| base64.h |
base64.h - prototypes for base64 encoding/decoding
Note: These functions are deprecated; see nssb64.h for new routines.
|
1154 |
| ciferfam.h |
ciferfam.h - cipher familie IDs used for configuring ciphers for export
control
|
2467 |
| config.mk |
|
893 |
| derdec.c |
indefinite length |
5408 |
| derenc.c |
Generic templates for individual/simple items.
|
13531 |
| dersubr.c |
XXX This should be rewritten, generalized, to take a long instead
of a PRInt32.
|
5824 |
| dertime.c |
gmttime must contains UTC time in micro-seconds unit |
9589 |
| eccutil.h |
deprecated |
425 |
| errstrs.c |
|
989 |
| exports.gyp |
|
1654 |
| hasht.h |
Opaque objects |
1907 |
| kyber.h |
The Kyber768 parameters specified in version 3.02 of the NIST submission
https://pq-crystals.org/kyber/data/kyber-specification-round3-20210804.pdf
|
965 |
| Makefile |
|
1858 |
| manifest.mn |
|
1403 |
| nssb64.h |
Public prototypes for base64 encoding/decoding.
|
3248 |
| nssb64d.c |
Base64 decoding (ascii to binary).
|
26496 |
| nssb64e.c |
Base64 encoding (binary to ascii).
|
21814 |
| nssb64t.h |
Public data structures for base64 encoding/decoding.
|
466 |
| nssilckt.h |
nssilock.h - Instrumented locking functions for NSS
*
* Description:
* nssilock provides instrumentation for locks and monitors in
* the NSS libraries. The instrumentation, when enabled, causes
* each call to the instrumented function to record data about
* the call to an external file. The external file
* subsequently used to extract performance data and other
* statistical information about the operation of locks used in
* the nss library.
*
* To enable compilation with instrumentation, build NSS with
* the compile time switch NEED_NSS_ILOCK defined.
*
* say: "gmake OS_CFLAGS+=-DNEED_NSS_ILOCK" at make time.
*
* At runtime, to enable recording from nssilock, one or more
* environment variables must be set. For each nssILockType to
* be recorded, an environment variable of the form NSS_ILOCK_x
* must be set to 1. For example:
*
* set NSS_ILOCK_Cert=1
*
* nssilock uses PRLOG is used to record to trace data. The
* PRLogModule name associated with nssilock data is: "nssilock".
* To enable recording of nssilock data you will need to set the
* environment variable NSPR_LOG_MODULES to enable
* recording for the nssilock log module. Similarly, you will
* need to set the environment variable NSPR_LOG_FILE to specify
* the filename to receive the recorded data. See prlog.h for usage.
* Example:
*
* export NSPR_LOG_MODULES=nssilock:6
* export NSPR_LOG_FILE=xxxLogfile
*
* Operation:
* nssilock wraps calls to NSPR's PZLock and PZMonitor functions
* with similarly named functions: PZ_NewLock(), etc. When NSS is
* built with lock instrumentation enabled, the PZ* functions are
* compiled into NSS; when lock instrumentation is disabled,
* calls to PZ* functions are directly mapped to PR* functions
* and the instrumentation arguments to the PZ* functions are
* compiled away.
*
*
* File Format:
* The format of the external file is implementation
* dependent. Where NSPR's PR_LOG() function is used, the file
* contains data defined for PR_LOG() plus the data written by
* the wrapped function. On some platforms and under some
* circumstances, platform dependent logging or
* instrumentation probes may be used. In any case, the
* relevant data provided by the lock instrumentation is:
*
* lockType, func, address, duration, line, file [heldTime]
*
* where:
*
* lockType: a character representation of nssILockType for the
* call. e.g. ... "cert"
*
* func: the function doing the tracing. e.g. "NewLock"
*
* address: address of the instrumented lock or monitor
*
* duration: is how long was spent in the instrumented function,
* in PRIntervalTime "ticks".
*
* line: the line number within the calling function
*
* file: the file from which the call was made
*
* heldTime: how long the lock/monitor was held. field
* present only for PZ_Unlock() and PZ_ExitMonitor().
