Name Description Size
Makefile 1858
SECerrs.h General security error codes 21520
base64.h base64.h - prototypes for base64 encoding/decoding Note: These functions are deprecated; see nssb64.h for new routines. 1154
ciferfam.h ciferfam.h - cipher familie IDs used for configuring ciphers for export control 2467
config.mk 893
derdec.c indefinite length 5408
derenc.c Generic templates for individual/simple items. 13531
dersubr.c XXX This should be rewritten, generalized, to take a long instead of a PRInt32. 5824
dertime.c gmttime must contains UTC time in micro-seconds unit 9597
eccutil.h deprecated 388
errstrs.c 989
exports.gyp 1631
hasht.h Opaque objects 1693
manifest.mn 1392
nssb64.h Public prototypes for base64 encoding/decoding. 3248
nssb64d.c Base64 decoding (ascii to binary). 25789
nssb64e.c Base64 encoding (binary to ascii). 21814
nssb64t.h Public data structures for base64 encoding/decoding. 466
nssilckt.h nssilock.h - Instrumented locking functions for NSS * * Description: * nssilock provides instrumentation for locks and monitors in * the NSS libraries. The instrumentation, when enabled, causes * each call to the instrumented function to record data about * the call to an external file. The external file * subsequently used to extract performance data and other * statistical information about the operation of locks used in * the nss library. * * To enable compilation with instrumentation, build NSS with * the compile time switch NEED_NSS_ILOCK defined. * * say: "gmake OS_CFLAGS+=-DNEED_NSS_ILOCK" at make time. * * At runtime, to enable recording from nssilock, one or more * environment variables must be set. For each nssILockType to * be recorded, an environment variable of the form NSS_ILOCK_x * must be set to 1. For example: * * set NSS_ILOCK_Cert=1 * * nssilock uses PRLOG is used to record to trace data. The * PRLogModule name associated with nssilock data is: "nssilock". * To enable recording of nssilock data you will need to set the * environment variable NSPR_LOG_MODULES to enable * recording for the nssilock log module. Similarly, you will * need to set the environment variable NSPR_LOG_FILE to specify * the filename to receive the recorded data. See prlog.h for usage. * Example: * * export NSPR_LOG_MODULES=nssilock:6 * export NSPR_LOG_FILE=xxxLogfile * * Operation: * nssilock wraps calls to NSPR's PZLock and PZMonitor functions * with similarly named functions: PZ_NewLock(), etc. When NSS is * built with lock instrumentation enabled, the PZ* functions are * compiled into NSS; when lock instrumentation is disabled, * calls to PZ* functions are directly mapped to PR* functions * and the instrumentation arguments to the PZ* functions are * compiled away. * * * File Format: * The format of the external file is implementation * dependent. Where NSPR's PR_LOG() function is used, the file * contains data defined for PR_LOG() plus the data written by * the wrapped function. On some platforms and under some * circumstances, platform dependent logging or * instrumentation probes may be used. In any case, the * relevant data provided by the lock instrumentation is: * * lockType, func, address, duration, line, file [heldTime] * * where: * * lockType: a character representation of nssILockType for the * call. e.g. ... "cert" * * func: the function doing the tracing. e.g. "NewLock" * * address: address of the instrumented lock or monitor * * duration: is how long was spent in the instrumented function, * in PRIntervalTime "ticks". * * line: the line number within the calling function * * file: the file from which the call was made * * heldTime: how long the lock/monitor was held. field * present only for PZ_Unlock() and PZ_ExitMonitor(). * * Design Notes: * The design for lock instrumentation was influenced by the * need to gather performance data on NSS 3.x. It is intended * that the effort to modify NSS to use lock instrumentation * be minimized. Existing calls to locking functions need only * have their names changed to the instrumentation function * names. * * Private NSS Interface: * nssilock.h defines a private interface for use by NSS. * nssilock.h is experimental in nature and is subject to * change or revocation without notice. ... Don't mess with * it. * 5923
nssilock.c nssilock.c - NSS lock instrumentation wrapper functions NOTE - These are not public interfaces Implementation Notes: I've tried to make the instrumentation relatively non-intrusive. To do this, I have used a single PR_LOG() call in each instrumented function. There's room for improvement. 11335
