26E!OmKFxa29|~<1_nk3QR2J?riMnwhEVQM z_g>?C#6ISgilNIU=j{3v2?;)q~Q7`>Fw%w9zuXn4s{`UEDHpWy|(9Hz_ku zKRF{cIa{|VwM-8vf?@&-c_!E(+`!JFFQ!X`8-h~vQp+Ls+aYvwuo#NzgLGr}KzeCr zN@`AKUTU#^W?o8ag5L6Z6JtH$;iUO%*4Qs9LvC5$qbC%DH$Tt zs`E5wZrr4N$z}7@`4{JfvfO>F-((y*tz2@h_PkV?UtN!n_pAQdC>QF+-~Zp=Tz^Sf z)=$`--PW~!>`Cp!&z**LY@JlekVGBUEVG8iJijR0P|-jhB+o4@kx^1oV5P5LUS6(OTAW%`QdC-8qL-YX zYiMR*0#d>(tQ#8QrwcN|EwiY&MAtbdGc~V7!LhU?14w5kCzfR9=P4xSr6{=OCT8Xs z$cgh>S{j%eSQ?reS(q9`iSrslxyELu7EwdbLrsiI$dSUx%D~*j$j@NV#K^_e#K_37 z$+C6Hr`pwy)=6&W>&_lbDBWY3`qN9webLS{9%r&!q7^S3Z=>?0EFd?d*c3ul8}DE3>NN zoBis~E%j*IVtJ)!9*M_%K4)%Rp(nlVilKteo~Ew8C45V-cRK$Oi&`&RcwI2^)~sFXd z!t{naO^eog?d{V3&&|2z*mVUK*C%Hi7D(d*=FVM) zvPT6ng67>{)Os|AV_C(sVE>ITwqF*RH+k9Nl*eo83eWDD|B_ky%?pWMd9xVH0Kw4TfJijR0P|-jhB+o4@kx^1oV5P5LUS6(OTAW%`QdC-8qL-YX zYbb9Z3sS-?EEXE#rwcN|EwiY&MAsv+D5X5HDAhntoY&IQz}&#n(8AEb#3)Lf*AT|F zG%|`B#4c}QR6-7BMpg#qCPsb+gC<5UrY1&4hK=73Ti9<|QGedDDKPy)?)*#tBR)T$ zul?RMsJKALX2}n;zJ1&nyKQ;y?+1nA*^4@UGu;0tWmwKLi?M2>(PM2! zc8k2jOXHOHxX!K)IC#>a|MpYus>{*8jUD6`T%94lr@Q@d=jGT1eVbOT`qr1(!FKdl zr{ZUhxtV&L##b+*8T=v9k z?~cFK=w0pG-dTJhZ^;EYv2KxvWiHJ1$!ngR^_+8b(wEgn3q7Klm>C%u7dP%SXxwJN z4NL^G{46ZM)OyT-AH)%6Wc<&7yha!W4CK}~M@*b|u^P@#b#$P`r;EdvcU4sAAIu3%?o zgtJ)TEH*fc9XWP^nFtuWj12CQ{P#+Z&78je&svSR(!STa>F@liwXgI1|901Qtn)f*-GL{%Ul@{QcO1z1bl!8f@8o>8Wn4;|Jd-&5{+~D@vZ+HX z_BrDdp{Y+@O*VID?mfSywZAlQUaggdm57JXvER$BrFwar9N1s5a7aprVp#<1bxyv zzTPvg?s&%2rp6Ol>Oa*xw5~=3OqKs&Efc=GR>U$%d)CP*le88q@%-;ptBqIIcE2tv fyE1EDAg@;7yvCnbtm6uV>IIDE$nBo{BW(o$-*t@E literal 0 HcmV?d00001 diff --git a/keychains/roots/UTN-USERFirst-NetworkApplicatio b/keychains/roots/UTN-USERFirst-NetworkApplicatio new file mode 100644 index 0000000000000000000000000000000000000000..e82877d1b464fe79a0c3b3aca04ba7058e8b487c GIT binary patch literal 1128 zcmXqLVo5P*V)j|U%*4pVB;c}-r#pZ_WsBftGXw7f#^naQY@Awc9&O)w85vnw84Ma1 z8*&?PvN4CUun9AT2E#ZUKu(CExPd50hFzF1I5DS0!6z|0Rlzy4q|#8%Kn5hiB`g|} zk*W|H>>3mj6dD|&;Fnrbo?n!0sAwP$lIIqd$S5f(u+rBrFE7_CElw>eDJm^4(M!(H zHPklH1Sw$_RtgRA(*+sfmRVF>q6;-b!LgtqCo?&*Br`v+*g#I4*V59!+`!V%!o!&Sj4ykRk~d#8V3q5iu+_CI%sHMDn5R#lkg+?1(OrV(knQ1(E5Gh2$7g3e{nC9PWy zB-RIV{KycU*l>F3)pyobUs_n=5+axPm=wL+QE~L5wUAeSU8?%dC80-m<~uJrDyuW| zK+uv3AJNSYGdQxHk1=kjs{WcSqhx>j{r?pgth~!a=UuvZOz-jSaA~7OJMv$&Ewe9J z{j^}xY8N?&fZuZ#Cq2o@TX5puqXws6FZExXGh*ql>D?}~*wjY!?!3e6rY~h;W@KPo z+&IyovCn`Tm^ftlSy+In_?Q7dh$GC%_@9N`$btm;Sj1RFezl#v{b1M2im%=) zu8H3NaQR`Dh>d|iNLrr7!@$kJWr5QIhc-KCGE6SYK~0AGSQ8&|+S3E-L5?+GrUAwp zBg2xj&ol zaFR9N`+95jl*5NtF3`PyQBz*_U%&nC6|P$K7xO|@9_?oOZD_ym#hy0~+CLbtgjqZ} z<I5a{#VpjZd>|C>};{2{f<=i^H+kUKCH=` z@6XD^+_=0&^GMX*l<=ap*5}P7md!Y}mTk)&j>RljHJ41AC6w;fli)h{qw=f`40AHJ z&Iq{tzE5vb>P8Pc#eJd%TD)6%7H8Y9s}KJwKdt6|{@o@6om6QDud^9Di{2ELy$R`) QZ{=ak`nAkrjr@@o04N=tZU6uP literal 0 HcmV?d00001 diff --git a/keychains/roots/UTN-USERFirst-Object.crt b/keychains/roots/UTN-USERFirst-Object.crt new file mode 100644 index 0000000000000000000000000000000000000000..3fa090748822fe7819dbbacf7ba9a926c5d5b9f2 GIT binary patch literal 1130 zcmXqLVo5V-V)k3W%*4pVB;c}-r#pZ_WsBftGu;Q9JijR0P|-jhB+o4@kx^1oV5P5LUS6(OTAW%`QdC-8qL-YX zYba|V4N}4^ED{>xrwcN|EwiY&MAttlD>b>qKu(<3($c`(z|zpd*wDxzN}Sga$~7@C zHj5gx?rvgKLJnd^RtDxKMt%l^CPpr%CPqevbE_Kd7cWk%SY^l%I#qC6=!`{BgXr(CqYY+ljlL-z+fw_2l`4!?PF9zHIYVXlD7w?VJxXp2_U^JSDj! zE9)P3*~xuhl%AyTTrCw>ez2AOE^p5McWlSYvmECw=fD2@-4yZde_Hn~S$#yt@b2|( z7oU81e_yPBQ_$q=3$Ju8WY^pOkWt7W}Qv)-gm*uyOlfs^4qNCrKc}Owd-4!3P%-fU}~Jd z?*o5Jh(c0M=9P!O$9QKtGx7>e>#3N#KVZ>DmsMHk#jDQe^I!R)5*q)(M9eeIF2L<% za-oG`(vGB^pM%%tY}H;Qv`W&S^H$vR$;bLcIR1SwXpmUY*6Mqr_Ifw-zr3s8=ZdYF nq_aTz>70o{@>A}MPbogU`QX7qRt1KNy~07VE9}lP$e#cJidUEa literal 0 HcmV?d00001 diff --git a/keychains/roots/ac-racine.der b/keychains/roots/ac-racine.der new file mode 100644 index 0000000000000000000000000000000000000000..9b1e3e4c0561fa7cf7ec856f2f33a2fd4beb5dc4 GIT binary patch literal 887 zcmXqLVlFmlVv1hC%*4pVBwzppmgdIhrsl>LW*`nP8>d#AN85K^Mn+av27^#TZUas> z=1>+kVJ5dALtz6!5Qj^c%Q>~EB-1ZHH?!DK#y|=r$So}F=&TTwn4FoHs-UY7l%HRs z;Oq#~!i=oNKu(<3z`)SZz!GGofkBiwub~kVmsZv`F)AT@kdc*vxrvdV!Jvtei>Zl` zk>R82>_;g(T?@(uu5=XsI&wzizptpkPTO1qRg*;b>!KPmwpSNS={dB&Qor5r!UFj{ zM^4t&GQRgz&tsN6Tg~%DLdxTs^h-gLHL=2;$r>ES>fk8+)~Q3ud+?!KE>qA%X*_`))phD?;=w+csK|wo4!YL z*}Y|%j8{yYFL*OCGcqtPwl}af;0DI1EI$hiFqO0!@PjzQjEw(TSPhtglz}WrfR9Ct zMdU}E;^GyHMW6lHD!BWf6HBabUsDxw5ChW?Fo+o$)c1-^+oZkh`h+RkT>-8}az7ou zyIOhM+RR?@d2vrrfOAS3tB*!4)Ao(#MKibxSkA7wp}_QE{q_crNzRJQdRO^ZPL}`8 zpdR%Q~l-rq8}=P)2Eux z;rYLR(#A;#+e@`iJK#@fQ}I>J_>F*CX`B0uzZfor{-lD4A*Dd@z+I zDb?vk{^QWxQvby#&s=%ae|O;tUG|OF)nvH#r+u$H*Ey$a(yQ-*&*QHv3$wnTUl(~^ wWZ{gtQR{tD4{3(GpJj+&(sY37S<~-1OVUIZc^v;UFX`KY&oVmiZaDJ+0N;f~DgXcg literal 0 HcmV?d00001 diff --git a/keychains/roots/expressz.cer b/keychains/roots/expressz.cer new file mode 100644 index 0000000000000000000000000000000000000000..ecdaa6d54de96a00de2e3d09d975ee164e4aab40 GIT binary patch literal 1363 zcmd5+ZD?Cn7|#7j`We@n(TdV>HtD90rZ?G~Zh~~Johef?l;ED*srYK#7p_^m0)%UawEB)bbf1P{Y z_j#Y^Iq!YX(Q@{ET27rPD6%BWQcQC?