mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fix for bug 178894 . Quick decoder updates for lib/certdb and lib/certhigh . r=nelson .

This commit is contained in:
julien.pierre.bugs%sun.com 2006-08-07 19:09:41 +00:00
Родитель ac906a0465
Коммит ea2ed3465f
7 изменённых файлов: 142 добавлений и 63 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

11
security/nss/lib/certdb/cert.h
Просмотреть файл

@ -37,7 +37,7 @@
/* /*
* cert.h - public data structures and prototypes for the certificate library * cert.h - public data structures and prototypes for the certificate library
* *
* $Id: cert.h,v 1.53 2005-03-09 23:02:47 neil.williams%sun.com Exp $ * $Id: cert.h,v 1.54 2006-08-07 19:09:41 julien.pierre.bugs%sun.com Exp $
*/ */
#ifndef _CERT_H_ #ifndef _CERT_H_
@ -348,7 +348,7 @@ CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
PRArenaPool *arena); PRArenaPool *arena);
extern CERTGeneralName * extern CERTGeneralName *
CERT_DecodeGeneralName(PRArenaPool *arena, SECItem *encodedName, CERT_DecodeGeneralName(PRArenaPool *reqArena, SECItem *encodedName,
CERTGeneralName *genName); CERTGeneralName *genName);
@ -360,7 +360,8 @@ CERT_DecodeGeneralName(PRArenaPool *arena, SECItem *encodedName,
** "derCert" the DER encoded certificate ** "derCert" the DER encoded certificate
** "key" the returned key ** "key" the returned key
*/ */
extern SECStatus CERT_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key); extern SECStatus CERT_KeyFromDERCert(PRArenaPool *reqArena, SECItem *derCert,
SECItem *key);
extern SECStatus CERT_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, extern SECStatus CERT_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer,
SECItem *sn, SECItem *key); SECItem *sn, SECItem *key);
@ -1148,7 +1149,7 @@ CERTUserNotice *
CERT_DecodeUserNotice(SECItem *noticeItem); CERT_DecodeUserNotice(SECItem *noticeItem);
extern CERTGeneralName * extern CERTGeneralName *
CERT_DecodeAltNameExtension(PRArenaPool *arena, SECItem *EncodedAltName); CERT_DecodeAltNameExtension(PRArenaPool *reqArena, SECItem *EncodedAltName);
extern CERTNameConstraints * extern CERTNameConstraints *
CERT_DecodeNameConstraintsExtension(PRArenaPool *arena, CERT_DecodeNameConstraintsExtension(PRArenaPool *arena,
@ -1156,7 +1157,7 @@ CERT_DecodeNameConstraintsExtension(PRArenaPool *arena,
/* returns addr of a NULL termainated array of pointers to CERTAuthInfoAccess */ /* returns addr of a NULL termainated array of pointers to CERTAuthInfoAccess */
extern CERTAuthInfoAccess ** extern CERTAuthInfoAccess **
CERT_DecodeAuthInfoAccessExtension(PRArenaPool *arena, CERT_DecodeAuthInfoAccessExtension(PRArenaPool *reqArena,
SECItem *encodedExtension); SECItem *encodedExtension);
extern CERTPrivKeyUsagePeriod * extern CERTPrivKeyUsagePeriod *

17
security/nss/lib/certdb/certdb.c
Просмотреть файл

@ -38,7 +38,7 @@
/* /*
* Certificate handling code * Certificate handling code
* *
* $Id: certdb.c,v 1.77 2006-02-16 00:06:23 julien.pierre.bugs%sun.com Exp $ * $Id: certdb.c,v 1.78 2006-08-07 19:09:41 julien.pierre.bugs%sun.com Exp $
*/ */
#include "nssilock.h" #include "nssilock.h"
@ -390,27 +390,34 @@ loser:
* DER certificate. * DER certificate.
*/ */
SECStatus SECStatus
CERT_KeyFromDERCert(PRArenaPool *arena, SECItem *derCert, SECItem *key) CERT_KeyFromDERCert(PRArenaPool *reqArena, SECItem *derCert, SECItem *key)
{ {
int rv; int rv;
CERTSignedData sd; CERTSignedData sd;
CERTCertKey certkey; CERTCertKey certkey;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
PORT_Memset(&sd, 0, sizeof(CERTSignedData)); PORT_Memset(&sd, 0, sizeof(CERTSignedData));
rv = SEC_ASN1DecodeItem(arena, &sd, CERT_SignedDataTemplate, derCert); rv = SEC_QuickDERDecodeItem(reqArena, &sd, CERT_SignedDataTemplate,
derCert);
if ( rv ) { if ( rv ) {
goto loser; goto loser;
} }
PORT_Memset(&certkey, 0, sizeof(CERTCertKey)); PORT_Memset(&certkey, 0, sizeof(CERTCertKey));
rv = SEC_ASN1DecodeItem(arena, &certkey, CERT_CertKeyTemplate, &sd.data); rv = SEC_QuickDERDecodeItem(reqArena, &certkey, CERT_CertKeyTemplate,
&sd.data);
if ( rv ) { if ( rv ) {
goto loser; goto loser;
} }
return(CERT_KeyFromIssuerAndSN(arena, &certkey.derIssuer, return(CERT_KeyFromIssuerAndSN(reqArena, &certkey.derIssuer,
&certkey.serialNumber, key)); &certkey.serialNumber, key));
loser: loser:
return(SECFailure); return(SECFailure);

33
security/nss/lib/certdb/crl.c
Просмотреть файл

@ -37,7 +37,7 @@
/* /*
* Moved from secpkcs7.c * Moved from secpkcs7.c
* *
* $Id: crl.c,v 1.52 2006-05-31 01:57:55 julien.pierre.bugs%sun.com Exp $ * $Id: crl.c,v 1.53 2006-08-07 19:09:41 julien.pierre.bugs%sun.com Exp $
*/ */
#include "cert.h" #include "cert.h"
@ -381,23 +381,32 @@ CERT_KeyFromDERCrl(PRArenaPool *arena, SECItem *derCrl, SECItem *key)
SECStatus rv; SECStatus rv;
CERTSignedData sd; CERTSignedData sd;
CERTCrlKey crlkey; CERTCrlKey crlkey;
PRArenaPool* myArena;
if (!arena) {
/* arena needed for QuickDER */
myArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
} else {
myArena = arena;
}
PORT_Memset (&sd, 0, sizeof (sd)); PORT_Memset (&sd, 0, sizeof (sd));
rv = SEC_ASN1DecodeItem (arena, &sd, CERT_SignedDataTemplate, derCrl); rv = SEC_QuickDERDecodeItem (myArena, &sd, CERT_SignedDataTemplate, derCrl);
if (rv != SECSuccess) { if (SECSuccess == rv) {
return rv;
}
PORT_Memset (&crlkey, 0, sizeof (crlkey)); PORT_Memset (&crlkey, 0, sizeof (crlkey));
rv = SEC_ASN1DecodeItem(arena, &crlkey, cert_CrlKeyTemplate, &sd.data); rv = SEC_QuickDERDecodeItem(myArena, &crlkey, cert_CrlKeyTemplate, &sd.data);
if (rv != SECSuccess) {
return rv;
} }
key->len = crlkey.derName.len; /* make a copy so the data doesn't point to memory inside derCrl, which
key->data = crlkey.derName.data; may be temporary */
if (SECSuccess == rv) {
rv = SECITEM_CopyItem(arena, key, &crlkey.derName);
}
return(SECSuccess); if (myArena != arena) {
PORT_FreeArena(myArena, PR_FALSE);
}
return rv;
} }
#define GetOpaqueCRLFields(x) ((OpaqueCRLFields*)x->opaque) #define GetOpaqueCRLFields(x) ((OpaqueCRLFields*)x->opaque)

77
security/nss/lib/certdb/genname.c
Просмотреть файл

@ -413,25 +413,36 @@ loser:
} }
CERTGeneralName * CERTGeneralName *
CERT_DecodeGeneralName(PRArenaPool *arena, CERT_DecodeGeneralName(PRArenaPool *reqArena,
SECItem *encodedName, SECItem *encodedName,
CERTGeneralName *genName) CERTGeneralName *genName)
{ {
const SEC_ASN1Template * template; const SEC_ASN1Template * template;
CERTGeneralNameType genNameType; CERTGeneralNameType genNameType;
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
SECItem* newEncodedName;
PORT_Assert(arena); if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
/* make a copy for decoding so the data decoded with QuickDER doesn't
point to temporary memory */
newEncodedName = SECITEM_ArenaDupItem(reqArena, encodedName);
if (!newEncodedName) {
return NULL;
}
/* TODO: mark arena */ /* TODO: mark arena */
genNameType = (CERTGeneralNameType)((*(encodedName->data) & 0x0f) + 1); genNameType = (CERTGeneralNameType)((*(newEncodedName->data) & 0x0f) + 1);
if (genName == NULL) { if (genName == NULL) {
genName = cert_NewGeneralName(arena, genNameType); genName = cert_NewGeneralName(reqArena, genNameType);
if (!genName) if (!genName)
goto loser; goto loser;
} else { } else {
genName->type = genNameType; genName->type = genNameType;
genName->l.prev = genName->l.next = &genName->l; genName->l.prev = genName->l.next = &genName->l;
} }
switch (genNameType) { switch (genNameType) {
case certURI: template = CERT_URITemplate; break; case certURI: template = CERT_URITemplate; break;
case certRFC822Name: template = CERT_RFC822NameTemplate; break; case certRFC822Name: template = CERT_RFC822NameTemplate; break;
@ -445,11 +456,11 @@ CERT_DecodeGeneralName(PRArenaPool *arena,
default: default:
goto loser; goto loser;
} }
rv = SEC_ASN1DecodeItem(arena, genName, template, encodedName); rv = SEC_QuickDERDecodeItem(reqArena, genName, template, newEncodedName);
if (rv != SECSuccess) if (rv != SECSuccess)
goto loser; goto loser;
if (genNameType == certDirectoryName) { if (genNameType == certDirectoryName) {
rv = SEC_ASN1DecodeItem(arena, &(genName->name.directoryName), rv = SEC_QuickDERDecodeItem(reqArena, &(genName->name.directoryName),
CERT_NameTemplate, CERT_NameTemplate,
&(genName->derDirectoryName)); &(genName->derDirectoryName));
if (rv != SECSuccess) if (rv != SECSuccess)
@ -624,24 +635,33 @@ loser:
CERTNameConstraint * CERTNameConstraint *
cert_DecodeNameConstraint(PRArenaPool *arena, cert_DecodeNameConstraint(PRArenaPool *reqArena,
SECItem *encodedConstraint) SECItem *encodedConstraint)
{ {
CERTNameConstraint *constraint; CERTNameConstraint *constraint;
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
CERTGeneralName *temp; CERTGeneralName *temp;
SECItem* newEncodedConstraint;
PORT_Assert(arena); if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
newEncodedConstraint = SECITEM_ArenaDupItem(reqArena, encodedConstraint);
if (!newEncodedConstraint) {
return NULL;
}
/* TODO: mark arena */ /* TODO: mark arena */
constraint = PORT_ArenaZNew(arena, CERTNameConstraint); constraint = PORT_ArenaZNew(reqArena, CERTNameConstraint);
if (!constraint) if (!constraint)
goto loser; goto loser;
rv = SEC_ASN1DecodeItem(arena, constraint, CERTNameConstraintTemplate, rv = SEC_QuickDERDecodeItem(reqArena, constraint,
encodedConstraint); CERTNameConstraintTemplate,
newEncodedConstraint);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto loser; goto loser;
} }
temp = CERT_DecodeGeneralName(arena, &(constraint->DERName), temp = CERT_DecodeGeneralName(reqArena, &(constraint->DERName),
&(constraint->name)); &(constraint->name));
if (temp != &(constraint->name)) { if (temp != &(constraint->name)) {
goto loser; goto loser;
@ -693,28 +713,36 @@ loser:
} }
CERTNameConstraints * CERTNameConstraints *
cert_DecodeNameConstraints(PRArenaPool *arena, cert_DecodeNameConstraints(PRArenaPool *reqArena,
SECItem *encodedConstraints) SECItem *encodedConstraints)
{ {
CERTNameConstraints *constraints; CERTNameConstraints *constraints;
SECStatus rv; SECStatus rv;
SECItem* newEncodedConstraints;
PORT_Assert(arena); if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
PORT_Assert(encodedConstraints); PORT_Assert(encodedConstraints);
newEncodedConstraints = SECITEM_ArenaDupItem(reqArena, encodedConstraints);
/* TODO: mark arena */ /* TODO: mark arena */
constraints = PORT_ArenaZNew(arena, CERTNameConstraints); constraints = PORT_ArenaZNew(reqArena, CERTNameConstraints);
if (constraints == NULL) { if (constraints == NULL) {
goto loser; goto loser;
} }
rv = SEC_ASN1DecodeItem(arena, constraints, CERTNameConstraintsTemplate, rv = SEC_QuickDERDecodeItem(reqArena, constraints,
encodedConstraints); CERTNameConstraintsTemplate,
newEncodedConstraints);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto loser; goto loser;
} }
if (constraints->DERPermited != NULL && if (constraints->DERPermited != NULL &&
constraints->DERPermited[0] != NULL) { constraints->DERPermited[0] != NULL) {
constraints->permited = constraints->permited =
cert_DecodeNameConstraintSubTree(arena, constraints->DERPermited, cert_DecodeNameConstraintSubTree(reqArena,
constraints->DERPermited,
PR_TRUE); PR_TRUE);
if (constraints->permited == NULL) { if (constraints->permited == NULL) {
goto loser; goto loser;
@ -723,7 +751,8 @@ cert_DecodeNameConstraints(PRArenaPool *arena,
if (constraints->DERExcluded != NULL && if (constraints->DERExcluded != NULL &&
constraints->DERExcluded[0] != NULL) { constraints->DERExcluded[0] != NULL) {
constraints->excluded = constraints->excluded =
cert_DecodeNameConstraintSubTree(arena, constraints->DERExcluded, cert_DecodeNameConstraintSubTree(reqArena,
constraints->DERExcluded,
PR_FALSE); PR_FALSE);
if (constraints->excluded == NULL) { if (constraints->excluded == NULL) {
goto loser; goto loser;
@ -1458,7 +1487,7 @@ SECStatus
CERT_CompareNameSpace(CERTCertificate *cert, CERT_CompareNameSpace(CERTCertificate *cert,
CERTGeneralName *namesList, CERTGeneralName *namesList,
CERTCertificate **certsList, CERTCertificate **certsList,
PRArenaPool *arena, PRArenaPool *reqArena,
CERTCertificate **pBadCert) CERTCertificate **pBadCert)
{ {
SECStatus rv; SECStatus rv;
@ -1481,7 +1510,7 @@ CERT_CompareNameSpace(CERTCertificate *cert,
goto done; goto done;
} }
/* TODO: mark arena */ /* TODO: mark arena */
constraints = cert_DecodeNameConstraints(arena, &constraintsExtension); constraints = cert_DecodeNameConstraints(reqArena, &constraintsExtension);
PORT_Free(constraintsExtension.data); PORT_Free(constraintsExtension.data);
currentName = namesList; currentName = namesList;
if (constraints == NULL) { /* decode failed */ if (constraints == NULL) { /* decode failed */
@ -1493,7 +1522,7 @@ CERT_CompareNameSpace(CERTCertificate *cert,
if (constraints->excluded != NULL) { if (constraints->excluded != NULL) {
rv = CERT_GetNameConstraintByType(constraints->excluded, rv = CERT_GetNameConstraintByType(constraints->excluded,
currentName->type, currentName->type,
&matchingConstraints, arena); &matchingConstraints, reqArena);
if (rv == SECSuccess && matchingConstraints != NULL) { if (rv == SECSuccess && matchingConstraints != NULL) {
rv = cert_CompareNameWithConstraints(currentName, rv = cert_CompareNameWithConstraints(currentName,
matchingConstraints, matchingConstraints,
@ -1505,7 +1534,7 @@ CERT_CompareNameSpace(CERTCertificate *cert,
if (constraints->permited != NULL) { if (constraints->permited != NULL) {
rv = CERT_GetNameConstraintByType(constraints->permited, rv = CERT_GetNameConstraintByType(constraints->permited,
currentName->type, currentName->type,
&matchingConstraints, arena); &matchingConstraints, reqArena);
if (rv == SECSuccess && matchingConstraints != NULL) { if (rv == SECSuccess && matchingConstraints != NULL) {
rv = cert_CompareNameWithConstraints(currentName, rv = cert_CompareNameWithConstraints(currentName,
matchingConstraints, matchingConstraints,
@ -1582,7 +1611,7 @@ CERT_GetNickName(CERTCertificate *cert,
if (!found) if (!found)
goto loser; goto loser;
rv = SEC_ASN1DecodeItem(arena, &nick, SEC_IA5StringTemplate, rv = SEC_QuickDERDecodeItem(arena, &nick, SEC_IA5StringTemplate,
&current->name.OthName.name); &current->name.OthName.name);
if (rv != SECSuccess) { if (rv != SECSuccess) {
goto loser; goto loser;

2
security/nss/lib/certdb/genname.h
Просмотреть файл

@ -130,7 +130,7 @@ SECStatus
CERT_CompareNameSpace(CERTCertificate *cert, CERT_CompareNameSpace(CERTCertificate *cert,
CERTGeneralName *namesList, CERTGeneralName *namesList,
CERTCertificate **certsList, CERTCertificate **certsList,
PRArenaPool *arena, PRArenaPool *reqArena,
CERTCertificate **pBadCert); CERTCertificate **pBadCert);
SEC_END_PROTOS SEC_END_PROTOS

39
security/nss/lib/certdb/xconst.c
Просмотреть файл

@ -205,20 +205,32 @@ CERT_EncodeAltNameExtension(PRArenaPool *arena, CERTGeneralName *value, SECIte
} }
CERTGeneralName * CERTGeneralName *
CERT_DecodeAltNameExtension(PRArenaPool *arena, SECItem *EncodedAltName) CERT_DecodeAltNameExtension(PRArenaPool *reqArena, SECItem *EncodedAltName)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
CERTAltNameEncodedContext encodedContext; CERTAltNameEncodedContext encodedContext;
SECItem* newEncodedAltName;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
newEncodedAltName = SECITEM_ArenaDupItem(reqArena, EncodedAltName);
if (!newEncodedAltName) {
return NULL;
}
encodedContext.encodedGenName = NULL; encodedContext.encodedGenName = NULL;
PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext)); PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext));
rv = SEC_ASN1DecodeItem (arena, &encodedContext, CERT_GeneralNamesTemplate, rv = SEC_QuickDERDecodeItem (reqArena, &encodedContext,
EncodedAltName); CERT_GeneralNamesTemplate, newEncodedAltName);
if (rv == SECFailure) { if (rv == SECFailure) {
goto loser; goto loser;
} }
if (encodedContext.encodedGenName && encodedContext.encodedGenName[0]) if (encodedContext.encodedGenName && encodedContext.encodedGenName[0])
return cert_DecodeGeneralNames(arena, encodedContext.encodedGenName); return cert_DecodeGeneralNames(reqArena,
encodedContext.encodedGenName);
/* Extension contained an empty GeneralNames sequence */ /* Extension contained an empty GeneralNames sequence */
/* Treat as extension not found */ /* Treat as extension not found */
PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
@ -248,21 +260,32 @@ CERT_DecodeNameConstraintsExtension(PRArenaPool *arena,
CERTAuthInfoAccess ** CERTAuthInfoAccess **
CERT_DecodeAuthInfoAccessExtension(PRArenaPool *arena, CERT_DecodeAuthInfoAccessExtension(PRArenaPool *reqArena,
SECItem *encodedExtension) SECItem *encodedExtension)
{ {
CERTAuthInfoAccess **info = NULL; CERTAuthInfoAccess **info = NULL;
SECStatus rv; SECStatus rv;
int i; int i;
SECItem* newEncodedExtension;
rv = SEC_ASN1DecodeItem(arena, &info, CERTAuthInfoAccessTemplate, if (!reqArena) {
encodedExtension); PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
newEncodedExtension = SECITEM_ArenaDupItem(reqArena, encodedExtension);
if (!newEncodedExtension) {
return NULL;
}
rv = SEC_QuickDERDecodeItem(reqArena, &info, CERTAuthInfoAccessTemplate,
newEncodedExtension);
if (rv != SECSuccess || info == NULL) { if (rv != SECSuccess || info == NULL) {
return NULL; return NULL;
} }
for (i = 0; info[i] != NULL; i++) { for (i = 0; info[i] != NULL; i++) {
info[i]->location = CERT_DecodeGeneralName(arena, info[i]->location = CERT_DecodeGeneralName(reqArena,
&(info[i]->derLocation), &(info[i]->derLocation),
NULL); NULL);
} }

20
security/nss/lib/certhigh/ocsp.c
Просмотреть файл

@ -38,7 +38,7 @@
* Implementation of OCSP services, for both client and server. * Implementation of OCSP services, for both client and server.
* (XXX, really, mostly just for client right now, but intended to do both.) * (XXX, really, mostly just for client right now, but intended to do both.)
* *
* $Id: ocsp.c,v 1.26 2006-07-19 00:08:52 nelson%bolyard.com Exp $ * $Id: ocsp.c,v 1.27 2006-08-07 19:09:41 julien.pierre.bugs%sun.com Exp $
*/ */
#include "prerror.h" #include "prerror.h"
@ -1280,7 +1280,7 @@ ocsp_CertStatusTypeByTag(int derTag)
* have allocated; it expects its caller to do that. * have allocated; it expects its caller to do that.
*/ */
static SECStatus static SECStatus
ocsp_FinishDecodingSingleResponses(PRArenaPool *arena, ocsp_FinishDecodingSingleResponses(PRArenaPool *reqArena,
CERTOCSPSingleResponse **responses) CERTOCSPSingleResponse **responses)
{ {
ocspCertStatus *certStatus; ocspCertStatus *certStatus;
@ -1290,10 +1290,16 @@ ocsp_FinishDecodingSingleResponses(PRArenaPool *arena,
int i; int i;
SECStatus rv = SECFailure; SECStatus rv = SECFailure;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
if (responses == NULL) /* nothing to do */ if (responses == NULL) /* nothing to do */
return SECSuccess; return SECSuccess;
for (i = 0; responses[i] != NULL; i++) { for (i = 0; responses[i] != NULL; i++) {
SECItem* newStatus;
/* /*
* The following assert points out internal errors (problems in * The following assert points out internal errors (problems in
* the template definitions or in the ASN.1 decoder itself, etc.). * the template definitions or in the ASN.1 decoder itself, etc.).
@ -1304,12 +1310,16 @@ ocsp_FinishDecodingSingleResponses(PRArenaPool *arena,
certStatusType = ocsp_CertStatusTypeByTag(derTag); certStatusType = ocsp_CertStatusTypeByTag(derTag);
certStatusTemplate = ocsp_CertStatusTemplateByType(certStatusType); certStatusTemplate = ocsp_CertStatusTemplateByType(certStatusType);
certStatus = PORT_ArenaZAlloc(arena, sizeof(ocspCertStatus)); certStatus = PORT_ArenaZAlloc(reqArena, sizeof(ocspCertStatus));
if (certStatus == NULL) { if (certStatus == NULL) {
goto loser; goto loser;
} }
rv = SEC_ASN1DecodeItem(arena, certStatus, certStatusTemplate, newStatus = SECITEM_ArenaDupItem(reqArena, &responses[i]->derCertStatus);
&responses[i]->derCertStatus); if (!newStatus) {
goto loser;
}
rv = SEC_QuickDERDecodeItem(reqArena, certStatus, certStatusTemplate,
newStatus);
if (rv != SECSuccess) { if (rv != SECSuccess) {
if (PORT_GetError() == SEC_ERROR_BAD_DER) if (PORT_GetError() == SEC_ERROR_BAD_DER)
PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE); PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);