nssilock.h nssilock.h - Instrumented locking functions for NSS * * Description: * nssilock provides instrumentation for locks and monitors in * the NSS libraries. The instrumentation, when enabled, causes * each call to the instrumented function to record data about * the call to an external file. The external file * subsequently used to extract performance data and other * statistical information about the operation of locks used in * the nss library. * * To enable compilation with instrumentation, build NSS with * the compile time switch NEED_NSS_ILOCK defined. * * say: "gmake OS_CFLAGS+=-DNEED_NSS_ILOCK" at make time. * * At runtime, to enable recording from nssilock, one or more * environment variables must be set. For each nssILockType to * be recorded, an environment variable of the form NSS_ILOCK_x * must be set to 1. For example: * * set NSS_ILOCK_Cert=1 * * nssilock uses PRLOG is used to record to trace data. The * PRLogModule name associated with nssilock data is: "nssilock". * To enable recording of nssilock data you will need to set the * environment variable NSPR_LOG_MODULES to enable * recording for the nssilock log module. Similarly, you will * need to set the environment variable NSPR_LOG_FILE to specify * the filename to receive the recorded data. See prlog.h for usage. * Example: * * export NSPR_LOG_MODULES=nssilock:6 * export NSPR_LOG_FILE=xxxLogfile * * Operation: * nssilock wraps calls to NSPR's PZLock and PZMonitor functions * with similarly named functions: PZ_NewLock(), etc. When NSS is * built with lock instrumentation enabled, the PZ* functions are * compiled into NSS; when lock instrumentation is disabled, * calls to PZ* functions are directly mapped to PR* functions * and the instrumentation arguments to the PZ* functions are * compiled away. * * * File Format: * The format of the external file is implementation * dependent. Where NSPR's PR_LOG() function is used, the file * contains data defined for PR_LOG() plus the data written by * the wrapped function. On some platforms and under some * circumstances, platform dependent logging or * instrumentation probes may be used. In any case, the * relevant data provided by the lock instrumentation is: * * lockType, func, address, duration, line, file [heldTime] * * where: * * lockType: a character representation of nssILockType for the * call. e.g. ... "cert" * * func: the function doing the tracing. e.g. "NewLock" * * address: address of the instrumented lock or monitor * * duration: is how long was spent in the instrumented function, * in PRIntervalTime "ticks". * * line: the line number within the calling function * * file: the file from which the call was made * * heldTime: how long the lock/monitor was held. field * present only for PZ_Unlock() and PZ_ExitMonitor(). * * Design Notes: * The design for lock instrumentation was influenced by the * need to gather performance data on NSS 3.x. It is intended * that the effort to modify NSS to use lock instrumentation * be minimized. Existing calls to locking functions need only * have their names changed to the instrumentation function * names. * * Private NSS Interface: * nssilock.h defines a private interface for use by NSS. * nssilock.h is experimental in nature and is subject to * change or revocation without notice. ... Don't mess with * it. * 7743
nsslocks.h nsslocks.h - threadsafe functions to initialize lock pointers. NOTE - The interfaces formerly in this header were private and are now all obsolete. 380
nssrwlk.c Reader-writer lock 12862
nssrwlk.h File: nsrwlock.h * Description: API to basic reader-writer lock functions of NSS. * These are re-entrant reader writer locks; that is, * If I hold the write lock, I can ask for it and get it again. * If I hold the write lock, I can also ask for and get a read lock. * I can then release the locks in any order (read or write). * I must release each lock type as many times as I acquired it. * Otherwise, these are normal reader/writer locks. * * For deadlock detection, locks should be ranked, and no lock may be aquired * while I hold a lock of higher rank number. * If you don't want that feature, always use NSS_RWLOCK_RANK_NONE. * Lock name is for debugging, and is optional (may be NULL) 4994
nssrwlkt.h NSSRWLock -- The reader writer lock, NSSRWLock, is an opaque object to the clients of NSS. All routines operate on a pointer to this opaque entity. 535
nssutil.def 9372
nssutil.h NSS utilities's major version, minor version, patch level, build number, and whether this is a beta release. The format of the version string should be "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]" 966
nssutil.rc 1934
oidstring.c if to->data is not NULL, and to->len is large enough to hold the result, then the resultant OID will be copyed into to->data, and to->len will be changed to show the actual OID length. Otherwise, memory for the OID will be allocated (from the caller's PLArenaPool, if pool is non-NULL) and to->data will receive the address of the allocated data, and to->len will receive the OID length. The original value of to->data is not freed when a new buffer is allocated. The input string may begin with "OID." and this still be ignored. The length of the input string is given in len. If len == 0, then len will be computed as strlen(from), meaning it must be NUL terminated. It is an error if from == NULL, or if *from == '\0'. 3832