${xx4@_#!eNwwRw?1-mAD|0B_s>3Dwx;@p} zIHVK5S&-Iu4t0&vwl#a*Atfk)-u-GDR4(&_gX0Glp6oMr+Ho4YkglJ2kKOQK*01 z<2hLC^oXstvi+aC&yKC`wq&;{*&*oo>vA@0o4tOP;x`_wKhuM*&Wz0;srd2G(AoFT zHSNlMzmWdXUPe0eXx3yyT!%G1Ji=LOJ1t5O{*#pX-Ht5F4wqGTSw=<1A*QC zz(y2^5u`Jg#zu%BY=jYqK$;O`M&J_~5+W(CNAwWp0*F{T*h@kjfto=2S00C!&Mt)e zKmrFT@W3(t%et9D!A#K;fI~^P+O2!_4TASdfvZzBKJY`Ocd-0Q{zm5b`SIyX=XQK` z%s2VMrQsR7d+dwO*}pcguWFc%)ZTt?a?8Svxoa=A7wGwqhM!G-FjqJ^=f1fxe{r$n zvC_)VuO54K)6KRA2HLlN8kih>`CWhA)SG`yo&M#WJLzW@!v)t{6B9L~*d87HcIwKh N5_$V^b!eM9{V$}2;6eZZ literal 0 HcmV?d00001 diff --git a/keychains/roots/ipscaCAC.der b/keychains/roots/ipscaCAC.der new file mode 100644 index 0000000000000000000000000000000000000000..6238769809ca3b76e609c67e6ece68fd812c966c GIT binary patch literal 2051 zcmXqLV*hW@#GbK$nTe5!iIKs8myJ`a&7D}zB3ql_W90Vf-CC<~h~lWVY{ zkbwY*!y(M+lvtFUnvR`m=BR`AR#NiE7tEm0^aP0GnE&dAJ5 zR|rlmD$7hxEmkPj%h5B`HqZpC7g5SAD0awA%*@dPGW3Ab&U&7DZh8s|PP%3WmPVE) zrbdRw28JNT+`?KQ!<`)!oHG(L^HNiQOrZMIqLR$C%;dz9%=|nB$I_CF{G!Z~N|+{Q zk~GN~$iM@HlTnNx&2a{D;=BfihDOGQKwx5O5+%-SWNK(+WC`Vth980OYn+dq;uu*O zm>YW;3>rI`8XFl_T2AxqC@|Kjc@cicW0LMY-Kxr$9v?+tq$fYOD)4PLv zZzw&@sFjR}x8Jx!fgUb7ZITPnIEpMBBc`(lwR&My9XviU>K4MrwrMh3>kO)TC9 zO)TyPvcME4%f}+dBEmjpML`bNl6NzAgx=NjaV`I5wtgotqWwS$lv$b>U4b0O2CT{! zHZiI!X<}3uO&9pnMH8?j;sJ%HFbk^zGb7`F2#=qIm6@6Se}h3bNKTa{#UP1|Lz@j) zQn52L!dXmk7Big10%visaRGI(FgBSpF^VFw#o%l%pjj|AT+A#6f^3`#Z61tmKb#mD zSy-5v7}yP@K=uo=2pb4CViXBrIU($F&IqG;SkU4C+L0n8ZW(hgX^G6Rb_Kb8FC%-4%AR5{!bw&GHb)Vgl4DqMEm zLR}f}8)^Om5hl;?lnF|kFXy{BWm06(?Uku3x4gDKI4Avrep_PI*QYO4ez`EHS!wF^ zpOo$hS+L9EkZNzi{`tSpTQEkOdz)KzamQ<3we3n>&vU!d4dm literal 0 HcmV?d00001 diff --git a/keychains/roots/ipscaCLASE1.der b/keychains/roots/ipscaCLASE1.der new file mode 100644 index 0000000000000000000000000000000000000000..55f01bef15217c81c2611855eaf2b8b6e9118f7b GIT binary patch literal 2038 zcmXqLV*g~&qXnTe5!iIKs8myJ`a&7D}zB3qmUuD0Vf-CC<~h~lWVY{ zkbwY*!y(M+lvtFUnvR`m=BR`AR#NiE7tEm0^aP0GnE&dAJ5 zR|rlmD$7hxEmkPj%h5B`HqZpC7g5SAD0awA%*@dPGW3Ab&U&7DZh8s|PP%3WmPVE) zrbdQP!?_`bJ3A^k`#1)>8Y(!a7L{bCWhN(}X?p()SaKQw;0x@q-%X2xeF`Ca1E&xh;tl<7Uo zTYl=+_ihnU2j0zDH{b5toVABZSEg0>{q+Cmr{8+*9xE5TKQ`o^dP%Zm-P9|F)1IF9 zKef74fAR#KNFVwAVHy)Uk{$}nv0ZKo`}*|F|1?)mQnD+DODk}xVSVmMIotDA)}<$p$Du|nSrHURDrusj;hJ|v~%$D}zB3qmUuD0Vf-CC<~h~lWVY{ zkbwY*!y(M+lvtFUnvR`m=BR`AR#NiE7tEm0^aP0GnE&dAJ5 zR|rlmD$7hxEmkPj%h5B`HqZpC7g5SAD0awA%*@dPGW3Ab&U&7DZh8s|PP%3WmPVE) zrbdQP!?_`bJ3A^k`#1)>8Y?)b7L{bCWhN(wIt{_&S}`ZBYl6tH)|KEkhyCjoOC@-sw(Ql-no?L$hyv%iJ6gsad8t%kUHVv;S`}$Og%&vZNR!v2kd#0m~wGW=1%R z3C?1MvsmCP4mK{J4i?5Hb0$VnB(@lw%>^_IriP1|#XyjaGoj6cvF(QwBO?n7GZO>5 zffUGoK^9>H!A6Yi50(?cF6V?WikHPy%otWO0m~?O;gqV7SzKJ2nxc?YsgO}pQc!HA zuU}qX4lVHX4YUwuFtNyrNn=q1ERl>142<**tPyHiSoFkn@Ti6Afw)L7xhTiL0il_h z#aPS`kLIG(vV2In3e}%clAB|1V2dz;oy9;*53dP%spW||DB6)+&q2WT1^GFd$(2aD z4N5^#B+rs(kYix9z+i!18)=?5TVS%lsLcS$#Yu_D*|11}1u$ly>BABlFs >qGa z_y&w^!XVRtv6-J-TmUl(xzGbvsm#FAPHA^yp8H`9r!a%N+^)qRJlz}_?kQRE(;_I_&;r`<@_0LY&l(lQ`#XSi*6{Zi4+?i*SakTi} z37@O;pVrnrP<_k#f3nYF7bD(~CEpI6fA2EM=5k@j*Jn3Q=Wx}}N;;jE&=D}zB3qlh850Vf-CC<~h~lWVY{ zkbwY*!y(M+lvtFUnvR`m=BR`AR#NiE7tEm0^aP0GnE&dAJ5 zR|rlmD$7hxEmkPj%h5B`HqZpC7g5SAD0awA%*@dPGW3Ab&U&7DZh8s|PP%3WmPVE) zrbdSP2D%`{+`?)g!<`)!oP8XFT^$V-oKuTRGSf1X6H7Al^AsFQOEU6{GD|998kmXJ zAZH*04+u_1F@7{h8OVwA8W8U-_3caMmQx#C%u7dNp) z8#J+m8^{7vm@FTQ7>kJhnKwD<`}}{bvgzm*`h9$^PxO~KUw-mJL{y zEo@?xS<=KPF`6E*r-vqBiNga5M`0FL17=3X{}3KO3oA1-`~L=mY>=EPONv1f8;3R< zutZ{KW`wht;4Ef1iv`Z&VB-SnU}0=BXJQmZVvE7qTtKs6YPgtL3wffm9LCKg#SX)J1h#gdVMfswv}4MHsoi@umH9<@+CP$%gn z7v&f@B6Ksen1~tS(Or~UmJcajVFqNBBG_+ zFv%zzC>qGa_y&w^!XV>-ahji8TmUl)x%30pugt(=PqKGOi=O_Y%(!_=Voo1c|CBCP zxZY-a!;CK*I*nF(Y~Qi-`32tzhZ$e54&QLA);vXVu9bGl;>8nhNU9~weq$>NWmh|hy_c^Ps!&Rs+|w(5zTmFvo?q7Q7d7aZOmCEU#0247;fB*mh literal 0 HcmV?d00001 diff --git a/keychains/roots/ipscaCLASEA3.der b/keychains/roots/ipscaCLASEA3.der new file mode 100644 index 0000000000000000000000000000000000000000..53ba620e9e177ae17a8544a937084bcd26c55ada GIT binary patch literal 2051 zcmXqLV*hW@#GbK$nTe5!iIKs8myJ`a&7D}zB3qlh850Vf-CC<~h~lWVY{ zkbwY*!y(M+lvtFUnvR`m=BR`AR#NiE7tEm0^aP0GnE&dAJ5 zR|rlmD$7hxEmkPj%h5B`HqZpC7g5SAD0awA%*@dPGW3Ab&U&7DZh8s|PP%3WmPVE) zrbdSP2D%`{+`?)g!<`)!oP8XFT^)@ToKuTRGSf1X6H7Al^AsFQOEU6{GD|998kmXJ zAZH*04+u_1F@7{h8OVwA8WSh2+2}BvDW~_imv5k|-3t+o zJqk7(KlZ$>op^J)(&DRUk~gltsjbX?ciHs&tSup8yR1&1NzU$7SbA+9YoS|d#Mf^r z)!b=w?b@f>+HAEn4+_~WCVq7P+8f=*`Y(U{y4q;`fBU@FW$%3~A3SDaW@KPo+{6-X z(8LmMAPY=kvV1IJEFypAwMyM#Q!P~dpx-SNdf{lpJGOPe2zCQ0P-bajv;}f38?Y){ z*u*Haq=`{tG(BKX4^6-lhX)jn!Yr%?%#4ixAv}H-R%T}Q{|yG&AURc*6oVu-4sAAI ziNwy#2xl?DSD!q{Za#3+iy7K5|7fM&tea51wO2(ob|w0SVL{cvJr zWMN@uVqiCr0@*LfB5WYoh*1Q9<%F=yIU|hXWib;oftOFfq6%I_r7C0=7ni1{C?r)X zWR#Q?6kF-*mzS4A%RPMqErcOVEV5$KSkwTEB_jg^BYguKgjyCBeKB1;YN2|dPSQ&* z$}w<6=w@ay5i`Q0yC}6RA5y%+49FN@VQ@<)C_&=?AP|nSsTgL_Vjv!>mhF1TWT~ZmxZ`W%;8U zlkeS9$tsmL;A{HMY56Z#xa?y5hnxim4(r6cedM>UXU(b0PXyu&(j-=9ELfbG6lgiI zsnR#uc<0ROTLJdwD{AfkhwRvMX4w?x&PcXz9FIHHw@%T>i1D1e&R3>9?pNAv+fMiV P<5ta{^S|o8wXg;NAx%|X literal 0 HcmV?d00001 diff --git a/keychains/roots/ipscaTimestamping.der b/keychains/roots/ipscaTimestamping.der new file mode 100644 index 0000000000000000000000000000000000000000..1ddb6b2f0f90221d7eef25fadad0e674cc8dad49 GIT binary patch literal 2117 zcmXqL;&3!*Vqdj@nTe5!iIKs8myJ`a&7D}zB3qnshP0Vf-CC<~h~lWVY{ zkbwY*!y(M+lvtFUnvR`m=BR`AR#NiE7tEm0^aP0GnE&dAJ5 zR|rlmD$7hxEmkPj%h5B`HqZpC7g5SAD0awA%*@dPGW3Ab&U&7DZh8s|PP%3WmPVE) zrbdP)21X#o+``%*!<`)!LNaqxi%Sx73qS@trxulDre!84mSpDVDL9svWaJlRmQ=!Y zF_WfC&OinpB%F+5{AkWIkQ3)MFf=qWHUtu8CdN_Xyhf&mMn;xU?q~=a5(>e_`N*k` zk(GhDv6sQ1v6HE>k>S$I$z}DeHh&i|?iJK`bK=*oXPtd4`)gp~npr{e@>A8%On5)d zzAw=1uNcEQ^QDSY+_K+3`MD!q{Za#3+iy7K5|7fM&tea51wO2(ob|w0SVL z{cvJrWMN@uVqiCr0@*LfB5WYoh*2zn<%F=yc_579Ww92sL@m7>kqWR>h0NmO($o}% zq)LU1l9GaAD}DX)@^Wa=sBfT!Fo}spR!ka;8en;4WME*VZ{Ubf%fezJW`svAR1dPd z^pcBm4BQY#Ftb>Snd32{D77pfQUarxl2MYIV{hP$Fo&JROw0tYIeDq&i8)vdLGlj= z0sj=_=VT^VVwhpj*a(V2d6p`J3ImG;W(!Q($O#pj1y&0z+RTtVk(8L64T~dK_~Qyw zeOQ_VCM#tFMFV*l-+-}A7-S|e%JY+p3t;9UmzBU8ni*I~9$Cy(lEBF6BN6Lgaxu4< zNBy#g!B&64P)W(-%H0|(e^v0;>8O93JBi_�eFKqwzmN4QNea+$2kuUCiF_2(6D` zsXsE-+J}rx1+fntON+JgqdMZFLhDTHV}!w?RZ+1>>o~%IRg~TZsf<7RzrXIDbH4MP z@7z7-G9Kl-jK>Ex$Z3kEX-dv$l)jNQ#+nfgMJaq_%$9HUevGeDZc-?9w9%xW!DuC8 znoebO@iyqJ)CVyBl1HVRmh7^?QY2!17&BjTsdXV)2xkap2QWfTa6??gy0O5E(8hvv zD~{0zGqWV1pDrK|@-C6ZWst9Qu+Snn^oyA|DJIuNPm-hy?qX!CbPFs9U&TRD1W6I# z`9vlpNMkTCv9WQni}Z1E@dZH|Ju&r$r{@2#BM&ui>TjWZWO5JXFJnBEn)XnX>?rp7 zAITVs583bI>F&GEmENg1%%4wqRnt`c>-q~_om);{Ouzl+$EBe?OFt{lC>q%?Xz7AW z69>e7@t4lt@$Ovu%ZTc-74I5KnRjJq-L$=IXm}MpL}wuW&h7d3uI&an`-f+;RVZQ8Z@m6QeI&<5yvuKmGk;Oif{j zBkC=&D(LoyD=gEy)91xS)y3X7&Z*z4-s*}N-pd*_M2^Y>-z|W=>K=AKel2Hap9EKd^1rg-B12D28b($PACcvKvGJJArBl#bh|i-2H05%O?Cl^z$$Q+u!Iod z=gVQ_EI|${L2`m9B3tzMYLP4`LQsY*tVCsDZN$N`qEv?^6-i~QV1pI{;-LeO^a*VM zx=Bcw(8eKNaJq?tNu8hs*(Pv=R058xAMZt~CPfK9XNOpLUS=9kgz^XjyTCtf6#_fP zrQ(u>3(L#PV@Ql64}^3svH_n-8?