The Tor Browser: security/nss/lib/libpkix/include/pkix

security/nss/lib/libpkix/include/pkix_crlsel.h@b8a032363ba2 (annotated)

security/nss/lib/libpkix/include/pkix_crlsel.h

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rwxr-xr-x

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * This file defines functions associated with the PKIX_CRLSelector and the
  * PKIX_ComCRLSelParams types.
  *
  */
 #ifndef _PKIX_CRLSEL_H
 #define _PKIX_CRLSEL_H
 #include "pkixt.h"
 #ifdef __cplusplus
 extern "C" {
 #endif
 /* General
  *
  * Please refer to the libpkix Programmer's Guide for detailed information
  * about how to use the libpkix library. Certain key warnings and notices from
  * that document are repeated here for emphasis.
  *
  * All identifiers in this file (and all public identifiers defined in
  * libpkix) begin with "PKIX_". Private identifiers only intended for use
  * within the library begin with "pkix_".
  *
  * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
  *
  * Unless otherwise noted, for all accessor (gettor) functions that return a
  * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
  * shared object. Therefore, the caller should treat this shared object as
  * read-only and should not modify this shared object. When done using the
  * shared object, the caller should release the reference to the object by
  * using the PKIX_PL_Object_DecRef function.
  *
  * While a function is executing, if its arguments (or anything referred to by
  * its arguments) are modified, free'd, or destroyed, the function's behavior
  * is undefined.
  *
  */
 /* PKIX_CRLSelector
  *
  * PKIX_CRLSelectors provide a standard way for the caller to select CRLs
  * based on particular criteria. A CRLSelector is typically used by libpkix
  * to retrieve CRLs from a CertStore during certificate chain validation or
  * building. (see pkix_certstore.h) For example, the caller may wish to only
  * select those CRLs that have a particular issuer or a particular value for a
  * private CRL extension. The MatchCallback allows the caller to specify the
  * custom matching logic to be used by a CRLSelector.
  * By default, the MatchCallback is set to point to the default implementation
  * provided by libpkix, which understands how to process the most common
  * parameters. If the default implementation is used, the caller should set
  * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
  * Any common parameter that is not set is assumed to be disabled, which means
  * the default MatchCallback implementation will select all CRLs without
  * regard to that particular disabled parameter. For example, if the
  * MaxCRLNumber parameter is not set, MatchCallback will not filter out any
  * CRL based on its CRL number. As such, if no parameters are set, all are
  * disabled and any CRL will match. If a parameter is disabled, its associated
  * PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
  *
  * If a custom implementation is desired, the default implementation can be
  * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
  * CRLSelector can be initialized with a crlSelectorContext, which is where
  * the caller can specify the desired parameters the caller wishes to match
  * against. Note that this crlSelectorContext must be a PKIX_PL_Object,
  * allowing it to be reference-counted and allowing it to provide the standard
  * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
  *
  */
 /*
  * FUNCTION: PKIX_CRLSelector_MatchCallback
  * DESCRIPTION:
  *
  *  This callback function determines whether the specified CRL pointed to by
  *  "crl" matches the criteria of the CRLSelector pointed to by "selector".
  *  If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
  *  "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
  *
  * PARAMETERS:
  *  "selector"
  *      Address of CRLSelector whose MatchCallback logic and parameters are
  *      to be used. Must be non-NULL.
  *  "crl"
  *      Address of CRL that is to be matched using "selector". Must be non-NULL.
  *  "pMatch"
  *      Address at which Boolean result is stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe
  *
  *  Multiple threads must be able to safely call this function without
  *  worrying about conflicts, even if they're operating on the same objects.
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 typedef PKIX_Error *
 (*PKIX_CRLSelector_MatchCallback)(
         PKIX_CRLSelector *selector,
         PKIX_PL_CRL *crl,
         PKIX_Boolean *pMatch,
         void *plContext);
 /*
  * FUNCTION: PKIX_CRLSelector_Create
  * DESCRIPTION:
  *
  *  Creates a new CRLSelector using the Object pointed to by
  *  "crlSelectorContext" (if any) and stores it at "pSelector". As noted
  *  above, by default, the MatchCallback is set to point to the default
  *  implementation provided by libpkix, which understands how to process
  *  ComCRLSelParams. This is overridden if the MatchCallback pointed to by
  *  "callback" is not NULL, in which case the parameters are specified using
  *  the Object pointed to by "crlSelectorContext".
  *
  * PARAMETERS:
  *  "issue"
  *      crl issuer.
  *  "crlDpList"
  *      distribution points list
  *  "callback"
  *      The MatchCallback function to be used.
  *  "pSelector"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_CRLSelector_Create(
         PKIX_PL_Cert *issuer,
         PKIX_List *crlDpList,
         PKIX_PL_Date *date,
         PKIX_CRLSelector **pSelector,
         void *plContext);
 /*
  * FUNCTION: PKIX_CRLSelector_GetMatchCallback
  * DESCRIPTION:
  *
  *  Retrieves a pointer to "selector's" Match callback function and puts it in
  *  "pCallback".
  *
  * PARAMETERS:
  *  "selector"
  *      The CRLSelector whose Match callback is desired. Must be non-NULL.
  *  "pCallback"
  *      Address where Match callback function pointer will be stored.
  *      Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_CRLSelector_GetMatchCallback(
         PKIX_CRLSelector *selector,
         PKIX_CRLSelector_MatchCallback *pCallback,
         void *plContext);
 /*
  * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
  * DESCRIPTION:
  *
  *  Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
  *  of the CRLSelector pointed to by "selector" and stores it at
  *  "pCRLSelectorContext".
  *
  * PARAMETERS:
  *  "selector"
  *      Address of CRLSelector whose context is to be stored. Must be non-NULL.
  *  "pCRLSelectorContext"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_CRLSelector_GetCRLSelectorContext(
         PKIX_CRLSelector *selector,
         void **pCRLSelectorContext,
         void *plContext);
 /*
  * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
  * DESCRIPTION:
  *
  *  Retrieves a pointer to the ComCRLSelParams object that represent the common
  *  parameters of the CRLSelector pointed to by "selector" and stores it at
  *  "pCommonCRLSelectorParams". If there are no common parameters stored with
  *  the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
  *
  * PARAMETERS:
  *  "selector"
  *      Address of CRLSelector whose ComCRLSelParams are to be stored.
  *      Must be non-NULL.
  *  "pCommonCRLSelectorParams"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *      (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_CRLSelector_GetCommonCRLSelectorParams(
         PKIX_CRLSelector *selector,
         PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
         void *plContext);
 /*
  * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
  * DESCRIPTION:
  *
  *  Sets the common parameters for the CRLSelector pointed to by "selector"
  *  using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
  *
  * PARAMETERS:
  *  "selector"
  *      Address of CRLSelector whose common parameters are to be set.
  *      Must be non-NULL.
  *  "commonCRLSelectorParams"
  *      Address of ComCRLSelParams representing the common parameters.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe - assumes exclusive access to "selector"
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_CRLSelector_SetCommonCRLSelectorParams(
         PKIX_CRLSelector *selector,
         PKIX_ComCRLSelParams *commonCRLSelectorParams,
         void *plContext);
 /* PKIX_ComCRLSelParams
  *
  * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
  * especially determining which CRLs to retrieve from a CertStore.
  * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
  * the default implementation of MatchCallback, which understands how to
  * process ComCRLSelParams.
  */
 /*
  * FUNCTION: PKIX_ComCRLSelParams_Create
  * DESCRIPTION:
  *
  *  Creates a new ComCRLSelParams object and stores it at "pParams".
  *
  * PARAMETERS:
  *  "pParams"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_Create(
         PKIX_ComCRLSelParams **pParams,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
  * DESCRIPTION:
  *
  *  Retrieves a pointer to the List of X500Names (if any) representing the
  *  issuer names criterion that is set in the ComCRLSelParams pointed to by
  *  "params" and stores it at "pNames". In order to match against this
  *  criterion, a CRL's IssuerName must match at least one of the criterion's
  *  issuer names.
  *
  *  If "params" does not have this criterion set, this function stores NULL at
  *  "pNames", in which case all CRLs are considered to match.
  *
  *  Note that the List returned by this function is immutable.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParams whose issuer names criterion (if any) is to
  *      be stored. Must be non-NULL.
  *  "pNames"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *      (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_GetIssuerNames(
         PKIX_ComCRLSelParams *params,
         PKIX_List **pNames,  /* list of PKIX_PL_X500Name */
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
  * DESCRIPTION:
  *
  *  Sets the issuer names criterion of the ComCRLSelParams pointed to by
  *  "params" using a List of X500Names pointed to by "names". In order to match
  *  against this criterion, a CRL's IssuerName must match at least one of the
  *  criterion's issuer names.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParamsParams whose issuer names criterion is to be
  *      set. Must be non-NULL.
  *  "names"
  *      Address of List of X500Names used to set the criterion
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe - assumes exclusive access to "params"
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_SetIssuerNames(
         PKIX_ComCRLSelParams *params,
         PKIX_List *names,   /* list of PKIX_PL_X500Name */
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
  * DESCRIPTION:
  *
  *  Adds to the issuer names criterion of the ComCRLSelParams pointed to by
  *  "params" using the X500Name pointed to by "name". In order to match
  *  against this criterion, a CRL's IssuerName must match at least one of the
  *  criterion's issuer names.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParams whose issuer names criterion is to be added
  *      to. Must be non-NULL.
  *  "name"
  *      Address of X500Name to be added.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe - assumes exclusive access to "params"
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_AddIssuerName(
         PKIX_ComCRLSelParams *params,
         PKIX_PL_X500Name *name,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
  * DESCRIPTION:
  *
  *  Retrieves a pointer to the Cert (if any) representing the certificate whose
  *  revocation status is being checked. This is not a criterion. It is simply
  *  optional information that may help a CertStore find relevant CRLs.
  *
  *  If "params" does not have a certificate set, this function stores NULL at
  *  "pCert", in which case there is no optional information to provide.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParams whose certificate being checked (if any) is
  *      to be stored. Must be non-NULL.
  *  "pCert"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *      (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_GetCertificateChecking(
         PKIX_ComCRLSelParams *params,
         PKIX_PL_Cert **pCert,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
  * DESCRIPTION:
  *
  *  Sets the ComCRLSelParams pointed to by "params" with the certificate
  *  (pointed to by "cert") whose revocation status is being checked. This is
  *  not a criterion. It is simply optional information that may help a
  *  CertStore find relevant CRLs.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParams whose certificate being checked is to be
  *      set. Must be non-NULL.
  *  "cert"
  *      Address of Cert whose revocation status is being checked
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe - assumes exclusive access to "params"
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_SetCertificateChecking(
         PKIX_ComCRLSelParams *params,
         PKIX_PL_Cert *cert,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
  * DESCRIPTION:
  *
  *  Retrieves a pointer to the Date (if any) representing the dateAndTime
  *  criterion that is set in the ComCRLSelParams pointed to by "params" and
  *  stores it at "pDate". In order to match against this criterion, a CRL's
  *  thisUpdate component must be less than or equal to the criterion's
  *  dateAndTime and the CRL's nextUpdate component must be later than the
  *  criterion's dateAndTime. There is no match if the CRL does not contain a
  *  nextUpdate component.
  *
  *  If "params" does not have this criterion set, this function stores NULL at
  *  "pDate", in which case all CRLs are considered to match.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
  *      be stored. Must be non-NULL.
  *  "pDate"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *      (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_GetDateAndTime(
         PKIX_ComCRLSelParams *params,
         PKIX_PL_Date **pDate,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
  * DESCRIPTION:
  *
  *  Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
  *  "params" using a Date pointed to by "date". In order to match against this
  *  criterion, a CRL's thisUpdate component must be less than or equal to the
  *  criterion's dateAndTime and the CRL's nextUpdate component must be later
  *  than the criterion's dateAndTime. There is no match if the CRL does not
  *  contain a nextUpdate component.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
  *      set. Must be non-NULL.
  *  "date"
  *      Address of Date used to set the criterion
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe - assumes exclusive access to "params"
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_SetDateAndTime(
         PKIX_ComCRLSelParams *params,
         PKIX_PL_Date *date,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled
  * DESCRIPTION:
  *
  *  Retrieves a pointer to the Boolean representing the NIST CRL policy
  *  activation flag that is set in the ComCRLSelParams pointed to by "params"
  *  and stores it at "enabled". If enabled, a CRL must have nextUpdate field.
  *
  *  Default value for this flag is TRUE.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParams whose NIST CRL policy criterion  is to
  *      be stored. Must be non-NULL.
  *  "pEnabled"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *      (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
         PKIX_ComCRLSelParams *params,
         PKIX_Boolean *pEnabled,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled
  * DESCRIPTION:
  *
  *  Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by
  *  "params" using a "enabled" flag. In order to match against this
  *  criterion, a CRL's nextUpdate must be available and criterion's
  *  dataAndTime must be within thisUpdate and nextUpdate time period.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParamsParams whose NIST CRL policy criterion
  *      is to be set. Must be non-NULL.
  *  "enabled"
  *      Address of Bollean used to set the criterion
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe - assumes exclusive access to "params"
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
         PKIX_ComCRLSelParams *params,
         PKIX_Boolean enabled,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
  * DESCRIPTION:
  *
  *  Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
  *  criterion that is set in the ComCRLSelParams pointed to by "params" and
  *  stores it at "pNumber". In order to match against this criterion, a CRL
  *  must have a CRL number extension whose value is less than or equal to the
  *  criterion's value.
  *
  *  If "params" does not have this criterion set, this function stores NULL at
  *  "pNumber", in which case all CRLs are considered to match.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
  *      be stored. Must be non-NULL.
  *  "pNumber"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *      (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_GetMaxCRLNumber(
         PKIX_ComCRLSelParams *params,
         PKIX_PL_BigInt **pNumber,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
  * DESCRIPTION:
  *
  *  Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
  *  "params" using a BigInt pointed to by "number". In order to match against
  *  this criterion, a CRL must have a CRL number extension whose value is less
  *  than or equal to the criterion's value.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
  *      set. Must be non-NULL.
  *  "number"
  *      Address of BigInt used to set the criterion
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe - assumes exclusive access to "params"
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_SetMaxCRLNumber(
         PKIX_ComCRLSelParams *params,
         PKIX_PL_BigInt *number,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
  * DESCRIPTION:
  *
  *  Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
  *  criterion that is set in the ComCRLSelParams pointed to by "params" and
  *  stores it at "pNumber". In order to match against this criterion, a CRL
  *  must have a CRL number extension whose value is greater than or equal to
  *  the criterion's value.
  *
  *  If "params" does not have this criterion set, this function stores NULL at
  *  "pNumber", in which case all CRLs are considered to match.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
  *      be stored. Must be non-NULL.
  *  "pNumber"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *      (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_GetMinCRLNumber(
         PKIX_ComCRLSelParams *params,
         PKIX_PL_BigInt **pNumber,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
  * DESCRIPTION:
  *
  *  Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
  *  "params" using a BigInt pointed to by "number". In order to match against
  *  this criterion, a CRL must have a CRL number extension whose value is
  *  greater than or equal to the criterion's value.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
  *      set. Must be non-NULL.
  *  "number"
  *      Address of BigInt used to set the criterion
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe - assumes exclusive access to "params"
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_ComCRLSelParams_SetMinCRLNumber(
         PKIX_ComCRLSelParams *params,
         PKIX_PL_BigInt *number,
         void *plContext);
 /*
  * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp
  * DESCRIPTION:
  *
  * Sets crldp list that can be used to download a crls.
  *
  * PARAMETERS:
  *  "params"
  *      Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
  *      set. Must be non-NULL.
  *  "crldpList"
  *      A list of CRLDPs. Can be an emptry list.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe - assumes exclusive access to "params"
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a CRLSelector Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error*
 PKIX_ComCRLSelParams_SetCrlDp(
          PKIX_ComCRLSelParams *params,
          PKIX_List *crldpList,
          void *plContext);
 #ifdef __cplusplus
 }
 #endif
 #endif /* _PKIX_CRLSEL_H */

The Tor Browser / annotate

security/nss/lib/libpkix/include/pkix_crlsel.h@b8a032363ba2 (annotated)

security/nss/lib/libpkix/include/pkix_crlsel.h