pkcs11.h Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document is granted provided that it is identified as "RSA Security In.c Public-Key Cryptography Standards (PKCS)" in all material mentioning or referencing this document. The latest version of this header can be found at: http://www.rsalabs.com/pkcs/pkcs-11/index.html 8022
pkcs11f.h Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document is granted provided that it is identified as "RSA Security In.c Public-Key Cryptography Standards (PKCS)" in all material mentioning or referencing this document. 32090
pkcs11n.h pkcs11n.h This file contains the NSS-specific type definitions for Cryptoki (PKCS#11). 25528
pkcs11p.h Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document is granted provided that it is identified as "RSA Security Inc. Public-Key Cryptography Standards (PKCS)" in all material mentioning or referencing this document. 869
pkcs11t.h an unsigned 8-bit value 88701
pkcs11u.h Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document is granted provided that it is identified as "RSA Security Inc. Public-Key Cryptography Standards (PKCS)" in all material mentioning or referencing this document. 709
pkcs11uri.c Character sets used in the ABNF rules in RFC7512. 23758
pkcs11uri.h Path attributes defined in RFC7512. 2374
pkcs1sig.c The value for SGN_PKCS1_DIGESTINFO_MAX_PREFIX_LEN_EXCLUDING_OID is based on the possible prefix encodings as explained below. 4863
pkcs1sig.h SGN_VerifyPKCS1DigestInfo verifies that the length of the digest is correct for the given algorithm, then verifies that the recovered data from the PKCS#1 signature is a properly-formatted DigestInfo that identifies the given digest algorithm, then verifies that the digest in the DigestInfo matches the given digest. dataRecoveredFromSignature must be the result of calling PK11_VerifyRecover or equivalent. If unsafeAllowMissingParameters is true (not recommended), then a DigestInfo without the mandatory ASN.1 NULL parameter will also be accepted. 1202
portreg.c shexp.c: shell-like wildcard match routines See shexp.h for public documentation. 12185
portreg.h shexp.h: Defines and prototypes for shell exp. match routines This routine will match a string with a shell expression. The expressions accepted are based loosely on the expressions accepted by zsh. o * matches anything o ? matches one character o \ will escape a special character o $ matches the end of the string Bracketed expressions: o [abc] matches one occurence of a, b, or c. o [^abc] matches any character except a, b, or c. To be matched between [ and ], these characters must be escaped: \ ] No other characters need be escaped between brackets. Unnecessary escaping is permitted. o [a-z] matches any character between a and z, inclusive. The two range-definition characters must be alphanumeric ASCII. If one is upper case and the other is lower case, then the ASCII non-alphanumeric characters between Z and a will also be in range. o [^a-z] matches any character except those between a and z, inclusive. These forms cannot be combined, e.g [a-gp-z] does not work. o Exclusions: As a top level, outter-most expression only, the expression foo~bar will match the expression foo, provided it does not also match the expression bar. Either expression or both may be a union. Except between brackets, any unescaped ~ is an exclusion. At most one exclusion is permitted. Exclusions cannot be nested (contain other exclusions). example: *~abc will match any string except abc o Unions: (foo|bar) will match either the expression foo, or the expression bar. At least one '|' separator is required. More are permitted. Expressions inside unions may not include unions or exclusions. Inside a union, to be matched and not treated as a special character, these characters must be escaped: \ ( | ) [ ~ except when they occur inside a bracketed expression, where only \ and ] require escaping. The public interface to these routines is documented below. 3083
quickder.c Optimized ASN.1 DER decoder 29751
secalgid.c XXX remove this when remove the DERTemplate 4095
secasn1.h Support for encoding/decoding of ASN.1 using BER/DER (Basic/Distinguished Encoding Rules). The routines are found in and used extensively by the security library, but exported for other use. 13214
secasn1d.c Support for DEcoding ASN.1 data based on BER/DER (Basic/Distinguished Encoding Rules). 113321
secasn1e.c Support for ENcoding ASN.1 data based on BER/DER (Basic/Distinguished Encoding Rules). 51465
secasn1t.h Types for encoding/decoding of ASN.1 using BER/DER (Basic/Distinguished Encoding Rules). 10916
secasn1u.c Utility routines to complement the ASN.1 encoding and decoding functions. 2810
seccomon.h seccomon.h - common data structures for security libraries This file should have lowest-common-denominator datastructures for security libraries. It should not be dependent on any other headers, and should not require linking with any libraries. 2164