%YVC!{&s)-R z+7nbyj;VdU=WEZN`7Kbtcg+REsDHqMRi~~T_^89QeDyoCf@PNntGe%R%HhC}-`i}? z(A@{$MHCL)NYl^NbRC|N)SKkX^#*JoN1&uP0G z%Id#4eJtayvbJ>%>X)u--Tl3rPxbc?Kjs4VoVyhs v7L^y99O!ZNy>>6k>N0y9A1RhsYwH%@n{_i3obuiaS2ZsSvTi&4xOLk<@@it7 literal 0 HcmV?d00001 diff --git a/keychains/roots/persbasi.crt b/keychains/roots/persbasi.crt new file mode 100644 index 0000000000000000000000000000000000000000..79308aa16e704b41445fe15ec3e8d49896d199f7 GIT binary patch literal 805 zcmXqLVpcS0V(MDJ%*4pV#K>U4%f_kI=F#?@mywZ$mBFC#v>~?vCmVAp3!5-gl%t`j zfiQ@}A9##2f{u#Ny0k1!qUFVK7H?GKxtSKvn1_fmAq@fNj@H&d)WF6X&%w zGcW`~Fo+W8H8LG2j?CL@NW`* z<}t-|S=7FKr(gW;@5)Py?)G}lo)*5K;>s!ez|EQ56U)Sv*r#V537qWxp!dD`)P+30 zw@fC;ig!+bU}_QWb>Is}!Al#L>VUe$SrZ;BU+xfeQ~%1%&bRyS#d-y}FsJWCl7` z_tDJk4YpOC*CQ8AVU*XtE94z~Xl?zf=t^uMmIG(&}_4ZuYV5n{s!TtbbyEdinMZ4`TOKG^`*yPZspjSN>ZuV2|P zB_+D>rTYz@z-_OJCT?hntJUT0uNJ!Bs#>a1V&$ZhtUiBgwfFlv$#&VcSBvlNJU1;x z>X1mD%bJ>J{V#m^3*{XwmN6`DulV+JN?Y98R|n$CUf&d19Gh2F!?V;ow4O~;vwq$z zwX0dXEmSzNW*pymYw?VUe=Bc4jXEN;lZly;fpM|0fuI3DFsfyR85#exuo^G}DP%VT zQzJ9bvB%#`s`LBtb=uPOB&{VMd<7FOvXd zcBRY_U*oQMf9{O9OF0RJF^ksRseJrAkHKAjE3d{2rnygM{T2SQ>}JizA9v!F)i@_M p6kiaLzUREMS@qMiIr^ff{w-VG#a`OYb2qRh`^k@s=gJo~0sz#869oVO literal 0 HcmV?d00001 diff --git a/keychains/roots/persprem.crt b/keychains/roots/persprem.crt new file mode 100644 index 0000000000000000000000000000000000000000..1c084370b604d59e6f075bbba5a4075826fe705d GIT binary patch literal 813 zcmXqLV%9WhVw$vonTe5!iIKs8myJ`a&76mZp|b!_dc#^O0kfk(GhDu@@M#olK353@6iW{$O`G zzq3d0!@~E%t~spt@2QIgnmG#QZ nPmLmjZkK8VMDqOLmVC12=K5*9`T@7u55JOMZT#S?wqYj#OJ5H| literal 0 HcmV?d00001 diff --git a/keychains/roots/qvrca.crt b/keychains/roots/qvrca.crt new file mode 100644 index 0000000000000000000000000000000000000000..77e783a39ac84e67b76804a293f287933df5a9cf GIT binary patch literal 1492 zcmXqLV!dF{#Ij=nGZP~d6N}ZhfNld`HcqWJkGAi;jEtBr`ux z!LhU?BfluKq|#8&KnJ9ZSy&Zr0zUNya^k!Oh6culmWCF_KoBL)YXst&L%9R*z$Qi| zH>RRp-BHPSaBf zaZs`NF4cM`!sql7b*JeU<~Mg8e!|8a&9F33u7IWF(ZMTLtFN!MW|v^?``f(cRoYDn z>5Q(g;ZiepeSKSITXXZ?lq_p+@q<_U_oiA{O}$_nYUX#pGTcy0?nY#)XN1Cxy4CS@ z^Iu-`ebZdB@_5dTcbZbLr$UZytePrYDCecw z#e65r_23f8xO}s-hZk+w{x8PjQP7?rF3!&;>}FzSWMEv}#1v%E#N=mS%f_M2225G( zjEpRX2KolNFunm}n_@;uNkOrdzJ7jkae-c8X?__ff#s*A6$8^ws$Oz_t^q$V?Z^r< zGX7^_HDCr(z)+R~2`R8NF$w}Xyghd51EWFXZ-d4wFguu-3>uG1H695{ z&B;v6OHNe)rp%IzR0UiqF;yX{QXw&~QlTKRs07F=E-uYYEmlZOPEIW-ff$emHUMZy zoYn*fg18s6q57vQZhk#p;#e5O`)_nRYxHiC5sdk zB_@|-CZ`tbfYqb83z3;p6$0{swp8jFD8YTjC?*C9Ibgt*mzTrCO)n|eKo%4>d@N!t zBHiA(Z!c@^WRrYjX}R*l^p>pC@9!Hlt^>&{votO+L^Bp5Y*AOI?*%#{F8~z=Dc!S!21sOf%>3oaJKmKfb$fN$D@I z+>H%=oMAiXNG1G>J$Sw9j$p-wYq1BnUtMc7li8~4Oo*zbVPmzhQs6GPoQ1pR{bI@S zR4eJfRQ&pk!J=ocB9+>IO#jOF_tlw6OT>-@NxV`#xAEh%md2;MR<>z;a*m1>n!85s i=8C6WSOK)aiTW&Cy5CsxFu*cX^eV{R9Air5#8B literal 0 HcmV?d00001 diff --git a/keychains/roots/serverbasic.crt b/keychains/roots/serverbasic.crt new file mode 100644 index 0000000000000000000000000000000000000000..8588ce58a2444d04bd9bc358c401d9e1c4ff93b9 GIT binary patch literal 791 zcmXqLViq=NVyaod%*4pV#K>sC%f_kI=F#?@mywZ$mBFC#h#|KDCmVAp3!5-gl%t`j zfiQ@}AMV8=hUK-%(Tqp#FEVXJcZ!YqO#27)M5pf%(Bd4popQQ zfjCGdv#6z}D&|=jR&8iSt^T8CVz? z8h}BRIIod`p^-5VnOd4!MhzElHqJ+mKSovt=Eh!N9Ck7_HZojZ5|DS|e^~aj^Re4r z@nn>`FIsizR*UMN6<^!~Z?$e!D4EhG$6tE#B}d{{wp@ceQAwtkK?jm<`_7#AD2vC% z;_SbDk5f1cj{e)2t+`F#^Mv&kbrw~D>H5znJn-aZ z^oAXGwp8CYvpTdjO-bllJ1-M6BLm}NVFN(}eqe0M3NtePXJIv922#jw2BtY?pkvv8 z`DDiYo_faZU2C(iqCwxOn=A4?rJmgie4J2_(~>B-Q0jz-U8HlZ|5V$B-P^g7W>l4S z-R1aK>;=YaCsSi1!zDAbtnTZF zqUYUebWG~Ec<0FydhNn{8R@BF?(Zc$Os#^xXlJqYTkF3Hd%V7_cb@q7d0SFTnS9@$ z=3Jy0cw_d3^b5OqC$WhXUzvP*x)#Hn7(bppzeI!nd~(UVCFqsMF<)Qz@y}IOZN=N% zf+J3JvhHmb+)-@5ioN%XlkanfxiaQV%!~|-i-ipY4fugEEGx{&_@9N=wue#B(wSB};{CmAjN`|kTB z=H&c*ca+=jgU1BrKYDG@a65VUh*RyJU#lbYu5J(P5PZC(RWiHDX90{87yoG9~Soqmxz9lXrhK_CW$OW_Qf^vgL5XD81diqT%Z}@gP;9$ z-Z|%Ye&=`3JNM#3#U5PH-XFE9imECMJ8bsHi~izo4n@%_EI5DKTZQd5Yp-T=s{USY zHC`{BO6QuEOoXH;7v9J4qcXJCxv86qfEi98Khez`5h0cnrol;!p*>OI@z&r6C9uj_ z9VAAEGm$06V1ki|neaAZEOS<;yG+uX)2U!+YpYH;M=fr&x(IJ_Ieb3c*to;{gcr<< zE{9jTc-j45YtN6YoU~G5vF6`|X&+JZdCQd_v>(yvmQUVl>bw4V`^4-+cmJF`eO9~q z@S&r-^Y8q0{+sF7U6Y#+9bTIWoS9;C5#QLI6JvkBbU@Thbxb$2?7JV{de-$(Isc2c^NY%=?|+|Y$b~l8+c!){etqM$YoYPE#Eq9v)=zwF5AMHXyFGsJ zX6u!6OtmT&Wvrl%;DUMv-w*$#)~P7}Xlt+yjH+mOos6xQG0m!4Y`EHH?<@M1;zA2- zjSN*nY2Uq|Lo2AyJy1})+B-X5XbZG;)uFZ=HITTs2Z*5ZpO?#mcIkrX#4tJ9moxPk z0ap;tP&?HH6;!7z1O#Bx0#Uu6qzN|@2uf1@#6Stka~WOIpg5Cg*fz>h)YJz_5{Sg= zc7mppG!X@)ZgNgz^^403RfH3ir4c5nA}j_0opITRK}YBuHDe?KAcG_jlrL#RBnK&T zNt;d$Go1qkWt}KVV@o(7mB2;yi)WGDWES}KI1%P*nVkj*HK;&w(^x(#L2)5cyt$!a zU|_%lIUTN`v<(q6%u$#nVNO{R8-$^x<5Y6Wo@G_ftf)Y=K1rCqRO3ONT|IlB5ANy? z)}dgWBF1@!7-5Qt5kUe18BUQIg-;krn5G4bvM>=6h6J8Z2u9a5%+Rs`aeALGV^t;p%Af?;UkrT3C0?