The Tor Browser: security/nss/lib/libpkix/pkix/results/pkix

security/nss/lib/libpkix/pkix/results/pkix_verifynode.c@b8a032363ba2 (annotated)

security/nss/lib/libpkix/pkix/results/pkix_verifynode.c

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rwxr-xr-x

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * pkix_verifynode.c
  *
  * Verify Node Object Type Definition
  *
  */
 #include "pkix_verifynode.h"
 /* --Private-VerifyNode-Functions---------------------------------- */
 /*
  * FUNCTION: pkix_VerifyNode_Create
  * DESCRIPTION:
  *
  *  This function creates a VerifyNode using the Cert pointed to by "cert",
  *  the depth given by "depth", and the Error pointed to by "error", storing
  *  the result at "pObject".
  *
  * PARAMETERS
  *  "cert"
  *      Address of Cert for the node. Must be non-NULL
  *  "depth"
  *      UInt32 value of the depth for this node.
  *  "error"
  *      Address of Error for the node.
  *  "pObject"
  *      Address where the VerifyNode pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 pkix_VerifyNode_Create(
         PKIX_PL_Cert *cert,
         PKIX_UInt32 depth,
         PKIX_Error *error,
         PKIX_VerifyNode **pObject,
         void *plContext)
 {
         PKIX_VerifyNode *node = NULL;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Create");
         PKIX_NULLCHECK_TWO(cert, pObject);
         PKIX_CHECK(PKIX_PL_Object_Alloc
                 (PKIX_VERIFYNODE_TYPE,
                 sizeof (PKIX_VerifyNode),
                 (PKIX_PL_Object **)&node,
                 plContext),
                 PKIX_COULDNOTCREATEVERIFYNODEOBJECT);
         PKIX_INCREF(cert);
         node->verifyCert = cert;
         PKIX_INCREF(error);
         node->error = error;
         node->depth = depth;
         node->children = NULL;
         *pObject = node;
         node = NULL;
 cleanup:
         PKIX_DECREF(node);
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_AddToChain
  * DESCRIPTION:
  *
  *  Adds the VerifyNode pointed to by "child", at the appropriate depth, to the
  *  List of children of the VerifyNode pointed to by "parentNode". The chain of
  *  VerifyNodes is traversed until a VerifyNode is found at a depth one less
  *  than that specified in "child". An Error is returned if there is no parent
  *  at a suitable depth.
  *
  *  If "parentNode" has a NULL pointer for the List of children, a new List is
  *  created containing "child". Otherwise "child" is appended to the existing
  *  List.
  *
  *  Depth, in this context, means distance from the root node, which
  *  is at depth zero.
  *
  * PARAMETERS:
  *  "parentNode"
  *      Address of VerifyNode whose List of child VerifyNodes is to be
  *      created or appended to. Must be non-NULL.
  *  "child"
  *      Address of VerifyNode to be added to parentNode's List. Must be
  *      non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a VerifyNode Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 pkix_VerifyNode_AddToChain(
         PKIX_VerifyNode *parentNode,
         PKIX_VerifyNode *child,
         void *plContext)
 {
         PKIX_VerifyNode *successor = NULL;
         PKIX_List *listOfChildren = NULL;
         PKIX_UInt32 numChildren = 0;
         PKIX_UInt32 parentDepth = 0;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_AddToChain");
         PKIX_NULLCHECK_TWO(parentNode, child);
         parentDepth = parentNode->depth;
         listOfChildren = parentNode->children;
         if (listOfChildren == NULL) {
                 if (parentDepth != (child->depth - 1)) {
                         PKIX_ERROR(PKIX_NODESMISSINGFROMCHAIN);
                 }
                 PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
                         PKIX_LISTCREATEFAILED);
                 PKIX_CHECK(PKIX_List_AppendItem
                         (listOfChildren, (PKIX_PL_Object *)child, plContext),
                         PKIX_COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST);
                 parentNode->children = listOfChildren;
         } else {
                 /* get number of children */
                 PKIX_CHECK(PKIX_List_GetLength
                         (listOfChildren, &numChildren, plContext),
                         PKIX_LISTGETLENGTHFAILED);
                 if (numChildren != 1) {
                         PKIX_ERROR(PKIX_AMBIGUOUSPARENTAGEOFVERIFYNODE);
                 }
                 /* successor = listOfChildren[0] */
                 PKIX_CHECK(PKIX_List_GetItem
                         (listOfChildren,
 ,
                         (PKIX_PL_Object **)&successor,
                         plContext),
                         PKIX_LISTGETITEMFAILED);
                 PKIX_CHECK(pkix_VerifyNode_AddToChain
                         (successor, child, plContext),
                         PKIX_VERIFYNODEADDTOCHAINFAILED);
         }
         PKIX_CHECK(PKIX_PL_Object_InvalidateCache
                 ((PKIX_PL_Object *)parentNode, plContext),
                 PKIX_OBJECTINVALIDATECACHEFAILED);
 cleanup:
         PKIX_DECREF(successor);
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_SetDepth
  * DESCRIPTION:
  *
  *  The function sets the depth field of each VerifyNode in the List "children"
  *  to the value given by "depth", and recursively sets the depth of any
  *  successive generations to the successive values.
  *
  * PARAMETERS:
  *  "children"
  *      The List of VerifyNodes. Must be non-NULL.
  *  "depth"
  *      The value of the depth field to be set in members of the List.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 static PKIX_Error *
 pkix_VerifyNode_SetDepth(PKIX_List *children,
         PKIX_UInt32 depth,
         void *plContext)
 {
         PKIX_UInt32 numChildren = 0;
         PKIX_UInt32 chIx = 0;
         PKIX_VerifyNode *child = NULL;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_SetDepth");
         PKIX_NULLCHECK_ONE(children);
         PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
                 PKIX_LISTGETLENGTHFAILED);
         for (chIx = 0; chIx < numChildren; chIx++) {
                PKIX_CHECK(PKIX_List_GetItem
                         (children, chIx, (PKIX_PL_Object **)&child, plContext),
                         PKIX_LISTGETITEMFAILED);
                 child->depth = depth;
                 if (child->children != NULL) {
                         PKIX_CHECK(pkix_VerifyNode_SetDepth
                                 (child->children, depth + 1, plContext),
                                 PKIX_VERIFYNODESETDEPTHFAILED);
                 }
                 PKIX_DECREF(child);
         }
 cleanup:
         PKIX_DECREF(child);
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_AddToTree
  * DESCRIPTION:
  *
  *  Adds the VerifyNode pointed to by "child" to the List of children of the
  *  VerifyNode pointed to by "parentNode". If "parentNode" has a NULL pointer
  *  for the List of children, a new List is created containing "child".
  *  Otherwise "child" is appended to the existing List. The depth field of
  *  "child" is set to one more than the corresponding value in "parent", and
  *  if the "child" itself has child nodes, their depth fields are updated
  *  accordingly.
  *
  *  Depth, in this context, means distance from the root node, which
  *  is at depth zero.
  *
  * PARAMETERS:
  *  "parentNode"
  *      Address of VerifyNode whose List of child VerifyNodes is to be
  *      created or appended to. Must be non-NULL.
  *  "child"
  *      Address of VerifyNode to be added to parentNode's List. Must be
  *      non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 pkix_VerifyNode_AddToTree(
         PKIX_VerifyNode *parentNode,
         PKIX_VerifyNode *child,
         void *plContext)
 {
         PKIX_List *listOfChildren = NULL;
         PKIX_UInt32 parentDepth = 0;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_AddToTree");
         PKIX_NULLCHECK_TWO(parentNode, child);
         parentDepth = parentNode->depth;
         listOfChildren = parentNode->children;
         if (listOfChildren == NULL) {
                 PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
                         PKIX_LISTCREATEFAILED);
                 parentNode->children = listOfChildren;
         }
         child->depth = parentDepth + 1;
         PKIX_CHECK(PKIX_List_AppendItem
                 (parentNode->children, (PKIX_PL_Object *)child, plContext),
                 PKIX_COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST);
         if (child->children != NULL) {
                 PKIX_CHECK(pkix_VerifyNode_SetDepth
                         (child->children, child->depth + 1, plContext),
                         PKIX_VERIFYNODESETDEPTHFAILED);
         }
 cleanup:
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_SingleVerifyNode_ToString
  * DESCRIPTION:
  *
  *  Creates a String representation of the attributes of the VerifyNode pointed
  *  to by "node", other than its children, and stores the result at "pString".
  *
  * PARAMETERS:
  *  "node"
  *      Address of VerifyNode to be described by the string. Must be non-NULL.
  *  "pString"
  *      Address where object pointer will be stored. Must be non-NULL.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if function succeeds
  *  Returns a VerifyNode Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in a fatal way
  */
 PKIX_Error *
 pkix_SingleVerifyNode_ToString(
         PKIX_VerifyNode *node,
         PKIX_PL_String **pString,
         void *plContext)
 {
         PKIX_PL_String *fmtString = NULL;
         PKIX_PL_String *errorString = NULL;
         PKIX_PL_String *outString = NULL;
         PKIX_PL_X500Name *issuerName = NULL;
         PKIX_PL_X500Name *subjectName = NULL;
         PKIX_PL_String *issuerString = NULL;
         PKIX_PL_String *subjectString = NULL;
         PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_ToString");
         PKIX_NULLCHECK_THREE(node, pString, node->verifyCert);
         PKIX_TOSTRING(node->error, &errorString, plContext,
                 PKIX_ERRORTOSTRINGFAILED);
         PKIX_CHECK(PKIX_PL_Cert_GetIssuer
                 (node->verifyCert, &issuerName, plContext),
                 PKIX_CERTGETISSUERFAILED);
         PKIX_TOSTRING(issuerName, &issuerString, plContext,
                 PKIX_X500NAMETOSTRINGFAILED);
         PKIX_CHECK(PKIX_PL_Cert_GetSubject
                 (node->verifyCert, &subjectName, plContext),
                 PKIX_CERTGETSUBJECTFAILED);
         PKIX_TOSTRING(subjectName, &subjectString, plContext,
                 PKIX_X500NAMETOSTRINGFAILED);
         PKIX_CHECK(PKIX_PL_String_Create
                 (PKIX_ESCASCII,
                 "CERT[Issuer:%s, Subject:%s], depth=%d, error=%s",
 ,
                 &fmtString,
                 plContext),
                 PKIX_CANTCREATESTRING);
         PKIX_CHECK(PKIX_PL_Sprintf
                 (&outString,
                 plContext,
                 fmtString,
                 issuerString,
                 subjectString,
                 node->depth,
                 errorString),
                 PKIX_SPRINTFFAILED);
         *pString = outString;
 cleanup:
         PKIX_DECREF(fmtString);
         PKIX_DECREF(errorString);
         PKIX_DECREF(issuerName);
         PKIX_DECREF(subjectName);
         PKIX_DECREF(issuerString);
         PKIX_DECREF(subjectString);
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_ToString_Helper
  * DESCRIPTION:
  *
  *  Produces a String representation of a VerifyNode tree below the VerifyNode
  *  pointed to by "rootNode", with each line of output prefixed by the String
  *  pointed to by "indent", and stores the result at "pTreeString". It is
  *  called recursively, with ever-increasing indentation, for successively
  *  lower nodes on the tree.
  *
  * PARAMETERS:
  *  "rootNode"
  *      Address of VerifyNode subtree. Must be non-NULL.
  *  "indent"
  *      Address of String to be prefixed to each line of output. May be NULL
  *      if no indentation is desired
  *  "pTreeString"
  *      Address where the resulting String will be stored; must be non-NULL
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a VerifyNode Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 static PKIX_Error *
 pkix_VerifyNode_ToString_Helper(
         PKIX_VerifyNode *rootNode,
         PKIX_PL_String *indent,
         PKIX_PL_String **pTreeString,
         void *plContext)
 {
         PKIX_PL_String *nextIndentFormat = NULL;
         PKIX_PL_String *thisNodeFormat = NULL;
         PKIX_PL_String *childrenFormat = NULL;
         PKIX_PL_String *nextIndentString = NULL;
         PKIX_PL_String *resultString = NULL;
         PKIX_PL_String *thisItemString = NULL;
         PKIX_PL_String *childString = NULL;
         PKIX_VerifyNode *childNode = NULL;
         PKIX_UInt32 numberOfChildren = 0;
         PKIX_UInt32 childIndex = 0;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_ToString_Helper");
         PKIX_NULLCHECK_TWO(rootNode, pTreeString);
         /* Create a string for this node */
         PKIX_CHECK(pkix_SingleVerifyNode_ToString
                 (rootNode, &thisItemString, plContext),
                 PKIX_ERRORINSINGLEVERIFYNODETOSTRING);
         if (indent) {
                 PKIX_CHECK(PKIX_PL_String_Create
                         (PKIX_ESCASCII,
                         "%s%s",
 ,
                         &thisNodeFormat,
                         plContext),
                         PKIX_ERRORCREATINGFORMATSTRING);
                 PKIX_CHECK(PKIX_PL_Sprintf
                         (&resultString,
                         plContext,
                         thisNodeFormat,
                         indent,
                         thisItemString),
                         PKIX_ERRORINSPRINTF);
         } else {
                 PKIX_CHECK(PKIX_PL_String_Create
                         (PKIX_ESCASCII,
                         "%s",
 ,
                         &thisNodeFormat,
                         plContext),
                         PKIX_ERRORCREATINGFORMATSTRING);
                 PKIX_CHECK(PKIX_PL_Sprintf
                         (&resultString,
                         plContext,
                         thisNodeFormat,
                         thisItemString),
                         PKIX_ERRORINSPRINTF);
         }
         PKIX_DECREF(thisItemString);
         thisItemString = resultString;
         /* if no children, we are done */
         if (rootNode->children) {
                 PKIX_CHECK(PKIX_List_GetLength
                         (rootNode->children, &numberOfChildren, plContext),
                         PKIX_LISTGETLENGTHFAILED);
         }
         if (numberOfChildren != 0) {
                 /*
                  * We create a string for each child in turn,
                  * concatenating them to thisItemString.
                  */
                 /* Prepare an indent string for each child */
                 if (indent) {
                         PKIX_CHECK(PKIX_PL_String_Create
                                 (PKIX_ESCASCII,
                                 "%s. ",
 ,
                                 &nextIndentFormat,
                                 plContext),
                                 PKIX_ERRORCREATINGFORMATSTRING);
                         PKIX_CHECK(PKIX_PL_Sprintf
                                 (&nextIndentString,
                                 plContext,
                                 nextIndentFormat,
                                 indent),
                                 PKIX_ERRORINSPRINTF);
                 } else {
                         PKIX_CHECK(PKIX_PL_String_Create
                                 (PKIX_ESCASCII,
                                 ". ",
 ,
                                 &nextIndentString,
                                 plContext),
                                 PKIX_ERRORCREATINGINDENTSTRING);
                 }
                 /* Prepare the format for concatenation. */
                 PKIX_CHECK(PKIX_PL_String_Create
                         (PKIX_ESCASCII,
                         "%s\n%s",
 ,
                         &childrenFormat,
                         plContext),
                         PKIX_ERRORCREATINGFORMATSTRING);
                 for (childIndex = 0;
                         childIndex < numberOfChildren;
                         childIndex++) {
                         PKIX_CHECK(PKIX_List_GetItem
                                 (rootNode->children,
                                 childIndex,
                                 (PKIX_PL_Object **)&childNode,
                                 plContext),
                                 PKIX_LISTGETITEMFAILED);
                         PKIX_CHECK(pkix_VerifyNode_ToString_Helper
                                 (childNode,
                                 nextIndentString,
                                 &childString,
                                 plContext),
                                 PKIX_ERRORCREATINGCHILDSTRING);
                         PKIX_CHECK(PKIX_PL_Sprintf
                                 (&resultString,
                                 plContext,
                                 childrenFormat,
                                 thisItemString,
                                 childString),
                         PKIX_ERRORINSPRINTF);
                         PKIX_DECREF(childNode);
                         PKIX_DECREF(childString);
                         PKIX_DECREF(thisItemString);
                         thisItemString = resultString;
                 }
         }
         *pTreeString = thisItemString;
 cleanup:
         if (PKIX_ERROR_RECEIVED) {
                 PKIX_DECREF(thisItemString);
         }
         PKIX_DECREF(nextIndentFormat);
         PKIX_DECREF(thisNodeFormat);
         PKIX_DECREF(childrenFormat);
         PKIX_DECREF(nextIndentString);
         PKIX_DECREF(childString);
         PKIX_DECREF(childNode);
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_ToString
  * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
  */
 static PKIX_Error *
 pkix_VerifyNode_ToString(
         PKIX_PL_Object *object,
         PKIX_PL_String **pTreeString,
         void *plContext)
 {
         PKIX_VerifyNode *rootNode = NULL;
         PKIX_PL_String *resultString = NULL;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_ToString");
         PKIX_NULLCHECK_TWO(object, pTreeString);
         PKIX_CHECK(pkix_CheckType(object, PKIX_VERIFYNODE_TYPE, plContext),
                 PKIX_OBJECTNOTVERIFYNODE);
         rootNode = (PKIX_VerifyNode *)object;
         PKIX_CHECK(pkix_VerifyNode_ToString_Helper
                 (rootNode, NULL, &resultString, plContext),
                 PKIX_ERRORCREATINGSUBTREESTRING);
         *pTreeString = resultString;
 cleanup:
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_Destroy
  * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
  */
 static PKIX_Error *
 pkix_VerifyNode_Destroy(
         PKIX_PL_Object *object,
         void *plContext)
 {
         PKIX_VerifyNode *node = NULL;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Destroy");
         PKIX_NULLCHECK_ONE(object);
         PKIX_CHECK(pkix_CheckType(object, PKIX_VERIFYNODE_TYPE, plContext),
                 PKIX_OBJECTNOTVERIFYNODE);
         node = (PKIX_VerifyNode*)object;
         PKIX_DECREF(node->verifyCert);
         PKIX_DECREF(node->children);
         PKIX_DECREF(node->error);
         node->depth = 0;
 cleanup:
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_SingleVerifyNode_Hashcode
  * DESCRIPTION:
  *
  *  Computes the hashcode of the attributes of the VerifyNode pointed to by
  *  "node", other than its parents and children, and stores the result at
  *  "pHashcode".
  *
  * PARAMETERS:
  *  "node"
  *      Address of VerifyNode to be hashcoded; must be non-NULL
  *  "pHashcode"
  *      Address where UInt32 result will be stored; must be non-NULL
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if function succeeds
  *  Returns a VerifyNode Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in a fatal way
  */
 static PKIX_Error *
 pkix_SingleVerifyNode_Hashcode(
         PKIX_VerifyNode *node,
         PKIX_UInt32 *pHashcode,
         void *plContext)
 {
         PKIX_UInt32 errorHash = 0;
         PKIX_UInt32 nodeHash = 0;
         PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_Hashcode");
         PKIX_NULLCHECK_TWO(node, pHashcode);
         PKIX_HASHCODE
                 (node->verifyCert,
                 &nodeHash,
                 plContext,
                 PKIX_FAILUREHASHINGCERT);
         PKIX_CHECK(PKIX_PL_Object_Hashcode
                 ((PKIX_PL_Object *)node->error,
                 &errorHash,
                 plContext),
                 PKIX_FAILUREHASHINGERROR);
         nodeHash = 31*nodeHash + errorHash;
         *pHashcode = nodeHash;
 cleanup:
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_Hashcode
  * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
  */
 static PKIX_Error *
 pkix_VerifyNode_Hashcode(
         PKIX_PL_Object *object,
         PKIX_UInt32 *pHashcode,
         void *plContext)
 {
         PKIX_VerifyNode *node = NULL;
         PKIX_UInt32 childrenHash = 0;
         PKIX_UInt32 nodeHash = 0;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Hashcode");
         PKIX_NULLCHECK_TWO(object, pHashcode);
         PKIX_CHECK(pkix_CheckType
                 (object, PKIX_VERIFYNODE_TYPE, plContext),
                 PKIX_OBJECTNOTVERIFYNODE);
         node = (PKIX_VerifyNode *)object;
         PKIX_CHECK(pkix_SingleVerifyNode_Hashcode
                 (node, &nodeHash, plContext),
                 PKIX_SINGLEVERIFYNODEHASHCODEFAILED);
         PKIX_HASHCODE
                 (node->children,
                 &childrenHash,
                 plContext,
                 PKIX_OBJECTHASHCODEFAILED);
         nodeHash = 31*nodeHash + childrenHash;
         *pHashcode = nodeHash;
 cleanup:
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_SingleVerifyNode_Equals
  * DESCRIPTION:
  *
  *  Compares for equality the components of the VerifyNode pointed to by
  *  "firstPN", other than its parents and children, with those of the
  *  VerifyNode pointed to by "secondPN" and stores the result at "pResult"
  *  (PKIX_TRUE if equal; PKIX_FALSE if not).
  *
  * PARAMETERS:
  *  "firstPN"
  *      Address of first of the VerifyNodes to be compared; must be non-NULL
  *  "secondPN"
  *      Address of second of the VerifyNodes to be compared; must be non-NULL
  *  "pResult"
  *      Address where Boolean will be stored; must be non-NULL
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if function succeeds
  *  Returns a VerifyNode Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in a fatal way
  */
 static PKIX_Error *
 pkix_SingleVerifyNode_Equals(
         PKIX_VerifyNode *firstVN,
         PKIX_VerifyNode *secondVN,
         PKIX_Boolean *pResult,
         void *plContext)
 {
         PKIX_Boolean compResult = PKIX_FALSE;
         PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_Equals");
         PKIX_NULLCHECK_THREE(firstVN, secondVN, pResult);
         /* If both references are identical, they must be equal */
         if (firstVN == secondVN) {
                 compResult = PKIX_TRUE;
                 goto cleanup;
         }
         /*
          * It seems we have to do the comparisons. Do
          * the easiest ones first.
          */
         if ((firstVN->depth) != (secondVN->depth)) {
                 goto cleanup;
         }
         /* These fields must be non-NULL */
         PKIX_NULLCHECK_TWO(firstVN->verifyCert, secondVN->verifyCert);
         PKIX_EQUALS
                 (firstVN->verifyCert,
                 secondVN->verifyCert,
                 &compResult,
                 plContext,
                 PKIX_OBJECTEQUALSFAILED);
         if (compResult == PKIX_FALSE) {
                 goto cleanup;
         }
         PKIX_EQUALS
                 (firstVN->error,
                 secondVN->error,
                 &compResult,
                 plContext,
                 PKIX_OBJECTEQUALSFAILED);
 cleanup:
         *pResult = compResult;
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_Equals
  * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
  */
 static PKIX_Error *
 pkix_VerifyNode_Equals(
         PKIX_PL_Object *firstObject,
         PKIX_PL_Object *secondObject,
         PKIX_Boolean *pResult,
         void *plContext)
 {
         PKIX_VerifyNode *firstVN = NULL;
         PKIX_VerifyNode *secondVN = NULL;
         PKIX_UInt32 secondType;
         PKIX_Boolean compResult = PKIX_FALSE;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Equals");
         PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
         /* test that firstObject is a VerifyNode */
         PKIX_CHECK(pkix_CheckType
                 (firstObject, PKIX_VERIFYNODE_TYPE, plContext),
                 PKIX_FIRSTOBJECTNOTVERIFYNODE);
         /*
          * Since we know firstObject is a VerifyNode,
          * if both references are identical, they must be equal
          */
         if (firstObject == secondObject){
                 compResult = PKIX_TRUE;
                 goto cleanup;
         }
         /*
          * If secondObject isn't a VerifyNode, we
          * don't throw an error. We simply return FALSE.
          */
         PKIX_CHECK(PKIX_PL_Object_GetType
                     (secondObject, &secondType, plContext),
                     PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
         if (secondType != PKIX_VERIFYNODE_TYPE) {
                 goto cleanup;
         }
         /*
          * Oh, well, we have to do the comparisons. Do
          * the easiest ones first.
          */
         firstVN = (PKIX_VerifyNode *)firstObject;
         secondVN = (PKIX_VerifyNode *)secondObject;
         PKIX_CHECK(pkix_SingleVerifyNode_Equals
                 (firstVN, secondVN, &compResult, plContext),
                 PKIX_SINGLEVERIFYNODEEQUALSFAILED);
         if (compResult == PKIX_FALSE) {
                 goto cleanup;
         }
         PKIX_EQUALS
                 (firstVN->children,
                 secondVN->children,
                 &compResult,
                 plContext,
                 PKIX_OBJECTEQUALSFAILEDONCHILDREN);
 cleanup:
         *pResult = compResult;
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_DuplicateHelper
  * DESCRIPTION:
  *
  *  Duplicates the VerifyNode whose address is pointed to by "original",
  *  and stores the result at "pNewNode", if a non-NULL pointer is provided
  *  for "pNewNode". In addition, the created VerifyNode is added as a child
  *  to "parent", if a non-NULL pointer is provided for "parent". Then this
  *  function is called recursively to duplicate each of the children of
  *  "original". At the top level this function is called with a null
  *  "parent" and a non-NULL "pNewNode". Below the top level "parent" will
  *  be non-NULL and "pNewNode" will be NULL.
  *
  * PARAMETERS:
  *  "original"
  *      Address of VerifyNode to be copied; must be non-NULL
  *  "parent"
  *      Address of VerifyNode to which the created node is to be added as a
  *      child; NULL for the top-level call and non-NULL below the top level
  *  "pNewNode"
  *      Address to store the node created; should be NULL if "parent" is
  *      non-NULL and vice versa
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Conditionally Thread Safe
  *  (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if function succeeds
  *  Returns a VerifyNode Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in a fatal way
  */
 static PKIX_Error *
 pkix_VerifyNode_DuplicateHelper(
         PKIX_VerifyNode *original,
         PKIX_VerifyNode *parent,
         PKIX_VerifyNode **pNewNode,
         void *plContext)
 {
         PKIX_UInt32 numChildren = 0;
         PKIX_UInt32 childIndex = 0;
         PKIX_List *children = NULL; /* List of PKIX_VerifyNode */
         PKIX_VerifyNode *copy = NULL;
         PKIX_VerifyNode *child = NULL;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_DuplicateHelper");
         PKIX_NULLCHECK_TWO
                 (original, original->verifyCert);
         /*
          * These components are immutable, so copying the pointers
          * is sufficient. The create function increments the reference
          * counts as it stores the pointers into the new object.
          */
         PKIX_CHECK(pkix_VerifyNode_Create
                 (original->verifyCert,
                 original->depth,
                 original->error,
                 &copy,
                 plContext),
                 PKIX_VERIFYNODECREATEFAILED);
         /* Are there any children to duplicate? */
         children = original->children;
         if (children) {
             PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
                 PKIX_LISTGETLENGTHFAILED);
         }
         for (childIndex = 0; childIndex < numChildren; childIndex++) {
                 PKIX_CHECK(PKIX_List_GetItem
                         (children,
                         childIndex,
                         (PKIX_PL_Object **)&child,
                         plContext),
                         PKIX_LISTGETITEMFAILED);
                 PKIX_CHECK(pkix_VerifyNode_DuplicateHelper
                         (child, copy, NULL, plContext),
                         PKIX_VERIFYNODEDUPLICATEHELPERFAILED);
                 PKIX_DECREF(child);
         }
         if (pNewNode) {
                 *pNewNode = copy;
                 copy = NULL; /* no DecRef if we give our handle away */
         }
 cleanup:
         PKIX_DECREF(copy);
         PKIX_DECREF(child);
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_Duplicate
  * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
  */
 static PKIX_Error *
 pkix_VerifyNode_Duplicate(
         PKIX_PL_Object *object,
         PKIX_PL_Object **pNewObject,
         void *plContext)
 {
         PKIX_VerifyNode *original = NULL;
         PKIX_VerifyNode *copy = NULL;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Duplicate");
         PKIX_NULLCHECK_TWO(object, pNewObject);
         PKIX_CHECK(pkix_CheckType
                 (object, PKIX_VERIFYNODE_TYPE, plContext),
                 PKIX_OBJECTNOTVERIFYNODE);
         original = (PKIX_VerifyNode *)object;
         PKIX_CHECK(pkix_VerifyNode_DuplicateHelper
                 (original, NULL, &copy, plContext),
                 PKIX_VERIFYNODEDUPLICATEHELPERFAILED);
         *pNewObject = (PKIX_PL_Object *)copy;
 cleanup:
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: pkix_VerifyNode_RegisterSelf
  * DESCRIPTION:
  *
  *  Registers PKIX_VERIFYNODE_TYPE and its related
  *  functions with systemClasses[]
  *
  * THREAD SAFETY:
  *  Not Thread Safe - for performance and complexity reasons
  *
  *  Since this function is only called by PKIX_PL_Initialize,
  *  which should only be called once, it is acceptable that
  *  this function is not thread-safe.
  */
 PKIX_Error *
 pkix_VerifyNode_RegisterSelf(void *plContext)
 {
         extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
         pkix_ClassTable_Entry entry;
         PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_RegisterSelf");
         entry.description = "VerifyNode";
         entry.objCounter = 0;
         entry.typeObjectSize = sizeof(PKIX_VerifyNode);
         entry.destructor = pkix_VerifyNode_Destroy;
         entry.equalsFunction = pkix_VerifyNode_Equals;
         entry.hashcodeFunction = pkix_VerifyNode_Hashcode;
         entry.toStringFunction = pkix_VerifyNode_ToString;
         entry.comparator = NULL;
         entry.duplicateFunction = pkix_VerifyNode_Duplicate;
         systemClasses[PKIX_VERIFYNODE_TYPE] = entry;
         PKIX_RETURN(VERIFYNODE);
 }
 /* --Public-VerifyNode-Functions----------------------------------- */
 /*
  * FUNCTION: PKIX_VerifyNode_SetError
  * DESCRIPTION:
  *
  *  This function sets the Error field of the VerifyNode pointed to by "node"
  *  to contain the Error pointed to by "error".
  *
  * PARAMETERS:
  *  "node"
  *      The address of the VerifyNode to be modified. Must be non-NULL.
  *  "error"
  *      The address of the Error to be stored.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 pkix_VerifyNode_SetError(
         PKIX_VerifyNode *node,
         PKIX_Error *error,
         void *plContext)
 {
         PKIX_ENTER(VERIFYNODE, "PKIX_VerifyNode_SetError");
         PKIX_NULLCHECK_TWO(node, error);
         PKIX_DECREF(node->error); /* should have been NULL */
         PKIX_INCREF(error);
         node->error = error;
 cleanup:
         PKIX_RETURN(VERIFYNODE);
 }
 /*
  * FUNCTION: PKIX_VerifyNode_FindError
  * DESCRIPTION:
  *
  * Finds meaningful error in the log. For now, just returns the first
  * error it finds in. In the future the function should be changed to
  * return a top priority error.
  *
  * PARAMETERS:
  *  "node"
  *      The address of the VerifyNode to be modified. Must be non-NULL.
  *  "error"
  *      The address of a pointer the error will be returned to.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 pkix_VerifyNode_FindError(
         PKIX_VerifyNode *node,
         PKIX_Error **error,
         void *plContext)
 {
     PKIX_VerifyNode *childNode = NULL;
     PKIX_ENTER(VERIFYNODE, "PKIX_VerifyNode_FindError");
     /* Make sure the return address is initialized with NULL */
     PKIX_DECREF(*error);
     if (!node)
         goto cleanup;
     /* First, try to get error from lowest level. */
     if (node->children) {
         PKIX_UInt32 length = 0;
         PKIX_UInt32 index = 0;
         PKIX_CHECK(
             PKIX_List_GetLength(node->children, &length,
                                 plContext),
             PKIX_LISTGETLENGTHFAILED);
         for (index = 0;index < length;index++) {
             PKIX_CHECK(
                 PKIX_List_GetItem(node->children, index,
                                   (PKIX_PL_Object**)&childNode, plContext),
                 PKIX_LISTGETITEMFAILED);
             if (!childNode)
                 continue;
             PKIX_CHECK(
                 pkix_VerifyNode_FindError(childNode, error,
                                           plContext),
                 PKIX_VERIFYNODEFINDERRORFAILED);
             PKIX_DECREF(childNode);
             if (*error) {
                 goto cleanup;
             }
         }
     }
     if (node->error && node->error->plErr) {
         PKIX_INCREF(node->error);
         *error = node->error;
     }
 cleanup:
     PKIX_DECREF(childNode);
     PKIX_RETURN(VERIFYNODE);
 }

The Tor Browser / annotate

security/nss/lib/libpkix/pkix/results/pkix_verifynode.c@b8a032363ba2 (annotated)

security/nss/lib/libpkix/pkix/results/pkix_verifynode.c