*
* Design Notes:
* The design for lock instrumentation was influenced by the
* need to gather performance data on NSS 3.x. It is intended
* that the effort to modify NSS to use lock instrumentation
* be minimized. Existing calls to locking functions need only
* have their names changed to the instrumentation function
* names.
*
* Private NSS Interface:
* nssilock.h defines a private interface for use by NSS.
* nssilock.h is experimental in nature and is subject to
* change or revocation without notice. ... Don't mess with
* it.
*
|
5923 |
| nssilock.c |
nssilock.c - NSS lock instrumentation wrapper functions
NOTE - These are not public interfaces
Implementation Notes:
I've tried to make the instrumentation relatively non-intrusive.
To do this, I have used a single PR_LOG() call in each
instrumented function. There's room for improvement.
|
11335 |
| nssilock.h |
nssilock.h - Instrumented locking functions for NSS
*
* Description:
* nssilock provides instrumentation for locks and monitors in
* the NSS libraries. The instrumentation, when enabled, causes
* each call to the instrumented function to record data about
* the call to an external file. The external file
* subsequently used to extract performance data and other
* statistical information about the operation of locks used in
* the nss library.
*
* To enable compilation with instrumentation, build NSS with
* the compile time switch NEED_NSS_ILOCK defined.
*
* say: "gmake OS_CFLAGS+=-DNEED_NSS_ILOCK" at make time.
*
* At runtime, to enable recording from nssilock, one or more
* environment variables must be set. For each nssILockType to
* be recorded, an environment variable of the form NSS_ILOCK_x
* must be set to 1. For example:
*
* set NSS_ILOCK_Cert=1
*
* nssilock uses PRLOG is used to record to trace data. The
* PRLogModule name associated with nssilock data is: "nssilock".
* To enable recording of nssilock data you will need to set the
* environment variable NSPR_LOG_MODULES to enable
* recording for the nssilock log module. Similarly, you will
* need to set the environment variable NSPR_LOG_FILE to specify
* the filename to receive the recorded data. See prlog.h for usage.
* Example:
*
* export NSPR_LOG_MODULES=nssilock:6
* export NSPR_LOG_FILE=xxxLogfile
*
* Operation:
* nssilock wraps calls to NSPR's PZLock and PZMonitor functions
* with similarly named functions: PZ_NewLock(), etc. When NSS is
* built with lock instrumentation enabled, the PZ* functions are
* compiled into NSS; when lock instrumentation is disabled,
* calls to PZ* functions are directly mapped to PR* functions
* and the instrumentation arguments to the PZ* functions are
* compiled away.
*
*
* File Format:
* The format of the external file is implementation
* dependent. Where NSPR's PR_LOG() function is used, the file
* contains data defined for PR_LOG() plus the data written by
* the wrapped function. On some platforms and under some
* circumstances, platform dependent logging or
* instrumentation probes may be used. In any case, the
* relevant data provided by the lock instrumentation is:
*
* lockType, func, address, duration, line, file [heldTime]
*
* where:
*
* lockType: a character representation of nssILockType for the
* call. e.g. ... "cert"
*
* func: the function doing the tracing. e.g. "NewLock"
*
* address: address of the instrumented lock or monitor
*
* duration: is how long was spent in the instrumented function,
* in PRIntervalTime "ticks".
*
* line: the line number within the calling function
*
* file: the file from which the call was made
*
* heldTime: how long the lock/monitor was held. field
* present only for PZ_Unlock() and PZ_ExitMonitor().
*
* Design Notes:
* The design for lock instrumentation was influenced by the
* need to gather performance data on NSS 3.x. It is intended
* that the effort to modify NSS to use lock instrumentation
* be minimized. Existing calls to locking functions need only
* have their names changed to the instrumentation function
* names.
*
* Private NSS Interface:
* nssilock.h defines a private interface for use by NSS.
* nssilock.h is experimental in nature and is subject to
* change or revocation without notice. ... Don't mess with
* it.
