The Tor Browser: diff security/nss/cmd/crlutil/crlgen.c

     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/security/nss/cmd/crlutil/crlgen.c	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,1557 @@
     1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
     1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
     1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
     1.7 +
     1.8 +/*
     1.9 +** crlgen.c
    1.10 +**
    1.11 +** utility for managing certificates revocation lists generation
    1.12 +**
    1.13 +*/
    1.14 +
    1.15 +
    1.16 +#include <stdio.h>
    1.17 +#include <math.h>
    1.18 +
    1.19 +#include "nspr.h"
    1.20 +#include "plgetopt.h"
    1.21 +#include "nss.h"
    1.22 +#include "secutil.h"
    1.23 +#include "cert.h"
    1.24 +#include "certi.h"
    1.25 +#include "certdb.h"
    1.26 +#include "pk11func.h"
    1.27 +#include "crlgen.h"
    1.28 +
    1.29 +
    1.30 +/* Destroys extHandle and data. data was create on heap.
    1.31 + * extHandle creaded by CERT_StartCRLEntryExtensions. entry
    1.32 + * was allocated on arena.*/
    1.33 +static void
    1.34 +destroyEntryData(CRLGENEntryData *data)
    1.35 +{
    1.36 +    if (!data)
    1.37 +        return;
    1.38 +    PORT_Assert(data->entry);
    1.39 +    if (data->extHandle)
    1.40 +        CERT_FinishExtensions(data->extHandle);
    1.41 +    PORT_Free(data);
    1.42 +}
    1.43 +
    1.44 +
    1.45 +/* Prints error messages along with line number */
    1.46 +void 
    1.47 +crlgen_PrintError(int line, char *msg, ...)
    1.48 +{
    1.49 +    va_list args;
    1.50 +
    1.51 +    va_start(args, msg);
    1.52 +
    1.53 +    fprintf(stderr, "crlgen: (line: %d) ", line);
    1.54 +    vfprintf(stderr, msg, args);
    1.55 +
    1.56 +    va_end(args);
    1.57 +}
    1.58 +/* Finds CRLGENEntryData in hashtable according PRUint64 value
    1.59 + * - certId : cert serial number*/
    1.60 +static CRLGENEntryData*
    1.61 +crlgen_FindEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) 
    1.62 +{
    1.63 +    if (!crlGenData->entryDataHashTable || !certId)
    1.64 +        return NULL;
    1.65 +    return (CRLGENEntryData*)
    1.66 +        PL_HashTableLookup(crlGenData->entryDataHashTable,
    1.67 +                           certId);
    1.68 +}
    1.69 +
    1.70 +
    1.71 +/* Removes CRLGENEntryData from hashtable according to certId
    1.72 + * - certId : cert serial number*/
    1.73 +static SECStatus
    1.74 +crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) 
    1.75 +{
    1.76 +    CRLGENEntryData *data = NULL;
    1.77 +
    1.78 +    if (!crlGenData->entryDataHashTable)
    1.79 +        return SECSuccess;
    1.80 +    data = crlgen_FindEntry(crlGenData, certId);
    1.81 +    if (!data)
    1.82 +        return SECSuccess;
    1.83 +    if (PL_HashTableRemove(crlGenData->entryDataHashTable, certId))
    1.84 +        return SECSuccess;
    1.85 +    destroyEntryData(data);
    1.86 +    return SECFailure;
    1.87 +}
    1.88 +
    1.89 +
    1.90 +/* Stores CRLGENEntryData in hashtable according to certId
    1.91 + * - certId : cert serial number*/
    1.92 +static CRLGENEntryData*
    1.93 +crlgen_PlaceAnEntry(CRLGENGeneratorData *crlGenData,
    1.94 +                    CERTCrlEntry *entry, SECItem *certId)
    1.95 +{
    1.96 +    CRLGENEntryData *newData = NULL;
    1.97 +
    1.98 +    PORT_Assert(crlGenData && crlGenData->entryDataHashTable &&
    1.99 +                entry);
   1.100 +    if (!crlGenData || !crlGenData->entryDataHashTable || !entry) {
   1.101 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.102 +        return NULL;
   1.103 +    }
   1.104 +
   1.105 +    newData = PORT_ZNew(CRLGENEntryData);
   1.106 +    if (!newData) {
   1.107 +        return NULL;
   1.108 +    }
   1.109 +    newData->entry = entry;
   1.110 +    newData->certId = certId;
   1.111 +    if (!PL_HashTableAdd(crlGenData->entryDataHashTable,
   1.112 +                         newData->certId, newData)) { 
   1.113 +        crlgen_PrintError(crlGenData->parsedLineNum,
   1.114 +                          "Can not add entryData structure\n");
   1.115 +        return NULL;
   1.116 +    }
   1.117 +    return newData;
   1.118 +}
   1.119 +
   1.120 +/* Use this structure to keep pointer when commiting entries extensions */
   1.121 +struct commitData {
   1.122 +    int pos;
   1.123 +    CERTCrlEntry **entries;
   1.124 +};
   1.125 +
   1.126 +/* HT PL_HashTableEnumerateEntries callback. Sorts hashtable entries of the
   1.127 + * table he. Returns value through arg parameter*/
   1.128 +static PRIntn PR_CALLBACK 
   1.129 +crlgen_CommitEntryData(PLHashEntry *he, PRIntn i, void *arg)
   1.130 +{
   1.131 +    CRLGENEntryData *data = NULL;
   1.132 +
   1.133 +    PORT_Assert(he);
   1.134 +    if (!he) {
   1.135 +        return HT_ENUMERATE_NEXT;
   1.136 +    }
   1.137 +    data = (CRLGENEntryData*)he->value;
   1.138 +
   1.139 +    PORT_Assert(data);
   1.140 +    PORT_Assert(arg);
   1.141 +
   1.142 +    if (data) {
   1.143 +        struct commitData *dt = (struct commitData*)arg;
   1.144 +        dt->entries[dt->pos++] = data->entry;
   1.145 +        destroyEntryData(data);
   1.146 +    }
   1.147 +    return HT_ENUMERATE_NEXT;
   1.148 +}
   1.149 +
   1.150 +
   1.151 +
   1.152 +/* Copy char * datainto allocated in arena SECItem */
   1.153 +static SECStatus 
   1.154 +crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value)
   1.155 +{
   1.156 +    SECItem item;
   1.157 +
   1.158 +    PORT_Assert(arena && dataIn);
   1.159 +    if (!arena || !dataIn) {
   1.160 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.161 +        return SECFailure;
   1.162 +    }
   1.163 +
   1.164 +    item.data = (void*)dataIn;
   1.165 +    item.len = PORT_Strlen(dataIn);
   1.166 +
   1.167 +    return SECITEM_CopyItem(arena, value, &item);
   1.168 +}
   1.169 +
   1.170 +/* Creates CERTGeneralName from parsed data for the Authority Key Extension */
   1.171 +static CERTGeneralName *
   1.172 +crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
   1.173 +                       const char *data)
   1.174 +{
   1.175 +    CERTGeneralName *namesList = NULL;
   1.176 +    CERTGeneralName *current;
   1.177 +    CERTGeneralName *tail = NULL;
   1.178 +    SECStatus rv = SECSuccess;
   1.179 +    const char *nextChunk = NULL;
   1.180 +    const char *currData = NULL;
   1.181 +    int intValue;
   1.182 +    char buffer[512];
   1.183 +    void *mark;
   1.184 +
   1.185 +    if (!data)
   1.186 +        return NULL;
   1.187 +    PORT_Assert (arena);
   1.188 +    if (!arena) {
   1.189 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.190 +        return NULL;
   1.191 +    }
   1.192 +
   1.193 +    mark = PORT_ArenaMark (arena);
   1.194 +
   1.195 +    nextChunk = data;
   1.196 +    currData = data;
   1.197 +    do {
   1.198 +        int nameLen = 0;
   1.199 +        char name[128];
   1.200 +        const char *sepPrt = NULL;
   1.201 +        nextChunk = PORT_Strchr(currData, '|');
   1.202 +        if (!nextChunk)
   1.203 +            nextChunk = data + strlen(data);
   1.204 +        sepPrt = PORT_Strchr(currData, ':');
   1.205 +        if (sepPrt == NULL || sepPrt >= nextChunk) {
   1.206 +            *buffer = '\0';
   1.207 +            sepPrt = nextChunk;
   1.208 +        } else {
   1.209 +            PORT_Memcpy(buffer, sepPrt + 1,
   1.210 +                        (nextChunk - sepPrt - 1));
   1.211 +            buffer[nextChunk - sepPrt - 1] = '\0';
   1.212 +        }
   1.213 +        nameLen = PR_MIN(sepPrt - currData, sizeof(name) - 1 );
   1.214 +        PORT_Memcpy(name, currData, nameLen);
   1.215 +        name[nameLen] = '\0';
   1.216 +        currData = nextChunk + 1;
   1.217 +
   1.218 +        if (!PORT_Strcmp(name, "otherName"))
   1.219 +            intValue = certOtherName;
   1.220 +        else if (!PORT_Strcmp(name, "rfc822Name"))
   1.221 +            intValue = certRFC822Name;
   1.222 +        else if (!PORT_Strcmp(name, "dnsName"))
   1.223 +            intValue = certDNSName;
   1.224 +        else if (!PORT_Strcmp(name, "x400Address"))
   1.225 +            intValue = certX400Address;
   1.226 +        else if (!PORT_Strcmp(name, "directoryName"))
   1.227 +            intValue = certDirectoryName;
   1.228 +        else if (!PORT_Strcmp(name, "ediPartyName"))
   1.229 +            intValue = certEDIPartyName;
   1.230 +        else if (!PORT_Strcmp(name, "URI"))
   1.231 +            intValue = certURI;
   1.232 +        else if (!PORT_Strcmp(name, "ipAddress"))
   1.233 +            intValue = certIPAddress;
   1.234 +        else if (!PORT_Strcmp(name, "registerID"))
   1.235 +            intValue = certRegisterID;
   1.236 +        else intValue = -1;
   1.237 +
   1.238 +        if (intValue >= certOtherName && intValue <= certRegisterID) {
   1.239 +            if (namesList == NULL) {
   1.240 +                namesList = current = tail = PORT_ArenaZNew(arena,
   1.241 +                                                            CERTGeneralName);
   1.242 +            } else {
   1.243 +                current = PORT_ArenaZNew(arena, CERTGeneralName);
   1.244 +            }
   1.245 +            if (current == NULL) {
   1.246 +                rv = SECFailure;
   1.247 +                break;
   1.248 +            }
   1.249 +        } else {
   1.250 +            PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.251 +            break;
   1.252 +        }
   1.253 +        current->type = intValue;
   1.254 +        switch (current->type) {
   1.255 +          case certURI:
   1.256 +          case certDNSName:
   1.257 +          case certRFC822Name:
   1.258 +              current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer));
   1.259 +              if (current->name.other.data == NULL) {
   1.260 +                  rv = SECFailure;
   1.261 +                  break;
   1.262 +              }
   1.263 +              PORT_Memcpy(current->name.other.data, buffer,
   1.264 +                          current->name.other.len = strlen(buffer));
   1.265 +              break;
   1.266 +
   1.267 +          case certEDIPartyName:
   1.268 +          case certIPAddress:
   1.269 +          case certOtherName:
   1.270 +          case certRegisterID:
   1.271 +          case certX400Address: {
   1.272 +
   1.273 +              current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer) + 2);
   1.274 +              if (current->name.other.data == NULL) {
   1.275 +                  rv = SECFailure;
   1.276 +                  break;
   1.277 +              }
   1.278 +
   1.279 +              PORT_Memcpy (current->name.other.data + 2, buffer, strlen (buffer));
   1.280 +/* This may not be accurate for all cases.For now, use this tag type */
   1.281 +              current->name.other.data[0] = (char)(((current->type - 1) & 0x1f)| 0x80);
   1.282 +              current->name.other.data[1] = (char)strlen (buffer);
   1.283 +              current->name.other.len = strlen (buffer) + 2;
   1.284 +              break;
   1.285 +          }
   1.286 +
   1.287 +          case certDirectoryName: {
   1.288 +              CERTName *directoryName = NULL;
   1.289 +
   1.290 +              directoryName = CERT_AsciiToName (buffer);
   1.291 +              if (!directoryName) {
   1.292 +                  rv = SECFailure;
   1.293 +                  break;
   1.294 +              }
   1.295 +
   1.296 +              rv = CERT_CopyName (arena, &current->name.directoryName, directoryName);
   1.297 +              CERT_DestroyName (directoryName);
   1.298 +
   1.299 +              break;
   1.300 +          }
   1.301 +        }
   1.302 +        if (rv != SECSuccess)
   1.303 +            break;
   1.304 +        current->l.next = &(namesList->l);
   1.305 +        current->l.prev = &(tail->l);
   1.306 +        tail->l.next = &(current->l);
   1.307 +        tail = current;
   1.308 +
   1.309 +    } while(nextChunk != data + strlen(data));
   1.310 +
   1.311 +    if (rv != SECSuccess) {
   1.312 +        PORT_ArenaRelease (arena, mark);
   1.313 +        namesList = NULL;
   1.314 +    }
   1.315 +    return (namesList);
   1.316 +}
   1.317 +
   1.318 +/* Creates CERTGeneralName from parsed data for the Authority Key Extension */
   1.319 +static CERTGeneralName *
   1.320 +crlgen_DistinguishedName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
   1.321 +                          const char *data)
   1.322 +{
   1.323 +    CERTName *directoryName = NULL;
   1.324 +    CERTGeneralName *current;
   1.325 +    SECStatus rv = SECFailure;
   1.326 +    void *mark;
   1.327 +
   1.328 +    if (!data)
   1.329 +        return NULL;
   1.330 +    PORT_Assert (arena);
   1.331 +    if (!arena) {
   1.332 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.333 +        return NULL;
   1.334 +    }
   1.335 +
   1.336 +    mark = PORT_ArenaMark (arena);
   1.337 +
   1.338 +    current = PORT_ArenaZNew(arena, CERTGeneralName);
   1.339 +    if (current == NULL) {
   1.340 +        goto loser;
   1.341 +    }
   1.342 +    current->type = certDirectoryName;
   1.343 +    current->l.next = &current->l;
   1.344 +    current->l.prev = &current->l;
   1.345 +    
   1.346 +    directoryName = CERT_AsciiToName ((char*)data);
   1.347 +    if (!directoryName) {
   1.348 +        goto loser;
   1.349 +    }
   1.350 +    
   1.351 +    rv = CERT_CopyName (arena, &current->name.directoryName, directoryName);
   1.352 +    CERT_DestroyName (directoryName);
   1.353 +
   1.354 +  loser:
   1.355 +    if (rv != SECSuccess) {
   1.356 +        PORT_SetError (rv);
   1.357 +        PORT_ArenaRelease (arena, mark);
   1.358 +        current = NULL;
   1.359 +    }
   1.360 +    return (current);
   1.361 +}
   1.362 +
   1.363 +
   1.364 +/* Adding Authority Key ID extension to extension handle. */
   1.365 +static SECStatus 
   1.366 +crlgen_AddAuthKeyID (CRLGENGeneratorData *crlGenData,
   1.367 +                     const char **dataArr)
   1.368 +{
   1.369 +    void *extHandle = NULL;
   1.370 +    CERTAuthKeyID *authKeyID = NULL;
   1.371 +    PLArenaPool *arena = NULL;
   1.372 +    SECStatus rv = SECSuccess;
   1.373 +
   1.374 +    PORT_Assert(dataArr && crlGenData);
   1.375 +    if (!crlGenData || !dataArr) {
   1.376 +        return SECFailure;
   1.377 +    }
   1.378 +
   1.379 +    extHandle = crlGenData->crlExtHandle;
   1.380 +
   1.381 +    if (!dataArr[0] || !dataArr[1] || !dataArr[2]) {
   1.382 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.383 +        crlgen_PrintError(crlGenData->parsedLineNum,
   1.384 +                          "insufficient number of parameters.\n");
   1.385 +        return SECFailure;
   1.386 +    }
   1.387 +
   1.388 +    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
   1.389 +    if (!arena) {
   1.390 +        return SECFailure;
   1.391 +    }
   1.392 +
   1.393 +    authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID);
   1.394 +    if (authKeyID == NULL) {
   1.395 +        rv = SECFailure;
   1.396 +        goto loser;
   1.397 +    }
   1.398 +
   1.399 +    if (dataArr[3] == NULL) {
   1.400 +        rv = crlgen_SetString (arena, dataArr[2], &authKeyID->keyID);
   1.401 +        if (rv != SECSuccess)
   1.402 +            goto loser;
   1.403 +    } else {
   1.404 +        rv = crlgen_SetString (arena, dataArr[3],
   1.405 +                               &authKeyID->authCertSerialNumber);
   1.406 +        if (rv != SECSuccess)
   1.407 +            goto loser;
   1.408 +
   1.409 +        authKeyID->authCertIssuer = 
   1.410 +            crlgen_DistinguishedName (arena, crlGenData, dataArr[2]);
   1.411 +        if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError ()){
   1.412 +            crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n");
   1.413 +            rv = SECFailure;
   1.414 +            goto loser;
   1.415 +        }
   1.416 +    }
   1.417 +
   1.418 +    rv =
   1.419 +        SECU_EncodeAndAddExtensionValue(arena, extHandle, authKeyID,
   1.420 +                                        (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
   1.421 +                                        SEC_OID_X509_AUTH_KEY_ID, 
   1.422 +                                        (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID);
   1.423 +  loser:
   1.424 +    if (arena)
   1.425 +        PORT_FreeArena (arena, PR_FALSE);
   1.426 +    return rv;
   1.427 +} 
   1.428 +
   1.429 +/* Creates and add Subject Alternative Names extension */
   1.430 +static SECStatus 
   1.431 +crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData,
   1.432 +                          const char **dataArr)
   1.433 +{
   1.434 +    CERTGeneralName *nameList = NULL;
   1.435 +    PLArenaPool *arena = NULL;
   1.436 +    void *extHandle = NULL;
   1.437 +    SECStatus rv = SECSuccess;
   1.438 +
   1.439 +
   1.440 +    PORT_Assert(dataArr && crlGenData);
   1.441 +    if (!crlGenData || !dataArr) {
   1.442 +        return SECFailure;
   1.443 +    }
   1.444 +
   1.445 +    if (!dataArr || !dataArr[0] || !dataArr[1] || !dataArr[2]) {
   1.446 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.447 +        crlgen_PrintError(crlGenData->parsedLineNum,
   1.448 +                          "insufficient number of arguments.\n");
   1.449 +        return SECFailure;
   1.450 +    }
   1.451 +
   1.452 +    PORT_Assert(dataArr && crlGenData);
   1.453 +    if (!crlGenData || !dataArr) {
   1.454 +        return SECFailure;
   1.455 +    }
   1.456 +
   1.457 +    extHandle = crlGenData->crlExtHandle;
   1.458 +
   1.459 +    if (!dataArr[0] || !dataArr[1] || !dataArr[2]) {
   1.460 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.461 +        crlgen_PrintError(crlGenData->parsedLineNum,
   1.462 +                          "insufficient number of parameters.\n");
   1.463 +        return SECFailure;
   1.464 +    }
   1.465 +
   1.466 +    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
   1.467 +    if (!arena) {
   1.468 +        return SECFailure;
   1.469 +    }
   1.470 +
   1.471 +    nameList = crlgen_GetGeneralName(arena, crlGenData, dataArr[2]);
   1.472 +    if (nameList == NULL) {
   1.473 +        crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n");
   1.474 +        rv = SECFailure;
   1.475 +        goto loser;
   1.476 +    }
   1.477 +
   1.478 +    rv =
   1.479 +        SECU_EncodeAndAddExtensionValue(arena, extHandle, nameList,
   1.480 +                                        (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
   1.481 +                                        SEC_OID_X509_ISSUER_ALT_NAME, 
   1.482 +                                        (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAltNameExtension);
   1.483 +  loser:
   1.484 +    if (arena)
   1.485 +        PORT_FreeArena (arena, PR_FALSE);
   1.486 +    return rv;
   1.487 +}
   1.488 +
   1.489 +/* Creates and adds CRLNumber extension to extension handle.
   1.490 + * Since, this is CRL extension, extension handle is the one 
   1.491 + * related to CRL extensions */
   1.492 +static SECStatus
   1.493 +crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr)
   1.494 +{
   1.495 +    PLArenaPool *arena = NULL;
   1.496 +    SECItem encodedItem;
   1.497 +    void *extHandle = crlGenData->crlExtHandle;
   1.498 +    void *dummy;
   1.499 +    SECStatus rv = SECFailure;
   1.500 +    int code = 0;
   1.501 +
   1.502 +    PORT_Assert(dataArr && crlGenData);
   1.503 +    if (!crlGenData || !dataArr) {
   1.504 +        goto loser;
   1.505 +    }
   1.506 +
   1.507 +    if (!dataArr[0] || !dataArr[1] || !dataArr[2]) {
   1.508 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.509 +        crlgen_PrintError(crlGenData->parsedLineNum,
   1.510 +                          "insufficient number of arguments.\n");
   1.511 +        goto loser;
   1.512 +    }
   1.513 +
   1.514 +    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
   1.515 +    if (arena == NULL) {
   1.516 +        goto loser;
   1.517 +    }
   1.518 +
   1.519 +    code = atoi(dataArr[2]);
   1.520 +    if (code == 0 && *dataArr[2] != '0') {
   1.521 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.522 +        goto loser;
   1.523 +    }
   1.524 +
   1.525 +    dummy = SEC_ASN1EncodeInteger(arena, &encodedItem, code);
   1.526 +    if (!dummy) {
   1.527 +        rv = SECFailure;
   1.528 +        goto loser;
   1.529 +    }
   1.530 +
   1.531 +    rv = CERT_AddExtension (extHandle, SEC_OID_X509_CRL_NUMBER, &encodedItem, 
   1.532 +                            (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
   1.533 +                            PR_TRUE);
   1.534 +
   1.535 +  loser:
   1.536 +    if (arena)
   1.537 +        PORT_FreeArena(arena, PR_FALSE);
   1.538 +    return rv;
   1.539 +
   1.540 +}
   1.541 +
   1.542 +
   1.543 +/* Creates Cert Revocation Reason code extension. Encodes it and
   1.544 + * returns as SECItem structure */
   1.545 +static SECItem*
   1.546 +crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr,
   1.547 +                        int *extCode)
   1.548 +{
   1.549 +    SECItem *encodedItem;
   1.550 +    void *dummy;
   1.551 +    void *mark;
   1.552 +    int code = 0;
   1.553 +
   1.554 +    PORT_Assert(arena && dataArr);
   1.555 +    if (!arena || !dataArr) {
   1.556 +        goto loser;
   1.557 +    } 
   1.558 +
   1.559 +    mark = PORT_ArenaMark(arena);
   1.560 +
   1.561 +    encodedItem = PORT_ArenaZNew (arena, SECItem);
   1.562 +    if (encodedItem == NULL) {
   1.563 +        goto loser;
   1.564 +    }
   1.565 +
   1.566 +    if (dataArr[2] == NULL) {
   1.567 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.568 +        goto loser;
   1.569 +    }
   1.570 +
   1.571 +    code = atoi(dataArr[2]);
   1.572 +    /* aACompromise(10) is the last possible of the values 
   1.573 +     * for the Reason Core Extension */
   1.574 +    if ((code == 0 && *dataArr[2] != '0') || code > 10) {
   1.575 +        
   1.576 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.577 +        goto loser;
   1.578 +    }
   1.579 +
   1.580 +    dummy = SEC_ASN1EncodeInteger(arena, encodedItem, code);
   1.581 +    if (!dummy) {
   1.582 +        goto loser;
   1.583 +    }
   1.584 +
   1.585 +    *extCode = SEC_OID_X509_REASON_CODE;
   1.586 +    return encodedItem;
   1.587 +
   1.588 +  loser:
   1.589 +    PORT_ArenaRelease (arena, mark);
   1.590 +    return NULL;
   1.591 +}
   1.592 +
   1.593 +/* Creates Cert Invalidity Date extension. Encodes it and
   1.594 + * returns as SECItem structure */
   1.595 +static SECItem*
   1.596 +crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
   1.597 +                       int *extCode)
   1.598 +{
   1.599 +    SECItem *encodedItem;
   1.600 +    int length = 0;
   1.601 +    void *mark;
   1.602 +
   1.603 +    PORT_Assert(arena && dataArr);
   1.604 +    if (!arena || !dataArr) {
   1.605 +        goto loser;
   1.606 +    } 
   1.607 +
   1.608 +    mark = PORT_ArenaMark(arena);
   1.609 +
   1.610 +    encodedItem = PORT_ArenaZNew(arena, SECItem);
   1.611 +    if (encodedItem == NULL) {
   1.612 +        goto loser;
   1.613 +    }
   1.614 +
   1.615 +    length = PORT_Strlen(dataArr[2]);
   1.616 +
   1.617 +    encodedItem->type = siGeneralizedTime;
   1.618 +    encodedItem->data = PORT_ArenaAlloc(arena, length);
   1.619 +    if (!encodedItem->data) {
   1.620 +        goto loser;
   1.621 +    }
   1.622 +
   1.623 +    PORT_Memcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) *
   1.624 +                sizeof(char));
   1.625 +
   1.626 +    *extCode = SEC_OID_X509_INVALID_DATE;
   1.627 +    return encodedItem;
   1.628 +    
   1.629 +  loser:
   1.630 +    PORT_ArenaRelease(arena, mark);
   1.631 +    return NULL;
   1.632 +}
   1.633 +
   1.634 +/* Creates(by calling extCreator function) and adds extension to a set
   1.635 + * of already added certs. Uses values of rangeFrom and rangeTo from
   1.636 + * CRLGENCrlGenCtl structure for identifying the inclusive set of certs */
   1.637 +static SECStatus
   1.638 +crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData,
   1.639 +                         const char **dataArr, char *extName,
   1.640 +                         SECItem* (*extCreator)(PLArenaPool *arena,
   1.641 +                                                const char **dataArr,
   1.642 +                                                int *extCode))
   1.643 +{
   1.644 +    PRUint64 i = 0;
   1.645 +    SECStatus rv = SECFailure;
   1.646 +    int extCode = 0;
   1.647 +    PRUint64 lastRange ;
   1.648 +    SECItem *ext = NULL;
   1.649 +    PLArenaPool *arena = NULL;
   1.650 +
   1.651 +
   1.652 +    PORT_Assert(crlGenData &&  dataArr);
   1.653 +    if (!crlGenData || !dataArr) {
   1.654 +        goto loser;
   1.655 +    } 
   1.656 +    
   1.657 +    if (!dataArr[0] || !dataArr[1]) {
   1.658 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.659 +        crlgen_PrintError(crlGenData->parsedLineNum, 
   1.660 +                          "insufficient number of arguments.\n");
   1.661 +    }
   1.662 +
   1.663 +    lastRange = crlGenData->rangeTo - crlGenData->rangeFrom + 1;
   1.664 +
   1.665 +    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
   1.666 +    if (arena == NULL) {
   1.667 +        goto loser;
   1.668 +    }
   1.669 +
   1.670 +    ext = extCreator(arena, dataArr, &extCode);
   1.671 +    if (ext == NULL) {
   1.672 +        crlgen_PrintError(crlGenData->parsedLineNum, 
   1.673 +                          "got error while creating extension: %s\n",
   1.674 +                          extName);
   1.675 +        goto loser;
   1.676 +    }
   1.677 +
   1.678 +    for (i = 0;i < lastRange;i++) {
   1.679 +        CRLGENEntryData * extData = NULL;
   1.680 +        void *extHandle = NULL;
   1.681 +        SECItem * certIdItem =
   1.682 +            SEC_ASN1EncodeInteger(arena, NULL,
   1.683 +                                  crlGenData->rangeFrom + i);
   1.684 +        if (!certIdItem) {
   1.685 +            rv = SECFailure;
   1.686 +            goto loser;
   1.687 +        }
   1.688 +
   1.689 +        extData = crlgen_FindEntry(crlGenData, certIdItem);
   1.690 +        if (!extData) {
   1.691 +            crlgen_PrintError(crlGenData->parsedLineNum,
   1.692 +                              "can not add extension: crl entry "
   1.693 +                              "(serial number: %d) is not in the list yet.\n",
   1.694 +                              crlGenData->rangeFrom + i);
   1.695 +            continue;
   1.696 +        }
   1.697 +
   1.698 +        extHandle = extData->extHandle;
   1.699 +        if (extHandle == NULL) {
   1.700 +            extHandle = extData->extHandle =
   1.701 +                CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl,
   1.702 +                                             (CERTCrlEntry*)extData->entry);
   1.703 +        }
   1.704 +        rv = CERT_AddExtension (extHandle, extCode, ext, 
   1.705 +                               (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
   1.706 +                               PR_TRUE);
   1.707 +        if (rv == SECFailure) {
   1.708 +            goto loser;
   1.709 +        }
   1.710 +    }
   1.711 +
   1.712 +  loser:
   1.713 +    if (arena)
   1.714 +        PORT_FreeArena(arena, PR_FALSE);
   1.715 +    return rv;
   1.716 +}
   1.717 +
   1.718 +
   1.719 +/* Commits all added entries and their's extensions into CRL. */
   1.720 +SECStatus
   1.721 +CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData)
   1.722 +{
   1.723 +    int size = 0;
   1.724 +    CERTCrl *crl;
   1.725 +    PLArenaPool *arena;
   1.726 +    SECStatus rv = SECSuccess;
   1.727 +    void *mark;
   1.728 +
   1.729 +    PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena);
   1.730 +    if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
   1.731 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.732 +        return SECFailure;
   1.733 +    }
   1.734 +
   1.735 +    arena = crlGenData->signCrl->arena;
   1.736 +    crl = &crlGenData->signCrl->crl;
   1.737 +
   1.738 +    mark = PORT_ArenaMark(arena);
   1.739 +
   1.740 +    if (crlGenData->crlExtHandle)
   1.741 +        CERT_FinishExtensions(crlGenData->crlExtHandle);
   1.742 +
   1.743 +    size = crlGenData->entryDataHashTable->nentries;
   1.744 +    crl->entries = NULL;
   1.745 +    if (size) {
   1.746 +        crl->entries = PORT_ArenaZNewArray(arena, CERTCrlEntry*, size + 1);
   1.747 +        if (!crl->entries) {
   1.748 +            rv = SECFailure;
   1.749 +        } else {
   1.750 +            struct commitData dt;
   1.751 +            dt.entries = crl->entries;
   1.752 +            dt.pos = 0;
   1.753 +            PL_HashTableEnumerateEntries(crlGenData->entryDataHashTable,
   1.754 +                                         &crlgen_CommitEntryData, &dt);
   1.755 +            /* Last should be NULL */
   1.756 +            crl->entries[size] = NULL;
   1.757 +        }
   1.758 +    }
   1.759 +
   1.760 +    if (rv != SECSuccess)
   1.761 +        PORT_ArenaRelease(arena, mark);
   1.762 +    return rv;
   1.763 +}
   1.764 +
   1.765 +/* Initializes extHandle with data from extensions array */
   1.766 +static SECStatus
   1.767 +crlgen_InitExtensionHandle(void *extHandle,
   1.768 +                           CERTCertExtension **extensions)
   1.769 +{
   1.770 +    CERTCertExtension *extension = NULL;
   1.771 +
   1.772 +    if (!extensions)
   1.773 +        return SECSuccess;
   1.774 +
   1.775 +    PORT_Assert(extHandle != NULL);
   1.776 +    if (!extHandle) {
   1.777 +        return SECFailure;
   1.778 +    }
   1.779 +
   1.780 +    extension = *extensions;
   1.781 +    while (extension) {
   1.782 +        SECOidTag oidTag = SECOID_FindOIDTag (&extension->id);
   1.783 +/* shell we skip unknown extensions? */
   1.784 +        CERT_AddExtension (extHandle, oidTag, &extension->value, 
   1.785 +                           (extension->critical.len != 0) ? PR_TRUE : PR_FALSE,
   1.786 +                           PR_FALSE);
   1.787 +        extension = *(++extensions);
   1.788 +    }
   1.789 +    return SECSuccess;
   1.790 +}
   1.791 +
   1.792 +/* Used for initialization of extension handles for crl and certs
   1.793 + * extensions from existing CRL data then modifying existing CRL.*/
   1.794 +SECStatus
   1.795 +CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData)
   1.796 +{
   1.797 +    CERTCrl *crl = NULL;
   1.798 +    PRUint64 maxSN = 0;
   1.799 +
   1.800 +    PORT_Assert(crlGenData && crlGenData->signCrl &&
   1.801 +                crlGenData->entryDataHashTable);
   1.802 +    if (!crlGenData || !crlGenData->signCrl ||
   1.803 +        !crlGenData->entryDataHashTable) {
   1.804 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.805 +        return SECFailure;
   1.806 +    }
   1.807 +
   1.808 +    crl = &crlGenData->signCrl->crl;
   1.809 +    crlGenData->crlExtHandle = CERT_StartCRLExtensions(crl);
   1.810 +    crlgen_InitExtensionHandle(crlGenData->crlExtHandle,
   1.811 +                               crl->extensions);
   1.812 +    crl->extensions = NULL;
   1.813 +
   1.814 +    if (crl->entries) {
   1.815 +        CERTCrlEntry **entry = crl->entries;
   1.816 +        while (*entry) {
   1.817 +            PRUint64 sn = DER_GetInteger(&(*entry)->serialNumber);
   1.818 +            CRLGENEntryData *extData =
   1.819 +                crlgen_PlaceAnEntry(crlGenData, *entry, &(*entry)->serialNumber);
   1.820 +            if ((*entry)->extensions) {
   1.821 +                extData->extHandle = 
   1.822 +                    CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl,
   1.823 +                                                 (CERTCrlEntry*)extData->entry);
   1.824 +                if (crlgen_InitExtensionHandle(extData->extHandle,
   1.825 +                                               (*entry)->extensions) == SECFailure)
   1.826 +                    return SECFailure;
   1.827 +            }
   1.828 +            (*entry)->extensions = NULL;
   1.829 +            entry++;
   1.830 +            maxSN = PR_MAX(maxSN, sn);
   1.831 +        }
   1.832 +    }
   1.833 +
   1.834 +    crlGenData->rangeFrom = crlGenData->rangeTo = maxSN + 1;
   1.835 +    return SECSuccess;
   1.836 +}
   1.837 +
   1.838 +/*****************************************************************************
   1.839 + * Parser trigger functions start here
   1.840 + */
   1.841 +
   1.842 +/* Sets new internal range value for add/rm certs.*/
   1.843 +static SECStatus
   1.844 +crlgen_SetNewRangeField(CRLGENGeneratorData *crlGenData, char *value)
   1.845 +{
   1.846 +    long rangeFrom = 0, rangeTo = 0;
   1.847 +    char *dashPos = NULL;
   1.848 +
   1.849 +    PORT_Assert(crlGenData);
   1.850 +    if (!crlGenData) {
   1.851 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.852 +        return SECFailure;
   1.853 +    }
   1.854 +
   1.855 +    if (value == NULL) {
   1.856 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.857 +        crlgen_PrintError(crlGenData->parsedLineNum,
   1.858 +                          "insufficient number of arguments.\n");
   1.859 +        return SECFailure;
   1.860 +    }
   1.861 +
   1.862 +    if ((dashPos = strchr(value, '-')) != NULL) {
   1.863 +        char *rangeToS, *rangeFromS = value;
   1.864 +        *dashPos = '\0';
   1.865 +        rangeFrom = atoi(rangeFromS);
   1.866 +        *dashPos = '-';
   1.867 +
   1.868 +        rangeToS = (char*)(dashPos + 1);
   1.869 +        rangeTo = atol(rangeToS);
   1.870 +    } else {
   1.871 +        rangeFrom = atol(value);
   1.872 +        rangeTo = rangeFrom;
   1.873 +    }
   1.874 +
   1.875 +    if (rangeFrom < 1 || rangeTo<rangeFrom) {
   1.876 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.877 +        crlgen_PrintError(crlGenData->parsedLineNum,
   1.878 +                          "bad cert id range: %s.\n", value);
   1.879 +        return SECFailure;
   1.880 +    }
   1.881 +
   1.882 +    crlGenData->rangeFrom = rangeFrom;
   1.883 +    crlGenData->rangeTo = rangeTo;
   1.884 +
   1.885 +    return SECSuccess;
   1.886 +}
   1.887 +
   1.888 +/* Changes issuer subject field in CRL. By default this data is taken from
   1.889 + * issuer cert subject field.Not yet implemented */
   1.890 +static SECStatus
   1.891 +crlgen_SetIssuerField(CRLGENGeneratorData *crlGenData, char *value)
   1.892 +{
   1.893 +    crlgen_PrintError(crlGenData->parsedLineNum, 
   1.894 +                      "Can not change CRL issuer field.\n");
   1.895 +    return SECFailure;
   1.896 +}
   1.897 +
   1.898 +/* Encode and sets CRL thisUpdate and nextUpdate time fields*/
   1.899 +static SECStatus
   1.900 +crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value,
   1.901 +                    PRBool setThisUpdate)
   1.902 +{
   1.903 +    CERTSignedCrl *signCrl;
   1.904 +    PLArenaPool *arena;
   1.905 +    CERTCrl *crl;
   1.906 +    int length = 0;
   1.907 +    SECItem *timeDest = NULL;
   1.908 +
   1.909 +    PORT_Assert(crlGenData && crlGenData->signCrl &&
   1.910 +                crlGenData->signCrl->arena);
   1.911 +    if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
   1.912 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.913 +        return SECFailure;
   1.914 +    }
   1.915 +
   1.916 +    signCrl = crlGenData->signCrl;
   1.917 +    arena = signCrl->arena;
   1.918 +    crl = &signCrl->crl;
   1.919 +
   1.920 +    if (value == NULL) {
   1.921 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.922 +        crlgen_PrintError(crlGenData->parsedLineNum,
   1.923 +                          "insufficient number of arguments.\n");
   1.924 +        return SECFailure;
   1.925 +    }
   1.926 +    length = PORT_Strlen(value);
   1.927 +    
   1.928 +    if (setThisUpdate == PR_TRUE) {
   1.929 +        timeDest = &crl->lastUpdate;
   1.930 +    } else {
   1.931 +        timeDest = &crl->nextUpdate;
   1.932 +    }
   1.933 +
   1.934 +    timeDest->type = siGeneralizedTime;
   1.935 +    timeDest->data = PORT_ArenaAlloc(arena, length);
   1.936 +    if (!timeDest->data) {
   1.937 +        return SECFailure;
   1.938 +    }
   1.939 +    PORT_Memcpy(timeDest->data, value, length);
   1.940 +    timeDest->len = length;
   1.941 +
   1.942 +    return SECSuccess;
   1.943 +}
   1.944 +
   1.945 +
   1.946 +/* Adds new extension into CRL or added cert handles */
   1.947 +static SECStatus
   1.948 +crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData)
   1.949 +{
   1.950 +    PORT_Assert(crlGenData && crlGenData->crlExtHandle);
   1.951 +    if (!crlGenData || !crlGenData->crlExtHandle) {
   1.952 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.953 +        return SECFailure;
   1.954 +    }
   1.955 +
   1.956 +    if (extData == NULL || *extData == NULL) {
   1.957 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.958 +        crlgen_PrintError(crlGenData->parsedLineNum, 
   1.959 +                          "insufficient number of arguments.\n");
   1.960 +        return SECFailure;
   1.961 +    }
   1.962 +    if (!PORT_Strcmp(*extData, "authKeyId"))
   1.963 +        return crlgen_AddAuthKeyID(crlGenData, extData);
   1.964 +    else if (!PORT_Strcmp(*extData, "issuerAltNames"))
   1.965 +        return crlgen_AddIssuerAltNames(crlGenData, extData);
   1.966 +    else if (!PORT_Strcmp(*extData, "crlNumber"))
   1.967 +        return crlgen_AddCrlNumber(crlGenData, extData);
   1.968 +    else if (!PORT_Strcmp(*extData, "reasonCode"))
   1.969 +        return crlgen_AddEntryExtension(crlGenData, extData, "reasonCode",
   1.970 +                                        crlgen_CreateReasonCode);
   1.971 +    else if (!PORT_Strcmp(*extData, "invalidityDate"))
   1.972 +        return crlgen_AddEntryExtension(crlGenData, extData, "invalidityDate",
   1.973 +                                        crlgen_CreateInvalidityDate);
   1.974 +    else {
   1.975 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
   1.976 +        crlgen_PrintError(crlGenData->parsedLineNum,
   1.977 +                          "insufficient number of arguments.\n");
   1.978 +        return SECFailure;
   1.979 +    }
   1.980 +}
   1.981 +
   1.982 +
   1.983 +
   1.984 +/* Created CRLGENEntryData for cert with serial number certId and
   1.985 + * adds it to entryDataHashTable. certId can be a single cert serial
   1.986 + * number or an inclusive rage of certs */
   1.987 +static SECStatus
   1.988 +crlgen_AddCert(CRLGENGeneratorData *crlGenData,
   1.989 +        char *certId, char *revocationDate)
   1.990 +{
   1.991 +    CERTSignedCrl *signCrl;
   1.992 +    SECItem *certIdItem;
   1.993 +    PLArenaPool *arena;
   1.994 +    PRUint64 rangeFrom = 0, rangeTo = 0, i = 0;
   1.995 +    int timeValLength = -1;
   1.996 +    SECStatus rv = SECFailure;
   1.997 +    void *mark;
   1.998 +
   1.999 +
  1.1000 +    PORT_Assert(crlGenData && crlGenData->signCrl &&
  1.1001 +                crlGenData->signCrl->arena);
  1.1002 +    if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
  1.1003 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1004 +        return SECFailure;
  1.1005 +    }
  1.1006 +
  1.1007 +    signCrl = crlGenData->signCrl;
  1.1008 +    arena = signCrl->arena;
  1.1009 +
  1.1010 +    if (!certId || !revocationDate) {
  1.1011 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1012 +        crlgen_PrintError(crlGenData->parsedLineNum,
  1.1013 +                          "insufficient number of arguments.\n");
  1.1014 +        return SECFailure;
  1.1015 +    }
  1.1016 +
  1.1017 +    timeValLength = strlen(revocationDate);
  1.1018 +
  1.1019 +    if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure &&
  1.1020 +        certId) {
  1.1021 +        return SECFailure;
  1.1022 +    }
  1.1023 +    rangeFrom = crlGenData->rangeFrom;
  1.1024 +    rangeTo = crlGenData->rangeTo;
  1.1025 +
  1.1026 +    for (i = 0;i < rangeTo - rangeFrom + 1;i++) {
  1.1027 +        CERTCrlEntry *entry;
  1.1028 +        mark = PORT_ArenaMark(arena);
  1.1029 +        entry = PORT_ArenaZNew(arena, CERTCrlEntry);
  1.1030 +        if (entry == NULL) {
  1.1031 +            goto loser;
  1.1032 +        }
  1.1033 +
  1.1034 +        certIdItem = SEC_ASN1EncodeInteger(arena, &entry->serialNumber,
  1.1035 +                                           rangeFrom + i);
  1.1036 +        if (!certIdItem) {
  1.1037 +            goto loser;
  1.1038 +        }
  1.1039 +
  1.1040 +        if (crlgen_FindEntry(crlGenData, certIdItem)) {
  1.1041 +            crlgen_PrintError(crlGenData->parsedLineNum,
  1.1042 +                              "entry already exists. Use \"range\" "
  1.1043 +                              "and \"rmcert\" before adding a new one with the "
  1.1044 +                              "same serial number %ld\n", rangeFrom + i);
  1.1045 +            goto loser;
  1.1046 +        }
  1.1047 +
  1.1048 +        entry->serialNumber.type = siBuffer;
  1.1049 +
  1.1050 +        entry->revocationDate.type = siGeneralizedTime;
  1.1051 +
  1.1052 +        entry->revocationDate.data =
  1.1053 +            PORT_ArenaAlloc(arena, timeValLength);
  1.1054 +        if (entry->revocationDate.data == NULL) {
  1.1055 +            goto loser;
  1.1056 +        }
  1.1057 +
  1.1058 +        PORT_Memcpy(entry->revocationDate.data, revocationDate,
  1.1059 +                    timeValLength * sizeof(char));
  1.1060 +        entry->revocationDate.len = timeValLength;
  1.1061 +
  1.1062 +
  1.1063 +        entry->extensions = NULL;
  1.1064 +        if (!crlgen_PlaceAnEntry(crlGenData, entry, certIdItem)) {
  1.1065 +            goto loser;
  1.1066 +        }
  1.1067 +        mark = NULL;
  1.1068 +    }
  1.1069 +
  1.1070 +    rv = SECSuccess;
  1.1071 +  loser:
  1.1072 +    if (mark) {
  1.1073 +        PORT_ArenaRelease(arena, mark);
  1.1074 +    }
  1.1075 +    return rv;
  1.1076 +}
  1.1077 +
  1.1078 +
  1.1079 +/* Removes certs from entryDataHashTable which have certId serial number.
  1.1080 + * certId can have value of a range of certs */
  1.1081 +static SECStatus
  1.1082 +crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId)
  1.1083 +{
  1.1084 +    PRUint64 i = 0;
  1.1085 +    PLArenaPool *arena;
  1.1086 +
  1.1087 +    PORT_Assert(crlGenData && certId);
  1.1088 +    if (!crlGenData || !certId) {
  1.1089 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1090 +        return SECFailure;
  1.1091 +    }
  1.1092 +
  1.1093 +    arena = crlGenData->signCrl->arena;
  1.1094 +
  1.1095 +    if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure &&
  1.1096 +        certId) {
  1.1097 +        return SECFailure;
  1.1098 +    }
  1.1099 +
  1.1100 +    for (i = 0;i < crlGenData->rangeTo - crlGenData->rangeFrom + 1;i++) {
  1.1101 +        SECItem* certIdItem = SEC_ASN1EncodeInteger(NULL, NULL,
  1.1102 +                                                    crlGenData->rangeFrom + i);
  1.1103 +        if (certIdItem) {
  1.1104 +            CRLGENEntryData *extData =
  1.1105 +                crlgen_FindEntry(crlGenData, certIdItem);
  1.1106 +            if (!extData) {
  1.1107 +                printf("Cert with id %s is not in the list\n", certId);
  1.1108 +            } else {
  1.1109 +                crlgen_RmEntry(crlGenData, certIdItem);
  1.1110 +            }
  1.1111 +            SECITEM_FreeItem(certIdItem, PR_TRUE);
  1.1112 +        }
  1.1113 +    }
  1.1114 +
  1.1115 +    return SECSuccess;
  1.1116 +}
  1.1117 +
  1.1118 +/*************************************************************************
  1.1119 + * Lex Parser Helper functions are used to store parsed information
  1.1120 + * in context related structures. Context(or state) is identified base on 
  1.1121 + * a type of a instruction parser currently is going through. New context
  1.1122 + * is identified by first token in a line. It can be addcert context,
  1.1123 + * addext context, etc. */
  1.1124 +
  1.1125 +/* Updates CRL field depending on current context */ 
  1.1126 +static SECStatus
  1.1127 +crlgen_updateCrlFn_field(CRLGENGeneratorData *crlGenData, void *str)
  1.1128 +{
  1.1129 +    CRLGENCrlField *fieldStr = (CRLGENCrlField*)str;
  1.1130 +
  1.1131 +    PORT_Assert(crlGenData);
  1.1132 +    if (!crlGenData) {
  1.1133 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1134 +        return SECFailure;
  1.1135 +    }
  1.1136 +
  1.1137 +    switch(crlGenData->contextId) {
  1.1138 +      case CRLGEN_ISSUER_CONTEXT:
  1.1139 +          crlgen_SetIssuerField(crlGenData, fieldStr->value);
  1.1140 +          break;
  1.1141 +      case CRLGEN_UPDATE_CONTEXT:
  1.1142 +          return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_TRUE);
  1.1143 +          break;
  1.1144 +      case CRLGEN_NEXT_UPDATE_CONTEXT:
  1.1145 +          return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_FALSE);
  1.1146 +          break;
  1.1147 +      case CRLGEN_CHANGE_RANGE_CONTEXT:
  1.1148 +          return crlgen_SetNewRangeField(crlGenData, fieldStr->value);
  1.1149 +          break;
  1.1150 +      default:
  1.1151 +          crlgen_PrintError(crlGenData->parsedLineNum,
  1.1152 +                            "syntax error (unknow token type: %d)\n",
  1.1153 +                            crlGenData->contextId);
  1.1154 +          PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1155 +          return SECFailure;
  1.1156 +    }
  1.1157 +    return SECSuccess;
  1.1158 +}
  1.1159 +
  1.1160 +/* Sets parsed data for CRL field update into temporary structure */ 
  1.1161 +static SECStatus
  1.1162 +crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str,
  1.1163 +                    void *data, unsigned short dtype)
  1.1164 +{
  1.1165 +    CRLGENCrlField *fieldStr = (CRLGENCrlField*)str;
  1.1166 +
  1.1167 +    PORT_Assert(crlGenData);
  1.1168 +    if (!crlGenData) {
  1.1169 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1170 +        return SECFailure;
  1.1171 +    }
  1.1172 +
  1.1173 +    switch (crlGenData->contextId) {
  1.1174 +      case CRLGEN_CHANGE_RANGE_CONTEXT:
  1.1175 +          if (dtype != CRLGEN_TYPE_DIGIT || dtype != CRLGEN_TYPE_DIGIT_RANGE) {
  1.1176 +              crlgen_PrintError(crlGenData->parsedLineNum,
  1.1177 +                                "range value should have "
  1.1178 +                                "numeric or numeric range values.\n");
  1.1179 +              return SECFailure;
  1.1180 +          }
  1.1181 +          break;
  1.1182 +      case CRLGEN_NEXT_UPDATE_CONTEXT:
  1.1183 +      case CRLGEN_UPDATE_CONTEXT:
  1.1184 +          if (dtype != CRLGEN_TYPE_ZDATE){
  1.1185 +              crlgen_PrintError(crlGenData->parsedLineNum,
  1.1186 +                                "bad formated date. Should be "
  1.1187 +                                "YYYYMMDDHHMMSSZ.\n");
  1.1188 +              return SECFailure;
  1.1189 +          }
  1.1190 +          break;
  1.1191 +      default:
  1.1192 +          PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1193 +          crlgen_PrintError(crlGenData->parsedLineNum,
  1.1194 +                            "syntax error (unknow token type: %d).\n",
  1.1195 +                            crlGenData->contextId, data);
  1.1196 +          return SECFailure;
  1.1197 +    }
  1.1198 +    fieldStr->value = PORT_Strdup(data);
  1.1199 +    if (!fieldStr->value) {
  1.1200 +        return SECFailure;
  1.1201 +    }
  1.1202 +    return SECSuccess;
  1.1203 +}
  1.1204 +
  1.1205 +/* Triggers cert entries update depending on current context */ 
  1.1206 +static SECStatus
  1.1207 +crlgen_updateCrlFn_cert(CRLGENGeneratorData *crlGenData, void *str)
  1.1208 +{
  1.1209 +    CRLGENCertEntry *certStr = (CRLGENCertEntry*)str;
  1.1210 +
  1.1211 +    PORT_Assert(crlGenData);
  1.1212 +    if (!crlGenData) {
  1.1213 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1214 +        return SECFailure;
  1.1215 +    }
  1.1216 +
  1.1217 +    switch(crlGenData->contextId) {
  1.1218 +      case CRLGEN_ADD_CERT_CONTEXT:
  1.1219 +          return crlgen_AddCert(crlGenData, certStr->certId,
  1.1220 +                         certStr->revocationTime);
  1.1221 +      case CRLGEN_RM_CERT_CONTEXT:
  1.1222 +          return crlgen_RmCert(crlGenData, certStr->certId);
  1.1223 +      default:
  1.1224 +          PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1225 +          crlgen_PrintError(crlGenData->parsedLineNum,
  1.1226 +                            "syntax error (unknow token type: %d).\n",
  1.1227 +                            crlGenData->contextId);
  1.1228 +          return SECFailure;
  1.1229 +    }
  1.1230 +}
  1.1231 +
  1.1232 +
  1.1233 +/* Sets parsed data for CRL entries update into temporary structure */ 
  1.1234 +static SECStatus
  1.1235 +crlgen_setNextDataFn_cert(CRLGENGeneratorData *crlGenData, void *str,
  1.1236 +                   void *data, unsigned short dtype)
  1.1237 +{
  1.1238 +    CRLGENCertEntry *certStr = (CRLGENCertEntry*)str;
  1.1239 +
  1.1240 +    PORT_Assert(crlGenData);
  1.1241 +    if (!crlGenData) {
  1.1242 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1243 +        return SECFailure;
  1.1244 +    }
  1.1245 +
  1.1246 +    switch(dtype) {
  1.1247 +      case CRLGEN_TYPE_DIGIT:
  1.1248 +      case CRLGEN_TYPE_DIGIT_RANGE:
  1.1249 +          certStr->certId = PORT_Strdup(data);
  1.1250 +          if (!certStr->certId) {
  1.1251 +              return SECFailure;
  1.1252 +          }
  1.1253 +          break;
  1.1254 +      case CRLGEN_TYPE_DATE:
  1.1255 +      case CRLGEN_TYPE_ZDATE:
  1.1256 +          certStr->revocationTime = PORT_Strdup(data);
  1.1257 +          if (!certStr->revocationTime) {
  1.1258 +              return SECFailure;
  1.1259 +          }
  1.1260 +          break;
  1.1261 +      default:
  1.1262 +          PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1263 +          crlgen_PrintError(crlGenData->parsedLineNum,
  1.1264 +                            "syntax error (unknow token type: %d).\n",
  1.1265 +                            crlGenData->contextId);
  1.1266 +          return SECFailure;
  1.1267 +    }
  1.1268 +    return SECSuccess;
  1.1269 +}
  1.1270 +
  1.1271 +/* Triggers cert entries/crl extension update */ 
  1.1272 +static SECStatus
  1.1273 +crlgen_updateCrlFn_extension(CRLGENGeneratorData *crlGenData, void *str)
  1.1274 +{
  1.1275 +    CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry*)str;
  1.1276 +
  1.1277 +    return crlgen_AddExtension(crlGenData, (const char**)extStr->extData);
  1.1278 +}
  1.1279 +
  1.1280 +/* Defines maximum number of fields extension may have */
  1.1281 +#define MAX_EXT_DATA_LENGTH 10
  1.1282 +
  1.1283 +/* Sets parsed extension data for CRL entries/CRL extensions update
  1.1284 + * into temporary structure */ 
  1.1285 +static SECStatus
  1.1286 +crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str,
  1.1287 +                        void *data, unsigned short dtype)
  1.1288 +{
  1.1289 +    CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry*)str;
  1.1290 +
  1.1291 +    PORT_Assert(crlGenData);
  1.1292 +    if (!crlGenData) {
  1.1293 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1294 +        return SECFailure;
  1.1295 +    }
  1.1296 +
  1.1297 +    if (extStr->extData == NULL) {
  1.1298 +        extStr->extData = PORT_ZNewArray(char *, MAX_EXT_DATA_LENGTH);
  1.1299 +        if (!extStr->extData) {
  1.1300 +            return SECFailure;
  1.1301 +        }
  1.1302 +    }
  1.1303 +    if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) {
  1.1304 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1305 +        crlgen_PrintError(crlGenData->parsedLineNum, 
  1.1306 +                          "number of fields in extension "
  1.1307 +                          "exceeded maximum allowed data length: %d.\n",
  1.1308 +                          MAX_EXT_DATA_LENGTH);
  1.1309 +        return SECFailure;
  1.1310 +    }
  1.1311 +    extStr->extData[extStr->nextUpdatedData] = PORT_Strdup(data);
  1.1312 +    if (!extStr->extData[extStr->nextUpdatedData]) {
  1.1313 +        return SECFailure;
  1.1314 +    }
  1.1315 +    extStr->nextUpdatedData += 1;
  1.1316 +
  1.1317 +    return SECSuccess;
  1.1318 +}
  1.1319 +
  1.1320 +
  1.1321 +/****************************************************************************************
  1.1322 + * Top level functions are triggered directly by parser.
  1.1323 + */
  1.1324 +
  1.1325 +/*
  1.1326 + * crl generation script parser recreates a temporary data staructure
  1.1327 + * for each line it is going through. This function cleans temp structure.
  1.1328 + */
  1.1329 +void
  1.1330 +crlgen_destroyTempData(CRLGENGeneratorData *crlGenData)
  1.1331 +{
  1.1332 +    if (crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) {
  1.1333 +        switch(crlGenData->contextId) {
  1.1334 +          case CRLGEN_ISSUER_CONTEXT:
  1.1335 +          case CRLGEN_UPDATE_CONTEXT:
  1.1336 +          case CRLGEN_NEXT_UPDATE_CONTEXT:
  1.1337 +          case CRLGEN_CHANGE_RANGE_CONTEXT:
  1.1338 +              if (crlGenData->crlField->value)
  1.1339 +                  PORT_Free(crlGenData->crlField->value);
  1.1340 +              PORT_Free(crlGenData->crlField);
  1.1341 +              break;
  1.1342 +          case CRLGEN_ADD_CERT_CONTEXT:
  1.1343 +          case CRLGEN_RM_CERT_CONTEXT:
  1.1344 +              if (crlGenData->certEntry->certId)
  1.1345 +                  PORT_Free(crlGenData->certEntry->certId);
  1.1346 +              if (crlGenData->certEntry->revocationTime)
  1.1347 +                  PORT_Free(crlGenData->certEntry->revocationTime);
  1.1348 +              PORT_Free(crlGenData->certEntry);
  1.1349 +              break;
  1.1350 +          case CRLGEN_ADD_EXTENSION_CONTEXT:
  1.1351 +              if (crlGenData->extensionEntry->extData) {
  1.1352 +                  int i = 0;
  1.1353 +                  for (;i < crlGenData->extensionEntry->nextUpdatedData;i++)
  1.1354 +                      PORT_Free(*(crlGenData->extensionEntry->extData + i));
  1.1355 +                  PORT_Free(crlGenData->extensionEntry->extData);
  1.1356 +              }
  1.1357 +              PORT_Free(crlGenData->extensionEntry);
  1.1358 +              break;
  1.1359 +        }
  1.1360 +        crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT;
  1.1361 +    }
  1.1362 +}
  1.1363 +
  1.1364 +SECStatus
  1.1365 +crlgen_updateCrl(CRLGENGeneratorData *crlGenData)
  1.1366 +{
  1.1367 +    SECStatus rv = SECSuccess;
  1.1368 +
  1.1369 +    PORT_Assert(crlGenData);
  1.1370 +    if (!crlGenData) {
  1.1371 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1372 +        return SECFailure;
  1.1373 +    }
  1.1374 +
  1.1375 +    switch(crlGenData->contextId) {
  1.1376 +      case CRLGEN_ISSUER_CONTEXT:
  1.1377 +      case CRLGEN_UPDATE_CONTEXT:
  1.1378 +      case CRLGEN_NEXT_UPDATE_CONTEXT:
  1.1379 +      case CRLGEN_CHANGE_RANGE_CONTEXT:
  1.1380 +          rv = crlGenData->crlField->updateCrlFn(crlGenData, crlGenData->crlField);
  1.1381 +          break;
  1.1382 +      case CRLGEN_RM_CERT_CONTEXT:
  1.1383 +      case CRLGEN_ADD_CERT_CONTEXT:
  1.1384 +          rv = crlGenData->certEntry->updateCrlFn(crlGenData, crlGenData->certEntry);
  1.1385 +          break;
  1.1386 +      case CRLGEN_ADD_EXTENSION_CONTEXT:
  1.1387 +          rv = crlGenData->extensionEntry->
  1.1388 +              updateCrlFn(crlGenData, crlGenData->extensionEntry);
  1.1389 +          break;
  1.1390 +      case CRLGEN_UNKNOWN_CONTEXT:
  1.1391 +          break;
  1.1392 +      default:
  1.1393 +          crlgen_PrintError(crlGenData->parsedLineNum,
  1.1394 +                            "unknown lang context type code: %d.\n",
  1.1395 +                            crlGenData->contextId);
  1.1396 +          PORT_Assert(0);
  1.1397 +          return SECFailure;
  1.1398 +    }
  1.1399 +    /* Clrean structures after crl update */
  1.1400 +    crlgen_destroyTempData(crlGenData);
  1.1401 +
  1.1402 +    crlGenData->parsedLineNum += 1;
  1.1403 +
  1.1404 +    return rv;
  1.1405 +}
  1.1406 +
  1.1407 +SECStatus
  1.1408 +crlgen_setNextData(CRLGENGeneratorData *crlGenData, void *data,
  1.1409 +                   unsigned short dtype)
  1.1410 +{
  1.1411 +    SECStatus rv = SECSuccess;
  1.1412 +
  1.1413 +    PORT_Assert(crlGenData);
  1.1414 +    if (!crlGenData) {
  1.1415 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1416 +        return SECFailure;
  1.1417 +    }
  1.1418 +
  1.1419 +    switch(crlGenData->contextId) {
  1.1420 +      case CRLGEN_ISSUER_CONTEXT:
  1.1421 +      case CRLGEN_UPDATE_CONTEXT:
  1.1422 +      case CRLGEN_NEXT_UPDATE_CONTEXT:
  1.1423 +      case CRLGEN_CHANGE_RANGE_CONTEXT:
  1.1424 +          rv = crlGenData->crlField->setNextDataFn(crlGenData, crlGenData->crlField,
  1.1425 +                                                   data, dtype);
  1.1426 +          break;
  1.1427 +      case CRLGEN_ADD_CERT_CONTEXT:
  1.1428 +      case CRLGEN_RM_CERT_CONTEXT:
  1.1429 +          rv = crlGenData->certEntry->setNextDataFn(crlGenData, crlGenData->certEntry,
  1.1430 +                                                    data, dtype);
  1.1431 +          break;
  1.1432 +      case CRLGEN_ADD_EXTENSION_CONTEXT:
  1.1433 +          rv =
  1.1434 +              crlGenData->extensionEntry->
  1.1435 +              setNextDataFn(crlGenData, crlGenData->extensionEntry, data, dtype);
  1.1436 +          break;
  1.1437 +      case CRLGEN_UNKNOWN_CONTEXT:
  1.1438 +          break;
  1.1439 +      default:
  1.1440 +          crlgen_PrintError(crlGenData->parsedLineNum,
  1.1441 +                            "unknown context type: %d.\n",
  1.1442 +                            crlGenData->contextId);
  1.1443 +          PORT_Assert(0);
  1.1444 +          return SECFailure;
  1.1445 +    }
  1.1446 +    return rv;
  1.1447 +}
  1.1448 +
  1.1449 +SECStatus
  1.1450 +crlgen_createNewLangStruct(CRLGENGeneratorData *crlGenData,
  1.1451 +                           unsigned structType)
  1.1452 +{
  1.1453 +    PORT_Assert(crlGenData &&
  1.1454 +                crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT);
  1.1455 +    if (!crlGenData ||
  1.1456 +        crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) {
  1.1457 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1458 +        return SECFailure;
  1.1459 +    }
  1.1460 +
  1.1461 +    switch(structType) {
  1.1462 +      case CRLGEN_ISSUER_CONTEXT:
  1.1463 +      case CRLGEN_UPDATE_CONTEXT:
  1.1464 +      case CRLGEN_NEXT_UPDATE_CONTEXT:
  1.1465 +      case CRLGEN_CHANGE_RANGE_CONTEXT:
  1.1466 +          crlGenData->crlField = PORT_New(CRLGENCrlField);
  1.1467 +          if (!crlGenData->crlField) {
  1.1468 +              return SECFailure;
  1.1469 +          }
  1.1470 +          crlGenData->contextId = structType;
  1.1471 +          crlGenData->crlField->value = NULL;
  1.1472 +          crlGenData->crlField->updateCrlFn = &crlgen_updateCrlFn_field;
  1.1473 +          crlGenData->crlField->setNextDataFn = &crlgen_setNextDataFn_field;
  1.1474 +          break;
  1.1475 +      case CRLGEN_RM_CERT_CONTEXT:
  1.1476 +      case CRLGEN_ADD_CERT_CONTEXT:
  1.1477 +          crlGenData->certEntry = PORT_New(CRLGENCertEntry);
  1.1478 +          if (!crlGenData->certEntry) {
  1.1479 +              return SECFailure;
  1.1480 +          }
  1.1481 +          crlGenData->contextId = structType;
  1.1482 +          crlGenData->certEntry->certId = 0;
  1.1483 +          crlGenData->certEntry->revocationTime = NULL;
  1.1484 +          crlGenData->certEntry->updateCrlFn = &crlgen_updateCrlFn_cert;
  1.1485 +          crlGenData->certEntry->setNextDataFn = &crlgen_setNextDataFn_cert;
  1.1486 +          break;
  1.1487 +      case CRLGEN_ADD_EXTENSION_CONTEXT:
  1.1488 +          crlGenData->extensionEntry = PORT_New(CRLGENExtensionEntry);
  1.1489 +          if (!crlGenData->extensionEntry) {
  1.1490 +              return SECFailure;
  1.1491 +          }
  1.1492 +          crlGenData->contextId = structType;
  1.1493 +          crlGenData->extensionEntry->extData = NULL;
  1.1494 +          crlGenData->extensionEntry->nextUpdatedData = 0;
  1.1495 +          crlGenData->extensionEntry->updateCrlFn =
  1.1496 +              &crlgen_updateCrlFn_extension;
  1.1497 +          crlGenData->extensionEntry->setNextDataFn =
  1.1498 +              &crlgen_setNextDataFn_extension;
  1.1499 +          break;
  1.1500 +      case CRLGEN_UNKNOWN_CONTEXT:
  1.1501 +          break;
  1.1502 +      default:
  1.1503 +          crlgen_PrintError(crlGenData->parsedLineNum,
  1.1504 +                            "unknown context type: %d.\n", structType);
  1.1505 +          PORT_Assert(0);
  1.1506 +          return SECFailure;
  1.1507 +    }
  1.1508 +    return SECSuccess;
  1.1509 +}
  1.1510 +
  1.1511 +
  1.1512 +/* Parser initialization function */
  1.1513 +CRLGENGeneratorData*
  1.1514 +CRLGEN_InitCrlGeneration(CERTSignedCrl *signCrl, PRFileDesc *src)
  1.1515 +{
  1.1516 +    CRLGENGeneratorData *crlGenData = NULL;
  1.1517 +
  1.1518 +    PORT_Assert(signCrl && src);
  1.1519 +    if (!signCrl || !src) {
  1.1520 +        PORT_SetError(SEC_ERROR_INVALID_ARGS);
  1.1521 +        return NULL;
  1.1522 +    }
  1.1523 +
  1.1524 +    crlGenData = PORT_ZNew(CRLGENGeneratorData);
  1.1525 +    if (!crlGenData) {
  1.1526 +        return NULL;
  1.1527 +    }
  1.1528 +
  1.1529 +    crlGenData->entryDataHashTable = 
  1.1530 +        PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
  1.1531 +                        PL_CompareValues, NULL, NULL);
  1.1532 +    if (!crlGenData->entryDataHashTable) {
  1.1533 +        PORT_Free(crlGenData);
  1.1534 +        return NULL;
  1.1535 +    }
  1.1536 +
  1.1537 +    crlGenData->src = src;
  1.1538 +    crlGenData->parsedLineNum = 1;
  1.1539 +    crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT;
  1.1540 +    crlGenData->signCrl = signCrl;
  1.1541 +    crlGenData->rangeFrom = 0;
  1.1542 +    crlGenData->rangeTo = 0;
  1.1543 +    crlGenData->crlExtHandle = NULL;
  1.1544 +
  1.1545 +    PORT_SetError(0);
  1.1546 +
  1.1547 +    return crlGenData;
  1.1548 +}
  1.1549 +
  1.1550 +void
  1.1551 +CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData)
  1.1552 +{
  1.1553 +    if (!crlGenData)
  1.1554 +        return;
  1.1555 +    if (crlGenData->src)
  1.1556 +        PR_Close(crlGenData->src);
  1.1557 +    PL_HashTableDestroy(crlGenData->entryDataHashTable);
  1.1558 +    PORT_Free(crlGenData);
  1.1559 +}
  1.1560 +
The Tor Browser / file diff

diff: security/nss/cmd/crlutil/crlgen.c

security/nss/cmd/crlutil/crlgen.c