+x^u}`&6>|^1}8& zN1&7$x^MX6<))3tKXbqRW!+Tr=?mieT;YQ6Q(9_CeYE*l>DBoi+3!ZLeLIpePS#*w zEuQz3Ub%Yw>daH_KPGRu4s`4-)i&K8nLT)FeCyebyJu#;-ewsdy>;TrZQ+aimBe;; KPx0{2ivM3ide~I} literal 0 HcmV?d00001 diff --git a/symbol_strip.sh b/symbol_strip.sh index 739fbcb3..623df0f5 100755 --- a/symbol_strip.sh +++ b/symbol_strip.sh @@ -9,23 +9,23 @@ expfile="$1" expbase=`basename $expfile` # Don't rerun this unless the file has been relinked -if [ "${SYMROOT}/${expbase}.timestamp" -nt "${SYMROOT}/${INNER_PRODUCT_SUBPATH}" ]; then - echo "${SYMROOT}/${INNER_PRODUCT_SUBPATH} is up to date." +if [ "${BUILT_PRODUCTS_DIR}/${expbase}.timestamp" -nt "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}" ]; then + echo "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH} is up to date." exit 0 fi -echo "Scanning ${SYMROOT}/${INNER_PRODUCT_SUBPATH}" -ARCHS=`lipo -info "${SYMROOT}/${INNER_PRODUCT_SUBPATH}" | awk -F : '{print $3}'` +echo "Scanning ${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}" +ARCHS=`lipo -info "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}" | awk -F : '{print $3}'` for arch in $ARCHS do - echo "Generating exports file ${SYMROOT}/${expbase}_$arch" - nm -gp -arch $arch "${SYMROOT}/${INNER_PRODUCT_SUBPATH}" \ + echo "Generating exports file ${BUILT_PRODUCTS_DIR}/${expbase}_$arch" + nm -gp -arch $arch "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}" \ | egrep -v '^/| U _' \ | awk '{print $3}' \ - | egrep '_(|tf|ti|C)(|Q[2-9])8Security|^_(Sec|CSSM|Authorization)' \ + | egrep '_(|tf|ti|C)(|Q[2-9])8Security|_(N|ZN|ZNK|ZTTN|ZTVN)8Security|^_(Sec|CSSM|Authorization)' \ | cat - "$expfile" \ - | sort -u > "${SYMROOT}/${expbase}_$arch" - echo nmedit -s "${SYMROOT}/${expbase}_$arch" -arch $arch "${SYMROOT}/${INNER_PRODUCT_SUBPATH}" - nmedit -s "${SYMROOT}/${expbase}_$arch" -arch $arch "${SYMROOT}/${INNER_PRODUCT_SUBPATH}" + | sort -u > "${BUILT_PRODUCTS_DIR}/${expbase}_$arch" + echo nmedit -s "${BUILT_PRODUCTS_DIR}/${expbase}_$arch" -arch $arch "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}" + nmedit -s "${BUILT_PRODUCTS_DIR}/${expbase}_$arch" -arch $arch "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}" done -touch "${SYMROOT}/${expbase}.timestamp" +touch "${BUILT_PRODUCTS_DIR}/${expbase}.timestamp" -- 2.47.2