*
|
7743 |
| nsslocks.h |
nsslocks.h - threadsafe functions to initialize lock pointers.
NOTE - The interfaces formerly in this header were private and are now all
obsolete.
|
380 |
| nssrwlk.c |
Reader-writer lock
|
12862 |
| nssrwlk.h |
File: nsrwlock.h
* Description: API to basic reader-writer lock functions of NSS.
* These locks allow re-entry from writers but not readers. That is,
* If I hold the write lock, I can ask for it and get it again.
* If I hold the write lock, I can also ask for and get a read lock.
* I can then release the locks in any order (read or write).
* If I hold a read lock, I must not ask for another read lock or
* the write lock.
* I must release each lock type as many times as I acquired it.
*
* For deadlock detection, locks should be ranked, and no lock may be aquired
* while I hold a lock of higher rank number.
* If you don't want that feature, always use NSS_RWLOCK_RANK_NONE.
* Lock name is for debugging, and is optional (may be NULL)
|
5047 |
| nssrwlkt.h |
NSSRWLock --
The reader writer lock, NSSRWLock, is an opaque object to the clients
of NSS. All routines operate on a pointer to this opaque entity.
|
535 |
| nssutil.def |
|
9771 |
| nssutil.h |
NSS utilities's major version, minor version, patch level, build number,
and whether this is a beta release.
The format of the version string should be
"<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
|
972 |
| nssutil.rc |
|
1934 |
| oidstring.c |
if to->data is not NULL, and to->len is large enough to hold the result,
then the resultant OID will be copyed into to->data, and to->len will be
changed to show the actual OID length.
Otherwise, memory for the OID will be allocated (from the caller's
PLArenaPool, if pool is non-NULL) and to->data will receive the address
of the allocated data, and to->len will receive the OID length.
The original value of to->data is not freed when a new buffer is allocated.
The input string may begin with "OID." and this still be ignored.
The length of the input string is given in len. If len == 0, then
len will be computed as strlen(from), meaning it must be NUL terminated.
It is an error if from == NULL, or if *from == '\0'.
|
3832 |
| pkcs1sig.c |
The value for SGN_PKCS1_DIGESTINFO_MAX_PREFIX_LEN_EXCLUDING_OID is based on
the possible prefix encodings as explained below.
|
4863 |
| pkcs1sig.h |
SGN_VerifyPKCS1DigestInfo verifies that the length of the digest is correct
for the given algorithm, then verifies that the recovered data from the
PKCS#1 signature is a properly-formatted DigestInfo that identifies the
given digest algorithm, then verifies that the digest in the DigestInfo
matches the given digest.
dataRecoveredFromSignature must be the result of calling PK11_VerifyRecover
or equivalent.
If unsafeAllowMissingParameters is true (not recommended), then a DigestInfo
without the mandatory ASN.1 NULL parameter will also be accepted.
|
1202 |
| pkcs11.h |
Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
is granted provided that it is identified as "RSA Security In.c Public-Key
Cryptography Standards (PKCS)" in all material mentioning or referencing
this document.
The latest version of this header can be found at:
http://www.rsalabs.com/pkcs/pkcs-11/index.html
|
8022 |
| pkcs11f.h |
Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
is granted provided that it is identified as "RSA Security In.c Public-Key
Cryptography Standards (PKCS)" in all material mentioning or referencing
this document.
|
31818 |
| pkcs11n.h |
pkcs11n.h
This file contains the NSS-specific type definitions for Cryptoki
(PKCS#11).
|
28367 |
| pkcs11p.h |
Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
is granted provided that it is identified as "RSA Security Inc. Public-Key
Cryptography Standards (PKCS)" in all material mentioning or referencing
this document.
|
869 |
| pkcs11t.h |
an unsigned 8-bit value |
88681 |
| pkcs11u.h |
Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
is granted provided that it is identified as "RSA Security Inc. Public-Key
Cryptography Standards (PKCS)" in all material mentioning or referencing
this document.
|
709 |
| pkcs11uri.c |
Character sets used in the ABNF rules in RFC7512. |
24727 |
| pkcs11uri.h |
Path attributes defined in RFC7512. |
3065 |
| portreg.c |
shexp.c: shell-like wildcard match routines
See shexp.h for public documentation.
|
12185 |
| portreg.h |
shexp.h: Defines and prototypes for shell exp. match routines
This routine will match a string with a shell expression. The expressions
accepted are based loosely on the expressions accepted by zsh.
o * matches anything
o ? matches one character
o \ will escape a special character
o $ matches the end of the string
Bracketed expressions:
o [abc] matches one occurence of a, b, or c.
o [^abc] matches any character except a, b, or c.
To be matched between [ and ], these characters must be escaped: \ ]
No other characters need be escaped between brackets.
Unnecessary escaping is permitted.
o [a-z] matches any character between a and z, inclusive.
The two range-definition characters must be alphanumeric ASCII.
If one is upper case and the other is lower case, then the ASCII
non-alphanumeric characters between Z and a will also be in range.
o [^a-z] matches any character except those between a and z, inclusive.
These forms cannot be combined, e.g [a-gp-z] does not work.
o Exclusions:
As a top level, outter-most expression only, the expression
foo~bar will match the expression foo, provided it does not also
match the expression bar. Either expression or both may be a union.
Except between brackets, any unescaped ~ is an exclusion.
At most one exclusion is permitted.
Exclusions cannot be nested (contain other exclusions).
example: *~abc will match any string except abc
o Unions:
(foo|bar) will match either the expression foo, or the expression bar.
At least one '|' separator is required. More are permitted.
Expressions inside unions may not include unions or exclusions.
Inside a union, to be matched and not treated as a special character,
these characters must be escaped: \ ( | ) [ ~ except when they occur
inside a bracketed expression, where only \ and ] require escaping.
The public interface to these routines is documented below.
|
3083 |
| quickder.c |
Optimized ASN.1 DER decoder
|
29918 |
| secalgid.c |
XXX remove this when remove the DERTemplate |
4096 |
| secasn1.h |
Support for encoding/decoding of ASN.1 using BER/DER (Basic/Distinguished
Encoding Rules). The routines are found in and used extensively by the
security library, but exported for other use.
|
13214 |
| secasn1d.c |
Support for DEcoding ASN.1 data based on BER/DER (Basic/Distinguished
Encoding Rules).
|
114447 |
| secasn1e.c |
Support for ENcoding ASN.1 data based on BER/DER (Basic/Distinguished
Encoding Rules).
|
51557 |
| secasn1t.h |
Types for encoding/decoding of ASN.1 using BER/DER (Basic/Distinguished
Encoding Rules).
|
10916 |
| secasn1u.c |
Utility routines to complement the ASN.1 encoding and decoding functions.
|
2810 |
| seccomon.h |
seccomon.h - common data structures for security libraries
This file should have lowest-common-denominator datastructures
for security libraries. It should not be dependent on any other
headers, and should not require linking with any libraries.
|
2163 |
| secder.h |
secder.h - public data structures and prototypes for the DER encoding and
decoding utilities library
|
6057 |
| secdert.h |
secdert.h - public data structures for the DER encoding and
decoding utilities library
|
3969 |
| secdig.c |
XXX Want to have a SGN_DecodeDigestInfo, like:
SGNDigestInfo *SGN_DecodeDigestInfo(SECItem *didata);
that creates a pool and allocates from it and decodes didata into
the newly allocated DigestInfo structure. Then fix secvfy.c (it
will no longer need an arena itself) to call this and then call
DestroyDigestInfo when it is done, then can remove the old template
above and keep our new template static and "hidden".
|
4621 |
| secdig.h |
/
/*
* Digest-info functions
|
3369 |
| secdigt.h |
A PKCS#1 digest-info object
|
622 |
| secerr.h |
Fortezza Alerts |
11680 |
| SECerrs.h |
General security error codes |
22018 |
| secitem.c |
Support routines for SECItem data structure.
|
11724 |
| secitem.h |
secitem.h - public data structures and prototypes for handling
SECItems
|
4772 |
| secload.c |
If 'link' is a symbolic link, this function follows the symbolic links
and returns the pathname of the ultimate source of the symbolic links.
If 'link' is not a symbolic link, this function returns NULL.
The caller should call PR_Free to free the string returned by this
function.
|
6278 |
| secoid.c |
Library identity and versioning |
105155 |
| secoid.h |
secoid.h - public data structures and prototypes for ASN.1 OID functions
|
5043 |
| secoidt.h |
secoidt.h - public data structures for ASN.1 OID functions
|
20473 |
| secplcy.c |
Translate index to cipher. |
2134 |
| secplcy.h |
Cipher policy enforcement. This code isn't very pretty, but it accomplishes
* the purpose of obscuring policy information from potential fortifiers. :-)
*
* The following routines are generic and intended for anywhere where cipher
* policy enforcement is to be done, e.g. SSL and PKCS7&12.
|
3365 |
| secport.c |
secport.c - portability interfaces for security libraries
This file abstracts out libc functionality that libsec depends on
NOTE - These are not public interfaces
|
26014 |
| secport.h |
secport.h - portability interfaces for security libraries
|
15027 |
| sectime.c |
convert DER utc time to ascii time string |
4330 |
| templates.c |
Templates that are compiled and exported from both libnss3 and libnssutil3.
They have to be, because they were previously exported from libnss3, and
there is no way to create data forwarder symbols on Unix.
Please do not add to this file. New shared templates should be exported
from libnssutil3 only.
|
4054 |
| utf8.c |
From RFC 2044:
UCS-4 range (hex.) UTF-8 octet sequence (binary)
0000 0000-0000 007F 0xxxxxxx
0000 0080-0000 07FF 110xxxxx 10xxxxxx
0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
0001 0000-001F FFFF 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
0020 0000-03FF FFFF 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
0400 0000-7FFF FFFF 1111110x 10xxxxxx ... 10xxxxxx
|
13228 |
| util.gyp |
|
1281 |
| utilmod.c |
The following code handles the storage of PKCS 11 modules used by the
NSS. For the rest of NSS, only one kind of database handle exists:
SFTKDBHandle
There is one SFTKDBHandle for each key database and one for each cert
database. These databases are opened as associated pairs, one pair per
slot. SFTKDBHandles are reference counted objects.
Each SFTKDBHandle points to a low level database handle (SDB). This handle
represents the underlying physical database. These objects are not
reference counted, and are 'owned' by their respective SFTKDBHandles.
|
27482 |
| utilmodt.h |
these are SECMOD flags that would normally be in secmodt.h, but are needed
for the parser in util. Fort this reason we preserve the SECMOD names.
|
1618 |
| utilpars.c |
The following code handles the storage of PKCS 11 modules used by the
NSS. This file is written to abstract away how the modules are
stored so we can decide that later.
|
37059 |
| utilpars.h |
handle a module db request |
3527 |
| utilparst.h |
macros to handle parsing strings of blank sparated arguments.
Several NSSUTIL_HANDLE_STRING() macros should be places one after another with no intervening
code. The first ones have precedence over the later ones. The last Macro should be
NSSUTIL_HANDLE_FINAL_ARG.
param is the input parameters. On exit param will point to the next parameter to parse. If the
last paramter has been returned, param points to a null byte (*param = '0');
target is the location to store any data aquired from the parameter. Caller is responsible to free this data.
value is the string value of the parameter.
command is any commands you need to run to help process the parameter's data.
|
3424 |
| utilrename.h |
utilrename.h - rename symbols moved from libnss3 to libnssutil3
|
8776 |
| verref.h |
This header is used inline in a function to ensure that a version string
symbol is linked in and not optimized out. A volatile reference is added to
the variable identified by NSS_VERSION_VARIABLE.
Use this as follows:
#define NSS_VERSION_VARIABLE __nss_ssl_version
#include "verref.h"
|
1268 |