diff options
Diffstat (limited to 'nss/lib/crmf')
-rw-r--r-- | nss/lib/crmf/asn1cmn.c | 202 | ||||
-rw-r--r-- | nss/lib/crmf/challcli.c | 170 | ||||
-rw-r--r-- | nss/lib/crmf/cmmf.h | 504 | ||||
-rw-r--r-- | nss/lib/crmf/cmmfasn1.c | 85 | ||||
-rw-r--r-- | nss/lib/crmf/cmmfchal.c | 184 | ||||
-rw-r--r-- | nss/lib/crmf/cmmfi.h | 84 | ||||
-rw-r--r-- | nss/lib/crmf/cmmfit.h | 83 | ||||
-rw-r--r-- | nss/lib/crmf/cmmfrec.c | 204 | ||||
-rw-r--r-- | nss/lib/crmf/cmmfresp.c | 197 | ||||
-rw-r--r-- | nss/lib/crmf/cmmft.h | 24 | ||||
-rw-r--r-- | nss/lib/crmf/crmf.gyp | 43 | ||||
-rw-r--r-- | nss/lib/crmf/crmf.h | 591 | ||||
-rw-r--r-- | nss/lib/crmf/crmfcont.c | 973 | ||||
-rw-r--r-- | nss/lib/crmf/crmfdec.c | 315 | ||||
-rw-r--r-- | nss/lib/crmf/crmfenc.c | 45 | ||||
-rw-r--r-- | nss/lib/crmf/crmffut.h | 172 | ||||
-rw-r--r-- | nss/lib/crmf/crmfget.c | 305 | ||||
-rw-r--r-- | nss/lib/crmf/crmfi.h | 145 | ||||
-rw-r--r-- | nss/lib/crmf/crmfit.h | 140 | ||||
-rw-r--r-- | nss/lib/crmf/crmfpop.c | 459 | ||||
-rw-r--r-- | nss/lib/crmf/crmfreq.c | 519 | ||||
-rw-r--r-- | nss/lib/crmf/crmft.h | 68 | ||||
-rw-r--r-- | nss/lib/crmf/crmftmpl.c | 191 | ||||
-rw-r--r-- | nss/lib/crmf/encutil.c | 13 | ||||
-rw-r--r-- | nss/lib/crmf/exports.gyp | 37 | ||||
-rw-r--r-- | nss/lib/crmf/respcli.c | 75 | ||||
-rw-r--r-- | nss/lib/crmf/respcmn.c | 329 | ||||
-rw-r--r-- | nss/lib/crmf/servget.c | 580 |
28 files changed, 3363 insertions, 3374 deletions
diff --git a/nss/lib/crmf/asn1cmn.c b/nss/lib/crmf/asn1cmn.c index af86670..6cf469f 100644 --- a/nss/lib/crmf/asn1cmn.c +++ b/nss/lib/crmf/asn1cmn.c @@ -11,94 +11,94 @@ SEC_ASN1_MKSUB(SEC_IntegerTemplate) SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate) static const SEC_ASN1Template CMMFCertResponseTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse)}, - { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId)}, - { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status), - CMMFPKIStatusInfoTemplate}, - { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse) }, + { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId) }, + { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status), + CMMFPKIStatusInfoTemplate }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER, offsetof(CMMFCertResponse, certifiedKeyPair), - CMMFCertifiedKeyPairTemplate}, + CMMFCertifiedKeyPairTemplate }, { 0 } }; static const SEC_ASN1Template CMMFCertOrEncCertTemplate[] = { - { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL, - sizeof(CMMFCertOrEncCert)}, + { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL, + sizeof(CMMFCertOrEncCert) }, { 0 } }; const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair)}, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair) }, { SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert), CMMFCertOrEncCertTemplate }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0, offsetof(CMMFCertifiedKeyPair, privateKey), - CRMFEncryptedValueTemplate}, - { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | - SEC_ASN1_XTRN | 1, - offsetof (CMMFCertifiedKeyPair, derPublicationInfo), + CRMFEncryptedValueTemplate }, + { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 1, + offsetof(CMMFCertifiedKeyPair, derPublicationInfo), SEC_ASN1_SUB(SEC_AnyTemplate) }, { 0 } }; const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo)}, - { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status)}, - { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING, - offsetof(CMMFPKIStatusInfo, statusString)}, - { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING, - offsetof(CMMFPKIStatusInfo, failInfo)}, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo) }, + { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING, + offsetof(CMMFPKIStatusInfo, statusString) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING, + offsetof(CMMFPKIStatusInfo, failInfo) }, { 0 } }; const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = { - { SEC_ASN1_SEQUENCE_OF| SEC_ASN1_XTRN, 0, - SEC_ASN1_SUB(SEC_SignedCertificateTemplate)} + { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0, + SEC_ASN1_SUB(SEC_SignedCertificateTemplate) } }; const SEC_ASN1Template CMMFRandTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand)}, - { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer)}, - { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash)}, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand) }, + { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer) }, + { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash) }, { 0 } }; const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = { - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, + { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CMMFPOPODecKeyRespContent, responses), - SEC_ASN1_SUB(SEC_IntegerTemplate), - sizeof(CMMFPOPODecKeyRespContent)}, + SEC_ASN1_SUB(SEC_IntegerTemplate), + sizeof(CMMFPOPODecKeyRespContent) }, { 0 } }; const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | 1, 0, - CRMFEncryptedValueTemplate}, + CRMFEncryptedValueTemplate }, { 0 } }; const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, 0, - SEC_ASN1_SUB(SEC_SignedCertificateTemplate)}, + SEC_ASN1_SUB(SEC_SignedCertificateTemplate) }, { 0 } }; const SEC_ASN1Template CMMFCertRepContentTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent)}, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent) }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | - SEC_ASN1_CONTEXT_SPECIFIC | 1, + SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(CMMFCertRepContent, caPubs), CMMFSequenceOfCertsTemplate }, { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response), - CMMFCertResponseTemplate}, + CMMFCertResponseTemplate }, { 0 } }; static const SEC_ASN1Template CMMFChallengeTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge)}, - { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge) }, + { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN, offsetof(CMMFChallenge, owf), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) }, @@ -109,27 +109,27 @@ static const SEC_ASN1Template CMMFChallengeTemplate[] = { }; const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = { - { SEC_ASN1_SEQUENCE_OF,offsetof(CMMFPOPODecKeyChallContent, challenges), + { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFPOPODecKeyChallContent, challenges), CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) }, { 0 } }; SECStatus -cmmf_decode_process_cert_response(PLArenaPool *poolp, - CERTCertDBHandle *db, - CMMFCertResponse *inCertResp) +cmmf_decode_process_cert_response(PLArenaPool *poolp, + CERTCertDBHandle *db, + CMMFCertResponse *inCertResp) { SECStatus rv = SECSuccess; - + if (inCertResp->certifiedKeyPair != NULL) { - rv = cmmf_decode_process_certified_key_pair(poolp, - db, - inCertResp->certifiedKeyPair); + rv = cmmf_decode_process_certified_key_pair(poolp, + db, + inCertResp->certifiedKeyPair); } return rv; } -static CERTCertificate* +static CERTCertificate * cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert) { CERTCertificate *newCert; @@ -141,80 +141,76 @@ cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert) static CMMFCertOrEncCertChoice cmmf_get_certorenccertchoice_from_der(SECItem *der) { - CMMFCertOrEncCertChoice retChoice; - - switch(der->data[0] & 0x0f) { - case 0: - retChoice = cmmfCertificate; - break; - case 1: - retChoice = cmmfEncryptedCert; - break; - default: - retChoice = cmmfNoCertOrEncCert; - break; + CMMFCertOrEncCertChoice retChoice; + + switch (der->data[0] & 0x0f) { + case 0: + retChoice = cmmfCertificate; + break; + case 1: + retChoice = cmmfEncryptedCert; + break; + default: + retChoice = cmmfNoCertOrEncCert; + break; } return retChoice; } static SECStatus -cmmf_decode_process_certorenccert(PLArenaPool *poolp, - CERTCertDBHandle *db, - CMMFCertOrEncCert *inCertOrEncCert) +cmmf_decode_process_certorenccert(PLArenaPool *poolp, + CERTCertDBHandle *db, + CMMFCertOrEncCert *inCertOrEncCert) { SECStatus rv = SECSuccess; - inCertOrEncCert->choice = + inCertOrEncCert->choice = cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue); switch (inCertOrEncCert->choice) { - case cmmfCertificate: - { - /* The DER has implicit tagging, so we gotta switch it to - * un-tagged in order for the ASN1 parser to understand it. - * Saving the bits that were changed. - */ - inCertOrEncCert->derValue.data[0] = 0x30; - inCertOrEncCert->cert.certificate = - cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue); - if (inCertOrEncCert->cert.certificate == NULL) { - rv = SECFailure; - } - - } - break; - case cmmfEncryptedCert: - PORT_Assert(poolp); - if (!poolp) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - break; - } - inCertOrEncCert->cert.encryptedCert = - PORT_ArenaZNew(poolp, CRMFEncryptedValue); - if (inCertOrEncCert->cert.encryptedCert == NULL) { - rv = SECFailure; - break; - } - rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert, - CMMFCertOrEncCertEncryptedCertTemplate, - (const char*)inCertOrEncCert->derValue.data, - inCertOrEncCert->derValue.len); - break; - default: - rv = SECFailure; + case cmmfCertificate: { + /* The DER has implicit tagging, so we gotta switch it to + * un-tagged in order for the ASN1 parser to understand it. + * Saving the bits that were changed. + */ + inCertOrEncCert->derValue.data[0] = 0x30; + inCertOrEncCert->cert.certificate = + cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue); + if (inCertOrEncCert->cert.certificate == NULL) { + rv = SECFailure; + } + + } break; + case cmmfEncryptedCert: + PORT_Assert(poolp); + if (!poolp) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + break; + } + inCertOrEncCert->cert.encryptedCert = + PORT_ArenaZNew(poolp, CRMFEncryptedValue); + if (inCertOrEncCert->cert.encryptedCert == NULL) { + rv = SECFailure; + break; + } + rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert, + CMMFCertOrEncCertEncryptedCertTemplate, + (const char *)inCertOrEncCert->derValue.data, + inCertOrEncCert->derValue.len); + break; + default: + rv = SECFailure; } return rv; } -SECStatus -cmmf_decode_process_certified_key_pair(PLArenaPool *poolp, - CERTCertDBHandle *db, - CMMFCertifiedKeyPair *inCertKeyPair) +SECStatus +cmmf_decode_process_certified_key_pair(PLArenaPool *poolp, + CERTCertDBHandle *db, + CMMFCertifiedKeyPair *inCertKeyPair) { - return cmmf_decode_process_certorenccert (poolp, - db, - &inCertKeyPair->certOrEncCert); + return cmmf_decode_process_certorenccert(poolp, + db, + &inCertKeyPair->certOrEncCert); } - - diff --git a/nss/lib/crmf/challcli.c b/nss/lib/crmf/challcli.c index eaff349..a928438 100644 --- a/nss/lib/crmf/challcli.c +++ b/nss/lib/crmf/challcli.c @@ -10,12 +10,12 @@ #include "secder.h" #include "sechash.h" -CMMFPOPODecKeyChallContent* +CMMFPOPODecKeyChallContent * CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len) { - PLArenaPool *poolp; + PLArenaPool *poolp; CMMFPOPODecKeyChallContent *challContent; - SECStatus rv; + SECStatus rv; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { @@ -26,19 +26,19 @@ CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len) goto loser; } challContent->poolp = poolp; - rv = SEC_ASN1Decode(poolp, challContent, - CMMFPOPODecKeyChallContentTemplate, buf, len); + rv = SEC_ASN1Decode(poolp, challContent, + CMMFPOPODecKeyChallContentTemplate, buf, len); if (rv != SECSuccess) { goto loser; } if (challContent->challenges) { - while (challContent->challenges[challContent->numChallenges] != NULL) { - challContent->numChallenges++; - } - challContent->numAllocated = challContent->numChallenges; + while (challContent->challenges[challContent->numChallenges] != NULL) { + challContent->numChallenges++; + } + challContent->numAllocated = challContent->numChallenges; } return challContent; - loser: +loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } @@ -46,8 +46,7 @@ CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len) } int -CMMF_POPODecKeyChallContentGetNumChallenges - (CMMFPOPODecKeyChallContent *inKeyChallCont) +CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont) { PORT_Assert(inKeyChallCont != NULL); if (inKeyChallCont == NULL) { @@ -56,51 +55,50 @@ CMMF_POPODecKeyChallContentGetNumChallenges return inKeyChallCont->numChallenges; } -SECItem* -CMMF_POPODecKeyChallContentGetPublicValue - (CMMFPOPODecKeyChallContent *inKeyChallCont, - int inIndex) +SECItem * +CMMF_POPODecKeyChallContentGetPublicValue(CMMFPOPODecKeyChallContent *inKeyChallCont, + int inIndex) { PORT_Assert(inKeyChallCont != NULL); - if (inKeyChallCont == NULL || (inIndex > inKeyChallCont->numChallenges-1)|| - inIndex < 0) { + if (inKeyChallCont == NULL || (inIndex > inKeyChallCont->numChallenges - 1) || + inIndex < 0) { return NULL; } return SECITEM_DupItem(&inKeyChallCont->challenges[inIndex]->key); } -static SECAlgorithmID* -cmmf_get_owf(CMMFPOPODecKeyChallContent *inChalCont, - int inIndex) +static SECAlgorithmID * +cmmf_get_owf(CMMFPOPODecKeyChallContent *inChalCont, + int inIndex) { - int i; - - for (i=inIndex; i >= 0; i--) { - if (inChalCont->challenges[i]->owf != NULL) { - return inChalCont->challenges[i]->owf; - } - } - return NULL; + int i; + + for (i = inIndex; i >= 0; i--) { + if (inChalCont->challenges[i]->owf != NULL) { + return inChalCont->challenges[i]->owf; + } + } + return NULL; } -SECStatus +SECStatus CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont, - int inIndex, - SECKEYPrivateKey *inPrivKey) + int inIndex, + SECKEYPrivateKey *inPrivKey) { - CMMFChallenge *challenge; - SECItem *decryptedRand=NULL; - PLArenaPool *poolp = NULL; + CMMFChallenge *challenge; + SECItem *decryptedRand = NULL; + PLArenaPool *poolp = NULL; SECAlgorithmID *owf; - SECStatus rv = SECFailure; - SECOidTag tag; - CMMFRand randStr; - SECItem hashItem; - unsigned char hash[HASH_LENGTH_MAX]; + SECStatus rv = SECFailure; + SECOidTag tag; + CMMFRand randStr; + SECItem hashItem; + unsigned char hash[HASH_LENGTH_MAX]; PORT_Assert(inChalCont != NULL && inPrivKey != NULL); - if (inChalCont == NULL || inIndex <0 || inIndex > inChalCont->numChallenges - || inPrivKey == NULL){ + if (inChalCont == NULL || inIndex < 0 || inIndex > inChalCont->numChallenges || + inPrivKey == NULL) { return SECFailure; } @@ -114,21 +112,21 @@ CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont, if (decryptedRand == NULL) { goto loser; } - rv = PK11_PrivDecryptPKCS1(inPrivKey, decryptedRand->data, - &decryptedRand->len, decryptedRand->len, - challenge->challenge.data, challenge->challenge.len); + rv = PK11_PrivDecryptPKCS1(inPrivKey, decryptedRand->data, + &decryptedRand->len, decryptedRand->len, + challenge->challenge.data, challenge->challenge.len); if (rv != SECSuccess) { goto loser; } rv = SEC_ASN1DecodeItem(poolp, &randStr, CMMFRandTemplate, - decryptedRand); + decryptedRand); if (rv != SECSuccess) { goto loser; } rv = SECFailure; /* Just so that when we do go to loser, - * I won't have to set it again. - */ + * I won't have to set it again. + */ owf = cmmf_get_owf(inChalCont, inIndex); if (owf == NULL) { /* No hashing algorithm came with the challenges. Can't verify */ @@ -138,7 +136,7 @@ CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont, tag = SECOID_FindOIDTag(&owf->algorithm); hashItem.len = HASH_ResultLenByOidTag(tag); if (!hashItem.len) - goto loser; /* error code has been set */ + goto loser; /* error code has been set */ rv = PK11_HashBuf(tag, hash, randStr.integer.data, randStr.integer.len); if (rv != SECSuccess) { @@ -147,46 +145,44 @@ CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont, hashItem.data = hash; if (SECITEM_CompareItem(&hashItem, &challenge->witness) != SECEqual) { /* The hash for the data we decrypted doesn't match the hash provided - * in the challenge. Bail out. - */ - PORT_SetError(SEC_ERROR_BAD_DATA); + * in the challenge. Bail out. + */ + PORT_SetError(SEC_ERROR_BAD_DATA); rv = SECFailure; - goto loser; + goto loser; } - rv = PK11_HashBuf(tag, hash, challenge->senderDER.data, - challenge->senderDER.len); + rv = PK11_HashBuf(tag, hash, challenge->senderDER.data, + challenge->senderDER.len); if (rv != SECSuccess) { goto loser; } if (SECITEM_CompareItem(&hashItem, &randStr.senderHash) != SECEqual) { /* The hash for the data we decrypted doesn't match the hash provided - * in the challenge. Bail out. - */ - PORT_SetError(SEC_ERROR_BAD_DATA); + * in the challenge. Bail out. + */ + PORT_SetError(SEC_ERROR_BAD_DATA); rv = SECFailure; - goto loser; + goto loser; } /* All of the hashes have verified, so we can now store the integer away.*/ rv = SECITEM_CopyItem(inChalCont->poolp, &challenge->randomNumber, - &randStr.integer); - loser: + &randStr.integer); +loser: if (poolp) { - PORT_FreeArena(poolp, PR_FALSE); + PORT_FreeArena(poolp, PR_FALSE); } return rv; } SECStatus -CMMF_POPODecKeyChallContentGetRandomNumber - (CMMFPOPODecKeyChallContent *inKeyChallCont, - int inIndex, - long *inDest) +CMMF_POPODecKeyChallContentGetRandomNumber(CMMFPOPODecKeyChallContent *inKeyChallCont, + int inIndex, + long *inDest) { CMMFChallenge *challenge; - + PORT_Assert(inKeyChallCont != NULL); - if (inKeyChallCont == NULL || inIndex > 0 || inIndex >= - inKeyChallCont->numChallenges) { + if (inKeyChallCont == NULL || inIndex > 0 || inIndex >= inKeyChallCont->numChallenges) { return SECFailure; } challenge = inKeyChallCont->challenges[inIndex]; @@ -198,16 +194,16 @@ CMMF_POPODecKeyChallContentGetRandomNumber return (*inDest == -1) ? SECFailure : SECSuccess; } -SECStatus -CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand, - int inNumRand, - CRMFEncoderOutputCallback inCallback, - void *inArg) +SECStatus +CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand, + int inNumRand, + CRMFEncoderOutputCallback inCallback, + void *inArg) { PLArenaPool *poolp; CMMFPOPODecKeyRespContent *response; SECItem *currItem; - SECStatus rv=SECFailure; + SECStatus rv = SECFailure; int i; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); @@ -218,23 +214,23 @@ CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand, if (response == NULL) { goto loser; } - response->responses = PORT_ArenaZNewArray(poolp, SECItem*, inNumRand+1); + response->responses = PORT_ArenaZNewArray(poolp, SECItem *, inNumRand + 1); if (response->responses == NULL) { goto loser; } - for (i=0; i<inNumRand; i++) { - currItem = response->responses[i] = PORT_ArenaZNew(poolp,SECItem); - if (currItem == NULL) { - goto loser; - } - currItem = SEC_ASN1EncodeInteger(poolp, currItem, inDecodedRand[i]); - if (currItem == NULL) { - goto loser; - } + for (i = 0; i < inNumRand; i++) { + currItem = response->responses[i] = PORT_ArenaZNew(poolp, SECItem); + if (currItem == NULL) { + goto loser; + } + currItem = SEC_ASN1EncodeInteger(poolp, currItem, inDecodedRand[i]); + if (currItem == NULL) { + goto loser; + } } rv = cmmf_user_encode(response, inCallback, inArg, - CMMFPOPODecKeyRespContentTemplate); - loser: + CMMFPOPODecKeyRespContentTemplate); +loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } diff --git a/nss/lib/crmf/cmmf.h b/nss/lib/crmf/cmmf.h index b5b29a6..1e39a8d 100644 --- a/nss/lib/crmf/cmmf.h +++ b/nss/lib/crmf/cmmf.h @@ -6,7 +6,7 @@ #ifndef _CMMF_H_ #define _CMMF_H_ /* - * These are the functions exported by the security library for + * These are the functions exported by the security library for * implementing Certificate Management Message Formats (CMMF). * * This API is designed against July 1998 CMMF draft. Please read this @@ -25,20 +25,20 @@ SEC_BEGIN_PROTOS * INPUTS: * NONE * NOTES: - * This function will create an empty CMMFCertRepContent Structure. + * This function will create an empty CMMFCertRepContent Structure. * The client of the library must set the CMMFCertResponses. * Call CMMF_CertRepContentSetCertResponse to accomplish this task. - * If the client of the library also wants to include the chain of - * CA certs required to make the certificates in CMMFCertResponse valid, + * If the client of the library also wants to include the chain of + * CA certs required to make the certificates in CMMFCertResponse valid, * then the user must also set the caPubs field of CMMFCertRepContent. * Call CMMF_CertRepContentSetCAPubs to accomplish this. After setting - * the desired fields, the user can then call CMMF_EncodeCertRepContent + * the desired fields, the user can then call CMMF_EncodeCertRepContent * to DER-encode the CertRepContent. * RETURN: - * A pointer to the CMMFCertRepContent. A NULL return value indicates + * A pointer to the CMMFCertRepContent. A NULL return value indicates * an error in allocating memory or failure to initialize the structure. */ -extern CMMFCertRepContent* CMMF_CreateCertRepContent(void); +extern CMMFCertRepContent *CMMF_CreateCertRepContent(void); /* * FUNCTION: CMMF_CreateCertRepContentFromDER @@ -46,24 +46,24 @@ extern CMMFCertRepContent* CMMF_CreateCertRepContent(void); * db * The certificate database where the certificates will be placed. * The certificates will be placed in the temporary database associated - * with the handle. + * with the handle. * buf * A buffer to the DER-encoded CMMFCertRepContent * len * The length in bytes of the buffer 'buf' * NOTES: * This function passes the buffer to the ASN1 decoder and creates a - * CMMFCertRepContent structure. The user must call + * CMMFCertRepContent structure. The user must call * CMMF_DestroyCertRepContent after the return value is no longer needed. * * RETURN: * A pointer to the CMMFCertRepContent structure. A NULL return * value indicates the library was unable to parse the DER. */ -extern CMMFCertRepContent* - CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, - const char *buf, - long len); +extern CMMFCertRepContent * +CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, + const char *buf, + long len); /* * FUNCTION: CMMF_CreateCertResponse @@ -73,17 +73,17 @@ extern CMMFCertRepContent* * NOTES: * This creates a CMMFCertResponse. This response should correspond * to a request that was received via CRMF. From the CRMF message you - * can get the Request Id to pass in as inCertReqId, in essence binding + * can get the Request Id to pass in as inCertReqId, in essence binding * a CMRFCertRequest message to the CMMFCertResponse created by this * function. If no requuest id is associated with the response to create * then the user should pass in -1 for 'inCertReqId'. * * RETURN: - * A pointer to the new CMMFCertResponse corresponding to the request id - * passed in. A NULL return value indicates an error while trying to + * A pointer to the new CMMFCertResponse corresponding to the request id + * passed in. A NULL return value indicates an error while trying to * create the CMMFCertResponse. */ -extern CMMFCertResponse* CMMF_CreateCertResponse(long inCertReqId); +extern CMMFCertResponse *CMMF_CreateCertResponse(long inCertReqId); /* * FUNCTION: CMMF_CreateKeyRecRepContent @@ -91,7 +91,7 @@ extern CMMFCertResponse* CMMF_CreateCertResponse(long inCertReqId); * NONE * NOTES: * This function creates a new empty CMMFKeyRecRepContent structure. - * At the very minimum, the user must call + * At the very minimum, the user must call * CMMF_KeyRecRepContentSetPKIStatusInfoStatus field to have an * encodable structure. Depending on what the response is, the user may * have to set other fields as well to properly build up the structure so @@ -111,26 +111,26 @@ extern CMMFKeyRecRepContent *CMMF_CreateKeyRecRepContent(void); * FUNCTION: CMMF_CreateKeyRecRepContentFromDER * INPUTS: * db - * The handle for the certificate database where the decoded + * The handle for the certificate database where the decoded * certificates will be placed. The decoded certificates will - * be placed in the temporary database associated with the + * be placed in the temporary database associated with the * handle. * buf * A buffer contatining the DER-encoded CMMFKeyRecRepContent * len * The length in bytes of the buffer 'buf' * NOTES - * This function passes the buffer to the ASN1 decoder and creates a + * This function passes the buffer to the ASN1 decoder and creates a * CMMFKeyRecRepContent structure. * * RETURN: * A pointer to the CMMFKeyRecRepContent structure. A NULL return * value indicates the library was unable to parse the DER. */ -extern CMMFKeyRecRepContent* - CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, - const char *buf, - long len); +extern CMMFKeyRecRepContent * +CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, + const char *buf, + long len); /* * FUNCTION: CMMF_CreatePOPODecKeyChallContent @@ -139,18 +139,18 @@ extern CMMFKeyRecRepContent* * NOTES: * This function creates an empty CMMFPOPODecKeyChallContent. The user * must add the challenges individually specifying the random number to - * be used and the public key to be used when creating each individual - * challenge. User can accomplish this by calling the function + * be used and the public key to be used when creating each individual + * challenge. User can accomplish this by calling the function * CMMF_POPODecKeyChallContentSetNextChallenge. * RETURN: * A pointer to a CMMFPOPODecKeyChallContent structure. Ther user can * then call CMMF_EncodePOPODecKeyChallContent passing in the return - * value from this function after setting all of the challenges. A - * return value of NULL indicates an error while creating the + * value from this function after setting all of the challenges. A + * return value of NULL indicates an error while creating the * CMMFPOPODecKeyChallContent structure. */ -extern CMMFPOPODecKeyChallContent* - CMMF_CreatePOPODecKeyChallContent(void); +extern CMMFPOPODecKeyChallContent * +CMMF_CreatePOPODecKeyChallContent(void); /* * FUNCTION: CMMF_CreatePOPODecKeyChallContentFromDER @@ -161,14 +161,14 @@ extern CMMFPOPODecKeyChallContent* * The length in bytes of the buffer 'buf' * NOTES: * This function passes the buffer to the ASN1 decoder and creates a - * CMMFPOPODecKeyChallContent structure. + * CMMFPOPODecKeyChallContent structure. * * RETURN: * A pointer to the CMMFPOPODecKeyChallContent structure. A NULL return * value indicates the library was unable to parse the DER. */ -extern CMMFPOPODecKeyChallContent* - CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len); +extern CMMFPOPODecKeyChallContent * +CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len); /* * FUNCTION: CMMF_CreatePOPODecKeyRespContentFromDER @@ -178,15 +178,15 @@ extern CMMFPOPODecKeyChallContent* * len * The length in bytes of the buffer 'buf' * NOTES - * This function passes the buffer to the ASN1 decoder and creates a + * This function passes the buffer to the ASN1 decoder and creates a * CMMFPOPODecKeyRespContent structure. * * RETURN: * A pointer to the CMMFPOPODecKeyRespContent structure. A NULL return * value indicates the library was unable to parse the DER. */ -extern CMMFPOPODecKeyRespContent* - CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len); +extern CMMFPOPODecKeyRespContent * +CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len); /************************** Set Functions *************************/ @@ -196,16 +196,16 @@ extern CMMFPOPODecKeyRespContent* * inCertRepContent * The CMMFCertRepContent to operate on. * inCertResponses - * An array of pointers to CMMFCertResponse structures to + * An array of pointers to CMMFCertResponse structures to * add to the CMMFCertRepContent structure. * inNumResponses * The length of the array 'inCertResponses' * NOTES: - * This function will add the CMMFCertResponse structure to the - * CMMFCertRepContent passed in. The CMMFCertResponse field of + * This function will add the CMMFCertResponse structure to the + * CMMFCertRepContent passed in. The CMMFCertResponse field of * CMMFCertRepContent is required, so the client must call this function - * before calling CMMF_EncodeCertRepContent. If the user calls - * CMMF_EncodeCertRepContent before calling this function, + * before calling CMMF_EncodeCertRepContent. If the user calls + * CMMF_EncodeCertRepContent before calling this function, * CMMF_EncodeCertRepContent will fail. * * RETURN: @@ -213,10 +213,10 @@ extern CMMFPOPODecKeyRespContent* * structure was successful. Any other return value indicates an error * while trying to add the CMMFCertResponses. */ -extern SECStatus - CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent, - CMMFCertResponse **inCertResponses, - int inNumResponses); +extern SECStatus +CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent, + CMMFCertResponse **inCertResponses, + int inNumResponses); /* * FUNCTION: CMMF_CertRepContentSetCAPubs @@ -228,19 +228,19 @@ extern SECStatus * required to make the issued cert valid. * NOTES: * This function will set the the certificates in the CA chain as part - * of the CMMFCertRepContent. This field is an optional member of the + * of the CMMFCertRepContent. This field is an optional member of the * CMMFCertRepContent structure, so the client is not required to call * this function before calling CMMF_EncodeCertRepContent. * * RETURN: * SECSuccess if adding the 'inCAPubs' to the CERTRepContent was successful. - * Any other return value indicates an error while adding 'inCAPubs' to the + * Any other return value indicates an error while adding 'inCAPubs' to the * CMMFCertRepContent structure. - * + * */ -extern SECStatus - CMMF_CertRepContentSetCAPubs (CMMFCertRepContent *inCertRepContent, - CERTCertList *inCAPubs); +extern SECStatus +CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent, + CERTCertList *inCAPubs); /* * FUNCTION: CMMF_CertResponseSetPKIStatusInfoStatus @@ -250,7 +250,7 @@ extern SECStatus * inPKIStatus * The value to set for the PKIStatusInfo.status field. * NOTES: - * This function will set the CertResponse.status.status field of + * This function will set the CertResponse.status.status field of * the CMMFCertResponse structure. (View the definition of CertResponse * in the CMMF draft to see exactly which value this talks about.) This * field is a required member of the structure, so the user must call this @@ -260,9 +260,9 @@ extern SECStatus * SECSuccess if setting the field with the passed in value was successful. * Any other return value indicates an error while trying to set the field. */ -extern SECStatus - CMMF_CertResponseSetPKIStatusInfoStatus (CMMFCertResponse *inCertResp, - CMMFPKIStatus inPKIStatus); +extern SECStatus +CMMF_CertResponseSetPKIStatusInfoStatus(CMMFCertResponse *inCertResp, + CMMFPKIStatus inPKIStatus); /* * FUNCTION: CMMF_CertResponseSetCertificate @@ -270,7 +270,7 @@ extern SECStatus * inCertResp * The CMMFCertResponse to operate on. * inCertificate - * The certificate to add to the + * The certificate to add to the * CertResponse.CertifiedKeyPair.certOrEncCert.certificate field. * NOTES: * This function will take the certificate and make it a member of the @@ -282,13 +282,13 @@ extern SECStatus * Any other return value indicates an error in adding the certificate to * the CertResponse. */ -extern SECStatus - CMMF_CertResponseSetCertificate (CMMFCertResponse *inCertResp, - CERTCertificate *inCertificate); +extern SECStatus +CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp, + CERTCertificate *inCertificate); /* * FUNCTION: CMMF_KeyRecRepContentSetPKIStatusInfoStatus - * INPUTS: + * INPUTS: * inKeyRecRep * The CMMFKeyRecRepContent to operate on. * inPKIStatus @@ -296,17 +296,17 @@ extern SECStatus * NOTES: * This function sets the only required field for the KeyRecRepContent. * In most cases, the user will set this field and other fields of the - * structure to properly create the CMMFKeyRecRepContent structure. + * structure to properly create the CMMFKeyRecRepContent structure. * Refer to the CMMF draft to see which fields need to be set in order * to create the desired CMMFKeyRecRepContent. - * + * * RETURN: * SECSuccess if setting the PKIStatusInfo.status field was successful. * Any other return value indicates an error in setting the field. */ -extern SECStatus +extern SECStatus CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep, - CMMFPKIStatus inPKIStatus); + CMMFPKIStatus inPKIStatus); /* * FUNCTION: CMMF_KeyRecRepContentSetNewSignCert @@ -320,13 +320,13 @@ CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep, * structure. * * RETURN: - * SECSuccess if setting the new signing cert was successful. Any other + * SECSuccess if setting the new signing cert was successful. Any other * return value indicates an error occurred while trying to add the * new signing certificate. */ -extern SECStatus - CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep, - CERTCertificate *inNewSignCert); +extern SECStatus +CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep, + CERTCertificate *inNewSignCert); /* * FUNCTION: CMMF_KeyRecRepContentSetCACerts @@ -334,21 +334,21 @@ extern SECStatus * inKeyRecRep * The CMMFKeyRecRepContent to operate on. * inCACerts - * The list of CA certificates required to construct a valid + * The list of CA certificates required to construct a valid * certificate chain with the certificates that will be returned * to the end user via this KeyRecRepContent. * NOTES: * This function sets the caCerts that are required to form a chain with the - * end entity certificates that are being re-issued in this + * end entity certificates that are being re-issued in this * CMMFKeyRecRepContent structure. * * RETURN: * SECSuccess if adding the caCerts was successful. Any other return value * indicates an error while tring to add the caCerts. */ -extern SECStatus - CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep, - CERTCertList *inCACerts); +extern SECStatus +CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep, + CERTCertList *inCACerts); /* * FUNCTION: CMMF_KeyRecRepContentSetCertifiedKeyPair @@ -362,21 +362,21 @@ extern SECStatus * inPubKey * The public key to use for wrapping the private key. * NOTES: - * This function adds another certificate-key pair to the - * CMMFKeyRecRepcontent structure. There may be more than one - * certificate-key pair in the structure, so the user must call this + * This function adds another certificate-key pair to the + * CMMFKeyRecRepcontent structure. There may be more than one + * certificate-key pair in the structure, so the user must call this * function multiple times to add more than one cert-key pair. * * RETURN: * SECSuccess if adding the certified key pair was successful. Any other - * return value indicates an error in adding certified key pair to + * return value indicates an error in adding certified key pair to * CMMFKeyRecRepContent structure. */ -extern SECStatus - CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep, - CERTCertificate *inCert, - SECKEYPrivateKey *inPrivKey, - SECKEYPublicKey *inPubKey); +extern SECStatus +CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep, + CERTCertificate *inCert, + SECKEYPrivateKey *inPrivKey, + SECKEYPublicKey *inPubKey); /* * FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge @@ -392,15 +392,15 @@ extern SECStatus * passwdArg * This value will be passed to the function used for getting a * password. The password for getting a password should be registered - * by calling PK11_SetPasswordFunc before this function is called. - * If no password callback is registered and the library needs to + * by calling PK11_SetPasswordFunc before this function is called. + * If no password callback is registered and the library needs to * authenticate to the slot for any reason, this function will fail. * NOTES: * This function adds a challenge to the end of the list of challenges * contained by 'inDecKeyChall'. Refer to the CMMF draft on how the * the random number passed in and the sender's GeneralName are used * to generate the challenge and witness fields of the challenge. This - * library will use SHA1 as the one-way function for generating the + * library will use SHA1 as the one-way function for generating the * witess field of the challenge. * * RETURN: @@ -409,13 +409,11 @@ extern SECStatus * while trying to generate the challenge. */ extern SECStatus -CMMF_POPODecKeyChallContentSetNextChallenge - (CMMFPOPODecKeyChallContent *inDecKeyChall, - long inRandom, - CERTGeneralName *inSender, - SECKEYPublicKey *inPubKey, - void *passwdArg); - +CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall, + long inRandom, + CERTGeneralName *inSender, + SECKEYPublicKey *inPubKey, + void *passwdArg); /************************** Encoding Functions *************************/ @@ -425,30 +423,30 @@ CMMF_POPODecKeyChallContentSetNextChallenge * inCertRepContent * The CMMFCertRepContent to DER-encode. * inCallback - * A callback function that the ASN1 encoder will call whenever it - * wants to write out DER-encoded bytes. Look at the defintion of + * A callback function that the ASN1 encoder will call whenever it + * wants to write out DER-encoded bytes. Look at the defintion of * CRMFEncoderOutputCallback in crmft.h for a description of the * parameters to the function. * inArg * An opaque pointer to a user-supplied argument that will be passed * to the callback funtion whenever the function is called. * NOTES: - * The CMMF library will use the same DER-encoding scheme as the CRMF + * The CMMF library will use the same DER-encoding scheme as the CRMF * library. In other words, when reading CRMF comments that pertain to - * encoding, those comments apply to the CMMF libray as well. + * encoding, those comments apply to the CMMF libray as well. * The callback function will be called multiple times, each time supplying - * the next chunk of DER-encoded bytes. The user must concatenate the + * the next chunk of DER-encoded bytes. The user must concatenate the * output of each successive call to the callback in order to get the * entire DER-encoded CMMFCertRepContent structure. * * RETURN: - * SECSuccess if encoding the CMMFCertRepContent was successful. Any + * SECSuccess if encoding the CMMFCertRepContent was successful. Any * other return value indicates an error while decoding the structure. */ -extern SECStatus - CMMF_EncodeCertRepContent (CMMFCertRepContent *inCertRepContent, - CRMFEncoderOutputCallback inCallback, - void *inArg); +extern SECStatus +CMMF_EncodeCertRepContent(CMMFCertRepContent *inCertRepContent, + CRMFEncoderOutputCallback inCallback, + void *inArg); /* * FUNCTION: CMMF_EncodeKeyRecRepContent @@ -456,30 +454,30 @@ extern SECStatus * inKeyRecRep * The CMMFKeyRepContent to DER-encode. * inCallback - * A callback function that the ASN1 encoder will call whenever it - * wants to write out DER-encoded bytes. Look at the defintion of + * A callback function that the ASN1 encoder will call whenever it + * wants to write out DER-encoded bytes. Look at the defintion of * CRMFEncoderOutputCallback in crmft.h for a description of the * parameters to the function. * inArg * An opaque pointer to a user-supplied argument that will be passed * to the callback funtion whenever the function is called. * NOTES: - * The CMMF library will use the same DER-encoding scheme as the CRMF + * The CMMF library will use the same DER-encoding scheme as the CRMF * library. In other words, when reading CRMF comments that pertain to - * encoding, those comments apply to the CMMF libray as well. + * encoding, those comments apply to the CMMF libray as well. * The callback function will be called multiple times, each time supplying - * the next chunk of DER-encoded bytes. The user must concatenate the + * the next chunk of DER-encoded bytes. The user must concatenate the * output of each successive call to the callback in order to get the * entire DER-encoded CMMFCertRepContent structure. * * RETURN: - * SECSuccess if encoding the CMMFKeyRecRepContent was successful. Any + * SECSuccess if encoding the CMMFKeyRecRepContent was successful. Any * other return value indicates an error while decoding the structure. */ extern SECStatus - CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep, - CRMFEncoderOutputCallback inCallback, - void *inArg); +CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep, + CRMFEncoderOutputCallback inCallback, + void *inArg); /* * FUNCTION: CMMF_EncodePOPODecKeyChallContent @@ -487,19 +485,19 @@ extern SECStatus * inDecKeyChall * The CMMFDecKeyChallContent to operate on. * inCallback - * A callback function that the ASN1 encoder will call whenever it - * wants to write out DER-encoded bytes. Look at the defintion of + * A callback function that the ASN1 encoder will call whenever it + * wants to write out DER-encoded bytes. Look at the defintion of * CRMFEncoderOutputCallback in crmft.h for a description of the * parameters to the function. * inArg * An opaque pointer to a user-supplied argument that will be passed * to the callback function whenever the function is called. * NOTES: - * The CMMF library will use the same DER-encoding scheme as the CRMF + * The CMMF library will use the same DER-encoding scheme as the CRMF * library. In other words, when reading CRMF comments that pertain to - * encoding, those comments apply to the CMMF libray as well. + * encoding, those comments apply to the CMMF libray as well. * The callback function will be called multiple times, each time supplying - * the next chunk of DER-encoded bytes. The user must concatenate the + * the next chunk of DER-encoded bytes. The user must concatenate the * output of each successive call to the callback in order to get the * entire DER-encoded CMMFCertRepContent structure. * The DER will be an encoding of the type POPODecKeyChallContents, which @@ -509,34 +507,34 @@ extern SECStatus * SECSuccess if encoding was successful. Any other return value indicates * an error in trying to encode the Challenges. */ -extern SECStatus +extern SECStatus CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall, - CRMFEncoderOutputCallback inCallback, - void *inArg); + CRMFEncoderOutputCallback inCallback, + void *inArg); /* * FUNCTION: CMMF_EncodePOPODecKeyRespContent * INPUTS: * inDecodedRand - * An array of integers to encode as the responses to + * An array of integers to encode as the responses to * CMMFPOPODecKeyChallContent. The integers must be in the same order * as the challenges extracted from CMMFPOPODecKeyChallContent. * inNumRand * The number of random integers contained in the array 'inDecodedRand' * inCallback - * A callback function that the ASN1 encoder will call whenever it - * wants to write out DER-encoded bytes. Look at the defintion of + * A callback function that the ASN1 encoder will call whenever it + * wants to write out DER-encoded bytes. Look at the defintion of * CRMFEncoderOutputCallback in crmft.h for a description of the * parameters to the function. * inArg * An opaque pointer to a user-supplied argument that will be passed * to the callback funtion whenever the function is called. * NOTES: - * The CMMF library will use the same DER-encoding scheme as the CRMF + * The CMMF library will use the same DER-encoding scheme as the CRMF * library. In other words, when reading CRMF comments that pertain to - * encoding, those comments apply to the CMMF libray as well. + * encoding, those comments apply to the CMMF libray as well. * The callback function will be called multiple times, each time supplying - * the next chunk of DER-encoded bytes. The user must concatenate the + * the next chunk of DER-encoded bytes. The user must concatenate the * output of each successive call to the callback in order to get the * entire DER-encoded POPODecKeyRespContent. * @@ -544,11 +542,11 @@ CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall, * SECSuccess if encoding was successful. Any other return value indicates * an error in trying to encode the Challenges. */ -extern SECStatus - CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand, - int inNumRand, - CRMFEncoderOutputCallback inCallback, - void *inArg); +extern SECStatus +CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand, + int inNumRand, + CRMFEncoderOutputCallback inCallback, + void *inArg); /*************** Accessor function ***********************************/ @@ -560,27 +558,26 @@ extern SECStatus * NOTES: * This function will return a copy of the list of certificates that * make up the chain of CA's required to make the cert issued valid. - * The user must call CERT_DestroyCertList on the return value when - * done using the return value. + * The user must call CERT_DestroyCertList on the return value when + * done using the return value. * * Only call this function on a CertRepContent that has been decoded. * The client must call CERT_DestroyCertList when the certificate list - * is no longer needed. + * is no longer needed. * * The certs in the list will not be in the temporary database. In order * to make these certificates a part of the permanent CA internal database, - * the user must collect the der for all of these certs and call + * the user must collect the der for all of these certs and call * CERT_ImportCAChain. Afterwards the certs will be part of the permanent * database. - * + * * RETURN: - * A pointer to the CERTCertList representing the CA chain associated + * A pointer to the CERTCertList representing the CA chain associated * with the issued cert. A NULL return value indicates that no CA Pubs - * were available in the CMMFCertRepContent structure. + * were available in the CMMFCertRepContent structure. */ -extern CERTCertList* - CMMF_CertRepContentGetCAPubs (CMMFCertRepContent *inCertRepContent); - +extern CERTCertList * +CMMF_CertRepContentGetCAPubs(CMMFCertRepContent *inCertRepContent); /* * FUNCTION: CMMF_CertRepContentGetNumResponses @@ -590,12 +587,12 @@ extern CERTCertList* * NOTES: * This function will return the number of CertResponses that are contained * by the CMMFCertRepContent passed in. - * + * * RETURN: * The number of CMMFCertResponses contained in the structure passed in. */ -extern int - CMMF_CertRepContentGetNumResponses (CMMFCertRepContent *inCertRepContent); +extern int +CMMF_CertRepContentGetNumResponses(CMMFCertRepContent *inCertRepContent); /* * FUNCTION: CMMF_CertRepContentGetResponseAtIndex @@ -605,20 +602,20 @@ extern int * inIndex * The index of the CMMFCertResponse the user wants a copy of. * NOTES: - * This function creates a copy of the CMMFCertResponse at the index + * This function creates a copy of the CMMFCertResponse at the index * corresponding to the parameter 'inIndex'. Indexing is done like a * traditional C array, ie the valid indexes are (0...numResponses-1). - * The user must call CMMF_DestroyCertResponse after the return value is + * The user must call CMMF_DestroyCertResponse after the return value is * no longer needed. * * RETURN: - * A pointer to the CMMFCertResponse at the index corresponding to - * 'inIndex'. A return value of NULL indicates an error in copying + * A pointer to the CMMFCertResponse at the index corresponding to + * 'inIndex'. A return value of NULL indicates an error in copying * the CMMFCertResponse. */ -extern CMMFCertResponse* -CMMF_CertRepContentGetResponseAtIndex (CMMFCertRepContent *inCertRepContent, - int inIndex); +extern CMMFCertResponse * +CMMF_CertRepContentGetResponseAtIndex(CMMFCertRepContent *inCertRepContent, + int inIndex); /* * FUNCTION: CMMF_CertResponseGetCertReqId @@ -626,11 +623,11 @@ CMMF_CertRepContentGetResponseAtIndex (CMMFCertRepContent *inCertRepContent, * inCertResp * The CMMFCertResponse to operate on. * NOTES: - * This function returns the CertResponse.certReqId from the + * This function returns the CertResponse.certReqId from the * CMMFCertResponse structure passed in. If the return value is -1, that * means there is no associated certificate request with the CertResponse. * RETURN: - * A long representing the id of the certificate request this + * A long representing the id of the certificate request this * CMMFCertResponse corresponds to. A return value of -1 indicates an * error in extracting the value of the integer. */ @@ -642,7 +639,7 @@ extern long CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp); * inCertResp * The CMMFCertResponse to operate on. * NOTES: - * This function returns the CertResponse.status.status field of the + * This function returns the CertResponse.status.status field of the * CMMFCertResponse structure. * * RETURN: @@ -650,8 +647,8 @@ extern long CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp); * draft. See the CMMF draft for the definition of PKIStatus. See crmft.h * for the definition of CMMFPKIStatus. */ -extern CMMFPKIStatus - CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp); +extern CMMFPKIStatus +CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp); /* * FUNCTION: CMMF_CertResponseGetCertificate @@ -664,18 +661,18 @@ extern CMMFPKIStatus * NOTES: * This function retrieves the CertResponse.certifiedKeyPair.certificate * from the CMMFCertResponse. The user will get a copy of that certificate - * so the user must call CERT_DestroyCertificate when the return value is - * no longer needed. The certificate returned will be in the temporary + * so the user must call CERT_DestroyCertificate when the return value is + * no longer needed. The certificate returned will be in the temporary * certificate database. * * RETURN: - * A pointer to a copy of the certificate contained within the + * A pointer to a copy of the certificate contained within the * CMMFCertResponse. A return value of NULL indicates an error while trying * to make a copy of the certificate. */ -extern CERTCertificate* - CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp, - CERTCertDBHandle *inCertdb); +extern CERTCertificate * +CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp, + CERTCertDBHandle *inCertdb); /* * FUNCTION: CMMF_KeyRecRepContentGetPKIStatusInfoStatus @@ -683,13 +680,13 @@ extern CERTCertificate* * inKeyRecRep * The CMMFKeyRecRepContent structure to operate on. * NOTES: - * This function retrieves the KeyRecRepContent.status.status field of + * This function retrieves the KeyRecRepContent.status.status field of * the CMMFKeyRecRepContent structure. * RETURN: - * The CMMFPKIStatus corresponding to the value held in the + * The CMMFPKIStatus corresponding to the value held in the * CMMFKeyRecRepContent structure. */ -extern CMMFPKIStatus +extern CMMFPKIStatus CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep); /* @@ -699,15 +696,15 @@ CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep); * The CMMFKeyRecRepContent to operate on. * NOTES: * This function retrieves the KeyRecRepContent.newSignCert field of the - * CMMFKeyRecRepContent structure. The user must call + * CMMFKeyRecRepContent structure. The user must call * CERT_DestroyCertificate when the return value is no longer needed. The - * returned certificate will be in the temporary database. The user + * returned certificate will be in the temporary database. The user * must then place the certificate permanently in whatever token the * user determines is the proper destination. A return value of NULL * indicates the newSigCert field was not present. */ -extern CERTCertificate* - CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep); +extern CERTCertificate * +CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep); /* * FUNCTION: CMMF_KeyRecRepContentGetCACerts @@ -715,22 +712,22 @@ extern CERTCertificate* * inKeyRecRep * The CMMFKeyRecRepContent to operate on. * NOTES: - * This function returns a CERTCertList which contains all of the + * This function returns a CERTCertList which contains all of the * certficates that are in the sequence KeyRecRepContent.caCerts - * User must call CERT_DestroyCertList when the return value is no longer + * User must call CERT_DestroyCertList when the return value is no longer * needed. All of these certificates will be placed in the tempoaray * database. * * RETURN: * A pointer to the list of caCerts contained in the CMMFKeyRecRepContent - * structure. A return value of NULL indicates the library was not able to + * structure. A return value of NULL indicates the library was not able to * make a copy of the certifcates. This may be because there are no caCerts * included in the CMMFKeyRecRepContent strucure or an internal error. Call - * CMMF_KeyRecRepContentHasCACerts to find out if there are any caCerts + * CMMF_KeyRecRepContentHasCACerts to find out if there are any caCerts * included in 'inKeyRecRep'. */ -extern CERTCertList* - CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep); +extern CERTCertList * +CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep); /* * FUNCTION: CMMF_KeyRecRepContentGetNumKeyPairs @@ -741,8 +738,8 @@ extern CERTCertList* * This function returns the number of CMMFCertifiedKeyPair structures that * that are stored in the KeyRecRepContent structure. */ -extern int - CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep); +extern int +CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep); /* * FUNCTION: CMMF_KeyRecRepContentGetCertKeyAtIndex @@ -753,17 +750,17 @@ extern int * The index of the desired CMMFCertifiedKeyPair * NOTES: * This function retrieves the CMMFCertifiedKeyPair structure at the index - * 'inIndex'. Valid indexes are 0...(numKeyPairs-1) The user must call + * 'inIndex'. Valid indexes are 0...(numKeyPairs-1) The user must call * CMMF_DestroyCertifiedKeyPair when the return value is no longer needed. * * RETURN: * A pointer to the Certified Key Pair at the desired index. A return value - * of NULL indicates an error in extracting the Certified Key Pair at the + * of NULL indicates an error in extracting the Certified Key Pair at the * desired index. */ -extern CMMFCertifiedKeyPair* - CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep, - int inIndex); +extern CMMFCertifiedKeyPair * +CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep, + int inIndex); /* * FUNCTION: CMMF_CertifiedKeyPairGetCertificate @@ -774,21 +771,21 @@ extern CMMFCertifiedKeyPair* * The database handle for the database you want this certificate * to wind up in. * NOTES: - * This function retrieves the certificate at + * This function retrieves the certificate at * CertifiedKeyPair.certOrEncCert.certificate * The user must call CERT_DestroyCertificate when the return value is no * longer needed. The user must import this certificate as a token object * onto PKCS#11 slot in order to make it a permanent object. The returned * certificate will be in the temporary database. - * + * * RETURN: * A pointer to the certificate contained within the certified key pair. - * A return value of NULL indicates an error in creating the copy of the + * A return value of NULL indicates an error in creating the copy of the * certificate. */ -extern CERTCertificate* - CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair, - CERTCertDBHandle *inCertdb); +extern CERTCertificate * +CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair, + CERTCertDBHandle *inCertdb); /* * FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges @@ -796,11 +793,10 @@ extern CERTCertificate* * inKeyChallCont * The CMMFPOPODecKeyChallContent to operate on. * RETURN: - * This function returns the number of CMMFChallenges are contained in + * This function returns the number of CMMFChallenges are contained in * the CMMFPOPODecKeyChallContent structure. */ -extern int CMMF_POPODecKeyChallContentGetNumChallenges - (CMMFPOPODecKeyChallContent *inKeyChallCont); +extern int CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont); /* * FUNCTION: CMMF_POPODecKeyChallContentGetPublicValue @@ -816,14 +812,12 @@ extern int CMMF_POPODecKeyChallContentGetNumChallenges * This function retrieves the public value stored away in the Challenge at * index inIndex of inKeyChallCont. * RETURN: - * A pointer to a SECItem containing the public value. User must call + * A pointer to a SECItem containing the public value. User must call * SECITEM_FreeItem on the return value when the value is no longer necessary. * A return value of NULL indicates an error while retrieving the public value. */ -extern SECItem* CMMF_POPODecKeyChallContentGetPublicValue - (CMMFPOPODecKeyChallContent *inKeyChallCont, - int inIndex); - +extern SECItem *CMMF_POPODecKeyChallContentGetPublicValue(CMMFPOPODecKeyChallContent *inKeyChallCont, + int inIndex); /* * FUNCTION: CMMF_POPODecKeyChallContentGetRandomNumber @@ -839,9 +833,9 @@ extern SECItem* CMMF_POPODecKeyChallContentGetPublicValue * challenge. * NOTES: * This function returns the value held in the decrypted Rand structure - * corresponding to the random integer. The user must call - * CMMF_POPODecKeyChallContentDecryptChallenge before calling this function. Call - * CMMF_ChallengeIsDecrypted to find out if the challenge has been + * corresponding to the random integer. The user must call + * CMMF_POPODecKeyChallContentDecryptChallenge before calling this function. Call + * CMMF_ChallengeIsDecrypted to find out if the challenge has been * decrypted. * * RETURN: @@ -850,10 +844,9 @@ extern SECItem* CMMF_POPODecKeyChallContentGetPublicValue * Any other return value indicates an error and that the value at *inDest * is not a valid value. */ -extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber - (CMMFPOPODecKeyChallContent *inKeyChallCont, - int inIndex, - long *inDest); +extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber(CMMFPOPODecKeyChallContent *inKeyChallCont, + int inIndex, + long *inDest); /* * FUNCTION: CMMF_POPODecKeyRespContentGetNumResponses @@ -863,8 +856,8 @@ extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber * RETURN: * This function returns the number of responses contained in inRespContent. */ -extern int - CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont); +extern int +CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont); /* * FUNCTION: CMMF_POPODecKeyRespContentGetResponse @@ -876,22 +869,22 @@ extern int * The Nth response is at index N-1, ie the 1st response is at index 0, * the 2nd response is at index 1, and so on. * inDest - * A pointer to a pre-allocated buffer where the library can put the + * A pointer to a pre-allocated buffer where the library can put the * value of the response located at inIndex. * NOTES: - * The function returns the response contained at index inIndex. - * CMMFPOPODecKeyRespContent is a structure that the server will generally + * The function returns the response contained at index inIndex. + * CMMFPOPODecKeyRespContent is a structure that the server will generally * get in response to a CMMFPOPODecKeyChallContent. The server will expect - * to see the responses in the same order as it constructed them in + * to see the responses in the same order as it constructed them in * the CMMFPOPODecKeyChallContent structure. * RETURN: * SECSuccess if getting the response at the desired index was successful. Any * other return value indicates an errror. */ extern SECStatus - CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont, - int inIndex, - long *inDest); +CMMF_POPODecKeyRespContentGetResponse(CMMFPOPODecKeyRespContent *inRespCont, + int inIndex, + long *inDest); /************************* Destructor Functions ******************************/ @@ -918,12 +911,12 @@ extern SECStatus CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp); * This function frees the memory associated with the CMMFCertRepContent * passed in. * RETURN: - * SECSuccess if freeing all the memory associated with the - * CMMFCertRepContent passed in is successful. Any other return value + * SECSuccess if freeing all the memory associated with the + * CMMFCertRepContent passed in is successful. Any other return value * indicates an error while freeing the memory. */ -extern SECStatus - CMMF_DestroyCertRepContent (CMMFCertRepContent *inCertRepContent); +extern SECStatus +CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent); /* * FUNCTION: CMMF_DestroyKeyRecRepContent @@ -931,22 +924,22 @@ extern SECStatus * inKeyRecRep * The CMMFKeyRecRepContent to destroy. * NOTES: - * This function destroys all the memory associated with the + * This function destroys all the memory associated with the * CMMFKeyRecRepContent passed in. * * RETURN: - * SECSuccess if freeing all the memory is successful. Any other return + * SECSuccess if freeing all the memory is successful. Any other return * value indicates an error in freeing the memory. */ -extern SECStatus - CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep); +extern SECStatus +CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep); /* * FUNCTION: CMMF_DestroyCertifiedKeyPair * INPUTS: * inCertKeyPair * The CMMFCertifiedKeyPair to operate on. - * NOTES: + * NOTES: * This function frees up all the memory associated with 'inCertKeyPair' * * RETURN: @@ -954,8 +947,8 @@ extern SECStatus * is successful. Any other return value indicates an error while trying * to free the memory. */ -extern SECStatus - CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair); +extern SECStatus +CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair); /* * FUNCTION: CMMF_DestroyPOPODecKeyRespContent @@ -963,7 +956,7 @@ extern SECStatus * inDecKeyResp * The CMMFPOPODecKeyRespContent structure to free. * NOTES: - * This function frees up all the memory associate with the + * This function frees up all the memory associate with the * CMMFPOPODecKeyRespContent. * * RETURN: @@ -972,11 +965,10 @@ extern SECStatus * return value indicates an error while freeing the memory. */ extern SECStatus - CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp); - +CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp); /************************** Miscellaneous Functions *************************/ - + /* * FUNCTION: CMMF_CertifiedKeyPairUnwrapPrivKey * INPUTS: @@ -997,25 +989,25 @@ extern SECStatus * wincx * An opaque pointer that the library will use in a callback function * to get the password if necessary. - * + * * NOTES: * This function uses the private key passed in to unwrap the private key - * contained within the CMMFCertifiedKeyPair structure. After this + * contained within the CMMFCertifiedKeyPair structure. After this * function successfully returns, the private key has been unwrapped and - * placed in the specified slot. + * placed in the specified slot. * * RETURN: - * SECSuccess if unwrapping the private key was successful. Any other + * SECSuccess if unwrapping the private key was successful. Any other * return value indicates an error while trying to un-wrap the private key. */ -extern SECStatus - CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair, - SECKEYPrivateKey *inPrivKey, - SECItem *inNickName, - PK11SlotInfo *inSlot, - CERTCertDBHandle *inCertdb, - SECKEYPrivateKey **destPrivKey, - void *wincx); +extern SECStatus +CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair, + SECKEYPrivateKey *inPrivKey, + SECItem *inNickName, + PK11SlotInfo *inSlot, + CERTCertDBHandle *inCertdb, + SECKEYPrivateKey **destPrivKey, + void *wincx); /* * FUNCTION: CMMF_KeyRecRepContentHasCACerts @@ -1023,13 +1015,13 @@ extern SECStatus * inKeyRecRecp * The CMMFKeyRecRepContent to operate on. * RETURN: - * This function returns PR_TRUE if there are one or more certificates in + * This function returns PR_TRUE if there are one or more certificates in * the sequence KeyRecRepContent.caCerts within the CMMFKeyRecRepContent * structure. The function will return PR_FALSE if there are 0 certificate * in the above mentioned sequence. */ -extern PRBool - CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep); +extern PRBool +CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep); /* * FUNCTION: CMMF_POPODecKeyChallContDecryptChallenge @@ -1043,12 +1035,12 @@ extern PRBool * The private key to use to decrypt the witness field. * NOTES: * This function uses the private key to decrypt the challenge field - * contained in the appropriate challenge. Make sure the private key matches - * the public key that was used to encrypt the witness. Use + * contained in the appropriate challenge. Make sure the private key matches + * the public key that was used to encrypt the witness. Use * CMMF_POPODecKeyChallContentGetPublicValue to get the public value of * the key used to encrypt the witness and then use that to determine the * appropriate private key. This can be done by calling PK11_MakeIDFromPubKey - * and then passing that return value to PK11_FindKeyByKeyID. The creator of + * and then passing that return value to PK11_FindKeyByKeyID. The creator of * the challenge will most likely be an RA that has the public key * from a Cert request. So the private key should be the private key * associated with public key in that request. This function will also @@ -1057,17 +1049,17 @@ extern PRBool * * RETURN: * SECSuccess if decrypting the witness field was successful. This does - * not indicate that the decrypted data is valid, since the private key - * passed in may not be the actual key needed to properly decrypt the + * not indicate that the decrypted data is valid, since the private key + * passed in may not be the actual key needed to properly decrypt the * witness field. Meaning that there is a decrypted structure now, but * may be garbage because the private key was incorrect. * Any other return value indicates the function could not complete the * decryption process. */ -extern SECStatus - CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont, - int inIndex, - SECKEYPrivateKey *inPrivKey); +extern SECStatus +CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont, + int inIndex, + SECKEYPrivateKey *inPrivKey); /* * FUNCTION: CMMF_DestroyPOPODecKeyChallContent @@ -1075,16 +1067,16 @@ extern SECStatus * inDecKeyCont * The CMMFPOPODecKeyChallContent to free * NOTES: - * This function frees up all the memory associated with the - * CMMFPOPODecKeyChallContent + * This function frees up all the memory associated with the + * CMMFPOPODecKeyChallContent * RETURN: - * SECSuccess if freeing up all the memory associatd with the + * SECSuccess if freeing up all the memory associatd with the * CMMFPOPODecKeyChallContent is successful. Any other return value * indicates an error while freeing the memory. * */ -extern SECStatus - CMMF_DestroyPOPODecKeyChallContent (CMMFPOPODecKeyChallContent *inDecKeyCont); +extern SECStatus +CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont); SEC_END_PROTOS #endif /* _CMMF_H_ */ diff --git a/nss/lib/crmf/cmmfasn1.c b/nss/lib/crmf/cmmfasn1.c index 711d4ab..64915b3 100644 --- a/nss/lib/crmf/cmmfasn1.c +++ b/nss/lib/crmf/cmmfasn1.c @@ -11,50 +11,50 @@ SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate) static const SEC_ASN1Template CMMFSequenceOfCertifiedKeyPairsTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, 0, CMMFCertifiedKeyPairTemplate} + { SEC_ASN1_SEQUENCE_OF, 0, CMMFCertifiedKeyPairTemplate } }; static const SEC_ASN1Template CMMFKeyRecRepContentTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFKeyRecRepContent)}, - { SEC_ASN1_INLINE, offsetof(CMMFKeyRecRepContent, status), - CMMFPKIStatusInfoTemplate}, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | - SEC_ASN1_XTRN | 0, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFKeyRecRepContent) }, + { SEC_ASN1_INLINE, offsetof(CMMFKeyRecRepContent, status), + CMMFPKIStatusInfoTemplate }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 0, offsetof(CMMFKeyRecRepContent, newSigCert), - SEC_ASN1_SUB(SEC_SignedCertificateTemplate)}, + SEC_ASN1_SUB(SEC_SignedCertificateTemplate) }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(CMMFKeyRecRepContent, caCerts), - CMMFSequenceOfCertsTemplate}, + CMMFSequenceOfCertsTemplate }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 2, offsetof(CMMFKeyRecRepContent, keyPairHist), - CMMFSequenceOfCertifiedKeyPairsTemplate}, + CMMFSequenceOfCertifiedKeyPairsTemplate }, { 0 } }; SECStatus -CMMF_EncodeCertRepContent (CMMFCertRepContent *inCertRepContent, - CRMFEncoderOutputCallback inCallback, - void *inArg) +CMMF_EncodeCertRepContent(CMMFCertRepContent *inCertRepContent, + CRMFEncoderOutputCallback inCallback, + void *inArg) { return cmmf_user_encode(inCertRepContent, inCallback, inArg, - CMMFCertRepContentTemplate); + CMMFCertRepContentTemplate); } SECStatus CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall, - CRMFEncoderOutputCallback inCallback, - void *inArg) + CRMFEncoderOutputCallback inCallback, + void *inArg) { return cmmf_user_encode(inDecKeyChall, inCallback, inArg, - CMMFPOPODecKeyChallContentTemplate); + CMMFPOPODecKeyChallContentTemplate); } -CMMFPOPODecKeyRespContent* +CMMFPOPODecKeyRespContent * CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len) { - PLArenaPool *poolp; + PLArenaPool *poolp; CMMFPOPODecKeyRespContent *decKeyResp; - SECStatus rv; + SECStatus rv; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { @@ -66,13 +66,13 @@ CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len) } decKeyResp->poolp = poolp; rv = SEC_ASN1Decode(poolp, decKeyResp, CMMFPOPODecKeyRespContentTemplate, - buf, len); + buf, len); if (rv != SECSuccess) { goto loser; } return decKeyResp; - - loser: + +loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } @@ -80,21 +80,21 @@ CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len) } SECStatus -CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep, - CRMFEncoderOutputCallback inCallback, - void *inArg) +CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep, + CRMFEncoderOutputCallback inCallback, + void *inArg) { return cmmf_user_encode(inKeyRecRep, inCallback, inArg, - CMMFKeyRecRepContentTemplate); + CMMFKeyRecRepContentTemplate); } -CMMFKeyRecRepContent* -CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf, - long len) +CMMFKeyRecRepContent * +CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf, + long len) { - PLArenaPool *poolp; + PLArenaPool *poolp; CMMFKeyRecRepContent *keyRecContent; - SECStatus rv; + SECStatus rv; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { @@ -106,27 +106,26 @@ CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf, } keyRecContent->poolp = poolp; rv = SEC_ASN1Decode(poolp, keyRecContent, CMMFKeyRecRepContentTemplate, - buf, len); + buf, len); if (rv != SECSuccess) { goto loser; } if (keyRecContent->keyPairHist != NULL) { - while(keyRecContent->keyPairHist[keyRecContent->numKeyPairs] != NULL) { - rv = cmmf_decode_process_certified_key_pair(poolp, db, - keyRecContent->keyPairHist[keyRecContent->numKeyPairs]); - if (rv != SECSuccess) { - goto loser; - } - keyRecContent->numKeyPairs++; - } - keyRecContent->allocKeyPairs = keyRecContent->numKeyPairs; + while (keyRecContent->keyPairHist[keyRecContent->numKeyPairs] != NULL) { + rv = cmmf_decode_process_certified_key_pair(poolp, db, + keyRecContent->keyPairHist[keyRecContent->numKeyPairs]); + if (rv != SECSuccess) { + goto loser; + } + keyRecContent->numKeyPairs++; + } + keyRecContent->allocKeyPairs = keyRecContent->numKeyPairs; } keyRecContent->isDecoded = PR_TRUE; return keyRecContent; - loser: +loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } return NULL; } - diff --git a/nss/lib/crmf/cmmfchal.c b/nss/lib/crmf/cmmfchal.c index bf0b7ba..2fee983 100644 --- a/nss/lib/crmf/cmmfchal.c +++ b/nss/lib/crmf/cmmfchal.c @@ -14,51 +14,52 @@ #include "keyhi.h" static int -cmmf_create_witness_and_challenge(PLArenaPool *poolp, - CMMFChallenge *challenge, - long inRandom, - SECItem *senderDER, - SECKEYPublicKey *inPubKey, - void *passwdArg) +cmmf_create_witness_and_challenge(PLArenaPool *poolp, + CMMFChallenge *challenge, + long inRandom, + SECItem *senderDER, + SECKEYPublicKey *inPubKey, + void *passwdArg) { - SECItem *encodedRandNum; - SECItem encodedRandStr = {siBuffer, NULL, 0}; - SECItem *dummy; - unsigned char *randHash, *senderHash, *encChal=NULL; - unsigned modulusLen = 0; - SECStatus rv = SECFailure; - CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}}; - PK11SlotInfo *slot; - PK11SymKey *symKey = NULL; + SECItem *encodedRandNum; + SECItem encodedRandStr = { siBuffer, NULL, 0 }; + SECItem *dummy; + unsigned char *randHash, *senderHash, *encChal = NULL; + unsigned modulusLen = 0; + SECStatus rv = SECFailure; + CMMFRand randStr = { { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 } }; + PK11SlotInfo *slot; + PK11SymKey *symKey = NULL; CERTSubjectPublicKeyInfo *spki = NULL; - encodedRandNum = SEC_ASN1EncodeInteger(poolp, &challenge->randomNumber, - inRandom); - encodedRandNum = &challenge->randomNumber; - randHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH); + inRandom); + if (!encodedRandNum) { + goto loser; + } + randHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH); senderHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH); if (randHash == NULL) { goto loser; } - rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data, - (PRUint32)encodedRandNum->len); + rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data, + (PRUint32)encodedRandNum->len); if (rv != SECSuccess) { goto loser; } rv = PK11_HashBuf(SEC_OID_SHA1, senderHash, senderDER->data, - (PRUint32)senderDER->len); + (PRUint32)senderDER->len); if (rv != SECSuccess) { goto loser; } challenge->witness.data = randHash; - challenge->witness.len = SHA1_LENGTH; + challenge->witness.len = SHA1_LENGTH; - randStr.integer = *encodedRandNum; + randStr.integer = *encodedRandNum; randStr.senderHash.data = senderHash; - randStr.senderHash.len = SHA1_LENGTH; - dummy = SEC_ASN1EncodeItem(NULL, &encodedRandStr, &randStr, - CMMFRandTemplate); + randStr.senderHash.len = SHA1_LENGTH; + dummy = SEC_ASN1EncodeItem(NULL, &encodedRandStr, &randStr, + CMMFRandTemplate); if (dummy != &encodedRandStr) { rv = SECFailure; goto loser; @@ -70,7 +71,7 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, rv = SECFailure; goto loser; } - slot =PK11_GetBestSlotWithAttributes(CKM_RSA_PKCS, CKF_WRAP, 0, passwdArg); + slot = PK11_GetBestSlotWithAttributes(CKM_RSA_PKCS, CKF_WRAP, 0, passwdArg); if (slot == NULL) { rv = SECFailure; goto loser; @@ -83,23 +84,23 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, * the PK11 libraries depend on. */ symKey = PK11_ImportSymKey(slot, CKM_RSA_PKCS, PK11_OriginGenerated, - CKA_VALUE, &encodedRandStr, passwdArg); + CKA_VALUE, &encodedRandStr, passwdArg); if (symKey == NULL) { rv = SECFailure; - goto loser; + goto loser; } challenge->challenge.data = encChal; - challenge->challenge.len = modulusLen; - rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, inPubKey, symKey, - &challenge->challenge); + challenge->challenge.len = modulusLen; + rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, inPubKey, symKey, + &challenge->challenge); PK11_FreeSlot(slot); if (rv != SECSuccess) { - goto loser; + goto loser; } rv = SECITEM_CopyItem(poolp, &challenge->senderDER, senderDER); crmf_get_public_value(inPubKey, &challenge->key); - /* Fall through */ - loser: +/* Fall through */ +loser: if (spki != NULL) { SECKEY_DestroySubjectPublicKeyInfo(spki); } @@ -116,17 +117,17 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, } static SECStatus -cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent, - long inRandom, - SECItem *senderDER, - SECKEYPublicKey *inPubKey, - void *passwdArg) +cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent, + long inRandom, + SECItem *senderDER, + SECKEYPublicKey *inPubKey, + void *passwdArg) { - SECOidData *oidData; - CMMFChallenge *challenge; + SECOidData *oidData; + CMMFChallenge *challenge; SECAlgorithmID *algId; - PLArenaPool *poolp; - SECStatus rv; + PLArenaPool *poolp; + SECStatus rv; oidData = SECOID_FindOIDByTag(SEC_OID_SHA1); if (oidData == NULL) { @@ -145,15 +146,15 @@ cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent, if (rv != SECSuccess) { return SECFailure; } - rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom, - senderDER, inPubKey, passwdArg); + rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom, + senderDER, inPubKey, passwdArg); challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL; challContent->numChallenges++; - return rv ; + return rv; } -CMMFPOPODecKeyChallContent* -CMMF_CreatePOPODecKeyChallContent (void) +CMMFPOPODecKeyChallContent * +CMMF_CreatePOPODecKeyChallContent(void) { PLArenaPool *poolp; CMMFPOPODecKeyChallContent *challContent; @@ -165,32 +166,31 @@ CMMF_CreatePOPODecKeyChallContent (void) challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent); if (challContent == NULL) { PORT_FreeArena(poolp, PR_FALSE); - return NULL; + return NULL; } challContent->poolp = poolp; return challContent; } SECStatus -CMMF_POPODecKeyChallContentSetNextChallenge - (CMMFPOPODecKeyChallContent *inDecKeyChall, - long inRandom, - CERTGeneralName *inSender, - SECKEYPublicKey *inPubKey, - void *passwdArg) +CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall, + long inRandom, + CERTGeneralName *inSender, + SECKEYPublicKey *inPubKey, + void *passwdArg) { - CMMFChallenge *curChallenge; - PLArenaPool *genNamePool = NULL, *poolp; - SECStatus rv; - SECItem *genNameDER; - void *mark; + CMMFChallenge *curChallenge; + PLArenaPool *genNamePool = NULL, *poolp; + SECStatus rv; + SECItem *genNameDER; + void *mark; - PORT_Assert (inDecKeyChall != NULL && - inSender != NULL && - inPubKey != NULL); + PORT_Assert(inDecKeyChall != NULL && + inSender != NULL && + inPubKey != NULL); - if (inDecKeyChall == NULL || - inSender == NULL || inPubKey == NULL) { + if (inDecKeyChall == NULL || + inSender == NULL || inPubKey == NULL) { return SECFailure; } poolp = inDecKeyChall->poolp; @@ -204,8 +204,8 @@ CMMF_POPODecKeyChallContentSetNextChallenge } if (inDecKeyChall->challenges == NULL) { inDecKeyChall->challenges = - PORT_ArenaZNewArray(poolp, CMMFChallenge*,(CMMF_MAX_CHALLENGES+1)); - inDecKeyChall->numAllocated = CMMF_MAX_CHALLENGES; + PORT_ArenaZNewArray(poolp, CMMFChallenge *, (CMMF_MAX_CHALLENGES + 1)); + inDecKeyChall->numAllocated = CMMF_MAX_CHALLENGES; } if (inDecKeyChall->numChallenges >= inDecKeyChall->numAllocated) { @@ -214,22 +214,22 @@ CMMF_POPODecKeyChallContentSetNextChallenge } if (inDecKeyChall->numChallenges == 0) { - rv = cmmf_create_first_challenge(inDecKeyChall, inRandom, - genNameDER, inPubKey, passwdArg); + rv = cmmf_create_first_challenge(inDecKeyChall, inRandom, + genNameDER, inPubKey, passwdArg); } else { curChallenge = PORT_ArenaZNew(poolp, CMMFChallenge); - if (curChallenge == NULL) { - rv = SECFailure; - goto loser; - } - rv = cmmf_create_witness_and_challenge(poolp, curChallenge, inRandom, - genNameDER, inPubKey, - passwdArg); - if (rv == SECSuccess) { - inDecKeyChall->challenges[inDecKeyChall->numChallenges] = - curChallenge; - inDecKeyChall->numChallenges++; - } + if (curChallenge == NULL) { + rv = SECFailure; + goto loser; + } + rv = cmmf_create_witness_and_challenge(poolp, curChallenge, inRandom, + genNameDER, inPubKey, + passwdArg); + if (rv == SECSuccess) { + inDecKeyChall->challenges[inDecKeyChall->numChallenges] = + curChallenge; + inDecKeyChall->numChallenges++; + } } if (rv != SECSuccess) { goto loser; @@ -238,7 +238,7 @@ CMMF_POPODecKeyChallContentSetNextChallenge PORT_FreeArena(genNamePool, PR_FALSE); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); if (genNamePool != NULL) { PORT_FreeArena(genNamePool, PR_FALSE); @@ -257,7 +257,7 @@ CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp) return SECSuccess; } -int +int CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont) { int numResponses = 0; @@ -268,20 +268,20 @@ CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont) } while (inRespCont->responses[numResponses] != NULL) { - numResponses ++; + numResponses++; } return numResponses; } SECStatus -CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont, - int inIndex, - long *inDest) +CMMF_POPODecKeyRespContentGetResponse(CMMFPOPODecKeyRespContent *inRespCont, + int inIndex, + long *inDest) { PORT_Assert(inRespCont != NULL); - - if (inRespCont == NULL || inIndex < 0 || - inIndex >= CMMF_POPODecKeyRespContentGetNumResponses(inRespCont)) { + + if (inRespCont == NULL || inIndex < 0 || + inIndex >= CMMF_POPODecKeyRespContentGetNumResponses(inRespCont)) { return SECFailure; } *inDest = DER_GetInteger(inRespCont->responses[inIndex]); diff --git a/nss/lib/crmf/cmmfi.h b/nss/lib/crmf/cmmfi.h index bfe3cb0..9336ccf 100644 --- a/nss/lib/crmf/cmmfi.h +++ b/nss/lib/crmf/cmmfi.h @@ -14,7 +14,7 @@ #include "crmfi.h" #define CMMF_MAX_CHALLENGES 10 -#define CMMF_MAX_KEY_PAIRS 50 +#define CMMF_MAX_KEY_PAIRS 50 /* * Some templates that the code will need to implement CMMF. @@ -27,72 +27,66 @@ extern const SEC_ASN1Template CMMFSequenceOfCertsTemplate[]; extern const SEC_ASN1Template CMMFPKIStatusInfoTemplate[]; extern const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[]; - /* - * Some utility functions that are shared by multiple files in this + * Some utility functions that are shared by multiple files in this * implementation. */ -extern SECStatus cmmf_CopyCertResponse (PLArenaPool *poolp, - CMMFCertResponse *dest, - CMMFCertResponse *src); +extern SECStatus cmmf_CopyCertResponse(PLArenaPool *poolp, + CMMFCertResponse *dest, + CMMFCertResponse *src); -extern SECStatus cmmf_CopyPKIStatusInfo (PLArenaPool *poolp, - CMMFPKIStatusInfo *dest, - CMMFPKIStatusInfo *src); +extern SECStatus cmmf_CopyPKIStatusInfo(PLArenaPool *poolp, + CMMFPKIStatusInfo *dest, + CMMFPKIStatusInfo *src); -extern SECStatus cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, - CMMFCertifiedKeyPair *dest, - CMMFCertifiedKeyPair *src); +extern SECStatus cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, + CMMFCertifiedKeyPair *dest, + CMMFCertifiedKeyPair *src); -extern SECStatus cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info, - PRBool freeit); +extern SECStatus cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info, + PRBool freeit); -extern SECStatus cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, - PRBool freeit); +extern SECStatus cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, + PRBool freeit); -extern SECStatus cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo, - PLArenaPool *poolp, - CMMFPKIStatus inStatus); +extern SECStatus cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo, + PLArenaPool *poolp, + CMMFPKIStatus inStatus); -extern SECStatus cmmf_ExtractCertsFromList(CERTCertList *inCertList, - PLArenaPool *poolp, - CERTCertificate ***certArray); +extern SECStatus cmmf_ExtractCertsFromList(CERTCertList *inCertList, + PLArenaPool *poolp, + CERTCertificate ***certArray); -extern SECStatus - cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert, - PLArenaPool *poolp, - CERTCertificate *inCert); +extern SECStatus +cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert, + PLArenaPool *poolp, + CERTCertificate *inCert); -extern CMMFPKIStatus - cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus); +extern CMMFPKIStatus +cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus); -extern CERTCertList* - cmmf_MakeCertList(CERTCertificate **inCerts); +extern CERTCertList * +cmmf_MakeCertList(CERTCertificate **inCerts); -extern CERTCertificate* +extern CERTCertificate * cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert, - CERTCertDBHandle *certdb); + CERTCertDBHandle *certdb); extern SECStatus -cmmf_decode_process_cert_response(PLArenaPool *poolp, - CERTCertDBHandle *db, - CMMFCertResponse *inCertResp); +cmmf_decode_process_cert_response(PLArenaPool *poolp, + CERTCertDBHandle *db, + CMMFCertResponse *inCertResp); extern SECStatus -cmmf_decode_process_certified_key_pair(PLArenaPool *poolp, - CERTCertDBHandle *db, - CMMFCertifiedKeyPair *inCertKeyPair); +cmmf_decode_process_certified_key_pair(PLArenaPool *poolp, + CERTCertDBHandle *db, + CMMFCertifiedKeyPair *inCertKeyPair); extern SECStatus cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg, - const SEC_ASN1Template *inTemplate); + const SEC_ASN1Template *inTemplate); extern SECStatus -cmmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src); +cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src); #endif /*_CMMFI_H_*/ - - - - - diff --git a/nss/lib/crmf/cmmfit.h b/nss/lib/crmf/cmmfit.h index 84f81c3..014413f 100644 --- a/nss/lib/crmf/cmmfit.h +++ b/nss/lib/crmf/cmmfit.h @@ -14,23 +14,23 @@ * ------------- ------- * 0 granted- got exactly what you asked for. * - * 1 grantedWithMods-got something like what you asked + * 1 grantedWithMods-got something like what you asked * for;requester is responsible for ascertainging the * differences. * - * 2 rejection-you don't get what you asked for; more + * 2 rejection-you don't get what you asked for; more * information elsewhere in the message * - * 3 waiting-the request body part has not yet been + * 3 waiting-the request body part has not yet been * processed, expect to hear more later. * - * 4 revocationWarning-this message contains a warning + * 4 revocationWarning-this message contains a warning * that a revocation is imminent. * - * 5 revocationNotification-notification that a + * 5 revocationNotification-notification that a * revocation has occurred. * - * 6 keyUpdateWarning-update already done for the + * 6 keyUpdateWarning-update already done for the * oldCertId specified in FullCertTemplate. */ @@ -41,76 +41,75 @@ struct CMMFPKIStatusInfoStr { }; struct CMMFCertOrEncCertStr { - union { - CERTCertificate *certificate; + union { + CERTCertificate *certificate; CRMFEncryptedValue *encryptedCert; } cert; CMMFCertOrEncCertChoice choice; - SECItem derValue; + SECItem derValue; }; struct CMMFCertifiedKeyPairStr { - CMMFCertOrEncCert certOrEncCert; + CMMFCertOrEncCert certOrEncCert; CRMFEncryptedValue *privateKey; - SECItem derPublicationInfo; /* We aren't creating - * PKIPublicationInfo's, so - * we'll store away the der - * here if we decode one that - * does have pubInfo. - */ + SECItem derPublicationInfo; /* We aren't creating + * PKIPublicationInfo's, so + * we'll store away the der + * here if we decode one that + * does have pubInfo. + */ SECItem unwrappedPrivKey; }; struct CMMFCertResponseStr { - SECItem certReqId; - CMMFPKIStatusInfo status; /*PKIStatusInfo*/ + SECItem certReqId; + CMMFPKIStatusInfo status; /*PKIStatusInfo*/ CMMFCertifiedKeyPair *certifiedKeyPair; }; struct CMMFCertRepContentStr { - CERTCertificate **caPubs; + CERTCertificate **caPubs; CMMFCertResponse **response; - PLArenaPool *poolp; - PRBool isDecoded; + PLArenaPool *poolp; + PRBool isDecoded; }; struct CMMFChallengeStr { - SECAlgorithmID *owf; - SECItem witness; - SECItem senderDER; - SECItem key; - SECItem challenge; - SECItem randomNumber; + SECAlgorithmID *owf; + SECItem witness; + SECItem senderDER; + SECItem key; + SECItem challenge; + SECItem randomNumber; }; struct CMMFRandStr { - SECItem integer; - SECItem senderHash; + SECItem integer; + SECItem senderHash; CERTGeneralName *sender; }; struct CMMFPOPODecKeyChallContentStr { CMMFChallenge **challenges; - PLArenaPool *poolp; - int numChallenges; - int numAllocated; + PLArenaPool *poolp; + int numChallenges; + int numAllocated; }; struct CMMFPOPODecKeyRespContentStr { - SECItem **responses; - PLArenaPool *poolp; + SECItem **responses; + PLArenaPool *poolp; }; struct CMMFKeyRecRepContentStr { - CMMFPKIStatusInfo status; /* PKIStatusInfo */ - CERTCertificate *newSigCert; - CERTCertificate **caCerts; + CMMFPKIStatusInfo status; /* PKIStatusInfo */ + CERTCertificate *newSigCert; + CERTCertificate **caCerts; CMMFCertifiedKeyPair **keyPairHist; - PLArenaPool *poolp; - int numKeyPairs; - int allocKeyPairs; - PRBool isDecoded; + PLArenaPool *poolp; + int numKeyPairs; + int allocKeyPairs; + PRBool isDecoded; }; #endif /* _CMMFIT_H_ */ - diff --git a/nss/lib/crmf/cmmfrec.c b/nss/lib/crmf/cmmfrec.c index 880e846..5dfe1fc 100644 --- a/nss/lib/crmf/cmmfrec.c +++ b/nss/lib/crmf/cmmfrec.c @@ -4,7 +4,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* - * This file will implement the functions related to key recovery in + * This file will implement the functions related to key recovery in * CMMF */ @@ -13,10 +13,10 @@ #include "secitem.h" #include "keyhi.h" -CMMFKeyRecRepContent* +CMMFKeyRecRepContent * CMMF_CreateKeyRecRepContent(void) { - PLArenaPool *poolp; + PLArenaPool *poolp; CMMFKeyRecRepContent *keyRecContent; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); @@ -26,7 +26,7 @@ CMMF_CreateKeyRecRepContent(void) keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent); if (keyRecContent == NULL) { PORT_FreeArena(poolp, PR_FALSE); - return NULL; + return NULL; } keyRecContent->poolp = poolp; return keyRecContent; @@ -37,25 +37,24 @@ CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep) { PORT_Assert(inKeyRecRep != NULL); if (inKeyRecRep != NULL && inKeyRecRep->poolp != NULL) { - int i; + int i; - if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert != NULL) { - CERT_DestroyCertificate(inKeyRecRep->newSigCert); - } - if (inKeyRecRep->caCerts != NULL) { - for (i=0; inKeyRecRep->caCerts[i] != NULL; i++) { - CERT_DestroyCertificate(inKeyRecRep->caCerts[i]); - } - } - if (inKeyRecRep->keyPairHist != NULL) { - for (i=0; inKeyRecRep->keyPairHist[i] != NULL; i++) { - if (inKeyRecRep->keyPairHist[i]->certOrEncCert.choice == - cmmfCertificate) { - CERT_DestroyCertificate(inKeyRecRep->keyPairHist[i]-> - certOrEncCert.cert.certificate); - } - } - } + if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert != NULL) { + CERT_DestroyCertificate(inKeyRecRep->newSigCert); + } + if (inKeyRecRep->caCerts != NULL) { + for (i = 0; inKeyRecRep->caCerts[i] != NULL; i++) { + CERT_DestroyCertificate(inKeyRecRep->caCerts[i]); + } + } + if (inKeyRecRep->keyPairHist != NULL) { + for (i = 0; inKeyRecRep->keyPairHist[i] != NULL; i++) { + if (inKeyRecRep->keyPairHist[i]->certOrEncCert.choice == + cmmfCertificate) { + CERT_DestroyCertificate(inKeyRecRep->keyPairHist[i]->certOrEncCert.cert.certificate); + } + } + } PORT_FreeArena(inKeyRecRep->poolp, PR_TRUE); } return SECSuccess; @@ -63,49 +62,49 @@ CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep) SECStatus CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep, - CMMFPKIStatus inPKIStatus) + CMMFPKIStatus inPKIStatus) { PORT_Assert(inKeyRecRep != NULL && inPKIStatus >= cmmfGranted && - inPKIStatus < cmmfNumPKIStatus); + inPKIStatus < cmmfNumPKIStatus); if (inKeyRecRep == NULL) { return SECFailure; } - - return cmmf_PKIStatusInfoSetStatus(&inKeyRecRep->status, - inKeyRecRep->poolp, - inPKIStatus); + + return cmmf_PKIStatusInfoSetStatus(&inKeyRecRep->status, + inKeyRecRep->poolp, + inPKIStatus); } SECStatus CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep, - CERTCertificate *inNewSignCert) + CERTCertificate *inNewSignCert) { - PORT_Assert (inKeyRecRep != NULL && inNewSignCert != NULL); + PORT_Assert(inKeyRecRep != NULL && inNewSignCert != NULL); if (inKeyRecRep == NULL || inNewSignCert == NULL) { return SECFailure; } if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert) { - CERT_DestroyCertificate(inKeyRecRep->newSigCert); + CERT_DestroyCertificate(inKeyRecRep->newSigCert); } inKeyRecRep->isDecoded = PR_FALSE; inKeyRecRep->newSigCert = CERT_DupCertificate(inNewSignCert); - return (inKeyRecRep->newSigCert == NULL) ? SECFailure : SECSuccess; + return (inKeyRecRep->newSigCert == NULL) ? SECFailure : SECSuccess; } SECStatus CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep, - CERTCertList *inCACerts) + CERTCertList *inCACerts) { SECStatus rv; void *mark; - PORT_Assert (inKeyRecRep != NULL && inCACerts != NULL); + PORT_Assert(inKeyRecRep != NULL && inCACerts != NULL); if (inKeyRecRep == NULL || inCACerts == NULL) { return SECFailure; } mark = PORT_ArenaMark(inKeyRecRep->poolp); rv = cmmf_ExtractCertsFromList(inCACerts, inKeyRecRep->poolp, - &inKeyRecRep->caCerts); + &inKeyRecRep->caCerts); if (rv != SECSuccess) { PORT_ArenaRelease(inKeyRecRep->poolp, mark); } else { @@ -116,49 +115,49 @@ CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep, SECStatus CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep, - CERTCertificate *inCert, - SECKEYPrivateKey *inPrivKey, - SECKEYPublicKey *inPubKey) + CERTCertificate *inCert, + SECKEYPrivateKey *inPrivKey, + SECKEYPublicKey *inPubKey) { CMMFCertifiedKeyPair *keyPair; - CRMFEncryptedValue *dummy; - PLArenaPool *poolp; - void *mark; - SECStatus rv; + CRMFEncryptedValue *dummy; + PLArenaPool *poolp; + void *mark; + SECStatus rv; - PORT_Assert (inKeyRecRep != NULL && - inCert != NULL && - inPrivKey != NULL && - inPubKey != NULL); + PORT_Assert(inKeyRecRep != NULL && + inCert != NULL && + inPrivKey != NULL && + inPubKey != NULL); if (inKeyRecRep == NULL || - inCert == NULL || - inPrivKey == NULL || - inPubKey == NULL) { + inCert == NULL || + inPrivKey == NULL || + inPubKey == NULL) { return SECFailure; } poolp = inKeyRecRep->poolp; mark = PORT_ArenaMark(poolp); if (inKeyRecRep->keyPairHist == NULL) { - inKeyRecRep->keyPairHist = PORT_ArenaNewArray(poolp, - CMMFCertifiedKeyPair*, - (CMMF_MAX_KEY_PAIRS+1)); - if (inKeyRecRep->keyPairHist == NULL) { - goto loser; - } - inKeyRecRep->allocKeyPairs = CMMF_MAX_KEY_PAIRS; - inKeyRecRep->numKeyPairs = 0; + inKeyRecRep->keyPairHist = PORT_ArenaNewArray(poolp, + CMMFCertifiedKeyPair *, + (CMMF_MAX_KEY_PAIRS + 1)); + if (inKeyRecRep->keyPairHist == NULL) { + goto loser; + } + inKeyRecRep->allocKeyPairs = CMMF_MAX_KEY_PAIRS; + inKeyRecRep->numKeyPairs = 0; } if (inKeyRecRep->allocKeyPairs == inKeyRecRep->numKeyPairs) { goto loser; } - + keyPair = PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair); if (keyPair == NULL) { goto loser; } rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert, - poolp, inCert); + poolp, inCert); if (rv != SECSuccess) { goto loser; } @@ -166,12 +165,12 @@ CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep, if (keyPair->privateKey == NULL) { goto loser; } - dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, inPubKey, - keyPair->privateKey); + dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, inPubKey, + keyPair->privateKey); PORT_Assert(dummy == keyPair->privateKey); if (dummy != keyPair->privateKey) { crmf_destroy_encrypted_value(dummy, PR_TRUE); - goto loser; + goto loser; } inKeyRecRep->keyPairHist[inKeyRecRep->numKeyPairs] = keyPair; inKeyRecRep->numKeyPairs++; @@ -179,7 +178,7 @@ CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep, PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } @@ -194,12 +193,12 @@ CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep) return cmmf_PKIStatusInfoGetStatus(&inKeyRecRep->status); } -CERTCertificate* +CERTCertificate * CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep) { PORT_Assert(inKeyRecRep != NULL); - if (inKeyRecRep == NULL || - inKeyRecRep->newSigCert == NULL) { + if (inKeyRecRep == NULL || + inKeyRecRep->newSigCert == NULL) { return NULL; } /* newSigCert may not be a real certificate, it may be a hand decoded @@ -208,12 +207,12 @@ CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep) * portion so that we never wind up with a half formed CERTCertificate * here. In this case the call would be to CERT_DupCertificate. */ - return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), - &inKeyRecRep->newSigCert->signatureWrap.data, - NULL, PR_FALSE, PR_TRUE); + return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), + &inKeyRecRep->newSigCert->signatureWrap.data, + NULL, PR_FALSE, PR_TRUE); } -CERTCertList* +CERTCertList * CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep) { PORT_Assert(inKeyRecRep != NULL); @@ -223,7 +222,7 @@ CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep) return cmmf_MakeCertList(inKeyRecRep->caCerts); } -int +int CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep) { PORT_Assert(inKeyRecRep != NULL); @@ -232,87 +231,86 @@ CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep) PRBool cmmf_KeyRecRepContentIsValidIndex(CMMFKeyRecRepContent *inKeyRecRep, - int inIndex) + int inIndex) { int numKeyPairs = CMMF_KeyRecRepContentGetNumKeyPairs(inKeyRecRep); - + return (PRBool)(inIndex >= 0 && inIndex < numKeyPairs); } -CMMFCertifiedKeyPair* +CMMFCertifiedKeyPair * CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep, - int inIndex) + int inIndex) { CMMFCertifiedKeyPair *newKeyPair; - SECStatus rv; + SECStatus rv; PORT_Assert(inKeyRecRep != NULL && - cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex)); + cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex)); if (inKeyRecRep == NULL || - !cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex)) { + !cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex)) { return NULL; } newKeyPair = PORT_ZNew(CMMFCertifiedKeyPair); if (newKeyPair == NULL) { return NULL; } - rv = cmmf_CopyCertifiedKeyPair(NULL, newKeyPair, - inKeyRecRep->keyPairHist[inIndex]); + rv = cmmf_CopyCertifiedKeyPair(NULL, newKeyPair, + inKeyRecRep->keyPairHist[inIndex]); if (rv != SECSuccess) { CMMF_DestroyCertifiedKeyPair(newKeyPair); - newKeyPair = NULL; + newKeyPair = NULL; } return newKeyPair; } -SECStatus +SECStatus CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair, - SECKEYPrivateKey *inPrivKey, - SECItem *inNickName, - PK11SlotInfo *inSlot, - CERTCertDBHandle *inCertdb, - SECKEYPrivateKey **destPrivKey, - void *wincx) + SECKEYPrivateKey *inPrivKey, + SECItem *inNickName, + PK11SlotInfo *inSlot, + CERTCertDBHandle *inCertdb, + SECKEYPrivateKey **destPrivKey, + void *wincx) { CERTCertificate *cert; - SECItem keyUsageValue = {siBuffer, NULL, 0}; + SECItem keyUsageValue = { siBuffer, NULL, 0 }; unsigned char keyUsage = 0x0; SECKEYPublicKey *pubKey; SECStatus rv; PORT_Assert(inKeyPair != NULL && - inPrivKey != NULL && inCertdb != NULL); - if (inKeyPair == NULL || - inPrivKey == NULL || - inKeyPair->privateKey == NULL || - inCertdb == NULL) { + inPrivKey != NULL && inCertdb != NULL); + if (inKeyPair == NULL || + inPrivKey == NULL || + inKeyPair->privateKey == NULL || + inCertdb == NULL) { return SECFailure; } - + cert = CMMF_CertifiedKeyPairGetCertificate(inKeyPair, inCertdb); CERT_FindKeyUsageExtension(cert, &keyUsageValue); if (keyUsageValue.data != NULL) { keyUsage = keyUsageValue.data[3]; - PORT_Free(keyUsageValue.data); + PORT_Free(keyUsageValue.data); } pubKey = CERT_ExtractPublicKey(cert); rv = crmf_encrypted_value_unwrap_priv_key(NULL, inKeyPair->privateKey, - inPrivKey, pubKey, - inNickName, inSlot, keyUsage, - destPrivKey, wincx); + inPrivKey, pubKey, + inNickName, inSlot, keyUsage, + destPrivKey, wincx); SECKEY_DestroyPublicKey(pubKey); CERT_DestroyCertificate(cert); return rv; } - -PRBool +PRBool CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep) { PORT_Assert(inKeyRecRep != NULL); if (inKeyRecRep == NULL) { return PR_FALSE; } - return (PRBool)(inKeyRecRep->caCerts != NULL && - inKeyRecRep->caCerts[0] != NULL); + return (PRBool)(inKeyRecRep->caCerts != NULL && + inKeyRecRep->caCerts[0] != NULL); } diff --git a/nss/lib/crmf/cmmfresp.c b/nss/lib/crmf/cmmfresp.c index 420bbe4..c4b59b8 100644 --- a/nss/lib/crmf/cmmfresp.c +++ b/nss/lib/crmf/cmmfresp.c @@ -4,7 +4,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* - * This file will contain all routines dealing with creating a + * This file will contain all routines dealing with creating a * CMMFCertRepContent structure through Create/Set functions. */ @@ -15,11 +15,11 @@ #include "secitem.h" #include "secder.h" -CMMFCertRepContent* +CMMFCertRepContent * CMMF_CreateCertRepContent(void) { CMMFCertRepContent *retCertRep; - PLArenaPool *poolp; + PLArenaPool *poolp; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { @@ -31,47 +31,47 @@ CMMF_CreateCertRepContent(void) } retCertRep->poolp = poolp; return retCertRep; - loser: +loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } return NULL; } -SECStatus +SECStatus cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert, - PLArenaPool *poolp, - CERTCertificate *inCert) + PLArenaPool *poolp, + CERTCertificate *inCert) { - SECItem *derDest = NULL; - SECStatus rv = SECFailure; + SECItem *derDest = NULL; + SECStatus rv = SECFailure; if (inCert->derCert.data == NULL) { - derDest = SEC_ASN1EncodeItem(NULL, NULL, inCert, - CMMFCertOrEncCertCertificateTemplate); - if (derDest == NULL) { - goto loser; - } + derDest = SEC_ASN1EncodeItem(NULL, NULL, inCert, + CMMFCertOrEncCertCertificateTemplate); + if (derDest == NULL) { + goto loser; + } } else { derDest = SECITEM_DupItem(&inCert->derCert); - if (derDest == NULL) { - goto loser; - } + if (derDest == NULL) { + goto loser; + } } PORT_Assert(certOrEncCert->cert.certificate == NULL); certOrEncCert->cert.certificate = CERT_DupCertificate(inCert); certOrEncCert->choice = cmmfCertificate; if (poolp != NULL) { rv = SECITEM_CopyItem(poolp, &certOrEncCert->derValue, derDest); - if (rv != SECSuccess) { - goto loser; - } + if (rv != SECSuccess) { + goto loser; + } } else { certOrEncCert->derValue = *derDest; } PORT_Free(derDest); return SECSuccess; - loser: +loser: if (derDest != NULL) { SECITEM_FreeItem(derDest, PR_TRUE); } @@ -79,41 +79,39 @@ cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert, } SECStatus -cmmf_ExtractCertsFromList(CERTCertList *inCertList, - PLArenaPool *poolp, - CERTCertificate ***certArray) +cmmf_ExtractCertsFromList(CERTCertList *inCertList, + PLArenaPool *poolp, + CERTCertificate ***certArray) { - CERTCertificate **arrayLocalCopy; - CERTCertListNode *node; - int numNodes = 0, i; + CERTCertificate **arrayLocalCopy; + CERTCertListNode *node; + int numNodes = 0, i; for (node = CERT_LIST_HEAD(inCertList); !CERT_LIST_END(node, inCertList); - node = CERT_LIST_NEXT(node)) { + node = CERT_LIST_NEXT(node)) { numNodes++; } - arrayLocalCopy = *certArray = (poolp == NULL) ? - PORT_NewArray(CERTCertificate*, (numNodes+1)) : - PORT_ArenaNewArray(poolp, CERTCertificate*, (numNodes+1)); + arrayLocalCopy = *certArray = (poolp == NULL) ? PORT_NewArray(CERTCertificate *, (numNodes + 1)) : PORT_ArenaNewArray(poolp, CERTCertificate *, (numNodes + 1)); if (arrayLocalCopy == NULL) { return SECFailure; } - for (node = CERT_LIST_HEAD(inCertList), i=0; - !CERT_LIST_END(node, inCertList); - node = CERT_LIST_NEXT(node), i++) { + for (node = CERT_LIST_HEAD(inCertList), i = 0; + !CERT_LIST_END(node, inCertList); + node = CERT_LIST_NEXT(node), i++) { arrayLocalCopy[i] = CERT_DupCertificate(node->cert); - if (arrayLocalCopy[i] == NULL) { - int j; - - for (j=0; j<i; j++) { - CERT_DestroyCertificate(arrayLocalCopy[j]); - } - if (poolp == NULL) { - PORT_Free(arrayLocalCopy); - } - *certArray = NULL; - return SECFailure; - } + if (arrayLocalCopy[i] == NULL) { + int j; + + for (j = 0; j < i; j++) { + CERT_DestroyCertificate(arrayLocalCopy[j]); + } + if (poolp == NULL) { + PORT_Free(arrayLocalCopy); + } + *certArray = NULL; + return SECFailure; + } } arrayLocalCopy[numNodes] = NULL; return SECSuccess; @@ -121,56 +119,56 @@ cmmf_ExtractCertsFromList(CERTCertList *inCertList, SECStatus CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent, - CMMFCertResponse **inCertResponses, - int inNumResponses) + CMMFCertResponse **inCertResponses, + int inNumResponses) { - PLArenaPool *poolp; + PLArenaPool *poolp; CMMFCertResponse **respArr, *newResp; - void *mark; - SECStatus rv; - int i; + void *mark; + SECStatus rv; + int i; - PORT_Assert (inCertRepContent != NULL && - inCertResponses != NULL && - inNumResponses > 0); + PORT_Assert(inCertRepContent != NULL && + inCertResponses != NULL && + inNumResponses > 0); if (inCertRepContent == NULL || - inCertResponses == NULL || - inCertRepContent->response != NULL) { + inCertResponses == NULL || + inCertRepContent->response != NULL) { return SECFailure; } poolp = inCertRepContent->poolp; mark = PORT_ArenaMark(poolp); - respArr = inCertRepContent->response = - PORT_ArenaZNewArray(poolp, CMMFCertResponse*, (inNumResponses+1)); + respArr = inCertRepContent->response = + PORT_ArenaZNewArray(poolp, CMMFCertResponse *, (inNumResponses + 1)); if (respArr == NULL) { goto loser; } - for (i=0; i<inNumResponses; i++) { + for (i = 0; i < inNumResponses; i++) { newResp = PORT_ArenaZNew(poolp, CMMFCertResponse); - if (newResp == NULL) { - goto loser; - } + if (newResp == NULL) { + goto loser; + } rv = cmmf_CopyCertResponse(poolp, newResp, inCertResponses[i]); - if (rv != SECSuccess) { - goto loser; - } - respArr[i] = newResp; + if (rv != SECSuccess) { + goto loser; + } + respArr[i] = newResp; } respArr[inNumResponses] = NULL; PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } -CMMFCertResponse* +CMMFCertResponse * CMMF_CreateCertResponse(long inCertReqId) { - SECItem *dummy; + SECItem *dummy; CMMFCertResponse *newResp; - + newResp = PORT_ZNew(CMMFCertResponse); if (newResp == NULL) { goto loser; @@ -181,7 +179,7 @@ CMMF_CreateCertResponse(long inCertReqId) } return newResp; - loser: +loser: if (newResp != NULL) { CMMF_DestroyCertResponse(newResp); } @@ -190,32 +188,32 @@ CMMF_CreateCertResponse(long inCertReqId) SECStatus CMMF_CertResponseSetPKIStatusInfoStatus(CMMFCertResponse *inCertResp, - CMMFPKIStatus inPKIStatus) + CMMFPKIStatus inPKIStatus) { - PORT_Assert (inCertResp != NULL && inPKIStatus >= cmmfGranted - && inPKIStatus < cmmfNumPKIStatus); + PORT_Assert(inCertResp != NULL && inPKIStatus >= cmmfGranted && + inPKIStatus < cmmfNumPKIStatus); - if (inCertResp == NULL) { + if (inCertResp == NULL) { return SECFailure; } return cmmf_PKIStatusInfoSetStatus(&inCertResp->status, NULL, - inPKIStatus); + inPKIStatus); } SECStatus -CMMF_CertResponseSetCertificate (CMMFCertResponse *inCertResp, - CERTCertificate *inCertificate) +CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp, + CERTCertificate *inCertificate) { CMMFCertifiedKeyPair *keyPair = NULL; - SECStatus rv = SECFailure; + SECStatus rv = SECFailure; PORT_Assert(inCertResp != NULL && inCertificate != NULL); if (inCertResp == NULL || inCertificate == NULL) { return SECFailure; } if (inCertResp->certifiedKeyPair == NULL) { - keyPair = inCertResp->certifiedKeyPair = - PORT_ZNew(CMMFCertifiedKeyPair); + keyPair = inCertResp->certifiedKeyPair = + PORT_ZNew(CMMFCertifiedKeyPair); } else { keyPair = inCertResp->certifiedKeyPair; } @@ -223,36 +221,35 @@ CMMF_CertResponseSetCertificate (CMMFCertResponse *inCertResp, goto loser; } rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert, NULL, - inCertificate); + inCertificate); if (rv != SECSuccess) { goto loser; } return SECSuccess; - loser: +loser: if (keyPair) { if (keyPair->certOrEncCert.derValue.data) { - PORT_Free(keyPair->certOrEncCert.derValue.data); - } - PORT_Free(keyPair); + PORT_Free(keyPair->certOrEncCert.derValue.data); + } + PORT_Free(keyPair); } return rv; } - SECStatus CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent, - CERTCertList *inCAPubs) + CERTCertList *inCAPubs) { - PLArenaPool *poolp; - void *mark; - SECStatus rv; + PLArenaPool *poolp; + void *mark; + SECStatus rv; PORT_Assert(inCertRepContent != NULL && - inCAPubs != NULL && - inCertRepContent->caPubs == NULL); - + inCAPubs != NULL && + inCertRepContent->caPubs == NULL); + if (inCertRepContent == NULL || - inCAPubs == NULL || inCertRepContent == NULL) { + inCAPubs == NULL || inCertRepContent == NULL) { return SECFailure; } @@ -260,7 +257,7 @@ CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent, mark = PORT_ArenaMark(poolp); rv = cmmf_ExtractCertsFromList(inCAPubs, poolp, - &inCertRepContent->caPubs); + &inCertRepContent->caPubs); if (rv != SECSuccess) { PORT_ArenaRelease(poolp, mark); @@ -270,14 +267,14 @@ CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent, return rv; } -CERTCertificate* +CERTCertificate * CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair, - CERTCertDBHandle *inCertdb) + CERTCertDBHandle *inCertdb) { PORT_Assert(inCertKeyPair != NULL); if (inCertKeyPair == NULL) { return NULL; } return cmmf_CertOrEncCertGetCertificate(&inCertKeyPair->certOrEncCert, - inCertdb); + inCertdb); } diff --git a/nss/lib/crmf/cmmft.h b/nss/lib/crmf/cmmft.h index aea64b0..e39f19e 100644 --- a/nss/lib/crmf/cmmft.h +++ b/nss/lib/crmf/cmmft.h @@ -19,7 +19,7 @@ typedef enum { } CMMFCertOrEncCertChoice; /* - * This is the enumeration and the corresponding values used to + * This is the enumeration and the corresponding values used to * represent the CMMF type PKIStatus */ typedef enum { @@ -51,19 +51,19 @@ typedef enum { cmmfNoFailureInfo = 9 } CMMFPKIFailureInfo; -typedef struct CMMFPKIStatusInfoStr CMMFPKIStatusInfo; -typedef struct CMMFCertOrEncCertStr CMMFCertOrEncCert; -typedef struct CMMFCertifiedKeyPairStr CMMFCertifiedKeyPair; -typedef struct CMMFCertResponseStr CMMFCertResponse; -typedef struct CMMFCertResponseSeqStr CMMFCertResponseSeq; +typedef struct CMMFPKIStatusInfoStr CMMFPKIStatusInfo; +typedef struct CMMFCertOrEncCertStr CMMFCertOrEncCert; +typedef struct CMMFCertifiedKeyPairStr CMMFCertifiedKeyPair; +typedef struct CMMFCertResponseStr CMMFCertResponse; +typedef struct CMMFCertResponseSeqStr CMMFCertResponseSeq; typedef struct CMMFPOPODecKeyChallContentStr CMMFPOPODecKeyChallContent; -typedef struct CMMFChallengeStr CMMFChallenge; -typedef struct CMMFRandStr CMMFRand; -typedef struct CMMFPOPODecKeyRespContentStr CMMFPOPODecKeyRespContent; -typedef struct CMMFKeyRecRepContentStr CMMFKeyRecRepContent; -typedef struct CMMFCertRepContentStr CMMFCertRepContent; +typedef struct CMMFChallengeStr CMMFChallenge; +typedef struct CMMFRandStr CMMFRand; +typedef struct CMMFPOPODecKeyRespContentStr CMMFPOPODecKeyRespContent; +typedef struct CMMFKeyRecRepContentStr CMMFKeyRecRepContent; +typedef struct CMMFCertRepContentStr CMMFCertRepContent; -/* Export this so people can call SEC_ASN1EncodeItem instead of having to +/* Export this so people can call SEC_ASN1EncodeItem instead of having to * write callbacks that are passed in to the high level encode function * for CMMFCertRepContent. */ diff --git a/nss/lib/crmf/crmf.gyp b/nss/lib/crmf/crmf.gyp new file mode 100644 index 0000000..f8fa8a4 --- /dev/null +++ b/nss/lib/crmf/crmf.gyp @@ -0,0 +1,43 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'crmf', + 'type': 'static_library', + 'sources': [ + 'asn1cmn.c', + 'challcli.c', + 'cmmfasn1.c', + 'cmmfchal.c', + 'cmmfrec.c', + 'cmmfresp.c', + 'crmfcont.c', + 'crmfdec.c', + 'crmfenc.c', + 'crmfget.c', + 'crmfpop.c', + 'crmfreq.c', + 'crmftmpl.c', + 'encutil.c', + 'respcli.c', + 'respcmn.c', + 'servget.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports' + ], + 'variables': { + # This is purely for the use of the Mozilla build system. + 'no_expand_libs': 1, + }, + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/nss/lib/crmf/crmf.h b/nss/lib/crmf/crmf.h index 9f36c28..c56e289 100644 --- a/nss/lib/crmf/crmf.h +++ b/nss/lib/crmf/crmf.h @@ -3,7 +3,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - #ifndef _CRMF_H_ #define _CRMF_H_ @@ -27,16 +26,16 @@ SEC_BEGIN_PROTOS * An opaque pointer that gets passed to the function fn * OUTPUT: * The function fn will be called multiple times. Look at the - * comments in crmft.h where the CRMFEncoderOutputCallback type is + * comments in crmft.h where the CRMFEncoderOutputCallback type is * defined for information on proper behavior of the function fn. * RETURN: * SECSuccess if encoding was successful. Any other return value * indicates an error occurred during encoding. */ -extern SECStatus - CRMF_EncodeCertReqMsg (CRMFCertReqMsg *inCertReqMsg, - CRMFEncoderOutputCallback fn, - void *arg); +extern SECStatus +CRMF_EncodeCertReqMsg(CRMFCertReqMsg *inCertReqMsg, + CRMFEncoderOutputCallback fn, + void *arg); /* * FUNCTION: CRMF_EncoderCertRequest @@ -49,17 +48,17 @@ extern SECStatus * arg * An opaque pointer that gets passed to the function fn. * OUTPUT: - * The function fn will be called, probably multiple times whenever - * the ASN1 encoder wants to write out DER-encoded bytes. Look at the + * The function fn will be called, probably multiple times whenever + * the ASN1 encoder wants to write out DER-encoded bytes. Look at the * comments in crmft.h where the CRMFEncoderOutputCallback type is * defined for information on proper behavior of the function fn. * RETURN: - * SECSuccess if encoding was successful. Any other return value + * SECSuccess if encoding was successful. Any other return value * indicates an error occurred during encoding. */ -extern SECStatus CRMF_EncodeCertRequest (CRMFCertRequest *inCertReq, - CRMFEncoderOutputCallback fn, - void *arg); +extern SECStatus CRMF_EncodeCertRequest(CRMFCertRequest *inCertReq, + CRMFEncoderOutputCallback fn, + void *arg); /* * FUNCTION: CRMF_EncodeCertReqMessages * INPUTS: @@ -77,25 +76,24 @@ extern SECStatus CRMF_EncodeCertRequest (CRMFCertRequest *inCertReq, * * NOTES: * The parameter inCertReqMsgs needs to be an array with a NULL pointer - * to signal the end of messages. An array in the form of + * to signal the end of messages. An array in the form of * {m1, m2, m3, NULL, m4, ...} will only encode the messages m1, m2, and * m3. All messages from m4 on will not be looked at by the library. * * OUTPUT: - * The function fn will be called, probably multiple times. Look at the + * The function fn will be called, probably multiple times. Look at the * comments in crmft.h where the CRMFEncoderOutputCallback type is * defined for information on proper behavior of the function fn. * * RETURN: - * SECSuccess if encoding the Certificate Request Messages was successful. + * SECSuccess if encoding the Certificate Request Messages was successful. * Any other return value indicates an error occurred while encoding the * certificate request messages. */ -extern SECStatus - CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs, - CRMFEncoderOutputCallback fn, - void *arg); - +extern SECStatus +CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs, + CRMFEncoderOutputCallback fn, + void *arg); /* * FUNCTION: CRMF_CreateCertReqMsg @@ -104,19 +102,19 @@ extern SECStatus * OUTPUT: * An empty CRMF Certificate Request Message. * Before encoding this message, the user must set - * the ProofOfPossession field and the certificate + * the ProofOfPossession field and the certificate * request which are necessary for the full message. * After the user no longer needs this CertReqMsg, * the user must call CRMF_DestroyCertReqMsg to free * all memory associated with the Certificate Request * Message. * RETURN: - * A pointer to a Certificate Request Message. The user - * must pass the return value of this function to + * A pointer to a Certificate Request Message. The user + * must pass the return value of this function to * CRMF_DestroyCertReqMsg after the Certificate Request * Message is no longer necessary. */ -extern CRMFCertReqMsg* CRMF_CreateCertReqMsg(void); +extern CRMFCertReqMsg *CRMF_CreateCertReqMsg(void); /* * FUNCTION: CRMF_DestroyCertReqMsg @@ -127,12 +125,12 @@ extern CRMFCertReqMsg* CRMF_CreateCertReqMsg(void); * This function frees all the memory used for the Certificate * Request Message and all the memory used in making copies of * fields of elelments of the message, eg. the Proof Of Possession - * filed and the Cetificate Request. + * filed and the Cetificate Request. * RETURN: * SECSuccess if destruction was successful. Any other return value * indicates an error while trying to free the memory associated * with inCertReqMsg. - * + * */ extern SECStatus CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg); @@ -151,14 +149,14 @@ extern SECStatus CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg); * the user must not call this function until the Certificate Request * has been fully built and is ready to be encoded. * RETURN: - * SECSuccess + * SECSuccess * If copying the Certificate as a member of the Certificate * request message was successful. * Any other return value indicates a failure to copy the Certificate * Request and make it a part of the Certificate Request Message. */ -extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg, - CRMFCertRequest *inCertReq); +extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg, + CRMFCertRequest *inCertReq); /* * FUNCTION: CRMF_CreateCertRequest @@ -176,7 +174,7 @@ extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg, * A pointer to the new Certificate Request. A NULL return value * indicates an error in creating the Certificate Request. */ -extern CRMFCertRequest *CRMF_CreateCertRequest (PRUint32 inRequestID); +extern CRMFCertRequest *CRMF_CreateCertRequest(PRUint32 inRequestID); /* * FUNCTION: CRMF_DestroyCertRequest @@ -185,12 +183,12 @@ extern CRMFCertRequest *CRMF_CreateCertRequest (PRUint32 inRequestID); * The Certificate Request that will be destroyed. * RETURN: * SECSuccess - * If freeing the memory associated with the certificate request + * If freeing the memory associated with the certificate request * was successful. - * Any other return value indicates an error while trying to free the + * Any other return value indicates an error while trying to free the * memory. */ -extern SECStatus CRMF_DestroyCertRequest (CRMFCertRequest *inCertReq); +extern SECStatus CRMF_DestroyCertRequest(CRMFCertRequest *inCertReq); /* * FUNCTION: CRMF_CreateCertExtension @@ -201,16 +199,16 @@ extern SECStatus CRMF_DestroyCertRequest (CRMFCertRequest *inCertReq); * will fail. * isCritical * A boolean value stating if the extension value is crtical. PR_TRUE - * means the value is crtical. PR_FALSE indicates the value is not + * means the value is crtical. PR_FALSE indicates the value is not * critical. * data * This is the data associated with the extension. The user of the * library is responsible for making sure the value passed in is a * valid interpretation of the certificate extension. * NOTES: - * Use this function to create CRMFCertExtension Structures which will - * then be passed to CRMF_AddFieldToCertTemplate as part of the - * CRMFCertCreationInfo.extensions The user must call + * Use this function to create CRMFCertExtension Structures which will + * then be passed to CRMF_AddFieldToCertTemplate as part of the + * CRMFCertCreationInfo.extensions The user must call * CRMF_DestroyCertExtension after the extension has been added to a certifcate * and the extension is no longer needed. * @@ -218,9 +216,9 @@ extern SECStatus CRMF_DestroyCertRequest (CRMFCertRequest *inCertReq); * A pointer to a newly created CertExtension. A return value of NULL * indicates the id passed in was an invalid certificate extension. */ -extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id, - PRBool isCritical, - SECItem *data); +extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id, + PRBool isCritical, + SECItem *data); /* * FUNCTION: CMRF_DestroyCertExtension @@ -232,12 +230,12 @@ extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id, * * RETURN: * SECSuccess if freeing the memory associated with the certificate extension - * was successful. Any other error indicates an error while freeing the + * was successful. Any other error indicates an error while freeing the * memory. */ extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension); -/* +/* * FUNCTION: CRMF_CertRequestSetTemplateField * INPUTS: * inCertReq @@ -255,7 +253,7 @@ extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension); * depending on the template field one wants to set. * * Look in crmft.h for the definition of CRMFCertTemplateField. - * + * * In all cases, the library makes copies of the data passed in. * * CRMFCertTemplateField Type of data What data means @@ -267,23 +265,23 @@ extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension); * crmfSerialNumber long * The serial number * for the cert to be * created. - * + * * crmfSigningAlg SECAlgorithm * The ASN.1 object ID for * the algorithm used in encoding * the certificate. * - * crmfIssuer CERTName * Certificate Library + * crmfIssuer CERTName * Certificate Library * representation of the ASN1 type * Name from X.509 * * crmfValidity CRMFValidityCreationInfo * At least one of the two * fields in the structure must - * be present. A NULL pointer + * be present. A NULL pointer * in the structure indicates - * that member should not be + * that member should not be * added. * - * crmfSubject CERTName * Certificate Library + * crmfSubject CERTName * Certificate Library * representation of the ASN1 type * Name from X.509 * @@ -301,23 +299,23 @@ extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension); * and not the number of bytes. * * crmfExtension CRMFCertExtCreationInfo * A pointer to the structure - * populated with an array of + * populated with an array of * of certificate extensions * and an integer that tells * how many elements are in the * array. Look in crmft.h for - * the definition of + * the definition of * CRMFCertExtCreationInfo * RETURN: * SECSuccess if adding the desired field to the template was successful. - * Any other return value indicates failure when trying to add the field + * Any other return value indicates failure when trying to add the field * to the template. - * + * */ extern SECStatus - CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq, - CRMFCertTemplateField inTemplateField, - void *data); +CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq, + CRMFCertTemplateField inTemplateField, + void *data); /* * FUNCTION: CRMF_CertRequestIsFieldPresent @@ -337,8 +335,8 @@ extern SECStatus * the function returns PR_FALSE. */ extern PRBool - CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq, - CRMFCertTemplateField inTemplateField); +CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq, + CRMFCertTemplateField inTemplateField); /* * FUNCTION: CRMF_CertRequestIsControlPresent @@ -363,9 +361,8 @@ extern PRBool * does not exist, the function will return PR_FALSE. */ extern PRBool - CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq, - CRMFControlType inControlType); - +CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq, + CRMFControlType inControlType); /* * FUNCTION: CRMF_CertRequestSetRegTokenControl @@ -376,7 +373,7 @@ extern PRBool * The UTF8 value which will be the Registration Token Control * for this Certificate Request. * NOTES: - * The library does no verification that the value passed in is + * The library does no verification that the value passed in is * a valid UTF8 value. The caller must make sure of this in order * to get an encoding that is valid. The library will ultimately * encode this value as it was passed in. @@ -387,7 +384,7 @@ extern PRBool * */ extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq, - SECItem *value); + SECItem *value); /* * FUNCTION: CRMF_CertRequestSetAuthenticatorControl @@ -398,7 +395,7 @@ extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq, * The UTF8 value that will become the Authenticator Control * for the passed in Certificate Request. * NOTES: - * The library does no verification that the value passed in is + * The library does no verification that the value passed in is * a valid UTF8 value. The caller must make sure of this in order * to get an encoding that is valid. The library will ultimately * encode this value as it was passed in. @@ -407,31 +404,31 @@ extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq, * Any other return value indicates an unsuccessful attempt to add the * control. */ -extern SECStatus - CRMF_CertRequestSetAuthenticatorControl (CRMFCertRequest *inCertReq, - SECItem *value); +extern SECStatus +CRMF_CertRequestSetAuthenticatorControl(CRMFCertRequest *inCertReq, + SECItem *value); /* * FUNCTION: CRMF_CreateEncryptedKeyWithencryptedValue * INPUTS: * inPrivKey * This is the private key associated with a certificate that is - * being requested. This structure will eventually wind up as - * a part of the PKIArchiveOptions Control. + * being requested. This structure will eventually wind up as + * a part of the PKIArchiveOptions Control. * inCACert - * This is the certificate for the CA that will be receiving the + * This is the certificate for the CA that will be receiving the * certificate request for the private key passed in. * OUTPUT: - * A CRMFEncryptedKey that can ultimately be used as part of the + * A CRMFEncryptedKey that can ultimately be used as part of the * PKIArchiveOptions Control. * * RETURN: * A pointer to a CRMFEncyptedKey. A NULL return value indicates an erro * during the creation of the encrypted key. */ -extern CRMFEncryptedKey* - CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey, - CERTCertificate *inCACert); +extern CRMFEncryptedKey * +CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey, + CERTCertificate *inCACert); /* * FUNCTION: CRMF_DestroyEncryptedKey @@ -445,12 +442,12 @@ extern CRMFEncryptedKey* * value indicates an error while freeig the memroy. */ extern SECStatus CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey); - + /* * FUNCTION: CRMF_CreatePKIArchiveOptions * INPUTS: * inType - * An enumeration value indicating which option for + * An enumeration value indicating which option for * PKIArchiveOptions to use. * data * A pointer that will be type-cast and de-referenced according @@ -470,9 +467,9 @@ extern SECStatus CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey); * Request. A NULL pointer indicates an error occurred while creating * the CRMFPKIArchiveOptions Structure. */ -extern CRMFPKIArchiveOptions* - CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType, - void *data); +extern CRMFPKIArchiveOptions * +CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType, + void *data); /* * FUNCTION: CRMF_DestroyPKIArchiveOptions * INPUTS: @@ -484,8 +481,8 @@ extern CRMFPKIArchiveOptions* * SECSuccess if successful in freeing the memory used by 'inArchOpt' * Any other return value indicates an error while freeing the memory. */ -extern SECStatus - CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOpt); +extern SECStatus +CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOpt); /* * FUNCTION: CRMF_CertRequestSetPKIArchiveOptions @@ -503,9 +500,9 @@ extern SECStatus * request. Any other return value indicates an error when trying to add * the Archive Options to the Certificate Request. */ -extern SECStatus - CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq, - CRMFPKIArchiveOptions *inOptions); +extern SECStatus +CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq, + CRMFPKIArchiveOptions *inOptions); /* * FUNCTION: CRMF_CertReqMsgGetPOPType @@ -530,11 +527,11 @@ extern CRMFPOPChoice CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg); * InCertReqMsg * The Certificate Request Message to operate on. * NOTES: - * This function will set the method of Proof Of Possession to - * crmfRAVerified which means the RA has already verified the + * This function will set the method of Proof Of Possession to + * crmfRAVerified which means the RA has already verified the * requester does possess the private key. * RETURN: - * SECSuccess if adding RAVerified to the message is successful. + * SECSuccess if adding RAVerified to the message is successful. * Any other message indicates an error while trying to add RAVerified * as the Proof of Possession. */ @@ -551,7 +548,7 @@ extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg); * inPubKey * The Public Key which corresponds to the Private Key passed in. * inCertForInput - * A Certificate that in the future may be used to create + * A Certificate that in the future may be used to create * POPOSigningKeyInput. * fn * A callback for retrieving a password which may be used in the @@ -560,13 +557,13 @@ extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg); * An opaque pointer that would be passed to fn whenever it is * called. * NOTES: - * Adds Proof Of Possession to the CertRequest using the signature field - * of the ProofOfPossession field. NOTE: In order to use this option, + * Adds Proof Of Possession to the CertRequest using the signature field + * of the ProofOfPossession field. NOTE: In order to use this option, * the certificate template must contain the publicKey at the very minimum. - * + * * If you don't want the function to generate POPOSigningKeyInput, then * make sure the cert template already contains the subject and public key - * values. Currently creating POPOSigningKeyInput is not supported, so + * values. Currently creating POPOSigningKeyInput is not supported, so * a Message passed to this function must have the publicKey and the subject * as part of the template * @@ -583,8 +580,8 @@ extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg); * If passed in, this certificate needs to be a valid certificate. * * The last 3 arguments are for future compatibility in case we ever want to - * support generating POPOSigningKeyInput. Pass in NULL for all 3 if you - * definitely don't want the function to even try to generate + * support generating POPOSigningKeyInput. Pass in NULL for all 3 if you + * definitely don't want the function to even try to generate * POPOSigningKeyInput. If you try to use POPOSigningKeyInput, the function * will fail. * @@ -593,13 +590,13 @@ extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg); * Any other return value indicates an error in trying to add * the Signature Proof Of Possession. */ -extern SECStatus - CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, - SECKEYPrivateKey *inPrivKey, - SECKEYPublicKey *inPubKey, - CERTCertificate *inCertForInput, - CRMFMACPasswordCallback fn, - void *arg); +extern SECStatus +CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, + SECKEYPrivateKey *inPrivKey, + SECKEYPublicKey *inPubKey, + CERTCertificate *inCertForInput, + CRMFMACPasswordCallback fn, + void *arg); /* * FUNCTION: CRMF_CertReqMsgSetKeyEnciphermentPOP @@ -610,7 +607,7 @@ extern SECStatus * An enumeration indicating which POPOPrivKey Choice to use * in constructing the KeyEnciphermentPOP. * subseqMess - * This parameter must be provided iff inKeyChoice is + * This parameter must be provided iff inKeyChoice is * crmfSubsequentMessage. This details how the RA is to respond * in order to perform Proof Of Possession. Look in crmft.h under * the definition of CRMFSubseqMessOptions for possible values. @@ -618,7 +615,7 @@ extern SECStatus * This parameter only needs to be provided if inKeyChoice is * crmfThisMessage. The item should contain the encrypted private * key. - * + * * NOTES: * Adds Proof Of Possession using the keyEncipherment field of * ProofOfPossession. @@ -651,11 +648,11 @@ extern SECStatus * SECSuccess if adding KeyEnciphermentPOP was successful. Any other return * value indicates an error in adding KeyEnciphermentPOP. */ -extern SECStatus - CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKeyChoice inKeyChoice, - CRMFSubseqMessOptions subseqMess, - SECItem *encPrivKey); +extern SECStatus +CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKeyChoice inKeyChoice, + CRMFSubseqMessOptions subseqMess, + SECItem *encPrivKey); /* * FUNCTION: CRMF_CertReqMsgSetKeyAgreementPOP @@ -666,7 +663,7 @@ extern SECStatus * An enumeration indicating which POPOPrivKey Choice to use * in constructing the KeyAgreementPOP. * subseqMess - * This parameter must be provided iff inKeyChoice is + * This parameter must be provided iff inKeyChoice is * crmfSubsequentMessage. This details how the RA is to respond * in order to perform Proof Of Possession. Look in crmft.h under * the definition of CRMFSubseqMessOptions for possible values. @@ -700,11 +697,11 @@ extern SECStatus * * crmfDHMAC This option is not supported. */ -extern SECStatus - CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKeyChoice inKeyChoice, - CRMFSubseqMessOptions subseqMess, - SECItem *encPrivKey); +extern SECStatus +CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKeyChoice inKeyChoice, + CRMFSubseqMessOptions subseqMess, + SECItem *encPrivKey); /* * FUNCTION: CRMF_CreateCertReqMsgFromDER @@ -714,16 +711,16 @@ extern SECStatus * len * The length in bytes of the buffer 'buf' * NOTES: - * This function passes the buffer to the ASN1 decoder and creates a + * This function passes the buffer to the ASN1 decoder and creates a * CRMFCertReqMsg structure. Do not try adding any fields to a message - * returned from this function. Specifically adding more Controls or + * returned from this function. Specifically adding more Controls or * Extensions may cause your program to crash. * * RETURN: * A pointer to the Certificate Request Message structure. A NULL return * value indicates the library was unable to parse the DER. */ -extern CRMFCertReqMsg* CRMF_CreateCertReqMsgFromDER(const char *buf, long len); +extern CRMFCertReqMsg *CRMF_CreateCertReqMsgFromDER(const char *buf, long len); /* * FUNCTION: CRMF_CreateCertReqMessagesFromDER @@ -733,19 +730,19 @@ extern CRMFCertReqMsg* CRMF_CreateCertReqMsgFromDER(const char *buf, long len); * len * The length in bytes of buf * NOTES: - * This function passes the buffer to the ASN1 decoder and creates a + * This function passes the buffer to the ASN1 decoder and creates a * CRMFCertReqMessages structure. Do not try adding any fields to a message - * derived from this function. Specifically adding more Controls or + * derived from this function. Specifically adding more Controls or * Extensions may cause your program to crash. - * The user must call CRMF_DestroyCertReqMessages after the return value is + * The user must call CRMF_DestroyCertReqMessages after the return value is * no longer needed, ie when all individual messages have been extracted. - * + * * RETURN: * A pointer to the Certificate Request Messages structure. A NULL return * value indicates the library was unable to parse the DER. - */ -extern CRMFCertReqMessages* - CRMF_CreateCertReqMessagesFromDER(const char *buf, long len); + */ +extern CRMFCertReqMessages * +CRMF_CreateCertReqMessagesFromDER(const char *buf, long len); /* * FUNCTION: CRMF_DestroyCertReqMessages @@ -755,9 +752,9 @@ extern CRMFCertReqMessages* * RETURN: * SECSuccess if freeing the memory was done successfully. Any other * return value indicates an error in freeing up memory. - */ -extern SECStatus - CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs); + */ +extern SECStatus +CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs); /* * FUNCTION: CRMF_CertReqMessagesGetNumMessages @@ -765,11 +762,11 @@ extern SECStatus * inCertReqMsgs * The Request Messages to operate on. * RETURN: - * The number of messages contained in the in the Request Messages + * The number of messages contained in the in the Request Messages * strucure. */ -extern int - CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs); +extern int +CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs); /* * FUNCTION: CRMF_CertReqMessagesGetCertReqMsgAtIndex @@ -779,9 +776,9 @@ extern int * index * The index of the single message the user wants a copy of. * NOTES: - * This function returns a copy of the request messages stored at the + * This function returns a copy of the request messages stored at the * index corresponding to the parameter 'index'. Indexing of the messages - * is done in the same manner as a C array. Meaning the valid index are + * is done in the same manner as a C array. Meaning the valid index are * 0...numMessages-1. User must call CRMF_DestroyCertReqMsg when done using * the return value of this function. * @@ -790,10 +787,9 @@ extern int * Any other return value indicates an invalid index or error while copying * the single request message. */ -extern CRMFCertReqMsg* - CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs, - int index); - +extern CRMFCertReqMsg * +CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs, + int index); /* * FUNCTION: CRMF_CertReqMsgGetID @@ -805,12 +801,12 @@ extern CRMFCertReqMsg* * RETURN: * SECSuccess if the function was able to retrieve the ID and place it * at *destID. Any other return value indicates an error meaning the value - * in *destId is un-reliable and should not be used by the caller of this + * in *destId is un-reliable and should not be used by the caller of this * function. - * + * */ -extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, - long *destID); +extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, + long *destID); /* * FUNCTION: CRMF_DoesRequestHaveField @@ -823,7 +819,7 @@ extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, * NOTES: * All the fields in a certificate template are optional. This function * checks to see if the requested field is present. Look in crmft.h at the - * definition of CRMFCertTemplateField for possible values for possible + * definition of CRMFCertTemplateField for possible values for possible * querying. * * RETURN: @@ -831,10 +827,10 @@ extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, * of 'inCertReq' * PR_FALSE iff the field corresponding to 'inField' has not been speicified * as part of 'inCertReq' - * + * */ -extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq, - CRMFCertTemplateField inField); +extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq, + CRMFCertTemplateField inField); /* * FUNCTION: CRMF_CertReqMsgGetCertRequest @@ -849,11 +845,11 @@ extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq, * pass it the request returned by this function. * RETURN: * A pointer to a copy of the certificate request contained by the message. - * A NULL return value indicates an error occurred while copying the + * A NULL return value indicates an error occurred while copying the * certificate request. */ extern CRMFCertRequest * - CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg); +CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg); /* * FUNCTION: CRMF_CertRequestGetCertTemplateVersion @@ -864,15 +860,15 @@ extern CRMFCertRequest * * A pointer to where the library can store the version contatined * in the certificate template within the certifcate request. * RETURN: - * SECSuccess if the Certificate template contains the version field. In - * this case, *version will hold the value of the certificate template + * SECSuccess if the Certificate template contains the version field. In + * this case, *version will hold the value of the certificate template * version. * SECFailure indicates that version field was not present as part of * of the certificate template. */ -extern SECStatus - CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq, - long *version); +extern SECStatus +CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq, + long *version); /* * FUNCTION: CRMF_CertRequestGetCertTemplateSerialNumber @@ -883,15 +879,15 @@ extern SECStatus * A pointer where the library can put the serial number contained * in the certificate request's certificate template. * RETURN: - * If a serial number exists in the CertTemplate of the request, the function - * returns SECSuccess and the value at *serialNumber contains the serial + * If a serial number exists in the CertTemplate of the request, the function + * returns SECSuccess and the value at *serialNumber contains the serial * number. * If no serial number is present, then the function returns SECFailure and * the value at *serialNumber is un-changed. */ -extern SECStatus - CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq, - long *serialNumber); +extern SECStatus +CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq, + long *serialNumber); /* * FUNCTION: CRMF_CertRequestGetCertTemplateSigningAlg @@ -903,14 +899,14 @@ extern SECStatus * used in the cert request's cert template. * RETURN: * If the signingAlg is present in the CertRequest's CertTemplate, then - * the function returns SECSuccess and places a copy of sigingAlg in + * the function returns SECSuccess and places a copy of sigingAlg in * *destAlg. * If no signingAlg is present, then the function returns SECFailure and * the value at *destAlg is un-changed */ -extern SECStatus - CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq, - SECAlgorithmID *destAlg); +extern SECStatus +CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq, + SECAlgorithmID *destAlg); /* * FUNCTION: CRMF_CertRequestGetCertTemplateIssuer * INPUTS: @@ -920,14 +916,14 @@ extern SECStatus * A pointer to where the library can place a copy of the cert * request's cert template issuer field. * RETURN: - * If the issuer is present in the cert request cert template, the function + * If the issuer is present in the cert request cert template, the function * returns SECSuccess and places a copy of the issuer in *destIssuer. * If there is no issuer present, the function returns SECFailure and the * value at *destIssuer is unchanged. */ -extern SECStatus - CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq, - CERTName *destIssuer); +extern SECStatus +CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq, + CERTName *destIssuer); /* * FUNCTION: CRMF_CertRequestGetCertTemplateValidity @@ -938,28 +934,28 @@ extern SECStatus * A pointer to where the library can place a copy of the validity * info in the cert request cert template. * NOTES: - * Pass the pointer to - * RETURN: + * Pass the pointer to + * RETURN: * If there is an OptionalValidity field, the function will return SECSuccess - * and place the appropriate values in *destValidity->notBefore and + * and place the appropriate values in *destValidity->notBefore and * *destValidity->notAfter. (Each field is optional, but at least one will * be present if the function returns SECSuccess) * * If there is no OptionalValidity field, the function will return SECFailure * and the values at *destValidity will be un-changed. */ -extern SECStatus - CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq, - CRMFGetValidity *destValidity); +extern SECStatus +CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq, + CRMFGetValidity *destValidity); /* * FUNCTION: CRMF_DestroyGetValidity * INPUTS: * inValidity * A pointer to the memroy to be freed. * NOTES: - * The function will free the memory allocated by the function + * The function will free the memory allocated by the function * CRMF_CertRequestGetCertTemplateValidity. That means only memory pointed - * to within the CRMFGetValidity structure. Since + * to within the CRMFGetValidity structure. Since * CRMF_CertRequestGetCertTemplateValidity does not allocate memory for the * structure passed into it, it will not free it. Meaning this function will * free the memory at inValidity->notBefore and inValidity->notAfter, but not @@ -969,8 +965,8 @@ extern SECStatus * SECSuccess if freeing the memory was successful. Any other return value * indicates an error while freeing the memory. */ -extern SECStatus - CRMF_DestroyGetValidity(CRMFGetValidity *inValidity); +extern SECStatus +CRMF_DestroyGetValidity(CRMFGetValidity *inValidity); /* * FUNCTION: CRMF_CertRequestGetCertTemplateSubject @@ -981,15 +977,15 @@ extern SECStatus * A pointer to where the library can place a copy of the subject * contained in the request's cert template. * RETURN: - * If there is a subject in the CertTemplate, then the function returns + * If there is a subject in the CertTemplate, then the function returns * SECSuccess and a copy of the subject is placed in *destSubject. * * If there is no subject, the function returns SECFailure and the values at * *destSubject is unchanged. */ -extern SECStatus - CRMF_CertRequestGetCertTemplateSubject (CRMFCertRequest *inCertReq, - CERTName *destSubject); +extern SECStatus +CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq, + CERTName *destSubject); /* * FUNCTION: CRMF_CertRequestGetCertTemplatePublicKey @@ -1006,9 +1002,9 @@ extern SECStatus * If there is no publicKey, the function returns SECFailure and the value * at *destPublicKey is un-changed. */ -extern SECStatus - CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq, - CERTSubjectPublicKeyInfo *destPublicKey); +extern SECStatus +CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq, + CERTSubjectPublicKeyInfo *destPublicKey); /* * FUNCTION: CRMF_CertRequestGetCertTemplateIssuerUID @@ -1019,7 +1015,7 @@ extern SECStatus * A pointer to where the library can store a copy of the request's * cert template destIssuerUID. * - * NOTES: + * NOTES: * destIssuerUID is a bit string and will be returned in a SECItem as * a bit string. Meaning the len field contains the number of valid bits as * opposed to the number of bytes allocated. @@ -1031,9 +1027,9 @@ extern SECStatus * If there is no issuerUID, the function returns SECFailure and the value * *destIssuerUID is unchanged. */ -extern SECStatus - CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq, - SECItem *destIssuerUID); +extern SECStatus +CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq, + SECItem *destIssuerUID); /* * FUNCTION: CRMF_CertRequestGetCertTemplateSubjectUID @@ -1043,7 +1039,7 @@ extern SECStatus * A pointer to where the library can store a copy of the request's * cert template destIssuerUID. * - * NOTES: + * NOTES: * destSubjectUID is a bit string and will be returned in a SECItem as * a bit string. Meaning the len field contains the number of valid bits as * opposed to the number of bytes allocated. @@ -1056,7 +1052,7 @@ extern SECStatus * *destIssuerUID is unchanged. */ extern SECStatus CRMF_GetCertTemplateSubjectUID(CRMFCertRequest *inCertReq, - SECItem *destSubjectUID); + SECItem *destSubjectUID); /* * FUNCTION: CRMF_CertRequestGetNumberOfExtensions @@ -1076,20 +1072,20 @@ extern int CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq); * index * The index of the extension array whihc the user wants to access. * NOTES: - * This function retrieves the extension at the index corresponding to the - * parameter "index" indicates. Indexing is done like a C array. + * This function retrieves the extension at the index corresponding to the + * parameter "index" indicates. Indexing is done like a C array. * (0 ... numElements-1) * * Call CRMF_DestroyCertExtension when done using the return value. * * RETURN: - * A pointer to a copy of the extension at the desired index. A NULL - * return value indicates an invalid index or an error while copying + * A pointer to a copy of the extension at the desired index. A NULL + * return value indicates an invalid index or an error while copying * the extension. */ extern CRMFCertExtension * - CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq, - int index); +CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq, + int index); /* * FUNCTION: CRMF_CertExtensionGetOidTag * INPUTS: @@ -1112,7 +1108,7 @@ extern SECOidTag CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension); * PR_FALSE if the extension is not critical. */ extern PRBool CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt); - + /* * FUNCTION: CRMF_CertExtensionGetValue * INPUT: @@ -1127,7 +1123,7 @@ extern PRBool CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt); * A pointer to an item containig the value for the certificate extension. * A NULL return value indicates an error in copying the information. */ -extern SECItem* CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension); +extern SECItem *CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension); /* * FUNCTION: CRMF_CertReqMsgGetPOPOSigningKey @@ -1136,20 +1132,20 @@ extern SECItem* CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension); * The certificate request message to operate on. * destKey * A pointer to where the library can place a pointer to - * a copy of the Proof Of Possession Signing Key used + * a copy of the Proof Of Possession Signing Key used * by the message. * * RETURN: - * Get the POPOSigningKey associated with this CRMFCertReqMsg. + * Get the POPOSigningKey associated with this CRMFCertReqMsg. * If the CertReqMsg does not have a pop, the function returns * SECFailure and the value at *destKey is un-changed.. * - * If the CertReqMsg does have a pop, then the CertReqMsg's + * If the CertReqMsg does have a pop, then the CertReqMsg's * POPOSigningKey will be placed at *destKey. */ -extern SECStatus - CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOSigningKey **destKey); +extern SECStatus +CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOSigningKey **destKey); /* * FUNCTION: CRMF_DestroyPOPOSigningKey @@ -1161,7 +1157,7 @@ extern SECStatus * SECSuccess if freeing the memory was successful. Any other return value * indicates an error while freeing memory. */ -extern SECStatus CRMF_DestroyPOPOSigningKey (CRMFPOPOSigningKey *inKey); +extern SECStatus CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey); /* * FUNCTION: CRMF_POPOSigningKeyGetAlgID @@ -1173,8 +1169,8 @@ extern SECStatus CRMF_DestroyPOPOSigningKey (CRMFPOPOSigningKey *inKey); * call SECOID_DestroyAlgorithmID(destID, PR_TRUE) when done using the * return value. */ -extern SECAlgorithmID* - CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey); +extern SECAlgorithmID * +CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey); /* * FUNCTION: CRMF_POPOSigningKeyGetSignature @@ -1182,13 +1178,13 @@ extern SECAlgorithmID* * inSignKey * The Signing Key to operate on. * - * RETURN: + * RETURN: * Get the actual signature stored away in the CRMFPOPOSigningKey. SECItem * returned is a BIT STRING, so the len field is the number of bits as opposed - * to the total number of bytes allocatd. User must call + * to the total number of bytes allocatd. User must call * SECITEM_FreeItem(retVal,PR_TRUE) when done using the return value. */ -extern SECItem* CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey); +extern SECItem *CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey); /* * FUNCTION: CRMF_POPOSigningKeyGetInput @@ -1196,7 +1192,7 @@ extern SECItem* CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey); * inSignKey * The Signing Key to operate on. * NOTES: - * This function will return the der encoded input that was read in while + * This function will return the der encoded input that was read in while * decoding. The API does not support this option when creating, so you * cannot add this field. * @@ -1208,7 +1204,7 @@ extern SECItem* CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey); * If the optional field is part of the POPOSingingKey, the function will * return a copy of the der encoded poposkInput. */ -extern SECItem* CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey); +extern SECItem *CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey); /* * FUNCTION: CRMF_CertReqMsgGetPOPKeyEncipherment @@ -1216,12 +1212,12 @@ extern SECItem* CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey); * inCertReqMsg * The certificate request message to operate on. * destKey - * A pointer to where the library can place a pointer to a - * copy of the POPOPrivKey representing Key Encipherment + * A pointer to where the library can place a pointer to a + * copy of the POPOPrivKey representing Key Encipherment * Proof of Possession. *NOTES: - * This function gets the POPOPrivKey associated with this CRMFCertReqMsg - * for Key Encipherment. + * This function gets the POPOPrivKey associated with this CRMFCertReqMsg + * for Key Encipherment. * * RETURN: * If the CertReqMsg did not use Key Encipherment for Proof Of Possession, the @@ -1231,9 +1227,9 @@ extern SECItem* CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey); * function returns SECSuccess and places the POPOPrivKey representing the * Key Encipherment Proof Of Possessin at *destKey. */ -extern SECStatus - CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKey **destKey); +extern SECStatus +CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKey **destKey); /* * FUNCTION: CRMF_CertReqMsgGetPOPKeyAgreement @@ -1241,12 +1237,12 @@ extern SECStatus * inCertReqMsg * The certificate request message to operate on. * destKey - * A pointer to where the library can place a pointer to a - * copy of the POPOPrivKey representing Key Agreement + * A pointer to where the library can place a pointer to a + * copy of the POPOPrivKey representing Key Agreement * Proof of Possession. * NOTES: - * This function gets the POPOPrivKey associated with this CRMFCertReqMsg for - * Key Agreement. + * This function gets the POPOPrivKey associated with this CRMFCertReqMsg for + * Key Agreement. * * RETURN: * If the CertReqMsg used Key Agreement for Proof Of Possession, the @@ -1256,11 +1252,11 @@ extern SECStatus * If the CertReqMsg did not use Key Agreement for Proof Of Possession, the * function return SECFailure and the value at *destKey is unchanged. */ -extern SECStatus - CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKey **destKey); +extern SECStatus +CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKey **destKey); -/* +/* * FUNCTION: CRMF_DestroyPOPOPrivKey * INPUTS: * inPrivKey @@ -1271,12 +1267,12 @@ extern SECStatus * * RETURN: * SECSuccess on successful destruction of the POPOPrivKey. - * Any other return value indicates an error in freeing the + * Any other return value indicates an error in freeing the * memory. */ extern SECStatus CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey); -/* +/* * FUNCTION: CRMF_POPOPrivKeyGetChoice * INPUT: * inKey @@ -1298,7 +1294,7 @@ extern CRMFPOPOPrivKeyChoice CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inKey); * field stored in the POPOPrivKey * * RETURN: - * Returns the field thisMessage from the POPOPrivKey. + * Returns the field thisMessage from the POPOPrivKey. * If the POPOPrivKey did not use the field thisMessage, the function * returns SECFailure and the value at *destString is unchanged. * @@ -1307,8 +1303,8 @@ extern CRMFPOPOPrivKeyChoice CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inKey); * at *destString. BIT STRING representation means the len field is the * number of valid bits as opposed to the total number of bytes. */ -extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey, - SECItem *destString); +extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey, + SECItem *destString); /* * FUNCTION: CRMF_POPOPrivKeyGetSubseqMess @@ -1316,20 +1312,20 @@ extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey, * inKey * The POPOPrivKey to operate on. * destOpt - * A pointer to where the library can place the value of the + * A pointer to where the library can place the value of the * Subsequent Message option used by POPOPrivKey. * * RETURN: - * Retrieves the field subsequentMessage from the POPOPrivKey. - * If the POPOPrivKey used the subsequentMessage option, the function + * Retrieves the field subsequentMessage from the POPOPrivKey. + * If the POPOPrivKey used the subsequentMessage option, the function * returns SECSuccess and places the appropriate enumerated value at * *destMessageOption. * * If the POPOPrivKey did not use the subsequenMessage option, the function * returns SECFailure and the value at *destOpt is un-changed. */ -extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey, - CRMFSubseqMessOptions *destOpt); +extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey, + CRMFSubseqMessOptions *destOpt); /* * FUNCTION: CRMF_POPOPrivKeyGetDHMAC @@ -1339,9 +1335,9 @@ extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey, * destMAC * A pointer to where the library can place a copy of the dhMAC * field of the POPOPrivKey. - * + * * NOTES: - * Returns the field dhMAC from the POPOPrivKey. The populated SECItem + * Returns the field dhMAC from the POPOPrivKey. The populated SECItem * is in BIT STRING format. * * RETURN: @@ -1352,20 +1348,20 @@ extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey, * * If the POPOPrivKey did not use the dhMAC option, the function returns * SECFailure and the value at *destMAC is unchanged. - * + * */ extern SECStatus CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, - SECItem *destMAC); + SECItem *destMAC); /* * FUNCTION: CRMF_CertRequestGetNumControls - * INPUTS: + * INPUTS: * inCertReq * The Certificate Request to operate on. * RETURN: * Returns the number of Controls registered with this CertRequest. */ -extern int CRMF_CertRequestGetNumControls (CRMFCertRequest *inCertReq); +extern int CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq); /* * FUNCTION: CRMF_CertRequestGetControlAtIndex @@ -1375,18 +1371,18 @@ extern int CRMF_CertRequestGetNumControls (CRMFCertRequest *inCertReq); * index * The index of the control the user wants a copy of. * NOTES: - * Function retrieves the Control at located at index. The Controls + * Function retrieves the Control at located at index. The Controls * are numbered like a traditional C array (0 ... numElements-1) * * RETURN: * Returns a copy of the control at the index specified. This is a copy - * so the user must call CRMF_DestroyControl after the return value is no + * so the user must call CRMF_DestroyControl after the return value is no * longer needed. A return value of NULL indicates an error while copying * the control or that the index was invalid. */ -extern CRMFControl* - CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, - int index); +extern CRMFControl * +CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, + int index); /* * FUNCTION: CRMF_DestroyControl @@ -1431,11 +1427,11 @@ extern CRMFControlType CRMF_ControlGetControlType(CRMFControl *inControl); * The SECItem returned should be in UTF8 format. A NULL * return value indicates there was no Registration Control associated * with the Control. - * (This library will not verify format. It assumes the client properly - * formatted the strings when adding it or the message decoded was properly + * (This library will not verify format. It assumes the client properly + * formatted the strings when adding it or the message decoded was properly * formatted. The library will just give back the bytes it was given.) */ -extern SECItem* CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl); +extern SECItem *CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl); /* * FUNCTION: CRMF_ControlGetAuthenticatorControlValue @@ -1451,11 +1447,11 @@ extern SECItem* CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl); * The SECItem returned should be in UTF8 format. A NULL * return value indicates there was no Authenticator Control associated * with the CRMFControl.. - * (This library will not verify format. It assumes the client properly - * formatted the strings when adding it or the message decoded was properly + * (This library will not verify format. It assumes the client properly + * formatted the strings when adding it or the message decoded was properly * formatted. The library will just give back the bytes it was given.) */ -extern SECItem* CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl); +extern SECItem *CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl); /* * FUNCTION: CRMF_ControlGetPKIArchiveOptions @@ -1468,12 +1464,12 @@ extern SECItem* CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl); * * RETURN: * Get the PKIArchiveOptions associated with the Control. A return - * value of NULL indicates the Control was not a PKIArchiveOptions + * value of NULL indicates the Control was not a PKIArchiveOptions * Control. */ -extern CRMFPKIArchiveOptions* - CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl); - +extern CRMFPKIArchiveOptions * +CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl); + /* * FUNCTION: CMRF_DestroyPKIArchiveOptions * INPUTS: @@ -1483,12 +1479,12 @@ extern CRMFPKIArchiveOptions* * Destroy the CRMFPKIArchiveOptions structure. * * RETURN: - * SECSuccess if successful in freeing all the memory associated with + * SECSuccess if successful in freeing all the memory associated with * the PKIArchiveOptions. Any other return value indicates an error while * freeing the PKIArchiveOptions. */ -extern SECStatus - CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inOptions); +extern SECStatus +CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inOptions); /* * FUNCTION: CRMF_PKIArchiveOptionsGetOptionType @@ -1500,14 +1496,14 @@ extern SECStatus * of CRMFPKIArchiveOptionsType in crmft.h for possible return values. */ extern CRMFPKIArchiveOptionsType - CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions); +CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions); /* * FUNCTION: CRMF_PKIArchiveOptionsGetEncryptedPrivKey * INPUTS: * inOpts * The PKIArchiveOptions to operate on. - * + * * NOTES: * The user must call CRMF_DestroyEncryptedKey when done using this return * value. @@ -1517,8 +1513,8 @@ extern CRMFPKIArchiveOptionsType * A return value of NULL indicates that encryptedPrivKey was not used as * the choice for this PKIArchiveOptions. */ -extern CRMFEncryptedKey* - CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts); +extern CRMFEncryptedKey * +CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts); /* * FUNCTION: CRMF_EncryptedKeyGetChoice @@ -1530,13 +1526,12 @@ extern CRMFEncryptedKey* * Get the choice used for representing the EncryptedKey. * * RETURN: - * Returns the Choice used in representing the EncryptedKey. Look in + * Returns the Choice used in representing the EncryptedKey. Look in * crmft.h at the definition of CRMFEncryptedKeyChoice for possible return * values. */ -extern CRMFEncryptedKeyChoice - CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey); - +extern CRMFEncryptedKeyChoice +CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey); /* * FUNCTION: CRMF_EncryptedKeyGetEncryptedValue @@ -1545,15 +1540,15 @@ extern CRMFEncryptedKeyChoice * The EncryptedKey to operate on. * * NOTES: - * The user must call CRMF_DestroyEncryptedValue passing in + * The user must call CRMF_DestroyEncryptedValue passing in * CRMF_GetEncryptedValue's return value. * * RETURN: * A pointer to a copy of the EncryptedValue contained as a member of * the EncryptedKey. */ -extern CRMFEncryptedValue* - CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inKey); +extern CRMFEncryptedValue * +CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inKey); /* * FUNCTION: CRMF_DestroyEncryptedValue @@ -1586,7 +1581,7 @@ extern SECStatus CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue); * as opposed to the allocated number of bytes. * ANULL return value indicates an error in copying the encValue field. */ -extern SECItem* CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue); +extern SECItem *CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue); /* * FUNCTION: CRMF_EncryptedValueGetIntendedAlg @@ -1603,9 +1598,8 @@ extern SECItem* CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue); * A Copy of the intendedAlg field. A NULL return value indicates the * optional field was not present in the structure. */ -extern SECAlgorithmID* - CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue); - +extern SECAlgorithmID * +CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue); /* * FUNCTION: CRMF_EncryptedValueGetSymmAlg @@ -1622,9 +1616,8 @@ extern SECAlgorithmID* * A Copy of the symmAlg field. A NULL return value indicates the * optional field was not present in the structure. */ -extern SECAlgorithmID* - CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue); - +extern SECAlgorithmID * +CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue); /* * FUNCTION: CRMF_EncryptedValueGetKeyAlg @@ -1641,8 +1634,8 @@ extern SECAlgorithmID* * A Copy of the keyAlg field. A NULL return value indicates the * optional field was not present in the structure. */ -extern SECAlgorithmID* - CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue); +extern SECAlgorithmID * +CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue); /* * FUNCTION: CRMF_EncryptedValueGetValueHint @@ -1662,12 +1655,12 @@ extern SECAlgorithmID* * value indicates the optional valueHint field is not present in the * EncryptedValue. */ -extern SECItem* - CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue); +extern SECItem * +CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue); /* * FUNCTION: CRMF_EncrypteValueGetEncSymmKey - * INPUTS: + * INPUTS: * inEncValue * The EncryptedValue to operate on. * @@ -1676,19 +1669,19 @@ extern SECItem* * symmetric key that the client uses in doing Public Key wrap of a private * key. When present, this is the symmetric key that was used to wrap the * private key. (The encrypted private key will be stored in encValue - * of the same EncryptedValue structure.) The user must call + * of the same EncryptedValue structure.) The user must call * SECITEM_FreeItem(retVal, PR_TRUE) when the return value is no longer * needed. * * RETURN: * A copy of the optional encSymmKey field of the EncryptedValue structure. * The return value will be in BIT STRING format, meaning the len field will - * be the number of valid bits as opposed to the number of bytes. A return + * be the number of valid bits as opposed to the number of bytes. A return * value of NULL means the optional encSymmKey field was not present in * the EncryptedValue structure. */ -extern SECItem* - CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue); +extern SECItem * +CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue); /* * FUNCTION: CRMF_PKIArchiveOptionsGetKeyGenParameters @@ -1697,19 +1690,19 @@ extern SECItem* * The PKiArchiveOptions to operate on. * * NOTES: - * User must call SECITEM_FreeItem(retVal, PR_TRUE) after the return + * User must call SECITEM_FreeItem(retVal, PR_TRUE) after the return * value is no longer needed. * * RETURN: * Get the keyGenParameters field of the PKIArchiveOptions. - * A NULL return value indicates that keyGenParameters was not + * A NULL return value indicates that keyGenParameters was not * used as the choice for this PKIArchiveOptions. * * The SECItem returned is in BIT STRING format (ie, the len field indicates * number of valid bits as opposed to allocated number of bytes.) */ -extern SECItem* - CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions); +extern SECItem * +CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions); /* * FUNCTION: CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey @@ -1717,34 +1710,32 @@ extern SECItem* * inOpt * The PKIArchiveOptions to operate on. * destVal - * A pointer to where the library can place the value for + * A pointer to where the library can place the value for * arciveRemGenPrivKey * RETURN: * If the PKIArchiveOptions used the archiveRemGenPrivKey field, the * function returns SECSuccess and fills the value at *destValue with either - * PR_TRUE or PR_FALSE, depending on what the PKIArchiveOptions has as a - * value. + * PR_TRUE or PR_FALSE, depending on what the PKIArchiveOptions has as a + * value. * * If the PKIArchiveOptions does not use the archiveRemGenPrivKey field, the * function returns SECFailure and the value at *destValue is unchanged. */ -extern SECStatus - CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt, - PRBool *destVal); +extern SECStatus +CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt, + PRBool *destVal); /* Helper functions that can be used by other libraries. */ /* * A quick helper function to get the best wrap mechanism. */ -extern CK_MECHANISM_TYPE CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot); +extern CK_MECHANISM_TYPE CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot); /* - * A helper function to get a randomly generated IV from a mechanism + * A helper function to get a randomly generated IV from a mechanism * type. */ -extern SECItem* CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType); - +extern SECItem *CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType); + SEC_END_PROTOS #endif /*_CRMF_H_*/ - - diff --git a/nss/lib/crmf/crmfcont.c b/nss/lib/crmf/crmfcont.c index 4e274d3..5df2bd8 100644 --- a/nss/lib/crmf/crmfcont.c +++ b/nss/lib/crmf/crmfcont.c @@ -10,32 +10,32 @@ #include "secoid.h" static SECStatus -crmf_modify_control_array (CRMFCertRequest *inCertReq, int count) +crmf_modify_control_array(CRMFCertRequest *inCertReq, int count) { if (count > 0) { - void *dummy = PORT_Realloc(inCertReq->controls, - sizeof(CRMFControl*)*(count+2)); - if (dummy == NULL) { - return SECFailure; - } - inCertReq->controls = dummy; + void *dummy = PORT_Realloc(inCertReq->controls, + sizeof(CRMFControl *) * (count + 2)); + if (dummy == NULL) { + return SECFailure; + } + inCertReq->controls = dummy; } else { - inCertReq->controls = PORT_ZNewArray(CRMFControl*, 2); + inCertReq->controls = PORT_ZNewArray(CRMFControl *, 2); } - return (inCertReq->controls == NULL) ? SECFailure : SECSuccess ; + return (inCertReq->controls == NULL) ? SECFailure : SECSuccess; } static SECStatus -crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag, - CRMFControl **destControl) +crmf_add_new_control(CRMFCertRequest *inCertReq, SECOidTag inTag, + CRMFControl **destControl) { - SECOidData *oidData; - SECStatus rv; + SECOidData *oidData; + SECStatus rv; PLArenaPool *poolp; - int numControls = 0; + int numControls = 0; CRMFControl *newControl; CRMFControl **controls; - void *mark; + void *mark; poolp = inCertReq->poolp; if (poolp == NULL) { @@ -44,7 +44,7 @@ crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag, mark = PORT_ArenaMark(poolp); if (inCertReq->controls != NULL) { while (inCertReq->controls[numControls] != NULL) - numControls++; + numControls++; } rv = crmf_modify_control_array(inCertReq, numControls); if (rv != SECSuccess) { @@ -52,7 +52,7 @@ crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag, } controls = inCertReq->controls; oidData = SECOID_FindOIDByTag(inTag); - newControl = *destControl = PORT_ArenaZNew(poolp,CRMFControl); + newControl = *destControl = PORT_ArenaZNew(poolp, CRMFControl); if (newControl == NULL) { goto loser; } @@ -62,24 +62,23 @@ crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag, } newControl->tag = inTag; controls[numControls] = newControl; - controls[numControls+1] = NULL; + controls[numControls + 1] = NULL; PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); *destControl = NULL; return SECFailure; - } static SECStatus crmf_add_secitem_control(CRMFCertRequest *inCertReq, SECItem *value, - SECOidTag inTag) + SECOidTag inTag) { - SECStatus rv; + SECStatus rv; CRMFControl *newControl; - void *mark; + void *mark; rv = crmf_add_new_control(inCertReq, inTag, &newControl); if (rv != SECSuccess) { @@ -89,7 +88,7 @@ crmf_add_secitem_control(CRMFCertRequest *inCertReq, SECItem *value, rv = SECITEM_CopyItem(inCertReq->poolp, &newControl->derValue, value); if (rv != SECSuccess) { PORT_ArenaRelease(inCertReq->poolp, mark); - return rv; + return rv; } PORT_ArenaUnmark(inCertReq->poolp, mark); return SECSuccess; @@ -98,16 +97,16 @@ crmf_add_secitem_control(CRMFCertRequest *inCertReq, SECItem *value, SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq, SECItem *value) { - return crmf_add_secitem_control(inCertReq, value, - SEC_OID_PKIX_REGCTRL_REGTOKEN); + return crmf_add_secitem_control(inCertReq, value, + SEC_OID_PKIX_REGCTRL_REGTOKEN); } SECStatus -CRMF_CertRequestSetAuthenticatorControl (CRMFCertRequest *inCertReq, - SECItem *value) +CRMF_CertRequestSetAuthenticatorControl(CRMFCertRequest *inCertReq, + SECItem *value) { - return crmf_add_secitem_control(inCertReq, value, - SEC_OID_PKIX_REGCTRL_AUTHENTICATOR); + return crmf_add_secitem_control(inCertReq, value, + SEC_OID_PKIX_REGCTRL_AUTHENTICATOR); } SECStatus @@ -115,32 +114,32 @@ crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, PRBool freeit) { if (inEncrValue != NULL) { if (inEncrValue->intendedAlg) { - SECOID_DestroyAlgorithmID(inEncrValue->intendedAlg, PR_TRUE); - inEncrValue->intendedAlg = NULL; - } - if (inEncrValue->symmAlg) { - SECOID_DestroyAlgorithmID(inEncrValue->symmAlg, PR_TRUE); - inEncrValue->symmAlg = NULL; - } + SECOID_DestroyAlgorithmID(inEncrValue->intendedAlg, PR_TRUE); + inEncrValue->intendedAlg = NULL; + } + if (inEncrValue->symmAlg) { + SECOID_DestroyAlgorithmID(inEncrValue->symmAlg, PR_TRUE); + inEncrValue->symmAlg = NULL; + } if (inEncrValue->encSymmKey.data) { - PORT_Free(inEncrValue->encSymmKey.data); - inEncrValue->encSymmKey.data = NULL; - } - if (inEncrValue->keyAlg) { - SECOID_DestroyAlgorithmID(inEncrValue->keyAlg, PR_TRUE); - inEncrValue->keyAlg = NULL; - } - if (inEncrValue->valueHint.data) { - PORT_Free(inEncrValue->valueHint.data); - inEncrValue->valueHint.data = NULL; - } + PORT_Free(inEncrValue->encSymmKey.data); + inEncrValue->encSymmKey.data = NULL; + } + if (inEncrValue->keyAlg) { + SECOID_DestroyAlgorithmID(inEncrValue->keyAlg, PR_TRUE); + inEncrValue->keyAlg = NULL; + } + if (inEncrValue->valueHint.data) { + PORT_Free(inEncrValue->valueHint.data); + inEncrValue->valueHint.data = NULL; + } if (inEncrValue->encValue.data) { - PORT_Free(inEncrValue->encValue.data); - inEncrValue->encValue.data = NULL; - } - if (freeit) { - PORT_Free(inEncrValue); - } + PORT_Free(inEncrValue->encValue.data); + inEncrValue->encValue.data = NULL; + } + if (freeit) { + PORT_Free(inEncrValue); + } } return SECSuccess; } @@ -152,19 +151,18 @@ CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue) } SECStatus -crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, - SECAlgorithmID *srcAlgId, - SECAlgorithmID **destAlgId) +crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, + SECAlgorithmID *srcAlgId, + SECAlgorithmID **destAlgId) { SECAlgorithmID *newAlgId; SECStatus rv; - newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) : - PORT_ZNew(SECAlgorithmID); + newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) : PORT_ZNew(SECAlgorithmID); if (newAlgId == NULL) { return SECFailure; } - + rv = SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId); if (rv != SECSuccess) { if (!poolp) { @@ -173,121 +171,120 @@ crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, return rv; } *destAlgId = newAlgId; - + return rv; } SECStatus -crmf_copy_encryptedvalue(PLArenaPool *poolp, - CRMFEncryptedValue *srcValue, - CRMFEncryptedValue *destValue) +crmf_copy_encryptedvalue(PLArenaPool *poolp, + CRMFEncryptedValue *srcValue, + CRMFEncryptedValue *destValue) { - SECStatus rv; + SECStatus rv; if (srcValue->intendedAlg != NULL) { rv = crmf_copy_encryptedvalue_secalg(poolp, - srcValue->intendedAlg, - &destValue->intendedAlg); - if (rv != SECSuccess) { - goto loser; - } + srcValue->intendedAlg, + &destValue->intendedAlg); + if (rv != SECSuccess) { + goto loser; + } } if (srcValue->symmAlg != NULL) { - rv = crmf_copy_encryptedvalue_secalg(poolp, - srcValue->symmAlg, - &destValue->symmAlg); - if (rv != SECSuccess) { - goto loser; - } + rv = crmf_copy_encryptedvalue_secalg(poolp, + srcValue->symmAlg, + &destValue->symmAlg); + if (rv != SECSuccess) { + goto loser; + } } if (srcValue->encSymmKey.data != NULL) { - rv = crmf_make_bitstring_copy(poolp, - &destValue->encSymmKey, - &srcValue->encSymmKey); - if (rv != SECSuccess) { - goto loser; - } + rv = crmf_make_bitstring_copy(poolp, + &destValue->encSymmKey, + &srcValue->encSymmKey); + if (rv != SECSuccess) { + goto loser; + } } if (srcValue->keyAlg != NULL) { rv = crmf_copy_encryptedvalue_secalg(poolp, - srcValue->keyAlg, - &destValue->keyAlg); - if (rv != SECSuccess) { - goto loser; - } + srcValue->keyAlg, + &destValue->keyAlg); + if (rv != SECSuccess) { + goto loser; + } } if (srcValue->valueHint.data != NULL) { - rv = SECITEM_CopyItem(poolp, - &destValue->valueHint, - &srcValue->valueHint); - if (rv != SECSuccess) { - goto loser; - } + rv = SECITEM_CopyItem(poolp, + &destValue->valueHint, + &srcValue->valueHint); + if (rv != SECSuccess) { + goto loser; + } } if (srcValue->encValue.data != NULL) { rv = crmf_make_bitstring_copy(poolp, - &destValue->encValue, - &srcValue->encValue); - if (rv != SECSuccess) { - goto loser; - } + &destValue->encValue, + &srcValue->encValue); + if (rv != SECSuccess) { + goto loser; + } } return SECSuccess; - loser: +loser: if (poolp == NULL && destValue != NULL) { crmf_destroy_encrypted_value(destValue, PR_FALSE); } return SECFailure; } -SECStatus -crmf_copy_encryptedkey(PLArenaPool *poolp, - CRMFEncryptedKey *srcEncrKey, - CRMFEncryptedKey *destEncrKey) +SECStatus +crmf_copy_encryptedkey(PLArenaPool *poolp, + CRMFEncryptedKey *srcEncrKey, + CRMFEncryptedKey *destEncrKey) { - SECStatus rv; - void *mark = NULL; + SECStatus rv; + void *mark = NULL; if (poolp != NULL) { mark = PORT_ArenaMark(poolp); } switch (srcEncrKey->encKeyChoice) { - case crmfEncryptedValueChoice: - rv = crmf_copy_encryptedvalue(poolp, - &srcEncrKey->value.encryptedValue, - &destEncrKey->value.encryptedValue); - break; - case crmfEnvelopedDataChoice: - destEncrKey->value.envelopedData = - SEC_PKCS7CopyContentInfo(srcEncrKey->value.envelopedData); - rv = (destEncrKey->value.envelopedData != NULL) ? SECSuccess: - SECFailure; - break; - default: - rv = SECFailure; + case crmfEncryptedValueChoice: + rv = crmf_copy_encryptedvalue(poolp, + &srcEncrKey->value.encryptedValue, + &destEncrKey->value.encryptedValue); + break; + case crmfEnvelopedDataChoice: + destEncrKey->value.envelopedData = + SEC_PKCS7CopyContentInfo(srcEncrKey->value.envelopedData); + rv = (destEncrKey->value.envelopedData != NULL) ? SECSuccess : SECFailure; + break; + default: + rv = SECFailure; } if (rv != SECSuccess) { goto loser; } destEncrKey->encKeyChoice = srcEncrKey->encKeyChoice; if (mark) { - PORT_ArenaUnmark(poolp, mark); + PORT_ArenaUnmark(poolp, mark); } return SECSuccess; - loser: +loser: if (mark) { PORT_ArenaRelease(poolp, mark); } return SECFailure; } -static CRMFPKIArchiveOptions* +static CRMFPKIArchiveOptions * crmf_create_encr_pivkey_option(CRMFEncryptedKey *inEncryptedKey) { CRMFPKIArchiveOptions *newArchOpt; - SECStatus rv; + SECStatus rv; newArchOpt = PORT_ZNew(CRMFPKIArchiveOptions); if (newArchOpt == NULL) { @@ -295,25 +292,25 @@ crmf_create_encr_pivkey_option(CRMFEncryptedKey *inEncryptedKey) } rv = crmf_copy_encryptedkey(NULL, inEncryptedKey, - &newArchOpt->option.encryptedKey); - + &newArchOpt->option.encryptedKey); + if (rv != SECSuccess) { - goto loser; + goto loser; } newArchOpt->archOption = crmfEncryptedPrivateKey; return newArchOpt; - loser: +loser: if (newArchOpt != NULL) { CRMF_DestroyPKIArchiveOptions(newArchOpt); } return NULL; } -static CRMFPKIArchiveOptions* +static CRMFPKIArchiveOptions * crmf_create_keygen_param_option(SECItem *inKeyGenParams) { CRMFPKIArchiveOptions *newArchOptions; - SECStatus rv; + SECStatus rv; newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions); if (newArchOptions == NULL) { @@ -321,23 +318,23 @@ crmf_create_keygen_param_option(SECItem *inKeyGenParams) } newArchOptions->archOption = crmfKeyGenParameters; rv = SECITEM_CopyItem(NULL, &newArchOptions->option.keyGenParameters, - inKeyGenParams); + inKeyGenParams); if (rv != SECSuccess) { goto loser; } return newArchOptions; - loser: +loser: if (newArchOptions != NULL) { CRMF_DestroyPKIArchiveOptions(newArchOptions); } return NULL; } -static CRMFPKIArchiveOptions* +static CRMFPKIArchiveOptions * crmf_create_arch_rem_gen_privkey(PRBool archiveRemGenPrivKey) { - unsigned char value; - SECItem *dummy; + unsigned char value; + SECItem *dummy; CRMFPKIArchiveOptions *newArchOptions; value = (archiveRemGenPrivKey) ? hexTrue : hexFalse; @@ -345,63 +342,63 @@ crmf_create_arch_rem_gen_privkey(PRBool archiveRemGenPrivKey) if (newArchOptions == NULL) { goto loser; } - dummy = SEC_ASN1EncodeItem(NULL, - &newArchOptions->option.archiveRemGenPrivKey, - &value, SEC_ASN1_GET(SEC_BooleanTemplate)); - PORT_Assert (dummy == &newArchOptions->option.archiveRemGenPrivKey); + dummy = SEC_ASN1EncodeItem(NULL, + &newArchOptions->option.archiveRemGenPrivKey, + &value, SEC_ASN1_GET(SEC_BooleanTemplate)); + PORT_Assert(dummy == &newArchOptions->option.archiveRemGenPrivKey); if (dummy != &newArchOptions->option.archiveRemGenPrivKey) { - SECITEM_FreeItem (dummy, PR_TRUE); - goto loser; + SECITEM_FreeItem(dummy, PR_TRUE); + goto loser; } newArchOptions->archOption = crmfArchiveRemGenPrivKey; return newArchOptions; - loser: +loser: if (newArchOptions != NULL) { CRMF_DestroyPKIArchiveOptions(newArchOptions); } return NULL; } -CRMFPKIArchiveOptions* +CRMFPKIArchiveOptions * CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType, void *data) { - CRMFPKIArchiveOptions* retOptions; + CRMFPKIArchiveOptions *retOptions; PORT_Assert(data != NULL); if (data == NULL) { return NULL; } - switch(inType) { - case crmfEncryptedPrivateKey: - retOptions = crmf_create_encr_pivkey_option((CRMFEncryptedKey*)data); - break; - case crmfKeyGenParameters: - retOptions = crmf_create_keygen_param_option((SECItem*)data); - break; - case crmfArchiveRemGenPrivKey: - retOptions = crmf_create_arch_rem_gen_privkey(*(PRBool*)data); - break; - default: - retOptions = NULL; + switch (inType) { + case crmfEncryptedPrivateKey: + retOptions = crmf_create_encr_pivkey_option((CRMFEncryptedKey *)data); + break; + case crmfKeyGenParameters: + retOptions = crmf_create_keygen_param_option((SECItem *)data); + break; + case crmfArchiveRemGenPrivKey: + retOptions = crmf_create_arch_rem_gen_privkey(*(PRBool *)data); + break; + default: + retOptions = NULL; } return retOptions; } static SECStatus crmf_destroy_encrypted_key(CRMFEncryptedKey *inEncrKey, PRBool freeit) -{ +{ PORT_Assert(inEncrKey != NULL); if (inEncrKey != NULL) { - switch (inEncrKey->encKeyChoice){ - case crmfEncryptedValueChoice: - crmf_destroy_encrypted_value(&inEncrKey->value.encryptedValue, - PR_FALSE); - break; - case crmfEnvelopedDataChoice: - SEC_PKCS7DestroyContentInfo(inEncrKey->value.envelopedData); - break; - default: - break; + switch (inEncrKey->encKeyChoice) { + case crmfEncryptedValueChoice: + crmf_destroy_encrypted_value(&inEncrKey->value.encryptedValue, + PR_FALSE); + break; + case crmfEnvelopedDataChoice: + SEC_PKCS7DestroyContentInfo(inEncrKey->value.envelopedData); + break; + default: + break; } if (freeit) { PORT_Free(inEncrKey); @@ -410,37 +407,37 @@ crmf_destroy_encrypted_key(CRMFEncryptedKey *inEncrKey, PRBool freeit) return SECSuccess; } -SECStatus -crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, - PRBool freeit) +SECStatus +crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, + PRBool freeit) { PORT_Assert(inArchOptions != NULL); if (inArchOptions != NULL) { switch (inArchOptions->archOption) { - case crmfEncryptedPrivateKey: - crmf_destroy_encrypted_key(&inArchOptions->option.encryptedKey, - PR_FALSE); - break; - case crmfKeyGenParameters: - case crmfArchiveRemGenPrivKey: - /* This is a union, so having a pointer to one is like - * having a pointer to both. - */ - SECITEM_FreeItem(&inArchOptions->option.keyGenParameters, - PR_FALSE); - break; - case crmfNoArchiveOptions: - break; - } - if (freeit) { - PORT_Free(inArchOptions); - } + case crmfEncryptedPrivateKey: + crmf_destroy_encrypted_key(&inArchOptions->option.encryptedKey, + PR_FALSE); + break; + case crmfKeyGenParameters: + case crmfArchiveRemGenPrivKey: + /* This is a union, so having a pointer to one is like + * having a pointer to both. + */ + SECITEM_FreeItem(&inArchOptions->option.keyGenParameters, + PR_FALSE); + break; + case crmfNoArchiveOptions: + break; + } + if (freeit) { + PORT_Free(inArchOptions); + } } return SECSuccess; } SECStatus -CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOptions) +CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOptions) { return crmf_destroy_pkiarchiveoptions(inArchOptions, PR_TRUE); } @@ -449,24 +446,24 @@ static CK_MECHANISM_TYPE crmf_get_non_pad_mechanism(CK_MECHANISM_TYPE type) { switch (type) { - case CKM_DES3_CBC_PAD: - return CKM_DES3_CBC; - case CKM_CAST5_CBC_PAD: - return CKM_CAST5_CBC; - case CKM_DES_CBC_PAD: - return CKM_DES_CBC; - case CKM_IDEA_CBC_PAD: - return CKM_IDEA_CBC; - case CKM_CAST3_CBC_PAD: - return CKM_CAST3_CBC; - case CKM_CAST_CBC_PAD: - return CKM_CAST_CBC; - case CKM_RC5_CBC_PAD: - return CKM_RC5_CBC; - case CKM_RC2_CBC_PAD: - return CKM_RC2_CBC; - case CKM_CDMF_CBC_PAD: - return CKM_CDMF_CBC; + case CKM_DES3_CBC_PAD: + return CKM_DES3_CBC; + case CKM_CAST5_CBC_PAD: + return CKM_CAST5_CBC; + case CKM_DES_CBC_PAD: + return CKM_DES_CBC; + case CKM_IDEA_CBC_PAD: + return CKM_IDEA_CBC; + case CKM_CAST3_CBC_PAD: + return CKM_CAST3_CBC; + case CKM_CAST_CBC_PAD: + return CKM_CAST_CBC; + case CKM_RC5_CBC_PAD: + return CKM_RC5_CBC; + case CKM_RC2_CBC_PAD: + return CKM_RC2_CBC; + case CKM_CDMF_CBC_PAD: + return CKM_CDMF_CBC; } return type; } @@ -474,8 +471,8 @@ crmf_get_non_pad_mechanism(CK_MECHANISM_TYPE type) static CK_MECHANISM_TYPE crmf_get_pad_mech_from_tag(SECOidTag oidTag) { - CK_MECHANISM_TYPE mechType; - SECOidData *oidData; + CK_MECHANISM_TYPE mechType; + SECOidData *oidData; oidData = SECOID_FindOIDByTag(oidTag); mechType = (CK_MECHANISM_TYPE)oidData->mechanism; @@ -483,24 +480,24 @@ crmf_get_pad_mech_from_tag(SECOidTag oidTag) } static CK_MECHANISM_TYPE -crmf_get_best_privkey_wrap_mechanism(PK11SlotInfo *slot) +crmf_get_best_privkey_wrap_mechanism(PK11SlotInfo *slot) { CK_MECHANISM_TYPE privKeyPadMechs[] = { CKM_DES3_CBC_PAD, - CKM_CAST5_CBC_PAD, - CKM_DES_CBC_PAD, - CKM_IDEA_CBC_PAD, - CKM_CAST3_CBC_PAD, - CKM_CAST_CBC_PAD, - CKM_RC5_CBC_PAD, - CKM_RC2_CBC_PAD, - CKM_CDMF_CBC_PAD }; - int mechCount = sizeof(privKeyPadMechs)/sizeof(privKeyPadMechs[0]); + CKM_CAST5_CBC_PAD, + CKM_DES_CBC_PAD, + CKM_IDEA_CBC_PAD, + CKM_CAST3_CBC_PAD, + CKM_CAST_CBC_PAD, + CKM_RC5_CBC_PAD, + CKM_RC2_CBC_PAD, + CKM_CDMF_CBC_PAD }; + int mechCount = sizeof(privKeyPadMechs) / sizeof(privKeyPadMechs[0]); int i; - for (i=0; i < mechCount; i++) { + for (i = 0; i < mechCount; i++) { if (PK11_DoesMechanism(slot, privKeyPadMechs[i])) { - return privKeyPadMechs[i]; - } + return privKeyPadMechs[i]; + } } return CKM_INVALID_MECHANISM; } @@ -511,12 +508,12 @@ CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot) return crmf_get_best_privkey_wrap_mechanism(slot); } -static SECItem* +static SECItem * crmf_get_iv(CK_MECHANISM_TYPE mechType) { - int iv_size = PK11_GetIVLength(mechType); - SECItem *iv; - SECStatus rv; + int iv_size = PK11_GetIVLength(mechType); + SECItem *iv; + SECStatus rv; iv = PORT_ZNew(SECItem); if (iv == NULL) { @@ -524,25 +521,25 @@ crmf_get_iv(CK_MECHANISM_TYPE mechType) } if (iv_size == 0) { iv->data = NULL; - iv->len = 0; - return iv; + iv->len = 0; + return iv; } iv->data = PORT_NewArray(unsigned char, iv_size); if (iv->data == NULL) { iv->len = 0; - return iv; + return iv; } iv->len = iv_size; rv = PK11_GenerateRandom(iv->data, iv->len); if (rv != SECSuccess) { PORT_Free(iv->data); - iv->data = NULL; - iv->len = 0; + iv->data = NULL; + iv->len = 0; } return iv; } -SECItem* +SECItem * CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType) { return crmf_get_iv(mechType); @@ -552,8 +549,7 @@ CK_MECHANISM_TYPE crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey) { CERTSubjectPublicKeyInfo *spki = NULL; - SECOidTag tag; - + SECOidTag tag; spki = SECKEY_CreateSubjectPublicKeyInfo(inPubKey); if (spki == NULL) { @@ -565,58 +561,58 @@ crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey) return PK11_AlgtagToMechanism(tag); } -SECItem* +SECItem * crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest) { SECItem *src; - switch(pubKey->keyType) { - case dsaKey: - src = &pubKey->u.dsa.publicValue; - break; - case rsaKey: - src = &pubKey->u.rsa.modulus; - break; - case dhKey: - src = &pubKey->u.dh.publicValue; - break; - default: - src = NULL; - break; + switch (pubKey->keyType) { + case dsaKey: + src = &pubKey->u.dsa.publicValue; + break; + case rsaKey: + src = &pubKey->u.rsa.modulus; + break; + case dhKey: + src = &pubKey->u.dh.publicValue; + break; + default: + src = NULL; + break; } if (!src) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; } if (dest != NULL) { - SECStatus rv = SECITEM_CopyItem(NULL, dest, src); - if (rv != SECSuccess) { - dest = NULL; - } + SECStatus rv = SECITEM_CopyItem(NULL, dest, src); + if (rv != SECSuccess) { + dest = NULL; + } } else { dest = SECITEM_ArenaDupItem(NULL, src); } return dest; } -static SECItem* +static SECItem * crmf_decode_params(SECItem *inParams) { - SECItem *params; - SECStatus rv = SECFailure; + SECItem *params; + SECStatus rv = SECFailure; PLArenaPool *poolp; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { return NULL; } - + params = PORT_ArenaZNew(poolp, SECItem); if (params) { - rv = SEC_ASN1DecodeItem(poolp, params, - SEC_ASN1_GET(SEC_OctetStringTemplate), - inParams); + rv = SEC_ASN1DecodeItem(poolp, params, + SEC_ASN1_GET(SEC_OctetStringTemplate), + inParams); } params = (rv == SECSuccess) ? SECITEM_ArenaDupItem(NULL, params) : NULL; PORT_FreeArena(poolp, PR_FALSE); @@ -629,37 +625,38 @@ crmf_get_key_size_from_mech(CK_MECHANISM_TYPE mechType) CK_MECHANISM_TYPE keyGen = PK11_GetKeyGen(mechType); switch (keyGen) { - case CKM_CDMF_KEY_GEN: - case CKM_DES_KEY_GEN: - return 8; - case CKM_DES2_KEY_GEN: - return 16; - case CKM_DES3_KEY_GEN: - return 24; + case CKM_CDMF_KEY_GEN: + case CKM_DES_KEY_GEN: + return 8; + case CKM_DES2_KEY_GEN: + return 16; + case CKM_DES3_KEY_GEN: + return 24; } return 0; } SECStatus -crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, - CRMFEncryptedValue *encValue, - SECKEYPrivateKey *privKey, - SECKEYPublicKey *newPubKey, - SECItem *nickname, - PK11SlotInfo *slot, - unsigned char keyUsage, - SECKEYPrivateKey **unWrappedKey, - void *wincx) +crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, + CRMFEncryptedValue *encValue, + SECKEYPrivateKey *privKey, + SECKEYPublicKey *newPubKey, + SECItem *nickname, + PK11SlotInfo *slot, + unsigned char keyUsage, + SECKEYPrivateKey **unWrappedKey, + void *wincx) { - PK11SymKey *wrappingKey = NULL; - CK_MECHANISM_TYPE wrapMechType; - SECOidTag oidTag; - SECItem *params = NULL, *publicValue = NULL; - int keySize, origLen; - CK_KEY_TYPE keyType; + PK11SymKey *wrappingKey = NULL; + CK_MECHANISM_TYPE wrapMechType; + SECOidTag oidTag; + SECItem *params = NULL, *publicValue = NULL; + int keySize, origLen; + CK_KEY_TYPE keyType; CK_ATTRIBUTE_TYPE *usage = NULL; CK_ATTRIBUTE_TYPE rsaUsage[] = { - CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER }; + CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER + }; CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN }; CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE }; int usageCount = 0; @@ -667,108 +664,109 @@ crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, oidTag = SECOID_GetAlgorithmTag(encValue->symmAlg); wrapMechType = crmf_get_pad_mech_from_tag(oidTag); keySize = crmf_get_key_size_from_mech(wrapMechType); - wrappingKey = PK11_PubUnwrapSymKey(privKey, &encValue->encSymmKey, - wrapMechType, CKA_UNWRAP, keySize); + wrappingKey = PK11_PubUnwrapSymKey(privKey, &encValue->encSymmKey, + wrapMechType, CKA_UNWRAP, keySize); if (wrappingKey == NULL) { goto loser; - }/* Make the length a byte length instead of bit length*/ - params = (encValue->symmAlg != NULL) ? - crmf_decode_params(&encValue->symmAlg->parameters) : NULL; + } /* Make the length a byte length instead of bit length*/ + params = (encValue->symmAlg != NULL) ? crmf_decode_params(&encValue->symmAlg->parameters) + : NULL; origLen = encValue->encValue.len; encValue->encValue.len = CRMF_BITS_TO_BYTES(origLen); publicValue = crmf_get_public_value(newPubKey, NULL); - switch(newPubKey->keyType) { - default: - case rsaKey: - keyType = CKK_RSA; - switch (keyUsage & (KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE)) { - case KU_KEY_ENCIPHERMENT: - usage = rsaUsage; - usageCount = 2; + switch (newPubKey->keyType) { + default: + case rsaKey: + keyType = CKK_RSA; + switch (keyUsage & (KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE)) { + case KU_KEY_ENCIPHERMENT: + usage = rsaUsage; + usageCount = 2; + break; + case KU_DIGITAL_SIGNATURE: + usage = &rsaUsage[2]; + usageCount = 2; + break; + case KU_KEY_ENCIPHERMENT | + KU_DIGITAL_SIGNATURE: + case 0: /* default to everything */ + usage = rsaUsage; + usageCount = 4; + break; + } break; - case KU_DIGITAL_SIGNATURE: - usage = &rsaUsage[2]; - usageCount = 2; + case dhKey: + keyType = CKK_DH; + usage = dhUsage; + usageCount = sizeof(dhUsage) / sizeof(dhUsage[0]); break; - case KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE: - case 0: /* default to everything */ - usage = rsaUsage; - usageCount = 4; + case dsaKey: + keyType = CKK_DSA; + usage = dsaUsage; + usageCount = sizeof(dsaUsage) / sizeof(dsaUsage[0]); break; - } - break; - case dhKey: - keyType = CKK_DH; - usage = dhUsage; - usageCount = sizeof(dhUsage)/sizeof(dhUsage[0]); - break; - case dsaKey: - keyType = CKK_DSA; - usage = dsaUsage; - usageCount = sizeof(dsaUsage)/sizeof(dsaUsage[0]); - break; } PORT_Assert(usage != NULL); PORT_Assert(usageCount != 0); *unWrappedKey = PK11_UnwrapPrivKey(slot, wrappingKey, wrapMechType, params, - &encValue->encValue, nickname, - publicValue, PR_TRUE,PR_TRUE, - keyType, usage, usageCount, wincx); + &encValue->encValue, nickname, + publicValue, PR_TRUE, PR_TRUE, + keyType, usage, usageCount, wincx); encValue->encValue.len = origLen; if (*unWrappedKey == NULL) { goto loser; } - SECITEM_FreeItem (publicValue, PR_TRUE); - if (params!= NULL) { + SECITEM_FreeItem(publicValue, PR_TRUE); + if (params != NULL) { SECITEM_FreeItem(params, PR_TRUE); - } + } PK11_FreeSymKey(wrappingKey); return SECSuccess; - loser: +loser: *unWrappedKey = NULL; return SECFailure; } CRMFEncryptedValue * -crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, - SECKEYPublicKey *inCAKey, - CRMFEncryptedValue *destValue) +crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, + SECKEYPublicKey *inCAKey, + CRMFEncryptedValue *destValue) { - SECItem wrappedPrivKey, wrappedSymKey; - SECItem encodedParam, *dummy; - SECStatus rv; - CK_MECHANISM_TYPE pubMechType, symKeyType; - unsigned char *wrappedSymKeyBits; - unsigned char *wrappedPrivKeyBits; - SECItem *iv = NULL; - SECOidTag tag; - PK11SymKey *symKey; - PK11SlotInfo *slot; - SECAlgorithmID *symmAlg; - CRMFEncryptedValue *myEncrValue = NULL; + SECItem wrappedPrivKey, wrappedSymKey; + SECItem encodedParam, *dummy; + SECStatus rv; + CK_MECHANISM_TYPE pubMechType, symKeyType; + unsigned char *wrappedSymKeyBits; + unsigned char *wrappedPrivKeyBits; + SECItem *iv = NULL; + SECOidTag tag; + PK11SymKey *symKey; + PK11SlotInfo *slot; + SECAlgorithmID *symmAlg; + CRMFEncryptedValue *myEncrValue = NULL; encodedParam.data = NULL; - wrappedSymKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN); + wrappedSymKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN); wrappedPrivKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN); if (wrappedSymKeyBits == NULL || wrappedPrivKeyBits == NULL) { goto loser; } if (destValue == NULL) { myEncrValue = destValue = PORT_ZNew(CRMFEncryptedValue); - if (destValue == NULL) { - goto loser; - } + if (destValue == NULL) { + goto loser; + } } pubMechType = crmf_get_mechanism_from_public_key(inCAKey); if (pubMechType == CKM_INVALID_MECHANISM) { - /* XXX I should probably do something here for non-RSA - * keys that are in certs. (ie DSA) - * XXX or at least SET AN ERROR CODE. - */ + /* XXX I should probably do something here for non-RSA + * keys that are in certs. (ie DSA) + * XXX or at least SET AN ERROR CODE. + */ goto loser; } - slot = inPrivKey->pkcs11Slot; + slot = inPrivKey->pkcs11Slot; PORT_Assert(slot != NULL); symKeyType = crmf_get_best_privkey_wrap_mechanism(slot); symKey = PK11_KeyGen(slot, symKeyType, NULL, 0, NULL); @@ -777,7 +775,7 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, } wrappedSymKey.data = wrappedSymKeyBits; - wrappedSymKey.len = MAX_WRAPPED_KEY_LEN; + wrappedSymKey.len = MAX_WRAPPED_KEY_LEN; rv = PK11_PubWrapSymKey(pubMechType, inCAKey, symKey, &wrappedSymKey); if (rv != SECSuccess) { goto loser; @@ -786,26 +784,26 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, wrappedSymKey.len <<= 3; wrappedPrivKey.data = wrappedPrivKeyBits; - wrappedPrivKey.len = MAX_WRAPPED_KEY_LEN; + wrappedPrivKey.len = MAX_WRAPPED_KEY_LEN; iv = crmf_get_iv(symKeyType); - rv = PK11_WrapPrivKey(slot, symKey, inPrivKey, symKeyType, iv, - &wrappedPrivKey, NULL); + rv = PK11_WrapPrivKey(slot, symKey, inPrivKey, symKeyType, iv, + &wrappedPrivKey, NULL); PK11_FreeSymKey(symKey); if (rv != SECSuccess) { goto loser; } /* Make the length of the result a Bit String length. */ wrappedPrivKey.len <<= 3; - rv = crmf_make_bitstring_copy(NULL, - &destValue->encValue, - &wrappedPrivKey); + rv = crmf_make_bitstring_copy(NULL, + &destValue->encValue, + &wrappedPrivKey); if (rv != SECSuccess) { goto loser; } rv = crmf_make_bitstring_copy(NULL, - &destValue->encSymmKey, - &wrappedSymKey); + &destValue->encSymmKey, + &wrappedSymKey); if (rv != SECSuccess) { goto loser; } @@ -814,11 +812,11 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, goto loser; } - dummy = SEC_ASN1EncodeItem(NULL, &encodedParam, iv, + dummy = SEC_ASN1EncodeItem(NULL, &encodedParam, iv, SEC_ASN1_GET(SEC_OctetStringTemplate)); if (dummy != &encodedParam) { SECITEM_FreeItem(dummy, PR_TRUE); - goto loser; + goto loser; } symKeyType = crmf_get_non_pad_mechanism(symKeyType); @@ -832,9 +830,9 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, PORT_Free(wrappedSymKeyBits); SECITEM_FreeItem(iv, PR_TRUE); return destValue; - loser: +loser: if (iv != NULL) { - SECITEM_FreeItem(iv, PR_TRUE); + SECITEM_FreeItem(iv, PR_TRUE); } if (myEncrValue != NULL) { crmf_destroy_encrypted_value(myEncrValue, PR_TRUE); @@ -846,17 +844,17 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, PORT_Free(wrappedPrivKeyBits); } if (encodedParam.data != NULL) { - SECITEM_FreeItem(&encodedParam, PR_FALSE); + SECITEM_FreeItem(&encodedParam, PR_FALSE); } return NULL; } -CRMFEncryptedKey* -CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, - CERTCertificate *inCACert) +CRMFEncryptedKey * +CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey, + CERTCertificate *inCACert) { - SECKEYPublicKey *caPubKey = NULL; - CRMFEncryptedKey *encKey = NULL; + SECKEYPublicKey *caPubKey = NULL; + CRMFEncryptedKey *encKey = NULL; PORT_Assert(inPrivKey != NULL && inCACert != NULL); if (inPrivKey == NULL || inCACert == NULL) { @@ -883,13 +881,13 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, crmf_create_encrypted_value_wrapped_privkey( inPrivKey, caPubKey, &encKey->value.encryptedValue); #endif - /* We won't add the der value here, but rather when it + /* We won't add the der value here, but rather when it * becomes part of a certificate request. */ SECKEY_DestroyPublicKey(caPubKey); encKey->encKeyChoice = crmfEncryptedValueChoice; return encKey; - loser: +loser: if (encKey != NULL) { CRMF_DestroyEncryptedKey(encKey); } @@ -906,29 +904,29 @@ CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey) } SECStatus -crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, - CRMFPKIArchiveOptions *destOpt, - CRMFPKIArchiveOptions *srcOpt) +crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, + CRMFPKIArchiveOptions *destOpt, + CRMFPKIArchiveOptions *srcOpt) { SECStatus rv; destOpt->archOption = srcOpt->archOption; switch (srcOpt->archOption) { - case crmfEncryptedPrivateKey: - rv = crmf_copy_encryptedkey(poolp, - &srcOpt->option.encryptedKey, - &destOpt->option.encryptedKey); - break; - case crmfKeyGenParameters: - case crmfArchiveRemGenPrivKey: - /* We've got a union, so having a pointer to one is just - * like having a pointer to the other one. - */ - rv = SECITEM_CopyItem(poolp, - &destOpt->option.keyGenParameters, - &srcOpt->option.keyGenParameters); - break; - default: - rv = SECFailure; + case crmfEncryptedPrivateKey: + rv = crmf_copy_encryptedkey(poolp, + &srcOpt->option.encryptedKey, + &destOpt->option.encryptedKey); + break; + case crmfKeyGenParameters: + case crmfArchiveRemGenPrivKey: + /* We've got a union, so having a pointer to one is just + * like having a pointer to the other one. + */ + rv = SECITEM_CopyItem(poolp, + &destOpt->option.keyGenParameters, + &srcOpt->option.keyGenParameters); + break; + default: + rv = SECFailure; } return rv; } @@ -940,23 +938,23 @@ crmf_check_and_adjust_archoption(CRMFControl *inControl) options = &inControl->value.archiveOptions; if (options->archOption == crmfNoArchiveOptions) { - /* It hasn't been set, so figure it out from the - * der. - */ + /* It hasn't been set, so figure it out from the + * der. + */ switch (inControl->derValue.data[0] & 0x0f) { - case 0: - options->archOption = crmfEncryptedPrivateKey; - break; - case 1: - options->archOption = crmfKeyGenParameters; - break; - case 2: - options->archOption = crmfArchiveRemGenPrivKey; - break; - default: - /* We've got bad DER. Return an error. */ - return SECFailure; - } + case 0: + options->archOption = crmfEncryptedPrivateKey; + break; + case 1: + options->archOption = crmfKeyGenParameters; + break; + case 2: + options->archOption = crmfArchiveRemGenPrivKey; + break; + default: + /* We've got bad DER. Return an error. */ + return SECFailure; + } } return SECSuccess; } @@ -965,10 +963,10 @@ static const SEC_ASN1Template * crmf_get_pkiarchive_subtemplate(CRMFControl *inControl) { const SEC_ASN1Template *retTemplate; - SECStatus rv; + SECStatus rv; /* * We could be in the process of decoding, in which case the - * archOption field will not be set. Let's check it and set + * archOption field will not be set. Let's check it and set * it accordingly. */ @@ -978,38 +976,38 @@ crmf_get_pkiarchive_subtemplate(CRMFControl *inControl) } switch (inControl->value.archiveOptions.archOption) { - case crmfEncryptedPrivateKey: - retTemplate = CRMFEncryptedKeyWithEncryptedValueTemplate; - inControl->value.archiveOptions.option.encryptedKey.encKeyChoice = - crmfEncryptedValueChoice; - break; - default: - retTemplate = NULL; + case crmfEncryptedPrivateKey: + retTemplate = CRMFEncryptedKeyWithEncryptedValueTemplate; + inControl->value.archiveOptions.option.encryptedKey.encKeyChoice = + crmfEncryptedValueChoice; + break; + default: + retTemplate = NULL; } return retTemplate; } -const SEC_ASN1Template* +const SEC_ASN1Template * crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl) { const SEC_ASN1Template *retTemplate; switch (inControl->tag) { - case SEC_OID_PKIX_REGCTRL_REGTOKEN: - case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR: - retTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate); - break; - case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: - retTemplate = crmf_get_pkiarchive_subtemplate(inControl); - break; - case SEC_OID_PKIX_REGCTRL_PKIPUBINFO: - case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID: - case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY: - /* We don't support these controls, so we fail for now.*/ - retTemplate = NULL; - break; - default: - retTemplate = NULL; + case SEC_OID_PKIX_REGCTRL_REGTOKEN: + case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR: + retTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate); + break; + case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: + retTemplate = crmf_get_pkiarchive_subtemplate(inControl); + break; + case SEC_OID_PKIX_REGCTRL_PKIPUBINFO: + case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID: + case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY: + /* We don't support these controls, so we fail for now.*/ + retTemplate = NULL; + break; + default: + retTemplate = NULL; } return retTemplate; } @@ -1020,7 +1018,7 @@ crmf_encode_pkiarchiveoptions(PLArenaPool *poolp, CRMFControl *inControl) const SEC_ASN1Template *asn1Template; asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl); - /* We've got a union, so passing a pointer to one element of the + /* We've got a union, so passing a pointer to one element of the * union, is the same as passing a pointer to any of the other * members of the union. */ @@ -1031,46 +1029,46 @@ crmf_encode_pkiarchiveoptions(PLArenaPool *poolp, CRMFControl *inControl) goto loser; } return SECSuccess; - loser: +loser: return SECFailure; } SECStatus -CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq, - CRMFPKIArchiveOptions *inOptions) +CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq, + CRMFPKIArchiveOptions *inOptions) { CRMFControl *newControl; PLArenaPool *poolp; - SECStatus rv; - void *mark; - + SECStatus rv; + void *mark; + PORT_Assert(inCertReq != NULL && inOptions != NULL); if (inCertReq == NULL || inOptions == NULL) { return SECFailure; } poolp = inCertReq->poolp; mark = PORT_ArenaMark(poolp); - rv = crmf_add_new_control(inCertReq, - SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS, - &newControl); + rv = crmf_add_new_control(inCertReq, + SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS, + &newControl); if (rv != SECSuccess) { goto loser; } - rv = crmf_copy_pkiarchiveoptions(poolp, - &newControl->value.archiveOptions, - inOptions); + rv = crmf_copy_pkiarchiveoptions(poolp, + &newControl->value.archiveOptions, + inOptions); if (rv != SECSuccess) { goto loser; } - rv = crmf_encode_pkiarchiveoptions(poolp, newControl); + rv = crmf_encode_pkiarchiveoptions(poolp, newControl); if (rv != SECSuccess) { goto loser; } PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } @@ -1082,25 +1080,25 @@ crmf_destroy_control(CRMFControl *inControl, PRBool freeit) if (inControl != NULL) { SECITEM_FreeItem(&inControl->derTag, PR_FALSE); SECITEM_FreeItem(&inControl->derValue, PR_FALSE); - /* None of the other tags require special processing at - * the moment when freeing because they are not supported, - * but if/when they are, add the necessary routines here. - * If all controls are supported, then every member of the - * union inControl->value will have a case that deals with - * it in the following switch statement. - */ - switch (inControl->tag) { - case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: - crmf_destroy_pkiarchiveoptions(&inControl->value.archiveOptions, - PR_FALSE); - break; - default: - /* Put this here to get rid of all those annoying warnings.*/ - break; - } - if (freeit) { - PORT_Free(inControl); - } + /* None of the other tags require special processing at + * the moment when freeing because they are not supported, + * but if/when they are, add the necessary routines here. + * If all controls are supported, then every member of the + * union inControl->value will have a case that deals with + * it in the following switch statement. + */ + switch (inControl->tag) { + case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: + crmf_destroy_pkiarchiveoptions(&inControl->value.archiveOptions, + PR_FALSE); + break; + default: + /* Put this here to get rid of all those annoying warnings.*/ + break; + } + if (freeit) { + PORT_Free(inControl); + } } return SECSuccess; } @@ -1116,49 +1114,48 @@ crmf_controltype_to_tag(CRMFControlType inControlType) { SECOidTag retVal; - switch(inControlType) { - case crmfRegTokenControl: - retVal = SEC_OID_PKIX_REGCTRL_REGTOKEN; - break; - case crmfAuthenticatorControl: - retVal = SEC_OID_PKIX_REGCTRL_AUTHENTICATOR; - break; - case crmfPKIPublicationInfoControl: - retVal = SEC_OID_PKIX_REGCTRL_PKIPUBINFO; - break; - case crmfPKIArchiveOptionsControl: - retVal = SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS; - break; - case crmfOldCertIDControl: - retVal = SEC_OID_PKIX_REGCTRL_OLD_CERT_ID; - break; - case crmfProtocolEncrKeyControl: - retVal = SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY; - break; - default: - retVal = SEC_OID_UNKNOWN; - break; + switch (inControlType) { + case crmfRegTokenControl: + retVal = SEC_OID_PKIX_REGCTRL_REGTOKEN; + break; + case crmfAuthenticatorControl: + retVal = SEC_OID_PKIX_REGCTRL_AUTHENTICATOR; + break; + case crmfPKIPublicationInfoControl: + retVal = SEC_OID_PKIX_REGCTRL_PKIPUBINFO; + break; + case crmfPKIArchiveOptionsControl: + retVal = SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS; + break; + case crmfOldCertIDControl: + retVal = SEC_OID_PKIX_REGCTRL_OLD_CERT_ID; + break; + case crmfProtocolEncrKeyControl: + retVal = SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY; + break; + default: + retVal = SEC_OID_UNKNOWN; + break; } return retVal; } PRBool CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq, - CRMFControlType inControlType) + CRMFControlType inControlType) { SECOidTag controlTag; - int i; + int i; PORT_Assert(inCertReq != NULL); if (inCertReq == NULL || inCertReq->controls == NULL) { return PR_FALSE; } controlTag = crmf_controltype_to_tag(inControlType); - for (i=0; inCertReq->controls[i] != NULL; i++) { + for (i = 0; inCertReq->controls[i] != NULL; i++) { if (inCertReq->controls[i]->tag == controlTag) { - return PR_TRUE; - } + return PR_TRUE; + } } return PR_FALSE; } - diff --git a/nss/lib/crmf/crmfdec.c b/nss/lib/crmf/crmfdec.c index 6be165f..ac6e872 100644 --- a/nss/lib/crmf/crmfdec.c +++ b/nss/lib/crmf/crmfdec.c @@ -3,7 +3,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - #include "crmf.h" #include "crmfi.h" #include "secitem.h" @@ -14,35 +13,35 @@ crmf_get_popchoice_from_der(SECItem *derPOP) CRMFPOPChoice retChoice; switch (derPOP->data[0] & 0x0f) { - case 0: - retChoice = crmfRAVerified; - break; - case 1: - retChoice = crmfSignature; - break; - case 2: - retChoice = crmfKeyEncipherment; - break; - case 3: - retChoice = crmfKeyAgreement; - break; - default: - retChoice = crmfNoPOPChoice; - break; + case 0: + retChoice = crmfRAVerified; + break; + case 1: + retChoice = crmfSignature; + break; + case 2: + retChoice = crmfKeyEncipherment; + break; + case 3: + retChoice = crmfKeyAgreement; + break; + default: + retChoice = crmfNoPOPChoice; + break; } return retChoice; } static SECStatus crmf_decode_process_raverified(CRMFCertReqMsg *inCertReqMsg) -{ +{ CRMFProofOfPossession *pop; /* Just set up the structure so that the message structure * looks like one that was created using the API */ pop = inCertReqMsg->pop; pop->popChoice.raVerified.data = NULL; - pop->popChoice.raVerified.len = 0; + pop->popChoice.raVerified.len = 0; return SECSuccess; } @@ -51,14 +50,14 @@ crmf_decode_process_signature(CRMFCertReqMsg *inCertReqMsg) { PORT_Assert(inCertReqMsg->poolp); if (!inCertReqMsg->poolp) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SEC_ASN1Decode(inCertReqMsg->poolp, - &inCertReqMsg->pop->popChoice.signature, - CRMFPOPOSigningKeyTemplate, - (const char*)inCertReqMsg->derPOP.data, - inCertReqMsg->derPOP.len); + &inCertReqMsg->pop->popChoice.signature, + CRMFPOPOSigningKeyTemplate, + (const char *)inCertReqMsg->derPOP.data, + inCertReqMsg->derPOP.len); } static CRMFPOPOPrivKeyChoice @@ -67,17 +66,17 @@ crmf_get_messagechoice_from_der(SECItem *derPOP) CRMFPOPOPrivKeyChoice retChoice; switch (derPOP->data[2] & 0x0f) { - case 0: - retChoice = crmfThisMessage; - break; - case 1: - retChoice = crmfSubsequentMessage; - break; - case 2: - retChoice = crmfDHMAC; - break; - default: - retChoice = crmfNoMessage; + case 0: + retChoice = crmfThisMessage; + break; + case 1: + retChoice = crmfSubsequentMessage; + break; + case 2: + retChoice = crmfDHMAC; + break; + default: + retChoice = crmfNoMessage; } return retChoice; } @@ -86,13 +85,13 @@ static SECStatus crmf_decode_process_popoprivkey(CRMFCertReqMsg *inCertReqMsg) { /* We've got a union, so a pointer to one POPOPrivKey - * struct is the same as having a pointer to the other + * struct is the same as having a pointer to the other * one. */ - CRMFPOPOPrivKey *popoPrivKey = - &inCertReqMsg->pop->popChoice.keyEncipherment; - SECItem *derPOP, privKeyDer; - SECStatus rv; + CRMFPOPOPrivKey *popoPrivKey = + &inCertReqMsg->pop->popChoice.keyEncipherment; + SECItem *derPOP, privKeyDer; + SECStatus rv; derPOP = &inCertReqMsg->derPOP; popoPrivKey->messageChoice = crmf_get_messagechoice_from_der(derPOP); @@ -101,37 +100,36 @@ crmf_decode_process_popoprivkey(CRMFCertReqMsg *inCertReqMsg) } /* If we ever encounter BER encodings of this, we'll get in trouble*/ switch (popoPrivKey->messageChoice) { - case crmfThisMessage: - case crmfDHMAC: - privKeyDer.type = derPOP->type; - privKeyDer.data = &derPOP->data[5]; - privKeyDer.len = derPOP->len - 5; - break; - case crmfSubsequentMessage: - privKeyDer.type = derPOP->type; - privKeyDer.data = &derPOP->data[4]; - privKeyDer.len = derPOP->len - 4; - break; - default: - return SECFailure; + case crmfThisMessage: + case crmfDHMAC: + privKeyDer.type = derPOP->type; + privKeyDer.data = &derPOP->data[5]; + privKeyDer.len = derPOP->len - 5; + break; + case crmfSubsequentMessage: + privKeyDer.type = derPOP->type; + privKeyDer.data = &derPOP->data[4]; + privKeyDer.len = derPOP->len - 4; + break; + default: + return SECFailure; } - rv = SECITEM_CopyItem(inCertReqMsg->poolp, - &popoPrivKey->message.subsequentMessage, - &privKeyDer); + rv = SECITEM_CopyItem(inCertReqMsg->poolp, + &popoPrivKey->message.subsequentMessage, + &privKeyDer); if (rv != SECSuccess) { return rv; } if (popoPrivKey->messageChoice == crmfThisMessage || - popoPrivKey->messageChoice == crmfDHMAC) { + popoPrivKey->messageChoice == crmfDHMAC) { - popoPrivKey->message.thisMessage.len = - CRMF_BYTES_TO_BITS(privKeyDer.len) - (int)derPOP->data[4]; - + popoPrivKey->message.thisMessage.len = + CRMF_BYTES_TO_BITS(privKeyDer.len) - (int)derPOP->data[4]; } - return SECSuccess; + return SECSuccess; } static SECStatus @@ -149,11 +147,11 @@ crmf_decode_process_keyencipherment(CRMFCertReqMsg *inCertReqMsg) if (rv != SECSuccess) { return rv; } - if (inCertReqMsg->pop->popChoice.keyEncipherment.messageChoice == - crmfDHMAC) { + if (inCertReqMsg->pop->popChoice.keyEncipherment.messageChoice == + crmfDHMAC) { /* Key Encipherment can not use the dhMAC option for - * POPOPrivKey. - */ + * POPOPrivKey. + */ return SECFailure; } return SECSuccess; @@ -162,100 +160,99 @@ crmf_decode_process_keyencipherment(CRMFCertReqMsg *inCertReqMsg) static SECStatus crmf_decode_process_pop(CRMFCertReqMsg *inCertReqMsg) { - SECItem *derPOP; - PLArenaPool *poolp; - CRMFProofOfPossession *pop; - void *mark; - SECStatus rv; - - derPOP = &inCertReqMsg->derPOP; - poolp = inCertReqMsg->poolp; - if (derPOP->data == NULL) { - /* There is no Proof of Possession field in this message. */ - return SECSuccess; - } - mark = PORT_ArenaMark(poolp); - pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession); - if (pop == NULL) { - goto loser; - } - pop->popUsed = crmf_get_popchoice_from_der(derPOP); - if (pop->popUsed == crmfNoPOPChoice) { - /* A bad encoding of CRMF. Not a valid tag was given to the - * Proof Of Possession field. - */ - goto loser; - } - inCertReqMsg->pop = pop; - switch (pop->popUsed) { - case crmfRAVerified: - rv = crmf_decode_process_raverified(inCertReqMsg); - break; - case crmfSignature: - rv = crmf_decode_process_signature(inCertReqMsg); - break; - case crmfKeyEncipherment: - rv = crmf_decode_process_keyencipherment(inCertReqMsg); - break; - case crmfKeyAgreement: - rv = crmf_decode_process_keyagreement(inCertReqMsg); - break; - default: - rv = SECFailure; - } - if (rv != SECSuccess) { - goto loser; - } - PORT_ArenaUnmark(poolp, mark); - return SECSuccess; - - loser: - PORT_ArenaRelease(poolp, mark); - inCertReqMsg->pop = NULL; - return SECFailure; - + SECItem *derPOP; + PLArenaPool *poolp; + CRMFProofOfPossession *pop; + void *mark; + SECStatus rv; + + derPOP = &inCertReqMsg->derPOP; + poolp = inCertReqMsg->poolp; + if (derPOP->data == NULL) { + /* There is no Proof of Possession field in this message. */ + return SECSuccess; + } + mark = PORT_ArenaMark(poolp); + pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession); + if (pop == NULL) { + goto loser; + } + pop->popUsed = crmf_get_popchoice_from_der(derPOP); + if (pop->popUsed == crmfNoPOPChoice) { + /* A bad encoding of CRMF. Not a valid tag was given to the + * Proof Of Possession field. + */ + goto loser; + } + inCertReqMsg->pop = pop; + switch (pop->popUsed) { + case crmfRAVerified: + rv = crmf_decode_process_raverified(inCertReqMsg); + break; + case crmfSignature: + rv = crmf_decode_process_signature(inCertReqMsg); + break; + case crmfKeyEncipherment: + rv = crmf_decode_process_keyencipherment(inCertReqMsg); + break; + case crmfKeyAgreement: + rv = crmf_decode_process_keyagreement(inCertReqMsg); + break; + default: + rv = SECFailure; + } + if (rv != SECSuccess) { + goto loser; + } + PORT_ArenaUnmark(poolp, mark); + return SECSuccess; + +loser: + PORT_ArenaRelease(poolp, mark); + inCertReqMsg->pop = NULL; + return SECFailure; } static SECStatus crmf_decode_process_single_control(PLArenaPool *poolp, - CRMFControl *inControl) + CRMFControl *inControl) { const SEC_ASN1Template *asn1Template = NULL; inControl->tag = SECOID_FindOIDTag(&inControl->derTag); asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl); - PORT_Assert (asn1Template != NULL); - PORT_Assert (poolp != NULL); + PORT_Assert(asn1Template != NULL); + PORT_Assert(poolp != NULL); if (!asn1Template || !poolp) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } /* We've got a union, so passing a pointer to one element of the * union is the same as passing a pointer to any of the other * members of the union. */ - return SEC_ASN1Decode(poolp, &inControl->value.archiveOptions, - asn1Template, (const char*)inControl->derValue.data, - inControl->derValue.len); + return SEC_ASN1Decode(poolp, &inControl->value.archiveOptions, + asn1Template, (const char *)inControl->derValue.data, + inControl->derValue.len); } -static SECStatus +static SECStatus crmf_decode_process_controls(CRMFCertReqMsg *inCertReqMsg) { - int i, numControls; - SECStatus rv; - PLArenaPool *poolp; + int i, numControls; + SECStatus rv; + PLArenaPool *poolp; CRMFControl **controls; - + numControls = CRMF_CertRequestGetNumControls(inCertReqMsg->certReq); controls = inCertReqMsg->certReq->controls; - poolp = inCertReqMsg->poolp; - for (i=0; i < numControls; i++) { + poolp = inCertReqMsg->poolp; + for (i = 0; i < numControls; i++) { rv = crmf_decode_process_single_control(poolp, controls[i]); - if (rv != SECSuccess) { - return SECFailure; - } + if (rv != SECSuccess) { + return SECFailure; + } } return SECSuccess; } @@ -274,26 +271,26 @@ crmf_decode_process_single_reqmsg(CRMFCertReqMsg *inCertReqMsg) if (rv != SECSuccess) { goto loser; } - inCertReqMsg->certReq->certTemplate.numExtensions = + inCertReqMsg->certReq->certTemplate.numExtensions = CRMF_CertRequestGetNumberOfExtensions(inCertReqMsg->certReq); inCertReqMsg->isDecoded = PR_TRUE; rv = SECSuccess; - loser: +loser: return rv; } -CRMFCertReqMsg* -CRMF_CreateCertReqMsgFromDER (const char * buf, long len) +CRMFCertReqMsg * +CRMF_CreateCertReqMsgFromDER(const char *buf, long len) { - PLArenaPool *poolp; + PLArenaPool *poolp; CRMFCertReqMsg *certReqMsg; - SECStatus rv; + SECStatus rv; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { goto loser; } - certReqMsg = PORT_ArenaZNew (poolp, CRMFCertReqMsg); + certReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg); if (certReqMsg == NULL) { goto loser; } @@ -309,27 +306,27 @@ CRMF_CreateCertReqMsgFromDER (const char * buf, long len) } return certReqMsg; - loser: +loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } return NULL; } -CRMFCertReqMessages* +CRMFCertReqMessages * CRMF_CreateCertReqMessagesFromDER(const char *buf, long len) { - long arenaSize; - int i; - SECStatus rv; - PLArenaPool *poolp; + long arenaSize; + int i; + SECStatus rv; + PLArenaPool *poolp; CRMFCertReqMessages *certReqMsgs; - PORT_Assert (buf != NULL); + PORT_Assert(buf != NULL); /* Wanna make sure the arena is big enough to store all of the requests * coming in. We'll guestimate according to the length of the buffer. */ - arenaSize = len + len/2; + arenaSize = len + len / 2; poolp = PORT_NewArena(arenaSize); if (poolp == NULL) { return NULL; @@ -340,24 +337,24 @@ CRMF_CreateCertReqMessagesFromDER(const char *buf, long len) } certReqMsgs->poolp = poolp; rv = SEC_ASN1Decode(poolp, certReqMsgs, CRMFCertReqMessagesTemplate, - buf, len); + buf, len); if (rv != SECSuccess) { goto loser; } - for (i=0; certReqMsgs->messages[i] != NULL; i++) { - /* The sub-routines expect the individual messages to have - * an arena. We'll give them one temporarily. - */ + for (i = 0; certReqMsgs->messages[i] != NULL; i++) { + /* The sub-routines expect the individual messages to have + * an arena. We'll give them one temporarily. + */ certReqMsgs->messages[i]->poolp = poolp; rv = crmf_decode_process_single_reqmsg(certReqMsgs->messages[i]); - if (rv != SECSuccess) { - goto loser; - } + if (rv != SECSuccess) { + goto loser; + } certReqMsgs->messages[i]->poolp = NULL; } return certReqMsgs; - loser: +loser: PORT_FreeArena(poolp, PR_FALSE); return NULL; } diff --git a/nss/lib/crmf/crmfenc.c b/nss/lib/crmf/crmfenc.c index bf36018..6d01a45 100644 --- a/nss/lib/crmf/crmfenc.c +++ b/nss/lib/crmf/crmfenc.c @@ -3,53 +3,46 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - #include "crmf.h" #include "crmfi.h" -SECStatus -CRMF_EncodeCertReqMsg(CRMFCertReqMsg *inCertReqMsg, - CRMFEncoderOutputCallback fn, - void *arg) +SECStatus +CRMF_EncodeCertReqMsg(CRMFCertReqMsg *inCertReqMsg, + CRMFEncoderOutputCallback fn, + void *arg) { struct crmfEncoderOutput output; - output.fn = fn; + output.fn = fn; output.outputArg = arg; - return SEC_ASN1Encode(inCertReqMsg,CRMFCertReqMsgTemplate, - crmf_encoder_out, &output); - + return SEC_ASN1Encode(inCertReqMsg, CRMFCertReqMsgTemplate, + crmf_encoder_out, &output); } - SECStatus -CRMF_EncodeCertRequest(CRMFCertRequest *inCertReq, - CRMFEncoderOutputCallback fn, - void *arg) +CRMF_EncodeCertRequest(CRMFCertRequest *inCertReq, + CRMFEncoderOutputCallback fn, + void *arg) { struct crmfEncoderOutput output; - output.fn = fn; + output.fn = fn; output.outputArg = arg; - return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate, - crmf_encoder_out, &output); + return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate, + crmf_encoder_out, &output); } SECStatus -CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs, - CRMFEncoderOutputCallback fn, - void *arg) +CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs, + CRMFEncoderOutputCallback fn, + void *arg) { struct crmfEncoderOutput output; CRMFCertReqMessages msgs; - - output.fn = fn; + + output.fn = fn; output.outputArg = arg; msgs.messages = inCertReqMsgs; return SEC_ASN1Encode(&msgs, CRMFCertReqMessagesTemplate, - crmf_encoder_out, &output); + crmf_encoder_out, &output); } - - - - diff --git a/nss/lib/crmf/crmffut.h b/nss/lib/crmf/crmffut.h index bde8241..d6f9374 100644 --- a/nss/lib/crmf/crmffut.h +++ b/nss/lib/crmf/crmffut.h @@ -8,112 +8,111 @@ */ /* - * Use this function to create the CRMFSinglePubInfo* variables that will + * Use this function to create the CRMFSinglePubInfo* variables that will * populate the inPubInfoArray parameter for the function * CRMF_CreatePKIPublicationInfo. * * "inPubMethod" specifies which publication method will be used - * "pubLocation" is a representation of the location where + * "pubLocation" is a representation of the location where */ -extern CRMFSinglePubInfo* - CRMF_CreateSinglePubInfo(CRMFPublicationMethod inPubMethod, - CRMFGeneralName *pubLocation); +extern CRMFSinglePubInfo * +CRMF_CreateSinglePubInfo(CRMFPublicationMethod inPubMethod, + CRMFGeneralName *pubLocation); /* * Create a PKIPublicationInfo that can later be passed to the function * CRMFAddPubInfoControl. */ extern CRMFPKIPublicationInfo * - CRMF_CreatePKIPublicationInfo(CRMFPublicationAction inAction, - CRMFSinglePubInfo **inPubInfoArray, - int numPubInfo); +CRMF_CreatePKIPublicationInfo(CRMFPublicationAction inAction, + CRMFSinglePubInfo **inPubInfoArray, + int numPubInfo); /* * Only call this function on a CRMFPublicationInfo that was created by * CRMF_CreatePKIPublicationInfo that was passed in NULL for arena. */ -extern SECStatus - CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo); +extern SECStatus +CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo); -extern SECStatus CRMF_AddPubInfoControl(CRMFCertRequest *inCertReq, - CRMFPKIPublicationInfo *inPubInfo); +extern SECStatus CRMF_AddPubInfoControl(CRMFCertRequest *inCertReq, + CRMFPKIPublicationInfo *inPubInfo); /* - * This is to create a Cert ID Control which can later be added to + * This is to create a Cert ID Control which can later be added to * a certificate request. */ -extern CRMFCertID* CRMF_CreateCertID(CRMFGeneralName *issuer, - long serialNumber); +extern CRMFCertID *CRMF_CreateCertID(CRMFGeneralName *issuer, + long serialNumber); -extern SECStatus CRMF_DestroyCertID(CRMFCertID* certID); +extern SECStatus CRMF_DestroyCertID(CRMFCertID *certID); extern SECStatus CRMF_AddCertIDControl(CRMFCertRequest *inCertReq, - CRMFCertID *certID); + CRMFCertID *certID); -extern SECStatus - CRMF_AddProtocolEncryptioKeyControl(CRMFCertRequest *inCertReq, - CERTSubjectPublicKeyInfo *spki); +extern SECStatus +CRMF_AddProtocolEncryptioKeyControl(CRMFCertRequest *inCertReq, + CERTSubjectPublicKeyInfo *spki); /* * Add the ASCII Pairs Registration Info to the Certificate Request. * The SECItem must be an OCTET string representation. */ extern SECStatus - CRMF_AddUTF8PairsRegInfo(CRMFCertRequest *inCertReq, - SECItem *asciiPairs); +CRMF_AddUTF8PairsRegInfo(CRMFCertRequest *inCertReq, + SECItem *asciiPairs); /* - * This takes a CertRequest and adds it to another CertRequest. + * This takes a CertRequest and adds it to another CertRequest. */ extern SECStatus - CRMF_AddCertReqToRegInfo(CRMFCertRequest *certReqToAddTo, - CRMFCertRequest *certReqBeingAdded); +CRMF_AddCertReqToRegInfo(CRMFCertRequest *certReqToAddTo, + CRMFCertRequest *certReqBeingAdded); /* * Returns which option was used for the authInfo field of POPOSigningKeyInput */ -extern CRMFPOPOSkiInputAuthChoice - CRMF_GetSignKeyInputAuthChoice(CRMFPOPOSigningKeyInput *inKeyInput); +extern CRMFPOPOSkiInputAuthChoice +CRMF_GetSignKeyInputAuthChoice(CRMFPOPOSigningKeyInput *inKeyInput); /* * Gets the PKMACValue associated with the POPOSigningKeyInput. - * If the POPOSigningKeyInput did not use authInfo.publicKeyMAC + * If the POPOSigningKeyInput did not use authInfo.publicKeyMAC * the function returns SECFailure and the value at *destValue is unchanged. * * If the POPOSigningKeyInput did use authInfo.publicKeyMAC, the function * returns SECSuccess and places the PKMACValue at *destValue. */ -extern SECStatus - CRMF_GetSignKeyInputPKMACValue(CRMFPOPOSigningKeyInput *inKeyInput, - CRMFPKMACValue **destValue); +extern SECStatus +CRMF_GetSignKeyInputPKMACValue(CRMFPOPOSigningKeyInput *inKeyInput, + CRMFPKMACValue **destValue); /* * Gets the SubjectPublicKeyInfo from the POPOSigningKeyInput */ extern CERTSubjectPublicKeyInfo * - CRMF_GetSignKeyInputPublicKey(CRMFPOPOSigningKeyInput *inKeyInput); - +CRMF_GetSignKeyInputPublicKey(CRMFPOPOSigningKeyInput *inKeyInput); /* * Return the value for the PKIPublicationInfo Control. - * A return value of NULL indicates that the Control was - * not a PKIPublicationInfo Control. Call + * A return value of NULL indicates that the Control was + * not a PKIPublicationInfo Control. Call * CRMF_DestroyPKIPublicationInfo on the return value when done * using the pointer. */ -extern CRMFPKIPublicationInfo* CRMF_GetPKIPubInfo(CRMFControl *inControl); +extern CRMFPKIPublicationInfo *CRMF_GetPKIPubInfo(CRMFControl *inControl); /* * Free up a CRMFPKIPublicationInfo structure. */ -extern SECStatus - CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo); +extern SECStatus +CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo); /* * Get the choice used for action in this PKIPublicationInfo. */ -extern CRMFPublicationAction - CRMF_GetPublicationAction(CRMFPKIPublicationInfo *inPubInfo); +extern CRMFPublicationAction +CRMF_GetPublicationAction(CRMFPKIPublicationInfo *inPubInfo); /* * Get the number of pubInfos are stored in the PKIPubicationInfo. @@ -124,9 +123,9 @@ extern int CRMF_GetNumPubInfos(CRMFPKIPublicationInfo *inPubInfo); * Get the pubInfo at index for the given PKIPubicationInfo. * Indexing is done like a traditional C Array. (0 .. numElements-1) */ -extern CRMFSinglePubInfo* - CRMF_GetPubInfoAtIndex(CRMFPKIPublicationInfo *inPubInfo, - int index); +extern CRMFSinglePubInfo * +CRMF_GetPubInfoAtIndex(CRMFPKIPublicationInfo *inPubInfo, + int index); /* * Destroy the CRMFSinglePubInfo. @@ -136,15 +135,15 @@ extern SECStatus CRMF_DestroySinglePubInfo(CRMFSinglePubInfo *inPubInfo); /* * Get the pubMethod used by the SinglePubInfo. */ -extern CRMFPublicationMethod - CRMF_GetPublicationMethod(CRMFSinglePubInfo *inPubInfo); +extern CRMFPublicationMethod +CRMF_GetPublicationMethod(CRMFSinglePubInfo *inPubInfo); /* * Get the pubLocation associated with the SinglePubInfo. * A NULL return value indicates there was no pubLocation associated * with the SinglePuInfo. */ -extern CRMFGeneralName* CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo); +extern CRMFGeneralName *CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo); /* * Get the authInfo.sender field out of the POPOSigningKeyInput. @@ -155,7 +154,7 @@ extern CRMFGeneralName* CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo); * SECSuccess and puts the authInfo.sender at *destName/ */ extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput, - CRMFGeneralName **destName); + CRMFGeneralName **destName); /**************** CMMF Functions that need to be added. **********************/ @@ -175,7 +174,7 @@ extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput, * contained by 'inDecKeyChall'. Refer to the CMMF draft on how the * the random number passed in and the sender's GeneralName are used * to generate the challenge and witness fields of the challenge. This - * library will use SHA1 as the one-way function for generating the + * library will use SHA1 as the one-way function for generating the * witess field of the challenge. * * RETURN: @@ -184,11 +183,10 @@ extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput, * while trying to generate the challenge. */ extern SECStatus -CMMF_POPODecKeyChallContentSetNextChallenge - (CMMFPOPODecKeyChallContent *inDecKeyChall, - long inRandom, - CERTGeneralName *inSender, - SECKEYPublicKey *inPubKey); +CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall, + long inRandom, + CERTGeneralName *inSender, + SECKEYPublicKey *inPubKey); /* * FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges @@ -196,11 +194,10 @@ CMMF_POPODecKeyChallContentSetNextChallenge * inKeyChallCont * The CMMFPOPODecKeyChallContent to operate on. * RETURN: - * This function returns the number of CMMFChallenges are contained in + * This function returns the number of CMMFChallenges are contained in * the CMMFPOPODecKeyChallContent structure. */ -extern int CMMF_POPODecKeyChallContentGetNumChallenges - (CMMFPOPODecKeyChallContent *inKeyChallCont); +extern int CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont); /* * FUNCTION: CMMF_ChallengeGetRandomNumber @@ -213,9 +210,9 @@ extern int CMMF_POPODecKeyChallContentGetNumChallenges * challenge. * NOTES: * This function returns the value held in the decrypted Rand structure - * corresponding to the random integer. The user must call - * CMMF_ChallengeDecryptWitness before calling this function. Call - * CMMF_ChallengeIsDecrypted to find out if the challenge has been + * corresponding to the random integer. The user must call + * CMMF_ChallengeDecryptWitness before calling this function. Call + * CMMF_ChallengeIsDecrypted to find out if the challenge has been * decrypted. * * RETURN: @@ -225,7 +222,7 @@ extern int CMMF_POPODecKeyChallContentGetNumChallenges * is not a valid value. */ extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge, - long *inDest); + long *inDest); /* * FUNCTION: CMMF_ChallengeGetSender @@ -234,8 +231,8 @@ extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge, * the CMMFChallenge to operate on. * NOTES: * This function returns the value held in the decrypted Rand structure - * corresponding to the sender. The user must call - * CMMF_ChallengeDecryptWitness before calling this function. Call + * corresponding to the sender. The user must call + * CMMF_ChallengeDecryptWitness before calling this function. Call * CMMF_ChallengeIsDecrypted to find out if the witness field has been * decrypted. The user must call CERT_DestroyGeneralName after the return * value is no longer needed. @@ -245,7 +242,7 @@ extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge, * NULL indicates an error in trying to copy the information or that the * witness field has not been decrypted. */ -extern CERTGeneralName* CMMF_ChallengeGetSender(CMMFChallenge *inChallenge); +extern CERTGeneralName *CMMF_ChallengeGetSender(CMMFChallenge *inChallenge); /* * FUNCTION: CMMF_ChallengeGetAlgId @@ -256,19 +253,19 @@ extern CERTGeneralName* CMMF_ChallengeGetSender(CMMFChallenge *inChallenge); * A pointer to memory where a pointer to a copy of the algorithm * id can be placed. * NOTES: - * This function retrieves the one way function algorithm identifier + * This function retrieves the one way function algorithm identifier * contained within the CMMFChallenge if the optional field is present. * * RETURN: * SECSucces indicates the function was able to place a pointer to a copy of - * the alogrithm id at *inAlgId. If the value at *inDestAlgId is NULL, - * that means there was no algorithm identifier present in the - * CMMFChallenge. Any other return value indicates the function was not - * able to make a copy of the algorithm identifier. In this case the value + * the alogrithm id at *inAlgId. If the value at *inDestAlgId is NULL, + * that means there was no algorithm identifier present in the + * CMMFChallenge. Any other return value indicates the function was not + * able to make a copy of the algorithm identifier. In this case the value * at *inDestAlgId is not valid. */ -extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge, - SECAlgorithmID *inAlgId); +extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge, + SECAlgorithmID *inAlgId); /* * FUNCTION: CMMF_DestroyChallenge @@ -276,14 +273,14 @@ extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge, * inChallenge * The CMMFChallenge to free up. * NOTES: - * This function frees up all the memory associated with the CMMFChallenge + * This function frees up all the memory associated with the CMMFChallenge * passed in. * RETURN: * SECSuccess if freeing all the memory associated with the CMMFChallenge - * passed in is successful. Any other return value indicates an error + * passed in is successful. Any other return value indicates an error * while freeing the memory. */ -extern SECStatus CMMF_DestroyChallenge (CMMFChallenge *inChallenge); +extern SECStatus CMMF_DestroyChallenge(CMMFChallenge *inChallenge); /* * FUNCTION: CMMF_DestroyPOPODecKeyRespContent @@ -291,7 +288,7 @@ extern SECStatus CMMF_DestroyChallenge (CMMFChallenge *inChallenge); * inDecKeyResp * The CMMFPOPODecKeyRespContent structure to free. * NOTES: - * This function frees up all the memory associate with the + * This function frees up all the memory associate with the * CMMFPOPODecKeyRespContent. * * RETURN: @@ -300,7 +297,7 @@ extern SECStatus CMMF_DestroyChallenge (CMMFChallenge *inChallenge); * return value indicates an error while freeing the memory. */ extern SECStatus - CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp); +CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp); /* * FUNCTION: CMMF_ChallengeDecryptWitness @@ -312,7 +309,7 @@ extern SECStatus * NOTES: * This function uses the private key to decrypt the challenge field * contained in the CMMFChallenge. Make sure the private key matches the - * public key that was used to encrypt the witness. The creator of + * public key that was used to encrypt the witness. The creator of * the challenge will most likely be an RA that has the public key * from a Cert request. So the private key should be the private key * associated with public key in that request. This function will also @@ -320,15 +317,15 @@ extern SECStatus * * RETURN: * SECSuccess if decrypting the witness field was successful. This does - * not indicate that the decrypted data is valid, since the private key - * passed in may not be the actual key needed to properly decrypt the + * not indicate that the decrypted data is valid, since the private key + * passed in may not be the actual key needed to properly decrypt the * witness field. Meaning that there is a decrypted structure now, but * may be garbage because the private key was incorrect. * Any other return value indicates the function could not complete the * decryption process. */ -extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge, - SECKEYPrivateKey *inPrivKey); +extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge, + SECKEYPrivateKey *inPrivKey); /* * FUNCTION: CMMF_ChallengeIsDecrypted @@ -336,8 +333,8 @@ extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge, * inChallenge * The CMMFChallenge to operate on. * RETURN: - * This is a predicate function that returns PR_TRUE if the decryption - * process has already been performed. The function return PR_FALSE if + * This is a predicate function that returns PR_TRUE if the decryption + * process has already been performed. The function return PR_FALSE if * the decryption process has not been performed yet. */ extern PRBool CMMF_ChallengeIsDecrypted(CMMFChallenge *inChallenge); @@ -348,14 +345,13 @@ extern PRBool CMMF_ChallengeIsDecrypted(CMMFChallenge *inChallenge); * inDecKeyCont * The CMMFPOPODecKeyChallContent to free * NOTES: - * This function frees up all the memory associated with the - * CMMFPOPODecKeyChallContent + * This function frees up all the memory associated with the + * CMMFPOPODecKeyChallContent * RETURN: - * SECSuccess if freeing up all the memory associatd with the + * SECSuccess if freeing up all the memory associatd with the * CMMFPOPODecKeyChallContent is successful. Any other return value * indicates an error while freeing the memory. * */ -extern SECStatus - CMMF_DestroyPOPODecKeyChallContent (CMMFPOPODecKeyChallContent *inDecKeyCont); - +extern SECStatus +CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont); diff --git a/nss/lib/crmf/crmfget.c b/nss/lib/crmf/crmfget.c index 4886cda..5c1d2aa 100644 --- a/nss/lib/crmf/crmfget.c +++ b/nss/lib/crmf/crmfget.c @@ -8,7 +8,6 @@ #include "keyhi.h" #include "secder.h" - CRMFPOPChoice CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg) { @@ -22,50 +21,49 @@ CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg) static SECStatus crmf_destroy_validity(CRMFOptionalValidity *inValidity, PRBool freeit) { - if (inValidity != NULL){ + if (inValidity != NULL) { if (inValidity->notBefore.data != NULL) { - PORT_Free(inValidity->notBefore.data); - } - if (inValidity->notAfter.data != NULL) { - PORT_Free(inValidity->notAfter.data); - } - if (freeit) { - PORT_Free(inValidity); - } + PORT_Free(inValidity->notBefore.data); + } + if (inValidity->notAfter.data != NULL) { + PORT_Free(inValidity->notAfter.data); + } + if (freeit) { + PORT_Free(inValidity); + } } return SECSuccess; } -static SECStatus -crmf_copy_cert_request_validity(PLArenaPool *poolp, - CRMFOptionalValidity **destValidity, - CRMFOptionalValidity *srcValidity) +static SECStatus +crmf_copy_cert_request_validity(PLArenaPool *poolp, + CRMFOptionalValidity **destValidity, + CRMFOptionalValidity *srcValidity) { CRMFOptionalValidity *myValidity = NULL; - SECStatus rv; + SECStatus rv; - *destValidity = myValidity = (poolp == NULL) ? - PORT_ZNew(CRMFOptionalValidity) : - PORT_ArenaZNew(poolp, CRMFOptionalValidity); + *destValidity = myValidity = (poolp == NULL) ? PORT_ZNew(CRMFOptionalValidity) + : PORT_ArenaZNew(poolp, CRMFOptionalValidity); if (myValidity == NULL) { goto loser; } if (srcValidity->notBefore.data != NULL) { - rv = SECITEM_CopyItem(poolp, &myValidity->notBefore, - &srcValidity->notBefore); - if (rv != SECSuccess) { - goto loser; - } + rv = SECITEM_CopyItem(poolp, &myValidity->notBefore, + &srcValidity->notBefore); + if (rv != SECSuccess) { + goto loser; + } } if (srcValidity->notAfter.data != NULL) { - rv = SECITEM_CopyItem(poolp, &myValidity->notAfter, - &srcValidity->notAfter); - if (rv != SECSuccess) { - goto loser; - } + rv = SECITEM_CopyItem(poolp, &myValidity->notAfter, + &srcValidity->notAfter); + if (rv != SECSuccess) { + goto loser; + } } return SECSuccess; - loser: +loser: if (myValidity != NULL && poolp == NULL) { crmf_destroy_validity(myValidity, PR_TRUE); } @@ -73,11 +71,11 @@ crmf_copy_cert_request_validity(PLArenaPool *poolp, } static SECStatus -crmf_copy_extensions(PLArenaPool *poolp, - CRMFCertTemplate *destTemplate, - CRMFCertExtension **srcExt) +crmf_copy_extensions(PLArenaPool *poolp, + CRMFCertTemplate *destTemplate, + CRMFCertExtension **srcExt) { - int numExt = 0, i; + int numExt = 0, i; CRMFCertExtension **myExtArray = NULL; while (srcExt[numExt] != NULL) { @@ -86,32 +84,32 @@ crmf_copy_extensions(PLArenaPool *poolp, if (numExt == 0) { /*No extensions to copy.*/ destTemplate->extensions = NULL; - destTemplate->numExtensions = 0; + destTemplate->numExtensions = 0; return SECSuccess; } - destTemplate->extensions = myExtArray = - PORT_NewArray(CRMFCertExtension*, numExt+1); + destTemplate->extensions = myExtArray = + PORT_NewArray(CRMFCertExtension *, numExt + 1); if (myExtArray == NULL) { goto loser; } - - for (i=0; i<numExt; i++) { + + for (i = 0; i < numExt; i++) { myExtArray[i] = crmf_copy_cert_extension(poolp, srcExt[i]); - if (myExtArray[i] == NULL) { - goto loser; - } + if (myExtArray[i] == NULL) { + goto loser; + } } destTemplate->numExtensions = numExt; myExtArray[numExt] = NULL; return SECSuccess; - loser: +loser: if (myExtArray != NULL) { if (poolp == NULL) { - for (i=0; myExtArray[i] != NULL; i++) { - CRMF_DestroyCertExtension(myExtArray[i]); - } - } - PORT_Free(myExtArray); + for (i = 0; myExtArray[i] != NULL; i++) { + CRMF_DestroyCertExtension(myExtArray[i]); + } + } + PORT_Free(myExtArray); } destTemplate->extensions = NULL; destTemplate->numExtensions = 0; @@ -119,95 +117,94 @@ crmf_copy_extensions(PLArenaPool *poolp, } static SECStatus -crmf_copy_cert_request_template(PLArenaPool *poolp, - CRMFCertTemplate *destTemplate, - CRMFCertTemplate *srcTemplate) +crmf_copy_cert_request_template(PLArenaPool *poolp, + CRMFCertTemplate *destTemplate, + CRMFCertTemplate *srcTemplate) { SECStatus rv; if (srcTemplate->version.data != NULL) { - rv = SECITEM_CopyItem(poolp, &destTemplate->version, - &srcTemplate->version); - if (rv != SECSuccess) { - goto loser; - } + rv = SECITEM_CopyItem(poolp, &destTemplate->version, + &srcTemplate->version); + if (rv != SECSuccess) { + goto loser; + } } if (srcTemplate->serialNumber.data != NULL) { rv = SECITEM_CopyItem(poolp, &destTemplate->serialNumber, - &srcTemplate->serialNumber); - if (rv != SECSuccess) { - goto loser; - } + &srcTemplate->serialNumber); + if (rv != SECSuccess) { + goto loser; + } } if (srcTemplate->signingAlg != NULL) { rv = crmf_template_copy_secalg(poolp, &destTemplate->signingAlg, - srcTemplate->signingAlg); - if (rv != SECSuccess) { - goto loser; - } + srcTemplate->signingAlg); + if (rv != SECSuccess) { + goto loser; + } } if (srcTemplate->issuer != NULL) { rv = crmf_copy_cert_name(poolp, &destTemplate->issuer, - srcTemplate->issuer); - if (rv != SECSuccess) { - goto loser; - } + srcTemplate->issuer); + if (rv != SECSuccess) { + goto loser; + } } if (srcTemplate->validity != NULL) { rv = crmf_copy_cert_request_validity(poolp, &destTemplate->validity, - srcTemplate->validity); - if (rv != SECSuccess) { - goto loser; - } + srcTemplate->validity); + if (rv != SECSuccess) { + goto loser; + } } if (srcTemplate->subject != NULL) { - rv = crmf_copy_cert_name(poolp, &destTemplate->subject, - srcTemplate->subject); - if (rv != SECSuccess) { - goto loser; - } + rv = crmf_copy_cert_name(poolp, &destTemplate->subject, + srcTemplate->subject); + if (rv != SECSuccess) { + goto loser; + } } if (srcTemplate->publicKey != NULL) { rv = crmf_template_add_public_key(poolp, &destTemplate->publicKey, - srcTemplate->publicKey); - if (rv != SECSuccess) { - goto loser; - } + srcTemplate->publicKey); + if (rv != SECSuccess) { + goto loser; + } } if (srcTemplate->issuerUID.data != NULL) { rv = crmf_make_bitstring_copy(poolp, &destTemplate->issuerUID, - &srcTemplate->issuerUID); - if (rv != SECSuccess) { - goto loser; - } + &srcTemplate->issuerUID); + if (rv != SECSuccess) { + goto loser; + } } if (srcTemplate->subjectUID.data != NULL) { rv = crmf_make_bitstring_copy(poolp, &destTemplate->subjectUID, - &srcTemplate->subjectUID); - if (rv != SECSuccess) { - goto loser; - } + &srcTemplate->subjectUID); + if (rv != SECSuccess) { + goto loser; + } } if (srcTemplate->extensions != NULL) { rv = crmf_copy_extensions(poolp, destTemplate, - srcTemplate->extensions); - if (rv != SECSuccess) { - goto loser; - } + srcTemplate->extensions); + if (rv != SECSuccess) { + goto loser; + } } return SECSuccess; - loser: +loser: return SECFailure; } -static CRMFControl* +static CRMFControl * crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl) { CRMFControl *newControl; - SECStatus rv; + SECStatus rv; - newControl = (poolp == NULL) ? PORT_ZNew(CRMFControl) : - PORT_ArenaZNew(poolp, CRMFControl); + newControl = (poolp == NULL) ? PORT_ZNew(CRMFControl) : PORT_ArenaZNew(poolp, CRMFControl); if (newControl == NULL) { goto loser; } @@ -225,20 +222,20 @@ crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl) * then they need to be handled here as well. */ switch (newControl->tag) { - case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: - rv = crmf_copy_pkiarchiveoptions(poolp, - &newControl->value.archiveOptions, - &srcControl->value.archiveOptions); - break; - default: - rv = SECSuccess; + case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: + rv = crmf_copy_pkiarchiveoptions(poolp, + &newControl->value.archiveOptions, + &srcControl->value.archiveOptions); + break; + default: + rv = SECSuccess; } if (rv != SECSuccess) { goto loser; } return newControl; - loser: +loser: if (poolp == NULL && newControl != NULL) { CRMF_DestroyControl(newControl); } @@ -246,11 +243,11 @@ crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl) } static SECStatus -crmf_copy_cert_request_controls(PLArenaPool *poolp, - CRMFCertRequest *destReq, - CRMFCertRequest *srcReq) +crmf_copy_cert_request_controls(PLArenaPool *poolp, + CRMFCertRequest *destReq, + CRMFCertRequest *srcReq) { - int numControls, i; + int numControls, i; CRMFControl **myControls = NULL; numControls = CRMF_CertRequestGetNumControls(srcReq); @@ -258,43 +255,41 @@ crmf_copy_cert_request_controls(PLArenaPool *poolp, /* No Controls To Copy*/ return SECSuccess; } - myControls = destReq->controls = PORT_NewArray(CRMFControl*, - numControls+1); + myControls = destReq->controls = PORT_NewArray(CRMFControl *, + numControls + 1); if (myControls == NULL) { goto loser; } - for (i=0; i<numControls; i++) { + for (i = 0; i < numControls; i++) { myControls[i] = crmf_copy_control(poolp, srcReq->controls[i]); - if (myControls[i] == NULL) { - goto loser; - } + if (myControls[i] == NULL) { + goto loser; + } } myControls[numControls] = NULL; return SECSuccess; - loser: +loser: if (myControls != NULL) { if (poolp == NULL) { - for (i=0; myControls[i] != NULL; i++) { - CRMF_DestroyControl(myControls[i]); - } - } - PORT_Free(myControls); + for (i = 0; myControls[i] != NULL; i++) { + CRMF_DestroyControl(myControls[i]); + } + } + PORT_Free(myControls); } return SECFailure; } - -CRMFCertRequest* +CRMFCertRequest * crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq) { CRMFCertRequest *newReq = NULL; - SECStatus rv; + SECStatus rv; if (srcReq == NULL) { return NULL; } - newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) : - PORT_ArenaZNew(poolp, CRMFCertRequest); + newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) : PORT_ArenaZNew(poolp, CRMFCertRequest); if (newReq == NULL) { goto loser; } @@ -302,8 +297,8 @@ crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq) if (rv != SECSuccess) { goto loser; } - rv = crmf_copy_cert_request_template(poolp, &newReq->certTemplate, - &srcReq->certTemplate); + rv = crmf_copy_cert_request_template(poolp, &newReq->certTemplate, + &srcReq->certTemplate); if (rv != SECSuccess) { goto loser; } @@ -312,7 +307,7 @@ crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq) goto loser; } return newReq; - loser: +loser: if (newReq != NULL && poolp == NULL) { CRMF_DestroyCertRequest(newReq); PORT_Free(newReq); @@ -320,19 +315,19 @@ crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq) return NULL; } -SECStatus +SECStatus CRMF_DestroyGetValidity(CRMFGetValidity *inValidity) { PORT_Assert(inValidity != NULL); if (inValidity != NULL) { if (inValidity->notAfter) { - PORT_Free(inValidity->notAfter); - inValidity->notAfter = NULL; - } - if (inValidity->notBefore) { - PORT_Free(inValidity->notBefore); - inValidity->notBefore = NULL; - } + PORT_Free(inValidity->notAfter); + inValidity->notAfter = NULL; + } + if (inValidity->notBefore) { + PORT_Free(inValidity->notBefore); + inValidity->notBefore = NULL; + } } return SECSuccess; } @@ -346,7 +341,7 @@ crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, SECItem *src) origLenBits = src->len; bytesToCopy = CRMF_BITS_TO_BYTES(origLenBits); - src->len = bytesToCopy; + src->len = bytesToCopy; rv = SECITEM_CopyItem(arena, dest, src); src->len = origLenBits; if (rv != SECSuccess) { @@ -361,11 +356,11 @@ CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq) { CRMFCertTemplate *certTemplate; int count = 0; - + certTemplate = &inCertReq->certTemplate; if (certTemplate->extensions) { while (certTemplate->extensions[count] != NULL) - count++; + count++; } return count; } @@ -390,17 +385,16 @@ CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt) return inExt->critical.data != NULL; } -SECItem* +SECItem * CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension) { PORT_Assert(inExtension != NULL); if (inExtension == NULL) { return NULL; } - + return SECITEM_DupItem(&inExtension->value); } - SECStatus CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey) @@ -408,15 +402,15 @@ CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey) PORT_Assert(inKey != NULL); if (inKey != NULL) { if (inKey->derInput.data != NULL) { - SECITEM_FreeItem(&inKey->derInput, PR_FALSE); - } - if (inKey->algorithmIdentifier != NULL) { - SECOID_DestroyAlgorithmID(inKey->algorithmIdentifier, PR_TRUE); - } - if (inKey->signature.data != NULL) { - SECITEM_FreeItem(&inKey->signature, PR_FALSE); - } - PORT_Free(inKey); + SECITEM_FreeItem(&inKey->derInput, PR_FALSE); + } + if (inKey->algorithmIdentifier != NULL) { + SECOID_DestroyAlgorithmID(inKey->algorithmIdentifier, PR_TRUE); + } + if (inKey->signature.data != NULL) { + SECITEM_FreeItem(&inKey->signature, PR_FALSE); + } + PORT_Free(inKey); } return SECSuccess; } @@ -427,7 +421,7 @@ CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey) PORT_Assert(inPrivKey != NULL); if (inPrivKey != NULL) { SECITEM_FreeItem(&inPrivKey->message.thisMessage, PR_FALSE); - PORT_Free(inPrivKey); + PORT_Free(inPrivKey); } return SECSuccess; } @@ -435,7 +429,7 @@ CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey) int CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq) { - int count = 0; + int count = 0; PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { @@ -443,8 +437,7 @@ CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq) } if (inCertReq->controls) { while (inCertReq->controls[count] != NULL) - count++; + count++; } return count; } - diff --git a/nss/lib/crmf/crmfi.h b/nss/lib/crmf/crmfi.h index fd27a9b..badfd2b 100644 --- a/nss/lib/crmf/crmfi.h +++ b/nss/lib/crmf/crmfi.h @@ -3,11 +3,10 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - #ifndef _CRMFI_H_ #define _CRMFI_H_ -/* This file will contain all declarations common to both - * encoding and decoding of CRMF Cert Requests. This header +/* This file will contain all declarations common to both + * encoding and decoding of CRMF Cert Requests. This header * file should only be included internally by CRMF implementation * files. */ @@ -16,38 +15,38 @@ #include "secerr.h" #include "blapit.h" -#define CRMF_DEFAULT_ARENA_SIZE 1024 +#define CRMF_DEFAULT_ARENA_SIZE 1024 /* * Explanation for the definition of MAX_WRAPPED_KEY_LEN: - * + * * It's used for internal buffers to transport a wrapped private key. * The value is in BYTES. * We want to define a reasonable upper bound for this value. * Ideally this could be calculated, but in order to simplify the code * we want to estimate the maximum requires size. * See also bug 655850 for the full explanation. - * + * * We know the largest wrapped keys are RSA keys. * We'll estimate the maximum size needed for wrapped RSA keys, * and assume it's sufficient for wrapped keys of any type we support. - * + * * The maximum size of RSA keys in bits is defined elsewhere as * RSA_MAX_MODULUS_BITS - * + * * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. - * + * * A wrapped RSA key requires about * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 * bytes. - * + * * Therefore, a safe upper bound is: * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS - * + * */ -#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS +#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS -#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8) +#define CRMF_BITS_TO_BYTES(bits) (((bits) + 7) / 8) #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) struct crmfEncoderArg { @@ -61,30 +60,30 @@ struct crmfEncoderOutput { }; /* - * This function is used by the API for encoding functions that are + * This function is used by the API for encoding functions that are * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* * functions. */ extern void - crmf_encoder_out(void *arg, const char *buf, unsigned long len, - int depth, SEC_ASN1EncodingPart data_kind); +crmf_encoder_out(void *arg, const char *buf, unsigned long len, + int depth, SEC_ASN1EncodingPart data_kind); /* * This function is used when we want to encode something locally within * the library, ie the CertRequest so that we can produce its signature. */ -extern SECStatus - crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, - SECItem *derDest); +extern SECStatus +crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg, + SECItem *derDest); /* * This is the callback function we feed to the ASN1 encoder when doing - * internal DER-encodings. ie, encoding the cert request so we can + * internal DER-encodings. ie, encoding the cert request so we can * produce a signature. */ extern void -crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, - int depth, SEC_ASN1EncodingPart data_kind); +crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len, + int depth, SEC_ASN1EncodingPart data_kind); /* The ASN1 templates that need to be seen by internal files * in order to implement CRMF. @@ -109,76 +108,76 @@ extern const unsigned char hexFalse; * Prototypes for helper routines used internally by multiple files. */ extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, - long value); + long value); extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, - SECItem *src); - -extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, - CRMFPKIArchiveOptions *destOpt, - CRMFPKIArchiveOptions *srcOpt); -extern SECStatus - crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, - PRBool freeit); -extern const SEC_ASN1Template* - crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); - -extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp, - CRMFEncryptedKey *srcEncrKey, - CRMFEncryptedKey *destEncrKey); + SECItem *src); + +extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, + CRMFPKIArchiveOptions *destOpt, + CRMFPKIArchiveOptions *srcOpt); +extern SECStatus +crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, + PRBool freeit); +extern const SEC_ASN1Template * +crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); + +extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp, + CRMFEncryptedKey *srcEncrKey, + CRMFEncryptedKey *destEncrKey); extern SECStatus -crmf_copy_encryptedvalue(PLArenaPool *poolp, - CRMFEncryptedValue *srcValue, - CRMFEncryptedValue *destValue); +crmf_copy_encryptedvalue(PLArenaPool *poolp, + CRMFEncryptedValue *srcValue, + CRMFEncryptedValue *destValue); extern SECStatus -crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, - SECAlgorithmID *srcAlgId, - SECAlgorithmID **destAlgId); +crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, + SECAlgorithmID *srcAlgId, + SECAlgorithmID **destAlgId); extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp, - SECAlgorithmID **dest, - SECAlgorithmID *src); + SECAlgorithmID **dest, + SECAlgorithmID *src); extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, - CERTName *src); + CERTName *src); -extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp, - CERTSubjectPublicKeyInfo **dest, - CERTSubjectPublicKeyInfo *pubKey); +extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp, + CERTSubjectPublicKeyInfo **dest, + CERTSubjectPublicKeyInfo *pubKey); -extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp, - SECOidTag tag, - PRBool isCritical, - SECItem *data); -extern CRMFCertRequest* +extern CRMFCertExtension *crmf_create_cert_extension(PLArenaPool *poolp, + SECOidTag tag, + PRBool isCritical, + SECItem *data); +extern CRMFCertRequest * crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq); -extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, - PRBool freeit); +extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, + PRBool freeit); extern CRMFEncryptedValue * -crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, - SECKEYPublicKey *inPubKey, - CRMFEncryptedValue *destValue); +crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, + SECKEYPublicKey *inPubKey, + CRMFEncryptedValue *destValue); -extern CK_MECHANISM_TYPE - crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); +extern CK_MECHANISM_TYPE +crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); extern SECStatus -crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, - CRMFEncryptedValue *encValue, - SECKEYPrivateKey *privKey, - SECKEYPublicKey *newPubKey, - SECItem *nickname, - PK11SlotInfo *slot, - unsigned char keyUsage, - SECKEYPrivateKey **unWrappedKey, - void *wincx); - -extern SECItem* +crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, + CRMFEncryptedValue *encValue, + SECKEYPrivateKey *privKey, + SECKEYPublicKey *newPubKey, + SECItem *nickname, + PK11SlotInfo *slot, + unsigned char keyUsage, + SECKEYPrivateKey **unWrappedKey, + void *wincx); + +extern SECItem * crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); -extern CRMFCertExtension* +extern CRMFCertExtension * crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension); extern SECStatus diff --git a/nss/lib/crmf/crmfit.h b/nss/lib/crmf/crmfit.h index a8defcd..c5c4b96 100644 --- a/nss/lib/crmf/crmfit.h +++ b/nss/lib/crmf/crmfit.h @@ -3,13 +3,12 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - #ifndef _CRMFIT_H_ #define _CRMFIT_H_ struct CRMFCertReqMessagesStr { CRMFCertReqMsg **messages; - PLArenaPool *poolp; + PLArenaPool *poolp; }; struct CRMFCertExtensionStr { @@ -18,49 +17,48 @@ struct CRMFCertExtensionStr { SECItem value; }; - struct CRMFOptionalValidityStr { - SECItem notBefore; + SECItem notBefore; SECItem notAfter; }; struct CRMFCertTemplateStr { - SECItem version; - SECItem serialNumber; - SECAlgorithmID *signingAlg; - CERTName *issuer; - CRMFOptionalValidity *validity; - CERTName *subject; + SECItem version; + SECItem serialNumber; + SECAlgorithmID *signingAlg; + CERTName *issuer; + CRMFOptionalValidity *validity; + CERTName *subject; CERTSubjectPublicKeyInfo *publicKey; - SECItem issuerUID; - SECItem subjectUID; - CRMFCertExtension **extensions; - int numExtensions; + SECItem issuerUID; + SECItem subjectUID; + CRMFCertExtension **extensions; + int numExtensions; }; struct CRMFCertIDStr { - SECItem issuer; /* General Name */ + SECItem issuer; /* General Name */ SECItem serialNumber; /*INTEGER*/ }; struct CRMFEncryptedValueStr { SECAlgorithmID *intendedAlg; SECAlgorithmID *symmAlg; - SECItem encSymmKey; /*BIT STRING */ + SECItem encSymmKey; /*BIT STRING */ SECAlgorithmID *keyAlg; - SECItem valueHint; /*OCTET STRING */ - SECItem encValue; /*BIT STRING */ + SECItem valueHint; /*OCTET STRING */ + SECItem encValue; /*BIT STRING */ }; /* * The field derValue will contain the actual der * to include in the encoding or that was read in - * from a der blob. + * from a der blob. */ struct CRMFEncryptedKeyStr { union { - SEC_PKCS7ContentInfo *envelopedData; - CRMFEncryptedValue encryptedValue; + SEC_PKCS7ContentInfo *envelopedData; + CRMFEncryptedValue encryptedValue; } value; CRMFEncryptedKeyChoice encKeyChoice; SECItem derValue; @@ -69,9 +67,9 @@ struct CRMFEncryptedKeyStr { /* ASN1 must only have one of the following 3 options. */ struct CRMFPKIArchiveOptionsStr { union { - CRMFEncryptedKey encryptedKey; - SECItem keyGenParameters; - SECItem archiveRemGenPrivKey; /* BOOLEAN */ + CRMFEncryptedKey encryptedKey; + SECItem keyGenParameters; + SECItem archiveRemGenPrivKey; /* BOOLEAN */ } option; CRMFPKIArchiveOptionsType archOption; }; @@ -79,39 +77,39 @@ struct CRMFPKIArchiveOptionsStr { struct CRMFPKIPublicationInfoStr { SECItem action; /* Possible values */ /* dontPublish (0), pleasePublish (1) */ - CRMFSinglePubInfo **pubInfos; + CRMFSinglePubInfo **pubInfos; }; struct CRMFControlStr { - SECOidTag tag; - SECItem derTag; - SECItem derValue; - /* These will be C structures used to represent the various + SECOidTag tag; + SECItem derTag; + SECItem derValue; + /* These will be C structures used to represent the various * options. Values that can't be stored as der right away. * After creating these structures, we'll place their der * encoding in derValue so the encoder knows how to get to * it. */ union { - CRMFCertID oldCertId; - CRMFPKIArchiveOptions archiveOptions; - CRMFPKIPublicationInfo pubInfo; - CRMFProtocolEncrKey protEncrKey; + CRMFCertID oldCertId; + CRMFPKIArchiveOptions archiveOptions; + CRMFPKIPublicationInfo pubInfo; + CRMFProtocolEncrKey protEncrKey; } value; }; struct CRMFCertRequestStr { - SECItem certReqId; - CRMFCertTemplate certTemplate; - CRMFControl **controls; + SECItem certReqId; + CRMFCertTemplate certTemplate; + CRMFControl **controls; /* The following members are used by the internal implementation, but * are not part of the encoding. */ PLArenaPool *poolp; - PRUint32 requestID; /* This is the value that will be encoded into - * the certReqId field. - */ -}; + PRUint32 requestID; /* This is the value that will be encoded into + * the certReqId field. + */ +}; struct CRMFAttributeStr { SECItem derTag; @@ -119,41 +117,41 @@ struct CRMFAttributeStr { }; struct CRMFCertReqMsgStr { - CRMFCertRequest *certReq; - CRMFProofOfPossession *pop; - CRMFAttribute **regInfo; - SECItem derPOP; + CRMFCertRequest *certReq; + CRMFProofOfPossession *pop; + CRMFAttribute **regInfo; + SECItem derPOP; /* This arena will be used for allocating memory when decoding. */ PLArenaPool *poolp; - PRBool isDecoded; + PRBool isDecoded; }; struct CRMFPOPOSigningKeyInputStr { /* ASN1 must have only one of the next 2 options */ union { - SECItem sender; /*General Name*/ - CRMFPKMACValue *publicKeyMAC; - }authInfo; + SECItem sender; /*General Name*/ + CRMFPKMACValue *publicKeyMAC; + } authInfo; CERTSubjectPublicKeyInfo publicKey; }; struct CRMFPOPOSigningKeyStr { - SECItem derInput; /*If in the future we support - *POPOSigningKeyInput, this will - *a C structure representation - *instead. - */ - SECAlgorithmID *algorithmIdentifier; - SECItem signature; /* This is a BIT STRING. Remember */ -}; /* that when interpreting. */ + SECItem derInput; /*If in the future we support + *POPOSigningKeyInput, this will + *a C structure representation + *instead. + */ + SECAlgorithmID *algorithmIdentifier; + SECItem signature; /* This is a BIT STRING. Remember */ +}; /* that when interpreting. */ /* ASN1 must only choose one of these members */ struct CRMFPOPOPrivKeyStr { union { - SECItem thisMessage; /* BIT STRING */ - SECItem subsequentMessage; /*INTEGER*/ - SECItem dhMAC; /*BIT STRING*/ + SECItem thisMessage; /* BIT STRING */ + SECItem subsequentMessage; /*INTEGER*/ + SECItem dhMAC; /*BIT STRING*/ } message; CRMFPOPOPrivKeyChoice messageChoice; }; @@ -161,26 +159,26 @@ struct CRMFPOPOPrivKeyStr { /* ASN1 must only have one of these options. */ struct CRMFProofOfPossessionStr { union { - SECItem raVerified; - CRMFPOPOSigningKey signature; - CRMFPOPOPrivKey keyEncipherment; - CRMFPOPOPrivKey keyAgreement; + SECItem raVerified; + CRMFPOPOSigningKey signature; + CRMFPOPOPrivKey keyEncipherment; + CRMFPOPOPrivKey keyAgreement; } popChoice; - CRMFPOPChoice popUsed; /*Not part of encoding*/ + CRMFPOPChoice popUsed; /*Not part of encoding*/ }; struct CRMFPKMACValueStr { SECAlgorithmID algID; - SECItem value; /*BIT STRING*/ + SECItem value; /*BIT STRING*/ }; struct CRMFSinglePubInfoStr { - SECItem pubMethod; /* Possible Values: - * dontCare (0) - * x500 (1) - * web (2) - * ldap (3) - */ + SECItem pubMethod; /* Possible Values: + * dontCare (0) + * x500 (1) + * web (2) + * ldap (3) + */ CERTGeneralName *pubLocation; /* General Name */ }; diff --git a/nss/lib/crmf/crmfpop.c b/nss/lib/crmf/crmfpop.c index 2d4e326..725f8c7 100644 --- a/nss/lib/crmf/crmfpop.c +++ b/nss/lib/crmf/crmfpop.c @@ -3,7 +3,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - #include "crmf.h" #include "crmfi.h" #include "secasn1.h" @@ -13,8 +12,8 @@ #define CRMF_DEFAULT_ALLOC_SIZE 1024U SECStatus -crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, - SECItem *derDest) +crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg, + SECItem *derDest) { derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE); if (derDest->data == NULL) { @@ -24,18 +23,17 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE; encoderArg->buffer = derDest; return SECSuccess; - } /* Caller should release or unmark the pool, instead of doing it here. ** But there are NO callers of this function at present... */ -SECStatus +SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) { CRMFProofOfPossession *pop; - PLArenaPool *poolp; - void *mark; + PLArenaPool *poolp; + void *mark; PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL); poolp = inCertReqMsg->poolp; @@ -49,13 +47,13 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) } pop->popUsed = crmfRAVerified; pop->popChoice.raVerified.data = NULL; - pop->popChoice.raVerified.len = 0; + pop->popChoice.raVerified.len = 0; inCertReqMsg->pop = pop; (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), &(pop->popChoice.raVerified), CRMFRAVerifiedTemplate); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } @@ -71,14 +69,14 @@ crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey) return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN); } -static SECAlgorithmID* -crmf_create_poposignkey_algid(PLArenaPool *poolp, - SECKEYPublicKey *inPubKey) +static SECAlgorithmID * +crmf_create_poposignkey_algid(PLArenaPool *poolp, + SECKEYPublicKey *inPubKey) { SECAlgorithmID *algID; - SECOidTag tag; - SECStatus rv; - void *mark; + SECOidTag tag; + SECStatus rv; + void *mark; mark = PORT_ArenaMark(poolp); algID = PORT_ArenaZNew(poolp, SECAlgorithmID); @@ -95,83 +93,85 @@ crmf_create_poposignkey_algid(PLArenaPool *poolp, } PORT_ArenaUnmark(poolp, mark); return algID; - loser: +loser: PORT_ArenaRelease(poolp, mark); return NULL; } -static CRMFPOPOSigningKeyInput* +static CRMFPOPOSigningKeyInput * crmf_create_poposigningkeyinput(PLArenaPool *poolp, CERTCertificate *inCert, - CRMFMACPasswordCallback fn, void *arg) + CRMFMACPasswordCallback fn, void *arg) { - /* PSM isn't going to do this, so we'll fail here for now.*/ - return NULL; + /* PSM isn't going to do this, so we'll fail here for now.*/ + return NULL; } void -crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, - int depth, SEC_ASN1EncodingPart data_kind) +crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len, + int depth, SEC_ASN1EncodingPart data_kind) { - struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg*)arg; + struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg *)arg; unsigned char *cursor; - - if (encoderArg->buffer->len + len > encoderArg->allocatedLen) { - int newSize = encoderArg->buffer->len+CRMF_DEFAULT_ALLOC_SIZE; + + if (encoderArg->buffer->len + len > encoderArg->allocatedLen) { + int newSize = encoderArg->buffer->len + CRMF_DEFAULT_ALLOC_SIZE; void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize); - if (dummy == NULL) { - /* I really want to return an error code here */ - PORT_Assert(0); - return; - } - encoderArg->buffer->data = dummy; - encoderArg->allocatedLen = newSize; + if (dummy == NULL) { + /* I really want to return an error code here */ + PORT_Assert(0); + return; + } + encoderArg->buffer->data = dummy; + encoderArg->allocatedLen = newSize; } cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]); - PORT_Memcpy (cursor, buf, len); - encoderArg->buffer->len += len; + if (len) { + PORT_Memcpy(cursor, buf, len); + } + encoderArg->buffer->len += len; } static SECStatus crmf_encode_certreq(CRMFCertRequest *inCertReq, SECItem *derDest) { struct crmfEncoderArg encoderArg; - SECStatus rv; - - rv = crmf_init_encoder_callback_arg (&encoderArg, derDest); + SECStatus rv; + + rv = crmf_init_encoder_callback_arg(&encoderArg, derDest); if (rv != SECSuccess) { return SECFailure; } - return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate, - crmf_generic_encoder_callback, &encoderArg); + return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate, + crmf_generic_encoder_callback, &encoderArg); } static SECStatus -crmf_sign_certreq(PLArenaPool *poolp, - CRMFPOPOSigningKey *crmfSignKey, - CRMFCertRequest *certReq, - SECKEYPrivateKey *inKey, - SECAlgorithmID *inAlgId) +crmf_sign_certreq(PLArenaPool *poolp, + CRMFPOPOSigningKey *crmfSignKey, + CRMFCertRequest *certReq, + SECKEYPrivateKey *inKey, + SECAlgorithmID *inAlgId) { - SECItem derCertReq = { siBuffer, NULL, 0 }; - SECItem certReqSig = { siBuffer, NULL, 0 }; - SECStatus rv = SECSuccess; + SECItem derCertReq = { siBuffer, NULL, 0 }; + SECItem certReqSig = { siBuffer, NULL, 0 }; + SECStatus rv = SECSuccess; rv = crmf_encode_certreq(certReq, &derCertReq); if (rv != SECSuccess) { - goto loser; + goto loser; } rv = SEC_SignData(&certReqSig, derCertReq.data, derCertReq.len, - inKey,SECOID_GetAlgorithmTag(inAlgId)); + inKey, SECOID_GetAlgorithmTag(inAlgId)); if (rv != SECSuccess) { goto loser; } - + /* Now make it a part of the POPOSigningKey */ rv = SECITEM_CopyItem(poolp, &(crmfSignKey->signature), &certReqSig); /* Convert this length to number of bits */ - crmfSignKey->signature.len <<= 3; - - loser: + crmfSignKey->signature.len <<= 3; + +loser: if (derCertReq.data != NULL) { PORT_Free(derCertReq.data); } @@ -182,87 +182,87 @@ crmf_sign_certreq(PLArenaPool *poolp, } static SECStatus -crmf_create_poposignkey(PLArenaPool *poolp, - CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOSigningKeyInput *signKeyInput, - SECKEYPrivateKey *inPrivKey, - SECAlgorithmID *inAlgID, - CRMFPOPOSigningKey *signKey) +crmf_create_poposignkey(PLArenaPool *poolp, + CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOSigningKeyInput *signKeyInput, + SECKEYPrivateKey *inPrivKey, + SECAlgorithmID *inAlgID, + CRMFPOPOSigningKey *signKey) { - CRMFCertRequest *certReq; - void *mark; - PRBool useSignKeyInput; - SECStatus rv; - + CRMFCertRequest *certReq; + void *mark; + PRBool useSignKeyInput; + SECStatus rv; + PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL); mark = PORT_ArenaMark(poolp); if (signKey == NULL) { goto loser; } certReq = inCertReqMsg->certReq; - useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq,crmfSubject) && - CRMF_DoesRequestHaveField(certReq,crmfPublicKey)); + useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq, crmfSubject) && + CRMF_DoesRequestHaveField(certReq, crmfPublicKey)); if (useSignKeyInput) { - goto loser; + goto loser; } else { - rv = crmf_sign_certreq(poolp, signKey, certReq,inPrivKey, inAlgID); - if (rv != SECSuccess) { - goto loser; - } + rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID); + if (rv != SECSuccess) { + goto loser; + } } - PORT_ArenaUnmark(poolp,mark); + PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: - PORT_ArenaRelease(poolp,mark); +loser: + PORT_ArenaRelease(poolp, mark); return SECFailure; } SECStatus -CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, - SECKEYPrivateKey *inPrivKey, - SECKEYPublicKey *inPubKey, - CERTCertificate *inCertForInput, - CRMFMACPasswordCallback fn, - void *arg) +CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, + SECKEYPrivateKey *inPrivKey, + SECKEYPublicKey *inPubKey, + CERTCertificate *inCertForInput, + CRMFMACPasswordCallback fn, + void *arg) { - SECAlgorithmID *algID; - PLArenaPool *poolp; - SECItem derTemp = {siBuffer, NULL, 0}; - void *mark; - SECStatus rv; + SECAlgorithmID *algID; + PLArenaPool *poolp; + SECItem derTemp = { siBuffer, NULL, 0 }; + void *mark; + SECStatus rv; CRMFPOPOSigningKeyInput *signKeyInput = NULL; - CRMFCertRequest *certReq; - CRMFProofOfPossession *pop; - struct crmfEncoderArg encoderArg; + CRMFCertRequest *certReq; + CRMFProofOfPossession *pop; + struct crmfEncoderArg encoderArg; PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL && - inCertReqMsg->pop == NULL); + inCertReqMsg->pop == NULL); certReq = inCertReqMsg->certReq; - if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice || - !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) { + if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice || + !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) { return SECFailure; - } + } poolp = inCertReqMsg->poolp; mark = PORT_ArenaMark(poolp); algID = crmf_create_poposignkey_algid(poolp, inPubKey); - if(!CRMF_DoesRequestHaveField(certReq,crmfSubject)) { + if (!CRMF_DoesRequestHaveField(certReq, crmfSubject)) { signKeyInput = crmf_create_poposigningkeyinput(poolp, inCertForInput, - fn, arg); - if (signKeyInput == NULL) { - goto loser; - } + fn, arg); + if (signKeyInput == NULL) { + goto loser; + } } pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession); if (pop == NULL) { goto loser; } - - rv = crmf_create_poposignkey(poolp, inCertReqMsg, - signKeyInput, inPrivKey, algID, - &(pop->popChoice.signature)); + + rv = crmf_create_poposignkey(poolp, inCertReqMsg, + signKeyInput, inPrivKey, algID, + &(pop->popChoice.signature)); if (rv != SECSuccess) { goto loser; } @@ -270,14 +270,14 @@ CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, pop->popUsed = crmfSignature; pop->popChoice.signature.algorithmIdentifier = algID; inCertReqMsg->pop = pop; - - rv = crmf_init_encoder_callback_arg (&encoderArg, &derTemp); + + rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp); if (rv != SECSuccess) { goto loser; } - rv = SEC_ASN1Encode(&pop->popChoice.signature, - CRMFPOPOSigningKeyTemplate, - crmf_generic_encoder_callback, &encoderArg); + rv = SEC_ASN1Encode(&pop->popChoice.signature, + CRMFPOPOSigningKeyTemplate, + crmf_generic_encoder_callback, &encoderArg); if (rv != SECSuccess) { goto loser; } @@ -285,49 +285,49 @@ CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, if (rv != SECSuccess) { goto loser; } - PORT_Free (derTemp.data); - PORT_ArenaUnmark(poolp,mark); + PORT_Free(derTemp.data); + PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: - PORT_ArenaRelease(poolp,mark); +loser: + PORT_ArenaRelease(poolp, mark); if (derTemp.data != NULL) { PORT_Free(derTemp.data); } return SECFailure; } -static const SEC_ASN1Template* -crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey) +static const SEC_ASN1Template * +crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey) { const SEC_ASN1Template *retTemplate = NULL; switch (inPrivKey->messageChoice) { - case crmfThisMessage: - retTemplate = CRMFThisMessageTemplate; - break; - case crmfSubsequentMessage: - retTemplate = CRMFSubsequentMessageTemplate; - break; - case crmfDHMAC: - retTemplate = CRMFDHMACTemplate; - break; - default: - retTemplate = NULL; + case crmfThisMessage: + retTemplate = CRMFThisMessageTemplate; + break; + case crmfSubsequentMessage: + retTemplate = CRMFSubsequentMessageTemplate; + break; + case crmfDHMAC: + retTemplate = CRMFDHMACTemplate; + break; + default: + retTemplate = NULL; } return retTemplate; } static SECStatus -crmf_encode_popoprivkey(PLArenaPool *poolp, - CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKey *popoPrivKey, - const SEC_ASN1Template *privKeyTemplate) +crmf_encode_popoprivkey(PLArenaPool *poolp, + CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKey *popoPrivKey, + const SEC_ASN1Template *privKeyTemplate) { - struct crmfEncoderArg encoderArg; - SECItem derTemp = { siBuffer, NULL, 0 }; - SECStatus rv; - void *mark; + struct crmfEncoderArg encoderArg; + SECItem derTemp = { siBuffer, NULL, 0 }; + SECStatus rv; + void *mark; const SEC_ASN1Template *subDerTemplate; mark = PORT_ArenaMark(poolp); @@ -336,21 +336,21 @@ crmf_encode_popoprivkey(PLArenaPool *poolp, goto loser; } subDerTemplate = crmf_get_popoprivkey_subtemplate(popoPrivKey); - /* We've got a union, so a pointer to one item is a pointer to + /* We've got a union, so a pointer to one item is a pointer to * all the items in the union. */ - rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage, - subDerTemplate, - crmf_generic_encoder_callback, &encoderArg); + rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage, + subDerTemplate, + crmf_generic_encoder_callback, &encoderArg); if (rv != SECSuccess) { goto loser; } - if (encoderArg.allocatedLen > derTemp.len+2) { - void *dummy = PORT_Realloc(derTemp.data, derTemp.len+2); - if (dummy == NULL) { - goto loser; - } - derTemp.data = dummy; + if (encoderArg.allocatedLen > derTemp.len + 2) { + void *dummy = PORT_Realloc(derTemp.data, derTemp.len + 2); + if (dummy == NULL) { + goto loser; + } + derTemp.data = dummy; } PORT_Memmove(&derTemp.data[2], &derTemp.data[0], derTemp.len); /* I couldn't figure out how to get the ASN1 encoder to implicitly @@ -367,7 +367,7 @@ crmf_encode_popoprivkey(PLArenaPool *poolp, PORT_Free(derTemp.data); PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); if (derTemp.data) { PORT_Free(derTemp.data); @@ -375,29 +375,29 @@ crmf_encode_popoprivkey(PLArenaPool *poolp, return SECFailure; } -static const SEC_ASN1Template* -crmf_get_template_for_privkey(CRMFPOPChoice inChoice) +static const SEC_ASN1Template * +crmf_get_template_for_privkey(CRMFPOPChoice inChoice) { switch (inChoice) { - case crmfKeyAgreement: - return CRMFPOPOKeyAgreementTemplate; - case crmfKeyEncipherment: - return CRMFPOPOKeyEnciphermentTemplate; - default: - break; + case crmfKeyAgreement: + return CRMFPOPOKeyAgreementTemplate; + case crmfKeyEncipherment: + return CRMFPOPOKeyEnciphermentTemplate; + default: + break; } return NULL; } static SECStatus crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey, - CRMFPOPChoice inChoice) + CRMFPOPChoice inChoice) { - PLArenaPool *poolp; - void *mark; - CRMFPOPOPrivKey *popoPrivKey; + PLArenaPool *poolp; + void *mark; + CRMFPOPOPrivKey *popoPrivKey; CRMFProofOfPossession *pop; - SECStatus rv; + SECStatus rv; PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL); poolp = inCertReqMsg->poolp; @@ -409,14 +409,14 @@ crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey, pop->popUsed = inChoice; /* popChoice is a union, so getting a pointer to one * field gives me a pointer to the other fields as - * well. This in essence points to both + * well. This in essence points to both * pop->popChoice.keyEncipherment and * pop->popChoice.keyAgreement */ popoPrivKey = &pop->popChoice.keyEncipherment; rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.thisMessage), - encPrivKey); + encPrivKey); if (rv != SECSuccess) { goto loser; } @@ -424,27 +424,27 @@ crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey, popoPrivKey->messageChoice = crmfThisMessage; inCertReqMsg->pop = pop; rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey, - crmf_get_template_for_privkey(inChoice)); + crmf_get_template_for_privkey(inChoice)); if (rv != SECSuccess) { goto loser; } PORT_ArenaUnmark(poolp, mark); return SECSuccess; - - loser: + +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } static SECStatus crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac, - CRMFPOPChoice inChoice) + CRMFPOPChoice inChoice) { - PLArenaPool *poolp; - void *mark; - CRMFPOPOPrivKey *popoPrivKey; + PLArenaPool *poolp; + void *mark; + CRMFPOPOPrivKey *popoPrivKey; CRMFProofOfPossession *pop; - SECStatus rv; + SECStatus rv; PORT_Assert(inCertReqMsg != NULL && dhmac != NULL); poolp = inCertReqMsg->poolp; @@ -471,22 +471,22 @@ crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac, } PORT_ArenaUnmark(poolp, mark); return SECSuccess; - - loser: + +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } static SECStatus -crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg, - CRMFSubseqMessOptions subsequentMessage, - CRMFPOPChoice inChoice) +crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg, + CRMFSubseqMessOptions subsequentMessage, + CRMFPOPChoice inChoice) { - void *mark; - PLArenaPool *poolp; + void *mark; + PLArenaPool *poolp; CRMFProofOfPossession *pop; - CRMFPOPOPrivKey *popoPrivKey; - SECStatus rv; + CRMFPOPOPrivKey *popoPrivKey; + SECStatus rv; const SEC_ASN1Template *privKeyTemplate; if (subsequentMessage == crmfNoSubseqMess) { @@ -500,25 +500,25 @@ crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg, } pop->popUsed = inChoice; - /* + /* * We have a union, so a pointer to one member of the union * is also a member to another member of that same union. */ popoPrivKey = &pop->popChoice.keyEncipherment; switch (subsequentMessage) { - case crmfEncrCert: - rv = crmf_encode_integer(poolp, - &(popoPrivKey->message.subsequentMessage), - 0); - break; - case crmfChallengeResp: - rv = crmf_encode_integer(poolp, - &(popoPrivKey->message.subsequentMessage), - 1); - break; - default: - goto loser; + case crmfEncrCert: + rv = crmf_encode_integer(poolp, + &(popoPrivKey->message.subsequentMessage), + 0); + break; + case crmfChallengeResp: + rv = crmf_encode_integer(poolp, + &(popoPrivKey->message.subsequentMessage), + 1); + break; + default: + goto loser; } if (rv != SECSuccess) { goto loser; @@ -527,23 +527,23 @@ crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg, privKeyTemplate = crmf_get_template_for_privkey(inChoice); inCertReqMsg->pop = pop; rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey, - privKeyTemplate); + privKeyTemplate); if (rv != SECSuccess) { goto loser; } PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } -SECStatus -CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKeyChoice inKeyChoice, - CRMFSubseqMessOptions subseqMess, - SECItem *encPrivKey) +SECStatus +CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKeyChoice inKeyChoice, + CRMFSubseqMessOptions subseqMess, + SECItem *encPrivKey) { SECStatus rv; @@ -551,49 +551,48 @@ CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg, if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) { return SECFailure; } - switch (inKeyChoice) { - case crmfThisMessage: - rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey, - crmfKeyEncipherment); - break; - case crmfSubsequentMessage: - rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess, - crmfKeyEncipherment); - break; - case crmfDHMAC: - default: - rv = SECFailure; + switch (inKeyChoice) { + case crmfThisMessage: + rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey, + crmfKeyEncipherment); + break; + case crmfSubsequentMessage: + rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess, + crmfKeyEncipherment); + break; + case crmfDHMAC: + default: + rv = SECFailure; } return rv; } -SECStatus -CRMF_CertReqMsgSetKeyAgreementPOP (CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKeyChoice inKeyChoice, - CRMFSubseqMessOptions subseqMess, - SECItem *encPrivKey) +SECStatus +CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKeyChoice inKeyChoice, + CRMFSubseqMessOptions subseqMess, + SECItem *encPrivKey) { SECStatus rv; PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL); - switch (inKeyChoice) { - case crmfThisMessage: - rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey, - crmfKeyAgreement); - break; - case crmfSubsequentMessage: - rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess, - crmfKeyAgreement); - break; - case crmfDHMAC: - /* In this case encPrivKey should be the calculated dhMac - * as specified in RFC 2511 */ - rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey, - crmfKeyAgreement); - break; - default: - rv = SECFailure; + switch (inKeyChoice) { + case crmfThisMessage: + rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey, + crmfKeyAgreement); + break; + case crmfSubsequentMessage: + rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess, + crmfKeyAgreement); + break; + case crmfDHMAC: + /* In this case encPrivKey should be the calculated dhMac + * as specified in RFC 2511 */ + rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey, + crmfKeyAgreement); + break; + default: + rv = SECFailure; } return rv; } - diff --git a/nss/lib/crmf/crmfreq.c b/nss/lib/crmf/crmfreq.c index 7da81cd..e89f182 100644 --- a/nss/lib/crmf/crmfreq.c +++ b/nss/lib/crmf/crmfreq.c @@ -14,17 +14,16 @@ */ #define IS_NOT_NULL(ptr) ((ptr) == NULL) ? PR_FALSE : PR_TRUE -const unsigned char hexTrue = 0xff; +const unsigned char hexTrue = 0xff; const unsigned char hexFalse = 0x00; - SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, long value) { SECItem *dummy; dummy = SEC_ASN1EncodeInteger(poolp, dest, value); - PORT_Assert (dummy == dest); + PORT_Assert(dummy == dest); if (dummy == NULL) { return SECFailure; } @@ -33,12 +32,12 @@ crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, long value) SECStatus crmf_encode_unsigned_integer(PLArenaPool *poolp, SECItem *dest, - unsigned long value) + unsigned long value) { SECItem *dummy; dummy = SEC_ASN1EncodeUnsignedInteger(poolp, dest, value); - PORT_Assert (dummy == dest); + PORT_Assert(dummy == dest); if (dummy != dest) { return SECFailure; } @@ -46,73 +45,73 @@ crmf_encode_unsigned_integer(PLArenaPool *poolp, SECItem *dest, } static SECStatus -crmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src) +crmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src) { - return SECITEM_CopyItem (poolp, dest, src); + return SECITEM_CopyItem(poolp, dest, src); } PRBool -CRMF_DoesRequestHaveField (CRMFCertRequest *inCertReq, - CRMFCertTemplateField inField) +CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq, + CRMFCertTemplateField inField) { - + PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { return PR_FALSE; } switch (inField) { - case crmfVersion: - return inCertReq->certTemplate.version.data != NULL; - case crmfSerialNumber: - return inCertReq->certTemplate.serialNumber.data != NULL; - case crmfSigningAlg: - return inCertReq->certTemplate.signingAlg != NULL; - case crmfIssuer: - return inCertReq->certTemplate.issuer != NULL; - case crmfValidity: - return inCertReq->certTemplate.validity != NULL; - case crmfSubject: - return inCertReq->certTemplate.subject != NULL; - case crmfPublicKey: - return inCertReq->certTemplate.publicKey != NULL; - case crmfIssuerUID: - return inCertReq->certTemplate.issuerUID.data != NULL; - case crmfSubjectUID: - return inCertReq->certTemplate.subjectUID.data != NULL; - case crmfExtension: - return CRMF_CertRequestGetNumberOfExtensions(inCertReq) != 0; + case crmfVersion: + return inCertReq->certTemplate.version.data != NULL; + case crmfSerialNumber: + return inCertReq->certTemplate.serialNumber.data != NULL; + case crmfSigningAlg: + return inCertReq->certTemplate.signingAlg != NULL; + case crmfIssuer: + return inCertReq->certTemplate.issuer != NULL; + case crmfValidity: + return inCertReq->certTemplate.validity != NULL; + case crmfSubject: + return inCertReq->certTemplate.subject != NULL; + case crmfPublicKey: + return inCertReq->certTemplate.publicKey != NULL; + case crmfIssuerUID: + return inCertReq->certTemplate.issuerUID.data != NULL; + case crmfSubjectUID: + return inCertReq->certTemplate.subjectUID.data != NULL; + case crmfExtension: + return CRMF_CertRequestGetNumberOfExtensions(inCertReq) != 0; } return PR_FALSE; } CRMFCertRequest * -CRMF_CreateCertRequest (PRUint32 inRequestID) +CRMF_CreateCertRequest(PRUint32 inRequestID) { - PLArenaPool *poolp; + PLArenaPool *poolp; CRMFCertRequest *certReq; - SECStatus rv; - + SECStatus rv; + poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { goto loser; } - - certReq=PORT_ArenaZNew(poolp,CRMFCertRequest); + + certReq = PORT_ArenaZNew(poolp, CRMFCertRequest); if (certReq == NULL) { goto loser; } certReq->poolp = poolp; certReq->requestID = inRequestID; - - rv = crmf_encode_unsigned_integer(poolp, &(certReq->certReqId), + + rv = crmf_encode_unsigned_integer(poolp, &(certReq->certReqId), inRequestID); if (rv != SECSuccess) { goto loser; } return certReq; - loser: +loser: if (poolp) { PORT_FreeArena(poolp, PR_FALSE); } @@ -125,18 +124,18 @@ CRMF_DestroyCertRequest(CRMFCertRequest *inCertReq) PORT_Assert(inCertReq != NULL); if (inCertReq != NULL) { if (inCertReq->certTemplate.extensions) { - PORT_Free(inCertReq->certTemplate.extensions); - } - if (inCertReq->controls) { - /* Right now we don't support EnveloppedData option, - * so we won't go through and delete each occurrence of - * an EnveloppedData in the control. - */ - PORT_Free(inCertReq->controls); - } - if (inCertReq->poolp) { - PORT_FreeArena(inCertReq->poolp, PR_TRUE); - } + PORT_Free(inCertReq->certTemplate.extensions); + } + if (inCertReq->controls) { + /* Right now we don't support EnveloppedData option, + * so we won't go through and delete each occurrence of + * an EnveloppedData in the control. + */ + PORT_Free(inCertReq->controls); + } + if (inCertReq->poolp) { + PORT_FreeArena(inCertReq->poolp, PR_TRUE); + } } return SECSuccess; } @@ -154,12 +153,12 @@ crmf_template_add_serialnumber(PLArenaPool *poolp, SECItem *dest, long serial) } SECStatus -crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest, - SECAlgorithmID* src) +crmf_template_copy_secalg(PLArenaPool *poolp, SECAlgorithmID **dest, + SECAlgorithmID *src) { - SECStatus rv; - void *mark = NULL; - SECAlgorithmID *mySecAlg; + SECStatus rv; + void *mark = NULL; + SECAlgorithmID *mySecAlg; if (!poolp) { PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -180,7 +179,7 @@ crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest, } return SECSuccess; - loser: +loser: *dest = NULL; if (mark) { PORT_ArenaRelease(poolp, mark); @@ -190,11 +189,11 @@ crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest, SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, - CERTName *src) + CERTName *src) { CERTName *newName; SECStatus rv; - void *mark; + void *mark; mark = PORT_ArenaMark(poolp); *dest = newName = PORT_ArenaZNew(poolp, CERTName); @@ -204,91 +203,88 @@ crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, rv = CERT_CopyName(poolp, newName, src); if (rv != SECSuccess) { - goto loser; + goto loser; } PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); *dest = NULL; return SECFailure; } static SECStatus -crmf_template_add_issuer (PLArenaPool *poolp, CERTName **dest, - CERTName* issuerName) +crmf_template_add_issuer(PLArenaPool *poolp, CERTName **dest, + CERTName *issuerName) { return crmf_copy_cert_name(poolp, dest, issuerName); } - static SECStatus -crmf_template_add_validity (PLArenaPool *poolp, CRMFOptionalValidity **dest, - CRMFValidityCreationInfo *info) +crmf_template_add_validity(PLArenaPool *poolp, CRMFOptionalValidity **dest, + CRMFValidityCreationInfo *info) { - SECStatus rv; - void *mark; + SECStatus rv; + void *mark; CRMFOptionalValidity *myValidity; /*First off, let's make sure at least one of the two fields is present*/ - if (!info || (!info->notBefore && !info->notAfter)) { + if (!info || (!info->notBefore && !info->notAfter)) { return SECFailure; } - mark = PORT_ArenaMark (poolp); + mark = PORT_ArenaMark(poolp); *dest = myValidity = PORT_ArenaZNew(poolp, CRMFOptionalValidity); if (myValidity == NULL) { goto loser; } if (info->notBefore) { - rv = DER_EncodeTimeChoice (poolp, &myValidity->notBefore, - *info->notBefore); - if (rv != SECSuccess) { - goto loser; - } + rv = DER_EncodeTimeChoice(poolp, &myValidity->notBefore, + *info->notBefore); + if (rv != SECSuccess) { + goto loser; + } } if (info->notAfter) { - rv = DER_EncodeTimeChoice (poolp, &myValidity->notAfter, - *info->notAfter); - if (rv != SECSuccess) { - goto loser; - } + rv = DER_EncodeTimeChoice(poolp, &myValidity->notAfter, + *info->notAfter); + if (rv != SECSuccess) { + goto loser; + } } PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); *dest = NULL; return SECFailure; } static SECStatus -crmf_template_add_subject (PLArenaPool *poolp, CERTName **dest, - CERTName *subject) +crmf_template_add_subject(PLArenaPool *poolp, CERTName **dest, + CERTName *subject) { return crmf_copy_cert_name(poolp, dest, subject); } SECStatus crmf_template_add_public_key(PLArenaPool *poolp, - CERTSubjectPublicKeyInfo **dest, - CERTSubjectPublicKeyInfo *pubKey) + CERTSubjectPublicKeyInfo **dest, + CERTSubjectPublicKeyInfo *pubKey) { CERTSubjectPublicKeyInfo *spki; SECStatus rv; - *dest = spki = (poolp == NULL) ? - PORT_ZNew(CERTSubjectPublicKeyInfo) : - PORT_ArenaZNew (poolp, CERTSubjectPublicKeyInfo); + *dest = spki = (poolp == NULL) ? PORT_ZNew(CERTSubjectPublicKeyInfo) : PORT_ArenaZNew(poolp, CERTSubjectPublicKeyInfo); if (spki == NULL) { goto loser; } - rv = SECKEY_CopySubjectPublicKeyInfo (poolp, spki, pubKey); + rv = SECKEY_CopySubjectPublicKeyInfo(poolp, spki, pubKey); if (rv != SECSuccess) { goto loser; } return SECSuccess; - loser: +loser: if (poolp == NULL && spki != NULL) { SECKEY_DestroySubjectPublicKeyInfo(spki); } @@ -297,11 +293,11 @@ crmf_template_add_public_key(PLArenaPool *poolp, } static SECStatus -crmf_copy_bitstring (PLArenaPool *poolp, SECItem *dest, const SECItem *src) +crmf_copy_bitstring(PLArenaPool *poolp, SECItem *dest, const SECItem *src) { SECStatus rv; - SECItem byteSrc; - + SECItem byteSrc; + byteSrc = *src; byteSrc.len = CRMF_BITS_TO_BYTES(byteSrc.len); rv = crmf_copy_secitem(poolp, dest, &byteSrc); @@ -311,23 +307,23 @@ crmf_copy_bitstring (PLArenaPool *poolp, SECItem *dest, const SECItem *src) static SECStatus crmf_template_add_issuer_uid(PLArenaPool *poolp, SECItem *dest, - const SECItem *issuerUID) + const SECItem *issuerUID) { - return crmf_copy_bitstring (poolp, dest, issuerUID); + return crmf_copy_bitstring(poolp, dest, issuerUID); } static SECStatus crmf_template_add_subject_uid(PLArenaPool *poolp, SECItem *dest, - const SECItem *subjectUID) + const SECItem *subjectUID) { - return crmf_copy_bitstring (poolp, dest, subjectUID); + return crmf_copy_bitstring(poolp, dest, subjectUID); } static void -crmf_zeroize_new_extensions (CRMFCertExtension **extensions, - int numToZeroize) +crmf_zeroize_new_extensions(CRMFCertExtension **extensions, + int numToZeroize) { - PORT_Memset((void*)extensions, 0, sizeof(CERTCertExtension*)*numToZeroize); + PORT_Memset((void *)extensions, 0, sizeof(CERTCertExtension *) * numToZeroize); } /* @@ -342,72 +338,71 @@ crmf_zeroize_new_extensions (CRMFCertExtension **extensions, */ static SECStatus crmf_template_add_extensions(PLArenaPool *poolp, CRMFCertTemplate *inTemplate, - CRMFCertExtCreationInfo *extensions) + CRMFCertExtCreationInfo *extensions) { - void *mark; - int newSize, oldSize, i; - SECStatus rv; + void *mark; + int newSize, oldSize, i; + SECStatus rv; CRMFCertExtension **extArray; - CRMFCertExtension *newExt, *currExt; + CRMFCertExtension *newExt, *currExt; mark = PORT_ArenaMark(poolp); if (inTemplate->extensions == NULL) { newSize = extensions->numExtensions; - extArray = PORT_ZNewArray(CRMFCertExtension*,newSize+1); + extArray = PORT_ZNewArray(CRMFCertExtension *, newSize + 1); } else { newSize = inTemplate->numExtensions + extensions->numExtensions; - extArray = PORT_Realloc(inTemplate->extensions, - sizeof(CRMFCertExtension*)*(newSize+1)); + extArray = PORT_Realloc(inTemplate->extensions, + sizeof(CRMFCertExtension *) * (newSize + 1)); } if (extArray == NULL) { goto loser; } - oldSize = inTemplate->numExtensions; - inTemplate->extensions = extArray; + oldSize = inTemplate->numExtensions; + inTemplate->extensions = extArray; inTemplate->numExtensions = newSize; - for (i=oldSize; i < newSize; i++) { + for (i = oldSize; i < newSize; i++) { newExt = PORT_ArenaZNew(poolp, CRMFCertExtension); - if (newExt == NULL) { - goto loser2; - } - currExt = extensions->extensions[i-oldSize]; - rv = crmf_copy_secitem(poolp, &(newExt->id), &(currExt->id)); - if (rv != SECSuccess) { - goto loser2; - } - rv = crmf_copy_secitem(poolp, &(newExt->critical), - &(currExt->critical)); - if (rv != SECSuccess) { - goto loser2; - } - rv = crmf_copy_secitem(poolp, &(newExt->value), &(currExt->value)); - if (rv != SECSuccess) { - goto loser2; - } - extArray[i] = newExt; + if (newExt == NULL) { + goto loser2; + } + currExt = extensions->extensions[i - oldSize]; + rv = crmf_copy_secitem(poolp, &(newExt->id), &(currExt->id)); + if (rv != SECSuccess) { + goto loser2; + } + rv = crmf_copy_secitem(poolp, &(newExt->critical), + &(currExt->critical)); + if (rv != SECSuccess) { + goto loser2; + } + rv = crmf_copy_secitem(poolp, &(newExt->value), &(currExt->value)); + if (rv != SECSuccess) { + goto loser2; + } + extArray[i] = newExt; } extArray[newSize] = NULL; PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser2: - crmf_zeroize_new_extensions (&(inTemplate->extensions[oldSize]), - extensions->numExtensions); +loser2: + crmf_zeroize_new_extensions(&(inTemplate->extensions[oldSize]), + extensions->numExtensions); inTemplate->numExtensions = oldSize; - loser: +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } SECStatus -CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq, - CRMFCertTemplateField inTemplateField, - void *data) +CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq, + CRMFCertTemplateField inTemplateField, + void *data) { CRMFCertTemplate *certTemplate; - PLArenaPool *poolp; - SECStatus rv = SECFailure; - void *mark; - + PLArenaPool *poolp; + SECStatus rv = SECFailure; + void *mark; if (inCertReq == NULL) { return SECFailure; @@ -418,47 +413,47 @@ CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq, poolp = inCertReq->poolp; mark = PORT_ArenaMark(poolp); switch (inTemplateField) { - case crmfVersion: - rv = crmf_template_add_version(poolp,&(certTemplate->version), - *(long*)data); - break; - case crmfSerialNumber: - rv = crmf_template_add_serialnumber(poolp, - &(certTemplate->serialNumber), - *(long*)data); - break; - case crmfSigningAlg: - rv = crmf_template_copy_secalg (poolp, &(certTemplate->signingAlg), - (SECAlgorithmID*)data); - break; - case crmfIssuer: - rv = crmf_template_add_issuer (poolp, &(certTemplate->issuer), - (CERTName*)data); - break; - case crmfValidity: - rv = crmf_template_add_validity (poolp, &(certTemplate->validity), - (CRMFValidityCreationInfo*)data); - break; - case crmfSubject: - rv = crmf_template_add_subject (poolp, &(certTemplate->subject), - (CERTName*)data); - break; - case crmfPublicKey: - rv = crmf_template_add_public_key(poolp, &(certTemplate->publicKey), - (CERTSubjectPublicKeyInfo*)data); - break; - case crmfIssuerUID: - rv = crmf_template_add_issuer_uid(poolp, &(certTemplate->issuerUID), - (SECItem*)data); - break; - case crmfSubjectUID: - rv = crmf_template_add_subject_uid(poolp, &(certTemplate->subjectUID), - (SECItem*)data); - break; - case crmfExtension: - rv = crmf_template_add_extensions(poolp, certTemplate, - (CRMFCertExtCreationInfo*)data); - break; + case crmfVersion: + rv = crmf_template_add_version(poolp, &(certTemplate->version), + *(long *)data); + break; + case crmfSerialNumber: + rv = crmf_template_add_serialnumber(poolp, + &(certTemplate->serialNumber), + *(long *)data); + break; + case crmfSigningAlg: + rv = crmf_template_copy_secalg(poolp, &(certTemplate->signingAlg), + (SECAlgorithmID *)data); + break; + case crmfIssuer: + rv = crmf_template_add_issuer(poolp, &(certTemplate->issuer), + (CERTName *)data); + break; + case crmfValidity: + rv = crmf_template_add_validity(poolp, &(certTemplate->validity), + (CRMFValidityCreationInfo *)data); + break; + case crmfSubject: + rv = crmf_template_add_subject(poolp, &(certTemplate->subject), + (CERTName *)data); + break; + case crmfPublicKey: + rv = crmf_template_add_public_key(poolp, &(certTemplate->publicKey), + (CERTSubjectPublicKeyInfo *)data); + break; + case crmfIssuerUID: + rv = crmf_template_add_issuer_uid(poolp, &(certTemplate->issuerUID), + (SECItem *)data); + break; + case crmfSubjectUID: + rv = crmf_template_add_subject_uid(poolp, &(certTemplate->subjectUID), + (SECItem *)data); + break; + case crmfExtension: + rv = crmf_template_add_extensions(poolp, certTemplate, + (CRMFCertExtCreationInfo *)data); + break; } if (rv != SECSuccess) { PORT_ArenaRelease(poolp, mark); @@ -469,22 +464,22 @@ CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq, } SECStatus -CRMF_CertReqMsgSetCertRequest (CRMFCertReqMsg *inCertReqMsg, - CRMFCertRequest *inCertReq) +CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg, + CRMFCertRequest *inCertReq) { - PORT_Assert (inCertReqMsg != NULL && inCertReq != NULL); + PORT_Assert(inCertReqMsg != NULL && inCertReq != NULL); if (inCertReqMsg == NULL || inCertReq == NULL) { return SECFailure; } inCertReqMsg->certReq = crmf_copy_cert_request(inCertReqMsg->poolp, - inCertReq); + inCertReq); return (inCertReqMsg->certReq == NULL) ? SECFailure : SECSuccess; } -CRMFCertReqMsg* +CRMFCertReqMsg * CRMF_CreateCertReqMsg(void) { - PLArenaPool *poolp; + PLArenaPool *poolp; CRMFCertReqMsg *reqMsg; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); @@ -497,49 +492,48 @@ CRMF_CreateCertReqMsg(void) } reqMsg->poolp = poolp; return reqMsg; - - loser: + +loser: if (poolp) { PORT_FreeArena(poolp, PR_FALSE); } return NULL; } -SECStatus +SECStatus CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg) { PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->poolp != NULL); if (!inCertReqMsg->isDecoded) { if (inCertReqMsg->certReq->certTemplate.extensions != NULL) { - PORT_Free(inCertReqMsg->certReq->certTemplate.extensions); - } - if (inCertReqMsg->certReq->controls != NULL) { - PORT_Free(inCertReqMsg->certReq->controls); - } + PORT_Free(inCertReqMsg->certReq->certTemplate.extensions); + } + if (inCertReqMsg->certReq->controls != NULL) { + PORT_Free(inCertReqMsg->certReq->controls); + } } PORT_FreeArena(inCertReqMsg->poolp, PR_TRUE); return SECSuccess; } -CRMFCertExtension* +CRMFCertExtension * crmf_create_cert_extension(PLArenaPool *poolp, - SECOidTag id, - PRBool isCritical, - SECItem *data) + SECOidTag id, + PRBool isCritical, + SECItem *data) { CRMFCertExtension *newExt; - SECOidData *oidData; - SECStatus rv; + SECOidData *oidData; + SECStatus rv; - newExt = (poolp == NULL) ? PORT_ZNew(CRMFCertExtension) : - PORT_ArenaZNew(poolp, CRMFCertExtension); + newExt = (poolp == NULL) ? PORT_ZNew(CRMFCertExtension) : PORT_ArenaZNew(poolp, CRMFCertExtension); if (newExt == NULL) { goto loser; } oidData = SECOID_FindOIDByTag(id); - if (oidData == NULL || - oidData->supportedExtension != SUPPORTED_CERT_EXTENSION) { - goto loser; + if (oidData == NULL || + oidData->supportedExtension != SUPPORTED_CERT_EXTENSION) { + goto loser; } rv = SECITEM_CopyItem(poolp, &(newExt->id), &(oidData->oid)); @@ -553,17 +547,16 @@ crmf_create_cert_extension(PLArenaPool *poolp, } if (isCritical) { - newExt->critical.data = (poolp == NULL) ? - PORT_New(unsigned char) : - PORT_ArenaNew(poolp, unsigned char); - if (newExt->critical.data == NULL) { - goto loser; - } - newExt->critical.data[0] = hexTrue; - newExt->critical.len = 1; + newExt->critical.data = (poolp == NULL) ? PORT_New(unsigned char) + : PORT_ArenaNew(poolp, unsigned char); + if (newExt->critical.data == NULL) { + goto loser; + } + newExt->critical.data[0] = hexTrue; + newExt->critical.len = 1; } return newExt; - loser: +loser: if (newExt != NULL && poolp == NULL) { CRMF_DestroyCertExtension(newExt); } @@ -572,8 +565,8 @@ crmf_create_cert_extension(PLArenaPool *poolp, CRMFCertExtension * CRMF_CreateCertExtension(SECOidTag id, - PRBool isCritical, - SECItem *data) + PRBool isCritical, + SECItem *data) { return crmf_create_cert_extension(NULL, id, isCritical, data); } @@ -582,12 +575,12 @@ static SECStatus crmf_destroy_cert_extension(CRMFCertExtension *inExtension, PRBool freeit) { if (inExtension != NULL) { - SECITEM_FreeItem (&(inExtension->id), PR_FALSE); - SECITEM_FreeItem (&(inExtension->value), PR_FALSE); - SECITEM_FreeItem (&(inExtension->critical), PR_FALSE); - if (freeit) { - PORT_Free(inExtension); - } + SECITEM_FreeItem(&(inExtension->id), PR_FALSE); + SECITEM_FreeItem(&(inExtension->value), PR_FALSE); + SECITEM_FreeItem(&(inExtension->critical), PR_FALSE); + if (freeit) { + PORT_Free(inExtension); + } } return SECSuccess; } @@ -599,9 +592,9 @@ CRMF_DestroyCertExtension(CRMFCertExtension *inExtension) } SECStatus -CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs) +CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs) { - PORT_Assert (inCertReqMsgs != NULL); + PORT_Assert(inCertReqMsgs != NULL); if (inCertReqMsgs != NULL) { PORT_FreeArena(inCertReqMsgs->poolp, PR_TRUE); } @@ -618,53 +611,53 @@ crmf_item_has_data(SECItem *item) } PRBool -CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq, - CRMFCertTemplateField inTemplateField) +CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq, + CRMFCertTemplateField inTemplateField) { - PRBool retVal; + PRBool retVal; CRMFCertTemplate *certTemplate; PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { - /* This is probably some kind of error, but this is - * the safest return value for this function. - */ + /* This is probably some kind of error, but this is + * the safest return value for this function. + */ return PR_FALSE; } certTemplate = &inCertReq->certTemplate; switch (inTemplateField) { - case crmfVersion: - retVal = crmf_item_has_data(&certTemplate->version); - break; - case crmfSerialNumber: - retVal = crmf_item_has_data(&certTemplate->serialNumber); - break; - case crmfSigningAlg: - retVal = IS_NOT_NULL(certTemplate->signingAlg); - break; - case crmfIssuer: - retVal = IS_NOT_NULL(certTemplate->issuer); - break; - case crmfValidity: - retVal = IS_NOT_NULL(certTemplate->validity); - break; - case crmfSubject: - retVal = IS_NOT_NULL(certTemplate->subject); - break; - case crmfPublicKey: - retVal = IS_NOT_NULL(certTemplate->publicKey); - break; - case crmfIssuerUID: - retVal = crmf_item_has_data(&certTemplate->issuerUID); - break; - case crmfSubjectUID: - retVal = crmf_item_has_data(&certTemplate->subjectUID); - break; - case crmfExtension: - retVal = IS_NOT_NULL(certTemplate->extensions); - break; - default: - retVal = PR_FALSE; + case crmfVersion: + retVal = crmf_item_has_data(&certTemplate->version); + break; + case crmfSerialNumber: + retVal = crmf_item_has_data(&certTemplate->serialNumber); + break; + case crmfSigningAlg: + retVal = IS_NOT_NULL(certTemplate->signingAlg); + break; + case crmfIssuer: + retVal = IS_NOT_NULL(certTemplate->issuer); + break; + case crmfValidity: + retVal = IS_NOT_NULL(certTemplate->validity); + break; + case crmfSubject: + retVal = IS_NOT_NULL(certTemplate->subject); + break; + case crmfPublicKey: + retVal = IS_NOT_NULL(certTemplate->publicKey); + break; + case crmfIssuerUID: + retVal = crmf_item_has_data(&certTemplate->issuerUID); + break; + case crmfSubjectUID: + retVal = crmf_item_has_data(&certTemplate->subjectUID); + break; + case crmfExtension: + retVal = IS_NOT_NULL(certTemplate->extensions); + break; + default: + retVal = PR_FALSE; } return retVal; } diff --git a/nss/lib/crmf/crmft.h b/nss/lib/crmf/crmft.h index e12aa02..8d83cf1 100644 --- a/nss/lib/crmf/crmft.h +++ b/nss/lib/crmf/crmft.h @@ -3,8 +3,7 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* Header file with all of the structures and types that will be exported +/* Header file with all of the structures and types that will be exported * by the security library for implementation of CRMF. */ @@ -47,7 +46,7 @@ typedef enum { } CRMFPublicationAction; /* - * An enumeration for the possible for pubMethod which is a part of + * An enumeration for the possible for pubMethod which is a part of * the SinglePubInfo ASN1 type. */ typedef enum { @@ -79,7 +78,7 @@ typedef enum { } CRMFPOPChoice; /* - * An enumertion type for options for the authInfo field of the + * An enumertion type for options for the authInfo field of the * CRMFPOPOSigningKeyInput structure. */ typedef enum { @@ -132,41 +131,41 @@ typedef enum { * The number of DER encoded bytes to write out. * */ -typedef void (*CRMFEncoderOutputCallback) (void *arg, - const char *buf, - unsigned long len); +typedef void (*CRMFEncoderOutputCallback)(void *arg, + const char *buf, + unsigned long len); /* * Type for the function that gets a password. Just in case we ever * need to support publicKeyMAC for POPOSigningKeyInput */ -typedef SECItem* (*CRMFMACPasswordCallback) (void *arg); - -typedef struct CRMFOptionalValidityStr CRMFOptionalValidity; -typedef struct CRMFValidityCreationInfoStr CRMFGetValidity; -typedef struct CRMFCertTemplateStr CRMFCertTemplate; -typedef struct CRMFCertRequestStr CRMFCertRequest; -typedef struct CRMFCertReqMsgStr CRMFCertReqMsg; -typedef struct CRMFCertReqMessagesStr CRMFCertReqMessages; -typedef struct CRMFProofOfPossessionStr CRMFProofOfPossession; -typedef struct CRMFPOPOSigningKeyStr CRMFPOPOSigningKey; -typedef struct CRMFPOPOSigningKeyInputStr CRMFPOPOSigningKeyInput; -typedef struct CRMFPOPOPrivKeyStr CRMFPOPOPrivKey; -typedef struct CRMFPKIPublicationInfoStr CRMFPKIPublicationInfo; -typedef struct CRMFSinglePubInfoStr CRMFSinglePubInfo; -typedef struct CRMFPKIArchiveOptionsStr CRMFPKIArchiveOptions; -typedef struct CRMFEncryptedKeyStr CRMFEncryptedKey; -typedef struct CRMFEncryptedValueStr CRMFEncryptedValue; -typedef struct CRMFCertIDStr CRMFCertID; -typedef struct CRMFCertIDStr CRMFOldCertID; -typedef CERTSubjectPublicKeyInfo CRMFProtocolEncrKey; -typedef struct CRMFValidityCreationInfoStr CRMFValidityCreationInfo; -typedef struct CRMFCertExtCreationInfoStr CRMFCertExtCreationInfo; -typedef struct CRMFPKMACValueStr CRMFPKMACValue; -typedef struct CRMFAttributeStr CRMFAttribute; -typedef struct CRMFControlStr CRMFControl; -typedef CERTGeneralName CRMFGeneralName; -typedef struct CRMFCertExtensionStr CRMFCertExtension; +typedef SECItem *(*CRMFMACPasswordCallback)(void *arg); + +typedef struct CRMFOptionalValidityStr CRMFOptionalValidity; +typedef struct CRMFValidityCreationInfoStr CRMFGetValidity; +typedef struct CRMFCertTemplateStr CRMFCertTemplate; +typedef struct CRMFCertRequestStr CRMFCertRequest; +typedef struct CRMFCertReqMsgStr CRMFCertReqMsg; +typedef struct CRMFCertReqMessagesStr CRMFCertReqMessages; +typedef struct CRMFProofOfPossessionStr CRMFProofOfPossession; +typedef struct CRMFPOPOSigningKeyStr CRMFPOPOSigningKey; +typedef struct CRMFPOPOSigningKeyInputStr CRMFPOPOSigningKeyInput; +typedef struct CRMFPOPOPrivKeyStr CRMFPOPOPrivKey; +typedef struct CRMFPKIPublicationInfoStr CRMFPKIPublicationInfo; +typedef struct CRMFSinglePubInfoStr CRMFSinglePubInfo; +typedef struct CRMFPKIArchiveOptionsStr CRMFPKIArchiveOptions; +typedef struct CRMFEncryptedKeyStr CRMFEncryptedKey; +typedef struct CRMFEncryptedValueStr CRMFEncryptedValue; +typedef struct CRMFCertIDStr CRMFCertID; +typedef struct CRMFCertIDStr CRMFOldCertID; +typedef CERTSubjectPublicKeyInfo CRMFProtocolEncrKey; +typedef struct CRMFValidityCreationInfoStr CRMFValidityCreationInfo; +typedef struct CRMFCertExtCreationInfoStr CRMFCertExtCreationInfo; +typedef struct CRMFPKMACValueStr CRMFPKMACValue; +typedef struct CRMFAttributeStr CRMFAttribute; +typedef struct CRMFControlStr CRMFControl; +typedef CERTGeneralName CRMFGeneralName; +typedef struct CRMFCertExtensionStr CRMFCertExtension; struct CRMFValidityCreationInfoStr { PRTime *notBefore; @@ -184,5 +183,4 @@ struct CRMFCertExtCreationInfoStr { extern const SEC_ASN1Template CRMFCertReqMessagesTemplate[]; extern const SEC_ASN1Template CRMFCertRequestTemplate[]; - #endif /*_CRMFT_H_*/ diff --git a/nss/lib/crmf/crmftmpl.c b/nss/lib/crmf/crmftmpl.c index 320d524..265a15d 100644 --- a/nss/lib/crmf/crmftmpl.c +++ b/nss/lib/crmf/crmftmpl.c @@ -18,27 +18,27 @@ SEC_ASN1_MKSUB(CERT_TimeChoiceTemplate) SEC_ASN1_MKSUB(CERT_SubjectPublicKeyInfoTemplate) SEC_ASN1_MKSUB(CERT_NameTemplate) -/* +/* * It's all implicit tagging. */ const SEC_ASN1Template CRMFControlTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFControl)}, - { SEC_ASN1_OBJECT_ID, offsetof(CRMFControl, derTag)}, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFControl) }, + { SEC_ASN1_OBJECT_ID, offsetof(CRMFControl, derTag) }, { SEC_ASN1_ANY, offsetof(CRMFControl, derValue) }, { 0 } }; static const SEC_ASN1Template CRMFCertExtensionTemplate[] = { { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CRMFCertExtension) }, + 0, NULL, sizeof(CRMFCertExtension) }, { SEC_ASN1_OBJECT_ID, - offsetof(CRMFCertExtension,id) }, + offsetof(CRMFCertExtension, id) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, - offsetof(CRMFCertExtension,critical) }, + offsetof(CRMFCertExtension, critical) }, { SEC_ASN1_OCTET_STRING, - offsetof(CRMFCertExtension,value) }, - { 0, } + offsetof(CRMFCertExtension, value) }, + { 0 } }; static const SEC_ASN1Template CRMFSequenceOfCertExtensionTemplate[] = { @@ -46,78 +46,78 @@ static const SEC_ASN1Template CRMFSequenceOfCertExtensionTemplate[] = { }; static const SEC_ASN1Template CRMFOptionalValidityTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFOptionalValidity) }, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFOptionalValidity) }, { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM | - SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 0, - offsetof (CRMFOptionalValidity, notBefore), + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 0, + offsetof(CRMFOptionalValidity, notBefore), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) }, { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM | - SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1, - offsetof (CRMFOptionalValidity, notAfter), + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1, + offsetof(CRMFOptionalValidity, notAfter), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) }, { 0 } }; static const SEC_ASN1Template crmfPointerToNameTemplate[] = { - { SEC_ASN1_POINTER | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(CERT_NameTemplate)}, + { SEC_ASN1_POINTER | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(CERT_NameTemplate) }, { 0 } }; static const SEC_ASN1Template CRMFCertTemplateTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertTemplate) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, - offsetof(CRMFCertTemplate, version), - SEC_ASN1_SUB(SEC_IntegerTemplate) }, - { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1 , - offsetof (CRMFCertTemplate, serialNumber), - SEC_ASN1_SUB(SEC_IntegerTemplate) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | - SEC_ASN1_XTRN | 2, - offsetof (CRMFCertTemplate, signingAlg), - SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | - SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 3, - offsetof (CRMFCertTemplate, issuer), crmfPointerToNameTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 4, - offsetof (CRMFCertTemplate, validity), - CRMFOptionalValidityTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | - SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 5, - offsetof (CRMFCertTemplate, subject), crmfPointerToNameTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | - SEC_ASN1_XTRN | 6, - offsetof (CRMFCertTemplate, publicKey), - SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) }, - { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | - SEC_ASN1_XTRN | 7, - offsetof (CRMFCertTemplate, issuerUID), - SEC_ASN1_SUB(SEC_BitStringTemplate) }, - { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | - SEC_ASN1_XTRN | 8, - offsetof (CRMFCertTemplate, subjectUID), - SEC_ASN1_SUB(SEC_BitStringTemplate) }, - { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | - SEC_ASN1_CONTEXT_SPECIFIC | 9, - offsetof (CRMFCertTemplate, extensions), - CRMFSequenceOfCertExtensionTemplate }, - { 0 } + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, + offsetof(CRMFCertTemplate, version), + SEC_ASN1_SUB(SEC_IntegerTemplate) }, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1, + offsetof(CRMFCertTemplate, serialNumber), + SEC_ASN1_SUB(SEC_IntegerTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 2, + offsetof(CRMFCertTemplate, signingAlg), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 3, + offsetof(CRMFCertTemplate, issuer), crmfPointerToNameTemplate }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 4, + offsetof(CRMFCertTemplate, validity), + CRMFOptionalValidityTemplate }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 5, + offsetof(CRMFCertTemplate, subject), crmfPointerToNameTemplate }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 6, + offsetof(CRMFCertTemplate, publicKey), + SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) }, + { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | + SEC_ASN1_XTRN | 7, + offsetof(CRMFCertTemplate, issuerUID), + SEC_ASN1_SUB(SEC_BitStringTemplate) }, + { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | + SEC_ASN1_XTRN | 8, + offsetof(CRMFCertTemplate, subjectUID), + SEC_ASN1_SUB(SEC_BitStringTemplate) }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | + SEC_ASN1_CONTEXT_SPECIFIC | 9, + offsetof(CRMFCertTemplate, extensions), + CRMFSequenceOfCertExtensionTemplate }, + { 0 } }; static const SEC_ASN1Template CRMFAttributeTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFAttribute)}, - { SEC_ASN1_OBJECT_ID, offsetof(CRMFAttribute, derTag)}, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFAttribute) }, + { SEC_ASN1_OBJECT_ID, offsetof(CRMFAttribute, derTag) }, { SEC_ASN1_ANY, offsetof(CRMFAttribute, derValue) }, { 0 } }; const SEC_ASN1Template CRMFCertRequestTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFCertRequest) }, - { SEC_ASN1_INTEGER, offsetof(CRMFCertRequest, certReqId)}, - { SEC_ASN1_INLINE, offsetof(CRMFCertRequest, certTemplate), - CRMFCertTemplateTemplate}, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertRequest) }, + { SEC_ASN1_INTEGER, offsetof(CRMFCertRequest, certReqId) }, + { SEC_ASN1_INLINE, offsetof(CRMFCertRequest, certTemplate), + CRMFCertTemplateTemplate }, { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF, - offsetof(CRMFCertRequest,controls), - CRMFControlTemplate}, /* SEQUENCE SIZE (1...MAX)*/ + offsetof(CRMFCertRequest, controls), + CRMFControlTemplate }, /* SEQUENCE SIZE (1...MAX)*/ { 0 } }; @@ -128,35 +128,34 @@ const SEC_ASN1Template CRMFCertReqMsgTemplate[] = { { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL, offsetof(CRMFCertReqMsg, derPOP) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF, - offsetof(CRMFCertReqMsg, regInfo), - CRMFAttributeTemplate}, /* SEQUENCE SIZE (1...MAX)*/ + offsetof(CRMFCertReqMsg, regInfo), + CRMFAttributeTemplate }, /* SEQUENCE SIZE (1...MAX)*/ { 0 } }; const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, offsetof(CRMFCertReqMessages, messages), - CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)} + { SEC_ASN1_SEQUENCE_OF, offsetof(CRMFCertReqMessages, messages), + CRMFCertReqMsgTemplate, sizeof(CRMFCertReqMessages) } }; const SEC_ASN1Template CRMFRAVerifiedTemplate[] = { - { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN, + { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(SEC_NullTemplate) }, { 0 } }; - /* This template will need to add POPOSigningKeyInput eventually, maybe*/ static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPOPOSigningKey) }, - { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | - SEC_ASN1_XTRN | 0, - offsetof(CRMFPOPOSigningKey, derInput), + { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 0, + offsetof(CRMFPOPOSigningKey, derInput), SEC_ASN1_SUB(SEC_AnyTemplate) }, - { SEC_ASN1_POINTER | SEC_ASN1_XTRN, + { SEC_ASN1_POINTER | SEC_ASN1_XTRN, offsetof(CRMFPOPOSigningKey, algorithmIdentifier), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { SEC_ASN1_BIT_STRING | SEC_ASN1_XTRN, + { SEC_ASN1_BIT_STRING | SEC_ASN1_XTRN, offsetof(CRMFPOPOSigningKey, signature), SEC_ASN1_SUB(SEC_BitStringTemplate) }, { 0 } @@ -165,7 +164,7 @@ static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = { const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | 1, 0, - crmfPOPOSigningKeyTemplate}, + crmfPOPOSigningKeyTemplate }, { 0 } }; @@ -178,7 +177,7 @@ const SEC_ASN1Template CRMFThisMessageTemplate[] = { const SEC_ASN1Template CRMFSubsequentMessageTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, - 0, + 0, SEC_ASN1_SUB(SEC_IntegerTemplate) }, { 0 } }; @@ -191,51 +190,51 @@ const SEC_ASN1Template CRMFDHMACTemplate[] = { }; const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[] = { - { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, + { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, 0, SEC_ASN1_SUB(SEC_AnyTemplate) }, { 0 } }; const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[] = { - { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 3, + { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 3, 0, - SEC_ASN1_SUB(SEC_AnyTemplate)}, + SEC_ASN1_SUB(SEC_AnyTemplate) }, { 0 } }; const SEC_ASN1Template CRMFEncryptedValueTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFEncryptedValue)}, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | - SEC_ASN1_XTRN | 0, - offsetof(CRMFEncryptedValue, intendedAlg), + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFEncryptedValue) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 0, + offsetof(CRMFEncryptedValue, intendedAlg), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | - SEC_ASN1_XTRN | 1, - offsetof (CRMFEncryptedValue, symmAlg), + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 1, + offsetof(CRMFEncryptedValue, symmAlg), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | - SEC_ASN1_XTRN | 2, - offsetof(CRMFEncryptedValue, encSymmKey), + { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | + SEC_ASN1_XTRN | 2, + offsetof(CRMFEncryptedValue, encSymmKey), SEC_ASN1_SUB(SEC_BitStringTemplate) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | - SEC_ASN1_XTRN | 3, - offsetof(CRMFEncryptedValue, keyAlg), + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 3, + offsetof(CRMFEncryptedValue, keyAlg), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | - SEC_ASN1_XTRN | 4, + { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 4, offsetof(CRMFEncryptedValue, valueHint), SEC_ASN1_SUB(SEC_OctetStringTemplate) }, { SEC_ASN1_BIT_STRING, offsetof(CRMFEncryptedValue, encValue) }, { 0 } }; -const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = { - { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 0, +const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[] = { + { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | + SEC_ASN1_CONTEXT_SPECIFIC | 0, 0, - CRMFEncryptedValueTemplate}, + CRMFEncryptedValueTemplate }, { 0 } }; diff --git a/nss/lib/crmf/encutil.c b/nss/lib/crmf/encutil.c index ffa99ed..8ca7007 100644 --- a/nss/lib/crmf/encutil.c +++ b/nss/lib/crmf/encutil.c @@ -9,17 +9,17 @@ void crmf_encoder_out(void *arg, const char *buf, unsigned long len, - int depth, SEC_ASN1EncodingPart data_kind) + int depth, SEC_ASN1EncodingPart data_kind) { struct crmfEncoderOutput *output; - output = (struct crmfEncoderOutput*) arg; - output->fn (output->outputArg, buf, len); + output = (struct crmfEncoderOutput *)arg; + output->fn(output->outputArg, buf, len); } SECStatus cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg, - const SEC_ASN1Template *inTemplate) + const SEC_ASN1Template *inTemplate) { struct crmfEncoderOutput output; @@ -27,8 +27,7 @@ cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg, if (src == NULL) { return SECFailure; } - output.fn = inCallback; + output.fn = inCallback; output.outputArg = inArg; - return SEC_ASN1Encode(src, inTemplate, crmf_encoder_out, &output); + return SEC_ASN1Encode(src, inTemplate, crmf_encoder_out, &output); } - diff --git a/nss/lib/crmf/exports.gyp b/nss/lib/crmf/exports.gyp new file mode 100644 index 0000000..fca0097 --- /dev/null +++ b/nss/lib/crmf/exports.gyp @@ -0,0 +1,37 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'lib_crmf_exports', + 'type': 'none', + 'copies': [ + { + 'files': [ + 'cmmf.h', + 'cmmft.h', + 'crmf.h', + 'crmft.h' + ], + 'destination': '<(nss_public_dist_dir)/<(module)' + }, + { + 'files': [ + 'cmmfi.h', + 'cmmfit.h', + 'crmfi.h', + 'crmfit.h' + ], + 'destination': '<(nss_private_dist_dir)/<(module)' + } + ] + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/nss/lib/crmf/respcli.c b/nss/lib/crmf/respcli.c index 5525aaf..aaec013 100644 --- a/nss/lib/crmf/respcli.c +++ b/nss/lib/crmf/respcli.c @@ -3,9 +3,8 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - /* - * This file will contain all routines needed by a client that has + * This file will contain all routines needed by a client that has * to parse a CMMFCertRepContent structure and retirieve the appropriate * data. */ @@ -18,14 +17,14 @@ #include "secder.h" #include "secasn1.h" -CMMFCertRepContent* -CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf, - long len) +CMMFCertRepContent * +CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf, + long len) { - PLArenaPool *poolp; + PLArenaPool *poolp; CMMFCertRepContent *certRepContent; - SECStatus rv; - int i; + SECStatus rv; + int i; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { @@ -37,22 +36,22 @@ CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf, } certRepContent->poolp = poolp; rv = SEC_ASN1Decode(poolp, certRepContent, CMMFCertRepContentTemplate, - buf, len); + buf, len); if (rv != SECSuccess) { goto loser; } if (certRepContent->response != NULL) { - for (i=0; certRepContent->response[i] != NULL; i++) { - rv = cmmf_decode_process_cert_response(poolp, db, - certRepContent->response[i]); - if (rv != SECSuccess) { - goto loser; - } - } + for (i = 0; certRepContent->response[i] != NULL; i++) { + rv = cmmf_decode_process_cert_response(poolp, db, + certRepContent->response[i]); + if (rv != SECSuccess) { + goto loser; + } + } } certRepContent->isDecoded = PR_TRUE; return certRepContent; - loser: +loser: PORT_FreeArena(poolp, PR_FALSE); return NULL; } @@ -69,7 +68,7 @@ CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp) PRBool cmmf_CertRepContentIsIndexValid(CMMFCertRepContent *inCertRepContent, - int inIndex) + int inIndex) { int numResponses; @@ -78,27 +77,27 @@ cmmf_CertRepContentIsIndexValid(CMMFCertRepContent *inCertRepContent, return (PRBool)(inIndex >= 0 && inIndex < numResponses); } -CMMFCertResponse* +CMMFCertResponse * CMMF_CertRepContentGetResponseAtIndex(CMMFCertRepContent *inCertRepContent, - int inIndex) + int inIndex) { CMMFCertResponse *certResponse; - SECStatus rv; + SECStatus rv; PORT_Assert(inCertRepContent != NULL && - cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex)); + cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex)); if (inCertRepContent == NULL || - !cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex)) { + !cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex)) { return NULL; } certResponse = PORT_ZNew(CMMFCertResponse); - if (certResponse){ - rv = cmmf_CopyCertResponse(NULL, certResponse, - inCertRepContent->response[inIndex]); - if (rv != SECSuccess) { - CMMF_DestroyCertResponse(certResponse); - certResponse = NULL; - } + if (certResponse) { + rv = cmmf_CopyCertResponse(NULL, certResponse, + inCertRepContent->response[inIndex]); + if (rv != SECSuccess) { + CMMF_DestroyCertResponse(certResponse); + certResponse = NULL; + } } return certResponse; } @@ -113,27 +112,25 @@ CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp) return cmmf_PKIStatusInfoGetStatus(&inCertResp->status); } -CERTCertificate* +CERTCertificate * CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp, - CERTCertDBHandle *inCertdb) + CERTCertDBHandle *inCertdb) { PORT_Assert(inCertResp != NULL); if (inCertResp == NULL || inCertResp->certifiedKeyPair == NULL) { return NULL; } - + return cmmf_CertOrEncCertGetCertificate( - &inCertResp->certifiedKeyPair->certOrEncCert, inCertdb); - + &inCertResp->certifiedKeyPair->certOrEncCert, inCertdb); } -CERTCertList* -CMMF_CertRepContentGetCAPubs (CMMFCertRepContent *inCertRepContent) +CERTCertList * +CMMF_CertRepContentGetCAPubs(CMMFCertRepContent *inCertRepContent) { - PORT_Assert (inCertRepContent != NULL); + PORT_Assert(inCertRepContent != NULL); if (inCertRepContent == NULL || inCertRepContent->caPubs == NULL) { return NULL; } return cmmf_MakeCertList(inCertRepContent->caPubs); } - diff --git a/nss/lib/crmf/respcmn.c b/nss/lib/crmf/respcmn.c index 1353d36..f9e4155 100644 --- a/nss/lib/crmf/respcmn.c +++ b/nss/lib/crmf/respcmn.c @@ -8,8 +8,8 @@ #include "secitem.h" #include "secder.h" -SECStatus -cmmf_DestroyPKIStatusInfo (CMMFPKIStatusInfo *info, PRBool freeit) +SECStatus +cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info, PRBool freeit) { if (info->status.data != NULL) { PORT_Free(info->status.data); @@ -35,13 +35,13 @@ CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp) PORT_Assert(inCertResp != NULL); if (inCertResp != NULL) { if (inCertResp->certReqId.data != NULL) { - PORT_Free(inCertResp->certReqId.data); - } - cmmf_DestroyPKIStatusInfo(&inCertResp->status, PR_FALSE); - if (inCertResp->certifiedKeyPair != NULL) { - CMMF_DestroyCertifiedKeyPair(inCertResp->certifiedKeyPair); - } - PORT_Free(inCertResp); + PORT_Free(inCertResp->certReqId.data); + } + cmmf_DestroyPKIStatusInfo(&inCertResp->status, PR_FALSE); + if (inCertResp->certifiedKeyPair != NULL) { + CMMF_DestroyCertifiedKeyPair(inCertResp->certifiedKeyPair); + } + PORT_Free(inCertResp); } return SECSuccess; } @@ -51,32 +51,31 @@ CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent) { PORT_Assert(inCertRepContent != NULL); if (inCertRepContent != NULL) { - CMMFCertResponse **pResponse = inCertRepContent->response; + CMMFCertResponse **pResponse = inCertRepContent->response; if (pResponse != NULL) { for (; *pResponse != NULL; pResponse++) { - CMMFCertifiedKeyPair *certKeyPair = (*pResponse)->certifiedKeyPair; - /* XXX Why not call CMMF_DestroyCertifiedKeyPair or - ** XXX cmmf_DestroyCertOrEncCert ? - */ - if (certKeyPair != NULL && + CMMFCertifiedKeyPair *certKeyPair = (*pResponse)->certifiedKeyPair; + /* XXX Why not call CMMF_DestroyCertifiedKeyPair or + ** XXX cmmf_DestroyCertOrEncCert ? + */ + if (certKeyPair != NULL && certKeyPair->certOrEncCert.choice == cmmfCertificate && certKeyPair->certOrEncCert.cert.certificate != NULL) { - CERT_DestroyCertificate - (certKeyPair->certOrEncCert.cert.certificate); - certKeyPair->certOrEncCert.cert.certificate = NULL; + CERT_DestroyCertificate(certKeyPair->certOrEncCert.cert.certificate); + certKeyPair->certOrEncCert.cert.certificate = NULL; } } } - if (inCertRepContent->caPubs) { - CERTCertificate **caPubs = inCertRepContent->caPubs; - for (; *caPubs; ++caPubs) { - CERT_DestroyCertificate(*caPubs); - *caPubs = NULL; - } - } - if (inCertRepContent->poolp != NULL) { - PORT_FreeArena(inCertRepContent->poolp, PR_TRUE); - } + if (inCertRepContent->caPubs) { + CERTCertificate **caPubs = inCertRepContent->caPubs; + for (; *caPubs; ++caPubs) { + CERT_DestroyCertificate(*caPubs); + *caPubs = NULL; + } + } + if (inCertRepContent->poolp != NULL) { + PORT_FreeArena(inCertRepContent->poolp, PR_TRUE); + } } return SECSuccess; } @@ -94,73 +93,73 @@ CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont) SECStatus crmf_create_prtime(SECItem *src, PRTime **dest) { - *dest = PORT_ZNew(PRTime); + *dest = PORT_ZNew(PRTime); return DER_DecodeTimeChoice(*dest, src); } -CRMFCertExtension* +CRMFCertExtension * crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension) { - PRBool isCritical; - SECOidTag id; - SECItem *data; + PRBool isCritical; + SECOidTag id; + SECItem *data; CRMFCertExtension *newExt; PORT_Assert(inExtension != NULL); if (inExtension == NULL) { return NULL; } - id = CRMF_CertExtensionGetOidTag(inExtension); + id = CRMF_CertExtensionGetOidTag(inExtension); isCritical = CRMF_CertExtensionGetIsCritical(inExtension); - data = CRMF_CertExtensionGetValue(inExtension); - newExt = crmf_create_cert_extension(poolp, id, - isCritical, - data); + data = CRMF_CertExtensionGetValue(inExtension); + newExt = crmf_create_cert_extension(poolp, id, + isCritical, + data); SECITEM_FreeItem(data, PR_TRUE); - return newExt; + return newExt; } -static SECItem* +static SECItem * cmmf_encode_certificate(CERTCertificate *inCert) { - return SEC_ASN1EncodeItem(NULL, NULL, inCert, - SEC_ASN1_GET(SEC_SignedCertificateTemplate)); + return SEC_ASN1EncodeItem(NULL, NULL, inCert, + SEC_ASN1_GET(SEC_SignedCertificateTemplate)); } -CERTCertList* +CERTCertList * cmmf_MakeCertList(CERTCertificate **inCerts) { - CERTCertList *certList; + CERTCertList *certList; CERTCertificate *currCert; - SECItem *derCert, *freeCert = NULL; - SECStatus rv; - int i; + SECItem *derCert, *freeCert = NULL; + SECStatus rv; + int i; certList = CERT_NewCertList(); if (certList == NULL) { return NULL; } - for (i=0; inCerts[i] != NULL; i++) { + for (i = 0; inCerts[i] != NULL; i++) { derCert = &inCerts[i]->derCert; - if (derCert->data == NULL) { - derCert = freeCert = cmmf_encode_certificate(inCerts[i]); - } - currCert=CERT_NewTempCertificate(CERT_GetDefaultCertDB(), - derCert, NULL, PR_FALSE, PR_TRUE); - if (freeCert != NULL) { - SECITEM_FreeItem(freeCert, PR_TRUE); - freeCert = NULL; - } - if (currCert == NULL) { - goto loser; - } - rv = CERT_AddCertToListTail(certList, currCert); - if (rv != SECSuccess) { - goto loser; - } + if (derCert->data == NULL) { + derCert = freeCert = cmmf_encode_certificate(inCerts[i]); + } + currCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), + derCert, NULL, PR_FALSE, PR_TRUE); + if (freeCert != NULL) { + SECITEM_FreeItem(freeCert, PR_TRUE); + freeCert = NULL; + } + if (currCert == NULL) { + goto loser; + } + rv = CERT_AddCertToListTail(certList, currCert); + if (rv != SECSuccess) { + goto loser; + } } return certList; - loser: +loser: CERT_DestroyCertList(certList); return NULL; } @@ -181,31 +180,30 @@ int CMMF_CertRepContentGetNumResponses(CMMFCertRepContent *inCertRepContent) { int numResponses = 0; - PORT_Assert (inCertRepContent != NULL); + PORT_Assert(inCertRepContent != NULL); if (inCertRepContent != NULL && inCertRepContent->response != NULL) { while (inCertRepContent->response[numResponses] != NULL) { - numResponses++; - } + numResponses++; + } } return numResponses; } - SECStatus cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, PRBool freeit) { switch (certOrEncCert->choice) { - case cmmfCertificate: - CERT_DestroyCertificate(certOrEncCert->cert.certificate); - certOrEncCert->cert.certificate = NULL; - break; - case cmmfEncryptedCert: - crmf_destroy_encrypted_value(certOrEncCert->cert.encryptedCert, - PR_TRUE); - certOrEncCert->cert.encryptedCert = NULL; - break; - default: - break; + case cmmfCertificate: + CERT_DestroyCertificate(certOrEncCert->cert.certificate); + certOrEncCert->cert.certificate = NULL; + break; + case cmmfEncryptedCert: + crmf_destroy_encrypted_value(certOrEncCert->cert.encryptedCert, + PR_TRUE); + certOrEncCert->cert.encryptedCert = NULL; + break; + default: + break; } if (freeit) { PORT_Free(certOrEncCert); @@ -214,7 +212,7 @@ cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, PRBool freeit) } SECStatus -cmmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src) +cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src) { SECStatus rv; @@ -222,8 +220,8 @@ cmmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src) rv = SECITEM_CopyItem(poolp, dest, src); } else { dest->data = NULL; - dest->len = 0; - rv = SECSuccess; + dest->len = 0; + rv = SECSuccess; } return rv; } @@ -246,161 +244,156 @@ CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair) } SECStatus -cmmf_CopyCertResponse(PLArenaPool *poolp, - CMMFCertResponse *dest, - CMMFCertResponse *src) +cmmf_CopyCertResponse(PLArenaPool *poolp, + CMMFCertResponse *dest, + CMMFCertResponse *src) { SECStatus rv; if (src->certReqId.data != NULL) { rv = SECITEM_CopyItem(poolp, &dest->certReqId, &src->certReqId); - if (rv != SECSuccess) { - return rv; - } + if (rv != SECSuccess) { + return rv; + } } rv = cmmf_CopyPKIStatusInfo(poolp, &dest->status, &src->status); if (rv != SECSuccess) { return rv; } if (src->certifiedKeyPair != NULL) { - CMMFCertifiedKeyPair *destKeyPair; - - destKeyPair = (poolp == NULL) ? PORT_ZNew(CMMFCertifiedKeyPair) : - PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair); - if (!destKeyPair) { - return SECFailure; - } - rv = cmmf_CopyCertifiedKeyPair(poolp, destKeyPair, - src->certifiedKeyPair); - if (rv != SECSuccess) { - if (!poolp) { - CMMF_DestroyCertifiedKeyPair(destKeyPair); - } - return rv; - } - dest->certifiedKeyPair = destKeyPair; + CMMFCertifiedKeyPair *destKeyPair; + + destKeyPair = (poolp == NULL) ? PORT_ZNew(CMMFCertifiedKeyPair) : PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair); + if (!destKeyPair) { + return SECFailure; + } + rv = cmmf_CopyCertifiedKeyPair(poolp, destKeyPair, + src->certifiedKeyPair); + if (rv != SECSuccess) { + if (!poolp) { + CMMF_DestroyCertifiedKeyPair(destKeyPair); + } + return rv; + } + dest->certifiedKeyPair = destKeyPair; } return SECSuccess; } static SECStatus cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest, - CMMFCertOrEncCert *src) + CMMFCertOrEncCert *src) { - SECStatus rv = SECSuccess; + SECStatus rv = SECSuccess; CRMFEncryptedValue *encVal; dest->choice = src->choice; rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue); switch (src->choice) { - case cmmfCertificate: - dest->cert.certificate = CERT_DupCertificate(src->cert.certificate); - break; - case cmmfEncryptedCert: - encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : - PORT_ArenaZNew(poolp, CRMFEncryptedValue); - if (encVal == NULL) { - return SECFailure; - } - rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal); - if (rv != SECSuccess) { - if (!poolp) { - crmf_destroy_encrypted_value(encVal, PR_TRUE); - } - return rv; - } - dest->cert.encryptedCert = encVal; - break; - default: - rv = SECFailure; + case cmmfCertificate: + dest->cert.certificate = CERT_DupCertificate(src->cert.certificate); + break; + case cmmfEncryptedCert: + encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue); + if (encVal == NULL) { + return SECFailure; + } + rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal); + if (rv != SECSuccess) { + if (!poolp) { + crmf_destroy_encrypted_value(encVal, PR_TRUE); + } + return rv; + } + dest->cert.encryptedCert = encVal; + break; + default: + rv = SECFailure; } return rv; } SECStatus cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest, - CMMFCertifiedKeyPair *src) + CMMFCertifiedKeyPair *src) { SECStatus rv; - rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert, - &src->certOrEncCert); + rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert, + &src->certOrEncCert); if (rv != SECSuccess) { return rv; } if (src->privateKey != NULL) { - CRMFEncryptedValue *encVal; - - encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : - PORT_ArenaZNew(poolp, CRMFEncryptedValue); - if (encVal == NULL) { - return SECFailure; - } - rv = crmf_copy_encryptedvalue(poolp, src->privateKey, - encVal); - if (rv != SECSuccess) { - if (!poolp) { - crmf_destroy_encrypted_value(encVal, PR_TRUE); - } - return rv; - } - dest->privateKey = encVal; + CRMFEncryptedValue *encVal; + + encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue); + if (encVal == NULL) { + return SECFailure; + } + rv = crmf_copy_encryptedvalue(poolp, src->privateKey, + encVal); + if (rv != SECSuccess) { + if (!poolp) { + crmf_destroy_encrypted_value(encVal, PR_TRUE); + } + return rv; + } + dest->privateKey = encVal; } - rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo, - &src->derPublicationInfo); + rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo, + &src->derPublicationInfo); return rv; } SECStatus cmmf_CopyPKIStatusInfo(PLArenaPool *poolp, CMMFPKIStatusInfo *dest, - CMMFPKIStatusInfo *src) + CMMFPKIStatusInfo *src) { SECStatus rv; - rv = cmmf_copy_secitem (poolp, &dest->status, &src->status); + rv = cmmf_copy_secitem(poolp, &dest->status, &src->status); if (rv != SECSuccess) { return rv; } - rv = cmmf_copy_secitem (poolp, &dest->statusString, &src->statusString); + rv = cmmf_copy_secitem(poolp, &dest->statusString, &src->statusString); if (rv != SECSuccess) { return rv; } - rv = cmmf_copy_secitem (poolp, &dest->failInfo, &src->failInfo); + rv = cmmf_copy_secitem(poolp, &dest->failInfo, &src->failInfo); return rv; } -CERTCertificate* +CERTCertificate * cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert, - CERTCertDBHandle *certdb) + CERTCertDBHandle *certdb) { - if (certOrEncCert->choice != cmmfCertificate || - certOrEncCert->cert.certificate == NULL) { + if (certOrEncCert->choice != cmmfCertificate || + certOrEncCert->cert.certificate == NULL) { return NULL; } return CERT_NewTempCertificate(certdb, - &certOrEncCert->cert.certificate->derCert, - NULL, PR_FALSE, PR_TRUE); + &certOrEncCert->cert.certificate->derCert, + NULL, PR_FALSE, PR_TRUE); } -SECStatus -cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo, - PLArenaPool *poolp, - CMMFPKIStatus inStatus) +SECStatus +cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo, + PLArenaPool *poolp, + CMMFPKIStatus inStatus) { SECItem *dummy; - - if (inStatus <cmmfGranted || inStatus >= cmmfNumPKIStatus) { + + if (inStatus < cmmfGranted || inStatus >= cmmfNumPKIStatus) { return SECFailure; } - dummy = SEC_ASN1EncodeInteger(poolp, &statusInfo->status, inStatus); + dummy = SEC_ASN1EncodeInteger(poolp, &statusInfo->status, inStatus); PORT_Assert(dummy == &statusInfo->status); if (dummy != &statusInfo->status) { SECITEM_FreeItem(dummy, PR_TRUE); - return SECFailure; + return SECFailure; } return SECSuccess; } - - diff --git a/nss/lib/crmf/servget.c b/nss/lib/crmf/servget.c index d19c829..6d576f8 100644 --- a/nss/lib/crmf/servget.c +++ b/nss/lib/crmf/servget.c @@ -3,7 +3,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - #include "cmmf.h" #include "cmmfi.h" #include "secitem.h" @@ -20,15 +19,15 @@ CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey) return inEncrKey->encKeyChoice; } -CRMFEncryptedValue* +CRMFEncryptedValue * CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey) { CRMFEncryptedValue *newEncrValue = NULL; - SECStatus rv; + SECStatus rv; PORT_Assert(inEncrKey != NULL); if (inEncrKey == NULL || - CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) { + CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) { goto loser; } newEncrValue = PORT_ZNew(CRMFEncryptedValue); @@ -36,24 +35,24 @@ CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey) goto loser; } rv = crmf_copy_encryptedvalue(NULL, &inEncrKey->value.encryptedValue, - newEncrValue); + newEncrValue); if (rv != SECSuccess) { goto loser; } return newEncrValue; - loser: +loser: if (newEncrValue != NULL) { CRMF_DestroyEncryptedValue(newEncrValue); } return NULL; } -static SECItem* +static SECItem * crmf_get_encvalue_bitstring(SECItem *srcItem) { - SECItem *newItem = NULL; + SECItem *newItem = NULL; SECStatus rv; - + if (srcItem->data == NULL) { return NULL; } @@ -66,14 +65,14 @@ crmf_get_encvalue_bitstring(SECItem *srcItem) goto loser; } return newItem; - loser: +loser: if (newItem != NULL) { SECITEM_FreeItem(newItem, PR_TRUE); } return NULL; } -SECItem* +SECItem * CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue) { if (inEncValue == NULL) { @@ -82,7 +81,7 @@ CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue) return crmf_get_encvalue_bitstring(&inEncValue->encSymmKey); } -SECItem* +SECItem * CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue) { if (inEncrValue == NULL || inEncrValue->encValue.data == NULL) { @@ -91,12 +90,12 @@ CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue) return crmf_get_encvalue_bitstring(&inEncrValue->encValue); } -static SECAlgorithmID* +static SECAlgorithmID * crmf_get_encvalue_algid(SECAlgorithmID *srcAlg) { - SECStatus rv; + SECStatus rv; SECAlgorithmID *newAlgID; - + if (srcAlg == NULL) { return NULL; } @@ -107,7 +106,7 @@ crmf_get_encvalue_algid(SECAlgorithmID *srcAlg) return newAlgID; } -SECAlgorithmID* +SECAlgorithmID * CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue) { if (inEncValue == NULL) { @@ -116,7 +115,7 @@ CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue) return crmf_get_encvalue_algid(inEncValue->intendedAlg); } -SECAlgorithmID* +SECAlgorithmID * CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue) { if (inEncValue == NULL) { @@ -125,7 +124,7 @@ CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue) return crmf_get_encvalue_algid(inEncValue->keyAlg); } -SECAlgorithmID* +SECAlgorithmID * CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue) { if (inEncValue == NULL) { @@ -134,7 +133,7 @@ CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue) return crmf_get_encvalue_algid(inEncValue->symmAlg); } -SECItem* +SECItem * CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue) { if (inEncValue == NULL || inEncValue->valueHint.data == NULL) { @@ -144,28 +143,28 @@ CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue) } SECStatus -CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt, - PRBool *destVal) +CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt, + PRBool *destVal) { if (inOpt == NULL || destVal == NULL || - CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey){ + CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey) { return SECFailure; } - *destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse) - ? PR_FALSE: - PR_TRUE; + *destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse) + ? PR_FALSE + : PR_TRUE; return SECSuccess; } - -CRMFEncryptedKey* + +CRMFEncryptedKey * CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts) { CRMFEncryptedKey *newEncrKey = NULL; - SECStatus rv; + SECStatus rv; PORT_Assert(inOpts != NULL); if (inOpts == NULL || - CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey){ + CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey) { return NULL; } newEncrKey = PORT_ZNew(CRMFEncryptedKey); @@ -173,24 +172,24 @@ CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts) goto loser; } rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey, - newEncrKey); + newEncrKey); if (rv != SECSuccess) { goto loser; } return newEncrKey; - loser: +loser: if (newEncrKey != NULL) { CRMF_DestroyEncryptedKey(newEncrKey); } return NULL; } -SECItem* +SECItem * CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions) { if (inOptions == NULL || - CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters || - inOptions->option.keyGenParameters.data == NULL) { + CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters || + inOptions->option.keyGenParameters.data == NULL) { return NULL; } return SECITEM_DupItem(&inOptions->option.keyGenParameters); @@ -199,7 +198,7 @@ CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions) CRMFPKIArchiveOptionsType CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions) { - PORT_Assert (inOptions != NULL); + PORT_Assert(inOptions != NULL); if (inOptions == NULL) { return crmfNoArchiveOptions; } @@ -214,30 +213,30 @@ crmf_extract_long_from_item(SECItem *intItem, long *destLong) } SECStatus -CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey, - CRMFSubseqMessOptions *destOpt) +CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey, + CRMFSubseqMessOptions *destOpt) { - long value; + long value; SECStatus rv; PORT_Assert(inKey != NULL); if (inKey == NULL || - inKey->messageChoice != crmfSubsequentMessage) { + inKey->messageChoice != crmfSubsequentMessage) { return SECFailure; } - rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage,&value); + rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage, &value); if (rv != SECSuccess) { return SECFailure; } switch (value) { - case 0: - *destOpt = crmfEncrCert; - break; - case 1: - *destOpt = crmfChallengeResp; - break; - default: - rv = SECFailure; + case 0: + *destOpt = crmfEncrCert; + break; + case 1: + *destOpt = crmfChallengeResp; + break; + default: + rv = SECFailure; } if (rv != SECSuccess) { return rv; @@ -266,24 +265,24 @@ CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, SECItem *destMAC) } SECStatus -CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey, - SECItem *destString) +CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey, + SECItem *destString) { PORT_Assert(inKey != NULL); - if (inKey == NULL || - inKey->messageChoice != crmfThisMessage) { + if (inKey == NULL || + inKey->messageChoice != crmfThisMessage) { return SECFailure; } - return crmf_make_bitstring_copy(NULL, destString, - &inKey->message.thisMessage); + return crmf_make_bitstring_copy(NULL, destString, + &inKey->message.thisMessage); } -SECAlgorithmID* +SECAlgorithmID * CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey) { SECAlgorithmID *newAlgId = NULL; - SECStatus rv; + SECStatus rv; PORT_Assert(inSignKey != NULL); if (inSignKey == NULL) { @@ -293,21 +292,21 @@ CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey) if (newAlgId == NULL) { goto loser; } - rv = SECOID_CopyAlgorithmID(NULL, newAlgId, - inSignKey->algorithmIdentifier); + rv = SECOID_CopyAlgorithmID(NULL, newAlgId, + inSignKey->algorithmIdentifier); if (rv != SECSuccess) { goto loser; } return newAlgId; - loser: +loser: if (newAlgId != NULL) { SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE); } return NULL; } -SECItem* +SECItem * CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey) { PORT_Assert(inSignKey != NULL); @@ -317,11 +316,11 @@ CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey) return SECITEM_DupItem(&inSignKey->derInput); } -SECItem* +SECItem * CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey) { - SECItem *newSig = NULL; - SECStatus rv; + SECItem *newSig = NULL; + SECStatus rv; PORT_Assert(inSignKey != NULL); if (inSignKey == NULL) { @@ -336,47 +335,49 @@ CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey) goto loser; } return newSig; - loser: +loser: if (newSig != NULL) { SECITEM_FreeItem(newSig, PR_TRUE); } return NULL; } -static SECStatus -crmf_copy_poposigningkey(PLArenaPool *poolp, - CRMFPOPOSigningKey *inPopoSignKey, - CRMFPOPOSigningKey *destPopoSignKey) +static SECStatus +crmf_copy_poposigningkey(PLArenaPool *poolp, + CRMFPOPOSigningKey *inPopoSignKey, + CRMFPOPOSigningKey *destPopoSignKey) { SECStatus rv; - /* We don't support use of the POPOSigningKeyInput, so we'll only + /* We don't support use of the POPOSigningKeyInput, so we'll only * store away the DER encoding. */ if (inPopoSignKey->derInput.data != NULL) { - rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput, - &inPopoSignKey->derInput); + rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput, + &inPopoSignKey->derInput); + if (rv != SECSuccess) { + goto loser; + } } - destPopoSignKey->algorithmIdentifier = (poolp == NULL) ? - PORT_ZNew(SECAlgorithmID) : - PORT_ArenaZNew(poolp, SECAlgorithmID); + destPopoSignKey->algorithmIdentifier = (poolp == NULL) ? PORT_ZNew(SECAlgorithmID) + : PORT_ArenaZNew(poolp, SECAlgorithmID); if (destPopoSignKey->algorithmIdentifier == NULL) { goto loser; } rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier, - inPopoSignKey->algorithmIdentifier); + inPopoSignKey->algorithmIdentifier); if (rv != SECSuccess) { goto loser; } - - rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature, - &inPopoSignKey->signature); + + rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature, + &inPopoSignKey->signature); if (rv != SECSuccess) { goto loser; } return SECSuccess; - loser: +loser: if (poolp == NULL) { CRMF_DestroyPOPOSigningKey(destPopoSignKey); } @@ -384,28 +385,28 @@ crmf_copy_poposigningkey(PLArenaPool *poolp, } static SECStatus -crmf_copy_popoprivkey(PLArenaPool *poolp, - CRMFPOPOPrivKey *srcPrivKey, - CRMFPOPOPrivKey *destPrivKey) +crmf_copy_popoprivkey(PLArenaPool *poolp, + CRMFPOPOPrivKey *srcPrivKey, + CRMFPOPOPrivKey *destPrivKey) { - SECStatus rv; + SECStatus rv; destPrivKey->messageChoice = srcPrivKey->messageChoice; switch (destPrivKey->messageChoice) { - case crmfThisMessage: - case crmfDHMAC: - /* I've got a union, so taking the address of one, will also give - * me a pointer to the other (eg, message.dhMAC) - */ - rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage, - &srcPrivKey->message.thisMessage); - break; - case crmfSubsequentMessage: - rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage, - &srcPrivKey->message.subsequentMessage); - break; - default: - rv = SECFailure; + case crmfThisMessage: + case crmfDHMAC: + /* I've got a union, so taking the address of one, will also give + * me a pointer to the other (eg, message.dhMAC) + */ + rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage, + &srcPrivKey->message.thisMessage); + break; + case crmfSubsequentMessage: + rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage, + &srcPrivKey->message.subsequentMessage); + break; + default: + rv = SECFailure; } if (rv != SECSuccess && poolp == NULL) { @@ -414,13 +415,13 @@ crmf_copy_popoprivkey(PLArenaPool *poolp, return rv; } -static CRMFProofOfPossession* +static CRMFProofOfPossession * crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP) { CRMFProofOfPossession *newPOP; - SECStatus rv; + SECStatus rv; - /* + /* * Proof Of Possession structures are always part of the Request * message, so there will always be an arena for allocating memory. */ @@ -432,43 +433,43 @@ crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP) return NULL; } switch (srcPOP->popUsed) { - case crmfRAVerified: - newPOP->popChoice.raVerified.data = NULL; - newPOP->popChoice.raVerified.len = 0; - break; - case crmfSignature: - rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature, - &newPOP->popChoice.signature); - if (rv != SECSuccess) { - goto loser; - } - break; - case crmfKeyEncipherment: - case crmfKeyAgreement: - /* We've got a union, so a pointer to one, is a pointer to the - * other one. - */ - rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment, - &newPOP->popChoice.keyEncipherment); - if (rv != SECSuccess) { - goto loser; - } - break; - default: - goto loser; + case crmfRAVerified: + newPOP->popChoice.raVerified.data = NULL; + newPOP->popChoice.raVerified.len = 0; + break; + case crmfSignature: + rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature, + &newPOP->popChoice.signature); + if (rv != SECSuccess) { + goto loser; + } + break; + case crmfKeyEncipherment: + case crmfKeyAgreement: + /* We've got a union, so a pointer to one, is a pointer to the + * other one. + */ + rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment, + &newPOP->popChoice.keyEncipherment); + if (rv != SECSuccess) { + goto loser; + } + break; + default: + goto loser; } newPOP->popUsed = srcPOP->popUsed; return newPOP; - loser: +loser: return NULL; } -static CRMFCertReqMsg* +static CRMFCertReqMsg * crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg) { CRMFCertReqMsg *newReqMsg; - PLArenaPool *poolp; + PLArenaPool *poolp; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { @@ -494,16 +495,14 @@ crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg) */ return newReqMsg; - loser: - if (newReqMsg != NULL) { - CRMF_DestroyCertReqMsg(newReqMsg); - } +loser: + CRMF_DestroyCertReqMsg(newReqMsg); return NULL; } -CRMFCertReqMsg* +CRMFCertReqMsg * CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs, - int index) + int index) { int numMsgs; @@ -533,10 +532,10 @@ CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs) return numMessages; } -CRMFCertRequest* +CRMFCertRequest * CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg) { - PLArenaPool *poolp = NULL; + PLArenaPool *poolp = NULL; CRMFCertRequest *newCertReq = NULL; PORT_Assert(inCertReqMsg != NULL); @@ -551,7 +550,7 @@ CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg) } newCertReq->poolp = poolp; return newCertReq; - loser: +loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } @@ -565,17 +564,17 @@ CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, long *destID) if (inCertReqMsg == NULL || inCertReqMsg->certReq == NULL) { return SECFailure; } - return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId, - destID); + return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId, + destID); } SECStatus -CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKey **destKey) +CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKey **destKey) { PORT_Assert(inCertReqMsg != NULL && destKey != NULL); if (inCertReqMsg == NULL || destKey == NULL || - CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) { + CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) { return SECFailure; } *destKey = PORT_ZNew(CRMFPOPOPrivKey); @@ -583,38 +582,39 @@ CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg, return SECFailure; } return crmf_copy_popoprivkey(NULL, - &inCertReqMsg->pop->popChoice.keyAgreement, - *destKey); + &inCertReqMsg->pop->popChoice.keyAgreement, + *destKey); } SECStatus -CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKey **destKey) +CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKey **destKey) { PORT_Assert(inCertReqMsg != NULL && destKey != NULL); if (inCertReqMsg == NULL || destKey == NULL || - CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) { + CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) { return SECFailure; } *destKey = PORT_ZNew(CRMFPOPOPrivKey); if (*destKey == NULL) { - return SECFailure; + return SECFailure; } return crmf_copy_popoprivkey(NULL, - &inCertReqMsg->pop->popChoice.keyEncipherment, - *destKey); + &inCertReqMsg->pop->popChoice.keyEncipherment, + *destKey); } SECStatus -CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOSigningKey **destKey) +CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOSigningKey **destKey) { CRMFProofOfPossession *pop; PORT_Assert(inCertReqMsg != NULL); - if (inCertReqMsg == NULL) { + if (inCertReqMsg == NULL) { return SECFailure; } - pop = inCertReqMsg->pop;; + pop = inCertReqMsg->pop; + ; if (pop->popUsed != crmfSignature) { return SECFailure; } @@ -622,50 +622,50 @@ CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg, if (*destKey == NULL) { return SECFailure; } - return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey); + return crmf_copy_poposigningkey(NULL, &pop->popChoice.signature, *destKey); } static SECStatus crmf_copy_name(CERTName *destName, CERTName *srcName) { - PLArenaPool *poolp = NULL; - SECStatus rv; + PLArenaPool *poolp = NULL; + SECStatus rv; - if (destName->arena != NULL) { - poolp = destName->arena; - } else { - poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); - } - if (poolp == NULL) { - return SECFailure; - } - /* Need to do this so that CERT_CopyName doesn't free out - * the arena from underneath us. - */ - destName->arena = NULL; - rv = CERT_CopyName(poolp, destName, srcName); - destName->arena = poolp; - return rv; + if (destName->arena != NULL) { + poolp = destName->arena; + } else { + poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); + } + if (poolp == NULL) { + return SECFailure; + } + /* Need to do this so that CERT_CopyName doesn't free out + * the arena from underneath us. + */ + destName->arena = NULL; + rv = CERT_CopyName(poolp, destName, srcName); + destName->arena = poolp; + return rv; } SECStatus CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq, - CERTName *destIssuer) + CERTName *destIssuer) { PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { return SECFailure; } if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuer)) { - return crmf_copy_name(destIssuer, - inCertReq->certTemplate.issuer); + return crmf_copy_name(destIssuer, + inCertReq->certTemplate.issuer); } return SECFailure; } -SECStatus +SECStatus CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq, - SECItem *destIssuerUID) + SECItem *destIssuerUID) { PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { @@ -673,146 +673,145 @@ CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq, } if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuerUID)) { return crmf_make_bitstring_copy(NULL, destIssuerUID, - &inCertReq->certTemplate.issuerUID); + &inCertReq->certTemplate.issuerUID); } return SECFailure; } SECStatus -CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq, - CERTSubjectPublicKeyInfo *destPublicKey) +CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq, + CERTSubjectPublicKeyInfo *destPublicKey) { - PORT_Assert (inCertReq != NULL); + PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { return SECFailure; } if (CRMF_DoesRequestHaveField(inCertReq, crmfPublicKey)) { return SECKEY_CopySubjectPublicKeyInfo(NULL, destPublicKey, - inCertReq->certTemplate.publicKey); + inCertReq->certTemplate.publicKey); } return SECFailure; } SECStatus CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq, - long *serialNumber) + long *serialNumber) { PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { return SECFailure; } if (CRMF_DoesRequestHaveField(inCertReq, crmfSerialNumber)) { - return - crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber, - serialNumber); + return crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber, + serialNumber); } return SECFailure; } SECStatus CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq, - SECAlgorithmID *destAlg) + SECAlgorithmID *destAlg) { PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { return SECFailure; } if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) { - return SECOID_CopyAlgorithmID(NULL, destAlg, - inCertReq->certTemplate.signingAlg); + return SECOID_CopyAlgorithmID(NULL, destAlg, + inCertReq->certTemplate.signingAlg); } return SECFailure; } -SECStatus +SECStatus CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq, - CERTName *destSubject) + CERTName *destSubject) { - PORT_Assert(inCertReq != NULL); - if (inCertReq == NULL) { - return SECFailure; - } - if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) { - return crmf_copy_name(destSubject, inCertReq->certTemplate.subject); - } - return SECFailure; + PORT_Assert(inCertReq != NULL); + if (inCertReq == NULL) { + return SECFailure; + } + if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) { + return crmf_copy_name(destSubject, inCertReq->certTemplate.subject); + } + return SECFailure; } SECStatus CRMF_CertRequestGetCertTemplateSubjectUID(CRMFCertRequest *inCertReq, - SECItem *destSubjectUID) + SECItem *destSubjectUID) { PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { return SECFailure; } if (CRMF_DoesRequestHaveField(inCertReq, crmfSubjectUID)) { - return crmf_make_bitstring_copy(NULL, destSubjectUID, - &inCertReq->certTemplate.subjectUID); + return crmf_make_bitstring_copy(NULL, destSubjectUID, + &inCertReq->certTemplate.subjectUID); } return SECFailure; } -SECStatus -CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq, - long *version) +SECStatus +CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq, + long *version) { - PORT_Assert (inCertReq != NULL); + PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { return SECFailure; } if (CRMF_DoesRequestHaveField(inCertReq, crmfVersion)) { return crmf_extract_long_from_item(&inCertReq->certTemplate.version, - version); - } + version); + } return SECFailure; } static SECStatus -crmf_copy_validity(CRMFGetValidity *destValidity, - CRMFOptionalValidity *src) +crmf_copy_validity(CRMFGetValidity *destValidity, + CRMFOptionalValidity *src) { SECStatus rv; - + destValidity->notBefore = destValidity->notAfter = NULL; if (src->notBefore.data != NULL) { - rv = crmf_create_prtime(&src->notBefore, - &destValidity->notBefore); - if (rv != SECSuccess) { - return rv; - } + rv = crmf_create_prtime(&src->notBefore, + &destValidity->notBefore); + if (rv != SECSuccess) { + return rv; + } } if (src->notAfter.data != NULL) { rv = crmf_create_prtime(&src->notAfter, - &destValidity->notAfter); - if (rv != SECSuccess) { - return rv; - } + &destValidity->notAfter); + if (rv != SECSuccess) { + return rv; + } } return SECSuccess; } -SECStatus +SECStatus CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq, - CRMFGetValidity *destValidity) + CRMFGetValidity *destValidity) { PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { return SECFailure; } if (CRMF_DoesRequestHaveField(inCertReq, crmfValidity)) { - return crmf_copy_validity(destValidity, - inCertReq->certTemplate.validity); + return crmf_copy_validity(destValidity, + inCertReq->certTemplate.validity); } return SECFailure; } -CRMFControl* +CRMFControl * CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index) { CRMFControl *newControl, *srcControl; - int numControls; - SECStatus rv; + int numControls; + SECStatus rv; PORT_Assert(inCertReq != NULL); if (inCertReq == NULL) { @@ -828,63 +827,61 @@ CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index) } srcControl = inCertReq->controls[index]; newControl->tag = srcControl->tag; - rv = SECITEM_CopyItem (NULL, &newControl->derTag, &srcControl->derTag); + rv = SECITEM_CopyItem(NULL, &newControl->derTag, &srcControl->derTag); if (rv != SECSuccess) { goto loser; } - rv = SECITEM_CopyItem(NULL, &newControl->derValue, - &srcControl->derValue); + rv = SECITEM_CopyItem(NULL, &newControl->derValue, + &srcControl->derValue); if (rv != SECSuccess) { goto loser; } /* Copy over the PKIArchiveOptions stuff */ switch (srcControl->tag) { - case SEC_OID_PKIX_REGCTRL_REGTOKEN: - case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR: - /* No further processing necessary for these types. */ - rv = SECSuccess; - break; - case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID: - case SEC_OID_PKIX_REGCTRL_PKIPUBINFO: - case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY: - /* These aren't supported yet, so no post-processing will - * be done at this time. But we don't want to fail in case - * we read in DER that has one of these options. - */ - rv = SECSuccess; - break; - case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: - rv = crmf_copy_pkiarchiveoptions(NULL, - &newControl->value.archiveOptions, - &srcControl->value.archiveOptions); - break; - default: - rv = SECFailure; + case SEC_OID_PKIX_REGCTRL_REGTOKEN: + case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR: + /* No further processing necessary for these types. */ + rv = SECSuccess; + break; + case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID: + case SEC_OID_PKIX_REGCTRL_PKIPUBINFO: + case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY: + /* These aren't supported yet, so no post-processing will + * be done at this time. But we don't want to fail in case + * we read in DER that has one of these options. + */ + rv = SECSuccess; + break; + case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: + rv = crmf_copy_pkiarchiveoptions(NULL, + &newControl->value.archiveOptions, + &srcControl->value.archiveOptions); + break; + default: + rv = SECFailure; } if (rv != SECSuccess) { goto loser; } return newControl; - loser: - if (newControl != NULL) { - CRMF_DestroyControl(newControl); - } +loser: + CRMF_DestroyControl(newControl); return NULL; } -static SECItem* +static SECItem * crmf_copy_control_value(CRMFControl *inControl) { return SECITEM_DupItem(&inControl->derValue); } -SECItem* +SECItem * CRMF_ControlGetAuthenticatorControlValue(CRMFControl *inControl) { - PORT_Assert (inControl!= NULL); + PORT_Assert(inControl != NULL); if (inControl == NULL || - CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) { + CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) { return NULL; } return crmf_copy_control_value(inControl); @@ -897,31 +894,31 @@ CRMF_ControlGetControlType(CRMFControl *inControl) PORT_Assert(inControl != NULL); switch (inControl->tag) { - case SEC_OID_PKIX_REGCTRL_REGTOKEN: - retType = crmfRegTokenControl; - break; - case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR: - retType = crmfAuthenticatorControl; - break; - case SEC_OID_PKIX_REGCTRL_PKIPUBINFO: - retType = crmfPKIPublicationInfoControl; - break; - case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: - retType = crmfPKIArchiveOptionsControl; - break; - case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID: - retType = crmfOldCertIDControl; - break; - case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY: - retType = crmfProtocolEncrKeyControl; - break; - default: - retType = crmfNoControl; + case SEC_OID_PKIX_REGCTRL_REGTOKEN: + retType = crmfRegTokenControl; + break; + case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR: + retType = crmfAuthenticatorControl; + break; + case SEC_OID_PKIX_REGCTRL_PKIPUBINFO: + retType = crmfPKIPublicationInfoControl; + break; + case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: + retType = crmfPKIArchiveOptionsControl; + break; + case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID: + retType = crmfOldCertIDControl; + break; + case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY: + retType = crmfProtocolEncrKeyControl; + break; + default: + retType = crmfNoControl; } return retType; } -CRMFPKIArchiveOptions* +CRMFPKIArchiveOptions * CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl) { CRMFPKIArchiveOptions *newOpt = NULL; @@ -929,40 +926,41 @@ CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl) PORT_Assert(inControl != NULL); if (inControl == NULL || - CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl){ + CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl) { goto loser; } newOpt = PORT_ZNew(CRMFPKIArchiveOptions); if (newOpt == NULL) { goto loser; } - rv = crmf_copy_pkiarchiveoptions(NULL, newOpt, - &inControl->value.archiveOptions); + rv = crmf_copy_pkiarchiveoptions(NULL, newOpt, + &inControl->value.archiveOptions); if (rv != SECSuccess) { goto loser; } - loser: +loser: if (newOpt != NULL) { CRMF_DestroyPKIArchiveOptions(newOpt); } return NULL; } -SECItem* +SECItem * CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl) { PORT_Assert(inControl != NULL); if (inControl == NULL || - CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) { + CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) { return NULL; } - return crmf_copy_control_value(inControl);; + return crmf_copy_control_value(inControl); + ; } -CRMFCertExtension* +CRMFCertExtension * CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq, - int index) + int index) { int numExtensions; @@ -971,8 +969,6 @@ CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq, if (index >= numExtensions || index < 0) { return NULL; } - return - crmf_copy_cert_extension(NULL, - inCertReq->certTemplate.extensions[index]); + return crmf_copy_cert_extension(NULL, + inCertReq->certTemplate.extensions[index]); } - |