The Tor Browser / annotate

security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c@b8a032363ba2 (annotated)

security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rwxr-xr-x

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4 /*
michael@0 5 * pkix_trustanchor.c
michael@0 6 *
michael@0 7 * TrustAnchor Object Functions
michael@0 8 *
michael@0 9 */
michael@0 10
michael@0 11 #include "pkix_trustanchor.h"
michael@0 12
michael@0 13 /* --Private-Functions-------------------------------------------- */
michael@0 14
michael@0 15 /*
michael@0 16 * FUNCTION: pkix_TrustAnchor_Destroy
michael@0 17 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
michael@0 18 */
michael@0 19 static PKIX_Error *
michael@0 20 pkix_TrustAnchor_Destroy(
michael@0 21 PKIX_PL_Object *object,
michael@0 22 void *plContext)
michael@0 23 {
michael@0 24 PKIX_TrustAnchor *anchor = NULL;
michael@0 25
michael@0 26 PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Destroy");
michael@0 27 PKIX_NULLCHECK_ONE(object);
michael@0 28
michael@0 29 /* Check that this object is a trust anchor */
michael@0 30 PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
michael@0 31 PKIX_OBJECTNOTTRUSTANCHOR);
michael@0 32
michael@0 33 anchor = (PKIX_TrustAnchor *)object;
michael@0 34
michael@0 35 PKIX_DECREF(anchor->trustedCert);
michael@0 36 PKIX_DECREF(anchor->caName);
michael@0 37 PKIX_DECREF(anchor->caPubKey);
michael@0 38 PKIX_DECREF(anchor->nameConstraints);
michael@0 39
michael@0 40 cleanup:
michael@0 41
michael@0 42 PKIX_RETURN(TRUSTANCHOR);
michael@0 43 }
michael@0 44
michael@0 45 /*
michael@0 46 * FUNCTION: pkix_TrustAnchor_Equals
michael@0 47 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
michael@0 48 */
michael@0 49 static PKIX_Error *
michael@0 50 pkix_TrustAnchor_Equals(
michael@0 51 PKIX_PL_Object *first,
michael@0 52 PKIX_PL_Object *second,
michael@0 53 PKIX_Boolean *pResult,
michael@0 54 void *plContext)
michael@0 55 {
michael@0 56 PKIX_UInt32 secondType;
michael@0 57 PKIX_Boolean cmpResult;
michael@0 58 PKIX_TrustAnchor *firstAnchor = NULL;
michael@0 59 PKIX_TrustAnchor *secondAnchor = NULL;
michael@0 60 PKIX_PL_Cert *firstCert = NULL;
michael@0 61 PKIX_PL_Cert *secondCert = NULL;
michael@0 62
michael@0 63 PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals");
michael@0 64 PKIX_NULLCHECK_THREE(first, second, pResult);
michael@0 65
michael@0 66 PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext),
michael@0 67 PKIX_FIRSTOBJECTNOTTRUSTANCHOR);
michael@0 68
michael@0 69 PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
michael@0 70 PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
michael@0 71
michael@0 72 *pResult = PKIX_FALSE;
michael@0 73
michael@0 74 if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup;
michael@0 75
michael@0 76 firstAnchor = (PKIX_TrustAnchor *)first;
michael@0 77 secondAnchor = (PKIX_TrustAnchor *)second;
