The Tor Browser / annotate

security/nss/lib/certhigh/crlv2.c@b8a032363ba2 (annotated)

security/nss/lib/certhigh/crlv2.c

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4
michael@0 5 /*
michael@0 6 * Code for dealing with x.509 v3 crl and crl entries extensions.
michael@0 7 */
michael@0 8
michael@0 9 #include "cert.h"
michael@0 10 #include "secitem.h"
michael@0 11 #include "secoid.h"
michael@0 12 #include "secoidt.h"
michael@0 13 #include "secder.h"
michael@0 14 #include "secasn1.h"
michael@0 15 #include "certxutl.h"
michael@0 16
michael@0 17 SECStatus
michael@0 18 CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value)
michael@0 19 {
michael@0 20 return (cert_FindExtensionByOID (crl->extensions, oid, value));
michael@0 21 }
michael@0 22
michael@0 23
michael@0 24 SECStatus
michael@0 25 CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value)
michael@0 26 {
michael@0 27 return (cert_FindExtension (crl->extensions, tag, value));
michael@0 28 }
michael@0 29
michael@0 30
michael@0 31 /* Callback to set extensions and adjust verison */
michael@0 32 static void
michael@0 33 SetCrlExts(void *object, CERTCertExtension **exts)
michael@0 34 {
michael@0 35 CERTCrl *crl = (CERTCrl *)object;
michael@0 36
michael@0 37 crl->extensions = exts;
michael@0 38 DER_SetUInteger (crl->arena, &crl->version, SEC_CRL_VERSION_2);
michael@0 39 }
michael@0 40
michael@0 41 void *
michael@0 42 CERT_StartCRLExtensions(CERTCrl *crl)
michael@0 43 {
michael@0 44 return (cert_StartExtensions ((void *)crl, crl->arena, SetCrlExts));
michael@0 45 }
michael@0 46
michael@0 47 static void
michael@0 48 SetCrlEntryExts(void *object, CERTCertExtension **exts)
michael@0 49 {
michael@0 50 CERTCrlEntry *crlEntry = (CERTCrlEntry *)object;
michael@0 51
michael@0 52 crlEntry->extensions = exts;
michael@0 53 }
michael@0 54
michael@0 55 void *
michael@0 56 CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
michael@0 57 {
michael@0 58 return (cert_StartExtensions (entry, crl->arena, SetCrlEntryExts));
michael@0 59 }
michael@0 60
michael@0 61 SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
michael@0 62 SECItem *value)
michael@0 63 {
michael@0 64 SECItem encodedExtenValue;
michael@0 65 SECItem *tmpItem = NULL;
michael@0 66 SECStatus rv;
michael@0 67 void *mark = NULL;
michael@0 68
michael@0 69 encodedExtenValue.data = NULL;
michael@0 70 encodedExtenValue.len = 0;
michael@0 71
michael@0 72 rv = cert_FindExtension(crl->extensions, SEC_OID_X509_CRL_NUMBER,
michael@0 73 &encodedExtenValue);
michael@0 74 if ( rv != SECSuccess )
michael@0 75 return (rv);
michael@0 76
michael@0 77 mark = PORT_ArenaMark(arena);
michael@0 78
michael@0 79 tmpItem = SECITEM_ArenaDupItem(arena, &encodedExtenValue);
michael@0 80 if (tmpItem) {
michael@0 81 rv = SEC_QuickDERDecodeItem (arena, value,
michael@0 82 SEC_ASN1_GET(SEC_IntegerTemplate),
michael@0 83 tmpItem);
michael@0 84 } else {
michael@0 85 rv = SECFailure;
michael@0 86 }
michael@0 87
michael@0 88 PORT_Free (encodedExtenValue.data);
michael@0 89 if (rv == SECFailure) {
michael@0 90 PORT_ArenaRelease(arena, mark);
michael@0 91 } else {
michael@0 92 PORT_ArenaUnmark(arena, mark);
michael@0 93 }
michael@0 94 return (rv);
michael@0 95 }
michael@0 96
michael@0 97 SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
michael@0 98 CERTCRLEntryReasonCode *value)
michael@0 99 {
michael@0 100 SECItem wrapperItem = {siBuffer,0};
michael@0 101 SECItem tmpItem = {siBuffer,0};
michael@0 102 SECStatus rv;
michael@0 103 PLArenaPool *arena = NULL;
michael@0 104
michael@0 105 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
michael@0 106 if ( ! arena ) {
michael@0 107 return(SECFailure);
michael@0 108 }
michael@0 109
michael@0 110 rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE,
michael@0 111 &wrapperItem);
michael@0 112 if ( rv != SECSuccess ) {
michael@0 113 goto loser;
michael@0 114 }
michael@0 115
michael@0 116 rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
michael@0 117 SEC_ASN1_GET(SEC_EnumeratedTemplate),
michael@0 118 &wrapperItem);
michael@0 119
michael@0 120 if ( rv != SECSuccess ) {
michael@0 121 goto loser;
michael@0 122 }
michael@0 123
michael@0 124 *value = (CERTCRLEntryReasonCode) DER_GetInteger(&tmpItem);
michael@0 125
michael@0 126 loser:
michael@0 127 if ( arena ) {
michael@0 128 PORT_FreeArena(arena, PR_FALSE);
michael@0 129 }
michael@0 130
michael@0 131 if ( wrapperItem.data ) {
michael@0 132 PORT_Free(wrapperItem.data);
michael@0 133 }
michael@0 134
michael@0 135 return (rv);
michael@0 136 }
michael@0 137
michael@0 138 SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, PRTime *value)
michael@0 139 {
michael@0 140 SECItem encodedExtenValue;
michael@0 141 SECItem decodedExtenValue = {siBuffer,0};
michael@0 142 SECStatus rv;
michael@0 143
michael@0 144 encodedExtenValue.data = decodedExtenValue.data = NULL;
michael@0 145 encodedExtenValue.len = decodedExtenValue.len = 0;
michael@0 146
michael@0 147 rv = cert_FindExtension
michael@0 148 (crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
michael@0 149 if ( rv != SECSuccess )
michael@0 150 return (rv);
michael@0 151
michael@0 152 rv = SEC_ASN1DecodeItem (NULL, &decodedExtenValue,
michael@0 153 SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
michael@0 154 &encodedExtenValue);
michael@0 155 if (rv == SECSuccess)
michael@0 156 rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
michael@0 157 PORT_Free (decodedExtenValue.data);
michael@0 158 PORT_Free (encodedExtenValue.data);
michael@0 159 return (rv);
michael@0 160 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial