mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge m-c to fx-team, a=merge 

--HG--
extra : commitid : KSEbGPeZZae
This commit is contained in:
Wes Kocher 2016-01-25 14:07:49 -08:00
Родитель 3872a2da46 36c834aaa6
Коммит 9d24ca2703
273 изменённых файлов: 43253 добавлений и 43960 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
.hgtags
Просмотреть файл

@ -123,3 +123,4 @@ b297a6727acfd21e757ddd38cd61894812666265 FIREFOX_AURORA_36_BASE
fcef8ded82219c89298b4e376cfbdfba79a1d35a FIREFOX_AURORA_43_BASE
67a788db9f07822cfef52351bbbe3745dff8bd7f FIREFOX_AURORA_44_BASE
99137d6d4061f408ae0869122649d8bdf489cc30 FIREFOX_AURORA_45_BASE
67c66c2878aed17ae3096d7db483ddbb2293c503 FIREFOX_AURORA_46_BASE

2
CLOBBER
Просмотреть файл

@ -22,5 +22,5 @@
# changes to stick? As of bug 928195, this shouldn't be necessary! Please
# don't change CLOBBER for WebIDL changes any more.
Bug 1240627 - Enable AVX2 optimizations in ffvpx on Mac
Merge day clobber

3
browser/components/search/test/browser_contextmenu.js
Просмотреть файл

@ -9,6 +9,9 @@ add_task(function* () {
const ENGINE_NAME = "Foo";
var contextMenu;
// We want select events to be fired.
yield new Promise(resolve => SpecialPowers.pushPrefEnv({"set": [["dom.select_events.enabled", true]]}, resolve));
let envService = Cc["@mozilla.org/process/environment;1"].getService(Ci.nsIEnvironment);
let originalValue = envService.get("XPCSHELL_TEST_PROFILE_DIR");
envService.set("XPCSHELL_TEST_PROFILE_DIR", "1");

2
browser/config/version.txt
Просмотреть файл

@ -1 +1 @@
46.0a1
47.0a1

2
browser/config/version_display.txt
Просмотреть файл

@ -1 +1 @@
46.0a1
47.0a1

2
config/milestone.txt
Просмотреть файл

@ -10,4 +10,4 @@
# hardcoded milestones in the tree from these two files.
#--------------------------------------------------------
46.0a1
47.0a1

2
dom/bindings/BindingUtils.h
Просмотреть файл

@ -2309,7 +2309,7 @@ public:
// Rooter class for MozMap; this is what we mostly use in the codegen.
template<typename T>
class MOZ_RAII MozMapRooter : private JS::CustomAutoRooter
class MOZ_RAII MozMapRooter final : private JS::CustomAutoRooter
{
public:
MozMapRooter(JSContext *aCx, MozMap<T>* aMozMap

2
dom/bindings/TypedArray.h
Просмотреть файл

@ -412,7 +412,7 @@ private:
// Class for easily setting up a rooted typed array object on the stack
template<typename ArrayType>
class MOZ_RAII RootedTypedArray : public ArrayType,
class MOZ_RAII RootedTypedArray final : public ArrayType,
private TypedArrayRooter<ArrayType>
{
public:

3
gfx/layers/basic/BasicCompositor.cpp
Просмотреть файл

@ -549,6 +549,9 @@ BasicCompositor::BeginFrame(const nsIntRegion& aInvalidRegion,
} else {
// StartRemoteDrawingInRegion can mutate mInvalidRegion.
mDrawTarget = mWidget->StartRemoteDrawingInRegion(mInvalidRegion);
if (!mDrawTarget) {
return;
}
mInvalidRect = mInvalidRegion.GetBounds();
if (mInvalidRect.IsEmpty()) {
mWidget->EndRemoteDrawingInRegion(mDrawTarget, mInvalidRegion);

2
js/src/jit/RangeAnalysis.cpp
Просмотреть файл

@ -2087,7 +2087,7 @@ RangeAnalysis::analyzeLoopPhi(MBasicBlock* header, LoopIterationBound* loopBound
return;
if (!phi->range())
phi->setRange(new(alloc()) Range());
phi->setRange(new(alloc()) Range(phi));
LinearSum initialSum(alloc());
if (!initialSum.add(initial, 1))

64
security/nss/.clang-format Normal file
Просмотреть файл

@ -0,0 +1,64 @@
---
Language: Cpp
# BasedOnStyle: Mozilla
AccessModifierOffset: -2
AlignAfterOpenBracket: true
AlignEscapedNewlinesLeft: false
AlignOperands: true
AlignTrailingComments: true
AllowAllParametersOfDeclarationOnNextLine: false
AllowShortBlocksOnASingleLine: false
AllowShortCaseLabelsOnASingleLine: false
AllowShortIfStatementsOnASingleLine: false
AllowShortLoopsOnASingleLine: false
AllowShortFunctionsOnASingleLine: All
AlwaysBreakAfterDefinitionReturnType: true
AlwaysBreakTemplateDeclarations: false
AlwaysBreakBeforeMultilineStrings: false
BreakBeforeBinaryOperators: None
BreakBeforeTernaryOperators: true
BreakConstructorInitializersBeforeComma: false
BinPackParameters: true
BinPackArguments: true
ColumnLimit: 0
ConstructorInitializerAllOnOneLineOrOnePerLine: true
ConstructorInitializerIndentWidth: 4
DerivePointerAlignment: true
ExperimentalAutoDetectBinPacking: false
IndentCaseLabels: true
IndentWrappedFunctionNames: false
IndentFunctionDeclarationAfterType: false
MaxEmptyLinesToKeep: 1
KeepEmptyLinesAtTheStartOfBlocks: true
NamespaceIndentation: None
ObjCBlockIndentWidth: 2
ObjCSpaceAfterProperty: true
ObjCSpaceBeforeProtocolList: false
PenaltyBreakBeforeFirstCallParameter: 19
PenaltyBreakComment: 300
PenaltyBreakString: 1000
PenaltyBreakFirstLessLess: 120
PenaltyExcessCharacter: 1000000
PenaltyReturnTypeOnItsOwnLine: 200
PointerAlignment: Right
SpacesBeforeTrailingComments: 1
Cpp11BracedListStyle: false
Standard: Cpp03
IndentWidth: 4
TabWidth: 8
UseTab: Never
BreakBeforeBraces: Linux
SpacesInParentheses: false
SpacesInSquareBrackets: false
SpacesInAngles: false
SpaceInEmptyParentheses: false
SpacesInCStyleCastParentheses: false
SpaceAfterCStyleCast: false
SpacesInContainerLiterals: true
SpaceBeforeAssignmentOperators: true
ContinuationIndentWidth: 4
CommentPragmas: '^ IWYU pragma:'
ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ]
SpaceBeforeParens: ControlStatements
DisableFormat: false
...

2
security/nss/TAG-INFO
Просмотреть файл

@ -1 +1 @@
NSS_3_21_RTM
NSS_3_22_BETA2

3
security/nss/cmd/certutil/certutil.c
Просмотреть файл

@ -3496,6 +3496,9 @@ shutdown:
/* Allocated by a PL_strdup call in SECU_GetModulePassword. */
PL_strfree(pwdata.data);
}
if (email) {
PL_strfree(email);
}
/* Open the batch command file.
*

2
security/nss/cmd/certutil/keystuff.c
Просмотреть файл

@ -42,7 +42,7 @@ const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
{ 0, }
{ 0 }
};
/* returns 0 for success, -1 for failure (EOF encountered) */

575
security/nss/cmd/checkcert/checkcert.c
Просмотреть файл

@ -1,575 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "secutil.h"
#include "plgetopt.h"
#include "cert.h"
#include "secoid.h"
#include "cryptohi.h"
/* maximum supported modulus length in bits (indicate problem if over this) */
#define MAX_MODULUS (1024)
static void Usage(char *progName)
{
fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n",
progName);
fprintf(stderr, "%-20s Cert to check is base64 encoded\n",
"-a");
fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n",
"-A");
fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n",
"-v");
fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n",
"-f");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
"-o output");
fprintf(stderr, "%-20s Specify the input type (no default)\n",
"-t type");
exit(-1);
}
/*
* Check integer field named fieldName, printing out results and
* returning the length of the integer in bits
*/
static
int checkInteger(SECItem *intItem, char *fieldName, int verbose)
{
int len, bitlen;
if (verbose) {
printf("Checking %s\n", fieldName);
}
len = intItem->len;
if (len && (intItem->data[0] & 0x80)) {
printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n",
fieldName);
}
/* calculate bit length and check for unnecessary leading zeros */
bitlen = len << 3;
if (len > 1 && intItem->data[0] == 0) {
/* leading zero byte(s) */
if (!(intItem->data[1] & 0x80)) {
printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n",
fieldName);
}
/* strip leading zeros in length calculation */
{
int i=0;
while (bitlen > 8 && intItem->data[i] == 0) {
bitlen -= 8;
i++;
}
}
}
return bitlen;
}
static
void checkName(CERTName *n, char *fieldName, int verbose)
{
char *v=0;
if (verbose) {
printf("Checking %s\n", fieldName);
}
v = CERT_GetCountryName(n);
if (!v) {
printf("PROBLEM: %s lacks Country Name (C)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetOrgName(n);
if (!v) {
printf("PROBLEM: %s lacks Organization Name (O)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetOrgUnitName(n);
if (!v) {
printf("WARNING: %s lacks Organization Unit Name (OU)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetCommonName(n);
if (!v) {
printf("PROBLEM: %s lacks Common Name (CN)\n",
fieldName);
}
PORT_Free(v);
}
static
SECStatus
OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
SECItem *sig, SECAlgorithmID *sigAlgorithm)
{
SECStatus rv;
VFYContext *cx;
SECOidData *sigAlgOid, *oiddata;
SECOidTag hashAlgTag;
int showDigestOid=0;
cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag,
NULL);
if (cx == NULL)
return SECFailure;
sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm);
if (sigAlgOid == 0)
return SECFailure;
if (showDigestOid) {
oiddata = SECOID_FindOIDByTag(hashAlgTag);
if ( oiddata ) {
printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
} else {
SECU_PrintAsHex(stdout,
&oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
}
}
rv = VFY_Begin(cx);
if (rv == SECSuccess) {
rv = VFY_Update(cx, buf, len);
if (rv == SECSuccess)
rv = VFY_End(cx);
}
VFY_DestroyContext(cx, PR_TRUE);
return rv;
}
static
SECStatus
OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert)
{
SECItem sig;
SECKEYPublicKey *pubKey = 0;
SECStatus rv;
/* check the certificate's validity */
rv = CERT_CertTimesValid(cert);
if ( rv ) {
return(SECFailure);
}
/* get cert's public key */
pubKey = CERT_ExtractPublicKey(cert);
if ( !pubKey ) {
return(SECFailure);
}
/* check the signature */
sig = sd->signature;
DER_ConvertBitString(&sig);
rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig,
&sd->signatureAlgorithm);
SECKEY_DestroyPublicKey(pubKey);
if ( rv ) {
return(SECFailure);
}
return(SECSuccess);
}
static
CERTCertificate *createEmptyCertificate(void)
{
PLArenaPool *arena = 0;
CERTCertificate *c = 0;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
return 0;
}
c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
if (c) {
c->referenceCount = 1;
c->arena = arena;
} else {
PORT_FreeArena(arena,PR_TRUE);
}
return c;
}
int main(int argc, char **argv)
{
int verbose=0, force=0;
int ascii=0, issuerAscii=0;
char *progName=0;
PRFileDesc *inFile=0, *issuerCertFile=0;
SECItem derCert, derIssuerCert;
PLArenaPool *arena=0;
CERTSignedData *signedData=0;
CERTCertificate *cert=0, *issuerCert=0;
SECKEYPublicKey *rsapubkey=0;
SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption;
SECAlgorithmID sha1WithRSAEncryption, rsaEncryption;
SECItem spk;
int selfSigned=0;
int invalid=0;
char *inFileName = NULL, *issuerCertFileName = NULL;
PLOptState *optstate;
PLOptStatus status;
SECStatus rv;
PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption));
PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption));
PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption));
PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption));
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
optstate = PL_CreateOptState(argc, argv, "aAvf");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case 'v':
verbose = 1;
break;
case 'f':
force = 1;
break;
case 'a':
ascii = 1;
break;
case 'A':
issuerAscii = 1;
break;
case '\0':
if (!inFileName)
inFileName = PL_strdup(optstate->value);
else if (!issuerCertFileName)
issuerCertFileName = PL_strdup(optstate->value);
else
Usage(progName);
break;
}
}
if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) {
/* insufficient or excess args */
Usage(progName);
}
inFile = PR_Open(inFileName, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, inFileName);
exit(1);
}
issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0);
if (!issuerCertFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, issuerCertFileName);
exit(1);
}
if (SECU_ReadDERFromFile(&derCert, inFile, ascii, PR_FALSE) != SECSuccess) {
printf("Couldn't read input certificate as DER binary or base64\n");
exit(1);
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == 0) {
fprintf(stderr,"%s: can't allocate scratch arena!", progName);
exit(1);
}
if (issuerCertFile) {
CERTSignedData *issuerCertSD=0;
if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii,
PR_FALSE) != SECSuccess) {
printf("Couldn't read issuer certificate as DER binary or base64.\n");
exit(1);
}
issuerCertSD = PORT_ArenaZNew(arena, CERTSignedData);
if (!issuerCertSD) {
fprintf(stderr,"%s: can't allocate issuer signed data!", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, issuerCertSD,
SEC_ASN1_GET(CERT_SignedDataTemplate),
&derIssuerCert);
if (rv) {
fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n",
progName);
exit(1);
}
issuerCert = createEmptyCertificate();
if (!issuerCert) {
printf("%s: can't allocate space for issuer cert.", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, issuerCert,
SEC_ASN1_GET(CERT_CertificateTemplate),
&issuerCertSD->data);
if (rv) {
printf("%s: Does not appear to be an X509 Certificate.\n",
progName);
exit(1);
}
}
signedData = PORT_ArenaZNew(arena,CERTSignedData);
if (!signedData) {
fprintf(stderr,"%s: can't allocate signedData!", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, signedData,
SEC_ASN1_GET(CERT_SignedDataTemplate),
&derCert);
if (rv) {
fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n",
progName);
exit(1);
}
if (verbose) {
printf("Decoded ok as X509 SIGNED data.\n");
}
cert = createEmptyCertificate();
if (!cert) {
fprintf(stderr, "%s: can't allocate cert", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, cert,
SEC_ASN1_GET(CERT_CertificateTemplate),
&signedData->data);
if (rv) {
fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n",
progName);
exit(1);
}
if (verbose) {
printf("Decoded ok as an X509 certificate.\n");
}
SECU_RegisterDynamicOids();
rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0,
(SECU_PPFunc)SECU_PrintCertificate);
if (rv) {
fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n",
progName, PORT_GetError());
if (!force) {
exit(1);
}
}
/* Do various checks on the cert */
printf("\n");
/* Check algorithms */
rv = SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption,
SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL);
if (rv) {
fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION.\n",
progName);
exit(1);
}
rv = SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption,
SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL);
if (rv) {
fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION.\n",
progName);
exit(1);
}
rv = SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption,
SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL);
if (rv) {
fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION.\n",
progName);
exit(1);
}
rv = SECOID_SetAlgorithmID(arena, &rsaEncryption,
SEC_OID_PKCS1_RSA_ENCRYPTION, NULL);
if (rv) {
fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_RSA_ENCRYPTION.\n",
progName);
exit(1);
}
{
int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature,
&md5WithRSAEncryption) == 0);
int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature,
&md2WithRSAEncryption) == 0);
int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature,
&sha1WithRSAEncryption) == 0);
if (verbose) {
printf("\nDoing algorithm checks.\n");
}
if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) {
printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n");
} else if (!isMD5RSA) {
printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n");
}
if (SECOID_CompareAlgorithmID(&cert->signature,
&signedData->signatureAlgorithm)) {
printf("PROBLEM: Algorithm in sig and certInfo don't match.\n");
}
}
if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm,
&rsaEncryption)) {
printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n");
}
/* Check further public key properties */
spk = cert->subjectPublicKeyInfo.subjectPublicKey;
DER_ConvertBitString(&spk);
if (verbose) {
printf("\nsubjectPublicKey DER\n");
rv = DER_PrettyPrint(stdout, &spk, PR_FALSE);
printf("\n");
}
rsapubkey = (SECKEYPublicKey *)
PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey));
if (!rsapubkey) {
fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, rsapubkey,
SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk);
if (rv) {
printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n");
} else {
int mlen;
int pubexp;
if (verbose) {
printf("Decoded RSA Public Key ok. Doing key checks.\n");
}
PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */
mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose);
printf("INFO: Public Key modulus length in bits: %d\n", mlen);
if (mlen > MAX_MODULUS) {
printf("PROBLEM: Modulus length exceeds %d bits.\n",
MAX_MODULUS);
}
if (mlen < 512) {
printf("WARNING: Short modulus.\n");
}
if (mlen != (1 << (ffs(mlen)-1))) {
printf("WARNING: Unusual modulus length (not a power of two).\n");
}
checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent",
verbose);
pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent);
if (pubexp != 17 && pubexp != 3 && pubexp != 65537) {
printf("WARNING: Public exponent not any of: 3, 17, 65537\n");
}
}
/* Name checks */
checkName(&cert->issuer, "Issuer Name", verbose);
checkName(&cert->subject, "Subject Name", verbose);
if (issuerCert) {
SECComparison c =
CERT_CompareName(&cert->issuer, &issuerCert->subject);
if (c) {
printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n");
}
}
/* Check if self-signed */
selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0);
if (selfSigned) {
printf("INFO: Certificate is self signed.\n");
} else {
printf("INFO: Certificate is NOT self-signed.\n");
}
/* Validity time check */
if (CERT_CertTimesValid(cert) == SECSuccess) {
printf("INFO: Inside validity period of certificate.\n");
} else {
printf("PROBLEM: Not in validity period of certificate.\n");
invalid = 1;
}
/* Signature check if self-signed */
if (selfSigned && !invalid) {
if (rsapubkey->u.rsa.modulus.len) {
SECStatus ver;
if (verbose) {
printf("Checking self signature.\n");
}
ver = OurVerifySignedData(signedData, cert);
if (ver != SECSuccess) {
printf("PROBLEM: Verification of self-signature failed!\n");
} else {
printf("INFO: Self-signature verifies ok.\n");
}
} else {
printf("INFO: Not checking signature due to key problems.\n");
}
} else if (!selfSigned && !invalid && issuerCert) {
SECStatus ver;
ver = OurVerifySignedData(signedData, issuerCert);
if (ver != SECSuccess) {
printf("PROBLEM: Verification of issuer's signature failed!\n");
} else {
printf("INFO: Issuer's signature verifies ok.\n");
}
} else {
printf("INFO: Not checking signature.\n");
}
return 0;
}

19
security/nss/cmd/checkcert/manifest.mn
Просмотреть файл

@ -1,19 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = nss
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
REQUIRES = seccmd dbm
DEFINES = -DNSPR20
CSRCS = checkcert.c
PROGRAM = checkcert

6
security/nss/cmd/fipstest/fipstest.c
Просмотреть файл

@ -5344,9 +5344,9 @@ rsa_siggen_test(char *reqfn)
NSSLOWKEYPublicKey * rsa_public_key;
NSSLOWKEYPrivateKey * rsa_private_key;
NSSLOWKEYPrivateKey low_RSA_private_key = { NULL,
NSSLOWKEYRSAKey, };
NSSLOWKEYRSAKey };
NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
NSSLOWKEYRSAKey, };
NSSLOWKEYRSAKey };
low_RSA_private_key.u.rsa = *rsaBlapiPrivKey;
low_RSA_public_key.u.rsa = *rsaBlapiPublicKey;
@ -5610,7 +5610,7 @@ rsa_sigver_test(char *reqfn)
SECStatus rv = SECFailure;
NSSLOWKEYPublicKey * rsa_public_key;
NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
NSSLOWKEYRSAKey, };
NSSLOWKEYRSAKey };
/* convert to a low RSA public key */
low_RSA_public_key.u.rsa = rsaBlapiPublicKey;

30
security/nss/cmd/lib/derprint.c
Просмотреть файл

@ -30,6 +30,13 @@ getInteger256(const unsigned char *data, unsigned int nb)
val = (data[0] << 16) | (data[1] << 8) | data[2];
break;
case 4:
/* If the most significant bit of data[0] is 1, val would be negative.
* Treat it as an error.
*/
if (data[0] & 0x80) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
break;
default:
@ -232,6 +239,10 @@ prettyPrintObjectID(FILE *out, const unsigned char *data,
if (rv < 0)
return rv;
if (len == 0) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
val = data[0];
i = val % 40;
val = val / 40;
@ -282,24 +293,17 @@ prettyPrintObjectID(FILE *out, const unsigned char *data,
}
}
/*
* Finally, on a new line, print the raw bytes (if requested).
*/
if (raw) {
rv = prettyNewline(out);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
if (rv < 0)
return rv;
}
for (i = 0; i < len; i++) {
rv = prettyPrintByte(out, *data++, level);
if (raw) {
rv = prettyPrintLeaf(out, data, len, level);
if (rv < 0)
return rv;
}
}
return prettyNewline(out);
return 0;
}
static char *prettyTagType [32] = {
@ -423,6 +427,7 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end
*indefinitep = PR_FALSE;
lbyte = *data++;
lenLen = 1;
if (lbyte >= 0x80) {
/* Multibyte length */
unsigned nb = (unsigned) (lbyte & 0x7f);
@ -444,7 +449,7 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end
*lenp = 0;
*indefinitep = PR_TRUE;
}
lenLen = nb + 1;
lenLen += nb;
if (raw) {
unsigned int i;
@ -459,7 +464,6 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end
}
} else {
*lenp = lbyte;
lenLen = 1;
if (raw) {
rv = prettyPrintByte(out, lbyte, lv);
if (rv < 0)

5
security/nss/cmd/lib/secutil.c
Просмотреть файл

@ -420,6 +420,9 @@ SECU_DefaultSSLDir(void)
if (!dir)
return NULL;
if (strlen(dir) >= PR_ARRAY_SIZE(sslDir)) {
return NULL;
}
sprintf(sslDir, "%s", dir);
if (sslDir[strlen(sslDir)-1] == '/')
@ -3300,6 +3303,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
errstr = "[unknown usage].";
break;
}
break;
case SEC_ERROR_INADEQUATE_CERT_TYPE:
flags = (unsigned int)((char *)node->arg - (char *)NULL);
switch (flags) {
@ -3326,6 +3330,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
errstr = "[unknown usage].";
break;
}
break;
case SEC_ERROR_UNKNOWN_ISSUER:
case SEC_ERROR_UNTRUSTED_ISSUER:
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:

2
security/nss/cmd/libpkix/pkixutil/pkixutil.c
Просмотреть файл

@ -154,7 +154,7 @@ testFunctionRef testFnRefTable[] = {
{"test_mutex3", test_mutex3},
{"test_object", test_object},
{"test_oid", test_oid},
/* {"test_rwlock", test_rwlock, }*/
/* {"test_rwlock", test_rwlock }*/
{"test_string", test_string},
{"test_string2", test_string2},
{"build_chain", build_chain},

2
security/nss/cmd/makepqg/makepqg.c
Просмотреть файл

@ -28,7 +28,7 @@ const SEC_ASN1Template seckey_PQGParamsTemplate[] = {
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
{ 0, }
{ 0 }
};

38
security/nss/cmd/manifest.mn
Просмотреть файл

@ -6,16 +6,36 @@
DEPTH = ..
# MODULE = seccmd
REQUIRES = nss nspr libdbm
SOFTOKEN_SRCDIRS=
NSS_SRCDIRS=
LIB_SRCDIRS=
DIRS = lib \
ifdef NSS_BUILD_UTIL_ONLY
REQUIRES = nspr
else
REQUIRES = nss nspr libdbm
LIB_SRCDIRS = \
lib \
$(NULL)
endif
ifndef NSS_BUILD_UTIL_ONLY
SOFTOKEN_SRCDIRS = \
$(BLTEST_SRCDIR) \
$(FIPSTEST_SRCDIR) \
$(LOWHASHTEST_SRCDIR) \
$(SHLIBSIGN_SRCDIR) \
$(NULL)
endif
ifndef NSS_BUILD_SOFTOKEN_ONLY
ifndef NSS_BUILD_UTIL_ONLY
NSS_SRCDIRS = \
addbuiltin \
atob \
$(BLTEST_SRCDIR) \
btoa \
certcgi \
certutil \
checkcert \
chktest \
crlutil \
crmftest \
@ -23,8 +43,6 @@ DIRS = lib \
derdump \
digest \
httpserv \
$(FIPSTEST_SRCDIR) \
$(LOWHASHTEST_SRCDIR) \
listsuites \
makepqg \
multinit \
@ -47,7 +65,6 @@ DIRS = lib \
selfserv \
signtool \
signver \
$(SHLIBSIGN_SRCDIR) \
smimetools \
ssltap \
strsclnt \
@ -58,6 +75,13 @@ DIRS = lib \
vfyserv \
modutil \
$(NULL)
endif
endif
DIRS = \
$(LIB_SRCDIRS) \
$(SOFTOKEN_SRCDIRS) \
$(NSS_SRCDIRS)
TEMPORARILY_DONT_BUILD = \
$(NULL)

60
security/nss/cmd/modutil/install-ds.c
Просмотреть файл

@ -193,8 +193,7 @@ Pk11Install_File_Generate(Pk11Install_File* _this,
goto loser;
}
_this->relativePath = PR_Strdup(subval->string);
Pk11Install_ListIter_delete(subiter);
subiter = NULL;
Pk11Install_ListIter_delete(&subiter);
/* Absolute directory */
} else if( !PORT_Strcasecmp(subpair->key, ABSOLUTE_DIR_STRING)) {
@ -206,8 +205,7 @@ Pk11Install_File_Generate(Pk11Install_File* _this,
goto loser;
}
_this->absolutePath = PR_Strdup(subval->string);
Pk11Install_ListIter_delete(subiter);
subiter = NULL;
Pk11Install_ListIter_delete(&subiter);
/* file permissions */
} else if( !PORT_Strcasecmp(subpair->key,
@ -227,8 +225,7 @@ Pk11Install_File_Generate(Pk11Install_File* _this,
goto loser;
}
gotPerms = PR_TRUE;
Pk11Install_ListIter_delete(subiter);
subiter = NULL;
Pk11Install_ListIter_delete(&subiter);
}
} else {
if(!PORT_Strcasecmp(val->string, EXECUTABLE_STRING)) {
@ -260,12 +257,10 @@ Pk11Install_File_Generate(Pk11Install_File* _this,
loser:
if(iter) {
Pk11Install_ListIter_delete(iter);
PR_Free(iter);
Pk11Install_ListIter_delete(&iter);
}
if(subiter) {
Pk11Install_ListIter_delete(subiter);
PR_Free(subiter);
Pk11Install_ListIter_delete(&subiter);
}
return errStr;
}
@ -636,12 +631,15 @@ Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this)
void
Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad)
{
char *str = NULL;
PAD(pad); printf("OS: %s\n", _this->OS ? _this->OS : "<NULL>");
PAD(pad); printf("Digits: ");
if(_this->numDigits == 0) {
printf("None\n");
} else {
printf("%s\n", Pk11Install_PlatformName_GetVerString(_this));
str = Pk11Install_PlatformName_GetVerString(_this);
printf("%s\n", str);
PR_Free(str);
}
PAD(pad); printf("arch: %s\n", _this->arch ? _this->arch : "<NULL>");
}
@ -770,9 +768,7 @@ Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
goto loser;
}
_this->moduleFile = PR_Strdup(subval->string);
Pk11Install_ListIter_delete(subiter);
PR_Free(subiter);
subiter = NULL;
Pk11Install_ListIter_delete(&subiter);
gotModuleFile = PR_TRUE;
} else if(!PORT_Strcasecmp(subpair->key, MODULE_NAME_STRING)){
if(gotModuleName) {
@ -788,9 +784,7 @@ Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
goto loser;
}
_this->moduleName = PR_Strdup(subval->string);
Pk11Install_ListIter_delete(subiter);
PR_Free(subiter);
subiter = NULL;
Pk11Install_ListIter_delete(&subiter);
gotModuleName = PR_TRUE;
} else if(!PORT_Strcasecmp(subpair->key, MECH_FLAGS_STRING)) {
endptr=NULL;
@ -813,9 +807,7 @@ Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
}
Pk11Install_ListIter_delete(subiter);
PR_Free(subiter);
subiter=NULL;
Pk11Install_ListIter_delete(&subiter);
gotMech = PR_TRUE;
} else if(!PORT_Strcasecmp(subpair->key,CIPHER_FLAGS_STRING)) {
endptr=NULL;
@ -838,9 +830,7 @@ Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
}
Pk11Install_ListIter_delete(subiter);
PR_Free(subiter);
subiter=NULL;
Pk11Install_ListIter_delete(&subiter);
gotCipher = PR_TRUE;
} else if(!PORT_Strcasecmp(subpair->key, FILES_STRING)) {
if(gotFiles) {
@ -1089,9 +1079,7 @@ Pk11Install_Info_Generate(Pk11Install_Info* _this,
}
}
}
Pk11Install_ListIter_delete(subiter);
PR_Free(subiter);
subiter = NULL;
Pk11Install_ListIter_delete(&subiter);
} else if(!PORT_Strcasecmp(pair->key, PLATFORMS_STRING)) {
subiter = Pk11Install_ListIter_new(pair->list);
_this->numPlatforms = pair->list->numPairs;
@ -1109,9 +1097,7 @@ Pk11Install_Info_Generate(Pk11Install_Info* _this,
}
}
}
Pk11Install_ListIter_delete(subiter);
PR_Free(subiter);
subiter = NULL;
Pk11Install_ListIter_delete(&subiter);
}
}
}
@ -1192,14 +1178,10 @@ Pk11Install_Info_Generate(Pk11Install_Info* _this,
loser:
if(iter) {
Pk11Install_ListIter_delete(iter);
PR_Free(iter);
iter = NULL;
Pk11Install_ListIter_delete(&iter);
}
if(subiter) {
Pk11Install_ListIter_delete(subiter);
PR_Free(subiter);
subiter = NULL;
Pk11Install_ListIter_delete(&subiter);
}
return errStr;
}
@ -1348,10 +1330,12 @@ Pk11Install_ListIter_new(const Pk11Install_ValueList *_list)
/****************************************************************************/
void
Pk11Install_ListIter_delete(Pk11Install_ListIter* _this)
Pk11Install_ListIter_delete(Pk11Install_ListIter** _this)
{
_this->list=NULL;
_this->current=NULL;
(*_this)->list=NULL;
(*_this)->current=NULL;
PR_Free(*_this);
*_this=NULL;
}
/****************************************************************************/

2
security/nss/cmd/modutil/install-ds.h
Просмотреть файл

@ -124,7 +124,7 @@ Pk11Install_ListIter_init(Pk11Install_ListIter* _this);
Pk11Install_ListIter*
Pk11Install_ListIter_new(const Pk11Install_ValueList* _list);
void
Pk11Install_ListIter_delete(Pk11Install_ListIter* _this);
Pk11Install_ListIter_delete(Pk11Install_ListIter** _this);
void
Pk11Install_ListIter_reset(Pk11Install_ListIter* _this);
Pk11Install_Value*

4
security/nss/cmd/pk1sign/pk1sign.c
Просмотреть файл

@ -44,8 +44,8 @@ SEC_ASN1Template CERTSignatureDataTemplate[] =
offsetof(CERTSignedData,signatureAlgorithm),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_BIT_STRING,
offsetof(CERTSignedData,signature), },
{ 0, }
offsetof(CERTSignedData,signature) },
{ 0 }
};

105
security/nss/cmd/platlibs.mk
Просмотреть файл

@ -51,6 +51,7 @@ EXTRA_SHARED_LIBS += \
$(NULL)
endif
ifndef NSS_BUILD_SOFTOKEN_ONLY
PKIXLIB = \
$(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixutil.$(LIB_SUFFIX) \
@ -64,35 +65,100 @@ PKIXLIB = \
$(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixresults.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixcertsel.$(LIB_SUFFIX)
endif
# can't do this in manifest.mn because OS_ARCH isn't defined there.
NSS_LIBS_1=
SECTOOL_LIB=
NSS_LIBS_2=
NSS_LIBS_3=
NSS_LIBS_4=
ifneq ($(NSS_BUILD_UTIL_ONLY),1)
SECTOOL_LIB = \
$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
$(NULL)
else
SECTOOL_LIB = \
$(NULL)
endif
ifneq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
ifeq ($(OS_ARCH), WINNT)
EXTRA_LIBS += \
# breakdown for windows
NSS_LIBS_1 = \
$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
$(NULL)
NSS_LIBS_2 = \
$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
$(SOFTOKENLIB) \
$(CRYPTOLIB) \
$(NULL)
NSS_LIBS_3 = \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
$(PKIXLIB) \
$(DBMLIB) \
$(NULL)
NSS_LIBS_4 = \
$(SQLITE_LIB_DIR)/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \
$(NSSUTIL_LIB_DIR)/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
$(NULL)
else
# breakdown for others
NSS_LIBS_1 = \
$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
$(NULL)
SECTOOL_LIB = \
$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
$(NULL)
NSS_LIBS_2 = \
$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
$(NULL)
NSS_LIBS_3 = \
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
$(NULL)
NSS_LIBS_4 = \
$(DBMLIB) \
$(PKIXLIB) \
$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
$(NULL)
endif
endif
# can't do this in manifest.mn because OS_ARCH isn't defined there.
ifeq ($(OS_ARCH), WINNT)
EXTRA_LIBS += \
$(NSS_LIBS_1) \
$(SECTOOL_LIB) \
$(NSS_LIBS_2) \
$(SOFTOKENLIB) \
$(CRYPTOLIB) \
$(NSS_LIBS_3) \
$(NSS_LIBS_4) \
$(NULL)
# $(PROGRAM) has NO explicit dependencies on $(OS_LIBS)
#OS_LIBS += \
@ -102,30 +168,13 @@ EXTRA_LIBS += \
else
EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
$(NSS_LIBS_1) \
$(SECTOOL_LIB) \
$(NSS_LIBS_2) \
$(SOFTOKENLIB) \
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
$(NSS_LIBS_3) \
$(CRYPTOLIB) \
$(DBMLIB) \
$(PKIXLIB) \
$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
$(NSS_LIBS_4) \
$(NULL)
ifeq ($(OS_ARCH), AIX)

1
security/nss/cmd/selfserv/selfserv.c
Просмотреть файл

@ -225,6 +225,7 @@ PrintParameterUsage()
"-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
"-c Restrict ciphers\n"
"-Y prints cipher values allowed for parameter -c and exits\n"
"-G enables the extended master secret extension [RFC7627]\n"
, stderr);
}

23
security/nss/cmd/tstclnt/tstclnt.c
Просмотреть файл

@ -110,6 +110,7 @@ void printSecurityInfo(PRFileDesc *fd)
{
CERTCertificate * cert;
const SECItemArray *csa;
const SECItem *scts;
SSL3Statistics * ssl3stats = SSL_GetStatistics();
SECStatus result;
SSLChannelInfo channel;
@ -162,6 +163,11 @@ void printSecurityInfo(PRFileDesc *fd)
fprintf(stderr, "Received %d Cert Status items (OCSP stapled data)\n",
csa->len);
}
scts = SSL_PeerSignedCertTimestamps(fd);
if (scts && scts->len) {
fprintf(stderr, "Received a Signed Certificate Timestamp of length"
" %u\n", scts->len);
}
}
void
@ -184,7 +190,7 @@ static void PrintUsageHeader(const char *progName)
"Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
"[-D | -d certdir] [-C] [-b | -R root-module] \n"
"[-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n"
"[-V [min-version]:[max-version]] [-K] [-T]\n"
"[-V [min-version]:[max-version]] [-K] [-T] [-U]\n"
"[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n",
progName);
}
@ -232,6 +238,7 @@ static void PrintParameterUsage(void)
fprintf(stderr, "%-20s Enable compression.\n", "-z");
fprintf(stderr, "%-20s Enable false start.\n", "-g");
fprintf(stderr, "%-20s Enable the cert_status extension (OCSP stapling).\n", "-T");
fprintf(stderr, "%-20s Enable the signed_certificate_timestamp extension.\n", "-U");
fprintf(stderr, "%-20s Enable the extended master secret extension (session hash).\n", "-G");
fprintf(stderr, "%-20s Require fresh revocation info from side channel.\n"
"%-20s -F once means: require for server cert only\n"
@ -250,6 +257,7 @@ static void PrintParameterUsage(void)
fprintf(stderr, "%-20s Enforce using an IPv4 destination address\n", "-4");
fprintf(stderr, "%-20s Enforce using an IPv6 destination address\n", "-6");
fprintf(stderr, "%-20s (Options -4 and -6 cannot be combined.)\n", "");
fprintf(stderr, "%-20s Enable the extended master secret extension [RFC7627]\n", "-G");
}
static void Usage(const char *progName)
@ -920,6 +928,7 @@ int main(int argc, char **argv)
int enableCompression = 0;
int enableFalseStart = 0;
int enableCertStatus = 0;
int enableSignedCertTimestamps = 0;
int forceFallbackSCSV = 0;
int enableExtendedMasterSecret = 0;
PRSocketOptionData opt;
@ -970,7 +979,7 @@ int main(int argc, char **argv)
SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
optstate = PL_CreateOptState(argc, argv,
"46BCDFGKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz");
"46BCDFGKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
@ -1023,6 +1032,8 @@ int main(int argc, char **argv)
case 'T': enableCertStatus = 1; break;
case 'U': enableSignedCertTimestamps = 1; break;
case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value,
enabledVersions, enableSSL2,
&enabledVersions, &enableSSL2) != SECSuccess) {
@ -1400,6 +1411,14 @@ int main(int argc, char **argv)
}
}
/* enable Signed Certificate Timestamps. */
rv = SSL_OptionSet(s, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
enableSignedCertTimestamps);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling signed cert timestamps");
return 1;
}
SSL_SetPKCS11PinArg(s, &pwdata);
serverCertAuth.dbHandle = CERT_GetDefaultCertDB();

2
security/nss/coreconf/WIN32.mk
Просмотреть файл

@ -104,7 +104,7 @@ endif
DLL_SUFFIX = dll
ifdef NS_USE_GCC
OS_CFLAGS += -mwindows -mms-bitfields -Werror
OS_CFLAGS += -mwindows -mms-bitfields
_GEN_IMPORT_LIB=-Wl,--out-implib,$(IMPORT_LIBRARY)
DLLFLAGS += -mwindows -o $@ -shared -Wl,--export-all-symbols $(if $(IMPORT_LIBRARY),$(_GEN_IMPORT_LIB))
ifdef BUILD_OPT

2
security/nss/coreconf/Werror.mk
Просмотреть файл

@ -21,7 +21,7 @@ ifndef WARNING_CFLAGS
# and fixing this would require rearchitecture
WARNING_CFLAGS += -Qunused-arguments
# -Wno-parentheses-equality : because clang warns about macro expansions
OS_CFLAGS += $(call disable_warning,parentheses-equality)
WARNING_CFLAGS += $(call disable_warning,parentheses-equality)
ifdef BUILD_OPT
# clang is unable to handle glib's expansion of strcmp and similar for optimized
# builds, so ignore the resulting errors.

1
security/nss/coreconf/coreconf.dep
Просмотреть файл

@ -10,3 +10,4 @@
*/
#error "Do not include this header file."

4
security/nss/external_tests/README
Просмотреть файл

@ -2,8 +2,8 @@ GTest-based Unit Tests
This directory contains GTest-based unit tests for NSS libssl.
These aren't built by default, because they require C++.
To build them, set ``NSS_BUILD_GTESTS=1''
If your environment doesn't have C++ compiler suitable to build these tests,
you may disable them using ``NSS_DISABLE_GTESTS=1''
Once built, they are run as part of running ``test/all.sh''
You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh''

27
security/nss/external_tests/common/gtest.mk Normal file
Просмотреть файл

@ -0,0 +1,27 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
include ../../cmd/platlibs.mk
include ../../cmd/platrules.mk
MKPROG = $(CCC)
MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
ifeq (WINNT,$(OS_ARCH))
# -EHsc because gtest has exception handlers
OS_CFLAGS += -EHsc -nologo
# http://www.suodenjoki.dk/us/archive/2010/min-max.htm
OS_CFLAGS += -DNOMINMAX
# Linking to winsock to get htonl
OS_LIBS += Ws2_32.lib
# On windows, we need to create the parent directory
# Needed because we include files from a subdirectory
MAKE_OBJDIR = $(INSTALL) -D $(dir $@)
else
CXXFLAGS += -std=c++0x
endif

45
security/nss/external_tests/common/scoped_ptrs.h Normal file
Просмотреть файл

@ -0,0 +1,45 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef scoped_ptrs_h__
#define scoped_ptrs_h__
#include "keyhi.h"
namespace nss_test {
struct ScopedDelete {
void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); }
void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
void operator()(CERTSubjectPublicKeyInfo* spki) {
SECKEY_DestroySubjectPublicKeyInfo(spki);
}
};
template<class T>
struct ScopedMaybeDelete {
void operator()(T* ptr) { if (ptr) { ScopedDelete del; del(ptr); } }
};
#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped ## x
SCOPED(PK11SlotInfo);
SCOPED(SECItem);
SCOPED(PK11SymKey);
SCOPED(SECKEYPublicKey);
SCOPED(SECKEYPrivateKey);
SCOPED(SECAlgorithmID);
SCOPED(CERTSubjectPublicKeyInfo);
#undef SCOPED
} // namespace nss_test
#endif

10
security/nss/external_tests/google_test/Makefile
Просмотреть файл

@ -26,6 +26,7 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../common/gtest.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
@ -41,12 +42,3 @@ include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
ifeq (WINNT,$(OS_ARCH))
# -EHsc because gtest has exception handlers
OS_CFLAGS += -EHsc
# On windows, we need to create the parent directory
# Needed because we include files from a subdirectory
MAKE_OBJDIR = $(INSTALL) -D $(dir $@)
endif

1
security/nss/external_tests/manifest.mn
Просмотреть файл

@ -7,5 +7,6 @@ DEPTH = ..
DIRS = \
google_test \
pk11_gtest \
ssl_gtest \
$(NULL)

8
security/nss/cmd/checkcert/Makefile → security/nss/external_tests/pk11_gtest/Makefile
Просмотреть файл

@ -20,11 +20,12 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../platlibs.mk
include ../common/gtest.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
@ -37,12 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include ../platrules.mk

22
security/nss/external_tests/pk11_gtest/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,22 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
DEPTH = ../..
MODULE = nss
CPPSRCS = \
pk11_pbkdf2_unittest.cc \
pk11_prf_unittest.cc \
pk11_rsapss_unittest.cc \
pk11_gtest.cc \
$(NULL)
INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
-I$(CORE_DEPTH)/external_tests/common
REQUIRES = nspr nss libdbm gtest
PROGRAM = pk11_gtest
EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX)

21
security/nss/external_tests/pk11_gtest/pk11_gtest.cc Normal file
Просмотреть файл

@ -0,0 +1,21 @@
#include "nspr.h"
#include "nss.h"
#include "ssl.h"
#include <cstdlib>
#define GTEST_HAS_RTTI 0
#include "gtest/gtest.h"
int main(int argc, char **argv) {
// Start the tests
::testing::InitGoogleTest(&argc, argv);
NSS_NoDB_Init(nullptr);
NSS_SetDomesticPolicy();
int rv = RUN_ALL_TESTS();
NSS_Shutdown();
return rv;
}

100
security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc Normal file
Просмотреть файл

@ -0,0 +1,100 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nss.h"
#include "pk11pub.h"
#include <memory>
#include "gtest/gtest.h"
#include "scoped_ptrs.h"
namespace nss_test {
static unsigned char* ToUcharPtr(std::string& str) {
return const_cast<unsigned char*>(
reinterpret_cast<const unsigned char*>(str.c_str()));
}
class Pkcs11Pbkdf2Test : public ::testing::Test {
public:
void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg)
{
// Shared between test vectors.
const unsigned int iterations = 4096;
std::string pass("passwordPASSWORDpassword");
std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt");
// Derivation must succeed with the right values.
EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, iterations));
// Derivation must fail when the password is bogus.
std::string bogusPass("PasswordPASSWORDpassword");
EXPECT_FALSE(DeriveBytes(bogusPass, salt, derived, hash_alg, iterations));
// Derivation must fail when the salt is bogus.
std::string bogusSalt("SaltSALTsaltSALTsaltSALTsaltSALTsalt");
EXPECT_FALSE(DeriveBytes(pass, bogusSalt, derived, hash_alg, iterations));
// Derivation must fail when using the wrong hash function.
SECOidTag next_hash_alg = static_cast<SECOidTag>(hash_alg + 1);
EXPECT_FALSE(DeriveBytes(pass, salt, derived, next_hash_alg, iterations));
// Derivation must fail when using the wrong number of iterations.
EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, iterations + 1));
}
private:
bool DeriveBytes(std::string& pass, std::string& salt,
std::vector<uint8_t>& derived, SECOidTag hash_alg,
unsigned int iterations)
{
SECItem passItem = { siBuffer, ToUcharPtr(pass),
static_cast<unsigned int>(pass.length()) };
SECItem saltItem = { siBuffer, ToUcharPtr(salt),
static_cast<unsigned int>(salt.length()) };
// Set up PBKDF2 params.
ScopedSECAlgorithmID alg_id(
PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
derived.size(), iterations, &saltItem));
// Derive.
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
ScopedPK11SymKey symKey(
PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr));
SECStatus rv = PK11_ExtractKeyValue(symKey.get());
EXPECT_EQ(rv, SECSuccess);
SECItem* keyData = PK11_GetKeyData(symKey.get());
return !memcmp(&derived[0], keyData->data, keyData->len);
}
};
// RFC 6070 <http://tools.ietf.org/html/rfc6070>
TEST_F(Pkcs11Pbkdf2Test, DeriveKnown1) {
std::vector<uint8_t> derived = {
0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 0x80, 0xc8, 0xd8, 0x36,
0x62, 0xc0, 0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 0x38
};
Derive(derived, SEC_OID_HMAC_SHA1);
}
// https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
TEST_F(Pkcs11Pbkdf2Test, DeriveKnown2) {
std::vector<uint8_t> derived = {
0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8,
0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd, 0x53, 0xe1, 0xc6, 0x35, 0x51, 0x8c,
0x7d, 0xac, 0x47, 0xe9
};
Derive(derived, SEC_OID_HMAC_SHA256);
}
} // namespace nss_test

7
security/nss/external_tests/ssl_gtest/ssl_prf_unittest.cc → security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
Просмотреть файл

@ -8,13 +8,10 @@
#include "pk11pub.h"
#include <memory>
#include "gtest_utils.h"
#include "gtest/gtest.h"
namespace nss_test {
#define CONST_UINT8_TO_UCHAR(a) const_cast<unsigned char*>( \
static_cast<const unsigned char *>(a))
const size_t kPmsSize = 48;
const size_t kMasterSecretSize = 48;
const size_t kPrfSeedSizeSha256 = 32;
@ -143,7 +140,7 @@ class TlsPrfTest : public ::testing::Test {
CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS master_params = {
hash_mech,
toUcharPtr(kPrfSeed),
seed_len,
static_cast<CK_ULONG>(seed_len),
version
};
params_.data = reinterpret_cast<unsigned char*>(&master_params);

246
security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc Normal file
Просмотреть файл

@ -0,0 +1,246 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nss.h"
#include "pk11pub.h"
#include "sechash.h"
#include <memory>
#include "gtest/gtest.h"
#include "scoped_ptrs.h"
namespace nss_test {
// RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair
// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
const uint8_t kTestVector1Spki[] = {
0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52,
0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56,
0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94,
0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0,
0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5,
0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70,
0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0,
0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22,
0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
0x37, 0x02, 0x03, 0x01, 0x00, 0x01
};
// RSA-PSS test vectors, pss-vect.txt, Example 1.1
const uint8_t kTestVector1Data[] = {
0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb, 0xbc,
0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54, 0x75, 0xcc,
0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c, 0xe2, 0x39, 0x2e,
0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15, 0x6a, 0x0d, 0x8d, 0x52,
0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09, 0x57, 0x86, 0xcb, 0x76, 0x97,
0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe, 0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5,
0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2, 0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67,
0x69, 0x3f, 0x90, 0xdf, 0xb0, 0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44,
0x72, 0xc0, 0x0e, 0x5f, 0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06,
0xce, 0x78, 0xe0, 0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0,
0x31, 0x7e, 0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38,
0x08, 0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41, 0x62,
0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9, 0xea, 0x8f,
0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16, 0xbe, 0x02, 0x54,
0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26, 0x76, 0xe0, 0x8a, 0xed,
0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67, 0xd0
};
const uint8_t kTestVector1Sig[] = {
0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38, 0x8e,
0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1, 0x85, 0xdf,
0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd, 0x44, 0xdc, 0x86,
0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2, 0x26, 0xf3, 0xec, 0x22,
0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31, 0xf5, 0x05, 0x12, 0x15, 0xdf,
0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa, 0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14,
0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4, 0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa,
0x35, 0x42, 0xff, 0xee, 0x65, 0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d,
0xeb, 0x27, 0xdc, 0xa1, 0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00,
0xf1, 0xff, 0x2b, 0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c
};
// RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair
// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
const uint8_t kTestVector2Spki[] = {
0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00, 0x30, 0x82,
0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a, 0xc4, 0xcb, 0x02,
0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70, 0xef, 0x99, 0x1c, 0x56,
0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa, 0x89, 0x37, 0xce, 0xa5, 0x7b,
0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00, 0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22,
0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27, 0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80,
0x90, 0xfe, 0xe2, 0xa7, 0xad, 0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49,
0x97, 0xc7, 0xa4, 0x2d, 0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f,
0xe5, 0x21, 0xc1, 0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e,
0x4c, 0x7e, 0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57,
0x7e, 0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc, 0x95,
0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79, 0x25, 0xfe,
0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea, 0x45, 0x49, 0xc5,
0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9, 0x1f, 0xff, 0x58, 0x73,
0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70, 0x5a, 0x33, 0xe3, 0x91, 0x90,
0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1, 0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c,
0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17, 0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d,
0xce, 0x09, 0xcb, 0x4a, 0xd0, 0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98,
0xee, 0x27, 0xcf, 0x55, 0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec,
0x8b, 0x17, 0x4b, 0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21,
0xae, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01
};
// RSA-PSS test vectors, pss-vect.txt, Example 10.1
const uint8_t kTestVector2Data[] = {
0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9, 0x68, 0x03, 0x27,
0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f, 0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a,
0x3a, 0xd6, 0x09
};
const uint8_t kTestVector2Sig[] = {
0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b, 0x19,
0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f, 0xce, 0x54,
0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd, 0xfd, 0xac, 0xe1,
0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14, 0x8e, 0xba, 0xd7, 0xa0,
0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5, 0x72, 0x7d, 0x05, 0xf2, 0x1e,
0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20, 0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a,
0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6, 0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59,
0x61, 0xc8, 0xbf, 0xad, 0x74, 0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39,
0x3e, 0x72, 0x23, 0x73, 0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55,
0x5b, 0x0e, 0xc0, 0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76,
0x14, 0xce, 0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95,
0x16, 0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8, 0xfe,
0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77, 0x55, 0x92,
0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00, 0x0b, 0xe2, 0x5b,
0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86, 0x18, 0x4d, 0xd1, 0xc8,
0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f, 0x60, 0x66, 0x3d, 0xe7, 0xf5,
0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f, 0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4,
0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1, 0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2,
0x38, 0x52, 0x30, 0xd0, 0x70, 0xd0, 0x7e, 0x16, 0x66
};
static unsigned char* toUcharPtr(const uint8_t* v) {
return const_cast<unsigned char*>(
static_cast<const unsigned char*>(v));
}
class Pkcs11RsaPssTest : public ::testing::Test {
};
class Pkcs11RsaPssVectorTest : public Pkcs11RsaPssTest {
public:
void Verify(const uint8_t* spki, size_t spki_len, const uint8_t* data,
size_t data_len, const uint8_t* sig, size_t sig_len) {
// Verify data signed with PSS/SHA-1.
SECOidTag hashOid = SEC_OID_SHA1;
CK_MECHANISM_TYPE hashMech = CKM_SHA_1;
CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA1;
// Set up PSS parameters.
unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
CK_RSA_PKCS_PSS_PARAMS rsaPssParams = { hashMech, mgf, hLen };
SECItem params = { siBuffer,
reinterpret_cast<unsigned char*>(&rsaPssParams),
sizeof(rsaPssParams) };
// Import public key.
SECItem spkiItem = { siBuffer, toUcharPtr(spki),
static_cast<unsigned int>(spki_len) };
ScopedCERTSubjectPublicKeyInfo certSpki(
SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
// Hash the data.
std::vector<uint8_t> hashBuf(hLen);
SECItem hash = { siBuffer, &hashBuf[0],
static_cast<unsigned int>(hashBuf.size()) };
SECStatus rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data),
data_len);
EXPECT_EQ(rv, SECSuccess);
// Verify.
CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
SECItem sigItem = { siBuffer, toUcharPtr(sig),
static_cast<unsigned int>(sig_len) };
rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sigItem, &hash,
nullptr);
EXPECT_EQ(rv, SECSuccess);
}
};
#define PSS_TEST_VECTOR_VERIFY(spki, data, sig) \
Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig));
TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) {
// Sign data with a 1024-bit RSA key, using PSS/SHA-256.
SECOidTag hashOid = SEC_OID_SHA256;
CK_MECHANISM_TYPE hashMech = CKM_SHA256;
CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA256;
PK11RSAGenParams rsaGenParams = { 1024, 0x10001 };
// Generate RSA key pair.
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
SECKEYPublicKey* pubKeyRaw = nullptr;
ScopedSECKEYPrivateKey privKey(PK11_GenerateKeyPair(slot.get(),
CKM_RSA_PKCS_KEY_PAIR_GEN,
&rsaGenParams, &pubKeyRaw,
false, false, nullptr));
ASSERT_TRUE(!!privKey && pubKeyRaw);
ScopedSECKEYPublicKey pubKey(pubKeyRaw);
// Generate random data to sign.
uint8_t dataBuf[50];
SECItem data = { siBuffer, dataBuf, sizeof(dataBuf) };
unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), data.data, data.len);
EXPECT_EQ(rv, SECSuccess);
// Allocate memory for the signature.
std::vector<uint8_t> sigBuf(PK11_SignatureLen(privKey.get()));
SECItem sig = { siBuffer, &sigBuf[0],
static_cast<unsigned int>(sigBuf.size()) };
// Set up PSS parameters.
CK_RSA_PKCS_PSS_PARAMS rsaPssParams = { hashMech, mgf, hLen };
SECItem params = { siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
sizeof(rsaPssParams) };
// Sign.
CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
rv = PK11_SignWithMechanism(privKey.get(), mech, &params, &sig, &data);
EXPECT_EQ(rv, SECSuccess);
// Verify.
rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
nullptr);
EXPECT_EQ(rv, SECSuccess);
// Verification with modified data must fail.
data.data[0] ^= 0xff;
rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
nullptr);
EXPECT_EQ(rv, SECFailure);
// Verification with original data but the wrong signature must fail.
data.data[0] ^= 0xff; // Revert previous changes.
sig.data[0] ^= 0xff;
rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
nullptr);
EXPECT_EQ(rv, SECFailure);
}
// RSA-PSS test vectors, pss-vect.txt, Example 1.1: A 1024-bit RSA Key Pair
// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature1) {
PSS_TEST_VECTOR_VERIFY(kTestVector1Spki, kTestVector1Data, kTestVector1Sig);
}
// RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature2) {
PSS_TEST_VECTOR_VERIFY(kTestVector2Spki, kTestVector2Data, kTestVector2Sig);
}
} // namespace nss_test

17
security/nss/external_tests/ssl_gtest/Makefile
Просмотреть файл

@ -25,7 +25,7 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../../cmd/platlibs.mk
include ../common/gtest.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
@ -42,19 +42,4 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
MKPROG = $(CCC)
CFLAGS += -I$(CORE_DEPTH)/lib/ssl
include ../../cmd/platrules.mk
ifeq (WINNT,$(OS_ARCH))
# -EHsc because gtest has exception handlers
OS_CFLAGS += -EHsc -nologo
# http://www.suodenjoki.dk/us/archive/2010/min-max.htm
OS_CFLAGS += -DNOMINMAX
# Linking to winsock to get htonl
OS_LIBS += Ws2_32.lib
else
CXXFLAGS += -std=c++0x
endif

16
security/nss/external_tests/ssl_gtest/databuffer.h
Просмотреть файл

@ -51,9 +51,16 @@ class DataBuffer {
void Assign(const DataBuffer& other) {
Assign(other.data(), other.len());
}
void Assign(const uint8_t* data, size_t len) {
if (data) {
Allocate(len);
memcpy(static_cast<void *>(data_), static_cast<const void *>(data), len);
} else {
assert(len == 0);
data_ = nullptr;
len_ = 0;
}
}
// Write will do a new allocation and expand the size of the buffer if needed.
@ -166,6 +173,15 @@ inline std::ostream& operator<<(std::ostream& stream, const DataBuffer& buf) {
return stream;
}
inline bool operator==(const DataBuffer& a, const DataBuffer& b) {
return (a.empty() && b.empty()) ||
(a.len() == b.len() && 0 == memcmp(a.data(), b.data(), a.len()));
}
inline bool operator!=(const DataBuffer& a, const DataBuffer& b) {
return !(a == b);
}
} // namespace nss_test
#endif

1
security/nss/external_tests/ssl_gtest/manifest.mn
Просмотреть файл

@ -15,7 +15,6 @@ CPPSRCS = \
ssl_agent_unittest.cc \
ssl_loopback_unittest.cc \
ssl_extension_unittest.cc \
ssl_prf_unittest.cc \
ssl_skip_unittest.cc \
ssl_gtest.cc \
test_io.cc \

104
security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
Просмотреть файл

@ -609,6 +609,110 @@ TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmConfiguration) {
}
}
/*
* Tests for Certificate Transparency (RFC 6962)
*/
// Helper class - stores signed certificate timestamps as provided
// by the relevant callbacks on the client.
class SignedCertificateTimestampsExtractor {
public:
SignedCertificateTimestampsExtractor(TlsAgent& client) {
client.SetAuthCertificateCallback(
[&](TlsAgent& agent, PRBool checksig, PRBool isServer) {
const SECItem *scts = SSL_PeerSignedCertTimestamps(agent.ssl_fd());
ASSERT_TRUE(scts);
auth_timestamps_.reset(new DataBuffer(scts->data, scts->len));
}
);
client.SetHandshakeCallback(
[&](TlsAgent& agent) {
const SECItem *scts = SSL_PeerSignedCertTimestamps(agent.ssl_fd());
ASSERT_TRUE(scts);
handshake_timestamps_.reset(new DataBuffer(scts->data, scts->len));
}
);
}
void assertTimestamps(const DataBuffer& timestamps) {
ASSERT_TRUE(auth_timestamps_);
ASSERT_EQ(timestamps, *auth_timestamps_);
ASSERT_TRUE(handshake_timestamps_);
ASSERT_EQ(timestamps, *handshake_timestamps_);
}
private:
std::unique_ptr<DataBuffer> auth_timestamps_;
std::unique_ptr<DataBuffer> handshake_timestamps_;
};
// Test timestamps extraction during a successful handshake.
TEST_P(TlsExtensionTestGeneric, SignedCertificateTimestampsHandshake) {
uint8_t val[] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
const SECItem si_timestamps = { siBuffer, val, sizeof(val) };
const DataBuffer timestamps(val, sizeof(val));
server_->StartConnect();
ASSERT_EQ(SECSuccess,
SSL_SetSignedCertTimestamps(server_->ssl_fd(),
&si_timestamps, server_->kea()));
client_->StartConnect();
ASSERT_EQ(SECSuccess,
SSL_OptionSet(client_->ssl_fd(),
SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, PR_TRUE));
SignedCertificateTimestampsExtractor timestamps_extractor(*client_);
Handshake();
CheckConnected();
timestamps_extractor.assertTimestamps(timestamps);
}
// Test SSL_PeerSignedCertTimestamps returning zero-length SECItem
// when the client / the server / both have not enabled the feature.
TEST_P(TlsExtensionTestGeneric, SignedCertificateTimestampsInactiveClient) {
uint8_t val[] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
const SECItem si_timestamps = { siBuffer, val, sizeof(val) };
server_->StartConnect();
ASSERT_EQ(SECSuccess,
SSL_SetSignedCertTimestamps(server_->ssl_fd(),
&si_timestamps, server_->kea()));
client_->StartConnect();
SignedCertificateTimestampsExtractor timestamps_extractor(*client_);
Handshake();
CheckConnected();
timestamps_extractor.assertTimestamps(DataBuffer());
}
TEST_P(TlsExtensionTestGeneric, SignedCertificateTimestampsInactiveServer) {
server_->StartConnect();
client_->StartConnect();
ASSERT_EQ(SECSuccess,
SSL_OptionSet(client_->ssl_fd(),
SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, PR_TRUE));
SignedCertificateTimestampsExtractor timestamps_extractor(*client_);
Handshake();
CheckConnected();
timestamps_extractor.assertTimestamps(DataBuffer());
}
TEST_P(TlsExtensionTestGeneric, SignedCertificateTimestampsInactiveBoth) {
server_->StartConnect();
client_->StartConnect();
SignedCertificateTimestampsExtractor timestamps_extractor(*client_);
Handshake();
CheckConnected();
timestamps_extractor.assertTimestamps(DataBuffer());
}
INSTANTIATE_TEST_CASE_P(ExtensionTls10, TlsExtensionTestGeneric,
::testing::Combine(
TlsConnectTestBase::kTlsModesStream,

4
security/nss/external_tests/ssl_gtest/tls_agent.cc
Просмотреть файл

@ -40,7 +40,9 @@ TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea
error_code_(0),
send_ctr_(0),
recv_ctr_(0),
expected_read_error_(false) {
expected_read_error_(false),
handshake_callback_(),
auth_certificate_callback_() {
memset(&info_, 0, sizeof(info_));
memset(&csinfo_, 0, sizeof(csinfo_));

35
security/nss/external_tests/ssl_gtest/tls_agent.h
Просмотреть файл

@ -11,6 +11,7 @@
#include "ssl.h"
#include <iostream>
#include <functional>
#include "test_io.h"
@ -28,6 +29,16 @@ enum SessionResumptionMode {
RESUME_BOTH = RESUME_SESSIONID | RESUME_TICKET
};
class TlsAgent;
typedef
std::function<void(TlsAgent& agent, PRBool checksig, PRBool isServer)>
AuthCertificateCallbackFunction;
typedef
std::function<void(TlsAgent& agent)>
HandshakeCallbackFunction;
class TlsAgent : public PollTarget {
public:
enum Role { CLIENT, SERVER };
@ -94,8 +105,12 @@ class TlsAgent : public PollTarget {
void CheckExtendedMasterSecret(bool expected);
void DisableRollbackDetection();
Role role() const { return role_; }
State state() const { return state_; }
SSLKEAType kea() const { return kea_; }
const char* state_str() const { return state_str(state()); }
const char* state_str(State state) const { return states[state]; }
@ -131,6 +146,15 @@ class TlsAgent : public PollTarget {
size_t received_bytes() const { return recv_ctr_; }
int32_t error_code() const { return error_code_; }
void SetHandshakeCallback(HandshakeCallbackFunction handshake_callback) {
handshake_callback_ = handshake_callback;
}
void SetAuthCertificateCallback(
AuthCertificateCallbackFunction auth_certificate_callback) {
auth_certificate_callback_ = auth_certificate_callback;
}
private:
const static char* states[];
@ -148,6 +172,9 @@ class TlsAgent : public PollTarget {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
agent->CheckPreliminaryInfo();
agent->auth_certificate_hook_called_ = true;
if (agent->auth_certificate_callback_) {
agent->auth_certificate_callback_(*agent, checksig, isServer);
}
return SECSuccess;
}
@ -157,6 +184,9 @@ class TlsAgent : public PollTarget {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
EXPECT_TRUE(agent->expect_client_auth_);
EXPECT_TRUE(isServer);
if (agent->auth_certificate_callback_) {
agent->auth_certificate_callback_(*agent, checksig, isServer);
}
return SECSuccess;
}
@ -208,6 +238,9 @@ class TlsAgent : public PollTarget {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
agent->CheckPreliminaryInfo();
agent->handshake_callback_called_ = true;
if (agent->handshake_callback_) {
agent->handshake_callback_(*agent);
}
}
void CheckCallbacks() const;
@ -237,6 +270,8 @@ class TlsAgent : public PollTarget {
size_t send_ctr_;
size_t recv_ctr_;
bool expected_read_error_;
HandshakeCallbackFunction handshake_callback_;
AuthCertificateCallbackFunction auth_certificate_callback_;
};
class TlsAgentTestBase : public ::testing::Test {

36
security/nss/lib/Makefile
Просмотреть файл

@ -46,6 +46,10 @@ ifndef NSS_DISABLE_DBM
DBM_SRCDIR = dbm # Add the dbm directory to DIRS.
endif
ifeq ($(NSS_BUILD_UTIL_ONLY),1)
SYSINIT_SRCDIR=
endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
@ -62,14 +66,28 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
# Not included when building nss without softoken
UTIL_SRCDIR =
FREEBL_SRCDIR =
SOFTOKEN_SRCDIR =
ifeq ($(NSS_BUILD_UTIL_ONLY),1)
UTIL_SRCDIR = util
FREEBL_SRCDIR =
SOFTOKEN_SRCDIR =
else
# default is to include all
UTIL_SRCDIR = util
FREEBL_SRCDIR = freebl
SOFTOKEN_SRCDIR = softoken
ifeq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
UTIL_SRCDIR =
FREEBL_SRCDIR = freebl
SOFTOKEN_SRCDIR = softoken
else
ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
# Not included when building nss without softoken
# This build type uses the build results of the prior
# NSS_BUILD_UTIL_ONLY and NSS_BUILD_SOFTOKEN_ONLY builds
UTIL_SRCDIR =
FREEBL_SRCDIR =
SOFTOKEN_SRCDIR =
else
# default is to include all
UTIL_SRCDIR = util
FREEBL_SRCDIR = freebl
SOFTOKEN_SRCDIR = softoken
endif
endif
endif

293
security/nss/lib/base/arena.c
Просмотреть файл

@ -96,22 +96,19 @@ extern const NSSError NSS_ERROR_INTERNAL_ERROR;
static nssPointerTracker arena_pointer_tracker;
static PRStatus
arena_add_pointer
(
const NSSArena *arena
)
arena_add_pointer(const NSSArena *arena)
{
PRStatus rv;
rv = nssPointerTracker_initialize(&arena_pointer_tracker);
if( PR_SUCCESS != rv ) {
if (PR_SUCCESS != rv) {
return rv;
}
rv = nssPointerTracker_add(&arena_pointer_tracker, arena);
if( PR_SUCCESS != rv ) {
if (PR_SUCCESS != rv) {
NSSError e = NSS_GetError();
if( NSS_ERROR_NO_MEMORY != e ) {
if (NSS_ERROR_NO_MEMORY != e) {
nss_SetError(NSS_ERROR_INTERNAL_ERROR);
}
@ -122,15 +119,12 @@ arena_add_pointer
}
static PRStatus
arena_remove_pointer
(
const NSSArena *arena
)
arena_remove_pointer(const NSSArena *arena)
{
PRStatus rv;
rv = nssPointerTracker_remove(&arena_pointer_tracker, arena);
if( PR_SUCCESS != rv ) {
if (PR_SUCCESS != rv) {
nss_SetError(NSS_ERROR_INTERNAL_ERROR);
}
@ -155,15 +149,12 @@ arena_remove_pointer
*/
NSS_IMPLEMENT PRStatus
nssArena_verifyPointer
(
const NSSArena *arena
)
nssArena_verifyPointer(const NSSArena *arena)
{
PRStatus rv;
rv = nssPointerTracker_initialize(&arena_pointer_tracker);
if( PR_SUCCESS != rv ) {
if (PR_SUCCESS != rv) {
/*
* This is a little disingenious. We have to initialize the
* tracker, because someone could "legitimately" try to verify
@ -178,7 +169,7 @@ nssArena_verifyPointer
}
rv = nssPointerTracker_verify(&arena_pointer_tracker, arena);
if( PR_SUCCESS != rv ) {
if (PR_SUCCESS != rv) {
nss_SetError(NSS_ERROR_INVALID_ARENA);
return PR_FAILURE;
}
@ -223,23 +214,19 @@ struct arena_destructor_node {
*/
NSS_IMPLEMENT PRStatus
nssArena_registerDestructor
(
NSSArena *arena,
void (*destructor)(void *argument),
void *arg
)
nssArena_registerDestructor(NSSArena *arena, void (*destructor)(void *argument),
void *arg)
{
struct arena_destructor_node *it;
#ifdef NSSDEBUG
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
return PR_FAILURE;
}
#endif /* NSSDEBUG */
it = nss_ZNEW(arena, struct arena_destructor_node);
if( (struct arena_destructor_node *)NULL == it ) {
if ((struct arena_destructor_node *)NULL == it) {
return PR_FAILURE;
}
@ -249,7 +236,7 @@ nssArena_registerDestructor
it->destructor = destructor;
it->arg = arg;
if( (nssArenaMark *)NULL != arena->last_mark ) {
if ((nssArenaMark *)NULL != arena->last_mark) {
arena->last_mark->prev_destructor = it->prev;
arena->last_mark->next_destructor = it->next;
}
@ -258,55 +245,51 @@ nssArena_registerDestructor
}
NSS_IMPLEMENT PRStatus
nssArena_deregisterDestructor
(
NSSArena *arena,
void (*destructor)(void *argument),
void *arg
)
nssArena_deregisterDestructor(NSSArena *arena,
void (*destructor)(void *argument), void *arg)
{
struct arena_destructor_node *it;
#ifdef NSSDEBUG
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
return PR_FAILURE;
}
#endif /* NSSDEBUG */
for( it = arena->first_destructor; it; it = it->next ) {
if( (it->destructor == destructor) && (it->arg == arg) ) {
for (it = arena->first_destructor; it; it = it->next) {
if ((it->destructor == destructor) && (it->arg == arg)) {
break;
}
}
if( (struct arena_destructor_node *)NULL == it ) {
if ((struct arena_destructor_node *)NULL == it) {
nss_SetError(NSS_ERROR_NOT_FOUND);
return PR_FAILURE;
}
if( it == arena->first_destructor ) {
if (it == arena->first_destructor) {
arena->first_destructor = it->next;
}
if( it == arena->last_destructor ) {
if (it == arena->last_destructor) {
arena->last_destructor = it->prev;
}
if( (struct arena_destructor_node *)NULL != it->prev ) {
if ((struct arena_destructor_node *)NULL != it->prev) {
it->prev->next = it->next;
}
if( (struct arena_destructor_node *)NULL != it->next ) {
if ((struct arena_destructor_node *)NULL != it->next) {
it->next->prev = it->prev;
}
{
nssArenaMark *m;
for( m = arena->first_mark; m; m = m->next ) {
if( m->next_destructor == it ) {
for (m = arena->first_mark; m; m = m->next) {
if (m->next_destructor == it) {
m->next_destructor = it->next;
}
if( m->prev_destructor == it ) {
if (m->prev_destructor == it) {
m->prev_destructor = it->prev;
}
}
@ -317,12 +300,9 @@ nssArena_deregisterDestructor
}
static void
nss_arena_call_destructor_chain
(
struct arena_destructor_node *it
)
nss_arena_call_destructor_chain(struct arena_destructor_node *it)
{
for( ; it ; it = it->next ) {
for (; it; it = it->next) {
(*(it->destructor))(it->arg);
}
}
@ -344,10 +324,7 @@ nss_arena_call_destructor_chain
*/
NSS_IMPLEMENT NSSArena *
NSSArena_Create
(
void
)
NSSArena_Create(void)
{
nss_ClearErrorStack();
return nssArena_Create();
@ -369,21 +346,18 @@ NSSArena_Create
*/
NSS_IMPLEMENT NSSArena *
nssArena_Create
(
void
)
nssArena_Create(void)
{
NSSArena *rv = (NSSArena *)NULL;
rv = nss_ZNEW((NSSArena *)NULL, NSSArena);
if( (NSSArena *)NULL == rv ) {
if ((NSSArena *)NULL == rv) {
nss_SetError(NSS_ERROR_NO_MEMORY);
return (NSSArena *)NULL;
}
rv->lock = PR_NewLock();
if( (PRLock *)NULL == rv->lock ) {
if ((PRLock *)NULL == rv->lock) {
(void)nss_ZFreeIf(rv);
nss_SetError(NSS_ERROR_NO_MEMORY);
return (NSSArena *)NULL;
@ -412,7 +386,7 @@ nssArena_Create
{
PRStatus st;
st = arena_add_pointer(rv);
if( PR_SUCCESS != st ) {
if (PR_SUCCESS != st) {
PL_FinishArenaPool(&rv->pool);
PR_DestroyLock(rv->lock);
(void)nss_ZFreeIf(rv);
@ -441,15 +415,12 @@ nssArena_Create
*/
NSS_IMPLEMENT PRStatus
NSSArena_Destroy
(
NSSArena *arena
)
NSSArena_Destroy(NSSArena *arena)
{
nss_ClearErrorStack();
#ifdef DEBUG
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
return PR_FAILURE;
}
#endif /* DEBUG */
@ -474,20 +445,17 @@ NSSArena_Destroy
*/
NSS_IMPLEMENT PRStatus
nssArena_Destroy
(
NSSArena *arena
)
nssArena_Destroy(NSSArena *arena)
{
PRLock *lock;
#ifdef NSSDEBUG
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
return PR_FAILURE;
}
#endif /* NSSDEBUG */
if( (PRLock *)NULL == arena->lock ) {
if ((PRLock *)NULL == arena->lock) {
/* Just got destroyed */
nss_SetError(NSS_ERROR_INVALID_ARENA);
return PR_FAILURE;
@ -495,7 +463,7 @@ nssArena_Destroy
PR_Lock(arena->lock);
#ifdef DEBUG
if( PR_SUCCESS != arena_remove_pointer(arena) ) {
if (PR_SUCCESS != arena_remove_pointer(arena)) {
PR_Unlock(arena->lock);
return PR_FAILURE;
}
@ -539,21 +507,18 @@ static void *nss_zalloc_arena_locked(NSSArena *arena, PRUint32 size);
*/
NSS_IMPLEMENT nssArenaMark *
nssArena_Mark
(
NSSArena *arena
)
nssArena_Mark(NSSArena *arena)
{
nssArenaMark *rv;
void *p;
#ifdef NSSDEBUG
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
return (nssArenaMark *)NULL;
}
#endif /* NSSDEBUG */
if( (PRLock *)NULL == arena->lock ) {
if ((PRLock *)NULL == arena->lock) {
/* Just got destroyed */
nss_SetError(NSS_ERROR_INVALID_ARENA);
return (nssArenaMark *)NULL;
@ -561,13 +526,14 @@ nssArena_Mark
PR_Lock(arena->lock);
#ifdef ARENA_THREADMARK
if( (PRThread *)NULL == arena->marking_thread ) {
if ((PRThread *)NULL == arena->marking_thread) {
/* Unmarked. Store our thread ID */
arena->marking_thread = PR_GetCurrentThread();
/* This call never fails. */
} else {
}
else {
/* Marked. Verify it's the current thread */
if( PR_GetCurrentThread() != arena->marking_thread ) {
if (PR_GetCurrentThread() != arena->marking_thread) {
PR_Unlock(arena->lock);
nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
return (nssArenaMark *)NULL;
@ -580,17 +546,18 @@ nssArena_Mark
/* Do this after the mark */
rv = (nssArenaMark *)nss_zalloc_arena_locked(arena, sizeof(nssArenaMark));
if( (nssArenaMark *)NULL == rv ) {
if ((nssArenaMark *)NULL == rv) {
PR_Unlock(arena->lock);
nss_SetError(NSS_ERROR_NO_MEMORY);
return (nssArenaMark *)NULL;
}
#ifdef ARENA_THREADMARK
if ( (nssArenaMark *)NULL == arena->first_mark) {
if ((nssArenaMark *)NULL == arena->first_mark) {
arena->first_mark = rv;
arena->last_mark = rv;
} else {
}
else {
arena->last_mark->next = rv;
arena->last_mark = rv;
}
@ -616,27 +583,23 @@ nssArena_Mark
*/
static PRStatus
nss_arena_unmark_release
(
NSSArena *arena,
nssArenaMark *arenaMark,
PRBool release
)
nss_arena_unmark_release(NSSArena *arena, nssArenaMark *arenaMark,
PRBool release)
{
void *inner_mark;
#ifdef NSSDEBUG
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
return PR_FAILURE;
}
#endif /* NSSDEBUG */
if( MARK_MAGIC != arenaMark->magic ) {
if (MARK_MAGIC != arenaMark->magic) {
nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
return PR_FAILURE;
}
if( (PRLock *)NULL == arena->lock ) {
if ((PRLock *)NULL == arena->lock) {
/* Just got destroyed */
nss_SetError(NSS_ERROR_INVALID_ARENA);
return PR_FAILURE;
@ -644,8 +607,8 @@ nss_arena_unmark_release
PR_Lock(arena->lock);
#ifdef ARENA_THREADMARK
if( (PRThread *)NULL != arena->marking_thread ) {
if( PR_GetCurrentThread() != arena->marking_thread ) {
if ((PRThread *)NULL != arena->marking_thread) {
if (PR_GetCurrentThread() != arena->marking_thread) {
PR_Unlock(arena->lock);
nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
return PR_FAILURE;
@ -653,7 +616,7 @@ nss_arena_unmark_release
}
#endif /* ARENA_THREADMARK */
if( MARK_MAGIC != arenaMark->magic ) {
if (MARK_MAGIC != arenaMark->magic) {
/* Just got released */
PR_Unlock(arena->lock);
nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
@ -670,7 +633,7 @@ nss_arena_unmark_release
nssArenaMark *last = (nssArenaMark *)NULL;
/* Find this mark */
while( *pMark != arenaMark ) {
while (*pMark != arenaMark) {
last = *pMark;
pMark = &(*pMark)->next;
}
@ -682,21 +645,23 @@ nss_arena_unmark_release
arena->last_mark = last;
/* Invalidate any later marks being implicitly released */
for( ; (nssArenaMark *)NULL != rest; rest = rest->next ) {
for (; (nssArenaMark *)NULL != rest; rest = rest->next) {
rest->magic = 0;
}
/* If we just got rid of the first mark, clear the thread ID */
if( (nssArenaMark *)NULL == arena->first_mark ) {
if ((nssArenaMark *)NULL == arena->first_mark) {
arena->marking_thread = (PRThread *)NULL;
}
}
#endif /* ARENA_THREADMARK */
if( release ) {
if (release) {
#ifdef ARENA_DESTRUCTOR_LIST
if( (struct arena_destructor_node *)NULL != arenaMark->prev_destructor ) {
arenaMark->prev_destructor->next = (struct arena_destructor_node *)NULL;
if ((struct arena_destructor_node *)NULL !=
arenaMark->prev_destructor) {
arenaMark->prev_destructor->next =
(struct arena_destructor_node *)NULL;
}
arena->last_destructor = arenaMark->prev_destructor;
@ -732,11 +697,7 @@ nss_arena_unmark_release
*/
NSS_IMPLEMENT PRStatus
nssArena_Release
(
NSSArena *arena,
nssArenaMark *arenaMark
)
nssArena_Release(NSSArena *arena, nssArenaMark *arenaMark)
{
return nss_arena_unmark_release(arena, arenaMark, PR_TRUE);
}
@ -764,11 +725,7 @@ nssArena_Release
*/
NSS_IMPLEMENT PRStatus
nssArena_Unmark
(
NSSArena *arena,
nssArenaMark *arenaMark
)
nssArena_Unmark(NSSArena *arena, nssArenaMark *arenaMark)
{
return nss_arena_unmark_release(arena, arenaMark, PR_FALSE);
}
@ -787,18 +744,14 @@ struct pointer_header {
};
static void *
nss_zalloc_arena_locked
(
NSSArena *arena,
PRUint32 size
)
nss_zalloc_arena_locked(NSSArena *arena, PRUint32 size)
{
void *p;
void *rv;
struct pointer_header *h;
PRUint32 my_size = size + sizeof(struct pointer_header);
PL_ARENA_ALLOCATE(p, &arena->pool, my_size);
if( (void *)NULL == p ) {
if ((void *)NULL == p) {
nss_SetError(NSS_ERROR_NO_MEMORY);
return (void *)NULL;
}
@ -839,11 +792,7 @@ nss_zalloc_arena_locked
*/
NSS_IMPLEMENT void *
NSS_ZAlloc
(
NSSArena *arenaOpt,
PRUint32 size
)
NSS_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
{
return nss_ZAlloc(arenaOpt, size);
}
@ -872,25 +821,21 @@ NSS_ZAlloc
*/
NSS_IMPLEMENT void *
nss_ZAlloc
(
NSSArena *arenaOpt,
PRUint32 size
)
nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
{
struct pointer_header *h;
PRUint32 my_size = size + sizeof(struct pointer_header);
if( my_size < sizeof(struct pointer_header) ) {
if (my_size < sizeof(struct pointer_header)) {
/* Wrapped */
nss_SetError(NSS_ERROR_NO_MEMORY);
return (void *)NULL;
}
if( (NSSArena *)NULL == arenaOpt ) {
if ((NSSArena *)NULL == arenaOpt) {
/* Heap allocation, no locking required. */
h = (struct pointer_header *)PR_Calloc(1, my_size);
if( (struct pointer_header *)NULL == h ) {
if ((struct pointer_header *)NULL == h) {
nss_SetError(NSS_ERROR_NO_MEMORY);
return (void *)NULL;
}
@ -900,16 +845,17 @@ nss_ZAlloc
/* We used calloc: it's already zeroed */
return (void *)((char *)h + sizeof(struct pointer_header));
} else {
}
else {
void *rv;
/* Arena allocation */
/* Arena allocation */
#ifdef NSSDEBUG
if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
return (void *)NULL;
}
#endif /* NSSDEBUG */
if( (PRLock *)NULL == arenaOpt->lock ) {
if ((PRLock *)NULL == arenaOpt->lock) {
/* Just got destroyed */
nss_SetError(NSS_ERROR_INVALID_ARENA);
return (void *)NULL;
@ -917,8 +863,8 @@ nss_ZAlloc
PR_Lock(arenaOpt->lock);
#ifdef ARENA_THREADMARK
if( (PRThread *)NULL != arenaOpt->marking_thread ) {
if( PR_GetCurrentThread() != arenaOpt->marking_thread ) {
if ((PRThread *)NULL != arenaOpt->marking_thread) {
if (PR_GetCurrentThread() != arenaOpt->marking_thread) {
nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
PR_Unlock(arenaOpt->lock);
return (void *)NULL;
@ -952,10 +898,7 @@ nss_ZAlloc
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
NSS_ZFreeIf
(
void *pointer
)
NSS_ZFreeIf(void *pointer)
{
return nss_ZFreeIf(pointer);
}
@ -979,36 +922,34 @@ NSS_ZFreeIf
*/
NSS_IMPLEMENT PRStatus
nss_ZFreeIf
(
void *pointer
)
nss_ZFreeIf(void *pointer)
{
struct pointer_header *h;
if( (void *)NULL == pointer ) {
if ((void *)NULL == pointer) {
return PR_SUCCESS;
}
h = (struct pointer_header *)((char *)pointer
- sizeof(struct pointer_header));
h = (struct pointer_header *)((char *)pointer -
sizeof(struct pointer_header));
/* Check any magic here */
if( (NSSArena *)NULL == h->arena ) {
if ((NSSArena *)NULL == h->arena) {
/* Heap */
(void)nsslibc_memset(pointer, 0, h->size);
PR_Free(h);
return PR_SUCCESS;
} else {
/* Arena */
}
else {
/* Arena */
#ifdef NSSDEBUG
if( PR_SUCCESS != nssArena_verifyPointer(h->arena) ) {
if (PR_SUCCESS != nssArena_verifyPointer(h->arena)) {
return PR_FAILURE;
}
#endif /* NSSDEBUG */
if( (PRLock *)NULL == h->arena->lock ) {
if ((PRLock *)NULL == h->arena->lock) {
/* Just got destroyed.. so this pointer is invalid */
nss_SetError(NSS_ERROR_INVALID_POINTER);
return PR_FAILURE;
@ -1046,11 +987,7 @@ nss_ZFreeIf
*/
NSS_EXTERN void *
NSS_ZRealloc
(
void *pointer,
PRUint32 newSize
)
NSS_ZRealloc(void *pointer, PRUint32 newSize)
{
return nss_ZRealloc(pointer, newSize);
}
@ -1076,34 +1013,30 @@ NSS_ZRealloc
*/
NSS_EXTERN void *
nss_ZRealloc
(
void *pointer,
PRUint32 newSize
)
nss_ZRealloc(void *pointer, PRUint32 newSize)
{
NSSArena *arena;
struct pointer_header *h, *new_h;
PRUint32 my_newSize = newSize + sizeof(struct pointer_header);
void *rv;
if( my_newSize < sizeof(struct pointer_header) ) {
if (my_newSize < sizeof(struct pointer_header)) {
/* Wrapped */
nss_SetError(NSS_ERROR_NO_MEMORY);
return (void *)NULL;
}
if( (void *)NULL == pointer ) {
if ((void *)NULL == pointer) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (void *)NULL;
}
h = (struct pointer_header *)((char *)pointer
- sizeof(struct pointer_header));
h = (struct pointer_header *)((char *)pointer -
sizeof(struct pointer_header));
/* Check any magic here */
if( newSize == h->size ) {
if (newSize == h->size) {
/* saves thrashing */
return pointer;
}
@ -1112,7 +1045,7 @@ nss_ZRealloc
if (!arena) {
/* Heap */
new_h = (struct pointer_header *)PR_Calloc(1, my_newSize);
if( (struct pointer_header *)NULL == new_h ) {
if ((struct pointer_header *)NULL == new_h) {
nss_SetError(NSS_ERROR_NO_MEMORY);
return (void *)NULL;
}
@ -1121,11 +1054,12 @@ nss_ZRealloc
new_h->size = newSize;
rv = (void *)((char *)new_h + sizeof(struct pointer_header));
if( newSize > h->size ) {
if (newSize > h->size) {
(void)nsslibc_memcpy(rv, pointer, h->size);
(void)nsslibc_memset(&((char *)rv)[ h->size ],
0, (newSize - h->size));
} else {
(void)nsslibc_memset(&((char *)rv)[h->size], 0,
(newSize - h->size));
}
else {
(void)nsslibc_memcpy(rv, pointer, newSize);
}
@ -1134,9 +1068,10 @@ nss_ZRealloc
PR_Free(h);
return rv;
} else {
}
else {
void *p;
/* Arena */
/* Arena */
#ifdef NSSDEBUG
if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
return (void *)NULL;
@ -1160,7 +1095,7 @@ nss_ZRealloc
}
#endif /* ARENA_THREADMARK */
if( newSize < h->size ) {
if (newSize < h->size) {
/*
* We have no general way of returning memory to the arena
* (mark/release doesn't work because things may have been
@ -1173,14 +1108,14 @@ nss_ZRealloc
* the original size, then voila, there's the memory! This
* way a thrash big/small/big/small doesn't burn up the arena.
*/
char *extra = &((char *)pointer)[ newSize ];
char *extra = &((char *)pointer)[newSize];
(void)nsslibc_memset(extra, 0, (h->size - newSize));
PR_Unlock(arena->lock);
return pointer;
}
PL_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
if( (void *)NULL == p ) {
if ((void *)NULL == p) {
PR_Unlock(arena->lock);
nss_SetError(NSS_ERROR_NO_MEMORY);
return (void *)NULL;
@ -1194,7 +1129,7 @@ nss_ZRealloc
(void)nsslibc_memcpy(rv, pointer, h->size);
(void)nsslibc_memset(pointer, 0, h->size);
}
(void)nsslibc_memset(&((char *)rv)[ h->size ], 0, (newSize - h->size));
(void)nsslibc_memset(&((char *)rv)[h->size], 0, (newSize - h->size));
h->arena = (NSSArena *)NULL;
h->size = 0;
PR_Unlock(arena->lock);