secder.h secder.h - public data structures and prototypes for the DER encoding and decoding utilities library 6057
secdert.h secdert.h - public data structures for the DER encoding and decoding utilities library 3969
secdig.c XXX Want to have a SGN_DecodeDigestInfo, like: SGNDigestInfo *SGN_DecodeDigestInfo(SECItem *didata); that creates a pool and allocates from it and decodes didata into the newly allocated DigestInfo structure. Then fix secvfy.c (it will no longer need an arena itself) to call this and then call DestroyDigestInfo when it is done, then can remove the old template above and keep our new template static and "hidden". 4622
secdig.h / /* * Digest-info functions 3369
secdigt.h A PKCS#1 digest-info object 622
secerr.h Fortezza Alerts 11459
secitem.c Support routines for SECItem data structure. 11724
secitem.h secitem.h - public data structures and prototypes for handling SECItems 4772
secload.c If 'link' is a symbolic link, this function follows the symbolic links and returns the pathname of the ultimate source of the symbolic links. If 'link' is not a symbolic link, this function returns NULL. The caller should call PR_Free to free the string returned by this function. 6308
secoid.c Library identity and versioning 99535
secoid.h secoid.h - public data structures and prototypes for ASN.1 OID functions 5043
secoidt.h secoidt.h - public data structures for ASN.1 OID functions 19470
secplcy.c Translate index to cipher. 2134
secplcy.h Cipher policy enforcement. This code isn't very pretty, but it accomplishes * the purpose of obscuring policy information from potential fortifiers. :-) * * The following routines are generic and intended for anywhere where cipher * policy enforcement is to be done, e.g. SSL and PKCS7&12. 3365
secport.c secport.c - portability interfaces for security libraries This file abstracts out libc functionality that libsec depends on NOTE - These are not public interfaces 21917
secport.h secport.h - portability interfaces for security libraries 14665
sectime.c convert DER utc time to ascii time string 4330
templates.c Templates that are compiled and exported from both libnss3 and libnssutil3. They have to be, because they were previously exported from libnss3, and there is no way to create data forwarder symbols on Unix. Please do not add to this file. New shared templates should be exported from libnssutil3 only. 4054
utf8.c From RFC 2044: UCS-4 range (hex.) UTF-8 octet sequence (binary) 0000 0000-0000 007F 0xxxxxxx 0000 0080-0000 07FF 110xxxxx 10xxxxxx 0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx 0001 0000-001F FFFF 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx 0020 0000-03FF FFFF 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx 0400 0000-7FFF FFFF 1111110x 10xxxxxx ... 10xxxxxx 13228
util.gyp 1281
utilmod.c The following code handles the storage of PKCS 11 modules used by the NSS. For the rest of NSS, only one kind of database handle exists: SFTKDBHandle There is one SFTKDBHandle for each key database and one for each cert database. These databases are opened as associated pairs, one pair per slot. SFTKDBHandles are reference counted objects. Each SFTKDBHandle points to a low level database handle (SDB). This handle represents the underlying physical database. These objects are not reference counted, and are 'owned' by their respective SFTKDBHandles. 27482
utilmodt.h these are SECMOD flags that would normally be in secmodt.h, but are needed for the parser in util. Fort this reason we preserve the SECMOD names. 1618
utilpars.c The following code handles the storage of PKCS 11 modules used by the NSS. This file is written to abstract away how the modules are stored so we can decide that later. 37067
utilpars.h handle a module db request 3527
utilparst.h macros to handle parsing strings of blank sparated arguments. Several NSSUTIL_HANDLE_STRING() macros should be places one after another with no intervening code. The first ones have precedence over the later ones. The last Macro should be NSSUTIL_HANDLE_FINAL_ARG. param is the input parameters. On exit param will point to the next parameter to parse. If the last paramter has been returned, param points to a null byte (*param = '0'); target is the location to store any data aquired from the parameter. Caller is responsible to free this data. value is the string value of the parameter. command is any commands you need to run to help process the parameter's data. 3424
utilrename.h utilrename.h - rename symbols moved from libnss3 to libnssutil3 8776
verref.h This header is used inline in a function to ensure that a version string symbol is linked in and not optimized out. A volatile reference is added to the variable identified by NSS_VERSION_VARIABLE. Use this as follows: #define NSS_VERSION_VARIABLE __nss_ssl_version #include "verref.h" 1246