зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1245053, test NSS_3_23_BETA7, r=me
This commit is contained in:
Родитель
b6bf8bb8b7
Коммит
48201519cb
|
@ -61,4 +61,5 @@ CommentPragmas: '^ IWYU pragma:'
|
|||
ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ]
|
||||
SpaceBeforeParens: ControlStatements
|
||||
DisableFormat: false
|
||||
SortIncludes: false
|
||||
...
|
||||
|
|
|
@ -1 +1 @@
|
|||
NSS_3_23_BETA5
|
||||
NSS_3_23_BETA7
|
||||
|
|
|
@ -10,4 +10,3 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -530,8 +530,7 @@ nssArena_Mark(NSSArena *arena)
|
|||
/* Unmarked. Store our thread ID */
|
||||
arena->marking_thread = PR_GetCurrentThread();
|
||||
/* This call never fails. */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Marked. Verify it's the current thread */
|
||||
if (PR_GetCurrentThread() != arena->marking_thread) {
|
||||
PR_Unlock(arena->lock);
|
||||
|
@ -556,8 +555,7 @@ nssArena_Mark(NSSArena *arena)
|
|||
if ((nssArenaMark *)NULL == arena->first_mark) {
|
||||
arena->first_mark = rv;
|
||||
arena->last_mark = rv;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
arena->last_mark->next = rv;
|
||||
arena->last_mark = rv;
|
||||
}
|
||||
|
@ -845,8 +843,7 @@ nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
|
|||
/* We used calloc: it's already zeroed */
|
||||
|
||||
return (void *)((char *)h + sizeof(struct pointer_header));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
void *rv;
|
||||
/* Arena allocation */
|
||||
#ifdef NSSDEBUG
|
||||
|
@ -940,8 +937,7 @@ nss_ZFreeIf(void *pointer)
|
|||
(void)nsslibc_memset(pointer, 0, h->size);
|
||||
PR_Free(h);
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Arena */
|
||||
#ifdef NSSDEBUG
|
||||
if (PR_SUCCESS != nssArena_verifyPointer(h->arena)) {
|
||||
|
@ -1058,8 +1054,7 @@ nss_ZRealloc(void *pointer, PRUint32 newSize)
|
|||
(void)nsslibc_memcpy(rv, pointer, h->size);
|
||||
(void)nsslibc_memset(&((char *)rv)[h->size], 0,
|
||||
(newSize - h->size));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
(void)nsslibc_memcpy(rv, pointer, newSize);
|
||||
}
|
||||
|
||||
|
@ -1068,8 +1063,7 @@ nss_ZRealloc(void *pointer, PRUint32 newSize)
|
|||
PR_Free(h);
|
||||
|
||||
return rv;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
void *p;
|
||||
/* Arena */
|
||||
#ifdef NSSDEBUG
|
||||
|
|
|
@ -95,13 +95,11 @@ error_get_my_stack(void)
|
|||
if ((error_stack *)NULL == rv) {
|
||||
/* Doesn't exist; create one */
|
||||
new_size = 16;
|
||||
}
|
||||
else if (rv->header.count == rv->header.space &&
|
||||
rv->header.count < NSS_MAX_ERROR_STACK_COUNT) {
|
||||
} else if (rv->header.count == rv->header.space &&
|
||||
rv->header.count < NSS_MAX_ERROR_STACK_COUNT) {
|
||||
/* Too small, expand it */
|
||||
new_size = PR_MIN(rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Okay, return it */
|
||||
return rv;
|
||||
}
|
||||
|
@ -227,8 +225,7 @@ nss_SetError(PRUint32 error)
|
|||
|
||||
if (es->header.count < es->header.space) {
|
||||
es->stack[es->header.count++] = error;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
memmove(es->stack, es->stack + 1,
|
||||
(es->header.space - 1) * (sizeof es->stack[0]));
|
||||
es->stack[es->header.space - 1] = error;
|
||||
|
|
|
@ -92,8 +92,7 @@ nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets, PLHashFunction keyHash,
|
|||
if (arenaOpt) {
|
||||
arena = arenaOpt;
|
||||
i_alloced = PR_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
arena = nssArena_Create();
|
||||
i_alloced = PR_TRUE;
|
||||
}
|
||||
|
@ -170,8 +169,7 @@ nssHash_Destroy(nssHash *hash)
|
|||
PL_HashTableDestroy(hash->plHashTable);
|
||||
if (hash->i_alloced_arena) {
|
||||
nssArena_Destroy(hash->arena);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nss_ZFreeIf(hash);
|
||||
}
|
||||
}
|
||||
|
@ -191,11 +189,9 @@ nssHash_Add(nssHash *hash, const void *key, const void *value)
|
|||
he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
|
||||
if ((PLHashEntry *)NULL == he) {
|
||||
nss_SetError(NSS_ERROR_NO_MEMORY);
|
||||
}
|
||||
else if (he->value != value) {
|
||||
} else if (he->value != value) {
|
||||
nss_SetError(NSS_ERROR_HASH_COLLISION);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
hash->count++;
|
||||
error = PR_SUCCESS;
|
||||
}
|
||||
|
@ -260,8 +256,7 @@ nssHash_Exists(nssHash *hash, const void *it)
|
|||
|
||||
if ((void *)NULL == value) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return PR_TRUE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -54,8 +54,7 @@ nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt, PRUint32 length,
|
|||
if ((NSSItem *)NULL == rv) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = rvOpt;
|
||||
}
|
||||
|
||||
|
|
|
@ -106,8 +106,7 @@ nsslibc_memequal(const void *a, const void *b, PRUint32 len,
|
|||
|
||||
if (0 == memcmp(a, b, len)) {
|
||||
return PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -83,8 +83,7 @@ nssList_Create(NSSArena *arenaOpt, PRBool threadSafe)
|
|||
if (arenaOpt) {
|
||||
arena = arenaOpt;
|
||||
i_alloced = PR_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
arena = nssArena_Create();
|
||||
i_alloced = PR_TRUE;
|
||||
}
|
||||
|
@ -103,8 +102,7 @@ nssList_Create(NSSArena *arenaOpt, PRBool threadSafe)
|
|||
if (!list->lock) {
|
||||
if (arenaOpt) {
|
||||
nss_ZFreeIf(list);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSSArena_Destroy(arena);
|
||||
}
|
||||
return (nssList *)NULL;
|
||||
|
@ -205,13 +203,11 @@ nsslist_add_element(nssList *list, void *data)
|
|||
}
|
||||
currNode = (nssListElement *)PR_NEXT_LINK(&currNode->link);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* not sorting */
|
||||
PR_APPEND_LINK(&node->link, &list->head->link);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
list->head = node;
|
||||
}
|
||||
++list->count;
|
||||
|
|
|
@ -61,8 +61,7 @@ nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
|
|||
*/
|
||||
if (0 == PL_strcasecmp((const char *)a, (const char *)b)) {
|
||||
return PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -167,8 +166,7 @@ nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
|
|||
if (*c == *d) {
|
||||
/* And both '\0', btw */
|
||||
return PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -324,23 +322,17 @@ nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt)
|
|||
PRUint32 incr;
|
||||
if ((*c & 0x80) == 0) {
|
||||
incr = 1;
|
||||
}
|
||||
else if ((*c & 0xE0) == 0xC0) {
|
||||
} else if ((*c & 0xE0) == 0xC0) {
|
||||
incr = 2;
|
||||
}
|
||||
else if ((*c & 0xF0) == 0xE0) {
|
||||
} else if ((*c & 0xF0) == 0xE0) {
|
||||
incr = 3;
|
||||
}
|
||||
else if ((*c & 0xF8) == 0xF0) {
|
||||
} else if ((*c & 0xF8) == 0xF0) {
|
||||
incr = 4;
|
||||
}
|
||||
else if ((*c & 0xFC) == 0xF8) {
|
||||
} else if ((*c & 0xFC) == 0xF8) {
|
||||
incr = 5;
|
||||
}
|
||||
else if ((*c & 0xFE) == 0xFC) {
|
||||
} else if ((*c & 0xFE) == 0xFC) {
|
||||
incr = 6;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nss_SetError(NSS_ERROR_INVALID_STRING);
|
||||
goto loser;
|
||||
}
|
||||
|
@ -455,8 +447,7 @@ nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString,
|
|||
|
||||
if (0 == size) {
|
||||
rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = nss_ZAlloc(arenaOpt, size + 1);
|
||||
if ((NSSUTF8 *)NULL == rv) {
|
||||
return (NSSUTF8 *)NULL;
|
||||
|
@ -477,8 +468,7 @@ nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString,
|
|||
case nssStringType_UTF8String:
|
||||
if (0 == size) {
|
||||
rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = nss_ZAlloc(arenaOpt, size + 1);
|
||||
if ((NSSUTF8 *)NULL == rv) {
|
||||
return (NSSUTF8 *)NULL;
|
||||
|
@ -555,8 +545,7 @@ nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt, nssStringType type,
|
|||
(void)nss_ZFreeIf(dup);
|
||||
return (NSSItem *)NULL;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = rvOpt;
|
||||
}
|
||||
|
||||
|
@ -640,13 +629,11 @@ nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer, PRUint32 bufferSize,
|
|||
if ((buffer[bs - 1] & 0xC0) != 0x80) {
|
||||
buffer[bs - 1] = pad;
|
||||
break;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
buffer[bs - 1] = pad;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
(void)nsslibc_memset(buffer, pad, bufferSize);
|
||||
(void)nsslibc_memcpy(buffer, string, stringSize);
|
||||
}
|
||||
|
|
|
@ -261,8 +261,7 @@ scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize)
|
|||
isQuoted = PR_TRUE;
|
||||
/* skip over it */
|
||||
bp++;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
isQuoted = PR_FALSE;
|
||||
}
|
||||
|
||||
|
@ -282,15 +281,12 @@ scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize)
|
|||
bp++;
|
||||
c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]);
|
||||
}
|
||||
}
|
||||
else if (c == '#' && bp == *pbp) {
|
||||
} else if (c == '#' && bp == *pbp) {
|
||||
/* ignore leading #, quotation not required for it. */
|
||||
}
|
||||
else if (!isQuoted && SPECIAL_CHAR(c)) {
|
||||
} else if (!isQuoted && SPECIAL_CHAR(c)) {
|
||||
/* unescaped special and not within quoted value */
|
||||
break;
|
||||
}
|
||||
else if (c == C_DOUBLE_QUOTE) {
|
||||
} else if (c == C_DOUBLE_QUOTE) {
|
||||
/* reached unescaped double quote */
|
||||
break;
|
||||
}
|
||||
|
@ -404,8 +400,7 @@ ParseRFC1485AVA(PLArenaPool* arena, const char** pbp, const char* endptr)
|
|||
/* is this a dotted decimal OID attribute type ? */
|
||||
if (!PL_strncasecmp("oid.", tagBuf, 4)) {
|
||||
rv = SEC_StringToOID(arena, &derOid, tagBuf, strlen(tagBuf));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
for (n2k = name2kinds; n2k->name; n2k++) {
|
||||
SECOidData* oidrec;
|
||||
if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) {
|
||||
|
@ -429,8 +424,7 @@ ParseRFC1485AVA(PLArenaPool* arena, const char** pbp, const char* endptr)
|
|||
if (rv)
|
||||
goto loser;
|
||||
a = CERT_CreateAVAFromRaw(arena, &derOid, &derVal);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (kind == SEC_OID_UNKNOWN)
|
||||
goto loser;
|
||||
if (kind == SEC_OID_AVA_COUNTRY_NAME && valLen != 2)
|
||||
|
@ -483,8 +477,7 @@ ParseRFC1485Name(const char* buf, int len)
|
|||
if (rdn == 0)
|
||||
goto loser;
|
||||
rv = CERT_AddRDN(name, rdn);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = CERT_AddAVA(name->arena, rdn, ava);
|
||||
}
|
||||
if (rv)
|
||||
|
@ -565,8 +558,7 @@ AppendStr(stringBuf* bufp, char* str)
|
|||
size = PR_MAX(DEFAULT_BUFFER_SIZE, bufSize * 2);
|
||||
buf = (char*)PORT_Alloc(size);
|
||||
bufp->size = size;
|
||||
}
|
||||
else if (bufp->size < bufSize) {
|
||||
} else if (bufp->size < bufSize) {
|
||||
size = bufSize * 2;
|
||||
buf = (char*)PORT_Realloc(buf, size);
|
||||
bufp->size = size;
|
||||
|
@ -615,17 +607,14 @@ cert_RFC1485_GetRequiredLen(const char* src, int srclen, EQMode* pEQMode)
|
|||
reqLen++;
|
||||
if (NEEDS_HEX_ESCAPE(c)) { /* c -> \xx */
|
||||
reqLen += 2;
|
||||
}
|
||||
else if (NEEDS_ESCAPE(c)) { /* c -> \c */
|
||||
} else if (NEEDS_ESCAPE(c)) { /* c -> \c */
|
||||
reqLen++;
|
||||
}
|
||||
else if (SPECIAL_CHAR(c)) {
|
||||
} else if (SPECIAL_CHAR(c)) {
|
||||
if (mode == minimalEscapeAndQuote) /* quoting is allowed */
|
||||
needsQuoting = PR_TRUE; /* entirety will need quoting */
|
||||
else if (mode == fullEscape)
|
||||
reqLen++; /* MAY escape this character */
|
||||
}
|
||||
else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) {
|
||||
} else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) {
|
||||
if (mode == minimalEscapeAndQuote) /* quoting is allowed */
|
||||
needsQuoting = PR_TRUE; /* entirety will need quoting */
|
||||
}
|
||||
|
@ -667,8 +656,7 @@ escapeAndQuote(char* dst, int dstlen, char* src, int srclen, EQMode* pEQMode)
|
|||
*dst++ = C_BACKSLASH;
|
||||
*dst++ = hexChars[(c >> 4) & 0x0f];
|
||||
*dst++ = hexChars[c & 0x0f];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (NEEDS_ESCAPE(c) || (SPECIAL_CHAR(c) && mode == fullEscape)) {
|
||||
*dst++ = C_BACKSLASH;
|
||||
}
|
||||
|
@ -766,13 +754,11 @@ CERT_GetOidString(const SECItem* oid)
|
|||
PRUint32 two = n - (one * 40);
|
||||
|
||||
rvString = PR_smprintf("OID.%lu.%lu", one, two);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
prefix = rvString;
|
||||
rvString = PR_smprintf("%s.%lu", prefix, n);
|
||||
}
|
||||
}
|
||||
else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */
|
||||
} else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */
|
||||
PRUint64 n = 0;
|
||||
PRUint64 c;
|
||||
|
||||
|
@ -798,13 +784,11 @@ CERT_GetOidString(const SECItem* oid)
|
|||
PRUint64 two = n - (one * 40);
|
||||
|
||||
rvString = PR_smprintf("OID.%llu.%llu", one, two);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
prefix = rvString;
|
||||
rvString = PR_smprintf("%s.%llu", prefix, n);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* More than a 64-bit number, or not minimal encoding. */
|
||||
unsupported:
|
||||
if (!rvString)
|
||||
|
@ -945,8 +929,7 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
|
|||
|
||||
if (pn2k->kind != endKind) {
|
||||
n2k = *pn2k;
|
||||
}
|
||||
else if (strict != CERT_N2A_READABLE) {
|
||||
} else if (strict != CERT_N2A_READABLE) {
|
||||
useHex = PR_TRUE;
|
||||
}
|
||||
/* For invertable form, force Directory Strings to use hex form. */
|
||||
|
@ -991,8 +974,7 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
|
|||
maxValue = valueLen;
|
||||
if (len <= sizeof(tmpBuf)) {
|
||||
encodedAVA = tmpBuf;
|
||||
}
|
||||
else if (strict != CERT_N2A_READABLE) {
|
||||
} else if (strict != CERT_N2A_READABLE) {
|
||||
encodedAVA = PORT_Alloc(len);
|
||||
if (!encodedAVA) {
|
||||
SECITEM_FreeItem(avaValue, PR_TRUE);
|
||||
|
@ -1000,8 +982,7 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
|
|||
PR_smprintf_free(unknownTag);
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Must make output fit in tmpbuf */
|
||||
unsigned int fair = (sizeof tmpBuf) / 2 - 1; /* for = and \0 */
|
||||
|
||||
|
@ -1009,12 +990,10 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
|
|||
/* just truncate the value */
|
||||
maxValue = (sizeof tmpBuf) - (nameLen + 6); /* for "=...\0",
|
||||
and possibly '"' */
|
||||
}
|
||||
else if (valueLen < fair) {
|
||||
} else if (valueLen < fair) {
|
||||
/* just truncate the name */
|
||||
maxName = (sizeof tmpBuf) - (valueLen + 5); /* for "=...\0" */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* truncate both */
|
||||
maxName = maxValue = fair - 3; /* for "..." */
|
||||
}
|
||||
|
@ -1056,12 +1035,10 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
|
|||
end[-3] = '.';
|
||||
}
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else if (!truncateValue) {
|
||||
} else if (!truncateValue) {
|
||||
rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen,
|
||||
(char*)avaValue->data, avaValue->len, &mode);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* must truncate the escaped and quoted value */
|
||||
char bigTmpBuf[TMPBUF_LEN * 3 + 3];
|
||||
PORT_Assert(valueLen < sizeof tmpBuf);
|
||||
|
@ -1136,8 +1113,7 @@ CERT_NameToAsciiInvertible(CERTName* name, CertStrictnessLevel strict)
|
|||
rv = AppendStr(&strBuf, newRDN ? "," : "+");
|
||||
if (rv)
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
first = PR_FALSE;
|
||||
}
|
||||
|
||||
|
@ -1211,8 +1187,7 @@ avaToString(PLArenaPool* arena, CERTAVA* ava)
|
|||
cert_RFC1485_GetRequiredLen((char*)avaValue->data, avaValue->len, NULL) + 1;
|
||||
if (arena) {
|
||||
buf = (char*)PORT_ArenaZAlloc(arena, valueLen);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
buf = (char*)PORT_ZAlloc(valueLen);
|
||||
}
|
||||
if (buf) {
|
||||
|
@ -1321,8 +1296,7 @@ CERT_GetCertificateEmailAddress(CERTCertificate* cert)
|
|||
CERT_GetNameElement(cert->arena, &(current->name.directoryName),
|
||||
SEC_OID_RFC1274_MAIL);
|
||||
}
|
||||
}
|
||||
else if (current->type == certRFC822Name) {
|
||||
} else if (current->type == certRFC822Name) {
|
||||
rawEmailAddr =
|
||||
(char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len +
|
||||
1);
|
||||
|
@ -1402,8 +1376,7 @@ appendItemToBuf(char* dest, SECItem* src, PRUint32* pRemaining)
|
|||
hexChars[(c >> 4) & 0x0f];
|
||||
*dest++ =
|
||||
hexChars[c & 0x0f];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*dest++ =
|
||||
tolower(c);
|
||||
}
|
||||
|
@ -1471,8 +1444,7 @@ cert_GetCertificateEmailAddresses(CERTCertificate* cert)
|
|||
tmpArena, ¤t->name.directoryName, SEC_OID_RFC1274_MAIL);
|
||||
pBuf =
|
||||
appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
|
||||
}
|
||||
else if (current->type == certRFC822Name) {
|
||||
} else if (current->type == certRFC822Name) {
|
||||
pBuf =
|
||||
appendItemToBuf(pBuf, ¤t->name.other, &maxLen);
|
||||
}
|
||||
|
|
|
@ -400,8 +400,7 @@ GetKeyUsage(CERTCertificate *cert)
|
|||
|
||||
PORT_Free(tmpitem.data);
|
||||
tmpitem.data = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* if the extension is not present, then we allow all uses */
|
||||
cert->keyUsage = KU_ALL;
|
||||
cert->rawKeyUsage = KU_ALL;
|
||||
|
@ -483,8 +482,7 @@ cert_ComputeCertType(CERTCertificate *cert)
|
|||
if (tmpitem.data != NULL || extKeyUsage != NULL) {
|
||||
if (tmpitem.data == NULL) {
|
||||
nsCertType = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nsCertType = tmpitem.data[0];
|
||||
}
|
||||
|
||||
|
@ -517,8 +515,7 @@ cert_ComputeCertType(CERTCertificate *cert)
|
|||
SECSuccess) {
|
||||
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
|
||||
nsCertType |= NS_CERT_TYPE_EMAIL_CA;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nsCertType |= NS_CERT_TYPE_EMAIL;
|
||||
}
|
||||
}
|
||||
|
@ -526,8 +523,7 @@ cert_ComputeCertType(CERTCertificate *cert)
|
|||
extKeyUsage, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) == SECSuccess) {
|
||||
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
|
||||
nsCertType |= NS_CERT_TYPE_SSL_CA;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nsCertType |= NS_CERT_TYPE_SSL_SERVER;
|
||||
}
|
||||
}
|
||||
|
@ -540,8 +536,7 @@ cert_ComputeCertType(CERTCertificate *cert)
|
|||
SECSuccess) {
|
||||
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
|
||||
nsCertType |= NS_CERT_TYPE_SSL_CA;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nsCertType |= NS_CERT_TYPE_SSL_SERVER;
|
||||
}
|
||||
}
|
||||
|
@ -549,8 +544,7 @@ cert_ComputeCertType(CERTCertificate *cert)
|
|||
extKeyUsage, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) == SECSuccess) {
|
||||
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
|
||||
nsCertType |= NS_CERT_TYPE_SSL_CA;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nsCertType |= NS_CERT_TYPE_SSL_CLIENT;
|
||||
}
|
||||
}
|
||||
|
@ -558,8 +552,7 @@ cert_ComputeCertType(CERTCertificate *cert)
|
|||
extKeyUsage, SEC_OID_EXT_KEY_USAGE_CODE_SIGN) == SECSuccess) {
|
||||
if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
|
||||
nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING;
|
||||
}
|
||||
}
|
||||
|
@ -571,8 +564,7 @@ cert_ComputeCertType(CERTCertificate *cert)
|
|||
SECSuccess) {
|
||||
nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* If no NS Cert Type extension and no EKU extension, then */
|
||||
nsCertType = 0;
|
||||
if (CERT_IsCACert(cert, &nsCertType))
|
||||
|
@ -674,8 +666,7 @@ cert_IsRootCert(CERTCertificate *cert)
|
|||
PORT_Free(tmpitem.data);
|
||||
if (!match)
|
||||
return PR_FALSE; /* else fall through */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* the subject key ID is required when AKI is present */
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
@ -743,8 +734,7 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
|
|||
cert->derCert.data = (unsigned char *)data;
|
||||
cert->derCert.len = derSignedCert->len;
|
||||
PORT_Memcpy(data, derSignedCert->data, derSignedCert->len);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* point to passed in DER data */
|
||||
cert->derCert = *derSignedCert;
|
||||
}
|
||||
|
@ -771,8 +761,7 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
|
|||
/* set the nickname */
|
||||
if (nickname == NULL) {
|
||||
cert->nickname = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* copy and install the nickname */
|
||||
len = PORT_Strlen(nickname) + 1;
|
||||
cert->nickname = (char *)PORT_ArenaAlloc(arena, len);
|
||||
|
@ -1007,8 +996,7 @@ SEC_GetCrlTimes(CERTCrl *date, PRTime *notBefore, PRTime *notAfter)
|
|||
if (rv) {
|
||||
return (SECFailure);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
LL_I2L(*notAfter, 0L);
|
||||
}
|
||||
return (SECSuccess);
|
||||
|
@ -1132,8 +1120,7 @@ CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, PRBool ca,
|
|||
PORT_Assert(0);
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
switch (usage) {
|
||||
case certUsageSSLClient:
|
||||
/*
|
||||
|
@ -1356,15 +1343,13 @@ cert_TestHostName(char *cn, const char *hn)
|
|||
|
||||
if (match == 0) {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
|
||||
rv = SECFailure;
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* New approach conforms to RFC 6125. */
|
||||
char *wildcard = PORT_Strchr(cn, '*');
|
||||
char *firstcndot = PORT_Strchr(cn, '.');
|
||||
|
@ -1379,9 +1364,8 @@ cert_TestHostName(char *cn, const char *hn)
|
|||
* - must not be preceded by an IDNA ACE prefix (xn--)
|
||||
*/
|
||||
if (wildcard && secondcndot && secondcndot[1] && firsthndot &&
|
||||
firstcndot - wildcard ==
|
||||
1 /* wildcard is last char in first component */
|
||||
&& secondcndot - firstcndot > 1 /* second component is non-empty */
|
||||
firstcndot - wildcard == 1 /* wildcard is last char in first component */
|
||||
&& secondcndot - firstcndot > 1 /* second component is non-empty */
|
||||
&& PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
|
||||
&& !PORT_Strncasecmp(cn, hn, wildcard - cn) &&
|
||||
!PORT_Strcasecmp(firstcndot, firsthndot)
|
||||
|
@ -1473,23 +1457,20 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
|
|||
netAddr.inet.family == PR_AF_INET) {
|
||||
match = !memcmp(&netAddr.inet.ip,
|
||||
current->name.other.data, 4);
|
||||
}
|
||||
else if (current->name.other.len ==
|
||||
16 && /* IP v6 address */
|
||||
netAddr.ipv6.family == PR_AF_INET6) {
|
||||
} else if (current->name.other.len ==
|
||||
16 && /* IP v6 address */
|
||||
netAddr.ipv6.family == PR_AF_INET6) {
|
||||
match = !memcmp(&netAddr.ipv6.ip,
|
||||
current->name.other.data, 16);
|
||||
}
|
||||
else if (current->name.other.len ==
|
||||
16 && /* IP v6 address */
|
||||
netAddr.inet.family == PR_AF_INET) {
|
||||
} else if (current->name.other.len ==
|
||||
16 && /* IP v6 address */
|
||||
netAddr.inet.family == PR_AF_INET) {
|
||||
/* convert netAddr to ipv6, then compare. */
|
||||
/* ipv4 must be in Network Byte Order on input. */
|
||||
PR_ConvertIPv4AddrToIPv6(netAddr.inet.ip, &v6Addr);
|
||||
match = !memcmp(&v6Addr, current->name.other.data, 16);
|
||||
}
|
||||
else if (current->name.other.len == 4 && /* IP v4 address */
|
||||
netAddr.inet.family == PR_AF_INET6) {
|
||||
} else if (current->name.other.len == 4 && /* IP v4 address */
|
||||
netAddr.inet.family == PR_AF_INET6) {
|
||||
/* convert netAddr to ipv6, then compare. */
|
||||
PRUint32 ipv4 = (current->name.other.data[0] << 24) |
|
||||
(current->name.other.data[1] << 16) |
|
||||
|
@ -1517,8 +1498,7 @@ fail:
|
|||
if (!(isIPaddr ? IPextCount : DNSextCount)) {
|
||||
/* no relevant value in the extension was found. */
|
||||
PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
|
||||
}
|
||||
rv = SECFailure;
|
||||
|
@ -1648,8 +1628,7 @@ cert_GetDNSPatternsFromGeneralNames(CERTGeneralName *firstName,
|
|||
addr.inet.family = PR_AF_INET;
|
||||
memcpy(&addr.inet.ip, currentInput->name.other.data,
|
||||
currentInput->name.other.len);
|
||||
}
|
||||
else if (currentInput->name.other.len == 16) {
|
||||
} else if (currentInput->name.other.len == 16) {
|
||||
addr.ipv6.family = PR_AF_INET6;
|
||||
memcpy(&addr.ipv6.ip, currentInput->name.other.data,
|
||||
currentInput->name.other.len);
|
||||
|
@ -1787,18 +1766,15 @@ CERT_VerifyCertName(const CERTCertificate *cert, const char *hn)
|
|||
if (isIPaddr) {
|
||||
if (PORT_Strcasecmp(hn, cn) == 0) {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
|
||||
rv = SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = cert_TestHostName(cn, hn);
|
||||
}
|
||||
PORT_Free(cn);
|
||||
}
|
||||
else
|
||||
} else
|
||||
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
|
||||
return rv;
|
||||
}
|
||||
|
@ -1811,8 +1787,7 @@ CERT_CompareCerts(const CERTCertificate *c1, const CERTCertificate *c2)
|
|||
comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
|
||||
if (comp == SECEqual) { /* certs are the same */
|
||||
return (PR_TRUE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return (PR_FALSE);
|
||||
}
|
||||
}
|
||||
|
@ -1966,8 +1941,7 @@ CERT_MakeCANickname(CERTCertificate *cert)
|
|||
if (firstname) {
|
||||
org = firstname;
|
||||
firstname = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
org = PORT_Strdup("Unknown CA");
|
||||
}
|
||||
}
|
||||
|
@ -1985,16 +1959,13 @@ CERT_MakeCANickname(CERTCertificate *cert)
|
|||
if (firstname) {
|
||||
if (count == 1) {
|
||||
nickname = PR_smprintf("%s - %s", firstname, org);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nickname = PR_smprintf("%s - %s #%d", firstname, org, count);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (count == 1) {
|
||||
nickname = PR_smprintf("%s", org);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nickname = PR_smprintf("%s #%d", org, count);
|
||||
}
|
||||
}
|
||||
|
@ -2104,8 +2075,7 @@ CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype)
|
|||
if (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
|
||||
NS_CERT_TYPE_OBJECT_SIGNING_CA)) {
|
||||
ret = PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SECStatus rv;
|
||||
CERTBasicConstraints constraints;
|
||||
|
||||
|
@ -2254,8 +2224,7 @@ CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb)
|
|||
return (PR_FALSE);
|
||||
}
|
||||
return (PR_TRUE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* cert B was issued after cert A, but expires sooner */
|
||||
/* if B is expired, then pick A */
|
||||
if (LL_CMP(notAfterB, <, now)) {
|
||||
|
@ -2371,8 +2340,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts)
|
|||
case ',':
|
||||
if (pflags == &trust->sslFlags) {
|
||||
pflags = &trust->emailFlags;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
pflags = &trust->objectSigningFlags;
|
||||
}
|
||||
break;
|
||||
|
@ -2489,8 +2457,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
|
|||
*/
|
||||
/* Bug 1192442 - propagate errors from these calls. */
|
||||
(void)CERT_AddTempCertToPerm(certs[i], canickname, NULL);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
(void)CERT_AddTempCertToPerm(
|
||||
certs[i], nickname ? nickname : canickname, NULL);
|
||||
}
|
||||
|
@ -2503,8 +2470,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
|
|||
|
||||
if (retCerts) {
|
||||
*retCerts = certs;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (certs) {
|
||||
CERT_DestroyCertArray(certs, fcerts);
|
||||
}
|
||||
|
@ -2700,8 +2666,7 @@ CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb, void *arg)
|
|||
if (newerbefore) {
|
||||
/* cert A was issued after cert B, but expires sooner */
|
||||
return (PR_TRUE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* cert B was issued after cert A, but expires sooner */
|
||||
return (PR_FALSE);
|
||||
}
|
||||
|
@ -2800,8 +2765,7 @@ CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
|
|||
* fix the cert decoding code to do this.
|
||||
*/
|
||||
(void)CERT_IsCACert(node->cert, &certType);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
certType = node->cert->nsCertType;
|
||||
}
|
||||
if (!(certType & requiredCertType)) {
|
||||
|
@ -2814,8 +2778,7 @@ CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
|
|||
savenode = CERT_LIST_NEXT(node);
|
||||
CERT_RemoveCertListNode(node);
|
||||
node = savenode;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
node = CERT_LIST_NEXT(node);
|
||||
}
|
||||
}
|
||||
|
@ -2836,8 +2799,7 @@ CERT_IsUserCert(CERTCertificate *cert)
|
|||
((trust.sslFlags & CERTDB_USER) || (trust.emailFlags & CERTDB_USER) ||
|
||||
(trust.objectSigningFlags & CERTDB_USER))) {
|
||||
return PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -2861,8 +2823,7 @@ CERT_FilterCertListForUserCerts(CERTCertList *certList)
|
|||
freenode = node;
|
||||
node = CERT_LIST_NEXT(node);
|
||||
CERT_RemoveCertListNode(freenode);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Is a User cert, so leave it in the list */
|
||||
node = CERT_LIST_NEXT(node);
|
||||
}
|
||||
|
@ -2954,8 +2915,7 @@ cert_DestroyLocks(void)
|
|||
if (certRefCountLock) {
|
||||
PZ_DestroyLock(certRefCountLock);
|
||||
certRefCountLock = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECFailure;
|
||||
}
|
||||
|
||||
|
@ -2963,8 +2923,7 @@ cert_DestroyLocks(void)
|
|||
if (certTrustLock) {
|
||||
PZ_DestroyLock(certTrustLock);
|
||||
certTrustLock = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECFailure;
|
||||
}
|
||||
return rv;
|
||||
|
|
|
@ -138,8 +138,7 @@ CERT_FindSubjectKeyIDExtension(CERTCertificate *cert, SECItem *retItem)
|
|||
rv = SECITEM_CopyItem(NULL, retItem, &decodedValue);
|
||||
}
|
||||
PORT_FreeArena(tmpArena, PR_FALSE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECFailure;
|
||||
}
|
||||
}
|
||||
|
@ -217,8 +216,7 @@ CERT_CheckCertUsage(CERTCertificate *cert, unsigned char usage)
|
|||
if (rv == SECFailure) {
|
||||
rv = (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) ? SECSuccess
|
||||
: SECFailure;
|
||||
}
|
||||
else if (!(keyUsage.data[0] & usage)) {
|
||||
} else if (!(keyUsage.data[0] & usage)) {
|
||||
PORT_SetError(SEC_ERROR_CERT_USAGES_INVALID);
|
||||
rv = SECFailure;
|
||||
}
|
||||
|
|
|
@ -202,8 +202,7 @@ CERT_AddExtensionByOID(void *exthandle, SECItem *oid, SECItem *value,
|
|||
if (rv) {
|
||||
return (SECFailure);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ext->value = *value;
|
||||
}
|
||||
|
||||
|
@ -362,8 +361,7 @@ CERT_MergeExtensions(void *exthandle, CERTCertExtension **extensions)
|
|||
if (tag == 0) {
|
||||
if (SECITEM_ItemsAreEqual(&ext->id, &node->ext->id))
|
||||
break;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (SECOID_FindOIDTag(&node->ext->id) == tag) {
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -274,8 +274,7 @@ CERT_KeyFromDERCrl(PLArenaPool* arena, SECItem* derCrl, SECItem* key)
|
|||
if (!arena) {
|
||||
/* arena needed for QuickDER */
|
||||
myArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
myArena = arena;
|
||||
}
|
||||
PORT_Memset(&sd, 0, sizeof(sd));
|
||||
|
@ -311,8 +310,7 @@ CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl)
|
|||
if ((!crl) || (!(extended = (OpaqueCRLFields*)crl->opaque)) ||
|
||||
(PR_TRUE == extended->decodingError)) {
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (PR_FALSE == extended->partial) {
|
||||
/* the CRL has already been fully decoded */
|
||||
return SECSuccess;
|
||||
|
@ -333,8 +331,7 @@ CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl)
|
|||
if (SECSuccess == rv) {
|
||||
extended->partial = PR_FALSE; /* successful decode, avoid
|
||||
decoding again */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
extended->decodingError = PR_TRUE;
|
||||
extended->badEntries = PR_TRUE;
|
||||
/* cache the decoding failure. If it fails the first time,
|
||||
|
@ -387,8 +384,7 @@ CERT_DecodeDERCrlWithFlags(PLArenaPool* narena, SECItem* derSignedCrl, int type,
|
|||
if (!arena) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
arena = narena;
|
||||
}
|
||||
|
||||
|
@ -414,8 +410,7 @@ CERT_DecodeDERCrlWithFlags(PLArenaPool* narena, SECItem* derSignedCrl, int type,
|
|||
crl->derCrl = derSignedCrl; /* DER is not copied . The application
|
||||
must keep derSignedCrl until it
|
||||
destroys the CRL */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
crl->derCrl = (SECItem*)PORT_ArenaZAlloc(arena, sizeof(SECItem));
|
||||
if (crl->derCrl == NULL) {
|
||||
goto loser;
|
||||
|
@ -561,8 +556,7 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo* slot, SECItem* crlKey, int type,
|
|||
if (url) {
|
||||
crl->url = PORT_ArenaStrdup(crl->arena, url);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECFailure;
|
||||
}
|
||||
|
||||
|
@ -735,8 +729,7 @@ SEC_DestroyCrl(CERTSignedCrl* crl)
|
|||
}
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
|
@ -1015,15 +1008,13 @@ InitCRLCache(void)
|
|||
}
|
||||
crlcache_initialized = PR_TRUE;
|
||||
return SECSuccess;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Assert(crlcache.lock);
|
||||
PORT_Assert(crlcache.issuers);
|
||||
if ((NULL == crlcache.lock) || (NULL == crlcache.issuers)) {
|
||||
/* CRL cache not fully initialized */
|
||||
return SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* CRL cache already initialized */
|
||||
return SECSuccess;
|
||||
}
|
||||
|
@ -1047,8 +1038,7 @@ DPCache_Destroy(CRLDPCache* cache)
|
|||
#else
|
||||
PR_DestroyLock(cache->lock);
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Assert(0);
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -1092,8 +1082,7 @@ IssuerCache_Destroy(CRLIssuerCache* cache)
|
|||
#ifdef XCRL
|
||||
if (cache->lock) {
|
||||
NSSRWLock_Destroy(cache->lock);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Assert(0);
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return SECFailure;
|
||||
|
@ -1407,7 +1396,7 @@ TokenCRLStillExists(CERTSignedCrl* crl)
|
|||
}
|
||||
|
||||
status =
|
||||
nssCryptokiCRL_GetAttributes(&instance, NULL, /* XXX sessionOpt */
|
||||
nssCryptokiCRL_GetAttributes(&instance, NULL, /* XXX sessionOpt */
|
||||
arena, NULL, &newsubject, /* subject */
|
||||
&crl_class, /* class */
|
||||
NULL, NULL);
|
||||
|
@ -1420,8 +1409,7 @@ TokenCRLStillExists(CERTSignedCrl* crl)
|
|||
if (CKO_NETSCAPE_CRL != crl_class) {
|
||||
xstatus = PR_FALSE;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
xstatus = PR_FALSE;
|
||||
}
|
||||
NSSArena_Destroy(arena);
|
||||
|
@ -1464,8 +1452,7 @@ CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, PRTime vfdate,
|
|||
with bogus DER. Mark it checked so we won't try again */
|
||||
PORT_SetError(SEC_ERROR_BAD_DER);
|
||||
return SECSuccess;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SECStatus signstatus = SECFailure;
|
||||
if (cache->issuerDERCert) {
|
||||
CERTCertificate* issuer = CERT_NewTempCertificate(
|
||||
|
@ -1484,14 +1471,12 @@ CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, PRTime vfdate,
|
|||
So, we don't cache this verification failure. We'll try
|
||||
to verify the CRL again when a certificate from that issuer
|
||||
becomes available */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
crlobject->sigChecked = PR_TRUE;
|
||||
}
|
||||
PORT_SetError(SEC_ERROR_CRL_BAD_SIGNATURE);
|
||||
return SECSuccess;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
crlobject->sigChecked = PR_TRUE;
|
||||
crlobject->sigValid = PR_TRUE;
|
||||
}
|
||||
|
@ -1522,8 +1507,7 @@ DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate, void* wincx)
|
|||
if (SECFailure == rv) {
|
||||
/* fetch failed, add error bit */
|
||||
cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* fetch was successful, clear this error bit */
|
||||
cache->invalid &= (~CRL_CACHE_LAST_FETCH_FAILED);
|
||||
}
|
||||
|
@ -1546,12 +1530,10 @@ DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate, void* wincx)
|
|||
if (PR_TRUE != added) {
|
||||
rv = CachedCrl_Destroy(returned);
|
||||
returned = NULL;
|
||||
}
|
||||
else if (vfdate) {
|
||||
} else if (vfdate) {
|
||||
rv = CachedCrl_Verify(cache, returned, vfdate, wincx);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* not enough memory to add the CRL to the cache. mark it
|
||||
invalid so we will try again . */
|
||||
cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED;
|
||||
|
@ -1595,8 +1577,7 @@ CachedCrl_GetEntry(CachedCrl* crl, const SECItem* sn, CERTCrlEntry** returned)
|
|||
acrlEntry = PL_HashTableLookup(crl->entries, (void*)sn);
|
||||
if (acrlEntry) {
|
||||
*returned = acrlEntry;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*returned = NULL;
|
||||
}
|
||||
return SECSuccess;
|
||||
|
@ -1626,12 +1607,10 @@ DPCache_Lookup(CRLDPCache* cache, const SECItem* sn, CERTCrlEntry** returned)
|
|||
rv = CachedCrl_GetEntry(cache->selected, sn, returned);
|
||||
if (SECSuccess != rv) {
|
||||
return dpcacheLookupError;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (*returned) {
|
||||
return dpcacheFoundEntry;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return dpcacheNoEntry;
|
||||
}
|
||||
}
|
||||
|
@ -1908,8 +1887,7 @@ SortImperfectCRLs(const void* arg1, const void* arg2)
|
|||
if (!a || !b) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
PORT_Assert(0);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PRBool aDecoded = PR_FALSE, bDecoded = PR_FALSE;
|
||||
if ((PR_TRUE == a->sigValid) && (PR_TRUE == b->sigValid)) {
|
||||
/* both CRLs have been validated, choose the latest one */
|
||||
|
@ -1966,8 +1944,7 @@ DPCache_SelectCRL(CRLDPCache* cache)
|
|||
if (PR_TRUE == valid) {
|
||||
/* all CRLs are valid, clear this error */
|
||||
cache->invalid &= (~CRL_CACHE_INVALID_CRLS);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* some CRLs are invalid, set this error */
|
||||
cache->invalid |= CRL_CACHE_INVALID_CRLS;
|
||||
}
|
||||
|
@ -2098,8 +2075,7 @@ IssuerCache_AddDP(CRLIssuerCache* cache, CERTCertificate* issuer,
|
|||
*newdpc = cache->dpp;
|
||||
return SECSuccess;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* we should never hit this until we support multiple DPs */
|
||||
PORT_Assert(dp);
|
||||
/* XCRL allocate a new distribution point cache object, initialize it,
|
||||
|
@ -2294,8 +2270,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
|
|||
rv = SECFailure;
|
||||
}
|
||||
#ifdef GLOBAL_RWLOCK
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* somebody else updated before we did */
|
||||
IssuerCache_Destroy(issuercache); /* destroy the new object */
|
||||
issuercache = existing; /* use the existing one */
|
||||
|
@ -2310,8 +2285,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
|
|||
if (PR_TRUE == globalwrite) {
|
||||
NSSRWLock_UnlockWrite(crlcache.lock);
|
||||
globalwrite = PR_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSSRWLock_UnlockRead(crlcache.lock);
|
||||
}
|
||||
#else
|
||||
|
@ -2334,8 +2308,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
|
|||
if (SECSuccess != rv) {
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
#ifdef GLOBAL_RWLOCK
|
||||
NSSRWLock_UnlockRead(crlcache.lock);
|
||||
#else
|
||||
|
@ -2360,8 +2333,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
|
|||
/* make sure the DP cache is up to date before using it */
|
||||
rv = DPCache_GetUpToDate(*dpcache, issuer, PR_FALSE == *writeLocked,
|
||||
t, wincx);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECFailure;
|
||||
}
|
||||
}
|
||||
|
@ -2379,8 +2351,7 @@ ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked)
|
|||
#ifdef DPC_RWLOCK
|
||||
if (PR_TRUE == writeLocked) {
|
||||
NSSRWLock_UnlockWrite(dpcache->lock);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSSRWLock_UnlockRead(dpcache->lock);
|
||||
}
|
||||
#else
|
||||
|
@ -2446,18 +2417,15 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer,
|
|||
is past the revocation date */
|
||||
if (t >= revocationDate) {
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
status = certRevocationStatusValid;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* invalid revocation date, consider the certificate
|
||||
permanently revoked */
|
||||
rv = SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* no revocation date, certificate is permanently revoked */
|
||||
rv = SECFailure;
|
||||
}
|
||||
|
@ -2761,8 +2729,7 @@ addCRLToCache(CERTCertDBHandle* dbhandle, SECItem* crl,
|
|||
if (SECSuccess == CERT_CacheCRL(dbhandle, entry->crl)) {
|
||||
entry->inCRLCache = PR_TRUE;
|
||||
entry->successfulInsertionTime = entry->lastAttemptTime;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
switch (PR_GetError()) {
|
||||
case SEC_ERROR_CRL_ALREADY_EXISTS:
|
||||
entry->dupe = PR_TRUE;
|
||||
|
@ -2829,8 +2796,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
|
|||
NamedCRLCacheEntry_Destroy(newEntry);
|
||||
rv = SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PRBool removed;
|
||||
/* remove the old CRL from the cache if needed */
|
||||
if (oldEntry->inCRLCache) {
|
||||
|
@ -2844,8 +2810,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
|
|||
rv = SECFailure;
|
||||
/* leak old entry since we couldn't remove it from the hash
|
||||
* table */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
|
||||
}
|
||||
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
|
||||
|
@ -2855,8 +2820,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
|
|||
rv = SECFailure;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* error adding new CRL to cache */
|
||||
if (!oldEntry) {
|
||||
/* no old cache entry, use the new one even though it's bad */
|
||||
|
@ -2866,16 +2830,14 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
|
|||
PORT_Assert(0);
|
||||
rv = SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (oldEntry->inCRLCache) {
|
||||
/* previous cache entry was good, keep it and update time */
|
||||
oldEntry->lastAttemptTime = newEntry->lastAttemptTime;
|
||||
/* throw away new bad entry */
|
||||
rv = NamedCRLCacheEntry_Destroy(newEntry);
|
||||
PORT_Assert(SECSuccess == rv);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* previous cache entry was bad, just replace it */
|
||||
PRBool removed = PL_HashTableRemove(
|
||||
namedCRLCache.entries, (void*)oldEntry->canonicalizedName);
|
||||
|
@ -2884,8 +2846,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
|
|||
/* leak old entry since we couldn't remove it from the hash
|
||||
* table */
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
|
||||
}
|
||||
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
|
||||
|
@ -3064,8 +3025,7 @@ CachedCrl_Compare(CachedCrl* a, CachedCrl* b, PRBool* isDupe, PRBool* isUpdated)
|
|||
if (SECEqual ==
|
||||
SECITEM_CompareItem(b->crl->derCrl, a->crl->derCrl)) {
|
||||
*isDupe = PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*isUpdated = PR_TRUE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -199,8 +199,7 @@ cert_CopyOneGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
|
|||
}
|
||||
if (rv != SECSuccess) {
|
||||
PORT_ArenaRelease(arena, mark);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_ArenaUnmark(arena, mark);
|
||||
}
|
||||
return rv;
|
||||
|
@ -218,8 +217,7 @@ CERT_DestroyGeneralNameList(CERTGeneralNameList *list)
|
|||
PORT_FreeArena(list->arena, PR_FALSE);
|
||||
PZ_Unlock(lock);
|
||||
PZ_DestroyLock(lock);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PZ_Unlock(lock);
|
||||
}
|
||||
}
|
||||
|
@ -438,8 +436,7 @@ CERT_DecodeGeneralName(PLArenaPool *reqArena, SECItem *encodedName,
|
|||
genName = CERT_NewGeneralName(reqArena, genNameType);
|
||||
if (!genName)
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
genName->type = genNameType;
|
||||
genName->l.prev = genName->l.next = &genName->l;
|
||||
}
|
||||
|
@ -706,8 +703,7 @@ cert_DecodeNameConstraintSubTree(PLArenaPool *arena, SECItem **subTree,
|
|||
}
|
||||
if (first == NULL) {
|
||||
first = current;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
current->l.prev = &(last->l);
|
||||
last->l.next = &(current->l);
|
||||
}
|
||||
|
@ -816,8 +812,7 @@ CERT_CopyGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
|
|||
destHead->l.prev = &temp->l;
|
||||
dest->l.next = &temp->l;
|
||||
dest = temp;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
dest = CERT_GetNextGeneralName(dest);
|
||||
}
|
||||
}
|
||||
|
@ -889,11 +884,9 @@ cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2)
|
|||
|
||||
if (list1 == NULL) {
|
||||
return list2;
|
||||
}
|
||||
else if (list2 == NULL) {
|
||||
} else if (list2 == NULL) {
|
||||
return list1;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
begin1 = &list1->l;
|
||||
begin2 = &list2->l;
|
||||
end1 = list1->l.prev;
|
||||
|
@ -917,11 +910,9 @@ cert_CombineConstraintsLists(CERTNameConstraint *list1,
|
|||
|
||||
if (list1 == NULL) {
|
||||
return list2;
|
||||
}
|
||||
else if (list2 == NULL) {
|
||||
} else if (list2 == NULL) {
|
||||
return list1;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
begin1 = &list1->l;
|
||||
begin2 = &list2->l;
|
||||
end1 = list1->l.prev;
|
||||
|
@ -1548,16 +1539,14 @@ CERT_AddNameConstraintByGeneralName(PLArenaPool *arena,
|
|||
if (first == NULL) {
|
||||
*constraints = current;
|
||||
PR_INIT_CLIST(¤t->l);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PR_INSERT_BEFORE(¤t->l, &first->l);
|
||||
}
|
||||
|
||||
done:
|
||||
if (rv == SECFailure) {
|
||||
PORT_ArenaRelease(arena, mark);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_ArenaUnmark(arena, mark);
|
||||
}
|
||||
return rv;
|
||||
|
@ -1694,8 +1683,7 @@ CERT_FindNameConstraintsExten(PLArenaPool *arena, CERTCertificate *cert,
|
|||
|
||||
if (rv == SECFailure) {
|
||||
PORT_ArenaRelease(arena, mark);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_ArenaUnmark(arena, mark);
|
||||
}
|
||||
|
||||
|
|
|
@ -291,16 +291,14 @@ CERT_DecodePolicyConstraintsExtension(
|
|||
|
||||
if (decodeContext.explicitPolicySkipCerts.len == 0) {
|
||||
*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data =
|
||||
DER_GetInteger(&decodeContext.explicitPolicySkipCerts);
|
||||
}
|
||||
|
||||
if (decodeContext.inhibitMappingSkipCerts.len == 0) {
|
||||
*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data =
|
||||
DER_GetInteger(&decodeContext.inhibitMappingSkipCerts);
|
||||
}
|
||||
|
@ -475,8 +473,7 @@ stringFromUserNotice(SECItem *noticeItem)
|
|||
if (policystr != NULL) {
|
||||
if (retstr != NULL) {
|
||||
retstr = PR_sprintf_append(retstr, "\n%s", policystr);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
retstr = PR_sprintf_append(retstr, "%s", policystr);
|
||||
}
|
||||
|
||||
|
|
|
@ -54,8 +54,7 @@ AddToArray(PLArenaPool *arena, void **array, void *element)
|
|||
array =
|
||||
(void **)PORT_ArenaGrow(arena, array, (count + 1) * sizeof(void *),
|
||||
(count + 2) * sizeof(void *));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
array = (void **)PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
|
||||
}
|
||||
if (array) {
|
||||
|
@ -346,8 +345,7 @@ CERT_CreateName(CERTRDN *rdn0, ...)
|
|||
/* Count number of RDNs going into the Name */
|
||||
if (!rdn0) {
|
||||
count = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
count = 1;
|
||||
va_start(ap, rdn0);
|
||||
while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
|
||||
|
@ -468,8 +466,7 @@ canonicalize(SECItem *foo)
|
|||
ch = ' ';
|
||||
if (ch == lastch)
|
||||
continue;
|
||||
}
|
||||
else if (ch >= 'A' && ch <= 'Z') {
|
||||
} else if (ch >= 'A' && ch <= 'Z') {
|
||||
ch |= 0x20; /* downshift */
|
||||
}
|
||||
foo->data[dest++] = lastch = ch;
|
||||
|
@ -522,8 +519,7 @@ CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b)
|
|||
}
|
||||
SECITEM_FreeItem(aVal, PR_TRUE);
|
||||
SECITEM_FreeItem(bVal, PR_TRUE);
|
||||
}
|
||||
else if (a->value.data[0] == 0x13) { /* both are printable strings. */
|
||||
} else if (a->value.data[0] == 0x13) { /* both are printable strings. */
|
||||
/* printable strings */
|
||||
rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
|
||||
}
|
||||
|
|
|
@ -93,8 +93,7 @@ CERT_GetCertTrust(const CERTCertificate *cert, CERTCertTrust *trust)
|
|||
CERT_LockCertTrust(cert);
|
||||
if (cert->trust == NULL) {
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*trust = *cert->trust;
|
||||
rv = SECSuccess;
|
||||
}
|
||||
|
@ -359,8 +358,7 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
|
|||
nssCertificate_Destroy(c);
|
||||
PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
|
||||
cc = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
cc = STAN_GetCERTCertificateOrRelease(c);
|
||||
if (cc == NULL) {
|
||||
CERT_MapStanError();
|
||||
|
@ -384,8 +382,7 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
|
|||
if (copyDER) {
|
||||
nssItem_Create(c->object.arena, &c->encoding, derCert->len,
|
||||
derCert->data);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSSITEM_FROM_SECITEM(&c->encoding, derCert);
|
||||
}
|
||||
/* Forces a decoding of the cert in order to obtain the parts used
|
||||
|
@ -481,8 +478,7 @@ get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp)
|
|||
NSSCertificate *arr[3];
|
||||
if (!ct) {
|
||||
return nssCertificate_AddRef(cp);
|
||||
}
|
||||
else if (!cp) {
|
||||
} else if (!cp) {
|
||||
return nssCertificate_AddRef(ct);
|
||||
}
|
||||
arr[0] = ct;
|
||||
|
@ -565,8 +561,7 @@ CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname)
|
|||
if (ct) {
|
||||
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
c = ct;
|
||||
}
|
||||
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
|
||||
|
@ -627,8 +622,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
|
|||
|
||||
if (anyUsage) {
|
||||
cert = PK11_FindCertFromNickname(name, NULL);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (ct) {
|
||||
/* Does ct really have the required usage? */
|
||||
nssDecodedCert *dc;
|
||||
|
@ -657,8 +651,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
|
|||
if (ct) {
|
||||
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
c = ct;
|
||||
}
|
||||
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
|
||||
|
@ -693,8 +686,7 @@ add_to_subject_list(CERTCertList *certList, CERTCertificate *cert,
|
|||
if (secrv != SECSuccess) {
|
||||
CERT_DestroyCertificate(cert);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
CERT_DestroyCertificate(cert);
|
||||
}
|
||||
}
|
||||
|
@ -776,8 +768,7 @@ CERT_DestroyCertificate(CERTCertificate *cert)
|
|||
if (tmp) {
|
||||
/* delete the NSSCertificate */
|
||||
NSSCertificate_Destroy(tmp);
|
||||
}
|
||||
else if (cert->arena) {
|
||||
} else if (cert->arena) {
|
||||
PORT_FreeArena(cert->arena, PR_FALSE);
|
||||
}
|
||||
}
|
||||
|
@ -821,8 +812,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
|
|||
SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime);
|
||||
oldProfileTime = &oldproftime;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr,
|
||||
&cert->derSubject, &oldProfileTime);
|
||||
freeOldProfile = PR_TRUE;
|
||||
|
@ -833,23 +823,20 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
|
|||
/* both profileTime and emailProfile have to exist or not exist */
|
||||
if (emailProfile == NULL) {
|
||||
profileTime = NULL;
|
||||
}
|
||||
else if (profileTime == NULL) {
|
||||
} else if (profileTime == NULL) {
|
||||
emailProfile = NULL;
|
||||
}
|
||||
|
||||
if (oldProfileTime == NULL) {
|
||||
saveit = PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* there was already a profile for this email addr */
|
||||
if (profileTime) {
|
||||
/* we have an old and new profile - save whichever is more recent*/
|
||||
if (oldProfileTime->len == 0) {
|
||||
/* always replace if old entry doesn't have a time */
|
||||
oldtime = LL_MININT;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = DER_UTCTimeToTime(&oldtime, oldProfileTime);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
|
@ -865,8 +852,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
|
|||
/* this is a newer profile, save it and cert */
|
||||
saveit = PR_TRUE;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
saveit = PR_TRUE;
|
||||
}
|
||||
}
|
||||
|
@ -882,8 +868,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
|
|||
arena, NULL, profileTime->len, profileTime->data);
|
||||
stanProfile->profileData = nssItem_Create(
|
||||
arena, NULL, emailProfile->len, emailProfile->data);
|
||||
}
|
||||
else if (profileTime && emailProfile) {
|
||||
} else if (profileTime && emailProfile) {
|
||||
PRStatus nssrv;
|
||||
NSSItem profTime, profData;
|
||||
NSSITEM_FROM_SECITEM(&profTime, profileTime);
|
||||
|
@ -894,14 +879,12 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
|
|||
nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile);
|
||||
rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr,
|
||||
&cert->derSubject, emailProfile,
|
||||
profileTime);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
|
||||
|
|
|
@ -62,8 +62,7 @@ CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value,
|
|||
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (value->authCertSerialNumber.data) {
|
||||
} else if (value->authCertSerialNumber.data) {
|
||||
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -126,16 +126,14 @@ CERT_DecodeBasicConstraintValue(CERTBasicConstraints *value,
|
|||
*/
|
||||
if (value->isCA)
|
||||
value->pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
|
||||
}
|
||||
else if (value->isCA) {
|
||||
} else if (value->isCA) {
|
||||
long len = DER_GetInteger(&decodeContext.pathLenConstraint);
|
||||
if (len < 0 || len == LONG_MAX) {
|
||||
PORT_SetError(SEC_ERROR_BAD_DER);
|
||||
GEN_BREAK(SECFailure);
|
||||
}
|
||||
value->pathLenConstraint = len;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* here we get an error where the subject is not a CA, but
|
||||
the pathLenConstraint is set */
|
||||
PORT_SetError(SEC_ERROR_BAD_DER);
|
||||
|
|
|
@ -40,8 +40,7 @@ CERT_MatchNickname(char *name1, char *name2)
|
|||
if (token1) {
|
||||
nickname1 = token1;
|
||||
nickname2 = name2;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nickname1 = token2;
|
||||
nickname2 = name1;
|
||||
}
|
||||
|
@ -167,8 +166,7 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
|
|||
freenode = node;
|
||||
node = CERT_LIST_NEXT(node);
|
||||
CERT_RemoveCertListNode(freenode);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* keep the first cert for each nickname, but set the
|
||||
* flag so we know to delete any others with the same
|
||||
* nickname.
|
||||
|
@ -908,8 +906,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
|
|||
trust.sslFlags = CERTDB_VALID_CA;
|
||||
trust.emailFlags = CERTDB_VALID_CA;
|
||||
trust.objectSigningFlags = CERTDB_VALID_CA;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* SSL ca's must have the ssl bit set */
|
||||
if ((certUsage == certUsageSSLCA) &&
|
||||
((certtype & NS_CERT_TYPE_SSL_CA) != NS_CERT_TYPE_SSL_CA)) {
|
||||
|
@ -959,8 +956,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
|
|||
if (nickname) {
|
||||
PORT_Free(nickname);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
|
||||
|
@ -1093,8 +1089,7 @@ CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
|
|||
}
|
||||
if (!includeRoot && len > 1) {
|
||||
chain->len = len - 1;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
chain->len = len;
|
||||
}
|
||||
|
||||
|
|
|
@ -61,12 +61,10 @@ checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key)
|
|||
!(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
|
||||
PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
|
||||
return SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return SECSuccess;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -343,22 +341,19 @@ cert_AddToVerifyLog(CERTVerifyLog *log, CERTCertificate *cert, long error,
|
|||
log->head = log->tail = node;
|
||||
node->prev = NULL;
|
||||
node->next = NULL;
|
||||
}
|
||||
else if (depth >= log->tail->depth) {
|
||||
} else if (depth >= log->tail->depth) {
|
||||
/* add to tail */
|
||||
node->prev = log->tail;
|
||||
log->tail->next = node;
|
||||
log->tail = node;
|
||||
node->next = NULL;
|
||||
}
|
||||
else if (depth < log->head->depth) {
|
||||
} else if (depth < log->head->depth) {
|
||||
/* add at head */
|
||||
node->prev = NULL;
|
||||
node->next = log->head;
|
||||
log->head->prev = node;
|
||||
log->head = node;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* add in middle */
|
||||
tnode = log->tail;
|
||||
while (tnode != NULL) {
|
||||
|
@ -389,8 +384,7 @@ cert_AddToVerifyLog(CERTVerifyLog *log, CERTCertificate *cert, long error,
|
|||
if (log != NULL) { \
|
||||
cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
|
||||
(void *)(PRWord)arg); \
|
||||
} \
|
||||
else { \
|
||||
} else { \
|
||||
goto loser; \
|
||||
}
|
||||
|
||||
|
@ -458,14 +452,14 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
PORT_Assert(0);
|
||||
EXIT_IF_NOT_LOGGING(log);
|
||||
/* XXX continuing with requiredFlags = 0 seems wrong. It'll
|
||||
* cause the following test to be true incorrectly:
|
||||
* flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType);
|
||||
* if (( flags & requiredFlags ) == requiredFlags) {
|
||||
* rv = rvFinal;
|
||||
* goto done;
|
||||
* }
|
||||
* There are three other instances of this problem.
|
||||
*/
|
||||
* cause the following test to be true incorrectly:
|
||||
* flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType);
|
||||
* if (( flags & requiredFlags ) == requiredFlags) {
|
||||
* rv = rvFinal;
|
||||
* goto done;
|
||||
* }
|
||||
* There are three other instances of this problem.
|
||||
*/
|
||||
requiredFlags = 0;
|
||||
trustType = trustSSL;
|
||||
}
|
||||
|
@ -475,8 +469,8 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
EXIT_IF_NOT_LOGGING(log);
|
||||
requiredFlags = 0;
|
||||
trustType = trustSSL; /* This used to be 0, but we need something
|
||||
* that matches the enumeration type.
|
||||
*/
|
||||
* that matches the enumeration type.
|
||||
*/
|
||||
caCertType = 0;
|
||||
}
|
||||
|
||||
|
@ -503,10 +497,10 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
PRBool validCAOverride = PR_FALSE;
|
||||
|
||||
/* Construct a list of names for the current and all previous
|
||||
* certifcates (except leaf (EE) certs, root CAs, and self-issued
|
||||
* intermediate CAs) to be verified against the name constraints
|
||||
* extension of the issuer certificate.
|
||||
*/
|
||||
* certifcates (except leaf (EE) certs, root CAs, and self-issued
|
||||
* intermediate CAs) to be verified against the name constraints
|
||||
* extension of the issuer certificate.
|
||||
*/
|
||||
if (subjectCertIsSelfIssued == PR_FALSE) {
|
||||
CERTGeneralName *subjectNameList;
|
||||
int subjectNameListLen;
|
||||
|
@ -565,8 +559,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
if (PORT_GetError() == SEC_ERROR_EXPIRED_CERTIFICATE) {
|
||||
PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
|
||||
LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (PORT_GetError() !=
|
||||
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
|
@ -577,13 +570,13 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
}
|
||||
|
||||
/* If the basicConstraint extension is included in an immediate CA
|
||||
* certificate, make sure that the isCA flag is on. If the
|
||||
* pathLenConstraint component exists, it must be greater than the
|
||||
* number of CA certificates we have seen so far. If the extension
|
||||
* is omitted, we will assume that this is a CA certificate with
|
||||
* an unlimited pathLenConstraint (since it already passes the
|
||||
* netscape-cert-type extension checking).
|
||||
*/
|
||||
* certificate, make sure that the isCA flag is on. If the
|
||||
* pathLenConstraint component exists, it must be greater than the
|
||||
* number of CA certificates we have seen so far. If the extension
|
||||
* is omitted, we will assume that this is a CA certificate with
|
||||
* an unlimited pathLenConstraint (since it already passes the
|
||||
* netscape-cert-type extension checking).
|
||||
*/
|
||||
|
||||
rv = CERT_FindBasicConstraintExten(issuerCert, &basicConstraint);
|
||||
if (rv != SECSuccess) {
|
||||
|
@ -593,8 +586,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
pathLengthLimit = CERT_UNLIMITED_PATH_CONSTRAINT;
|
||||
/* no basic constraints found, we aren't (yet) a CA. */
|
||||
isca = PR_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (basicConstraint.isCA == PR_FALSE) {
|
||||
PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
|
||||
LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
|
||||
|
@ -620,8 +612,8 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
}
|
||||
|
||||
/* XXX - the error logging may need to go down into CRL stuff at some
|
||||
* point
|
||||
*/
|
||||
* point
|
||||
*/
|
||||
/* check revoked list (issuer) */
|
||||
rv = SEC_CheckCRL(handle, subjectCert, issuerCert, t, wincx);
|
||||
if (rv == SECFailure) {
|
||||
|
@ -629,8 +621,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
*revoked = PR_TRUE;
|
||||
}
|
||||
LOG_ERROR_OR_EXIT(log, subjectCert, count, 0);
|
||||
}
|
||||
else if (rv == SECWouldBlock) {
|
||||
} else if (rv == SECWouldBlock) {
|
||||
/* We found something fishy, so we intend to issue an
|
||||
* error to the user, but the user may wish to continue
|
||||
* processing, in which case we better make sure nothing
|
||||
|
@ -644,26 +635,24 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
|
||||
if (CERT_GetCertTrust(issuerCert, &issuerTrust) == SECSuccess) {
|
||||
/* we have some trust info, but this does NOT imply that this
|
||||
* cert is actually trusted for any purpose. The cert may be
|
||||
* explicitly UNtrusted. We won't know until we examine the
|
||||
* trust bits.
|
||||
*/
|
||||
* cert is actually trusted for any purpose. The cert may be
|
||||
* explicitly UNtrusted. We won't know until we examine the
|
||||
* trust bits.
|
||||
*/
|
||||
unsigned int flags;
|
||||
|
||||
if (certUsage != certUsageAnyCA &&
|
||||
certUsage != certUsageStatusResponder) {
|
||||
|
||||
/*
|
||||
* XXX This choice of trustType seems arbitrary.
|
||||
*/
|
||||
* XXX This choice of trustType seems arbitrary.
|
||||
*/
|
||||
if (certUsage == certUsageVerifyCA) {
|
||||
if (subjectCert->nsCertType & NS_CERT_TYPE_EMAIL_CA) {
|
||||
trustType = trustEmail;
|
||||
}
|
||||
else if (subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA) {
|
||||
} else if (subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA) {
|
||||
trustType = trustSSL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
trustType = trustObjectSigning;
|
||||
}
|
||||
}
|
||||
|
@ -681,12 +670,11 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
if ((flags & CERTDB_TERMINAL_RECORD) &&
|
||||
((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
|
||||
/* untrusted -- the cert is explicitly untrusted, not
|
||||
* just that it doesn't chain to a trusted cert */
|
||||
* just that it doesn't chain to a trusted cert */
|
||||
PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
|
||||
LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Check if we have any valid trust when cheching for
|
||||
* certUsageAnyCA or certUsageStatusResponder. */
|
||||
for (trustType = trustSSL; trustType < trustTypeNone;
|
||||
|
@ -700,9 +688,9 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
validCAOverride = PR_TRUE;
|
||||
}
|
||||
/* We have 2 separate loops because we want any single trust
|
||||
* bit to allow this usage to return trusted. Only if none of
|
||||
* the trust bits are on do we check to see if the cert is
|
||||
* untrusted */
|
||||
* bit to allow this usage to return trusted. Only if none of
|
||||
* the trust bits are on do we check to see if the cert is
|
||||
* untrusted */
|
||||
for (trustType = trustSSL; trustType < trustTypeNone;
|
||||
trustType++) {
|
||||
flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType);
|
||||
|
@ -710,7 +698,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
if ((flags & CERTDB_TERMINAL_RECORD) &&
|
||||
((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
|
||||
/* untrusted -- the cert is explicitly untrusted, not
|
||||
* just that it doesn't chain to a trusted cert */
|
||||
* just that it doesn't chain to a trusted cert */
|
||||
PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
|
||||
LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags);
|
||||
}
|
||||
|
@ -720,14 +708,14 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
|
||||
if (!validCAOverride) {
|
||||
/*
|
||||
* Make sure that if this is an intermediate CA in the chain that
|
||||
* it was given permission by its signer to be a CA.
|
||||
*/
|
||||
* Make sure that if this is an intermediate CA in the chain that
|
||||
* it was given permission by its signer to be a CA.
|
||||
*/
|
||||
/*
|
||||
* if basicConstraints says it is a ca, then we check the
|
||||
* nsCertType. If the nsCertType has any CA bits set, then
|
||||
* it must have the right one.
|
||||
*/
|
||||
* if basicConstraints says it is a ca, then we check the
|
||||
* nsCertType. If the nsCertType has any CA bits set, then
|
||||
* it must have the right one.
|
||||
*/
|
||||
if (!isca || (issuerCert->nsCertType & NS_CERT_TYPE_CA)) {
|
||||
isca = (issuerCert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
@ -745,17 +733,17 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
}
|
||||
|
||||
/* make sure that the issuer is not self signed. If it is, then
|
||||
* stop here to prevent looping.
|
||||
*/
|
||||
* stop here to prevent looping.
|
||||
*/
|
||||
if (issuerCert->isRoot) {
|
||||
PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
|
||||
LOG_ERROR(log, issuerCert, count + 1, 0);
|
||||
goto loser;
|
||||
}
|
||||
/* The issuer cert will be the subject cert in the next loop.
|
||||
* A cert is self-issued if its subject and issuer are equal and
|
||||
* both are of non-zero length.
|
||||
*/
|
||||
* A cert is self-issued if its subject and issuer are equal and
|
||||
* both are of non-zero length.
|
||||
*/
|
||||
subjectCertIsSelfIssued = (PRBool)
|
||||
SECITEM_ItemsAreEqual(&issuerCert->derIssuer,
|
||||
&issuerCert->derSubject) &&
|
||||
|
@ -763,8 +751,8 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
0;
|
||||
if (subjectCertIsSelfIssued == PR_FALSE) {
|
||||
/* RFC 3280 says only non-self-issued intermediate CA certs
|
||||
* count in path length.
|
||||
*/
|
||||
* count in path length.
|
||||
*/
|
||||
++currentPathLen;
|
||||
}
|
||||
|
||||
|
@ -871,8 +859,8 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
EXIT_IF_NOT_LOGGING(log);
|
||||
requiredFlags = 0;
|
||||
trustType = trustSSL; /* This used to be 0, but we need something
|
||||
* that matches the enumeration type.
|
||||
*/
|
||||
* that matches the enumeration type.
|
||||
*/
|
||||
caCertType = 0;
|
||||
}
|
||||
|
||||
|
@ -892,8 +880,7 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
}
|
||||
/* no basic constraints found, we aren't (yet) a CA. */
|
||||
isca = PR_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (basicConstraint.isCA == PR_FALSE) {
|
||||
PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
|
||||
LOG_ERROR_OR_EXIT(log, cert, 0, 0);
|
||||
|
@ -905,10 +892,10 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
|
||||
if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) {
|
||||
/* we have some trust info, but this does NOT imply that this
|
||||
* cert is actually trusted for any purpose. The cert may be
|
||||
* explicitly UNtrusted. We won't know until we examine the
|
||||
* trust bits.
|
||||
*/
|
||||
* cert is actually trusted for any purpose. The cert may be
|
||||
* explicitly UNtrusted. We won't know until we examine the
|
||||
* trust bits.
|
||||
*/
|
||||
if (certUsage == certUsageStatusResponder) {
|
||||
/* Check the special case of certUsageStatusResponder */
|
||||
issuerCert = CERT_FindCertIssuer(cert, t, certUsage);
|
||||
|
@ -922,16 +909,16 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
CERT_DestroyCertificate(issuerCert);
|
||||
}
|
||||
/* XXX We have NOT determined that this cert is trusted.
|
||||
* For years, NSS has treated this as trusted,
|
||||
* but it seems incorrect.
|
||||
*/
|
||||
* For years, NSS has treated this as trusted,
|
||||
* but it seems incorrect.
|
||||
*/
|
||||
rv = rvFinal;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/*
|
||||
* check the trust params of the issuer
|
||||
*/
|
||||
* check the trust params of the issuer
|
||||
*/
|
||||
flags = SEC_GET_TRUST_FLAGS(&certTrust, trustType);
|
||||
if ((flags & requiredFlags) == requiredFlags) {
|
||||
/* we found a trusted one, so return */
|
||||
|
@ -945,21 +932,21 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
if ((flags & CERTDB_TERMINAL_RECORD) &&
|
||||
((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
|
||||
/* untrusted -- the cert is explicitly untrusted, not
|
||||
* just that it doesn't chain to a trusted cert */
|
||||
* just that it doesn't chain to a trusted cert */
|
||||
PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
|
||||
LOG_ERROR_OR_EXIT(log, cert, 0, flags);
|
||||
}
|
||||
}
|
||||
if (!validCAOverride) {
|
||||
/*
|
||||
* Make sure that if this is an intermediate CA in the chain that
|
||||
* it was given permission by its signer to be a CA.
|
||||
*/
|
||||
* Make sure that if this is an intermediate CA in the chain that
|
||||
* it was given permission by its signer to be a CA.
|
||||
*/
|
||||
/*
|
||||
* if basicConstraints says it is a ca, then we check the
|
||||
* nsCertType. If the nsCertType has any CA bits set, then
|
||||
* it must have the right one.
|
||||
*/
|
||||
* if basicConstraints says it is a ca, then we check the
|
||||
* nsCertType. If the nsCertType has any CA bits set, then
|
||||
* it must have the right one.
|
||||
*/
|
||||
if (!isca || (cert->nsCertType & NS_CERT_TYPE_CA)) {
|
||||
isca = (cert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
@ -1041,12 +1028,11 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
|
|||
|
||||
/* is the cert directly trusted or not trusted ? */
|
||||
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
|
||||
* authoritative */
|
||||
* authoritative */
|
||||
if (flags & CERTDB_TRUSTED) { /* trust this cert */
|
||||
*trusted = PR_TRUE;
|
||||
return SECSuccess;
|
||||
}
|
||||
else { /* don't trust this cert */
|
||||
} else { /* don't trust this cert */
|
||||
*failedFlags = flags;
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -1056,7 +1042,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
|
|||
/* XXX - step up certs can't be directly trusted, only distrust */
|
||||
flags = trust.sslFlags;
|
||||
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
|
||||
* authoritative */
|
||||
* authoritative */
|
||||
if ((flags & CERTDB_TRUSTED) == 0) {
|
||||
/* don't trust this cert */
|
||||
*failedFlags = flags;
|
||||
|
@ -1067,7 +1053,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
|
|||
case certUsageSSLCA:
|
||||
flags = trust.sslFlags;
|
||||
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
|
||||
* authoritative */
|
||||
* authoritative */
|
||||
if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
|
||||
/* don't trust this cert */
|
||||
*failedFlags = flags;
|
||||
|
@ -1079,12 +1065,11 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
|
|||
case certUsageEmailRecipient:
|
||||
flags = trust.emailFlags;
|
||||
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
|
||||
* authoritative */
|
||||
* authoritative */
|
||||
if (flags & CERTDB_TRUSTED) { /* trust this cert */
|
||||
*trusted = PR_TRUE;
|
||||
return SECSuccess;
|
||||
}
|
||||
else { /* don't trust this cert */
|
||||
} else { /* don't trust this cert */
|
||||
*failedFlags = flags;
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -1095,12 +1080,11 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
|
|||
flags = trust.objectSigningFlags;
|
||||
|
||||
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
|
||||
* authoritative */
|
||||
* authoritative */
|
||||
if (flags & CERTDB_TRUSTED) { /* trust this cert */
|
||||
*trusted = PR_TRUE;
|
||||
return SECSuccess;
|
||||
}
|
||||
else { /* don't trust this cert */
|
||||
} else { /* don't trust this cert */
|
||||
*failedFlags = flags;
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -1135,7 +1119,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
|
|||
/* do we distrust these certs explicitly */
|
||||
flags = trust.sslFlags;
|
||||
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
|
||||
* authoritative */
|
||||
* authoritative */
|
||||
if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
|
||||
*failedFlags = flags;
|
||||
return SECFailure;
|
||||
|
@ -1143,7 +1127,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
|
|||
}
|
||||
flags = trust.emailFlags;
|
||||
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
|
||||
* authoritative */
|
||||
* authoritative */
|
||||
if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
|
||||
*failedFlags = flags;
|
||||
return SECFailure;
|
||||
|
@ -1153,7 +1137,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
|
|||
case certUsageProtectedObjectSigner:
|
||||
flags = trust.objectSigningFlags;
|
||||
if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
|
||||
* authoritative */
|
||||
* authoritative */
|
||||
if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
|
||||
*failedFlags = flags;
|
||||
return SECFailure;
|
||||
|
@ -1207,8 +1191,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
|
||||
if (returnedUsages) {
|
||||
*returnedUsages = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* we don't have a place to return status for all usages,
|
||||
so we can skip checks for usages that aren't required */
|
||||
checkAllUsages = PR_FALSE;
|
||||
|
@ -1293,8 +1276,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
}
|
||||
LOG_ERROR(log, cert, 0, flags);
|
||||
INVALID_USAGE();
|
||||
}
|
||||
else if (trusted) {
|
||||
} else if (trusted) {
|
||||
VALID_USAGE();
|
||||
}
|
||||
|
||||
|
@ -1434,8 +1416,7 @@ cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
if (rv == SECFailure) {
|
||||
PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
|
||||
LOG_ERROR_OR_EXIT(log, cert, 0, failedFlags);
|
||||
}
|
||||
else if (trusted) {
|
||||
} else if (trusted) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -1502,12 +1483,12 @@ CERT_VerifyCertNow(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
/* [ FROM pcertdb.c ] */
|
||||
/*
|
||||
* Supported usage values and types:
|
||||
* certUsageSSLClient
|
||||
* certUsageSSLServer
|
||||
* certUsageSSLServerWithStepUp
|
||||
* certUsageEmailSigner
|
||||
* certUsageEmailRecipient
|
||||
* certUsageObjectSigner
|
||||
* certUsageSSLClient
|
||||
* certUsageSSLServer
|
||||
* certUsageSSLServerWithStepUp
|
||||
* certUsageEmailSigner
|
||||
* certUsageEmailRecipient
|
||||
* certUsageObjectSigner
|
||||
*/
|
||||
|
||||
CERTCertificate *
|
||||
|
@ -1561,16 +1542,15 @@ CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
|
|||
|
||||
if (CERT_GetCertTrust(cert, &certTrust) != SECSuccess) {
|
||||
flags = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
flags = SEC_GET_TRUST_FLAGS(&certTrust, requiredTrustType);
|
||||
}
|
||||
|
||||
if ((flags & requiredTrustFlags) != requiredTrustFlags) {
|
||||
/* cert is not trusted */
|
||||
/* if this is the first cert to get this far, then save
|
||||
* it, so we can use it if we can't find a trusted one
|
||||
*/
|
||||
* it, so we can use it if we can't find a trusted one
|
||||
*/
|
||||
if (saveUntrustedCA == NULL) {
|
||||
saveUntrustedCA = cert;
|
||||
}
|
||||
|
@ -1614,11 +1594,11 @@ loser:
|
|||
* Filter a list of certificates, removing those certs that do not have
|
||||
* one of the named CA certs somewhere in their cert chain.
|
||||
*
|
||||
* "certList" - the list of certificates to filter
|
||||
* "nCANames" - number of CA names
|
||||
* "caNames" - array of CA names in string(rfc 1485) form
|
||||
* "usage" - what use the certs are for, this is used when
|
||||
* selecting CA certs
|
||||
* "certList" - the list of certificates to filter
|
||||
* "nCANames" - number of CA names
|
||||
* "caNames" - array of CA names in string(rfc 1485) form
|
||||
* "usage" - what use the certs are for, this is used when
|
||||
* selecting CA certs
|
||||
*/
|
||||
SECStatus
|
||||
CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
|
||||
|
@ -1683,8 +1663,7 @@ CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
|
|||
freenode = node;
|
||||
node = CERT_LIST_NEXT(node);
|
||||
CERT_RemoveCertListNode(freenode);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* CA was found, so leave it in the list */
|
||||
node = CERT_LIST_NEXT(node);
|
||||
}
|
||||
|
@ -1699,12 +1678,12 @@ CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
|
|||
* certificate.
|
||||
*
|
||||
* "arena" - arena to allocate returned string from. If NULL, then heap
|
||||
* is used.
|
||||
* is used.
|
||||
* "cert" - the cert to get nickname from
|
||||
* "expiredString" - the string to append to the nickname if the cert is
|
||||
* expired.
|
||||
* expired.
|
||||
* "notYetGoodString" - the string to append to the nickname if the cert is
|
||||
* not yet good.
|
||||
* not yet good.
|
||||
*/
|
||||
char *
|
||||
CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
|
||||
|
@ -1719,30 +1698,26 @@ CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
|
|||
if (validity == secCertTimeValid) {
|
||||
if (arena == NULL) {
|
||||
nickname = PORT_Strdup(cert->nickname);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nickname = PORT_ArenaStrdup(arena, cert->nickname);
|
||||
}
|
||||
|
||||
if (nickname == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
|
||||
/* if the cert is not valid, then tack one of the strings on the
|
||||
* end
|
||||
*/
|
||||
* end
|
||||
*/
|
||||
if (validity == secCertTimeExpired) {
|
||||
tmpstr = PR_smprintf("%s%s", cert->nickname,
|
||||
expiredString);
|
||||
}
|
||||
else if (validity == secCertTimeNotValidYet) {
|
||||
} else if (validity == secCertTimeNotValidYet) {
|
||||
/* not yet valid */
|
||||
tmpstr = PR_smprintf("%s%s", cert->nickname,
|
||||
notYetGoodString);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* undetermined */
|
||||
tmpstr = PR_smprintf("%s",
|
||||
"(NULL) (Validity Unknown)");
|
||||
|
@ -1756,8 +1731,7 @@ CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
|
|||
/* copy the string into the arena and free the malloc'd one */
|
||||
nickname = PORT_ArenaStrdup(arena, tmpstr);
|
||||
PORT_Free(tmpstr);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nickname = tmpstr;
|
||||
}
|
||||
if (nickname == NULL) {
|
||||
|
@ -1777,7 +1751,7 @@ loser:
|
|||
* "certList" - the list of certificates
|
||||
* "expiredString" - the string to append to the nickname of any expired cert
|
||||
* "notYetGoodString" - the string to append to the nickname of any cert
|
||||
* that is not yet valid
|
||||
* that is not yet valid
|
||||
*/
|
||||
CERTCertNicknames *
|
||||
CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
|
||||
|
@ -1859,10 +1833,10 @@ loser:
|
|||
* expiredString or notYetGoodString appended.
|
||||
*
|
||||
* Args:
|
||||
* "namestring" - the string containing the nickname, and possibly
|
||||
* one of the validity label strings
|
||||
* "expiredString" - the expired validity label string
|
||||
* "notYetGoodString" - the not yet good validity label string
|
||||
* "namestring" - the string containing the nickname, and possibly
|
||||
* one of the validity label strings
|
||||
* "expiredString" - the expired validity label string
|
||||
* "notYetGoodString" - the not yet good validity label string
|
||||
*
|
||||
* Returns the raw nickname
|
||||
*/
|
||||
|
|
|
@ -696,8 +696,7 @@ cleanup:
|
|||
if (PKIX_ERROR_RECEIVED) {
|
||||
if (validChain) {
|
||||
CERT_DestroyCertList(validChain);
|
||||
}
|
||||
else if (arena) {
|
||||
} else if (arena) {
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
}
|
||||
if (nssCert) {
|
||||
|
@ -838,8 +837,7 @@ cert_PkixErrorToNssCode(
|
|||
PORT_Assert(nssErr);
|
||||
if (!nssErr) {
|
||||
*pNssErr = SEC_ERROR_LIBPKIX_INTERNAL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*pNssErr = nssErr;
|
||||
}
|
||||
|
||||
|
@ -898,8 +896,7 @@ cert_GetLogFromVerifyNode(
|
|||
}
|
||||
}
|
||||
PKIX_RETURN(CERTVFYPKIX);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PRUint32 i = 0;
|
||||
PKIX_UInt32 length = 0;
|
||||
|
||||
|
@ -1137,9 +1134,8 @@ cert_VerifyCertChainPkix(
|
|||
fnStackNameArr[0] = "cert_VerifyCertChainPkix";
|
||||
fnStackInvCountArr[0] = 0;
|
||||
PKIX_Boolean abortOnLeak =
|
||||
(PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
|
||||
PKIX_FALSE
|
||||
: PKIX_TRUE;
|
||||
(PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE
|
||||
: PKIX_TRUE;
|
||||
runningLeakTest = PKIX_TRUE;
|
||||
|
||||
/* Prevent multi-threaded run of object leak test */
|
||||
|
@ -1501,8 +1497,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
|
|||
errCode = SEC_ERROR_INVALID_TIME;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
error = pkix_pl_Date_CreateFromPRTime(param->value.scalar.time,
|
||||
&date, plContext);
|
||||
if (error != NULL) {
|
||||
|
@ -2019,9 +2014,8 @@ CERT_PKIXVerifyCert(
|
|||
fnStackNameArr[0] = "CERT_PKIXVerifyCert";
|
||||
fnStackInvCountArr[0] = 0;
|
||||
PKIX_Boolean abortOnLeak =
|
||||
(PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
|
||||
PKIX_FALSE
|
||||
: PKIX_TRUE;
|
||||
(PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE
|
||||
: PKIX_TRUE;
|
||||
runningLeakTest = PKIX_TRUE;
|
||||
|
||||
/* Prevent multi-threaded run of object leak test */
|
||||
|
@ -2149,8 +2143,7 @@ CERT_PKIXVerifyCert(
|
|||
if (trustAnchorCert != NULL) {
|
||||
oparam->value.pointer.cert =
|
||||
cert_NSSCertFromPKIXCert(trustAnchorCert);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
oparam->value.pointer.cert = NULL;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -80,16 +80,14 @@ CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
|
|||
rv = SEC_QuickDERDecodeItem(arena, value,
|
||||
SEC_ASN1_GET(SEC_IntegerTemplate),
|
||||
tmpItem);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECFailure;
|
||||
}
|
||||
|
||||
PORT_Free(encodedExtenValue.data);
|
||||
if (rv == SECFailure) {
|
||||
PORT_ArenaRelease(arena, mark);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_ArenaUnmark(arena, mark);
|
||||
}
|
||||
return (rv);
|
||||
|
|
|
@ -206,8 +206,7 @@ printHexString(const char *prefix, SECItem *hexval)
|
|||
for (i = 0; i < hexval->len; i++) {
|
||||
if (i != hexval->len - 1) {
|
||||
hexbuf = PR_sprintf_append(hexbuf, "%02x:", hexval->data[i]);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
hexbuf = PR_sprintf_append(hexbuf, "%02x", hexval->data[i]);
|
||||
}
|
||||
}
|
||||
|
@ -358,8 +357,7 @@ ocsp_CopyRevokedInfo(PLArenaPool *arena, ocspCertStatus *dest,
|
|||
if (!dest->certStatusInfo.revokedInfo->revocationReason) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
dest->certStatusInfo.revokedInfo->revocationReason = NULL;
|
||||
}
|
||||
|
||||
|
@ -461,15 +459,13 @@ ocsp_RemoveCacheItemFromLinkedList(OCSPCacheData *cache, OCSPCacheItem *item)
|
|||
PORT_Assert(item->moreRecent->lessRecent == item);
|
||||
cache->LRUitem = item->moreRecent;
|
||||
cache->LRUitem->lessRecent = NULL;
|
||||
}
|
||||
else if (item == cache->MRUitem) {
|
||||
} else if (item == cache->MRUitem) {
|
||||
PORT_Assert(item->moreRecent == NULL);
|
||||
PORT_Assert(item->lessRecent != NULL);
|
||||
PORT_Assert(item->lessRecent->moreRecent == item);
|
||||
cache->MRUitem = item->lessRecent;
|
||||
cache->MRUitem->moreRecent = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* remove an entry in the middle of the list */
|
||||
PORT_Assert(item->moreRecent != NULL);
|
||||
PORT_Assert(item->lessRecent != NULL);
|
||||
|
@ -682,8 +678,7 @@ ocsp_SetCacheItemResponse(OCSPCacheItem *item,
|
|||
rv = DER_GeneralizedTimeToTime(&item->nextUpdate,
|
||||
response->nextUpdate);
|
||||
item->haveNextUpdate = (rv == SECSuccess);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
item->haveNextUpdate = PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -711,8 +706,7 @@ ocsp_FreshenCacheItemNextFetchAttemptTime(OCSPCacheItem *cacheItem)
|
|||
MICROSECONDS_PER_SECOND;
|
||||
OCSP_TRACE_TIME("latestTimeWhenResponseIsConsideredFresh:",
|
||||
latestTimeWhenResponseIsConsideredFresh);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
latestTimeWhenResponseIsConsideredFresh = now +
|
||||
OCSP_Global.minimumSecondsToNextFetchAttempt *
|
||||
MICROSECONDS_PER_SECOND;
|
||||
|
@ -820,8 +814,7 @@ ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache,
|
|||
if (certIDWasConsumed) {
|
||||
myCertID = certID;
|
||||
*certIDWasConsumed = PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
myCertID = cert_DupOCSPCertID(certID);
|
||||
if (!myCertID) {
|
||||
PR_ExitMonitor(OCSP_Global.monitor);
|
||||
|
@ -849,13 +842,11 @@ ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache,
|
|||
PR_ExitMonitor(OCSP_Global.monitor);
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
OCSP_TRACE(("Not caching response because the response is not "
|
||||
"newer than the cache"));
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
cacheItem->missingResponseError = PORT_GetError();
|
||||
if (cacheItem->certStatusArena) {
|
||||
PORT_FreeArena(cacheItem->certStatusArena, PR_FALSE);
|
||||
|
@ -902,11 +893,9 @@ CERT_OCSPCacheSettings(PRInt32 maxCacheEntries,
|
|||
|
||||
if (maxCacheEntries < 0) {
|
||||
OCSP_Global.maxCacheEntries = -1; /* disable cache */
|
||||
}
|
||||
else if (maxCacheEntries == 0) {
|
||||
} else if (maxCacheEntries == 0) {
|
||||
OCSP_Global.maxCacheEntries = 0; /* unlimited cache entries */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
OCSP_Global.maxCacheEntries = maxCacheEntries;
|
||||
}
|
||||
|
||||
|
@ -964,8 +953,7 @@ OCSP_InitGlobal(void)
|
|||
OCSP_Global.cache.numberOfEntries = 0;
|
||||
OCSP_Global.cache.MRUitem = NULL;
|
||||
OCSP_Global.cache.LRUitem = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
* NSS might call this function twice while attempting to init.
|
||||
* But it's not allowed to call this again after any activity.
|
||||
|
@ -1623,8 +1611,7 @@ ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
|
|||
goto loser;
|
||||
}
|
||||
digestBuff = result->data;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (fill->len < digestObject->length) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
goto loser;
|
||||
|
@ -1649,8 +1636,7 @@ ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
|
|||
loser:
|
||||
if (arena != NULL) {
|
||||
PORT_ArenaRelease(arena, mark);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (result != NULL) {
|
||||
SECITEM_FreeItem(result, (fill == NULL) ? PR_TRUE : PR_FALSE);
|
||||
}
|
||||
|
@ -2909,8 +2895,7 @@ ocsp_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath)
|
|||
goto loser;
|
||||
PORT_Memcpy(path, save, len);
|
||||
path[len] = '\0';
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
path = PORT_Strdup("/");
|
||||
if (path == NULL)
|
||||
goto loser;
|
||||
|
@ -2975,8 +2960,7 @@ ocsp_ConnectToHost(const char *host, PRUint16 port)
|
|||
} while (PR_Connect(sock, &addr, timeout) != PR_SUCCESS);
|
||||
|
||||
PORT_Free(netdbbuf);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
* First put the port into the address, then connect.
|
||||
*/
|
||||
|
@ -3054,8 +3038,7 @@ ocsp_SendEncodedRequest(const char *location, const SECItem *encodedRequest)
|
|||
*/
|
||||
if (PR_Write(sock, header, (PRInt32)PORT_Strlen(header)) < 0)
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
header = PR_smprintf("POST %s HTTP/1.0\r\n"
|
||||
"Host: %s%s\r\n"
|
||||
"Content-Type: application/ocsp-request\r\n"
|
||||
|
@ -3111,8 +3094,7 @@ ocsp_read(PRFileDesc *fd, char *buf, int toread, PRIntervalTime timeout)
|
|||
total = -1; /* report the error if we didn't read anything yet */
|
||||
}
|
||||
break;
|
||||
}
|
||||
else if (got == 0) { /* EOS */
|
||||
} else if (got == 0) { /* EOS */
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -3188,8 +3170,7 @@ ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
|
|||
EOS or there was a read error */
|
||||
EOS = PR_TRUE;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* recv error or EOS */
|
||||
EOS = PR_TRUE;
|
||||
}
|
||||
|
@ -3260,15 +3241,13 @@ ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
|
|||
|
||||
if (0 == PORT_Strcasecmp(nextHeader, "content-type")) {
|
||||
contenttype = value;
|
||||
}
|
||||
else if (0 == PORT_Strcasecmp(nextHeader, "content-length")) {
|
||||
} else if (0 == PORT_Strcasecmp(nextHeader, "content-length")) {
|
||||
contentlength = atoi(value);
|
||||
}
|
||||
|
||||
if (thisHeaderEnd) {
|
||||
nextHeader = thisHeaderEnd + CRLFlen;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nextHeader = NULL;
|
||||
}
|
||||
|
||||
|
@ -3308,8 +3287,7 @@ ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
|
|||
EOS or there was a read error */
|
||||
EOS = PR_TRUE;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* recv error or EOS */
|
||||
EOS = PR_TRUE;
|
||||
}
|
||||
|
@ -3643,11 +3621,9 @@ ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
|
|||
|
||||
if (!strcmp(method, "GET")) {
|
||||
encodedResponse = cert_GetOCSPResponse(arena, location, encodedRequest);
|
||||
}
|
||||
else if (!strcmp(method, "POST")) {
|
||||
} else if (!strcmp(method, "POST")) {
|
||||
encodedResponse = CERT_PostOCSPRequest(arena, location, encodedRequest);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -3711,8 +3687,7 @@ cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
|
|||
*/
|
||||
if (arena) {
|
||||
fullGetPath = (char *)PORT_ArenaAlloc(arena, getURLLength);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fullGetPath = (char *)PORT_Alloc(getURLLength);
|
||||
}
|
||||
if (!fullGetPath) {
|
||||
|
@ -3757,8 +3732,7 @@ cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
|
|||
®isteredHttpClient->fcnTable.ftable1,
|
||||
location,
|
||||
encodedRequest);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* use internal http client */
|
||||
PRFileDesc *sock = ocsp_SendEncodedRequest(location, encodedRequest);
|
||||
if (sock) {
|
||||
|
@ -3968,14 +3942,12 @@ ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
|
|||
if (rv != SECSuccess) {
|
||||
if (PORT_GetError() == SEC_ERROR_BAD_DER)
|
||||
PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
signerCert = CERT_FindCertByName(handle, &encodedName);
|
||||
}
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
* The signer is either 1) a known issuer CA we passed in,
|
||||
* 2) the default OCSP responder, or 3) an intermediate CA
|
||||
|
@ -3986,8 +3958,7 @@ ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
|
|||
ocsp_CertGetDefaultResponder(handle, NULL);
|
||||
if (responder && ocsp_matchcert(certIndex, responder)) {
|
||||
signerCert = CERT_DupCertificate(responder);
|
||||
}
|
||||
else if (issuer && ocsp_matchcert(certIndex, issuer)) {
|
||||
} else if (issuer && ocsp_matchcert(certIndex, issuer)) {
|
||||
signerCert = CERT_DupCertificate(issuer);
|
||||
}
|
||||
for (i = 0; (signerCert == NULL) && (i < certCount); i++) {
|
||||
|
@ -4111,8 +4082,7 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
|
|||
if (signature->status == SECSuccess) {
|
||||
if (pSignerCert != NULL)
|
||||
*pSignerCert = CERT_DupCertificate(signature->cert);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(signature->failureReason);
|
||||
}
|
||||
return signature->status;
|
||||
|
@ -4153,13 +4123,11 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
|
|||
*/
|
||||
if (ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SECCertUsage certUsage;
|
||||
if (CERT_IsCACert(signerCert, NULL)) {
|
||||
certUsage = certUsageAnyCA;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
certUsage = certUsageStatusResponder;
|
||||
}
|
||||
rv = cert_VerifyCertWithFlags(handle, signerCert, PR_TRUE, certUsage,
|
||||
|
@ -4183,8 +4151,7 @@ finish:
|
|||
signature->failureReason = PORT_GetError();
|
||||
if (signerCert != NULL)
|
||||
CERT_DestroyCertificate(signerCert);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
* Save signer's certificate in signature.
|
||||
*/
|
||||
|
@ -4672,8 +4639,7 @@ ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
|
|||
LL_ADD(tmp, tmp, nextUpdate);
|
||||
if (LL_CMP(tmp, <, now) || LL_CMP(producedAt, >, nextUpdate))
|
||||
return ocsp_HandleOldSingleResponse(single, now);
|
||||
}
|
||||
else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) {
|
||||
} else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) {
|
||||
return ocsp_HandleOldSingleResponse(single, now);
|
||||
}
|
||||
|
||||
|
@ -4955,8 +4921,7 @@ ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,
|
|||
if (*rvOcsp != SECSuccess) {
|
||||
*missingResponseError = PORT_GetError();
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
* No status cached, the previous attempt failed.
|
||||
* If OCSP is required, we never decide based on a failed attempt
|
||||
|
@ -5078,10 +5043,9 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
if (ocsp_FetchingFailureIsVerificationFailure()) {
|
||||
PORT_SetError(err);
|
||||
rvOcsp = SECFailure;
|
||||
}
|
||||
else if (cachedResponseFreshness == ocspStale &&
|
||||
(cachedErrorCode == SEC_ERROR_OCSP_UNKNOWN_CERT ||
|
||||
cachedErrorCode == SEC_ERROR_REVOKED_CERTIFICATE)) {
|
||||
} else if (cachedResponseFreshness == ocspStale &&
|
||||
(cachedErrorCode == SEC_ERROR_OCSP_UNKNOWN_CERT ||
|
||||
cachedErrorCode == SEC_ERROR_REVOKED_CERTIFICATE)) {
|
||||
/* If we couldn't get a response for a certificate that the OCSP
|
||||
* responder previously told us was bad, then assume it is still
|
||||
* bad until we hear otherwise, as it is very unlikely that the
|
||||
|
@ -5091,8 +5055,7 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
|
|||
*/
|
||||
PORT_SetError(cachedErrorCode);
|
||||
rvOcsp = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rvOcsp = SECSuccess;
|
||||
}
|
||||
}
|
||||
|
@ -5267,8 +5230,7 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
|
|||
PR_EnterMonitor(OCSP_Global.monitor);
|
||||
if (OCSP_Global.forcePost) {
|
||||
currentStage = stagePOST;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
currentStage = stageGET;
|
||||
}
|
||||
PR_ExitMonitor(OCSP_Global.monitor);
|
||||
|
@ -5327,8 +5289,7 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
|
|||
|
||||
if (currentStage == stageGET) {
|
||||
method = "GET";
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Assert(currentStage == stagePOST);
|
||||
method = "POST";
|
||||
}
|
||||
|
@ -5363,18 +5324,15 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
|
|||
if (validResponseWithAccurateInfo) {
|
||||
ocsp_CacheSingleResponse(certID, singleResponse,
|
||||
certIDWasConsumed);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
retry = PR_TRUE;
|
||||
currentStage = stagePOST;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* cache the POST respone, regardless of status */
|
||||
if (!singleResponse) {
|
||||
cert_RememberOCSPProcessingFailure(certID, certIDWasConsumed);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ocsp_CacheSingleResponse(certID, singleResponse,
|
||||
certIDWasConsumed);
|
||||
}
|
||||
|
@ -5948,8 +5906,7 @@ CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
|
|||
statusContext->defaultResponderCert = cert;
|
||||
/*OCSP enabled, switching responder: clear cache*/
|
||||
CERT_ClearOCSPCache();
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Assert(statusContext->useDefaultResponder == PR_FALSE);
|
||||
CERT_DestroyCertificate(cert);
|
||||
/*OCSP currently not enabled, no need to clear cache*/
|
||||
|
|
|
@ -460,16 +460,14 @@ CERT_CreateEncodedOCSPSuccessResponse(
|
|||
|
||||
/* convert len-in-bytes to len-in-bits */
|
||||
br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rid->responderIDType = responderIDType;
|
||||
if (responderIDType == ocspResponderID_byName) {
|
||||
responderIDTemplate = ocsp_ResponderIDByNameTemplate;
|
||||
if (CERT_CopyName(tmpArena, &rid->responderIDValue.name,
|
||||
&responderCert->subject) != SECSuccess)
|
||||
goto done;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
|
||||
if (!CERT_GetSubjectPublicKeyDigest(tmpArena, responderCert,
|
||||
SEC_OID_SHA1, &rid->responderIDValue.keyHash))
|
||||
|
|
|
@ -13,5 +13,5 @@
|
|||
#include "builtins.h"
|
||||
|
||||
#define MODULE_NAME builtins
|
||||
#define INSTANCE_NAME (NSSCKMDInstance *) & nss_builtins_mdInstance
|
||||
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_builtins_mdInstance
|
||||
#include "nssck.api"
|
||||
|
|
|
@ -126,8 +126,7 @@ builtins_attrmatch(
|
|||
|
||||
if (PR_TRUE == prb) {
|
||||
return CK_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return CK_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -147,8 +146,7 @@ builtins_match(
|
|||
if (o->types[j] == pTemplate[i].type) {
|
||||
if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,5 +13,5 @@
|
|||
#include "ckcapi.h"
|
||||
|
||||
#define MODULE_NAME ckcapi
|
||||
#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckcapi_mdInstance
|
||||
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckcapi_mdInstance
|
||||
#include "nssck.api"
|
||||
|
|
|
@ -109,8 +109,7 @@ ckcapi_attrmatch(
|
|||
|
||||
if (PR_TRUE == prb) {
|
||||
return CK_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return CK_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -135,25 +134,23 @@ ckcapi_match(
|
|||
|
||||
#define CKAPI_ITEM_CHUNK 20
|
||||
|
||||
#define PUT_Object(obj, err) \
|
||||
{ \
|
||||
if (count >= size) { \
|
||||
*listp = *listp ? \
|
||||
nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \
|
||||
(size + \
|
||||
CKAPI_ITEM_CHUNK)) \
|
||||
: \
|
||||
nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \
|
||||
(size + \
|
||||
CKAPI_ITEM_CHUNK)); \
|
||||
if ((ckcapiInternalObject **)NULL == *listp) { \
|
||||
err = CKR_HOST_MEMORY; \
|
||||
goto loser; \
|
||||
} \
|
||||
size += CKAPI_ITEM_CHUNK; \
|
||||
} \
|
||||
(*listp)[count] = (obj); \
|
||||
count++; \
|
||||
#define PUT_Object(obj, err) \
|
||||
{ \
|
||||
if (count >= size) { \
|
||||
*listp = *listp ? nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \
|
||||
(size + \
|
||||
CKAPI_ITEM_CHUNK)) \
|
||||
: nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \
|
||||
(size + \
|
||||
CKAPI_ITEM_CHUNK)); \
|
||||
if ((ckcapiInternalObject **)NULL == *listp) { \
|
||||
err = CKR_HOST_MEMORY; \
|
||||
goto loser; \
|
||||
} \
|
||||
size += CKAPI_ITEM_CHUNK; \
|
||||
} \
|
||||
(*listp)[count] = (obj); \
|
||||
count++; \
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -338,8 +335,7 @@ collect_class(
|
|||
1) != 0)) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
int reason =
|
||||
GetLastError();
|
||||
/* we only care if it exists, we don't really need to fetch it yet */
|
||||
|
@ -375,8 +371,7 @@ collect_class(
|
|||
next->u.cert.certStore = storeStr;
|
||||
PUT_Object(next, *pError);
|
||||
next = NULL; /* need to allocate a new one now */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* don't cache the values we just loaded */
|
||||
memset(&next->u.cert, 0, sizeof(next->u.cert));
|
||||
}
|
||||
|
|
|
@ -471,8 +471,7 @@ nss_ckcapi_FetchKeyContainer(
|
|||
if (!rc) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*hProv =
|
||||
ko->hProv;
|
||||
}
|
||||
|
@ -684,8 +683,7 @@ ckcapi_PopulateModulusExponent(
|
|||
{
|
||||
if (ckcapiCert == io->type) {
|
||||
ckcapi_CertPopulateModulusExponent(io);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ckcapi_FetchPublicKey(io);
|
||||
}
|
||||
return;
|
||||
|
@ -713,8 +711,7 @@ ckcapi_FetchLabel(
|
|||
co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16);
|
||||
if ((CHAR *)NULL == co->labelData) {
|
||||
rv = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
size = strlen(co->labelData);
|
||||
}
|
||||
}
|
||||
|
@ -862,8 +859,7 @@ ckcapi_FetchHashKey(
|
|||
{
|
||||
if (ckcapiCert == io->type) {
|
||||
ckcapi_CertFetchHashKey(io);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ckcapi_KeyFetchHashKey(io);
|
||||
}
|
||||
return;
|
||||
|
@ -1336,8 +1332,7 @@ ckcapi_mdObject_Destroy(
|
|||
goto loser;
|
||||
}
|
||||
rc = CertDeleteCertificateFromStore(certContext);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
char *provName = NULL;
|
||||
char *containerName = NULL;
|
||||
HCRYPTPROV hProv;
|
||||
|
@ -1353,8 +1348,7 @@ ckcapi_mdObject_Destroy(
|
|||
containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName);
|
||||
provType = provInfo->dwProvType;
|
||||
nss_ZFreeIf(provInfo);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
provName = io->u.key.provName;
|
||||
containerName = io->u.key.containerName;
|
||||
provType = io->u.key.provInfo.dwProvType;
|
||||
|
@ -1461,8 +1455,7 @@ ckcapi_mdObject_GetAttributeTypes(
|
|||
}
|
||||
if (io->type == ckcapiRaw) {
|
||||
attrs = io->u.raw.types;
|
||||
}
|
||||
else
|
||||
} else
|
||||
switch (io->objClass) {
|
||||
case CKO_CERTIFICATE:
|
||||
attrs =
|
||||
|
@ -1613,8 +1606,7 @@ nss_ckcapi_CreateMDObject(
|
|||
nssHash_Lookup(ckcapiInternalObjectHash, key);
|
||||
if (!old_o) {
|
||||
nssHash_Add(ckcapiInternalObjectHash, key, io);
|
||||
}
|
||||
else if (old_o != io) {
|
||||
} else if (old_o != io) {
|
||||
nss_ckcapi_DestroyInternalObject(io);
|
||||
io = old_o;
|
||||
}
|
||||
|
@ -1751,15 +1743,12 @@ nss_ckcapi_CreateCertificate(
|
|||
}
|
||||
|
||||
/* does it look like a CA */
|
||||
}
|
||||
else if (ckcapi_cert_isCA(certContext)) {
|
||||
} else if (ckcapi_cert_isCA(certContext)) {
|
||||
storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root";
|
||||
/* does it look like an S/MIME cert */
|
||||
}
|
||||
else if (ckcapi_cert_hasEmail(certContext)) {
|
||||
} else if (ckcapi_cert_hasEmail(certContext)) {
|
||||
storeStr = "AddressBook";
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* just pick a store */
|
||||
storeStr = "CA";
|
||||
}
|
||||
|
@ -2223,12 +2212,10 @@ nss_ckcapi_CreateObject(
|
|||
if (objClass == CKO_CERTIFICATE) {
|
||||
io = nss_ckcapi_CreateCertificate(fwSession, pTemplate,
|
||||
ulAttributeCount, pError);
|
||||
}
|
||||
else if (objClass == CKO_PRIVATE_KEY) {
|
||||
} else if (objClass == CKO_PRIVATE_KEY) {
|
||||
io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate,
|
||||
ulAttributeCount, pError);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*pError = CKR_ATTRIBUTE_VALUE_INVALID;
|
||||
}
|
||||
|
||||
|
|
|
@ -13,5 +13,5 @@
|
|||
#include "ckdbm.h"
|
||||
|
||||
#define MODULE_NAME dbm
|
||||
#define INSTANCE_NAME (NSSCKMDInstance *) & nss_dbm_mdInstance
|
||||
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_dbm_mdInstance
|
||||
#include "nssck.api"
|
||||
|
|
|
@ -94,8 +94,7 @@ nss_dbm_db_get_format_version(
|
|||
(void)PR_sscanf(v.data, "%ld.%ld", &major, &minor);
|
||||
rv.major = major;
|
||||
rv.minor = minor;
|
||||
}
|
||||
else if (dbrv > 0) {
|
||||
} else if (dbrv > 0) {
|
||||
(void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major,
|
||||
nss_dbm_db_format_version.minor);
|
||||
v.data = buffer;
|
||||
|
@ -103,8 +102,7 @@ nss_dbm_db_get_format_version(
|
|||
dbrv = db->db->put(db->db, &k, &v, 0);
|
||||
(void)db->db->sync(db->db, 0);
|
||||
rv = nss_dbm_db_format_version;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* No error return.. */
|
||||
;
|
||||
}
|
||||
|
@ -177,12 +175,10 @@ nss_dbm_db_get_label(
|
|||
if ((NSSUTF8 *)NULL == rv) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
}
|
||||
}
|
||||
else if (dbrv > 0) {
|
||||
} else if (dbrv > 0) {
|
||||
/* Just return null */
|
||||
;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*pError = CKR_DEVICE_ERROR;
|
||||
;
|
||||
}
|
||||
|
@ -256,11 +252,9 @@ nss_dbm_db_new_handle(
|
|||
if (0 == rv) {
|
||||
(void)memcpy(&align, v.data, sizeof(CK_ULONG));
|
||||
id = ntohl(align);
|
||||
}
|
||||
else if (rv > 0) {
|
||||
} else if (rv > 0) {
|
||||
id = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -762,8 +756,7 @@ nss_dbm_db_object_still_exists(
|
|||
dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
|
||||
if (0 == dbrv) {
|
||||
rv = CK_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -792,12 +785,10 @@ nss_dbm_db_get_object_attribute_count(
|
|||
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
|
||||
if (0 == *pdbrv) {
|
||||
;
|
||||
}
|
||||
else if (*pdbrv > 0) {
|
||||
} else if (*pdbrv > 0) {
|
||||
*pError = CKR_OBJECT_HANDLE_INVALID;
|
||||
goto done;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*pError = CKR_DEVICE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
@ -834,12 +825,10 @@ nss_dbm_db_get_object_attribute_types(
|
|||
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
|
||||
if (0 == *pdbrv) {
|
||||
;
|
||||
}
|
||||
else if (*pdbrv > 0) {
|
||||
} else if (*pdbrv > 0) {
|
||||
rv = CKR_OBJECT_HANDLE_INVALID;
|
||||
goto done;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = CKR_DEVICE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
@ -885,12 +874,10 @@ nss_dbm_db_get_object_attribute_size(
|
|||
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
|
||||
if (0 == *pdbrv) {
|
||||
;
|
||||
}
|
||||
else if (*pdbrv > 0) {
|
||||
} else if (*pdbrv > 0) {
|
||||
*pError = CKR_OBJECT_HANDLE_INVALID;
|
||||
goto done;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*pError = CKR_DEVICE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
@ -900,8 +887,7 @@ nss_dbm_db_get_object_attribute_size(
|
|||
|
||||
for (i = 0; i < n; i++) {
|
||||
if (type == ntohl(pulData[1 + i * 3])) {
|
||||
rv = ntohl(pulData[2 + i *
|
||||
3]);
|
||||
rv = ntohl(pulData[2 + i * 3]);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -942,12 +928,10 @@ nss_dbm_db_get_object_attribute(
|
|||
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
|
||||
if (0 == *pdbrv) {
|
||||
;
|
||||
}
|
||||
else if (*pdbrv > 0) {
|
||||
} else if (*pdbrv > 0) {
|
||||
*pError = CKR_OBJECT_HANDLE_INVALID;
|
||||
goto done;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*pError = CKR_DEVICE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
@ -1017,12 +1001,10 @@ nss_dbm_db_set_object_attribute(
|
|||
*pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
|
||||
if (0 == *pdbrv) {
|
||||
;
|
||||
}
|
||||
else if (*pdbrv > 0) {
|
||||
} else if (*pdbrv > 0) {
|
||||
rv = CKR_OBJECT_HANDLE_INVALID;
|
||||
goto done;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = CKR_DEVICE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
|
|
@ -75,8 +75,7 @@ nss_dbm_mdSlot_GetTokenPresent(
|
|||
|
||||
if ((nss_dbm_db_t *)NULL == slot->token_db) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return CK_TRUE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -150,8 +150,7 @@ nss_dbm_mdToken_GetIsWriteProtected(
|
|||
|
||||
if (token->slot->flags & O_RDWR) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return CK_TRUE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -270,8 +270,7 @@ nssCKFWFindObjects_Next(
|
|||
fwFindObjects->mdToken, fwFindObjects->fwToken,
|
||||
fwFindObjects->mdInstance, fwFindObjects->fwInstance);
|
||||
fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
goto wrap;
|
||||
}
|
||||
}
|
||||
|
@ -296,8 +295,7 @@ nssCKFWFindObjects_Next(
|
|||
fwFindObjects->mdToken, fwFindObjects->fwToken,
|
||||
fwFindObjects->mdInstance, fwFindObjects->fwInstance);
|
||||
fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
goto wrap;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -135,8 +135,7 @@ nssCKFWHash_Add(
|
|||
he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
|
||||
if (!he) {
|
||||
error = CKR_HOST_MEMORY;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
hash->count++;
|
||||
}
|
||||
|
||||
|
@ -211,8 +210,7 @@ nssCKFWHash_Exists(
|
|||
|
||||
if (!value) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return CK_TRUE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -190,13 +190,11 @@ nssCKFWInstance_Create(
|
|||
fwInstance->pInitArgs = &fwInstance->initArgs;
|
||||
if (pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS) {
|
||||
fwInstance->mayCreatePthreads = CK_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwInstance->mayCreatePthreads = CK_TRUE;
|
||||
}
|
||||
fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwInstance->mayCreatePthreads = CK_TRUE;
|
||||
}
|
||||
|
||||
|
@ -221,8 +219,7 @@ nssCKFWInstance_Create(
|
|||
if (mdInstance->ModuleHandlesSessionObjects) {
|
||||
fwInstance->moduleHandlesSessionObjects =
|
||||
mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwInstance->moduleHandlesSessionObjects = CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -879,8 +876,7 @@ nssCKFWInstance_GetCryptokiVersion(
|
|||
if (fwInstance->mdInstance->GetCryptokiVersion) {
|
||||
fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion(
|
||||
fwInstance->mdInstance, fwInstance);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwInstance->cryptokiVersion.major = 2;
|
||||
fwInstance->cryptokiVersion.minor = 1;
|
||||
}
|
||||
|
@ -926,8 +922,7 @@ nssCKFWInstance_GetManufacturerID(
|
|||
if ((!fwInstance->manufacturerID) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwInstance->manufacturerID = (NSSUTF8 *)"";
|
||||
}
|
||||
}
|
||||
|
@ -992,8 +987,7 @@ nssCKFWInstance_GetLibraryDescription(
|
|||
if ((!fwInstance->libraryDescription) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwInstance->libraryDescription = (NSSUTF8 *)"";
|
||||
}
|
||||
}
|
||||
|
@ -1037,8 +1031,7 @@ nssCKFWInstance_GetLibraryVersion(
|
|||
if (fwInstance->mdInstance->GetLibraryVersion) {
|
||||
fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion(
|
||||
fwInstance->mdInstance, fwInstance);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwInstance->libraryVersion.major = 0;
|
||||
fwInstance->libraryVersion.minor = 3;
|
||||
}
|
||||
|
|
|
@ -13,5 +13,5 @@
|
|||
#include "ckmk.h"
|
||||
|
||||
#define MODULE_NAME ckmk
|
||||
#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckmk_mdInstance
|
||||
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckmk_mdInstance
|
||||
#include "nssck.api"
|
||||
|
|
|
@ -110,8 +110,7 @@ ckmk_attrmatch(
|
|||
|
||||
if (PR_TRUE == prb) {
|
||||
return CK_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return CK_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -136,25 +135,23 @@ ckmk_match(
|
|||
|
||||
#define CKMK_ITEM_CHUNK 20
|
||||
|
||||
#define PUT_OBJECT(obj, err, size, count, list) \
|
||||
{ \
|
||||
if (count >= size) { \
|
||||
(list) = (list) ? \
|
||||
nss_ZREALLOCARRAY(list, ckmkInternalObject *, \
|
||||
((size) + \
|
||||
CKMK_ITEM_CHUNK)) \
|
||||
: \
|
||||
nss_ZNEWARRAY(NULL, ckmkInternalObject *, \
|
||||
((size) + \
|
||||
CKMK_ITEM_CHUNK)); \
|
||||
if ((ckmkInternalObject **)NULL == list) { \
|
||||
err = CKR_HOST_MEMORY; \
|
||||
goto loser; \
|
||||
} \
|
||||
(size) += CKMK_ITEM_CHUNK; \
|
||||
} \
|
||||
(list)[count] = (obj); \
|
||||
count++; \
|
||||
#define PUT_OBJECT(obj, err, size, count, list) \
|
||||
{ \
|
||||
if (count >= size) { \
|
||||
(list) = (list) ? nss_ZREALLOCARRAY(list, ckmkInternalObject *, \
|
||||
((size) + \
|
||||
CKMK_ITEM_CHUNK)) \
|
||||
: nss_ZNEWARRAY(NULL, ckmkInternalObject *, \
|
||||
((size) + \
|
||||
CKMK_ITEM_CHUNK)); \
|
||||
if ((ckmkInternalObject **)NULL == list) { \
|
||||
err = CKR_HOST_MEMORY; \
|
||||
goto loser; \
|
||||
} \
|
||||
(size) += CKMK_ITEM_CHUNK; \
|
||||
} \
|
||||
(list)[count] = (obj); \
|
||||
count++; \
|
||||
}
|
||||
|
||||
/* find all the certs that represent the appropriate object (cert, priv key, or
|
||||
|
@ -201,8 +198,7 @@ collect_class(
|
|||
/* yes, put it on the list */
|
||||
PUT_OBJECT(next, *pError, *sizep, count, *listp);
|
||||
next = NULL; /* this one is on the list, need to allocate a new one now */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* no , release the current item and clear out the structure for reuse */
|
||||
CFRelease(itemRef);
|
||||
/* don't cache the values we just loaded */
|
||||
|
|
|
@ -322,8 +322,7 @@ ckmk_encodeInt(NSSItem *dest, void *src, int srcLen)
|
|||
data[0] = DER_INTEGER;
|
||||
if (1 == lenLen) {
|
||||
data[1] = dataLen;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
data[1] = 0x80 + lenLen;
|
||||
for (i = 0; i < lenLen; i++) {
|
||||
data[i + 1] = ((dataLen >> ((lenLen -
|
||||
|
@ -505,7 +504,7 @@ loser:
|
|||
|
||||
#define CKMK_HANDLE_OPT_ITEM(func, io, type, loc, item, error, str) \
|
||||
if (0 == (item)->loc.size) { \
|
||||
(void) func(io, type, &(item)->loc, str); \
|
||||
(void)func(io, type, &(item)->loc, str); \
|
||||
} \
|
||||
return &(item)->loc;
|
||||
|
||||
|
@ -528,8 +527,7 @@ ckmk_FetchHashKey(
|
|||
if (io->objClass == CKO_CERTIFICATE) {
|
||||
ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr,
|
||||
PR_TRUE, key, "Fetching HashKey (cert)");
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ckmk_GetCommonAttribute(io, kSecKeyLabel,
|
||||
PR_FALSE, key, "Fetching HashKey (key)");
|
||||
}
|
||||
|
@ -992,8 +990,7 @@ ckmk_mdObject_GetAttributeTypes(
|
|||
}
|
||||
if (io->type == ckmkRaw) {
|
||||
attrs = io->u.raw.types;
|
||||
}
|
||||
else
|
||||
} else
|
||||
switch (io->objClass) {
|
||||
case CKO_CERTIFICATE:
|
||||
attrs =
|
||||
|
@ -1184,8 +1181,7 @@ nss_ckmk_CreateMDObject(
|
|||
nssHash_Lookup(ckmkInternalObjectHash, key);
|
||||
if (!old_o) {
|
||||
nssHash_Add(ckmkInternalObjectHash, key, io);
|
||||
}
|
||||
else if (old_o != io) {
|
||||
} else if (old_o != io) {
|
||||
nss_ckmk_DestroyInternalObject(io);
|
||||
io = old_o;
|
||||
}
|
||||
|
@ -1785,8 +1781,7 @@ nss_ckmk_CreatePrivateKey(
|
|||
if (nickname) {
|
||||
ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname,
|
||||
strlen(nickname) + 1, "Modify Key Label");
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
#define DEFAULT_NICKNAME "NSS Imported Key"
|
||||
ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME,
|
||||
sizeof(DEFAULT_NICKNAME), "Modify Key Label");
|
||||
|
@ -1852,12 +1847,10 @@ nss_ckmk_CreateObject(
|
|||
if (objClass == CKO_CERTIFICATE) {
|
||||
io = nss_ckmk_CreateCertificate(fwSession, pTemplate,
|
||||
ulAttributeCount, pError);
|
||||
}
|
||||
else if (objClass == CKO_PRIVATE_KEY) {
|
||||
} else if (objClass == CKO_PRIVATE_KEY) {
|
||||
io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate,
|
||||
ulAttributeCount, pError);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*pError = CKR_ATTRIBUTE_VALUE_INVALID;
|
||||
}
|
||||
|
||||
|
|
|
@ -584,8 +584,7 @@ nssCKFWObject_GetAttribute(
|
|||
*pError = CKR_HOST_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = itemOpt;
|
||||
}
|
||||
|
||||
|
@ -600,12 +599,10 @@ nssCKFWObject_GetAttribute(
|
|||
rv = (NSSItem *)NULL;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (rv->size >= mdItem.item->size) {
|
||||
rv->size = mdItem.item->size;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*pError = CKR_BUFFER_TOO_SMALL;
|
||||
/* Should we set rv->size to mdItem->size? */
|
||||
/* rv can't have been allocated */
|
||||
|
@ -714,8 +711,7 @@ nssCKFWObject_SetAttribute(
|
|||
* not in the list. Add it.
|
||||
*/
|
||||
nssCKFWSession_RegisterSessionObject(fwSession, fwObject);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
* New one is a token object, except since we "stole" the fwObject, it's
|
||||
* in the list. Remove it.
|
||||
|
@ -731,8 +727,7 @@ nssCKFWObject_SetAttribute(
|
|||
nssCKFWObject_Destroy(newFwObject);
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
* An "ordinary" change.
|
||||
*/
|
||||
|
|
|
@ -696,8 +696,7 @@ nssCKFWSession_Login(
|
|||
default:
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
}
|
||||
else /* CKU_USER == userType */ {
|
||||
} else /* CKU_USER == userType */ {
|
||||
switch (oldState) {
|
||||
case CKS_RO_PUBLIC_SESSION:
|
||||
newState =
|
||||
|
@ -732,8 +731,7 @@ nssCKFWSession_Login(
|
|||
* it'll just rely on the Framework as needed.
|
||||
*/
|
||||
;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
error = fwSession->mdSession->Login(fwSession->mdSession, fwSession,
|
||||
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
||||
fwSession->fwInstance, userType, pin, oldState, newState);
|
||||
|
@ -802,8 +800,7 @@ nssCKFWSession_Logout(
|
|||
* The Module doesn't want to be informed. Okay.
|
||||
*/
|
||||
;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession,
|
||||
fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
|
||||
fwSession->fwInstance, oldState, newState);
|
||||
|
@ -1123,15 +1120,13 @@ nssCKFWSession_SetOperationState(
|
|||
|
||||
if (encryptionKey) {
|
||||
mdek = nssCKFWObject_GetMDObject(encryptionKey);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
mdek = (NSSCKMDObject *)NULL;
|
||||
}
|
||||
|
||||
if (authenticationKey) {
|
||||
mdak = nssCKFWObject_GetMDObject(authenticationKey);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
mdak = (NSSCKMDObject *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1164,8 +1159,7 @@ nss_attributes_form_token_object(
|
|||
if (sizeof(CK_BBOOL) == pTemplate[i].ulValueLen) {
|
||||
(void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL));
|
||||
return rv;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return CK_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -1233,8 +1227,7 @@ nssCKFWSession_CreateObject(
|
|||
}
|
||||
|
||||
goto callmdcreateobject;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* === SESSION OBJECT === */
|
||||
|
||||
arena = nssCKFWSession_GetArena(fwSession, pError);
|
||||
|
@ -1255,8 +1248,7 @@ nssCKFWSession_CreateObject(
|
|||
}
|
||||
|
||||
goto callmdcreateobject;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* --- framework handles the session object -- */
|
||||
mdObject = nssCKMDSessionObject_Create(fwSession->fwToken,
|
||||
arena, pTemplate, ulAttributeCount, pError);
|
||||
|
@ -1279,10 +1271,8 @@ gotmdobject:
|
|||
}
|
||||
|
||||
fwObject = nssCKFWObject_Create(arena, mdObject,
|
||||
isTokenObject ?
|
||||
NULL
|
||||
:
|
||||
fwSession,
|
||||
isTokenObject ? NULL
|
||||
: fwSession,
|
||||
fwSession->fwToken, fwSession->fwInstance, pError);
|
||||
if (!fwObject) {
|
||||
if (CKR_OK == *pError) {
|
||||
|
@ -1387,8 +1377,7 @@ nssCKFWSession_CopyObject(
|
|||
|
||||
if (CK_TRUE == newIsToken) {
|
||||
arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
arena = nssCKFWSession_GetArena(fwSession, pError);
|
||||
}
|
||||
if (!arena) {
|
||||
|
@ -1410,10 +1399,8 @@ nssCKFWSession_CopyObject(
|
|||
}
|
||||
|
||||
rv = nssCKFWObject_Create(arena, mdObject,
|
||||
newIsToken ?
|
||||
NULL
|
||||
:
|
||||
fwSession,
|
||||
newIsToken ? NULL
|
||||
: fwSession,
|
||||
fwSession->fwToken, fwSession->fwInstance, pError);
|
||||
|
||||
if (CK_FALSE == newIsToken) {
|
||||
|
@ -1427,8 +1414,7 @@ nssCKFWSession_CopyObject(
|
|||
}
|
||||
|
||||
return rv;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* use create object */
|
||||
NSSArena *tmpArena;
|
||||
CK_ATTRIBUTE_PTR newTemplate;
|
||||
|
@ -1493,8 +1479,7 @@ nssCKFWSession_CopyObject(
|
|||
pTemplate[i].pValue) {
|
||||
/* This attribute is being deleted */
|
||||
;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* This attribute is being replaced */
|
||||
newTemplate[k].type =
|
||||
pTemplate[i].type;
|
||||
|
@ -1611,8 +1596,7 @@ nssCKFWSession_FindObjectsInit(
|
|||
fwSession, fwSession->mdToken, fwSession->fwToken,
|
||||
fwSession->mdInstance, fwSession->fwInstance,
|
||||
pTemplate, ulAttributeCount, pError);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Do the search ourselves */
|
||||
mdfo1 =
|
||||
nssCKMDFindSessionObjects_Create(fwSession->fwToken,
|
||||
|
@ -1665,8 +1649,7 @@ nssCKFWSession_FindObjectsInit(
|
|||
goto wrap;
|
||||
}
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Module handles all its own objects. Pass on to module's search */
|
||||
mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
|
||||
fwSession, fwSession->mdToken, fwSession->fwToken,
|
||||
|
@ -1766,8 +1749,7 @@ nssCKFWSession_GetRandom(
|
|||
if (!fwSession->mdSession->GetRandom) {
|
||||
if (CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken)) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return CKR_RANDOM_NO_RNG;
|
||||
}
|
||||
}
|
||||
|
@ -1880,8 +1862,7 @@ nssCKFWSession_Final(
|
|||
error = CKR_ARGUMENTS_BAD;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
|
||||
CK_ULONG maxBufLen = *outBufLen;
|
||||
|
||||
|
@ -2127,16 +2108,13 @@ nssCKFWSession_UpdateFinal(
|
|||
error = CKR_ARGUMENTS_BAD;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
CK_ULONG maxBufLen = *outBufLen;
|
||||
CK_ULONG len;
|
||||
|
||||
len = (isEncryptDecrypt) ?
|
||||
nssCKFWCryptoOperation_GetOperationLength(fwOperation,
|
||||
&inputBuffer, &error)
|
||||
:
|
||||
nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
|
||||
len = (isEncryptDecrypt) ? nssCKFWCryptoOperation_GetOperationLength(fwOperation,
|
||||
&inputBuffer, &error)
|
||||
: nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
|
||||
|
||||
if (CKR_OK != error) {
|
||||
goto done;
|
||||
|
@ -2159,10 +2137,8 @@ nssCKFWSession_UpdateFinal(
|
|||
|
||||
/* UpdateFinal isn't support, manually use Update and Final */
|
||||
if (CKR_FUNCTION_FAILED == error) {
|
||||
error = isEncryptDecrypt ?
|
||||
nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer)
|
||||
:
|
||||
nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
|
||||
error = isEncryptDecrypt ? nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer)
|
||||
: nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
|
||||
|
||||
if (CKR_OK == error) {
|
||||
error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
|
||||
|
|
|
@ -794,8 +794,7 @@ items_match(
|
|||
|
||||
if (PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL)) {
|
||||
return CK_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return CK_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -826,8 +825,7 @@ findfcn(
|
|||
if (mdso->types[j] == p->type) {
|
||||
if (!items_match(&mdso->attributes[j], p->pValue, p->ulValueLen)) {
|
||||
return;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -336,8 +336,7 @@ nssCKFWSlot_GetSlotDescription(
|
|||
if ((!fwSlot->slotDescription) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwSlot->slotDescription = (NSSUTF8 *)"";
|
||||
}
|
||||
}
|
||||
|
@ -385,8 +384,7 @@ nssCKFWSlot_GetManufacturerID(
|
|||
if ((!fwSlot->manufacturerID) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwSlot->manufacturerID = (NSSUTF8 *)"";
|
||||
}
|
||||
}
|
||||
|
@ -496,8 +494,7 @@ nssCKFWSlot_GetHardwareVersion(
|
|||
if (fwSlot->mdSlot->GetHardwareVersion) {
|
||||
fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion(
|
||||
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwSlot->hardwareVersion.major = 0;
|
||||
fwSlot->hardwareVersion.minor = 1;
|
||||
}
|
||||
|
@ -539,8 +536,7 @@ nssCKFWSlot_GetFirmwareVersion(
|
|||
if (fwSlot->mdSlot->GetFirmwareVersion) {
|
||||
fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion(
|
||||
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwSlot->firmwareVersion.major = 0;
|
||||
fwSlot->firmwareVersion.minor = 1;
|
||||
}
|
||||
|
@ -597,8 +593,7 @@ nssCKFWSlot_GetToken(
|
|||
|
||||
fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError);
|
||||
fwSlot->fwToken = fwToken;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwToken = fwSlot->fwToken;
|
||||
}
|
||||
|
||||
|
|
|
@ -498,8 +498,7 @@ nssCKFWToken_InitToken(
|
|||
if (!pin) {
|
||||
if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) {
|
||||
; /* okay */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
error = CKR_PIN_INCORRECT;
|
||||
goto done;
|
||||
}
|
||||
|
@ -551,8 +550,7 @@ nssCKFWToken_GetLabel(
|
|||
if ((!fwToken->label) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwToken->label = (NSSUTF8 *)"";
|
||||
}
|
||||
}
|
||||
|
@ -599,8 +597,7 @@ nssCKFWToken_GetManufacturerID(
|
|||
if ((!fwToken->manufacturerID) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwToken->manufacturerID = (NSSUTF8 *)"";
|
||||
}
|
||||
}
|
||||
|
@ -647,8 +644,7 @@ nssCKFWToken_GetModel(
|
|||
if ((!fwToken->model) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwToken->model = (NSSUTF8 *)"";
|
||||
}
|
||||
}
|
||||
|
@ -695,8 +691,7 @@ nssCKFWToken_GetSerialNumber(
|
|||
if ((!fwToken->serialNumber) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwToken->serialNumber = (NSSUTF8 *)"";
|
||||
}
|
||||
}
|
||||
|
@ -1092,8 +1087,7 @@ nssCKFWToken_GetHardwareVersion(
|
|||
if (fwToken->mdToken->GetHardwareVersion) {
|
||||
fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion(
|
||||
fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwToken->hardwareVersion.major = 0;
|
||||
fwToken->hardwareVersion.minor = 1;
|
||||
}
|
||||
|
@ -1136,8 +1130,7 @@ nssCKFWToken_GetFirmwareVersion(
|
|||
if (fwToken->mdToken->GetFirmwareVersion) {
|
||||
fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion(
|
||||
fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
fwToken->firmwareVersion.major = 0;
|
||||
fwToken->firmwareVersion.minor = 1;
|
||||
}
|
||||
|
@ -1218,8 +1211,7 @@ nssCKFWToken_GetUTCTime(
|
|||
|
||||
if (D > dims[M - 1])
|
||||
goto badtime; /* per-month check */
|
||||
if ((2 == M) && (((Y % 4) || !(Y %
|
||||
100)) &&
|
||||
if ((2 == M) && (((Y % 4) || !(Y % 100)) &&
|
||||
(Y % 400)) &&
|
||||
(D > 28))
|
||||
goto badtime; /* leap years */
|
||||
|
@ -1292,8 +1284,7 @@ nssCKFWToken_OpenSession(
|
|||
*pError = CKR_TOKEN_WRITE_PROTECTED;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Read-only session desired */
|
||||
if (CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken)) {
|
||||
*pError = CKR_SESSION_READ_WRITE_SO_EXISTS;
|
||||
|
|
|
@ -365,8 +365,7 @@ NSSCKFWC_GetSlotList(
|
|||
*pulCount = nSlots;
|
||||
error = CKR_BUFFER_TOO_SMALL;
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
CK_ULONG i;
|
||||
*pulCount = nSlots;
|
||||
|
||||
|
@ -803,8 +802,7 @@ NSSCKFWC_GetMechanismList(
|
|||
|
||||
if (0 != count) {
|
||||
error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
error = CKR_OK;
|
||||
}
|
||||
|
||||
|
@ -1098,8 +1096,7 @@ NSSCKFWC_InitPIN(
|
|||
|
||||
if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) {
|
||||
arg = (NSSItem *)NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
arg = &pin;
|
||||
pin.size = (PRUint32)ulPinLen;
|
||||
pin.data = (void *)pPin;
|
||||
|
@ -1173,8 +1170,7 @@ NSSCKFWC_SetPIN(
|
|||
|
||||
if ((CK_CHAR_PTR)CK_NULL_PTR == pOldPin) {
|
||||
oldArg = (NSSItem *)NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
oldArg = &oldPin;
|
||||
oldPin.size = (PRUint32)ulOldLen;
|
||||
oldPin.data = (void *)pOldPin;
|
||||
|
@ -1182,8 +1178,7 @@ NSSCKFWC_SetPIN(
|
|||
|
||||
if ((CK_CHAR_PTR)CK_NULL_PTR == pNewPin) {
|
||||
newArg = (NSSItem *)NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
newArg = &newPin;
|
||||
newPin.size = (PRUint32)ulNewLen;
|
||||
newPin.data = (void *)pNewPin;
|
||||
|
@ -1266,15 +1261,13 @@ NSSCKFWC_OpenSession(
|
|||
|
||||
if (flags & CKF_RW_SESSION) {
|
||||
rw = CK_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rw = CK_FALSE;
|
||||
}
|
||||
|
||||
if (flags & CKF_SERIAL_SESSION) {
|
||||
;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
|
||||
goto loser;
|
||||
}
|
||||
|
@ -1699,8 +1692,7 @@ NSSCKFWC_SetOperationState(
|
|||
|
||||
if ((CK_OBJECT_HANDLE)0 == hEncryptionKey) {
|
||||
eKey = (NSSCKFWObject *)NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
|
||||
if (!eKey) {
|
||||
error = CKR_KEY_HANDLE_INVALID;
|
||||
|
@ -1710,8 +1702,7 @@ NSSCKFWC_SetOperationState(
|
|||
|
||||
if ((CK_OBJECT_HANDLE)0 == hAuthenticationKey) {
|
||||
aKey = (NSSCKFWObject *)NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
|
||||
if (!aKey) {
|
||||
error = CKR_KEY_HANDLE_INVALID;
|
||||
|
@ -1787,8 +1778,7 @@ NSSCKFWC_Login(
|
|||
|
||||
if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) {
|
||||
arg = (NSSItem *)NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
arg = &pin;
|
||||
pin.size = (PRUint32)ulPinLen;
|
||||
pin.data = (void *)pPin;
|
||||
|
@ -2277,8 +2267,7 @@ NSSCKFWC_GetAttributeValue(
|
|||
|
||||
if ((CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue) {
|
||||
pTemplate[i].ulValueLen = size;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSSItem it, *p;
|
||||
|
||||
if (pTemplate[i].ulValueLen < size) {
|
||||
|
@ -2317,12 +2306,10 @@ NSSCKFWC_GetAttributeValue(
|
|||
if (sensitive) {
|
||||
error = CKR_ATTRIBUTE_SENSITIVE;
|
||||
goto loser;
|
||||
}
|
||||
else if (invalid) {
|
||||
} else if (invalid) {
|
||||
error = CKR_ATTRIBUTE_TYPE_INVALID;
|
||||
goto loser;
|
||||
}
|
||||
else if (tooSmall) {
|
||||
} else if (tooSmall) {
|
||||
error = CKR_BUFFER_TOO_SMALL;
|
||||
goto loser;
|
||||
}
|
||||
|
|
|
@ -182,8 +182,7 @@ CMMF_POPODecKeyChallContentGetRandomNumber(CMMFPOPODecKeyChallContent *inKeyChal
|
|||
CMMFChallenge *challenge;
|
||||
|
||||
PORT_Assert(inKeyChallCont != NULL);
|
||||
if (inKeyChallCont == NULL || inIndex > 0 || inIndex >=
|
||||
inKeyChallCont->numChallenges) {
|
||||
if (inKeyChallCont == NULL || inIndex > 0 || inIndex >= inKeyChallCont->numChallenges) {
|
||||
return SECFailure;
|
||||
}
|
||||
challenge = inKeyChallCont->challenges[inIndex];
|
||||
|
|
|
@ -214,8 +214,7 @@ CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKey
|
|||
if (inDecKeyChall->numChallenges == 0) {
|
||||
rv = cmmf_create_first_challenge(inDecKeyChall, inRandom,
|
||||
genNameDER, inPubKey, passwdArg);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
curChallenge = PORT_ArenaZNew(poolp, CMMFChallenge);
|
||||
if (curChallenge == NULL) {
|
||||
rv = SECFailure;
|
||||
|
|
|
@ -107,8 +107,7 @@ CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
|
|||
&inKeyRecRep->caCerts);
|
||||
if (rv != SECSuccess) {
|
||||
PORT_ArenaRelease(inKeyRecRep->poolp, mark);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_ArenaUnmark(inKeyRecRep->poolp, mark);
|
||||
}
|
||||
return rv;
|
||||
|
|
|
@ -52,8 +52,7 @@ cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
|
|||
if (derDest == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
derDest = SECITEM_DupItem(&inCert->derCert);
|
||||
if (derDest == NULL) {
|
||||
goto loser;
|
||||
|
@ -67,8 +66,7 @@ cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
|
|||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
certOrEncCert->derValue = *derDest;
|
||||
}
|
||||
PORT_Free(derDest);
|
||||
|
@ -218,8 +216,7 @@ CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp,
|
|||
if (inCertResp->certifiedKeyPair == NULL) {
|
||||
keyPair = inCertResp->certifiedKeyPair =
|
||||
PORT_ZNew(CMMFCertifiedKeyPair);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
keyPair = inCertResp->certifiedKeyPair;
|
||||
}
|
||||
if (keyPair == NULL) {
|
||||
|
@ -266,8 +263,7 @@ CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
|
|||
|
||||
if (rv != SECSuccess) {
|
||||
PORT_ArenaRelease(poolp, mark);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_ArenaUnmark(poolp, mark);
|
||||
}
|
||||
return rv;
|
||||
|
|
|
@ -19,8 +19,7 @@ crmf_modify_control_array(CRMFCertRequest *inCertReq, int count)
|
|||
return SECFailure;
|
||||
}
|
||||
inCertReq->controls = dummy;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
inCertReq->controls = PORT_ZNewArray(CRMFControl *, 2);
|
||||
}
|
||||
return (inCertReq->controls == NULL) ? SECFailure : SECSuccess;
|
||||
|
@ -593,8 +592,7 @@ crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest)
|
|||
if (rv != SECSuccess) {
|
||||
dest = NULL;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
dest = SECITEM_ArenaDupItem(NULL, src);
|
||||
}
|
||||
return dest;
|
||||
|
@ -673,8 +671,7 @@ crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
|
|||
if (wrappingKey == NULL) {
|
||||
goto loser;
|
||||
} /* Make the length a byte length instead of bit length*/
|
||||
params = (encValue->symmAlg != NULL) ?
|
||||
crmf_decode_params(&encValue->symmAlg->parameters)
|
||||
params = (encValue->symmAlg != NULL) ? crmf_decode_params(&encValue->symmAlg->parameters)
|
||||
: NULL;
|
||||
origLen = encValue->encValue.len;
|
||||
encValue->encValue.len = CRMF_BITS_TO_BYTES(origLen);
|
||||
|
|
|
@ -43,10 +43,8 @@ crmf_copy_cert_request_validity(PLArenaPool *poolp,
|
|||
CRMFOptionalValidity *myValidity = NULL;
|
||||
SECStatus rv;
|
||||
|
||||
*destValidity = myValidity = (poolp == NULL) ?
|
||||
PORT_ZNew(CRMFOptionalValidity)
|
||||
:
|
||||
PORT_ArenaZNew(poolp, CRMFOptionalValidity);
|
||||
*destValidity = myValidity = (poolp == NULL) ? PORT_ZNew(CRMFOptionalValidity)
|
||||
: PORT_ArenaZNew(poolp, CRMFOptionalValidity);
|
||||
if (myValidity == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
|
|
|
@ -203,8 +203,7 @@ crmf_create_poposignkey(PLArenaPool *poolp,
|
|||
|
||||
if (useSignKeyInput) {
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
|
|
|
@ -351,8 +351,7 @@ crmf_template_add_extensions(PLArenaPool *poolp, CRMFCertTemplate *inTemplate,
|
|||
if (inTemplate->extensions == NULL) {
|
||||
newSize = extensions->numExtensions;
|
||||
extArray = PORT_ZNewArray(CRMFCertExtension *, newSize + 1);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
newSize = inTemplate->numExtensions + extensions->numExtensions;
|
||||
extArray = PORT_Realloc(inTemplate->extensions,
|
||||
sizeof(CRMFCertExtension *) * (newSize + 1));
|
||||
|
@ -459,8 +458,7 @@ CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
|
|||
}
|
||||
if (rv != SECSuccess) {
|
||||
PORT_ArenaRelease(poolp, mark);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_ArenaUnmark(poolp, mark);
|
||||
}
|
||||
return rv;
|
||||
|
@ -551,10 +549,8 @@ crmf_create_cert_extension(PLArenaPool *poolp,
|
|||
}
|
||||
|
||||
if (isCritical) {
|
||||
newExt->critical.data = (poolp == NULL) ?
|
||||
PORT_New(unsigned char)
|
||||
:
|
||||
PORT_ArenaNew(poolp, unsigned char);
|
||||
newExt->critical.data = (poolp == NULL) ? PORT_New(unsigned char)
|
||||
: PORT_ArenaNew(poolp, unsigned char);
|
||||
if (newExt->critical.data == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
|
|
|
@ -218,8 +218,7 @@ cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src)
|
|||
|
||||
if (src->data != NULL) {
|
||||
rv = SECITEM_CopyItem(poolp, dest, src);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
dest->data = NULL;
|
||||
dest->len = 0;
|
||||
rv = SECSuccess;
|
||||
|
|
|
@ -356,10 +356,8 @@ crmf_copy_poposigningkey(PLArenaPool *poolp,
|
|||
rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
|
||||
&inPopoSignKey->derInput);
|
||||
}
|
||||
destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
|
||||
PORT_ZNew(SECAlgorithmID)
|
||||
:
|
||||
PORT_ArenaZNew(poolp, SECAlgorithmID);
|
||||
destPopoSignKey->algorithmIdentifier = (poolp == NULL) ? PORT_ZNew(SECAlgorithmID)
|
||||
: PORT_ArenaZNew(poolp, SECAlgorithmID);
|
||||
|
||||
if (destPopoSignKey->algorithmIdentifier == NULL) {
|
||||
goto loser;
|
||||
|
@ -634,8 +632,7 @@ crmf_copy_name(CERTName *destName, CERTName *srcName)
|
|||
|
||||
if (destName->arena != NULL) {
|
||||
poolp = destName->arena;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
|
||||
}
|
||||
if (poolp == NULL) {
|
||||
|
|
|
@ -348,8 +348,7 @@ seckey_UpdateCertPQGChain(CERTCertificate *subjectCert, int count)
|
|||
|
||||
return SECSuccess;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return SECFailure; /* return failure if oid is NULL */
|
||||
}
|
||||
|
||||
|
@ -393,8 +392,7 @@ seckey_UpdateCertPQGChain(CERTCertificate *subjectCert, int count)
|
|||
rv = SECFailure;
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECFailure; /* return failure if oid is NULL */
|
||||
goto loser;
|
||||
}
|
||||
|
@ -481,8 +479,7 @@ seckey_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk,
|
|||
SECKEY_PQGParamsTemplate,
|
||||
&newparams);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
|
||||
if (SECSuccess == rv) {
|
||||
/* else the old fortezza-only wrapped format is used. */
|
||||
|
@ -1080,16 +1077,14 @@ SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privk)
|
|||
PK11_CopyKey(privk->pkcs11Slot, privk->pkcs11ID);
|
||||
if (copyk->pkcs11ID == CK_INVALID_HANDLE)
|
||||
goto fail;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
copyk->pkcs11ID = privk->pkcs11ID;
|
||||
}
|
||||
copyk->pkcs11IsTemp = privk->pkcs11IsTemp;
|
||||
copyk->wincx = privk->wincx;
|
||||
copyk->staticflags = privk->staticflags;
|
||||
return copyk;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
}
|
||||
|
||||
|
@ -1124,8 +1119,7 @@ SECKEY_CopyPublicKey(const SECKEYPublicKey *pubk)
|
|||
PK11_IsPermObject(pubk->pkcs11Slot, pubk->pkcs11ID)) {
|
||||
copyk->pkcs11Slot = PK11_ReferenceSlot(pubk->pkcs11Slot);
|
||||
copyk->pkcs11ID = pubk->pkcs11ID;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
copyk->pkcs11Slot = NULL; /* go get own reference */
|
||||
copyk->pkcs11ID = CK_INVALID_HANDLE;
|
||||
}
|
||||
|
@ -1358,8 +1352,7 @@ seckey_CreateSubjectPublicKeyInfo_helper(SECKEYPublicKey *pubk)
|
|||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
}
|
||||
|
||||
|
@ -1445,8 +1438,7 @@ SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider)
|
|||
}
|
||||
if (rv == SECSuccess)
|
||||
return spki;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
}
|
||||
|
||||
|
@ -1593,12 +1585,10 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk,
|
|||
PORT_Memset(pvk, 0, sizeof(*pvk));
|
||||
if (freeit == PR_TRUE) {
|
||||
PORT_FreeArena(poolp, PR_TRUE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
pvk->arena = poolp;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SECITEM_ZfreeItem(&pvk->version, PR_FALSE);
|
||||
SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE);
|
||||
SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE);
|
||||
|
@ -1626,12 +1616,10 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
|
|||
PORT_Memset(epki, 0, sizeof(*epki));
|
||||
if (freeit == PR_TRUE) {
|
||||
PORT_FreeArena(poolp, PR_TRUE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
epki->arena = poolp;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE);
|
||||
SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE);
|
||||
PORT_Memset(epki, 0, sizeof(*epki));
|
||||
|
@ -1912,8 +1900,7 @@ loser:
|
|||
#define SECKEY_CacheAttribute(key, attribute) \
|
||||
if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)) { \
|
||||
key->staticflags |= SECKEY_##attribute; \
|
||||
} \
|
||||
else { \
|
||||
} else { \
|
||||
key->staticflags &= (~SECKEY_##attribute); \
|
||||
}
|
||||
|
||||
|
|
|
@ -177,8 +177,7 @@ SGN_End(SGNContext *cx, SECItem *result)
|
|||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
digder.data = digest;
|
||||
digder.len = part1;
|
||||
}
|
||||
|
@ -215,8 +214,7 @@ SGN_End(SGNContext *cx, SECItem *result)
|
|||
PORT_Free(sigitem.data);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
result->len = sigitem.len;
|
||||
result->data = sigitem.data;
|
||||
}
|
||||
|
@ -396,8 +394,7 @@ SGN_Digest(SECKEYPrivateKey *privKey,
|
|||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
digder.data = digest->data;
|
||||
digder.len = digest->len;
|
||||
}
|
||||
|
|
|
@ -105,8 +105,7 @@ recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
|
|||
if (rv == SECSuccess) {
|
||||
*digestInfoLen = it.len;
|
||||
*digestInfo = (unsigned char *)it.data;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (it.data) {
|
||||
PORT_Free(it.data);
|
||||
}
|
||||
|
@ -195,8 +194,7 @@ decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig,
|
|||
|
||||
if ((dsasig == NULL) || (dsasig->len != len)) {
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Memcpy(dsig, dsasig->data, dsasig->len);
|
||||
}
|
||||
|
||||
|
@ -296,17 +294,13 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
|
|||
len = SECKEY_PublicKeyStrength(key);
|
||||
if (len < 28) { /* 28 bytes == 224 bits */
|
||||
*hashalg = SEC_OID_SHA1;
|
||||
}
|
||||
else if (len < 32) { /* 32 bytes == 256 bits */
|
||||
} else if (len < 32) { /* 32 bytes == 256 bits */
|
||||
*hashalg = SEC_OID_SHA224;
|
||||
}
|
||||
else if (len < 48) { /* 48 bytes == 384 bits */
|
||||
} else if (len < 48) { /* 48 bytes == 384 bits */
|
||||
*hashalg = SEC_OID_SHA256;
|
||||
}
|
||||
else if (len < 64) { /* 48 bytes == 512 bits */
|
||||
} else if (len < 64) { /* 48 bytes == 512 bits */
|
||||
*hashalg = SEC_OID_SHA384;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* use the largest in this case */
|
||||
*hashalg = SEC_OID_SHA512;
|
||||
}
|
||||
|
@ -667,8 +661,7 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
|
|||
if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
|
||||
SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
break;
|
||||
|
|
|
@ -163,9 +163,8 @@ typedef struct htab { /* Memory resident data structure */
|
|||
#define ALL_CLEAR 0
|
||||
|
||||
#define PTROF(X) ((ptrdiff_t)(X) == BUF_DISK ? 0 : (X))
|
||||
#define ISDISK(X) ((X) ? ((ptrdiff_t)(X) == BUF_DISK ? BUF_DISK \
|
||||
: \
|
||||
(X)->is_disk) \
|
||||
#define ISDISK(X) ((X) ? ((ptrdiff_t)(X) == BUF_DISK ? BUF_DISK \
|
||||
: (X)->is_disk) \
|
||||
: 0)
|
||||
|
||||
#define BITS_PER_MAP 32
|
||||
|
|
|
@ -81,8 +81,7 @@ getFSType(const char *path)
|
|||
if (isalpha(path[0]) && path[1] == ':') {
|
||||
unit = toupper(path[0]) - '@';
|
||||
path += 2;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ULONG driveMap;
|
||||
#if OS2 >= 2
|
||||
if (DosQueryCurrentDisk(&unit, &driveMap))
|
||||
|
@ -109,8 +108,7 @@ getFSType(const char *path)
|
|||
if (infolen >= sizeof(FSQBUFFER2)) {
|
||||
FSQBUFFER2 *p = (FSQBUFFER2 *)info;
|
||||
r = p->szFSDName[p->cbName];
|
||||
}
|
||||
else
|
||||
} else
|
||||
#else
|
||||
if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0))
|
||||
return 0;
|
||||
|
@ -118,8 +116,7 @@ getFSType(const char *path)
|
|||
char *p = info + sizeof(USHORT);
|
||||
p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT);
|
||||
r = *p;
|
||||
}
|
||||
else
|
||||
} else
|
||||
#endif
|
||||
r = 0;
|
||||
return cache[unit] = r;
|
||||
|
|
|
@ -61,7 +61,7 @@ struct dirent {
|
|||
#else
|
||||
char d_name[MAXNAMLEN + 1]; /* garentee null termination */
|
||||
char d_attribute; /* .. extension .. */
|
||||
unsigned long d_size; /* .. extension .. */
|
||||
unsigned long d_size; /* .. extension .. */
|
||||
#endif
|
||||
};
|
||||
|
||||
|
|
|
@ -129,8 +129,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
|
|||
p[n - 2] = FULL_KEY_DATA;
|
||||
FREESPACE(p) = FREESPACE(p) - move_bytes;
|
||||
OFFSET(p) = off;
|
||||
}
|
||||
else
|
||||
} else
|
||||
p[n - 2] = FULL_KEY;
|
||||
}
|
||||
p = (uint16 *)bufp->page;
|
||||
|
@ -164,8 +163,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
|
|||
return (-1);
|
||||
cp = bufp->page;
|
||||
p = (uint16 *)cp;
|
||||
}
|
||||
else
|
||||
} else
|
||||
p[n] = FULL_KEY_DATA;
|
||||
bufp->flags |= BUF_MOD;
|
||||
}
|
||||
|
@ -236,8 +234,7 @@ __big_delete(HTAB *hashp, BUFHEAD *bufp)
|
|||
bp[1] = pageno;
|
||||
bp[2] = OVFLPAGE;
|
||||
bufp->ovfl = rbufp->ovfl;
|
||||
}
|
||||
else
|
||||
} else
|
||||
/* This is the last page. */
|
||||
bufp->ovfl = NULL;
|
||||
n -= 2;
|
||||
|
@ -295,8 +292,7 @@ __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size)
|
|||
++hash_collisions;
|
||||
#endif
|
||||
return (-2);
|
||||
}
|
||||
else
|
||||
} else
|
||||
return (ndx);
|
||||
}
|
||||
|
||||
|
@ -384,8 +380,7 @@ __big_return(
|
|||
save_addr = save_p->addr;
|
||||
off = bp[1];
|
||||
len = 0;
|
||||
}
|
||||
else if (!FREESPACE(bp)) {
|
||||
} else if (!FREESPACE(bp)) {
|
||||
/*
|
||||
* This is a hack. We can't distinguish between
|
||||
* FULL_KEY_DATA that contains complete data or
|
||||
|
@ -401,8 +396,7 @@ __big_return(
|
|||
if (!bufp)
|
||||
return (-1);
|
||||
bp = (uint16 *)bufp->page;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* The data is all on one page. */
|
||||
tp = (char *)bp;
|
||||
off = bp[bp[0]];
|
||||
|
@ -414,8 +408,7 @@ __big_return(
|
|||
hashp->cpage = NULL;
|
||||
hashp->cbucket++;
|
||||
hashp->cndx = 1;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
hashp->cpage = __get_buf(hashp,
|
||||
bp[bp[0] - 1], bufp, 0);
|
||||
if (!hashp->cpage)
|
||||
|
@ -528,8 +521,7 @@ collect_data(
|
|||
if (bp[0] == 2) { /* No more buckets in chain */
|
||||
hashp->cpage = NULL;
|
||||
hashp->cbucket++;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
|
||||
if (!hashp->cpage)
|
||||
return (-1);
|
||||
|
@ -589,8 +581,7 @@ collect_key(
|
|||
return (-1);
|
||||
if (__big_return(hashp, bufp, 1, val, set))
|
||||
return (-1);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
xbp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
|
||||
if (!xbp || ((totlen =
|
||||
collect_key(hashp, xbp, totlen, val, set)) < 1))
|
||||
|
@ -639,8 +630,7 @@ __big_split(
|
|||
__get_buf(hashp, ret->next_addr, big_keyp, 0)))
|
||||
return (-1);
|
||||
;
|
||||
}
|
||||
else
|
||||
} else
|
||||
ret->nextp = NULL;
|
||||
|
||||
/* Now make one of np/op point to the big key/data pair */
|
||||
|
@ -706,8 +696,7 @@ __big_split(
|
|||
if (!tmpp)
|
||||
return (-1);
|
||||
tp[4] = n;
|
||||
}
|
||||
else
|
||||
} else
|
||||
tmpp = big_keyp;
|
||||
|
||||
if (change)
|
||||
|
|
|
@ -256,8 +256,7 @@ __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx)
|
|||
if (bp[i + 1] == OVFLPAGE) {
|
||||
bp[i - 2] = bp[i];
|
||||
bp[i - 1] = bp[i + 1];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
bp[i - 2] = bp[i] + pairlen;
|
||||
bp[i - 1] = bp[i + 1] + pairlen;
|
||||
}
|
||||
|
@ -341,12 +340,10 @@ __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket)
|
|||
off - ino[n + 1]);
|
||||
ino[ndx] = copyto + ino[n] - ino[n + 1];
|
||||
ino[ndx + 1] = copyto;
|
||||
}
|
||||
else
|
||||
} else
|
||||
copyto = ino[n + 1];
|
||||
ndx += 2;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Switch page */
|
||||
val.data = (uint8 *)op + ino[n + 1];
|
||||
val.size = ino[n] - ino[n + 1];
|
||||
|
@ -460,8 +457,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
|
|||
cino = (char *)bufp->page;
|
||||
ino = (uint16 *)cino;
|
||||
last_bfp = ret.nextp;
|
||||
}
|
||||
else if (ino[n + 1] == OVFLPAGE) {
|
||||
} else if (ino[n + 1] == OVFLPAGE) {
|
||||
ov_addr = ino[n];
|
||||
/*
|
||||
* Fix up the old page -- the extra 2 are the fields
|
||||
|
@ -508,8 +504,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
|
|||
putpair((char *)op, &key, &val);
|
||||
}
|
||||
old_bufp->flags |= BUF_MOD;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Move to new page */
|
||||
if (PAIRFITS(np, (&key), (&val)))
|
||||
putpair((char *)np, &key, &val);
|
||||
|
@ -560,8 +555,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
|
|||
return (-1);
|
||||
}
|
||||
bp = (uint16 *)bufp->page;
|
||||
}
|
||||
else
|
||||
} else
|
||||
/* Try to squeeze key on this page */
|
||||
if (FREESPACE(bp) > PAIRSIZE(key, val)) {
|
||||
{
|
||||
|
@ -575,8 +569,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
|
|||
hashp->NKEYS++;
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
|
||||
if (!bufp) {
|
||||
#ifdef DEBUG
|
||||
|
@ -716,8 +709,7 @@ __get_page(HTAB *hashp,
|
|||
|
||||
if (!is_bitmap && !bp[0]) {
|
||||
PAGE_INIT(p);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
|
||||
if (hashp->LORDER != BYTE_ORDER) {
|
||||
register int i, max;
|
||||
|
@ -726,8 +718,7 @@ __get_page(HTAB *hashp,
|
|||
max = hashp->BSIZE >> 2; /* divide by 4 */
|
||||
for (i = 0; i < max; i++)
|
||||
M_32_SWAP(((int *)p)[i]);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
M_16_SWAP(bp[0]);
|
||||
max = bp[0] + 2;
|
||||
|
||||
|
@ -779,8 +770,7 @@ __get_page(HTAB *hashp,
|
|||
return (DATABASE_CORRUPTED_ERROR);
|
||||
|
||||
offset = bp[i + 1];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* there are no other valid keys after
|
||||
* seeing a non REAL_KEY
|
||||
*/
|
||||
|
@ -820,8 +810,7 @@ __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap)
|
|||
max = hashp->BSIZE >> 2; /* divide by 4 */
|
||||
for (i = 0; i < max; i++)
|
||||
M_32_SWAP(((int *)p)[i]);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
max = ((uint16 *)p)[0] + 2;
|
||||
|
||||
/* bound the size of max by
|
||||
|
@ -865,8 +854,7 @@ __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap)
|
|||
max = hashp->BSIZE >> 2; /* divide by 4 */
|
||||
for (i = 0; i < max; i++)
|
||||
M_32_SWAP(((int *)p)[i]);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
uint16 *bp = (uint16 *)p;
|
||||
|
||||
M_16_SWAP(bp[0]);
|
||||
|
@ -959,8 +947,7 @@ overflow_page(HTAB *hashp)
|
|||
((hashp->BSIZE << BYTE_SHIFT) - 1);
|
||||
j = bit / BITS_PER_MAP;
|
||||
bit = bit & ~(BITS_PER_MAP - 1);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
bit = 0;
|
||||
j = 0;
|
||||
}
|
||||
|
@ -1029,8 +1016,7 @@ overflow_page(HTAB *hashp)
|
|||
hashp->SPARES[splitnum - 1]--;
|
||||
offset = 0;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
* Free_bit addresses the last used bit. Bump it to address
|
||||
* the first available bit.
|
||||
|
|
|
@ -173,8 +173,7 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl
|
|||
if (errno == ENOENT)
|
||||
errno = 0; /* Just in case someone looks at errno */
|
||||
new_table = 1;
|
||||
}
|
||||
else if (statbuf.st_mtime && statbuf.st_size == 0) {
|
||||
} else if (statbuf.st_mtime && statbuf.st_size == 0) {
|
||||
/* check for a zero length file and delete it
|
||||
* if it exists
|
||||
*/
|
||||
|
@ -195,8 +194,7 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl
|
|||
if (new_table) {
|
||||
if (!init_hash(hashp, file, (HASHINFO *)info))
|
||||
RETURN_ERROR(errno, error1);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Table already exists */
|
||||
if (info && info->hash)
|
||||
hashp->hash = info->hash;
|
||||
|
@ -706,10 +704,8 @@ hash_put(
|
|||
return (DBM_ERROR);
|
||||
}
|
||||
|
||||
rv = hash_access(hashp, flag == R_NOOVERWRITE ?
|
||||
HASH_PUTNEW
|
||||
:
|
||||
HASH_PUT,
|
||||
rv = hash_access(hashp, flag == R_NOOVERWRITE ? HASH_PUTNEW
|
||||
: HASH_PUT,
|
||||
(DBT *)key, (DBT *)data);
|
||||
|
||||
if (rv == DATABASE_CORRUPTED_ERROR) {
|
||||
|
@ -802,8 +798,7 @@ hash_access(
|
|||
#endif
|
||||
bp += 2;
|
||||
ndx += 2;
|
||||
}
|
||||
else if (bp[1] == OVFLPAGE) {
|
||||
} else if (bp[1] == OVFLPAGE) {
|
||||
|
||||
/* database corruption: overflow loop detection */
|
||||
if (last_overflow_page_no == (int32)*bp)
|
||||
|
@ -826,8 +821,7 @@ hash_access(
|
|||
n = *bp++;
|
||||
ndx = 1;
|
||||
off = hashp->BSIZE;
|
||||
}
|
||||
else if (bp[1] < REAL_KEY) {
|
||||
} else if (bp[1] < REAL_KEY) {
|
||||
if ((ndx =
|
||||
__find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0)
|
||||
goto found;
|
||||
|
@ -849,8 +843,7 @@ hash_access(
|
|||
n = *bp++;
|
||||
ndx = 1;
|
||||
off = hashp->BSIZE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
save_bufp->flags &= ~BUF_PIN;
|
||||
return (DBM_ERROR);
|
||||
}
|
||||
|
@ -864,8 +857,7 @@ hash_access(
|
|||
if (__addel(hashp, rbufp, key, val)) {
|
||||
save_bufp->flags &= ~BUF_PIN;
|
||||
return (DBM_ERROR);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
save_bufp->flags &= ~BUF_PIN;
|
||||
return (SUCCESS);
|
||||
}
|
||||
|
@ -886,8 +878,7 @@ found:
|
|||
if (bp[ndx + 1] < REAL_KEY) {
|
||||
if (__big_return(hashp, rbufp, ndx, val, 0))
|
||||
return (DBM_ERROR);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
val->data = (uint8 *)rbufp->page + (int)bp[ndx + 1];
|
||||
val->size = bp[ndx] - bp[ndx + 1];
|
||||
}
|
||||
|
@ -956,8 +947,7 @@ hash_seq(
|
|||
hashp->cbucket = -1;
|
||||
return (ABNORMAL);
|
||||
}
|
||||
}
|
||||
else
|
||||
} else
|
||||
bp = (uint16 *)hashp->cpage->page;
|
||||
|
||||
#ifdef DEBUG
|
||||
|
@ -981,8 +971,7 @@ hash_seq(
|
|||
if (bp[ndx + 1] < REAL_KEY) {
|
||||
if (__big_keydata(hashp, bufp, key, data, 1))
|
||||
return (DBM_ERROR);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
key->data = (uint8 *)hashp->cpage->page + bp[ndx];
|
||||
key->size = (ndx > 1 ? bp[ndx - 1] : hashp->BSIZE) - bp[ndx];
|
||||
data->data = (uint8 *)hashp->cpage->page + bp[ndx + 1];
|
||||
|
@ -992,8 +981,7 @@ hash_seq(
|
|||
hashp->cpage = NULL;
|
||||
hashp->cbucket++;
|
||||
hashp->cndx = 1;
|
||||
}
|
||||
else
|
||||
} else
|
||||
hashp->cndx = ndx;
|
||||
}
|
||||
return (SUCCESS);
|
||||
|
|
|
@ -120,8 +120,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage)
|
|||
bp = NULL;
|
||||
if (!newpage)
|
||||
is_disk = BUF_DISK;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Grab buffer out of directory */
|
||||
segment_ndx = addr & (hashp->SGSIZE - 1);
|
||||
|
||||
|
@ -173,8 +172,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage)
|
|||
segp[segment_ndx] = bp;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
BUF_REMOVE(bp);
|
||||
MRU_INSERT(bp);
|
||||
}
|
||||
|
@ -225,8 +223,7 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp)
|
|||
|
||||
if (hashp->nbufs)
|
||||
hashp->nbufs--;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Kick someone out */
|
||||
BUF_REMOVE(bp);
|
||||
/*
|
||||
|
@ -331,8 +328,7 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp)
|
|||
#endif
|
||||
prev_bp->ovfl = bp;
|
||||
bp->flags = 0;
|
||||
}
|
||||
else
|
||||
} else
|
||||
bp->flags = BUF_BUCKET;
|
||||
MRU_INSERT(bp);
|
||||
return (bp);
|
||||
|
@ -394,8 +390,7 @@ __buf_free(HTAB *hashp, int do_free, int to_disk)
|
|||
BUF_REMOVE(bp);
|
||||
free(bp);
|
||||
bp = LRU;
|
||||
}
|
||||
else
|
||||
} else
|
||||
bp = bp->prev;
|
||||
}
|
||||
return (0);
|
||||
|
|
|
@ -111,8 +111,7 @@ register size_t length;
|
|||
TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize);
|
||||
t = length & wmask;
|
||||
TLOOP(*dst++ = *src++);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
* Copy backwards. Otherwise essentially the same.
|
||||
* Alignment works as before, except that it takes
|
||||
|
|
|
@ -127,8 +127,7 @@ _gettemp(char *path, register int *doopen, int extraFlags)
|
|||
return (1);
|
||||
if (errno != EEXIST)
|
||||
return (0);
|
||||
}
|
||||
else if (stat(path, &sbuf))
|
||||
} else if (stat(path, &sbuf))
|
||||
return (errno == ENOENT ? 1 : 0);
|
||||
|
||||
/* tricky little algorithm for backward compatibility */
|
||||
|
|
|
@ -249,19 +249,16 @@ VerifyRange(int32 low, int32 high, int32 should_exist, key_type_enum key_type)
|
|||
/* got the item */
|
||||
if (!should_exist) {
|
||||
ReportError("Item exists but shouldn't: %ld", num);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* else verify the data */
|
||||
VerifyData(&data, num, key_type);
|
||||
}
|
||||
}
|
||||
else if (status > 0) {
|
||||
} else if (status > 0) {
|
||||
/* item not found */
|
||||
if (should_exist) {
|
||||
ReportError("Item not found but should be: %ld", num);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* database error */
|
||||
ReportError("Database error");
|
||||
return (-1);
|
||||
|
@ -285,8 +282,7 @@ GenData(int32 num)
|
|||
data = (DBT *)malloc(sizeof(DBT));
|
||||
data->size = 0;
|
||||
data->data = 0;
|
||||
}
|
||||
else if (data->data) {
|
||||
} else if (data->data) {
|
||||
free(data->data);
|
||||
}
|
||||
|
||||
|
@ -328,8 +324,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type)
|
|||
if (action == ADD_RANGE) {
|
||||
TraceMe(1, ("Adding: %ld to %ld: %s keys", low, high,
|
||||
key_type == USE_SMALL_KEY ? "SMALL" : "LARGE"));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
TraceMe(1, ("Deleting: %ld to %ld: %s keys", low, high,
|
||||
key_type == USE_SMALL_KEY ? "SMALL" : "LARGE"));
|
||||
}
|
||||
|
@ -341,8 +336,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type)
|
|||
if (action == ADD_RANGE) {
|
||||
data = GenData(num);
|
||||
status = (*database->put)(database, key, data, 0);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
status = (*database->del)(database, key, 0);
|
||||
}
|
||||
|
||||
|
@ -350,13 +344,11 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type)
|
|||
ReportError("Database error %s item: %ld",
|
||||
action == ADD_RANGE ? "ADDING" : "DELETING",
|
||||
num);
|
||||
}
|
||||
else if (status > 0) {
|
||||
} else if (status > 0) {
|
||||
ReportError("Could not %s item: %ld",
|
||||
action == ADD_RANGE ? "ADD" : "DELETE",
|
||||
num);
|
||||
}
|
||||
else if (action == ADD_RANGE) {
|
||||
} else if (action == ADD_RANGE) {
|
||||
#define SYNC_EVERY_TIME
|
||||
#ifdef SYNC_EVERY_TIME
|
||||
status = (*database->sync)(database, 0);
|
||||
|
@ -388,8 +380,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type)
|
|||
|
||||
if (action == ADD_RANGE) {
|
||||
TraceMe(1, ("Successfully added: %ld to %ld", low, high));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
TraceMe(1, ("Successfully deleted: %ld to %ld", low, high));
|
||||
}
|
||||
|
||||
|
@ -524,8 +515,7 @@ main(int argc, char **argv)
|
|||
if (1 || j) {
|
||||
TestRange(START_RANGE, i, USE_LARGE_KEY);
|
||||
j = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
TestRange(START_RANGE, i, USE_SMALL_KEY);
|
||||
j = 1;
|
||||
}
|
||||
|
@ -545,8 +535,7 @@ main(int argc, char **argv)
|
|||
#endif
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* reopen database without closeing the other */
|
||||
database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, 0);
|
||||
if (!database) {
|
||||
|
|
|
@ -145,8 +145,7 @@ loser:
|
|||
if (arenaOpt) {
|
||||
/* release all arena memory allocated before the failure. */
|
||||
(void)nssArena_Release(arenaOpt, mark);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
CK_ULONG j;
|
||||
/* free each heap object that was allocated before the failure. */
|
||||
for (j = 0; j < i; j++) {
|
||||
|
@ -222,8 +221,7 @@ nssCKObject_SetAttributes(
|
|||
nssSession_ExitMonitor(session);
|
||||
if (ckrv == CKR_OK) {
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
}
|
||||
|
@ -311,10 +309,8 @@ nssCryptokiCertificate_GetAttributes(
|
|||
cert_template, template_size);
|
||||
if (status != PR_SUCCESS) {
|
||||
|
||||
session = sessionOpt ?
|
||||
sessionOpt
|
||||
:
|
||||
nssToken_GetDefaultSession(certObject->token);
|
||||
session = sessionOpt ? sessionOpt
|
||||
: nssToken_GetDefaultSession(certObject->token);
|
||||
if (!session) {
|
||||
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
|
||||
return PR_FAILURE;
|
||||
|
@ -429,10 +425,8 @@ nssCryptokiTrust_GetAttributes(
|
|||
CKO_NSS_TRUST,
|
||||
trust_template, trust_size);
|
||||
if (status != PR_SUCCESS) {
|
||||
session = sessionOpt ?
|
||||
sessionOpt
|
||||
:
|
||||
nssToken_GetDefaultSession(trustObject->token);
|
||||
session = sessionOpt ? sessionOpt
|
||||
: nssToken_GetDefaultSession(trustObject->token);
|
||||
if (!session) {
|
||||
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
|
||||
return PR_FAILURE;
|
||||
|
@ -503,10 +497,8 @@ nssCryptokiCRL_GetAttributes(
|
|||
CKO_NSS_CRL,
|
||||
crl_template, crl_size);
|
||||
if (status != PR_SUCCESS) {
|
||||
session = sessionOpt ?
|
||||
sessionOpt
|
||||
:
|
||||
nssToken_GetDefaultSession(crlObject->token);
|
||||
session = sessionOpt ? sessionOpt
|
||||
: nssToken_GetDefaultSession(crlObject->token);
|
||||
if (session == NULL) {
|
||||
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
|
||||
return PR_FAILURE;
|
||||
|
@ -575,11 +567,9 @@ nssCryptokiPrivateKey_SetCertificate(
|
|||
return PR_FAILURE;
|
||||
}
|
||||
session = sessionOpt;
|
||||
}
|
||||
else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
|
||||
} else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
|
||||
session = defaultSession;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSSSlot *slot = nssToken_GetSlot(token);
|
||||
session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
|
||||
nssSlot_Destroy(slot);
|
||||
|
|
|
@ -68,8 +68,7 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
|
|||
if ((CK_LONG)(attrib)->ulValueLen > 0) { \
|
||||
(item)->data = (void *)(attrib)->pValue; \
|
||||
(item)->size = (PRUint32)(attrib)->ulValueLen; \
|
||||
} \
|
||||
else { \
|
||||
} else { \
|
||||
(item)->data = 0; \
|
||||
(item)->size = 0; \
|
||||
}
|
||||
|
@ -78,8 +77,7 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
|
|||
if ((attrib)->ulValueLen > 0) { \
|
||||
if (*((CK_BBOOL *)(attrib)->pValue) == CK_TRUE) { \
|
||||
boolvar = PR_TRUE; \
|
||||
} \
|
||||
else { \
|
||||
} else { \
|
||||
boolvar = PR_FALSE; \
|
||||
} \
|
||||
}
|
||||
|
|
|
@ -135,8 +135,7 @@ nssToken_DeleteStoredObject(
|
|||
if (token->defaultSession &&
|
||||
nssSession_IsReadWrite(token->defaultSession)) {
|
||||
session = token->defaultSession;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
|
||||
createdSession = PR_TRUE;
|
||||
}
|
||||
|
@ -180,17 +179,14 @@ import_object(
|
|||
return NULL;
|
||||
}
|
||||
session = sessionOpt;
|
||||
}
|
||||
else if (tok->defaultSession &&
|
||||
nssSession_IsReadWrite(tok->defaultSession)) {
|
||||
} else if (tok->defaultSession &&
|
||||
nssSession_IsReadWrite(tok->defaultSession)) {
|
||||
session = tok->defaultSession;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
|
||||
createdSession = PR_TRUE;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
}
|
||||
if (session == NULL) {
|
||||
|
@ -204,8 +200,7 @@ import_object(
|
|||
nssSession_ExitMonitor(session);
|
||||
if (ckrv == CKR_OK) {
|
||||
object = nssCryptokiObject_Create(tok, session, handle);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nss_SetError(ckrv);
|
||||
nss_SetError(NSS_ERROR_PKCS11);
|
||||
}
|
||||
|
@ -268,15 +263,13 @@ find_objects(
|
|||
/* the arena is only for the array of object handles */
|
||||
if (maximumOpt > 0) {
|
||||
arraySize = maximumOpt;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
arraySize = OBJECT_STACK_SIZE;
|
||||
}
|
||||
numHandles = 0;
|
||||
if (arraySize <= OBJECT_STACK_SIZE) {
|
||||
objectHandles = staticObjects;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
|
||||
}
|
||||
if (!objectHandles) {
|
||||
|
@ -318,8 +311,7 @@ find_objects(
|
|||
PORT_Memcpy(objectHandles, staticObjects,
|
||||
OBJECT_STACK_SIZE * sizeof(objectHandles[1]));
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
objectHandles = nss_ZREALLOCARRAY(objectHandles,
|
||||
CK_OBJECT_HANDLE,
|
||||
arraySize);
|
||||
|
@ -338,8 +330,7 @@ find_objects(
|
|||
if (numHandles > 0) {
|
||||
objects = create_objects_from_handles(tok, session,
|
||||
objectHandles, numHandles);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nss_SetError(NSS_ERROR_NOT_FOUND);
|
||||
objects = NULL;
|
||||
}
|
||||
|
@ -368,8 +359,7 @@ loser:
|
|||
nss_SetError(NSS_ERROR_NOT_FOUND);
|
||||
if (statusOpt)
|
||||
*statusOpt = PR_SUCCESS;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nss_SetError(ckrv);
|
||||
nss_SetError(NSS_ERROR_PKCS11);
|
||||
if (statusOpt)
|
||||
|
@ -463,16 +453,14 @@ nssToken_ImportCertificate(
|
|||
}
|
||||
if (certType == NSSCertificateType_PKIX) {
|
||||
cert_type = CKC_X_509;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return (nssCryptokiObject *)NULL;
|
||||
}
|
||||
NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
|
||||
if (asTokenObject) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
searchType = nssTokenSearchType_TokenOnly;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
searchType = nssTokenSearchType_SessionOnly;
|
||||
}
|
||||
|
@ -546,8 +534,7 @@ nssToken_ImportCertificate(
|
|||
}
|
||||
nssSession_Destroy(session);
|
||||
nssSlot_Destroy(slot);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Import the certificate onto the token */
|
||||
rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize);
|
||||
}
|
||||
|
@ -582,9 +569,8 @@ nssToken_FindObjects(
|
|||
/* Set the search to token/session only if provided */
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if (searchType == nssTokenSearchType_TokenOnly ||
|
||||
searchType == nssTokenSearchType_TokenForced) {
|
||||
} else if (searchType == nssTokenSearchType_TokenOnly ||
|
||||
searchType == nssTokenSearchType_TokenForced) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, objclass);
|
||||
|
@ -594,8 +580,7 @@ nssToken_FindObjects(
|
|||
objects = find_objects(token, sessionOpt,
|
||||
obj_template, obj_size,
|
||||
maximumOpt, statusOpt);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
objects = find_objects_by_template(token, sessionOpt,
|
||||
obj_template, obj_size,
|
||||
maximumOpt, statusOpt);
|
||||
|
@ -620,8 +605,7 @@ nssToken_FindCertificatesBySubject(
|
|||
/* Set the search to token/session only if provided */
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
} else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
|
||||
|
@ -652,8 +636,7 @@ nssToken_FindCertificatesByNickname(
|
|||
/* Set the search to token/session only if provided */
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
} else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
|
||||
|
@ -701,8 +684,7 @@ nssToken_FindCertificatesByEmail(
|
|||
/* Set the search to token/session only if provided */
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
} else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
|
||||
|
@ -744,8 +726,7 @@ nssToken_FindCertificatesByID(
|
|||
/* Set the search to token/session only if provided */
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
} else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
|
||||
|
@ -825,9 +806,8 @@ nssToken_FindCertificateByIssuerAndSerialNumber(
|
|||
/* Set the search to token/session only if provided */
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if ((searchType == nssTokenSearchType_TokenOnly) ||
|
||||
(searchType == nssTokenSearchType_TokenForced)) {
|
||||
} else if ((searchType == nssTokenSearchType_TokenOnly) ||
|
||||
(searchType == nssTokenSearchType_TokenForced)) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
/* Set the unique id */
|
||||
|
@ -841,8 +821,7 @@ nssToken_FindCertificateByIssuerAndSerialNumber(
|
|||
objects = find_objects(token, sessionOpt,
|
||||
cert_template, ctsize,
|
||||
1, statusOpt);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
objects = find_objects_by_template(token, sessionOpt,
|
||||
cert_template, ctsize,
|
||||
1, statusOpt);
|
||||
|
@ -869,8 +848,7 @@ nssToken_FindCertificateByIssuerAndSerialNumber(
|
|||
objects = find_objects(token, sessionOpt,
|
||||
cert_template, ctsize,
|
||||
1, statusOpt);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
objects = find_objects_by_template(token, sessionOpt,
|
||||
cert_template, ctsize,
|
||||
1, statusOpt);
|
||||
|
@ -900,8 +878,7 @@ nssToken_FindCertificateByEncodedCertificate(
|
|||
/* Set the search to token/session only if provided */
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
} else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
|
||||
|
@ -935,8 +912,7 @@ nssToken_FindPrivateKeys(
|
|||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey);
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
} else if (searchType == nssTokenSearchType_TokenOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
|
||||
|
@ -1094,8 +1070,7 @@ nssToken_ImportTrust(
|
|||
NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize);
|
||||
if (asTokenObject) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc);
|
||||
|
@ -1111,8 +1086,7 @@ nssToken_ImportTrust(
|
|||
if (stepUpApproved) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
|
||||
&g_ck_true);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
|
||||
&g_ck_false);
|
||||
}
|
||||
|
@ -1185,8 +1159,7 @@ nssToken_ImportCRL(
|
|||
NSS_CK_TEMPLATE_START(crl_tmpl, attr, crlsize);
|
||||
if (asTokenObject) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
|
||||
|
@ -1195,8 +1168,7 @@ nssToken_ImportCRL(
|
|||
NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_URL, url);
|
||||
if (isKRL) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false);
|
||||
}
|
||||
NSS_CK_TEMPLATE_FINISH(crl_tmpl, attr, crlsize);
|
||||
|
@ -1235,9 +1207,8 @@ nssToken_FindCRLsBySubject(
|
|||
NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size);
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if (searchType == nssTokenSearchType_TokenOnly ||
|
||||
searchType == nssTokenSearchType_TokenForced) {
|
||||
} else if (searchType == nssTokenSearchType_TokenOnly ||
|
||||
searchType == nssTokenSearchType_TokenForced) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
|
||||
|
@ -1488,9 +1459,8 @@ nssToken_TraverseCertificates(
|
|||
NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
}
|
||||
else if (searchType == nssTokenSearchType_TokenOnly ||
|
||||
searchType == nssTokenSearchType_TokenForced) {
|
||||
} else if (searchType == nssTokenSearchType_TokenOnly ||
|
||||
searchType == nssTokenSearchType_TokenForced) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
|
||||
}
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
|
||||
|
|
|
@ -173,7 +173,7 @@ nssCryptokiObjectArray_Destroy(
|
|||
/* object cache for token */
|
||||
|
||||
typedef struct
|
||||
{
|
||||
{
|
||||
NSSArena *arena;
|
||||
nssCryptokiObject *object;
|
||||
CK_ATTRIBUTE_PTR attributes;
|
||||
|
@ -315,8 +315,7 @@ create_object_array(
|
|||
*doObjects = PR_FALSE;
|
||||
*status = PR_FAILURE;
|
||||
*numObjects = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rvOandA = nss_ZNEWARRAY(NULL,
|
||||
nssCryptokiObjectAndAttributes *,
|
||||
*numObjects + 1);
|
||||
|
@ -437,16 +436,14 @@ search_for_objects(
|
|||
/* Either no state change, or went from !logged in -> logged in */
|
||||
cache->loggedIn = PR_TRUE;
|
||||
doSearch = PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (cache->loggedIn) {
|
||||
/* went from logged in -> !logged in, destroy cached objects */
|
||||
clear_cache(cache);
|
||||
cache->loggedIn = PR_FALSE;
|
||||
} /* else no state change, still not logged in, so exit */
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* slot is friendly, thus always available for search */
|
||||
doSearch = PR_TRUE;
|
||||
}
|
||||
|
@ -578,8 +575,7 @@ get_token_objects_for_cache(
|
|||
}
|
||||
if (status == PR_SUCCESS) {
|
||||
nss_ZFreeIf(objects);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PRUint32 j;
|
||||
for (j = 0; j < i; j++) {
|
||||
/* sigh */
|
||||
|
@ -824,8 +820,7 @@ nssTokenObjectCache_GetObjectAttributes(
|
|||
atemplate[i].ulValueLen < attr->ulValueLen) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen);
|
||||
if (!atemplate[i].pValue) {
|
||||
goto loser;
|
||||
|
@ -906,15 +901,13 @@ nssTokenObjectCache_ImportObject(
|
|||
(*oa)->object->token = NULL;
|
||||
nssCryptokiObject_Destroy((*oa)->object);
|
||||
nssArena_Destroy((*oa)->arena);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Create space for a new entry */
|
||||
if (count > 0) {
|
||||
*otype = nss_ZREALLOCARRAY(*otype,
|
||||
nssCryptokiObjectAndAttributes *,
|
||||
count + 2);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2);
|
||||
}
|
||||
}
|
||||
|
@ -922,8 +915,7 @@ nssTokenObjectCache_ImportObject(
|
|||
nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object);
|
||||
(*otype)[count] = create_object_of_type(copyObject, objectType,
|
||||
&status);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
status = PR_FAILURE;
|
||||
}
|
||||
PZ_Unlock(cache->lock);
|
||||
|
|
|
@ -45,13 +45,11 @@ NSS_GetClientAuthData(void *arg,
|
|||
privkey = PK11_FindKeyByAnyCert(cert, proto_win);
|
||||
if (privkey) {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
CERT_DestroyCertificate(cert);
|
||||
}
|
||||
}
|
||||
}
|
||||
else { /* no name given, automatically find the right cert. */
|
||||
} else { /* no name given, automatically find the right cert. */
|
||||
CERTCertNicknames *names;
|
||||
int i;
|
||||
|
||||
|
|
|
@ -52,8 +52,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
|
|||
if (rv == SECSuccess) {
|
||||
compatIssuerName.data = &issuerName.data[headerlen];
|
||||
compatIssuerName.len = issuerName.len - headerlen;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
compatIssuerName.data = NULL;
|
||||
compatIssuerName.len = 0;
|
||||
}
|
||||
|
@ -64,8 +63,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
|
|||
rv = SECSuccess;
|
||||
CERT_DestroyCertificate(curcert);
|
||||
goto done;
|
||||
}
|
||||
else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
|
||||
} else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
|
||||
rv = SECSuccess;
|
||||
CERT_DestroyCertificate(curcert);
|
||||
goto done;
|
||||
|
@ -79,8 +77,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
|
|||
&curcert->derIssuer);
|
||||
CERT_DestroyCertificate(oldcert);
|
||||
depth++;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
CERT_DestroyCertificate(curcert);
|
||||
curcert = NULL;
|
||||
}
|
||||
|
|
|
@ -160,8 +160,7 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
if (isTLS12) {
|
||||
status = TLS_P_hash(HASH_AlgSHA256, &pwSpec->msItem,
|
||||
"key expansion", &srcr, &keyblk, isFIPS);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
status = TLS_PRF(&pwSpec->msItem, "key expansion", &srcr, &keyblk,
|
||||
isFIPS);
|
||||
}
|
||||
|
@ -169,8 +168,7 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
goto key_and_mac_derive_fail;
|
||||
}
|
||||
block_bytes = keyblk.len;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* key_block =
|
||||
* MD5(master_secret + SHA('A' + master_secret +
|
||||
* ServerHello.random + ClientHello.random)) +
|
||||
|
@ -215,41 +213,40 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
* The key_block is partitioned as follows:
|
||||
* client_write_MAC_secret[CipherSpec.hash_size]
|
||||
*/
|
||||
buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item, \
|
||||
buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item,
|
||||
"Client Write MAC Secret");
|
||||
i += macSize;
|
||||
|
||||
/*
|
||||
* server_write_MAC_secret[CipherSpec.hash_size]
|
||||
*/
|
||||
buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item, \
|
||||
buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item,
|
||||
"Server Write MAC Secret");
|
||||
i += macSize;
|
||||
|
||||
if (!keySize) {
|
||||
/* only MACing */
|
||||
buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \
|
||||
buildSSLKey(NULL, 0, &pwSpec->client.write_key_item,
|
||||
"Client Write Key (MAC only)");
|
||||
buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \
|
||||
buildSSLKey(NULL, 0, &pwSpec->server.write_key_item,
|
||||
"Server Write Key (MAC only)");
|
||||
buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \
|
||||
buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item,
|
||||
"Client Write IV (MAC only)");
|
||||
buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \
|
||||
buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item,
|
||||
"Server Write IV (MAC only)");
|
||||
}
|
||||
else if (!isExport) {
|
||||
} else if (!isExport) {
|
||||
/*
|
||||
** Generate Domestic write keys and IVs.
|
||||
** client_write_key[CipherSpec.key_material]
|
||||
*/
|
||||
buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \
|
||||
buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item,
|
||||
"Domestic Client Write Key");
|
||||
i += keySize;
|
||||
|
||||
/*
|
||||
** server_write_key[CipherSpec.key_material]
|
||||
*/
|
||||
buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \
|
||||
buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item,
|
||||
"Domestic Server Write Key");
|
||||
i += keySize;
|
||||
|
||||
|
@ -257,34 +254,32 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
if (explicitIV) {
|
||||
static unsigned char zero_block[32];
|
||||
PORT_Assert(IVSize <= sizeof zero_block);
|
||||
buildSSLKey(&zero_block[0], IVSize, \
|
||||
&pwSpec->client.write_iv_item, \
|
||||
buildSSLKey(&zero_block[0], IVSize,
|
||||
&pwSpec->client.write_iv_item,
|
||||
"Domestic Client Write IV");
|
||||
buildSSLKey(&zero_block[0], IVSize, \
|
||||
&pwSpec->server.write_iv_item, \
|
||||
buildSSLKey(&zero_block[0], IVSize,
|
||||
&pwSpec->server.write_iv_item,
|
||||
"Domestic Server Write IV");
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
** client_write_IV[CipherSpec.IV_size]
|
||||
*/
|
||||
buildSSLKey(&key_block[i], IVSize, \
|
||||
&pwSpec->client.write_iv_item, \
|
||||
buildSSLKey(&key_block[i], IVSize,
|
||||
&pwSpec->client.write_iv_item,
|
||||
"Domestic Client Write IV");
|
||||
i += IVSize;
|
||||
|
||||
/*
|
||||
** server_write_IV[CipherSpec.IV_size]
|
||||
*/
|
||||
buildSSLKey(&key_block[i], IVSize, \
|
||||
&pwSpec->server.write_iv_item, \
|
||||
buildSSLKey(&key_block[i], IVSize,
|
||||
&pwSpec->server.write_iv_item,
|
||||
"Domestic Server Write IV");
|
||||
i += IVSize;
|
||||
}
|
||||
}
|
||||
PORT_Assert(i <= block_bytes);
|
||||
}
|
||||
else if (!isTLS) {
|
||||
} else if (!isTLS) {
|
||||
/*
|
||||
** Generate SSL3 Export write keys and IVs.
|
||||
*/
|
||||
|
@ -300,7 +295,7 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
MD5_Update(md5Ctx, crsr.data, crsr.len);
|
||||
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
|
||||
i += effKeySize;
|
||||
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
|
||||
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
|
||||
"SSL3 Export Client Write Key");
|
||||
key_block2 += keySize;
|
||||
|
||||
|
@ -314,7 +309,7 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
MD5_Update(md5Ctx, srcr.data, srcr.len);
|
||||
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
|
||||
i += effKeySize;
|
||||
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
|
||||
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
|
||||
"SSL3 Export Server Write Key");
|
||||
key_block2 += keySize;
|
||||
PORT_Assert(i <= block_bytes);
|
||||
|
@ -327,7 +322,7 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
MD5_Begin(md5Ctx);
|
||||
MD5_Update(md5Ctx, crsr.data, crsr.len);
|
||||
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
|
||||
buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \
|
||||
buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item,
|
||||
"SSL3 Export Client Write IV");
|
||||
key_block2 += IVSize;
|
||||
|
||||
|
@ -338,14 +333,13 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
MD5_Begin(md5Ctx);
|
||||
MD5_Update(md5Ctx, srcr.data, srcr.len);
|
||||
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
|
||||
buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \
|
||||
buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item,
|
||||
"SSL3 Export Server Write IV");
|
||||
key_block2 += IVSize;
|
||||
}
|
||||
|
||||
PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/*
|
||||
** Generate TLS Export write keys and IVs.
|
||||
*/
|
||||
|
@ -369,7 +363,7 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
if (status != SECSuccess) {
|
||||
goto key_and_mac_derive_fail;
|
||||
}
|
||||
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
|
||||
buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
|
||||
"TLS Export Client Write Key");
|
||||
key_block2 += keySize;
|
||||
|
||||
|
@ -388,7 +382,7 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
if (status != SECSuccess) {
|
||||
goto key_and_mac_derive_fail;
|
||||
}
|
||||
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
|
||||
buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
|
||||
"TLS Export Server Write Key");
|
||||
key_block2 += keySize;
|
||||
|
||||
|
@ -406,11 +400,11 @@ ssl3_KeyAndMacDeriveBypass(
|
|||
if (status != SECSuccess) {
|
||||
goto key_and_mac_derive_fail;
|
||||
}
|
||||
buildSSLKey(key_block2, IVSize, \
|
||||
&pwSpec->client.write_iv_item, \
|
||||
buildSSLKey(key_block2, IVSize,
|
||||
&pwSpec->client.write_iv_item,
|
||||
"TLS Export Client Write IV");
|
||||
buildSSLKey(key_block2 + IVSize, IVSize, \
|
||||
&pwSpec->server.write_iv_item, \
|
||||
buildSSLKey(key_block2 + IVSize, IVSize,
|
||||
&pwSpec->server.write_iv_item,
|
||||
"TLS Export Server Write IV");
|
||||
key_block2 += 2 * IVSize;
|
||||
}
|
||||
|
@ -485,15 +479,13 @@ ssl3_MasterSecretDeriveBypass(
|
|||
if (isTLS12) {
|
||||
rv = TLS_P_hash(HASH_AlgSHA256, pms, "master secret", &crsr,
|
||||
&master, isFIPS);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = TLS_PRF(pms, "master secret", &crsr, &master, isFIPS);
|
||||
}
|
||||
if (rv != SECSuccess) {
|
||||
PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
int i;
|
||||
unsigned int made = 0;
|
||||
for (i = 0; i < 3; i++) {
|
||||
|
@ -552,8 +544,7 @@ ssl_canExtractMS(PK11SymKey *pms, PRBool isTLS, PRBool isDH, PRBool *pcbp)
|
|||
master_derive = CKM_TLS_MASTER_KEY_DERIVE;
|
||||
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
|
||||
keyFlags = CKF_SIGN | CKF_VERIFY;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (isDH)
|
||||
master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
|
||||
else
|
||||
|
@ -689,8 +680,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
|||
if (protocolmask & SSL_CBP_SSL3) {
|
||||
isTLS = PR_FALSE;
|
||||
protocolmask ^= SSL_CBP_SSL3;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
isTLS = PR_TRUE;
|
||||
protocolmask ^= SSL_CBP_TLS1_0;
|
||||
}
|
||||
|
@ -700,8 +690,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
|||
*pcanbypass = PR_FALSE;
|
||||
rv = SECSuccess;
|
||||
break;
|
||||
}
|
||||
else
|
||||
} else
|
||||
testrsa = PR_TRUE;
|
||||
}
|
||||
for (; privKeytype == rsaKey && testrsa;) {
|
||||
|
@ -781,8 +770,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
|||
if (privKeytype == ecKey && testecdhe) {
|
||||
/* TLS_ECDHE_ECDSA */
|
||||
pecParams = &srvPubkey->u.ec.DEREncodedParams;
|
||||
}
|
||||
else if (privKeytype == rsaKey && testecdhe) {
|
||||
} else if (privKeytype == rsaKey && testecdhe) {
|
||||
/* TLS_ECDHE_RSA */
|
||||
ECName ec_curve;
|
||||
int serverKeyStrengthInBits;
|
||||
|
@ -830,8 +818,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
|||
rv = SECFailure;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* TLS_ECDH_ECDSA */
|
||||
keapub = srvPubkey;
|
||||
keapriv = srvPrivkey;
|
||||
|
|
|
@ -287,16 +287,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
|
|||
/* Do not attempt to process rest of messages in this record */
|
||||
break;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (message_seq < ss->ssl3.hs.recvMessageSeq) {
|
||||
/* Case 3: we do an immediate retransmit if we're
|
||||
* in a waiting state*/
|
||||
if (ss->ssl3.hs.rtTimerCb == NULL) {
|
||||
/* Ignore */
|
||||
}
|
||||
else if (ss->ssl3.hs.rtTimerCb ==
|
||||
dtls_RetransmitTimerExpiredCb) {
|
||||
} else if (ss->ssl3.hs.rtTimerCb ==
|
||||
dtls_RetransmitTimerExpiredCb) {
|
||||
SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
|
||||
SSL_GETPID(), ss->fd));
|
||||
/* Check to see if we retransmitted recently. If so,
|
||||
|
@ -316,16 +314,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
|
|||
dtls_RetransmitTimerExpiredCb(ss);
|
||||
rv = SECSuccess;
|
||||
break;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRC(30,
|
||||
("%d: SSL3[%d]: We just retransmitted. Ignoring.",
|
||||
SSL_GETPID(), ss->fd));
|
||||
rv = SECSuccess;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
|
||||
} else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
|
||||
/* Retransmit the messages and re-arm the timer
|
||||
* Note that we are not backing off the timer here.
|
||||
* The spec isn't clear and my reasoning is that this
|
||||
|
@ -340,8 +336,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
|
|||
return rv;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
|
||||
} else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
|
||||
/* Case 2
|
||||
*
|
||||
* Ignore this message. This means we don't handle out of
|
||||
|
@ -350,8 +345,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
|
|||
*
|
||||
* XXX OK for now. Maybe do something smarter at some point?
|
||||
*/
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Case 1
|
||||
*
|
||||
* Buffer the fragment for reassembly
|
||||
|
@ -410,8 +404,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
|
|||
* fragment */
|
||||
ss->ssl3.hs.recvdHighWater = fragment_offset +
|
||||
fragment_length;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
for (offset = fragment_offset;
|
||||
offset < fragment_offset + fragment_length;
|
||||
offset++) {
|
||||
|
@ -429,8 +422,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
|
|||
if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] &
|
||||
OFFSET_MASK(offset)) {
|
||||
ss->ssl3.hs.recvdHighWater++;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -491,8 +483,7 @@ dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
|
|||
if (!msg) {
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
|
||||
}
|
||||
|
||||
|
@ -659,8 +650,7 @@ dtls_TransmitMessageFlight(sslSocket *ss)
|
|||
}
|
||||
|
||||
room_left = ss->ssl3.mtu - ss->pendingBuf.len;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* The message will not fit, so fragment.
|
||||
*
|
||||
* XXX OK for now. Arrange to coalesce the last fragment
|
||||
|
@ -825,8 +815,7 @@ dtls_CompressMACEncryptRecord(sslSocket *ss,
|
|||
cwSpec = ss->ssl3.pwSpec;
|
||||
else
|
||||
cwSpec = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
cwSpec = ss->ssl3.cwSpec;
|
||||
}
|
||||
|
||||
|
@ -835,12 +824,10 @@ dtls_CompressMACEncryptRecord(sslSocket *ss,
|
|||
rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE,
|
||||
PR_FALSE, type, pIn, contentLen,
|
||||
wrBuf);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = tls13_ProtectRecord(ss, type, pIn, contentLen, wrBuf);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PR_NOT_REACHED("Couldn't find a cipher spec matching epoch");
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
}
|
||||
|
@ -1160,8 +1147,7 @@ DTLS_GetHandshakeTimeout(PRFileDesc *socket, PRIntervalTime *timeout)
|
|||
if (elapsed > desired) {
|
||||
/* Timer expired */
|
||||
*timeout = PR_INTERVAL_NO_WAIT;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*timeout = desired - elapsed;
|
||||
}
|
||||
|
||||
|
|
|
@ -148,7 +148,7 @@ nss_MD_os2_map_send_error(PRInt32 err)
|
|||
{
|
||||
PRErrorCode prError;
|
||||
switch (err) {
|
||||
// case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break;
|
||||
// case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break;
|
||||
default:
|
||||
nss_MD_os2_map_default_error(err);
|
||||
return;
|
||||
|
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -252,8 +252,7 @@ ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
|
|||
bufLen = 2 * SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
|
||||
if (bufLen <= sizeof buf) {
|
||||
hashBuf = buf;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
hashBuf = PORT_Alloc(bufLen);
|
||||
if (!hashBuf) {
|
||||
return SECFailure;
|
||||
|
@ -322,11 +321,9 @@ ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
|
|||
|
||||
if (isTLS12) {
|
||||
target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
|
||||
}
|
||||
else if (isTLS) {
|
||||
} else if (isTLS) {
|
||||
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
|
||||
}
|
||||
|
||||
|
@ -449,11 +446,9 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
|
|||
|
||||
if (isTLS12) {
|
||||
target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
|
||||
}
|
||||
else if (isTLS) {
|
||||
} else if (isTLS) {
|
||||
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
|
||||
}
|
||||
|
||||
|
@ -603,8 +598,7 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss)
|
|||
return ec_noName;
|
||||
}
|
||||
signatureKeyStrength = curve2bits[ec_curve];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* RSA is our signing cert */
|
||||
int serverKeyStrengthInBits;
|
||||
|
||||
|
@ -931,8 +925,7 @@ ssl3_SendECDHServerKeyExchange(
|
|||
|
||||
if (ss->opt.reuseServerECDHEKey) {
|
||||
rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair);
|
||||
}
|
||||
if (rv != SECSuccess) {
|
||||
|
@ -953,8 +946,7 @@ ssl3_SendECDHServerKeyExchange(
|
|||
ec_params.data[0] = ec_type_named;
|
||||
ec_params.data[1] = 0x00;
|
||||
ec_params.data[2] = curve;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
|
||||
goto loser;
|
||||
}
|
||||
|
@ -1153,8 +1145,7 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss)
|
|||
if (!svrCert) {
|
||||
ssl3_DisableECCSuites(ss, ecdh_suites);
|
||||
ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
|
||||
|
||||
switch (sigTag) {
|
||||
|
@ -1224,12 +1215,14 @@ static const PRUint8 suiteBECList[] = {
|
|||
/* Prefabricated TLS client hello extension, Elliptic Curves List,
|
||||
* offers curves 1-25.
|
||||
*/
|
||||
/* clang-format off */
|
||||
static const PRUint8 tlsECList[] = {
|
||||
1, 2, 3, 4, 5, 6, 7, 8,
|
||||
9, 10, 11, 12, 13, 14, 15, 16,
|
||||
17, 18, 19, 20, 21, 22, 23, 24,
|
||||
25
|
||||
};
|
||||
/* clang-format on */
|
||||
|
||||
static const PRUint8 ecPtFmt[6] = {
|
||||
BE(11), /* Extension type */
|
||||
|
@ -1295,8 +1288,7 @@ ssl3_SendSupportedCurvesXtn(
|
|||
APPEND_CURVE(suiteBECList[i]);
|
||||
}
|
||||
ecListSize = pos;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
for (i = 0; i < sizeof(tlsECList); i++) {
|
||||
APPEND_CURVE(tlsECList[i]);
|
||||
}
|
||||
|
@ -1343,8 +1335,7 @@ ssl3_GetSupportedECCurveMask(sslSocket *ss)
|
|||
|
||||
if (ssl3_SuiteBOnly(ss)) {
|
||||
curves = SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
curves = SSL3_ALL_SUPPORTED_CURVES_MASK;
|
||||
}
|
||||
|
||||
|
|
|
@ -319,6 +319,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
|
|||
static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] =
|
||||
{
|
||||
{ ssl_server_name_xtn, &ssl3_SendServerNameXtn },
|
||||
{ ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn },
|
||||
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{ ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
|
||||
|
@ -331,7 +332,6 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS]
|
|||
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
|
||||
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
|
||||
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
|
||||
{ ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn },
|
||||
{ ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn },
|
||||
{ ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn },
|
||||
/* any extra entries will appear as { 0, NULL } */
|
||||
|
@ -570,12 +570,11 @@ ssl3_SendSessionTicketXtn(
|
|||
if (session_ticket->ticket.data) {
|
||||
if (ss->xtnData.ticketTimestampVerified) {
|
||||
extension_length += session_ticket->ticket.len;
|
||||
}
|
||||
else if (!append &&
|
||||
(session_ticket->ticket_lifetime_hint == 0 ||
|
||||
(session_ticket->ticket_lifetime_hint +
|
||||
session_ticket->received_timestamp >
|
||||
ssl_Time()))) {
|
||||
} else if (!append &&
|
||||
(session_ticket->ticket_lifetime_hint == 0 ||
|
||||
(session_ticket->ticket_lifetime_hint +
|
||||
session_ticket->received_timestamp >
|
||||
ssl_Time()))) {
|
||||
extension_length += session_ticket->ticket.len;
|
||||
ss->xtnData.ticketTimestampVerified = PR_TRUE;
|
||||
}
|
||||
|
@ -598,8 +597,7 @@ ssl3_SendSessionTicketXtn(
|
|||
session_ticket->ticket.len, 2);
|
||||
ss->xtnData.ticketTimestampVerified = PR_FALSE;
|
||||
ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
|
||||
}
|
||||
if (rv != SECSuccess)
|
||||
|
@ -906,8 +904,7 @@ ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
|
|||
if (i <= len) {
|
||||
memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
|
||||
memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* This seems to be invalid data so we'll send as-is. */
|
||||
memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
|
||||
}
|
||||
|
@ -1015,8 +1012,7 @@ ssl3_ServerSendStatusRequestXtn(
|
|||
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
|
||||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
|
||||
effectiveExchKeyType = ssl_kea_rsa;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
|
||||
}
|
||||
|
||||
|
@ -1170,8 +1166,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
|
|||
if (ss->opt.bypassPKCS11) {
|
||||
rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
|
||||
&mac_key, &mac_key_length);
|
||||
}
|
||||
else
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
|
||||
|
@ -1185,8 +1180,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
|
|||
ms_item.data = ss->ssl3.pwSpec->msItem.data;
|
||||
ms_item.len = ss->ssl3.pwSpec->msItem.len;
|
||||
ms_is_wrapped = PR_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Extract the master secret wrapped. */
|
||||
sslSessionID sid;
|
||||
PORT_Memset(&sid, 0, sizeof(sslSessionID));
|
||||
|
@ -1194,8 +1188,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
|
|||
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
|
||||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
|
||||
effectiveExchKeyType = kt_rsa;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
|
||||
}
|
||||
|
||||
|
@ -1209,8 +1202,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
|
|||
ms_item.data = wrapped_ms;
|
||||
ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
|
||||
msWrapMech = sid.u.ssl3.masterWrapMech;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* TODO: else send an empty ticket. */
|
||||
goto loser;
|
||||
}
|
||||
|
@ -1326,8 +1318,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
|
|||
ss->sec.ci.sid->peerCert->derCert.len);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
|
@ -1352,8 +1343,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
|
|||
rv = ssl3_AppendToItem(&plaintext, srvName->data, srvName->len);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* No Name */
|
||||
rv = ssl3_AppendNumberToItem(&plaintext, (char)TLS_STE_NO_SERVER_NAME, 1);
|
||||
if (rv != SECSuccess)
|
||||
|
@ -1389,8 +1379,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
|
|||
plaintext_item.len);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
}
|
||||
else
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
|
||||
|
@ -1427,8 +1416,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
|
|||
HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
|
||||
HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
|
||||
sizeof(computed_mac));
|
||||
}
|
||||
else
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
SECItem macParam;
|
||||
|
@ -1544,8 +1532,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
|
|||
*/
|
||||
if (data->len == 0) {
|
||||
ss->xtnData.emptySessionTicket = PR_TRUE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PRUint32 i;
|
||||
SECItem extension_data;
|
||||
EncryptedSessionTicket enc_session_ticket;
|
||||
|
@ -1601,8 +1588,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
|
|||
if (ss->opt.bypassPKCS11) {
|
||||
rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
|
||||
&mac_key, &mac_key_length);
|
||||
}
|
||||
else
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
|
||||
|
@ -1640,8 +1626,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
|
|||
if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
|
||||
sizeof(computed_mac)) != SECSuccess)
|
||||
goto no_ticket;
|
||||
}
|
||||
else
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
SECItem macParam;
|
||||
|
@ -1653,8 +1638,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
|
|||
SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
|
||||
SSL_GETPID(), ss->fd, PORT_GetError()));
|
||||
goto no_ticket;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
|
||||
SSL_GETPID(), ss->fd));
|
||||
}
|
||||
|
@ -1708,8 +1692,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
|
|||
enc_session_ticket.encrypted_state.len);
|
||||
if (rv != SECSuccess)
|
||||
goto no_ticket;
|
||||
}
|
||||
else
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
SECItem ivItem;
|
||||
|
@ -2050,8 +2033,7 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
|
|||
case server_hello:
|
||||
if (ss->version > SSL_LIBRARY_VERSION_3_0) {
|
||||
handlers = serverHelloHandlersTLS;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
handlers = serverHelloHandlersSSL3;
|
||||
}
|
||||
break;
|
||||
|
@ -2131,13 +2113,11 @@ ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
|
|||
ssl3HelloExtensionSender *sender;
|
||||
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
sender = &ss->xtnData.serverHelloSenders[0];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (tls13_ExtensionAllowed(ex_type, server_hello)) {
|
||||
PORT_Assert(!tls13_ExtensionAllowed(ex_type, encrypted_extensions));
|
||||
sender = &ss->xtnData.serverHelloSenders[0];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Assert(tls13_ExtensionAllowed(ex_type, encrypted_extensions));
|
||||
sender = &ss->xtnData.encryptedExtensionsSenders[0];
|
||||
}
|
||||
|
@ -2172,8 +2152,7 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
|
|||
if (!sender) {
|
||||
if (ss->version > SSL_LIBRARY_VERSION_3_0) {
|
||||
sender = &clientHelloSendersTLS[0];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
sender = &clientHelloSendersSSL3[0];
|
||||
}
|
||||
}
|
||||
|
@ -2884,8 +2863,7 @@ ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
|
|||
goto loser;
|
||||
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
|
||||
ssl_signed_cert_timestamp_xtn;
|
||||
}
|
||||
else if (maxBytes < extension_length) {
|
||||
} else if (maxBytes < extension_length) {
|
||||
PORT_Assert(0);
|
||||
return 0;
|
||||
}
|
||||
|
@ -2932,8 +2910,7 @@ ssl3_ServerSendSignedCertTimestampXtn(sslSocket *ss,
|
|||
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
|
||||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
|
||||
effectiveExchKeyType = ssl_kea_rsa;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
|
||||
}
|
||||
|
||||
|
|
|
@ -59,14 +59,12 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|||
|
||||
if (nb > 0) {
|
||||
PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
|
||||
}
|
||||
else if (nb == 0) {
|
||||
} else if (nb == 0) {
|
||||
/* EOF */
|
||||
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
|
||||
rv = 0;
|
||||
break;
|
||||
}
|
||||
else /* if (nb < 0) */ {
|
||||
} else /* if (nb < 0) */ {
|
||||
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
|
||||
PR_GetError()));
|
||||
rv = SECFailure;
|
||||
|
@ -194,14 +192,12 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|||
|
||||
if (nb > 0) {
|
||||
PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
|
||||
}
|
||||
else if (nb == 0) {
|
||||
} else if (nb == 0) {
|
||||
/* EOF */
|
||||
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
|
||||
rv = 0;
|
||||
return rv;
|
||||
}
|
||||
else /* if (nb < 0) */ {
|
||||
} else /* if (nb < 0) */ {
|
||||
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
|
||||
PR_GetError()));
|
||||
rv = SECFailure;
|
||||
|
@ -314,8 +310,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
|||
if (ss->ssl3.hs.msgState.buf) {
|
||||
if (ss->ssl3.hs.msgState.len == 0) {
|
||||
ss->ssl3.hs.msgState.buf = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
handleRecordNow = PR_TRUE;
|
||||
}
|
||||
}
|
||||
|
@ -329,8 +324,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
|||
* handshake record.
|
||||
*/
|
||||
rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* bring in the next sslv3 record. */
|
||||
if (ss->recvdCloseNotify) {
|
||||
/* RFC 5246 Section 7.2.1:
|
||||
|
@ -340,8 +334,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
|||
}
|
||||
if (!IS_DTLS(ss)) {
|
||||
rv = ssl3_GatherData(ss, &ss->gs, flags);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = dtls_GatherData(ss, &ss->gs, flags);
|
||||
|
||||
/* If we got a would block error, that means that no data was
|
||||
|
@ -412,8 +405,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
|||
PORT_Assert(ss->firstHsDone);
|
||||
PORT_Assert(!ss->ssl3.hs.canFalseStart);
|
||||
keepGoing = PR_FALSE;
|
||||
}
|
||||
else if (ss->ssl3.hs.canFalseStart) {
|
||||
} else if (ss->ssl3.hs.canFalseStart) {
|
||||
/* Prioritize sending application data over trying to complete
|
||||
* the handshake if we're false starting.
|
||||
*
|
||||
|
@ -426,8 +418,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
|
|||
|
||||
if (ssl3_WaitingForServerSecondRound(ss)) {
|
||||
keepGoing = PR_FALSE;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ss->ssl3.hs.canFalseStart = PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -123,8 +123,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
|
|||
if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
|
||||
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
|
||||
cipherName = ssl_cipherName[ss->sec.cipherType];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
cipherName = ssl3_cipherName[ss->sec.cipherType];
|
||||
}
|
||||
PORT_Assert(cipherName);
|
||||
|
@ -150,11 +149,9 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
|
|||
if (op) {
|
||||
if (ss->sec.keyBits == 0) {
|
||||
*op = SSL_SECURITY_STATUS_OFF;
|
||||
}
|
||||
else if (ss->sec.secretKeyBits < 90) {
|
||||
} else if (ss->sec.secretKeyBits < 90) {
|
||||
*op = SSL_SECURITY_STATUS_ON_LOW;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*op = SSL_SECURITY_STATUS_ON_HIGH;
|
||||
}
|
||||
}
|
||||
|
@ -170,8 +167,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
|
|||
if (sp) {
|
||||
*sp = CERT_NameToAscii(&cert->subject);
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (ip) {
|
||||
*ip = PORT_Strdup("no certificate");
|
||||
}
|
||||
|
|
|
@ -142,9 +142,8 @@ ssl2_ConstructCipherSpecs(sslSocket *ss)
|
|||
|
||||
count = 0;
|
||||
PORT_Assert(ss != 0);
|
||||
allowed = !ss->opt.enableSSL2 ? 0 :
|
||||
(ss->allowedByPolicy &
|
||||
ss->chosenPreference & SSL_CB_IMPLEMENTED);
|
||||
allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy &
|
||||
ss->chosenPreference & SSL_CB_IMPLEMENTED);
|
||||
while (allowed) {
|
||||
if (allowed & 1)
|
||||
++count;
|
||||
|
@ -179,9 +178,8 @@ ssl2_ConstructCipherSpecs(sslSocket *ss)
|
|||
ss->sizeCipherSpecs = count * 3;
|
||||
|
||||
/* fill in cipher specs for SSL2 cipher suites */
|
||||
allowed = !ss->opt.enableSSL2 ? 0 :
|
||||
(ss->allowedByPolicy &
|
||||
ss->chosenPreference & SSL_CB_IMPLEMENTED);
|
||||
allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy &
|
||||
ss->chosenPreference & SSL_CB_IMPLEMENTED);
|
||||
for (i = 0; i < ssl2_NUM_SUITES_IMPLEMENTED * 3; i += 3) {
|
||||
const PRUint8 *hs = implementedCipherSuites + i;
|
||||
int ok = allowed & (1U << hs[0]);
|
||||
|
@ -267,12 +265,10 @@ ssl2_SetPolicy(PRInt32 which, PRInt32 policy)
|
|||
if (policy == SSL_ALLOWED) {
|
||||
allowedByPolicy |= bitMask;
|
||||
maybeAllowedByPolicy |= bitMask;
|
||||
}
|
||||
else if (policy == SSL_RESTRICTED) {
|
||||
} else if (policy == SSL_RESTRICTED) {
|
||||
allowedByPolicy &= ~bitMask;
|
||||
maybeAllowedByPolicy |= bitMask;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
allowedByPolicy &= ~bitMask;
|
||||
maybeAllowedByPolicy &= ~bitMask;
|
||||
}
|
||||
|
@ -301,8 +297,7 @@ ssl2_GetPolicy(PRInt32 which, PRInt32 *oPolicy)
|
|||
|
||||
if (maybeAllowedByPolicy & bitMask) {
|
||||
policy = (allowedByPolicy & bitMask) ? SSL_ALLOWED : SSL_RESTRICTED;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
policy = SSL_NOT_ALLOWED;
|
||||
}
|
||||
|
||||
|
@ -617,8 +612,7 @@ ssl2_SendServerFinishedMessage(sslSocket *ss)
|
|||
if (ss->sec.uncache)
|
||||
(*ss->sec.uncache)(sid);
|
||||
rv = (SECStatus)sent;
|
||||
}
|
||||
else if (!ss->opt.noCache) {
|
||||
} else if (!ss->opt.noCache) {
|
||||
if (sid->cached == never_cached) {
|
||||
(*ss->sec.cache)(sid);
|
||||
}
|
||||
|
@ -873,8 +867,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
|
|||
if (rv < 0) {
|
||||
if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
|
||||
rv = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Return short write if some data already went out... */
|
||||
if (count == 0)
|
||||
count = rv;
|
||||
|
@ -887,8 +880,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
|
|||
if (ssl_SaveWriteData(ss, out + rv, amount + 2 - rv) ==
|
||||
SECFailure) {
|
||||
count = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
count += amount;
|
||||
ss->sec.sendSequence++;
|
||||
}
|
||||
|
@ -973,8 +965,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
|
|||
"saving data",
|
||||
SSL_GETPID(), ss->fd));
|
||||
rv = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRC(10, ("%d: SSL[%d]: send stream error %d",
|
||||
SSL_GETPID(), ss->fd, PORT_GetError()));
|
||||
/* Return short write if some data already went out... */
|
||||
|
@ -988,8 +979,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
|
|||
/* Short write. Save the data and return. */
|
||||
if (ssl_SaveWriteData(ss, out + rv, buflen - rv) == SECFailure) {
|
||||
count = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
count += amount;
|
||||
ss->sec.sendSequence++;
|
||||
}
|
||||
|
@ -1048,8 +1038,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
|
|||
hlen = 3;
|
||||
padding = ss->sec.blockSize - padding;
|
||||
nout += padding;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
hlen = 2;
|
||||
}
|
||||
buflen = hlen + nout;
|
||||
|
@ -1067,8 +1056,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
|
|||
*op++ = MSB(nout);
|
||||
*op++ = LSB(nout);
|
||||
*op++ = padding;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*op++ = 0x80 | MSB(nout);
|
||||
*op++ = LSB(nout);
|
||||
}
|
||||
|
@ -1105,8 +1093,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
|
|||
if (rv < 0) {
|
||||
if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
|
||||
rv = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRC(10, ("%d: SSL[%d]: send block error %d",
|
||||
SSL_GETPID(), ss->fd, PORT_GetError()));
|
||||
/* Return short write if some data already went out... */
|
||||
|
@ -1120,8 +1107,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
|
|||
/* Short write. Save the data and return. */
|
||||
if (ssl_SaveWriteData(ss, out + rv, op - out - rv) == SECFailure) {
|
||||
count = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
count += amount;
|
||||
ss->sec.sendSequence++;
|
||||
}
|
||||
|
@ -1226,8 +1212,7 @@ ssl_GatherRecord1stHandshake(sslSocket *ss)
|
|||
if ((ss->version >= SSL_LIBRARY_VERSION_3_0) || IS_DTLS(ss)) {
|
||||
/* Wait for handshake to complete, or application data to arrive. */
|
||||
rv = ssl3_GatherCompleteHandshake(ss, 0);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* See if we have a complete record */
|
||||
rv = ssl2_GatherRecord(ss, 0);
|
||||
}
|
||||
|
@ -1886,12 +1871,10 @@ ssl2_ChooseSessionCypher(sslSocket *ss,
|
|||
if ((ohs[0] == SSL_CK_RC4_128_WITH_MD5) ||
|
||||
(ohs[0] == SSL_CK_RC2_128_CBC_WITH_MD5)) {
|
||||
PORT_SetError(SSL_ERROR_US_ONLY_SERVER);
|
||||
}
|
||||
else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) ||
|
||||
(ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) {
|
||||
} else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) ||
|
||||
(ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) {
|
||||
PORT_SetError(SSL_ERROR_EXPORT_ONLY_SERVER);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
|
||||
}
|
||||
SSL_DBG(("%d: SSL[%d]: no cipher overlap", SSL_GETPID(), ss->fd));
|
||||
|
@ -2223,8 +2206,7 @@ ssl2_TryToFinish(sslSocket *ss)
|
|||
if (ss->sec.isServer) {
|
||||
/* Send server finished message if we already didn't */
|
||||
rv = ssl2_SendServerFinishedMessage(ss);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Send client finished message if we already didn't */
|
||||
rv = ssl2_SendClientFinishedMessage(ss);
|
||||
}
|
||||
|
@ -2469,8 +2451,8 @@ ssl2_HandleClientCertificate(sslSocket *ss,
|
|||
goto loser;
|
||||
|
||||
/* Now ask the server application if it likes the certificate... */
|
||||
rv = (SECStatus) (*ss->authCertificate)(ss->authCertificateArg,
|
||||
ss->fd, PR_TRUE, PR_TRUE);
|
||||
rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg,
|
||||
ss->fd, PR_TRUE, PR_TRUE);
|
||||
/* Hey, it liked it. */
|
||||
if (SECSuccess == rv)
|
||||
goto done;
|
||||
|
@ -2612,8 +2594,7 @@ ssl2_HandleMessage(sslSocket *ss)
|
|||
ss->gs.recordLen) {
|
||||
/* prevent overflow crash. */
|
||||
rv = SECFailure;
|
||||
}
|
||||
else
|
||||
} else
|
||||
rv = ssl2_HandleClientCertificate(ss, data[1],
|
||||
data + SSL_HL_CLIENT_CERTIFICATE_HBYTES,
|
||||
certLen,
|
||||
|
@ -2795,8 +2776,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
|
|||
SSL_TRC(3, ("%d: SSL[%d]: demoting self (%x) to server version (%x)",
|
||||
SSL_GETPID(), ss->fd, SSL_LIBRARY_VERSION_2,
|
||||
ss->version));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRC(1, ("%d: SSL[%d]: server version is %x (we are %x)",
|
||||
SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
|
||||
/* server claims to be newer but does not follow protocol */
|
||||
|
@ -2845,8 +2825,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
|
|||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (certType != SSL_CT_X509_CERTIFICATE) {
|
||||
PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
|
||||
goto loser;
|
||||
|
@ -2916,8 +2895,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
|
|||
SSL_GETPID(), ss->fd));
|
||||
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* cert is bad */
|
||||
SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
|
||||
SSL_GETPID(), ss->fd, PORT_GetError()));
|
||||
|
@ -2925,8 +2903,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
|
|||
goto loser;
|
||||
}
|
||||
/* cert is good */
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
|
||||
SSL_GETPID(), ss->fd, PORT_GetError()));
|
||||
goto loser;
|
||||
|
@ -3032,8 +3009,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
|
|||
/* Try to find server in our session-id cache */
|
||||
if (ss->opt.noCache) {
|
||||
sid = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID,
|
||||
ss->url);
|
||||
}
|
||||
|
@ -3434,8 +3410,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
|
|||
** knows whats up.
|
||||
*/
|
||||
ss->version = SSL_LIBRARY_VERSION_2;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRC(1, ("%d: SSL[%d]: client version is %x (we are %x)",
|
||||
SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
|
||||
PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
|
||||
|
@ -3473,8 +3448,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
|
|||
ss->sec.ci.peer.pr_s6_addr32[2],
|
||||
ss->sec.ci.peer.pr_s6_addr32[3]));
|
||||
sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sd, sdLen, ss->dbHandle);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
sid = NULL;
|
||||
}
|
||||
if (sid) {
|
||||
|
@ -3498,8 +3472,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
|
|||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SECItem *derCert = &serverCert->derCert;
|
||||
|
||||
SSL_TRC(7, ("%d: SSL[%d]: server, lookup nonce missed",
|
||||
|
|
|
@ -70,8 +70,7 @@ ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
|
|||
if (rv < 0) {
|
||||
DEFINE_ERROR
|
||||
MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
|
||||
}
|
||||
else if (rv > len) {
|
||||
} else if (rv > len) {
|
||||
PORT_Assert(rv <= len);
|
||||
PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
|
||||
rv = SECFailure;
|
||||
|
|
|
@ -48,10 +48,16 @@
|
|||
*/
|
||||
const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
#ifdef __arm__
|
||||
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
#endif /* __arm__ */
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
#ifndef __arm__
|
||||
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
#endif /* __arm__ */
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
|
||||
*/
|
||||
|
@ -67,8 +73,13 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
|||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
#ifdef __arm__
|
||||
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
#endif /* __arm__ */
|
||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
#ifndef __arm__
|
||||
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
#endif /* __arm__ */
|
||||
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
||||
|
|
|
@ -142,8 +142,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|||
* be called again by ssl_Do1stHandshake.
|
||||
*/
|
||||
return SECWouldBlock;
|
||||
}
|
||||
else if (gs->hdr[0] == content_alert) {
|
||||
} else if (gs->hdr[0] == content_alert) {
|
||||
if (ss->nextHandshake == ssl2_HandleServerHelloMessage) {
|
||||
/* XXX This is a hack. We're assuming that any failure
|
||||
* XXX on the client hello is a failure to match
|
||||
|
@ -160,8 +159,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|||
/* This record has a 2-byte header, and no padding */
|
||||
gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1];
|
||||
gs->recordPadding = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* This record has a 3-byte header that is all read in now. */
|
||||
gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1];
|
||||
/* is_escape = (gs->hdr[0] & 0x40) != 0; */
|
||||
|
@ -187,8 +185,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|||
pBuf[0] = gs->hdr[2];
|
||||
gs->offset = 1;
|
||||
gs->remainder = gs->count - 1;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
gs->offset = 0;
|
||||
gs->remainder = gs->count;
|
||||
}
|
||||
|
@ -197,8 +194,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|||
gs->state = GS_MAC;
|
||||
gs->recordLen = gs->count - gs->recordPadding -
|
||||
ss->sec.hash->length;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
gs->state = GS_DATA;
|
||||
gs->recordLen = gs->count;
|
||||
}
|
||||
|
@ -286,8 +282,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|||
rv = SECFailure;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ssl_ReleaseSpecReadLock(ss); /******************************/
|
||||
}
|
||||
|
||||
|
@ -296,8 +291,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
|
|||
gs->readOffset = macLen;
|
||||
gs->writeOffset = gs->offset - gs->recordPadding;
|
||||
rv = 1;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
|
||||
cleanup:
|
||||
/* nothing in the buffer any more. */
|
||||
|
|
|
@ -30,7 +30,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
|||
/* Check if we can properly return the length of data written and that
|
||||
* we're not asked to return more information than we know how to provide.
|
||||
*/
|
||||
if (!info || len < sizeof inf.length || len > sizeof inf) {
|
||||
if (!info || len < sizeof inf.length || len > sizeof inf) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -54,8 +54,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
|||
inf.cipherSuite = ss->sec.cipherType | 0xff00;
|
||||
inf.compressionMethod = ssl_compression_null;
|
||||
inf.compressionMethodName = "N/A";
|
||||
}
|
||||
else if (ss->ssl3.initialized) { /* SSL3 and TLS */
|
||||
} else if (ss->ssl3.initialized) { /* SSL3 and TLS */
|
||||
ssl_GetSpecReadLock(ss);
|
||||
/* XXX The cipher suite should be in the specs and this
|
||||
* function should get it from cwSpec rather than from the "hs".
|
||||
|
@ -81,8 +80,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
|||
inf.sessionIDLength = SSL2_SESSIONID_BYTES;
|
||||
memcpy(inf.sessionID, sid->u.ssl2.sessionID,
|
||||
SSL2_SESSIONID_BYTES);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
unsigned int sidLen = sid->u.ssl3.sessionIDLength;
|
||||
sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
|
||||
inf.sessionIDLength = sidLen;
|
||||
|
@ -442,8 +440,7 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
|
|||
if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
|
||||
PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
|
||||
valLen, out, outLen);
|
||||
}
|
||||
|
|
|
@ -34,8 +34,7 @@
|
|||
|
||||
#include <wtypes.h>
|
||||
|
||||
typedef struct
|
||||
{
|
||||
typedef struct {
|
||||
PRBool isMultiProcess;
|
||||
#ifdef WINNT
|
||||
/* on WINNT we need both the PRLock and the Win32 mutex for fibers */
|
||||
|
@ -73,8 +72,7 @@ typedef pid_t sslPID;
|
|||
#include <sys/types.h> /* for pid_t */
|
||||
#include <semaphore.h> /* for sem_t, and sem_* functions */
|
||||
|
||||
typedef struct
|
||||
{
|
||||
typedef struct {
|
||||
PRBool isMultiProcess;
|
||||
union {
|
||||
PRLock *sslLock;
|
||||
|
|
|
@ -174,8 +174,7 @@ ssl_DestroySID(sslSessionID *sid)
|
|||
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
|
||||
SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
|
||||
SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
|
||||
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
|
||||
PR_FALSE);
|
||||
|
@ -277,28 +276,26 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID,
|
|||
SSL_TRC(7, ("SSL: lookup1, throwing sid out, age=%d refs=%d",
|
||||
now - sid->creationTime, sid->references));
|
||||
|
||||
*sidp = sid->next; /* delink it from the list. */
|
||||
sid->cached = invalid_cache; /* mark not on list. */
|
||||
ssl_FreeLockedSID(sid); /* drop ref count, free. */
|
||||
}
|
||||
else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */
|
||||
(sid->port == port) && /* server port matches */
|
||||
/* proxy (peerID) matches */
|
||||
(((peerID == NULL) && (sid->peerID == NULL)) ||
|
||||
((peerID != NULL) && (sid->peerID != NULL) &&
|
||||
PORT_Strcmp(sid->peerID, peerID) == 0)) &&
|
||||
/* is cacheable */
|
||||
(sid->version < SSL_LIBRARY_VERSION_3_0 ||
|
||||
sid->u.ssl3.keys.resumable) &&
|
||||
/* server hostname matches. */
|
||||
(sid->urlSvrName != NULL) &&
|
||||
(0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) {
|
||||
*sidp = sid->next; /* delink it from the list. */
|
||||
sid->cached = invalid_cache; /* mark not on list. */
|
||||
ssl_FreeLockedSID(sid); /* drop ref count, free. */
|
||||
} else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */
|
||||
(sid->port == port) && /* server port matches */
|
||||
/* proxy (peerID) matches */
|
||||
(((peerID == NULL) && (sid->peerID == NULL)) ||
|
||||
((peerID != NULL) && (sid->peerID != NULL) &&
|
||||
PORT_Strcmp(sid->peerID, peerID) == 0)) &&
|
||||
/* is cacheable */
|
||||
(sid->version < SSL_LIBRARY_VERSION_3_0 ||
|
||||
sid->u.ssl3.keys.resumable) &&
|
||||
/* server hostname matches. */
|
||||
(sid->urlSvrName != NULL) &&
|
||||
(0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) {
|
||||
/* Hit */
|
||||
sid->lastAccessTime = now;
|
||||
sid->references++;
|
||||
break;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
sidp = &sid->next;
|
||||
}
|
||||
}
|
||||
|
@ -338,8 +335,7 @@ CacheSID(sslSessionID *sid)
|
|||
sid->u.ssl2.masterKey.data, sid->u.ssl2.masterKey.len));
|
||||
PRINT_BUF(8, (0, "cipherArg:",
|
||||
sid->u.ssl2.cipherArg.data, sid->u.ssl2.cipherArg.len));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (sid->u.ssl3.sessionIDLength == 0 &&
|
||||
sid->u.ssl3.locked.sessionTicket.ticket.data == NULL)
|
||||
return;
|
||||
|
@ -447,8 +443,7 @@ ssl_ChooseSessionIDProcs(sslSecurityInfo *sec)
|
|||
if (sec->isServer) {
|
||||
sec->cache = ssl_sid_cache;
|
||||
sec->uncache = ssl_sid_uncache;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
sec->cache = CacheSID;
|
||||
sec->uncache = LockAndUncacheSID;
|
||||
}
|
||||
|
|
|
@ -221,8 +221,7 @@ SSL_ResetHandshake(PRFileDesc *s, PRBool asServer)
|
|||
if (asServer) {
|
||||
ss->handshake = ssl2_BeginServerHandshake;
|
||||
ss->handshaking = sslHandshakingAsServer;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ss->handshake = ssl2_BeginClientHandshake;
|
||||
ss->handshaking = sslHandshakingAsClient;
|
||||
}
|
||||
|
@ -283,8 +282,7 @@ SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache)
|
|||
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
|
||||
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ssl_GetSSL3HandshakeLock(ss);
|
||||
rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */
|
||||
ssl_ReleaseSSL3HandshakeLock(ss);
|
||||
|
@ -462,18 +460,14 @@ SSL_ForceHandshake(PRFileDesc *fd)
|
|||
ssl_ReleaseRecvBufLock(ss);
|
||||
if (gatherResult > 0) {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else if (gatherResult == 0) {
|
||||
} else if (gatherResult == 0) {
|
||||
PORT_SetError(PR_END_OF_FILE_ERROR);
|
||||
}
|
||||
else if (gatherResult == SECWouldBlock) {
|
||||
} else if (gatherResult == SECWouldBlock) {
|
||||
PORT_SetError(PR_WOULD_BLOCK_ERROR);
|
||||
}
|
||||
}
|
||||
else if (!ss->firstHsDone) {
|
||||
} else if (!ss->firstHsDone) {
|
||||
rv = ssl_Do1stHandshake(ss);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* tried to force handshake on an SSL 2 socket that has
|
||||
** already completed the handshake. */
|
||||
rv = SECSuccess; /* just pretend we did it. */
|
||||
|
@ -512,8 +506,7 @@ sslBuffer_Grow(sslBuffer *b, unsigned int newLen)
|
|||
unsigned char *newBuf;
|
||||
if (b->buf) {
|
||||
newBuf = (unsigned char *)PORT_Realloc(b->buf, newLen);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
newBuf = (unsigned char *)PORT_Alloc(newLen);
|
||||
}
|
||||
if (!newBuf) {
|
||||
|
@ -622,8 +615,7 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
|
|||
if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
|
||||
/* Wait for application data to arrive. */
|
||||
rv = ssl3_GatherAppDataRecord(ss, 0);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* See if we have a complete record */
|
||||
rv = ssl2_GatherRecord(ss, 0);
|
||||
}
|
||||
|
@ -644,8 +636,7 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
|
|||
** Gather record is blocked waiting for more record data to
|
||||
** arrive. Try to process what we have already received
|
||||
*/
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Gather record has finished getting a complete record */
|
||||
}
|
||||
|
||||
|
@ -995,8 +986,7 @@ ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os)
|
|||
ss->sec.hashcx = os->sec.hash->clone(os->sec.hashcx);
|
||||
if (os->sec.hashcx && !ss->sec.hashcx)
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ss->sec.hash = NULL;
|
||||
ss->sec.hashcx = NULL;
|
||||
}
|
||||
|
@ -1046,8 +1036,7 @@ ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
|
|||
(*sec->destroy)(sec->writecx, PR_TRUE);
|
||||
sec->readcx = NULL;
|
||||
sec->writecx = NULL;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Assert(sec->readcx == 0);
|
||||
PORT_Assert(sec->writecx == 0);
|
||||
}
|
||||
|
@ -1104,8 +1093,7 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
|
|||
if (ss->opt.handshakeAsServer) {
|
||||
ss->securityHandshake = ssl2_BeginServerHandshake;
|
||||
ss->handshaking = sslHandshakingAsServer;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ss->securityHandshake = ssl2_BeginClientHandshake;
|
||||
ss->handshaking = sslHandshakingAsClient;
|
||||
}
|
||||
|
@ -1114,8 +1102,7 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
|
|||
rv = osfd->methods->connect(osfd, sa, ss->cTimeout);
|
||||
if (rv == PR_SUCCESS) {
|
||||
ss->TCPconnected = 1;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
int err = PR_GetError();
|
||||
SSL_DBG(("%d: SSL[%d]: connect failed, errno=%d",
|
||||
SSL_GETPID(), ss->fd, err));
|
||||
|
@ -1357,8 +1344,7 @@ done:
|
|||
if (rv < 0) {
|
||||
SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d",
|
||||
SSL_GETPID(), ss->fd, rv, PORT_GetError()));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count",
|
||||
SSL_GETPID(), ss->fd, rv));
|
||||
}
|
||||
|
@ -1519,8 +1505,7 @@ SSL_GetSessionID(PRFileDesc *fd)
|
|||
item->len = SSL2_SESSIONID_BYTES;
|
||||
item->data = (unsigned char *)PORT_Alloc(item->len);
|
||||
PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
item->len = sid->u.ssl3.sessionIDLength;
|
||||
item->data = (unsigned char *)PORT_Alloc(item->len);
|
||||
PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
|
||||
|
@ -1591,12 +1576,10 @@ SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error)
|
|||
if (!ss->ssl3.initialized) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
rv = SECFailure;
|
||||
}
|
||||
else if (ss->version < SSL_LIBRARY_VERSION_3_0) {
|
||||
} else if (ss->version < SSL_LIBRARY_VERSION_3_0) {
|
||||
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_AuthCertificateComplete(ss, error);
|
||||
}
|
||||
|
||||
|
|
|
@ -491,8 +491,7 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
|
|||
to->creationTime, to->addr.pr_s6_addr32[0],
|
||||
to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
|
||||
to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* This is an SSL v3 session */
|
||||
|
||||
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
|
||||
|
@ -566,8 +565,7 @@ ConvertToSID(sidCacheEntry *from,
|
|||
to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1],
|
||||
to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3],
|
||||
to->u.ssl2.cipherType));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* This is an SSL v3 session */
|
||||
|
||||
to->u.ssl3.sessionIDLength = from->sessionIDLength;
|
||||
|
@ -643,8 +641,7 @@ loser:
|
|||
PORT_Free(to->u.ssl2.masterKey.data);
|
||||
if (to->u.ssl2.cipherArg.data)
|
||||
PORT_Free(to->u.ssl2.cipherArg.data);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SECITEM_FreeItem(&to->u.ssl3.srvName, PR_FALSE);
|
||||
}
|
||||
PORT_Free(to);
|
||||
|
@ -770,8 +767,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
|
|||
!PORT_Memcmp(pcce->sessionID, psce->sessionID,
|
||||
pcce->sessionIDLength)) {
|
||||
cce = *pcce;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* The cert doesen't match the SID cache entry,
|
||||
** so invalidate the SID cache entry.
|
||||
*/
|
||||
|
@ -780,8 +776,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
|
|||
pcce = 0;
|
||||
}
|
||||
UnlockSidCacheLock(cache->certCacheLock);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* what the ??. Didn't get the cert cache lock.
|
||||
** Don't invalidate the SID cache entry, but don't find it.
|
||||
*/
|
||||
|
@ -799,8 +794,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
|
|||
if (!PORT_Memcmp(psnce->nameHash, psce->u.ssl3.srvNameHash,
|
||||
SHA256_LENGTH)) {
|
||||
snce = *psnce;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* The name doesen't match the SID cache entry,
|
||||
** so invalidate the SID cache entry.
|
||||
*/
|
||||
|
@ -809,8 +803,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
|
|||
psnce = 0;
|
||||
}
|
||||
UnlockSidCacheLock(cache->srvNameCacheLock);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* what the ??. Didn't get the cert cache lock.
|
||||
** Don't invalidate the SID cache entry, but don't find it.
|
||||
*/
|
||||
|
@ -874,8 +867,7 @@ ServerSessionIDCache(sslSessionID *sid)
|
|||
sid->u.ssl2.masterKey.len));
|
||||
PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
|
||||
sid->u.ssl2.cipherArg.len));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* override caller's expiration time, which uses client timeout
|
||||
* duration, not server timeout duration.
|
||||
*/
|
||||
|
@ -957,8 +949,7 @@ ServerSessionIDUncache(sslSessionID *sid)
|
|||
sid->u.ssl2.masterKey.len));
|
||||
PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
|
||||
sid->u.ssl2.cipherArg.len));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
sessionID = sid->u.ssl3.sessionID;
|
||||
sessionIDLength = sid->u.ssl3.sessionIDLength;
|
||||
SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
|
||||
|
@ -1017,8 +1008,7 @@ CloseCache(cacheDesc *cache)
|
|||
}
|
||||
if (cache->shared) {
|
||||
PR_MemUnmap(cache->cacheMem, cache->cacheMemSize);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Free(cache->cacheMem);
|
||||
}
|
||||
cache->cacheMem = NULL;
|
||||
|
@ -1162,8 +1152,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
|
|||
ssl2_timeout = MIN_SSL2_TIMEOUT;
|
||||
}
|
||||
cache->ssl2Timeout = ssl2_timeout;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
cache->ssl2Timeout = DEF_SSL2_TIMEOUT;
|
||||
}
|
||||
|
||||
|
@ -1175,8 +1164,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
|
|||
ssl3_timeout = MIN_SSL3_TIMEOUT;
|
||||
}
|
||||
cache->ssl3Timeout = ssl3_timeout;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
cache->ssl3Timeout = DEF_SSL3_TIMEOUT;
|
||||
}
|
||||
|
||||
|
@ -1211,8 +1199,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
|
|||
}
|
||||
|
||||
cacheMem = PR_MemMap(cacheMemMap, 0, cache->cacheMemSize);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
cacheMem = PORT_Alloc(cache->cacheMemSize);
|
||||
}
|
||||
|
||||
|
@ -1475,8 +1462,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
|
|||
return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache,
|
||||
ssl2_timeout, ssl3_timeout, directory, PR_FALSE,
|
||||
maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return ssl_ConfigMPServerSIDCacheWithOpt(ssl2_timeout, ssl3_timeout,
|
||||
directory, maxCacheEntries, maxCertCacheEntries,
|
||||
maxSrvNameCacheEntries);
|
||||
|
@ -1822,8 +1808,7 @@ ssl_GetWrappingKey(PRInt32 symWrapMechIndex,
|
|||
(unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS) {
|
||||
rv = getSvrWrappingKey(symWrapMechIndex, exchKeyType, wswk,
|
||||
&globalCache, 0);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = PR_FALSE;
|
||||
}
|
||||
|
||||
|
@ -1868,8 +1853,7 @@ GenerateTicketKeys(void *pwArg, unsigned char *keyName, PK11SymKey **aesKey,
|
|||
if (!cache->cacheMem) {
|
||||
/* cache is not initalized. Use stack buffer */
|
||||
ticketKeyNameSuffix = ticketKeyNameSuffixLocal;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ticketKeyNameSuffix = cache->ticketKeyNameSuffix;
|
||||
}
|
||||
|
||||
|
@ -2042,8 +2026,7 @@ ssl_GetSessionTicketKeys(unsigned char *keyName, unsigned char *encKey,
|
|||
ticketKeyNameSuffix = ticketKeyNameSuffixLocal;
|
||||
ticketEncKeyPtr = ticketEncKey;
|
||||
ticketMacKeyPtr = ticketMacKey;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* these values have constant memory locations in the cache.
|
||||
* Ok to reference them without holding the lock. */
|
||||
ticketKeyNameSuffix = cache->ticketKeyNameSuffix;
|
||||
|
@ -2134,8 +2117,7 @@ ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
|
|||
if (rv) {
|
||||
/* we found it on disk, copy it out to the caller. */
|
||||
PORT_Memcpy(wswk, &myWswk, sizeof *wswk);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Wasn't on disk, and we're still holding the lock, so write it. */
|
||||
cache->keyCacheData[ndx] = *wswk;
|
||||
}
|
||||
|
|
|
@ -252,8 +252,7 @@ ssl_DupSocket(sslSocket *os)
|
|||
}
|
||||
PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
|
||||
sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ss->ssl3.dheGroups = NULL;
|
||||
}
|
||||
|
||||
|
@ -264,8 +263,7 @@ ssl_DupSocket(sslSocket *os)
|
|||
os->sizeCipherSpecs);
|
||||
ss->sizeCipherSpecs = os->sizeCipherSpecs;
|
||||
ss->preferredCipher = os->preferredCipher;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ss->cipherSpecs = NULL; /* produced lazily */
|
||||
ss->sizeCipherSpecs = 0;
|
||||
ss->preferredCipher = NULL;
|
||||
|
@ -284,26 +282,20 @@ ssl_DupSocket(sslSocket *os)
|
|||
sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
|
||||
if (!sc->serverCertChain)
|
||||
goto loser;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
sc->serverCert = NULL;
|
||||
sc->serverCertChain = NULL;
|
||||
}
|
||||
sc->serverKeyPair = oc->serverKeyPair ?
|
||||
ssl3_GetKeyPairRef(oc->serverKeyPair)
|
||||
sc->serverKeyPair = oc->serverKeyPair ? ssl3_GetKeyPairRef(oc->serverKeyPair)
|
||||
: NULL;
|
||||
if (oc->serverKeyPair && !sc->serverKeyPair)
|
||||
goto loser;
|
||||
sc->serverKeyBits = oc->serverKeyBits;
|
||||
ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
|
||||
SECITEM_DupArray(NULL, os->certStatusArray[i]);
|
||||
ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : SECITEM_DupArray(NULL, os->certStatusArray[i]);
|
||||
}
|
||||
ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
|
||||
ssl3_GetKeyPairRef(os->stepDownKeyPair);
|
||||
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
|
||||
ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
|
||||
ss->dheKeyPair = !os->dheKeyPair ? NULL :
|
||||
ssl3_GetKeyPairRef(os->dheKeyPair);
|
||||
ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : ssl3_GetKeyPairRef(os->stepDownKeyPair);
|
||||
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
|
||||
ss->dheKeyPair = !os->dheKeyPair ? NULL : ssl3_GetKeyPairRef(os->dheKeyPair);
|
||||
ss->dheParams = os->dheParams;
|
||||
|
||||
/*
|
||||
|
@ -487,8 +479,7 @@ ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
|
|||
|
||||
if (osfd->methods->setsocketoption) {
|
||||
rv = (SECStatus)osfd->methods->setsocketoption(osfd, &opt);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
||||
}
|
||||
|
||||
|
@ -578,13 +569,11 @@ ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
|
|||
/* Expand the range of enabled version to include TLS 1.0 */
|
||||
vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
|
||||
vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
|
||||
if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
|
||||
vrange->max = SSL_LIBRARY_VERSION_3_0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Only TLS was enabled, so now no versions are. */
|
||||
vrange->min = SSL_LIBRARY_VERSION_NONE;
|
||||
vrange->max = SSL_LIBRARY_VERSION_NONE;
|
||||
|
@ -619,13 +608,11 @@ ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
|
|||
* we don't need to change vrange->max.
|
||||
*/
|
||||
vrange->min = SSL_LIBRARY_VERSION_3_0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Disable SSL 3.0, leaving TLS unaffected. */
|
||||
if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
|
||||
vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Only SSL 3.0 was enabled, so now no versions are. */
|
||||
vrange->min = SSL_LIBRARY_VERSION_NONE;
|
||||
vrange->max = SSL_LIBRARY_VERSION_NONE;
|
||||
|
@ -791,8 +778,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
|||
if (ss->handshakeBegun) {
|
||||
PORT_SetError(PR_INVALID_STATE_ERROR);
|
||||
rv = SECFailure;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (PR_FALSE != on) {
|
||||
if (PR_SUCCESS == SSL_BypassSetup()) {
|
||||
#ifdef NO_PKCS11_BYPASS
|
||||
|
@ -800,12 +786,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
|||
#else
|
||||
ss->opt.bypassPKCS11 = on;
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ss->opt.bypassPKCS11 = PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -822,8 +806,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
|||
if (on) {
|
||||
locksEverDisabled = PR_TRUE;
|
||||
strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
|
||||
}
|
||||
else if (!holdingLocks) {
|
||||
} else if (!holdingLocks) {
|
||||
rv = ssl_MakeLocks(ss);
|
||||
if (rv != SECSuccess) {
|
||||
ss->opt.noLocks = PR_TRUE;
|
||||
|
@ -1257,12 +1240,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
|
|||
#else
|
||||
ssl_defaults.bypassPKCS11 = on;
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ssl_defaults.bypassPKCS11 = PR_FALSE;
|
||||
}
|
||||
break;
|
||||
|
@ -1384,11 +1365,9 @@ ssl_CipherPolicySet(PRInt32 which, PRInt32 policy)
|
|||
|
||||
if (ssl_IsRemovedCipherSuite(which)) {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
rv = ssl2_SetPolicy(which, policy);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
|
||||
}
|
||||
return rv;
|
||||
|
@ -1416,11 +1395,9 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
|
|||
if (ssl_IsRemovedCipherSuite(which)) {
|
||||
*oPolicy = SSL_NOT_ALLOWED;
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
rv = ssl2_GetPolicy(which, oPolicy);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
|
||||
}
|
||||
return rv;
|
||||
|
@ -1459,8 +1436,7 @@ ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
|
|||
}
|
||||
if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
rv = ssl2_CipherPrefSetDefault(which, enabled);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
|
||||
}
|
||||
return rv;
|
||||
|
@ -1489,11 +1465,9 @@ SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
|
|||
if (ssl_IsRemovedCipherSuite(which)) {
|
||||
*enabled = PR_FALSE;
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
rv = ssl2_CipherPrefGetDefault(which, enabled);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
|
||||
}
|
||||
return rv;
|
||||
|
@ -1517,8 +1491,7 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
|
|||
}
|
||||
if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
rv = ssl2_CipherPrefSet(ss, which, enabled);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
|
||||
}
|
||||
return rv;
|
||||
|
@ -1542,11 +1515,9 @@ SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
|
|||
if (ssl_IsRemovedCipherSuite(which)) {
|
||||
*enabled = PR_FALSE;
|
||||
rv = SECSuccess;
|
||||
}
|
||||
else if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
||||
rv = ssl2_CipherPrefGet(ss, which, enabled);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
|
||||
}
|
||||
return rv;
|
||||
|
@ -1763,13 +1734,11 @@ ssl3_SelectDHParams(sslSocket *ss)
|
|||
|
||||
if (ss->ssl3.dheWeakGroupEnabled) {
|
||||
ss->dheParams = gWeakDHParams;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (ss->ssl3.dheGroups) {
|
||||
selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
|
||||
ss->ssl3.numDHEGroups);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups);
|
||||
selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
|
||||
number_of_default_groups);
|
||||
|
@ -1802,8 +1771,7 @@ ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
|
|||
if (model == NULL) {
|
||||
/* Just create a default socket if we're given NULL for the model */
|
||||
ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
sslSocket *ss = ssl_FindSocket(model);
|
||||
if (ss == NULL || ss->protocolVariant != variant) {
|
||||
SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
|
||||
|
@ -1976,8 +1944,7 @@ SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
|
|||
}
|
||||
PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
|
||||
*bufLen = ss->ssl3.nextProto.len;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*bufLen = 0;
|
||||
}
|
||||
|
||||
|
@ -2017,8 +1984,7 @@ SSL_SetSRTPCiphers(PRFileDesc *fd,
|
|||
if (*srtpCipher) {
|
||||
ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
|
||||
ciphers[i];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
|
||||
"suite specified: 0x%04hx",
|
||||
SSL_GETPID(), fd,
|
||||
|
@ -2244,8 +2210,7 @@ ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant)
|
|||
vrange.max = PR_MIN(vrange.max, pvrange.max);
|
||||
if (vrange.max >= vrange.min) {
|
||||
*VERSIONS_DEFAULTS(protocolVariant) = vrange;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* there was no overlap, turn off range altogether */
|
||||
pvrange.min = pvrange.max = SSL_LIBRARY_VERSION_NONE;
|
||||
*VERSIONS_DEFAULTS(protocolVariant) = pvrange;
|
||||
|
@ -2551,8 +2516,7 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
|
|||
if (newfd == NULL) {
|
||||
SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
|
||||
SSL_GETPID(), ss->fd, PORT_GetError()));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Create ssl module */
|
||||
ns = ssl_DupSocket(ss);
|
||||
}
|
||||
|
@ -2577,8 +2541,7 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
|
|||
if (ns->opt.handshakeAsClient) {
|
||||
ns->handshake = ssl2_BeginClientHandshake;
|
||||
ss->handshaking = sslHandshakingAsClient;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
ns->handshake = ssl2_BeginServerHandshake;
|
||||
ss->handshaking = sslHandshakingAsServer;
|
||||
}
|
||||
|
@ -2611,7 +2574,7 @@ ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
|
|||
SSL_LOCK_WRITER(ss);
|
||||
|
||||
ss->cTimeout = timeout;
|
||||
rv = (PRStatus) (*ss->ops->connect)(ss, sockaddr);
|
||||
rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
|
||||
|
||||
SSL_UNLOCK_WRITER(ss);
|
||||
SSL_UNLOCK_READER(ss);
|
||||
|
@ -2632,7 +2595,7 @@ ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
|
|||
SSL_LOCK_READER(ss);
|
||||
SSL_LOCK_WRITER(ss);
|
||||
|
||||
rv = (PRStatus) (*ss->ops->bind)(ss, addr);
|
||||
rv = (PRStatus)(*ss->ops->bind)(ss, addr);
|
||||
|
||||
SSL_UNLOCK_WRITER(ss);
|
||||
SSL_UNLOCK_READER(ss);
|
||||
|
@ -2652,7 +2615,7 @@ ssl_Listen(PRFileDesc *fd, PRIntn backlog)
|
|||
SSL_LOCK_READER(ss);
|
||||
SSL_LOCK_WRITER(ss);
|
||||
|
||||
rv = (PRStatus) (*ss->ops->listen)(ss, backlog);
|
||||
rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
|
||||
|
||||
SSL_UNLOCK_WRITER(ss);
|
||||
SSL_UNLOCK_READER(ss);
|
||||
|
@ -2676,7 +2639,7 @@ ssl_Shutdown(PRFileDesc *fd, PRIntn how)
|
|||
SSL_LOCK_WRITER(ss);
|
||||
}
|
||||
|
||||
rv = (PRStatus) (*ss->ops->shutdown)(ss, how);
|
||||
rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
|
||||
|
||||
if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
|
||||
SSL_UNLOCK_WRITER(ss);
|
||||
|
@ -2709,7 +2672,7 @@ ssl_Close(PRFileDesc *fd)
|
|||
** where the LOCK calls and the corresponding UNLOCK calls are not in
|
||||
** the same function scope. The unlock calls are in ssl_FreeSocket().
|
||||
*/
|
||||
rv = (PRStatus) (*ss->ops->close)(ss);
|
||||
rv = (PRStatus)(*ss->ops->close)(ss);
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
@ -2806,7 +2769,7 @@ ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
|
|||
SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
|
||||
return PR_FAILURE;
|
||||
}
|
||||
return (PRStatus) (*ss->ops->getpeername)(ss, addr);
|
||||
return (PRStatus)(*ss->ops->getpeername)(ss, addr);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -2829,12 +2792,10 @@ ssl_GetPeerInfo(sslSocket *ss)
|
|||
if (sin.inet.family == PR_AF_INET) {
|
||||
PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
|
||||
ss->sec.ci.port = sin.inet.port;
|
||||
}
|
||||
else if (sin.ipv6.family == PR_AF_INET6) {
|
||||
} else if (sin.ipv6.family == PR_AF_INET6) {
|
||||
ss->sec.ci.peer = sin.ipv6.ip;
|
||||
ss->sec.ci.port = sin.ipv6.port;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -2851,7 +2812,7 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
|
|||
SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
|
||||
return PR_FAILURE;
|
||||
}
|
||||
return (PRStatus) (*ss->ops->getsockname)(ss, name);
|
||||
return (PRStatus)(*ss->ops->getsockname)(ss, name);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
|
@ -2969,12 +2930,10 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
|
|||
new_flags &= ~PR_POLL_RW;
|
||||
if (ss->handshaking == sslHandshakingAsClient) {
|
||||
new_flags |= PR_POLL_WRITE;
|
||||
}
|
||||
else { /* handshaking as server */
|
||||
} else { /* handshaking as server */
|
||||
new_flags |= PR_POLL_READ;
|
||||
}
|
||||
}
|
||||
else
|
||||
} else
|
||||
/* First handshake is in progress */
|
||||
if (ss->lastWriteBlocked) {
|
||||
if (new_flags & PR_POLL_READ) {
|
||||
|
@ -2986,8 +2945,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
|
|||
new_flags ^= PR_POLL_READ; /* don't select on read. */
|
||||
new_flags |= PR_POLL_WRITE; /* do select on write. */
|
||||
}
|
||||
}
|
||||
else if (new_flags & PR_POLL_WRITE) {
|
||||
} else if (new_flags & PR_POLL_WRITE) {
|
||||
/* The caller is trying to write, but the handshake is
|
||||
** blocked waiting for data to read, and the first
|
||||
** handshake has been sent. So do NOT to poll on write
|
||||
|
@ -3000,14 +2958,12 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
|
|||
new_flags |= PR_POLL_READ; /* do select on read. */
|
||||
}
|
||||
}
|
||||
}
|
||||
else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
|
||||
} else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
|
||||
*p_out_flags = PR_POLL_READ; /* it's ready already. */
|
||||
return new_flags;
|
||||
}
|
||||
else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
|
||||
(ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
|
||||
new_flags |= PR_POLL_WRITE; /* also select on write. */
|
||||
} else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
|
||||
(ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
|
||||
new_flags |= PR_POLL_WRITE; /* also select on write. */
|
||||
}
|
||||
|
||||
if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
|
||||
|
@ -3024,8 +2980,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
|
|||
* of the application spinning.
|
||||
*/
|
||||
new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Unfortunately, clearing new_flags will make it impossible for
|
||||
* the application to detect errors that it would otherwise be
|
||||
* able to detect with PR_POLL_EXCEPT, until the asynchronous
|
||||
|
@ -3052,8 +3007,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
|
|||
out_flags |= PR_POLL_READ;
|
||||
*p_out_flags = out_flags;
|
||||
new_flags = how_flags;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
*p_out_flags = lower_out_flags;
|
||||
new_flags = lower_new_flags;
|
||||
}
|
||||
|
@ -3153,8 +3107,7 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
|
|||
(PR_GetError() == PR_WOULD_BLOCK_ERROR) && \
|
||||
(sent > 0)) { \
|
||||
return sent; \
|
||||
} \
|
||||
else { \
|
||||
} else { \
|
||||
return -1; \
|
||||
} \
|
||||
} \
|
||||
|
@ -3209,15 +3162,12 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
|
|||
|
||||
if (!vectors || myIov.iov_len > limit) {
|
||||
addLen = 0;
|
||||
}
|
||||
else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
|
||||
} else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
|
||||
/* Addlen is already computed. */;
|
||||
}
|
||||
else if (vectors > 1 &&
|
||||
iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
|
||||
} else if (vectors > 1 &&
|
||||
iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
|
||||
addLen = limit - myIov.iov_len;
|
||||
}
|
||||
else
|
||||
} else
|
||||
addLen = 0;
|
||||
|
||||
if (!addLen) {
|
||||
|
@ -3237,17 +3187,14 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
|
|||
left = PR_MIN(limit, K16 - bufLen);
|
||||
if (!vectors /* no more left */
|
||||
|| myIov.iov_len > 0 /* we didn't use that one all up */
|
||||
|| bufLen >= K16 /* it's full. */ ) {
|
||||
|| bufLen >= K16 /* it's full. */) {
|
||||
addLen = 0;
|
||||
}
|
||||
else if ((addLen = iov->iov_len % K16) <= left) {
|
||||
} else if ((addLen = iov->iov_len % K16) <= left) {
|
||||
/* Addlen is already computed. */;
|
||||
}
|
||||
else if (vectors > 1 &&
|
||||
iov[1].iov_len % K16 + addLen <= left + limit) {
|
||||
} else if (vectors > 1 &&
|
||||
iov[1].iov_len % K16 + addLen <= left + limit) {
|
||||
addLen = left;
|
||||
}
|
||||
else
|
||||
} else
|
||||
addLen = 0;
|
||||
|
||||
} while (addLen);
|
||||
|
@ -3552,8 +3499,7 @@ ssl_SetDefaultsFromEnvironment(void)
|
|||
ssl_keylog_iob = fopen(ev, "a");
|
||||
if (!ssl_keylog_iob) {
|
||||
SSL_TRACE(("SSL: failed to open key log file"));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (ftell(ssl_keylog_iob) == 0) {
|
||||
fputs("# SSL/TLS secrets log file, generated by NSS\n",
|
||||
ssl_keylog_iob);
|
||||
|
|
|
@ -44,8 +44,7 @@ ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len)
|
|||
if (ss) {
|
||||
SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd,
|
||||
msg, len));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len));
|
||||
}
|
||||
memset(buf, ' ', sizeof buf);
|
||||
|
@ -78,8 +77,7 @@ PrintType(sslSocket *ss, char *msg)
|
|||
{
|
||||
if (ss) {
|
||||
SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd, msg));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg));
|
||||
}
|
||||
}
|
||||
|
@ -89,8 +87,7 @@ PrintInt(sslSocket *ss, char *msg, unsigned v)
|
|||
{
|
||||
if (ss) {
|
||||
SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd, msg, v));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v));
|
||||
}
|
||||
}
|
||||
|
@ -108,8 +105,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
|
|||
if (ss) {
|
||||
SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]",
|
||||
SSL_GETPID(), ss->fd, msg, len));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRACE(("%d: SSL: %s [Len: %d]",
|
||||
SSL_GETPID(), msg, len));
|
||||
}
|
||||
|
@ -124,8 +120,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
|
|||
if (ss) {
|
||||
SSL_TRACE(("%d: SSL[%d]: %s",
|
||||
SSL_GETPID(), ss->fd, buf));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
|
||||
}
|
||||
bp = buf;
|
||||
|
@ -136,8 +131,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
|
|||
if (ss) {
|
||||
SSL_TRACE(("%d: SSL[%d]: %s",
|
||||
SSL_GETPID(), ss->fd, buf));
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -645,8 +645,7 @@ tls13_SendServerHelloSequence(sslSocket *ss)
|
|||
if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) ||
|
||||
(ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) {
|
||||
certIndex = kt_rsa;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
certIndex = ss->ssl3.hs.kea_def->exchKeyType;
|
||||
}
|
||||
rv = ssl3_SendCertificateVerify(ss, ss->serverCerts[certIndex].SERVERKEY);
|
||||
|
@ -748,8 +747,7 @@ tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|||
if (ss->sec.isServer) {
|
||||
rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
|
||||
wait_client_cert);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
|
||||
wait_cert_request, wait_server_cert);
|
||||
}
|
||||
|
@ -767,8 +765,7 @@ tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|||
illegal_parameter);
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (!context.len || context.len != ss->ssl3.hs.certReqContextLen ||
|
||||
(NSS_SecureMemcmp(ss->ssl3.hs.certReqContext,
|
||||
context.data, context.len) != 0)) {
|
||||
|
@ -1074,8 +1071,7 @@ tls13_InitCipherSpec(sslSocket *ss, TrafficKeyType type, InstallCipherSpecDirect
|
|||
/* Generic behaviors -- common to all crypto methods */
|
||||
if (!IS_DTLS(ss)) {
|
||||
pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = 0;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (cwSpec->epoch == PR_UINT16_MAX) {
|
||||
/* The problem here is that we have rehandshaked too many
|
||||
* times (you are not allowed to wrap the epoch). The
|
||||
|
@ -1231,7 +1227,7 @@ void
|
|||
tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *offer)
|
||||
{
|
||||
SECITEM_ZfreeItem(&offer->key_exchange, PR_FALSE);
|
||||
PORT_ZFree(offer, sizeof(offer));
|
||||
PORT_ZFree(offer, sizeof(*offer));
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -1310,8 +1306,7 @@ tls13_AESGCM(ssl3KeyMaterial *keys,
|
|||
if (doDecrypt) {
|
||||
rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
|
||||
maxout, in, inlen);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
|
||||
maxout, in, inlen);
|
||||
}
|
||||
|
@ -1599,7 +1594,7 @@ tls13_SendFinished(sslSocket *ss)
|
|||
/* TODO(ekr@rtfm.com): Record key log */
|
||||
return SECSuccess;
|
||||
|
||||
alert_loser:
|
||||
alert_loser:
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
|
||||
PORT_SetError(errCode); /* Restore error code */
|
||||
return rv;
|
||||
|
@ -1660,8 +1655,7 @@ tls13_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
|
|||
}
|
||||
|
||||
rv = tls13_FinishHandshake(ss);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (ss->ssl3.hs.authCertificatePending) {
|
||||
/* TODO(ekr@rtfm.com): Handle pending auth */
|
||||
FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
|
||||
|
@ -1739,8 +1733,7 @@ tls13_SendClientSecondRound(sslSocket *ss)
|
|||
if (rv != SECSuccess) {
|
||||
goto loser; /* error code is set. */
|
||||
}
|
||||
}
|
||||
else if (sendClientCert) {
|
||||
} else if (sendClientCert) {
|
||||
rv = ssl3_SendCertificate(ss);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* error code is set. */
|
||||
|
@ -1933,8 +1926,7 @@ tls13_ProtectRecord(sslSocket *ss,
|
|||
if (cipher_def->calg == ssl_calg_null) {
|
||||
/* Shortcut for plaintext */
|
||||
cipherBytes = contentLen;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
unsigned char aad[8];
|
||||
PORT_Assert(cipher_def->type == type_aead);
|
||||
|
||||
|
@ -1972,8 +1964,7 @@ tls13_ProtectRecord(sslSocket *ss,
|
|||
(void)tls13_EncodeUintX(cwSpec->write_seq_num.high, 4, &wrBuf->buf[3]);
|
||||
(void)tls13_EncodeUintX(cwSpec->write_seq_num.low, 4, &wrBuf->buf[7]);
|
||||
(void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[11]);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
(void)tls13_EncodeUintX(kRecordVersion, 2, &wrBuf->buf[1]);
|
||||
(void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[3]);
|
||||
}
|
||||
|
@ -2029,10 +2020,8 @@ tls13_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext
|
|||
/* Decrypt */
|
||||
PORT_Assert(cipher_def->type == type_aead);
|
||||
tls13_FormatAdditionalData(aad, sizeof(aad),
|
||||
IS_DTLS(ss) ?
|
||||
cText->seq_num
|
||||
:
|
||||
crSpec->read_seq_num);
|
||||
IS_DTLS(ss) ? cText->seq_num
|
||||
: crSpec->read_seq_num);
|
||||
rv = crSpec->aead(
|
||||
ss->sec.isServer ? &crSpec->client : &crSpec->server,
|
||||
PR_TRUE, /* do decrypt */
|
||||
|
|
|
@ -60,8 +60,7 @@ tls13_HkdfExtract(PK11SymKey *ikm1, PK11SymKey *ikm2, SSLHashType baseHash,
|
|||
params.pSalt = salt->data;
|
||||
params.ulSaltLen = salt->len;
|
||||
PORT_Assert(salt->len > 0);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
/* Per documentation for CKM_NSS_HKDF_*:
|
||||
*
|
||||
* If the optional salt is given, it is used; otherwise, the salt is
|
||||
|
@ -104,8 +103,7 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
|
|||
|
||||
if (handshakeHash) {
|
||||
PORT_Assert(handshakeHashLen == kTlsHkdfInfo[baseHash].hashSize);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PORT_Assert(!handshakeHashLen);
|
||||
}
|
||||
|
||||
|
@ -185,6 +183,10 @@ tls13_HkdfExpandLabelRaw(PK11SymKey *prk, SSLHashType baseHash,
|
|||
label, labelLen,
|
||||
kTlsHkdfInfo[baseHash].pkcs11Mech, outputLen,
|
||||
&derived);
|
||||
if (rv != SECSuccess || !derived) {
|
||||
goto abort;
|
||||
}
|
||||
|
||||
rv = PK11_ExtractKeyValue(derived);
|
||||
if (rv != SECSuccess) {
|
||||
goto abort;
|
||||
|
|
Загрузка…
Ссылка в новой задаче