478
security/nss/lib/base/base.h
Просмотреть файл

@ -83,11 +83,7 @@ PR_BEGIN_EXTERN_C
* call (NSSArena_Create) have it too?
*/
NSS_EXTERN NSSArena *
nssArena_Create
(
void
);
NSS_EXTERN NSSArena *nssArena_Create(void);
extern const NSSError NSS_ERROR_NO_MEMORY;
@ -107,11 +103,7 @@ extern const NSSError NSS_ERROR_NO_MEMORY;
* PR_FAILURE
*/
NSS_EXTERN PRStatus
nssArena_Destroy
(
NSSArena *arena
);
NSS_EXTERN PRStatus nssArena_Destroy(NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
@ -136,11 +128,7 @@ extern const NSSError NSS_ERROR_INVALID_ARENA;
* An nssArenaMark pointer upon success
*/
NSS_EXTERN nssArenaMark *
nssArena_Mark
(
NSSArena *arena
);
NSS_EXTERN nssArenaMark *nssArena_Mark(NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NO_MEMORY;
@ -165,12 +153,7 @@ extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
* PR_FAILURE
*/
NSS_EXTERN PRStatus
nssArena_Release
(
NSSArena *arena,
nssArenaMark *arenaMark
);
NSS_EXTERN PRStatus nssArena_Release(NSSArena *arena, nssArenaMark *arenaMark);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
@ -197,12 +180,7 @@ extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
* PR_FAILURE
*/
NSS_EXTERN PRStatus
nssArena_Unmark
(
NSSArena *arena,
nssArenaMark *arenaMark
);
NSS_EXTERN PRStatus nssArena_Unmark(NSSArena *arena, nssArenaMark *arenaMark);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
@ -236,13 +214,8 @@ extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
* PR_FAILURE
*/
NSS_EXTERN PRStatus
nssArena_registerDestructor
(
NSSArena *arena,
void (*destructor)(void *argument),
void *arg
);
NSS_EXTERN PRStatus nssArena_registerDestructor(
NSSArena *arena, void (*destructor)(void *argument), void *arg);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NO_MEMORY;
@ -266,13 +239,8 @@ extern const NSSError NSS_ERROR_NO_MEMORY;
* PR_FAILURE
*/
NSS_EXTERN PRStatus
nssArena_deregisterDestructor
(
NSSArena *arena,
void (*destructor)(void *argument),
void *arg
);
NSS_EXTERN PRStatus nssArena_deregisterDestructor(
NSSArena *arena, void (*destructor)(void *argument), void *arg);
extern const NSSError NSS_ERROR_INVALID_ITEM;
extern const NSSError NSS_ERROR_INVALID_ARENA;
@ -303,12 +271,7 @@ extern const NSSError NSS_ERROR_NOT_FOUND;
* A pointer to the new segment of zeroed memory
*/
NSS_EXTERN void *
nss_ZAlloc
(
NSSArena *arenaOpt,
PRUint32 size
);
NSS_EXTERN void *nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NO_MEMORY;
@ -332,11 +295,7 @@ extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
* PR_FAILURE
*/
NSS_EXTERN PRStatus
nss_ZFreeIf
(
void *pointer
);
NSS_EXTERN PRStatus nss_ZFreeIf(void *pointer);
extern const NSSError NSS_ERROR_INVALID_POINTER;
@ -360,12 +319,7 @@ extern const NSSError NSS_ERROR_INVALID_POINTER;
* A pointer to the replacement segment of memory
*/
NSS_EXTERN void *
nss_ZRealloc
(
void *pointer,
PRUint32 newSize
);
NSS_EXTERN void *nss_ZRealloc(void *pointer, PRUint32 newSize);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_NO_MEMORY;
@ -391,7 +345,6 @@ extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
* A pointer to the new segment of zeroed memory
*/
/* The following line exceeds 72 characters, but emacs screws up if I split it. */
#define nss_ZNEW(arenaOpt, type) ((type *)nss_ZAlloc((arenaOpt), sizeof(type)))
/*
@ -414,8 +367,8 @@ extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
* A pointer to the new segment of zeroed memory
*/
/* The following line exceeds 72 characters, but emacs screws up if I split it. */
#define nss_ZNEWARRAY(arenaOpt, type, quantity) ((type *)nss_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
#define nss_ZNEWARRAY(arenaOpt, type, quantity) \
((type *)nss_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
/*
* nss_ZREALLOCARRAY
@ -434,7 +387,8 @@ extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
* NULL upon error
* A pointer to the replacement segment of memory
*/
#define nss_ZREALLOCARRAY(p, type, quantity) ((type *)nss_ZRealloc((p), sizeof(type) * (quantity)))
#define nss_ZREALLOCARRAY(p, type, quantity) \
((type *)nss_ZRealloc((p), sizeof(type) * (quantity)))
/*
* nssArena_verifyPointer
@ -454,11 +408,7 @@ extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
*/
#ifdef DEBUG
NSS_EXTERN PRStatus
nssArena_verifyPointer
(
const NSSArena *arena
);
NSS_EXTERN PRStatus nssArena_verifyPointer(const NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
#endif /* DEBUG */
@ -479,16 +429,16 @@ extern const NSSError NSS_ERROR_INVALID_ARENA;
#ifdef DEBUG
#define nssArena_VERIFYPOINTER(p) nssArena_verifyPointer(p)
#else /* DEBUG */
/* The following line exceeds 72 characters, but emacs screws up if I split it. */
#define nssArena_VERIFYPOINTER(p) (((NSSArena *)NULL == (p))?PR_FAILURE:PR_SUCCESS)
#define nssArena_VERIFYPOINTER(p) \
(((NSSArena *)NULL == (p)) ? PR_FAILURE : PR_SUCCESS)
#endif /* DEBUG */
/*
* Private function to be called by NSS_Shutdown to cleanup nssArena
* bookkeeping.
*/
extern PRStatus
nssArena_Shutdown(void);
extern PRStatus nssArena_Shutdown(void);
/*
* nssArenaHashAllocOps
@ -520,11 +470,7 @@ NSS_EXTERN_DATA PLHashAllocOps nssArenaHashAllocOps;
* of zero will clear the error stack.
*/
NSS_EXTERN void
nss_SetError
(
PRUint32 error
);
NSS_EXTERN void nss_SetError(PRUint32 error);
/*
* nss_ClearErrorStack
@ -532,11 +478,7 @@ nss_SetError
* This routine clears the calling thread's error stack.
*/
NSS_EXTERN void
nss_ClearErrorStack
(
void
);
NSS_EXTERN void nss_ClearErrorStack(void);
/*
* nss_DestroyErrorStack
@ -544,11 +486,7 @@ nss_ClearErrorStack
* This routine frees the calling thread's error stack.
*/
NSS_EXTERN void
nss_DestroyErrorStack
(
void
);
NSS_EXTERN void nss_DestroyErrorStack(void);
/*
* NSSItem
@ -558,36 +496,16 @@ nss_DestroyErrorStack
* nssItem_Equal
*/
NSS_EXTERN NSSItem *
nssItem_Create
(
NSSArena *arenaOpt,
NSSItem *rvOpt,
PRUint32 length,
const void *data
);
NSS_EXTERN NSSItem *nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt,
PRUint32 length, const void *data);
NSS_EXTERN void
nssItem_Destroy
(
NSSItem *item
);
NSS_EXTERN void nssItem_Destroy(NSSItem *item);
NSS_EXTERN NSSItem *
nssItem_Duplicate
(
NSSItem *obj,
NSSArena *arenaOpt,
NSSItem *rvOpt
);
NSS_EXTERN NSSItem *nssItem_Duplicate(NSSItem *obj, NSSArena *arenaOpt,
NSSItem *rvOpt);
NSS_EXTERN PRBool
nssItem_Equal
(
const NSSItem *one,
const NSSItem *two,
PRStatus *statusOpt
);
NSS_EXTERN PRBool nssItem_Equal(const NSSItem *one, const NSSItem *two,
PRStatus *statusOpt);
/*
* NSSUTF8
@ -614,13 +532,8 @@ nssItem_Equal
* PR_FALSE upon error
*/
NSS_EXTERN PRBool
nssUTF8_CaseIgnoreMatch
(
const NSSUTF8 *a,
const NSSUTF8 *b,
PRStatus *statusOpt
);
NSS_EXTERN PRBool nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b,
PRStatus *statusOpt);
/*
* nssUTF8_Duplicate
@ -639,12 +552,7 @@ nssUTF8_CaseIgnoreMatch
* NSS_ERROR_NO_MEMORY
*/
NSS_EXTERN NSSUTF8 *
nssUTF8_Duplicate
(
const NSSUTF8 *s,
NSSArena *arenaOpt
);
NSS_EXTERN NSSUTF8 *nssUTF8_Duplicate(const NSSUTF8 *s, NSSArena *arenaOpt);
/*
* nssUTF8_PrintableMatch
@ -668,13 +576,8 @@ nssUTF8_Duplicate
* PR_FALSE upon error
*/
NSS_EXTERN PRBool
nssUTF8_PrintableMatch
(
const NSSUTF8 *a,
const NSSUTF8 *b,
PRStatus *statusOpt
);
NSS_EXTERN PRBool nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b,
PRStatus *statusOpt);
/*
* nssUTF8_Size
@ -692,12 +595,7 @@ nssUTF8_PrintableMatch
* 0 on error
*/
NSS_EXTERN PRUint32
nssUTF8_Size
(
const NSSUTF8 *s,
PRStatus *statusOpt
);
NSS_EXTERN PRUint32 nssUTF8_Size(const NSSUTF8 *s, PRStatus *statusOpt);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
@ -719,12 +617,7 @@ extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
* 0 on error
*/
NSS_EXTERN PRUint32
nssUTF8_Length
(
const NSSUTF8 *s,
PRStatus *statusOpt
);
NSS_EXTERN PRUint32 nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
@ -753,27 +646,17 @@ extern const NSSError NSS_ERROR_INVALID_STRING;
* A non-null pointer to a new UTF8 string otherwise
*/
NSS_EXTERN NSSUTF8 *
nssUTF8_Create
(
NSSArena *arenaOpt,
nssStringType type,
NSS_EXTERN NSSUTF8 *nssUTF8_Create(NSSArena *arenaOpt, nssStringType type,
const void *inputString,
PRUint32 size /* in bytes, not characters */
);
);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_NO_MEMORY;
extern const NSSError NSS_ERROR_UNSUPPORTED_TYPE;
NSS_EXTERN NSSItem *
nssUTF8_GetEncoding
(
NSSArena *arenaOpt,
NSSItem *rvOpt,
nssStringType type,
NSSUTF8 *string
);
NSS_EXTERN NSSItem *nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt,
nssStringType type, NSSUTF8 *string);
/*
* nssUTF8_CopyIntoFixedBuffer
@ -789,27 +672,16 @@ nssUTF8_GetEncoding
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
NSS_EXTERN PRStatus
nssUTF8_CopyIntoFixedBuffer
(
NSSUTF8 *string,
char *buffer,
PRUint32 bufferSize,
char pad
);
NSS_EXTERN PRStatus nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer,
PRUint32 bufferSize, char pad);
/*
* nssUTF8_Equal
*
*/
NSS_EXTERN PRBool
nssUTF8_Equal
(
const NSSUTF8 *a,
const NSSUTF8 *b,
PRStatus *statusOpt
);
NSS_EXTERN PRBool nssUTF8_Equal(const NSSUTF8 *a, const NSSUTF8 *b,
PRStatus *statusOpt);
/*
* nssList
@ -826,28 +698,15 @@ nssUTF8_Equal
* If threadsafe is true, the list will be locked during modifications
* and traversals.
*/
NSS_EXTERN nssList *
nssList_Create
(
NSSArena *arenaOpt,
PRBool threadSafe
);
NSS_EXTERN nssList *nssList_Create(NSSArena *arenaOpt, PRBool threadSafe);
/*
* nssList_Destroy
*/
NSS_EXTERN PRStatus
nssList_Destroy
(
nssList *list
);
NSS_EXTERN PRStatus nssList_Destroy(nssList *list);
NSS_EXTERN void
nssList_Clear
(
nssList *list,
nssListElementDestructorFunc destructor
);
NSS_EXTERN void nssList_Clear(nssList *list,
nssListElementDestructorFunc destructor);
/*
* nssList_SetCompareFunction
@ -856,34 +715,21 @@ nssList_Clear
* data pointers. By setting this function, the user can control
* how elements are compared.
*/
NSS_EXTERN void
nssList_SetCompareFunction
(
nssList *list,
nssListCompareFunc compareFunc
);
NSS_EXTERN void nssList_SetCompareFunction(nssList *list,
nssListCompareFunc compareFunc);
/*
* nssList_SetSortFunction
*
* Sort function to use for an ordered list.
*/
NSS_EXTERN void
nssList_SetSortFunction
(
nssList *list,
nssListSortFunc sortFunc
);
NSS_EXTERN void nssList_SetSortFunction(nssList *list,
nssListSortFunc sortFunc);
/*
* nssList_Add
*/
NSS_EXTERN PRStatus
nssList_Add
(
nssList *list,
void *data
);
NSS_EXTERN PRStatus nssList_Add(nssList *list, void *data);
/*
* nssList_AddUnique
@ -891,20 +737,14 @@ nssList_Add
* This will use the compare function to see if the element is already
* in the list.
*/
NSS_EXTERN PRStatus
nssList_AddUnique
(
nssList *list,
void *data
);
NSS_EXTERN PRStatus nssList_AddUnique(nssList *list, void *data);
/*
* nssList_Remove
*
* Uses the compare function to locate the element and remove it.
*/
NSS_EXTERN PRStatus
nssList_Remove(nssList *list, void *data);
NSS_EXTERN PRStatus nssList_Remove(nssList *list, void *data);
/*
* nssList_Get
@ -912,21 +752,12 @@ nssList_Remove(nssList *list, void *data);
* Uses the compare function to locate an element. Also serves as
* nssList_Exists.
*/
NSS_EXTERN void *
nssList_Get
(
nssList *list,
void *data
);
NSS_EXTERN void *nssList_Get(nssList *list, void *data);
/*
* nssList_Count
*/
NSS_EXTERN PRUint32
nssList_Count
(
nssList *list
);
NSS_EXTERN PRUint32 nssList_Count(nssList *list);
/*
* nssList_GetArray
@ -934,39 +765,22 @@ nssList_Count
* Fill rvArray, up to maxElements, with elements in the list. The
* array is NULL-terminated, so its allocated size must be maxElements + 1.
*/
NSS_EXTERN PRStatus
nssList_GetArray
(
nssList *list,
void **rvArray,
PRUint32 maxElements
);
NSS_EXTERN PRStatus nssList_GetArray(nssList *list, void **rvArray,
PRUint32 maxElements);
/*
* nssList_CreateIterator
*
* Create an iterator for list traversal.
*/
NSS_EXTERN nssListIterator *
nssList_CreateIterator
(
nssList *list
);
NSS_EXTERN nssListIterator *nssList_CreateIterator(nssList *list);
NSS_EXTERN nssList *
nssList_Clone
(
nssList *list
);
NSS_EXTERN nssList *nssList_Clone(nssList *list);
/*
* nssListIterator_Destroy
*/
NSS_EXTERN void
nssListIterator_Destroy
(
nssListIterator *iter
);
NSS_EXTERN void nssListIterator_Destroy(nssListIterator *iter);
/*
* nssListIterator_Start
@ -974,22 +788,14 @@ nssListIterator_Destroy
* Begin a list iteration. After this call, if the list is threadSafe,
* the list is *locked*.
*/
NSS_EXTERN void *
nssListIterator_Start
(
nssListIterator *iter
);
NSS_EXTERN void *nssListIterator_Start(nssListIterator *iter);
/*
* nssListIterator_Next
*
* Continue a list iteration.
*/
NSS_EXTERN void *
nssListIterator_Next
(
nssListIterator *iter
);
NSS_EXTERN void *nssListIterator_Next(nssListIterator *iter);
/*
* nssListIterator_Finish
@ -997,11 +803,7 @@ nssListIterator_Next
* Complete a list iteration. This *must* be called in order for the
* lock to be released.
*/
NSS_EXTERN PRStatus
nssListIterator_Finish
(
nssListIterator *iter
);
NSS_EXTERN PRStatus nssListIterator_Finish(nssListIterator *iter);
/*
* nssHash
@ -1021,46 +823,24 @@ nssListIterator_Finish
*
*/
NSS_EXTERN nssHash *
nssHash_Create
(
NSSArena *arenaOpt,
PRUint32 numBuckets,
NSS_EXTERN nssHash *nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets,
PLHashFunction keyHash,
PLHashComparator keyCompare,
PLHashComparator valueCompare
);
PLHashComparator valueCompare);
NSS_EXTERN nssHash *
nssHash_CreatePointer
(
NSSArena *arenaOpt,
PRUint32 numBuckets
);
NSS_EXTERN nssHash *nssHash_CreatePointer(NSSArena *arenaOpt,
PRUint32 numBuckets);
NSS_EXTERN nssHash *
nssHash_CreateString
(
NSSArena *arenaOpt,
PRUint32 numBuckets
);
NSS_EXTERN nssHash *nssHash_CreateString(NSSArena *arenaOpt,
PRUint32 numBuckets);
NSS_EXTERN nssHash *
nssHash_CreateItem
(
NSSArena *arenaOpt,
PRUint32 numBuckets
);
NSS_EXTERN nssHash *nssHash_CreateItem(NSSArena *arenaOpt, PRUint32 numBuckets);
/*
* nssHash_Destroy
*
*/
NSS_EXTERN void
nssHash_Destroy
(
nssHash *hash
);
NSS_EXTERN void nssHash_Destroy(nssHash *hash);
/*
* nssHash_Add
@ -1069,69 +849,39 @@ nssHash_Destroy
extern const NSSError NSS_ERROR_HASH_COLLISION;
NSS_EXTERN PRStatus
nssHash_Add
(
nssHash *hash,
const void *key,
const void *value
);
NSS_EXTERN PRStatus nssHash_Add(nssHash *hash, const void *key,
const void *value);
/*
* nssHash_Remove
*
*/
NSS_EXTERN void
nssHash_Remove
(
nssHash *hash,
const void *it
);
NSS_EXTERN void nssHash_Remove(nssHash *hash, const void *it);
/*
* nssHash_Count
*
*/
NSS_EXTERN PRUint32
nssHash_Count
(
nssHash *hash
);
NSS_EXTERN PRUint32 nssHash_Count(nssHash *hash);
/*
* nssHash_Exists
*
*/
NSS_EXTERN PRBool
nssHash_Exists
(
nssHash *hash,
const void *it
);
NSS_EXTERN PRBool nssHash_Exists(nssHash *hash, const void *it);
/*
* nssHash_Lookup
*
*/
NSS_EXTERN void *
nssHash_Lookup
(
nssHash *hash,
const void *it
);
NSS_EXTERN void *nssHash_Lookup(nssHash *hash, const void *it);
/*
* nssHash_Iterate
*
*/
NSS_EXTERN void
nssHash_Iterate
(
nssHash *hash,
nssHashIterator fcn,
void *closure
);
NSS_EXTERN void nssHash_Iterate(nssHash *hash, nssHashIterator fcn,
void *closure);
/*
* nssPointerTracker
@ -1169,11 +919,7 @@ nssHash_Iterate
*/
#ifdef DEBUG
NSS_EXTERN PRStatus
nssPointerTracker_initialize
(
nssPointerTracker *tracker
);
NSS_EXTERN PRStatus nssPointerTracker_initialize(nssPointerTracker *tracker);
extern const NSSError NSS_ERROR_NO_MEMORY;
#endif /* DEBUG */
@ -1202,11 +948,7 @@ extern const NSSError NSS_ERROR_NO_MEMORY;
*/
#ifdef DEBUG
NSS_EXTERN PRStatus
nssPointerTracker_finalize
(
nssPointerTracker *tracker
);
NSS_EXTERN PRStatus nssPointerTracker_finalize(nssPointerTracker *tracker);
extern const NSSError NSS_ERROR_TRACKER_NOT_EMPTY;
#endif /* DEBUG */
@ -1234,12 +976,8 @@ extern const NSSError NSS_ERROR_TRACKER_NOT_EMPTY;
*/
#ifdef DEBUG
NSS_EXTERN PRStatus
nssPointerTracker_add
(
nssPointerTracker *tracker,
const void *pointer
);
NSS_EXTERN PRStatus nssPointerTracker_add(nssPointerTracker *tracker,
const void *pointer);
extern const NSSError NSS_ERROR_NO_MEMORY;
extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
@ -1269,12 +1007,8 @@ extern const NSSError NSS_ERROR_DUPLICATE_POINTER;
*/
#ifdef DEBUG
NSS_EXTERN PRStatus
nssPointerTracker_remove
(
nssPointerTracker *tracker,
const void *pointer
);
NSS_EXTERN PRStatus nssPointerTracker_remove(nssPointerTracker *tracker,
const void *pointer);
extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
@ -1304,12 +1038,8 @@ extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
*/
#ifdef DEBUG
NSS_EXTERN PRStatus
nssPointerTracker_verify
(
nssPointerTracker *tracker,
const void *pointer
);
NSS_EXTERN PRStatus nssPointerTracker_verify(nssPointerTracker *tracker,
const void *pointer);
extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
#endif /* DEBUG */
@ -1333,13 +1063,7 @@ extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
* The destination pointer on success
*/
NSS_EXTERN void *
nsslibc_memcpy
(
void *dest,
const void *source,
PRUint32 n
);
NSS_EXTERN void *nsslibc_memcpy(void *dest, const void *source, PRUint32 n);
extern const NSSError NSS_ERROR_INVALID_POINTER;
@ -1354,13 +1078,7 @@ extern const NSSError NSS_ERROR_INVALID_POINTER;
* The destination pointer on success
*/
NSS_EXTERN void *
nsslibc_memset
(
void *dest,
PRUint8 byte,
PRUint32 n
);
NSS_EXTERN void *nsslibc_memset(void *dest, PRUint8 byte, PRUint32 n);
extern const NSSError NSS_ERROR_INVALID_POINTER;
@ -1376,14 +1094,8 @@ extern const NSSError NSS_ERROR_INVALID_POINTER;
* PR_FALSE upon error
*/
NSS_EXTERN PRBool
nsslibc_memequal
(
const void *a,
const void *b,
PRUint32 len,
PRStatus *statusOpt
);
NSS_EXTERN PRBool nsslibc_memequal(const void *a, const void *b, PRUint32 len,
PRStatus *statusOpt);
extern const NSSError NSS_ERROR_INVALID_POINTER;

9
security/nss/lib/base/baset.h
Просмотреть файл

@ -68,13 +68,12 @@ typedef struct nssArenaMarkStr nssArenaMark;
typedef struct nssListStr nssList;
typedef struct nssListIteratorStr nssListIterator;
typedef PRBool (* nssListCompareFunc)(void *a, void *b);
typedef PRIntn (* nssListSortFunc)(void *a, void *b);
typedef void (* nssListElementDestructorFunc)(void *el);
typedef PRBool (*nssListCompareFunc)(void *a, void *b);
typedef PRIntn (*nssListSortFunc)(void *a, void *b);
typedef void (*nssListElementDestructorFunc)(void *el);
typedef struct nssHashStr nssHash;
typedef void (PR_CALLBACK *nssHashIterator)(const void *key,
void *value,
typedef void(PR_CALLBACK *nssHashIterator)(const void *key, void *value,
void *arg);
/*

61
security/nss/lib/base/error.c
Просмотреть файл

@ -62,7 +62,7 @@ static PRCallOnceType error_call_once;
* This is the once-called callback.
*/
static PRStatus
error_once_function ( void)
error_once_function(void)
{
return PR_NewThreadPrivateIndex(&error_stack_index, PR_Free);
}
@ -76,7 +76,7 @@ error_once_function ( void)
*/
static error_stack *
error_get_my_stack ( void)
error_get_my_stack(void)
{
PRStatus st;
error_stack *rv;
@ -84,22 +84,24 @@ error_get_my_stack ( void)
PRUint32 new_bytes;
error_stack *new_stack;
if( INVALID_TPD_INDEX == error_stack_index ) {
if (INVALID_TPD_INDEX == error_stack_index) {
st = PR_CallOnce(&error_call_once, error_once_function);
if( PR_SUCCESS != st ) {
if (PR_SUCCESS != st) {
return (error_stack *)NULL;
}
}
rv = (error_stack *)PR_GetThreadPrivate(error_stack_index);
if( (error_stack *)NULL == rv ) {
if ((error_stack *)NULL == rv) {
/* Doesn't exist; create one */
new_size = 16;
} else if( rv->header.count == rv->header.space &&
rv->header.count < NSS_MAX_ERROR_STACK_COUNT ) {
}
else if (rv->header.count == rv->header.space &&
rv->header.count < NSS_MAX_ERROR_STACK_COUNT) {
/* Too small, expand it */
new_size = PR_MIN( rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT);
} else {
new_size = PR_MIN(rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT);
}
else {
/* Okay, return it */
return rv;
}
@ -108,9 +110,9 @@ error_get_my_stack ( void)
/* Use NSPR's calloc/realloc, not NSS's, to avoid loops! */
new_stack = PR_Calloc(1, new_bytes);
if( (error_stack *)NULL != new_stack ) {
if( (error_stack *)NULL != rv ) {
(void)nsslibc_memcpy(new_stack,rv,rv->header.space);
if ((error_stack *)NULL != new_stack) {
if ((error_stack *)NULL != rv) {
(void)nsslibc_memcpy(new_stack, rv, rv->header.space);
}
new_stack->header.space = new_size;
}
@ -151,19 +153,19 @@ error_get_my_stack ( void)
*/
NSS_IMPLEMENT PRInt32
NSS_GetError ( void)
NSS_GetError(void)
{
error_stack *es = error_get_my_stack();
if( (error_stack *)NULL == es ) {
if ((error_stack *)NULL == es) {
return NSS_ERROR_NO_MEMORY; /* Good guess! */
}
if( 0 == es->header.count ) {
if (0 == es->header.count) {
return 0;
}
return es->stack[ es->header.count-1 ];
return es->stack[es->header.count - 1];
}
/*
@ -185,16 +187,16 @@ NSS_GetError ( void)
*/
NSS_IMPLEMENT PRInt32 *
NSS_GetErrorStack ( void)
NSS_GetErrorStack(void)
{
error_stack *es = error_get_my_stack();
if( (error_stack *)NULL == es ) {
if ((error_stack *)NULL == es) {
return (PRInt32 *)NULL;
}
/* Make sure it's terminated */
es->stack[ es->header.count ] = 0;
es->stack[es->header.count] = 0;
return es->stack;
}
@ -208,27 +210,28 @@ NSS_GetErrorStack ( void)
*/
NSS_IMPLEMENT void
nss_SetError ( PRUint32 error)
nss_SetError(PRUint32 error)
{
error_stack *es;
if( 0 == error ) {
if (0 == error) {
nss_ClearErrorStack();
return;
}
es = error_get_my_stack();
if( (error_stack *)NULL == es ) {
if ((error_stack *)NULL == es) {
/* Oh, well. */
return;
}
if (es->header.count < es->header.space) {
es->stack[ es->header.count++ ] = error;
} else {
es->stack[es->header.count++] = error;
}
else {
memmove(es->stack, es->stack + 1,
(es->header.space - 1) * (sizeof es->stack[0]));
es->stack[ es->header.space - 1 ] = error;
es->stack[es->header.space - 1] = error;
}
return;
}
@ -240,10 +243,10 @@ nss_SetError ( PRUint32 error)
*/
NSS_IMPLEMENT void
nss_ClearErrorStack ( void)
nss_ClearErrorStack(void)
{
error_stack *es = error_get_my_stack();
if( (error_stack *)NULL == es ) {
if ((error_stack *)NULL == es) {
/* Oh, well. */
return;
}
@ -260,9 +263,9 @@ nss_ClearErrorStack ( void)
*/
NSS_IMPLEMENT void
nss_DestroyErrorStack ( void)
nss_DestroyErrorStack(void)
{
if( INVALID_TPD_INDEX != error_stack_index ) {
if (INVALID_TPD_INDEX != error_stack_index) {
PR_SetThreadPrivate(error_stack_index, NULL);
}
return;

3
security/nss/lib/base/errorval.c
Просмотреть файл

@ -12,6 +12,8 @@
#include "nssbaset.h"
#endif /* NSSBASET_H */
/* clang-format off */
const NSSError NSS_ERROR_NO_ERROR = 0;
const NSSError NSS_ERROR_INTERNAL_ERROR = 1;
const NSSError NSS_ERROR_NO_MEMORY = 2;
@ -60,3 +62,4 @@ const NSSError NSS_ERROR_ALREADY_INITIALIZED = 37;
const NSSError NSS_ERROR_PKCS11 = 38;
/* clang-format on */

134
security/nss/lib/base/hash.c
Просмотреть файл

@ -46,25 +46,19 @@ struct nssHashStr {
};
static PLHashNumber
nss_identity_hash
(
const void *key
)
nss_identity_hash(const void *key)
{
return (PLHashNumber)((char *)key - (char *)NULL);
}
static PLHashNumber
nss_item_hash
(
const void *key
)
nss_item_hash(const void *key)
{
unsigned int i;
PLHashNumber h;
NSSItem *it = (NSSItem *)key;
h = 0;
for (i=0; i<it->size; i++)
for (i = 0; i < it->size; i++)
h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)it->data)[i];
return h;
}
@ -81,21 +75,15 @@ nss_compare_items(const void *v1, const void *v2)
*
*/
NSS_IMPLEMENT nssHash *
nssHash_Create
(
NSSArena *arenaOpt,
PRUint32 numBuckets,
PLHashFunction keyHash,
PLHashComparator keyCompare,
PLHashComparator valueCompare
)
nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets, PLHashFunction keyHash,
PLHashComparator keyCompare, PLHashComparator valueCompare)
{
nssHash *rv;
NSSArena *arena;
PRBool i_alloced;
#ifdef NSSDEBUG
if( arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
if (arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (nssHash *)NULL;
}
@ -104,25 +92,26 @@ nssHash_Create
if (arenaOpt) {
arena = arenaOpt;
i_alloced = PR_FALSE;
} else {
}
else {
arena = nssArena_Create();
i_alloced = PR_TRUE;
}
rv = nss_ZNEW(arena, nssHash);
if( (nssHash *)NULL == rv ) {
if ((nssHash *)NULL == rv) {
goto loser;
}
rv->mutex = PZ_NewLock(nssILockOther);
if( (PZLock *)NULL == rv->mutex ) {
if ((PZLock *)NULL == rv->mutex) {
goto loser;
}
rv->plHashTable = PL_NewHashTable(numBuckets,
keyHash, keyCompare, valueCompare,
rv->plHashTable =
PL_NewHashTable(numBuckets, keyHash, keyCompare, valueCompare,
&nssArenaHashAllocOps, arena);
if( (PLHashTable *)NULL == rv->plHashTable ) {
if ((PLHashTable *)NULL == rv->plHashTable) {
(void)PZ_DestroyLock(rv->mutex);
goto loser;
}
@ -142,14 +131,10 @@ loser:
*
*/
NSS_IMPLEMENT nssHash *
nssHash_CreatePointer
(
NSSArena *arenaOpt,
PRUint32 numBuckets
)
nssHash_CreatePointer(NSSArena *arenaOpt, PRUint32 numBuckets)
{
return nssHash_Create(arenaOpt, numBuckets,
nss_identity_hash, PL_CompareValues, PL_CompareValues);
return nssHash_Create(arenaOpt, numBuckets, nss_identity_hash,
PL_CompareValues, PL_CompareValues);
}
/*
@ -157,14 +142,10 @@ nssHash_CreatePointer
*
*/
NSS_IMPLEMENT nssHash *
nssHash_CreateString
(
NSSArena *arenaOpt,
PRUint32 numBuckets
)
nssHash_CreateString(NSSArena *arenaOpt, PRUint32 numBuckets)
{
return nssHash_Create(arenaOpt, numBuckets,
PL_HashString, PL_CompareStrings, PL_CompareStrings);
return nssHash_Create(arenaOpt, numBuckets, PL_HashString,
PL_CompareStrings, PL_CompareStrings);
}
/*
@ -172,14 +153,10 @@ nssHash_CreateString
*
*/
NSS_IMPLEMENT nssHash *
nssHash_CreateItem
(
NSSArena *arenaOpt,
PRUint32 numBuckets
)
nssHash_CreateItem(NSSArena *arenaOpt, PRUint32 numBuckets)
{
return nssHash_Create(arenaOpt, numBuckets,
nss_item_hash, nss_compare_items, PL_CompareValues);
return nssHash_Create(arenaOpt, numBuckets, nss_item_hash,
nss_compare_items, PL_CompareValues);
}
/*
@ -187,16 +164,14 @@ nssHash_CreateItem
*
*/
NSS_IMPLEMENT void
nssHash_Destroy
(
nssHash *hash
)
nssHash_Destroy(nssHash *hash)
{
(void)PZ_DestroyLock(hash->mutex);
PL_HashTableDestroy(hash->plHashTable);
if (hash->i_alloced_arena) {
nssArena_Destroy(hash->arena);
} else {
}
else {
nss_ZFreeIf(hash);
}
}
@ -206,12 +181,7 @@ nssHash_Destroy
*
*/
NSS_IMPLEMENT PRStatus
nssHash_Add
(
nssHash *hash,
const void *key,
const void *value
)
nssHash_Add(nssHash *hash, const void *key, const void *value)
{
PRStatus error = PR_FAILURE;
PLHashEntry *he;
@ -219,11 +189,13 @@ nssHash_Add
PZ_Lock(hash->mutex);
he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
if( (PLHashEntry *)NULL == he ) {
if ((PLHashEntry *)NULL == he) {
nss_SetError(NSS_ERROR_NO_MEMORY);
} else if (he->value != value) {
}
else if (he->value != value) {
nss_SetError(NSS_ERROR_HASH_COLLISION);
} else {
}
else {
hash->count++;
error = PR_SUCCESS;
}
@ -238,18 +210,14 @@ nssHash_Add
*
*/
NSS_IMPLEMENT void
nssHash_Remove
(
nssHash *hash,
const void *it
)
nssHash_Remove(nssHash *hash, const void *it)
{
PRBool found;
PZ_Lock(hash->mutex);
found = PL_HashTableRemove(hash->plHashTable, it);
if( found ) {
if (found) {
hash->count--;
}
@ -262,10 +230,7 @@ nssHash_Remove
*
*/
NSS_IMPLEMENT PRUint32
nssHash_Count
(
nssHash *hash
)
nssHash_Count(nssHash *hash)
{
PRUint32 count;
@ -283,11 +248,7 @@ nssHash_Count
*
*/
NSS_IMPLEMENT PRBool
nssHash_Exists
(
nssHash *hash,
const void *it
)
nssHash_Exists(nssHash *hash, const void *it)
{
void *value;
@ -297,9 +258,10 @@ nssHash_Exists
(void)PZ_Unlock(hash->mutex);
if( (void *)NULL == value ) {
if ((void *)NULL == value) {
return PR_FALSE;
} else {
}
else {
return PR_TRUE;
}
}
@ -309,11 +271,7 @@ nssHash_Exists
*
*/
NSS_IMPLEMENT void *
nssHash_Lookup
(
nssHash *hash,
const void *it
)
nssHash_Lookup(nssHash *hash, const void *it)
{
void *rv;
@ -332,12 +290,7 @@ struct arg_str {
};
static PRIntn
nss_hash_enumerator
(
PLHashEntry *he,
PRIntn index,
void *arg
)
nss_hash_enumerator(PLHashEntry *he, PRIntn index, void *arg)
{
struct arg_str *as = (struct arg_str *)arg;
as->fcn(he->key, he->value, as->closure);
@ -350,12 +303,7 @@ nss_hash_enumerator
* NOTE that the iteration function will be called with the hashtable locked.
*/
NSS_IMPLEMENT void
nssHash_Iterate
(
nssHash *hash,
nssHashIterator fcn,
void *closure
)
nssHash_Iterate(nssHash *hash, nssHashIterator fcn, void *closure)
{
struct arg_str as;
as.fcn = fcn;

48
security/nss/lib/base/hashops.c
Просмотреть файл

@ -12,18 +12,14 @@
#include "base.h"
#endif /* BASE_H */
static void * PR_CALLBACK
nss_arena_hash_alloc_table
(
void *pool,
PRSize size
)
static void *PR_CALLBACK
nss_arena_hash_alloc_table(void *pool, PRSize size)
{
NSSArena *arena = (NSSArena *)NULL;
#ifdef NSSDEBUG
if( (void *)NULL != arena ) {
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
if ((void *)NULL != arena) {
if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
return (void *)NULL;
}
}
@ -33,27 +29,19 @@ nss_arena_hash_alloc_table
}
static void PR_CALLBACK
nss_arena_hash_free_table
(
void *pool,
void *item
)
nss_arena_hash_free_table(void *pool, void *item)
{
(void)nss_ZFreeIf(item);
}
static PLHashEntry * PR_CALLBACK
nss_arena_hash_alloc_entry
(
void *pool,
const void *key
)
static PLHashEntry *PR_CALLBACK
nss_arena_hash_alloc_entry(void *pool, const void *key)
{
NSSArena *arena = NULL;
#ifdef NSSDEBUG
if( (void *)NULL != arena ) {
if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
if ((void *)NULL != arena) {
if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
return (void *)NULL;
}
}
@ -63,22 +51,14 @@ nss_arena_hash_alloc_entry
}
static void PR_CALLBACK
nss_arena_hash_free_entry
(
void *pool,
PLHashEntry *he,
PRUintn flag
)
nss_arena_hash_free_entry(void *pool, PLHashEntry *he, PRUintn flag)
{
if( HT_FREE_ENTRY == flag ) {
if (HT_FREE_ENTRY == flag) {
(void)nss_ZFreeIf(he);
}
}
NSS_IMPLEMENT_DATA PLHashAllocOps
nssArenaHashAllocOps = {
nss_arena_hash_alloc_table,
nss_arena_hash_free_table,
nss_arena_hash_alloc_entry,
nss_arena_hash_free_entry
NSS_IMPLEMENT_DATA PLHashAllocOps nssArenaHashAllocOps = {
nss_arena_hash_alloc_table, nss_arena_hash_free_table,
nss_arena_hash_alloc_entry, nss_arena_hash_free_entry
};

75
security/nss/lib/base/item.c
Просмотреть файл

@ -29,54 +29,50 @@
*/
NSS_IMPLEMENT NSSItem *
nssItem_Create
(
NSSArena *arenaOpt,
NSSItem *rvOpt,
PRUint32 length,
const void *data
)
nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt, PRUint32 length,
const void *data)
{
NSSItem *rv = (NSSItem *)NULL;
#ifdef DEBUG
if( (NSSArena *)NULL != arenaOpt ) {
if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
if ((NSSArena *)NULL != arenaOpt) {
if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
return (NSSItem *)NULL;
}
}
if( (const void *)NULL == data ) {
if( length > 0 ) {
if ((const void *)NULL == data) {
if (length > 0) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (NSSItem *)NULL;
}
}
#endif /* DEBUG */
if( (NSSItem *)NULL == rvOpt ) {
if ((NSSItem *)NULL == rvOpt) {
rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
if( (NSSItem *)NULL == rv ) {
if ((NSSItem *)NULL == rv) {
goto loser;
}
} else {
}
else {
rv = rvOpt;
}
rv->size = length;
rv->data = nss_ZAlloc(arenaOpt, length);
if( (void *)NULL == rv->data ) {
if ((void *)NULL == rv->data) {
goto loser;
}
if( length > 0 ) {
if (length > 0) {
(void)nsslibc_memcpy(rv->data, data, length);
}
return rv;
loser:
if( rv != rvOpt ) {
loser:
if (rv != rvOpt) {
nss_ZFreeIf(rv);
}
@ -84,16 +80,12 @@ nssItem_Create
}
NSS_IMPLEMENT void
nssItem_Destroy
(
NSSItem *item
)
nssItem_Destroy(NSSItem *item)
{
nss_ClearErrorStack();
nss_ZFreeIf(item->data);
nss_ZFreeIf(item);
}
/*
@ -113,21 +105,16 @@ nssItem_Destroy
*/
NSS_IMPLEMENT NSSItem *
nssItem_Duplicate
(
NSSItem *obj,
NSSArena *arenaOpt,
NSSItem *rvOpt
)
nssItem_Duplicate(NSSItem *obj, NSSArena *arenaOpt, NSSItem *rvOpt)
{
#ifdef DEBUG
if( (NSSArena *)NULL != arenaOpt ) {
if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
if ((NSSArena *)NULL != arenaOpt) {
if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
return (NSSItem *)NULL;
}
}
if( (NSSItem *)NULL == obj ) {
if ((NSSItem *)NULL == obj) {
nss_SetError(NSS_ERROR_INVALID_ITEM);
return (NSSItem *)NULL;
}
@ -151,13 +138,10 @@ nssItem_Duplicate
*/
NSS_IMPLEMENT PRStatus
nssItem_verifyPointer
(
const NSSItem *item
)
nssItem_verifyPointer(const NSSItem *item)
{
if( ((const NSSItem *)NULL == item) ||
(((void *)NULL == item->data) && (item->size > 0)) ) {
if (((const NSSItem *)NULL == item) ||
(((void *)NULL == item->data) && (item->size > 0))) {
nss_SetError(NSS_ERROR_INVALID_ITEM);
return PR_FAILURE;
}
@ -181,26 +165,21 @@ nssItem_verifyPointer
*/
NSS_IMPLEMENT PRBool
nssItem_Equal
(
const NSSItem *one,
const NSSItem *two,
PRStatus *statusOpt
)
nssItem_Equal(const NSSItem *one, const NSSItem *two, PRStatus *statusOpt)
{
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_SUCCESS;
}
if( ((const NSSItem *)NULL == one) && ((const NSSItem *)NULL == two) ) {
if (((const NSSItem *)NULL == one) && ((const NSSItem *)NULL == two)) {
return PR_TRUE;
}
if( ((const NSSItem *)NULL == one) || ((const NSSItem *)NULL == two) ) {
if (((const NSSItem *)NULL == one) || ((const NSSItem *)NULL == two)) {
return PR_FALSE;
}
if( one->size != two->size ) {
if (one->size != two->size) {
return PR_FALSE;
}

52
security/nss/lib/base/libc.c
Просмотреть файл

@ -38,15 +38,10 @@
*/
NSS_IMPLEMENT void *
nsslibc_memcpy
(
void *dest,
const void *source,
PRUint32 n
)
nsslibc_memcpy(void *dest, const void *source, PRUint32 n)
{
#ifdef NSSDEBUG
if( ((void *)NULL == dest) || ((const void *)NULL == source) ) {
if (((void *)NULL == dest) || ((const void *)NULL == source)) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (void *)NULL;
}
@ -67,15 +62,10 @@ nsslibc_memcpy
*/
NSS_IMPLEMENT void *
nsslibc_memset
(
void *dest,
PRUint8 byte,
PRUint32 n
)
nsslibc_memset(void *dest, PRUint8 byte, PRUint32 n)
{
#ifdef NSSDEBUG
if( ((void *)NULL == dest) ) {
if (((void *)NULL == dest)) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (void *)NULL;
}
@ -97,31 +87,27 @@ nsslibc_memset
*/
NSS_IMPLEMENT PRBool
nsslibc_memequal
(
const void *a,
const void *b,
PRUint32 len,
PRStatus *statusOpt
)
nsslibc_memequal(const void *a, const void *b, PRUint32 len,
PRStatus *statusOpt)
{
#ifdef NSSDEBUG
if( (((void *)NULL == a) || ((void *)NULL == b)) ) {
if ((((void *)NULL == a) || ((void *)NULL == b))) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_FAILURE;
}
return PR_FALSE;
}
#endif /* NSSDEBUG */
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_SUCCESS;
}
if( 0 == memcmp(a, b, len) ) {
if (0 == memcmp(a, b, len)) {
return PR_TRUE;
} else {
}
else {
return PR_FALSE;
}
}
@ -131,27 +117,21 @@ nsslibc_memequal
*/
NSS_IMPLEMENT PRInt32
nsslibc_memcmp
(
const void *a,
const void *b,
PRUint32 len,
PRStatus *statusOpt
)
nsslibc_memcmp(const void *a, const void *b, PRUint32 len, PRStatus *statusOpt)
{
int v;
#ifdef NSSDEBUG
if( (((void *)NULL == a) || ((void *)NULL == b)) ) {
if ((((void *)NULL == a) || ((void *)NULL == b))) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_FAILURE;
}
return -2;
}
#endif /* NSSDEBUG */
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_SUCCESS;
}

34
security/nss/lib/base/list.c
Просмотреть файл

@ -36,10 +36,12 @@ struct nssListIteratorStr {
};
#define NSSLIST_LOCK_IF(list) \
if ((list)->lock) PZ_Lock((list)->lock)
if ((list)->lock) \
PZ_Lock((list)->lock)
#define NSSLIST_UNLOCK_IF(list) \
if ((list)->lock) PZ_Unlock((list)->lock)
if ((list)->lock) \
PZ_Unlock((list)->lock)
static PRBool
pointer_compare(void *a, void *b)
@ -73,11 +75,7 @@ nsslist_get_matching_element(nssList *list, void *data)
}
NSS_IMPLEMENT nssList *
nssList_Create
(
NSSArena *arenaOpt,
PRBool threadSafe
)
nssList_Create(NSSArena *arenaOpt, PRBool threadSafe)
{
NSSArena *arena;
nssList *list;
@ -85,7 +83,8 @@ nssList_Create
if (arenaOpt) {
arena = arenaOpt;
i_alloced = PR_FALSE;
} else {
}
else {
arena = nssArena_Create();
i_alloced = PR_TRUE;
}
@ -104,7 +103,8 @@ nssList_Create
if (!list->lock) {
if (arenaOpt) {
nss_ZFreeIf(list);
} else {
}
else {
NSSArena_Destroy(arena);
}
return (nssList *)NULL;
@ -161,7 +161,8 @@ nssList_Clear(nssList *list, nssListElementDestructorFunc destructor)
node = list->head;
list->head = NULL;
while (node && list->count > 0) {
if (destructor) (*destructor)(node->data);
if (destructor)
(*destructor)(node->data);
link = &node->link;
tmp = (nssListElement *)PR_NEXT_LINK(link);
PR_REMOVE_LINK(link);
@ -193,7 +194,8 @@ nsslist_add_element(nssList *list, void *data)
/* new element goes before current node */
PR_INSERT_BEFORE(&node->link, link);
/* reset head if this is first */
if (currNode == list->head) list->head = node;
if (currNode == list->head)
list->head = node;
break;
}
if (link == PR_LIST_TAIL(&list->head->link)) {
@ -203,11 +205,13 @@ nsslist_add_element(nssList *list, void *data)
}
currNode = (nssListElement *)PR_NEXT_LINK(&currNode->link);
}
} else {
}
else {
/* not sorting */
PR_APPEND_LINK(&node->link, &list->head->link);
}
} else {
}
else {
list->head = node;
}
++list->count;
@ -289,7 +293,8 @@ nssList_GetArray(nssList *list, void **rvArray, PRUint32 maxElements)
NSSLIST_LOCK_IF(list);
while (node) {
rvArray[i++] = node->data;
if (i == maxElements) break;
if (i == maxElements)
break;
node = (nssListElement *)PR_NEXT_LINK(&node->link);
if (node == list->head) {
break;
@ -397,4 +402,3 @@ nssListIterator_Finish(nssListIterator *iter)
iter->current = iter->list->head;
return (iter->lock) ? PZ_Unlock(iter->lock) : PR_SUCCESS;
}

51
security/nss/lib/base/nssbase.h
Просмотреть файл

@ -44,11 +44,7 @@ PR_BEGIN_EXTERN_C
* A pointer to an NSSArena upon success
*/
NSS_EXTERN NSSArena *
NSSArena_Create
(
void
);
NSS_EXTERN NSSArena *NSSArena_Create(void);
extern const NSSError NSS_ERROR_NO_MEMORY;
@ -68,11 +64,7 @@ extern const NSSError NSS_ERROR_NO_MEMORY;
* PR_FAILURE upon failure
*/
NSS_EXTERN PRStatus
NSSArena_Destroy
(
NSSArena *arena
);
NSS_EXTERN PRStatus NSSArena_Destroy(NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
@ -100,11 +92,7 @@ extern const NSSError NSS_ERROR_INVALID_ARENA;
* A nonzero error number
*/
NSS_EXTERN NSSError
NSS_GetError
(
void
);
NSS_EXTERN NSSError NSS_GetError(void);
extern const NSSError NSS_ERROR_NO_ERROR;
@ -126,11 +114,7 @@ extern const NSSError NSS_ERROR_NO_ERROR;
* A NON-caller-owned pointer to an array of NSSError values
*/
NSS_EXTERN NSSError *
NSS_GetErrorStack
(
void
);
NSS_EXTERN NSSError *NSS_GetErrorStack(void);
/*
* NSS_ZNEW
@ -152,7 +136,6 @@ NSS_GetErrorStack
* A pointer to the new segment of zeroed memory
*/
/* The following line exceeds 72 characters, but emacs barfs if we split it. */
#define NSS_ZNEW(arenaOpt, type) ((type *)NSS_ZAlloc((arenaOpt), sizeof(type)))
/*
@ -175,9 +158,8 @@ NSS_GetErrorStack
* A pointer to the new segment of zeroed memory
*/
/* The following line exceeds 72 characters, but emacs barfs if we split it. */
#define NSS_ZNEWARRAY(arenaOpt, type, quantity) ((type *)NSS_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
#define NSS_ZNEWARRAY(arenaOpt, type, quantity) \
((type *)NSS_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
/*
* NSS_ZAlloc
@ -202,12 +184,7 @@ NSS_GetErrorStack
* A pointer to the new segment of zeroed memory
*/
NSS_EXTERN void *
NSS_ZAlloc
(
NSSArena *arenaOpt,
PRUint32 size
);
NSS_EXTERN void *NSS_ZAlloc(NSSArena *arenaOpt, PRUint32 size);
/*
* NSS_ZRealloc
@ -229,13 +206,7 @@ NSS_ZAlloc
* A pointer to the replacement segment of memory
*/
NSS_EXTERN void *
NSS_ZRealloc
(
void *pointer,
PRUint32 newSize
);
NSS_EXTERN void *NSS_ZRealloc(void *pointer, PRUint32 newSize);
/*
* NSS_ZFreeIf
@ -255,11 +226,7 @@ NSS_ZRealloc
* PR_FAILURE
*/
NSS_EXTERN PRStatus
NSS_ZFreeIf
(
void *pointer
);
NSS_EXTERN PRStatus NSS_ZFreeIf(void *pointer);
PR_END_EXTERN_C

1
security/nss/lib/base/nssbaset.h
Просмотреть файл

@ -69,7 +69,6 @@ struct NSSItemStr {
};
typedef struct NSSItemStr NSSItem;
/*
* NSSBER
*

97
security/nss/lib/base/tracker.c
Просмотреть файл

@ -24,10 +24,7 @@
*/
static PLHashNumber PR_CALLBACK
identity_hash
(
const void *key
)
identity_hash(const void *key)
{
return (PLHashNumber)((char *)key - (char *)NULL);
}
@ -41,25 +38,19 @@ identity_hash
*/
static PRStatus
trackerOnceFunc
(
void *arg
)
trackerOnceFunc(void *arg)
{
nssPointerTracker *tracker = (nssPointerTracker *)arg;
tracker->lock = PZ_NewLock(nssILockOther);
if( (PZLock *)NULL == tracker->lock ) {
if ((PZLock *)NULL == tracker->lock) {
return PR_FAILURE;
}
tracker->table = PL_NewHashTable(0,
identity_hash,
PL_CompareValues,
PL_CompareValues,
(PLHashAllocOps *)NULL,
(void *)NULL);
if( (PLHashTable *)NULL == tracker->table ) {
tracker->table =
PL_NewHashTable(0, identity_hash, PL_CompareValues, PL_CompareValues,
(PLHashAllocOps *)NULL, (void *)NULL);
if ((PLHashTable *)NULL == tracker->table) {
PZ_DestroyLock(tracker->lock);
tracker->lock = (PZLock *)NULL;
return PR_FAILURE;
@ -90,13 +81,10 @@ trackerOnceFunc
*/
NSS_IMPLEMENT PRStatus
nssPointerTracker_initialize
(
nssPointerTracker *tracker
)
nssPointerTracker_initialize(nssPointerTracker *tracker)
{
PRStatus rv = PR_CallOnceWithArg(&tracker->once, trackerOnceFunc, tracker);
if( PR_SUCCESS != rv ) {
if (PR_SUCCESS != rv) {
nss_SetError(NSS_ERROR_NO_MEMORY);
}
@ -114,12 +102,7 @@ nssPointerTracker_initialize
*/
static PRIntn PR_CALLBACK
count_entries
(
PLHashEntry *he,
PRIntn index,
void *arg
)
count_entries(PLHashEntry *he, PRIntn index, void *arg)
{
return HT_ENUMERATE_NEXT;
}
@ -160,19 +143,16 @@ static const PRCallOnceType zero_once;
*/
NSS_IMPLEMENT PRStatus
nssPointerTracker_finalize
(
nssPointerTracker *tracker
)
nssPointerTracker_finalize(nssPointerTracker *tracker)
{
PZLock *lock;
if( (nssPointerTracker *)NULL == tracker ) {
if ((nssPointerTracker *)NULL == tracker) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return PR_FAILURE;
}
if( (PZLock *)NULL == tracker->lock ) {
if ((PZLock *)NULL == tracker->lock) {
nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
return PR_FAILURE;
}
@ -180,7 +160,7 @@ nssPointerTracker_finalize
lock = tracker->lock;
PZ_Lock(lock);
if( (PLHashTable *)NULL == tracker->table ) {
if ((PLHashTable *)NULL == tracker->table) {
PZ_Unlock(lock);
nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
return PR_FAILURE;
@ -191,11 +171,10 @@ nssPointerTracker_finalize
* I changed my mind; I think we don't want this after all.
* Comments?
*/
count = PL_HashTableEnumerateEntries(tracker->table,
count_entries,
count = PL_HashTableEnumerateEntries(tracker->table, count_entries,
(void *)NULL);
if( 0 != count ) {
if (0 != count) {
PZ_Unlock(lock);
nss_SetError(NSS_ERROR_TRACKER_NOT_EMPTY);
return PR_FAILURE;
@ -238,35 +217,31 @@ nssPointerTracker_finalize
*/
NSS_IMPLEMENT PRStatus
nssPointerTracker_add
(
nssPointerTracker *tracker,
const void *pointer
)
nssPointerTracker_add(nssPointerTracker *tracker, const void *pointer)
{
void *check;
PLHashEntry *entry;
if( (nssPointerTracker *)NULL == tracker ) {
if ((nssPointerTracker *)NULL == tracker) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return PR_FAILURE;
}
if( (PZLock *)NULL == tracker->lock ) {
if ((PZLock *)NULL == tracker->lock) {
nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
return PR_FAILURE;
}
PZ_Lock(tracker->lock);
if( (PLHashTable *)NULL == tracker->table ) {
if ((PLHashTable *)NULL == tracker->table) {
PZ_Unlock(tracker->lock);
nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
return PR_FAILURE;
}
check = PL_HashTableLookup(tracker->table, pointer);
if( (void *)NULL != check ) {
if ((void *)NULL != check) {
PZ_Unlock(tracker->lock);
nss_SetError(NSS_ERROR_DUPLICATE_POINTER);
return PR_FAILURE;
@ -276,7 +251,7 @@ nssPointerTracker_add
PZ_Unlock(tracker->lock);
if( (PLHashEntry *)NULL == entry ) {
if ((PLHashEntry *)NULL == entry) {
nss_SetError(NSS_ERROR_NO_MEMORY);
return PR_FAILURE;
}
@ -308,27 +283,23 @@ nssPointerTracker_add
*/
NSS_IMPLEMENT PRStatus
nssPointerTracker_remove
(
nssPointerTracker *tracker,
const void *pointer
)
nssPointerTracker_remove(nssPointerTracker *tracker, const void *pointer)
{
PRBool registered;
if( (nssPointerTracker *)NULL == tracker ) {
if ((nssPointerTracker *)NULL == tracker) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return PR_FAILURE;
}
if( (PZLock *)NULL == tracker->lock ) {
if ((PZLock *)NULL == tracker->lock) {
nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
return PR_FAILURE;
}
PZ_Lock(tracker->lock);
if( (PLHashTable *)NULL == tracker->table ) {
if ((PLHashTable *)NULL == tracker->table) {
PZ_Unlock(tracker->lock);
nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
return PR_FAILURE;
@ -337,7 +308,7 @@ nssPointerTracker_remove
registered = PL_HashTableRemove(tracker->table, pointer);
PZ_Unlock(tracker->lock);
if( !registered ) {
if (!registered) {
nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
return PR_FAILURE;
}
@ -371,27 +342,23 @@ nssPointerTracker_remove
*/
NSS_IMPLEMENT PRStatus
nssPointerTracker_verify
(
nssPointerTracker *tracker,
const void *pointer
)
nssPointerTracker_verify(nssPointerTracker *tracker, const void *pointer)
{
void *check;
if( (nssPointerTracker *)NULL == tracker ) {
if ((nssPointerTracker *)NULL == tracker) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return PR_FAILURE;
}
if( (PZLock *)NULL == tracker->lock ) {
if ((PZLock *)NULL == tracker->lock) {
nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
return PR_FAILURE;
}
PZ_Lock(tracker->lock);
if( (PLHashTable *)NULL == tracker->table ) {
if ((PLHashTable *)NULL == tracker->table) {
PZ_Unlock(tracker->lock);
nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
return PR_FAILURE;
@ -400,7 +367,7 @@ nssPointerTracker_verify
check = PL_HashTableLookup(tracker->table, pointer);
PZ_Unlock(tracker->lock);
if( (void *)NULL == check ) {
if ((void *)NULL == check) {
nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
return PR_FAILURE;
}

272
security/nss/lib/base/utf8.c
Просмотреть файл

@ -38,25 +38,19 @@
*/
NSS_IMPLEMENT PRBool
nssUTF8_CaseIgnoreMatch
(
const NSSUTF8 *a,
const NSSUTF8 *b,
PRStatus *statusOpt
)
nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
{
#ifdef NSSDEBUG
if( ((const NSSUTF8 *)NULL == a) ||
((const NSSUTF8 *)NULL == b) ) {
if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_FAILURE;
}
return PR_FALSE;
}
#endif /* NSSDEBUG */
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_SUCCESS;
}
@ -65,9 +59,10 @@ nssUTF8_CaseIgnoreMatch
*
* This is, like, so wrong!
*/
if( 0 == PL_strcasecmp((const char *)a, (const char *)b) ) {
if (0 == PL_strcasecmp((const char *)a, (const char *)b)) {
return PR_TRUE;
} else {
}
else {
return PR_FALSE;
}
}
@ -95,90 +90,85 @@ nssUTF8_CaseIgnoreMatch
*/
NSS_IMPLEMENT PRBool
nssUTF8_PrintableMatch
(
const NSSUTF8 *a,
const NSSUTF8 *b,
PRStatus *statusOpt
)
nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
{
PRUint8 *c;
PRUint8 *d;
#ifdef NSSDEBUG
if( ((const NSSUTF8 *)NULL == a) ||
((const NSSUTF8 *)NULL == b) ) {
if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_FAILURE;
}
return PR_FALSE;
}
#endif /* NSSDEBUG */
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_SUCCESS;
}
c = (PRUint8 *)a;
d = (PRUint8 *)b;
while( ' ' == *c ) {
while (' ' == *c) {
c++;
}
while( ' ' == *d ) {
while (' ' == *d) {
d++;
}
while( ('\0' != *c) && ('\0' != *d) ) {
while (('\0' != *c) && ('\0' != *d)) {
PRUint8 e, f;
e = *c;
f = *d;
if( ('a' <= e) && (e <= 'z') ) {
if (('a' <= e) && (e <= 'z')) {
e -= ('a' - 'A');
}
if( ('a' <= f) && (f <= 'z') ) {
if (('a' <= f) && (f <= 'z')) {
f -= ('a' - 'A');
}
if( e != f ) {
if (e != f) {
return PR_FALSE;
}
c++;
d++;
if( ' ' == *c ) {
while( ' ' == *c ) {
if (' ' == *c) {
while (' ' == *c) {
c++;
}
c--;
}
if( ' ' == *d ) {
while( ' ' == *d ) {
if (' ' == *d) {
while (' ' == *d) {
d++;
}
d--;
}
}
while( ' ' == *c ) {
while (' ' == *c) {
c++;
}
while( ' ' == *d ) {
while (' ' == *d) {
d++;
}
if( *c == *d ) {
if (*c == *d) {
/* And both '\0', btw */
return PR_TRUE;
} else {
}
else {
return PR_FALSE;
}
}
@ -201,23 +191,19 @@ nssUTF8_PrintableMatch
*/
NSS_IMPLEMENT NSSUTF8 *
nssUTF8_Duplicate
(
const NSSUTF8 *s,
NSSArena *arenaOpt
)
nssUTF8_Duplicate(const NSSUTF8 *s, NSSArena *arenaOpt)
{
NSSUTF8 *rv;
PRUint32 len;
#ifdef NSSDEBUG
if( (const NSSUTF8 *)NULL == s ) {
if ((const NSSUTF8 *)NULL == s) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (NSSUTF8 *)NULL;
}
if( (NSSArena *)NULL != arenaOpt ) {
if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
if ((NSSArena *)NULL != arenaOpt) {
if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
return (NSSUTF8 *)NULL;
}
}
@ -225,7 +211,7 @@ nssUTF8_Duplicate
len = PL_strlen((const char *)s);
#ifdef PEDANTIC
if( '\0' != ((const char *)s)[ len ] ) {
if ('\0' != ((const char *)s)[len]) {
/* must have wrapped, e.g., too big for PRUint32 */
nss_SetError(NSS_ERROR_NO_MEMORY);
return (NSSUTF8 *)NULL;
@ -234,7 +220,7 @@ nssUTF8_Duplicate
len++; /* zero termination */
rv = nss_ZAlloc(arenaOpt, len);
if( (void *)NULL == rv ) {
if ((void *)NULL == rv) {
return (NSSUTF8 *)NULL;
}
@ -259,18 +245,14 @@ nssUTF8_Duplicate
*/
NSS_IMPLEMENT PRUint32
nssUTF8_Size
(
const NSSUTF8 *s,
PRStatus *statusOpt
)
nssUTF8_Size(const NSSUTF8 *s, PRStatus *statusOpt)
{
PRUint32 sv;
#ifdef NSSDEBUG
if( (const NSSUTF8 *)NULL == s ) {
if ((const NSSUTF8 *)NULL == s) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_FAILURE;
}
return 0;
@ -279,17 +261,17 @@ nssUTF8_Size
sv = PL_strlen((const char *)s) + 1;
#ifdef PEDANTIC
if( '\0' != ((const char *)s)[ sv-1 ] ) {
if ('\0' != ((const char *)s)[sv - 1]) {
/* wrapped */
nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_FAILURE;
}
return 0;
}
#endif /* PEDANTIC */
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_SUCCESS;
}
@ -314,17 +296,13 @@ nssUTF8_Size
*/
NSS_IMPLEMENT PRUint32
nssUTF8_Length
(
const NSSUTF8 *s,
PRStatus *statusOpt
)
nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt)
{
PRUint32 l = 0;
const PRUint8 *c = (const PRUint8 *)s;
#ifdef NSSDEBUG
if( (const NSSUTF8 *)NULL == s ) {
if ((const NSSUTF8 *)NULL == s) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
goto loser;
}
@ -342,21 +320,27 @@ nssUTF8_Length
* 0400 0000-7FFF FFFF 1111110x 10xxxxxx ... 10xxxxxx
*/
while( 0 != *c ) {
while (0 != *c) {
PRUint32 incr;
if( (*c & 0x80) == 0 ) {
if ((*c & 0x80) == 0) {
incr = 1;
} else if( (*c & 0xE0) == 0xC0 ) {
}
else if ((*c & 0xE0) == 0xC0) {
incr = 2;
} else if( (*c & 0xF0) == 0xE0 ) {
}
else if ((*c & 0xF0) == 0xE0) {
incr = 3;
} else if( (*c & 0xF8) == 0xF0 ) {
}
else if ((*c & 0xF8) == 0xF0) {
incr = 4;
} else if( (*c & 0xFC) == 0xF8 ) {
}
else if ((*c & 0xFC) == 0xF8) {
incr = 5;
} else if( (*c & 0xFE) == 0xFC ) {
}
else if ((*c & 0xFE) == 0xFC) {
incr = 6;
} else {
}
else {
nss_SetError(NSS_ERROR_INVALID_STRING);
goto loser;
}
@ -364,7 +348,7 @@ nssUTF8_Length
l += incr;
#ifdef PEDANTIC
if( l < incr ) {
if (l < incr) {
/* Wrapped-- too big */
nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
goto loser;
@ -372,8 +356,8 @@ nssUTF8_Length
{
PRUint8 *d;
for( d = &c[1]; d < &c[incr]; d++ ) {
if( (*d & 0xC0) != 0xF0 ) {
for (d = &c[1]; d < &c[incr]; d++) {
if ((*d & 0xC0) != 0xF0) {
nss_SetError(NSS_ERROR_INVALID_STRING);
goto loser;
}
@ -384,21 +368,20 @@ nssUTF8_Length
c += incr;
}
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_SUCCESS;
}
return l;
loser:
if( (PRStatus *)NULL != statusOpt ) {
loser:
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_FAILURE;
}
return 0;
}
/*
* nssUTF8_Create
*
@ -425,30 +408,26 @@ nssUTF8_Length
extern const NSSError NSS_ERROR_INTERNAL_ERROR; /* XXX fgmr */
NSS_IMPLEMENT NSSUTF8 *
nssUTF8_Create
(
NSSArena *arenaOpt,
nssStringType type,
const void *inputString,
nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString,
PRUint32 size /* in bytes, not characters */
)
)
{
NSSUTF8 *rv = NULL;
#ifdef NSSDEBUG
if( (NSSArena *)NULL != arenaOpt ) {
if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
if ((NSSArena *)NULL != arenaOpt) {
if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
return (NSSUTF8 *)NULL;
}
}
if( (const void *)NULL == inputString ) {
if ((const void *)NULL == inputString) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (NSSUTF8 *)NULL;
}
#endif /* NSSDEBUG */
switch( type ) {
switch (type) {
case nssStringType_DirectoryString:
/* This is a composite type requiring BER */
nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
@ -474,11 +453,12 @@ nssUTF8_Create
* So we can just duplicate the string over.
*/
if( 0 == size ) {
if (0 == size) {
rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
} else {
rv = nss_ZAlloc(arenaOpt, size+1);
if( (NSSUTF8 *)NULL == rv ) {
}
else {
rv = nss_ZAlloc(arenaOpt, size + 1);
if ((NSSUTF8 *)NULL == rv) {
return (NSSUTF8 *)NULL;
}
@ -495,11 +475,12 @@ nssUTF8_Create
nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
break;
case nssStringType_UTF8String:
if( 0 == size ) {
if (0 == size) {
rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
} else {
rv = nss_ZAlloc(arenaOpt, size+1);
if( (NSSUTF8 *)NULL == rv ) {
}
else {
rv = nss_ZAlloc(arenaOpt, size + 1);
if ((NSSUTF8 *)NULL == rv) {
return (NSSUTF8 *)NULL;
}
@ -527,31 +508,26 @@ nssUTF8_Create
}
NSS_IMPLEMENT NSSItem *
nssUTF8_GetEncoding
(
NSSArena *arenaOpt,
NSSItem *rvOpt,
nssStringType type,
NSSUTF8 *string
)
nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt, nssStringType type,
NSSUTF8 *string)
{
NSSItem *rv = (NSSItem *)NULL;
PRStatus status = PR_SUCCESS;
#ifdef NSSDEBUG
if( (NSSArena *)NULL != arenaOpt ) {
if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
if ((NSSArena *)NULL != arenaOpt) {
if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
return (NSSItem *)NULL;
}
}
if( (NSSUTF8 *)NULL == string ) {
if ((NSSUTF8 *)NULL == string) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return (NSSItem *)NULL;
}
#endif /* NSSDEBUG */
switch( type ) {
switch (type) {
case nssStringType_DirectoryString:
nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
break;
@ -567,34 +543,33 @@ nssUTF8_GetEncoding
case nssStringType_BMPString:
nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
break;
case nssStringType_UTF8String:
{
case nssStringType_UTF8String: {
NSSUTF8 *dup = nssUTF8_Duplicate(string, arenaOpt);
if( (NSSUTF8 *)NULL == dup ) {
if ((NSSUTF8 *)NULL == dup) {
return (NSSItem *)NULL;
}
if( (NSSItem *)NULL == rvOpt ) {
if ((NSSItem *)NULL == rvOpt) {
rv = nss_ZNEW(arenaOpt, NSSItem);
if( (NSSItem *)NULL == rv ) {
if ((NSSItem *)NULL == rv) {
(void)nss_ZFreeIf(dup);
return (NSSItem *)NULL;
}
} else {
}
else {
rv = rvOpt;
}
rv->data = dup;
dup = (NSSUTF8 *)NULL;
rv->size = nssUTF8_Size(rv->data, &status);
if( (0 == rv->size) && (PR_SUCCESS != status) ) {
if( (NSSItem *)NULL == rvOpt ) {
if ((0 == rv->size) && (PR_SUCCESS != status)) {
if ((NSSItem *)NULL == rvOpt) {
(void)nss_ZFreeIf(rv);
}
return (NSSItem *)NULL;
}
}
break;
} break;
case nssStringType_PHGString:
nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
break;
@ -618,63 +593,60 @@ nssUTF8_GetEncoding
*/
NSS_IMPLEMENT PRStatus
nssUTF8_CopyIntoFixedBuffer
(
NSSUTF8 *string,
char *buffer,
PRUint32 bufferSize,
char pad
)
nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer, PRUint32 bufferSize,
char pad)
{
PRUint32 stringSize = 0;
#ifdef NSSDEBUG
if( (char *)NULL == buffer ) {
if ((char *)NULL == buffer) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
return PR_FALSE;
}
if( 0 == bufferSize ) {
if (0 == bufferSize) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return PR_FALSE;
}
if( (pad & 0x80) != 0x00 ) {
if ((pad & 0x80) != 0x00) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return PR_FALSE;
}
#endif /* NSSDEBUG */
if( (NSSUTF8 *)NULL == string ) {
string = (NSSUTF8 *) "";
if ((NSSUTF8 *)NULL == string) {
string = (NSSUTF8 *)"";
}
stringSize = nssUTF8_Size(string, (PRStatus *)NULL);
stringSize--; /* don't count the trailing null */
if( stringSize > bufferSize ) {
if (stringSize > bufferSize) {
PRUint32 bs = bufferSize;
(void)nsslibc_memcpy(buffer, string, bufferSize);
if( ( ((buffer[ bs-1 ] & 0x80) == 0x00)) ||
((bs > 1) && ((buffer[ bs-2 ] & 0xE0) == 0xC0)) ||
((bs > 2) && ((buffer[ bs-3 ] & 0xF0) == 0xE0)) ||
((bs > 3) && ((buffer[ bs-4 ] & 0xF8) == 0xF0)) ||
((bs > 4) && ((buffer[ bs-5 ] & 0xFC) == 0xF8)) ||
((bs > 5) && ((buffer[ bs-6 ] & 0xFE) == 0xFC)) ) {
if (( ((buffer[bs - 1] & 0x80) == 0x00)) ||
((bs > 1) && ((buffer[bs - 2] & 0xE0) == 0xC0)) ||
((bs > 2) && ((buffer[bs - 3] & 0xF0) == 0xE0)) ||
((bs > 3) && ((buffer[bs - 4] & 0xF8) == 0xF0)) ||
((bs > 4) && ((buffer[bs - 5] & 0xFC) == 0xF8)) ||
((bs > 5) && ((buffer[bs - 6] & 0xFE) == 0xFC))) {
/* It fit exactly */
return PR_SUCCESS;
}
/* Too long. We have to trim the last character */
for( /*bs*/; bs != 0; bs-- ) {
if( (buffer[bs-1] & 0xC0) != 0x80 ) {
buffer[bs-1] = pad;
for (/*bs*/; bs != 0; bs--) {
if ((buffer[bs - 1] & 0xC0) != 0x80) {
buffer[bs - 1] = pad;
break;
} else {
buffer[bs-1] = pad;
}
else {
buffer[bs - 1] = pad;
}
}
} else {
}
else {
(void)nsslibc_memset(buffer, pad, bufferSize);
(void)nsslibc_memcpy(buffer, string, stringSize);
}
@ -688,20 +660,14 @@ nssUTF8_CopyIntoFixedBuffer
*/
NSS_IMPLEMENT PRBool
nssUTF8_Equal
(
const NSSUTF8 *a,
const NSSUTF8 *b,
PRStatus *statusOpt
)
nssUTF8_Equal(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
{
PRUint32 la, lb;
#ifdef NSSDEBUG
if( ((const NSSUTF8 *)NULL == a) ||
((const NSSUTF8 *)NULL == b) ) {
if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
if( (PRStatus *)NULL != statusOpt ) {
if ((PRStatus *)NULL != statusOpt) {
*statusOpt = PR_FAILURE;
}
return PR_FALSE;
@ -709,16 +675,16 @@ nssUTF8_Equal
#endif /* NSSDEBUG */
la = nssUTF8_Size(a, statusOpt);
if( 0 == la ) {
if (0 == la) {
return PR_FALSE;
}
lb = nssUTF8_Size(b, statusOpt);
if( 0 == lb ) {
if (0 == lb) {
return PR_FALSE;
}
if( la != lb ) {
if (la != lb) {
return PR_FALSE;
}

560
security/nss/lib/certdb/alg1485.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

766
security/nss/lib/certdb/cert.h
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

1099
security/nss/lib/certdb/certdb.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

71
security/nss/lib/certdb/certdb.h
Просмотреть файл

@ -5,18 +5,17 @@
#ifndef _CERTDB_H_
#define _CERTDB_H_
/* common flags for all types of certificates */
#define CERTDB_TERMINAL_RECORD (1u<<0)
#define CERTDB_TRUSTED (1u<<1)
#define CERTDB_SEND_WARN (1u<<2)
#define CERTDB_VALID_CA (1u<<3)
#define CERTDB_TRUSTED_CA (1u<<4) /* trusted for issuing server certs */
#define CERTDB_NS_TRUSTED_CA (1u<<5)
#define CERTDB_USER (1u<<6)
#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */
#define CERTDB_INVISIBLE_CA (1u<<8) /* don't show in UI */
#define CERTDB_GOVT_APPROVED_CA (1u<<9) /* can do strong crypto in export ver */
#define CERTDB_TERMINAL_RECORD (1u << 0)
#define CERTDB_TRUSTED (1u << 1)
#define CERTDB_SEND_WARN (1u << 2)
#define CERTDB_VALID_CA (1u << 3)
#define CERTDB_TRUSTED_CA (1u << 4) /* trusted for issuing server certs */
#define CERTDB_NS_TRUSTED_CA (1u << 5)
#define CERTDB_USER (1u << 6)
#define CERTDB_TRUSTED_CLIENT_CA (1u << 7) /* trusted for issuing client certs */
#define CERTDB_INVISIBLE_CA (1u << 8) /* don't show in UI */
#define CERTDB_GOVT_APPROVED_CA (1u << 9) /* can do strong crypto in export ver */
/* old usage, to keep old programs compiling */
/* On Windows, Mac, and Linux (and other gcc platforms), we can give compile
@ -26,10 +25,10 @@
#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated));
#else
typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated
("CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD")));
typedef unsigned int __CERTDB_VALID_PEER __attribute__((
deprecated("CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD")));
#endif
#define CERTDB_VALID_PEER ((__CERTDB_VALID_PEER) CERTDB_TERMINAL_RECORD)
#define CERTDB_VALID_PEER ((__CERTDB_VALID_PEER)CERTDB_TERMINAL_RECORD)
#else
#ifdef _WIN32
#pragma deprecated(CERTDB_VALID_PEER)
@ -39,41 +38,35 @@ typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated
SEC_BEGIN_PROTOS
CERTSignedCrl *
SEC_FindCrlByKey(CERTCertDBHandle *handle, SECItem *crlKey, int type);
CERTSignedCrl *SEC_FindCrlByKey(CERTCertDBHandle *handle, SECItem *crlKey,
int type);
CERTSignedCrl *
SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey, int type);
CERTSignedCrl *SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey,
int type);
CERTSignedCrl *
SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type);
CERTSignedCrl *SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl,
int type);
PRBool
SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
PRBool SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
CERTCertDBHandle *handle);
CERTSignedCrl *
SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type);
CERTSignedCrl *SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl,
int type);
SECStatus
SEC_DeletePermCRL(CERTSignedCrl *crl);
SECStatus SEC_DeletePermCRL(CERTSignedCrl *crl);
SECStatus SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes,
int type);
SECStatus
SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type);
SECStatus SEC_DestroyCrl(CERTSignedCrl *crl);
SECStatus
SEC_DestroyCrl(CERTSignedCrl *crl);
CERTSignedCrl *SEC_DupCrl(CERTSignedCrl *acrl);
CERTSignedCrl* SEC_DupCrl(CERTSignedCrl* acrl);
SECStatus
CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
SECStatus CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
CERTCertTrust *trust);
SECStatus SEC_DeletePermCertificate(CERTCertificate *cert);
PRBool
SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
PRBool SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
/*
** Extract the validity times from a CRL
@ -81,8 +74,7 @@ SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
** "notBefore" is the start of the validity period (last update)
** "notAfter" is the end of the validity period (next update)
*/
SECStatus
SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter);
SECStatus SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter);
/*
** Check the validity times of a crl vs. time 't', allowing
@ -90,8 +82,7 @@ SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter);
** "crl" is the certificate to be checked
** "t" is the time to check against
*/
SECCertTimeValidity
SEC_CheckCrlTimes(CERTCrl *crl, PRTime t);
SECCertTimeValidity SEC_CheckCrlTimes(CERTCrl *crl, PRTime t);
SEC_END_PROTOS

98
security/nss/lib/certdb/certi.h
Просмотреть файл

@ -38,8 +38,7 @@ struct OpaqueCRLFieldsStr {
typedef struct PreAllocatorStr PreAllocator;
struct PreAllocatorStr
{
struct PreAllocatorStr {
PRSize len;
void* data;
PRSize used;
@ -81,7 +80,6 @@ typedef enum {
dpcacheLookupError = 5 /* internal error */
} dpcacheStatus;
struct CachedCrlStr {
CERTSignedCrl* crl;
CRLOrigin origin;
@ -116,7 +114,7 @@ struct CRLDPCacheStr {
#else
PRLock* lock;
#endif
SECItem *issuerDERCert; /* issuer DER cert. Don't hold a reference
SECItem* issuerDERCert; /* issuer DER cert. Don't hold a reference
to the actual cert so the trust can be
updated on the cert automatically.
XXX there may be multiple issuer certs,
@ -124,7 +122,7 @@ struct CRLDPCacheStr {
need to deal with SKID/AKID . See
bugzilla 217387, 233118 */
CERTCertDBHandle *dbHandle;
CERTCertDBHandle* dbHandle;
SECItem* subject; /* DER of issuer subject */
SECItem* distributionPoint; /* DER of distribution point. This may be
@ -194,46 +192,40 @@ SECStatus ShutdownCRLCache(void);
** null-terminated strings, terminated by a zero-length string.
** This function is intended to be internal to NSS.
*/
extern char * cert_GetCertificateEmailAddresses(CERTCertificate *cert);
extern char* cert_GetCertificateEmailAddresses(CERTCertificate* cert);
/*
* These functions are used to map subjectKeyID extension values to certs
* and to keep track of the checks for user certificates in each slot
*/
SECStatus
cert_CreateSubjectKeyIDHashTable(void);
SECStatus cert_CreateSubjectKeyIDHashTable(void);
SECStatus
cert_AddSubjectKeyIDMapping(SECItem *subjKeyID, CERTCertificate *cert);
SECStatus cert_AddSubjectKeyIDMapping(SECItem* subjKeyID,
CERTCertificate* cert);
SECStatus
cert_UpdateSubjectKeyIDSlotCheck(SECItem *slotid, int series);
SECStatus cert_UpdateSubjectKeyIDSlotCheck(SECItem* slotid, int series);
int
cert_SubjectKeyIDSlotCheckSeries(SECItem *slotid);
int cert_SubjectKeyIDSlotCheckSeries(SECItem* slotid);
/*
* Call this function to remove an entry from the mapping table.
*/
SECStatus
cert_RemoveSubjectKeyIDMapping(SECItem *subjKeyID);
SECStatus cert_RemoveSubjectKeyIDMapping(SECItem* subjKeyID);
SECStatus
cert_DestroySubjectKeyIDHashTable(void);
SECStatus cert_DestroySubjectKeyIDHashTable(void);
SECItem*
cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID);
SECItem* cert_FindDERCertBySubjectKeyID(SECItem* subjKeyID);
/* return maximum length of AVA value based on its type OID tag. */
extern int cert_AVAOidTagToMaxLen(SECOidTag tag);
/* Make an AVA, allocated from pool, from OID and DER encoded value */
extern CERTAVA * CERT_CreateAVAFromRaw(PLArenaPool *pool,
const SECItem * OID, const SECItem * value);
extern CERTAVA* CERT_CreateAVAFromRaw(PLArenaPool* pool, const SECItem* OID,
const SECItem* value);
/* Make an AVA from binary input specified by SECItem */
extern CERTAVA * CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind,
int valueType, SECItem *value);
extern CERTAVA* CERT_CreateAVAFromSECItem(PLArenaPool* arena, SECOidTag kind,
int valueType, SECItem* value);
/*
* get a DPCache object for the given issuer subject and dp
@ -260,10 +252,11 @@ void CERT_MapStanError();
/* Like CERT_VerifyCert, except with an additional argument, flags. The
* flags are defined immediately below.
*/
SECStatus
cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert,
PRBool checkSig, SECCertUsage certUsage, PRTime t,
PRUint32 flags, void *wincx, CERTVerifyLog *log);
SECStatus cert_VerifyCertWithFlags(CERTCertDBHandle* handle,
CERTCertificate* cert, PRBool checkSig,
SECCertUsage certUsage, PRTime t,
PRUint32 flags, void* wincx,
CERTVerifyLog* log);
/* Use the default settings.
* cert_VerifyCertWithFlags(..., CERT_VERIFYCERT_USE_DEFAULTS, ...) is
@ -281,15 +274,10 @@ cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert,
/* Interface function for libpkix cert validation engine:
* cert_verify wrapper. */
SECStatus
cert_VerifyCertChainPkix(CERTCertificate *cert,
PRBool checkSig,
SECCertUsage requiredUsage,
PRTime time,
void *wincx,
CERTVerifyLog *log,
PRBool *sigError,
PRBool *revoked);
SECStatus cert_VerifyCertChainPkix(CERTCertificate* cert, PRBool checkSig,
SECCertUsage requiredUsage, PRTime time,
void* wincx, CERTVerifyLog* log,
PRBool* sigError, PRBool* revoked);
SECStatus cert_InitLocks(void);
@ -298,17 +286,16 @@ SECStatus cert_DestroyLocks(void);
/*
* fill in nsCertType field of the cert based on the cert extension
*/
extern SECStatus cert_GetCertType(CERTCertificate *cert);
extern SECStatus cert_GetCertType(CERTCertificate* cert);
/*
* compute and return the value of nsCertType for cert, but do not
* update the CERTCertificate.
*/
extern PRUint32 cert_ComputeCertType(CERTCertificate *cert);
extern PRUint32 cert_ComputeCertType(CERTCertificate* cert);
void cert_AddToVerifyLog(CERTVerifyLog *log,CERTCertificate *cert,
long errorCode, unsigned int depth,
void *arg);
void cert_AddToVerifyLog(CERTVerifyLog* log, CERTCertificate* cert,
long errorCode, unsigned int depth, void* arg);
/* Insert a DER CRL into the CRL cache, and take ownership of it.
*
@ -355,12 +342,12 @@ typedef enum {
/* Returns detailed status of the cert(revStatus variable). Tells if
* issuer cache has OriginFetchedWithTimeout crl in it. */
SECStatus
cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer,
const SECItem* dp, PRTime t, void *wincx,
CERTRevocationStatus *revStatus,
CERTCRLEntryReasonCode *revReason);
SECStatus cert_CheckCertRevocationStatus(CERTCertificate* cert,
CERTCertificate* issuer,
const SECItem* dp, PRTime t,
void* wincx,
CERTRevocationStatus* revStatus,
CERTCRLEntryReasonCode* revReason);
SECStatus cert_AcquireNamedCRLCache(NamedCRLCache** returned);
@ -374,12 +361,11 @@ SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc,
SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc);
/* This is private for now. Maybe shoule be public. */
CERTGeneralName *
cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena);
CERTGeneralName* cert_GetSubjectAltNameList(const CERTCertificate* cert,
PLArenaPool* arena);
/* Count DNS names and IP addresses in a list of GeneralNames */
PRUint32
cert_CountDNSPatterns(CERTGeneralName *firstName);
PRUint32 cert_CountDNSPatterns(CERTGeneralName* firstName);
/*
* returns the trust status of the leaf certificate based on usage.
@ -389,11 +375,7 @@ cert_CountDNSPatterns(CERTGeneralName *firstName);
* SECSuccess. This function does not check if the cert is fit for a
* particular usage.
*/
SECStatus
cert_CheckLeafTrust(CERTCertificate *cert,
SECCertUsage usage,
unsigned int *failedFlags,
PRBool *isTrusted);
SECStatus cert_CheckLeafTrust(CERTCertificate* cert, SECCertUsage usage,
unsigned int* failedFlags, PRBool* isTrusted);
#endif /* _CERTI_H_ */

143
security/nss/lib/certdb/certt.h
Просмотреть файл

@ -150,10 +150,13 @@ typedef enum SECTrustTypeEnum {
trustTypeNone = 3
} SECTrustType;
#define SEC_GET_TRUST_FLAGS(trust,type) \
(((type)==trustSSL)?((trust)->sslFlags): \
(((type)==trustEmail)?((trust)->emailFlags): \
(((type)==trustObjectSigning)?((trust)->objectSigningFlags):0)))
#define SEC_GET_TRUST_FLAGS(trust, type) \
(((type) == trustSSL) \
? ((trust)->sslFlags) \
: (((type) == trustEmail) ? ((trust)->emailFlags) \
: (((type) == trustObjectSigning) \
? ((trust)->objectSigningFlags) \
: 0)))
/*
** An X.509.3 certificate extension
@ -255,7 +258,7 @@ struct CERTCertificateStr {
/* these belong in the static section, but are here to maintain
* the structure's integrity
*/
CERTAuthKeyID * authKeyID; /* x509v3 authority key identifier */
CERTAuthKeyID *authKeyID; /* x509v3 authority key identifier */
PRBool isRoot; /* cert is the end of a chain */
/* these fields are used by client GUI code to keep track of ssl sockets
@ -264,9 +267,9 @@ struct CERTCertificateStr {
* data structure. They are only used by the browser right now.
*/
union {
void* apointer; /* was struct SECSocketNode* authsocketlist */
void *apointer; /* was struct SECSocketNode* authsocketlist */
struct {
unsigned int hasUnsupportedCriticalExt :1;
unsigned int hasUnsupportedCriticalExt : 1;
/* add any new option bits needed here */
} bits;
} options;
@ -320,7 +323,6 @@ struct CERTCertificateRequestStr {
};
#define SEC_CERTIFICATE_REQUEST_VERSION 0 /* what we *create* */
/*
** A certificate list object.
*/
@ -344,7 +346,7 @@ struct CERTCertListStr {
#define CERT_LIST_HEAD(l) ((CERTCertListNode *)PR_LIST_HEAD(&l->list))
#define CERT_LIST_TAIL(l) ((CERTCertListNode *)PR_LIST_TAIL(&l->list))
#define CERT_LIST_NEXT(n) ((CERTCertListNode *)n->links.next)
#define CERT_LIST_END(n,l) (((void *)n) == ((void *)&l->list))
#define CERT_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
#define CERT_LIST_EMPTY(l) CERT_LIST_END(CERT_LIST_HEAD(l), l)
struct CERTCrlEntryStr {
@ -388,10 +390,9 @@ struct CERTSignedCrlStr {
SECItem *derCrl;
PK11SlotInfo *slot;
CK_OBJECT_HANDLE pkcs11ID;
void* opaque; /* do not touch */
void *opaque; /* do not touch */
};
struct CERTCrlHeadNodeStr {
PLArenaPool *arena;
CERTCertDBHandle *dbhandle;
@ -399,14 +400,12 @@ struct CERTCrlHeadNodeStr {
CERTCrlNode *last;
};
struct CERTCrlNodeStr {
CERTCrlNode *next;
int type;
CERTSignedCrl *crl;
};
/*
* Array of X.500 Distinguished Names
*/
@ -417,7 +416,6 @@ struct CERTDistNamesStr {
void *head; /* private */
};
#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
@ -430,15 +428,13 @@ struct CERTDistNamesStr {
#define EXT_KEY_USAGE_TIME_STAMP (0x8000)
#define EXT_KEY_USAGE_STATUS_RESPONDER (0x4000)
#define NS_CERT_TYPE_APP ( NS_CERT_TYPE_SSL_CLIENT | \
NS_CERT_TYPE_SSL_SERVER | \
NS_CERT_TYPE_EMAIL | \
NS_CERT_TYPE_OBJECT_SIGNING )
#define NS_CERT_TYPE_APP \
(NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \
NS_CERT_TYPE_OBJECT_SIGNING)
#define NS_CERT_TYPE_CA ( NS_CERT_TYPE_SSL_CA | \
NS_CERT_TYPE_EMAIL_CA | \
NS_CERT_TYPE_OBJECT_SIGNING_CA | \
EXT_KEY_USAGE_STATUS_RESPONDER )
#define NS_CERT_TYPE_CA \
(NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA | \
NS_CERT_TYPE_OBJECT_SIGNING_CA | EXT_KEY_USAGE_STATUS_RESPONDER)
typedef enum SECCertUsageEnum {
certUsageSSLClient = 0,
certUsageSSLServer = 1,
@ -498,8 +494,7 @@ typedef enum SECCertTimeValidityEnum {
* CERT_CompareValidityTimes.
*/
typedef enum CERTCompareValidityStatusEnum
{
typedef enum CERTCompareValidityStatusEnum {
certValidityUndetermined = 0, /* the function is unable to select one cert
over another */
certValidityChooseB = 1, /* cert B should be preferred */
@ -532,7 +527,6 @@ struct CERTIssuerAndSNStr {
SECItem serialNumber;
};
/* X.509 v3 Key Usage Extension flags */
#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
#define KU_NON_REPUDIATION (0x40) /* bit 1 */
@ -542,14 +536,10 @@ struct CERTIssuerAndSNStr {
#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
#define KU_CRL_SIGN (0x02) /* bit 6 */
#define KU_ENCIPHER_ONLY (0x01) /* bit 7 */
#define KU_ALL (KU_DIGITAL_SIGNATURE | \
KU_NON_REPUDIATION | \
KU_KEY_ENCIPHERMENT | \
KU_DATA_ENCIPHERMENT | \
KU_KEY_AGREEMENT | \
KU_KEY_CERT_SIGN | \
KU_CRL_SIGN | \
KU_ENCIPHER_ONLY)
#define KU_ALL \
(KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT | \
KU_DATA_ENCIPHERMENT | KU_KEY_AGREEMENT | KU_KEY_CERT_SIGN | \
KU_CRL_SIGN | KU_ENCIPHER_ONLY)
/* This value will not occur in certs. It is used internally for the case
* when either digital signature or non-repudiation is the correct value.
@ -567,14 +557,14 @@ struct CERTIssuerAndSNStr {
*/
#define KU_NS_GOVT_APPROVED (0x8000) /*don't make part of KU_ALL!*/
/*
* x.509 v3 Basic Constraints Extension
* If isCA is false, the pathLenConstraint is ignored.
* Otherwise, the following pathLenConstraint values will apply:
* < 0 - there is no limit to the certificate path
* 0 - CA can issues end-entity certificates only
* > 0 - the number of certificates in the certificate path is
* limited to this number
*/
* x.509 v3 Basic Constraints Extension
* If isCA is false, the pathLenConstraint is ignored.
* Otherwise, the following pathLenConstraint values will apply:
* < 0 - there is no limit to the certificate path
* 0 - CA can issues end-entity certificates only
* > 0 - the number of certificates in the certificate path is
* limited to this number
*/
#define CERT_UNLIMITED_PATH_CONSTRAINT -2
struct CERTBasicConstraintsStr {
@ -628,13 +618,10 @@ typedef enum CERTGeneralNameTypeEnum {
certRegisterID = 9
} CERTGeneralNameType;
typedef struct OtherNameStr {
SECItem name;
SECItem oid;
}OtherName;
} OtherName;
struct CERTGeneralNameStr {
CERTGeneralNameType type; /* name type */
@ -642,7 +629,7 @@ struct CERTGeneralNameStr {
CERTName directoryName; /* distinguish name */
OtherName OthName; /* Other Name */
SECItem other; /* the rest of the name forms */
}name;
} name;
SECItem derDirectoryName; /* this is saved to simplify directory name
comparison */
PRCList l;
@ -664,7 +651,6 @@ struct CERTNameConstraintStr {
PRCList l;
};
struct CERTNameConstraintsStr {
CERTNameConstraint *permited;
CERTNameConstraint *excluded;
@ -672,7 +658,6 @@ struct CERTNameConstraintsStr {
SECItem **DERExcluded;
};
/* Private Key Usage Period extension struct. */
struct CERTPrivKeyUsagePeriodStr {
SECItem notBefore;
@ -739,7 +724,6 @@ struct CERTVerifyLogNodeStr {
struct CERTVerifyLogNodeStr *prev; /* next in the list */
};
struct CERTVerifyLogStr {
PLArenaPool *arena;
unsigned int count;
@ -747,19 +731,16 @@ struct CERTVerifyLogStr {
struct CERTVerifyLogNodeStr *tail;
};
struct CERTOKDomainNameStr {
CERTOKDomainName *next;
char name[1]; /* actual length may be longer. */
};
typedef SECStatus (PR_CALLBACK *CERTStatusChecker) (CERTCertDBHandle *handle,
typedef SECStatus(PR_CALLBACK *CERTStatusChecker)(CERTCertDBHandle *handle,
CERTCertificate *cert,
PRTime time,
void *pwArg);
PRTime time, void *pwArg);
typedef SECStatus (PR_CALLBACK *CERTStatusDestroy) (CERTStatusConfig *handle);
typedef SECStatus(PR_CALLBACK *CERTStatusDestroy)(CERTStatusConfig *handle);
struct CERTStatusConfigStr {
CERTStatusChecker statusChecker; /* NULL means no checking enabled */
@ -773,10 +754,9 @@ struct CERTAuthInfoAccessStr {
CERTGeneralName *location; /* decoded location */
};
/* This is the typedef for the callback passed to CERT_OpenCertDB() */
/* callback to return database name based on version number */
typedef char * (*CERTDBNameFunc)(void *arg, int dbVersion);
typedef char *(*CERTDBNameFunc)(void *arg, int dbVersion);
/*
* types of cert packages that we can decode
@ -875,10 +855,8 @@ typedef struct {
* to indicate an fatal error that will cause path validation to fail
* immediately.
*/
typedef SECStatus (*CERTChainVerifyCallbackFunc)
(void *isChainValidArg,
const CERTCertList *currentChain,
PRBool *chainOK);
typedef SECStatus (*CERTChainVerifyCallbackFunc)(
void *isChainValidArg, const CERTCertList *currentChain, PRBool *chainOK);
/*
* Note: If extending this structure, it will be necessary to change the
@ -931,7 +909,7 @@ typedef enum {
* Values match the KU_ bit flags defined
* in this file. Default is derived from
* the 'usages' function argument */
cert_pi_extendedKeyusage= 7, /* specify what the required extended key
cert_pi_extendedKeyusage = 7, /* specify what the required extended key
* usage of the certificate. Specified as
* an array of oidTags in value.array.oids.
* The cert must validate for at least one
@ -944,17 +922,20 @@ typedef enum {
cert_pi_revocationFlags = 9, /* Specify what revocation checking to do.
* See CERT_REV_FLAG_* macros below
* Set in value.pointer.revocation */
cert_pi_certStores = 10,/* Bitmask of Cert Store flags (see below)
cert_pi_certStores = 10, /* Bitmask of Cert Store flags (see below)
* Set in value.scalar.ui */
cert_pi_trustAnchors = 11,/* Specify the list of trusted roots to
cert_pi_trustAnchors =
11, /* Specify the list of trusted roots to
* validate against.
* The default set of trusted roots, these are
* root CA certs from libnssckbi.so or CA
* certs trusted by user, are used in any of
* the following cases:
* * when the parameter is not set.
* * when the list of trust anchors is empty.
* Note that this handling can be further altered by altering the
* * when the list of trust anchors is
* empty.
* Note that this handling can be further
* altered by altering the
* cert_pi_useOnlyTrustAnchors flag
* Specified in value.pointer.chain */
cert_pi_useAIACertFetch = 12, /* Enables cert fetching using AIA extension.
@ -964,13 +945,14 @@ typedef enum {
/* The callback container for doing extra
* validation on the currently calculated chain.
* Value is in value.pointer.chainVerifyCallback */
cert_pi_useOnlyTrustAnchors = 14,/* If true, disables trusting any
cert_pi_useOnlyTrustAnchors = 14,
/* If true, disables trusting any
* certificates other than the ones passed in via cert_pi_trustAnchors.
* If false, then the certificates specified via cert_pi_trustAnchors
* will be combined with the pre-existing trusted roots, but only for
* the certificate validation being performed.
* If no value has been supplied via cert_pi_trustAnchors, this has no
* effect.
* will be combined with the pre-existing trusted roots, but only
* for the certificate validation being performed.
* If no value has been supplied via cert_pi_trustAnchors, this has
* no effect.
* The default value is true, meaning if this is not supplied, only
* trust anchors supplied via cert_pi_trustAnchors are trusted.
* Specified in value.scalar.b */
@ -1015,7 +997,7 @@ typedef enum {
cert_po_keyUsage = 7, /* Return what key usages the certificate
* is valid for.
* Returned in value.scalar.usage */
cert_po_extendedKeyusage= 8, /* Return what extended key usages the
cert_po_extendedKeyusage = 8, /* Return what extended key usages the
* certificate is valid for.
* Returned in value.array.oids */
cert_po_max /* SPECIAL: signifies maximum allowed value,
@ -1029,7 +1011,6 @@ typedef enum {
cert_revocation_method_count
} CERTRevocationMethodIndex;
/*
* The following flags are supposed to be used to control bits in
* each integer contained in the array pointed to be:
@ -1150,7 +1131,6 @@ typedef enum {
#define CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0UL
#define CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 2UL
typedef struct {
/*
* The size of the array that cert_rev_flags_per_method points to,
@ -1215,9 +1195,9 @@ typedef struct CERTValParamInValueStr {
PRTime time;
} scalar;
union {
const void* p;
const char* s;
const CERTCertificate* cert;
const void *p;
const char *s;
const CERTCertificate *cert;
const CERTCertList *chain;
const CERTRevocationFlags *revocation;
const CERTChainVerifyCallback *chainVerifyCallback;
@ -1232,7 +1212,6 @@ typedef struct CERTValParamInValueStr {
int arraySize;
} CERTValParamInValue;
typedef struct CERTValParamOutValueStr {
union {
PRBool b;
@ -1243,10 +1222,10 @@ typedef struct CERTValParamOutValueStr {
SECCertificateUsage usages;
} scalar;
union {
void* p;
char* s;
void *p;
char *s;
CERTVerifyLog *log;
CERTCertificate* cert;
CERTCertificate *cert;
CERTCertList *chain;
} pointer;
union {
@ -1293,7 +1272,7 @@ typedef enum CertStrictnessLevels {
* a CERTCertificate * and returns an allocated string, which must be
* freed by a call to PORT_Free.
*/
typedef char * (*CERT_StringFromCertFcn)(CERTCertificate *cert);
typedef char *(*CERT_StringFromCertFcn)(CERTCertificate *cert);
/* XXX Lisa thinks the template declarations belong in cert.h, not here? */

80
security/nss/lib/certdb/certv3.c
Просмотреть файл

@ -15,17 +15,15 @@
#include "secerr.h"
SECStatus
CERT_FindCertExtensionByOID(CERTCertificate *cert, SECItem *oid,
SECItem *value)
CERT_FindCertExtensionByOID(CERTCertificate *cert, SECItem *oid, SECItem *value)
{
return (cert_FindExtensionByOID (cert->extensions, oid, value));
return (cert_FindExtensionByOID(cert->extensions, oid, value));
}
SECStatus
CERT_FindCertExtension(const CERTCertificate *cert, int tag, SECItem *value)
{
return (cert_FindExtension (cert->extensions, tag, value));
return (cert_FindExtension(cert->extensions, tag, value));
}
static void
@ -34,13 +32,13 @@ SetExts(void *object, CERTCertExtension **exts)
CERTCertificate *cert = (CERTCertificate *)object;
cert->extensions = exts;
DER_SetUInteger (cert->arena, &(cert->version), SEC_CERTIFICATE_VERSION_3);
DER_SetUInteger(cert->arena, &(cert->version), SEC_CERTIFICATE_VERSION_3);
}
void *
CERT_StartCertExtensions(CERTCertificate *cert)
{
return (cert_StartExtensions ((void *)cert, cert->arena, SetExts));
return (cert_StartExtensions((void *)cert, cert->arena, SetExts));
}
/*
@ -50,18 +48,17 @@ SECStatus
CERT_FindNSCertTypeExtension(CERTCertificate *cert, SECItem *retItem)
{
return (CERT_FindBitStringExtension
(cert->extensions, SEC_OID_NS_CERT_EXT_CERT_TYPE, retItem));
return (CERT_FindBitStringExtension(
cert->extensions, SEC_OID_NS_CERT_EXT_CERT_TYPE, retItem));
}
/*
* get the value of a string type extension
*/
char *
CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag)
{
SECItem wrapperItem, tmpItem = {siBuffer,0};
SECItem wrapperItem, tmpItem = { siBuffer, 0 };
SECStatus rv;
PLArenaPool *arena = NULL;
char *retstring = NULL;
@ -71,25 +68,24 @@ CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag)
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( ! arena ) {
if (!arena) {
goto loser;
}
rv = cert_FindExtension(cert->extensions, oidtag,
&wrapperItem);
if ( rv != SECSuccess ) {
rv = cert_FindExtension(cert->extensions, oidtag, &wrapperItem);
if (rv != SECSuccess) {
goto loser;
}
rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
SEC_ASN1_GET(SEC_IA5StringTemplate), &wrapperItem);
rv = SEC_QuickDERDecodeItem(
arena, &tmpItem, SEC_ASN1_GET(SEC_IA5StringTemplate), &wrapperItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
retstring = (char *)PORT_Alloc(tmpItem.len + 1 );
if ( retstring == NULL ) {
retstring = (char *)PORT_Alloc(tmpItem.len + 1);
if (retstring == NULL) {
goto loser;
}
@ -97,15 +93,15 @@ CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag)
retstring[tmpItem.len] = '\0';
loser:
if ( arena ) {
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
if ( wrapperItem.data ) {
if (wrapperItem.data) {
PORT_Free(wrapperItem.data);
}
return(retstring);
return (retstring);
}
/*
@ -127,13 +123,13 @@ CERT_FindSubjectKeyIDExtension(CERTCertificate *cert, SECItem *retItem)
{
SECStatus rv;
SECItem encodedValue = {siBuffer, NULL, 0 };
SECItem decodedValue = {siBuffer, NULL, 0 };
SECItem encodedValue = { siBuffer, NULL, 0 };
SECItem decodedValue = { siBuffer, NULL, 0 };
rv = cert_FindExtension
(cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID, &encodedValue);
rv = cert_FindExtension(cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID,
&encodedValue);
if (rv == SECSuccess) {
PLArenaPool * tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
PLArenaPool *tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (tmpArena) {
rv = SEC_QuickDERDecodeItem(tmpArena, &decodedValue,
SEC_ASN1_GET(SEC_OctetStringTemplate),
@ -142,7 +138,8 @@ CERT_FindSubjectKeyIDExtension(CERTCertificate *cert, SECItem *retItem)
rv = SECITEM_CopyItem(NULL, retItem, &decodedValue);
}
PORT_FreeArena(tmpArena, PR_FALSE);
} else {
}
else {
rv = SECFailure;
}
}
@ -162,21 +159,21 @@ CERT_FindBasicConstraintExten(CERTCertificate *cert,
rv = cert_FindExtension(cert->extensions, SEC_OID_X509_BASIC_CONSTRAINTS,
&encodedExtenValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
return (rv);
}
rv = CERT_DecodeBasicConstraintValue (value, &encodedExtenValue);
rv = CERT_DecodeBasicConstraintValue(value, &encodedExtenValue);
/* free the raw extension data */
PORT_Free(encodedExtenValue.data);
encodedExtenValue.data = NULL;
return(rv);
return (rv);
}
CERTAuthKeyID *
CERT_FindAuthKeyIDExten (PLArenaPool *arena, CERTCertificate *cert)
CERT_FindAuthKeyIDExten(PLArenaPool *arena, CERTCertificate *cert)
{
SECItem encodedExtenValue;
SECStatus rv;
@ -187,16 +184,16 @@ CERT_FindAuthKeyIDExten (PLArenaPool *arena, CERTCertificate *cert)
rv = cert_FindExtension(cert->extensions, SEC_OID_X509_AUTH_KEY_ID,
&encodedExtenValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
return (NULL);
}
ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue);
ret = CERT_DecodeAuthKeyID(arena, &encodedExtenValue);
PORT_Free(encodedExtenValue.data);
encodedExtenValue.data = NULL;
return(ret);
return (ret);
}
SECStatus
@ -218,12 +215,13 @@ CERT_CheckCertUsage(CERTCertificate *cert, unsigned char usage)
*/
rv = CERT_FindKeyUsageExtension(cert, &keyUsage);
if (rv == SECFailure) {
rv = (PORT_GetError () == SEC_ERROR_EXTENSION_NOT_FOUND) ?
SECSuccess : SECFailure;
} else if (!(keyUsage.data[0] & usage)) {
PORT_SetError (SEC_ERROR_CERT_USAGES_INVALID);
rv = (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) ? SECSuccess
: SECFailure;
}
else if (!(keyUsage.data[0] & usage)) {
PORT_SetError(SEC_ERROR_CERT_USAGES_INVALID);
rv = SECFailure;
}
PORT_Free (keyUsage.data);
PORT_Free(keyUsage.data);
return (rv);
}

156
security/nss/lib/certdb/certxutl.c
Просмотреть файл

@ -21,7 +21,7 @@
#endif
static CERTCertExtension *
GetExtension (CERTCertExtension **extensions, SECItem *oid)
GetExtension(CERTCertExtension **extensions, SECItem *oid)
{
CERTCertExtension **exts;
CERTCertExtension *ext = NULL;
@ -30,10 +30,10 @@ GetExtension (CERTCertExtension **extensions, SECItem *oid)
exts = extensions;
if (exts) {
while ( *exts ) {
while (*exts) {
ext = *exts;
comp = SECITEM_CompareItem(oid, &ext->id);
if ( comp == SECEqual )
if (comp == SECEqual)
break;
exts++;
@ -44,14 +44,15 @@ GetExtension (CERTCertExtension **extensions, SECItem *oid)
}
SECStatus
cert_FindExtensionByOID (CERTCertExtension **extensions, SECItem *oid, SECItem *value)
cert_FindExtensionByOID(CERTCertExtension **extensions, SECItem *oid,
SECItem *value)
{
CERTCertExtension *ext;
SECStatus rv = SECSuccess;
ext = GetExtension (extensions, oid);
ext = GetExtension(extensions, oid);
if (ext == NULL) {
PORT_SetError (SEC_ERROR_EXTENSION_NOT_FOUND);
PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
return (SECFailure);
}
if (value)
@ -59,9 +60,9 @@ cert_FindExtensionByOID (CERTCertExtension **extensions, SECItem *oid, SECItem *
return (rv);
}
SECStatus
CERT_GetExtenCriticality (CERTCertExtension **extensions, int tag, PRBool *isCritical)
CERT_GetExtenCriticality(CERTCertExtension **extensions, int tag,
PRBool *isCritical)
{
CERTCertExtension *ext;
SECOidData *oid;
@ -71,12 +72,12 @@ CERT_GetExtenCriticality (CERTCertExtension **extensions, int tag, PRBool *isCri
/* find the extension in the extensions list */
oid = SECOID_FindOIDByTag((SECOidTag)tag);
if ( !oid ) {
return(SECFailure);
if (!oid) {
return (SECFailure);
}
ext = GetExtension (extensions, &oid->oid);
ext = GetExtension(extensions, &oid->oid);
if (ext == NULL) {
PORT_SetError (SEC_ERROR_EXTENSION_NOT_FOUND);
PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
return (SECFailure);
}
@ -95,14 +96,13 @@ cert_FindExtension(CERTCertExtension **extensions, int tag, SECItem *value)
SECOidData *oid;
oid = SECOID_FindOIDByTag((SECOidTag)tag);
if ( !oid ) {
return(SECFailure);
if (!oid) {
return (SECFailure);
}
return(cert_FindExtensionByOID(extensions, &oid->oid, value));
return (cert_FindExtensionByOID(extensions, &oid->oid, value));
}
typedef struct _extNode {
struct _extNode *next;
CERTCertExtension *ext;
@ -115,7 +115,7 @@ typedef struct {
PLArenaPool *arena;
extNode *head;
int count;
}extRec;
} extRec;
/*
* cert_StartExtensions
@ -131,14 +131,14 @@ cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
extRec *handle;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
return(0);
if (!arena) {
return (0);
}
handle = (extRec *)PORT_ArenaAlloc(arena, sizeof(extRec));
if ( !handle ) {
if (!handle) {
PORT_FreeArena(arena, PR_FALSE);
return(0);
return (0);
}
handle->object = owner;
@ -149,7 +149,7 @@ cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
handle->head = 0;
handle->count = 0;
return(handle);
return (handle);
}
static unsigned char hextrue = 0xff;
@ -158,7 +158,7 @@ static unsigned char hextrue = 0xff;
* Note - assumes that data pointed to by oid->data will not move
*/
SECStatus
CERT_AddExtensionByOID (void *exthandle, SECItem *oid, SECItem *value,
CERT_AddExtensionByOID(void *exthandle, SECItem *oid, SECItem *value,
PRBool critical, PRBool copyData)
{
CERTCertExtension *ext;
@ -169,15 +169,15 @@ CERT_AddExtensionByOID (void *exthandle, SECItem *oid, SECItem *value,
handle = (extRec *)exthandle;
/* allocate space for extension and list node */
ext = (CERTCertExtension*)PORT_ArenaZAlloc(handle->ownerArena,
ext = (CERTCertExtension *)PORT_ArenaZAlloc(handle->ownerArena,
sizeof(CERTCertExtension));
if ( !ext ) {
return(SECFailure);
if (!ext) {
return (SECFailure);
}
node = (extNode*)PORT_ArenaAlloc(handle->arena, sizeof(extNode));
if ( !node ) {
return(SECFailure);
node = (extNode *)PORT_ArenaAlloc(handle->arena, sizeof(extNode));
if (!node) {
return (SECFailure);
}
/* add to list */
@ -191,39 +191,40 @@ CERT_AddExtensionByOID (void *exthandle, SECItem *oid, SECItem *value,
ext->id = *oid;
/* set critical field */
if ( critical ) {
ext->critical.data = (unsigned char*)&hextrue;
if (critical) {
ext->critical.data = (unsigned char *)&hextrue;
ext->critical.len = 1;
}
/* set the value */
if ( copyData ) {
if (copyData) {
rv = SECITEM_CopyItem(handle->ownerArena, &ext->value, value);
if ( rv ) {
return(SECFailure);
if (rv) {
return (SECFailure);
}
} else {
}
else {
ext->value = *value;
}
handle->count++;
return(SECSuccess);
return (SECSuccess);
}
SECStatus
CERT_AddExtension(void *exthandle, int idtag, SECItem *value,
PRBool critical, PRBool copyData)
CERT_AddExtension(void *exthandle, int idtag, SECItem *value, PRBool critical,
PRBool copyData)
{
SECOidData *oid;
oid = SECOID_FindOIDByTag((SECOidTag)idtag);
if ( !oid ) {
return(SECFailure);
if (!oid) {
return (SECFailure);
}
return(CERT_AddExtensionByOID(exthandle, &oid->oid, value, critical, copyData));
return (CERT_AddExtensionByOID(exthandle, &oid->oid, value, critical,
copyData));
}
SECStatus
@ -236,15 +237,15 @@ CERT_EncodeAndAddExtension(void *exthandle, int idtag, void *value,
handle = (extRec *)exthandle;
encitem = SEC_ASN1EncodeItem(handle->ownerArena, NULL, value, atemplate);
if ( encitem == NULL ) {
return(SECFailure);
if (encitem == NULL) {
return (SECFailure);
}
return CERT_AddExtension(exthandle, idtag, encitem, critical, PR_FALSE);
}
void
PrepareBitStringForEncoding (SECItem *bitsmap, SECItem *value)
PrepareBitStringForEncoding(SECItem *bitsmap, SECItem *value)
{
unsigned char onebyte;
unsigned int i, len = 0;
@ -252,13 +253,12 @@ PrepareBitStringForEncoding (SECItem *bitsmap, SECItem *value)
/* to prevent warning on some platform at compile time */
onebyte = '\0';
/* Get the position of the right-most turn-on bit */
for (i = 0; i < (value->len ) * 8; ++i) {
for (i = 0; i < (value->len) * 8; ++i) {
if (i % 8 == 0)
onebyte = value->data[i/8];
onebyte = value->data[i / 8];
if (onebyte & 0x80)
len = i;
onebyte <<= 1;
}
bitsmap->data = value->data;
/* Add one here since we work with base 1 */
@ -266,14 +266,13 @@ PrepareBitStringForEncoding (SECItem *bitsmap, SECItem *value)
}
SECStatus
CERT_EncodeAndAddBitStrExtension (void *exthandle, int idtag,
SECItem *value, PRBool critical)
CERT_EncodeAndAddBitStrExtension(void *exthandle, int idtag, SECItem *value,
PRBool critical)
{
SECItem bitsmap;
PrepareBitStringForEncoding (&bitsmap, value);
return (CERT_EncodeAndAddExtension
(exthandle, idtag, &bitsmap, critical,
PrepareBitStringForEncoding(&bitsmap, value);
return (CERT_EncodeAndAddExtension(exthandle, idtag, &bitsmap, critical,
SEC_ASN1_GET(SEC_BitStringTemplate)));
}
@ -294,18 +293,18 @@ CERT_FinishExtensions(void *exthandle)
goto loser;
}
/* put extensions in owner object and update its version number */
/* put extensions in owner object and update its version number */
#ifdef OLD
switch (handle->type) {
case CertificateExtensions:
handle->owner.cert->extensions = exts;
DER_SetUInteger (ownerArena, &(handle->owner.cert->version),
DER_SetUInteger(ownerArena, &(handle->owner.cert->version),
SEC_CERTIFICATE_VERSION_3);
break;
case CrlExtensions:
handle->owner.crl->extensions = exts;
DER_SetUInteger (ownerArena, &(handle->owner.crl->version),
DER_SetUInteger(ownerArena, &(handle->owner.crl->version),
SEC_CRL_VERSION_2);
break;
case OCSPRequestExtensions:
@ -326,7 +325,7 @@ CERT_FinishExtensions(void *exthandle)
/* copy each extension pointer */
node = handle->head;
while ( node ) {
while (node) {
*exts = node->ext;
node = node->next;
@ -359,7 +358,7 @@ CERT_MergeExtensions(void *exthandle, CERTCertExtension **extensions)
}
while ((ext = *extensions++) != NULL) {
tag = SECOID_FindOIDTag(&ext->id);
for (node=handle->head; node != NULL; node=node->next) {
for (node = handle->head; node != NULL; node = node->next) {
if (tag == 0) {
if (SECITEM_ItemsAreEqual(&ext->id, &node->ext->id))
break;
@ -379,7 +378,7 @@ CERT_MergeExtensions(void *exthandle, CERTCertExtension **extensions)
break;
}
/* add to list */
rv = CERT_AddExtensionByOID (exthandle, &ext->id, &ext->value,
rv = CERT_AddExtensionByOID(exthandle, &ext->id, &ext->value,
critical, PR_TRUE);
if (rv != SECSuccess)
break;
@ -392,10 +391,10 @@ CERT_MergeExtensions(void *exthandle, CERTCertExtension **extensions)
* get the value of the Netscape Certificate Type Extension
*/
SECStatus
CERT_FindBitStringExtension (CERTCertExtension **extensions, int tag,
CERT_FindBitStringExtension(CERTCertExtension **extensions, int tag,
SECItem *retItem)
{
SECItem wrapperItem, tmpItem = {siBuffer,0};
SECItem wrapperItem, tmpItem = { siBuffer, 0 };
SECStatus rv;
PLArenaPool *arena = NULL;
@ -404,29 +403,28 @@ CERT_FindBitStringExtension (CERTCertExtension **extensions, int tag,
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( ! arena ) {
return(SECFailure);
if (!arena) {
return (SECFailure);
}
rv = cert_FindExtension(extensions, tag, &wrapperItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
SEC_ASN1_GET(SEC_BitStringTemplate),
&wrapperItem);
rv = SEC_QuickDERDecodeItem(
arena, &tmpItem, SEC_ASN1_GET(SEC_BitStringTemplate), &wrapperItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
retItem->data = (unsigned char *)PORT_Alloc( ( tmpItem.len + 7 ) >> 3 );
if ( retItem->data == NULL ) {
retItem->data = (unsigned char *)PORT_Alloc((tmpItem.len + 7) >> 3);
if (retItem->data == NULL) {
goto loser;
}
PORT_Memcpy(retItem->data, tmpItem.data, ( tmpItem.len + 7 ) >> 3);
PORT_Memcpy(retItem->data, tmpItem.data, (tmpItem.len + 7) >> 3);
retItem->len = tmpItem.len;
rv = SECSuccess;
@ -436,19 +434,19 @@ loser:
rv = SECFailure;
done:
if ( arena ) {
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
if ( wrapperItem.data ) {
if (wrapperItem.data) {
PORT_Free(wrapperItem.data);
}
return(rv);
return (rv);
}
PRBool
cert_HasCriticalExtension (CERTCertExtension **extensions)
cert_HasCriticalExtension(CERTCertExtension **extensions)
{
CERTCertExtension **exts;
CERTCertExtension *ext = NULL;
@ -457,7 +455,7 @@ cert_HasCriticalExtension (CERTCertExtension **extensions)
exts = extensions;
if (exts) {
while ( *exts ) {
while (*exts) {
ext = *exts;
/* If the criticality is omitted, it's non-critical */
if (ext->critical.data && ext->critical.data[0] == 0xff) {
@ -471,7 +469,7 @@ cert_HasCriticalExtension (CERTCertExtension **extensions)
}
PRBool
cert_HasUnknownCriticalExten (CERTCertExtension **extensions)
cert_HasUnknownCriticalExten(CERTCertExtension **extensions)
{
CERTCertExtension **exts;
CERTCertExtension *ext = NULL;
@ -480,14 +478,14 @@ cert_HasUnknownCriticalExten (CERTCertExtension **extensions)
exts = extensions;
if (exts) {
while ( *exts ) {
while (*exts) {
ext = *exts;
/* If the criticality is omitted, it's non-critical.
If an extension is critical, make sure that we know
how to process the extension.
*/
if (ext->critical.data && ext->critical.data[0] == 0xff) {
if (SECOID_KnownCertExtenOID (&ext->id) == PR_FALSE) {
if (SECOID_KnownCertExtenOID(&ext->id) == PR_FALSE) {
hasUnknownCriticalExten = PR_TRUE;
break;
}

26
security/nss/lib/certdb/certxutl.h
Просмотреть файл

@ -7,7 +7,6 @@
*
*/
#ifndef _CERTXUTL_H_
#define _CERTXUTL_H_
@ -23,28 +22,23 @@ typedef enum {
} ExtensionsType;
#endif
extern PRBool
cert_HasCriticalExtension (CERTCertExtension **extensions);
extern PRBool cert_HasCriticalExtension(CERTCertExtension **extensions);
extern SECStatus
CERT_FindBitStringExtension (CERTCertExtension **extensions,
extern SECStatus CERT_FindBitStringExtension(CERTCertExtension **extensions,
int tag, SECItem *retItem);
extern void *
cert_StartExtensions (void *owner, PLArenaPool *arena,
void (*setExts)(void *object, CERTCertExtension **exts));
extern void *cert_StartExtensions(void *owner, PLArenaPool *arena,
void (*setExts)(void *object,
CERTCertExtension **exts));
extern SECStatus
cert_FindExtension (CERTCertExtension **extensions, int tag, SECItem *value);
extern SECStatus cert_FindExtension(CERTCertExtension **extensions, int tag,
SECItem *value);
extern SECStatus
cert_FindExtensionByOID (CERTCertExtension **extensions,
extern SECStatus cert_FindExtensionByOID(CERTCertExtension **extensions,
SECItem *oid, SECItem *value);
extern SECStatus
cert_GetExtenCriticality (CERTCertExtension **extensions,
extern SECStatus cert_GetExtenCriticality(CERTCertExtension **extensions,
int tag, PRBool *isCritical);
extern PRBool
cert_HasUnknownCriticalExten (CERTCertExtension **extensions);
extern PRBool cert_HasUnknownCriticalExten(CERTCertExtension **extensions);
#endif

1598
security/nss/lib/certdb/crl.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

443
security/nss/lib/certdb/genname.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

67
security/nss/lib/certdb/genname.h
Просмотреть файл

@ -17,85 +17,72 @@ SEC_BEGIN_PROTOS
extern const SEC_ASN1Template CERT_GeneralNamesTemplate[];
extern SECItem **
cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names);
extern SECItem **cert_EncodeGeneralNames(PLArenaPool *arena,
CERTGeneralName *names);
extern CERTGeneralName *
cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName);
extern CERTGeneralName *cert_DecodeGeneralNames(PLArenaPool *arena,
SECItem **encodedGenName);
extern SECStatus
cert_DestroyGeneralNames(CERTGeneralName *name);
extern SECStatus cert_DestroyGeneralNames(CERTGeneralName *name);
extern SECStatus
cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena,
SECItem *dest);
extern SECStatus cert_EncodeNameConstraints(CERTNameConstraints *constraints,
PLArenaPool *arena, SECItem *dest);
extern CERTNameConstraints *
cert_DecodeNameConstraints(PLArenaPool *arena, const SECItem *encodedConstraints);
extern CERTNameConstraints *cert_DecodeNameConstraints(
PLArenaPool *arena, const SECItem *encodedConstraints);
extern CERTGeneralName *
cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2);
extern CERTGeneralName *cert_CombineNamesLists(CERTGeneralName *list1,
CERTGeneralName *list2);
extern CERTNameConstraint *
cert_CombineConstraintsLists(CERTNameConstraint *list1, CERTNameConstraint *list2);
extern CERTNameConstraint *cert_CombineConstraintsLists(
CERTNameConstraint *list1, CERTNameConstraint *list2);
/*********************************************************************/
/* A thread safe implementation of General Names */
/*********************************************************************/
/* Destroy a Single CERTGeneralName */
void
CERT_DestroyGeneralName(CERTGeneralName *name);
void CERT_DestroyGeneralName(CERTGeneralName *name);
SECStatus
CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b);
SECStatus CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b);
SECStatus
CERT_CopyGeneralName(PLArenaPool *arena,
CERTGeneralName *dest,
SECStatus CERT_CopyGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
CERTGeneralName *src);
/* General Name Lists are a thread safe, reference counting layer to
* general names */
/* Destroys a CERTGeneralNameList */
void
CERT_DestroyGeneralNameList(CERTGeneralNameList *list);
void CERT_DestroyGeneralNameList(CERTGeneralNameList *list);
/* Creates a CERTGeneralNameList */
CERTGeneralNameList *
CERT_CreateGeneralNameList(CERTGeneralName *name);
CERTGeneralNameList *CERT_CreateGeneralNameList(CERTGeneralName *name);
/* Compares two CERTGeneralNameList */
SECStatus
CERT_CompareGeneralNameLists(CERTGeneralNameList *a, CERTGeneralNameList *b);
SECStatus CERT_CompareGeneralNameLists(CERTGeneralNameList *a,
CERTGeneralNameList *b);
/* returns a copy of the first name of the type requested */
void *
CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
void *CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
CERTGeneralNameType type,
PLArenaPool *arena);
/* Adds a name to the tail of the list */
void
CERT_AddGeneralNameToList(CERTGeneralNameList *list,
CERTGeneralNameType type,
void *data, SECItem *oid);
void CERT_AddGeneralNameToList(CERTGeneralNameList *list,
CERTGeneralNameType type, void *data,
SECItem *oid);
/* returns a duplicate of the CERTGeneralNameList */
CERTGeneralNameList *
CERT_DupGeneralNameList(CERTGeneralNameList *list);
CERTGeneralNameList *CERT_DupGeneralNameList(CERTGeneralNameList *list);
/* returns the number of CERTGeneralName objects in the doubly linked
** list of which *names is a member.
*/
extern int
CERT_GetNamesLength(CERTGeneralName *names);
extern int CERT_GetNamesLength(CERTGeneralName *names);
/************************************************************************/
SECStatus
CERT_CompareNameSpace(CERTCertificate *cert,
SECStatus CERT_CompareNameSpace(CERTCertificate *cert,
CERTGeneralName *namesList,
CERTCertificate **certsList,
PLArenaPool *reqArena,

322
security/nss/lib/certdb/polcyxtn.c
Просмотреть файл

@ -20,18 +20,16 @@ SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
const SEC_ASN1Template CERT_DisplayTextTypeTemplate[] = {
{ SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) },
{ SEC_ASN1_IA5_STRING, 0, 0, siAsciiString},
{ SEC_ASN1_VISIBLE_STRING , 0, 0, siVisibleString},
{ SEC_ASN1_BMP_STRING , 0, 0, siBMPString },
{ SEC_ASN1_UTF8_STRING , 0, 0, siUTF8String },
{ SEC_ASN1_IA5_STRING, 0, 0, siAsciiString },
{ SEC_ASN1_VISIBLE_STRING, 0, 0, siVisibleString },
{ SEC_ASN1_BMP_STRING, 0, 0, siBMPString },
{ SEC_ASN1_UTF8_STRING, 0, 0, siUTF8String },
{ 0 }
};
const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTNoticeReference) },
{ SEC_ASN1_INLINE,
offsetof(CERTNoticeReference, organization),
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNoticeReference) },
{ SEC_ASN1_INLINE, offsetof(CERTNoticeReference, organization),
CERT_DisplayTextTypeTemplate, 0 },
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
offsetof(CERTNoticeReference, noticeNumbers),
@ -40,32 +38,25 @@ const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = {
};
const SEC_ASN1Template CERT_UserNoticeTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTUserNotice) },
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTUserNotice) },
{ SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
offsetof(CERTUserNotice, noticeReference),
CERT_NoticeReferenceTemplate, 0 },
offsetof(CERTUserNotice, noticeReference), CERT_NoticeReferenceTemplate,
0 },
{ SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
offsetof(CERTUserNotice, displayText),
CERT_DisplayTextTypeTemplate, 0 },
offsetof(CERTUserNotice, displayText), CERT_DisplayTextTypeTemplate, 0 },
{ 0 }
};
const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTPolicyQualifier) },
{ SEC_ASN1_OBJECT_ID,
offsetof(CERTPolicyQualifier, qualifierID) },
{ SEC_ASN1_ANY,
offsetof(CERTPolicyQualifier, qualifierValue) },
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyQualifier) },
{ SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyQualifier, qualifierID) },
{ SEC_ASN1_ANY, offsetof(CERTPolicyQualifier, qualifierValue) },
{ 0 }
};
const SEC_ASN1Template CERT_PolicyInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTPolicyInfo) },
{ SEC_ASN1_OBJECT_ID,
offsetof(CERTPolicyInfo, policyID) },
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyInfo) },
{ SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyInfo, policyID) },
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL,
offsetof(CERTPolicyInfo, policyQualifiers),
CERT_PolicyQualifierTemplate },
@ -73,24 +64,19 @@ const SEC_ASN1Template CERT_PolicyInfoTemplate[] = {
};
const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF,
offsetof(CERTCertificatePolicies, policyInfos),
{ SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicies, policyInfos),
CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
};
const SEC_ASN1Template CERT_PolicyMapTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTPolicyMap) },
{ SEC_ASN1_OBJECT_ID,
offsetof(CERTPolicyMap, issuerDomainPolicy) },
{ SEC_ASN1_OBJECT_ID,
offsetof(CERTPolicyMap, subjectDomainPolicy) },
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyMap) },
{ SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, issuerDomainPolicy) },
{ SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, subjectDomainPolicy) },
{ 0 }
};
const SEC_ASN1Template CERT_PolicyMappingsTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF,
offsetof(CERTCertificatePolicyMappings, policyMaps),
{ SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicyMappings, policyMaps),
CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) }
};
@ -107,8 +93,8 @@ const SEC_ASN1Template CERT_PolicyConstraintsTemplate[] = {
const SEC_ASN1Template CERT_InhibitAnyTemplate[] = {
{ SEC_ASN1_INTEGER,
offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts),
NULL, sizeof(CERTCertificateInhibitAny) }
offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts), NULL,
sizeof(CERTCertificateInhibitAny) }
};
static void
@ -121,8 +107,8 @@ breakLines(char *string)
tmpstr = string;
while ( ( c = *tmpstr ) != '\0' ) {
switch ( c ) {
while ((c = *tmpstr) != '\0') {
switch (c) {
case ' ':
lastspace = tmpstr;
break;
@ -132,9 +118,9 @@ breakLines(char *string)
break;
}
if ( ( curlen >= 55 ) && ( lastspace != NULL ) ) {
if ((curlen >= 55) && (lastspace != NULL)) {
*lastspace = '\n';
curlen = ( tmpstr - lastspace );
curlen = (tmpstr - lastspace);
lastspace = NULL;
}
@ -158,15 +144,15 @@ CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue)
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
if (!arena) {
goto loser;
}
/* allocate the certificate policies structure */
policies = (CERTCertificatePolicies *)
PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicies));
policies = (CERTCertificatePolicies *)PORT_ArenaZAlloc(
arena, sizeof(CERTCertificatePolicies));
if ( policies == NULL ) {
if (policies == NULL) {
goto loser;
}
@ -175,25 +161,25 @@ CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue)
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
/* decode the policy info */
rv = SEC_QuickDERDecodeItem(arena, policies, CERT_CertificatePoliciesTemplate,
&newExtnValue);
rv = SEC_QuickDERDecodeItem(
arena, policies, CERT_CertificatePoliciesTemplate, &newExtnValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
/* initialize the oid tags */
policyInfos = policies->policyInfos;
while (*policyInfos != NULL ) {
while (*policyInfos != NULL) {
policyInfo = *policyInfos;
policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
policyQualifiers = policyInfo->policyQualifiers;
while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
while (policyQualifiers != NULL && *policyQualifiers != NULL) {
policyQualifier = *policyQualifiers;
policyQualifier->oid =
SECOID_FindOIDTag(&policyQualifier->qualifierID);
@ -202,20 +188,20 @@ CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue)
policyInfos++;
}
return(policies);
return (policies);
loser:
if ( arena != NULL ) {
if (arena != NULL) {
PORT_FreeArena(arena, PR_FALSE);
}
return(NULL);
return (NULL);
}
void
CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies)
{
if ( policies != NULL ) {
if (policies != NULL) {
PORT_FreeArena(policies->arena, PR_FALSE);
}
return;
@ -231,14 +217,14 @@ CERT_DecodePolicyMappingsExtension(SECItem *extnValue)
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
if (!arena) {
goto loser;
}
/* allocate the policy mappings structure */
mappings = (CERTCertificatePolicyMappings *)
PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicyMappings));
if ( mappings == NULL ) {
mappings = (CERTCertificatePolicyMappings *)PORT_ArenaZAlloc(
arena, sizeof(CERTCertificatePolicyMappings));
if (mappings == NULL) {
goto loser;
}
mappings->arena = arena;
@ -246,40 +232,39 @@ CERT_DecodePolicyMappingsExtension(SECItem *extnValue)
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
/* decode the policy mappings */
rv = SEC_QuickDERDecodeItem
(arena, mappings, CERT_PolicyMappingsTemplate, &newExtnValue);
if ( rv != SECSuccess ) {
rv = SEC_QuickDERDecodeItem(arena, mappings, CERT_PolicyMappingsTemplate,
&newExtnValue);
if (rv != SECSuccess) {
goto loser;
}
return(mappings);
return (mappings);
loser:
if ( arena != NULL ) {
if (arena != NULL) {
PORT_FreeArena(arena, PR_FALSE);
}
return(NULL);
return (NULL);
}
SECStatus
CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings)
{
if ( mappings != NULL ) {
if (mappings != NULL) {
PORT_FreeArena(mappings->arena, PR_FALSE);
}
return SECSuccess;
}
SECStatus
CERT_DecodePolicyConstraintsExtension
(CERTCertificatePolicyConstraints *decodedValue,
const SECItem *encodedValue)
CERT_DecodePolicyConstraintsExtension(
CERTCertificatePolicyConstraints *decodedValue, const SECItem *encodedValue)
{
CERTCertificatePolicyConstraints decodeContext;
PLArenaPool *arena = NULL;
@ -296,23 +281,26 @@ CERT_DecodePolicyConstraintsExtension
do {
/* decode the policy constraints */
rv = SEC_QuickDERDecodeItem(arena,
&decodeContext, CERT_PolicyConstraintsTemplate, encodedValue);
rv = SEC_QuickDERDecodeItem(arena, &decodeContext,
CERT_PolicyConstraintsTemplate,
encodedValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
break;
}
if (decodeContext.explicitPolicySkipCerts.len == 0) {
*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1;
} else {
}
else {
*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data =
DER_GetInteger(&decodeContext.explicitPolicySkipCerts);
}
if (decodeContext.inhibitMappingSkipCerts.len == 0) {
*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1;
} else {
}
else {
*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data =
DER_GetInteger(&decodeContext.inhibitMappingSkipCerts);
}
@ -331,11 +319,12 @@ CERT_DecodePolicyConstraintsExtension
} while (0);
PORT_FreeArena(arena, PR_FALSE);
return(rv);
return (rv);
}
SECStatus CERT_DecodeInhibitAnyExtension
(CERTCertificateInhibitAny *decodedValue, SECItem *encodedValue)
SECStatus
CERT_DecodeInhibitAnyExtension(CERTCertificateInhibitAny *decodedValue,
SECItem *encodedValue)
{
CERTCertificateInhibitAny decodeContext;
PLArenaPool *arena = NULL;
@ -343,7 +332,7 @@ SECStatus CERT_DecodeInhibitAnyExtension
/* make a new arena */
arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if ( !arena ) {
if (!arena) {
return SECFailure;
}
@ -351,10 +340,10 @@ SECStatus CERT_DecodeInhibitAnyExtension
/* decode the policy mappings */
decodeContext.inhibitAnySkipCerts.type = siUnsignedInteger;
rv = SEC_QuickDERDecodeItem(arena,
&decodeContext, CERT_InhibitAnyTemplate, encodedValue);
rv = SEC_QuickDERDecodeItem(arena, &decodeContext,
CERT_InhibitAnyTemplate, encodedValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
break;
}
@ -364,7 +353,7 @@ SECStatus CERT_DecodeInhibitAnyExtension
} while (0);
PORT_FreeArena(arena, PR_FALSE);
return(rv);
return (rv);
}
CERTUserNotice *
@ -378,15 +367,15 @@ CERT_DecodeUserNotice(SECItem *noticeItem)
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
if (!arena) {
goto loser;
}
/* allocate the userNotice structure */
userNotice = (CERTUserNotice *)PORT_ArenaZAlloc(arena,
sizeof(CERTUserNotice));
userNotice =
(CERTUserNotice *)PORT_ArenaZAlloc(arena, sizeof(CERTUserNotice));
if ( userNotice == NULL ) {
if (userNotice == NULL) {
goto loser;
}
@ -395,7 +384,7 @@ CERT_DecodeUserNotice(SECItem *noticeItem)
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
@ -403,7 +392,7 @@ CERT_DecodeUserNotice(SECItem *noticeItem)
rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate,
&newNoticeItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
@ -417,20 +406,20 @@ CERT_DecodeUserNotice(SECItem *noticeItem)
}
}
return(userNotice);
return (userNotice);
loser:
if ( arena != NULL ) {
if (arena != NULL) {
PORT_FreeArena(arena, PR_FALSE);
}
return(NULL);
return (NULL);
}
void
CERT_DestroyUserNotice(CERTUserNotice *userNotice)
{
if ( userNotice != NULL ) {
if (userNotice != NULL) {
PORT_FreeArena(userNotice->arena, PR_FALSE);
}
return;
@ -462,32 +451,32 @@ stringFromUserNotice(SECItem *noticeItem)
/* decode the user notice */
userNotice = CERT_DecodeUserNotice(noticeItem);
if ( userNotice == NULL ) {
return(NULL);
if (userNotice == NULL) {
return (NULL);
}
org = &userNotice->noticeReference.organization;
if ( (org->len != 0 ) && ( policyStringCB != NULL ) ) {
if ((org->len != 0) && (policyStringCB != NULL)) {
/* has a noticeReference */
/* extract the org string */
len = org->len;
stringbuf = (char*)PORT_Alloc(len + 1);
if ( stringbuf != NULL ) {
stringbuf = (char *)PORT_Alloc(len + 1);
if (stringbuf != NULL) {
PORT_Memcpy(stringbuf, org->data, len);
stringbuf[len] = '\0';
noticeNumbers = userNotice->noticeReference.noticeNumbers;
while ( *noticeNumbers != NULL ) {
while (*noticeNumbers != NULL) {
/* XXX - only one byte integers right now*/
strnum = (*noticeNumbers)->data[0];
policystr = (* policyStringCB)(stringbuf,
strnum,
policyStringCBArg);
if ( policystr != NULL ) {
if ( retstr != NULL ) {
policystr =
(*policyStringCB)(stringbuf, strnum, policyStringCBArg);
if (policystr != NULL) {
if (retstr != NULL) {
retstr = PR_sprintf_append(retstr, "\n%s", policystr);
} else {
}
else {
retstr = PR_sprintf_append(retstr, "%s", policystr);
}
@ -501,22 +490,22 @@ stringFromUserNotice(SECItem *noticeItem)
}
}
if ( retstr == NULL ) {
if ( userNotice->displayText.len != 0 ) {
if (retstr == NULL) {
if (userNotice->displayText.len != 0) {
displayText = &userNotice->displayText;
if ( displayText->len > 2 ) {
if ( displayText->data[0] == SEC_ASN1_VISIBLE_STRING ) {
if (displayText->len > 2) {
if (displayText->data[0] == SEC_ASN1_VISIBLE_STRING) {
headerlen = 2;
if ( displayText->data[1] & 0x80 ) {
if (displayText->data[1] & 0x80) {
/* multibyte length */
headerlen += ( displayText->data[1] & 0x7f );
headerlen += (displayText->data[1] & 0x7f);
}
len = displayText->len - headerlen;
retstr = (char*)PORT_Alloc(len + 1);
if ( retstr != NULL ) {
PORT_Memcpy(retstr, &displayText->data[headerlen],len);
retstr = (char *)PORT_Alloc(len + 1);
if (retstr != NULL) {
PORT_Memcpy(retstr, &displayText->data[headerlen], len);
retstr[len] = '\0';
}
}
@ -526,7 +515,7 @@ stringFromUserNotice(SECItem *noticeItem)
CERT_DestroyUserNotice(userNotice);
return(retstr);
return (retstr);
}
char *
@ -543,24 +532,24 @@ CERT_GetCertCommentString(CERTCertificate *cert)
rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES,
&policyItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto nopolicy;
}
policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
if ( policies == NULL ) {
if (policies == NULL) {
goto nopolicy;
}
policyInfos = policies->policyInfos;
/* search through policyInfos looking for the verisign policy */
while (*policyInfos != NULL ) {
if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) {
while (*policyInfos != NULL) {
if ((*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES) {
policyQualifiers = (*policyInfos)->policyQualifiers;
/* search through the policy qualifiers looking for user notice */
while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
while (policyQualifiers != NULL && *policyQualifiers != NULL) {
qualifier = *policyQualifiers;
if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) {
if (qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER) {
retstring =
stringFromUserNotice(&qualifier->qualifierValue);
break;
@ -574,30 +563,28 @@ CERT_GetCertCommentString(CERTCertificate *cert)
}
nopolicy:
if ( policyItem.data != NULL ) {
if (policyItem.data != NULL) {
PORT_Free(policyItem.data);
}
if ( policies != NULL ) {
if (policies != NULL) {
CERT_DestroyCertificatePoliciesExtension(policies);
}
if ( retstring == NULL ) {
retstring = CERT_FindNSStringExtension(cert,
SEC_OID_NS_CERT_EXT_COMMENT);
if (retstring == NULL) {
retstring =
CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_COMMENT);
}
if ( retstring != NULL ) {
if (retstring != NULL) {
breakLines(retstring);
}
return(retstring);
return (retstring);
}
const SEC_ASN1Template CERT_OidSeqTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
offsetof(CERTOidSequence, oids),
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids),
SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
};
@ -612,15 +599,15 @@ CERT_DecodeOidSequence(const SECItem *seqItem)
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
if (!arena) {
goto loser;
}
/* allocate the userNotice structure */
oidSeq = (CERTOidSequence *)PORT_ArenaZAlloc(arena,
sizeof(CERTOidSequence));
oidSeq =
(CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
if ( oidSeq == NULL ) {
if (oidSeq == NULL) {
goto loser;
}
@ -629,31 +616,31 @@ CERT_DecodeOidSequence(const SECItem *seqItem)
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
/* decode the user notice */
rv = SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem);
rv =
SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
return(oidSeq);
return (oidSeq);
loser:
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
return(NULL);
return (NULL);
}
void
CERT_DestroyOidSequence(CERTOidSequence *oidSeq)
{
if ( oidSeq != NULL ) {
if (oidSeq != NULL) {
PORT_FreeArena(oidSeq->arena, PR_FALSE);
}
return;
@ -672,22 +659,22 @@ CERT_GovtApprovedBitSet(CERTCertificate *cert)
extItem.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
oidSeq = CERT_DecodeOidSequence(&extItem);
if ( oidSeq == NULL ) {
if (oidSeq == NULL) {
goto loser;
}
oids = oidSeq->oids;
while ( oids != NULL && *oids != NULL ) {
while (oids != NULL && *oids != NULL) {
oid = *oids;
oidTag = SECOID_FindOIDTag(oid);
if ( oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED ) {
if (oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) {
goto success;
}
@ -700,16 +687,15 @@ loser:
success:
ret = PR_TRUE;
done:
if ( oidSeq != NULL ) {
if (oidSeq != NULL) {
CERT_DestroyOidSequence(oidSeq);
}
if (extItem.data != NULL) {
PORT_Free(extItem.data);
}
return(ret);
return (ret);
}
SECStatus
CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena,
CERTCertificatePolicyConstraints *constr,
@ -722,11 +708,11 @@ CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena,
return SECFailure;
}
if (SEC_ASN1EncodeItem (arena, dest, constr,
if (SEC_ASN1EncodeItem(arena, dest, constr,
CERT_PolicyConstraintsTemplate) == NULL) {
rv = SECFailure;
}
return(rv);
return (rv);
}
SECStatus
@ -741,18 +727,15 @@ CERT_EncodePolicyMappingExtension(PLArenaPool *arena,
return SECFailure;
}
if (SEC_ASN1EncodeItem (arena, dest, mapping,
CERT_PolicyMappingsTemplate) == NULL) {
if (SEC_ASN1EncodeItem(arena, dest, mapping, CERT_PolicyMappingsTemplate) ==
NULL) {
rv = SECFailure;
}
return(rv);
return (rv);
}
SECStatus
CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
CERTPolicyInfo **info,
CERT_EncodeCertPoliciesExtension(PLArenaPool *arena, CERTPolicyInfo **info,
SECItem *dest)
{
SECStatus rv = SECSuccess;
@ -762,17 +745,15 @@ CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
return SECFailure;
}
if (SEC_ASN1EncodeItem (arena, dest, info,
if (SEC_ASN1EncodeItem(arena, dest, info,
CERT_CertificatePoliciesTemplate) == NULL) {
rv = SECFailure;
}
return(rv);
return (rv);
}
SECStatus
CERT_EncodeUserNotice(PLArenaPool *arena,
CERTUserNotice *notice,
SECItem *dest)
CERT_EncodeUserNotice(PLArenaPool *arena, CERTUserNotice *notice, SECItem *dest)
{
SECStatus rv = SECSuccess;
@ -781,17 +762,16 @@ CERT_EncodeUserNotice(PLArenaPool *arena,
return SECFailure;
}
if (SEC_ASN1EncodeItem(arena, dest,
notice, CERT_UserNoticeTemplate) == NULL) {
if (SEC_ASN1EncodeItem(arena, dest, notice, CERT_UserNoticeTemplate) ==
NULL) {
rv = SECFailure;
}
return(rv);
return (rv);
}
SECStatus
CERT_EncodeNoticeReference(PLArenaPool *arena,
CERTNoticeReference *reference,
CERT_EncodeNoticeReference(PLArenaPool *arena, CERTNoticeReference *reference,
SECItem *dest)
{
SECStatus rv = SECSuccess;
@ -801,12 +781,12 @@ CERT_EncodeNoticeReference(PLArenaPool *arena,
return SECFailure;
}
if (SEC_ASN1EncodeItem (arena, dest, reference,
if (SEC_ASN1EncodeItem(arena, dest, reference,
CERT_NoticeReferenceTemplate) == NULL) {
rv = SECFailure;
}
return(rv);
return (rv);
}
SECStatus
@ -821,9 +801,9 @@ CERT_EncodeInhibitAnyExtension(PLArenaPool *arena,
return SECFailure;
}
if (SEC_ASN1EncodeItem (arena, dest, certInhibitAny,
if (SEC_ASN1EncodeItem(arena, dest, certInhibitAny,
CERT_InhibitAnyTemplate) == NULL) {
rv = SECFailure;
}
return(rv);
return (rv);
}

189
security/nss/lib/certdb/secname.c
Просмотреть файл

@ -12,21 +12,17 @@
#include "certi.h"
static const SEC_ASN1Template cert_AVATemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTAVA) },
{ SEC_ASN1_OBJECT_ID,
offsetof(CERTAVA,type), },
{ SEC_ASN1_ANY,
offsetof(CERTAVA,value), },
{ 0, }
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAVA) },
{ SEC_ASN1_OBJECT_ID, offsetof(CERTAVA, type) },
{ SEC_ASN1_ANY, offsetof(CERTAVA, value) },
{ 0 }
};
const SEC_ASN1Template CERT_RDNTemplate[] = {
{ SEC_ASN1_SET_OF,
offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
{ SEC_ASN1_SET_OF, offsetof(CERTRDN, avas), cert_AVATemplate,
sizeof(CERTRDN) }
};
static int
CountArray(void **array)
{
@ -55,30 +51,31 @@ AddToArray(PLArenaPool *arena, void **array, void *element)
}
if (array) {
array = (void**) PORT_ArenaGrow(arena, array,
(count + 1) * sizeof(void *),
array =
(void **)PORT_ArenaGrow(arena, array, (count + 1) * sizeof(void *),
(count + 2) * sizeof(void *));
} else {
array = (void**) PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
}
else {
array = (void **)PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
}
if (array) {
array[count] = element;
array[count+1] = 0;
array[count + 1] = 0;
}
return array;
}
SECOidTag
CERT_GetAVATag(CERTAVA *ava)
{
SECOidData *oid;
if (!ava->type.data) return (SECOidTag)-1;
if (!ava->type.data)
return (SECOidTag)-1;
oid = SECOID_FindOID(&ava->type);
if ( oid ) {
return(oid->offset);
if (oid) {
return (oid->offset);
}
return (SECOidTag)-1;
}
@ -105,7 +102,7 @@ SetupAVAType(PLArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
return SECFailure;
}
it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, oidLen);
it->data = cp = (unsigned char *)PORT_ArenaAlloc(arena, oidLen);
if (cp == NULL) {
return SECFailure;
}
@ -134,8 +131,9 @@ SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in,
case SEC_ASN1_UNIVERSAL_STRING:
ucs4MaxLen = valueLen * 6;
ucs4Val = (PRUint8 *)PORT_ArenaZAlloc(arena, ucs4MaxLen);
if(!ucs4Val || !PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen,
ucs4Val, ucs4MaxLen, &ucs4Len)) {
if (!ucs4Val ||
!PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen, ucs4Val,
ucs4MaxLen, &ucs4Len)) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@ -155,7 +153,7 @@ SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in,
valueLenLen = DER_LengthLength(valueLen);
total = 1 + valueLenLen + valueLen;
cp = (PRUint8*)PORT_ArenaAlloc(arena, total);
cp = (PRUint8 *)PORT_ArenaAlloc(arena, total);
if (!cp) {
return SECFailure;
}
@ -167,8 +165,8 @@ SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in,
}
CERTAVA *
CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem * OID,
const SECItem * value)
CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem *OID,
const SECItem *value)
{
CERTAVA *ava;
int rv;
@ -194,7 +192,7 @@ CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, int valueType,
int rv;
unsigned maxLen;
ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
if (ava) {
rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
if (rv) {
@ -227,16 +225,18 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from)
CERTAVA *ava;
int rv;
ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
if (ava) {
rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
if (rv) goto loser;
if (rv)
goto loser;
rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
if (rv) goto loser;
if (rv)
goto loser;
}
return ava;
loser:
loser:
return 0;
}
@ -249,14 +249,14 @@ CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
unsigned count;
CERTAVA **avap;
rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN));
rdn = (CERTRDN *)PORT_ArenaAlloc(arena, sizeof(CERTRDN));
if (rdn) {
/* Count number of avas going into the rdn */
count = 0;
if (ava0) {
count++;
va_start(ap, ava0);
while ((ava = va_arg(ap, CERTAVA*)) != 0) {
while ((ava = va_arg(ap, CERTAVA *)) != 0) {
count++;
}
va_end(ap);
@ -264,14 +264,14 @@ CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
/* Now fill in the pointers */
rdn->avas = avap =
(CERTAVA**) PORT_ArenaAlloc( arena, (count + 1)*sizeof(CERTAVA*));
(CERTAVA **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTAVA *));
if (!avap) {
return 0;
}
if (ava0) {
*avap++ = ava0;
va_start(ap, ava0);
while ((ava = va_arg(ap, CERTAVA*)) != 0) {
while ((ava = va_arg(ap, CERTAVA *)) != 0) {
*avap++ = ava;
}
va_end(ap);
@ -284,7 +284,7 @@ CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
SECStatus
CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
{
rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
rdn->avas = (CERTAVA **)AddToArray(arena, (void **)rdn->avas, ava);
return rdn->avas ? SECSuccess : SECFailure;
}
@ -318,8 +318,8 @@ CERT_CopyRDN(PLArenaPool *arena, CERTRDN *to, CERTRDN *from)
/************************************************************************/
const SEC_ASN1Template CERT_NameTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF,
offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) }
{ SEC_ASN1_SEQUENCE_OF, offsetof(CERTName, rdns), CERT_RDNTemplate,
sizeof(CERTName) }
};
SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate)
@ -335,21 +335,22 @@ CERT_CreateName(CERTRDN *rdn0, ...)
PLArenaPool *arena;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
return(0);
if (!arena) {
return (0);
}
name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName));
name = (CERTName *)PORT_ArenaAlloc(arena, sizeof(CERTName));
if (name) {
name->arena = arena;
/* Count number of RDNs going into the Name */
if (!rdn0) {
count = 0;
} else {
}
else {
count = 1;
va_start(ap, rdn0);
while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
count++;
}
va_end(ap);
@ -357,7 +358,7 @@ CERT_CreateName(CERTRDN *rdn0, ...)
/* Allocate space (including space for terminal null ptr) */
name->rdns = rdnp =
(CERTRDN**) PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN*));
(CERTRDN **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN *));
if (!name->rdns) {
goto loser;
}
@ -366,7 +367,7 @@ CERT_CreateName(CERTRDN *rdn0, ...)
if (count > 0) {
*rdnp++ = rdn0;
va_start(ap, rdn0);
while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
*rdnp++ = rdn;
}
va_end(ap);
@ -379,25 +380,25 @@ CERT_CreateName(CERTRDN *rdn0, ...)
loser:
PORT_FreeArena(arena, PR_FALSE);
return(0);
return (0);
}
void
CERT_DestroyName(CERTName *name)
{
if (name)
{
if (name) {
PLArenaPool *arena = name->arena;
name->rdns = NULL;
name->arena = NULL;
if (arena) PORT_FreeArena(arena, PR_FALSE);
if (arena)
PORT_FreeArena(arena, PR_FALSE);
}
}
SECStatus
CERT_AddRDN(CERTName *name, CERTRDN *rdn)
{
name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
name->rdns = (CERTRDN **)AddToArray(name->arena, (void **)name->rdns, rdn);
return name->rdns ? SECSuccess : SECFailure;
}
@ -442,31 +443,33 @@ CERT_CopyName(PLArenaPool *arena, CERTName *to, const CERTName *from)
/************************************************************************/
static void
canonicalize(SECItem * foo)
canonicalize(SECItem *foo)
{
int ch, lastch, len, src, dest;
/* strip trailing whitespace. */
len = foo->len;
while (len > 0 && ((ch = foo->data[len - 1]) == ' ' ||
ch == '\t' || ch == '\r' || ch == '\n')) {
while (len > 0 && ((ch = foo->data[len - 1]) == ' ' || ch == '\t' ||
ch == '\r' || ch == '\n')) {
len--;
}
src = 0;
/* strip leading whitespace. */
while (src < len && ((ch = foo->data[src]) == ' ' ||
ch == '\t' || ch == '\r' || ch == '\n')) {
while (src < len && ((ch = foo->data[src]) == ' ' || ch == '\t' ||
ch == '\r' || ch == '\n')) {
src++;
}
dest = 0; lastch = ' ';
dest = 0;
lastch = ' ';
while (src < len) {
ch = foo->data[src++];
if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n') {
ch = ' ';
if (ch == lastch)
continue;
} else if (ch >= 'A' && ch <= 'Z') {
}
else if (ch >= 'A' && ch <= 'Z') {
ch |= 0x20; /* downshift */
}
foo->data[dest++] = lastch = ch;
@ -479,11 +482,10 @@ SECComparison
CERT_CompareDERPrintableStrings(const SECItem *a, const SECItem *b)
{
SECComparison rv = SECLessThan;
SECItem * aVal = CERT_DecodeAVAValue(a);
SECItem * bVal = CERT_DecodeAVAValue(b);
SECItem *aVal = CERT_DecodeAVAValue(a);
SECItem *bVal = CERT_DecodeAVAValue(b);
if (aVal && aVal->len && aVal->data &&
bVal && bVal->len && bVal->data) {
if (aVal && aVal->len && aVal->data && bVal && bVal->len && bVal->data) {
canonicalize(aVal);
canonicalize(bVal);
rv = SECITEM_CompareItem(aVal, bVal);
@ -512,15 +514,16 @@ CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b)
*/
if (a->value.data[0] != b->value.data[0]) {
/* encodings differ. Convert both to UTF-8 and compare. */
SECItem * aVal = CERT_DecodeAVAValue(&a->value);
SECItem * bVal = CERT_DecodeAVAValue(&b->value);
if (aVal && aVal->len && aVal->data &&
bVal && bVal->len && bVal->data) {
SECItem *aVal = CERT_DecodeAVAValue(&a->value);
SECItem *bVal = CERT_DecodeAVAValue(&b->value);
if (aVal && aVal->len && aVal->data && bVal && bVal->len &&
bVal->data) {
rv = SECITEM_CompareItem(aVal, bVal);
}
SECITEM_FreeItem(aVal, PR_TRUE);
SECITEM_FreeItem(bVal, PR_TRUE);
} else if (a->value.data[0] == 0x13) { /* both are printable strings. */
}
else if (a->value.data[0] == 0x13) { /* both are printable strings. */
/* printable strings */
rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
}
@ -543,13 +546,15 @@ CERT_CompareRDN(const CERTRDN *a, const CERTRDN *b)
** Make sure array of ava's are the same length. If not, then we are
** not equal
*/
ac = CountArray((void**) aavas);
bc = CountArray((void**) bavas);
if (ac < bc) return SECLessThan;
if (ac > bc) return SECGreaterThan;
ac = CountArray((void **)aavas);
bc = CountArray((void **)bavas);
if (ac < bc)
return SECLessThan;
if (ac > bc)
return SECGreaterThan;
while (NULL != (aava = *aavas++)) {
for (bavas = b->avas; NULL != (bava = *bavas++); ) {
for (bavas = b->avas; NULL != (bava = *bavas++);) {
rv = SECITEM_CompareItem(&aava->type, &bava->type);
if (SECEqual == rv) {
rv = CERT_CompareAVA(aava, bava);
@ -579,10 +584,12 @@ CERT_CompareName(const CERTName *a, const CERTName *b)
** Make sure array of rdn's are the same length. If not, then we are
** not equal
*/
ac = CountArray((void**) ardns);
bc = CountArray((void**) brdns);
if (ac < bc) return SECLessThan;
if (ac > bc) return SECGreaterThan;
ac = CountArray((void **)ardns);
bc = CountArray((void **)brdns);
if (ac < bc)
return SECLessThan;
if (ac > bc)
return SECGreaterThan;
for (;;) {
ardn = *ardns++;
@ -591,7 +598,8 @@ CERT_CompareName(const CERTName *a, const CERTName *b)
break;
}
rv = CERT_CompareRDN(ardn, brdn);
if (rv) return rv;
if (rv)
return rv;
}
return rv;
}
@ -603,7 +611,7 @@ CERT_DecodeAVAValue(const SECItem *derAVAValue)
SECItem *retItem;
const SEC_ASN1Template *theTemplate = NULL;
enum { conv_none, conv_ucs4, conv_ucs2, conv_iso88591 } convert = conv_none;
SECItem avaValue = {siBuffer, 0};
SECItem avaValue = { siBuffer, 0 };
PLArenaPool *newarena = NULL;
if (!derAVAValue || !derAVAValue->len || !derAVAValue->data) {
@ -611,7 +619,7 @@ CERT_DecodeAVAValue(const SECItem *derAVAValue)
return NULL;
}
switch(derAVAValue->data[0]) {
switch (derAVAValue->data[0]) {
case SEC_ASN1_UNIVERSAL_STRING:
convert = conv_ucs4;
theTemplate = SEC_ASN1_GET(SEC_UniversalStringTemplate);
@ -648,39 +656,42 @@ CERT_DecodeAVAValue(const SECItem *derAVAValue)
if (!newarena) {
return NULL;
}
if(SEC_QuickDERDecodeItem(newarena, &avaValue, theTemplate, derAVAValue)
!= SECSuccess) {
if (SEC_QuickDERDecodeItem(newarena, &avaValue, theTemplate, derAVAValue) !=
SECSuccess) {
PORT_FreeArena(newarena, PR_FALSE);
return NULL;
}
if (convert != conv_none) {
unsigned int utf8ValLen = avaValue.len * 3;
unsigned char *utf8Val = (unsigned char*)
PORT_ArenaZAlloc(newarena, utf8ValLen);
unsigned char *utf8Val =
(unsigned char *)PORT_ArenaZAlloc(newarena, utf8ValLen);
switch (convert) {
case conv_ucs4:
if(avaValue.len % 4 != 0 ||
!PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
utf8Val, utf8ValLen, &utf8ValLen)) {
if (avaValue.len % 4 != 0 ||
!PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data,
avaValue.len, utf8Val, utf8ValLen,
&utf8ValLen)) {
PORT_FreeArena(newarena, PR_FALSE);
PORT_SetError(SEC_ERROR_INVALID_AVA);
return NULL;
}
break;
case conv_ucs2:
if(avaValue.len % 2 != 0 ||
!PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
utf8Val, utf8ValLen, &utf8ValLen)) {
if (avaValue.len % 2 != 0 ||
!PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data,
avaValue.len, utf8Val, utf8ValLen,
&utf8ValLen)) {
PORT_FreeArena(newarena, PR_FALSE);
PORT_SetError(SEC_ERROR_INVALID_AVA);
return NULL;
}
break;
case conv_iso88591:
if(!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
utf8Val, utf8ValLen, &utf8ValLen)) {
if (!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
utf8Val, utf8ValLen,
&utf8ValLen)) {
PORT_FreeArena(newarena, PR_FALSE);
PORT_SetError(SEC_ERROR_INVALID_AVA);
return NULL;

284
security/nss/lib/certdb/stanpcertdb.c
Просмотреть файл

@ -38,13 +38,13 @@ SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
CERTCertificate *cert;
PRBool conflict = PR_FALSE;
cert=CERT_FindCertByNickname(handle, nickname);
cert = CERT_FindCertByNickname(handle, nickname);
if (!cert) {
return conflict;
}
conflict = !SECITEM_ItemsAreEqual(derSubject,&cert->derSubject);
conflict = !SECITEM_ItemsAreEqual(derSubject, &cert->derSubject);
CERT_DestroyCertificate(cert);
return conflict;
}
@ -71,7 +71,7 @@ SEC_DeletePermCertificate(CERTCertificate *cert)
CERT_MapStanError();
}
/* This call always returns PR_SUCCESS! */
(void) nssTrust_Destroy(nssTrust);
(void)nssTrust_Destroy(nssTrust);
}
}
@ -91,14 +91,15 @@ CERT_GetCertTrust(const CERTCertificate *cert, CERTCertTrust *trust)
{
SECStatus rv;
CERT_LockCertTrust(cert);
if ( cert->trust == NULL ) {
if (cert->trust == NULL) {
rv = SECFailure;
} else {
}
else {
*trust = *cert->trust;
rv = SECSuccess;
}
CERT_UnlockCertTrust(cert);
return(rv);
return (rv);
}
extern const NSSError NSS_ERROR_NO_ERROR;
@ -141,12 +142,9 @@ extern const NSSError NSS_ERROR_BUSY;
extern const NSSError NSS_ERROR_ALREADY_INITIALIZED;
extern const NSSError NSS_ERROR_PKCS11;
/* Look at the stan error stack and map it to NSS 3 errors */
#define STAN_MAP_ERROR(x,y) \
else if (error == (x)) { \
secError = y; \
} \
#define STAN_MAP_ERROR(x, y) \
else if (error == (x)) { secError = y; }
/*
* map Stan errors into NSS errors
@ -170,7 +168,7 @@ CERT_MapStanError()
}
error = prevError = CKR_GENERAL_ERROR;
/* get the 'top 2' error codes from the stack */
for (i=0; errorStack[i]; i++) {
for (i = 0; errorStack[i]; i++) {
prevError = error;
error = errorStack[i];
}
@ -183,7 +181,7 @@ CERT_MapStanError()
STAN_MAP_ERROR(NSS_ERROR_INVALID_BASE64, SEC_ERROR_BAD_DATA)
STAN_MAP_ERROR(NSS_ERROR_INVALID_BER, SEC_ERROR_BAD_DER)
STAN_MAP_ERROR(NSS_ERROR_INVALID_ATAV, SEC_ERROR_INVALID_AVA)
STAN_MAP_ERROR(NSS_ERROR_INVALID_PASSWORD,SEC_ERROR_BAD_PASSWORD)
STAN_MAP_ERROR(NSS_ERROR_INVALID_PASSWORD, SEC_ERROR_BAD_PASSWORD)
STAN_MAP_ERROR(NSS_ERROR_BUSY, SEC_ERROR_BUSY)
STAN_MAP_ERROR(NSS_ERROR_DEVICE_ERROR, SEC_ERROR_IO)
STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND,
@ -194,12 +192,10 @@ CERT_MapStanError()
/* these are library failure for lack of a better error code */
STAN_MAP_ERROR(NSS_ERROR_NOT_FOUND, SEC_ERROR_LIBRARY_FAILURE)
STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_IN_CACHE,
SEC_ERROR_LIBRARY_FAILURE)
STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_IN_CACHE, SEC_ERROR_LIBRARY_FAILURE)
STAN_MAP_ERROR(NSS_ERROR_MAXIMUM_FOUND, SEC_ERROR_LIBRARY_FAILURE)
STAN_MAP_ERROR(NSS_ERROR_USER_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_INITIALIZED,
SEC_ERROR_LIBRARY_FAILURE)
STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
STAN_MAP_ERROR(NSS_ERROR_ALREADY_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
STAN_MAP_ERROR(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD,
SEC_ERROR_LIBRARY_FAILURE)
@ -225,14 +221,10 @@ CERT_MapStanError()
STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1ENCODER, SEC_ERROR_INVALID_ARGS)
STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1DECODER, SEC_ERROR_INVALID_ARGS)
STAN_MAP_ERROR(NSS_ERROR_UNKNOWN_ATTRIBUTE, SEC_ERROR_INVALID_ARGS)
else {
secError = SEC_ERROR_LIBRARY_FAILURE;
}
else { secError = SEC_ERROR_LIBRARY_FAILURE; }
PORT_SetError(secError);
}
SECStatus
CERT_ChangeCertTrust(CERTCertDBHandle *handle, CERTCertificate *cert,
CERTCertTrust *trust)
@ -260,8 +252,8 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
NSSCryptoContext *context;
nssCryptokiObject *permInstance;
NSSCertificate *c = STAN_GetNSSCertificate(cert);
nssCertificateStoreTrace lockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};
nssCertificateStoreTrace unlockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};
nssCertificateStoreTrace lockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
nssCertificateStoreTrace unlockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
SECStatus rv;
PRStatus ret;
@ -294,16 +286,9 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
/* Import the perm instance onto the internal token */
slot = PK11_GetInternalKeySlot();
internal = PK11Slot_GetNSSToken(slot);
permInstance = nssToken_ImportCertificate(internal, NULL,
NSSCertificateType_PKIX,
&c->id,
stanNick,
&c->encoding,
&c->issuer,
&c->subject,
&c->serial,
cert->emailAddr,
PR_TRUE);
permInstance = nssToken_ImportCertificate(
internal, NULL, NSSCertificateType_PKIX, &c->id, stanNick, &c->encoding,
&c->issuer, &c->subject, &c->serial, cert->emailAddr, PR_TRUE);
nss_ZFreeIf(stanNick);
stanNick = NULL;
PK11_FreeSlot(slot);
@ -374,7 +359,8 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
nssCertificate_Destroy(c);
PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
cc = NULL;
} else {
}
else {
cc = STAN_GetCERTCertificateOrRelease(c);
if (cc == NULL) {
CERT_MapStanError();
@ -396,9 +382,10 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
}
c->object = *pkio;
if (copyDER) {
nssItem_Create(c->object.arena, &c->encoding,
derCert->len, derCert->data);
} else {
nssItem_Create(c->object.arena, &c->encoding, derCert->len,
derCert->data);
}
else {
NSSITEM_FROM_SECITEM(&c->encoding, derCert);
}
/* Forces a decoding of the cert in order to obtain the parts used
@ -411,31 +398,31 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
CERT_MapStanError();
goto loser;
}
nssItem_Create(c->object.arena,
&c->issuer, cc->derIssuer.len, cc->derIssuer.data);
nssItem_Create(c->object.arena,
&c->subject, cc->derSubject.len, cc->derSubject.data);
nssItem_Create(c->object.arena, &c->issuer, cc->derIssuer.len,
cc->derIssuer.data);
nssItem_Create(c->object.arena, &c->subject, cc->derSubject.len,
cc->derSubject.data);
if (PR_TRUE) {
/* CERTCertificate stores serial numbers decoded. I need the DER
* here. sigh.
*/
SECItem derSerial = { 0 };
CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
if (!derSerial.data) goto loser;
nssItem_Create(c->object.arena, &c->serial, derSerial.len, derSerial.data);
if (!derSerial.data)
goto loser;
nssItem_Create(c->object.arena, &c->serial, derSerial.len,
derSerial.data);
PORT_Free(derSerial.data);
}
if (nickname) {
c->object.tempName = nssUTF8_Create(c->object.arena,
nssStringType_UTF8String,
(NSSUTF8 *)nickname,
PORT_Strlen(nickname));
c->object.tempName =
nssUTF8_Create(c->object.arena, nssStringType_UTF8String,
(NSSUTF8 *)nickname, PORT_Strlen(nickname));
}
if (cc->emailAddr && cc->emailAddr[0]) {
c->email = nssUTF8_Create(c->object.arena,
nssStringType_PrintableString,
(NSSUTF8 *)cc->emailAddr,
PORT_Strlen(cc->emailAddr));
c->email = nssUTF8_Create(
c->object.arena, nssStringType_PrintableString,
(NSSUTF8 *)cc->emailAddr, PORT_Strlen(cc->emailAddr));
}
tempCert = NSSCryptoContext_FindOrImportCertificate(gCC, c);
@ -468,18 +455,18 @@ CERTCertificate *
__CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
char *nickname, PRBool isperm, PRBool copyDER)
{
return CERT_NewTempCertificate(handle, derCert, nickname,
isperm, copyDER);
return CERT_NewTempCertificate(handle, derCert, nickname, isperm, copyDER);
}
/* maybe all the wincx's should be some const for internal token login? */
CERTCertificate *
CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN)
CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
CERTIssuerAndSN *issuerAndSN)
{
PK11SlotInfo *slot;
CERTCertificate *cert;
cert = PK11_FindCertByIssuerAndSN(&slot,issuerAndSN,NULL);
cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, NULL);
if (cert && slot) {
PK11_FreeSlot(slot);
}
@ -494,7 +481,8 @@ get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp)
NSSCertificate *arr[3];
if (!ct) {
return nssCertificate_AddRef(cp);
} else if (!cp) {
}
else if (!cp) {
return nssCertificate_AddRef(ct);
}
arr[0] = ct;
@ -514,10 +502,10 @@ CERT_FindCertByName(CERTCertDBHandle *handle, SECItem *name)
NSSITEM_FROM_SECITEM(&subject, name);
usage.anyUsage = PR_TRUE;
cc = STAN_GetDefaultCryptoContext();
ct = NSSCryptoContext_FindBestCertificateBySubject(cc, &subject,
NULL, &usage, NULL);
cp = NSSTrustDomain_FindBestCertificateBySubject(handle, &subject,
NULL, &usage, NULL);
ct = NSSCryptoContext_FindBestCertificateBySubject(cc, &subject, NULL,
&usage, NULL);
cp = NSSTrustDomain_FindBestCertificateBySubject(handle, &subject, NULL,
&usage, NULL);
c = get_best_temp_or_perm(ct, cp);
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
@ -535,14 +523,15 @@ CERT_FindCertByKeyID(CERTCertDBHandle *handle, SECItem *name, SECItem *keyID)
CERTCertificate *cert = NULL;
CERTCertListNode *node, *head;
list = CERT_CreateSubjectCertList(NULL,handle,name,0,PR_FALSE);
if (list == NULL) return NULL;
list = CERT_CreateSubjectCertList(NULL, handle, name, 0, PR_FALSE);
if (list == NULL)
return NULL;
node = head = CERT_LIST_HEAD(list);
if (head) {
do {
if (node->cert &&
SECITEM_ItemsAreEqual(&node->cert->subjectKeyID, keyID) ) {
SECITEM_ItemsAreEqual(&node->cert->subjectKeyID, keyID)) {
cert = CERT_DupCertificate(node->cert);
goto done;
}
@ -566,8 +555,8 @@ CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname)
NSSUsage usage;
usage.anyUsage = PR_TRUE;
cc = STAN_GetDefaultCryptoContext();
ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname,
NULL, &usage, NULL);
ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, NULL,
&usage, NULL);
cert = PK11_FindCertFromNickname(nickname, NULL);
c = NULL;
if (cert) {
@ -576,7 +565,8 @@ CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname)
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
} else {
}
else {
c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
@ -594,15 +584,15 @@ CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
if (!c) {
c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle,
&encoding);
if (!c) return NULL;
if (!c)
return NULL;
}
return STAN_GetCERTCertificateOrRelease(c);
}
static CERTCertificate *
common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
const char *name,
PRBool anyUsage,
const char *name, PRBool anyUsage,
SECCertUsage lookingForUsage)
{
NSSCryptoContext *cc;
@ -624,13 +614,13 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
}
cc = STAN_GetDefaultCryptoContext();
ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name,
NULL, &usage, NULL);
ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, NULL, &usage,
NULL);
if (!ct && PORT_Strchr(name, '@') != NULL) {
char* lowercaseName = CERT_FixupEmailAddr(name);
char *lowercaseName = CERT_FixupEmailAddr(name);
if (lowercaseName) {
ct = NSSCryptoContext_FindBestCertificateByEmail(cc, lowercaseName,
NULL, &usage, NULL);
ct = NSSCryptoContext_FindBestCertificateByEmail(
cc, lowercaseName, NULL, &usage, NULL);
PORT_Free(lowercaseName);
}
}
@ -651,9 +641,8 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
certlist = PK11_FindCertsFromNickname(name, NULL);
if (certlist) {
SECStatus rv = CERT_FilterCertListByUsage(certlist,
lookingForUsage,
PR_FALSE);
SECStatus rv =
CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE);
if (SECSuccess == rv &&
!CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) {
cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert);
@ -668,7 +657,8 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
} else {
}
else {
c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
@ -677,8 +667,8 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
CERTCertificate *
CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
{
return common_FindCertByNicknameOrEmailAddrForUsage(handle, name,
PR_TRUE, 0);
return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
0);
}
CERTCertificate *
@ -686,8 +676,7 @@ CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
const char *name,
SECCertUsage lookingForUsage)
{
return common_FindCertByNicknameOrEmailAddrForUsage(handle, name,
PR_FALSE,
return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
lookingForUsage);
}
@ -697,15 +686,15 @@ add_to_subject_list(CERTCertList *certList, CERTCertificate *cert,
{
SECStatus secrv;
if (!validOnly ||
CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE)
== secCertTimeValid) {
secrv = CERT_AddCertToListSorted(certList, cert,
CERT_SortCBValidity,
CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE) ==
secCertTimeValid) {
secrv = CERT_AddCertToListSorted(certList, cert, CERT_SortCBValidity,
(void *)&sorttime);
if (secrv != SECSuccess) {
CERT_DestroyCertificate(cert);
}
} else {
}
else {
CERT_DestroyCertificate(cert);
}
}
@ -724,23 +713,18 @@ CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
cc = STAN_GetDefaultCryptoContext();
NSSITEM_FROM_SECITEM(&subject, name);
/* Collect both temp and perm certs for the subject */
tSubjectCerts = NSSCryptoContext_FindCertificatesBySubject(cc,
&subject,
NULL,
0,
NULL);
pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle,
&subject,
NULL,
0,
NULL);
tSubjectCerts =
NSSCryptoContext_FindCertificatesBySubject(cc, &subject, NULL, 0, NULL);
pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle, &subject,
NULL, 0, NULL);
if (!tSubjectCerts && !pSubjectCerts) {
return NULL;
}
if (certList == NULL) {
certList = CERT_NewCertList();
myList = PR_TRUE;
if (!certList) goto loser;
if (!certList)
goto loser;
}
/* Iterate over the matching temp certs. Add them to the list */
ci = tSubjectCerts;
@ -782,7 +766,7 @@ loser:
void
CERT_DestroyCertificate(CERTCertificate *cert)
{
if ( cert ) {
if (cert) {
/* don't use STAN_GetNSSCertificate because we don't want to
* go to the trouble of translating the CERTCertificate into
* an NSSCertificate just to destroy it. If it hasn't been done
@ -792,7 +776,8 @@ CERT_DestroyCertificate(CERTCertificate *cert)
if (tmp) {
/* delete the NSSCertificate */
NSSCertificate_Destroy(tmp);
} else if (cert->arena) {
}
else if (cert->arena) {
PORT_FreeArena(cert->arena, PR_FALSE);
}
}
@ -824,7 +809,8 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
PRBool freeOldProfile = PR_FALSE;
c = STAN_GetNSSCertificate(cert);
if (!c) return SECFailure;
if (!c)
return SECFailure;
cc = c->object.cryptoContext;
if (cc != NULL) {
stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
@ -835,7 +821,8 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime);
oldProfileTime = &oldproftime;
}
} else {
}
else {
oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr,
&cert->derSubject, &oldProfileTime);
freeOldProfile = PR_TRUE;
@ -844,43 +831,46 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
saveit = PR_FALSE;
/* both profileTime and emailProfile have to exist or not exist */
if ( emailProfile == NULL ) {
if (emailProfile == NULL) {
profileTime = NULL;
} else if ( profileTime == NULL ) {
}
else if (profileTime == NULL) {
emailProfile = NULL;
}
if ( oldProfileTime == NULL ) {
if (oldProfileTime == NULL) {
saveit = PR_TRUE;
} else {
}
else {
/* there was already a profile for this email addr */
if ( profileTime ) {
if (profileTime) {
/* we have an old and new profile - save whichever is more recent*/
if ( oldProfileTime->len == 0 ) {
if (oldProfileTime->len == 0) {
/* always replace if old entry doesn't have a time */
oldtime = LL_MININT;
} else {
}
else {
rv = DER_UTCTimeToTime(&oldtime, oldProfileTime);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
}
rv = DER_UTCTimeToTime(&newtime, profileTime);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
if ( LL_CMP(newtime, >, oldtime ) ) {
if (LL_CMP(newtime, >, oldtime)) {
/* this is a newer profile, save it and cert */
saveit = PR_TRUE;
}
} else {
}
else {
saveit = PR_TRUE;
}
}
if (saveit) {
if (cc) {
if (stanProfile) {
@ -888,38 +878,39 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
* overwrite the data
*/
NSSArena *arena = stanProfile->object.arena;
stanProfile->profileTime = nssItem_Create(arena,
NULL,
profileTime->len,
profileTime->data);
stanProfile->profileData = nssItem_Create(arena,
NULL,
emailProfile->len,
emailProfile->data);
} else if (profileTime && emailProfile) {
stanProfile->profileTime = nssItem_Create(
arena, NULL, profileTime->len, profileTime->data);
stanProfile->profileData = nssItem_Create(
arena, NULL, emailProfile->len, emailProfile->data);
}
else if (profileTime && emailProfile) {
PRStatus nssrv;
NSSItem profTime, profData;
NSSITEM_FROM_SECITEM(&profTime, profileTime);
NSSITEM_FROM_SECITEM(&profData, emailProfile);
stanProfile = nssSMIMEProfile_Create(c, &profTime, &profData);
if (!stanProfile) goto loser;
if (!stanProfile)
goto loser;
nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile);
rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
}
} else {
rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr,
&cert->derSubject, emailProfile, profileTime);
}
} else {
else {
rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr,
&cert->derSubject, emailProfile,
profileTime);
}
}
else {
rv = SECSuccess;
}
loser:
if (oldProfile && freeOldProfile) {
SECITEM_FreeItem(oldProfile,PR_TRUE);
SECITEM_FreeItem(oldProfile, PR_TRUE);
}
if (oldProfileTime && freeOldProfile) {
SECITEM_FreeItem(oldProfileTime,PR_TRUE);
SECITEM_FreeItem(oldProfileTime, PR_TRUE);
}
if (stanProfile) {
nssSMIMEProfile_Destroy(stanProfile);
@ -928,7 +919,7 @@ loser:
PK11_FreeSlot(slot);
}
return(rv);
return (rv);
}
/*
@ -951,15 +942,15 @@ CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
if (cert->slot && !PK11_IsInternal(cert->slot)) {
/* this cert comes from an external source, we need to add it
to the cert db before creating an S/MIME profile */
PK11SlotInfo* internalslot = PK11_GetInternalKeySlot();
PK11SlotInfo *internalslot = PK11_GetInternalKeySlot();
if (!internalslot) {
return SECFailure;
}
rv = PK11_ImportCert(internalslot, cert,
CK_INVALID_HANDLE, NULL, PR_FALSE);
rv = PK11_ImportCert(internalslot, cert, CK_INVALID_HANDLE, NULL,
PR_FALSE);
PK11_FreeSlot(internalslot);
if (rv != SECSuccess ) {
if (rv != SECSuccess) {
return SECFailure;
}
}
@ -971,17 +962,16 @@ CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
}
for (emailAddr = CERT_GetFirstEmailAddress(cert); emailAddr != NULL;
emailAddr = CERT_GetNextEmailAddress(cert,emailAddr)) {
rv = certdb_SaveSingleProfile(cert,emailAddr,emailProfile,profileTime);
emailAddr = CERT_GetNextEmailAddress(cert, emailAddr)) {
rv = certdb_SaveSingleProfile(cert, emailAddr, emailProfile,
profileTime);
if (rv != SECSuccess) {
return SECFailure;
}
}
return SECSuccess;
}
SECItem *
CERT_FindSMimeProfile(CERTCertificate *cert)
{
@ -995,14 +985,15 @@ CERT_FindSMimeProfile(CERTCertificate *cert)
return NULL;
}
c = STAN_GetNSSCertificate(cert);
if (!c) return NULL;
if (!c)
return NULL;
cc = c->object.cryptoContext;
if (cc != NULL) {
nssSMIMEProfile *stanProfile;
stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
if (stanProfile) {
rvItem = SECITEM_AllocItem(NULL, NULL,
stanProfile->profileData->size);
rvItem =
SECITEM_AllocItem(NULL, NULL, stanProfile->profileData->size);
if (rvItem) {
rvItem->data = stanProfile->profileData->data;
}
@ -1050,15 +1041,13 @@ SECKEY_HashPassword(char *pw, SECItem *salt)
SECStatus
__CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle,
SECItem *derSubject,
void *cb, void *cbarg)
SECItem *derSubject, void *cb, void *cbarg)
{
PORT_Assert("CERT_TraversePermCertsForSubject is Deprecated" == NULL);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
}
SECStatus
__CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname,
void *cb, void *cbarg)
@ -1067,6 +1056,3 @@ __CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname,
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
}

61
security/nss/lib/certdb/xauthkid.c
Просмотреть файл

@ -24,25 +24,25 @@ SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
const SEC_ASN1Template CERTAuthKeyIDTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
offsetof(CERTAuthKeyID,keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate)},
offsetof(CERTAuthKeyID, keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate},
offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
offsetof(CERTAuthKeyID,authCertSerialNumber),
offsetof(CERTAuthKeyID, authCertSerialNumber),
SEC_ASN1_SUB(SEC_IntegerTemplate) },
{ 0 }
};
SECStatus CERT_EncodeAuthKeyID (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
SECStatus
CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value,
SECItem *encodedValue)
{
SECStatus rv = SECFailure;
PORT_Assert (value);
PORT_Assert (arena);
PORT_Assert (value->DERAuthCertIssuer == NULL);
PORT_Assert (encodedValue);
PORT_Assert(value);
PORT_Assert(arena);
PORT_Assert(value->DERAuthCertIssuer == NULL);
PORT_Assert(encodedValue);
do {
@ -52,60 +52,61 @@ SECStatus CERT_EncodeAuthKeyID (PLArenaPool *arena, CERTAuthKeyID *value, SECIte
*/
if (value->authCertIssuer) {
if (!value->authCertSerialNumber.data) {
PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
break;
}
value->DERAuthCertIssuer = cert_EncodeGeneralNames
(arena, value->authCertIssuer);
value->DERAuthCertIssuer =
cert_EncodeGeneralNames(arena, value->authCertIssuer);
if (!value->DERAuthCertIssuer) {
PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
break;
}
}
else if (value->authCertSerialNumber.data) {
PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
break;
}
if (SEC_ASN1EncodeItem (arena, encodedValue, value,
if (SEC_ASN1EncodeItem(arena, encodedValue, value,
CERTAuthKeyIDTemplate) == NULL)
break;
rv = SECSuccess;
} while (0);
return(rv);
return (rv);
}
CERTAuthKeyID *
CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue)
CERT_DecodeAuthKeyID(PLArenaPool *arena, const SECItem *encodedValue)
{
CERTAuthKeyID * value = NULL;
CERTAuthKeyID *value = NULL;
SECStatus rv = SECFailure;
void * mark;
void *mark;
SECItem newEncodedValue;
PORT_Assert (arena);
PORT_Assert(arena);
do {
mark = PORT_ArenaMark (arena);
value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value));
mark = PORT_ArenaMark(arena);
value = (CERTAuthKeyID *)PORT_ArenaZAlloc(arena, sizeof(*value));
if (value == NULL)
break;
value->DERAuthCertIssuer = NULL;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
break;
}
rv = SEC_QuickDERDecodeItem
(arena, value, CERTAuthKeyIDTemplate, &newEncodedValue);
rv = SEC_QuickDERDecodeItem(arena, value, CERTAuthKeyIDTemplate,
&newEncodedValue);
if (rv != SECSuccess)
break;
value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer);
value->authCertIssuer =
cert_DecodeGeneralNames(arena, value->DERAuthCertIssuer);
if (value->authCertIssuer == NULL)
break;
@ -113,14 +114,14 @@ CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue)
hl
*/
if ((value->authCertSerialNumber.data && !value->authCertIssuer) ||
(!value->authCertSerialNumber.data && value->authCertIssuer)){
PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
(!value->authCertSerialNumber.data && value->authCertIssuer)) {
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
break;
}
} while (0);
if (rv != SECSuccess) {
PORT_ArenaRelease (arena, mark);
PORT_ArenaRelease(arena, mark);
return ((CERTAuthKeyID *)NULL);
}
PORT_ArenaUnmark(arena, mark);

94
security/nss/lib/certdb/xbsconst.c
Просмотреть файл

@ -18,45 +18,47 @@
#include "prprf.h"
#include "secerr.h"
typedef struct EncodedContext{
typedef struct EncodedContext {
SECItem isCA;
SECItem pathLenConstraint;
SECItem encodedValue;
PLArenaPool *arena;
}EncodedContext;
} EncodedContext;
static const SEC_ASN1Template CERTBasicConstraintsTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(EncodedContext) },
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(EncodedContext) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
offsetof(EncodedContext,isCA)},
offsetof(EncodedContext, isCA) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
offsetof(EncodedContext,pathLenConstraint) },
{ 0, }
offsetof(EncodedContext, pathLenConstraint) },
{ 0 }
};
static unsigned char hexTrue = 0xff;
static unsigned char hexFalse = 0x00;
#define GEN_BREAK(status) rv = status; break;
#define GEN_BREAK(status) \
rv = status; \
break;
SECStatus CERT_EncodeBasicConstraintValue
(PLArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue)
SECStatus
CERT_EncodeBasicConstraintValue(PLArenaPool *arena, CERTBasicConstraints *value,
SECItem *encodedValue)
{
EncodedContext encodeContext;
PLArenaPool *our_pool = NULL;
SECStatus rv = SECSuccess;
do {
PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
PORT_Memset(&encodeContext, 0, sizeof(encodeContext));
if (!value->isCA && value->pathLenConstraint >= 0) {
PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
GEN_BREAK (SECFailure);
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
GEN_BREAK(SECFailure);
}
encodeContext.arena = arena;
if (value->isCA == PR_TRUE) {
encodeContext.isCA.data = &hexTrue ;
encodeContext.isCA.data = &hexTrue;
encodeContext.isCA.len = 1;
}
@ -64,52 +66,52 @@ SECStatus CERT_EncodeBasicConstraintValue
* omitted from the encoding.
*/
if (value->isCA && value->pathLenConstraint >= 0) {
our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
our_pool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if (our_pool == NULL) {
PORT_SetError (SEC_ERROR_NO_MEMORY);
GEN_BREAK (SECFailure);
PORT_SetError(SEC_ERROR_NO_MEMORY);
GEN_BREAK(SECFailure);
}
if (SEC_ASN1EncodeUnsignedInteger
(our_pool, &encodeContext.pathLenConstraint,
if (SEC_ASN1EncodeUnsignedInteger(
our_pool, &encodeContext.pathLenConstraint,
(unsigned long)value->pathLenConstraint) == NULL) {
PORT_SetError (SEC_ERROR_NO_MEMORY);
GEN_BREAK (SECFailure);
PORT_SetError(SEC_ERROR_NO_MEMORY);
GEN_BREAK(SECFailure);
}
}
if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
if (SEC_ASN1EncodeItem(arena, encodedValue, &encodeContext,
CERTBasicConstraintsTemplate) == NULL) {
GEN_BREAK (SECFailure);
GEN_BREAK(SECFailure);
}
} while (0);
if (our_pool)
PORT_FreeArena (our_pool, PR_FALSE);
return(rv);
PORT_FreeArena(our_pool, PR_FALSE);
return (rv);
}
SECStatus CERT_DecodeBasicConstraintValue
(CERTBasicConstraints *value, const SECItem *encodedValue)
SECStatus
CERT_DecodeBasicConstraintValue(CERTBasicConstraints *value,
const SECItem *encodedValue)
{
EncodedContext decodeContext;
PLArenaPool *our_pool;
SECStatus rv = SECSuccess;
do {
PORT_Memset (&decodeContext, 0, sizeof (decodeContext));
PORT_Memset(&decodeContext, 0, sizeof(decodeContext));
/* initialize the value just in case we got "0x30 00", or when the
pathLenConstraint is omitted.
*/
decodeContext.isCA.data =&hexFalse;
decodeContext.isCA.data = &hexFalse;
decodeContext.isCA.len = 1;
our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
our_pool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if (our_pool == NULL) {
PORT_SetError (SEC_ERROR_NO_MEMORY);
GEN_BREAK (SECFailure);
PORT_SetError(SEC_ERROR_NO_MEMORY);
GEN_BREAK(SECFailure);
}
rv = SEC_QuickDERDecodeItem
(our_pool, &decodeContext, CERTBasicConstraintsTemplate, encodedValue);
rv = SEC_QuickDERDecodeItem(our_pool, &decodeContext,
CERTBasicConstraintsTemplate, encodedValue);
if (rv == SECFailure)
break;
@ -118,28 +120,30 @@ SECStatus CERT_DecodeBasicConstraintValue
: PR_FALSE;
if (decodeContext.pathLenConstraint.data == NULL) {
/* if the pathLenConstraint is not encoded, and the current setting
is CA, then the pathLenConstraint should be set to a negative number
is CA, then the pathLenConstraint should be set to a negative
number
for unlimited certificate path.
*/
if (value->isCA)
value->pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
} else if (value->isCA) {
long len = DER_GetInteger (&decodeContext.pathLenConstraint);
}
else if (value->isCA) {
long len = DER_GetInteger(&decodeContext.pathLenConstraint);
if (len < 0 || len == LONG_MAX) {
PORT_SetError (SEC_ERROR_BAD_DER);
GEN_BREAK (SECFailure);
PORT_SetError(SEC_ERROR_BAD_DER);
GEN_BREAK(SECFailure);
}
value->pathLenConstraint = len;
} else {
}
else {
/* here we get an error where the subject is not a CA, but
the pathLenConstraint is set */
PORT_SetError (SEC_ERROR_BAD_DER);
GEN_BREAK (SECFailure);
PORT_SetError(SEC_ERROR_BAD_DER);
GEN_BREAK(SECFailure);
break;
}
} while (0);
PORT_FreeArena (our_pool, PR_FALSE);
PORT_FreeArena(our_pool, PR_FALSE);
return (rv);
}

85
security/nss/lib/certdb/xconst.c
Просмотреть файл

@ -20,12 +20,10 @@
#include "secasn1.h"
#include "secerr.h"
static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {
{ SEC_ASN1_OCTET_STRING }
};
static const SEC_ASN1Template CERTIA5TypeTemplate[] = {
{ SEC_ASN1_IA5_STRING }
};
@ -33,40 +31,34 @@ static const SEC_ASN1Template CERTIA5TypeTemplate[] = {
SEC_ASN1_MKSUB(SEC_GeneralizedTimeTemplate)
static const SEC_ASN1Template CERTPrivateKeyUsagePeriodTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTPrivKeyUsagePeriod) },
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPrivKeyUsagePeriod) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
offsetof(CERTPrivKeyUsagePeriod, notBefore),
SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
offsetof(CERTPrivKeyUsagePeriod, notAfter),
SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate)},
{ 0, }
SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
{ 0 }
};
const SEC_ASN1Template CERTAltNameTemplate[] = {
{ SEC_ASN1_CONSTRUCTED, offsetof(CERTAltNameEncodedContext, encodedGenName),
CERT_GeneralNamesTemplate}
CERT_GeneralNamesTemplate }
};
const SEC_ASN1Template CERTAuthInfoAccessItemTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTAuthInfoAccess) },
{ SEC_ASN1_OBJECT_ID,
offsetof(CERTAuthInfoAccess, method) },
{ SEC_ASN1_ANY,
offsetof(CERTAuthInfoAccess, derLocation) },
{ 0, }
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthInfoAccess) },
{ SEC_ASN1_OBJECT_ID, offsetof(CERTAuthInfoAccess, method) },
{ SEC_ASN1_ANY, offsetof(CERTAuthInfoAccess, derLocation) },
{ 0 }
};
const SEC_ASN1Template CERTAuthInfoAccessTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF, 0, CERTAuthInfoAccessItemTemplate }
};
SECStatus
CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem* srcString,
CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem *srcString,
SECItem *encodedValue)
{
SECStatus rv = SECSuccess;
@ -75,15 +67,14 @@ CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem* srcString,
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (SEC_ASN1EncodeItem (arena, encodedValue, srcString,
if (SEC_ASN1EncodeItem(arena, encodedValue, srcString,
CERTSubjectKeyIDTemplate) == NULL) {
rv = SECFailure;
}
return(rv);
return (rv);
}
SECStatus
CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
CERTPrivKeyUsagePeriod *pkup,
@ -91,11 +82,11 @@ CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
{
SECStatus rv = SECSuccess;
if (SEC_ASN1EncodeItem (arena, encodedValue, pkup,
if (SEC_ASN1EncodeItem(arena, encodedValue, pkup,
CERTPrivateKeyUsagePeriodTemplate) == NULL) {
rv = SECFailure;
}
return(rv);
return (rv);
}
CERTPrivKeyUsagePeriod *
@ -107,7 +98,7 @@ CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue)
/* allocate the certificate policies structure */
pPeriod = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
if ( pPeriod == NULL ) {
if (pPeriod == NULL) {
goto loser;
}
@ -116,14 +107,13 @@ CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue)
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
rv = SEC_QuickDERDecodeItem(arena, pPeriod,
CERTPrivateKeyUsagePeriodTemplate,
&newExtnValue);
if ( rv != SECSuccess ) {
rv = SEC_QuickDERDecodeItem(
arena, pPeriod, CERTPrivateKeyUsagePeriodTemplate, &newExtnValue);
if (rv != SECSuccess) {
goto loser;
}
return pPeriod;
@ -132,36 +122,36 @@ loser:
return NULL;
}
SECStatus
CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value, SECItem *encodedValue)
CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
SECItem *encodedValue)
{
SECItem encodeContext;
SECStatus rv = SECSuccess;
PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
PORT_Memset(&encodeContext, 0, sizeof(encodeContext));
if (value != NULL) {
encodeContext.data = (unsigned char *)value;
encodeContext.len = strlen(value);
}
if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
if (SEC_ASN1EncodeItem(arena, encodedValue, &encodeContext,
CERTIA5TypeTemplate) == NULL) {
rv = SECFailure;
}
return(rv);
return (rv);
}
SECStatus
CERT_EncodeAltNameExtension(PLArenaPool *arena, CERTGeneralName *value, SECItem *encodedValue)
CERT_EncodeAltNameExtension(PLArenaPool *arena, CERTGeneralName *value,
SECItem *encodedValue)
{
SECItem **encodedGenName;
SECStatus rv = SECSuccess;
encodedGenName = cert_EncodeGeneralNames(arena, value);
if (SEC_ASN1EncodeItem (arena, encodedValue, &encodedGenName,
if (SEC_ASN1EncodeItem(arena, encodedValue, &encodedGenName,
CERT_GeneralNamesTemplate) == NULL) {
rv = SECFailure;
}
@ -174,7 +164,7 @@ CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName)
{
SECStatus rv = SECSuccess;
CERTAltNameEncodedContext encodedContext;
SECItem* newEncodedAltName;
SECItem *newEncodedAltName;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -188,14 +178,13 @@ CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName)
encodedContext.encodedGenName = NULL;
PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext));
rv = SEC_QuickDERDecodeItem (reqArena, &encodedContext,
rv = SEC_QuickDERDecodeItem(reqArena, &encodedContext,
CERT_GeneralNamesTemplate, newEncodedAltName);
if (rv == SECFailure) {
goto loser;
}
if (encodedContext.encodedGenName && encodedContext.encodedGenName[0])
return cert_DecodeGeneralNames(reqArena,
encodedContext.encodedGenName);
return cert_DecodeGeneralNames(reqArena, encodedContext.encodedGenName);
/* Extension contained an empty GeneralNames sequence */
/* Treat as extension not found */
PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
@ -203,7 +192,6 @@ loser:
return NULL;
}
SECStatus
CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
CERTNameConstraints *value,
@ -215,7 +203,6 @@ CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
return rv;
}
CERTNameConstraints *
CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
const SECItem *encodedConstraints)
@ -223,7 +210,6 @@ CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
return cert_DecodeNameConstraints(arena, encodedConstraints);
}
CERTAuthInfoAccess **
CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
const SECItem *encodedExtension)
@ -231,7 +217,7 @@ CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
CERTAuthInfoAccess **info = NULL;
SECStatus rv;
int i;
SECItem* newEncodedExtension;
SECItem *newEncodedExtension;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -250,16 +236,14 @@ CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
}
for (i = 0; info[i] != NULL; i++) {
info[i]->location = CERT_DecodeGeneralName(reqArena,
&(info[i]->derLocation),
NULL);
info[i]->location =
CERT_DecodeGeneralName(reqArena, &(info[i]->derLocation), NULL);
}
return info;
}
SECStatus
CERT_EncodeInfoAccessExtension(PLArenaPool *arena,
CERTAuthInfoAccess **info,
CERT_EncodeInfoAccessExtension(PLArenaPool *arena, CERTAuthInfoAccess **info,
SECItem *dest)
{
SECItem *dummy;
@ -277,8 +261,7 @@ CERT_EncodeInfoAccessExtension(PLArenaPool *arena,
/* Note that this may leave some of the locations filled in. */
return SECFailure;
}
dummy = SEC_ASN1EncodeItem(arena, dest, &info,
CERTAuthInfoAccessTemplate);
dummy = SEC_ASN1EncodeItem(arena, dest, &info, CERTAuthInfoAccessTemplate);
if (dummy == NULL) {
return SECFailure;
}

14
security/nss/lib/certdb/xconst.h
Просмотреть файл

@ -10,26 +10,20 @@ typedef struct CERTAltNameEncodedContextStr {
SECItem **encodedGenName;
} CERTAltNameEncodedContext;
SEC_BEGIN_PROTOS
extern SECStatus
CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
extern SECStatus CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
CERTPrivKeyUsagePeriod *pkup,
SECItem *encodedValue);
extern SECStatus
CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
extern SECStatus CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
CERTNameConstraints *value,
SECItem *encodedValue);
extern SECStatus
CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
extern SECStatus CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
SECItem *encodedValue);
SECStatus
cert_EncodeAuthInfoAccessExtension(PLArenaPool *arena,
SECStatus cert_EncodeAuthInfoAccessExtension(PLArenaPool *arena,
CERTAuthInfoAccess **info,
SECItem *dest);
SEC_END_PROTOS

354
security/nss/lib/certhigh/certhigh.c
Просмотреть файл

@ -17,10 +17,10 @@
#include "pkitm.h"
#include "pki3hack.h"
PRBool
CERT_MatchNickname(char *name1, char *name2) {
char *nickname1= NULL;
CERT_MatchNickname(char *name1, char *name2)
{
char *nickname1 = NULL;
char *nickname2 = NULL;
char *token1;
char *token2;
@ -31,21 +31,22 @@ CERT_MatchNickname(char *name1, char *name2) {
}
/* we need to handle the case where one name has an explicit token and the other
* doesn't */
token1 = PORT_Strchr(name1,':');
token2 = PORT_Strchr(name2,':');
token1 = PORT_Strchr(name1, ':');
token2 = PORT_Strchr(name2, ':');
if ((token1 && token2) || (!token1 && !token2)) {
/* either both token names are specified or neither are, not match */
return PR_FALSE;
}
if (token1) {
nickname1=token1;
nickname2=name2;
} else {
nickname1=token2;
nickname2=name1;
nickname1 = token1;
nickname2 = name2;
}
else {
nickname1 = token2;
nickname2 = name1;
}
nickname1++;
if (PORT_Strcmp(nickname1,nickname2) != 0) {
if (PORT_Strcmp(nickname1, nickname2) != 0) {
return PR_FALSE;
}
/* Bug 1192443 - compare the other token with the internal slot here */
@ -85,20 +86,20 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER,
proto_win);
if ( ( nicknames == NULL ) || ( nicknames->numnicknames == 0 ) ) {
if ((nicknames == NULL) || (nicknames->numnicknames == 0)) {
goto loser;
}
nnptr = nicknames->nicknames;
nn = nicknames->numnicknames;
while ( nn > 0 ) {
while (nn > 0) {
cert = NULL;
/* use the pk11 call so that we pick up any certs on tokens,
* which may require login
*/
if ( proto_win != NULL ) {
cert = PK11_FindCertFromNickname(*nnptr,proto_win);
if (proto_win != NULL) {
cert = PK11_FindCertFromNickname(*nnptr, proto_win);
}
/* Sigh, It turns out if the cert is already in the temp db, because
@ -110,10 +111,10 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
* go look the cert up.
*/
if (cert == NULL) {
cert = CERT_FindCertByNickname(handle,*nnptr);
cert = CERT_FindCertByNickname(handle, *nnptr);
}
if ( cert != NULL ) {
if (cert != NULL) {
/* collect certs for this nickname, sorting them into the list */
certList = CERT_CreateSubjectCertList(certList, handle,
&cert->derSubject, time, validOnly);
@ -131,42 +132,43 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
/* remove certs with incorrect usage */
rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
/* remove any extra certs for each name */
if ( oneCertPerName ) {
if (oneCertPerName) {
PRBool *flags;
nn = nicknames->numnicknames;
nnptr = nicknames->nicknames;
flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn);
if ( flags == NULL ) {
if (flags == NULL) {
goto loser;
}
node = CERT_LIST_HEAD(certList);
/* treverse all certs in the list */
while ( !CERT_LIST_END(node, certList) ) {
while (!CERT_LIST_END(node, certList)) {
/* find matching nickname index */
for ( n = 0; n < nn; n++ ) {
if ( CERT_MatchNickname(nnptr[n], node->cert->nickname) ) {
for (n = 0; n < nn; n++) {
if (CERT_MatchNickname(nnptr[n], node->cert->nickname)) {
/* We found a match. If this is the first one, then
* set the flag and move on to the next cert. If this
* is not the first one then delete it from the list.
*/
if ( flags[n] ) {
if (flags[n]) {
/* We have already seen a cert with this nickname,
* so delete this one.
*/
freenode = node;
node = CERT_LIST_NEXT(node);
CERT_RemoveCertListNode(freenode);
} else {
}
else {
/* keep the first cert for each nickname, but set the
* flag so we know to delete any others with the same
* nickname.
@ -177,7 +179,7 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
break;
}
}
if ( n == nn ) {
if (n == nn) {
/* if we get here it means that we didn't find a matching
* nickname, which should not happen.
*/
@ -191,17 +193,17 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
goto done;
loser:
if ( certList != NULL ) {
if (certList != NULL) {
CERT_DestroyCertList(certList);
certList = NULL;
}
done:
if ( nicknames != NULL ) {
if (nicknames != NULL) {
CERT_FreeNicknames(nicknames);
}
return(certList);
return (certList);
}
/*
@ -231,38 +233,37 @@ CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
* which may require login
*/
/* XXX - why is this restricted? */
if ( proto_win != NULL ) {
cert = PK11_FindCertFromNickname(nickname,proto_win);
if (proto_win != NULL) {
cert = PK11_FindCertFromNickname(nickname, proto_win);
}
/* sigh, There are still problems find smart cards from the temp
* db. This will get smart cards working again. The real fix
* is to make sure we can search the temp db by their token nickname.
*/
if (cert == NULL) {
cert = CERT_FindCertByNickname(handle,nickname);
cert = CERT_FindCertByNickname(handle, nickname);
}
if ( cert != NULL ) {
if (cert != NULL) {
unsigned int requiredKeyUsage;
unsigned int requiredCertType;
rv = CERT_KeyUsageAndTypeForCertUsage(usage, PR_FALSE,
&requiredKeyUsage, &requiredCertType);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
/* drop the extra reference */
CERT_DestroyCertificate(cert);
cert = NULL;
goto loser;
}
/* If we already found the right cert, just return it */
if ( (!validOnly || CERT_CheckCertValidTimes(cert, time, PR_FALSE)
== secCertTimeValid) &&
if ((!validOnly || CERT_CheckCertValidTimes(cert, time, PR_FALSE) ==
secCertTimeValid) &&
(CERT_CheckKeyUsage(cert, requiredKeyUsage) == SECSuccess) &&
(cert->nsCertType & requiredCertType) &&
CERT_IsUserCert(cert) ) {
return(cert);
CERT_IsUserCert(cert)) {
return (cert);
}
/* collect certs for this nickname, sorting them into the list */
@ -276,27 +277,27 @@ CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
cert = NULL;
}
if ( certList == NULL ) {
if (certList == NULL) {
goto loser;
}
/* remove certs with incorrect usage */
rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
if ( ! CERT_LIST_END(CERT_LIST_HEAD(certList), certList) ) {
if (!CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert);
}
loser:
if ( certList != NULL ) {
if (certList != NULL) {
CERT_DestroyCertList(certList);
}
return(cert);
return (cert);
}
CERTCertList *
@ -310,36 +311,35 @@ CERT_MatchUserCert(CERTCertDBHandle *handle,
certList = CERT_FindUserCertsByUsage(handle, usage, PR_TRUE, PR_TRUE,
proto_win);
if ( certList == NULL ) {
if (certList == NULL) {
goto loser;
}
rv = CERT_FilterCertListByCANames(certList, nCANames, caNames, usage);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
goto done;
loser:
if ( certList != NULL ) {
if (certList != NULL) {
CERT_DestroyCertList(certList);
certList = NULL;
}
done:
return(certList);
return (certList);
}
typedef struct stringNode {
struct stringNode *next;
char *string;
} stringNode;
static PRStatus
CollectNicknames( NSSCertificate *c, void *data)
CollectNicknames(NSSCertificate *c, void *data)
{
CERTCertNicknames *names;
PRBool saveit = PR_FALSE;
@ -354,9 +354,9 @@ CollectNicknames( NSSCertificate *c, void *data)
names = (CERTCertNicknames *)data;
stanNickname = nssCertificate_GetNickname(c,NULL);
stanNickname = nssCertificate_GetNickname(c, NULL);
if ( stanNickname ) {
if (stanNickname) {
nss_ZFreeIf(stanNickname);
stanNickname = NULL;
if (names->what == SEC_CERT_NICKNAMES_USER) {
@ -368,29 +368,29 @@ CollectNicknames( NSSCertificate *c, void *data)
if (!td) {
return PR_SUCCESS;
}
trust = nssTrustDomain_FindTrustForCertificate(td,c);
trust = nssTrustDomain_FindTrustForCertificate(td, c);
switch(names->what) {
switch (names->what) {
case SEC_CERT_NICKNAMES_ALL:
if ((trust->sslFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
(trust->emailFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
if ((trust->sslFlags & (CERTDB_VALID_CA | CERTDB_VALID_PEER)) ||
(trust->emailFlags & (CERTDB_VALID_CA | CERTDB_VALID_PEER)) ||
(trust->objectSigningFlags &
(CERTDB_VALID_CA|CERTDB_VALID_PEER))) {
(CERTDB_VALID_CA | CERTDB_VALID_PEER))) {
saveit = PR_TRUE;
}
break;
case SEC_CERT_NICKNAMES_SERVER:
if ( trust->sslFlags & CERTDB_VALID_PEER ) {
if (trust->sslFlags & CERTDB_VALID_PEER) {
saveit = PR_TRUE;
}
break;
case SEC_CERT_NICKNAMES_CA:
if (((trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA)||
((trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA) ||
((trust->objectSigningFlags & CERTDB_VALID_CA )
== CERTDB_VALID_CA)) {
if (((trust->sslFlags & CERTDB_VALID_CA) == CERTDB_VALID_CA) ||
((trust->emailFlags & CERTDB_VALID_CA) == CERTDB_VALID_CA) ||
((trust->objectSigningFlags & CERTDB_VALID_CA) ==
CERTDB_VALID_CA)) {
saveit = PR_TRUE;
}
break;
@ -402,7 +402,7 @@ CollectNicknames( NSSCertificate *c, void *data)
/* traverse the list of collected nicknames and make sure we don't make
* a duplicate
*/
if ( saveit ) {
if (saveit) {
nickname = STAN_GetCERTCertificateName(NULL, c);
/* nickname can only be NULL here if we are having memory
* alloc problems */
@ -410,8 +410,8 @@ CollectNicknames( NSSCertificate *c, void *data)
return PR_FAILURE;
}
node = (stringNode *)names->head;
while ( node != NULL ) {
if ( PORT_Strcmp(nickname, node->string) == 0 ) {
while (node != NULL) {
if (PORT_Strcmp(nickname, node->string) == 0) {
/* if the string matches, then don't save this one */
saveit = PR_FALSE;
break;
@ -420,19 +420,19 @@ CollectNicknames( NSSCertificate *c, void *data)
}
}
if ( saveit ) {
if (saveit) {
/* allocate the node */
node = (stringNode*)PORT_ArenaAlloc(names->arena, sizeof(stringNode));
if ( node == NULL ) {
node = (stringNode *)PORT_ArenaAlloc(names->arena, sizeof(stringNode));
if (node == NULL) {
PORT_Free(nickname);
return PR_FAILURE;
}
/* copy the string */
len = PORT_Strlen(nickname) + 1;
node->string = (char*)PORT_ArenaAlloc(names->arena, len);
if ( node->string == NULL ) {
node->string = (char *)PORT_ArenaAlloc(names->arena, len);
if (node->string == NULL) {
PORT_Free(nickname);
return PR_FAILURE;
}
@ -446,8 +446,9 @@ CollectNicknames( NSSCertificate *c, void *data)
names->numnicknames++;
}
if (nickname) PORT_Free(nickname);
return(PR_SUCCESS);
if (nickname)
PORT_Free(nickname);
return (PR_SUCCESS);
}
CERTCertNicknames *
@ -459,13 +460,13 @@ CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx)
stringNode *node;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
if (arena == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return(NULL);
return (NULL);
}
names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
if ( names == NULL ) {
if (names == NULL) {
goto loser;
}
@ -477,21 +478,22 @@ CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx)
names->totallen = 0;
/* make sure we are logged in */
(void) pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
(void)pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
NSSTrustDomain_TraverseCertificates(handle,
CollectNicknames, (void *)names);
if ( names->numnicknames ) {
names->nicknames = (char**)PORT_ArenaAlloc(arena,
names->numnicknames * sizeof(char *));
if (names->numnicknames) {
names->nicknames = (char **)PORT_ArenaAlloc(arena,
names->numnicknames *
sizeof(char *));
if ( names->nicknames == NULL ) {
if (names->nicknames == NULL) {
goto loser;
}
node = (stringNode *)names->head;
for ( i = 0; i < names->numnicknames; i++ ) {
for (i = 0; i < names->numnicknames; i++) {
PORT_Assert(node != NULL);
names->nicknames[i] = node->string;
@ -502,11 +504,11 @@ CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx)
PORT_Assert(node == NULL);
}
return(names);
return (names);
loser:
PORT_FreeArena(arena, PR_FALSE);
return(NULL);
return (NULL);
}
void
@ -533,7 +535,7 @@ CERT_FreeDistNames(CERTDistNames *names)
}
static SECStatus
CollectDistNames( CERTCertificate *cert, SECItem *k, void *data)
CollectDistNames(CERTCertificate *cert, SECItem *k, void *data)
{
CERTDistNames *names;
PRBool saveit = PR_FALSE;
@ -543,26 +545,26 @@ CollectDistNames( CERTCertificate *cert, SECItem *k, void *data)
names = (CERTDistNames *)data;
if ( CERT_GetCertTrust(cert, &trust) == SECSuccess ) {
if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
/* only collect names of CAs trusted for issuing SSL clients */
if ( trust.sslFlags & CERTDB_TRUSTED_CLIENT_CA ) {
if (trust.sslFlags & CERTDB_TRUSTED_CLIENT_CA) {
saveit = PR_TRUE;
}
}
if ( saveit ) {
if (saveit) {
/* allocate the node */
node = (dnameNode*)PORT_ArenaAlloc(names->arena, sizeof(dnameNode));
if ( node == NULL ) {
return(SECFailure);
node = (dnameNode *)PORT_ArenaAlloc(names->arena, sizeof(dnameNode));
if (node == NULL) {
return (SECFailure);
}
/* copy the name */
node->name.len = len = cert->derSubject.len;
node->name.type = siBuffer;
node->name.data = (unsigned char*)PORT_ArenaAlloc(names->arena, len);
if ( node->name.data == NULL ) {
return(SECFailure);
node->name.data = (unsigned char *)PORT_ArenaAlloc(names->arena, len);
if (node->name.data == NULL) {
return (SECFailure);
}
PORT_Memcpy(node->name.data, cert->derSubject.data, len);
@ -574,7 +576,7 @@ CollectDistNames( CERTCertificate *cert, SECItem *k, void *data)
names->nnames++;
}
return(SECSuccess);
return (SECSuccess);
}
/*
@ -592,7 +594,7 @@ CERT_DupDistNames(CERTDistNames *orig)
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return(NULL);
return (NULL);
}
/* allocate the header structure */
@ -609,7 +611,7 @@ CERT_DupDistNames(CERTDistNames *orig)
/* construct the array from the list */
if (orig->nnames) {
names->names = (SECItem*)PORT_ArenaNewArray(arena, SECItem,
names->names = (SECItem *)PORT_ArenaNewArray(arena, SECItem,
orig->nnames);
if (names->names == NULL) {
goto loser;
@ -621,11 +623,11 @@ CERT_DupDistNames(CERTDistNames *orig)
}
}
}
return(names);
return (names);
loser:
PORT_FreeArena(arena, PR_FALSE);
return(NULL);
return (NULL);
}
CERTDistNames *
@ -639,14 +641,14 @@ CERT_GetSSLCACerts(CERTCertDBHandle *handle)
/* allocate an arena to use */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
if (arena == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return(NULL);
return (NULL);
}
/* allocate the header structure */
names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames));
if ( names == NULL ) {
if (names == NULL) {
goto loser;
}
@ -658,21 +660,21 @@ CERT_GetSSLCACerts(CERTCertDBHandle *handle)
/* collect the names from the database */
rv = PK11_TraverseSlotCerts(CollectDistNames, (void *)names, NULL);
if ( rv ) {
if (rv) {
goto loser;
}
/* construct the array from the list */
if ( names->nnames ) {
names->names = (SECItem*)PORT_ArenaAlloc(arena, names->nnames * sizeof(SECItem));
if (names->nnames) {
names->names = (SECItem *)PORT_ArenaAlloc(arena, names->nnames * sizeof(SECItem));
if ( names->names == NULL ) {
if (names->names == NULL) {
goto loser;
}
node = (dnameNode *)names->head;
for ( i = 0; i < names->nnames; i++ ) {
for (i = 0; i < names->nnames; i++) {
PORT_Assert(node != NULL);
names->names[i] = node->name;
@ -682,20 +684,20 @@ CERT_GetSSLCACerts(CERTCertDBHandle *handle)
PORT_Assert(node == NULL);
}
return(names);
return (names);
loser:
PORT_FreeArena(arena, PR_FALSE);
return(NULL);
return (NULL);
}
CERTDistNames *
CERT_DistNamesFromCertList(CERTCertList *certList)
{
CERTDistNames * dnames = NULL;
PLArenaPool * arena;
CERTDistNames *dnames = NULL;
PLArenaPool *arena;
CERTCertListNode *node = NULL;
SECItem * names = NULL;
SECItem *names = NULL;
int listLen = 0, i = 0;
if (certList == NULL) {
@ -704,23 +706,26 @@ CERT_DistNamesFromCertList(CERTCertList *certList)
}
node = CERT_LIST_HEAD(certList);
while ( ! CERT_LIST_END(node, certList) ) {
while (!CERT_LIST_END(node, certList)) {
listLen += 1;
node = CERT_LIST_NEXT(node);
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) goto loser;
if (arena == NULL)
goto loser;
dnames = PORT_ArenaZNew(arena, CERTDistNames);
if (dnames == NULL) goto loser;
if (dnames == NULL)
goto loser;
dnames->arena = arena;
dnames->nnames = listLen;
dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, listLen);
if (names == NULL) goto loser;
if (names == NULL)
goto loser;
node = CERT_LIST_HEAD(certList);
while ( ! CERT_LIST_END(node, certList) ) {
while (!CERT_LIST_END(node, certList)) {
CERTCertificate *cert = node->cert;
SECStatus rv = SECITEM_CopyItem(arena, &names[i++], &cert->derSubject);
if (rv == SECFailure) {
@ -747,20 +752,25 @@ CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames,
CERTCertificate *cert = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) goto loser;
if (arena == NULL)
goto loser;
dnames = PORT_ArenaZNew(arena, CERTDistNames);
if (dnames == NULL) goto loser;
if (dnames == NULL)
goto loser;
dnames->arena = arena;
dnames->nnames = nnames;
dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, nnames);
if (names == NULL) goto loser;
if (names == NULL)
goto loser;
for (i = 0; i < nnames; i++) {
cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]);
if (cert == NULL) goto loser;
if (cert == NULL)
goto loser;
rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject);
if (rv == SECFailure) goto loser;
if (rv == SECFailure)
goto loser;
CERT_DestroyCertificate(cert);
}
return dnames;
@ -787,33 +797,33 @@ CERT_FindCertByNameString(CERTCertDBHandle *handle, char *nameStr)
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
if (arena == NULL) {
goto loser;
}
name = CERT_AsciiToName(nameStr);
if ( name ) {
nameItem = SEC_ASN1EncodeItem (arena, NULL, (void *)name,
if (name) {
nameItem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
CERT_NameTemplate);
if ( nameItem != NULL ) {
if (nameItem != NULL) {
cert = CERT_FindCertByName(handle, nameItem);
}
CERT_DestroyName(name);
}
loser:
if ( arena ) {
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
return(cert);
return (cert);
}
/* From certv3.c */
CERTCrlDistributionPoints *
CERT_FindCRLDistributionPoints (CERTCertificate *cert)
CERT_FindCRLDistributionPoints(CERTCertificate *cert)
{
SECItem encodedExtenValue;
SECStatus rv;
@ -824,7 +834,7 @@ CERT_FindCRLDistributionPoints (CERTCertificate *cert)
rv = cert_FindExtension(cert->extensions, SEC_OID_X509_CRL_DIST_POINTS,
&encodedExtenValue);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
return (NULL);
}
@ -836,11 +846,11 @@ CERT_FindCRLDistributionPoints (CERTCertificate *cert)
}
/* From crl.c */
CERTSignedCrl * CERT_ImportCRL
(CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, void *wincx)
CERTSignedCrl *
CERT_ImportCRL(CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, void *wincx)
{
CERTSignedCrl* retCrl = NULL;
PK11SlotInfo* slot = PK11_GetInternalKeySlot();
CERTSignedCrl *retCrl = NULL;
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
retCrl = PK11_ImportCRL(slot, derCRL, url, type, wincx,
CRL_IMPORT_DEFAULT_OPTIONS, NULL, CRL_DECODE_DEFAULT_OPTIONS);
PK11_FreeSlot(slot);
@ -871,14 +881,14 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
/* decode my certificate */
/* This use is ok -- only looks at decoded parts, calls NewTemp later */
newcert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
if ( newcert == NULL ) {
if (newcert == NULL) {
goto loser;
}
if (!trusted) {
/* make sure that cert is valid */
rv = CERT_CertTimesValid(newcert);
if ( rv == SECFailure ) {
if (rv == SECFailure) {
goto endloop;
}
}
@ -891,24 +901,25 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
*/
isca = CERT_IsCACert(newcert, &certtype);
if ( !isca ) {
if (!isca) {
if (!trusted) {
goto endloop;
}
trust.sslFlags = CERTDB_VALID_CA;
trust.emailFlags = CERTDB_VALID_CA;
trust.objectSigningFlags = CERTDB_VALID_CA;
} else {
}
else {
/* SSL ca's must have the ssl bit set */
if ( ( certUsage == certUsageSSLCA ) &&
(( certtype & NS_CERT_TYPE_SSL_CA ) != NS_CERT_TYPE_SSL_CA )) {
if ((certUsage == certUsageSSLCA) &&
((certtype & NS_CERT_TYPE_SSL_CA) != NS_CERT_TYPE_SSL_CA)) {
goto endloop;
}
/* it passed all of the tests, so lets add it to the database */
/* mark it as a CA */
PORT_Memset((void *)&trust, 0, sizeof(trust));
switch ( certUsage ) {
switch (certUsage) {
case certUsageSSLCA:
trust.sslFlags = CERTDB_VALID_CA;
break;
@ -916,12 +927,12 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
if ((certtype & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
trust.sslFlags = CERTDB_VALID_CA;
}
if ((certtype & NS_CERT_TYPE_EMAIL_CA)
== NS_CERT_TYPE_EMAIL_CA ) {
if ((certtype & NS_CERT_TYPE_EMAIL_CA) ==
NS_CERT_TYPE_EMAIL_CA) {
trust.emailFlags = CERTDB_VALID_CA;
}
if ( ( certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA ) ==
NS_CERT_TYPE_OBJECT_SIGNING_CA ) {
if ((certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA) ==
NS_CERT_TYPE_OBJECT_SIGNING_CA) {
trust.objectSigningFlags = CERTDB_VALID_CA;
}
break;
@ -933,7 +944,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
cert = CERT_NewTempCertificate(handle, derCert, NULL,
PR_FALSE, PR_FALSE);
if ( cert == NULL ) {
if (cert == NULL) {
goto loser;
}
@ -945,26 +956,26 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
rv = CERT_AddTempCertToPerm(cert, nickname, &trust);
/* free the nickname */
if ( nickname ) {
if (nickname) {
PORT_Free(nickname);
}
} else {
}
else {
rv = SECSuccess;
}
CERT_DestroyCertificate(cert);
cert = NULL;
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
endloop:
if ( newcert ) {
endloop:
if (newcert) {
CERT_DestroyCertificate(newcert);
newcert = NULL;
}
}
rv = SECSuccess;
@ -973,17 +984,17 @@ loser:
rv = SECFailure;
done:
if ( newcert ) {
if (newcert) {
CERT_DestroyCertificate(newcert);
newcert = NULL;
}
if ( cert ) {
if (cert) {
CERT_DestroyCertificate(cert);
cert = NULL;
}
return(rv);
return (rv);
}
SECStatus
@ -993,7 +1004,8 @@ CERT_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage)
}
SECStatus
CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage) {
CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage)
{
return cert_ImportCAChain(certs, numcerts, certUsage, PR_TRUE);
}
@ -1053,9 +1065,11 @@ CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
chain = (CERTCertificateList *)PORT_ArenaAlloc(arena,
sizeof(CERTCertificateList));
if (!chain) goto loser;
chain->certs = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
if (!chain->certs) goto loser;
if (!chain)
goto loser;
chain->certs = (SECItem *)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
if (!chain->certs)
goto loser;
i = 0;
stanCert = stanChain[i];
while (stanCert) {
@ -1077,9 +1091,10 @@ CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
}
CERT_DestroyCertificate(cCert);
}
if ( !includeRoot && len > 1) {
if (!includeRoot && len > 1) {
chain->len = len - 1;
} else {
}
else {
chain->len = len;
}
@ -1115,15 +1130,19 @@ CERT_CertListFromCert(CERTCertificate *cert)
/* arena for SecCertificateList */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) goto no_memory;
if (arena == NULL)
goto no_memory;
/* build the CERTCertificateList */
chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
if (chain == NULL) goto no_memory;
chain->certs = (SECItem*)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem));
if (chain->certs == NULL) goto no_memory;
if (chain == NULL)
goto no_memory;
chain->certs = (SECItem *)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem));
if (chain->certs == NULL)
goto no_memory;
rv = SECITEM_CopyItem(arena, chain->certs, &(cert->derCert));
if (rv < 0) goto loser;
if (rv < 0)
goto loser;
chain->len = 1;
chain->arena = arena;
@ -1139,7 +1158,7 @@ loser:
}
CERTCertificateList *
CERT_DupCertList(const CERTCertificateList * oldList)
CERT_DupCertList(const CERTCertificateList *oldList)
{
CERTCertificateList *newList = NULL;
PLArenaPool *arena = NULL;
@ -1158,7 +1177,7 @@ CERT_DupCertList(const CERTCertificateList * oldList)
if (newList == NULL)
goto no_memory;
newList->arena = arena;
newItem = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
newItem = (SECItem *)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
if (newItem == NULL)
goto no_memory;
newList->certs = newItem;
@ -1185,4 +1204,3 @@ CERT_DestroyCertificateList(CERTCertificateList *list)
{
PORT_FreeArena(list->arena, PR_FALSE);
}

109
security/nss/lib/certhigh/certhtml.c
Просмотреть файл

@ -22,7 +22,8 @@ static char *hex = "0123456789ABCDEF";
/*
** Convert a der-encoded integer to a hex printable string form
*/
char *CERT_Hexify (SECItem *i, int do_colon)
char *
CERT_Hexify(SECItem *i, int do_colon)
{
unsigned char *cp, *end;
char *rv, *o;
@ -31,8 +32,9 @@ char *CERT_Hexify (SECItem *i, int do_colon)
return PORT_Strdup("00");
}
rv = o = (char*) PORT_Alloc(i->len * 3);
if (!rv) return rv;
rv = o = (char *)PORT_Alloc(i->len * 3);
if (!rv)
return rv;
cp = i->data;
end = cp + i->len;
@ -58,22 +60,22 @@ char *CERT_Hexify (SECItem *i, int do_colon)
#define MAX_OUS 20
#define MAX_DC MAX_OUS
char *CERT_FormatName (CERTName *name)
char *
CERT_FormatName(CERTName *name)
{
CERTRDN** rdns;
CERTRDN * rdn;
CERTAVA** avas;
CERTAVA* ava;
char * buf = 0;
char * tmpbuf = 0;
SECItem * cn = 0;
SECItem * email = 0;
SECItem * org = 0;
SECItem * loc = 0;
SECItem * state = 0;
SECItem * country = 0;
SECItem * dq = 0;
CERTRDN **rdns;
CERTRDN *rdn;
CERTAVA **avas;
CERTAVA *ava;
char *buf = 0;
char *tmpbuf = 0;
SECItem *cn = 0;
SECItem *email = 0;
SECItem *org = 0;
SECItem *loc = 0;
SECItem *state = 0;
SECItem *country = 0;
SECItem *dq = 0;
unsigned len = 0;
int tag;
@ -81,8 +83,8 @@ char *CERT_FormatName (CERTName *name)
int ou_count = 0;
int dc_count = 0;
PRBool first;
SECItem * orgunit[MAX_OUS];
SECItem * dc[MAX_DC];
SECItem *orgunit[MAX_OUS];
SECItem *dc[MAX_DC];
/* Loop over name components and gather the interesting ones */
rdns = name->rdns;
@ -90,7 +92,7 @@ char *CERT_FormatName (CERTName *name)
avas = rdn->avas;
while ((ava = *avas++) != 0) {
tag = CERT_GetAVATag(ava);
switch(tag) {
switch (tag) {
case SEC_OID_AVA_COMMON_NAME:
if (cn) {
break;
@ -191,109 +193,108 @@ char *CERT_FormatName (CERTName *name)
/* allocate buffer */
buf = (char *)PORT_Alloc(len);
if ( !buf ) {
if (!buf) {
goto loser;
}
tmpbuf = buf;
if ( cn ) {
if (cn) {
PORT_Memcpy(tmpbuf, cn->data, cn->len);
tmpbuf += cn->len;
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
}
if ( email ) {
if (email) {
PORT_Memcpy(tmpbuf, email->data, email->len);
tmpbuf += ( email->len );
tmpbuf += (email->len);
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
}
for (i=ou_count-1; i >= 0; i--) {
for (i = ou_count - 1; i >= 0; i--) {
PORT_Memcpy(tmpbuf, orgunit[i]->data, orgunit[i]->len);
tmpbuf += ( orgunit[i]->len );
tmpbuf += (orgunit[i]->len);
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
}
if ( dq ) {
if (dq) {
PORT_Memcpy(tmpbuf, dq->data, dq->len);
tmpbuf += ( dq->len );
tmpbuf += (dq->len);
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
}
if ( org ) {
if (org) {
PORT_Memcpy(tmpbuf, org->data, org->len);
tmpbuf += ( org->len );
tmpbuf += (org->len);
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
}
for (i=dc_count-1; i >= 0; i--) {
for (i = dc_count - 1; i >= 0; i--) {
PORT_Memcpy(tmpbuf, dc[i]->data, dc[i]->len);
tmpbuf += ( dc[i]->len );
tmpbuf += (dc[i]->len);
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
}
first = PR_TRUE;
if ( loc ) {
if (loc) {
PORT_Memcpy(tmpbuf, loc->data, loc->len);
tmpbuf += ( loc->len );
tmpbuf += (loc->len);
first = PR_FALSE;
}
if ( state ) {
if ( !first ) {
if (state) {
if (!first) {
PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
tmpbuf += COMMALEN;
}
PORT_Memcpy(tmpbuf, state->data, state->len);
tmpbuf += ( state->len );
tmpbuf += (state->len);
first = PR_FALSE;
}
if ( country ) {
if ( !first ) {
if (country) {
if (!first) {
PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
tmpbuf += COMMALEN;
}
PORT_Memcpy(tmpbuf, country->data, country->len);
tmpbuf += ( country->len );
tmpbuf += (country->len);
first = PR_FALSE;
}
if ( !first ) {
if (!first) {
PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
tmpbuf += BREAKLEN;
}
*tmpbuf = 0;
/* fall through and clean */
/* fall through and clean */
loser:
if ( cn ) {
if (cn) {
SECITEM_FreeItem(cn, PR_TRUE);
}
if ( email ) {
if (email) {
SECITEM_FreeItem(email, PR_TRUE);
}
for (i=ou_count-1; i >= 0; i--) {
for (i = ou_count - 1; i >= 0; i--) {
SECITEM_FreeItem(orgunit[i], PR_TRUE);
}
if ( dq ) {
if (dq) {
SECITEM_FreeItem(dq, PR_TRUE);
}
if ( org ) {
if (org) {
SECITEM_FreeItem(org, PR_TRUE);
}
for (i=dc_count-1; i >= 0; i--) {
for (i = dc_count - 1; i >= 0; i--) {
SECITEM_FreeItem(dc[i], PR_TRUE);
}
if ( loc ) {
if (loc) {
SECITEM_FreeItem(loc, PR_TRUE);
}
if ( state ) {
if (state) {
SECITEM_FreeItem(state, PR_TRUE);
}
if ( country ) {
if (country) {
SECITEM_FreeItem(country, PR_TRUE);
}
return(buf);
return (buf);
}

63
security/nss/lib/certhigh/certreq.c
Просмотреть файл

@ -29,15 +29,15 @@ const SEC_ASN1Template CERT_CertificateRequestTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTCertificateRequest) },
{ SEC_ASN1_INTEGER,
offsetof(CERTCertificateRequest,version) },
offsetof(CERTCertificateRequest, version) },
{ SEC_ASN1_INLINE,
offsetof(CERTCertificateRequest,subject),
offsetof(CERTCertificateRequest, subject),
CERT_NameTemplate },
{ SEC_ASN1_INLINE,
offsetof(CERTCertificateRequest,subjectPublicKeyInfo),
offsetof(CERTCertificateRequest, subjectPublicKeyInfo),
CERT_SubjectPublicKeyInfoTemplate },
{ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
offsetof(CERTCertificateRequest,attributes),
offsetof(CERTCertificateRequest, attributes),
CERT_SetOfAttributeTemplate },
{ 0 }
};
@ -56,8 +56,8 @@ CERT_CreateCertificate(unsigned long serialNumber,
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
return(0);
if (!arena) {
return (0);
}
c = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
@ -75,26 +75,32 @@ CERT_CreateCertificate(unsigned long serialNumber,
* If extensions are added, it will get changed as appropriate.
*/
rv = DER_SetUInteger(arena, &c->version, SEC_CERTIFICATE_VERSION_1);
if (rv) goto loser;
if (rv)
goto loser;
rv = DER_SetUInteger(arena, &c->serialNumber, serialNumber);
if (rv) goto loser;
if (rv)
goto loser;
rv = CERT_CopyName(arena, &c->issuer, issuer);
if (rv) goto loser;
if (rv)
goto loser;
rv = CERT_CopyValidity(arena, &c->validity, validity);
if (rv) goto loser;
if (rv)
goto loser;
rv = CERT_CopyName(arena, &c->subject, &req->subject);
if (rv) goto loser;
if (rv)
goto loser;
rv = SECKEY_CopySubjectPublicKeyInfo(arena, &c->subjectPublicKeyInfo,
&req->subjectPublicKeyInfo);
if (rv) goto loser;
if (rv)
goto loser;
return c;
loser:
loser:
CERT_DestroyCertificate(c);
return 0;
}
@ -125,13 +131,13 @@ CERT_CreateCertificateRequest(CERTName *subject,
{
CERTCertificateRequest *certreq;
PLArenaPool *arena;
CERTAttribute * attribute;
SECOidData * oidData;
CERTAttribute *attribute;
SECOidData *oidData;
SECStatus rv;
int i = 0;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
if (arena == NULL) {
return NULL;
}
@ -159,8 +165,8 @@ CERT_CreateCertificateRequest(CERTName *subject,
if (rv != SECSuccess)
goto loser;
certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute*, 2);
if(!certreq->attributes)
certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute *, 2);
if (!certreq->attributes)
goto loser;
/* Copy over attribute information */
@ -183,7 +189,7 @@ CERT_CreateCertificateRequest(CERTName *subject,
if (!attribute)
goto loser;
oidData = SECOID_FindOIDByTag( SEC_OID_PKCS9_EXTENSION_REQUEST );
oidData = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
PORT_Assert(oidData);
if (!oidData)
goto loser;
@ -191,9 +197,9 @@ CERT_CreateCertificateRequest(CERTName *subject,
if (rv != SECSuccess)
goto loser;
for (i = 0; attributes[i] != NULL ; i++)
for (i = 0; attributes[i] != NULL; i++)
;
attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i+1);
attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i + 1);
if (!attribute->attrValue)
goto loser;
@ -207,7 +213,7 @@ CERT_CreateCertificateRequest(CERTName *subject,
** example in the PKCS 7 code.
*/
attribute->attrValue[i] = SECITEM_ArenaDupItem(arena, attributes[i]);
if(!attribute->attrValue[i])
if (!attribute->attrValue[i])
goto loser;
}
@ -245,7 +251,7 @@ extern void *cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
void *
CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req)
{
return (cert_StartExtensions ((void *)req, req->arena, setCRExt));
return (cert_StartExtensions((void *)req, req->arena, setCRExt));
}
/*
@ -257,7 +263,8 @@ CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req)
*/
SECStatus
CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req)
{ SECItem *extlist;
{
SECItem *extlist;
SECOidData *oidrec;
CERTAttribute *attribute;
@ -271,7 +278,7 @@ CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req)
extlist = SEC_ASN1EncodeItem(req->arena, NULL, &req->attributes,
SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate));
if (extlist == NULL)
return(SECFailure);
return (SECFailure);
oidrec = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
if (oidrec == NULL)
@ -279,7 +286,7 @@ CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req)
/* now change the list of cert extensions into a list of attributes
*/
req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute*, 2);
req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute *, 2);
attribute = PORT_ArenaZNew(req->arena, CERTAttribute);
@ -288,7 +295,7 @@ CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req)
PORT_SetError(SEC_ERROR_NO_MEMORY);
return SECFailure;
}
attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem*, 2);
attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem *, 2);
if (attribute->attrValue == NULL)
return SECFailure;
@ -318,7 +325,7 @@ CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req,
return SECFailure;
}
return(SEC_ASN1DecodeItem(req->arena, exts,
return (SEC_ASN1DecodeItem(req->arena, exts,
SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate),
(*req->attributes)->attrValue[0]));
}

508
security/nss/lib/certhigh/certvfy.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

392
security/nss/lib/certhigh/certvfypkix.c
Просмотреть файл

@ -38,7 +38,6 @@ pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable);
PRInt32 parallelFnInvocationCount;
#endif /* PKIX_OBJECT_LEAK_TEST */
static PRBool usePKIXValidationEngine = PR_FALSE;
/*
@ -104,7 +103,7 @@ CERT_GetUsePKIXForValidation()
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error*
static PKIX_Error *
cert_NssKeyUsagesToPkix(
PRUint32 nssKeyUsage,
PKIX_UInt32 *pPkixKeyUsage,
@ -176,17 +175,17 @@ typedef struct {
} SECCertUsageToEku;
const SECCertUsageToEku certUsageEkuStringMap[] = {
{certUsageSSLClient, ekuIndexSSLClient},
{certUsageSSLServer, ekuIndexSSLServer},
{certUsageSSLCA, ekuIndexSSLServer},
{certUsageEmailSigner, ekuIndexEmail},
{certUsageEmailRecipient, ekuIndexEmail},
{certUsageObjectSigner, ekuIndexCodeSigner},
{certUsageUserCertImport, ekuIndexUnknown},
{certUsageVerifyCA, ekuIndexUnknown},
{certUsageProtectedObjectSigner, ekuIndexUnknown},
{certUsageStatusResponder, ekuIndexStatusResponder},
{certUsageAnyCA, ekuIndexUnknown},
{ certUsageSSLClient, ekuIndexSSLClient },
{ certUsageSSLServer, ekuIndexSSLServer },
{ certUsageSSLCA, ekuIndexSSLServer },
{ certUsageEmailSigner, ekuIndexEmail },
{ certUsageEmailRecipient, ekuIndexEmail },
{ certUsageObjectSigner, ekuIndexCodeSigner },
{ certUsageUserCertImport, ekuIndexUnknown },
{ certUsageVerifyCA, ekuIndexUnknown },
{ certUsageProtectedObjectSigner, ekuIndexUnknown },
{ certUsageStatusResponder, ekuIndexStatusResponder },
{ certUsageAnyCA, ekuIndexUnknown },
};
/*
@ -218,7 +217,7 @@ const SECCertUsageToEku certUsageEkuStringMap[] = {
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error*
static PKIX_Error *
cert_NssCertificateUsageToPkixKUAndEKU(
CERTCertificate *cert,
SECCertUsage requiredCertUsage,
@ -240,7 +239,7 @@ cert_NssCertificateUsageToPkixKUAndEKU(
PKIX_List_Create(&ekuOidsList, plContext),
PKIX_LISTCREATEFAILED);
for (;i < PR_ARRAY_SIZE(certUsageEkuStringMap);i++) {
for (; i < PR_ARRAY_SIZE(certUsageEkuStringMap); i++) {
const SECCertUsageToEku *usageToEkuElem =
&certUsageEkuStringMap[i];
if (usageToEkuElem->certUsage == requiredCertUsage) {
@ -313,7 +312,7 @@ cleanup:
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error*
static PKIX_Error *
cert_ProcessingParamsSetKeyAndCertUsage(
PKIX_ProcessingParams *procParams,
SECCertUsage requiredCertUsage,
@ -322,7 +321,7 @@ cert_ProcessingParamsSetKeyAndCertUsage(
{
PKIX_CertSelector *certSelector = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext*)plContext;
PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext *)plContext;
PKIX_ENTER(CERTVFYPKIX, "cert_ProcessingParamsSetKeyAndCertUsage");
PKIX_NULLCHECK_TWO(procParams, nssContext);
@ -343,7 +342,6 @@ cert_ProcessingParamsSetKeyAndCertUsage(
&certSelParams, plContext),
PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
PKIX_CHECK(
PKIX_ComCertSelParams_SetKeyUsage(certSelParams, requiredKeyUsages,
plContext),
@ -398,7 +396,7 @@ cleanup:
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error*
static PKIX_Error *
cert_CreatePkixProcessingParams(
CERTCertificate *cert,
PRBool checkSig, /* not used yet. See bug 391476 */
@ -435,7 +433,7 @@ cert_CreatePkixProcessingParams(
/* Functions should be implemented in patch for 390532 */
PKIX_CHECK(
pkix_pl_NssContext_SetCertSignatureCheck(checkSig,
(PKIX_PL_NssContext*)plContext),
(PKIX_PL_NssContext *)plContext),
PKIX_NSSCONTEXTSETCERTSIGNCHECKFAILED);
#endif /* PKIX_NOTDEF */
@ -564,8 +562,8 @@ cert_CreatePkixProcessingParams(
methodFlags |= PKIX_REV_M_FORBID_NETWORK_FETCHING;
}
if (ocsp_FetchingFailureIsVerificationFailure()
&& !disableOCSPRemoteFetching) {
if (ocsp_FetchingFailureIsVerificationFailure() &&
!disableOCSPRemoteFetching) {
methodFlags |=
PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO;
}
@ -630,7 +628,7 @@ cleanup:
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error*
static PKIX_Error *
cert_PkixToNssCertsChain(
PKIX_List *pkixCertChain,
CERTCertList **pvalidChain,
@ -653,7 +651,7 @@ cert_PkixToNssCertsChain(
if (arena == NULL) {
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
validChain = (CERTCertList*)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
validChain = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
if (validChain == NULL) {
PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
}
@ -665,7 +663,7 @@ cert_PkixToNssCertsChain(
PKIX_List_GetLength(pkixCertChain, &length, plContext),
PKIX_LISTGETLENGTHFAILED);
for (i = 0; i < length; i++){
for (i = 0; i < length; i++) {
CERTCertListNode *node = NULL;
PKIX_CHECK(
@ -673,14 +671,14 @@ cert_PkixToNssCertsChain(
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(
PKIX_PL_Cert_GetCERTCertificate((PKIX_PL_Cert*)certItem, &nssCert,
PKIX_PL_Cert_GetCERTCertificate((PKIX_PL_Cert *)certItem, &nssCert,
plContext),
PKIX_CERTGETCERTCERTIFICATEFAILED);
node =
(CERTCertListNode *)PORT_ArenaZAlloc(validChain->arena,
sizeof(CERTCertListNode));
if ( node == NULL ) {
if (node == NULL) {
PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
}
@ -695,10 +693,11 @@ cert_PkixToNssCertsChain(
*pvalidChain = validChain;
cleanup:
if (PKIX_ERROR_RECEIVED){
if (PKIX_ERROR_RECEIVED) {
if (validChain) {
CERT_DestroyCertList(validChain);
} else if (arena) {
}
else if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
if (nssCert) {
@ -710,7 +709,6 @@ cleanup:
PKIX_RETURN(CERTVFYPKIX);
}
/*
* FUNCTION: cert_BuildAndValidateChain
* DESCRIPTION:
@ -738,7 +736,7 @@ cleanup:
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error*
static PKIX_Error *
cert_BuildAndValidateChain(
PKIX_ProcessingParams *procParams,
PKIX_BuildResult **pResult,
@ -758,7 +756,7 @@ cert_BuildAndValidateChain(
/* PKIX-XXX: need to test functionality of NBIO handling in libPkix.
* See bug 391180 */
PRInt32 filesReady = 0;
PRPollDesc *pollDesc = (PRPollDesc*)nbioContext;
PRPollDesc *pollDesc = (PRPollDesc *)nbioContext;
filesReady = PR_Poll(pollDesc, 1, PR_INTERVAL_NO_TIMEOUT);
if (filesReady <= 0) {
PKIX_ERROR(PKIX_PRPOLLRETBADFILENUM);
@ -782,7 +780,6 @@ cleanup:
PKIX_RETURN(CERTVFYPKIX);
}
/*
* FUNCTION: cert_PkixErrorToNssCode
* DESCRIPTION:
@ -823,7 +820,8 @@ cert_PkixErrorToNssCode(
while (errPtr) {
if (errPtr->plErr && !nssErr) {
nssErr = errPtr->plErr;
if (!pkixLog) break;
if (!pkixLog)
break;
}
if (pkixLog) {
#ifdef PKIX_ERROR_DESCRIPTION
@ -840,7 +838,8 @@ cert_PkixErrorToNssCode(
PORT_Assert(nssErr);
if (!nssErr) {
*pNssErr = SEC_ERROR_LIBPKIX_INTERNAL;
} else {
}
else {
*pNssErr = nssErr;
}
@ -899,7 +898,8 @@ cert_GetLogFromVerifyNode(
}
}
PKIX_RETURN(CERTVFYPKIX);
} else {
}
else {
PRUint32 i = 0;
PKIX_UInt32 length = 0;
@ -907,10 +907,10 @@ cert_GetLogFromVerifyNode(
PKIX_List_GetLength(children, &length, plContext),
PKIX_LISTGETLENGTHFAILED);
for (i = 0; i < length; i++){
for (i = 0; i < length; i++) {
PKIX_CHECK(
PKIX_List_GetItem(children, i, (PKIX_PL_Object**)&childNode,
PKIX_List_GetItem(children, i, (PKIX_PL_Object **)&childNode,
plContext),
PKIX_LISTGETITEMFAILED);
@ -968,7 +968,7 @@ cleanup:
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error*
static PKIX_Error *
cert_GetBuildResults(
PKIX_BuildResult *buildResult,
PKIX_VerifyNode *verifyNode,
@ -1138,14 +1138,15 @@ cert_VerifyCertChainPkix(
fnStackInvCountArr[0] = 0;
PKIX_Boolean abortOnLeak =
(PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
PKIX_FALSE : PKIX_TRUE;
PKIX_FALSE
: PKIX_TRUE;
runningLeakTest = PKIX_TRUE;
/* Prevent multi-threaded run of object leak test */
fnInvLocalCount = PR_ATOMIC_INCREMENT(&parallelFnInvocationCount);
PORT_Assert(fnInvLocalCount == 1);
do {
do {
rv = SECFailure;
plContext = NULL;
procParams = NULL;
@ -1163,7 +1164,7 @@ do {
error =
cert_CreatePkixProcessingParams(cert, checkSig, time, wincx,
PR_FALSE/*use arena*/,
PR_FALSE /*use arena*/,
requiredUsage == certUsageStatusResponder,
&procParams, &plContext);
if (error) {
@ -1193,7 +1194,7 @@ do {
}
rv = SECSuccess;
cleanup:
cleanup:
error = cert_GetBuildResults(result, verifyNode, error, log, NULL, NULL,
plContext);
if (error) {
@ -1212,7 +1213,8 @@ cleanup:
if (pkixLog && leakedObjNum) {
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
"Stack %s\n", memLeakLoopCount, errorFnStackString));
"Stack %s\n",
memLeakLoopCount, errorFnStackString));
}
PR_Free(errorFnStackString);
errorFnStackString = NULL;
@ -1220,7 +1222,7 @@ cleanup:
PORT_Assert(leakedObjNum == 0);
}
} while (errorGenerated);
} while (errorGenerated);
runningLeakTest = PKIX_FALSE;
PR_ATOMIC_DECREMENT(&parallelFnInvocationCount);
@ -1235,29 +1237,34 @@ cert_GetTargetCertConstraints(CERTCertificate *target, void *plContext)
{
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
PKIX_CertSelector *r= NULL;
PKIX_CertSelector *r = NULL;
PKIX_PL_Cert *eeCert = NULL;
PKIX_Error *error = NULL;
error = PKIX_PL_Cert_CreateFromCERTCertificate(target, &eeCert, plContext);
if (error != NULL) goto cleanup;
if (error != NULL)
goto cleanup;
error = PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext);
if (error != NULL) goto cleanup;
if (error != NULL)
goto cleanup;
error = PKIX_ComCertSelParams_Create(&certSelParams, plContext);
if (error != NULL) goto cleanup;
if (error != NULL)
goto cleanup;
error = PKIX_ComCertSelParams_SetCertificate(
certSelParams, eeCert, plContext);
if (error != NULL) goto cleanup;
if (error != NULL)
goto cleanup;
error = PKIX_CertSelector_SetCommonCertSelectorParams
(certSelector, certSelParams, plContext);
if (error != NULL) goto cleanup;
error = PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext);
if (error != NULL)
goto cleanup;
error = PKIX_PL_Object_IncRef((PKIX_PL_Object *)certSelector, plContext);
if (error == NULL) r = certSelector;
if (error == NULL)
r = certSelector;
cleanup:
if (certSelParams != NULL)
@ -1289,17 +1296,21 @@ cert_GetCertStores(void *plContext)
PKIX_Error *error = NULL;
error = PKIX_PL_Pk11CertStore_Create(&certStore, plContext);
if (error != NULL) goto cleanup;
if (error != NULL)
goto cleanup;
error = PKIX_List_Create(&certStores, plContext);
if (error != NULL) goto cleanup;
if (error != NULL)
goto cleanup;
error = PKIX_List_AppendItem( certStores,
error = PKIX_List_AppendItem(certStores,
(PKIX_PL_Object *)certStore, plContext);
if (error != NULL) goto cleanup;
if (error != NULL)
goto cleanup;
error = PKIX_PL_Object_IncRef((PKIX_PL_Object *)certStores, plContext);
if (error == NULL) r = certStores;
if (error == NULL)
r = certStores;
cleanup:
if (certStores != NULL)
@ -1319,7 +1330,6 @@ cleanup:
return r;
}
struct fake_PKIX_PL_CertStruct {
CERTCertificate *nssCert;
};
@ -1332,12 +1342,13 @@ cert_NSSCertFromPKIXCert(const PKIX_PL_Cert *pkix_cert)
{
struct fake_PKIX_PL_CertStruct *fcert = NULL;
fcert = (struct fake_PKIX_PL_CertStruct*)pkix_cert;
fcert = (struct fake_PKIX_PL_CertStruct *)pkix_cert;
return CERT_DupCertificate(fcert->nssCert);
}
PKIX_List *cert_PKIXMakeOIDList(const SECOidTag *oids, int oidCount, void *plContext)
PKIX_List *
cert_PKIXMakeOIDList(const SECOidTag *oids, int oidCount, void *plContext)
{
PKIX_List *r = NULL;
PKIX_List *policyList = NULL;
@ -1350,7 +1361,7 @@ PKIX_List *cert_PKIXMakeOIDList(const SECOidTag *oids, int oidCount, void *plCon
goto cleanup;
}
for (i=0; i<oidCount; i++) {
for (i = 0; i < oidCount; i++) {
error = PKIX_PL_OID_Create(oids[i], &policyOID, plContext);
if (error) {
goto cleanup;
@ -1365,10 +1376,12 @@ PKIX_List *cert_PKIXMakeOIDList(const SECOidTag *oids, int oidCount, void *plCon
}
error = PKIX_List_SetImmutable(policyList, plContext);
if (error != NULL) goto cleanup;
if (error != NULL)
goto cleanup;
error = PKIX_PL_Object_IncRef((PKIX_PL_Object *)policyList, plContext);
if (error == NULL) r = policyList;
if (error == NULL)
r = policyList;
cleanup:
if (policyOID != NULL) {
@ -1399,8 +1412,7 @@ cert_pkix_FindOutputParam(CERTValOutParam *params, const CERTValParamOutType t)
return NULL;
}
static PKIX_Error*
static PKIX_Error *
setRevocationMethod(PKIX_RevocationChecker *revChecker,
PKIX_ProcessingParams *procParams,
const CERTRevocationTests *revTest,
@ -1419,7 +1431,7 @@ setRevocationMethod(PKIX_RevocationChecker *revChecker,
}
if (revTest->preferred_methods) {
unsigned int i = 0;
for (;i < revTest->number_of_preferred_methods;i++) {
for (; i < revTest->number_of_preferred_methods; i++) {
if (revTest->preferred_methods[i] == certRevMethod)
break;
}
@ -1438,13 +1450,12 @@ setRevocationMethod(PKIX_RevocationChecker *revChecker,
return error;
}
SECStatus
cert_pkixSetParam(PKIX_ProcessingParams *procParams,
const CERTValInParam *param, void *plContext)
{
PKIX_Error * error = NULL;
SECStatus r=SECSuccess;
PKIX_Error *error = NULL;
SECStatus r = SECSuccess;
PKIX_PL_Date *date = NULL;
PKIX_List *policyOIDList = NULL;
PKIX_List *certListPkix = NULL;
@ -1472,7 +1483,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
}
policyOIDList = cert_PKIXMakeOIDList(param->value.array.oids,
param->value.arraySize,plContext);
param->value.arraySize, plContext);
if (policyOIDList == NULL) {
r = SECFailure;
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -1480,7 +1491,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
}
error = PKIX_ProcessingParams_SetInitialPolicies(
procParams,policyOIDList,plContext);
procParams, policyOIDList, plContext);
break;
case cert_pi_date:
@ -1490,7 +1501,8 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
errCode = SEC_ERROR_INVALID_TIME;
break;
}
} else {
}
else {
error = pkix_pl_Date_CreateFromPRTime(param->value.scalar.time,
&date, plContext);
if (error != NULL) {
@ -1505,8 +1517,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
}
break;
case cert_pi_revocationFlags:
{
case cert_pi_revocationFlags: {
PKIX_UInt32 leafIMFlags = 0;
PKIX_UInt32 chainIMFlags = 0;
PKIX_Boolean validatingResponderCert = PKIX_FALSE;
@ -1537,7 +1548,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
break;
}
if (((PKIX_PL_NssContext*)plContext)->certificateUsage &
if (((PKIX_PL_NssContext *)plContext)->certificateUsage &
certificateUsageStatusResponder) {
validatingResponderCert = PKIX_TRUE;
}
@ -1582,8 +1593,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
break;
}
}
break;
} break;
case cert_pi_trustAnchors:
certList = param->value.pointer.chain;
@ -1596,8 +1606,8 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
if (error != NULL) {
break;
}
for(node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
node = CERT_LIST_NEXT(node) ) {
for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
node = CERT_LIST_NEXT(node)) {
error = PKIX_PL_Cert_CreateFromCERTCertificate(node->cert,
&certPkix, plContext);
if (error) {
@ -1609,7 +1619,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
break;
}
error = PKIX_List_AppendItem(certListPkix,
(PKIX_PL_Object*)trustAnchor, plContext);
(PKIX_PL_Object *)trustAnchor, plContext);
if (error) {
break;
}
@ -1626,12 +1636,12 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
case cert_pi_useAIACertFetch:
error =
PKIX_ProcessingParams_SetUseAIAForCertFetching(procParams,
(PRBool)(param->value.scalar.b != 0),
(PRBool)(param->value.scalar.b !=
0),
plContext);
break;
case cert_pi_chainVerifyCallback:
{
case cert_pi_chainVerifyCallback: {
const CERTChainVerifyCallback *chainVerifyCallback =
param->value.pointer.chainVerifyCallback;
if (!chainVerifyCallback || !chainVerifyCallback->isChainValid) {
@ -1641,13 +1651,13 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
}
nssContext->chainVerifyCallback = *chainVerifyCallback;
}
break;
} break;
case cert_pi_useOnlyTrustAnchors:
error =
PKIX_ProcessingParams_SetUseOnlyTrustAnchors(procParams,
(PRBool)(param->value.scalar.b != 0),
(PRBool)(param->value.scalar.b !=
0),
plContext);
break;
@ -1682,7 +1692,6 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
}
return r;
}
void
@ -1717,185 +1726,166 @@ cert_pkixDestroyValOutParam(CERTValOutParam *params)
static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_LeafFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_FORBID_NETWORK_FETCHING
| CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
CERT_REV_M_TEST_USING_THIS_METHOD |
CERT_REV_M_FORBID_NETWORK_FETCHING |
CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
/* ocsp */
CERT_REV_M_TEST_USING_THIS_METHOD
};
static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_ChainFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_FORBID_NETWORK_FETCHING
| CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
CERT_REV_M_TEST_USING_THIS_METHOD |
CERT_REV_M_FORBID_NETWORK_FETCHING |
CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
/* ocsp */
0
};
static CERTRevocationMethodIndex
certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_Method_Preference = {
certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_Method_Preference = {
cert_revocation_method_crl
};
};
static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy = {
{
/* leafTests */
{ /* leafTests */
2,
certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_LeafFlags,
1,
&certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_Method_Preference,
0
},
{
/* chainTests */
0 },
{ /* chainTests */
2,
certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_ChainFlags,
0,
0,
0
}
0 }
};
extern const CERTRevocationFlags*
extern const CERTRevocationFlags *
CERT_GetClassicOCSPEnabledSoftFailurePolicy()
{
return &certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy;
}
static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_LeafFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_FORBID_NETWORK_FETCHING
| CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
CERT_REV_M_TEST_USING_THIS_METHOD |
CERT_REV_M_FORBID_NETWORK_FETCHING |
CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
/* ocsp */
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
CERT_REV_M_TEST_USING_THIS_METHOD |
CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
};
static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_ChainFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_FORBID_NETWORK_FETCHING
| CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
CERT_REV_M_TEST_USING_THIS_METHOD |
CERT_REV_M_FORBID_NETWORK_FETCHING |
CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
/* ocsp */
0
};
static CERTRevocationMethodIndex
certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_Method_Preference = {
certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_Method_Preference = {
cert_revocation_method_crl
};
};
static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy = {
{
/* leafTests */
{ /* leafTests */
2,
certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_LeafFlags,
1,
&certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_Method_Preference,
0
},
{
/* chainTests */
0 },
{ /* chainTests */
2,
certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_ChainFlags,
0,
0,
0
}
0 }
};
extern const CERTRevocationFlags*
extern const CERTRevocationFlags *
CERT_GetClassicOCSPEnabledHardFailurePolicy()
{
return &certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy;
}
static PRUint64 certRev_NSS_3_11_Ocsp_Disabled_Policy_LeafFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_FORBID_NETWORK_FETCHING
| CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
CERT_REV_M_TEST_USING_THIS_METHOD |
CERT_REV_M_FORBID_NETWORK_FETCHING |
CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
/* ocsp */
0
};
static PRUint64 certRev_NSS_3_11_Ocsp_Disabled_Policy_ChainFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_FORBID_NETWORK_FETCHING
| CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
CERT_REV_M_TEST_USING_THIS_METHOD |
CERT_REV_M_FORBID_NETWORK_FETCHING |
CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
/* ocsp */
0
};
static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Disabled_Policy = {
{
/* leafTests */
{ /* leafTests */
2,
certRev_NSS_3_11_Ocsp_Disabled_Policy_LeafFlags,
0,
0,
0
},
{
/* chainTests */
0 },
{ /* chainTests */
2,
certRev_NSS_3_11_Ocsp_Disabled_Policy_ChainFlags,
0,
0,
0
}
0 }
};
extern const CERTRevocationFlags*
extern const CERTRevocationFlags *
CERT_GetClassicOCSPDisabledPolicy()
{
return &certRev_NSS_3_11_Ocsp_Disabled_Policy;
}
static PRUint64 certRev_PKIX_Verify_Nist_Policy_LeafFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
| CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
CERT_REV_M_TEST_USING_THIS_METHOD |
CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO |
CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
/* ocsp */
0
};
static PRUint64 certRev_PKIX_Verify_Nist_Policy_ChainFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
| CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
CERT_REV_M_TEST_USING_THIS_METHOD |
CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO |
CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
/* ocsp */
0
};
static const CERTRevocationFlags certRev_PKIX_Verify_Nist_Policy = {
{
/* leafTests */
{ /* leafTests */
2,
certRev_PKIX_Verify_Nist_Policy_LeafFlags,
0,
0,
0
},
{
/* chainTests */
0 },
{ /* chainTests */
2,
certRev_PKIX_Verify_Nist_Policy_ChainFlags,
0,
0,
0
}
0 }
};
extern const CERTRevocationFlags*
extern const CERTRevocationFlags *
CERT_GetPKIXVerifyNistRevocationPolicy()
{
return &certRev_PKIX_Verify_Nist_Policy;
@ -1910,7 +1900,7 @@ CERT_AllocCERTRevocationFlags(
flags = PORT_New(CERTRevocationFlags);
if (!flags)
return(NULL);
return (NULL);
flags->leafTests.number_of_defined_methods = number_leaf_methods;
flags->leafTests.cert_rev_flags_per_method =
@ -1928,10 +1918,10 @@ CERT_AllocCERTRevocationFlags(
flags->chainTests.preferred_methods =
PORT_NewArray(CERTRevocationMethodIndex, number_chain_pref_methods);
if (!flags->leafTests.cert_rev_flags_per_method
|| !flags->leafTests.preferred_methods
|| !flags->chainTests.cert_rev_flags_per_method
|| !flags->chainTests.preferred_methods) {
if (!flags->leafTests.cert_rev_flags_per_method ||
!flags->leafTests.preferred_methods ||
!flags->chainTests.cert_rev_flags_per_method ||
!flags->chainTests.preferred_methods) {
CERT_DestroyCERTRevocationFlags(flags);
return (NULL);
}
@ -1939,7 +1929,8 @@ CERT_AllocCERTRevocationFlags(
return flags;
}
void CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags)
void
CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags)
{
if (!flags)
return;
@ -1984,7 +1975,8 @@ void CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags)
*
* CERT_PKIXVerifyCert(cert, &output, args
*/
SECStatus CERT_PKIXVerifyCert(
SECStatus
CERT_PKIXVerifyCert(
CERTCertificate *cert,
SECCertificateUsage usages,
CERTValInParam *paramsIn,
@ -1992,20 +1984,20 @@ SECStatus CERT_PKIXVerifyCert(
void *wincx)
{
SECStatus r = SECFailure;
PKIX_Error * error = NULL;
PKIX_Error *error = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_BuildResult * buildResult = NULL;
void * nbioContext = NULL; /* for non-blocking IO */
void * buildState = NULL; /* for non-blocking IO */
PKIX_CertSelector * certSelector = NULL;
PKIX_List * certStores = NULL;
PKIX_ValidateResult * valResult = NULL;
PKIX_VerifyNode * verifyNode = NULL;
PKIX_TrustAnchor * trustAnchor = NULL;
PKIX_PL_Cert * trustAnchorCert = NULL;
PKIX_List * builtCertList = NULL;
CERTValOutParam * oparam = NULL;
int i=0;
PKIX_BuildResult *buildResult = NULL;
void *nbioContext = NULL; /* for non-blocking IO */
void *buildState = NULL; /* for non-blocking IO */
PKIX_CertSelector *certSelector = NULL;
PKIX_List *certStores = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_VerifyNode *verifyNode = NULL;
PKIX_TrustAnchor *trustAnchor = NULL;
PKIX_PL_Cert *trustAnchorCert = NULL;
PKIX_List *builtCertList = NULL;
CERTValOutParam *oparam = NULL;
int i = 0;
void *plContext = NULL;
@ -2028,14 +2020,15 @@ SECStatus CERT_PKIXVerifyCert(
fnStackInvCountArr[0] = 0;
PKIX_Boolean abortOnLeak =
(PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
PKIX_FALSE : PKIX_TRUE;
PKIX_FALSE
: PKIX_TRUE;
runningLeakTest = PKIX_TRUE;
/* Prevent multi-threaded run of object leak test */
fnInvLocalCount = PR_ATOMIC_INCREMENT(&parallelFnInvocationCount);
PORT_Assert(fnInvLocalCount == 1);
do {
do {
r = SECFailure;
error = NULL;
procParams = NULL;
@ -2050,7 +2043,7 @@ do {
trustAnchorCert = NULL;
builtCertList = NULL;
oparam = NULL;
i=0;
i = 0;
errorGenerated = PKIX_FALSE;
stackPosition = 0;
@ -2085,22 +2078,22 @@ do {
if (certStores == NULL) {
goto cleanup;
}
error = PKIX_ProcessingParams_SetCertStores
(procParams, certStores, plContext);
error = PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext);
if (error != NULL) {
goto cleanup;
}
/* now process the extensible input parameters structure */
if (paramsIn != NULL) {
i=0;
i = 0;
while (paramsIn[i].type != cert_pi_end) {
if (paramsIn[i].type >= cert_pi_max) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto cleanup;
}
if (cert_pkixSetParam(procParams,
&paramsIn[i],plContext) != SECSuccess) {
&paramsIn[i], plContext) !=
SECSuccess) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto cleanup;
}
@ -2112,33 +2105,32 @@ do {
if (certSelector == NULL) {
goto cleanup;
}
error = PKIX_ProcessingParams_SetTargetCertConstraints
(procParams, certSelector, plContext);
error = PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext);
if (error != NULL) {
goto cleanup;
}
error = PKIX_BuildChain( procParams, &nbioContext,
error = PKIX_BuildChain(procParams, &nbioContext,
&buildState, &buildResult, &verifyNode,
plContext);
if (error != NULL) {
goto cleanup;
}
error = PKIX_BuildResult_GetValidateResult( buildResult, &valResult,
error = PKIX_BuildResult_GetValidateResult(buildResult, &valResult,
plContext);
if (error != NULL) {
goto cleanup;
}
error = PKIX_ValidateResult_GetTrustAnchor( valResult, &trustAnchor,
error = PKIX_ValidateResult_GetTrustAnchor(valResult, &trustAnchor,
plContext);
if (error != NULL) {
goto cleanup;
}
if (trustAnchor != NULL) {
error = PKIX_TrustAnchor_GetTrustedCert( trustAnchor, &trustAnchorCert,
error = PKIX_TrustAnchor_GetTrustedCert(trustAnchor, &trustAnchorCert,
plContext);
if (error != NULL) {
goto cleanup;
@ -2148,7 +2140,8 @@ do {
#ifdef PKIX_OBJECT_LEAK_TEST
/* Can not continue if error was generated but not returned.
* Jumping to cleanup. */
if (errorGenerated) goto cleanup;
if (errorGenerated)
goto cleanup;
#endif /* PKIX_OBJECT_LEAK_TEST */
oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_trustAnchor);
@ -2156,12 +2149,13 @@ do {
if (trustAnchorCert != NULL) {
oparam->value.pointer.cert =
cert_NSSCertFromPKIXCert(trustAnchorCert);
} else {
}
else {
oparam->value.pointer.cert = NULL;
}
}
error = PKIX_BuildResult_GetCertChain( buildResult, &builtCertList,
error = PKIX_BuildResult_GetCertChain(buildResult, &builtCertList,
plContext);
if (error != NULL) {
goto cleanup;
@ -2172,12 +2166,13 @@ do {
error = cert_PkixToNssCertsChain(builtCertList,
&oparam->value.pointer.chain,
plContext);
if (error) goto cleanup;
if (error)
goto cleanup;
}
r = SECSuccess;
cleanup:
cleanup:
if (verifyNode) {
/* Return validation log only upon error. */
oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_errorLog);
@ -2236,7 +2231,8 @@ cleanup:
if (pkixLog && leakedObjNum) {
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
"Stack %s\n", memLeakLoopCount, errorFnStackString));
"Stack %s\n",
memLeakLoopCount, errorFnStackString));
}
PR_Free(errorFnStackString);
errorFnStackString = NULL;
@ -2244,7 +2240,7 @@ cleanup:
PORT_Assert(leakedObjNum == 0);
}
} while (errorGenerated);
} while (errorGenerated);
runningLeakTest = PKIX_FALSE;
PR_ATOMIC_DECREMENT(&parallelFnInvocationCount);

64
security/nss/lib/certhigh/crlv2.c
Просмотреть файл

@ -17,17 +17,15 @@
SECStatus
CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value)
{
return (cert_FindExtensionByOID (crl->extensions, oid, value));
return (cert_FindExtensionByOID(crl->extensions, oid, value));
}
SECStatus
CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value)
{
return (cert_FindExtension (crl->extensions, tag, value));
return (cert_FindExtension(crl->extensions, tag, value));
}
/* Callback to set extensions and adjust verison */
static void
SetCrlExts(void *object, CERTCertExtension **exts)
@ -35,13 +33,13 @@ SetCrlExts(void *object, CERTCertExtension **exts)
CERTCrl *crl = (CERTCrl *)object;
crl->extensions = exts;
DER_SetUInteger (crl->arena, &crl->version, SEC_CRL_VERSION_2);
DER_SetUInteger(crl->arena, &crl->version, SEC_CRL_VERSION_2);
}
void *
CERT_StartCRLExtensions(CERTCrl *crl)
{
return (cert_StartExtensions ((void *)crl, crl->arena, SetCrlExts));
return (cert_StartExtensions((void *)crl, crl->arena, SetCrlExts));
}
static void
@ -55,10 +53,11 @@ SetCrlEntryExts(void *object, CERTCertExtension **exts)
void *
CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
{
return (cert_StartExtensions (entry, crl->arena, SetCrlEntryExts));
return (cert_StartExtensions(entry, crl->arena, SetCrlEntryExts));
}
SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
SECStatus
CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
SECItem *value)
{
SECItem encodedExtenValue;
@ -71,45 +70,48 @@ SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
rv = cert_FindExtension(crl->extensions, SEC_OID_X509_CRL_NUMBER,
&encodedExtenValue);
if ( rv != SECSuccess )
if (rv != SECSuccess)
return (rv);
mark = PORT_ArenaMark(arena);
tmpItem = SECITEM_ArenaDupItem(arena, &encodedExtenValue);
if (tmpItem) {
rv = SEC_QuickDERDecodeItem (arena, value,
rv = SEC_QuickDERDecodeItem(arena, value,
SEC_ASN1_GET(SEC_IntegerTemplate),
tmpItem);
} else {
}
else {
rv = SECFailure;
}
PORT_Free (encodedExtenValue.data);
PORT_Free(encodedExtenValue.data);
if (rv == SECFailure) {
PORT_ArenaRelease(arena, mark);
} else {
}
else {
PORT_ArenaUnmark(arena, mark);
}
return (rv);
}
SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
SECStatus
CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry,
CERTCRLEntryReasonCode *value)
{
SECItem wrapperItem = {siBuffer,0};
SECItem tmpItem = {siBuffer,0};
SECItem wrapperItem = { siBuffer, 0 };
SECItem tmpItem = { siBuffer, 0 };
SECStatus rv;
PLArenaPool *arena = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( ! arena ) {
return(SECFailure);
if (!arena) {
return (SECFailure);
}
rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE,
&wrapperItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
@ -117,44 +119,44 @@ SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
SEC_ASN1_GET(SEC_EnumeratedTemplate),
&wrapperItem);
if ( rv != SECSuccess ) {
if (rv != SECSuccess) {
goto loser;
}
*value = (CERTCRLEntryReasonCode) DER_GetInteger(&tmpItem);
*value = (CERTCRLEntryReasonCode)DER_GetInteger(&tmpItem);
loser:
if ( arena ) {
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
if ( wrapperItem.data ) {
if (wrapperItem.data) {
PORT_Free(wrapperItem.data);
}
return (rv);
}
SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, PRTime *value)
SECStatus
CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value)
{
SECItem encodedExtenValue;
SECItem decodedExtenValue = {siBuffer,0};
SECItem decodedExtenValue = { siBuffer, 0 };
SECStatus rv;
encodedExtenValue.data = decodedExtenValue.data = NULL;
encodedExtenValue.len = decodedExtenValue.len = 0;
rv = cert_FindExtension
(crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
if ( rv != SECSuccess )
rv = cert_FindExtension(crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
if (rv != SECSuccess)
return (rv);
rv = SEC_ASN1DecodeItem (NULL, &decodedExtenValue,
rv = SEC_ASN1DecodeItem(NULL, &decodedExtenValue,
SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
&encodedExtenValue);
if (rv == SECSuccess)
rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
PORT_Free (decodedExtenValue.data);
PORT_Free (encodedExtenValue.data);
PORT_Free(decodedExtenValue.data);
PORT_Free(encodedExtenValue.data);
return (rv);
}

497
security/nss/lib/certhigh/ocsp.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

23
security/nss/lib/certhigh/ocsp.h
Просмотреть файл

@ -9,7 +9,6 @@
#ifndef _OCSP_H_
#define _OCSP_H_
#include "plarena.h"
#include "seccomon.h"
#include "secoidt.h"
@ -17,7 +16,6 @@
#include "certt.h"
#include "ocspt.h"
/************************************************************************/
SEC_BEGIN_PROTOS
@ -447,7 +445,7 @@ CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert);
extern SECStatus
CERT_RegisterAlternateOCSPAIAInfoCallBack(
CERT_StringFromCertFcn newCallback,
CERT_StringFromCertFcn * oldCallback);
CERT_StringFromCertFcn *oldCallback);
/*
* FUNCTION: CERT_ParseURL
@ -622,7 +620,7 @@ CERT_GetOCSPResponseStatus(CERTOCSPResponse *response);
* should be freed by calling CERT_DestroyOCSPCertID when the
* certID is no longer necessary.
*/
extern CERTOCSPCertID*
extern CERTOCSPCertID *
CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time);
/*
@ -638,31 +636,30 @@ CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time);
* a call to CERT_CreateOCSPCertID.
*/
extern SECStatus
CERT_DestroyOCSPCertID(CERTOCSPCertID* certID);
CERT_DestroyOCSPCertID(CERTOCSPCertID *certID);
extern CERTOCSPSingleResponse*
extern CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseGood(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate);
extern CERTOCSPSingleResponse*
extern CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseUnknown(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate);
extern CERTOCSPSingleResponse*
extern CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseRevoked(
PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate,
PRTime revocationTime,
const CERTCRLEntryReasonCode* revocationReason);
const CERTCRLEntryReasonCode *revocationReason);
extern SECItem*
extern SECItem *
CERT_CreateEncodedOCSPSuccessResponse(
PLArenaPool *arena,
CERTCertificate *responderCert,
@ -703,7 +700,7 @@ CERT_CreateEncodedOCSPSuccessResponse(
* SEC_ERROR_INVALID_ARGS
* Other errors are low-level problems (no memory, bad database, etc.).
*/
extern SECItem*
extern SECItem *
CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error);
/* Sends an OCSP request using the HTTP POST method to the location addressed
@ -717,7 +714,7 @@ CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error);
* SEC_RegisterDefaultHttpClient then that client is used. Otherwise, an
* internal HTTP client is used.
*/
SECItem* CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
SECItem *CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
const SECItem *encodedRequest);
/************************************************************************/

4
security/nss/lib/certhigh/ocspi.h
Просмотреть файл

@ -41,7 +41,9 @@ cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
PRBool addServiceLocator,
CERTCertificate *signerCert);
typedef enum { ocspMissing, ocspFresh, ocspStale } OCSPFreshness;
typedef enum { ocspMissing,
ocspFresh,
ocspStale } OCSPFreshness;
SECStatus
ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,

75
security/nss/lib/certhigh/ocspsig.c
Просмотреть файл

@ -19,12 +19,11 @@
#include "ocspi.h"
#include "pk11pub.h"
extern const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[];
extern const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[];
extern const SEC_ASN1Template ocsp_OCSPResponseTemplate[];
ocspCertStatus*
ocspCertStatus *
ocsp_CreateCertStatus(PLArenaPool *arena,
ocspCertStatusType status,
PRTime revocationTime)
@ -72,7 +71,8 @@ ocsp_CreateCertStatus(PLArenaPool *arena,
return NULL;
if (DER_TimeToGeneralizedTimeArena(arena,
&cs->certStatusInfo.revokedInfo->revocationTime,
revocationTime) != SECSuccess)
revocationTime) !=
SECSuccess)
return NULL;
break;
default:
@ -93,7 +93,7 @@ static const SEC_ASN1Template ocsp_EncodeRevokedInfoTemplate[] = {
{ SEC_ASN1_GENERALIZED_TIME,
offsetof(ocspRevokedInfo, revocationTime) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC| 0,
SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
offsetof(ocspRevokedInfo, revocationReason),
mySEC_PointerToEnumeratedTemplate },
{ 0 }
@ -126,10 +126,10 @@ static const SEC_ASN1Template mySECOID_AlgorithmIDTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(SECAlgorithmID) },
{ SEC_ASN1_OBJECT_ID,
offsetof(SECAlgorithmID,algorithm), },
offsetof(SECAlgorithmID, algorithm) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
offsetof(SECAlgorithmID,parameters), },
{ 0, }
offsetof(SECAlgorithmID, parameters) },
{ 0 }
};
static const SEC_ASN1Template mySEC_AnyTemplate[] = {
@ -153,7 +153,7 @@ static const SEC_ASN1Template mySEC_PointerToIntegerTemplate[] = {
};
static const SEC_ASN1Template mySEC_GeneralizedTimeTemplate[] = {
{ SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem)}
{ SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
};
static const SEC_ASN1Template mySEC_PointerToGeneralizedTimeTemplate[] = {
@ -179,12 +179,12 @@ static const SEC_ASN1Template myCERT_CertExtensionTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTCertExtension) },
{ SEC_ASN1_OBJECT_ID,
offsetof(CERTCertExtension,id) },
offsetof(CERTCertExtension, id) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
offsetof(CERTCertExtension,critical) },
offsetof(CERTCertExtension, critical) },
{ SEC_ASN1_OCTET_STRING,
offsetof(CERTCertExtension,value) },
{ 0, }
offsetof(CERTCertExtension, value) },
{ 0 }
};
static const SEC_ASN1Template myCERT_SequenceOfCertExtensionTemplate[] = {
@ -237,7 +237,6 @@ static const SEC_ASN1Template ocsp_myResponseDataTemplate[] = {
{ 0 }
};
static const SEC_ASN1Template ocsp_EncodeBasicOCSPResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(ocspBasicOCSPResponse) },
@ -256,7 +255,7 @@ static const SEC_ASN1Template ocsp_EncodeBasicOCSPResponseTemplate[] = {
{ 0 }
};
static CERTOCSPSingleResponse*
static CERTOCSPSingleResponse *
ocsp_CreateSingleResponse(PLArenaPool *arena,
CERTOCSPCertID *id, ocspCertStatus *status,
PRTime thisUpdate, const PRTime *nextUpdate)
@ -274,20 +273,20 @@ ocsp_CreateSingleResponse(PLArenaPool *arena,
sr->arena = arena;
sr->certID = id;
sr->certStatus = status;
if (DER_TimeToGeneralizedTimeArena(arena, &sr->thisUpdate, thisUpdate)
!= SECSuccess)
if (DER_TimeToGeneralizedTimeArena(arena, &sr->thisUpdate, thisUpdate) !=
SECSuccess)
return NULL;
sr->nextUpdate = NULL;
if (nextUpdate) {
sr->nextUpdate = SECITEM_AllocItem(arena, NULL, 0);
if (!sr->nextUpdate)
return NULL;
if (DER_TimeToGeneralizedTimeArena(arena, sr->nextUpdate, *nextUpdate)
!= SECSuccess)
if (DER_TimeToGeneralizedTimeArena(arena, sr->nextUpdate, *nextUpdate) !=
SECSuccess)
return NULL;
}
sr->singleExtensions = PORT_ArenaNewArray(arena, CERTCertExtension*, 1);
sr->singleExtensions = PORT_ArenaNewArray(arena, CERTCertExtension *, 1);
if (!sr->singleExtensions)
return NULL;
@ -300,13 +299,13 @@ ocsp_CreateSingleResponse(PLArenaPool *arena,
return sr;
}
CERTOCSPSingleResponse*
CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseGood(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate)
{
ocspCertStatus * cs;
ocspCertStatus *cs;
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
@ -317,13 +316,13 @@ CERT_CreateOCSPSingleResponseGood(PLArenaPool *arena,
return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
}
CERTOCSPSingleResponse*
CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseUnknown(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate)
{
ocspCertStatus * cs;
ocspCertStatus *cs;
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
@ -334,16 +333,16 @@ CERT_CreateOCSPSingleResponseUnknown(PLArenaPool *arena,
return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
}
CERTOCSPSingleResponse*
CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseRevoked(
PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate,
PRTime revocationTime,
const CERTCRLEntryReasonCode* revocationReason)
const CERTCRLEntryReasonCode *revocationReason)
{
ocspCertStatus * cs;
ocspCertStatus *cs;
/* revocationReason is not yet supported, so it must be NULL. */
if (!arena || revocationReason) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -357,7 +356,7 @@ CERT_CreateOCSPSingleResponseRevoked(
/* responderCert == 0 means:
* create a response with an invalid signature (for testing purposes) */
SECItem*
SECItem *
CERT_CreateEncodedOCSPSuccessResponse(
PLArenaPool *arena,
CERTCertificate *responderCert,
@ -409,12 +408,12 @@ CERT_CreateEncodedOCSPSuccessResponse(
if (!response)
goto done;
rd->version.data=NULL;
rd->version.len=0;
rd->version.data = NULL;
rd->version.len = 0;
rd->responseExtensions = NULL;
rd->responses = responses;
if (DER_TimeToGeneralizedTimeArena(tmpArena, &rd->producedAt, producedAt)
!= SECSuccess)
if (DER_TimeToGeneralizedTimeArena(tmpArena, &rd->producedAt, producedAt) !=
SECSuccess)
goto done;
if (!responderCert) {
@ -445,7 +444,7 @@ CERT_CreateEncodedOCSPSuccessResponse(
ocsp_myResponseDataTemplate))
goto done;
br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem*, 1);
br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem *, 1);
if (!br->responseSignature.derCerts)
goto done;
br->responseSignature.derCerts[0] = NULL;
@ -487,7 +486,7 @@ CERT_CreateEncodedOCSPSuccessResponse(
ocsp_myResponseDataTemplate))
goto done;
br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem*, 1);
br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem *, 1);
if (!br->responseSignature.derCerts)
goto done;
br->responseSignature.derCerts[0] = NULL;
@ -502,8 +501,8 @@ CERT_CreateEncodedOCSPSuccessResponse(
if (SEC_SignData(&br->responseSignature.signature,
br->tbsResponseDataDER.data, br->tbsResponseDataDER.len,
privKey, algID)
!= SECSuccess)
privKey, algID) !=
SECSuccess)
goto done;
/* convert len-in-bytes to len-in-bits */
@ -513,8 +512,8 @@ CERT_CreateEncodedOCSPSuccessResponse(
* we must free it when done. */
}
if (SECOID_SetAlgorithmID(tmpArena, &br->responseSignature.signatureAlgorithm, algID, 0)
!= SECSuccess)
if (SECOID_SetAlgorithmID(tmpArena, &br->responseSignature.signatureAlgorithm, algID, 0) !=
SECSuccess)
goto done;
if (!SEC_ASN1EncodeItem(tmpArena, &rb->response, br,
@ -560,7 +559,7 @@ static const SEC_ASN1Template ocsp_OCSPErrorResponseTemplate[] = {
{ 0 }
};
SECItem*
SECItem *
CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error)
{
CERTOCSPResponse response;

4
security/nss/lib/certhigh/ocspt.h
Просмотреть файл

@ -46,8 +46,8 @@ typedef struct CERTOCSPSingleResponseStr CERTOCSPSingleResponse;
* dependent, and should be opaque to the user.
*/
typedef void * SEC_HTTP_SERVER_SESSION;
typedef void * SEC_HTTP_REQUEST_SESSION;
typedef void *SEC_HTTP_SERVER_SESSION;
typedef void *SEC_HTTP_REQUEST_SESSION;
/*
* This function creates a SEC_HTTP_SERVER_SESSION object. The implementer of a

5
security/nss/lib/certhigh/ocspti.h
Просмотреть файл

@ -16,7 +16,6 @@
#include "seccomon.h"
#include "secoidt.h"
/*
* Some notes about naming conventions...
*
@ -49,7 +48,6 @@
* way around (reference before definition).
*/
/*
* Forward-declarations of internal-only data structures.
*
@ -67,7 +65,6 @@ typedef struct ocspSingleRequestStr ocspSingleRequest;
typedef struct ocspSingleResponseStr ocspSingleResponse;
typedef struct ocspTBSRequestStr ocspTBSRequest;
/*
* An OCSPRequest; this is what is sent (encoded) to an OCSP responder.
*/
@ -269,7 +266,7 @@ struct ocspResponseDataStr {
};
struct ocspResponderIDStr {
CERTOCSPResponderIDType responderIDType;/* local; not part of encoding */
CERTOCSPResponderIDType responderIDType; /* local; not part of encoding */
union {
CERTName name; /* when ocspResponderID_byName */
SECItem keyHash; /* when ocspResponderID_byKey */

56
security/nss/lib/certhigh/xcrldist.c
Просмотреть файл

@ -12,18 +12,18 @@
SEC_ASN1_MKSUB(SEC_AnyTemplate)
SEC_ASN1_MKSUB(SEC_BitStringTemplate)
extern void PrepareBitStringForEncoding (SECItem *bitMap, SECItem *value);
extern void PrepareBitStringForEncoding(SECItem *bitMap, SECItem *value);
static const SEC_ASN1Template FullNameTemplate[] = {
{SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
offsetof (CRLDistributionPoint,derFullName),
CERT_GeneralNamesTemplate}
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
offsetof(CRLDistributionPoint, derFullName),
CERT_GeneralNamesTemplate }
};
static const SEC_ASN1Template RelativeNameTemplate[] = {
{SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
offsetof (CRLDistributionPoint,distPoint.relativeName),
CERT_RDNTemplate}
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
offsetof(CRLDistributionPoint, distPoint.relativeName),
CERT_RDNTemplate }
};
static const SEC_ASN1Template DistributionPointNameTemplate[] = {
@ -31,10 +31,10 @@ static const SEC_ASN1Template DistributionPointNameTemplate[] = {
offsetof(CRLDistributionPoint, distPointType), NULL,
sizeof(CRLDistributionPoint) },
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
offsetof (CRLDistributionPoint, derFullName),
offsetof(CRLDistributionPoint, derFullName),
CERT_GeneralNamesTemplate, generalName },
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
offsetof (CRLDistributionPoint, distPoint.relativeName),
offsetof(CRLDistributionPoint, distPoint.relativeName),
CERT_RDNTemplate, relativeDistinguishedName },
{ 0 }
};
@ -43,24 +43,24 @@ static const SEC_ASN1Template CRLDistributionPointTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRLDistributionPoint) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0,
offsetof(CRLDistributionPoint,derDistPoint),
SEC_ASN1_SUB(SEC_AnyTemplate)},
offsetof(CRLDistributionPoint, derDistPoint),
SEC_ASN1_SUB(SEC_AnyTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
offsetof(CRLDistributionPoint,bitsmap),
offsetof(CRLDistributionPoint, bitsmap),
SEC_ASN1_SUB(SEC_BitStringTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
SEC_ASN1_CONSTRUCTED | 2,
offsetof(CRLDistributionPoint, derCrlIssuer),
CERT_GeneralNamesTemplate},
CERT_GeneralNamesTemplate },
{ 0 }
};
const SEC_ASN1Template CERTCRLDistributionPointsTemplate[] = {
{SEC_ASN1_SEQUENCE_OF, 0, CRLDistributionPointTemplate}
{ SEC_ASN1_SEQUENCE_OF, 0, CRLDistributionPointTemplate }
};
SECStatus
CERT_EncodeCRLDistributionPoints (PLArenaPool *arena,
CERT_EncodeCRLDistributionPoints(PLArenaPool *arena,
CERTCrlDistributionPoints *value,
SECItem *derValue)
{
@ -68,11 +68,11 @@ CERT_EncodeCRLDistributionPoints (PLArenaPool *arena,
PLArenaPool *ourPool = NULL;
SECStatus rv = SECSuccess;
PORT_Assert (derValue);
PORT_Assert (value && value->distPoints);
PORT_Assert(derValue);
PORT_Assert(value && value->distPoints);
do {
ourPool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
ourPool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if (ourPool == NULL) {
rv = SECFailure;
break;
@ -86,11 +86,10 @@ CERT_EncodeCRLDistributionPoints (PLArenaPool *arena,
switch (point->distPointType) {
case generalName:
point->derFullName = cert_EncodeGeneralNames
(ourPool, point->distPoint.fullName);
point->derFullName = cert_EncodeGeneralNames(ourPool, point->distPoint.fullName);
if (!point->derFullName ||
!SEC_ASN1EncodeItem (ourPool, &point->derDistPoint,
!SEC_ASN1EncodeItem(ourPool, &point->derDistPoint,
point, FullNameTemplate))
rv = SECFailure;
break;
@ -102,7 +101,7 @@ CERT_EncodeCRLDistributionPoints (PLArenaPool *arena,
break;
default:
PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
rv = SECFailure;
break;
}
@ -111,11 +110,10 @@ CERT_EncodeCRLDistributionPoints (PLArenaPool *arena,
break;
if (point->reasons.data)
PrepareBitStringForEncoding (&point->bitsmap, &point->reasons);
PrepareBitStringForEncoding(&point->bitsmap, &point->reasons);
if (point->crlIssuer) {
point->derCrlIssuer = cert_EncodeGeneralNames
(ourPool, point->crlIssuer);
point->derCrlIssuer = cert_EncodeGeneralNames(ourPool, point->crlIssuer);
if (!point->derCrlIssuer) {
rv = SECFailure;
break;
@ -131,19 +129,19 @@ CERT_EncodeCRLDistributionPoints (PLArenaPool *arena,
break;
}
} while (0);
PORT_FreeArena (ourPool, PR_FALSE);
PORT_FreeArena(ourPool, PR_FALSE);
return rv;
}
CERTCrlDistributionPoints *
CERT_DecodeCRLDistributionPoints (PLArenaPool *arena, SECItem *encodedValue)
CERT_DecodeCRLDistributionPoints(PLArenaPool *arena, SECItem *encodedValue)
{
CERTCrlDistributionPoints *value = NULL;
CRLDistributionPoint **pointList, *point;
SECStatus rv = SECSuccess;
SECItem newEncodedValue;
PORT_Assert (arena);
PORT_Assert(arena);
do {
value = PORT_ArenaZNew(arena, CERTCrlDistributionPoints);
if (value == NULL) {
@ -183,7 +181,7 @@ CERT_DecodeCRLDistributionPoints (PLArenaPool *arena, SECItem *encodedValue)
break;
default:
PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
rv = SECFailure;
break;
} /* end switch */

2
security/nss/lib/ckfw/builtins/anchor.c
Просмотреть файл

@ -13,5 +13,5 @@
#include "builtins.h"
#define MODULE_NAME builtins
#define INSTANCE_NAME (NSSCKMDInstance *)&nss_builtins_mdInstance
#define INSTANCE_NAME (NSSCKMDInstance *) & nss_builtins_mdInstance
#include "nssck.api"

96
security/nss/lib/ckfw/builtins/bfind.c
Просмотреть файл

@ -21,8 +21,7 @@ struct builtinsFOStr {
};
static void
builtins_mdFindObjects_Final
(
builtins_mdFindObjects_Final(
NSSCKMDFindObjects *mdFindObjects,
NSSCKFWFindObjects *fwFindObjects,
NSSCKMDSession *mdSession,
@ -30,8 +29,7 @@ builtins_mdFindObjects_Final
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
NSSCKFWInstance *fwInstance)
{
struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
NSSArena *arena = fo->arena;
@ -47,8 +45,7 @@ builtins_mdFindObjects_Final
}
static NSSCKMDObject *
builtins_mdFindObjects_Next
(
builtins_mdFindObjects_Next(
NSSCKMDFindObjects *mdFindObjects,
NSSCKFWFindObjects *fwFindObjects,
NSSCKMDSession *mdSession,
@ -58,44 +55,44 @@ builtins_mdFindObjects_Next
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSArena *arena,
CK_RV *pError
)
CK_RV *pError)
{
struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
builtinsInternalObject *io;
if( fo->i == fo->n ) {
if (fo->i == fo->n) {
*pError = CKR_OK;
return (NSSCKMDObject *)NULL;
}
io = fo->objs[ fo->i ];
io = fo->objs[fo->i];
fo->i++;
return nss_builtins_CreateMDObject(arena, io, pError);
}
static int
builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) {
builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest)
{
unsigned char *start = src;
int len = 0;
if (*src ++ != 2) {
if (*src++ != 2) {
return 0;
}
len = *src++;
if (len & 0x80) {
int count = len & 0x7f;
len =0;
len = 0;
if (count+2 > size) {
if (count + 2 > size) {
return 0;
}
while (count-- > 0) {
len = (len << 8) | *src++;
}
}
if (len + (src-start) != size) {
if (len + (src - start) != size) {
return 0;
}
*dest = src;
@ -103,21 +100,19 @@ builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) {
}
static CK_BBOOL
builtins_attrmatch
(
builtins_attrmatch(
CK_ATTRIBUTE_PTR a,
const NSSItem *b
)
const NSSItem *b)
{
PRBool prb;
if( a->ulValueLen != b->size ) {
if (a->ulValueLen != b->size) {
/* match a decoded serial number */
if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
int len;
unsigned char *data = NULL;
len = builtins_derUnwrapInt(b->data,b->size,&data);
len = builtins_derUnwrapInt(b->data, b->size, &data);
if (data &&
(len == a->ulValueLen) &&
nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
@ -129,38 +124,37 @@ builtins_attrmatch
prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
if( PR_TRUE == prb ) {
if (PR_TRUE == prb) {
return CK_TRUE;
} else {
}
else {
return CK_FALSE;
}
}
static CK_BBOOL
builtins_match
(
builtins_match(
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
builtinsInternalObject *o
)
builtinsInternalObject *o)
{
CK_ULONG i;
for( i = 0; i < ulAttributeCount; i++ ) {
for (i = 0; i < ulAttributeCount; i++) {
CK_ULONG j;
for( j = 0; j < o->n; j++ ) {
if( o->types[j] == pTemplate[i].type ) {
if( CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j]) ) {
for (j = 0; j < o->n; j++) {
if (o->types[j] == pTemplate[i].type) {
if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) {
return CK_FALSE;
} else {
}
else {
break;
}
}
}
if( j == o->n ) {
if (j == o->n) {
/* Loop ran to the end: no matching attribute */
return CK_FALSE;
}
@ -171,43 +165,41 @@ builtins_match
}
NSS_IMPLEMENT NSSCKMDFindObjects *
nss_builtins_FindObjectsInit
(
nss_builtins_FindObjectsInit(
NSSCKFWSession *fwSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
CK_RV *pError)
{
/* This could be made more efficient. I'm rather rushed. */
NSSArena *arena;
NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
/*
/*
* 99% of the time we get 0 or 1 matches. So we start with a small
* stack-allocated array to hold the matches and switch to a heap-allocated
* array later if the number of matches exceeds STACK_BUF_LENGTH.
*/
#define STACK_BUF_LENGTH 1
#define STACK_BUF_LENGTH 1
builtinsInternalObject *stackTemp[STACK_BUF_LENGTH];
builtinsInternalObject **temp = stackTemp;
PRBool tempIsHeapAllocated = PR_FALSE;
PRUint32 i;
arena = NSSArena_Create();
if( (NSSArena *)NULL == arena ) {
if ((NSSArena *)NULL == arena) {
goto loser;
}
rv = nss_ZNEW(arena, NSSCKMDFindObjects);
if( (NSSCKMDFindObjects *)NULL == rv ) {
if ((NSSCKMDFindObjects *)NULL == rv) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
fo = nss_ZNEW(arena, struct builtinsFOStr);
if( (struct builtinsFOStr *)NULL == fo ) {
if ((struct builtinsFOStr *)NULL == fo) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
@ -220,17 +212,18 @@ nss_builtins_FindObjectsInit
rv->Next = builtins_mdFindObjects_Next;
rv->null = (void *)NULL;
for( i = 0; i < nss_builtins_nObjects; i++ ) {
for (i = 0; i < nss_builtins_nObjects; i++) {
builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
if( CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o) ) {
if( fo->n == STACK_BUF_LENGTH ) {
if (CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o)) {
if (fo->n == STACK_BUF_LENGTH) {
/* Switch from the small stack array to a heap-allocated array large
* enough to handle matches in all remaining cases. */
temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
fo->n + nss_builtins_nObjects - i);
if( (builtinsInternalObject **)NULL == temp ) {
*pError = CKR_HOST_MEMORY;
if ((builtinsInternalObject **)NULL == temp) {
*pError =
CKR_HOST_MEMORY;
goto loser;
}
tempIsHeapAllocated = PR_TRUE;
@ -238,13 +231,13 @@ nss_builtins_FindObjectsInit
sizeof(builtinsInternalObject *) * fo->n);
}
temp[ fo->n ] = o;
temp[fo->n] = o;
fo->n++;
}
}
fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n);
if( (builtinsInternalObject **)NULL == fo->objs ) {
if ((builtinsInternalObject **)NULL == fo->objs) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
@ -257,7 +250,7 @@ nss_builtins_FindObjectsInit
return rv;
loser:
loser:
if (tempIsHeapAllocated) {
nss_ZFreeIf(temp);
}
@ -268,4 +261,3 @@ nss_builtins_FindObjectsInit
}
return (NSSCKMDFindObjects *)NULL;
}

40
security/nss/lib/ckfw/builtins/binst.c
Просмотреть файл

@ -16,54 +16,44 @@
*/
static CK_ULONG
builtins_mdInstance_GetNSlots
(
builtins_mdInstance_GetNSlots(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
CK_RV *pError)
{
return (CK_ULONG)1;
}
static CK_VERSION
builtins_mdInstance_GetCryptokiVersion
(
builtins_mdInstance_GetCryptokiVersion(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
NSSCKFWInstance *fwInstance)
{
return nss_builtins_CryptokiVersion;
}
static NSSUTF8 *
builtins_mdInstance_GetManufacturerID
(
builtins_mdInstance_GetManufacturerID(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
CK_RV *pError)
{
return (NSSUTF8 *)nss_builtins_ManufacturerID;
}
static NSSUTF8 *
builtins_mdInstance_GetLibraryDescription
(
builtins_mdInstance_GetLibraryDescription(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
CK_RV *pError)
{
return (NSSUTF8 *)nss_builtins_LibraryDescription;
}
static CK_VERSION
builtins_mdInstance_GetLibraryVersion
(
builtins_mdInstance_GetLibraryVersion(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
NSSCKFWInstance *fwInstance)
{
#define NSS_VERSION_VARIABLE __nss_builtins_version
#include "verref.h"
@ -71,19 +61,17 @@ builtins_mdInstance_GetLibraryVersion
}
static CK_RV
builtins_mdInstance_GetSlots
(
builtins_mdInstance_GetSlots(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
NSSCKMDSlot *slots[]
)
NSSCKMDSlot *slots[])
{
slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot;
return CKR_OK;
}
const NSSCKMDInstance
nss_builtins_mdInstance = {
nss_builtins_mdInstance = {
(void *)NULL, /* etc */
NULL, /* Initialize */
NULL, /* Finalize */
@ -96,4 +84,4 @@ nss_builtins_mdInstance = {
builtins_mdInstance_GetSlots,
NULL, /* WaitForSlotEvent */
(void *)NULL /* null terminator */
};
};

74
security/nss/lib/ckfw/builtins/bobject.c
Просмотреть файл

@ -24,8 +24,7 @@
*/
static CK_RV
builtins_mdObject_Destroy
(
builtins_mdObject_Destroy(
NSSCKMDObject *mdObject,
NSSCKFWObject *fwObject,
NSSCKMDSession *mdSession,
@ -33,15 +32,13 @@ builtins_mdObject_Destroy
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
NSSCKFWInstance *fwInstance)
{
return CKR_SESSION_READ_ONLY;
}
static CK_BBOOL
builtins_mdObject_IsTokenObject
(
builtins_mdObject_IsTokenObject(
NSSCKMDObject *mdObject,
NSSCKFWObject *fwObject,
NSSCKMDSession *mdSession,
@ -49,15 +46,13 @@ builtins_mdObject_IsTokenObject
NSSCKMDToken *mdToken,
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
NSSCKFWInstance *fwInstance)
{
return CK_TRUE;
}
static CK_ULONG
builtins_mdObject_GetAttributeCount
(
builtins_mdObject_GetAttributeCount(
NSSCKMDObject *mdObject,
NSSCKFWObject *fwObject,
NSSCKMDSession *mdSession,
@ -66,16 +61,14 @@ builtins_mdObject_GetAttributeCount
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
CK_RV *pError)
{
builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
return io->n;
}
static CK_RV
builtins_mdObject_GetAttributeTypes
(
builtins_mdObject_GetAttributeTypes(
NSSCKMDObject *mdObject,
NSSCKFWObject *fwObject,
NSSCKMDSession *mdSession,
@ -85,17 +78,16 @@ builtins_mdObject_GetAttributeTypes
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_ATTRIBUTE_TYPE_PTR typeArray,
CK_ULONG ulCount
)
CK_ULONG ulCount)
{
builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
CK_ULONG i;
if( io->n != ulCount ) {
if (io->n != ulCount) {
return CKR_BUFFER_TOO_SMALL;
}
for( i = 0; i < io->n; i++ ) {
for (i = 0; i < io->n; i++) {
typeArray[i] = io->types[i];
}
@ -103,8 +95,7 @@ builtins_mdObject_GetAttributeTypes
}
static CK_ULONG
builtins_mdObject_GetAttributeSize
(
builtins_mdObject_GetAttributeSize(
NSSCKMDObject *mdObject,
NSSCKFWObject *fwObject,
NSSCKMDSession *mdSession,
@ -114,14 +105,13 @@ builtins_mdObject_GetAttributeSize
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_ATTRIBUTE_TYPE attribute,
CK_RV *pError
)
CK_RV *pError)
{
builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
CK_ULONG i;
for( i = 0; i < io->n; i++ ) {
if( attribute == io->types[i] ) {
for (i = 0; i < io->n; i++) {
if (attribute == io->types[i]) {
return (CK_ULONG)(io->items[i].size);
}
}
@ -131,8 +121,7 @@ builtins_mdObject_GetAttributeSize
}
static NSSCKFWItem
builtins_mdObject_GetAttribute
(
builtins_mdObject_GetAttribute(
NSSCKMDObject *mdObject,
NSSCKFWObject *fwObject,
NSSCKMDSession *mdSession,
@ -142,19 +131,18 @@ builtins_mdObject_GetAttribute
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_ATTRIBUTE_TYPE attribute,
CK_RV *pError
)
CK_RV *pError)
{
NSSCKFWItem mdItem;
builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
CK_ULONG i;
mdItem.needsFreeing = PR_FALSE;
mdItem.item = (NSSItem*) NULL;
mdItem.item = (NSSItem *)NULL;
for( i = 0; i < io->n; i++ ) {
if( attribute == io->types[i] ) {
mdItem.item = (NSSItem*) &io->items[i];
for (i = 0; i < io->n; i++) {
if (attribute == io->types[i]) {
mdItem.item = (NSSItem *)&io->items[i];
return mdItem;
}
}
@ -164,8 +152,7 @@ builtins_mdObject_GetAttribute
}
static CK_ULONG
builtins_mdObject_GetObjectSize
(
builtins_mdObject_GetObjectSize(
NSSCKMDObject *mdObject,
NSSCKFWObject *fwObject,
NSSCKMDSession *mdSession,
@ -174,14 +161,13 @@ builtins_mdObject_GetObjectSize
NSSCKFWToken *fwToken,
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
CK_RV *pError
)
CK_RV *pError)
{
builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
CK_ULONG i;
CK_ULONG rv = sizeof(CK_ULONG);
for( i = 0; i < io->n; i++ ) {
for (i = 0; i < io->n; i++) {
rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size;
}
@ -189,7 +175,7 @@ builtins_mdObject_GetObjectSize
}
static const NSSCKMDObject
builtins_prototype_mdObject = {
builtins_prototype_mdObject = {
(void *)NULL, /* etc */
NULL, /* Finalize */
builtins_mdObject_Destroy,
@ -202,18 +188,16 @@ builtins_prototype_mdObject = {
NULL, /* SetAttribute */
builtins_mdObject_GetObjectSize,
(void *)NULL /* null terminator */
};
};
NSS_IMPLEMENT NSSCKMDObject *
nss_builtins_CreateMDObject
(
nss_builtins_CreateMDObject(
NSSArena *arena,
builtinsInternalObject *io,
CK_RV *pError
)
CK_RV *pError)
{
if ( (void*)NULL == io->mdObject.etc) {
(void) nsslibc_memcpy(&io->mdObject,&builtins_prototype_mdObject,
if ((void *)NULL == io->mdObject.etc) {
(void)nsslibc_memcpy(&io->mdObject, &builtins_prototype_mdObject,
sizeof(builtins_prototype_mdObject));
io->mdObject.etc = (void *)io;
}

16
security/nss/lib/ckfw/builtins/bsession.c
Просмотреть файл

@ -12,8 +12,7 @@
*/
static NSSCKMDFindObjects *
builtins_mdSession_FindObjectsInit
(
builtins_mdSession_FindObjectsInit(
NSSCKMDSession *mdSession,
NSSCKFWSession *fwSession,
NSSCKMDToken *mdToken,
@ -22,29 +21,26 @@ builtins_mdSession_FindObjectsInit
NSSCKFWInstance *fwInstance,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_RV *pError
)
CK_RV *pError)
{
return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
}
NSS_IMPLEMENT NSSCKMDSession *
nss_builtins_CreateSession
(
nss_builtins_CreateSession(
NSSCKFWSession *fwSession,
CK_RV *pError
)
CK_RV *pError)
{
NSSArena *arena;
NSSCKMDSession *rv;
arena = NSSCKFWSession_GetArena(fwSession, pError);
if( (NSSArena *)NULL == arena ) {
if ((NSSArena *)NULL == arena) {
return (NSSCKMDSession *)NULL;
}
rv = nss_ZNEW(arena, NSSCKMDSession);
if( (NSSCKMDSession *)NULL == rv ) {
if ((NSSCKMDSession *)NULL == rv) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDSession *)NULL;
}

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше