summaryrefslogtreecommitdiff
path: root/nss/lib/crmf/crmfpop.c
diff options
context:
space:
mode:
Diffstat (limited to 'nss/lib/crmf/crmfpop.c')
-rw-r--r--nss/lib/crmf/crmfpop.c459
1 files changed, 229 insertions, 230 deletions
diff --git a/nss/lib/crmf/crmfpop.c b/nss/lib/crmf/crmfpop.c
index 2d4e326..725f8c7 100644
--- a/nss/lib/crmf/crmfpop.c
+++ b/nss/lib/crmf/crmfpop.c
@@ -3,7 +3,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#include "crmf.h"
#include "crmfi.h"
#include "secasn1.h"
@@ -13,8 +12,8 @@
#define CRMF_DEFAULT_ALLOC_SIZE 1024U
SECStatus
-crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
- SECItem *derDest)
+crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg,
+ SECItem *derDest)
{
derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE);
if (derDest->data == NULL) {
@@ -24,18 +23,17 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE;
encoderArg->buffer = derDest;
return SECSuccess;
-
}
/* Caller should release or unmark the pool, instead of doing it here.
** But there are NO callers of this function at present...
*/
-SECStatus
+SECStatus
CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
{
CRMFProofOfPossession *pop;
- PLArenaPool *poolp;
- void *mark;
+ PLArenaPool *poolp;
+ void *mark;
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
poolp = inCertReqMsg->poolp;
@@ -49,13 +47,13 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
}
pop->popUsed = crmfRAVerified;
pop->popChoice.raVerified.data = NULL;
- pop->popChoice.raVerified.len = 0;
+ pop->popChoice.raVerified.len = 0;
inCertReqMsg->pop = pop;
(void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
&(pop->popChoice.raVerified),
CRMFRAVerifiedTemplate);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
@@ -71,14 +69,14 @@ crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey)
return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN);
}
-static SECAlgorithmID*
-crmf_create_poposignkey_algid(PLArenaPool *poolp,
- SECKEYPublicKey *inPubKey)
+static SECAlgorithmID *
+crmf_create_poposignkey_algid(PLArenaPool *poolp,
+ SECKEYPublicKey *inPubKey)
{
SECAlgorithmID *algID;
- SECOidTag tag;
- SECStatus rv;
- void *mark;
+ SECOidTag tag;
+ SECStatus rv;
+ void *mark;
mark = PORT_ArenaMark(poolp);
algID = PORT_ArenaZNew(poolp, SECAlgorithmID);
@@ -95,83 +93,85 @@ crmf_create_poposignkey_algid(PLArenaPool *poolp,
}
PORT_ArenaUnmark(poolp, mark);
return algID;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return NULL;
}
-static CRMFPOPOSigningKeyInput*
+static CRMFPOPOSigningKeyInput *
crmf_create_poposigningkeyinput(PLArenaPool *poolp, CERTCertificate *inCert,
- CRMFMACPasswordCallback fn, void *arg)
+ CRMFMACPasswordCallback fn, void *arg)
{
- /* PSM isn't going to do this, so we'll fail here for now.*/
- return NULL;
+ /* PSM isn't going to do this, so we'll fail here for now.*/
+ return NULL;
}
void
-crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
+crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len,
+ int depth, SEC_ASN1EncodingPart data_kind)
{
- struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg*)arg;
+ struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg *)arg;
unsigned char *cursor;
-
- if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
- int newSize = encoderArg->buffer->len+CRMF_DEFAULT_ALLOC_SIZE;
+
+ if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
+ int newSize = encoderArg->buffer->len + CRMF_DEFAULT_ALLOC_SIZE;
void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize);
- if (dummy == NULL) {
- /* I really want to return an error code here */
- PORT_Assert(0);
- return;
- }
- encoderArg->buffer->data = dummy;
- encoderArg->allocatedLen = newSize;
+ if (dummy == NULL) {
+ /* I really want to return an error code here */
+ PORT_Assert(0);
+ return;
+ }
+ encoderArg->buffer->data = dummy;
+ encoderArg->allocatedLen = newSize;
}
cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]);
- PORT_Memcpy (cursor, buf, len);
- encoderArg->buffer->len += len;
+ if (len) {
+ PORT_Memcpy(cursor, buf, len);
+ }
+ encoderArg->buffer->len += len;
}
static SECStatus
crmf_encode_certreq(CRMFCertRequest *inCertReq, SECItem *derDest)
{
struct crmfEncoderArg encoderArg;
- SECStatus rv;
-
- rv = crmf_init_encoder_callback_arg (&encoderArg, derDest);
+ SECStatus rv;
+
+ rv = crmf_init_encoder_callback_arg(&encoderArg, derDest);
if (rv != SECSuccess) {
return SECFailure;
}
- return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
- crmf_generic_encoder_callback, &encoderArg);
+ return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
+ crmf_generic_encoder_callback, &encoderArg);
}
static SECStatus
-crmf_sign_certreq(PLArenaPool *poolp,
- CRMFPOPOSigningKey *crmfSignKey,
- CRMFCertRequest *certReq,
- SECKEYPrivateKey *inKey,
- SECAlgorithmID *inAlgId)
+crmf_sign_certreq(PLArenaPool *poolp,
+ CRMFPOPOSigningKey *crmfSignKey,
+ CRMFCertRequest *certReq,
+ SECKEYPrivateKey *inKey,
+ SECAlgorithmID *inAlgId)
{
- SECItem derCertReq = { siBuffer, NULL, 0 };
- SECItem certReqSig = { siBuffer, NULL, 0 };
- SECStatus rv = SECSuccess;
+ SECItem derCertReq = { siBuffer, NULL, 0 };
+ SECItem certReqSig = { siBuffer, NULL, 0 };
+ SECStatus rv = SECSuccess;
rv = crmf_encode_certreq(certReq, &derCertReq);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
rv = SEC_SignData(&certReqSig, derCertReq.data, derCertReq.len,
- inKey,SECOID_GetAlgorithmTag(inAlgId));
+ inKey, SECOID_GetAlgorithmTag(inAlgId));
if (rv != SECSuccess) {
goto loser;
}
-
+
/* Now make it a part of the POPOSigningKey */
rv = SECITEM_CopyItem(poolp, &(crmfSignKey->signature), &certReqSig);
/* Convert this length to number of bits */
- crmfSignKey->signature.len <<= 3;
-
- loser:
+ crmfSignKey->signature.len <<= 3;
+
+loser:
if (derCertReq.data != NULL) {
PORT_Free(derCertReq.data);
}
@@ -182,87 +182,87 @@ crmf_sign_certreq(PLArenaPool *poolp,
}
static SECStatus
-crmf_create_poposignkey(PLArenaPool *poolp,
- CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOSigningKeyInput *signKeyInput,
- SECKEYPrivateKey *inPrivKey,
- SECAlgorithmID *inAlgID,
- CRMFPOPOSigningKey *signKey)
+crmf_create_poposignkey(PLArenaPool *poolp,
+ CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOSigningKeyInput *signKeyInput,
+ SECKEYPrivateKey *inPrivKey,
+ SECAlgorithmID *inAlgID,
+ CRMFPOPOSigningKey *signKey)
{
- CRMFCertRequest *certReq;
- void *mark;
- PRBool useSignKeyInput;
- SECStatus rv;
-
+ CRMFCertRequest *certReq;
+ void *mark;
+ PRBool useSignKeyInput;
+ SECStatus rv;
+
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL);
mark = PORT_ArenaMark(poolp);
if (signKey == NULL) {
goto loser;
}
certReq = inCertReqMsg->certReq;
- useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq,crmfSubject) &&
- CRMF_DoesRequestHaveField(certReq,crmfPublicKey));
+ useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq, crmfSubject) &&
+ CRMF_DoesRequestHaveField(certReq, crmfPublicKey));
if (useSignKeyInput) {
- goto loser;
+ goto loser;
} else {
- rv = crmf_sign_certreq(poolp, signKey, certReq,inPrivKey, inAlgID);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
- PORT_ArenaUnmark(poolp,mark);
+ PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp,mark);
+loser:
+ PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
SECStatus
-CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey,
- CERTCertificate *inCertForInput,
- CRMFMACPasswordCallback fn,
- void *arg)
+CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
+ SECKEYPrivateKey *inPrivKey,
+ SECKEYPublicKey *inPubKey,
+ CERTCertificate *inCertForInput,
+ CRMFMACPasswordCallback fn,
+ void *arg)
{
- SECAlgorithmID *algID;
- PLArenaPool *poolp;
- SECItem derTemp = {siBuffer, NULL, 0};
- void *mark;
- SECStatus rv;
+ SECAlgorithmID *algID;
+ PLArenaPool *poolp;
+ SECItem derTemp = { siBuffer, NULL, 0 };
+ void *mark;
+ SECStatus rv;
CRMFPOPOSigningKeyInput *signKeyInput = NULL;
- CRMFCertRequest *certReq;
- CRMFProofOfPossession *pop;
- struct crmfEncoderArg encoderArg;
+ CRMFCertRequest *certReq;
+ CRMFProofOfPossession *pop;
+ struct crmfEncoderArg encoderArg;
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL &&
- inCertReqMsg->pop == NULL);
+ inCertReqMsg->pop == NULL);
certReq = inCertReqMsg->certReq;
- if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice ||
- !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) {
+ if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice ||
+ !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) {
return SECFailure;
- }
+ }
poolp = inCertReqMsg->poolp;
mark = PORT_ArenaMark(poolp);
algID = crmf_create_poposignkey_algid(poolp, inPubKey);
- if(!CRMF_DoesRequestHaveField(certReq,crmfSubject)) {
+ if (!CRMF_DoesRequestHaveField(certReq, crmfSubject)) {
signKeyInput = crmf_create_poposigningkeyinput(poolp, inCertForInput,
- fn, arg);
- if (signKeyInput == NULL) {
- goto loser;
- }
+ fn, arg);
+ if (signKeyInput == NULL) {
+ goto loser;
+ }
}
pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
if (pop == NULL) {
goto loser;
}
-
- rv = crmf_create_poposignkey(poolp, inCertReqMsg,
- signKeyInput, inPrivKey, algID,
- &(pop->popChoice.signature));
+
+ rv = crmf_create_poposignkey(poolp, inCertReqMsg,
+ signKeyInput, inPrivKey, algID,
+ &(pop->popChoice.signature));
if (rv != SECSuccess) {
goto loser;
}
@@ -270,14 +270,14 @@ CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
pop->popUsed = crmfSignature;
pop->popChoice.signature.algorithmIdentifier = algID;
inCertReqMsg->pop = pop;
-
- rv = crmf_init_encoder_callback_arg (&encoderArg, &derTemp);
+
+ rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp);
if (rv != SECSuccess) {
goto loser;
}
- rv = SEC_ASN1Encode(&pop->popChoice.signature,
- CRMFPOPOSigningKeyTemplate,
- crmf_generic_encoder_callback, &encoderArg);
+ rv = SEC_ASN1Encode(&pop->popChoice.signature,
+ CRMFPOPOSigningKeyTemplate,
+ crmf_generic_encoder_callback, &encoderArg);
if (rv != SECSuccess) {
goto loser;
}
@@ -285,49 +285,49 @@ CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
if (rv != SECSuccess) {
goto loser;
}
- PORT_Free (derTemp.data);
- PORT_ArenaUnmark(poolp,mark);
+ PORT_Free(derTemp.data);
+ PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp,mark);
+loser:
+ PORT_ArenaRelease(poolp, mark);
if (derTemp.data != NULL) {
PORT_Free(derTemp.data);
}
return SECFailure;
}
-static const SEC_ASN1Template*
-crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey)
+static const SEC_ASN1Template *
+crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey)
{
const SEC_ASN1Template *retTemplate = NULL;
switch (inPrivKey->messageChoice) {
- case crmfThisMessage:
- retTemplate = CRMFThisMessageTemplate;
- break;
- case crmfSubsequentMessage:
- retTemplate = CRMFSubsequentMessageTemplate;
- break;
- case crmfDHMAC:
- retTemplate = CRMFDHMACTemplate;
- break;
- default:
- retTemplate = NULL;
+ case crmfThisMessage:
+ retTemplate = CRMFThisMessageTemplate;
+ break;
+ case crmfSubsequentMessage:
+ retTemplate = CRMFSubsequentMessageTemplate;
+ break;
+ case crmfDHMAC:
+ retTemplate = CRMFDHMACTemplate;
+ break;
+ default:
+ retTemplate = NULL;
}
return retTemplate;
}
static SECStatus
-crmf_encode_popoprivkey(PLArenaPool *poolp,
- CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey *popoPrivKey,
- const SEC_ASN1Template *privKeyTemplate)
+crmf_encode_popoprivkey(PLArenaPool *poolp,
+ CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKey *popoPrivKey,
+ const SEC_ASN1Template *privKeyTemplate)
{
- struct crmfEncoderArg encoderArg;
- SECItem derTemp = { siBuffer, NULL, 0 };
- SECStatus rv;
- void *mark;
+ struct crmfEncoderArg encoderArg;
+ SECItem derTemp = { siBuffer, NULL, 0 };
+ SECStatus rv;
+ void *mark;
const SEC_ASN1Template *subDerTemplate;
mark = PORT_ArenaMark(poolp);
@@ -336,21 +336,21 @@ crmf_encode_popoprivkey(PLArenaPool *poolp,
goto loser;
}
subDerTemplate = crmf_get_popoprivkey_subtemplate(popoPrivKey);
- /* We've got a union, so a pointer to one item is a pointer to
+ /* We've got a union, so a pointer to one item is a pointer to
* all the items in the union.
*/
- rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage,
- subDerTemplate,
- crmf_generic_encoder_callback, &encoderArg);
+ rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage,
+ subDerTemplate,
+ crmf_generic_encoder_callback, &encoderArg);
if (rv != SECSuccess) {
goto loser;
}
- if (encoderArg.allocatedLen > derTemp.len+2) {
- void *dummy = PORT_Realloc(derTemp.data, derTemp.len+2);
- if (dummy == NULL) {
- goto loser;
- }
- derTemp.data = dummy;
+ if (encoderArg.allocatedLen > derTemp.len + 2) {
+ void *dummy = PORT_Realloc(derTemp.data, derTemp.len + 2);
+ if (dummy == NULL) {
+ goto loser;
+ }
+ derTemp.data = dummy;
}
PORT_Memmove(&derTemp.data[2], &derTemp.data[0], derTemp.len);
/* I couldn't figure out how to get the ASN1 encoder to implicitly
@@ -367,7 +367,7 @@ crmf_encode_popoprivkey(PLArenaPool *poolp,
PORT_Free(derTemp.data);
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
if (derTemp.data) {
PORT_Free(derTemp.data);
@@ -375,29 +375,29 @@ crmf_encode_popoprivkey(PLArenaPool *poolp,
return SECFailure;
}
-static const SEC_ASN1Template*
-crmf_get_template_for_privkey(CRMFPOPChoice inChoice)
+static const SEC_ASN1Template *
+crmf_get_template_for_privkey(CRMFPOPChoice inChoice)
{
switch (inChoice) {
- case crmfKeyAgreement:
- return CRMFPOPOKeyAgreementTemplate;
- case crmfKeyEncipherment:
- return CRMFPOPOKeyEnciphermentTemplate;
- default:
- break;
+ case crmfKeyAgreement:
+ return CRMFPOPOKeyAgreementTemplate;
+ case crmfKeyEncipherment:
+ return CRMFPOPOKeyEnciphermentTemplate;
+ default:
+ break;
}
return NULL;
}
static SECStatus
crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
- CRMFPOPChoice inChoice)
+ CRMFPOPChoice inChoice)
{
- PLArenaPool *poolp;
- void *mark;
- CRMFPOPOPrivKey *popoPrivKey;
+ PLArenaPool *poolp;
+ void *mark;
+ CRMFPOPOPrivKey *popoPrivKey;
CRMFProofOfPossession *pop;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL);
poolp = inCertReqMsg->poolp;
@@ -409,14 +409,14 @@ crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
pop->popUsed = inChoice;
/* popChoice is a union, so getting a pointer to one
* field gives me a pointer to the other fields as
- * well. This in essence points to both
+ * well. This in essence points to both
* pop->popChoice.keyEncipherment and
* pop->popChoice.keyAgreement
*/
popoPrivKey = &pop->popChoice.keyEncipherment;
rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.thisMessage),
- encPrivKey);
+ encPrivKey);
if (rv != SECSuccess) {
goto loser;
}
@@ -424,27 +424,27 @@ crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
popoPrivKey->messageChoice = crmfThisMessage;
inCertReqMsg->pop = pop;
rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
- crmf_get_template_for_privkey(inChoice));
+ crmf_get_template_for_privkey(inChoice));
if (rv != SECSuccess) {
goto loser;
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
-
- loser:
+
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
static SECStatus
crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
- CRMFPOPChoice inChoice)
+ CRMFPOPChoice inChoice)
{
- PLArenaPool *poolp;
- void *mark;
- CRMFPOPOPrivKey *popoPrivKey;
+ PLArenaPool *poolp;
+ void *mark;
+ CRMFPOPOPrivKey *popoPrivKey;
CRMFProofOfPossession *pop;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(inCertReqMsg != NULL && dhmac != NULL);
poolp = inCertReqMsg->poolp;
@@ -471,22 +471,22 @@ crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
-
- loser:
+
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
static SECStatus
-crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
- CRMFSubseqMessOptions subsequentMessage,
- CRMFPOPChoice inChoice)
+crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
+ CRMFSubseqMessOptions subsequentMessage,
+ CRMFPOPChoice inChoice)
{
- void *mark;
- PLArenaPool *poolp;
+ void *mark;
+ PLArenaPool *poolp;
CRMFProofOfPossession *pop;
- CRMFPOPOPrivKey *popoPrivKey;
- SECStatus rv;
+ CRMFPOPOPrivKey *popoPrivKey;
+ SECStatus rv;
const SEC_ASN1Template *privKeyTemplate;
if (subsequentMessage == crmfNoSubseqMess) {
@@ -500,25 +500,25 @@ crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
}
pop->popUsed = inChoice;
- /*
+ /*
* We have a union, so a pointer to one member of the union
* is also a member to another member of that same union.
*/
popoPrivKey = &pop->popChoice.keyEncipherment;
switch (subsequentMessage) {
- case crmfEncrCert:
- rv = crmf_encode_integer(poolp,
- &(popoPrivKey->message.subsequentMessage),
- 0);
- break;
- case crmfChallengeResp:
- rv = crmf_encode_integer(poolp,
- &(popoPrivKey->message.subsequentMessage),
- 1);
- break;
- default:
- goto loser;
+ case crmfEncrCert:
+ rv = crmf_encode_integer(poolp,
+ &(popoPrivKey->message.subsequentMessage),
+ 0);
+ break;
+ case crmfChallengeResp:
+ rv = crmf_encode_integer(poolp,
+ &(popoPrivKey->message.subsequentMessage),
+ 1);
+ break;
+ default:
+ goto loser;
}
if (rv != SECSuccess) {
goto loser;
@@ -527,23 +527,23 @@ crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
privKeyTemplate = crmf_get_template_for_privkey(inChoice);
inCertReqMsg->pop = pop;
rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
- privKeyTemplate);
+ privKeyTemplate);
if (rv != SECSuccess) {
goto loser;
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
-SECStatus
-CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey)
+SECStatus
+CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKeyChoice inKeyChoice,
+ CRMFSubseqMessOptions subseqMess,
+ SECItem *encPrivKey)
{
SECStatus rv;
@@ -551,49 +551,48 @@ CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
return SECFailure;
}
- switch (inKeyChoice) {
- case crmfThisMessage:
- rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
- crmfKeyEncipherment);
- break;
- case crmfSubsequentMessage:
- rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
- crmfKeyEncipherment);
- break;
- case crmfDHMAC:
- default:
- rv = SECFailure;
+ switch (inKeyChoice) {
+ case crmfThisMessage:
+ rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
+ crmfKeyEncipherment);
+ break;
+ case crmfSubsequentMessage:
+ rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
+ crmfKeyEncipherment);
+ break;
+ case crmfDHMAC:
+ default:
+ rv = SECFailure;
}
return rv;
}
-SECStatus
-CRMF_CertReqMsgSetKeyAgreementPOP (CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey)
+SECStatus
+CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKeyChoice inKeyChoice,
+ CRMFSubseqMessOptions subseqMess,
+ SECItem *encPrivKey)
{
SECStatus rv;
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
- switch (inKeyChoice) {
- case crmfThisMessage:
- rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
- crmfKeyAgreement);
- break;
- case crmfSubsequentMessage:
- rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
- crmfKeyAgreement);
- break;
- case crmfDHMAC:
- /* In this case encPrivKey should be the calculated dhMac
- * as specified in RFC 2511 */
- rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey,
- crmfKeyAgreement);
- break;
- default:
- rv = SECFailure;
+ switch (inKeyChoice) {
+ case crmfThisMessage:
+ rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
+ crmfKeyAgreement);
+ break;
+ case crmfSubsequentMessage:
+ rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
+ crmfKeyAgreement);
+ break;
+ case crmfDHMAC:
+ /* In this case encPrivKey should be the calculated dhMac
+ * as specified in RFC 2511 */
+ rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey,
+ crmfKeyAgreement);
+ break;
+ default:
+ rv = SECFailure;
}
return rv;
}
-
View Lorry Controller Status