michael@0 78
michael@0 79 firstCert = firstAnchor->trustedCert;
michael@0 80 secondCert = secondAnchor->trustedCert;
michael@0 81
michael@0 82 if ((firstCert && !secondCert) || (!firstCert && secondCert)){
michael@0 83 goto cleanup;
michael@0 84 }
michael@0 85
michael@0 86 if (firstCert && secondCert){
michael@0 87 PKIX_CHECK(PKIX_PL_Object_Equals
michael@0 88 ((PKIX_PL_Object *)firstCert,
michael@0 89 (PKIX_PL_Object *)secondCert,
michael@0 90 &cmpResult,
michael@0 91 plContext),
michael@0 92 PKIX_OBJECTEQUALSFAILED);
michael@0 93 } else {
michael@0 94 PKIX_CHECK(PKIX_PL_Object_Equals
michael@0 95 ((PKIX_PL_Object *)firstAnchor->caName,
michael@0 96 (PKIX_PL_Object *)secondAnchor->caName,
michael@0 97 &cmpResult,
michael@0 98 plContext),
michael@0 99 PKIX_OBJECTEQUALSFAILED);
michael@0 100
michael@0 101 if (!cmpResult) goto cleanup;
michael@0 102
michael@0 103 PKIX_CHECK(PKIX_PL_Object_Equals
michael@0 104 ((PKIX_PL_Object *)firstAnchor->caPubKey,
michael@0 105 (PKIX_PL_Object *)secondAnchor->caPubKey,
michael@0 106 &cmpResult,
michael@0 107 plContext),
michael@0 108 PKIX_OBJECTEQUALSFAILED);
michael@0 109
michael@0 110 if (!cmpResult) goto cleanup;
michael@0 111
michael@0 112 PKIX_EQUALS
michael@0 113 (firstAnchor->nameConstraints,
michael@0 114 secondAnchor->nameConstraints,
michael@0 115 &cmpResult,
michael@0 116 plContext,
michael@0 117 PKIX_OBJECTEQUALSFAILED);
michael@0 118
michael@0 119 if (!cmpResult) goto cleanup;
michael@0 120
michael@0 121 }
michael@0 122
michael@0 123 *pResult = cmpResult;
michael@0 124
michael@0 125 cleanup:
michael@0 126
michael@0 127 PKIX_RETURN(TRUSTANCHOR);
michael@0 128 }
michael@0 129
michael@0 130 /*
michael@0 131 * FUNCTION: pkix_TrustAnchor_Hashcode
michael@0 132 * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
michael@0 133 */
michael@0 134 static PKIX_Error *
michael@0 135 pkix_TrustAnchor_Hashcode(
michael@0 136 PKIX_PL_Object *object,
michael@0 137 PKIX_UInt32 *pHashcode,
michael@0 138 void *plContext)
michael@0 139 {
michael@0 140 PKIX_TrustAnchor *anchor = NULL;
michael@0 141 PKIX_PL_Cert *cert = NULL;
michael@0 142 PKIX_UInt32 hash = 0;
michael@0 143 PKIX_UInt32 certHash = 0;
michael@0 144 PKIX_UInt32 nameHash = 0;
michael@0 145 PKIX_UInt32 pubKeyHash = 0;
michael@0 146 PKIX_UInt32 ncHash = 0;
michael@0 147
michael@0 148 PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Hashcode");
michael@0 149 PKIX_NULLCHECK_TWO(object, pHashcode);
michael@0 150
michael@0 151 PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
michael@0 152 PKIX_OBJECTNOTTRUSTANCHOR);
michael@0 153
michael@0 154 anchor = (PKIX_TrustAnchor*)object;
michael@0 155 cert = anchor->trustedCert;
michael@0 156
michael@0 157 if (cert){
michael@0 158 PKIX_CHECK(PKIX_PL_Object_Hashcode
michael@0 159 ((PKIX_PL_Object *)cert,
michael@0 160 &certHash,
michael@0 161 plContext),
michael@0 162 PKIX_OBJECTHASHCODEFAILED);
michael@0 163
michael@0 164 hash = certHash;
michael@0 165
michael@0 166 } else {
michael@0 167 PKIX_CHECK(PKIX_PL_Object_Hashcode
michael@0 168 ((PKIX_PL_Object *)anchor->caName,
michael@0 169 &nameHash,
michael@0 170 plContext),
michael@0 171 PKIX_OBJECTHASHCODEFAILED);
michael@0 172
michael@0 173 PKIX_CHECK(PKIX_PL_Object_Hashcode
michael@0 174 ((PKIX_PL_Object *)anchor->caPubKey,
michael@0 175 &pubKeyHash,
michael@0 176 plContext),
michael@0 177 PKIX_OBJECTHASHCODEFAILED);
michael@0 178
michael@0 179 PKIX_HASHCODE(anchor->nameConstraints, &ncHash, plContext,
michael@0 180 PKIX_OBJECTHASHCODEFAILED);
michael@0 181
michael@0 182 hash = 31 * nameHash + pubKeyHash + ncHash;
michael@0 183
michael@0 184 }
michael@0 185
michael@0 186 *pHashcode = hash;
michael@0 187
michael@0 188 cleanup:
michael@0 189
michael@0 190 PKIX_RETURN(TRUSTANCHOR);
michael@0 191 }
michael@0 192
michael@0 193 /*
michael@0 194 * FUNCTION: pkix_TrustAnchor_ToString
michael@0 195 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
michael@0 196 */
michael@0 197 static PKIX_Error *
michael@0 198 pkix_TrustAnchor_ToString(
michael@0 199 PKIX_PL_Object *object,
michael@0 200 PKIX_PL_String **pString,
michael@0 201 void *plContext)
michael@0 202 {
michael@0 203 PKIX_TrustAnchor *anchor = NULL;
michael@0 204 char *asciiFormat = NULL;
michael@0 205 PKIX_PL_String *formatString = NULL;
michael@0 206 PKIX_PL_String *anchorString = NULL;
michael@0 207 PKIX_PL_String *certString = NULL;
michael@0 208 PKIX_PL_String *nameString = NULL;
michael@0 209 PKIX_PL_String *pubKeyString = NULL;
michael@0 210 PKIX_PL_String *nameConstraintsString = NULL;
michael@0 211
michael@0 212 PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString");
michael@0 213 PKIX_NULLCHECK_TWO(object, pString);
michael@0 214
michael@0 215 PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
michael@0 216 PKIX_OBJECTNOTTRUSTANCHOR);
michael@0 217
michael@0 218 anchor = (PKIX_TrustAnchor*)object;
michael@0 219
michael@0 220 if (anchor->trustedCert){
michael@0 221 asciiFormat =
michael@0 222 "[\n"
michael@0 223 "\tTrusted Cert: %s\n"
michael@0 224 "]\n";
michael@0 225
michael@0 226 PKIX_CHECK(PKIX_PL_String_Create
michael@0 227 (PKIX_ESCASCII,
michael@0 228 asciiFormat,
michael@0 229 0,
michael@0 230 &formatString,
michael@0 231 plContext),
michael@0 232 PKIX_STRINGCREATEFAILED);
michael@0 233
michael@0 234 PKIX_CHECK(PKIX_PL_Object_ToString
michael@0 235 ((PKIX_PL_Object *)anchor->trustedCert,
michael@0 236 &certString,
michael@0 237 plContext),
michael@0 238 PKIX_OBJECTTOSTRINGFAILED);
michael@0 239
michael@0 240 PKIX_CHECK(PKIX_PL_Sprintf
michael@0 241 (&anchorString,
michael@0 242 plContext,
michael@0 243 formatString,
michael@0 244 certString),
michael@0 245 PKIX_SPRINTFFAILED);
michael@0 246 } else {
michael@0 247 asciiFormat =
michael@0 248 "[\n"
michael@0 249 "\tTrusted CA Name: %s\n"
michael@0 250 "\tTrusted CA PublicKey: %s\n"
michael@0 251 "\tInitial Name Constraints:%s\n"
michael@0 252 "]\n";
michael@0 253
michael@0 254 PKIX_CHECK(PKIX_PL_String_Create
michael@0 255 (PKIX_ESCASCII,
michael@0 256 asciiFormat,
michael@0 257 0,
michael@0 258 &formatString,
michael@0 259 plContext),
michael@0 260 PKIX_STRINGCREATEFAILED);
michael@0 261
michael@0 262 PKIX_CHECK(PKIX_PL_Object_ToString
michael@0 263 ((PKIX_PL_Object *)anchor->caName,
michael@0 264 &nameString,
michael@0 265 plContext),
michael@0 266 PKIX_OBJECTTOSTRINGFAILED);
michael@0 267
michael@0 268 PKIX_CHECK(PKIX_PL_Object_ToString
michael@0 269 ((PKIX_PL_Object *)anchor->caPubKey,
michael@0 270 &pubKeyString,
michael@0 271 plContext),
michael@0 272 PKIX_OBJECTTOSTRINGFAILED);
michael@0 273
michael@0 274 PKIX_TOSTRING
michael@0 275 (anchor->nameConstraints,
michael@0 276 &nameConstraintsString,
michael@0 277 plContext,
michael@0 278 PKIX_OBJECTTOSTRINGFAILED);
michael@0 279
michael@0 280 PKIX_CHECK(PKIX_PL_Sprintf
michael@0 281 (&anchorString,
michael@0 282 plContext,
michael@0 283 formatString,
michael@0 284 nameString,
michael@0 285 pubKeyString,
michael@0 286 nameConstraintsString),
michael@0 287 PKIX_SPRINTFFAILED);
michael@0 288 }
michael@0 289
michael@0 290 *pString = anchorString;
michael@0 291
michael@0 292 cleanup:
michael@0 293
michael@0 294 PKIX_DECREF(formatString);
michael@0 295 PKIX_DECREF(certString);
michael@0 296 PKIX_DECREF(nameString);
michael@0 297 PKIX_DECREF(pubKeyString);
michael@0 298 PKIX_DECREF(nameConstraintsString);
michael@0 299
michael@0 300 PKIX_RETURN(TRUSTANCHOR);
michael@0 301 }
michael@0 302
michael@0 303 /*
michael@0 304 * FUNCTION: pkix_TrustAnchor_RegisterSelf
michael@0 305 * DESCRIPTION:
michael@0 306 * Registers PKIX_TRUSTANCHOR_TYPE and its related functions with
michael@0 307 * systemClasses[]
michael@0 308 * THREAD SAFETY:
michael@0 309 * Not Thread Safe - for performance and complexity reasons
michael@0 310 *
michael@0 311 * Since this function is only called by PKIX_PL_Initialize, which should
michael@0 312 * only be called once, it is acceptable that this function is not
michael@0 313 * thread-safe.
michael@0 314 */
michael@0 315 PKIX_Error *
michael@0 316 pkix_TrustAnchor_RegisterSelf(void *plContext)
michael@0 317 {
michael@0 318 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
michael@0 319 pkix_ClassTable_Entry entry;
michael@0 320
michael@0 321 PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_RegisterSelf");
michael@0 322
michael@0 323 entry.description = "TrustAnchor";
michael@0 324 entry.objCounter = 0;
michael@0 325 entry.typeObjectSize = sizeof(PKIX_TrustAnchor);
michael@0 326 entry.destructor = pkix_TrustAnchor_Destroy;
michael@0 327 entry.equalsFunction = pkix_TrustAnchor_Equals;
michael@0 328 entry.hashcodeFunction = pkix_TrustAnchor_Hashcode;
michael@0 329 entry.toStringFunction = pkix_TrustAnchor_ToString;
michael@0 330 entry.comparator = NULL;
michael@0 331 entry.duplicateFunction = pkix_duplicateImmutable;
michael@0 332
michael@0 333 systemClasses[PKIX_TRUSTANCHOR_TYPE] = entry;
michael@0 334
michael@0 335 PKIX_RETURN(TRUSTANCHOR);
michael@0 336 }
michael@0 337
michael@0 338 /* --Public-Functions--------------------------------------------- */
michael@0 339
michael@0 340
michael@0 341 /*
michael@0 342 * FUNCTION: PKIX_TrustAnchor_CreateWithCert (see comments in pkix_params.h)
michael@0 343 */
michael@0 344 PKIX_Error *
michael@0 345 PKIX_TrustAnchor_CreateWithCert(
michael@0 346 PKIX_PL_Cert *cert,
michael@0 347 PKIX_TrustAnchor **pAnchor,
michael@0 348 void *plContext)
michael@0 349 {
michael@0 350 PKIX_TrustAnchor *anchor = NULL;
michael@0 351
michael@0 352 PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithCert");
michael@0 353 PKIX_NULLCHECK_TWO(cert, pAnchor);
michael@0 354
michael@0 355 PKIX_CHECK(PKIX_PL_Object_Alloc
michael@0 356 (PKIX_TRUSTANCHOR_TYPE,
michael@0 357 sizeof (PKIX_TrustAnchor),
michael@0 358 (PKIX_PL_Object **)&anchor,
michael@0 359 plContext),
michael@0 360 PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
michael@0 361
michael@0 362 /* initialize fields */
michael@0 363 PKIX_CHECK(
michael@0 364 PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext),
michael@0 365 PKIX_CERTSETASTRUSTANCHORFAILED);
michael@0 366
michael@0 367 PKIX_INCREF(cert);
michael@0 368 anchor->trustedCert = cert;
michael@0 369
michael@0 370 anchor->caName = NULL;
michael@0 371 anchor->caPubKey = NULL;
michael@0 372
michael@0 373 PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
michael@0 374 (anchor->trustedCert, &anchor->nameConstraints, plContext),
michael@0 375 PKIX_CERTGETNAMECONSTRAINTSFAILED);
michael@0 376
michael@0 377
michael@0 378 *pAnchor = anchor;
michael@0 379 anchor = NULL;
michael@0 380
michael@0 381 cleanup:
michael@0 382
michael@0 383 PKIX_DECREF(anchor);
michael@0 384
michael@0 385 PKIX_RETURN(TRUSTANCHOR);
michael@0 386
michael@0 387 }
michael@0 388
michael@0 389 /*
michael@0 390 * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
michael@0 391 * (see comments in pkix_params.h)
michael@0 392 */
michael@0 393 PKIX_Error *
michael@0 394 PKIX_TrustAnchor_CreateWithNameKeyPair(
michael@0 395 PKIX_PL_X500Name *name,
michael@0 396 PKIX_PL_PublicKey *pubKey,
michael@0 397 PKIX_PL_CertNameConstraints *nameConstraints,
michael@0 398 PKIX_TrustAnchor **pAnchor,
michael@0 399 void *plContext)
michael@0 400 {
michael@0 401 PKIX_TrustAnchor *anchor = NULL;
michael@0 402
michael@0 403 PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
michael@0 404
michael@0 405 #ifndef BUILD_LIBPKIX_TESTS
michael@0 406 /* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert
michael@0 407 * function as the complete trusted cert structure, and not only cert
michael@0 408 * public key, is required for chain building and validation processes.
michael@0 409 * Restricting this function for been used only in libpkix unit
michael@0 410 * tests. */
michael@0 411 PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED);
michael@0 412 #endif
michael@0 413
michael@0 414 PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
michael@0 415
michael@0 416 PKIX_CHECK(PKIX_PL_Object_Alloc
michael@0 417 (PKIX_TRUSTANCHOR_TYPE,
michael@0 418 sizeof (PKIX_TrustAnchor),
michael@0 419 (PKIX_PL_Object **)&anchor,
michael@0 420 plContext),
michael@0 421 PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
michael@0 422
michael@0 423 /* initialize fields */
michael@0 424 anchor->trustedCert = NULL;
michael@0 425
michael@0 426 PKIX_INCREF(name);
michael@0 427 anchor->caName = name;
michael@0 428
michael@0 429 PKIX_INCREF(pubKey);
michael@0 430 anchor->caPubKey = pubKey;
michael@0 431
michael@0 432 PKIX_INCREF(nameConstraints);
michael@0 433 anchor->nameConstraints = nameConstraints;
michael@0 434
michael@0 435 *pAnchor = anchor;
michael@0 436 anchor = NULL;
michael@0 437 cleanup:
michael@0 438
michael@0 439 PKIX_DECREF(anchor);
michael@0 440
michael@0 441 PKIX_RETURN(TRUSTANCHOR);
michael@0 442 }
michael@0 443
michael@0 444 /*
michael@0 445 * FUNCTION: PKIX_TrustAnchor_GetTrustedCert (see comments in pkix_params.h)
michael@0 446 */
michael@0 447 PKIX_Error *
michael@0 448 PKIX_TrustAnchor_GetTrustedCert(
michael@0 449 PKIX_TrustAnchor *anchor,
michael@0 450 PKIX_PL_Cert **pCert,
michael@0 451 void *plContext)
michael@0 452 {
michael@0 453 PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetTrustedCert");
michael@0 454 PKIX_NULLCHECK_TWO(anchor, pCert);
michael@0 455
michael@0 456 PKIX_INCREF(anchor->trustedCert);
michael@0 457
michael@0 458 *pCert = anchor->trustedCert;
michael@0 459
michael@0 460 cleanup:
michael@0 461 PKIX_RETURN(TRUSTANCHOR);
michael@0 462
michael@0 463 }
michael@0 464
michael@0 465 /*
michael@0 466 * FUNCTION: PKIX_TrustAnchor_GetCAName (see comments in pkix_params.h)
michael@0 467 */
michael@0 468 PKIX_Error *
michael@0 469 PKIX_TrustAnchor_GetCAName(
michael@0 470 PKIX_TrustAnchor *anchor,
michael@0 471 PKIX_PL_X500Name **pCAName,
michael@0 472 void *plContext)
michael@0 473 {
michael@0 474 PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAName");
michael@0 475 PKIX_NULLCHECK_TWO(anchor, pCAName);
michael@0 476
michael@0 477 PKIX_INCREF(anchor->caName);
michael@0 478
michael@0 479 *pCAName = anchor->caName;
michael@0 480
michael@0 481 cleanup:
michael@0 482 PKIX_RETURN(TRUSTANCHOR);
michael@0 483
michael@0 484 }
michael@0 485
michael@0 486 /*
michael@0 487 * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey (see comments in pkix_params.h)
michael@0 488 */
michael@0 489 PKIX_Error *
michael@0 490 PKIX_TrustAnchor_GetCAPublicKey(
michael@0 491 PKIX_TrustAnchor *anchor,
michael@0 492 PKIX_PL_PublicKey **pPubKey,
michael@0 493 void *plContext)
michael@0 494 {
michael@0 495 PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAPublicKey");
michael@0 496 PKIX_NULLCHECK_TWO(anchor, pPubKey);
michael@0 497
michael@0 498 PKIX_INCREF(anchor->caPubKey);
michael@0 499
michael@0 500 *pPubKey = anchor->caPubKey;
michael@0 501
michael@0 502 cleanup:
michael@0 503 PKIX_RETURN(TRUSTANCHOR);
michael@0 504 }
michael@0 505
michael@0 506 /*
michael@0 507 * FUNCTION: PKIX_TrustAnchor_GetNameConstraints
michael@0 508 * (see comments in pkix_params.h)
michael@0 509 */
michael@0 510 PKIX_Error *
michael@0 511 PKIX_TrustAnchor_GetNameConstraints(
michael@0 512 PKIX_TrustAnchor *anchor,
michael@0 513 PKIX_PL_CertNameConstraints **pNameConstraints,
michael@0 514 void *plContext)
michael@0 515 {
michael@0 516 PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetNameConstraints");
michael@0 517 PKIX_NULLCHECK_TWO(anchor, pNameConstraints);
michael@0 518
michael@0 519 PKIX_INCREF(anchor->nameConstraints);
michael@0 520
michael@0 521 *pNameConstraints = anchor->nameConstraints;
michael@0 522
michael@0 523 cleanup:
michael@0 524 PKIX_RETURN(TRUSTANCHOR);
michael@0 525 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial