Update NSPR to 4.12 and NSS to 3.23 on iOS
This has no effect until DEPS are updated.
Note: This removes support for compiling on Mac/Win, as they are no longer supported NSS targets by Chromium. Only the iOS buildsystem is kept.
[email protected]
BUG=600619
Review URL: https://codereview.chromium.org/1843333003 .
diff --git a/README.chromium b/README.chromium
index cf08b7f..8115aca 100644
--- a/README.chromium
+++ b/README.chromium
@@ -42,14 +42,10 @@
to use PR_GetHostByName. Removing _PR_INET6_PROBE will prevent it from
creating an IPv6 socket to probe if IPv6 is there.
DO NOT upstream this patch.
-- patches/nspr-unused-variable.patch: Remove an unused variable. See NSPR
- bug 1126408 (https://bugzilla.mozilla.org/show_bug.cgi?id=1126408).
We made the following local changes to NSS.
Files Added:
-- nss/exports_win.def: The list of exports to use when building nss as a
- dynamic library (crnss.dll).
- nss/lib/ckfw/builtins/certdata.c: a generated file. Do an upstream NSS
build and copy the generated certdata.c.
- nss/lib/freebl/nss_build_config_mac.h: a header that defines the target
@@ -67,9 +63,6 @@
(https://bugzilla.mozilla.org/show_bug.cgi?id=668397).
- patches/nss-urandom-abort.patch: call abort() if NSS cannot read from
/dev/urandom. See Chromium issue 244661 (http://crbug.com/244661).
-- patches/nss-chacha20-poly1305.patch: Support ChaCha20+Poly1305 cipher
- suites. See NSS bug 917571
- (https://bugzilla.mozilla.org/show_bug.cgi?id=917571).
- patches/nss-static.patch: to build NSS as static libraries and omit
libpkix (the new certification path validation library) and
softoken/legacydb (support for the old Berkeley DB databases). See NSS
diff --git a/nspr/lib/ds/plarena.h b/nspr/lib/ds/plarena.h
index 4daafa8..2673a2a 100644
--- a/nspr/lib/ds/plarena.h
+++ b/nspr/lib/ds/plarena.h
@@ -96,11 +96,11 @@
/* These definitions are usually provided through the
* sanitizer/asan_interface.h header installed by ASan.
- * See https://code.google.com/p/address-sanitizer/wiki/ManualPoisoning
+ * See https://github.com/google/sanitizers/wiki/AddressSanitizerManualPoisoning
*/
-void __asan_poison_memory_region(void const volatile *addr, size_t size);
-void __asan_unpoison_memory_region(void const volatile *addr, size_t size);
+PR_IMPORT(void) __asan_poison_memory_region(void const volatile *addr, size_t size);
+PR_IMPORT(void) __asan_unpoison_memory_region(void const volatile *addr, size_t size);
#define PL_MAKE_MEM_NOACCESS(addr, size) \
__asan_poison_memory_region((addr), (size))
diff --git a/nspr/pr/include/md/_linux.h b/nspr/pr/include/md/_linux.h
index d378db5..b4b298b 100644
--- a/nspr/pr/include/md/_linux.h
+++ b/nspr/pr/include/md/_linux.h
@@ -671,7 +671,7 @@
#define _MD_EARLY_INIT _MD_EarlyInit
#define _MD_FINAL_INIT _PR_UnixInit
-#define HAVE_CLOCK_MONOTONIC
+#define _PR_HAVE_CLOCK_MONOTONIC
/*
* We wrapped the select() call. _MD_SELECT refers to the built-in,
diff --git a/nspr/pr/include/md/_unixos.h b/nspr/pr/include/md/_unixos.h
index 04d9904..ea46b3a 100644
--- a/nspr/pr/include/md/_unixos.h
+++ b/nspr/pr/include/md/_unixos.h
@@ -302,7 +302,7 @@
#define _MD_INTERVAL_PER_SEC _PR_UNIX_TicksPerSecond
#endif
-#ifdef HAVE_CLOCK_MONOTONIC
+#ifdef _PR_HAVE_CLOCK_MONOTONIC
extern PRIntervalTime _PR_UNIX_GetInterval2(void);
extern PRIntervalTime _PR_UNIX_TicksPerSecond2(void);
#define _MD_INTERVAL_INIT()
diff --git a/nspr/pr/include/prenv.h b/nspr/pr/include/prenv.h
index 2a47716..468c7d5 100644
--- a/nspr/pr/include/prenv.h
+++ b/nspr/pr/include/prenv.h
@@ -91,6 +91,20 @@
NSPR_API(char*) PR_GetEnv(const char *var);
/*
+** PR_GetEnvSecure() -- get a security-sensitive environment variable
+**
+** Description:
+**
+** PR_GetEnvSecure() is similar to PR_GetEnv(), but it returns NULL if
+** the program was run with elevated privilege (e.g., setuid or setgid
+** on Unix). This can be used for cases like log file paths which
+** could otherwise be used for privilege escalation. Note that some
+** platforms may have platform-specific privilege elevation mechanisms
+** not recognized by this function; see the implementation for details.
+*/
+NSPR_API(char*) PR_GetEnvSecure(const char *var);
+
+/*
** PR_SetEnv() -- set, unset or change an environment variable
**
** Description:
diff --git a/nspr/pr/include/prinit.h b/nspr/pr/include/prinit.h
index 93749e6..523c2b9 100644
--- a/nspr/pr/include/prinit.h
+++ b/nspr/pr/include/prinit.h
@@ -31,9 +31,9 @@
** The format of the version string is
** "<major version>.<minor version>[.<patch level>] [<Beta>]"
*/
-#define PR_VERSION "4.11"
+#define PR_VERSION "4.12"
#define PR_VMAJOR 4
-#define PR_VMINOR 11
+#define PR_VMINOR 12
#define PR_VPATCH 0
#define PR_BETA PR_FALSE
diff --git a/nspr/pr/src/io/prlog.c b/nspr/pr/src/io/prlog.c
index dae8028..6098460 100644
--- a/nspr/pr/src/io/prlog.c
+++ b/nspr/pr/src/io/prlog.c
@@ -238,13 +238,7 @@
}
PR_SetLogBuffering(isSync ? 0 : bufSize);
-#ifdef XP_UNIX
- if ((getuid() != geteuid()) || (getgid() != getegid())) {
- return;
- }
-#endif /* XP_UNIX */
-
- ev = PR_GetEnv("NSPR_LOG_FILE");
+ ev = PR_GetEnvSecure("NSPR_LOG_FILE");
if (ev && ev[0]) {
if (!PR_SetLogFile(ev)) {
#ifdef XP_PC
diff --git a/nspr/pr/src/io/prprf.c b/nspr/pr/src/io/prprf.c
index 1a89141..798ea2a 100644
--- a/nspr/pr/src/io/prprf.c
+++ b/nspr/pr/src/io/prprf.c
@@ -37,7 +37,7 @@
char *base;
char *cur;
- PRUint32 maxlen;
+ PRUint32 maxlen; /* Must not exceed PR_INT32_MAX. */
int (*func)(void *arg, const char *sp, PRUint32 len);
void *arg;
@@ -697,7 +697,7 @@
char *hexp;
int rv, i;
struct NumArg* nas = NULL;
- struct NumArg* nap;
+ struct NumArg* nap = NULL;
struct NumArg nasArray[ NAS_DEFAULT_NUM ];
char pattern[20];
const char* dolPt = NULL; /* in "%4$.2f", dolPt will point to . */
@@ -1060,6 +1060,13 @@
{
int rv;
+ /*
+ ** We will add len to ss->maxlen at the end of the function. First check
+ ** if ss->maxlen + len would overflow or be greater than PR_INT32_MAX.
+ */
+ if (PR_UINT32_MAX - ss->maxlen < len || ss->maxlen + len > PR_INT32_MAX) {
+ return -1;
+ }
rv = (*ss->func)(ss->arg, sp, len);
if (rv < 0) {
return rv;
@@ -1105,9 +1112,21 @@
PRUint32 newlen;
off = ss->cur - ss->base;
+ if (PR_UINT32_MAX - len < off) {
+ /* off + len would be too big. */
+ return -1;
+ }
if (off + len >= ss->maxlen) {
/* Grow the buffer */
- newlen = ss->maxlen + ((len > 32) ? len : 32);
+ PRUint32 increment = (len > 32) ? len : 32;
+ if (PR_UINT32_MAX - ss->maxlen < increment) {
+ /* ss->maxlen + increment would overflow. */
+ return -1;
+ }
+ newlen = ss->maxlen + increment;
+ if (newlen > PR_INT32_MAX) {
+ return -1;
+ }
if (ss->base) {
newbase = (char*) PR_REALLOC(ss->base, newlen);
} else {
@@ -1210,8 +1229,8 @@
SprintfState ss;
PRUint32 n;
- PR_ASSERT((PRInt32)outlen > 0);
- if ((PRInt32)outlen <= 0) {
+ PR_ASSERT(outlen != 0 && outlen <= PR_INT32_MAX);
+ if (outlen == 0 || outlen > PR_INT32_MAX) {
return 0;
}
@@ -1247,7 +1266,10 @@
ss.stuff = GrowStuff;
if (last) {
- int lastlen = strlen(last);
+ size_t lastlen = strlen(last);
+ if (lastlen > PR_INT32_MAX) {
+ return 0;
+ }
ss.base = last;
ss.cur = last + lastlen;
ss.maxlen = lastlen;
diff --git a/nspr/pr/src/io/prscanf.c b/nspr/pr/src/io/prscanf.c
index b95d656..9d75d82 100644
--- a/nspr/pr/src/io/prscanf.c
+++ b/nspr/pr/src/io/prscanf.c
@@ -194,7 +194,7 @@
GetInt(ScanfState *state, int code)
{
char buf[FMAX + 1], *p;
- int ch;
+ int ch = 0;
static const char digits[] = "0123456789abcdefABCDEF";
PRBool seenDigit = PR_FALSE;
int base;
@@ -304,7 +304,7 @@
GetFloat(ScanfState *state)
{
char buf[FMAX + 1], *p;
- int ch;
+ int ch = 0;
PRBool seenDigit = PR_FALSE;
if (state->width == 0 || state->width > FMAX) {
diff --git a/nspr/pr/src/md/unix/unix.c b/nspr/pr/src/md/unix/unix.c
index 4f27b82..fdae119 100644
--- a/nspr/pr/src/md/unix/unix.c
+++ b/nspr/pr/src/md/unix/unix.c
@@ -2715,7 +2715,7 @@
/* Android <= 19 doesn't have mmap64. */
#if defined(ANDROID) && __ANDROID_API__ <= 19
-extern void *__mmap2(void *, size_t, int, int, int, size_t);
+PR_IMPORT(void) *__mmap2(void *, size_t, int, int, int, size_t);
#define ANDROID_PAGE_SIZE 4096
@@ -3040,7 +3040,7 @@
}
#endif
-#if defined(HAVE_CLOCK_MONOTONIC)
+#if defined(_PR_HAVE_CLOCK_MONOTONIC)
PRIntervalTime _PR_UNIX_GetInterval2()
{
struct timespec time;
diff --git a/nspr/pr/src/md/windows/ntinrval.c b/nspr/pr/src/md/windows/ntinrval.c
index dab9e3f..10aca11 100644
--- a/nspr/pr/src/md/windows/ntinrval.c
+++ b/nspr/pr/src/md/windows/ntinrval.c
@@ -8,6 +8,10 @@
*
*/
+/* Mozilla's build system defines this globally. */
+#ifdef WIN32_LEAN_AND_MEAN
+#undef WIN32_LEAN_AND_MEAN
+#endif
#include "primpl.h"
#ifdef WINCE
diff --git a/nspr/pr/src/md/windows/w95thred.c b/nspr/pr/src/md/windows/w95thred.c
index b2cebae..2741d94 100644
--- a/nspr/pr/src/md/windows/w95thred.c
+++ b/nspr/pr/src/md/windows/w95thred.c
@@ -65,7 +65,7 @@
** suspending). Therefore, get a real handle from
** the pseudo handle via DuplicateHandle(...)
*/
- DuplicateHandle(
+ BOOL ok = DuplicateHandle(
GetCurrentProcess(), /* Process of source handle */
GetCurrentThread(), /* Pseudo Handle to dup */
GetCurrentProcess(), /* Process of handle */
@@ -73,6 +73,11 @@
0L, /* access flags */
FALSE, /* Inheritable */
DUPLICATE_SAME_ACCESS); /* Options */
+ if (!ok) {
+ return PR_FAILURE;
+ }
+ thread->id = GetCurrentThreadId();
+ thread->md.id = thread->id;
}
/* Create the blocking IO semaphore */
diff --git a/nspr/pr/src/misc/prenv.c b/nspr/pr/src/misc/prenv.c
index 4935f9d..cc2e198 100644
--- a/nspr/pr/src/misc/prenv.c
+++ b/nspr/pr/src/misc/prenv.c
@@ -4,10 +4,12 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <string.h>
+#include <stdlib.h>
#include "primpl.h"
#include "prmem.h"
#if defined(XP_UNIX)
+#include <unistd.h>
#if defined(DARWIN)
#if defined(HAVE_CRT_EXTERNS_H)
#include <crt_externs.h>
@@ -17,6 +19,11 @@
#endif /* DARWIN */
#endif /* XP_UNIX */
+#if !defined(HAVE_SECURE_GETENV) && defined(HAVE___SECURE_GETENV)
+#define secure_getenv __secure_getenv
+#define HAVE_SECURE_GETENV 1
+#endif
+
/* Lock used to lock the environment */
#if defined(_PR_NO_PREEMPT)
#define _PR_NEW_LOCK_ENV()
@@ -63,6 +70,34 @@
return ev;
}
+PR_IMPLEMENT(char*) PR_GetEnvSecure(const char *var)
+{
+#ifdef HAVE_SECURE_GETENV
+ char *ev;
+
+ if (!_pr_initialized) _PR_ImplicitInitialization();
+
+ _PR_LOCK_ENV();
+ ev = secure_getenv(var);
+ _PR_UNLOCK_ENV();
+
+ return ev;
+#else
+#ifdef XP_UNIX
+ /*
+ ** Fall back to checking uids and gids. This won't detect any other
+ ** privilege-granting mechanisms the platform may have. This also
+ ** can't detect the case where the process already called
+ ** setuid(geteuid()) and/or setgid(getegid()).
+ */
+ if (getuid() != geteuid() || getgid() != getegid()) {
+ return NULL;
+ }
+#endif /* XP_UNIX */
+ return PR_GetEnv(var);
+#endif /* HAVE_SECURE_GETENV */
+}
+
PR_IMPLEMENT(PRStatus) PR_SetEnv(const char *string)
{
PRIntn result;
diff --git a/nspr/pr/src/misc/prnetdb.c b/nspr/pr/src/misc/prnetdb.c
index b86248f..b2f6e43 100644
--- a/nspr/pr/src/misc/prnetdb.c
+++ b/nspr/pr/src/misc/prnetdb.c
@@ -63,8 +63,7 @@
#if defined(SOLARIS) || (defined(BSDI) && defined(_REENTRANT)) \
|| (defined(LINUX) && defined(_REENTRANT) \
- && !(defined(__GLIBC__) && __GLIBC__ >= 2) \
- && !defined(ANDROID))
+ && defined(__GLIBC__) && __GLIBC__ < 2)
#define _PR_HAVE_GETPROTO_R
#define _PR_HAVE_GETPROTO_R_POINTER
#endif
diff --git a/nspr/pr/src/misc/prtpool.c b/nspr/pr/src/misc/prtpool.c
index 8870a3c..0671cc1 100644
--- a/nspr/pr/src/misc/prtpool.c
+++ b/nspr/pr/src/misc/prtpool.c
@@ -281,8 +281,8 @@
int pollfd_cnt, pollfds_used;
int rv;
PRCList *qp, *nextqp;
-PRPollDesc *pollfds;
-PRJob **polljobs;
+PRPollDesc *pollfds = NULL;
+PRJob **polljobs = NULL;
int poll_timeout;
PRIntervalTime now;
diff --git a/nspr/pr/src/misc/prtrace.c b/nspr/pr/src/misc/prtrace.c
index e1b456c..058f700 100644
--- a/nspr/pr/src/misc/prtrace.c
+++ b/nspr/pr/src/misc/prtrace.c
@@ -657,14 +657,8 @@
logLostData = 0; /* reset at entry */
logState = LogReset;
-#ifdef XP_UNIX
- if ((getuid() != geteuid()) || (getgid() != getegid())) {
- return NULL;
- }
-#endif /* XP_UNIX */
-
/* Get the filename for the logfile from the environment */
- logFileName = PR_GetEnv( "NSPR_TRACE_LOG" );
+ logFileName = PR_GetEnvSecure( "NSPR_TRACE_LOG" );
if ( logFileName == NULL )
{
PR_LOG( lm, PR_LOG_ERROR,
diff --git a/nspr/pr/src/pthreads/ptio.c b/nspr/pr/src/pthreads/ptio.c
index 125f1f9..e4fe519 100644
--- a/nspr/pr/src/pthreads/ptio.c
+++ b/nspr/pr/src/pthreads/ptio.c
@@ -3765,7 +3765,7 @@
* We use these variables to figure out how much time has
* elapsed and how much of the timeout still remains.
*/
- PRIntervalTime start, elapsed, remaining;
+ PRIntervalTime start = 0, elapsed, remaining;
if (pt_TestAbort()) return -1;
@@ -4019,7 +4019,7 @@
* We use these variables to figure out how much time has
* elapsed and how much of the timeout still remains.
*/
- PRIntervalTime start, elapsed, remaining;
+ PRIntervalTime start = 0, elapsed, remaining;
if (pt_TestAbort()) return -1;
@@ -4919,7 +4919,7 @@
* We use these variables to figure out how much time has elapsed
* and how much of the timeout still remains.
*/
- PRIntervalTime start, elapsed, remaining;
+ PRIntervalTime start = 0, elapsed, remaining;
static PRBool unwarned = PR_TRUE;
if (unwarned) unwarned = _PR_Obsolete( "PR_Select", "PR_Poll");
diff --git a/nspr/pr/src/pthreads/ptthread.c b/nspr/pr/src/pthreads/ptthread.c
index de90e4d..9e12606 100644
--- a/nspr/pr/src/pthreads/ptthread.c
+++ b/nspr/pr/src/pthreads/ptthread.c
@@ -21,6 +21,10 @@
#include <signal.h>
#include <dlfcn.h>
+#if defined(OPENBSD) || defined(FREEBSD) || defined(DRAGONFLY)
+#include <pthread_np.h>
+#endif
+
#ifdef SYMBIAN
/* In Open C sched_get_priority_min/max do not work properly, so we undefine
* _POSIX_THREAD_PRIORITY_SCHEDULING here.
@@ -1733,7 +1737,7 @@
{
PRThread *thread;
size_t nameLen;
- int result;
+ int result = 0;
if (!name) {
PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
@@ -1751,8 +1755,10 @@
return PR_FAILURE;
memcpy(thread->name, name, nameLen + 1);
-#if defined(OPENBSD) || defined(FREEBSD)
- result = pthread_set_name_np(thread->id, name);
+#if defined(OPENBSD) || defined(FREEBSD) || defined(DRAGONFLY)
+ pthread_set_name_np(thread->id, name);
+#elif defined(NETBSD)
+ result = pthread_setname_np(thread->id, "%s", (void *)name);
#else /* not BSD */
/*
* On OSX, pthread_setname_np is only available in 10.6 or later, so test
diff --git a/nss.gyp b/nss.gyp
index 206b4bc..6a4ef6d 100644
--- a/nss.gyp
+++ b/nss.gyp
@@ -3,17 +3,6 @@
# found in the LICENSE file.
{
- 'variables': {
- 'conditions': [
- ['OS=="ios"', {
- 'exclude_nss_root_certs%': 0,
- 'exclude_nss_libpkix%': 0,
- }, {
- 'exclude_nss_root_certs%': 1,
- 'exclude_nss_libpkix%': 1,
- }],
- ],
- },
'target_defaults': {
'configurations': {
'Debug': {
@@ -28,21 +17,6 @@
],
},
},
- 'conditions': [
- ['OS=="win"', {
- 'configurations': {
- 'Common_Base': {
- 'msvs_configuration_attributes': {
- # Do not compile NSPR and NSS with /D _UNICODE /D UNICODE.
- 'CharacterSet': '0'
- }
- }
- },
- 'defines!': [
- 'WIN32_LEAN_AND_MEAN',
- ],
- }],
- ],
},
'conditions': [
# To ensure no dependency on NSS is accidentally added to a BoringSSL port,
@@ -136,10 +110,7 @@
'nspr/pr/include/prtypes.h',
'nspr/pr/include/prvrsion.h',
'nspr/pr/include/prwin16.h',
- 'nspr/pr/src/io/prdir.c',
'nspr/pr/src/io/prfdcach.c',
- 'nspr/pr/src/io/prfile.c',
- 'nspr/pr/src/io/prio.c',
'nspr/pr/src/io/priometh.c',
'nspr/pr/src/io/pripv6.c',
'nspr/pr/src/io/prlayer.c',
@@ -150,7 +121,6 @@
'nspr/pr/src/io/prpolevt.c',
'nspr/pr/src/io/prprf.c',
'nspr/pr/src/io/prscanf.c',
- 'nspr/pr/src/io/prsocket.c',
'nspr/pr/src/io/prstdio.c',
'nspr/pr/src/linking/prlink.c',
'nspr/pr/src/malloc/prmalloc.c',
@@ -166,21 +136,6 @@
'nspr/pr/src/md/unix/uxrng.c',
'nspr/pr/src/md/unix/uxshm.c',
'nspr/pr/src/md/unix/uxwrap.c',
- 'nspr/pr/src/md/windows/ntgc.c',
- 'nspr/pr/src/md/windows/ntinrval.c',
- 'nspr/pr/src/md/windows/ntmisc.c',
- 'nspr/pr/src/md/windows/ntsec.c',
- 'nspr/pr/src/md/windows/ntsem.c',
- 'nspr/pr/src/md/windows/w32ipcsem.c',
- 'nspr/pr/src/md/windows/w32poll.c',
- 'nspr/pr/src/md/windows/w32rng.c',
- 'nspr/pr/src/md/windows/w32shm.c',
- 'nspr/pr/src/md/windows/w95cv.c',
- 'nspr/pr/src/md/windows/w95dllmain.c',
- 'nspr/pr/src/md/windows/w95io.c',
- 'nspr/pr/src/md/windows/w95sock.c',
- 'nspr/pr/src/md/windows/w95thred.c',
- 'nspr/pr/src/md/windows/win32_errors.c',
'nspr/pr/src/memory/prseg.c',
'nspr/pr/src/memory/prshm.c',
'nspr/pr/src/memory/prshma.c',
@@ -196,7 +151,6 @@
'nspr/pr/src/misc/prinit.c',
'nspr/pr/src/misc/prinrval.c',
'nspr/pr/src/misc/pripc.c',
- 'nspr/pr/src/misc/pripcsem.c',
'nspr/pr/src/misc/prlog2.c',
'nspr/pr/src/misc/prlong.c',
'nspr/pr/src/misc/prnetdb.c',
@@ -211,17 +165,8 @@
'nspr/pr/src/pthreads/ptmisc.c',
'nspr/pr/src/pthreads/ptsynch.c',
'nspr/pr/src/pthreads/ptthread.c',
- 'nspr/pr/src/threads/combined/prucpu.c',
- 'nspr/pr/src/threads/combined/prucv.c',
- 'nspr/pr/src/threads/combined/prulock.c',
- 'nspr/pr/src/threads/combined/prustack.c',
- 'nspr/pr/src/threads/combined/pruthr.c',
'nspr/pr/src/threads/prcmon.c',
- 'nspr/pr/src/threads/prcthr.c',
- 'nspr/pr/src/threads/prdump.c',
- 'nspr/pr/src/threads/prmon.c',
'nspr/pr/src/threads/prrwlock.c',
- 'nspr/pr/src/threads/prsem.c',
'nspr/pr/src/threads/prtpd.c',
],
'defines': [
@@ -244,8 +189,6 @@
'nspr/lib/libc/include',
],
},
- # TODO(wtc): suppress C4244 and C4554 in prdtoa.c.
- 'msvs_disabled_warnings': [4018, 4244, 4554, 4267,],
'variables': {
'clang_warning_flags': [
# nspr passes "const char*" through "void*".
@@ -259,72 +202,18 @@
],
},
'conditions': [
- ['OS=="mac" or OS=="ios"', {
+ ['OS=="ios"', {
'defines': [
'XP_UNIX',
'DARWIN',
'XP_MACOSX',
'_PR_PTHREADS',
'HAVE_BSD_FLOCK',
- 'HAVE_CRT_EXTERNS_H',
'HAVE_DLADDR',
'HAVE_LCHOWN',
'HAVE_SOCKLEN_T',
'HAVE_STRERROR',
],
- 'sources/': [
- ['exclude', '^nspr/pr/src/md/windows/'],
- ['exclude', '^nspr/pr/src/threads/combined/'],
- ],
- 'sources!': [
- 'nspr/pr/src/io/prdir.c',
- 'nspr/pr/src/io/prfile.c',
- 'nspr/pr/src/io/prio.c',
- 'nspr/pr/src/io/prsocket.c',
- # os_Darwin_x86.s and os_Darwin_x86_64.s are included by
- # os_Darwin.s.
- 'nspr/pr/src/md/unix/os_Darwin_x86.s',
- 'nspr/pr/src/md/unix/os_Darwin_x86_64.s',
- 'nspr/pr/src/misc/pripcsem.c',
- 'nspr/pr/src/threads/prcthr.c',
- 'nspr/pr/src/threads/prdump.c',
- 'nspr/pr/src/threads/prmon.c',
- 'nspr/pr/src/threads/prsem.c',
- ],
- }],
- ['OS=="mac"', {
- 'link_settings': {
- 'libraries': [
- '$(SDKROOT)/System/Library/Frameworks/CoreFoundation.framework',
- '$(SDKROOT)/System/Library/Frameworks/CoreServices.framework',
- ],
- },
- }],
- ['OS=="ios"', {
- 'defines!': [
- 'HAVE_CRT_EXTERNS_H',
- ],
- }],
- ['OS=="win"', {
- 'defines': [
- 'XP_PC',
- 'WIN32',
- 'WIN95',
- '_PR_GLOBAL_THREADS_ONLY',
- '_CRT_SECURE_NO_WARNINGS',
- '_CRT_NONSTDC_NO_WARNINGS',
- ],
- 'sources/': [
- ['exclude', '^nspr/pr/src/md/unix/'],
- ['exclude', '^nspr/pr/src/pthreads/'],
- ],
- 'conditions': [
- ['target_arch=="ia32"', {
- 'defines': [
- '_X86_',
- ],
- }],
- ],
}],
['component == "static_library"', {
'defines': [
@@ -353,9 +242,11 @@
'type': '<(component)',
'dependencies': [
'nss_static',
+ 'nssckbi',
],
'export_dependent_settings': [
'nss_static',
+ 'nssckbi',
],
'sources': [
# Ensure at least one object file is produced, so that MSVC does not
@@ -363,26 +254,6 @@
# the 'nssckbi' target for why the 'nss' target was split as such.
'nss/lib/nss/nssver.c',
],
- 'conditions': [
- ['exclude_nss_root_certs==0', {
- 'dependencies': [
- 'nssckbi',
- ],
- 'export_dependent_settings': [
- 'nssckbi',
- ],
- }],
- ['OS == "mac" and component == "shared_library"', {
- 'xcode_settings': {
- 'OTHER_LDFLAGS': ['-all_load'],
- },
- }],
- ['OS == "win" and component == "shared_library"', {
- 'sources': [
- 'nss/exports_win.def',
- ],
- }],
- ],
},
{
# This is really more of a pseudo-target to work around the fact that
@@ -462,71 +333,6 @@
},
},
{
- # This target contains files compiled for AVX. The code calling the
- # functions in this target has to check if the current CPU supports AVX.
- 'target_name': 'nss_static_avx',
- 'suppress_wildcard': 1,
- 'conditions': [
- ['OS!="win" or target_arch!="ia32"', {
- 'type': 'none',
- }, {
- 'type': 'static_library',
- 'sources': [
- 'nss/lib/freebl/intel-gcm-wrap.c',
- 'nss/lib/freebl/intel-gcm-x86-masm.asm',
- 'nss/lib/freebl/intel-gcm.h',
- ],
- 'defines': [
- 'INTEL_GCM',
- 'NSS_X86_OR_X64',
- 'NSS_X86',
- 'MP_API_COMPATIBLE',
- 'MP_ASSEMBLY_DIV_2DX1D',
- 'MP_ASSEMBLY_MULTIPLY',
- 'MP_ASSEMBLY_SQUARE',
- 'MP_ASSEMBLY_DIV_2DX1D',
- 'MP_USE_UINT_DIGIT',
- 'MP_NO_MP_WORD',
- 'MP_USE_UINT_DIGIT',
- 'NSS_DISABLE_DBM',
- 'NSS_STATIC',
- 'NSS_USE_STATIC_LIBS',
- 'NSS_X86',
- 'NSS_X86_OR_X64',
- 'RIJNDAEL_INCLUDE_TABLES',
- 'SHLIB_PREFIX=\"\"',
- 'SHLIB_SUFFIX=\"dll\"',
- 'SHLIB_VERSION=\"3\"',
- 'SOFTOKEN_LIB_NAME=\"softokn3.dll\"',
- 'SOFTOKEN_SHLIB_VERSION=\"3\"',
- 'USE_HW_AES',
- 'USE_UTIL_DIRECTLY',
- 'WIN32',
- 'WIN95',
- 'XP_PC',
- '_WINDOWS',
- '_X86_',
- ],
- 'include_dirs': [
- 'nspr/pr/include',
- 'nspr/lib/ds',
- 'nspr/lib/libc/include',
- 'nss/lib/freebl/ecl',
- 'nss/lib/util',
- ],
- 'msvs_disabled_warnings': [4018],
- 'msvs_settings': {
- 'MASM': {
- 'UseSafeExceptionHandlers': 'true',
- },
- 'VCCLCompilerTool': {
- 'EnableEnhancedInstructionSet': '3', # Enable AVX.
- },
- },
- }],
- ],
- },
- {
'target_name': 'nss_static',
'type': 'static_library',
# This target is an implementation detail - the public dependencies
@@ -614,9 +420,9 @@
'nss/lib/freebl/blapit.h',
'nss/lib/freebl/camellia.c',
'nss/lib/freebl/camellia.h',
- 'nss/lib/freebl/chacha20/chacha20.c',
- 'nss/lib/freebl/chacha20/chacha20.h',
- 'nss/lib/freebl/chacha20/chacha20_vec.c',
+ 'nss/lib/freebl/chacha20.c',
+ 'nss/lib/freebl/chacha20.h',
+ 'nss/lib/freebl/chacha20_vec.c',
'nss/lib/freebl/chacha20poly1305.c',
'nss/lib/freebl/chacha20poly1305.h',
'nss/lib/freebl/ctr.c',
@@ -653,7 +459,6 @@
'nss/lib/freebl/ecl/ec_naf.c',
'nss/lib/freebl/gcm.c',
'nss/lib/freebl/gcm.h',
- 'nss/lib/freebl/intel-aes-x86-masm.asm',
'nss/lib/freebl/intel-aes.h',
'nss/lib/freebl/hmacct.c',
'nss/lib/freebl/hmacct.h',
@@ -666,10 +471,8 @@
'nss/lib/freebl/mpi/mpi-priv.h',
'nss/lib/freebl/mpi/mpi.c',
'nss/lib/freebl/mpi/mpi.h',
- 'nss/lib/freebl/mpi/mpi_amd64.c',
'nss/lib/freebl/mpi/mpi_arm.c',
'nss/lib/freebl/mpi/mpi_arm_mac.c',
- 'nss/lib/freebl/mpi/mpi_x86_asm.c',
'nss/lib/freebl/mpi/mplogic.c',
'nss/lib/freebl/mpi/mplogic.h',
'nss/lib/freebl/mpi/mpmontg.c',
@@ -680,9 +483,9 @@
'nss/lib/freebl/mpi/mp_gf2m.h',
'nss/lib/freebl/mpi/primes.c',
'nss/lib/freebl/nss_build_config_mac.h',
- 'nss/lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.c',
- 'nss/lib/freebl/poly1305/poly1305.c',
- 'nss/lib/freebl/poly1305/poly1305.h',
+ 'nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c',
+ 'nss/lib/freebl/poly1305.c',
+ 'nss/lib/freebl/poly1305.h',
'nss/lib/freebl/pqg.c',
'nss/lib/freebl/pqg.h',
'nss/lib/freebl/rawhash.c',
@@ -794,16 +597,6 @@
'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.h',
'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c',
'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c',
'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c',
'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h',
'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c',
@@ -1056,7 +849,6 @@
],
'dependencies': [
'nspr',
- 'nss_static_avx',
'../sqlite/sqlite.gyp:sqlite',
],
'export_dependent_settings': [
@@ -1071,6 +863,7 @@
'SHLIB_VERSION=\"3\"',
'SOFTOKEN_SHLIB_VERSION=\"3\"',
'USE_UTIL_DIRECTLY',
+ 'NSS_PKIX_NO_LDAP',
],
'include_dirs': [
'nss/lib/base',
@@ -1128,7 +921,6 @@
'nss/lib/util',
],
},
- 'msvs_disabled_warnings': [4018, 4101, 4267, ],
'variables': {
'clang_warning_flags': [
# nss doesn't explicitly cast between different enum types.
@@ -1147,48 +939,6 @@
],
},
'conditions': [
- ['exclude_nss_root_certs==1', {
- 'defines': [
- 'NSS_DISABLE_ROOT_CERTS',
- ],
- }],
- ['exclude_nss_libpkix==1', {
- 'defines': [
- 'NSS_DISABLE_LIBPKIX',
- ],
- 'sources/': [
- ['exclude', '^nss/lib/libpkix/'],
- ],
- 'sources!': [
- 'nss/lib/certhigh/certvfypkix.c',
- 'nss/lib/certhigh/certvfypkixprint.c',
- ],
- 'include_dirs/': [
- ['exclude', '^nss/lib/libpkix/'],
- ],
- }, { # else: exclude_nss_libpkix==0
- # Disable the LDAP code in libpkix.
- 'defines': [
- 'NSS_PKIX_NO_LDAP',
- ],
- 'sources!': [
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h',
- 'nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c',
- ],
- }],
- ['target_arch=="ia32"', {
- 'sources!': [
- 'nss/lib/freebl/mpi/mpi_amd64.c',
- ],
- }],
['target_arch=="x64" and OS!="win"', {
'sources!': [
'nss/lib/freebl/chacha20/chacha20.c',
@@ -1200,7 +950,7 @@
'nss/lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.c',
],
}],
- ['OS=="mac" or OS=="ios"', {
+ ['OS=="ios"', {
'defines': [
'XP_UNIX',
'DARWIN',
@@ -1210,9 +960,6 @@
'SHLIB_PREFIX=\"lib\"',
'SOFTOKEN_LIB_NAME=\"libsoftokn3.dylib\"',
],
- 'sources!': [
- 'nss/lib/freebl/mpi/mpi_amd64.c',
- ],
'variables': {
'forced_include_file': 'nss_build_config_mac.h',
},
@@ -1228,69 +975,6 @@
'-include', '<(forced_include_file)',
],
},
- }, { # else: OS!="mac" and OS!="ios"
- 'sources!': [
- 'nss/lib/freebl/mpi/mpi_arm_mac.c',
- ],
- }],
- ['OS=="win"', {
- 'defines': [
- 'SHLIB_SUFFIX=\"dll\"',
- 'SHLIB_PREFIX=\"\"',
- 'SOFTOKEN_LIB_NAME=\"softokn3.dll\"',
- 'XP_PC',
- 'WIN32',
- 'WIN95',
- '_WINDOWS',
- ],
- 'direct_dependent_settings': {
- 'defines': [
- '_WINDOWS',
- ],
- },
- 'conditions': [
- ['target_arch=="ia32"', {
- 'defines': [
- 'NSS_X86_OR_X64',
- 'NSS_X86',
- '_X86_',
- 'MP_ASSEMBLY_MULTIPLY',
- 'MP_ASSEMBLY_SQUARE',
- 'MP_ASSEMBLY_DIV_2DX1D',
- 'MP_USE_UINT_DIGIT',
- 'MP_NO_MP_WORD',
- 'USE_HW_AES',
- 'INTEL_GCM',
- ],
- 'msvs_settings': {
- 'MASM': {
- 'UseSafeExceptionHandlers': 'true',
- },
- },
- }],
- ['target_arch=="x64"', {
- 'defines': [
- 'NSS_USE_64',
- 'NSS_X86_OR_X64',
- 'NSS_X64',
- '_AMD64_',
- 'MP_CHAR_STORE_SLOW',
- 'MP_IS_LITTLE_ENDIAN',
- 'WIN64',
- ],
- 'sources!': [
- 'nss/lib/freebl/intel-aes-x86-masm.asm',
- 'nss/lib/freebl/mpi/mpi_amd64.c',
- 'nss/lib/freebl/mpi/mpi_x86_asm.c',
- ],
- }],
- ],
- }, { # else: OS!="win"
- 'sources!': [
- 'nss/lib/freebl/intel-aes-x86-masm.asm',
- # mpi_x86_asm.c contains MSVC inline assembly code.
- 'nss/lib/freebl/mpi/mpi_x86_asm.c',
- ],
}],
],
},
diff --git a/nss/exports_win.def b/nss/exports_win.def
deleted file mode 100644
index 71b0e32..0000000
--- a/nss/exports_win.def
+++ /dev/null
@@ -1,307 +0,0 @@
-; Copyright (c) 2012 The Chromium Authors. All rights reserved.
-; Use of this source code is governed by a BSD-style license that can be
-; found in the LICENSE file.
-
-LIBRARY CRNSS
-EXPORTS
-
-__PK11_CreateContextByRawKey
-AES_Decrypt
-AES_DestroyContext
-AES_Encrypt
-AES_InitContext
-ATOB_AsciiToData_Util
-BL_Unload
-BTOA_DataToAscii_Util
-Camellia_Decrypt
-Camellia_DestroyContext
-Camellia_Encrypt
-Camellia_InitContext
-CERT_AddCertToListTail
-CERT_AddExtension
-CERT_AsciiToName
-CERT_CacheOCSPResponseFromSideChannel
-CERT_CertChainFromCert
-CERT_CertTimesValid
-CERT_CompareName
-CERT_CheckCertValidTimes
-CERT_CreateCertificate
-CERT_CreateCertificateRequest
-CERT_CreateValidity
-CERT_DestroyCertificate
-CERT_DestroyCertificateList
-CERT_DestroyCertificateRequest
-CERT_DestroyCertList
-CERT_DestroyName
-CERT_DestroyValidity
-CERT_DistNamesFromCertList
-CERT_DupCertificate
-CERT_DupCertList
-CERT_DupDistNames
-CERT_ExtractPublicKey
-CERT_FindCertByName
-CERT_FindCertExtension
-CERT_FinishExtensions
-CERT_FreeDistNames
-CERT_FreeNicknames
-CERT_FindUserCertByUsage
-CERT_GetCertKeyType
-CERT_GetCertNicknames
-CERT_GetCommonName
-CERT_GetDefaultCertDB
-CERT_GetSSLCACerts
-CERT_NameToAscii
-CERT_NewCertList
-CERT_NewTempCertificate
-CERT_StartCertExtensions
-CERT_VerifyCert
-CERT_VerifyCertName
-CERT_VerifyCertNow
-CERT_VerifySignedDataWithPublicKey
-CERT_VerifySignedDataWithPublicKeyInfo
-DER_Lengths_Util
-DES_Decrypt
-DES_DestroyContext
-DES_Encrypt
-DES_InitContext
-DSAU_DecodeDerSig
-DSAU_DecodeDerSigToLen
-DSAU_EncodeDerSigWithLen
-HASH_Begin
-HASH_Clone
-HASH_Create
-HASH_Destroy
-HASH_End
-HASH_GetHashObject
-HASH_GetHashObjectByOidTag
-HASH_GetHashTypeByOidTag
-HASH_GetRawHashObject
-HASH_GetType
-HASH_HashBuf
-HASH_ResultLen
-HASH_ResultLenByOidTag
-HASH_ResultLenContext
-HASH_Update
-HMAC_Begin
-HMAC_Destroy
-HMAC_Finish
-HMAC_Init
-HMAC_Update
-MD5_Begin
-MD5_Clone
-MD5_DestroyContext
-MD5_End
-MD5_HashBuf
-MD5_NewContext
-MD5_Update
-NSSRWLock_Destroy_Util
-NSSRWLock_HaveWriteLock_Util
-NSSRWLock_LockRead_Util
-NSSRWLock_LockWrite_Util
-NSSRWLock_New_Util
-NSSRWLock_UnlockRead_Util
-NSSRWLock_UnlockWrite_Util
-NSS_Get_CERT_CertificateTemplate
-NSS_Get_CERT_SequenceOfCertExtensionTemplate
-NSS_Get_CERT_SignedDataTemplate
-NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate
-NSS_Get_SECKEY_PrivateKeyInfoTemplate
-NSS_Get_SECOID_AlgorithmIDTemplate_Util
-NSS_Get_SEC_AnyTemplate_Util
-NSS_Get_SEC_GeneralizedTimeTemplate_Util
-NSS_Get_SEC_IA5StringTemplate_Util
-NSS_Get_SEC_IntegerTemplate_Util
-NSS_Get_SEC_OctetStringTemplate_Util
-NSS_IsInitialized
-NSS_NoDB_Init
-NSS_PutEnv_Util
-NSS_RegisterShutdown
-NSS_SecureMemcmp
-NSS_SetAlgorithmPolicy
-NSS_VersionCheck
-PK11_CipherOp
-PK11_CopyTokenPrivKeyToSessionPrivKey
-PK11_CreateContextBySymKey
-PK11_CreateDigestContext
-PK11_CreateGenericObject
-PK11_CreatePBEV2AlgorithmID
-PK11_Decrypt
-PK11_Derive
-PK11_DeriveWithFlags
-PK11_DestroyContext
-PK11_DestroyGenericObject
-PK11_DigestBegin
-PK11_DigestFinal
-PK11_DigestKey
-PK11_DigestOp
-PK11_DoesMechanism
-PK11_Encrypt
-PK11_ExportDERPrivateKeyInfo
-PK11_ExportEncryptedPrivKeyInfo
-PK11_ExtractKeyValue
-PK11_Finalize
-PK11_FindKeyByAnyCert
-PK11_FindKeyByKeyID
-PK11_FreeSlot
-PK11_FreeSymKey
-PK11_GenerateKeyPair
-PK11_GenerateKeyPairWithOpFlags
-PK11_GenerateRandom
-PK11_GetBestKeyLength
-PK11_GetBestSlot
-PK11_GetBestSlotMultiple
-PK11_GetBestWrapMechanism
-PK11_GetCurrentWrapIndex
-PK11_GetInternalKeySlot
-PK11_GetInternalSlot
-PK11_GetKeyData
-PK11_GetKeyLength
-PK11_GetMechanism
-PK11_GetModuleID
-PK11_GetPadMechanism
-PK11_GetPBECryptoMechanism
-PK11_GetPrivateModulusLen
-PK11_GetSlotFromKey
-PK11_GetSlotFromPrivateKey
-PK11_GetSlotID
-PK11_GetSlotSeries
-PK11_GetWrapKey
-PK11_HashBuf
-PK11_ImportDERPrivateKeyInfoAndReturnKey
-PK11_ImportSymKey
-PK11_ImportSymKeyWithFlags
-PK11_IsLoggedIn
-PK11_IsPresent
-PK11_IVFromParam
-PK11_KeyGen
-PK11_MakeIDFromPubKey
-PK11_MapSignKeyType
-PK11_NeedLogin
-PK11_ParamFromIV
-PK11_PBEKeyGen
-PK11_PrivDecrypt
-PK11_PrivDecryptPKCS1
-PK11_PubDecryptRaw
-PK11_PubDerive
-PK11_PubDeriveWithKDF
-PK11_PubEncrypt
-PK11_PubEncryptRaw
-PK11_PubEncryptPKCS1
-PK11_PubUnwrapSymKey
-PK11_PubUnwrapSymKeyWithFlagsPerm
-PK11_PubWrapSymKey
-PK11_ReadRawAttribute
-PK11_ReferenceSlot
-PK11_ReferenceSymKey
-PK11_RestoreContext
-PK11_SaveContextAlloc
-PK11_SetWrapKey
-PK11_Sign
-PK11_SignatureLen
-PK11_SignWithSymKey
-PK11_SymKeyFromHandle
-PK11_TokenExists
-PK11_UnwrapPrivKey
-PK11_UnwrapSymKey
-PK11_UnwrapSymKeyWithFlags
-PK11_Verify
-PK11_VerifyKeyOK
-PK11_WrapSymKey
-PORT_Alloc_Util
-PORT_ArenaAlloc_Util
-PORT_ArenaZAlloc_Util
-PORT_FreeArena_Util
-PORT_Free_Util
-PORT_GetError_Util
-PORT_NewArena_Util
-PORT_Realloc_Util
-PORT_SetError_Util
-PORT_Strdup_Util
-PORT_ZAlloc_Util
-PORT_ZFree_Util
-PR_ImplodeTime
-RC2_Decrypt
-RC2_DestroyContext
-RC2_Encrypt
-RC2_InitContext
-RC4_Decrypt
-RC4_DestroyContext
-RC4_Encrypt
-RC4_InitContext
-SECITEM_AllocArray
-SECITEM_AllocItem_Util
-SECITEM_CompareItem_Util
-SECITEM_CopyItem_Util
-SECITEM_DupArray
-SECITEM_DupItem_Util
-SECITEM_FreeArray
-SECITEM_FreeItem_Util
-SECITEM_Hash
-SECITEM_ItemsAreEqual_Util
-SECITEM_ZfreeItem_Util
-SECKEY_CacheStaticFlags
-SECKEY_ConvertToPublicKey
-SECKEY_CopyPrivateKey
-SECKEY_CopyPublicKey
-SECKEY_CreateDHPrivateKey
-SECKEY_CreateECPrivateKey
-SECKEY_CreateRSAPrivateKey
-SECKEY_CreateSubjectPublicKeyInfo
-SECKEY_DecodeDERSubjectPublicKeyInfo
-SECKEY_DestroyEncryptedPrivateKeyInfo
-SECKEY_DestroyPrivateKey
-SECKEY_DestroyPublicKey
-SECKEY_DestroySubjectPublicKeyInfo
-SECKEY_EncodeDERSubjectPublicKeyInfo
-SECKEY_ExtractPublicKey
-SECKEY_GetPrivateKeyType
-SECKEY_GetPublicKeyType
-SECKEY_ImportDERPublicKey
-SECKEY_PublicKeyStrength
-SECKEY_PublicKeyStrengthInBits
-SECKEY_SignatureLen
-SECKEY_UpdateCertPQG
-SECMOD_LookupSlot
-SECOID_AddEntry_Util
-SECOID_DestroyAlgorithmID_Util
-SECOID_FindOIDByTag_Util
-SECOID_FindOIDTag_Util
-SECOID_FindOID_Util
-SECOID_GetAlgorithmTag_Util
-SECOID_SetAlgorithmID_Util
-SEC_ASN1DecodeItem_Util
-SEC_ASN1EncodeInteger_Util
-SEC_ASN1EncodeItem_Util
-SEC_DerSignData
-SEC_GetSignatureAlgorithmOidTag
-SEC_QuickDERDecodeItem_Util
-SEC_SignData
-SEC_StringToOID
-SEED_Decrypt
-SEED_DestroyContext
-SEED_Encrypt
-SEED_InitContext
-SGN_Begin
-SGN_DestroyContext
-SGN_Digest
-SGN_End
-SGN_NewContext
-SGN_Update
-SHA1_Begin
-SHA1_Clone
-SHA1_DestroyContext
-SHA1_End
-SHA1_HashBuf
-SHA1_NewContext
-SHA1_Update
-SHA256_HashBuf
-TLS_PRF
-VFY_Begin
-VFY_CreateContext
-VFY_CreateContextWithAlgorithmID
-VFY_DestroyContext
-VFY_End
-VFY_Update
-VFY_VerifyDataDirect
-VFY_VerifyDigestDirect
-_SGN_VerifyPKCS1DigestInfo
diff --git a/nss/lib/base/arena.c b/nss/lib/base/arena.c
index 2b83338..b8e6464 100644
--- a/nss/lib/base/arena.c
+++ b/nss/lib/base/arena.c
@@ -41,7 +41,7 @@
* nssArena_Mark
* nssArena_Release
* nssArena_Unmark
- *
+ *
* nss_ZAlloc
* nss_ZFreeIf
* nss_ZRealloc
@@ -54,16 +54,16 @@
*/
struct NSSArenaStr {
- PLArenaPool pool;
- PRLock *lock;
+ PLArenaPool pool;
+ PRLock *lock;
#ifdef ARENA_THREADMARK
- PRThread *marking_thread;
- nssArenaMark *first_mark;
- nssArenaMark *last_mark;
+ PRThread *marking_thread;
+ nssArenaMark *first_mark;
+ nssArenaMark *last_mark;
#endif /* ARENA_THREADMARK */
#ifdef ARENA_DESTRUCTOR_LIST
- struct arena_destructor_node *first_destructor;
- struct arena_destructor_node *last_destructor;
+ struct arena_destructor_node *first_destructor;
+ struct arena_destructor_node *last_destructor;
#endif /* ARENA_DESTRUCTOR_LIST */
};
@@ -74,14 +74,14 @@
*/
struct nssArenaMarkStr {
- PRUint32 magic;
- void *mark;
+ PRUint32 magic;
+ void *mark;
#ifdef ARENA_THREADMARK
- nssArenaMark *next;
+ nssArenaMark *next;
#endif /* ARENA_THREADMARK */
#ifdef ARENA_DESTRUCTOR_LIST
- struct arena_destructor_node *next_destructor;
- struct arena_destructor_node *prev_destructor;
+ struct arena_destructor_node *next_destructor;
+ struct arena_destructor_node *prev_destructor;
#endif /* ARENA_DESTRUCTOR_LIST */
};
@@ -96,45 +96,39 @@
static nssPointerTracker arena_pointer_tracker;
static PRStatus
-arena_add_pointer
-(
- const NSSArena *arena
-)
+arena_add_pointer(const NSSArena *arena)
{
- PRStatus rv;
+ PRStatus rv;
- rv = nssPointerTracker_initialize(&arena_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&arena_pointer_tracker, arena);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+ rv = nssPointerTracker_initialize(&arena_pointer_tracker);
+ if (PR_SUCCESS != rv) {
+ return rv;
}
- return rv;
- }
+ rv = nssPointerTracker_add(&arena_pointer_tracker, arena);
+ if (PR_SUCCESS != rv) {
+ NSSError e = NSS_GetError();
+ if (NSS_ERROR_NO_MEMORY != e) {
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+ }
- return PR_SUCCESS;
+ return rv;
+ }
+
+ return PR_SUCCESS;
}
static PRStatus
-arena_remove_pointer
-(
- const NSSArena *arena
-)
+arena_remove_pointer(const NSSArena *arena)
{
- PRStatus rv;
+ PRStatus rv;
- rv = nssPointerTracker_remove(&arena_pointer_tracker, arena);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
+ rv = nssPointerTracker_remove(&arena_pointer_tracker, arena);
+ if (PR_SUCCESS != rv) {
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+ }
- return rv;
+ return rv;
}
/*
@@ -155,45 +149,42 @@
*/
NSS_IMPLEMENT PRStatus
-nssArena_verifyPointer
-(
- const NSSArena *arena
-)
+nssArena_verifyPointer(const NSSArena *arena)
{
- PRStatus rv;
+ PRStatus rv;
- rv = nssPointerTracker_initialize(&arena_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- /*
- * This is a little disingenious. We have to initialize the
- * tracker, because someone could "legitimately" try to verify
- * an arena pointer before one is ever created. And this step
- * might fail, due to lack of memory. But the only way that
- * this step can fail is if it's doing the call_once stuff,
- * (later calls just no-op). And if it didn't no-op, there
- * aren't any valid arenas.. so the argument certainly isn't one.
- */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
+ rv = nssPointerTracker_initialize(&arena_pointer_tracker);
+ if (PR_SUCCESS != rv) {
+ /*
+ * This is a little disingenious. We have to initialize the
+ * tracker, because someone could "legitimately" try to verify
+ * an arena pointer before one is ever created. And this step
+ * might fail, due to lack of memory. But the only way that
+ * this step can fail is if it's doing the call_once stuff,
+ * (later calls just no-op). And if it didn't no-op, there
+ * aren't any valid arenas.. so the argument certainly isn't one.
+ */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return PR_FAILURE;
+ }
- rv = nssPointerTracker_verify(&arena_pointer_tracker, arena);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
+ rv = nssPointerTracker_verify(&arena_pointer_tracker, arena);
+ if (PR_SUCCESS != rv) {
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return PR_FAILURE;
+ }
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
#endif /* DEBUG */
#ifdef ARENA_DESTRUCTOR_LIST
struct arena_destructor_node {
- struct arena_destructor_node *next;
- struct arena_destructor_node *prev;
- void (*destructor)(void *argument);
- void *arg;
+ struct arena_destructor_node *next;
+ struct arena_destructor_node *prev;
+ void (*destructor)(void *argument);
+ void *arg;
};
/*
@@ -208,9 +199,9 @@
* arena, but it may not allocate or cause to be allocated any
* memory. This callback facility was included to support our
* debug-version pointer-tracker feature; overuse runs counter to
- * the the original intent of arenas. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * unsuccessful, it will set an error on the error stack and
+ * the the original intent of arenas. This routine returns a
+ * PRStatus value; if successful, it will return PR_SUCCESS. If
+ * unsuccessful, it will set an error on the error stack and
* return PR_FAILURE.
*
* The error may be one of the following values:
@@ -223,108 +214,97 @@
*/
NSS_IMPLEMENT PRStatus
-nssArena_registerDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-)
+nssArena_registerDestructor(NSSArena *arena, void (*destructor)(void *argument),
+ void *arg)
{
- struct arena_destructor_node *it;
+ struct arena_destructor_node *it;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
-
- it = nss_ZNEW(arena, struct arena_destructor_node);
- if( (struct arena_destructor_node *)NULL == it ) {
- return PR_FAILURE;
- }
- it->prev = arena->last_destructor;
- arena->last_destructor->next = it;
- arena->last_destructor = it;
- it->destructor = destructor;
- it->arg = arg;
+ it = nss_ZNEW(arena, struct arena_destructor_node);
+ if ((struct arena_destructor_node *)NULL == it) {
+ return PR_FAILURE;
+ }
- if( (nssArenaMark *)NULL != arena->last_mark ) {
- arena->last_mark->prev_destructor = it->prev;
- arena->last_mark->next_destructor = it->next;
- }
+ it->prev = arena->last_destructor;
+ arena->last_destructor->next = it;
+ arena->last_destructor = it;
+ it->destructor = destructor;
+ it->arg = arg;
- return PR_SUCCESS;
+ if ((nssArenaMark *)NULL != arena->last_mark) {
+ arena->last_mark->prev_destructor = it->prev;
+ arena->last_mark->next_destructor = it->next;
+ }
+
+ return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
-nssArena_deregisterDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-)
+nssArena_deregisterDestructor(NSSArena *arena,
+ void (*destructor)(void *argument), void *arg)
{
- struct arena_destructor_node *it;
+ struct arena_destructor_node *it;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
- for( it = arena->first_destructor; it; it = it->next ) {
- if( (it->destructor == destructor) && (it->arg == arg) ) {
- break;
+ for (it = arena->first_destructor; it; it = it->next) {
+ if ((it->destructor == destructor) && (it->arg == arg)) {
+ break;
+ }
}
- }
- if( (struct arena_destructor_node *)NULL == it ) {
- nss_SetError(NSS_ERROR_NOT_FOUND);
- return PR_FAILURE;
- }
-
- if( it == arena->first_destructor ) {
- arena->first_destructor = it->next;
- }
-
- if( it == arena->last_destructor ) {
- arena->last_destructor = it->prev;
- }
-
- if( (struct arena_destructor_node *)NULL != it->prev ) {
- it->prev->next = it->next;
- }
-
- if( (struct arena_destructor_node *)NULL != it->next ) {
- it->next->prev = it->prev;
- }
-
- {
- nssArenaMark *m;
- for( m = arena->first_mark; m; m = m->next ) {
- if( m->next_destructor == it ) {
- m->next_destructor = it->next;
- }
- if( m->prev_destructor == it ) {
- m->prev_destructor = it->prev;
- }
+ if ((struct arena_destructor_node *)NULL == it) {
+ nss_SetError(NSS_ERROR_NOT_FOUND);
+ return PR_FAILURE;
}
- }
- nss_ZFreeIf(it);
- return PR_SUCCESS;
+ if (it == arena->first_destructor) {
+ arena->first_destructor = it->next;
+ }
+
+ if (it == arena->last_destructor) {
+ arena->last_destructor = it->prev;
+ }
+
+ if ((struct arena_destructor_node *)NULL != it->prev) {
+ it->prev->next = it->next;
+ }
+
+ if ((struct arena_destructor_node *)NULL != it->next) {
+ it->next->prev = it->prev;
+ }
+
+ {
+ nssArenaMark *m;
+ for (m = arena->first_mark; m; m = m->next) {
+ if (m->next_destructor == it) {
+ m->next_destructor = it->next;
+ }
+ if (m->prev_destructor == it) {
+ m->prev_destructor = it->prev;
+ }
+ }
+ }
+
+ nss_ZFreeIf(it);
+ return PR_SUCCESS;
}
static void
-nss_arena_call_destructor_chain
-(
- struct arena_destructor_node *it
-)
+nss_arena_call_destructor_chain(struct arena_destructor_node *it)
{
- for( ; it ; it = it->next ) {
- (*(it->destructor))(it->arg);
- }
+ for (; it; it = it->next) {
+ (*(it->destructor))(it->arg);
+ }
}
#endif /* ARENA_DESTRUCTOR_LIST */
@@ -344,20 +324,17 @@
*/
NSS_IMPLEMENT NSSArena *
-NSSArena_Create
-(
- void
-)
+NSSArena_Create(void)
{
- nss_ClearErrorStack();
- return nssArena_Create();
+ nss_ClearErrorStack();
+ return nssArena_Create();
}
/*
* nssArena_Create
*
* This routine creates a new memory arena. This routine may return
- * NULL upon error, in which case it will have set an error on the
+ * NULL upon error, in which case it will have set an error on the
* error stack.
*
* The error may be one of the following values:
@@ -369,66 +346,63 @@
*/
NSS_IMPLEMENT NSSArena *
-nssArena_Create
-(
- void
-)
+nssArena_Create(void)
{
- NSSArena *rv = (NSSArena *)NULL;
+ NSSArena *rv = (NSSArena *)NULL;
- rv = nss_ZNEW((NSSArena *)NULL, NSSArena);
- if( (NSSArena *)NULL == rv ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSArena *)NULL;
- }
+ rv = nss_ZNEW((NSSArena *)NULL, NSSArena);
+ if ((NSSArena *)NULL == rv) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (NSSArena *)NULL;
+ }
- rv->lock = PR_NewLock();
- if( (PRLock *)NULL == rv->lock ) {
- (void)nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSArena *)NULL;
- }
+ rv->lock = PR_NewLock();
+ if ((PRLock *)NULL == rv->lock) {
+ (void)nss_ZFreeIf(rv);
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (NSSArena *)NULL;
+ }
- /*
- * Arena sizes. The current security code has 229 occurrences of
- * PORT_NewArena. The default chunksizes specified break down as
- *
- * Size Mult. Specified as
- * 512 1 512
- * 1024 7 1024
- * 2048 5 2048
- * 2048 5 CRMF_DEFAULT_ARENA_SIZE
- * 2048 190 DER_DEFAULT_CHUNKSIZE
- * 2048 20 SEC_ASN1_DEFAULT_ARENA_SIZE
- * 4096 1 4096
- *
- * Obviously this "default chunksize" flexibility isn't very
- * useful to us, so I'll just pick 2048.
- */
+ /*
+ * Arena sizes. The current security code has 229 occurrences of
+ * PORT_NewArena. The default chunksizes specified break down as
+ *
+ * Size Mult. Specified as
+ * 512 1 512
+ * 1024 7 1024
+ * 2048 5 2048
+ * 2048 5 CRMF_DEFAULT_ARENA_SIZE
+ * 2048 190 DER_DEFAULT_CHUNKSIZE
+ * 2048 20 SEC_ASN1_DEFAULT_ARENA_SIZE
+ * 4096 1 4096
+ *
+ * Obviously this "default chunksize" flexibility isn't very
+ * useful to us, so I'll just pick 2048.
+ */
- PL_InitArenaPool(&rv->pool, "NSS", 2048, sizeof(double));
+ PL_InitArenaPool(&rv->pool, "NSS", 2048, sizeof(double));
#ifdef DEBUG
- {
- PRStatus st;
- st = arena_add_pointer(rv);
- if( PR_SUCCESS != st ) {
- PL_FinishArenaPool(&rv->pool);
- PR_DestroyLock(rv->lock);
- (void)nss_ZFreeIf(rv);
- return (NSSArena *)NULL;
+ {
+ PRStatus st;
+ st = arena_add_pointer(rv);
+ if (PR_SUCCESS != st) {
+ PL_FinishArenaPool(&rv->pool);
+ PR_DestroyLock(rv->lock);
+ (void)nss_ZFreeIf(rv);
+ return (NSSArena *)NULL;
+ }
}
- }
#endif /* DEBUG */
- return rv;
+ return rv;
}
/*
* NSSArena_Destroy
*
* This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
+ * allocated from it. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCESS. If unsuccessful, it will
* create an error stack and return PR_FAILURE.
*
@@ -441,27 +415,24 @@
*/
NSS_IMPLEMENT PRStatus
-NSSArena_Destroy
-(
- NSSArena *arena
-)
+NSSArena_Destroy(NSSArena *arena)
{
- nss_ClearErrorStack();
+ nss_ClearErrorStack();
#ifdef DEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* DEBUG */
- return nssArena_Destroy(arena);
+ return nssArena_Destroy(arena);
}
/*
* nssArena_Destroy
*
* This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
+ * allocated from it. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCESS. If unsuccessful, it will
* set an error on the error stack and return PR_FAILURE.
*
@@ -474,45 +445,42 @@
*/
NSS_IMPLEMENT PRStatus
-nssArena_Destroy
-(
- NSSArena *arena
-)
+nssArena_Destroy(NSSArena *arena)
{
- PRLock *lock;
+ PRLock *lock;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
- if( (PRLock *)NULL == arena->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
- PR_Lock(arena->lock);
-
+ if ((PRLock *)NULL == arena->lock) {
+ /* Just got destroyed */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return PR_FAILURE;
+ }
+ PR_Lock(arena->lock);
+
#ifdef DEBUG
- if( PR_SUCCESS != arena_remove_pointer(arena) ) {
- PR_Unlock(arena->lock);
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != arena_remove_pointer(arena)) {
+ PR_Unlock(arena->lock);
+ return PR_FAILURE;
+ }
#endif /* DEBUG */
#ifdef ARENA_DESTRUCTOR_LIST
- /* Note that the arena is locked at this time */
- nss_arena_call_destructor_chain(arena->first_destructor);
+ /* Note that the arena is locked at this time */
+ nss_arena_call_destructor_chain(arena->first_destructor);
#endif /* ARENA_DESTRUCTOR_LIST */
- PL_FinishArenaPool(&arena->pool);
- lock = arena->lock;
- arena->lock = (PRLock *)NULL;
- PR_Unlock(lock);
- PR_DestroyLock(lock);
- (void)nss_ZFreeIf(arena);
- return PR_SUCCESS;
+ PL_FinishArenaPool(&arena->pool);
+ lock = arena->lock;
+ arena->lock = (PRLock *)NULL;
+ PR_Unlock(lock);
+ PR_DestroyLock(lock);
+ (void)nss_ZFreeIf(arena);
+ return PR_SUCCESS;
}
static void *nss_zalloc_arena_locked(NSSArena *arena, PRUint32 size);
@@ -523,9 +491,9 @@
* This routine "marks" the current state of an arena. Space
* allocated after the arena has been marked can be freed by
* releasing the arena back to the mark with nssArena_Release,
- * or committed by calling nssArena_Unmark. When successful,
- * this routine returns a valid nssArenaMark pointer. This
- * routine may return NULL upon error, in which case it will
+ * or committed by calling nssArena_Unmark. When successful,
+ * this routine returns a valid nssArenaMark pointer. This
+ * routine may return NULL upon error, in which case it will
* have set an error on the error stack.
*
* The error may be one of the following values:
@@ -539,73 +507,70 @@
*/
NSS_IMPLEMENT nssArenaMark *
-nssArena_Mark
-(
- NSSArena *arena
-)
+nssArena_Mark(NSSArena *arena)
{
- nssArenaMark *rv;
- void *p;
+ nssArenaMark *rv;
+ void *p;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return (nssArenaMark *)NULL;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return (nssArenaMark *)NULL;
+ }
#endif /* NSSDEBUG */
- if( (PRLock *)NULL == arena->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return (nssArenaMark *)NULL;
- }
- PR_Lock(arena->lock);
-
-#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL == arena->marking_thread ) {
- /* Unmarked. Store our thread ID */
- arena->marking_thread = PR_GetCurrentThread();
- /* This call never fails. */
- } else {
- /* Marked. Verify it's the current thread */
- if( PR_GetCurrentThread() != arena->marking_thread ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- return (nssArenaMark *)NULL;
+ if ((PRLock *)NULL == arena->lock) {
+ /* Just got destroyed */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return (nssArenaMark *)NULL;
}
- }
-#endif /* ARENA_THREADMARK */
-
- p = PL_ARENA_MARK(&arena->pool);
- /* No error possible */
-
- /* Do this after the mark */
- rv = (nssArenaMark *)nss_zalloc_arena_locked(arena, sizeof(nssArenaMark));
- if( (nssArenaMark *)NULL == rv ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (nssArenaMark *)NULL;
- }
+ PR_Lock(arena->lock);
#ifdef ARENA_THREADMARK
- if ( (nssArenaMark *)NULL == arena->first_mark) {
- arena->first_mark = rv;
- arena->last_mark = rv;
- } else {
- arena->last_mark->next = rv;
- arena->last_mark = rv;
- }
+ if ((PRThread *)NULL == arena->marking_thread) {
+ /* Unmarked. Store our thread ID */
+ arena->marking_thread = PR_GetCurrentThread();
+ /* This call never fails. */
+ } else {
+ /* Marked. Verify it's the current thread */
+ if (PR_GetCurrentThread() != arena->marking_thread) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+ return (nssArenaMark *)NULL;
+ }
+ }
#endif /* ARENA_THREADMARK */
- rv->mark = p;
- rv->magic = MARK_MAGIC;
+ p = PL_ARENA_MARK(&arena->pool);
+ /* No error possible */
+
+ /* Do this after the mark */
+ rv = (nssArenaMark *)nss_zalloc_arena_locked(arena, sizeof(nssArenaMark));
+ if ((nssArenaMark *)NULL == rv) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (nssArenaMark *)NULL;
+ }
+
+#ifdef ARENA_THREADMARK
+ if ((nssArenaMark *)NULL == arena->first_mark) {
+ arena->first_mark = rv;
+ arena->last_mark = rv;
+ } else {
+ arena->last_mark->next = rv;
+ arena->last_mark = rv;
+ }
+#endif /* ARENA_THREADMARK */
+
+ rv->mark = p;
+ rv->magic = MARK_MAGIC;
#ifdef ARENA_DESTRUCTOR_LIST
- rv->prev_destructor = arena->last_destructor;
+ rv->prev_destructor = arena->last_destructor;
#endif /* ARENA_DESTRUCTOR_LIST */
- PR_Unlock(arena->lock);
+ PR_Unlock(arena->lock);
- return rv;
+ return rv;
}
/*
@@ -616,100 +581,98 @@
*/
static PRStatus
-nss_arena_unmark_release
-(
- NSSArena *arena,
- nssArenaMark *arenaMark,
- PRBool release
-)
+nss_arena_unmark_release(NSSArena *arena, nssArenaMark *arenaMark,
+ PRBool release)
{
- void *inner_mark;
+ void *inner_mark;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
- if( MARK_MAGIC != arenaMark->magic ) {
- nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
- return PR_FAILURE;
- }
+ if (MARK_MAGIC != arenaMark->magic) {
+ nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
+ return PR_FAILURE;
+ }
- if( (PRLock *)NULL == arena->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
- PR_Lock(arena->lock);
+ if ((PRLock *)NULL == arena->lock) {
+ /* Just got destroyed */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return PR_FAILURE;
+ }
+ PR_Lock(arena->lock);
#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL != arena->marking_thread ) {
- if( PR_GetCurrentThread() != arena->marking_thread ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- return PR_FAILURE;
+ if ((PRThread *)NULL != arena->marking_thread) {
+ if (PR_GetCurrentThread() != arena->marking_thread) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+ return PR_FAILURE;
+ }
}
- }
#endif /* ARENA_THREADMARK */
- if( MARK_MAGIC != arenaMark->magic ) {
- /* Just got released */
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
- return PR_FAILURE;
- }
+ if (MARK_MAGIC != arenaMark->magic) {
+ /* Just got released */
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
+ return PR_FAILURE;
+ }
- arenaMark->magic = 0;
- inner_mark = arenaMark->mark;
+ arenaMark->magic = 0;
+ inner_mark = arenaMark->mark;
#ifdef ARENA_THREADMARK
- {
- nssArenaMark **pMark = &arena->first_mark;
- nssArenaMark *rest;
- nssArenaMark *last = (nssArenaMark *)NULL;
+ {
+ nssArenaMark **pMark = &arena->first_mark;
+ nssArenaMark *rest;
+ nssArenaMark *last = (nssArenaMark *)NULL;
- /* Find this mark */
- while( *pMark != arenaMark ) {
- last = *pMark;
- pMark = &(*pMark)->next;
+ /* Find this mark */
+ while (*pMark != arenaMark) {
+ last = *pMark;
+ pMark = &(*pMark)->next;
+ }
+
+ /* Remember the pointer, then zero it */
+ rest = (*pMark)->next;
+ *pMark = (nssArenaMark *)NULL;
+
+ arena->last_mark = last;
+
+ /* Invalidate any later marks being implicitly released */
+ for (; (nssArenaMark *)NULL != rest; rest = rest->next) {
+ rest->magic = 0;
+ }
+
+ /* If we just got rid of the first mark, clear the thread ID */
+ if ((nssArenaMark *)NULL == arena->first_mark) {
+ arena->marking_thread = (PRThread *)NULL;
+ }
}
-
- /* Remember the pointer, then zero it */
- rest = (*pMark)->next;
- *pMark = (nssArenaMark *)NULL;
-
- arena->last_mark = last;
-
- /* Invalidate any later marks being implicitly released */
- for( ; (nssArenaMark *)NULL != rest; rest = rest->next ) {
- rest->magic = 0;
- }
-
- /* If we just got rid of the first mark, clear the thread ID */
- if( (nssArenaMark *)NULL == arena->first_mark ) {
- arena->marking_thread = (PRThread *)NULL;
- }
- }
#endif /* ARENA_THREADMARK */
- if( release ) {
+ if (release) {
#ifdef ARENA_DESTRUCTOR_LIST
- if( (struct arena_destructor_node *)NULL != arenaMark->prev_destructor ) {
- arenaMark->prev_destructor->next = (struct arena_destructor_node *)NULL;
- }
- arena->last_destructor = arenaMark->prev_destructor;
+ if ((struct arena_destructor_node *)NULL !=
+ arenaMark->prev_destructor) {
+ arenaMark->prev_destructor->next =
+ (struct arena_destructor_node *)NULL;
+ }
+ arena->last_destructor = arenaMark->prev_destructor;
- /* Note that the arena is locked at this time */
- nss_arena_call_destructor_chain(arenaMark->next_destructor);
+ /* Note that the arena is locked at this time */
+ nss_arena_call_destructor_chain(arenaMark->next_destructor);
#endif /* ARENA_DESTRUCTOR_LIST */
- PL_ARENA_RELEASE(&arena->pool, inner_mark);
- /* No error return */
- }
+ PL_ARENA_RELEASE(&arena->pool, inner_mark);
+ /* No error return */
+ }
- PR_Unlock(arena->lock);
- return PR_SUCCESS;
+ PR_Unlock(arena->lock);
+ return PR_SUCCESS;
}
/*
@@ -732,13 +695,9 @@
*/
NSS_IMPLEMENT PRStatus
-nssArena_Release
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-)
+nssArena_Release(NSSArena *arena, nssArenaMark *arenaMark)
{
- return nss_arena_unmark_release(arena, arenaMark, PR_TRUE);
+ return nss_arena_unmark_release(arena, arenaMark, PR_TRUE);
}
/*
@@ -764,13 +723,9 @@
*/
NSS_IMPLEMENT PRStatus
-nssArena_Unmark
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-)
+nssArena_Unmark(NSSArena *arena, nssArenaMark *arenaMark)
{
- return nss_arena_unmark_release(arena, arenaMark, PR_FALSE);
+ return nss_arena_unmark_release(arena, arenaMark, PR_FALSE);
}
/*
@@ -782,49 +737,45 @@
* maybe we should add a magic value?
*/
struct pointer_header {
- NSSArena *arena;
- PRUint32 size;
+ NSSArena *arena;
+ PRUint32 size;
};
static void *
-nss_zalloc_arena_locked
-(
- NSSArena *arena,
- PRUint32 size
-)
+nss_zalloc_arena_locked(NSSArena *arena, PRUint32 size)
{
- void *p;
- void *rv;
- struct pointer_header *h;
- PRUint32 my_size = size + sizeof(struct pointer_header);
- PL_ARENA_ALLOCATE(p, &arena->pool, my_size);
- if( (void *)NULL == p ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
- /*
- * Do this before we unlock. This way if the user is using
- * an arena in one thread while destroying it in another, he'll
- * fault/FMR in his code, not ours.
- */
- h = (struct pointer_header *)p;
- h->arena = arena;
- h->size = size;
- rv = (void *)((char *)h + sizeof(struct pointer_header));
- (void)nsslibc_memset(rv, 0, size);
- return rv;
+ void *p;
+ void *rv;
+ struct pointer_header *h;
+ PRUint32 my_size = size + sizeof(struct pointer_header);
+ PL_ARENA_ALLOCATE(p, &arena->pool, my_size);
+ if ((void *)NULL == p) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
+ }
+ /*
+ * Do this before we unlock. This way if the user is using
+ * an arena in one thread while destroying it in another, he'll
+ * fault/FMR in his code, not ours.
+ */
+ h = (struct pointer_header *)p;
+ h->arena = arena;
+ h->size = size;
+ rv = (void *)((char *)h + sizeof(struct pointer_header));
+ (void)nsslibc_memset(rv, 0, size);
+ return rv;
}
/*
* NSS_ZAlloc
*
- * This routine allocates and zeroes a section of memory of the
+ * This routine allocates and zeroes a section of memory of the
* size, and returns to the caller a pointer to that memory. If
* the optional arena argument is non-null, the memory will be
* obtained from that arena; otherwise, the memory will be obtained
* from the heap. This routine may return NULL upon error, in
* which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
+ * value specified for size may be zero; in which case a valid
* zero-length block of memory will be allocated. This block may
* be expanded by calling NSS_ZRealloc.
*
@@ -839,25 +790,21 @@
*/
NSS_IMPLEMENT void *
-NSS_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-)
+NSS_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
{
- return nss_ZAlloc(arenaOpt, size);
+ return nss_ZAlloc(arenaOpt, size);
}
/*
* nss_ZAlloc
*
- * This routine allocates and zeroes a section of memory of the
+ * This routine allocates and zeroes a section of memory of the
* size, and returns to the caller a pointer to that memory. If
* the optional arena argument is non-null, the memory will be
* obtained from that arena; otherwise, the memory will be obtained
* from the heap. This routine may return NULL upon error, in
* which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
+ * value specified for size may be zero; in which case a valid
* zero-length block of memory will be allocated. This block may
* be expanded by calling nss_ZRealloc.
*
@@ -872,76 +819,72 @@
*/
NSS_IMPLEMENT void *
-nss_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-)
+nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
{
- struct pointer_header *h;
- PRUint32 my_size = size + sizeof(struct pointer_header);
+ struct pointer_header *h;
+ PRUint32 my_size = size + sizeof(struct pointer_header);
- if( my_size < sizeof(struct pointer_header) ) {
- /* Wrapped */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- if( (NSSArena *)NULL == arenaOpt ) {
- /* Heap allocation, no locking required. */
- h = (struct pointer_header *)PR_Calloc(1, my_size);
- if( (struct pointer_header *)NULL == h ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
+ if (my_size < sizeof(struct pointer_header)) {
+ /* Wrapped */
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
}
- h->arena = (NSSArena *)NULL;
- h->size = size;
- /* We used calloc: it's already zeroed */
+ if ((NSSArena *)NULL == arenaOpt) {
+ /* Heap allocation, no locking required. */
+ h = (struct pointer_header *)PR_Calloc(1, my_size);
+ if ((struct pointer_header *)NULL == h) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
+ }
- return (void *)((char *)h + sizeof(struct pointer_header));
- } else {
- void *rv;
- /* Arena allocation */
+ h->arena = (NSSArena *)NULL;
+ h->size = size;
+ /* We used calloc: it's already zeroed */
+
+ return (void *)((char *)h + sizeof(struct pointer_header));
+ } else {
+ void *rv;
+/* Arena allocation */
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (void *)NULL;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (void *)NULL;
+ }
#endif /* NSSDEBUG */
- if( (PRLock *)NULL == arenaOpt->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return (void *)NULL;
- }
- PR_Lock(arenaOpt->lock);
+ if ((PRLock *)NULL == arenaOpt->lock) {
+ /* Just got destroyed */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return (void *)NULL;
+ }
+ PR_Lock(arenaOpt->lock);
#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL != arenaOpt->marking_thread ) {
- if( PR_GetCurrentThread() != arenaOpt->marking_thread ) {
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- PR_Unlock(arenaOpt->lock);
- return (void *)NULL;
- }
- }
+ if ((PRThread *)NULL != arenaOpt->marking_thread) {
+ if (PR_GetCurrentThread() != arenaOpt->marking_thread) {
+ nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+ PR_Unlock(arenaOpt->lock);
+ return (void *)NULL;
+ }
+ }
#endif /* ARENA_THREADMARK */
- rv = nss_zalloc_arena_locked(arenaOpt, size);
+ rv = nss_zalloc_arena_locked(arenaOpt, size);
- PR_Unlock(arenaOpt->lock);
- return rv;
- }
- /*NOTREACHED*/
+ PR_Unlock(arenaOpt->lock);
+ return rv;
+ }
+ /*NOTREACHED*/
}
/*
* NSS_ZFreeIf
*
- * If the specified pointer is non-null, then the region of memory
- * to which it points -- which must have been allocated with
- * NSS_ZAlloc -- will be zeroed and released. This routine
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * NSS_ZAlloc -- will be zeroed and released. This routine
* returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
+ * If unsuccessful, it will set an error on the error stack and return
* PR_FAILURE.
*
* The error may be one of the following values:
@@ -952,22 +895,19 @@
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-NSS_ZFreeIf
-(
- void *pointer
-)
+NSS_ZFreeIf(void *pointer)
{
- return nss_ZFreeIf(pointer);
+ return nss_ZFreeIf(pointer);
}
/*
* nss_ZFreeIf
*
- * If the specified pointer is non-null, then the region of memory
- * to which it points -- which must have been allocated with
- * nss_ZAlloc -- will be zeroed and released. This routine
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * nss_ZAlloc -- will be zeroed and released. This routine
* returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
+ * If unsuccessful, it will set an error on the error stack and return
* PR_FAILURE.
*
* The error may be one of the following values:
@@ -979,60 +919,57 @@
*/
NSS_IMPLEMENT PRStatus
-nss_ZFreeIf
-(
- void *pointer
-)
+nss_ZFreeIf(void *pointer)
{
- struct pointer_header *h;
+ struct pointer_header *h;
- if( (void *)NULL == pointer ) {
- return PR_SUCCESS;
- }
-
- h = (struct pointer_header *)((char *)pointer
- - sizeof(struct pointer_header));
-
- /* Check any magic here */
-
- if( (NSSArena *)NULL == h->arena ) {
- /* Heap */
- (void)nsslibc_memset(pointer, 0, h->size);
- PR_Free(h);
- return PR_SUCCESS;
- } else {
- /* Arena */
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(h->arena) ) {
- return PR_FAILURE;
+ if ((void *)NULL == pointer) {
+ return PR_SUCCESS;
}
+
+ h = (struct pointer_header *)((char *)pointer -
+ sizeof(struct pointer_header));
+
+ /* Check any magic here */
+
+ if ((NSSArena *)NULL == h->arena) {
+ /* Heap */
+ (void)nsslibc_memset(pointer, 0, h->size);
+ PR_Free(h);
+ return PR_SUCCESS;
+ } else {
+/* Arena */
+#ifdef NSSDEBUG
+ if (PR_SUCCESS != nssArena_verifyPointer(h->arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
- if( (PRLock *)NULL == h->arena->lock ) {
- /* Just got destroyed.. so this pointer is invalid */
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
+ if ((PRLock *)NULL == h->arena->lock) {
+ /* Just got destroyed.. so this pointer is invalid */
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
+ PR_Lock(h->arena->lock);
+
+ (void)nsslibc_memset(pointer, 0, h->size);
+
+ /* No way to "free" it within an NSPR arena. */
+
+ PR_Unlock(h->arena->lock);
+ return PR_SUCCESS;
}
- PR_Lock(h->arena->lock);
-
- (void)nsslibc_memset(pointer, 0, h->size);
-
- /* No way to "free" it within an NSPR arena. */
-
- PR_Unlock(h->arena->lock);
- return PR_SUCCESS;
- }
- /*NOTREACHED*/
+ /*NOTREACHED*/
}
/*
* NSS_ZRealloc
*
* This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
+ * nss_ZAlloc or nss_ZRealloc. The portion of memory
* between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
+ * obtained or released -- is in either case zeroed. This routine
+ * may return NULL upon failure, in which case it will have placed
* an error on the error stack.
*
* The error may be one of the following values:
@@ -1046,11 +983,7 @@
*/
NSS_EXTERN void *
-NSS_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-)
+NSS_ZRealloc(void *pointer, PRUint32 newSize)
{
return nss_ZRealloc(pointer, newSize);
}
@@ -1059,10 +992,10 @@
* nss_ZRealloc
*
* This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
+ * nss_ZAlloc or nss_ZRealloc. The portion of memory
* between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
+ * obtained or released -- is in either case zeroed. This routine
+ * may return NULL upon failure, in which case it will have placed
* an error on the error stack.
*
* The error may be one of the following values:
@@ -1076,139 +1009,135 @@
*/
NSS_EXTERN void *
-nss_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-)
+nss_ZRealloc(void *pointer, PRUint32 newSize)
{
- NSSArena *arena;
- struct pointer_header *h, *new_h;
- PRUint32 my_newSize = newSize + sizeof(struct pointer_header);
- void *rv;
+ NSSArena *arena;
+ struct pointer_header *h, *new_h;
+ PRUint32 my_newSize = newSize + sizeof(struct pointer_header);
+ void *rv;
- if( my_newSize < sizeof(struct pointer_header) ) {
- /* Wrapped */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- if( (void *)NULL == pointer ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
-
- h = (struct pointer_header *)((char *)pointer
- - sizeof(struct pointer_header));
-
- /* Check any magic here */
-
- if( newSize == h->size ) {
- /* saves thrashing */
- return pointer;
- }
-
- arena = h->arena;
- if (!arena) {
- /* Heap */
- new_h = (struct pointer_header *)PR_Calloc(1, my_newSize);
- if( (struct pointer_header *)NULL == new_h ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
+ if (my_newSize < sizeof(struct pointer_header)) {
+ /* Wrapped */
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
}
- new_h->arena = (NSSArena *)NULL;
- new_h->size = newSize;
- rv = (void *)((char *)new_h + sizeof(struct pointer_header));
+ if ((void *)NULL == pointer) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (void *)NULL;
+ }
- if( newSize > h->size ) {
- (void)nsslibc_memcpy(rv, pointer, h->size);
- (void)nsslibc_memset(&((char *)rv)[ h->size ],
- 0, (newSize - h->size));
+ h = (struct pointer_header *)((char *)pointer -
+ sizeof(struct pointer_header));
+
+ /* Check any magic here */
+
+ if (newSize == h->size) {
+ /* saves thrashing */
+ return pointer;
+ }
+
+ arena = h->arena;
+ if (!arena) {
+ /* Heap */
+ new_h = (struct pointer_header *)PR_Calloc(1, my_newSize);
+ if ((struct pointer_header *)NULL == new_h) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
+ }
+
+ new_h->arena = (NSSArena *)NULL;
+ new_h->size = newSize;
+ rv = (void *)((char *)new_h + sizeof(struct pointer_header));
+
+ if (newSize > h->size) {
+ (void)nsslibc_memcpy(rv, pointer, h->size);
+ (void)nsslibc_memset(&((char *)rv)[h->size], 0,
+ (newSize - h->size));
+ } else {
+ (void)nsslibc_memcpy(rv, pointer, newSize);
+ }
+
+ (void)nsslibc_memset(pointer, 0, h->size);
+ h->size = 0;
+ PR_Free(h);
+
+ return rv;
} else {
- (void)nsslibc_memcpy(rv, pointer, newSize);
- }
-
- (void)nsslibc_memset(pointer, 0, h->size);
- h->size = 0;
- PR_Free(h);
-
- return rv;
- } else {
- void *p;
- /* Arena */
+ void *p;
+/* Arena */
#ifdef NSSDEBUG
- if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
- return (void *)NULL;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return (void *)NULL;
+ }
#endif /* NSSDEBUG */
- if (!arena->lock) {
- /* Just got destroyed.. so this pointer is invalid */
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
- PR_Lock(arena->lock);
+ if (!arena->lock) {
+ /* Just got destroyed.. so this pointer is invalid */
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (void *)NULL;
+ }
+ PR_Lock(arena->lock);
#ifdef ARENA_THREADMARK
- if (arena->marking_thread) {
- if (PR_GetCurrentThread() != arena->marking_thread) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- return (void *)NULL;
- }
- }
+ if (arena->marking_thread) {
+ if (PR_GetCurrentThread() != arena->marking_thread) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+ return (void *)NULL;
+ }
+ }
#endif /* ARENA_THREADMARK */
- if( newSize < h->size ) {
- /*
- * We have no general way of returning memory to the arena
- * (mark/release doesn't work because things may have been
- * allocated after this object), so the memory is gone
- * anyway. We might as well just return the same pointer to
- * the user, saying "yeah, uh-hunh, you can only use less of
- * it now." We'll zero the leftover part, of course. And
- * in fact we might as well *not* adjust h->size-- this way,
- * if the user reallocs back up to something not greater than
- * the original size, then voila, there's the memory! This
- * way a thrash big/small/big/small doesn't burn up the arena.
- */
- char *extra = &((char *)pointer)[ newSize ];
- (void)nsslibc_memset(extra, 0, (h->size - newSize));
- PR_Unlock(arena->lock);
- return pointer;
- }
+ if (newSize < h->size) {
+ /*
+ * We have no general way of returning memory to the arena
+ * (mark/release doesn't work because things may have been
+ * allocated after this object), so the memory is gone
+ * anyway. We might as well just return the same pointer to
+ * the user, saying "yeah, uh-hunh, you can only use less of
+ * it now." We'll zero the leftover part, of course. And
+ * in fact we might as well *not* adjust h->size-- this way,
+ * if the user reallocs back up to something not greater than
+ * the original size, then voila, there's the memory! This
+ * way a thrash big/small/big/small doesn't burn up the arena.
+ */
+ char *extra = &((char *)pointer)[newSize];
+ (void)nsslibc_memset(extra, 0, (h->size - newSize));
+ PR_Unlock(arena->lock);
+ return pointer;
+ }
- PL_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
- if( (void *)NULL == p ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
+ PL_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
+ if ((void *)NULL == p) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
+ }
- new_h = (struct pointer_header *)p;
- new_h->arena = arena;
- new_h->size = newSize;
- rv = (void *)((char *)new_h + sizeof(struct pointer_header));
- if (rv != pointer) {
- (void)nsslibc_memcpy(rv, pointer, h->size);
- (void)nsslibc_memset(pointer, 0, h->size);
+ new_h = (struct pointer_header *)p;
+ new_h->arena = arena;
+ new_h->size = newSize;
+ rv = (void *)((char *)new_h + sizeof(struct pointer_header));
+ if (rv != pointer) {
+ (void)nsslibc_memcpy(rv, pointer, h->size);
+ (void)nsslibc_memset(pointer, 0, h->size);
+ }
+ (void)nsslibc_memset(&((char *)rv)[h->size], 0, (newSize - h->size));
+ h->arena = (NSSArena *)NULL;
+ h->size = 0;
+ PR_Unlock(arena->lock);
+ return rv;
}
- (void)nsslibc_memset(&((char *)rv)[ h->size ], 0, (newSize - h->size));
- h->arena = (NSSArena *)NULL;
- h->size = 0;
- PR_Unlock(arena->lock);
- return rv;
- }
- /*NOTREACHED*/
+ /*NOTREACHED*/
}
-PRStatus
+PRStatus
nssArena_Shutdown(void)
{
- PRStatus rv = PR_SUCCESS;
+ PRStatus rv = PR_SUCCESS;
#ifdef DEBUG
- rv = nssPointerTracker_finalize(&arena_pointer_tracker);
+ rv = nssPointerTracker_finalize(&arena_pointer_tracker);
#endif
- return rv;
+ return rv;
}
diff --git a/nss/lib/base/base.h b/nss/lib/base/base.h
index deff44c..6d8a1ba 100644
--- a/nss/lib/base/base.h
+++ b/nss/lib/base/base.h
@@ -8,7 +8,7 @@
/*
* base.h
*
- * This header file contains basic prototypes and preprocessor
+ * This header file contains basic prototypes and preprocessor
* definitions used throughout nss but not available publicly.
*/
@@ -64,7 +64,7 @@
* nssArena_Create
*
* This routine creates a new memory arena. This routine may return
- * NULL upon error, in which case it will have set an error on the
+ * NULL upon error, in which case it will have set an error on the
* error stack.
*
* The error may be one of the following values:
@@ -83,11 +83,7 @@
* call (NSSArena_Create) have it too?
*/
-NSS_EXTERN NSSArena *
-nssArena_Create
-(
- void
-);
+NSS_EXTERN NSSArena *nssArena_Create(void);
extern const NSSError NSS_ERROR_NO_MEMORY;
@@ -95,7 +91,7 @@
* nssArena_Destroy
*
* This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
+ * allocated from it. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCESS. If unsuccessful, it will
* set an error on the error stack and return PR_FAILURE.
*
@@ -107,11 +103,7 @@
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_Destroy
-(
- NSSArena *arena
-);
+NSS_EXTERN PRStatus nssArena_Destroy(NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
@@ -121,9 +113,9 @@
* This routine "marks" the current state of an arena. Space
* allocated after the arena has been marked can be freed by
* releasing the arena back to the mark with nssArena_Release,
- * or committed by calling nssArena_Unmark. When successful,
- * this routine returns a valid nssArenaMark pointer. This
- * routine may return NULL upon error, in which case it will
+ * or committed by calling nssArena_Unmark. When successful,
+ * this routine returns a valid nssArenaMark pointer. This
+ * routine may return NULL upon error, in which case it will
* have set an error on the error stack.
*
* The error may be one of the following values:
@@ -136,11 +128,7 @@
* An nssArenaMark pointer upon success
*/
-NSS_EXTERN nssArenaMark *
-nssArena_Mark
-(
- NSSArena *arena
-);
+NSS_EXTERN nssArenaMark *nssArena_Mark(NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NO_MEMORY;
@@ -165,12 +153,7 @@
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_Release
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-);
+NSS_EXTERN PRStatus nssArena_Release(NSSArena *arena, nssArenaMark *arenaMark);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
@@ -197,12 +180,7 @@
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_Unmark
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-);
+NSS_EXTERN PRStatus nssArena_Unmark(NSSArena *arena, nssArenaMark *arenaMark);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
@@ -222,9 +200,9 @@
* arena, but it may not allocate or cause to be allocated any
* memory. This callback facility was included to support our
* debug-version pointer-tracker feature; overuse runs counter to
- * the the original intent of arenas. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * unsuccessful, it will set an error on the error stack and
+ * the the original intent of arenas. This routine returns a
+ * PRStatus value; if successful, it will return PR_SUCCESS. If
+ * unsuccessful, it will set an error on the error stack and
* return PR_FAILURE.
*
* The error may be one of the following values:
@@ -236,13 +214,8 @@
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_registerDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-);
+NSS_EXTERN PRStatus nssArena_registerDestructor(
+ NSSArena *arena, void (*destructor)(void *argument), void *arg);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NO_MEMORY;
@@ -253,8 +226,8 @@
* This routine will remove the first destructor in the specified
* arena which has the specified destructor and argument values.
* The destructor will not be called. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * unsuccessful, it will set an error on the error stack and
+ * PRStatus value; if successful, it will return PR_SUCCESS. If
+ * unsuccessful, it will set an error on the error stack and
* return PR_FAILURE.
*
* The error may be one of the following values:
@@ -266,13 +239,8 @@
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_deregisterDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-);
+NSS_EXTERN PRStatus nssArena_deregisterDestructor(
+ NSSArena *arena, void (*destructor)(void *argument), void *arg);
extern const NSSError NSS_ERROR_INVALID_ITEM;
extern const NSSError NSS_ERROR_INVALID_ARENA;
@@ -283,13 +251,13 @@
/*
* nss_ZAlloc
*
- * This routine allocates and zeroes a section of memory of the
+ * This routine allocates and zeroes a section of memory of the
* size, and returns to the caller a pointer to that memory. If
* the optional arena argument is non-null, the memory will be
* obtained from that arena; otherwise, the memory will be obtained
* from the heap. This routine may return NULL upon error, in
* which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
+ * value specified for size may be zero; in which case a valid
* zero-length block of memory will be allocated. This block may
* be expanded by calling nss_ZRealloc.
*
@@ -303,12 +271,7 @@
* A pointer to the new segment of zeroed memory
*/
-NSS_EXTERN void *
-nss_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-);
+NSS_EXTERN void *nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NO_MEMORY;
@@ -317,11 +280,11 @@
/*
* nss_ZFreeIf
*
- * If the specified pointer is non-null, then the region of memory
- * to which it points -- which must have been allocated with
- * nss_ZAlloc -- will be zeroed and released. This routine
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * nss_ZAlloc -- will be zeroed and released. This routine
* returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
+ * If unsuccessful, it will set an error on the error stack and return
* PR_FAILURE.
*
* The error may be one of the following values:
@@ -332,11 +295,7 @@
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nss_ZFreeIf
-(
- void *pointer
-);
+NSS_EXTERN PRStatus nss_ZFreeIf(void *pointer);
extern const NSSError NSS_ERROR_INVALID_POINTER;
@@ -344,10 +303,10 @@
* nss_ZRealloc
*
* This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
+ * nss_ZAlloc or nss_ZRealloc. The portion of memory
* between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
+ * obtained or released -- is in either case zeroed. This routine
+ * may return NULL upon failure, in which case it will have placed
* an error on the error stack.
*
* The error may be one of the following values:
@@ -360,12 +319,7 @@
* A pointer to the replacement segment of memory
*/
-NSS_EXTERN void *
-nss_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-);
+NSS_EXTERN void *nss_ZRealloc(void *pointer, PRUint32 newSize);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_NO_MEMORY;
@@ -376,10 +330,10 @@
*
* This preprocessor macro will allocate memory for a new object
* of the specified type with nss_ZAlloc, and will cast the
- * return value appropriately. If the optional arena argument is
- * non-null, the memory will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have set an error
+ * return value appropriately. If the optional arena argument is
+ * non-null, the memory will be obtained from that arena; otherwise,
+ * the memory will be obtained from the heap. This routine may
+ * return NULL upon error, in which case it will have set an error
* upon the error stack.
*
* The error may be one of the following values:
@@ -391,7 +345,6 @@
* A pointer to the new segment of zeroed memory
*/
-/* The following line exceeds 72 characters, but emacs screws up if I split it. */
#define nss_ZNEW(arenaOpt, type) ((type *)nss_ZAlloc((arenaOpt), sizeof(type)))
/*
@@ -399,10 +352,10 @@
*
* This preprocessor macro will allocate memory for an array of
* new objects, and will cast the return value appropriately.
- * If the optional arena argument is non-null, the memory will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon
- * error, in which case it will have set an error upon the error
+ * If the optional arena argument is non-null, the memory will
+ * be obtained from that arena; otherwise, the memory will be
+ * obtained from the heap. This routine may return NULL upon
+ * error, in which case it will have set an error upon the error
* stack. The array size may be specified as zero.
*
* The error may be one of the following values:
@@ -414,15 +367,15 @@
* A pointer to the new segment of zeroed memory
*/
-/* The following line exceeds 72 characters, but emacs screws up if I split it. */
-#define nss_ZNEWARRAY(arenaOpt, type, quantity) ((type *)nss_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
+#define nss_ZNEWARRAY(arenaOpt, type, quantity) \
+ ((type *)nss_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
/*
* nss_ZREALLOCARRAY
*
* This preprocessor macro will reallocate memory for an array of
* new objects, and will cast the return value appropriately.
- * This routine may return NULL upon error, in which case it will
+ * This routine may return NULL upon error, in which case it will
* have set an error upon the error stack.
*
* The error may be one of the following values:
@@ -434,7 +387,8 @@
* NULL upon error
* A pointer to the replacement segment of memory
*/
-#define nss_ZREALLOCARRAY(p, type, quantity) ((type *)nss_ZRealloc((p), sizeof(type) * (quantity)))
+#define nss_ZREALLOCARRAY(p, type, quantity) \
+ ((type *)nss_ZRealloc((p), sizeof(type) * (quantity)))
/*
* nssArena_verifyPointer
@@ -454,11 +408,7 @@
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssArena_verifyPointer
-(
- const NSSArena *arena
-);
+NSS_EXTERN PRStatus nssArena_verifyPointer(const NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
#endif /* DEBUG */
@@ -479,16 +429,16 @@
#ifdef DEBUG
#define nssArena_VERIFYPOINTER(p) nssArena_verifyPointer(p)
#else /* DEBUG */
-/* The following line exceeds 72 characters, but emacs screws up if I split it. */
-#define nssArena_VERIFYPOINTER(p) (((NSSArena *)NULL == (p))?PR_FAILURE:PR_SUCCESS)
+
+#define nssArena_VERIFYPOINTER(p) \
+ (((NSSArena *)NULL == (p)) ? PR_FAILURE : PR_SUCCESS)
#endif /* DEBUG */
/*
- * Private function to be called by NSS_Shutdown to cleanup nssArena
+ * Private function to be called by NSS_Shutdown to cleanup nssArena
* bookkeeping.
*/
-extern PRStatus
-nssArena_Shutdown(void);
+extern PRStatus nssArena_Shutdown(void);
/*
* nssArenaHashAllocOps
@@ -497,7 +447,7 @@
* use with the NSPL routine PL_NewHashTable. For example:
*
* NSSArena *hashTableArena = nssArena_Create();
- * PLHashTable *t = PL_NewHashTable(n, hasher, key_compare,
+ * PLHashTable *t = PL_NewHashTable(n, hasher, key_compare,
* value_compare, nssArenaHashAllocOps, hashTableArena);
*/
@@ -515,16 +465,12 @@
/*
* nss_SetError
*
- * This routine places a new error code on the top of the calling
+ * This routine places a new error code on the top of the calling
* thread's error stack. Calling this routine wiht an error code
* of zero will clear the error stack.
*/
-NSS_EXTERN void
-nss_SetError
-(
- PRUint32 error
-);
+NSS_EXTERN void nss_SetError(PRUint32 error);
/*
* nss_ClearErrorStack
@@ -532,11 +478,7 @@
* This routine clears the calling thread's error stack.
*/
-NSS_EXTERN void
-nss_ClearErrorStack
-(
- void
-);
+NSS_EXTERN void nss_ClearErrorStack(void);
/*
* nss_DestroyErrorStack
@@ -544,11 +486,7 @@
* This routine frees the calling thread's error stack.
*/
-NSS_EXTERN void
-nss_DestroyErrorStack
-(
- void
-);
+NSS_EXTERN void nss_DestroyErrorStack(void);
/*
* NSSItem
@@ -558,36 +496,16 @@
* nssItem_Equal
*/
-NSS_EXTERN NSSItem *
-nssItem_Create
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- PRUint32 length,
- const void *data
-);
+NSS_EXTERN NSSItem *nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt,
+ PRUint32 length, const void *data);
-NSS_EXTERN void
-nssItem_Destroy
-(
- NSSItem *item
-);
+NSS_EXTERN void nssItem_Destroy(NSSItem *item);
-NSS_EXTERN NSSItem *
-nssItem_Duplicate
-(
- NSSItem *obj,
- NSSArena *arenaOpt,
- NSSItem *rvOpt
-);
+NSS_EXTERN NSSItem *nssItem_Duplicate(NSSItem *obj, NSSArena *arenaOpt,
+ NSSItem *rvOpt);
-NSS_EXTERN PRBool
-nssItem_Equal
-(
- const NSSItem *one,
- const NSSItem *two,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nssItem_Equal(const NSSItem *one, const NSSItem *two,
+ PRStatus *statusOpt);
/*
* NSSUTF8
@@ -601,8 +519,8 @@
/*
* nssUTF8_CaseIgnoreMatch
- *
- * Returns true if the two UTF8-encoded strings pointed to by the
+ *
+ * Returns true if the two UTF8-encoded strings pointed to by the
* two specified NSSUTF8 pointers differ only in typcase.
*
* The error may be one of the following values:
@@ -614,13 +532,8 @@
* PR_FALSE upon error
*/
-NSS_EXTERN PRBool
-nssUTF8_CaseIgnoreMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b,
+ PRStatus *statusOpt);
/*
* nssUTF8_Duplicate
@@ -630,7 +543,7 @@
* not null, the memory required will be obtained from that arena;
* otherwise, the memory required will be obtained from the heap.
* A pointer to the new string will be returned. In case of error,
- * an error will be placed on the error stack and NULL will be
+ * an error will be placed on the error stack and NULL will be
* returned.
*
* The error may be one of the following values:
@@ -639,20 +552,15 @@
* NSS_ERROR_NO_MEMORY
*/
-NSS_EXTERN NSSUTF8 *
-nssUTF8_Duplicate
-(
- const NSSUTF8 *s,
- NSSArena *arenaOpt
-);
+NSS_EXTERN NSSUTF8 *nssUTF8_Duplicate(const NSSUTF8 *s, NSSArena *arenaOpt);
/*
* nssUTF8_PrintableMatch
*
- * Returns true if the two Printable strings pointed to by the
- * two specified NSSUTF8 pointers match when compared with the
- * rules for Printable String (leading and trailing spaces are
- * disregarded, extents of whitespace match irregardless of length,
+ * Returns true if the two Printable strings pointed to by the
+ * two specified NSSUTF8 pointers match when compared with the
+ * rules for Printable String (leading and trailing spaces are
+ * disregarded, extents of whitespace match irregardless of length,
* and case is not significant), then PR_TRUE will be returned.
* Otherwise, PR_FALSE will be returned. Upon failure, PR_FALSE
* will be returned. If the optional statusOpt argument is not
@@ -668,13 +576,8 @@
* PR_FALSE upon error
*/
-NSS_EXTERN PRBool
-nssUTF8_PrintableMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b,
+ PRStatus *statusOpt);
/*
* nssUTF8_Size
@@ -692,12 +595,7 @@
* 0 on error
*/
-NSS_EXTERN PRUint32
-nssUTF8_Size
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRUint32 nssUTF8_Size(const NSSUTF8 *s, PRStatus *statusOpt);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
@@ -719,12 +617,7 @@
* 0 on error
*/
-NSS_EXTERN PRUint32
-nssUTF8_Length
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRUint32 nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
@@ -753,34 +646,24 @@
* A non-null pointer to a new UTF8 string otherwise
*/
-NSS_EXTERN NSSUTF8 *
-nssUTF8_Create
-(
- NSSArena *arenaOpt,
- nssStringType type,
- const void *inputString,
- PRUint32 size /* in bytes, not characters */
-);
+NSS_EXTERN NSSUTF8 *nssUTF8_Create(NSSArena *arenaOpt, nssStringType type,
+ const void *inputString,
+ PRUint32 size /* in bytes, not characters */
+ );
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_NO_MEMORY;
extern const NSSError NSS_ERROR_UNSUPPORTED_TYPE;
-NSS_EXTERN NSSItem *
-nssUTF8_GetEncoding
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- nssStringType type,
- NSSUTF8 *string
-);
+NSS_EXTERN NSSItem *nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt,
+ nssStringType type, NSSUTF8 *string);
/*
* nssUTF8_CopyIntoFixedBuffer
*
- * This will copy a UTF8 string into a fixed-length buffer, making
+ * This will copy a UTF8 string into a fixed-length buffer, making
* sure that the all characters are valid. Any remaining space will
- * be padded with the specified ASCII character, typically either
+ * be padded with the specified ASCII character, typically either
* null or space.
*
* Blah, blah, blah.
@@ -789,27 +672,16 @@
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
-NSS_EXTERN PRStatus
-nssUTF8_CopyIntoFixedBuffer
-(
- NSSUTF8 *string,
- char *buffer,
- PRUint32 bufferSize,
- char pad
-);
+NSS_EXTERN PRStatus nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer,
+ PRUint32 bufferSize, char pad);
/*
* nssUTF8_Equal
*
*/
-NSS_EXTERN PRBool
-nssUTF8_Equal
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nssUTF8_Equal(const NSSUTF8 *a, const NSSUTF8 *b,
+ PRStatus *statusOpt);
/*
* nssList
@@ -826,28 +698,15 @@
* If threadsafe is true, the list will be locked during modifications
* and traversals.
*/
-NSS_EXTERN nssList *
-nssList_Create
-(
- NSSArena *arenaOpt,
- PRBool threadSafe
-);
+NSS_EXTERN nssList *nssList_Create(NSSArena *arenaOpt, PRBool threadSafe);
/*
* nssList_Destroy
*/
-NSS_EXTERN PRStatus
-nssList_Destroy
-(
- nssList *list
-);
+NSS_EXTERN PRStatus nssList_Destroy(nssList *list);
-NSS_EXTERN void
-nssList_Clear
-(
- nssList *list,
- nssListElementDestructorFunc destructor
-);
+NSS_EXTERN void nssList_Clear(nssList *list,
+ nssListElementDestructorFunc destructor);
/*
* nssList_SetCompareFunction
@@ -856,34 +715,21 @@
* data pointers. By setting this function, the user can control
* how elements are compared.
*/
-NSS_EXTERN void
-nssList_SetCompareFunction
-(
- nssList *list,
- nssListCompareFunc compareFunc
-);
+NSS_EXTERN void nssList_SetCompareFunction(nssList *list,
+ nssListCompareFunc compareFunc);
/*
* nssList_SetSortFunction
*
* Sort function to use for an ordered list.
*/
-NSS_EXTERN void
-nssList_SetSortFunction
-(
- nssList *list,
- nssListSortFunc sortFunc
-);
+NSS_EXTERN void nssList_SetSortFunction(nssList *list,
+ nssListSortFunc sortFunc);
/*
* nssList_Add
*/
-NSS_EXTERN PRStatus
-nssList_Add
-(
- nssList *list,
- void *data
-);
+NSS_EXTERN PRStatus nssList_Add(nssList *list, void *data);
/*
* nssList_AddUnique
@@ -891,20 +737,14 @@
* This will use the compare function to see if the element is already
* in the list.
*/
-NSS_EXTERN PRStatus
-nssList_AddUnique
-(
- nssList *list,
- void *data
-);
+NSS_EXTERN PRStatus nssList_AddUnique(nssList *list, void *data);
/*
* nssList_Remove
*
* Uses the compare function to locate the element and remove it.
*/
-NSS_EXTERN PRStatus
-nssList_Remove(nssList *list, void *data);
+NSS_EXTERN PRStatus nssList_Remove(nssList *list, void *data);
/*
* nssList_Get
@@ -912,21 +752,12 @@
* Uses the compare function to locate an element. Also serves as
* nssList_Exists.
*/
-NSS_EXTERN void *
-nssList_Get
-(
- nssList *list,
- void *data
-);
+NSS_EXTERN void *nssList_Get(nssList *list, void *data);
/*
* nssList_Count
*/
-NSS_EXTERN PRUint32
-nssList_Count
-(
- nssList *list
-);
+NSS_EXTERN PRUint32 nssList_Count(nssList *list);
/*
* nssList_GetArray
@@ -934,39 +765,22 @@
* Fill rvArray, up to maxElements, with elements in the list. The
* array is NULL-terminated, so its allocated size must be maxElements + 1.
*/
-NSS_EXTERN PRStatus
-nssList_GetArray
-(
- nssList *list,
- void **rvArray,
- PRUint32 maxElements
-);
+NSS_EXTERN PRStatus nssList_GetArray(nssList *list, void **rvArray,
+ PRUint32 maxElements);
/*
* nssList_CreateIterator
*
* Create an iterator for list traversal.
*/
-NSS_EXTERN nssListIterator *
-nssList_CreateIterator
-(
- nssList *list
-);
+NSS_EXTERN nssListIterator *nssList_CreateIterator(nssList *list);
-NSS_EXTERN nssList *
-nssList_Clone
-(
- nssList *list
-);
+NSS_EXTERN nssList *nssList_Clone(nssList *list);
/*
* nssListIterator_Destroy
*/
-NSS_EXTERN void
-nssListIterator_Destroy
-(
- nssListIterator *iter
-);
+NSS_EXTERN void nssListIterator_Destroy(nssListIterator *iter);
/*
* nssListIterator_Start
@@ -974,22 +788,14 @@
* Begin a list iteration. After this call, if the list is threadSafe,
* the list is *locked*.
*/
-NSS_EXTERN void *
-nssListIterator_Start
-(
- nssListIterator *iter
-);
+NSS_EXTERN void *nssListIterator_Start(nssListIterator *iter);
/*
* nssListIterator_Next
*
* Continue a list iteration.
*/
-NSS_EXTERN void *
-nssListIterator_Next
-(
- nssListIterator *iter
-);
+NSS_EXTERN void *nssListIterator_Next(nssListIterator *iter);
/*
* nssListIterator_Finish
@@ -997,11 +803,7 @@
* Complete a list iteration. This *must* be called in order for the
* lock to be released.
*/
-NSS_EXTERN PRStatus
-nssListIterator_Finish
-(
- nssListIterator *iter
-);
+NSS_EXTERN PRStatus nssListIterator_Finish(nssListIterator *iter);
/*
* nssHash
@@ -1021,46 +823,24 @@
*
*/
-NSS_EXTERN nssHash *
-nssHash_Create
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets,
- PLHashFunction keyHash,
- PLHashComparator keyCompare,
- PLHashComparator valueCompare
-);
+NSS_EXTERN nssHash *nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets,
+ PLHashFunction keyHash,
+ PLHashComparator keyCompare,
+ PLHashComparator valueCompare);
-NSS_EXTERN nssHash *
-nssHash_CreatePointer
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-);
+NSS_EXTERN nssHash *nssHash_CreatePointer(NSSArena *arenaOpt,
+ PRUint32 numBuckets);
-NSS_EXTERN nssHash *
-nssHash_CreateString
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-);
+NSS_EXTERN nssHash *nssHash_CreateString(NSSArena *arenaOpt,
+ PRUint32 numBuckets);
-NSS_EXTERN nssHash *
-nssHash_CreateItem
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-);
+NSS_EXTERN nssHash *nssHash_CreateItem(NSSArena *arenaOpt, PRUint32 numBuckets);
/*
* nssHash_Destroy
*
*/
-NSS_EXTERN void
-nssHash_Destroy
-(
- nssHash *hash
-);
+NSS_EXTERN void nssHash_Destroy(nssHash *hash);
/*
* nssHash_Add
@@ -1069,75 +849,45 @@
extern const NSSError NSS_ERROR_HASH_COLLISION;
-NSS_EXTERN PRStatus
-nssHash_Add
-(
- nssHash *hash,
- const void *key,
- const void *value
-);
+NSS_EXTERN PRStatus nssHash_Add(nssHash *hash, const void *key,
+ const void *value);
/*
* nssHash_Remove
*
*/
-NSS_EXTERN void
-nssHash_Remove
-(
- nssHash *hash,
- const void *it
-);
+NSS_EXTERN void nssHash_Remove(nssHash *hash, const void *it);
/*
* nssHash_Count
*
*/
-NSS_EXTERN PRUint32
-nssHash_Count
-(
- nssHash *hash
-);
+NSS_EXTERN PRUint32 nssHash_Count(nssHash *hash);
/*
* nssHash_Exists
*
*/
-NSS_EXTERN PRBool
-nssHash_Exists
-(
- nssHash *hash,
- const void *it
-);
+NSS_EXTERN PRBool nssHash_Exists(nssHash *hash, const void *it);
/*
* nssHash_Lookup
*
*/
-NSS_EXTERN void *
-nssHash_Lookup
-(
- nssHash *hash,
- const void *it
-);
+NSS_EXTERN void *nssHash_Lookup(nssHash *hash, const void *it);
/*
* nssHash_Iterate
*
*/
-NSS_EXTERN void
-nssHash_Iterate
-(
- nssHash *hash,
- nssHashIterator fcn,
- void *closure
-);
-
+NSS_EXTERN void nssHash_Iterate(nssHash *hash, nssHashIterator fcn,
+ void *closure);
/*
* nssPointerTracker
*
* This type and these methods are only present in debug builds.
- *
+ *
* The nonpublic methods relating to this type are:
*
* nssPointerTracker_initialize
@@ -1151,13 +901,13 @@
* nssPointerTracker_initialize
*
* This method is only present in debug builds.
- *
+ *
* This routine initializes an nssPointerTracker object. Note that
* the object must have been declared *static* to guarantee that it
* is in a zeroed state initially. This routine is idempotent, and
- * may even be safely called by multiple threads simultaneously with
- * the same argument. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. On failure it will set an
+ * may even be safely called by multiple threads simultaneously with
+ * the same argument. This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS. On failure it will set an
* error on the error stack and return PR_FAILURE.
*
* The error may be one of the following values:
@@ -1169,11 +919,7 @@
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_initialize
-(
- nssPointerTracker *tracker
-);
+NSS_EXTERN PRStatus nssPointerTracker_initialize(nssPointerTracker *tracker);
extern const NSSError NSS_ERROR_NO_MEMORY;
#endif /* DEBUG */
@@ -1182,7 +928,7 @@
* nssPointerTracker_finalize
*
* This method is only present in debug builds.
- *
+ *
* This routine returns the nssPointerTracker object to the pre-
* initialized state, releasing all resources used by the object.
* It will *NOT* destroy the objects being tracked by the pointer
@@ -1202,11 +948,7 @@
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_finalize
-(
- nssPointerTracker *tracker
-);
+NSS_EXTERN PRStatus nssPointerTracker_finalize(nssPointerTracker *tracker);
extern const NSSError NSS_ERROR_TRACKER_NOT_EMPTY;
#endif /* DEBUG */
@@ -1234,12 +976,8 @@
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_add
-(
- nssPointerTracker *tracker,
- const void *pointer
-);
+NSS_EXTERN PRStatus nssPointerTracker_add(nssPointerTracker *tracker,
+ const void *pointer);
extern const NSSError NSS_ERROR_NO_MEMORY;
extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
@@ -1251,12 +989,12 @@
*
* This method is only present in debug builds.
*
- * This routine removes the specified pointer from the
+ * This routine removes the specified pointer from the
* nssPointerTracker object. It does not call any destructor for the
* object; rather, this should be called from the object's destructor.
- * The nssPointerTracker is threadsafe, but this call is not
- * idempotent. This routine returns a PRStatus value; if successful
- * it will return PR_SUCCESS. On failure it will set an error on the
+ * The nssPointerTracker is threadsafe, but this call is not
+ * idempotent. This routine returns a PRStatus value; if successful
+ * it will return PR_SUCCESS. On failure it will set an error on the
* error stack and return PR_FAILURE.
*
* The error may be one of the following values:
@@ -1269,12 +1007,8 @@
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_remove
-(
- nssPointerTracker *tracker,
- const void *pointer
-);
+NSS_EXTERN PRStatus nssPointerTracker_remove(nssPointerTracker *tracker,
+ const void *pointer);
extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
@@ -1289,10 +1023,10 @@
* with the nssPointerTracker object. The nssPointerTracker object is
* threadsafe, and this call may be safely called from multiple threads
* simultaneously with the same arguments. This routine returns a
- * PRStatus value; if the pointer is registered this will return
- * PR_SUCCESS. Otherwise it will set an error on the error stack and
- * return PR_FAILURE. Although the error is suitable for leaving on
- * the stack, callers may wish to augment the information available by
+ * PRStatus value; if the pointer is registered this will return
+ * PR_SUCCESS. Otherwise it will set an error on the error stack and
+ * return PR_FAILURE. Although the error is suitable for leaving on
+ * the stack, callers may wish to augment the information available by
* placing a more type-specific error on the stack.
*
* The error may be one of the following values:
@@ -1304,12 +1038,8 @@
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_verify
-(
- nssPointerTracker *tracker,
- const void *pointer
-);
+NSS_EXTERN PRStatus nssPointerTracker_verify(nssPointerTracker *tracker,
+ const void *pointer);
extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
#endif /* DEBUG */
@@ -1333,13 +1063,7 @@
* The destination pointer on success
*/
-NSS_EXTERN void *
-nsslibc_memcpy
-(
- void *dest,
- const void *source,
- PRUint32 n
-);
+NSS_EXTERN void *nsslibc_memcpy(void *dest, const void *source, PRUint32 n);
extern const NSSError NSS_ERROR_INVALID_POINTER;
@@ -1354,13 +1078,7 @@
* The destination pointer on success
*/
-NSS_EXTERN void *
-nsslibc_memset
-(
- void *dest,
- PRUint8 byte,
- PRUint32 n
-);
+NSS_EXTERN void *nsslibc_memset(void *dest, PRUint8 byte, PRUint32 n);
extern const NSSError NSS_ERROR_INVALID_POINTER;
@@ -1376,14 +1094,8 @@
* PR_FALSE upon error
*/
-NSS_EXTERN PRBool
-nsslibc_memequal
-(
- const void *a,
- const void *b,
- PRUint32 len,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nsslibc_memequal(const void *a, const void *b, PRUint32 len,
+ PRStatus *statusOpt);
extern const NSSError NSS_ERROR_INVALID_POINTER;
diff --git a/nss/lib/base/baset.h b/nss/lib/base/baset.h
index 3c9f828..3953a75 100644
--- a/nss/lib/base/baset.h
+++ b/nss/lib/base/baset.h
@@ -32,7 +32,7 @@
#ifdef DEBUG
/*
* ARENA_THREADMARK
- *
+ *
* Optionally, this arena implementation can be compiled with some
* runtime checking enabled, which will catch the situation where
* one thread "marks" the arena, another thread allocates memory,
@@ -68,14 +68,13 @@
typedef struct nssListStr nssList;
typedef struct nssListIteratorStr nssListIterator;
-typedef PRBool (* nssListCompareFunc)(void *a, void *b);
-typedef PRIntn (* nssListSortFunc)(void *a, void *b);
-typedef void (* nssListElementDestructorFunc)(void *el);
+typedef PRBool (*nssListCompareFunc)(void *a, void *b);
+typedef PRIntn (*nssListSortFunc)(void *a, void *b);
+typedef void (*nssListElementDestructorFunc)(void *el);
typedef struct nssHashStr nssHash;
-typedef void (PR_CALLBACK *nssHashIterator)(const void *key,
- void *value,
- void *arg);
+typedef void(PR_CALLBACK *nssHashIterator)(const void *key, void *value,
+ void *arg);
/*
* nssPointerTracker
@@ -89,9 +88,9 @@
#ifdef DEBUG
struct nssPointerTrackerStr {
- PRCallOnceType once;
- PZLock *lock;
- PLHashTable *table;
+ PRCallOnceType once;
+ PZLock *lock;
+ PLHashTable *table;
};
typedef struct nssPointerTrackerStr nssPointerTracker;
#endif /* DEBUG */
@@ -107,16 +106,16 @@
*/
enum nssStringTypeEnum {
- nssStringType_DirectoryString,
- nssStringType_TeletexString, /* Not "teletext" with trailing 't' */
- nssStringType_PrintableString,
- nssStringType_UniversalString,
- nssStringType_BMPString,
- nssStringType_UTF8String,
- nssStringType_PHGString,
- nssStringType_GeneralString,
+ nssStringType_DirectoryString,
+ nssStringType_TeletexString, /* Not "teletext" with trailing 't' */
+ nssStringType_PrintableString,
+ nssStringType_UniversalString,
+ nssStringType_BMPString,
+ nssStringType_UTF8String,
+ nssStringType_PHGString,
+ nssStringType_GeneralString,
- nssStringType_Unknown = -1
+ nssStringType_Unknown = -1
};
typedef enum nssStringTypeEnum nssStringType;
diff --git a/nss/lib/base/error.c b/nss/lib/base/error.c
index 807bbd4..ea1d5e3 100644
--- a/nss/lib/base/error.c
+++ b/nss/lib/base/error.c
@@ -5,13 +5,13 @@
/*
* error.c
*
- * This file contains the code implementing the per-thread error
+ * This file contains the code implementing the per-thread error
* stacks upon which most NSS routines report their errors.
*/
#ifndef BASE_H
#include "base.h"
-#endif /* BASE_H */
+#endif /* BASE_H */
#include <limits.h> /* for UINT_MAX */
#include <string.h> /* for memmove */
@@ -25,13 +25,13 @@
*/
struct stack_header_str {
- PRUint16 space;
- PRUint16 count;
+ PRUint16 space;
+ PRUint16 count;
};
struct error_stack_str {
- struct stack_header_str header;
- PRInt32 stack[1];
+ struct stack_header_str header;
+ PRInt32 stack[1];
};
typedef struct error_stack_str error_stack;
@@ -62,9 +62,9 @@
* This is the once-called callback.
*/
static PRStatus
-error_once_function ( void)
+error_once_function(void)
{
- return PR_NewThreadPrivateIndex(&error_stack_index, PR_Free);
+ return PR_NewThreadPrivateIndex(&error_stack_index, PR_Free);
}
/*
@@ -76,48 +76,48 @@
*/
static error_stack *
-error_get_my_stack ( void)
+error_get_my_stack(void)
{
- PRStatus st;
- error_stack *rv;
- PRUintn new_size;
- PRUint32 new_bytes;
- error_stack *new_stack;
+ PRStatus st;
+ error_stack *rv;
+ PRUintn new_size;
+ PRUint32 new_bytes;
+ error_stack *new_stack;
- if( INVALID_TPD_INDEX == error_stack_index ) {
- st = PR_CallOnce(&error_call_once, error_once_function);
- if( PR_SUCCESS != st ) {
- return (error_stack *)NULL;
+ if (INVALID_TPD_INDEX == error_stack_index) {
+ st = PR_CallOnce(&error_call_once, error_once_function);
+ if (PR_SUCCESS != st) {
+ return (error_stack *)NULL;
+ }
}
- }
- rv = (error_stack *)PR_GetThreadPrivate(error_stack_index);
- if( (error_stack *)NULL == rv ) {
- /* Doesn't exist; create one */
- new_size = 16;
- } else if( rv->header.count == rv->header.space &&
- rv->header.count < NSS_MAX_ERROR_STACK_COUNT ) {
- /* Too small, expand it */
- new_size = PR_MIN( rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT);
- } else {
- /* Okay, return it */
- return rv;
- }
-
- new_bytes = (new_size * sizeof(PRInt32)) + sizeof(error_stack);
- /* Use NSPR's calloc/realloc, not NSS's, to avoid loops! */
- new_stack = PR_Calloc(1, new_bytes);
-
- if( (error_stack *)NULL != new_stack ) {
- if( (error_stack *)NULL != rv ) {
- (void)nsslibc_memcpy(new_stack,rv,rv->header.space);
+ rv = (error_stack *)PR_GetThreadPrivate(error_stack_index);
+ if ((error_stack *)NULL == rv) {
+ /* Doesn't exist; create one */
+ new_size = 16;
+ } else if (rv->header.count == rv->header.space &&
+ rv->header.count < NSS_MAX_ERROR_STACK_COUNT) {
+ /* Too small, expand it */
+ new_size = PR_MIN(rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT);
+ } else {
+ /* Okay, return it */
+ return rv;
}
- new_stack->header.space = new_size;
- }
- /* Set the value, whether or not the allocation worked */
- PR_SetThreadPrivate(error_stack_index, new_stack);
- return new_stack;
+ new_bytes = (new_size * sizeof(PRInt32)) + sizeof(error_stack);
+ /* Use NSPR's calloc/realloc, not NSS's, to avoid loops! */
+ new_stack = PR_Calloc(1, new_bytes);
+
+ if ((error_stack *)NULL != new_stack) {
+ if ((error_stack *)NULL != rv) {
+ (void)nsslibc_memcpy(new_stack, rv, rv->header.space);
+ }
+ new_stack->header.space = new_size;
+ }
+
+ /* Set the value, whether or not the allocation worked */
+ PR_SetThreadPrivate(error_stack_index, new_stack);
+ return new_stack;
}
/*
@@ -151,19 +151,19 @@
*/
NSS_IMPLEMENT PRInt32
-NSS_GetError ( void)
+NSS_GetError(void)
{
- error_stack *es = error_get_my_stack();
+ error_stack *es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- return NSS_ERROR_NO_MEMORY; /* Good guess! */
- }
+ if ((error_stack *)NULL == es) {
+ return NSS_ERROR_NO_MEMORY; /* Good guess! */
+ }
- if( 0 == es->header.count ) {
- return 0;
- }
+ if (0 == es->header.count) {
+ return 0;
+ }
- return es->stack[ es->header.count-1 ];
+ return es->stack[es->header.count - 1];
}
/*
@@ -174,7 +174,7 @@
* library routine called by the same thread calling this routine.
* NOTE: the caller DOES NOT OWN the memory pointed to by the return
* value. The pointer will remain valid until the calling thread
- * calls another NSS routine. The lowest-level (most specific) error
+ * calls another NSS routine. The lowest-level (most specific) error
* is first in the array, and the highest-level is last. The array is
* zero-terminated. This routine may return NULL upon error; this
* indicates a low-memory situation.
@@ -185,52 +185,52 @@
*/
NSS_IMPLEMENT PRInt32 *
-NSS_GetErrorStack ( void)
+NSS_GetErrorStack(void)
{
- error_stack *es = error_get_my_stack();
+ error_stack *es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- return (PRInt32 *)NULL;
- }
+ if ((error_stack *)NULL == es) {
+ return (PRInt32 *)NULL;
+ }
- /* Make sure it's terminated */
- es->stack[ es->header.count ] = 0;
+ /* Make sure it's terminated */
+ es->stack[es->header.count] = 0;
- return es->stack;
+ return es->stack;
}
/*
* nss_SetError
*
- * This routine places a new error code on the top of the calling
+ * This routine places a new error code on the top of the calling
* thread's error stack. Calling this routine wiht an error code
* of zero will clear the error stack.
*/
NSS_IMPLEMENT void
-nss_SetError ( PRUint32 error)
+nss_SetError(PRUint32 error)
{
- error_stack *es;
+ error_stack *es;
- if( 0 == error ) {
- nss_ClearErrorStack();
+ if (0 == error) {
+ nss_ClearErrorStack();
+ return;
+ }
+
+ es = error_get_my_stack();
+ if ((error_stack *)NULL == es) {
+ /* Oh, well. */
+ return;
+ }
+
+ if (es->header.count < es->header.space) {
+ es->stack[es->header.count++] = error;
+ } else {
+ memmove(es->stack, es->stack + 1,
+ (es->header.space - 1) * (sizeof es->stack[0]));
+ es->stack[es->header.space - 1] = error;
+ }
return;
- }
-
- es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- /* Oh, well. */
- return;
- }
-
- if (es->header.count < es->header.space) {
- es->stack[ es->header.count++ ] = error;
- } else {
- memmove(es->stack, es->stack + 1,
- (es->header.space - 1) * (sizeof es->stack[0]));
- es->stack[ es->header.space - 1 ] = error;
- }
- return;
}
/*
@@ -240,17 +240,17 @@
*/
NSS_IMPLEMENT void
-nss_ClearErrorStack ( void)
+nss_ClearErrorStack(void)
{
- error_stack *es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- /* Oh, well. */
- return;
- }
+ error_stack *es = error_get_my_stack();
+ if ((error_stack *)NULL == es) {
+ /* Oh, well. */
+ return;
+ }
- es->header.count = 0;
- es->stack[0] = 0;
- return;
+ es->header.count = 0;
+ es->stack[0] = 0;
+ return;
}
/*
@@ -260,10 +260,10 @@
*/
NSS_IMPLEMENT void
-nss_DestroyErrorStack ( void)
+nss_DestroyErrorStack(void)
{
- if( INVALID_TPD_INDEX != error_stack_index ) {
- PR_SetThreadPrivate(error_stack_index, NULL);
- }
- return;
+ if (INVALID_TPD_INDEX != error_stack_index) {
+ PR_SetThreadPrivate(error_stack_index, NULL);
+ }
+ return;
}
diff --git a/nss/lib/base/errorval.c b/nss/lib/base/errorval.c
index 4e6f555..b7045a3 100644
--- a/nss/lib/base/errorval.c
+++ b/nss/lib/base/errorval.c
@@ -12,6 +12,8 @@
#include "nssbaset.h"
#endif /* NSSBASET_H */
+/* clang-format off */
+
const NSSError NSS_ERROR_NO_ERROR = 0;
const NSSError NSS_ERROR_INTERNAL_ERROR = 1;
const NSSError NSS_ERROR_NO_MEMORY = 2;
@@ -60,3 +62,4 @@
const NSSError NSS_ERROR_PKCS11 = 38;
+/* clang-format on */
\ No newline at end of file
diff --git a/nss/lib/base/hash.c b/nss/lib/base/hash.c
index 7eaaf6f..f9ee758 100644
--- a/nss/lib/base/hash.c
+++ b/nss/lib/base/hash.c
@@ -32,48 +32,42 @@
*/
struct nssHashStr {
- NSSArena *arena;
- PRBool i_alloced_arena;
- PRLock *mutex;
+ NSSArena *arena;
+ PRBool i_alloced_arena;
+ PRLock *mutex;
- /*
- * The invariant that mutex protects is:
- * The count accurately reflects the hashtable state.
- */
+ /*
+ * The invariant that mutex protects is:
+ * The count accurately reflects the hashtable state.
+ */
- PLHashTable *plHashTable;
- PRUint32 count;
+ PLHashTable *plHashTable;
+ PRUint32 count;
};
static PLHashNumber
-nss_identity_hash
-(
- const void *key
-)
+nss_identity_hash(const void *key)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
static PLHashNumber
-nss_item_hash
-(
- const void *key
-)
+nss_item_hash(const void *key)
{
- unsigned int i;
- PLHashNumber h;
- NSSItem *it = (NSSItem *)key;
- h = 0;
- for (i=0; i<it->size; i++)
- h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)it->data)[i];
- return h;
+ unsigned int i;
+ PLHashNumber h;
+ NSSItem *it = (NSSItem *)key;
+ h = 0;
+ for (i = 0; i < it->size; i++)
+ h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)it->data)[i];
+ return h;
}
static int
nss_compare_items(const void *v1, const void *v2)
{
- PRStatus ignore;
- return (int)nssItem_Equal((NSSItem *)v1, (NSSItem *)v2, &ignore);
+ PRStatus ignore;
+ return (int)nssItem_Equal((NSSItem *)v1, (NSSItem *)v2, &ignore);
}
/*
@@ -81,60 +75,54 @@
*
*/
NSS_IMPLEMENT nssHash *
-nssHash_Create
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets,
- PLHashFunction keyHash,
- PLHashComparator keyCompare,
- PLHashComparator valueCompare
-)
+nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets, PLHashFunction keyHash,
+ PLHashComparator keyCompare, PLHashComparator valueCompare)
{
- nssHash *rv;
- NSSArena *arena;
- PRBool i_alloced;
+ nssHash *rv;
+ NSSArena *arena;
+ PRBool i_alloced;
#ifdef NSSDEBUG
- if( arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (nssHash *)NULL;
- }
+ if (arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (nssHash *)NULL;
+ }
#endif /* NSSDEBUG */
- if (arenaOpt) {
- arena = arenaOpt;
- i_alloced = PR_FALSE;
- } else {
- arena = nssArena_Create();
- i_alloced = PR_TRUE;
- }
+ if (arenaOpt) {
+ arena = arenaOpt;
+ i_alloced = PR_FALSE;
+ } else {
+ arena = nssArena_Create();
+ i_alloced = PR_TRUE;
+ }
- rv = nss_ZNEW(arena, nssHash);
- if( (nssHash *)NULL == rv ) {
- goto loser;
- }
+ rv = nss_ZNEW(arena, nssHash);
+ if ((nssHash *)NULL == rv) {
+ goto loser;
+ }
- rv->mutex = PZ_NewLock(nssILockOther);
- if( (PZLock *)NULL == rv->mutex ) {
- goto loser;
- }
+ rv->mutex = PZ_NewLock(nssILockOther);
+ if ((PZLock *)NULL == rv->mutex) {
+ goto loser;
+ }
- rv->plHashTable = PL_NewHashTable(numBuckets,
- keyHash, keyCompare, valueCompare,
- &nssArenaHashAllocOps, arena);
- if( (PLHashTable *)NULL == rv->plHashTable ) {
- (void)PZ_DestroyLock(rv->mutex);
- goto loser;
- }
+ rv->plHashTable =
+ PL_NewHashTable(numBuckets, keyHash, keyCompare, valueCompare,
+ &nssArenaHashAllocOps, arena);
+ if ((PLHashTable *)NULL == rv->plHashTable) {
+ (void)PZ_DestroyLock(rv->mutex);
+ goto loser;
+ }
- rv->count = 0;
- rv->arena = arena;
- rv->i_alloced_arena = i_alloced;
+ rv->count = 0;
+ rv->arena = arena;
+ rv->i_alloced_arena = i_alloced;
- return rv;
+ return rv;
loser:
- (void)nss_ZFreeIf(rv);
- return (nssHash *)NULL;
+ (void)nss_ZFreeIf(rv);
+ return (nssHash *)NULL;
}
/*
@@ -142,14 +130,10 @@
*
*/
NSS_IMPLEMENT nssHash *
-nssHash_CreatePointer
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-)
+nssHash_CreatePointer(NSSArena *arenaOpt, PRUint32 numBuckets)
{
- return nssHash_Create(arenaOpt, numBuckets,
- nss_identity_hash, PL_CompareValues, PL_CompareValues);
+ return nssHash_Create(arenaOpt, numBuckets, nss_identity_hash,
+ PL_CompareValues, PL_CompareValues);
}
/*
@@ -157,14 +141,10 @@
*
*/
NSS_IMPLEMENT nssHash *
-nssHash_CreateString
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-)
+nssHash_CreateString(NSSArena *arenaOpt, PRUint32 numBuckets)
{
- return nssHash_Create(arenaOpt, numBuckets,
- PL_HashString, PL_CompareStrings, PL_CompareStrings);
+ return nssHash_Create(arenaOpt, numBuckets, PL_HashString,
+ PL_CompareStrings, PL_CompareStrings);
}
/*
@@ -172,14 +152,10 @@
*
*/
NSS_IMPLEMENT nssHash *
-nssHash_CreateItem
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-)
+nssHash_CreateItem(NSSArena *arenaOpt, PRUint32 numBuckets)
{
- return nssHash_Create(arenaOpt, numBuckets,
- nss_item_hash, nss_compare_items, PL_CompareValues);
+ return nssHash_Create(arenaOpt, numBuckets, nss_item_hash,
+ nss_compare_items, PL_CompareValues);
}
/*
@@ -187,18 +163,15 @@
*
*/
NSS_IMPLEMENT void
-nssHash_Destroy
-(
- nssHash *hash
-)
+nssHash_Destroy(nssHash *hash)
{
- (void)PZ_DestroyLock(hash->mutex);
- PL_HashTableDestroy(hash->plHashTable);
- if (hash->i_alloced_arena) {
- nssArena_Destroy(hash->arena);
- } else {
- nss_ZFreeIf(hash);
- }
+ (void)PZ_DestroyLock(hash->mutex);
+ PL_HashTableDestroy(hash->plHashTable);
+ if (hash->i_alloced_arena) {
+ nssArena_Destroy(hash->arena);
+ } else {
+ nss_ZFreeIf(hash);
+ }
}
/*
@@ -206,31 +179,26 @@
*
*/
NSS_IMPLEMENT PRStatus
-nssHash_Add
-(
- nssHash *hash,
- const void *key,
- const void *value
-)
+nssHash_Add(nssHash *hash, const void *key, const void *value)
{
- PRStatus error = PR_FAILURE;
- PLHashEntry *he;
+ PRStatus error = PR_FAILURE;
+ PLHashEntry *he;
- PZ_Lock(hash->mutex);
-
- he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
- if( (PLHashEntry *)NULL == he ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- } else if (he->value != value) {
- nss_SetError(NSS_ERROR_HASH_COLLISION);
- } else {
- hash->count++;
- error = PR_SUCCESS;
- }
+ PZ_Lock(hash->mutex);
- (void)PZ_Unlock(hash->mutex);
+ he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
+ if ((PLHashEntry *)NULL == he) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ } else if (he->value != value) {
+ nss_SetError(NSS_ERROR_HASH_COLLISION);
+ } else {
+ hash->count++;
+ error = PR_SUCCESS;
+ }
- return error;
+ (void)PZ_Unlock(hash->mutex);
+
+ return error;
}
/*
@@ -238,23 +206,19 @@
*
*/
NSS_IMPLEMENT void
-nssHash_Remove
-(
- nssHash *hash,
- const void *it
-)
+nssHash_Remove(nssHash *hash, const void *it)
{
- PRBool found;
+ PRBool found;
- PZ_Lock(hash->mutex);
+ PZ_Lock(hash->mutex);
- found = PL_HashTableRemove(hash->plHashTable, it);
- if( found ) {
- hash->count--;
- }
+ found = PL_HashTableRemove(hash->plHashTable, it);
+ if (found) {
+ hash->count--;
+ }
- (void)PZ_Unlock(hash->mutex);
- return;
+ (void)PZ_Unlock(hash->mutex);
+ return;
}
/*
@@ -262,20 +226,17 @@
*
*/
NSS_IMPLEMENT PRUint32
-nssHash_Count
-(
- nssHash *hash
-)
+nssHash_Count(nssHash *hash)
{
- PRUint32 count;
+ PRUint32 count;
- PZ_Lock(hash->mutex);
+ PZ_Lock(hash->mutex);
- count = hash->count;
+ count = hash->count;
- (void)PZ_Unlock(hash->mutex);
+ (void)PZ_Unlock(hash->mutex);
- return count;
+ return count;
}
/*
@@ -283,25 +244,21 @@
*
*/
NSS_IMPLEMENT PRBool
-nssHash_Exists
-(
- nssHash *hash,
- const void *it
-)
+nssHash_Exists(nssHash *hash, const void *it)
{
- void *value;
+ void *value;
- PZ_Lock(hash->mutex);
+ PZ_Lock(hash->mutex);
- value = PL_HashTableLookup(hash->plHashTable, it);
+ value = PL_HashTableLookup(hash->plHashTable, it);
- (void)PZ_Unlock(hash->mutex);
+ (void)PZ_Unlock(hash->mutex);
- if( (void *)NULL == value ) {
- return PR_FALSE;
- } else {
- return PR_TRUE;
- }
+ if ((void *)NULL == value) {
+ return PR_FALSE;
+ } else {
+ return PR_TRUE;
+ }
}
/*
@@ -309,39 +266,30 @@
*
*/
NSS_IMPLEMENT void *
-nssHash_Lookup
-(
- nssHash *hash,
- const void *it
-)
+nssHash_Lookup(nssHash *hash, const void *it)
{
- void *rv;
+ void *rv;
- PZ_Lock(hash->mutex);
+ PZ_Lock(hash->mutex);
- rv = PL_HashTableLookup(hash->plHashTable, it);
+ rv = PL_HashTableLookup(hash->plHashTable, it);
- (void)PZ_Unlock(hash->mutex);
+ (void)PZ_Unlock(hash->mutex);
- return rv;
+ return rv;
}
struct arg_str {
- nssHashIterator fcn;
- void *closure;
+ nssHashIterator fcn;
+ void *closure;
};
static PRIntn
-nss_hash_enumerator
-(
- PLHashEntry *he,
- PRIntn index,
- void *arg
-)
+nss_hash_enumerator(PLHashEntry *he, PRIntn index, void *arg)
{
- struct arg_str *as = (struct arg_str *)arg;
- as->fcn(he->key, he->value, as->closure);
- return HT_ENUMERATE_NEXT;
+ struct arg_str *as = (struct arg_str *)arg;
+ as->fcn(he->key, he->value, as->closure);
+ return HT_ENUMERATE_NEXT;
}
/*
@@ -350,22 +298,17 @@
* NOTE that the iteration function will be called with the hashtable locked.
*/
NSS_IMPLEMENT void
-nssHash_Iterate
-(
- nssHash *hash,
- nssHashIterator fcn,
- void *closure
-)
+nssHash_Iterate(nssHash *hash, nssHashIterator fcn, void *closure)
{
- struct arg_str as;
- as.fcn = fcn;
- as.closure = closure;
+ struct arg_str as;
+ as.fcn = fcn;
+ as.closure = closure;
- PZ_Lock(hash->mutex);
+ PZ_Lock(hash->mutex);
- PL_HashTableEnumerateEntries(hash->plHashTable, nss_hash_enumerator, &as);
+ PL_HashTableEnumerateEntries(hash->plHashTable, nss_hash_enumerator, &as);
- (void)PZ_Unlock(hash->mutex);
+ (void)PZ_Unlock(hash->mutex);
- return;
+ return;
}
diff --git a/nss/lib/base/hashops.c b/nss/lib/base/hashops.c
index dd048ef..57b30dd 100644
--- a/nss/lib/base/hashops.c
+++ b/nss/lib/base/hashops.c
@@ -12,73 +12,53 @@
#include "base.h"
#endif /* BASE_H */
-static void * PR_CALLBACK
-nss_arena_hash_alloc_table
-(
- void *pool,
- PRSize size
-)
+static void *PR_CALLBACK
+nss_arena_hash_alloc_table(void *pool, PRSize size)
{
- NSSArena *arena = (NSSArena *)NULL;
+ NSSArena *arena = (NSSArena *)NULL;
#ifdef NSSDEBUG
- if( (void *)NULL != arena ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return (void *)NULL;
+ if ((void *)NULL != arena) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return (void *)NULL;
+ }
}
- }
#endif /* NSSDEBUG */
- return nss_ZAlloc(arena, size);
+ return nss_ZAlloc(arena, size);
}
static void PR_CALLBACK
-nss_arena_hash_free_table
-(
- void *pool,
- void *item
-)
+nss_arena_hash_free_table(void *pool, void *item)
{
- (void)nss_ZFreeIf(item);
+ (void)nss_ZFreeIf(item);
}
-static PLHashEntry * PR_CALLBACK
-nss_arena_hash_alloc_entry
-(
- void *pool,
- const void *key
-)
+static PLHashEntry *PR_CALLBACK
+nss_arena_hash_alloc_entry(void *pool, const void *key)
{
- NSSArena *arena = NULL;
+ NSSArena *arena = NULL;
#ifdef NSSDEBUG
- if( (void *)NULL != arena ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return (void *)NULL;
+ if ((void *)NULL != arena) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return (void *)NULL;
+ }
}
- }
#endif /* NSSDEBUG */
- return nss_ZNEW(arena, PLHashEntry);
+ return nss_ZNEW(arena, PLHashEntry);
}
static void PR_CALLBACK
-nss_arena_hash_free_entry
-(
- void *pool,
- PLHashEntry *he,
- PRUintn flag
-)
+nss_arena_hash_free_entry(void *pool, PLHashEntry *he, PRUintn flag)
{
- if( HT_FREE_ENTRY == flag ) {
- (void)nss_ZFreeIf(he);
- }
+ if (HT_FREE_ENTRY == flag) {
+ (void)nss_ZFreeIf(he);
+ }
}
-NSS_IMPLEMENT_DATA PLHashAllocOps
-nssArenaHashAllocOps = {
- nss_arena_hash_alloc_table,
- nss_arena_hash_free_table,
- nss_arena_hash_alloc_entry,
- nss_arena_hash_free_entry
+NSS_IMPLEMENT_DATA PLHashAllocOps nssArenaHashAllocOps = {
+ nss_arena_hash_alloc_table, nss_arena_hash_free_table,
+ nss_arena_hash_alloc_entry, nss_arena_hash_free_entry
};
diff --git a/nss/lib/base/item.c b/nss/lib/base/item.c
index dd463dc..a1bb802 100644
--- a/nss/lib/base/item.c
+++ b/nss/lib/base/item.c
@@ -22,78 +22,69 @@
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
* NSS_ERROR_INVALID_POINTER
- *
+ *
* Return value:
* A pointer to an NSSItem upon success
* NULL upon failure
*/
NSS_IMPLEMENT NSSItem *
-nssItem_Create
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- PRUint32 length,
- const void *data
-)
+nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt, PRUint32 length,
+ const void *data)
{
- NSSItem *rv = (NSSItem *)NULL;
+ NSSItem *rv = (NSSItem *)NULL;
#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSItem *)NULL;
+ }
}
- }
- if( (const void *)NULL == data ) {
- if( length > 0 ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSItem *)NULL;
+ if ((const void *)NULL == data) {
+ if (length > 0) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (NSSItem *)NULL;
+ }
}
- }
#endif /* DEBUG */
- if( (NSSItem *)NULL == rvOpt ) {
- rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
- if( (NSSItem *)NULL == rv ) {
- goto loser;
+ if ((NSSItem *)NULL == rvOpt) {
+ rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
+ if ((NSSItem *)NULL == rv) {
+ goto loser;
+ }
+ } else {
+ rv = rvOpt;
}
- } else {
- rv = rvOpt;
- }
- rv->size = length;
- rv->data = nss_ZAlloc(arenaOpt, length);
- if( (void *)NULL == rv->data ) {
- goto loser;
- }
+ rv->size = length;
+ rv->data = nss_ZAlloc(arenaOpt, length);
+ if ((void *)NULL == rv->data) {
+ goto loser;
+ }
- if( length > 0 ) {
- (void)nsslibc_memcpy(rv->data, data, length);
- }
+ if (length > 0) {
+ (void)nsslibc_memcpy(rv->data, data, length);
+ }
- return rv;
+ return rv;
- loser:
- if( rv != rvOpt ) {
- nss_ZFreeIf(rv);
- }
+loser:
+ if (rv != rvOpt) {
+ nss_ZFreeIf(rv);
+ }
- return (NSSItem *)NULL;
+ return (NSSItem *)NULL;
}
NSS_IMPLEMENT void
-nssItem_Destroy
-(
- NSSItem *item
-)
+nssItem_Destroy(NSSItem *item)
{
- nss_ClearErrorStack();
+ nss_ClearErrorStack();
- nss_ZFreeIf(item->data);
- nss_ZFreeIf(item);
-
+ nss_ZFreeIf(item->data);
+ nss_ZFreeIf(item);
}
/*
@@ -106,34 +97,29 @@
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
* NSS_ERROR_INVALID_ITEM
- *
+ *
* Return value:
* A pointer to an NSSItem upon success
* NULL upon failure
*/
NSS_IMPLEMENT NSSItem *
-nssItem_Duplicate
-(
- NSSItem *obj,
- NSSArena *arenaOpt,
- NSSItem *rvOpt
-)
+nssItem_Duplicate(NSSItem *obj, NSSArena *arenaOpt, NSSItem *rvOpt)
{
#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSItem *)NULL;
+ }
}
- }
- if( (NSSItem *)NULL == obj ) {
- nss_SetError(NSS_ERROR_INVALID_ITEM);
- return (NSSItem *)NULL;
- }
+ if ((NSSItem *)NULL == obj) {
+ nss_SetError(NSS_ERROR_INVALID_ITEM);
+ return (NSSItem *)NULL;
+ }
#endif /* DEBUG */
- return nssItem_Create(arenaOpt, rvOpt, obj->size, obj->data);
+ return nssItem_Create(arenaOpt, rvOpt, obj->size, obj->data);
}
#ifdef DEBUG
@@ -151,18 +137,15 @@
*/
NSS_IMPLEMENT PRStatus
-nssItem_verifyPointer
-(
- const NSSItem *item
-)
+nssItem_verifyPointer(const NSSItem *item)
{
- if( ((const NSSItem *)NULL == item) ||
- (((void *)NULL == item->data) && (item->size > 0)) ) {
- nss_SetError(NSS_ERROR_INVALID_ITEM);
- return PR_FAILURE;
- }
+ if (((const NSSItem *)NULL == item) ||
+ (((void *)NULL == item->data) && (item->size > 0))) {
+ nss_SetError(NSS_ERROR_INVALID_ITEM);
+ return PR_FAILURE;
+ }
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
#endif /* DEBUG */
@@ -181,28 +164,23 @@
*/
NSS_IMPLEMENT PRBool
-nssItem_Equal
-(
- const NSSItem *one,
- const NSSItem *two,
- PRStatus *statusOpt
-)
+nssItem_Equal(const NSSItem *one, const NSSItem *two, PRStatus *statusOpt)
{
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- if( ((const NSSItem *)NULL == one) && ((const NSSItem *)NULL == two) ) {
- return PR_TRUE;
- }
+ if (((const NSSItem *)NULL == one) && ((const NSSItem *)NULL == two)) {
+ return PR_TRUE;
+ }
- if( ((const NSSItem *)NULL == one) || ((const NSSItem *)NULL == two) ) {
- return PR_FALSE;
- }
+ if (((const NSSItem *)NULL == one) || ((const NSSItem *)NULL == two)) {
+ return PR_FALSE;
+ }
- if( one->size != two->size ) {
- return PR_FALSE;
- }
+ if (one->size != two->size) {
+ return PR_FALSE;
+ }
- return nsslibc_memequal(one->data, two->data, one->size, statusOpt);
+ return nsslibc_memequal(one->data, two->data, one->size, statusOpt);
}
diff --git a/nss/lib/base/libc.c b/nss/lib/base/libc.c
index 93a7627..7954a31 100644
--- a/nss/lib/base/libc.c
+++ b/nss/lib/base/libc.c
@@ -5,10 +5,10 @@
/*
* libc.c
*
- * This file contains our wrappers/reimplementations for "standard"
- * libc functions. Things like "memcpy." We add to this as we need
- * it. Oh, and let's keep it in alphabetical order, should it ever
- * get large. Most string/character stuff should be in utf8.c, not
+ * This file contains our wrappers/reimplementations for "standard"
+ * libc functions. Things like "memcpy." We add to this as we need
+ * it. Oh, and let's keep it in alphabetical order, should it ever
+ * get large. Most string/character stuff should be in utf8.c, not
* here. This file (and maybe utf8.c) should be the only ones in
* NSS to include files with angle brackets.
*/
@@ -38,21 +38,16 @@
*/
NSS_IMPLEMENT void *
-nsslibc_memcpy
-(
- void *dest,
- const void *source,
- PRUint32 n
-)
+nsslibc_memcpy(void *dest, const void *source, PRUint32 n)
{
#ifdef NSSDEBUG
- if( ((void *)NULL == dest) || ((const void *)NULL == source) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
+ if (((void *)NULL == dest) || ((const void *)NULL == source)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (void *)NULL;
+ }
#endif /* NSSDEBUG */
- return memcpy(dest, source, (size_t)n);
+ return memcpy(dest, source, (size_t)n);
}
/*
@@ -67,21 +62,16 @@
*/
NSS_IMPLEMENT void *
-nsslibc_memset
-(
- void *dest,
- PRUint8 byte,
- PRUint32 n
-)
+nsslibc_memset(void *dest, PRUint8 byte, PRUint32 n)
{
#ifdef NSSDEBUG
- if( ((void *)NULL == dest) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
+ if (((void *)NULL == dest)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (void *)NULL;
+ }
#endif /* NSSDEBUG */
- return memset(dest, (int)byte, (size_t)n);
+ return memset(dest, (int)byte, (size_t)n);
}
/*
@@ -97,33 +87,28 @@
*/
NSS_IMPLEMENT PRBool
-nsslibc_memequal
-(
- const void *a,
- const void *b,
- PRUint32 len,
- PRStatus *statusOpt
-)
+nsslibc_memequal(const void *a, const void *b, PRUint32 len,
+ PRStatus *statusOpt)
{
#ifdef NSSDEBUG
- if( (((void *)NULL == a) || ((void *)NULL == b)) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if ((((void *)NULL == a) || ((void *)NULL == b))) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return PR_FALSE;
}
- return PR_FALSE;
- }
#endif /* NSSDEBUG */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- if( 0 == memcmp(a, b, len) ) {
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
+ if (0 == memcmp(a, b, len)) {
+ return PR_TRUE;
+ } else {
+ return PR_FALSE;
+ }
}
/*
@@ -131,32 +116,26 @@
*/
NSS_IMPLEMENT PRInt32
-nsslibc_memcmp
-(
- const void *a,
- const void *b,
- PRUint32 len,
- PRStatus *statusOpt
-)
+nsslibc_memcmp(const void *a, const void *b, PRUint32 len, PRStatus *statusOpt)
{
- int v;
+ int v;
#ifdef NSSDEBUG
- if( (((void *)NULL == a) || ((void *)NULL == b)) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if ((((void *)NULL == a) || ((void *)NULL == b))) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return -2;
}
- return -2;
- }
#endif /* NSSDEBUG */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- v = memcmp(a, b, len);
- return (PRInt32)v;
+ v = memcmp(a, b, len);
+ return (PRInt32)v;
}
/*
diff --git a/nss/lib/base/list.c b/nss/lib/base/list.c
index 5f34923..0173b85 100644
--- a/nss/lib/base/list.c
+++ b/nss/lib/base/list.c
@@ -13,19 +13,19 @@
#endif /* BASE_H */
struct nssListElementStr {
- PRCList link;
- void *data;
+ PRCList link;
+ void *data;
};
typedef struct nssListElementStr nssListElement;
struct nssListStr {
- NSSArena *arena;
- PZLock *lock;
+ NSSArena *arena;
+ PZLock *lock;
nssListElement *head;
- PRUint32 count;
+ PRUint32 count;
nssListCompareFunc compareFunc;
- nssListSortFunc sortFunc;
+ nssListSortFunc sortFunc;
PRBool i_alloced_arena;
};
@@ -35,11 +35,13 @@
nssListElement *current;
};
-#define NSSLIST_LOCK_IF(list) \
- if ((list)->lock) PZ_Lock((list)->lock)
+#define NSSLIST_LOCK_IF(list) \
+ if ((list)->lock) \
+ PZ_Lock((list)->lock)
-#define NSSLIST_UNLOCK_IF(list) \
- if ((list)->lock) PZ_Unlock((list)->lock)
+#define NSSLIST_UNLOCK_IF(list) \
+ if ((list)->lock) \
+ PZ_Unlock((list)->lock)
static PRBool
pointer_compare(void *a, void *b)
@@ -54,61 +56,57 @@
nssListElement *node;
node = list->head;
if (!node) {
- return NULL;
+ return NULL;
}
link = &node->link;
while (node) {
- /* using a callback slows things down when it's just compare ... */
- if (list->compareFunc(node->data, data)) {
- break;
- }
- link = &node->link;
- if (link == PR_LIST_TAIL(&list->head->link)) {
- node = NULL;
- break;
- }
- node = (nssListElement *)PR_NEXT_LINK(&node->link);
+ /* using a callback slows things down when it's just compare ... */
+ if (list->compareFunc(node->data, data)) {
+ break;
+ }
+ link = &node->link;
+ if (link == PR_LIST_TAIL(&list->head->link)) {
+ node = NULL;
+ break;
+ }
+ node = (nssListElement *)PR_NEXT_LINK(&node->link);
}
return node;
}
NSS_IMPLEMENT nssList *
-nssList_Create
-(
- NSSArena *arenaOpt,
- PRBool threadSafe
-)
+nssList_Create(NSSArena *arenaOpt, PRBool threadSafe)
{
NSSArena *arena;
nssList *list;
PRBool i_alloced;
if (arenaOpt) {
- arena = arenaOpt;
- i_alloced = PR_FALSE;
+ arena = arenaOpt;
+ i_alloced = PR_FALSE;
} else {
- arena = nssArena_Create();
- i_alloced = PR_TRUE;
+ arena = nssArena_Create();
+ i_alloced = PR_TRUE;
}
if (!arena) {
- return (nssList *)NULL;
+ return (nssList *)NULL;
}
list = nss_ZNEW(arena, nssList);
if (!list) {
- if (!arenaOpt) {
- NSSArena_Destroy(arena);
- }
- return (nssList *)NULL;
+ if (!arenaOpt) {
+ NSSArena_Destroy(arena);
+ }
+ return (nssList *)NULL;
}
if (threadSafe) {
- list->lock = PZ_NewLock(nssILockOther);
- if (!list->lock) {
- if (arenaOpt) {
- nss_ZFreeIf(list);
- } else {
- NSSArena_Destroy(arena);
- }
- return (nssList *)NULL;
- }
+ list->lock = PZ_NewLock(nssILockOther);
+ if (!list->lock) {
+ if (arenaOpt) {
+ nss_ZFreeIf(list);
+ } else {
+ NSSArena_Destroy(arena);
+ }
+ return (nssList *)NULL;
+ }
}
list->arena = arena;
list->i_alloced_arena = i_alloced;
@@ -120,14 +118,14 @@
nssList_Destroy(nssList *list)
{
if (!list->i_alloced_arena) {
- nssList_Clear(list, NULL);
+ nssList_Clear(list, NULL);
}
if (list->lock) {
- (void)PZ_DestroyLock(list->lock);
+ (void)PZ_DestroyLock(list->lock);
}
if (list->i_alloced_arena) {
- NSSArena_Destroy(list->arena);
- list = NULL;
+ NSSArena_Destroy(list->arena);
+ list = NULL;
}
nss_ZFreeIf(list);
return PR_SUCCESS;
@@ -161,13 +159,14 @@
node = list->head;
list->head = NULL;
while (node && list->count > 0) {
- if (destructor) (*destructor)(node->data);
- link = &node->link;
- tmp = (nssListElement *)PR_NEXT_LINK(link);
- PR_REMOVE_LINK(link);
- nss_ZFreeIf(node);
- node = tmp;
- --list->count;
+ if (destructor)
+ (*destructor)(node->data);
+ link = &node->link;
+ tmp = (nssListElement *)PR_NEXT_LINK(link);
+ PR_REMOVE_LINK(link);
+ nss_ZFreeIf(node);
+ node = tmp;
+ --list->count;
}
NSSLIST_UNLOCK_IF(list);
}
@@ -177,38 +176,39 @@
{
nssListElement *node = nss_ZNEW(list->arena, nssListElement);
if (!node) {
- return PR_FAILURE;
+ return PR_FAILURE;
}
PR_INIT_CLIST(&node->link);
node->data = data;
if (list->head) {
- if (list->sortFunc) {
- PRCList *link;
- nssListElement *currNode;
- currNode = list->head;
- /* insert in ordered list */
- while (currNode) {
- link = &currNode->link;
- if (list->sortFunc(data, currNode->data) <= 0) {
- /* new element goes before current node */
- PR_INSERT_BEFORE(&node->link, link);
- /* reset head if this is first */
- if (currNode == list->head) list->head = node;
- break;
- }
- if (link == PR_LIST_TAIL(&list->head->link)) {
- /* reached end of list, append */
- PR_INSERT_AFTER(&node->link, link);
- break;
- }
- currNode = (nssListElement *)PR_NEXT_LINK(&currNode->link);
- }
- } else {
- /* not sorting */
- PR_APPEND_LINK(&node->link, &list->head->link);
- }
+ if (list->sortFunc) {
+ PRCList *link;
+ nssListElement *currNode;
+ currNode = list->head;
+ /* insert in ordered list */
+ while (currNode) {
+ link = &currNode->link;
+ if (list->sortFunc(data, currNode->data) <= 0) {
+ /* new element goes before current node */
+ PR_INSERT_BEFORE(&node->link, link);
+ /* reset head if this is first */
+ if (currNode == list->head)
+ list->head = node;
+ break;
+ }
+ if (link == PR_LIST_TAIL(&list->head->link)) {
+ /* reached end of list, append */
+ PR_INSERT_AFTER(&node->link, link);
+ break;
+ }
+ currNode = (nssListElement *)PR_NEXT_LINK(&currNode->link);
+ }
+ } else {
+ /* not sorting */
+ PR_APPEND_LINK(&node->link, &list->head->link);
+ }
} else {
- list->head = node;
+ list->head = node;
}
++list->count;
return PR_SUCCESS;
@@ -231,9 +231,9 @@
NSSLIST_LOCK_IF(list);
node = nsslist_get_matching_element(list, data);
if (node) {
- /* already in, finish */
- NSSLIST_UNLOCK_IF(list);
- return PR_SUCCESS;
+ /* already in, finish */
+ NSSLIST_UNLOCK_IF(list);
+ return PR_SUCCESS;
}
nssrv = nsslist_add_element(list, data);
NSSLIST_UNLOCK_IF(list);
@@ -247,14 +247,14 @@
NSSLIST_LOCK_IF(list);
node = nsslist_get_matching_element(list, data);
if (node) {
- if (node == list->head) {
- list->head = (nssListElement *)PR_NEXT_LINK(&node->link);
- }
- PR_REMOVE_LINK(&node->link);
- nss_ZFreeIf(node);
- if (--list->count == 0) {
- list->head = NULL;
- }
+ if (node == list->head) {
+ list->head = (nssListElement *)PR_NEXT_LINK(&node->link);
+ }
+ PR_REMOVE_LINK(&node->link);
+ nss_ZFreeIf(node);
+ if (--list->count == 0) {
+ list->head = NULL;
+ }
}
NSSLIST_UNLOCK_IF(list);
return PR_SUCCESS;
@@ -284,16 +284,17 @@
PR_ASSERT(maxElements > 0);
node = list->head;
if (!node) {
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
NSSLIST_LOCK_IF(list);
while (node) {
- rvArray[i++] = node->data;
- if (i == maxElements) break;
- node = (nssListElement *)PR_NEXT_LINK(&node->link);
- if (node == list->head) {
- break;
- }
+ rvArray[i++] = node->data;
+ if (i == maxElements)
+ break;
+ node = (nssListElement *)PR_NEXT_LINK(&node->link);
+ if (node == list->head) {
+ break;
+ }
}
NSSLIST_UNLOCK_IF(list);
return PR_SUCCESS;
@@ -306,18 +307,18 @@
nssListElement *node;
rvList = nssList_Create(NULL, (list->lock != NULL));
if (!rvList) {
- return NULL;
+ return NULL;
}
NSSLIST_LOCK_IF(list);
if (list->count > 0) {
- node = list->head;
- while (PR_TRUE) {
- nssList_Add(rvList, node->data);
- node = (nssListElement *)PR_NEXT_LINK(&node->link);
- if (node == list->head) {
- break;
- }
- }
+ node = list->head;
+ while (PR_TRUE) {
+ nssList_Add(rvList, node->data);
+ node = (nssListElement *)PR_NEXT_LINK(&node->link);
+ if (node == list->head) {
+ break;
+ }
+ }
}
NSSLIST_UNLOCK_IF(list);
return rvList;
@@ -329,21 +330,21 @@
nssListIterator *rvIterator;
rvIterator = nss_ZNEW(NULL, nssListIterator);
if (!rvIterator) {
- return NULL;
+ return NULL;
}
rvIterator->list = nssList_Clone(list);
if (!rvIterator->list) {
- nss_ZFreeIf(rvIterator);
- return NULL;
+ nss_ZFreeIf(rvIterator);
+ return NULL;
}
rvIterator->current = rvIterator->list->head;
if (list->lock) {
- rvIterator->lock = PZ_NewLock(nssILockOther);
- if (!rvIterator->lock) {
- nssList_Destroy(rvIterator->list);
- nss_ZFreeIf(rvIterator);
- rvIterator = NULL;
- }
+ rvIterator->lock = PZ_NewLock(nssILockOther);
+ if (!rvIterator->lock) {
+ nssList_Destroy(rvIterator->list);
+ nss_ZFreeIf(rvIterator);
+ rvIterator = NULL;
+ }
}
return rvIterator;
}
@@ -352,7 +353,7 @@
nssListIterator_Destroy(nssListIterator *iter)
{
if (iter->lock) {
- (void)PZ_DestroyLock(iter->lock);
+ (void)PZ_DestroyLock(iter->lock);
}
nssList_Destroy(iter->list);
nss_ZFreeIf(iter);
@@ -363,7 +364,7 @@
{
NSSLIST_LOCK_IF(iter);
if (iter->list->count == 0) {
- return NULL;
+ return NULL;
}
iter->current = iter->list->head;
return iter->current->data;
@@ -375,17 +376,17 @@
nssListElement *node;
PRCList *link;
if (iter->list->count == 1 || iter->current == NULL) {
- /* Reached the end of the list. Don't change the state, force to
- * user to call nssList_Finish to clean up.
- */
- return NULL;
+ /* Reached the end of the list. Don't change the state, force to
+ * user to call nssList_Finish to clean up.
+ */
+ return NULL;
}
node = (nssListElement *)PR_NEXT_LINK(&iter->current->link);
link = &node->link;
if (link == PR_LIST_TAIL(&iter->list->head->link)) {
- /* Signal the end of the list. */
- iter->current = NULL;
- return node->data;
+ /* Signal the end of the list. */
+ iter->current = NULL;
+ return node->data;
}
iter->current = node;
return node->data;
@@ -397,4 +398,3 @@
iter->current = iter->list->head;
return (iter->lock) ? PZ_Unlock(iter->lock) : PR_SUCCESS;
}
-
diff --git a/nss/lib/base/nssbase.h b/nss/lib/base/nssbase.h
index 4e14d3b..09c73ac 100644
--- a/nss/lib/base/nssbase.h
+++ b/nss/lib/base/nssbase.h
@@ -44,11 +44,7 @@
* A pointer to an NSSArena upon success
*/
-NSS_EXTERN NSSArena *
-NSSArena_Create
-(
- void
-);
+NSS_EXTERN NSSArena *NSSArena_Create(void);
extern const NSSError NSS_ERROR_NO_MEMORY;
@@ -56,7 +52,7 @@
* NSSArena_Destroy
*
* This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
+ * allocated from it. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCESS. If unsuccessful, it will
* create an error stack and return PR_FAILURE.
*
@@ -68,11 +64,7 @@
* PR_FAILURE upon failure
*/
-NSS_EXTERN PRStatus
-NSSArena_Destroy
-(
- NSSArena *arena
-);
+NSS_EXTERN PRStatus NSSArena_Destroy(NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
@@ -100,25 +92,21 @@
* A nonzero error number
*/
-NSS_EXTERN NSSError
-NSS_GetError
-(
- void
-);
+NSS_EXTERN NSSError NSS_GetError(void);
extern const NSSError NSS_ERROR_NO_ERROR;
/*
* NSS_GetErrorStack
*
- * This routine returns a pointer to an array of NSSError values,
- * containingthe entire sequence or "stack" of errors set by the most
- * recent NSS library routine called by the same thread calling this
- * routine. NOTE: the caller DOES NOT OWN the memory pointed to by
- * the return value. The pointer will remain valid until the calling
- * thread calls another NSS routine. The lowest-level (most specific)
- * error is first in the array, and the highest-level is last. The
- * array is zero-terminated. This routine may return NULL upon error;
+ * This routine returns a pointer to an array of NSSError values,
+ * containingthe entire sequence or "stack" of errors set by the most
+ * recent NSS library routine called by the same thread calling this
+ * routine. NOTE: the caller DOES NOT OWN the memory pointed to by
+ * the return value. The pointer will remain valid until the calling
+ * thread calls another NSS routine. The lowest-level (most specific)
+ * error is first in the array, and the highest-level is last. The
+ * array is zero-terminated. This routine may return NULL upon error;
* this indicates a low-memory situation.
*
* Return value:
@@ -126,21 +114,17 @@
* A NON-caller-owned pointer to an array of NSSError values
*/
-NSS_EXTERN NSSError *
-NSS_GetErrorStack
-(
- void
-);
+NSS_EXTERN NSSError *NSS_GetErrorStack(void);
/*
* NSS_ZNEW
*
* This preprocessor macro will allocate memory for a new object
* of the specified type with nss_ZAlloc, and will cast the
- * return value appropriately. If the optional arena argument is
- * non-null, the memory will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have set an error
+ * return value appropriately. If the optional arena argument is
+ * non-null, the memory will be obtained from that arena; otherwise,
+ * the memory will be obtained from the heap. This routine may
+ * return NULL upon error, in which case it will have set an error
* upon the error stack.
*
* The error may be one of the following values:
@@ -152,7 +136,6 @@
* A pointer to the new segment of zeroed memory
*/
-/* The following line exceeds 72 characters, but emacs barfs if we split it. */
#define NSS_ZNEW(arenaOpt, type) ((type *)NSS_ZAlloc((arenaOpt), sizeof(type)))
/*
@@ -160,10 +143,10 @@
*
* This preprocessor macro will allocate memory for an array of
* new objects, and will cast the return value appropriately.
- * If the optional arena argument is non-null, the memory will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon
- * error, in which case it will have set an error upon the error
+ * If the optional arena argument is non-null, the memory will
+ * be obtained from that arena; otherwise, the memory will be
+ * obtained from the heap. This routine may return NULL upon
+ * error, in which case it will have set an error upon the error
* stack. The array size may be specified as zero.
*
* The error may be one of the following values:
@@ -175,20 +158,19 @@
* A pointer to the new segment of zeroed memory
*/
-/* The following line exceeds 72 characters, but emacs barfs if we split it. */
-#define NSS_ZNEWARRAY(arenaOpt, type, quantity) ((type *)NSS_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
-
+#define NSS_ZNEWARRAY(arenaOpt, type, quantity) \
+ ((type *)NSS_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
/*
* NSS_ZAlloc
*
- * This routine allocates and zeroes a section of memory of the
+ * This routine allocates and zeroes a section of memory of the
* size, and returns to the caller a pointer to that memory. If
* the optional arena argument is non-null, the memory will be
* obtained from that arena; otherwise, the memory will be obtained
* from the heap. This routine may return NULL upon error, in
* which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
+ * value specified for size may be zero; in which case a valid
* zero-length block of memory will be allocated. This block may
* be expanded by calling NSS_ZRealloc.
*
@@ -202,21 +184,16 @@
* A pointer to the new segment of zeroed memory
*/
-NSS_EXTERN void *
-NSS_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-);
+NSS_EXTERN void *NSS_ZAlloc(NSSArena *arenaOpt, PRUint32 size);
/*
* NSS_ZRealloc
*
* This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
+ * nss_ZAlloc or nss_ZRealloc. The portion of memory
* between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
+ * obtained or released -- is in either case zeroed. This routine
+ * may return NULL upon failure, in which case it will have placed
* an error on the error stack.
*
* The error may be one of the following values:
@@ -229,13 +206,7 @@
* A pointer to the replacement segment of memory
*/
-NSS_EXTERN void *
-NSS_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-);
-
+NSS_EXTERN void *NSS_ZRealloc(void *pointer, PRUint32 newSize);
/*
* NSS_ZFreeIf
@@ -255,11 +226,7 @@
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-NSS_ZFreeIf
-(
- void *pointer
-);
+NSS_EXTERN PRStatus NSS_ZFreeIf(void *pointer);
PR_END_EXTERN_C
diff --git a/nss/lib/base/nssbaset.h b/nss/lib/base/nssbaset.h
index e5830e1..8bc556e 100644
--- a/nss/lib/base/nssbaset.h
+++ b/nss/lib/base/nssbaset.h
@@ -18,16 +18,16 @@
* NSS_EXTERN, NSS_IMPLEMENT, NSS_EXTERN_DATA, NSS_IMPLEMENT_DATA
*
* NSS has its own versions of these NSPR macros, in a form which
- * does not confuse ctags and other related utilities. NSPR
+ * does not confuse ctags and other related utilities. NSPR
* defines these macros to take the type as an argument, because
* of certain OS requirements on platforms not supported by NSS.
*/
-#define DUMMY /* dummy */
-#define NSS_EXTERN extern
-#define NSS_EXTERN_DATA extern
-#define NSS_IMPLEMENT
-#define NSS_IMPLEMENT_DATA
+#define DUMMY /* dummy */
+#define NSS_EXTERN extern
+#define NSS_EXTERN_DATA extern
+#define NSS_IMPLEMENT
+#define NSS_IMPLEMENT_DATA
PR_BEGIN_EXTERN_C
@@ -36,7 +36,7 @@
*
* Calls to NSS routines may result in one or more errors being placed
* on the calling thread's "error stack." Every possible error that
- * may be returned from a function is declared where the function is
+ * may be returned from a function is declared where the function is
* prototyped. All errors are of the following type.
*/
@@ -47,7 +47,7 @@
*
* Arenas are logical sets of heap memory, from which memory may be
* allocated. When an arena is destroyed, all memory allocated within
- * that arena is implicitly freed. These arenas are thread-safe:
+ * that arena is implicitly freed. These arenas are thread-safe:
* an arena pointer may be used by multiple threads simultaneously.
* However, as they are not backed by shared memory, they may only be
* used within one process.
@@ -64,12 +64,11 @@
*/
struct NSSItemStr {
- void *data;
- PRUint32 size;
+ void *data;
+ PRUint32 size;
};
typedef struct NSSItemStr NSSItem;
-
/*
* NSSBER
*
diff --git a/nss/lib/base/nssutf8.c b/nss/lib/base/nssutf8.c
index 490d104..9ef197c 100644
--- a/nss/lib/base/nssutf8.c
+++ b/nss/lib/base/nssutf8.c
@@ -24,8 +24,8 @@
/*
* nssUTF8_CaseIgnoreMatch
- *
- * Returns true if the two UTF8-encoded strings pointed to by the
+ *
+ * Returns true if the two UTF8-encoded strings pointed to by the
* two specified NSSUTF8 pointers differ only in typcase.
*
* The error may be one of the following values:
@@ -38,47 +38,41 @@
*/
NSS_IMPLEMENT PRBool
-nssUTF8_CaseIgnoreMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-)
+nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
{
#ifdef NSSDEBUG
- if( ((const NSSUTF8 *)NULL == a) ||
- ((const NSSUTF8 *)NULL == b) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return PR_FALSE;
}
- return PR_FALSE;
- }
#endif /* NSSDEBUG */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- /*
- * XXX fgmr
- *
- * This is, like, so wrong!
- */
- if( 0 == PL_strcasecmp((const char *)a, (const char *)b) ) {
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
+ /*
+ * XXX fgmr
+ *
+ * This is, like, so wrong!
+ */
+ if (0 == PL_strcasecmp((const char *)a, (const char *)b)) {
+ return PR_TRUE;
+ } else {
+ return PR_FALSE;
+ }
}
/*
* nssUTF8_PrintableMatch
*
- * Returns true if the two Printable strings pointed to by the
- * two specified NSSUTF8 pointers match when compared with the
- * rules for Printable String (leading and trailing spaces are
- * disregarded, extents of whitespace match irregardless of length,
+ * Returns true if the two Printable strings pointed to by the
+ * two specified NSSUTF8 pointers match when compared with the
+ * rules for Printable String (leading and trailing spaces are
+ * disregarded, extents of whitespace match irregardless of length,
* and case is not significant), then PR_TRUE will be returned.
* Otherwise, PR_FALSE will be returned. Upon failure, PR_FALSE
* will be returned. If the optional statusOpt argument is not
@@ -95,92 +89,86 @@
*/
NSS_IMPLEMENT PRBool
-nssUTF8_PrintableMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-)
+nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
{
- PRUint8 *c;
- PRUint8 *d;
+ PRUint8 *c;
+ PRUint8 *d;
#ifdef NSSDEBUG
- if( ((const NSSUTF8 *)NULL == a) ||
- ((const NSSUTF8 *)NULL == b) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return PR_FALSE;
}
- return PR_FALSE;
- }
#endif /* NSSDEBUG */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- c = (PRUint8 *)a;
- d = (PRUint8 *)b;
-
- while( ' ' == *c ) {
- c++;
- }
-
- while( ' ' == *d ) {
- d++;
- }
-
- while( ('\0' != *c) && ('\0' != *d) ) {
- PRUint8 e, f;
-
- e = *c;
- f = *d;
-
- if( ('a' <= e) && (e <= 'z') ) {
- e -= ('a' - 'A');
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
}
- if( ('a' <= f) && (f <= 'z') ) {
- f -= ('a' - 'A');
- }
+ c = (PRUint8 *)a;
+ d = (PRUint8 *)b;
- if( e != f ) {
- return PR_FALSE;
- }
-
- c++;
- d++;
-
- if( ' ' == *c ) {
- while( ' ' == *c ) {
+ while (' ' == *c) {
c++;
- }
- c--;
}
- if( ' ' == *d ) {
- while( ' ' == *d ) {
+ while (' ' == *d) {
d++;
- }
- d--;
}
- }
- while( ' ' == *c ) {
- c++;
- }
+ while (('\0' != *c) && ('\0' != *d)) {
+ PRUint8 e, f;
- while( ' ' == *d ) {
- d++;
- }
+ e = *c;
+ f = *d;
- if( *c == *d ) {
- /* And both '\0', btw */
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
+ if (('a' <= e) && (e <= 'z')) {
+ e -= ('a' - 'A');
+ }
+
+ if (('a' <= f) && (f <= 'z')) {
+ f -= ('a' - 'A');
+ }
+
+ if (e != f) {
+ return PR_FALSE;
+ }
+
+ c++;
+ d++;
+
+ if (' ' == *c) {
+ while (' ' == *c) {
+ c++;
+ }
+ c--;
+ }
+
+ if (' ' == *d) {
+ while (' ' == *d) {
+ d++;
+ }
+ d--;
+ }
+ }
+
+ while (' ' == *c) {
+ c++;
+ }
+
+ while (' ' == *d) {
+ d++;
+ }
+
+ if (*c == *d) {
+ /* And both '\0', btw */
+ return PR_TRUE;
+ } else {
+ return PR_FALSE;
+ }
}
/*
@@ -191,7 +179,7 @@
* not null, the memory required will be obtained from that arena;
* otherwise, the memory required will be obtained from the heap.
* A pointer to the new string will be returned. In case of error,
- * an error will be placed on the error stack and NULL will be
+ * an error will be placed on the error stack and NULL will be
* returned.
*
* The error may be one of the following values:
@@ -201,45 +189,41 @@
*/
NSS_IMPLEMENT NSSUTF8 *
-nssUTF8_Duplicate
-(
- const NSSUTF8 *s,
- NSSArena *arenaOpt
-)
+nssUTF8_Duplicate(const NSSUTF8 *s, NSSArena *arenaOpt)
{
- NSSUTF8 *rv;
- PRUint32 len;
+ NSSUTF8 *rv;
+ PRUint32 len;
#ifdef NSSDEBUG
- if( (const NSSUTF8 *)NULL == s ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
+ if ((const NSSUTF8 *)NULL == s) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (NSSUTF8 *)NULL;
}
- }
+
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSUTF8 *)NULL;
+ }
+ }
#endif /* NSSDEBUG */
- len = PL_strlen((const char *)s);
+ len = PL_strlen((const char *)s);
#ifdef PEDANTIC
- if( '\0' != ((const char *)s)[ len ] ) {
- /* must have wrapped, e.g., too big for PRUint32 */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-#endif /* PEDANTIC */
- len++; /* zero termination */
+ if ('\0' != ((const char *)s)[len]) {
+ /* must have wrapped, e.g., too big for PRUint32 */
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (NSSUTF8 *)NULL;
+ }
+#endif /* PEDANTIC */
+ len++; /* zero termination */
- rv = nss_ZAlloc(arenaOpt, len);
- if( (void *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
+ rv = nss_ZAlloc(arenaOpt, len);
+ if ((void *)NULL == rv) {
+ return (NSSUTF8 *)NULL;
+ }
- (void)nsslibc_memcpy(rv, s, len);
- return rv;
+ (void)nsslibc_memcpy(rv, s, len);
+ return rv;
}
/*
@@ -259,41 +243,37 @@
*/
NSS_IMPLEMENT PRUint32
-nssUTF8_Size
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-)
+nssUTF8_Size(const NSSUTF8 *s, PRStatus *statusOpt)
{
- PRUint32 sv;
+ PRUint32 sv;
#ifdef NSSDEBUG
- if( (const NSSUTF8 *)NULL == s ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if ((const NSSUTF8 *)NULL == s) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return 0;
}
- return 0;
- }
#endif /* NSSDEBUG */
- sv = PL_strlen((const char *)s) + 1;
+ sv = PL_strlen((const char *)s) + 1;
#ifdef PEDANTIC
- if( '\0' != ((const char *)s)[ sv-1 ] ) {
- /* wrapped */
- nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if ('\0' != ((const char *)s)[sv - 1]) {
+ /* wrapped */
+ nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return 0;
}
- return 0;
- }
#endif /* PEDANTIC */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- return sv;
+ return sv;
}
/*
@@ -314,91 +294,86 @@
*/
NSS_IMPLEMENT PRUint32
-nssUTF8_Length
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-)
+nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt)
{
- PRUint32 l = 0;
- const PRUint8 *c = (const PRUint8 *)s;
+ PRUint32 l = 0;
+ const PRUint8 *c = (const PRUint8 *)s;
#ifdef NSSDEBUG
- if( (const NSSUTF8 *)NULL == s ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- goto loser;
- }
+ if ((const NSSUTF8 *)NULL == s) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ goto loser;
+ }
#endif /* NSSDEBUG */
- /*
- * From RFC 2044:
- *
- * UCS-4 range (hex.) UTF-8 octet sequence (binary)
- * 0000 0000-0000 007F 0xxxxxxx
- * 0000 0080-0000 07FF 110xxxxx 10xxxxxx
- * 0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
- * 0001 0000-001F FFFF 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
- * 0020 0000-03FF FFFF 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
- * 0400 0000-7FFF FFFF 1111110x 10xxxxxx ... 10xxxxxx
- */
+ /*
+ * From RFC 2044:
+ *
+ * UCS-4 range (hex.) UTF-8 octet sequence (binary)
+ * 0000 0000-0000 007F 0xxxxxxx
+ * 0000 0080-0000 07FF 110xxxxx 10xxxxxx
+ * 0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
+ * 0001 0000-001F FFFF 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+ * 0020 0000-03FF FFFF 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+ * 0400 0000-7FFF FFFF 1111110x 10xxxxxx ... 10xxxxxx
+ */
- while( 0 != *c ) {
- PRUint32 incr;
- if( (*c & 0x80) == 0 ) {
- incr = 1;
- } else if( (*c & 0xE0) == 0xC0 ) {
- incr = 2;
- } else if( (*c & 0xF0) == 0xE0 ) {
- incr = 3;
- } else if( (*c & 0xF8) == 0xF0 ) {
- incr = 4;
- } else if( (*c & 0xFC) == 0xF8 ) {
- incr = 5;
- } else if( (*c & 0xFE) == 0xFC ) {
- incr = 6;
- } else {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- goto loser;
- }
+ while (0 != *c) {
+ PRUint32 incr;
+ if ((*c & 0x80) == 0) {
+ incr = 1;
+ } else if ((*c & 0xE0) == 0xC0) {
+ incr = 2;
+ } else if ((*c & 0xF0) == 0xE0) {
+ incr = 3;
+ } else if ((*c & 0xF8) == 0xF0) {
+ incr = 4;
+ } else if ((*c & 0xFC) == 0xF8) {
+ incr = 5;
+ } else if ((*c & 0xFE) == 0xFC) {
+ incr = 6;
+ } else {
+ nss_SetError(NSS_ERROR_INVALID_STRING);
+ goto loser;
+ }
- l += incr;
+ l += incr;
#ifdef PEDANTIC
- if( l < incr ) {
- /* Wrapped-- too big */
- nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
- goto loser;
- }
-
- {
- PRUint8 *d;
- for( d = &c[1]; d < &c[incr]; d++ ) {
- if( (*d & 0xC0) != 0xF0 ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- goto loser;
+ if (l < incr) {
+ /* Wrapped-- too big */
+ nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
+ goto loser;
}
- }
- }
+
+ {
+ PRUint8 *d;
+ for (d = &c[1]; d < &c[incr]; d++) {
+ if ((*d & 0xC0) != 0xF0) {
+ nss_SetError(NSS_ERROR_INVALID_STRING);
+ goto loser;
+ }
+ }
+ }
#endif /* PEDANTIC */
- c += incr;
- }
+ c += incr;
+ }
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- return l;
+ return l;
- loser:
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
+loser:
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
- return 0;
+ return 0;
}
-
/*
* nssUTF8_Create
*
@@ -425,261 +400,245 @@
extern const NSSError NSS_ERROR_INTERNAL_ERROR; /* XXX fgmr */
NSS_IMPLEMENT NSSUTF8 *
-nssUTF8_Create
-(
- NSSArena *arenaOpt,
- nssStringType type,
- const void *inputString,
- PRUint32 size /* in bytes, not characters */
-)
+nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString,
+ PRUint32 size /* in bytes, not characters */
+ )
{
- NSSUTF8 *rv = NULL;
+ NSSUTF8 *rv = NULL;
#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSUTF8 *)NULL;
+ }
}
- }
- if( (const void *)NULL == inputString ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSUTF8 *)NULL;
- }
+ if ((const void *)NULL == inputString) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (NSSUTF8 *)NULL;
+ }
#endif /* NSSDEBUG */
- switch( type ) {
- case nssStringType_DirectoryString:
- /* This is a composite type requiring BER */
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- break;
- case nssStringType_TeletexString:
- /*
- * draft-ietf-pkix-ipki-part1-11 says in part:
- *
- * In addition, many legacy implementations support names encoded
- * in the ISO 8859-1 character set (Latin1String) but tag them as
- * TeletexString. The Latin1String includes characters used in
- * Western European countries which are not part of the
- * TeletexString charcter set. Implementations that process
- * TeletexString SHOULD be prepared to handle the entire ISO
- * 8859-1 character set.[ISO 8859-1].
- */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_PrintableString:
- /*
- * PrintableString consists of A-Za-z0-9 ,()+,-./:=?
- * This is a subset of ASCII, which is a subset of UTF8.
- * So we can just duplicate the string over.
- */
+ switch (type) {
+ case nssStringType_DirectoryString:
+ /* This is a composite type requiring BER */
+ nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
+ break;
+ case nssStringType_TeletexString:
+ /*
+ * draft-ietf-pkix-ipki-part1-11 says in part:
+ *
+ * In addition, many legacy implementations support names encoded
+ * in the ISO 8859-1 character set (Latin1String) but tag them as
+ * TeletexString. The Latin1String includes characters used in
+ * Western European countries which are not part of the
+ * TeletexString charcter set. Implementations that process
+ * TeletexString SHOULD be prepared to handle the entire ISO
+ * 8859-1 character set.[ISO 8859-1].
+ */
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_PrintableString:
+ /*
+ * PrintableString consists of A-Za-z0-9 ,()+,-./:=?
+ * This is a subset of ASCII, which is a subset of UTF8.
+ * So we can just duplicate the string over.
+ */
- if( 0 == size ) {
- rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
- } else {
- rv = nss_ZAlloc(arenaOpt, size+1);
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
+ if (0 == size) {
+ rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
+ } else {
+ rv = nss_ZAlloc(arenaOpt, size + 1);
+ if ((NSSUTF8 *)NULL == rv) {
+ return (NSSUTF8 *)NULL;
+ }
- (void)nsslibc_memcpy(rv, inputString, size);
+ (void)nsslibc_memcpy(rv, inputString, size);
+ }
+
+ break;
+ case nssStringType_UniversalString:
+ /* 4-byte unicode */
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_BMPString:
+ /* Base Multilingual Plane of Unicode */
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_UTF8String:
+ if (0 == size) {
+ rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
+ } else {
+ rv = nss_ZAlloc(arenaOpt, size + 1);
+ if ((NSSUTF8 *)NULL == rv) {
+ return (NSSUTF8 *)NULL;
+ }
+
+ (void)nsslibc_memcpy(rv, inputString, size);
+ }
+
+ break;
+ case nssStringType_PHGString:
+ /*
+ * PHGString is an IA5String (with case-insensitive comparisons).
+ * IA5 is ~almost~ ascii; ascii has dollar-sign where IA5 has
+ * currency symbol.
+ */
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_GeneralString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ default:
+ nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
+ break;
}
- break;
- case nssStringType_UniversalString:
- /* 4-byte unicode */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_BMPString:
- /* Base Multilingual Plane of Unicode */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_UTF8String:
- if( 0 == size ) {
- rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
- } else {
- rv = nss_ZAlloc(arenaOpt, size+1);
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
-
- (void)nsslibc_memcpy(rv, inputString, size);
- }
-
- break;
- case nssStringType_PHGString:
- /*
- * PHGString is an IA5String (with case-insensitive comparisons).
- * IA5 is ~almost~ ascii; ascii has dollar-sign where IA5 has
- * currency symbol.
- */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_GeneralString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- break;
- }
-
- return rv;
+ return rv;
}
NSS_IMPLEMENT NSSItem *
-nssUTF8_GetEncoding
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- nssStringType type,
- NSSUTF8 *string
-)
+nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt, nssStringType type,
+ NSSUTF8 *string)
{
- NSSItem *rv = (NSSItem *)NULL;
- PRStatus status = PR_SUCCESS;
+ NSSItem *rv = (NSSItem *)NULL;
+ PRStatus status = PR_SUCCESS;
#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSItem *)NULL;
+ }
}
- }
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSItem *)NULL;
- }
+ if ((NSSUTF8 *)NULL == string) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (NSSItem *)NULL;
+ }
#endif /* NSSDEBUG */
- switch( type ) {
- case nssStringType_DirectoryString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_TeletexString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_PrintableString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_UniversalString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_BMPString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_UTF8String:
- {
- NSSUTF8 *dup = nssUTF8_Duplicate(string, arenaOpt);
- if( (NSSUTF8 *)NULL == dup ) {
- return (NSSItem *)NULL;
- }
+ switch (type) {
+ case nssStringType_DirectoryString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_TeletexString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_PrintableString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_UniversalString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_BMPString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_UTF8String: {
+ NSSUTF8 *dup = nssUTF8_Duplicate(string, arenaOpt);
+ if ((NSSUTF8 *)NULL == dup) {
+ return (NSSItem *)NULL;
+ }
- if( (NSSItem *)NULL == rvOpt ) {
- rv = nss_ZNEW(arenaOpt, NSSItem);
- if( (NSSItem *)NULL == rv ) {
- (void)nss_ZFreeIf(dup);
- return (NSSItem *)NULL;
- }
- } else {
- rv = rvOpt;
- }
+ if ((NSSItem *)NULL == rvOpt) {
+ rv = nss_ZNEW(arenaOpt, NSSItem);
+ if ((NSSItem *)NULL == rv) {
+ (void)nss_ZFreeIf(dup);
+ return (NSSItem *)NULL;
+ }
+ } else {
+ rv = rvOpt;
+ }
- rv->data = dup;
- dup = (NSSUTF8 *)NULL;
- rv->size = nssUTF8_Size(rv->data, &status);
- if( (0 == rv->size) && (PR_SUCCESS != status) ) {
- if( (NSSItem *)NULL == rvOpt ) {
- (void)nss_ZFreeIf(rv);
- }
- return (NSSItem *)NULL;
- }
+ rv->data = dup;
+ dup = (NSSUTF8 *)NULL;
+ rv->size = nssUTF8_Size(rv->data, &status);
+ if ((0 == rv->size) && (PR_SUCCESS != status)) {
+ if ((NSSItem *)NULL == rvOpt) {
+ (void)nss_ZFreeIf(rv);
+ }
+ return (NSSItem *)NULL;
+ }
+ } break;
+ case nssStringType_PHGString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ default:
+ nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
+ break;
}
- break;
- case nssStringType_PHGString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- break;
- }
- return rv;
+ return rv;
}
/*
* nssUTF8_CopyIntoFixedBuffer
*
- * This will copy a UTF8 string into a fixed-length buffer, making
+ * This will copy a UTF8 string into a fixed-length buffer, making
* sure that the all characters are valid. Any remaining space will
- * be padded with the specified ASCII character, typically either
+ * be padded with the specified ASCII character, typically either
* null or space.
*
* Blah, blah, blah.
*/
NSS_IMPLEMENT PRStatus
-nssUTF8_CopyIntoFixedBuffer
-(
- NSSUTF8 *string,
- char *buffer,
- PRUint32 bufferSize,
- char pad
-)
+nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer, PRUint32 bufferSize,
+ char pad)
{
- PRUint32 stringSize = 0;
+ PRUint32 stringSize = 0;
#ifdef NSSDEBUG
- if( (char *)NULL == buffer ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FALSE;
- }
-
- if( 0 == bufferSize ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FALSE;
- }
-
- if( (pad & 0x80) != 0x00 ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FALSE;
- }
-#endif /* NSSDEBUG */
-
- if( (NSSUTF8 *)NULL == string ) {
- string = (NSSUTF8 *) "";
- }
-
- stringSize = nssUTF8_Size(string, (PRStatus *)NULL);
- stringSize--; /* don't count the trailing null */
- if( stringSize > bufferSize ) {
- PRUint32 bs = bufferSize;
- (void)nsslibc_memcpy(buffer, string, bufferSize);
-
- if( ( ((buffer[ bs-1 ] & 0x80) == 0x00)) ||
- ((bs > 1) && ((buffer[ bs-2 ] & 0xE0) == 0xC0)) ||
- ((bs > 2) && ((buffer[ bs-3 ] & 0xF0) == 0xE0)) ||
- ((bs > 3) && ((buffer[ bs-4 ] & 0xF8) == 0xF0)) ||
- ((bs > 4) && ((buffer[ bs-5 ] & 0xFC) == 0xF8)) ||
- ((bs > 5) && ((buffer[ bs-6 ] & 0xFE) == 0xFC)) ) {
- /* It fit exactly */
- return PR_SUCCESS;
+ if ((char *)NULL == buffer) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FALSE;
}
- /* Too long. We have to trim the last character */
- for( /*bs*/; bs != 0; bs-- ) {
- if( (buffer[bs-1] & 0xC0) != 0x80 ) {
- buffer[bs-1] = pad;
- break;
- } else {
- buffer[bs-1] = pad;
- }
- }
- } else {
- (void)nsslibc_memset(buffer, pad, bufferSize);
- (void)nsslibc_memcpy(buffer, string, stringSize);
- }
+ if (0 == bufferSize) {
+ nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+ return PR_FALSE;
+ }
- return PR_SUCCESS;
+ if ((pad & 0x80) != 0x00) {
+ nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+ return PR_FALSE;
+ }
+#endif /* NSSDEBUG */
+
+ if ((NSSUTF8 *)NULL == string) {
+ string = (NSSUTF8 *)"";
+ }
+
+ stringSize = nssUTF8_Size(string, (PRStatus *)NULL);
+ stringSize--; /* don't count the trailing null */
+ if (stringSize > bufferSize) {
+ PRUint32 bs = bufferSize;
+ (void)nsslibc_memcpy(buffer, string, bufferSize);
+
+ if (( ((buffer[bs - 1] & 0x80) == 0x00)) ||
+ ((bs > 1) && ((buffer[bs - 2] & 0xE0) == 0xC0)) ||
+ ((bs > 2) && ((buffer[bs - 3] & 0xF0) == 0xE0)) ||
+ ((bs > 3) && ((buffer[bs - 4] & 0xF8) == 0xF0)) ||
+ ((bs > 4) && ((buffer[bs - 5] & 0xFC) == 0xF8)) ||
+ ((bs > 5) && ((buffer[bs - 6] & 0xFE) == 0xFC))) {
+ /* It fit exactly */
+ return PR_SUCCESS;
+ }
+
+ /* Too long. We have to trim the last character */
+ for (/*bs*/; bs != 0; bs--) {
+ if ((buffer[bs - 1] & 0xC0) != 0x80) {
+ buffer[bs - 1] = pad;
+ break;
+ } else {
+ buffer[bs - 1] = pad;
+ }
+ }
+ } else {
+ (void)nsslibc_memset(buffer, pad, bufferSize);
+ (void)nsslibc_memcpy(buffer, string, stringSize);
+ }
+
+ return PR_SUCCESS;
}
/*
@@ -688,39 +647,33 @@
*/
NSS_IMPLEMENT PRBool
-nssUTF8_Equal
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-)
+nssUTF8_Equal(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
{
- PRUint32 la, lb;
+ PRUint32 la, lb;
#ifdef NSSDEBUG
- if( ((const NSSUTF8 *)NULL == a) ||
- ((const NSSUTF8 *)NULL == b) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return PR_FALSE;
}
- return PR_FALSE;
- }
#endif /* NSSDEBUG */
- la = nssUTF8_Size(a, statusOpt);
- if( 0 == la ) {
- return PR_FALSE;
- }
+ la = nssUTF8_Size(a, statusOpt);
+ if (0 == la) {
+ return PR_FALSE;
+ }
- lb = nssUTF8_Size(b, statusOpt);
- if( 0 == lb ) {
- return PR_FALSE;
- }
+ lb = nssUTF8_Size(b, statusOpt);
+ if (0 == lb) {
+ return PR_FALSE;
+ }
- if( la != lb ) {
- return PR_FALSE;
- }
+ if (la != lb) {
+ return PR_FALSE;
+ }
- return nsslibc_memequal(a, b, la, statusOpt);
+ return nsslibc_memequal(a, b, la, statusOpt);
}
diff --git a/nss/lib/base/tracker.c b/nss/lib/base/tracker.c
index 06e2baf..850add7 100644
--- a/nss/lib/base/tracker.c
+++ b/nss/lib/base/tracker.c
@@ -4,7 +4,7 @@
/*
* tracker.c
- *
+ *
* This file contains the code used by the pointer-tracking calls used
* in the debug builds to catch bad pointers. The entire contents are
* only available in debug builds (both internal and external builds).
@@ -24,12 +24,9 @@
*/
static PLHashNumber PR_CALLBACK
-identity_hash
-(
- const void *key
-)
+identity_hash(const void *key)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
/*
@@ -41,44 +38,38 @@
*/
static PRStatus
-trackerOnceFunc
-(
- void *arg
-)
+trackerOnceFunc(void *arg)
{
- nssPointerTracker *tracker = (nssPointerTracker *)arg;
+ nssPointerTracker *tracker = (nssPointerTracker *)arg;
- tracker->lock = PZ_NewLock(nssILockOther);
- if( (PZLock *)NULL == tracker->lock ) {
- return PR_FAILURE;
- }
+ tracker->lock = PZ_NewLock(nssILockOther);
+ if ((PZLock *)NULL == tracker->lock) {
+ return PR_FAILURE;
+ }
- tracker->table = PL_NewHashTable(0,
- identity_hash,
- PL_CompareValues,
- PL_CompareValues,
- (PLHashAllocOps *)NULL,
- (void *)NULL);
- if( (PLHashTable *)NULL == tracker->table ) {
- PZ_DestroyLock(tracker->lock);
- tracker->lock = (PZLock *)NULL;
- return PR_FAILURE;
- }
+ tracker->table =
+ PL_NewHashTable(0, identity_hash, PL_CompareValues, PL_CompareValues,
+ (PLHashAllocOps *)NULL, (void *)NULL);
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_DestroyLock(tracker->lock);
+ tracker->lock = (PZLock *)NULL;
+ return PR_FAILURE;
+ }
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
/*
* nssPointerTracker_initialize
*
* This method is only present in debug builds.
- *
+ *
* This routine initializes an nssPointerTracker object. Note that
* the object must have been declared *static* to guarantee that it
* is in a zeroed state initially. This routine is idempotent, and
- * may even be safely called by multiple threads simultaneously with
- * the same argument. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. On failure it will set an
+ * may even be safely called by multiple threads simultaneously with
+ * the same argument. This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS. On failure it will set an
* error on the error stack and return PR_FAILURE.
*
* The error may be one of the following values:
@@ -90,17 +81,14 @@
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_initialize
-(
- nssPointerTracker *tracker
-)
+nssPointerTracker_initialize(nssPointerTracker *tracker)
{
- PRStatus rv = PR_CallOnceWithArg(&tracker->once, trackerOnceFunc, tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- }
+ PRStatus rv = PR_CallOnceWithArg(&tracker->once, trackerOnceFunc, tracker);
+ if (PR_SUCCESS != rv) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ }
- return rv;
+ return rv;
}
#ifdef DONT_DESTROY_EMPTY_TABLES
@@ -114,14 +102,9 @@
*/
static PRIntn PR_CALLBACK
-count_entries
-(
- PLHashEntry *he,
- PRIntn index,
- void *arg
-)
+count_entries(PLHashEntry *he, PRIntn index, void *arg)
{
- return HT_ENUMERATE_NEXT;
+ return HT_ENUMERATE_NEXT;
}
#endif /* DONT_DESTROY_EMPTY_TABLES */
@@ -138,7 +121,7 @@
* nssPointerTracker_finalize
*
* This method is only present in debug builds.
- *
+ *
* This routine returns the nssPointerTracker object to the pre-
* initialized state, releasing all resources used by the object.
* It will *NOT* destroy the objects being tracked by the pointer
@@ -160,58 +143,54 @@
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_finalize
-(
- nssPointerTracker *tracker
-)
+nssPointerTracker_finalize(nssPointerTracker *tracker)
{
- PZLock *lock;
+ PZLock *lock;
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
+ if ((nssPointerTracker *)NULL == tracker) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
- if( (PZLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PZLock *)NULL == tracker->lock) {
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
- lock = tracker->lock;
- PZ_Lock(lock);
+ lock = tracker->lock;
+ PZ_Lock(lock);
- if( (PLHashTable *)NULL == tracker->table ) {
- PZ_Unlock(lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_Unlock(lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
#ifdef DONT_DESTROY_EMPTY_TABLES
- /*
- * I changed my mind; I think we don't want this after all.
- * Comments?
- */
- count = PL_HashTableEnumerateEntries(tracker->table,
- count_entries,
- (void *)NULL);
+ /*
+ * I changed my mind; I think we don't want this after all.
+ * Comments?
+ */
+ count = PL_HashTableEnumerateEntries(tracker->table, count_entries,
+ (void *)NULL);
- if( 0 != count ) {
- PZ_Unlock(lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_EMPTY);
- return PR_FAILURE;
- }
+ if (0 != count) {
+ PZ_Unlock(lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_EMPTY);
+ return PR_FAILURE;
+ }
#endif /* DONT_DESTROY_EMPTY_TABLES */
- PL_HashTableDestroy(tracker->table);
- /* memset(tracker, 0, sizeof(nssPointerTracker)); */
- tracker->once = zero_once;
- tracker->lock = (PZLock *)NULL;
- tracker->table = (PLHashTable *)NULL;
+ PL_HashTableDestroy(tracker->table);
+ /* memset(tracker, 0, sizeof(nssPointerTracker)); */
+ tracker->once = zero_once;
+ tracker->lock = (PZLock *)NULL;
+ tracker->table = (PLHashTable *)NULL;
- PZ_Unlock(lock);
- PZ_DestroyLock(lock);
+ PZ_Unlock(lock);
+ PZ_DestroyLock(lock);
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
/*
@@ -238,63 +217,59 @@
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_add
-(
- nssPointerTracker *tracker,
- const void *pointer
-)
+nssPointerTracker_add(nssPointerTracker *tracker, const void *pointer)
{
- void *check;
- PLHashEntry *entry;
+ void *check;
+ PLHashEntry *entry;
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
+ if ((nssPointerTracker *)NULL == tracker) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
- if( (PZLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PZLock *)NULL == tracker->lock) {
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
- PZ_Lock(tracker->lock);
+ PZ_Lock(tracker->lock);
- if( (PLHashTable *)NULL == tracker->table ) {
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_Unlock(tracker->lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
+
+ check = PL_HashTableLookup(tracker->table, pointer);
+ if ((void *)NULL != check) {
+ PZ_Unlock(tracker->lock);
+ nss_SetError(NSS_ERROR_DUPLICATE_POINTER);
+ return PR_FAILURE;
+ }
+
+ entry = PL_HashTableAdd(tracker->table, pointer, (void *)pointer);
+
PZ_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
- check = PL_HashTableLookup(tracker->table, pointer);
- if( (void *)NULL != check ) {
- PZ_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_DUPLICATE_POINTER);
- return PR_FAILURE;
- }
+ if ((PLHashEntry *)NULL == entry) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return PR_FAILURE;
+ }
- entry = PL_HashTableAdd(tracker->table, pointer, (void *)pointer);
-
- PZ_Unlock(tracker->lock);
-
- if( (PLHashEntry *)NULL == entry ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
-
+
/*
* nssPointerTracker_remove
*
* This method is only present in debug builds.
*
- * This routine removes the specified pointer from the
+ * This routine removes the specified pointer from the
* nssPointerTracker object. It does not call any destructor for the
* object; rather, this should be called from the object's destructor.
- * The nssPointerTracker is threadsafe, but this call is not
- * idempotent. This routine returns a PRStatus value; if successful
- * it will return PR_SUCCESS. On failure it will set an error on the
+ * The nssPointerTracker is threadsafe, but this call is not
+ * idempotent. This routine returns a PRStatus value; if successful
+ * it will return PR_SUCCESS. On failure it will set an error on the
* error stack and return PR_FAILURE.
*
* The error may be one of the following values:
@@ -308,41 +283,37 @@
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_remove
-(
- nssPointerTracker *tracker,
- const void *pointer
-)
+nssPointerTracker_remove(nssPointerTracker *tracker, const void *pointer)
{
- PRBool registered;
+ PRBool registered;
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
+ if ((nssPointerTracker *)NULL == tracker) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
- if( (PZLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PZLock *)NULL == tracker->lock) {
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
- PZ_Lock(tracker->lock);
+ PZ_Lock(tracker->lock);
- if( (PLHashTable *)NULL == tracker->table ) {
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_Unlock(tracker->lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
+
+ registered = PL_HashTableRemove(tracker->table, pointer);
PZ_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
- registered = PL_HashTableRemove(tracker->table, pointer);
- PZ_Unlock(tracker->lock);
+ if (!registered) {
+ nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
+ return PR_FAILURE;
+ }
- if( !registered ) {
- nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
/*
@@ -354,10 +325,10 @@
* with the nssPointerTracker object. The nssPointerTracker object is
* threadsafe, and this call may be safely called from multiple threads
* simultaneously with the same arguments. This routine returns a
- * PRStatus value; if the pointer is registered this will return
- * PR_SUCCESS. Otherwise it will set an error on the error stack and
- * return PR_FAILURE. Although the error is suitable for leaving on
- * the stack, callers may wish to augment the information available by
+ * PRStatus value; if the pointer is registered this will return
+ * PR_SUCCESS. Otherwise it will set an error on the error stack and
+ * return PR_FAILURE. Although the error is suitable for leaving on
+ * the stack, callers may wish to augment the information available by
* placing a more type-specific error on the stack.
*
* The error may be one of the following values:
@@ -371,41 +342,37 @@
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_verify
-(
- nssPointerTracker *tracker,
- const void *pointer
-)
+nssPointerTracker_verify(nssPointerTracker *tracker, const void *pointer)
{
- void *check;
+ void *check;
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
+ if ((nssPointerTracker *)NULL == tracker) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
- if( (PZLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PZLock *)NULL == tracker->lock) {
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
- PZ_Lock(tracker->lock);
+ PZ_Lock(tracker->lock);
- if( (PLHashTable *)NULL == tracker->table ) {
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_Unlock(tracker->lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
+
+ check = PL_HashTableLookup(tracker->table, pointer);
PZ_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
- check = PL_HashTableLookup(tracker->table, pointer);
- PZ_Unlock(tracker->lock);
+ if ((void *)NULL == check) {
+ nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
+ return PR_FAILURE;
+ }
- if( (void *)NULL == check ) {
- nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
#endif /* DEBUG */
diff --git a/nss/lib/certdb/alg1485.c b/nss/lib/certdb/alg1485.c
index ea1621b..e5e1f84 100644
--- a/nss/lib/certdb/alg1485.c
+++ b/nss/lib/certdb/alg1485.c
@@ -13,26 +13,28 @@
#include "secerr.h"
typedef struct NameToKindStr {
- const char * name;
+ const char* name;
unsigned int maxLen; /* max bytes in UTF8 encoded string value */
- SECOidTag kind;
- int valueType;
+ SECOidTag kind;
+ int valueType;
} NameToKind;
/* local type for directory string--could be printable_string or utf8 */
#define SEC_ASN1_DS SEC_ASN1_HIGH_TAG_NUMBER
+/* clang-format off */
+
/* Add new entries to this table, and maybe to function ParseRFC1485AVA */
static const NameToKind name2kinds[] = {
/* IANA registered type names
- * (See: http://www.iana.org/assignments/ldap-parameters)
+ * (See: http://www.iana.org/assignments/ldap-parameters)
*/
/* RFC 3280, 4630 MUST SUPPORT */
{ "CN", 640, SEC_OID_AVA_COMMON_NAME, SEC_ASN1_DS},
{ "ST", 128, SEC_OID_AVA_STATE_OR_PROVINCE,
- SEC_ASN1_DS},
+ SEC_ASN1_DS},
{ "O", 128, SEC_OID_AVA_ORGANIZATION_NAME,
- SEC_ASN1_DS},
+ SEC_ASN1_DS},
{ "OU", 128, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
SEC_ASN1_DS},
{ "dnQualifier", 32767, SEC_OID_AVA_DN_QUALIFIER, SEC_ASN1_PRINTABLE_STRING},
@@ -58,7 +60,7 @@
* below this line. The first SECOidTag below this line must be used to
* conditionally define the "endKind" in function AppendAVA() below.
* Most new attribute names should be added below this line.
- * Maybe this line should be up higher? Say, after the 3280 MUSTs and
+ * Maybe this line should be up higher? Say, after the 3280 MUSTs and
* before the 3280 SHOULDs?
*/
@@ -76,11 +78,11 @@
/* values defined by the CAB Forum for EV */
{ "incorporationLocality", 128, SEC_OID_EV_INCORPORATION_LOCALITY,
- SEC_ASN1_DS},
+ SEC_ASN1_DS},
{ "incorporationState", 128, SEC_OID_EV_INCORPORATION_STATE,
- SEC_ASN1_DS},
+ SEC_ASN1_DS},
{ "incorporationCountry", 2, SEC_OID_EV_INCORPORATION_COUNTRY,
- SEC_ASN1_PRINTABLE_STRING},
+ SEC_ASN1_PRINTABLE_STRING},
{ "businessCategory", 64, SEC_OID_BUSINESS_CATEGORY, SEC_ASN1_DS},
/* values defined in X.520 */
@@ -91,21 +93,21 @@
/* Table facilitates conversion of ASCII hex to binary. */
static const PRInt16 x2b[256] = {
-/* #0x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #1x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #2x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #3x */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1,
-/* #4x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #5x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #6x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #7x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #8x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #9x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #ax */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #bx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #cx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #dx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #ex */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #0x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #1x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #2x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #3x */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1,
+/* #4x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #5x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #6x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #7x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #8x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #9x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #ax */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #bx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #cx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #dx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #ex */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
/* #fx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
@@ -117,330 +119,330 @@
#define C_EQUAL '='
-#define OPTIONAL_SPACE(c) \
+#define OPTIONAL_SPACE(c) \
(((c) == ' ') || ((c) == '\r') || ((c) == '\n'))
-#define SPECIAL_CHAR(c) \
- (((c) == ',') || ((c) == '=') || ((c) == C_DOUBLE_QUOTE) || \
- ((c) == '\r') || ((c) == '\n') || ((c) == '+') || \
- ((c) == '<') || ((c) == '>') || ((c) == '#') || \
+#define SPECIAL_CHAR(c) \
+ (((c) == ',') || ((c) == '=') || ((c) == C_DOUBLE_QUOTE) || \
+ ((c) == '\r') || ((c) == '\n') || ((c) == '+') || \
+ ((c) == '<') || ((c) == '>') || ((c) == '#') || \
((c) == ';') || ((c) == C_BACKSLASH))
-#define IS_PRINTABLE(c) \
- ((((c) >= 'a') && ((c) <= 'z')) || \
- (((c) >= 'A') && ((c) <= 'Z')) || \
- (((c) >= '0') && ((c) <= '9')) || \
- ((c) == ' ') || \
- ((c) == '\'') || \
- ((c) == '\050') || /* ( */ \
- ((c) == '\051') || /* ) */ \
- (((c) >= '+') && ((c) <= '/')) || /* + , - . / */ \
- ((c) == ':') || \
- ((c) == '=') || \
+#define IS_PRINTABLE(c) \
+ ((((c) >= 'a') && ((c) <= 'z')) || \
+ (((c) >= 'A') && ((c) <= 'Z')) || \
+ (((c) >= '0') && ((c) <= '9')) || \
+ ((c) == ' ') || \
+ ((c) == '\'') || \
+ ((c) == '\050') || /* ( */ \
+ ((c) == '\051') || /* ) */ \
+ (((c) >= '+') && ((c) <= '/')) || /* + , - . / */ \
+ ((c) == ':') || \
+ ((c) == '=') || \
((c) == '?'))
+/* clang-format on */
+
/* RFC 2253 says we must escape ",+\"\\<>;=" EXCEPT inside a quoted string.
* Inside a quoted string, we only need to escape " and \
* We choose to quote strings containing any of those special characters,
* so we only need to escape " and \
*/
-#define NEEDS_ESCAPE(c) \
- (c == C_DOUBLE_QUOTE || c == C_BACKSLASH)
+#define NEEDS_ESCAPE(c) (c == C_DOUBLE_QUOTE || c == C_BACKSLASH)
-#define NEEDS_HEX_ESCAPE(c) \
- ((PRUint8)c < 0x20 || c == 0x7f)
+#define NEEDS_HEX_ESCAPE(c) ((PRUint8)c < 0x20 || c == 0x7f)
int
cert_AVAOidTagToMaxLen(SECOidTag tag)
{
- const NameToKind *n2k = name2kinds;
+ const NameToKind* n2k = name2kinds;
while (n2k->kind != tag && n2k->kind != SEC_OID_UNKNOWN) {
- ++n2k;
+ ++n2k;
}
return (n2k->kind != SEC_OID_UNKNOWN) ? n2k->maxLen : -1;
}
static PRBool
-IsPrintable(unsigned char *data, unsigned len)
+IsPrintable(unsigned char* data, unsigned len)
{
unsigned char ch, *end;
end = data + len;
while (data < end) {
- ch = *data++;
- if (!IS_PRINTABLE(ch)) {
- return PR_FALSE;
- }
+ ch = *data++;
+ if (!IS_PRINTABLE(ch)) {
+ return PR_FALSE;
+ }
}
return PR_TRUE;
}
static void
-skipSpace(const char **pbp, const char *endptr)
+skipSpace(const char** pbp, const char* endptr)
{
- const char *bp = *pbp;
+ const char* bp = *pbp;
while (bp < endptr && OPTIONAL_SPACE(*bp)) {
- bp++;
+ bp++;
}
*pbp = bp;
}
static SECStatus
-scanTag(const char **pbp, const char *endptr, char *tagBuf, int tagBufSize)
+scanTag(const char** pbp, const char* endptr, char* tagBuf, int tagBufSize)
{
- const char *bp;
- char *tagBufp;
+ const char* bp;
+ char* tagBufp;
int taglen;
PORT_Assert(tagBufSize > 0);
-
+
/* skip optional leading space */
skipSpace(pbp, endptr);
if (*pbp == endptr) {
- /* nothing left */
- return SECFailure;
+ /* nothing left */
+ return SECFailure;
}
-
+
/* fill tagBuf */
taglen = 0;
bp = *pbp;
tagBufp = tagBuf;
while (bp < endptr && !OPTIONAL_SPACE(*bp) && (*bp != C_EQUAL)) {
- if (++taglen >= tagBufSize) {
- *pbp = bp;
- return SECFailure;
- }
- *tagBufp++ = *bp++;
+ if (++taglen >= tagBufSize) {
+ *pbp = bp;
+ return SECFailure;
+ }
+ *tagBufp++ = *bp++;
}
/* null-terminate tagBuf -- guaranteed at least one space left */
*tagBufp++ = 0;
*pbp = bp;
-
+
/* skip trailing spaces till we hit something - should be an equal sign */
skipSpace(pbp, endptr);
if (*pbp == endptr) {
- /* nothing left */
- return SECFailure;
+ /* nothing left */
+ return SECFailure;
}
if (**pbp != C_EQUAL) {
- /* should be an equal sign */
- return SECFailure;
+ /* should be an equal sign */
+ return SECFailure;
}
/* skip over the equal sign */
(*pbp)++;
-
+
return SECSuccess;
}
/* Returns the number of bytes in the value. 0 means failure. */
static int
-scanVal(const char **pbp, const char *endptr, char *valBuf, int valBufSize)
+scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize)
{
- const char *bp;
- char *valBufp;
+ const char* bp;
+ char* valBufp;
int vallen = 0;
PRBool isQuoted;
-
+
PORT_Assert(valBufSize > 0);
-
+
/* skip optional leading space */
skipSpace(pbp, endptr);
- if(*pbp == endptr) {
- /* nothing left */
- return 0;
+ if (*pbp == endptr) {
+ /* nothing left */
+ return 0;
}
-
+
bp = *pbp;
-
+
/* quoted? */
if (*bp == C_DOUBLE_QUOTE) {
- isQuoted = PR_TRUE;
- /* skip over it */
- bp++;
+ isQuoted = PR_TRUE;
+ /* skip over it */
+ bp++;
} else {
- isQuoted = PR_FALSE;
+ isQuoted = PR_FALSE;
}
-
+
valBufp = valBuf;
while (bp < endptr) {
- char c = *bp;
- if (c == C_BACKSLASH) {
- /* escape character */
- bp++;
- if (bp >= endptr) {
- /* escape charater must appear with paired char */
- *pbp = bp;
- return 0;
- }
- c = *bp;
- if (IS_HEX(c) && (endptr - bp) >= 2 && IS_HEX(bp[1])) {
- bp++;
- c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]);
- }
- } else if (c == '#' && bp == *pbp) {
- /* ignore leading #, quotation not required for it. */
- } else if (!isQuoted && SPECIAL_CHAR(c)) {
- /* unescaped special and not within quoted value */
- break;
- } else if (c == C_DOUBLE_QUOTE) {
- /* reached unescaped double quote */
- break;
- }
- /* append character */
+ char c = *bp;
+ if (c == C_BACKSLASH) {
+ /* escape character */
+ bp++;
+ if (bp >= endptr) {
+ /* escape charater must appear with paired char */
+ *pbp = bp;
+ return 0;
+ }
+ c = *bp;
+ if (IS_HEX(c) && (endptr - bp) >= 2 && IS_HEX(bp[1])) {
+ bp++;
+ c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]);
+ }
+ } else if (c == '#' && bp == *pbp) {
+ /* ignore leading #, quotation not required for it. */
+ } else if (!isQuoted && SPECIAL_CHAR(c)) {
+ /* unescaped special and not within quoted value */
+ break;
+ } else if (c == C_DOUBLE_QUOTE) {
+ /* reached unescaped double quote */
+ break;
+ }
+ /* append character */
vallen++;
- if (vallen >= valBufSize) {
- *pbp = bp;
- return 0;
- }
- *valBufp++ = c;
- bp++;
+ if (vallen >= valBufSize) {
+ *pbp = bp;
+ return 0;
+ }
+ *valBufp++ = c;
+ bp++;
}
-
+
/* strip trailing spaces from unquoted values */
if (!isQuoted) {
- while (valBufp > valBuf) {
- char c = valBufp[-1];
- if (! OPTIONAL_SPACE(c))
- break;
- --valBufp;
- }
- vallen = valBufp - valBuf;
+ while (valBufp > valBuf) {
+ char c = valBufp[-1];
+ if (!OPTIONAL_SPACE(c))
+ break;
+ --valBufp;
+ }
+ vallen = valBufp - valBuf;
}
-
+
if (isQuoted) {
- /* insist that we stopped on a double quote */
- if (*bp != C_DOUBLE_QUOTE) {
- *pbp = bp;
- return 0;
- }
- /* skip over the quote and skip optional space */
- bp++;
- skipSpace(&bp, endptr);
+ /* insist that we stopped on a double quote */
+ if (*bp != C_DOUBLE_QUOTE) {
+ *pbp = bp;
+ return 0;
+ }
+ /* skip over the quote and skip optional space */
+ bp++;
+ skipSpace(&bp, endptr);
}
-
+
*pbp = bp;
-
+
/* null-terminate valBuf -- guaranteed at least one space left */
*valBufp = 0;
-
+
return vallen;
}
/* Caller must set error code upon failure */
static SECStatus
-hexToBin(PLArenaPool *pool, SECItem * destItem, const char * src, int len)
+hexToBin(PLArenaPool* pool, SECItem* destItem, const char* src, int len)
{
- PRUint8 * dest;
+ PRUint8* dest;
- destItem->data = NULL;
+ destItem->data = NULL;
if (len <= 0 || (len & 1)) {
- goto loser;
+ goto loser;
}
len >>= 1;
if (!SECITEM_AllocItem(pool, destItem, len))
- goto loser;
+ goto loser;
dest = destItem->data;
for (; len > 0; len--, src += 2) {
- PRInt16 bin = (x2b[(PRUint8)src[0]] << 4) | x2b[(PRUint8)src[1]];
- if (bin < 0)
- goto loser;
- *dest++ = (PRUint8)bin;
+ PRInt16 bin = (x2b[(PRUint8)src[0]] << 4) | x2b[(PRUint8)src[1]];
+ if (bin < 0)
+ goto loser;
+ *dest++ = (PRUint8)bin;
}
return SECSuccess;
loser:
if (!pool)
- SECITEM_FreeItem(destItem, PR_FALSE);
+ SECITEM_FreeItem(destItem, PR_FALSE);
return SECFailure;
}
/* Parses one AVA, starting at *pbp. Stops at endptr.
* Advances *pbp past parsed AVA and trailing separator (if present).
* On any error, returns NULL and *pbp is undefined.
- * On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was
- * the last character parsed. *pbp is either equal to endptr or
+ * On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was
+ * the last character parsed. *pbp is either equal to endptr or
* points to first character after separator.
*/
-static CERTAVA *
-ParseRFC1485AVA(PLArenaPool *arena, const char **pbp, const char *endptr)
+static CERTAVA*
+ParseRFC1485AVA(PLArenaPool* arena, const char** pbp, const char* endptr)
{
- CERTAVA *a;
- const NameToKind *n2k;
- const char *bp;
- int vt = -1;
- int valLen;
- SECOidTag kind = SEC_OID_UNKNOWN;
- SECStatus rv = SECFailure;
- SECItem derOid = { 0, NULL, 0 };
- SECItem derVal = { 0, NULL, 0};
- char sep = 0;
+ CERTAVA* a;
+ const NameToKind* n2k;
+ const char* bp;
+ int vt = -1;
+ int valLen;
+ SECOidTag kind = SEC_OID_UNKNOWN;
+ SECStatus rv = SECFailure;
+ SECItem derOid = { 0, NULL, 0 };
+ SECItem derVal = { 0, NULL, 0 };
+ char sep = 0;
char tagBuf[32];
char valBuf[1024];
PORT_Assert(arena);
if (SECSuccess != scanTag(pbp, endptr, tagBuf, sizeof tagBuf) ||
- !(valLen = scanVal(pbp, endptr, valBuf, sizeof valBuf))) {
- goto loser;
+ !(valLen = scanVal(pbp, endptr, valBuf, sizeof valBuf))) {
+ goto loser;
}
bp = *pbp;
if (bp < endptr) {
- sep = *bp++; /* skip over separator */
+ sep = *bp++; /* skip over separator */
}
*pbp = bp;
/* if we haven't finished, insist that we've stopped on a separator */
if (sep && sep != ',' && sep != ';' && sep != '+') {
- goto loser;
+ goto loser;
}
/* is this a dotted decimal OID attribute type ? */
if (!PL_strncasecmp("oid.", tagBuf, 4)) {
rv = SEC_StringToOID(arena, &derOid, tagBuf, strlen(tagBuf));
} else {
- for (n2k = name2kinds; n2k->name; n2k++) {
- SECOidData *oidrec;
- if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) {
- kind = n2k->kind;
- vt = n2k->valueType;
- oidrec = SECOID_FindOIDByTag(kind);
- if (oidrec == NULL)
- goto loser;
- derOid = oidrec->oid;
- break;
- }
- }
+ for (n2k = name2kinds; n2k->name; n2k++) {
+ SECOidData* oidrec;
+ if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) {
+ kind = n2k->kind;
+ vt = n2k->valueType;
+ oidrec = SECOID_FindOIDByTag(kind);
+ if (oidrec == NULL)
+ goto loser;
+ derOid = oidrec->oid;
+ break;
+ }
+ }
}
- if (kind == SEC_OID_UNKNOWN && rv != SECSuccess)
- goto loser;
+ if (kind == SEC_OID_UNKNOWN && rv != SECSuccess)
+ goto loser;
/* Is this a hex encoding of a DER attribute value ? */
if ('#' == valBuf[0]) {
- /* convert attribute value from hex to binary */
- rv = hexToBin(arena, &derVal, valBuf + 1, valLen - 1);
- if (rv)
- goto loser;
- a = CERT_CreateAVAFromRaw(arena, &derOid, &derVal);
+ /* convert attribute value from hex to binary */
+ rv = hexToBin(arena, &derVal, valBuf + 1, valLen - 1);
+ if (rv)
+ goto loser;
+ a = CERT_CreateAVAFromRaw(arena, &derOid, &derVal);
} else {
- if (kind == SEC_OID_UNKNOWN)
- goto loser;
- if (kind == SEC_OID_AVA_COUNTRY_NAME && valLen != 2)
- goto loser;
- if (vt == SEC_ASN1_PRINTABLE_STRING &&
- !IsPrintable((unsigned char*) valBuf, valLen))
- goto loser;
- if (vt == SEC_ASN1_DS) {
- /* RFC 4630: choose PrintableString or UTF8String */
- if (IsPrintable((unsigned char*) valBuf, valLen))
- vt = SEC_ASN1_PRINTABLE_STRING;
- else
- vt = SEC_ASN1_UTF8_STRING;
- }
+ if (kind == SEC_OID_UNKNOWN)
+ goto loser;
+ if (kind == SEC_OID_AVA_COUNTRY_NAME && valLen != 2)
+ goto loser;
+ if (vt == SEC_ASN1_PRINTABLE_STRING &&
+ !IsPrintable((unsigned char*)valBuf, valLen))
+ goto loser;
+ if (vt == SEC_ASN1_DS) {
+ /* RFC 4630: choose PrintableString or UTF8String */
+ if (IsPrintable((unsigned char*)valBuf, valLen))
+ vt = SEC_ASN1_PRINTABLE_STRING;
+ else
+ vt = SEC_ASN1_UTF8_STRING;
+ }
- derVal.data = (unsigned char*) valBuf;
- derVal.len = valLen;
- a = CERT_CreateAVAFromSECItem(arena, kind, vt, &derVal);
+ derVal.data = (unsigned char*)valBuf;
+ derVal.len = valLen;
+ a = CERT_CreateAVAFromSECItem(arena, kind, vt, &derVal);
}
return a;
@@ -450,80 +452,81 @@
return 0;
}
-static CERTName *
-ParseRFC1485Name(const char *buf, int len)
+static CERTName*
+ParseRFC1485Name(const char* buf, int len)
{
SECStatus rv;
- CERTName *name;
+ CERTName* name;
const char *bp, *e;
- CERTAVA *ava;
- CERTRDN *rdn = NULL;
+ CERTAVA* ava;
+ CERTRDN* rdn = NULL;
name = CERT_CreateName(NULL);
if (name == NULL) {
- return NULL;
+ return NULL;
}
-
+
e = buf + len;
bp = buf;
while (bp < e) {
- ava = ParseRFC1485AVA(name->arena, &bp, e);
- if (ava == 0)
- goto loser;
- if (!rdn) {
- rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA *)0);
- if (rdn == 0)
- goto loser;
- rv = CERT_AddRDN(name, rdn);
- } else {
- rv = CERT_AddAVA(name->arena, rdn, ava);
- }
- if (rv)
- goto loser;
- if (bp[-1] != '+')
- rdn = NULL; /* done with this RDN */
- skipSpace(&bp, e);
+ ava = ParseRFC1485AVA(name->arena, &bp, e);
+ if (ava == 0)
+ goto loser;
+ if (!rdn) {
+ rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA*)0);
+ if (rdn == 0)
+ goto loser;
+ rv = CERT_AddRDN(name, rdn);
+ } else {
+ rv = CERT_AddAVA(name->arena, rdn, ava);
+ }
+ if (rv)
+ goto loser;
+ if (bp[-1] != '+')
+ rdn = NULL; /* done with this RDN */
+ skipSpace(&bp, e);
}
if (name->rdns[0] == 0) {
- /* empty name -- illegal */
- goto loser;
+ /* empty name -- illegal */
+ goto loser;
}
/* Reverse order of RDNS to comply with RFC */
{
- CERTRDN **firstRdn;
- CERTRDN **lastRdn;
- CERTRDN *tmp;
-
- /* get first one */
- firstRdn = name->rdns;
-
- /* find last one */
- lastRdn = name->rdns;
- while (*lastRdn) lastRdn++;
- lastRdn--;
-
- /* reverse list */
- for ( ; firstRdn < lastRdn; firstRdn++, lastRdn--) {
- tmp = *firstRdn;
- *firstRdn = *lastRdn;
- *lastRdn = tmp;
- }
+ CERTRDN** firstRdn;
+ CERTRDN** lastRdn;
+ CERTRDN* tmp;
+
+ /* get first one */
+ firstRdn = name->rdns;
+
+ /* find last one */
+ lastRdn = name->rdns;
+ while (*lastRdn)
+ lastRdn++;
+ lastRdn--;
+
+ /* reverse list */
+ for (; firstRdn < lastRdn; firstRdn++, lastRdn--) {
+ tmp = *firstRdn;
+ *firstRdn = *lastRdn;
+ *lastRdn = tmp;
+ }
}
-
+
/* return result */
return name;
-
- loser:
+
+loser:
CERT_DestroyName(name);
return NULL;
}
-CERTName *
-CERT_AsciiToName(const char *string)
+CERTName*
+CERT_AsciiToName(const char* string)
{
- CERTName *name;
+ CERTName* name;
name = ParseRFC1485Name(string, PORT_Strlen(string));
return name;
}
@@ -531,7 +534,7 @@
/************************************************************************/
typedef struct stringBufStr {
- char *buffer;
+ char* buffer;
unsigned offset;
unsigned size;
} stringBuf;
@@ -539,9 +542,9 @@
#define DEFAULT_BUFFER_SIZE 200
static SECStatus
-AppendStr(stringBuf *bufp, char *str)
+AppendStr(stringBuf* bufp, char* str)
{
- char *buf;
+ char* buf;
unsigned bufLen, bufSize, len;
int size = 0;
@@ -551,33 +554,34 @@
len = PORT_Strlen(str);
bufSize = bufLen + len;
if (!buf) {
- bufSize++;
- size = PR_MAX(DEFAULT_BUFFER_SIZE,bufSize*2);
- buf = (char *) PORT_Alloc(size);
- bufp->size = size;
+ bufSize++;
+ size = PR_MAX(DEFAULT_BUFFER_SIZE, bufSize * 2);
+ buf = (char*)PORT_Alloc(size);
+ bufp->size = size;
} else if (bufp->size < bufSize) {
- size = bufSize*2;
- buf =(char *) PORT_Realloc(buf,size);
- bufp->size = size;
+ size = bufSize * 2;
+ buf = (char*)PORT_Realloc(buf, size);
+ bufp->size = size;
}
if (!buf) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
}
bufp->buffer = buf;
bufp->offset = bufSize;
/* Concatenate str onto buf */
buf = buf + bufLen;
- if (bufLen) buf--; /* stomp on old '\0' */
- PORT_Memcpy(buf, str, len+1); /* put in new null */
+ if (bufLen)
+ buf--; /* stomp on old '\0' */
+ PORT_Memcpy(buf, str, len + 1); /* put in new null */
return SECSuccess;
}
typedef enum {
- minimalEscape = 0, /* only hex escapes, and " and \ */
- minimalEscapeAndQuote, /* as above, plus quoting */
- fullEscape /* no quoting, full escaping */
+ minimalEscape = 0, /* only hex escapes, and " and \ */
+ minimalEscapeAndQuote, /* as above, plus quoting */
+ fullEscape /* no quoting, full escaping */
} EQMode;
/* Some characters must be escaped as a hex string, e.g. c -> \nn .
@@ -590,250 +594,251 @@
* need quoting, then this function changes it to minimalEscape.
*/
static int
-cert_RFC1485_GetRequiredLen(const char *src, int srclen, EQMode *pEQMode)
+cert_RFC1485_GetRequiredLen(const char* src, int srclen, EQMode* pEQMode)
{
- int i, reqLen=0;
+ int i, reqLen = 0;
EQMode mode = pEQMode ? *pEQMode : minimalEscape;
PRBool needsQuoting = PR_FALSE;
char lastC = 0;
/* need to make an initial pass to determine if quoting is needed */
for (i = 0; i < srclen; i++) {
- char c = src[i];
- reqLen++;
- if (NEEDS_HEX_ESCAPE(c)) { /* c -> \xx */
- reqLen += 2;
- } else if (NEEDS_ESCAPE(c)) { /* c -> \c */
- reqLen++;
- } else if (SPECIAL_CHAR(c)) {
- if (mode == minimalEscapeAndQuote) /* quoting is allowed */
- needsQuoting = PR_TRUE; /* entirety will need quoting */
- else if (mode == fullEscape)
- reqLen++; /* MAY escape this character */
- } else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) {
- if (mode == minimalEscapeAndQuote) /* quoting is allowed */
- needsQuoting = PR_TRUE; /* entirety will need quoting */
- }
- lastC = c;
+ char c = src[i];
+ reqLen++;
+ if (NEEDS_HEX_ESCAPE(c)) { /* c -> \xx */
+ reqLen += 2;
+ } else if (NEEDS_ESCAPE(c)) { /* c -> \c */
+ reqLen++;
+ } else if (SPECIAL_CHAR(c)) {
+ if (mode == minimalEscapeAndQuote) /* quoting is allowed */
+ needsQuoting = PR_TRUE; /* entirety will need quoting */
+ else if (mode == fullEscape)
+ reqLen++; /* MAY escape this character */
+ } else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) {
+ if (mode == minimalEscapeAndQuote) /* quoting is allowed */
+ needsQuoting = PR_TRUE; /* entirety will need quoting */
+ }
+ lastC = c;
}
/* if it begins or ends in optional space it needs quoting */
- if (!needsQuoting && srclen > 0 && mode == minimalEscapeAndQuote &&
- (OPTIONAL_SPACE(src[srclen-1]) || OPTIONAL_SPACE(src[0]))) {
- needsQuoting = PR_TRUE;
+ if (!needsQuoting && srclen > 0 && mode == minimalEscapeAndQuote &&
+ (OPTIONAL_SPACE(src[srclen - 1]) || OPTIONAL_SPACE(src[0]))) {
+ needsQuoting = PR_TRUE;
}
- if (needsQuoting)
- reqLen += 2;
+ if (needsQuoting)
+ reqLen += 2;
if (pEQMode && mode == minimalEscapeAndQuote && !needsQuoting)
- *pEQMode = minimalEscape;
+ *pEQMode = minimalEscape;
return reqLen;
}
static const char hexChars[16] = { "0123456789abcdef" };
static SECStatus
-escapeAndQuote(char *dst, int dstlen, char *src, int srclen, EQMode *pEQMode)
+escapeAndQuote(char* dst, int dstlen, char* src, int srclen, EQMode* pEQMode)
{
- int i, reqLen=0;
+ int i, reqLen = 0;
EQMode mode = pEQMode ? *pEQMode : minimalEscape;
/* space for terminal null */
reqLen = cert_RFC1485_GetRequiredLen(src, srclen, &mode) + 1;
if (reqLen > dstlen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
if (mode == minimalEscapeAndQuote)
*dst++ = C_DOUBLE_QUOTE;
for (i = 0; i < srclen; i++) {
- char c = src[i];
- if (NEEDS_HEX_ESCAPE(c)) {
- *dst++ = C_BACKSLASH;
- *dst++ = hexChars[ (c >> 4) & 0x0f ];
- *dst++ = hexChars[ c & 0x0f ];
- } else {
- if (NEEDS_ESCAPE(c) || (SPECIAL_CHAR(c) && mode == fullEscape)) {
- *dst++ = C_BACKSLASH;
- }
- *dst++ = c;
- }
+ char c = src[i];
+ if (NEEDS_HEX_ESCAPE(c)) {
+ *dst++ = C_BACKSLASH;
+ *dst++ = hexChars[(c >> 4) & 0x0f];
+ *dst++ = hexChars[c & 0x0f];
+ } else {
+ if (NEEDS_ESCAPE(c) || (SPECIAL_CHAR(c) && mode == fullEscape)) {
+ *dst++ = C_BACKSLASH;
+ }
+ *dst++ = c;
+ }
}
if (mode == minimalEscapeAndQuote)
- *dst++ = C_DOUBLE_QUOTE;
+ *dst++ = C_DOUBLE_QUOTE;
*dst++ = 0;
if (pEQMode)
- *pEQMode = mode;
+ *pEQMode = mode;
return SECSuccess;
}
SECStatus
-CERT_RFC1485_EscapeAndQuote(char *dst, int dstlen, char *src, int srclen)
+CERT_RFC1485_EscapeAndQuote(char* dst, int dstlen, char* src, int srclen)
{
EQMode mode = minimalEscapeAndQuote;
return escapeAndQuote(dst, dstlen, src, srclen, &mode);
}
-
/* convert an OID to dotted-decimal representation */
/* Returns a string that must be freed with PR_smprintf_free(), */
-char *
-CERT_GetOidString(const SECItem *oid)
+char*
+CERT_GetOidString(const SECItem* oid)
{
- PRUint8 *stop; /* points to first byte after OID string */
- PRUint8 *first; /* byte of an OID component integer */
- PRUint8 *last; /* byte of an OID component integer */
- char *rvString = NULL;
- char *prefix = NULL;
+ PRUint8* stop; /* points to first byte after OID string */
+ PRUint8* first; /* byte of an OID component integer */
+ PRUint8* last; /* byte of an OID component integer */
+ char* rvString = NULL;
+ char* prefix = NULL;
#define MAX_OID_LEN 1024 /* bytes */
if (oid->len > MAX_OID_LEN) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return NULL;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return NULL;
}
/* first will point to the next sequence of bytes to decode */
- first = (PRUint8 *)oid->data;
+ first = (PRUint8*)oid->data;
/* stop points to one past the legitimate data */
- stop = &first[ oid->len ];
+ stop = &first[oid->len];
/*
- * Check for our pseudo-encoded single-digit OIDs
- */
+ * Check for our pseudo-encoded single-digit OIDs
+ */
if ((*first == 0x80) && (2 == oid->len)) {
- /* Funky encoding. The second byte is the number */
- rvString = PR_smprintf("%lu", (PRUint32)first[1]);
- if (!rvString) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- }
- return rvString;
+ /* Funky encoding. The second byte is the number */
+ rvString = PR_smprintf("%lu", (PRUint32)first[1]);
+ if (!rvString) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ }
+ return rvString;
}
for (; first < stop; first = last + 1) {
- unsigned int bytesBeforeLast;
-
- for (last = first; last < stop; last++) {
- if (0 == (*last & 0x80)) {
- break;
- }
- }
- bytesBeforeLast = (unsigned int)(last - first);
- if (bytesBeforeLast <= 3U) { /* 0-28 bit number */
- PRUint32 n = 0;
- PRUint32 c;
+ unsigned int bytesBeforeLast;
-#define CGET(i, m) \
- c = last[-i] & m; \
- n |= c << (7 * i)
+ for (last = first; last < stop; last++) {
+ if (0 == (*last & 0x80)) {
+ break;
+ }
+ }
+ bytesBeforeLast = (unsigned int)(last - first);
+ if (bytesBeforeLast <= 3U) { /* 0-28 bit number */
+ PRUint32 n = 0;
+ PRUint32 c;
-#define CASE(i, m) \
- case i: \
- CGET(i, m); \
- if (!n) goto unsupported \
- /* fall-through */
+#define CGET(i, m) \
+ c = last[-i] & m; \
+ n |= c << (7 * i)
- switch (bytesBeforeLast) {
- CASE(3, 0x7f);
- CASE(2, 0x7f);
- CASE(1, 0x7f);
- case 0: n |= last[0] & 0x7f;
- break;
- }
- if (last[0] & 0x80)
- goto unsupported;
-
- if (!rvString) {
- /* This is the first number.. decompose it */
- PRUint32 one = PR_MIN(n/40, 2); /* never > 2 */
- PRUint32 two = n - (one * 40);
-
- rvString = PR_smprintf("OID.%lu.%lu", one, two);
- } else {
- prefix = rvString;
- rvString = PR_smprintf("%s.%lu", prefix, n);
- }
- } else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */
- PRUint64 n = 0;
- PRUint64 c;
+#define CASE(i, m) \
+ case i: \
+ CGET(i, m); \
+ if (!n) \
+ goto unsupported /* fall-through */
- switch (bytesBeforeLast) {
- CASE(9, 0x01);
- CASE(8, 0x7f);
- CASE(7, 0x7f);
- CASE(6, 0x7f);
- CASE(5, 0x7f);
- CASE(4, 0x7f);
- CGET(3, 0x7f);
- CGET(2, 0x7f);
- CGET(1, 0x7f);
- CGET(0, 0x7f);
- break;
- }
- if (last[0] & 0x80)
- goto unsupported;
-
- if (!rvString) {
- /* This is the first number.. decompose it */
- PRUint64 one = PR_MIN(n/40, 2); /* never > 2 */
- PRUint64 two = n - (one * 40);
-
- rvString = PR_smprintf("OID.%llu.%llu", one, two);
- } else {
- prefix = rvString;
- rvString = PR_smprintf("%s.%llu", prefix, n);
- }
- } else {
- /* More than a 64-bit number, or not minimal encoding. */
-unsupported:
- if (!rvString)
- rvString = PR_smprintf("OID.UNSUPPORTED");
- else {
- prefix = rvString;
- rvString = PR_smprintf("%s.UNSUPPORTED", prefix);
- }
- }
+ switch (bytesBeforeLast) {
+ CASE(3, 0x7f);
+ CASE(2, 0x7f);
+ CASE(1, 0x7f);
+ case 0:
+ n |=
+ last[0] & 0x7f;
+ break;
+ }
+ if (last[0] & 0x80)
+ goto unsupported;
- if (prefix) {
- PR_smprintf_free(prefix);
- prefix = NULL;
- }
- if (!rvString) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- break;
- }
+ if (!rvString) {
+ /* This is the first number.. decompose it */
+ PRUint32 one = PR_MIN(n / 40, 2); /* never > 2 */
+ PRUint32 two = n - (one * 40);
+
+ rvString = PR_smprintf("OID.%lu.%lu", one, two);
+ } else {
+ prefix = rvString;
+ rvString = PR_smprintf("%s.%lu", prefix, n);
+ }
+ } else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */
+ PRUint64 n = 0;
+ PRUint64 c;
+
+ switch (bytesBeforeLast) {
+ CASE(9, 0x01);
+ CASE(8, 0x7f);
+ CASE(7, 0x7f);
+ CASE(6, 0x7f);
+ CASE(5, 0x7f);
+ CASE(4, 0x7f);
+ CGET(3, 0x7f);
+ CGET(2, 0x7f);
+ CGET(1, 0x7f);
+ CGET(0, 0x7f);
+ break;
+ }
+ if (last[0] & 0x80)
+ goto unsupported;
+
+ if (!rvString) {
+ /* This is the first number.. decompose it */
+ PRUint64 one = PR_MIN(n / 40, 2); /* never > 2 */
+ PRUint64 two = n - (one * 40);
+
+ rvString = PR_smprintf("OID.%llu.%llu", one, two);
+ } else {
+ prefix = rvString;
+ rvString = PR_smprintf("%s.%llu", prefix, n);
+ }
+ } else {
+ /* More than a 64-bit number, or not minimal encoding. */
+ unsupported:
+ if (!rvString)
+ rvString = PR_smprintf("OID.UNSUPPORTED");
+ else {
+ prefix = rvString;
+ rvString = PR_smprintf("%s.UNSUPPORTED", prefix);
+ }
+ }
+
+ if (prefix) {
+ PR_smprintf_free(prefix);
+ prefix = NULL;
+ }
+ if (!rvString) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ break;
+ }
}
return rvString;
}
/* convert DER-encoded hex to a string */
-static SECItem *
-get_hex_string(SECItem *data)
+static SECItem*
+get_hex_string(SECItem* data)
{
- SECItem *rv;
+ SECItem* rv;
unsigned int i, j;
static const char hex[] = { "0123456789ABCDEF" };
/* '#' + 2 chars per octet + terminator */
- rv = SECITEM_AllocItem(NULL, NULL, data->len*2 + 2);
+ rv = SECITEM_AllocItem(NULL, NULL, data->len * 2 + 2);
if (!rv) {
- return NULL;
+ return NULL;
}
rv->data[0] = '#';
rv->len = 1 + 2 * data->len;
- for (i=0; i<data->len; i++) {
- j = data->data[i];
- rv->data[2*i+1] = hex[j >> 4];
- rv->data[2*i+2] = hex[j & 15];
+ for (i = 0; i < data->len; i++) {
+ j = data->data[i];
+ rv->data[2 * i + 1] = hex[j >> 4];
+ rv->data[2 * i + 2] = hex[j & 15];
}
rv->data[rv->len] = 0;
return rv;
}
-/* For compliance with RFC 2253, RFC 3280 and RFC 4630, we choose to
- * use the NAME=STRING form, rather than the OID.N.N=#hexXXXX form,
+/* For compliance with RFC 2253, RFC 3280 and RFC 4630, we choose to
+ * use the NAME=STRING form, rather than the OID.N.N=#hexXXXX form,
* when both of these conditions are met:
- * 1) The attribute name OID (kind) has a known name string that is
+ * 1) The attribute name OID (kind) has a known name string that is
* defined in one of those RFCs, or in RFCs that they cite, AND
* 2) The attribute's value encoding is RFC compliant for the kind
* (e.g., the value's encoding tag is correct for the kind, and
@@ -842,79 +847,79 @@
* Otherwise, we use the OID.N.N=#hexXXXX form.
*
* If the caller prefers maximum human readability to RFC compliance,
- * then
+ * then
* - We print the kind in NAME= string form if we know the name
- * string for the attribute type OID, regardless of whether the
+ * string for the attribute type OID, regardless of whether the
* value is correctly encoded or not. else we use the OID.N.N= form.
* - We use the non-hex STRING form for the attribute value if the
- * value can be represented in such a form. Otherwise, we use
+ * value can be represented in such a form. Otherwise, we use
* the hex string form.
- * This implies that, for maximum human readability, in addition to
+ * This implies that, for maximum human readability, in addition to
* the two forms allowed by the RFC, we allow two other forms of output:
- * - the OID.N.N=STRING form, and
+ * - the OID.N.N=STRING form, and
* - the NAME=#hexXXXX form
* When the caller prefers maximum human readability, we do not allow
* the value of any attribute to exceed the length allowed by the RFC.
- * If the attribute value exceeds the allowed length, we truncate it to
+ * If the attribute value exceeds the allowed length, we truncate it to
* the allowed length and append "...".
- * Also in this case, we arbitrarily impose a limit on the length of the
+ * Also in this case, we arbitrarily impose a limit on the length of the
* entire AVA encoding, regardless of the form, of 384 bytes per AVA.
- * This limit includes the trailing NULL character. If the encoded
+ * This limit includes the trailing NULL character. If the encoded
* AVA length exceeds that limit, this function reports failure to encode
* the AVA.
*
- * An ASCII representation of an AVA is said to be "invertible" if
+ * An ASCII representation of an AVA is said to be "invertible" if
* conversion back to DER reproduces the original DER encoding exactly.
* The RFC 2253 rules do not ensure that all ASCII AVAs derived according
- * to its rules are invertible. That is because the RFCs allow some
+ * to its rules are invertible. That is because the RFCs allow some
* attribute values to be encoded in any of a number of encodings,
* and the encoding type information is lost in the non-hex STRING form.
* This is particularly true of attributes of type DirectoryString.
- * The encoding type information is always preserved in the hex string
+ * The encoding type information is always preserved in the hex string
* form, because the hex includes the entire DER encoding of the value.
*
- * So, when the caller perfers maximum invertibility, we apply the
- * RFC compliance rules stated above, and add a third required
- * condition on the use of the NAME=STRING form.
- * 3) The attribute's kind is not is allowed to be encoded in any of
+ * So, when the caller perfers maximum invertibility, we apply the
+ * RFC compliance rules stated above, and add a third required
+ * condition on the use of the NAME=STRING form.
+ * 3) The attribute's kind is not is allowed to be encoded in any of
* several different encodings, such as DirectoryStrings.
*
* The chief difference between CERT_N2A_STRICT and CERT_N2A_INVERTIBLE
* is that the latter forces DirectoryStrings to be hex encoded.
*
- * As a simplification, we assume the value is correctly encoded for
+ * As a simplification, we assume the value is correctly encoded for
* its encoding type. That is, we do not test that all the characters
* in a string encoded type are allowed by that type. We assume it.
*/
static SECStatus
-AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict)
+AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
{
#define TMPBUF_LEN 2048
- const NameToKind *pn2k = name2kinds;
- SECItem *avaValue = NULL;
- char *unknownTag = NULL;
- char *encodedAVA = NULL;
- PRBool useHex = PR_FALSE; /* use =#hexXXXX form */
- PRBool truncateName = PR_FALSE;
- PRBool truncateValue = PR_FALSE;
- SECOidTag endKind;
- SECStatus rv;
+ const NameToKind* pn2k = name2kinds;
+ SECItem* avaValue = NULL;
+ char* unknownTag = NULL;
+ char* encodedAVA = NULL;
+ PRBool useHex = PR_FALSE; /* use =#hexXXXX form */
+ PRBool truncateName = PR_FALSE;
+ PRBool truncateValue = PR_FALSE;
+ SECOidTag endKind;
+ SECStatus rv;
unsigned int len;
unsigned int nameLen, valueLen;
unsigned int maxName, maxValue;
- EQMode mode = minimalEscapeAndQuote;
- NameToKind n2k = { NULL, 32767, SEC_OID_UNKNOWN, SEC_ASN1_DS };
- char tmpBuf[TMPBUF_LEN];
+ EQMode mode = minimalEscapeAndQuote;
+ NameToKind n2k = { NULL, 32767, SEC_OID_UNKNOWN, SEC_ASN1_DS };
+ char tmpBuf[TMPBUF_LEN];
-#define tagName n2k.name /* non-NULL means use NAME= form */
+#define tagName n2k.name /* non-NULL means use NAME= form */
#define maxBytes n2k.maxLen
-#define tag n2k.kind
-#define vt n2k.valueType
+#define tag n2k.kind
+#define vt n2k.valueType
/* READABLE mode recognizes more names from the name2kinds table
- * than do STRICT or INVERTIBLE modes. This assignment chooses the
- * point in the table where the attribute type name scanning stops.
- */
+ * than do STRICT or INVERTIBLE modes. This assignment chooses the
+ * point in the table where the attribute type name scanning stops.
+ */
endKind = (strict == CERT_N2A_READABLE) ? SEC_OID_UNKNOWN
: SEC_OID_AVA_POSTAL_ADDRESS;
tag = CERT_GetAVATag(ava);
@@ -922,146 +927,145 @@
++pn2k;
}
- if (pn2k->kind != endKind ) {
+ if (pn2k->kind != endKind) {
n2k = *pn2k;
} else if (strict != CERT_N2A_READABLE) {
useHex = PR_TRUE;
}
/* For invertable form, force Directory Strings to use hex form. */
if (strict == CERT_N2A_INVERTIBLE && vt == SEC_ASN1_DS) {
- tagName = NULL; /* must use OID.N form */
- useHex = PR_TRUE; /* must use hex string */
+ tagName = NULL; /* must use OID.N form */
+ useHex = PR_TRUE; /* must use hex string */
}
if (!useHex) {
- avaValue = CERT_DecodeAVAValue(&ava->value);
- if (!avaValue) {
- useHex = PR_TRUE;
- if (strict != CERT_N2A_READABLE) {
- tagName = NULL; /* must use OID.N form */
- }
- }
+ avaValue = CERT_DecodeAVAValue(&ava->value);
+ if (!avaValue) {
+ useHex = PR_TRUE;
+ if (strict != CERT_N2A_READABLE) {
+ tagName = NULL; /* must use OID.N form */
+ }
+ }
}
if (!tagName) {
- /* handle unknown attribute types per RFC 2253 */
- tagName = unknownTag = CERT_GetOidString(&ava->type);
- if (!tagName) {
- if (avaValue)
- SECITEM_FreeItem(avaValue, PR_TRUE);
- return SECFailure;
- }
+ /* handle unknown attribute types per RFC 2253 */
+ tagName = unknownTag = CERT_GetOidString(&ava->type);
+ if (!tagName) {
+ if (avaValue)
+ SECITEM_FreeItem(avaValue, PR_TRUE);
+ return SECFailure;
+ }
}
if (useHex) {
- avaValue = get_hex_string(&ava->value);
- if (!avaValue) {
- if (unknownTag)
- PR_smprintf_free(unknownTag);
- return SECFailure;
- }
+ avaValue = get_hex_string(&ava->value);
+ if (!avaValue) {
+ if (unknownTag)
+ PR_smprintf_free(unknownTag);
+ return SECFailure;
+ }
}
- nameLen = strlen(tagName);
- valueLen = (useHex ? avaValue->len :
- cert_RFC1485_GetRequiredLen((char *)avaValue->data, avaValue->len,
- &mode));
+ nameLen = strlen(tagName);
+ valueLen =
+ (useHex ? avaValue->len : cert_RFC1485_GetRequiredLen(
+ (char*)avaValue->data, avaValue->len, &mode));
len = nameLen + valueLen + 2; /* Add 2 for '=' and trailing NUL */
- maxName = nameLen;
+ maxName = nameLen;
maxValue = valueLen;
if (len <= sizeof(tmpBuf)) {
- encodedAVA = tmpBuf;
+ encodedAVA = tmpBuf;
} else if (strict != CERT_N2A_READABLE) {
- encodedAVA = PORT_Alloc(len);
- if (!encodedAVA) {
- SECITEM_FreeItem(avaValue, PR_TRUE);
- if (unknownTag)
- PR_smprintf_free(unknownTag);
- return SECFailure;
- }
+ encodedAVA = PORT_Alloc(len);
+ if (!encodedAVA) {
+ SECITEM_FreeItem(avaValue, PR_TRUE);
+ if (unknownTag)
+ PR_smprintf_free(unknownTag);
+ return SECFailure;
+ }
} else {
- /* Must make output fit in tmpbuf */
- unsigned int fair = (sizeof tmpBuf)/2 - 1; /* for = and \0 */
+ /* Must make output fit in tmpbuf */
+ unsigned int fair = (sizeof tmpBuf) / 2 - 1; /* for = and \0 */
- if (nameLen < fair) {
- /* just truncate the value */
- maxValue = (sizeof tmpBuf) - (nameLen + 6); /* for "=...\0",
- and possibly '"' */
- } else if (valueLen < fair) {
- /* just truncate the name */
- maxName = (sizeof tmpBuf) - (valueLen + 5); /* for "=...\0" */
- } else {
- /* truncate both */
- maxName = maxValue = fair - 3; /* for "..." */
- }
- if (nameLen > maxName) {
- PORT_Assert(unknownTag && unknownTag == tagName);
- truncateName = PR_TRUE;
- nameLen = maxName;
- }
- encodedAVA = tmpBuf;
+ if (nameLen < fair) {
+ /* just truncate the value */
+ maxValue = (sizeof tmpBuf) - (nameLen + 6); /* for "=...\0",
+ and possibly '"' */
+ } else if (valueLen < fair) {
+ /* just truncate the name */
+ maxName = (sizeof tmpBuf) - (valueLen + 5); /* for "=...\0" */
+ } else {
+ /* truncate both */
+ maxName = maxValue = fair - 3; /* for "..." */
+ }
+ if (nameLen > maxName) {
+ PORT_Assert(unknownTag && unknownTag == tagName);
+ truncateName = PR_TRUE;
+ nameLen = maxName;
+ }
+ encodedAVA = tmpBuf;
}
memcpy(encodedAVA, tagName, nameLen);
if (truncateName) {
- /* If tag name is too long, we know it is an OID form that was
- * allocated from the heap, so we can modify it in place
- */
- encodedAVA[nameLen-1] = '.';
- encodedAVA[nameLen-2] = '.';
- encodedAVA[nameLen-3] = '.';
+ /* If tag name is too long, we know it is an OID form that was
+ * allocated from the heap, so we can modify it in place
+ */
+ encodedAVA[nameLen - 1] = '.';
+ encodedAVA[nameLen - 2] = '.';
+ encodedAVA[nameLen - 3] = '.';
}
encodedAVA[nameLen++] = '=';
- if (unknownTag)
- PR_smprintf_free(unknownTag);
+ if (unknownTag)
+ PR_smprintf_free(unknownTag);
if (strict == CERT_N2A_READABLE && maxValue > maxBytes)
- maxValue = maxBytes;
+ maxValue = maxBytes;
if (valueLen > maxValue) {
- valueLen = maxValue;
- truncateValue = PR_TRUE;
+ valueLen = maxValue;
+ truncateValue = PR_TRUE;
}
/* escape and quote as necessary - don't quote hex strings */
if (useHex) {
- char * end = encodedAVA + nameLen + valueLen;
- memcpy(encodedAVA + nameLen, (char *)avaValue->data, valueLen);
- end[0] = '\0';
- if (truncateValue) {
- end[-1] = '.';
- end[-2] = '.';
- end[-3] = '.';
- }
- rv = SECSuccess;
+ char* end = encodedAVA + nameLen + valueLen;
+ memcpy(encodedAVA + nameLen, (char*)avaValue->data, valueLen);
+ end[0] = '\0';
+ if (truncateValue) {
+ end[-1] = '.';
+ end[-2] = '.';
+ end[-3] = '.';
+ }
+ rv = SECSuccess;
} else if (!truncateValue) {
- rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen,
- (char *)avaValue->data, avaValue->len, &mode);
+ rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen,
+ (char*)avaValue->data, avaValue->len, &mode);
} else {
- /* must truncate the escaped and quoted value */
- char bigTmpBuf[TMPBUF_LEN * 3 + 3];
- PORT_Assert(valueLen < sizeof tmpBuf);
- rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf,
- (char *)avaValue->data,
- PR_MIN(avaValue->len, valueLen), &mode);
+ /* must truncate the escaped and quoted value */
+ char bigTmpBuf[TMPBUF_LEN * 3 + 3];
+ PORT_Assert(valueLen < sizeof tmpBuf);
+ rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf, (char*)avaValue->data,
+ PR_MIN(avaValue->len, valueLen), &mode);
- bigTmpBuf[valueLen--] = '\0'; /* hard stop here */
- /* See if we're in the middle of a multi-byte UTF8 character */
- while (((bigTmpBuf[valueLen] & 0xc0) == 0x80) && valueLen > 0) {
- bigTmpBuf[valueLen--] = '\0';
- }
- /* add ellipsis to signify truncation. */
- bigTmpBuf[++valueLen] = '.';
- bigTmpBuf[++valueLen] = '.';
- bigTmpBuf[++valueLen] = '.';
- if (bigTmpBuf[0] == '"')
- bigTmpBuf[++valueLen] = '"';
- bigTmpBuf[++valueLen] = '\0';
- PORT_Assert(nameLen + valueLen <= (sizeof tmpBuf) - 1);
- memcpy(encodedAVA + nameLen, bigTmpBuf, valueLen+1);
+ bigTmpBuf[valueLen--] = '\0'; /* hard stop here */
+ /* See if we're in the middle of a multi-byte UTF8 character */
+ while (((bigTmpBuf[valueLen] & 0xc0) == 0x80) && valueLen > 0) {
+ bigTmpBuf[valueLen--] = '\0';
+ }
+ /* add ellipsis to signify truncation. */
+ bigTmpBuf[++valueLen] = '.';
+ bigTmpBuf[++valueLen] = '.';
+ bigTmpBuf[++valueLen] = '.';
+ if (bigTmpBuf[0] == '"')
+ bigTmpBuf[++valueLen] = '"';
+ bigTmpBuf[++valueLen] = '\0';
+ PORT_Assert(nameLen + valueLen <= (sizeof tmpBuf) - 1);
+ memcpy(encodedAVA + nameLen, bigTmpBuf, valueLen + 1);
}
SECITEM_FreeItem(avaValue, PR_TRUE);
if (rv == SECSuccess)
- rv = AppendStr(bufp, encodedAVA);
+ rv = AppendStr(bufp, encodedAVA);
if (encodedAVA != tmpBuf)
- PORT_Free(encodedAVA);
+ PORT_Free(encodedAVA);
return rv;
}
@@ -1070,63 +1074,66 @@
#undef tag
#undef vt
-char *
-CERT_NameToAsciiInvertible(CERTName *name, CertStrictnessLevel strict)
+char*
+CERT_NameToAsciiInvertible(CERTName* name, CertStrictnessLevel strict)
{
CERTRDN** rdns;
CERTRDN** lastRdn;
CERTRDN** rdn;
PRBool first = PR_TRUE;
stringBuf strBuf = { NULL, 0, 0 };
-
+
rdns = name->rdns;
if (rdns == NULL) {
- return NULL;
+ return NULL;
}
-
+
/* find last RDN */
lastRdn = rdns;
- while (*lastRdn) lastRdn++;
+ while (*lastRdn)
+ lastRdn++;
lastRdn--;
-
- /*
- * Loop over name contents in _reverse_ RDN order appending to string
- */
- for (rdn = lastRdn; rdn >= rdns; rdn--) {
- CERTAVA** avas = (*rdn)->avas;
- CERTAVA* ava;
- PRBool newRDN = PR_TRUE;
- /*
- * XXX Do we need to traverse the AVAs in reverse order, too?
- */
- while (avas && (ava = *avas++) != NULL) {
- SECStatus rv;
- /* Put in comma or plus separator */
- if (!first) {
- /* Use of spaces is deprecated in RFC 2253. */
- rv = AppendStr(&strBuf, newRDN ? "," : "+");
- if (rv) goto loser;
- } else {
- first = PR_FALSE;
- }
-
- /* Add in tag type plus value into strBuf */
- rv = AppendAVA(&strBuf, ava, strict);
- if (rv) goto loser;
- newRDN = PR_FALSE;
- }
+ /*
+ * Loop over name contents in _reverse_ RDN order appending to string
+ */
+ for (rdn = lastRdn; rdn >= rdns; rdn--) {
+ CERTAVA** avas = (*rdn)->avas;
+ CERTAVA* ava;
+ PRBool newRDN = PR_TRUE;
+
+ /*
+ * XXX Do we need to traverse the AVAs in reverse order, too?
+ */
+ while (avas && (ava = *avas++) != NULL) {
+ SECStatus rv;
+ /* Put in comma or plus separator */
+ if (!first) {
+ /* Use of spaces is deprecated in RFC 2253. */
+ rv = AppendStr(&strBuf, newRDN ? "," : "+");
+ if (rv)
+ goto loser;
+ } else {
+ first = PR_FALSE;
+ }
+
+ /* Add in tag type plus value into strBuf */
+ rv = AppendAVA(&strBuf, ava, strict);
+ if (rv)
+ goto loser;
+ newRDN = PR_FALSE;
+ }
}
return strBuf.buffer;
loser:
if (strBuf.buffer) {
- PORT_Free(strBuf.buffer);
+ PORT_Free(strBuf.buffer);
}
return NULL;
}
-char *
-CERT_NameToAscii(CERTName *name)
+char*
+CERT_NameToAscii(CERTName* name)
{
return CERT_NameToAsciiInvertible(name, CERT_N2A_READABLE);
}
@@ -1135,62 +1142,62 @@
* Return the string representation of a DER encoded distinguished name
* "dername" - The DER encoded name to convert
*/
-char *
-CERT_DerNameToAscii(SECItem *dername)
+char*
+CERT_DerNameToAscii(SECItem* dername)
{
int rv;
- PLArenaPool *arena = NULL;
+ PLArenaPool* arena = NULL;
CERTName name;
- char *retstr = NULL;
-
+ char* retstr = NULL;
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( arena == NULL) {
- goto loser;
+
+ if (arena == NULL) {
+ goto loser;
}
-
+
rv = SEC_QuickDERDecodeItem(arena, &name, CERT_NameTemplate, dername);
-
- if ( rv != SECSuccess ) {
- goto loser;
+
+ if (rv != SECSuccess) {
+ goto loser;
}
retstr = CERT_NameToAscii(&name);
loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (arena != NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
}
-
- return(retstr);
+
+ return (retstr);
}
-static char *
-avaToString(PLArenaPool *arena, CERTAVA *ava)
+static char*
+avaToString(PLArenaPool* arena, CERTAVA* ava)
{
- char * buf = NULL;
- SECItem* avaValue;
- int valueLen;
+ char* buf = NULL;
+ SECItem* avaValue;
+ int valueLen;
avaValue = CERT_DecodeAVAValue(&ava->value);
- if(!avaValue) {
- return buf;
+ if (!avaValue) {
+ return buf;
}
- valueLen = cert_RFC1485_GetRequiredLen((char *)avaValue->data,
- avaValue->len, NULL) + 1;
+ valueLen =
+ cert_RFC1485_GetRequiredLen((char*)avaValue->data, avaValue->len, NULL) + 1;
if (arena) {
- buf = (char *)PORT_ArenaZAlloc(arena, valueLen);
+ buf = (char*)PORT_ArenaZAlloc(arena, valueLen);
} else {
- buf = (char *)PORT_ZAlloc(valueLen);
+ buf = (char*)PORT_ZAlloc(valueLen);
}
if (buf) {
- SECStatus rv = escapeAndQuote(buf, valueLen, (char *)avaValue->data,
- avaValue->len, NULL);
- if (rv != SECSuccess) {
- if (!arena)
- PORT_Free(buf);
- buf = NULL;
- }
+ SECStatus rv =
+ escapeAndQuote(buf, valueLen, (char*)avaValue->data, avaValue->len, NULL);
+ if (rv != SECSuccess) {
+ if (!arena)
+ PORT_Free(buf);
+ buf = NULL;
+ }
}
SECITEM_FreeItem(avaValue, PR_TRUE);
return buf;
@@ -1199,22 +1206,22 @@
/* RDNs are sorted from most general to most specific.
* This code returns the FIRST one found, the most general one found.
*/
-static char *
-CERT_GetNameElement(PLArenaPool *arena, const CERTName *name, int wantedTag)
+static char*
+CERT_GetNameElement(PLArenaPool* arena, const CERTName* name, int wantedTag)
{
CERTRDN** rdns = name->rdns;
- CERTRDN* rdn;
- CERTAVA* ava = NULL;
+ CERTRDN* rdn;
+ CERTAVA* ava = NULL;
while (rdns && (rdn = *rdns++) != 0) {
- CERTAVA** avas = rdn->avas;
- while (avas && (ava = *avas++) != 0) {
- int tag = CERT_GetAVATag(ava);
- if ( tag == wantedTag ) {
- avas = NULL;
- rdns = NULL; /* break out of all loops */
- }
- }
+ CERTAVA** avas = rdn->avas;
+ while (avas && (ava = *avas++) != 0) {
+ int tag = CERT_GetAVATag(ava);
+ if (tag == wantedTag) {
+ avas = NULL;
+ rdns = NULL; /* break out of all loops */
+ }
+ }
}
return ava ? avaToString(arena, ava) : NULL;
}
@@ -1223,119 +1230,123 @@
* This code returns the LAST one found, the most specific one found.
* This is particularly appropriate for Common Name. See RFC 2818.
*/
-static char *
-CERT_GetLastNameElement(PLArenaPool *arena, const CERTName *name, int wantedTag)
+static char*
+CERT_GetLastNameElement(PLArenaPool* arena, const CERTName* name, int wantedTag)
{
- CERTRDN** rdns = name->rdns;
- CERTRDN* rdn;
- CERTAVA* lastAva = NULL;
-
+ CERTRDN** rdns = name->rdns;
+ CERTRDN* rdn;
+ CERTAVA* lastAva = NULL;
+
while (rdns && (rdn = *rdns++) != 0) {
- CERTAVA** avas = rdn->avas;
- CERTAVA* ava;
- while (avas && (ava = *avas++) != 0) {
- int tag = CERT_GetAVATag(ava);
- if ( tag == wantedTag ) {
- lastAva = ava;
- }
- }
+ CERTAVA** avas = rdn->avas;
+ CERTAVA* ava;
+ while (avas && (ava = *avas++) != 0) {
+ int tag = CERT_GetAVATag(ava);
+ if (tag == wantedTag) {
+ lastAva = ava;
+ }
+ }
}
return lastAva ? avaToString(arena, lastAva) : NULL;
}
-char *
-CERT_GetCertificateEmailAddress(CERTCertificate *cert)
+char*
+CERT_GetCertificateEmailAddress(CERTCertificate* cert)
{
- char *rawEmailAddr = NULL;
+ char* rawEmailAddr = NULL;
SECItem subAltName;
SECStatus rv;
- CERTGeneralName *nameList = NULL;
- CERTGeneralName *current;
- PLArenaPool *arena = NULL;
+ CERTGeneralName* nameList = NULL;
+ CERTGeneralName* current;
+ PLArenaPool* arena = NULL;
int i;
-
+
subAltName.data = NULL;
rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject),
- SEC_OID_PKCS9_EMAIL_ADDRESS);
- if ( rawEmailAddr == NULL ) {
- rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject),
- SEC_OID_RFC1274_MAIL);
+ SEC_OID_PKCS9_EMAIL_ADDRESS);
+ if (rawEmailAddr == NULL) {
+ rawEmailAddr =
+ CERT_GetNameElement(cert->arena, &(cert->subject), SEC_OID_RFC1274_MAIL);
}
- if ( rawEmailAddr == NULL) {
+ if (rawEmailAddr == NULL) {
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
- &subAltName);
- if (rv != SECSuccess) {
- goto finish;
- }
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) {
- goto finish;
- }
- nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName);
- if (!nameList ) {
- goto finish;
- }
- if (nameList != NULL) {
- do {
- if (current->type == certDirectoryName) {
- rawEmailAddr = CERT_GetNameElement(cert->arena,
- &(current->name.directoryName),
- SEC_OID_PKCS9_EMAIL_ADDRESS);
- if ( rawEmailAddr == NULL ) {
- rawEmailAddr = CERT_GetNameElement(cert->arena,
- &(current->name.directoryName), SEC_OID_RFC1274_MAIL);
- }
- } else if (current->type == certRFC822Name) {
- rawEmailAddr = (char*)PORT_ArenaZAlloc(cert->arena,
- current->name.other.len + 1);
- if (!rawEmailAddr) {
- goto finish;
- }
- PORT_Memcpy(rawEmailAddr, current->name.other.data,
- current->name.other.len);
- rawEmailAddr[current->name.other.len] = '\0';
- }
- if (rawEmailAddr) {
- break;
- }
- current = CERT_GetNextGeneralName(current);
- } while (current != nameList);
- }
+ rv =
+ CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, &subAltName);
+ if (rv != SECSuccess) {
+ goto finish;
+ }
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ goto finish;
+ }
+ nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName);
+ if (!nameList) {
+ goto finish;
+ }
+ if (nameList != NULL) {
+ do {
+ if (current->type == certDirectoryName) {
+ rawEmailAddr =
+ CERT_GetNameElement(cert->arena, &(current->name.directoryName),
+ SEC_OID_PKCS9_EMAIL_ADDRESS);
+ if (rawEmailAddr ==
+ NULL) {
+ rawEmailAddr =
+ CERT_GetNameElement(cert->arena, &(current->name.directoryName),
+ SEC_OID_RFC1274_MAIL);
+ }
+ } else if (current->type == certRFC822Name) {
+ rawEmailAddr =
+ (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len +
+ 1);
+ if (!rawEmailAddr) {
+ goto finish;
+ }
+ PORT_Memcpy(rawEmailAddr, current->name.other.data,
+ current->name.other.len);
+ rawEmailAddr[current->name.other.len] =
+ '\0';
+ }
+ if (rawEmailAddr) {
+ break;
+ }
+ current = CERT_GetNextGeneralName(current);
+ } while (current != nameList);
+ }
}
if (rawEmailAddr) {
- for (i = 0; i <= (int) PORT_Strlen(rawEmailAddr); i++) {
- rawEmailAddr[i] = tolower(rawEmailAddr[i]);
- }
- }
+ for (i = 0; i <= (int)PORT_Strlen(rawEmailAddr); i++) {
+ rawEmailAddr[i] = tolower(rawEmailAddr[i]);
+ }
+ }
finish:
/* Don't free nameList, it's part of the arena. */
if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
- if ( subAltName.data ) {
- SECITEM_FreeItem(&subAltName, PR_FALSE);
+ if (subAltName.data) {
+ SECITEM_FreeItem(&subAltName, PR_FALSE);
}
- return(rawEmailAddr);
+ return (rawEmailAddr);
}
-static char *
-appendStringToBuf(char *dest, char *src, PRUint32 *pRemaining)
+static char*
+appendStringToBuf(char* dest, char* src, PRUint32* pRemaining)
{
PRUint32 len;
if (dest && src && src[0] && *pRemaining > (len = PL_strlen(src))) {
- PRUint32 i;
- for (i = 0; i < len; ++i)
- dest[i] = tolower(src[i]);
- dest[len] = 0;
- dest += len + 1;
- *pRemaining -= len + 1;
+ PRUint32 i;
+ for (i = 0; i < len; ++i)
+ dest[i] = tolower(src[i]);
+ dest[len] = 0;
+ dest += len + 1;
+ *pRemaining -= len + 1;
}
return dest;
}
@@ -1343,112 +1354,118 @@
#undef NEEDS_HEX_ESCAPE
#define NEEDS_HEX_ESCAPE(c) (c < 0x20)
-static char *
-appendItemToBuf(char *dest, SECItem *src, PRUint32 *pRemaining)
+static char*
+appendItemToBuf(char* dest, SECItem* src, PRUint32* pRemaining)
{
if (dest && src && src->data && src->len && src->data[0]) {
- PRUint32 len = src->len;
- PRUint32 i;
- PRUint32 reqLen = len + 1;
- /* are there any embedded control characters ? */
- for (i = 0; i < len; i++) {
- if (NEEDS_HEX_ESCAPE(src->data[i]))
- reqLen += 2;
- }
- if (*pRemaining > reqLen) {
- for (i = 0; i < len; ++i) {
- PRUint8 c = src->data[i];
- if (NEEDS_HEX_ESCAPE(c)) {
- *dest++ = C_BACKSLASH;
- *dest++ = hexChars[ (c >> 4) & 0x0f ];
- *dest++ = hexChars[ c & 0x0f ];
- } else {
- *dest++ = tolower(c);
- }
- }
- *dest++ = '\0';
- *pRemaining -= reqLen;
- }
+ PRUint32 len = src->len;
+ PRUint32 i;
+ PRUint32 reqLen = len + 1;
+ /* are there any embedded control characters ? */
+ for (i = 0; i < len; i++) {
+ if (NEEDS_HEX_ESCAPE(src->data[i]))
+ reqLen += 2;
+ }
+ if (*pRemaining > reqLen) {
+ for (i = 0; i < len; ++i) {
+ PRUint8 c = src->data[i];
+ if (NEEDS_HEX_ESCAPE(c)) {
+ *dest++ =
+ C_BACKSLASH;
+ *dest++ =
+ hexChars[(c >> 4) & 0x0f];
+ *dest++ =
+ hexChars[c & 0x0f];
+ } else {
+ *dest++ =
+ tolower(c);
+ }
+ }
+ *dest++ = '\0';
+ *pRemaining -= reqLen;
+ }
}
return dest;
}
-/* Returns a pointer to an environment-like string, a series of
+/* Returns a pointer to an environment-like string, a series of
** null-terminated strings, terminated by a zero-length string.
** This function is intended to be internal to NSS.
*/
-char *
-cert_GetCertificateEmailAddresses(CERTCertificate *cert)
+char*
+cert_GetCertificateEmailAddresses(CERTCertificate* cert)
{
- char * rawEmailAddr = NULL;
- char * addrBuf = NULL;
- char * pBuf = NULL;
- PLArenaPool * tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- PRUint32 maxLen = 0;
- PRInt32 finalLen = 0;
- SECStatus rv;
- SECItem subAltName;
-
- if (!tmpArena)
- return addrBuf;
+ char* rawEmailAddr = NULL;
+ char* addrBuf = NULL;
+ char* pBuf = NULL;
+ PLArenaPool* tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ PRUint32 maxLen = 0;
+ PRInt32 finalLen = 0;
+ SECStatus rv;
+ SECItem subAltName;
+
+ if (!tmpArena)
+ return addrBuf;
subAltName.data = NULL;
maxLen = cert->derCert.len;
PORT_Assert(maxLen);
- if (!maxLen)
- maxLen = 2000; /* a guess, should never happen */
+ if (!maxLen)
+ maxLen = 2000; /* a guess, should never happen */
- pBuf = addrBuf = (char *)PORT_ArenaZAlloc(tmpArena, maxLen + 1);
- if (!addrBuf)
- goto loser;
+ pBuf = addrBuf = (char*)PORT_ArenaZAlloc(tmpArena, maxLen + 1);
+ if (!addrBuf)
+ goto loser;
- rawEmailAddr = CERT_GetNameElement(tmpArena, &cert->subject,
- SEC_OID_PKCS9_EMAIL_ADDRESS);
+ rawEmailAddr =
+ CERT_GetNameElement(tmpArena, &cert->subject, SEC_OID_PKCS9_EMAIL_ADDRESS);
pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
- rawEmailAddr = CERT_GetNameElement(tmpArena, &cert->subject,
- SEC_OID_RFC1274_MAIL);
+ rawEmailAddr =
+ CERT_GetNameElement(tmpArena, &cert->subject, SEC_OID_RFC1274_MAIL);
pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
- &subAltName);
+ rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, &subAltName);
if (rv == SECSuccess && subAltName.data) {
- CERTGeneralName *nameList = NULL;
+ CERTGeneralName* nameList = NULL;
- if (!!(nameList = CERT_DecodeAltNameExtension(tmpArena, &subAltName))) {
- CERTGeneralName *current = nameList;
- do {
- if (current->type == certDirectoryName) {
- rawEmailAddr = CERT_GetNameElement(tmpArena,
- ¤t->name.directoryName,
- SEC_OID_PKCS9_EMAIL_ADDRESS);
- pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
+ if (!!(nameList = CERT_DecodeAltNameExtension(tmpArena, &subAltName))) {
+ CERTGeneralName* current = nameList;
+ do {
+ if (current->type == certDirectoryName) {
+ rawEmailAddr =
+ CERT_GetNameElement(tmpArena, ¤t->name.directoryName,
+ SEC_OID_PKCS9_EMAIL_ADDRESS);
+ pBuf =
+ appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
- rawEmailAddr = CERT_GetNameElement(tmpArena,
- ¤t->name.directoryName,
- SEC_OID_RFC1274_MAIL);
- pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
- } else if (current->type == certRFC822Name) {
- pBuf = appendItemToBuf(pBuf, ¤t->name.other, &maxLen);
- }
- current = CERT_GetNextGeneralName(current);
- } while (current != nameList);
- }
- SECITEM_FreeItem(&subAltName, PR_FALSE);
- /* Don't free nameList, it's part of the tmpArena. */
+ rawEmailAddr =
+ CERT_GetNameElement(
+ tmpArena, ¤t->name.directoryName, SEC_OID_RFC1274_MAIL);
+ pBuf =
+ appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
+ } else if (current->type == certRFC822Name) {
+ pBuf =
+ appendItemToBuf(pBuf, ¤t->name.other, &maxLen);
+ }
+ current = CERT_GetNextGeneralName(current);
+ } while (current != nameList);
+ }
+ SECITEM_FreeItem(&subAltName, PR_FALSE);
+ /* Don't free nameList, it's part of the tmpArena. */
}
/* now copy superstring to cert's arena */
finalLen = (pBuf - addrBuf) + 1;
pBuf = NULL;
if (finalLen > 1) {
- pBuf = PORT_ArenaAlloc(cert->arena, finalLen);
- if (pBuf) {
- PORT_Memcpy(pBuf, addrBuf, finalLen);
- }
+ pBuf = PORT_ArenaAlloc(cert->arena, finalLen);
+ if (pBuf) {
+ PORT_Memcpy(pBuf, addrBuf, finalLen);
+ }
}
loser:
if (tmpArena)
- PORT_FreeArena(tmpArena, PR_FALSE);
+ PORT_FreeArena(tmpArena, PR_FALSE);
return pBuf;
}
@@ -1457,11 +1474,11 @@
** as long as cert's reference count doesn't go to zero.
** Caller should strdup or otherwise copy.
*/
-const char * /* const so caller won't muck with it. */
-CERT_GetFirstEmailAddress(CERTCertificate * cert)
+const char* /* const so caller won't muck with it. */
+ CERT_GetFirstEmailAddress(CERTCertificate* cert)
{
if (cert && cert->emailAddr && cert->emailAddr[0])
- return (const char *)cert->emailAddr;
+ return (const char*)cert->emailAddr;
return NULL;
}
@@ -1469,92 +1486,91 @@
** as long as cert's reference count doesn't go to zero.
** Caller should strdup or otherwise copy.
*/
-const char * /* const so caller won't muck with it. */
-CERT_GetNextEmailAddress(CERTCertificate * cert, const char * prev)
+const char* /* const so caller won't muck with it. */
+ CERT_GetNextEmailAddress(CERTCertificate* cert, const char* prev)
{
if (cert && prev && prev[0]) {
- PRUint32 len = PL_strlen(prev);
- prev += len + 1;
- if (prev && prev[0])
- return prev;
+ PRUint32 len = PL_strlen(prev);
+ prev += len + 1;
+ if (prev && prev[0])
+ return prev;
}
return NULL;
}
/* This is seriously bogus, now that certs store their email addresses in
-** subject Alternative Name extensions.
+** subject Alternative Name extensions.
** Returns a string allocated by PORT_StrDup, which the caller must free.
*/
-char *
-CERT_GetCertEmailAddress(const CERTName *name)
+char*
+CERT_GetCertEmailAddress(const CERTName* name)
{
- char *rawEmailAddr;
- char *emailAddr;
+ char* rawEmailAddr;
+ char* emailAddr;
-
rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_PKCS9_EMAIL_ADDRESS);
- if ( rawEmailAddr == NULL ) {
- rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_MAIL);
+ if (rawEmailAddr == NULL) {
+ rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_MAIL);
}
emailAddr = CERT_FixupEmailAddr(rawEmailAddr);
- if ( rawEmailAddr ) {
- PORT_Free(rawEmailAddr);
+ if (rawEmailAddr) {
+ PORT_Free(rawEmailAddr);
}
- return(emailAddr);
+ return (emailAddr);
}
/* The return value must be freed with PORT_Free. */
-char *
-CERT_GetCommonName(const CERTName *name)
+char*
+CERT_GetCommonName(const CERTName* name)
{
- return(CERT_GetLastNameElement(NULL, name, SEC_OID_AVA_COMMON_NAME));
+ return (CERT_GetLastNameElement(NULL, name, SEC_OID_AVA_COMMON_NAME));
}
-char *
-CERT_GetCountryName(const CERTName *name)
+char*
+CERT_GetCountryName(const CERTName* name)
{
- return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_COUNTRY_NAME));
+ return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_COUNTRY_NAME));
}
-char *
-CERT_GetLocalityName(const CERTName *name)
+char*
+CERT_GetLocalityName(const CERTName* name)
{
- return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_LOCALITY));
+ return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_LOCALITY));
}
-char *
-CERT_GetStateName(const CERTName *name)
+char*
+CERT_GetStateName(const CERTName* name)
{
- return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_STATE_OR_PROVINCE));
+ return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_STATE_OR_PROVINCE));
}
-char *
-CERT_GetOrgName(const CERTName *name)
+char*
+CERT_GetOrgName(const CERTName* name)
{
- return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATION_NAME));
+ return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATION_NAME));
}
-char *
-CERT_GetDomainComponentName(const CERTName *name)
+char*
+CERT_GetDomainComponentName(const CERTName* name)
{
- return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_DC));
+ return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_DC));
}
-char *
-CERT_GetOrgUnitName(const CERTName *name)
+char*
+CERT_GetOrgUnitName(const CERTName* name)
{
- return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME));
+ return (
+ CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME));
}
-char *
-CERT_GetDnQualifier(const CERTName *name)
+char*
+CERT_GetDnQualifier(const CERTName* name)
{
- return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_DN_QUALIFIER));
+ return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_DN_QUALIFIER));
}
-char *
-CERT_GetCertUid(const CERTName *name)
+char*
+CERT_GetCertUid(const CERTName* name)
{
- return(CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_UID));
+ return (CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_UID));
}
-
diff --git a/nss/lib/certdb/cert.h b/nss/lib/certdb/cert.h
index 4564dc2..e0af65a 100644
--- a/nss/lib/certdb/cert.h
+++ b/nss/lib/certdb/cert.h
@@ -22,7 +22,7 @@
#include "certt.h"
SEC_BEGIN_PROTOS
-
+
/****************************************************************************
*
* RFC1485 ascii to/from X.? RelativeDistinguishedName (aka CERTName)
@@ -47,14 +47,14 @@
** Returns a string that must be freed with PORT_Free().
** Caller chooses encoding rules.
*/
-extern char *CERT_NameToAsciiInvertible(CERTName *name,
+extern char *CERT_NameToAsciiInvertible(CERTName *name,
CertStrictnessLevel strict);
extern CERTAVA *CERT_CopyAVA(PLArenaPool *arena, CERTAVA *src);
/* convert an OID to dotted-decimal representation */
/* Returns a string that must be freed with PR_smprintf_free(). */
-extern char * CERT_GetOidString(const SECItem *oid);
+extern char *CERT_GetOidString(const SECItem *oid);
/*
** Examine an AVA and return the tag that refers to it. The AVA tags are
@@ -126,24 +126,24 @@
/*
** Convert a CERTName into something readable
*/
-extern char *CERT_FormatName (CERTName *name);
+extern char *CERT_FormatName(CERTName *name);
/*
** Convert a der-encoded integer to a hex printable string form.
** Perhaps this should be a SEC function but it's only used for certs.
*/
-extern char *CERT_Hexify (SECItem *i, int do_colon);
+extern char *CERT_Hexify(SECItem *i, int do_colon);
/*
-** Converts DER string (with explicit length) into zString, if destination
-** buffer is big enough to receive it. Does quoting and/or escaping as
+** Converts DER string (with explicit length) into zString, if destination
+** buffer is big enough to receive it. Does quoting and/or escaping as
** specified in RFC 1485. Input string must be single or multi-byte DER
** character set, (ASCII, UTF8, or ISO 8851-x) not a wide character set.
** Returns SECSuccess or SECFailure with error code set. If output buffer
** is too small, sets error code SEC_ERROR_OUTPUT_LEN.
*/
-extern SECStatus
-CERT_RFC1485_EscapeAndQuote(char *dst, int dstlen, char *src, int srclen);
+extern SECStatus CERT_RFC1485_EscapeAndQuote(char *dst, int dstlen, char *src,
+ int srclen);
/******************************************************************************
*
@@ -171,14 +171,14 @@
** before memory is allocated (use CERT_DestroyValidity(v, PR_FALSE) to do
** that).
*/
-extern SECStatus CERT_CopyValidity
- (PLArenaPool *arena, CERTValidity *dest, CERTValidity *src);
+extern SECStatus CERT_CopyValidity(PLArenaPool *arena, CERTValidity *dest,
+ CERTValidity *src);
/*
** The cert lib considers a cert or CRL valid if the "notBefore" time is
-** in the not-too-distant future, e.g. within the next 24 hours. This
+** in the not-too-distant future, e.g. within the next 24 hours. This
** prevents freshly issued certificates from being considered invalid
-** because the local system's time zone is incorrectly set.
+** because the local system's time zone is incorrectly set.
** The amount of "pending slop time" is adjustable by the application.
** Units of SlopTime are seconds. Default is 86400 (24 hours).
** Negative SlopTime values are not allowed.
@@ -195,9 +195,10 @@
** "validity" the validity period of the certificate
** "req" the certificate request that prompted the certificate issuance
*/
-extern CERTCertificate *
-CERT_CreateCertificate (unsigned long serialNumber, CERTName *issuer,
- CERTValidity *validity, CERTCertificateRequest *req);
+extern CERTCertificate *CERT_CreateCertificate(unsigned long serialNumber,
+ CERTName *issuer,
+ CERTValidity *validity,
+ CERTCertificateRequest *req);
/*
** Destroy a certificate object
@@ -221,9 +222,8 @@
** "spki" describes/defines the public key the certificate is for
** "attributes" if non-zero, some optional attribute data
*/
-extern CERTCertificateRequest *
-CERT_CreateCertificateRequest (CERTName *name, CERTSubjectPublicKeyInfo *spki,
- SECItem **attributes);
+extern CERTCertificateRequest *CERT_CreateCertificateRequest(
+ CERTName *name, CERTSubjectPublicKeyInfo *spki, SECItem **attributes);
/*
** Destroy a certificate-request object
@@ -235,22 +235,19 @@
/*
** Start adding extensions to a certificate request.
*/
-void *
-CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req);
+void *CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req);
/*
** Reformat the certificate extension list into a CertificateRequest
** attribute list.
*/
-SECStatus
-CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req);
+SECStatus CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req);
/*
** Extract the Extension Requests from a DER CertRequest attribute list.
*/
-SECStatus
-CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req,
- CERTCertExtension ***exts);
+SECStatus CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req,
+ CERTCertExtension ***exts);
/*
** Extract a public key object from a certificate
@@ -261,7 +258,7 @@
** Retrieve the Key Type associated with the cert we're dealing with
*/
-extern KeyType CERT_GetCertKeyType (const CERTSubjectPublicKeyInfo *spki);
+extern KeyType CERT_GetCertKeyType(const CERTSubjectPublicKeyInfo *spki);
/*
** Initialize the certificate database. This is called to create
@@ -278,13 +275,12 @@
extern CERTCertDBHandle *CERT_GetDefaultCertDB(void);
-extern CERTCertList *CERT_GetCertChainFromCert(CERTCertificate *cert,
- PRTime time,
- SECCertUsage usage);
-extern CERTCertificate *
-CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert,
- char *nickname, PRBool isperm, PRBool copyDER);
-
+extern CERTCertList *CERT_GetCertChainFromCert(CERTCertificate *cert,
+ PRTime time, SECCertUsage usage);
+extern CERTCertificate *CERT_NewTempCertificate(CERTCertDBHandle *handle,
+ SECItem *derCert,
+ char *nickname, PRBool isperm,
+ PRBool copyDER);
/******************************************************************************
*
@@ -300,8 +296,8 @@
** DER_T61_STRING
** "value" is the null terminated string containing the value
*/
-extern CERTAVA *CERT_CreateAVA
- (PLArenaPool *arena, SECOidTag kind, int valueType, char *value);
+extern CERTAVA *CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind,
+ int valueType, char *value);
/*
** Extract the Distinguished Name from a DER encoded certificate
@@ -315,18 +311,14 @@
** "derCert" is the DER encoded certificate
** "derName" is the SECItem that the name is returned in
*/
-extern SECStatus CERT_IssuerNameFromDERCert(SECItem *derCert,
- SECItem *derName);
+extern SECStatus CERT_IssuerNameFromDERCert(SECItem *derCert, SECItem *derName);
-extern SECItem *
-CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
- PLArenaPool *arena);
+extern SECItem *CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
+ PLArenaPool *arena);
-extern CERTGeneralName *
-CERT_DecodeGeneralName(PLArenaPool *reqArena, SECItem *encodedName,
- CERTGeneralName *genName);
-
-
+extern CERTGeneralName *CERT_DecodeGeneralName(PLArenaPool *reqArena,
+ SECItem *encodedName,
+ CERTGeneralName *genName);
/*
** Generate a database search key for a certificate, based on the
@@ -339,11 +331,10 @@
SECItem *key);
extern SECStatus CERT_KeyFromIssuerAndSN(PLArenaPool *arena, SECItem *issuer,
- SECItem *sn, SECItem *key);
+ SECItem *sn, SECItem *key);
-extern SECStatus CERT_SerialNumberFromDERCert(SECItem *derCert,
- SECItem *derName);
-
+extern SECStatus CERT_SerialNumberFromDERCert(SECItem *derCert,
+ SECItem *derName);
/*
** Generate a database search key for a crl, based on the
@@ -352,17 +343,18 @@
** "derCrl" the DER encoded crl
** "key" the returned key
*/
-extern SECStatus CERT_KeyFromDERCrl(PLArenaPool *arena, SECItem *derCrl, SECItem *key);
+extern SECStatus CERT_KeyFromDERCrl(PLArenaPool *arena, SECItem *derCrl,
+ SECItem *key);
/*
** Open the certificate database. Use callback to get name of database.
*/
extern SECStatus CERT_OpenCertDB(CERTCertDBHandle *handle, PRBool readOnly,
- CERTDBNameFunc namecb, void *cbarg);
+ CERTDBNameFunc namecb, void *cbarg);
/* Open the certificate database. Use given filename for database. */
extern SECStatus CERT_OpenCertDBFilename(CERTCertDBHandle *handle,
- char *certdbname, PRBool readOnly);
+ char *certdbname, PRBool readOnly);
/*
** Open and initialize a cert database that is entirely in memory. This
@@ -374,11 +366,11 @@
** Extract the list of host names, host name patters, IP address strings
** this cert is valid for.
** This function does NOT return nicknames.
-** Type CERTCertNicknames is being used because it's a convenient
+** Type CERTCertNicknames is being used because it's a convenient
** data structure to carry a list of strings and its count.
*/
-extern CERTCertNicknames *
- CERT_GetValidDNSPatternsFromCert(CERTCertificate *cert);
+extern CERTCertNicknames *CERT_GetValidDNSPatternsFromCert(
+ CERTCertificate *cert);
/*
** Check the hostname to make sure that it matches the shexp that
@@ -391,7 +383,8 @@
** Add a domain name to the list of names that the user has explicitly
** allowed (despite cert name mismatches) for use with a server cert.
*/
-extern SECStatus CERT_AddOKDomainName(CERTCertificate *cert, const char *hostname);
+extern SECStatus CERT_AddOKDomainName(CERTCertificate *cert,
+ const char *hostname);
/*
** Decode a DER encoded certificate into an CERTCertificate structure
@@ -401,30 +394,31 @@
** "nickname" is the nickname to use in the database. If it is NULL
** then a temporary nickname is generated.
*/
-extern CERTCertificate *
-CERT_DecodeDERCertificate (SECItem *derSignedCert, PRBool copyDER, char *nickname);
+extern CERTCertificate *CERT_DecodeDERCertificate(SECItem *derSignedCert,
+ PRBool copyDER,
+ char *nickname);
/*
** Decode a DER encoded CRL into a CERTSignedCrl structure
** "derSignedCrl" is the DER encoded signed CRL.
** "type" must be SEC_CRL_TYPE.
*/
-#define SEC_CRL_TYPE 1
-#define SEC_KRL_TYPE 0 /* deprecated */
+#define SEC_CRL_TYPE 1
+#define SEC_KRL_TYPE 0 /* deprecated */
-extern CERTSignedCrl *
-CERT_DecodeDERCrl (PLArenaPool *arena, SECItem *derSignedCrl,int type);
+extern CERTSignedCrl *CERT_DecodeDERCrl(PLArenaPool *arena,
+ SECItem *derSignedCrl, int type);
/*
* same as CERT_DecodeDERCrl, plus allow options to be passed in
*/
-extern CERTSignedCrl *
-CERT_DecodeDERCrlWithFlags(PLArenaPool *narena, SECItem *derSignedCrl,
- int type, PRInt32 options);
+extern CERTSignedCrl *CERT_DecodeDERCrlWithFlags(PLArenaPool *narena,
+ SECItem *derSignedCrl,
+ int type, PRInt32 options);
/* CRL options to pass */
-#define CRL_DECODE_DEFAULT_OPTIONS 0x00000000
+#define CRL_DECODE_DEFAULT_OPTIONS 0x00000000
/* when CRL_DECODE_DONT_COPY_DER is set, the DER is not copied . The
application must then keep derSignedCrl until it destroys the
@@ -432,33 +426,32 @@
and pass that arena in as the first argument to
CERT_DecodeDERCrlWithFlags */
-#define CRL_DECODE_DONT_COPY_DER 0x00000001
-#define CRL_DECODE_SKIP_ENTRIES 0x00000002
-#define CRL_DECODE_KEEP_BAD_CRL 0x00000004
-#define CRL_DECODE_ADOPT_HEAP_DER 0x00000008
+#define CRL_DECODE_DONT_COPY_DER 0x00000001
+#define CRL_DECODE_SKIP_ENTRIES 0x00000002
+#define CRL_DECODE_KEEP_BAD_CRL 0x00000004
+#define CRL_DECODE_ADOPT_HEAP_DER 0x00000008
/* complete the decoding of a partially decoded CRL, ie. decode the
entries. Note that entries is an optional field in a CRL, so the
"entries" pointer in CERTCrlStr may still be NULL even after
function returns SECSuccess */
-extern SECStatus CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl);
+extern SECStatus CERT_CompleteCRLDecodeEntries(CERTSignedCrl *crl);
/* Validate CRL then import it to the dbase. If there is already a CRL with the
- * same CA in the dbase, it will be replaced if derCRL is more up to date.
- * If the process successes, a CRL will be returned. Otherwise, a NULL will
- * be returned. The caller should call PORT_GetError() for the exactly error
+ * same CA in the dbase, it will be replaced if derCRL is more up to date.
+ * If the process successes, a CRL will be returned. Otherwise, a NULL will
+ * be returned. The caller should call PORT_GetError() for the exactly error
* code.
*/
-extern CERTSignedCrl *
-CERT_ImportCRL (CERTCertDBHandle *handle, SECItem *derCRL, char *url,
- int type, void * wincx);
+extern CERTSignedCrl *CERT_ImportCRL(CERTCertDBHandle *handle, SECItem *derCRL,
+ char *url, int type, void *wincx);
-extern void CERT_DestroyCrl (CERTSignedCrl *crl);
+extern void CERT_DestroyCrl(CERTSignedCrl *crl);
/* this is a hint to flush the CRL cache. crlKey is the DER subject of
the issuer (CA). */
-void CERT_CRLCacheRefreshIssuer(CERTCertDBHandle* dbhandle, SECItem* crlKey);
+void CERT_CRLCacheRefreshIssuer(CERTCertDBHandle *dbhandle, SECItem *crlKey);
/* add the specified DER CRL object to the CRL cache. Doing so will allow
certificate verification functions (such as CERT_VerifyCertificate)
@@ -468,114 +461,113 @@
application can only free the object after it calls CERT_UncacheCRL to
remove it from the CRL cache.
*/
-SECStatus CERT_CacheCRL(CERTCertDBHandle* dbhandle, SECItem* newcrl);
+SECStatus CERT_CacheCRL(CERTCertDBHandle *dbhandle, SECItem *newcrl);
/* remove a previously added CRL object from the CRL cache. It is OK
for the application to free the memory after a successful removal
*/
-SECStatus CERT_UncacheCRL(CERTCertDBHandle* dbhandle, SECItem* oldcrl);
+SECStatus CERT_UncacheCRL(CERTCertDBHandle *dbhandle, SECItem *oldcrl);
/*
** Find a certificate in the database
** "key" is the database key to look for
*/
-extern CERTCertificate *CERT_FindCertByKey(CERTCertDBHandle *handle, SECItem *key);
+extern CERTCertificate *CERT_FindCertByKey(CERTCertDBHandle *handle,
+ SECItem *key);
/*
** Find a certificate in the database by name
** "name" is the distinguished name to look up
*/
-extern CERTCertificate *
-CERT_FindCertByName (CERTCertDBHandle *handle, SECItem *name);
+extern CERTCertificate *CERT_FindCertByName(CERTCertDBHandle *handle,
+ SECItem *name);
/*
** Find a certificate in the database by name
** "name" is the distinguished name to look up (in ascii)
*/
-extern CERTCertificate *
-CERT_FindCertByNameString (CERTCertDBHandle *handle, char *name);
+extern CERTCertificate *CERT_FindCertByNameString(CERTCertDBHandle *handle,
+ char *name);
/*
** Find a certificate in the database by name and keyid
** "name" is the distinguished name to look up
** "keyID" is the value of the subjectKeyID to match
*/
-extern CERTCertificate *
-CERT_FindCertByKeyID (CERTCertDBHandle *handle, SECItem *name, SECItem *keyID);
+extern CERTCertificate *CERT_FindCertByKeyID(CERTCertDBHandle *handle,
+ SECItem *name, SECItem *keyID);
/*
** Generate a certificate key from the issuer and serialnumber, then look it
** up in the database. Return the cert if found.
** "issuerAndSN" is the issuer and serial number to look for
*/
-extern CERTCertificate *
-CERT_FindCertByIssuerAndSN (CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
+extern CERTCertificate *CERT_FindCertByIssuerAndSN(
+ CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
/*
** Find a certificate in the database by a subject key ID
** "subjKeyID" is the subject Key ID to look for
*/
-extern CERTCertificate *
-CERT_FindCertBySubjectKeyID (CERTCertDBHandle *handle, SECItem *subjKeyID);
+extern CERTCertificate *CERT_FindCertBySubjectKeyID(CERTCertDBHandle *handle,
+ SECItem *subjKeyID);
/*
** Encode Certificate SKID (Subject Key ID) extension.
**
*/
-extern SECStatus
-CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem* srcString,
- SECItem *encodedValue);
+extern SECStatus CERT_EncodeSubjectKeyID(PLArenaPool *arena,
+ const SECItem *srcString,
+ SECItem *encodedValue);
/*
** Find a certificate in the database by a nickname
** "nickname" is the ascii string nickname to look for
*/
-extern CERTCertificate *
-CERT_FindCertByNickname (CERTCertDBHandle *handle, const char *nickname);
+extern CERTCertificate *CERT_FindCertByNickname(CERTCertDBHandle *handle,
+ const char *nickname);
/*
** Find a certificate in the database by a DER encoded certificate
** "derCert" is the DER encoded certificate
*/
-extern CERTCertificate *
-CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert);
+extern CERTCertificate *CERT_FindCertByDERCert(CERTCertDBHandle *handle,
+ SECItem *derCert);
/*
** Find a certificate in the database by a email address
** "emailAddr" is the email address to look up
*/
-CERTCertificate *
-CERT_FindCertByEmailAddr(CERTCertDBHandle *handle, char *emailAddr);
+CERTCertificate *CERT_FindCertByEmailAddr(CERTCertDBHandle *handle,
+ char *emailAddr);
/*
** Find a certificate in the database by a email address or nickname
** "name" is the email address or nickname to look up
*/
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name);
+CERTCertificate *CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle,
+ const char *name);
/*
** Find a certificate in the database by a email address or nickname
** and require it to have the given usage.
** "name" is the email address or nickname to look up
*/
-CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
- const char *name,
- SECCertUsage lookingForUsage);
+CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsage(
+ CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage);
/*
** Find a certificate in the database by a digest of a subject public key
** "spkDigest" is the digest to look up
*/
-extern CERTCertificate *
-CERT_FindCertBySPKDigest(CERTCertDBHandle *handle, SECItem *spkDigest);
+extern CERTCertificate *CERT_FindCertBySPKDigest(CERTCertDBHandle *handle,
+ SECItem *spkDigest);
/*
* Find the issuer of a cert
*/
-CERTCertificate *
-CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime, SECCertUsage usage);
+CERTCertificate *CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime,
+ SECCertUsage usage);
/*
** Check the validity times of a certificate vs. time 't', allowing
@@ -586,8 +578,8 @@
** been overridden by the user.
*/
extern SECCertTimeValidity CERT_CheckCertValidTimes(const CERTCertificate *cert,
- PRTime t,
- PRBool allowOverride);
+ PRTime t,
+ PRBool allowOverride);
/*
** WARNING - this function is deprecated, and will either go away or have
@@ -605,15 +597,14 @@
** "notBefore" is the start of the validity period
** "notAfter" is the end of the validity period
*/
-extern SECStatus
-CERT_GetCertTimes (const CERTCertificate *c, PRTime *notBefore,
- PRTime *notAfter);
+extern SECStatus CERT_GetCertTimes(const CERTCertificate *c, PRTime *notBefore,
+ PRTime *notAfter);
/*
** Extract the issuer and serial number from a certificate
*/
-extern CERTIssuerAndSN *CERT_GetCertIssuerAndSN(PLArenaPool *,
- CERTCertificate *);
+extern CERTIssuerAndSN *CERT_GetCertIssuerAndSN(PLArenaPool *,
+ CERTCertificate *);
/*
** verify the signature of a signed data object with a given certificate
@@ -621,23 +612,20 @@
** "cert" the certificate to use to check the signature
*/
extern SECStatus CERT_VerifySignedData(CERTSignedData *sd,
- CERTCertificate *cert,
- PRTime t,
- void *wincx);
+ CERTCertificate *cert, PRTime t,
+ void *wincx);
/*
** verify the signature of a signed data object with the given DER publickey
*/
-extern SECStatus
-CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd,
- CERTSubjectPublicKeyInfo *pubKeyInfo,
- void *wincx);
+extern SECStatus CERT_VerifySignedDataWithPublicKeyInfo(
+ CERTSignedData *sd, CERTSubjectPublicKeyInfo *pubKeyInfo, void *wincx);
/*
** verify the signature of a signed data object with a SECKEYPublicKey.
*/
-extern SECStatus
-CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
- SECKEYPublicKey *pubKey, void *wincx);
+extern SECStatus CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
+ SECKEYPublicKey *pubKey,
+ void *wincx);
/*
** NEW FUNCTIONS with new bit-field-FIELD SECCertificateUsage - please use
@@ -647,27 +635,31 @@
** "cert" the certificate to verify
** "checkSig" only check signatures if true
*/
-extern SECStatus
-CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertificateUsage requiredUsages,
- PRTime t, void *wincx, CERTVerifyLog *log,
- SECCertificateUsage* returnedUsages);
+extern SECStatus CERT_VerifyCertificate(CERTCertDBHandle *handle,
+ CERTCertificate *cert, PRBool checkSig,
+ SECCertificateUsage requiredUsages,
+ PRTime t, void *wincx,
+ CERTVerifyLog *log,
+ SECCertificateUsage *returnedUsages);
/* same as above, but uses current time */
-extern SECStatus
-CERT_VerifyCertificateNow(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertificateUsage requiredUsages,
- void *wincx, SECCertificateUsage* returnedUsages);
+extern SECStatus CERT_VerifyCertificateNow(CERTCertDBHandle *handle,
+ CERTCertificate *cert,
+ PRBool checkSig,
+ SECCertificateUsage requiredUsages,
+ void *wincx,
+ SECCertificateUsage *returnedUsages);
/*
** Verify that a CA cert can certify some (unspecified) leaf cert for a given
** purpose. This is used by UI code to help identify where a chain may be
** broken and why. This takes identical parameters to CERT_VerifyCert
*/
-extern SECStatus
-CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, PRTime t,
- void *wincx, CERTVerifyLog *log);
+extern SECStatus CERT_VerifyCACertForUsage(CERTCertDBHandle *handle,
+ CERTCertificate *cert,
+ PRBool checkSig,
+ SECCertUsage certUsage, PRTime t,
+ void *wincx, CERTVerifyLog *log);
/*
** OLD OBSOLETE FUNCTIONS with enum SECCertUsage - DO NOT USE FOR NEW CODE
@@ -677,20 +669,19 @@
** "cert" the certificate to verify
** "checkSig" only check signatures if true
*/
-extern SECStatus
-CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, PRTime t,
- void *wincx, CERTVerifyLog *log);
+extern SECStatus CERT_VerifyCert(CERTCertDBHandle *handle,
+ CERTCertificate *cert, PRBool checkSig,
+ SECCertUsage certUsage, PRTime t, void *wincx,
+ CERTVerifyLog *log);
/* same as above, but uses current time */
-extern SECStatus
-CERT_VerifyCertNow(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, void *wincx);
+extern SECStatus CERT_VerifyCertNow(CERTCertDBHandle *handle,
+ CERTCertificate *cert, PRBool checkSig,
+ SECCertUsage certUsage, void *wincx);
-SECStatus
-CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, PRTime t,
- void *wincx, CERTVerifyLog *log);
+SECStatus CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
+ PRBool checkSig, SECCertUsage certUsage,
+ PRTime t, void *wincx, CERTVerifyLog *log);
/*
** Read a base64 ascii encoded DER certificate and convert it to our
@@ -709,39 +700,37 @@
*/
extern CERTCertificate *CERT_DecodeCertFromPackage(char *certbuf, int certlen);
-extern SECStatus
-CERT_ImportCAChain (SECItem *certs, int numcerts, SECCertUsage certUsage);
+extern SECStatus CERT_ImportCAChain(SECItem *certs, int numcerts,
+ SECCertUsage certUsage);
-extern SECStatus
-CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage);
+extern SECStatus CERT_ImportCAChainTrusted(SECItem *certs, int numcerts,
+ SECCertUsage certUsage);
/*
-** Read a certificate chain in some foreign format, and pass it to a
+** Read a certificate chain in some foreign format, and pass it to a
** callback function.
** "certbuf" is the buffer containing the certificate
** "certlen" is the length of the buffer
** "f" is the callback function
** "arg" is the callback argument
*/
-typedef SECStatus (PR_CALLBACK *CERTImportCertificateFunc)
- (void *arg, SECItem **certs, int numcerts);
+typedef SECStatus(PR_CALLBACK *CERTImportCertificateFunc)(void *arg,
+ SECItem **certs,
+ int numcerts);
-extern SECStatus
-CERT_DecodeCertPackage(char *certbuf, int certlen, CERTImportCertificateFunc f,
- void *arg);
+extern SECStatus CERT_DecodeCertPackage(char *certbuf, int certlen,
+ CERTImportCertificateFunc f, void *arg);
-/*
-** Returns the value of an AVA. This was a formerly static
+/*
+** Returns the value of an AVA. This was a formerly static
** function that has been exposed due to the need to decode
-** and convert unicode strings to UTF8.
+** and convert unicode strings to UTF8.
**
** XXX This function resides in certhtml.c, should it be
** moved elsewhere?
*/
extern SECItem *CERT_DecodeAVAValue(const SECItem *derAVAValue);
-
-
/*
** extract various element strings from a distinguished name.
** "name" the distinguished name
@@ -751,10 +740,10 @@
extern char *CERT_GetCertEmailAddress(const CERTName *name);
-extern const char * CERT_GetFirstEmailAddress(CERTCertificate * cert);
+extern const char *CERT_GetFirstEmailAddress(CERTCertificate *cert);
-extern const char * CERT_GetNextEmailAddress(CERTCertificate * cert,
- const char * prev);
+extern const char *CERT_GetNextEmailAddress(CERTCertificate *cert,
+ const char *prev);
/* The return value must be freed with PORT_Free. */
extern char *CERT_GetCommonName(const CERTName *name);
@@ -778,13 +767,13 @@
extern SECStatus CERT_GetCertTrust(const CERTCertificate *cert,
CERTCertTrust *trust);
-extern SECStatus
-CERT_ChangeCertTrust (CERTCertDBHandle *handle, CERTCertificate *cert,
- CERTCertTrust *trust);
+extern SECStatus CERT_ChangeCertTrust(CERTCertDBHandle *handle,
+ CERTCertificate *cert,
+ CERTCertTrust *trust);
-extern SECStatus
-CERT_ChangeCertTrustByUsage(CERTCertDBHandle *certdb, CERTCertificate *cert,
- SECCertUsage usage);
+extern SECStatus CERT_ChangeCertTrustByUsage(CERTCertDBHandle *certdb,
+ CERTCertificate *cert,
+ SECCertUsage usage);
/*************************************************************************
*
@@ -808,23 +797,24 @@
** "copyData" is a flag indicating whether the value data should be
** copied.
*/
-extern SECStatus CERT_AddExtension (void *exthandle, int idtag,
- SECItem *value, PRBool critical, PRBool copyData);
+extern SECStatus CERT_AddExtension(void *exthandle, int idtag, SECItem *value,
+ PRBool critical, PRBool copyData);
-extern SECStatus CERT_AddExtensionByOID (void *exthandle, SECItem *oid,
- SECItem *value, PRBool critical, PRBool copyData);
+extern SECStatus CERT_AddExtensionByOID(void *exthandle, SECItem *oid,
+ SECItem *value, PRBool critical,
+ PRBool copyData);
-extern SECStatus CERT_EncodeAndAddExtension
- (void *exthandle, int idtag, void *value, PRBool critical,
- const SEC_ASN1Template *atemplate);
+extern SECStatus CERT_EncodeAndAddExtension(void *exthandle, int idtag,
+ void *value, PRBool critical,
+ const SEC_ASN1Template *atemplate);
-extern SECStatus CERT_EncodeAndAddBitStrExtension
- (void *exthandle, int idtag, SECItem *value, PRBool critical);
+extern SECStatus CERT_EncodeAndAddBitStrExtension(void *exthandle, int idtag,
+ SECItem *value,
+ PRBool critical);
-
-extern SECStatus
-CERT_EncodeAltNameExtension(PLArenaPool *arena, CERTGeneralName *value, SECItem *encodedValue);
-
+extern SECStatus CERT_EncodeAltNameExtension(PLArenaPool *arena,
+ CERTGeneralName *value,
+ SECItem *encodedValue);
/*
** Finish adding cert extensions. Does final processing on extension
@@ -839,17 +829,15 @@
** only when its OID matches none of the cert's existing extensions. Call this
** immediately before calling CERT_FinishExtensions().
*/
-SECStatus
-CERT_MergeExtensions(void *exthandle, CERTCertExtension **exts);
+SECStatus CERT_MergeExtensions(void *exthandle, CERTCertExtension **exts);
/* If the extension is found, return its criticality and value.
** This allocate storage for the returning extension value.
*/
-extern SECStatus CERT_GetExtenCriticality
- (CERTCertExtension **extensions, int tag, PRBool *isCritical);
+extern SECStatus CERT_GetExtenCriticality(CERTCertExtension **extensions,
+ int tag, PRBool *isCritical);
-extern void
-CERT_DestroyOidSequence(CERTOidSequence *oidSeq);
+extern void CERT_DestroyOidSequence(CERTOidSequence *oidSeq);
/****************************************************************************
*
@@ -862,28 +850,29 @@
** value - extension value to encode
** encodedValue - output encoded value
*/
-extern SECStatus CERT_EncodeBasicConstraintValue
- (PLArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue);
+extern SECStatus CERT_EncodeBasicConstraintValue(PLArenaPool *arena,
+ CERTBasicConstraints *value,
+ SECItem *encodedValue);
/*
** Encode the value of the authorityKeyIdentifier extension.
*/
-extern SECStatus CERT_EncodeAuthKeyID
- (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue);
+extern SECStatus CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value,
+ SECItem *encodedValue);
/*
** Encode the value of the crlDistributionPoints extension.
*/
-extern SECStatus CERT_EncodeCRLDistributionPoints
- (PLArenaPool *arena, CERTCrlDistributionPoints *value,SECItem *derValue);
+extern SECStatus CERT_EncodeCRLDistributionPoints(
+ PLArenaPool *arena, CERTCrlDistributionPoints *value, SECItem *derValue);
/*
** Decodes a DER encoded basicConstaint extension value into a readable format
** value - decoded value
** encodedValue - value to decoded
*/
-extern SECStatus CERT_DecodeBasicConstraintValue
- (CERTBasicConstraints *value, const SECItem *encodedValue);
+extern SECStatus CERT_DecodeBasicConstraintValue(CERTBasicConstraints *value,
+ const SECItem *encodedValue);
/* Decodes a DER encoded authorityKeyIdentifier extension value into a
** readable format.
@@ -891,87 +880,84 @@
** encodedValue - value to be decoded
** Returns a CERTAuthKeyID structure which contains the decoded value
*/
-extern CERTAuthKeyID *CERT_DecodeAuthKeyID
- (PLArenaPool *arena, const SECItem *encodedValue);
+extern CERTAuthKeyID *CERT_DecodeAuthKeyID(PLArenaPool *arena,
+ const SECItem *encodedValue);
-/* Decodes a DER encoded crlDistributionPoints extension value into a
+/* Decodes a DER encoded crlDistributionPoints extension value into a
** readable format.
** arena - where to allocate memory for the decoded value
** der - value to be decoded
-** Returns a CERTCrlDistributionPoints structure which contains the
+** Returns a CERTCrlDistributionPoints structure which contains the
** decoded value
*/
-extern CERTCrlDistributionPoints * CERT_DecodeCRLDistributionPoints
- (PLArenaPool *arena, SECItem *der);
+extern CERTCrlDistributionPoints *CERT_DecodeCRLDistributionPoints(
+ PLArenaPool *arena, SECItem *der);
/* Extract certain name type from a generalName */
-extern void *CERT_GetGeneralNameByType
- (CERTGeneralName *genNames, CERTGeneralNameType type, PRBool derFormat);
+extern void *CERT_GetGeneralNameByType(CERTGeneralName *genNames,
+ CERTGeneralNameType type,
+ PRBool derFormat);
-
-extern CERTOidSequence *
-CERT_DecodeOidSequence(const SECItem *seqItem);
-
-
-
+extern CERTOidSequence *CERT_DecodeOidSequence(const SECItem *seqItem);
/****************************************************************************
*
- * Find extension values of a certificate
+ * Find extension values of a certificate
*
***************************************************************************/
-extern SECStatus CERT_FindCertExtension
- (const CERTCertificate *cert, int tag, SECItem *value);
+extern SECStatus CERT_FindCertExtension(const CERTCertificate *cert, int tag,
+ SECItem *value);
-extern SECStatus CERT_FindNSCertTypeExtension
- (CERTCertificate *cert, SECItem *value);
+extern SECStatus CERT_FindNSCertTypeExtension(CERTCertificate *cert,
+ SECItem *value);
-extern char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag);
+extern char *CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag);
-extern SECStatus CERT_FindCertExtensionByOID
- (CERTCertificate *cert, SECItem *oid, SECItem *value);
+extern SECStatus CERT_FindCertExtensionByOID(CERTCertificate *cert,
+ SECItem *oid, SECItem *value);
/* Returns the decoded value of the authKeyID extension.
** Note that this uses passed in the arena to allocate storage for the result
*/
-extern CERTAuthKeyID * CERT_FindAuthKeyIDExten (PLArenaPool *arena,CERTCertificate *cert);
+extern CERTAuthKeyID *CERT_FindAuthKeyIDExten(PLArenaPool *arena,
+ CERTCertificate *cert);
/* Returns the decoded value of the basicConstraint extension.
*/
-extern SECStatus CERT_FindBasicConstraintExten
- (CERTCertificate *cert, CERTBasicConstraints *value);
+extern SECStatus CERT_FindBasicConstraintExten(CERTCertificate *cert,
+ CERTBasicConstraints *value);
/* Returns the decoded value of the crlDistributionPoints extension.
** Note that the arena in cert is used to allocate storage for the result
*/
-extern CERTCrlDistributionPoints * CERT_FindCRLDistributionPoints
- (CERTCertificate *cert);
+extern CERTCrlDistributionPoints *CERT_FindCRLDistributionPoints(
+ CERTCertificate *cert);
-/* Returns value of the keyUsage extension. This uses PR_Alloc to allocate
-** buffer for the decoded value. The caller should free up the storage
+/* Returns value of the keyUsage extension. This uses PR_Alloc to allocate
+** buffer for the decoded value. The caller should free up the storage
** allocated in value->data.
*/
-extern SECStatus CERT_FindKeyUsageExtension (CERTCertificate *cert,
- SECItem *value);
+extern SECStatus CERT_FindKeyUsageExtension(CERTCertificate *cert,
+ SECItem *value);
-/* Return the decoded value of the subjectKeyID extension. The caller should
+/* Return the decoded value of the subjectKeyID extension. The caller should
** free up the storage allocated in retItem->data.
*/
-extern SECStatus CERT_FindSubjectKeyIDExtension (CERTCertificate *cert,
- SECItem *retItem);
+extern SECStatus CERT_FindSubjectKeyIDExtension(CERTCertificate *cert,
+ SECItem *retItem);
/*
** If cert is a v3 certificate, and a critical keyUsage extension is included,
-** then check the usage against the extension value. If a non-critical
-** keyUsage extension is included, this will return SECSuccess without
-** checking, since the extension is an advisory field, not a restriction.
+** then check the usage against the extension value. If a non-critical
+** keyUsage extension is included, this will return SECSuccess without
+** checking, since the extension is an advisory field, not a restriction.
** If cert is not a v3 certificate, this will return SECSuccess.
** cert - certificate
** usage - one of the x.509 v3 the Key Usage Extension flags
*/
-extern SECStatus CERT_CheckCertUsage (CERTCertificate *cert,
- unsigned char usage);
+extern SECStatus CERT_CheckCertUsage(CERTCertificate *cert,
+ unsigned char usage);
/****************************************************************************
*
@@ -979,14 +965,12 @@
*
****************************************************************************/
-extern SECStatus CERT_FindCRLExtensionByOID
- (CERTCrl *crl, SECItem *oid, SECItem *value);
+extern SECStatus CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid,
+ SECItem *value);
-extern SECStatus CERT_FindCRLExtension
- (CERTCrl *crl, int tag, SECItem *value);
+extern SECStatus CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value);
-extern SECStatus
- CERT_FindInvalidDateExten (CERTCrl *crl, PRTime *value);
+extern SECStatus CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value);
/*
** Set up a crl for adding X509v3 extensions. Returns an opaque handle
@@ -1003,17 +987,17 @@
*/
extern void *CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry);
-extern CERTCertNicknames *CERT_GetCertNicknames (CERTCertDBHandle *handle,
- int what, void *wincx);
+extern CERTCertNicknames *CERT_GetCertNicknames(CERTCertDBHandle *handle,
+ int what, void *wincx);
/*
** Finds the crlNumber extension and decodes its value into 'value'
*/
-extern SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
- SECItem *value);
+extern SECStatus CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
+ SECItem *value);
-extern SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
- CERTCRLEntryReasonCode *value);
+extern SECStatus CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry,
+ CERTCRLEntryReasonCode *value);
extern void CERT_FreeNicknames(CERTCertNicknames *nicknames);
@@ -1021,7 +1005,7 @@
const CERTCertificate *c2);
extern PRBool CERT_CompareCertsForRedirection(CERTCertificate *c1,
- CERTCertificate *c2);
+ CERTCertificate *c2);
/*
** Generate an array of the Distinguished Names that the given cert database
@@ -1037,8 +1021,8 @@
/*
** Generate an array of Distinguished names from an array of nicknames
*/
-extern CERTDistNames *CERT_DistNamesFromNicknames
- (CERTCertDBHandle *handle, char **nicknames, int nnames);
+extern CERTDistNames *CERT_DistNamesFromNicknames(CERTCertDBHandle *handle,
+ char **nicknames, int nnames);
/*
** Generate an array of Distinguished names from a list of certs.
@@ -1048,15 +1032,14 @@
/*
** Generate a certificate chain from a certificate.
*/
-extern CERTCertificateList *
-CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
- PRBool includeRoot);
+extern CERTCertificateList *CERT_CertChainFromCert(CERTCertificate *cert,
+ SECCertUsage usage,
+ PRBool includeRoot);
-extern CERTCertificateList *
-CERT_CertListFromCert(CERTCertificate *cert);
+extern CERTCertificateList *CERT_CertListFromCert(CERTCertificate *cert);
-extern CERTCertificateList *
-CERT_DupCertList(const CERTCertificateList * oldList);
+extern CERTCertificateList *CERT_DupCertList(
+ const CERTCertificateList *oldList);
extern void CERT_DestroyCertificateList(CERTCertificateList *list);
@@ -1064,262 +1047,215 @@
** is cert a user cert? i.e. does it have CERTDB_USER trust,
** i.e. a private key?
*/
-PRBool CERT_IsUserCert(CERTCertificate* cert);
+PRBool CERT_IsUserCert(CERTCertificate *cert);
/* is cert a newer than cert b? */
PRBool CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb);
/* currently a stub for address book */
-PRBool
-CERT_IsCertRevoked(CERTCertificate *cert);
+PRBool CERT_IsCertRevoked(CERTCertificate *cert);
-void
-CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts);
+void CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts);
/* convert an email address to lower case */
char *CERT_FixupEmailAddr(const char *emailAddr);
/* decode string representation of trust flags into trust struct */
-SECStatus
-CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts);
+SECStatus CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts);
/* encode trust struct into string representation of trust flags */
-char *
-CERT_EncodeTrustString(CERTCertTrust *trust);
+char *CERT_EncodeTrustString(CERTCertTrust *trust);
/* find the next or prev cert in a subject list */
-CERTCertificate *
-CERT_PrevSubjectCert(CERTCertificate *cert);
-CERTCertificate *
-CERT_NextSubjectCert(CERTCertificate *cert);
+CERTCertificate *CERT_PrevSubjectCert(CERTCertificate *cert);
+CERTCertificate *CERT_NextSubjectCert(CERTCertificate *cert);
/*
* import a collection of certs into the temporary or permanent cert
* database
*/
-SECStatus
-CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
- unsigned int ncerts, SECItem **derCerts,
- CERTCertificate ***retCerts, PRBool keepCerts,
- PRBool caOnly, char *nickname);
+SECStatus CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
+ unsigned int ncerts, SECItem **derCerts,
+ CERTCertificate ***retCerts, PRBool keepCerts,
+ PRBool caOnly, char *nickname);
-char *
-CERT_MakeCANickname(CERTCertificate *cert);
+char *CERT_MakeCANickname(CERTCertificate *cert);
-PRBool
-CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype);
+PRBool CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype);
-PRBool
-CERT_IsCADERCert(SECItem *derCert, unsigned int *rettype);
+PRBool CERT_IsCADERCert(SECItem *derCert, unsigned int *rettype);
-PRBool
-CERT_IsRootDERCert(SECItem *derCert);
+PRBool CERT_IsRootDERCert(SECItem *derCert);
-SECStatus
-CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
- SECItem *profileTime);
+SECStatus CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
+ SECItem *profileTime);
/*
* find the smime symmetric capabilities profile for a given cert
*/
-SECItem *
-CERT_FindSMimeProfile(CERTCertificate *cert);
+SECItem *CERT_FindSMimeProfile(CERTCertificate *cert);
-SECStatus
-CERT_AddNewCerts(CERTCertDBHandle *handle);
+SECStatus CERT_AddNewCerts(CERTCertDBHandle *handle);
-CERTCertificatePolicies *
-CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue);
+CERTCertificatePolicies *CERT_DecodeCertificatePoliciesExtension(
+ const SECItem *extnValue);
-void
-CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies);
+void CERT_DestroyCertificatePoliciesExtension(
+ CERTCertificatePolicies *policies);
-CERTCertificatePolicyMappings *
-CERT_DecodePolicyMappingsExtension(SECItem *encodedCertPolicyMaps);
+CERTCertificatePolicyMappings *CERT_DecodePolicyMappingsExtension(
+ SECItem *encodedCertPolicyMaps);
-SECStatus
-CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings);
+SECStatus CERT_DestroyPolicyMappingsExtension(
+ CERTCertificatePolicyMappings *mappings);
-SECStatus
-CERT_DecodePolicyConstraintsExtension(
+SECStatus CERT_DecodePolicyConstraintsExtension(
CERTCertificatePolicyConstraints *decodedValue,
const SECItem *encodedValue);
-SECStatus CERT_DecodeInhibitAnyExtension
- (CERTCertificateInhibitAny *decodedValue, SECItem *extnValue);
+SECStatus CERT_DecodeInhibitAnyExtension(
+ CERTCertificateInhibitAny *decodedValue, SECItem *extnValue);
-CERTUserNotice *
-CERT_DecodeUserNotice(SECItem *noticeItem);
+CERTUserNotice *CERT_DecodeUserNotice(SECItem *noticeItem);
-extern CERTGeneralName *
-CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName);
+extern CERTGeneralName *CERT_DecodeAltNameExtension(PLArenaPool *reqArena,
+ SECItem *EncodedAltName);
-extern CERTNameConstraints *
-CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
- const SECItem *encodedConstraints);
+extern CERTNameConstraints *CERT_DecodeNameConstraintsExtension(
+ PLArenaPool *arena, const SECItem *encodedConstraints);
/* returns addr of a NULL termainated array of pointers to CERTAuthInfoAccess */
-extern CERTAuthInfoAccess **
-CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
- const SECItem *encodedExtension);
+extern CERTAuthInfoAccess **CERT_DecodeAuthInfoAccessExtension(
+ PLArenaPool *reqArena, const SECItem *encodedExtension);
-extern CERTPrivKeyUsagePeriod *
-CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue);
+extern CERTPrivKeyUsagePeriod *CERT_DecodePrivKeyUsagePeriodExtension(
+ PLArenaPool *arena, SECItem *extnValue);
-extern CERTGeneralName *
-CERT_GetNextGeneralName(CERTGeneralName *current);
+extern CERTGeneralName *CERT_GetNextGeneralName(CERTGeneralName *current);
-extern CERTGeneralName *
-CERT_GetPrevGeneralName(CERTGeneralName *current);
+extern CERTGeneralName *CERT_GetPrevGeneralName(CERTGeneralName *current);
/*
* Look up name constraints for some certs that do not include name constraints
* (Most importantly, root certificates)
*
- * If a matching subject is found, |extensions| will be populated with a copy of the
- * DER-encoded name constraints extension. The data in |extensions| will point to
+ * If a matching subject is found, |extensions| will be populated with a copy of
+ * the
+ * DER-encoded name constraints extension. The data in |extensions| will point
+ * to
* memory that the caller owns.
*
* There is no mechanism to configure imposed name constraints right now. All
* imposed name constraints are built into NSS.
*/
-SECStatus
-CERT_GetImposedNameConstraints(const SECItem *derSubject, SECItem *extensions);
+SECStatus CERT_GetImposedNameConstraints(const SECItem *derSubject,
+ SECItem *extensions);
-CERTNameConstraint *
-CERT_GetNextNameConstraint(CERTNameConstraint *current);
+CERTNameConstraint *CERT_GetNextNameConstraint(CERTNameConstraint *current);
-CERTNameConstraint *
-CERT_GetPrevNameConstraint(CERTNameConstraint *current);
+CERTNameConstraint *CERT_GetPrevNameConstraint(CERTNameConstraint *current);
-void
-CERT_DestroyUserNotice(CERTUserNotice *userNotice);
+void CERT_DestroyUserNotice(CERTUserNotice *userNotice);
-typedef char * (* CERTPolicyStringCallback)(char *org,
- unsigned long noticeNumber,
- void *arg);
-void
-CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg);
+typedef char *(*CERTPolicyStringCallback)(char *org, unsigned long noticeNumber,
+ void *arg);
+void CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg);
-char *
-CERT_GetCertCommentString(CERTCertificate *cert);
+char *CERT_GetCertCommentString(CERTCertificate *cert);
-PRBool
-CERT_GovtApprovedBitSet(CERTCertificate *cert);
+PRBool CERT_GovtApprovedBitSet(CERTCertificate *cert);
-SECStatus
-CERT_AddPermNickname(CERTCertificate *cert, char *nickname);
+SECStatus CERT_AddPermNickname(CERTCertificate *cert, char *nickname);
-CERTCertList *
-CERT_MatchUserCert(CERTCertDBHandle *handle,
- SECCertUsage usage,
- int nCANames, char **caNames,
- void *proto_win);
+CERTCertList *CERT_MatchUserCert(CERTCertDBHandle *handle, SECCertUsage usage,
+ int nCANames, char **caNames, void *proto_win);
-CERTCertList *
-CERT_NewCertList(void);
+CERTCertList *CERT_NewCertList(void);
/* free the cert list and all the certs in the list */
-void
-CERT_DestroyCertList(CERTCertList *certs);
+void CERT_DestroyCertList(CERTCertList *certs);
/* remove the node and free the cert */
-void
-CERT_RemoveCertListNode(CERTCertListNode *node);
+void CERT_RemoveCertListNode(CERTCertListNode *node);
/* equivalent to CERT_AddCertToListTailWithData(certs, cert, NULL) */
-SECStatus
-CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert);
+SECStatus CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert);
/* equivalent to CERT_AddCertToListHeadWithData(certs, cert, NULL) */
-SECStatus
-CERT_AddCertToListHead(CERTCertList *certs, CERTCertificate *cert);
+SECStatus CERT_AddCertToListHead(CERTCertList *certs, CERTCertificate *cert);
/*
* The new cert list node takes ownership of "cert". "cert" is freed
* when the list node is removed.
*/
-SECStatus
-CERT_AddCertToListTailWithData(CERTCertList *certs, CERTCertificate *cert,
- void *appData);
+SECStatus CERT_AddCertToListTailWithData(CERTCertList *certs,
+ CERTCertificate *cert, void *appData);
/*
* The new cert list node takes ownership of "cert". "cert" is freed
* when the list node is removed.
*/
-SECStatus
-CERT_AddCertToListHeadWithData(CERTCertList *certs, CERTCertificate *cert,
- void *appData);
+SECStatus CERT_AddCertToListHeadWithData(CERTCertList *certs,
+ CERTCertificate *cert, void *appData);
-typedef PRBool (* CERTSortCallback)(CERTCertificate *certa,
- CERTCertificate *certb,
- void *arg);
-SECStatus
-CERT_AddCertToListSorted(CERTCertList *certs, CERTCertificate *cert,
- CERTSortCallback f, void *arg);
+typedef PRBool (*CERTSortCallback)(CERTCertificate *certa,
+ CERTCertificate *certb, void *arg);
+SECStatus CERT_AddCertToListSorted(CERTCertList *certs, CERTCertificate *cert,
+ CERTSortCallback f, void *arg);
/* callback for CERT_AddCertToListSorted that sorts based on validity
* period and a given time.
*/
-PRBool
-CERT_SortCBValidity(CERTCertificate *certa,
- CERTCertificate *certb,
- void *arg);
+PRBool CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb,
+ void *arg);
-SECStatus
-CERT_CheckForEvilCert(CERTCertificate *cert);
+SECStatus CERT_CheckForEvilCert(CERTCertificate *cert);
-CERTGeneralName *
-CERT_GetCertificateNames(CERTCertificate *cert, PLArenaPool *arena);
+CERTGeneralName *CERT_GetCertificateNames(CERTCertificate *cert,
+ PLArenaPool *arena);
-CERTGeneralName *
-CERT_GetConstrainedCertificateNames(const CERTCertificate *cert,
- PLArenaPool *arena,
- PRBool includeSubjectCommonName);
+CERTGeneralName *CERT_GetConstrainedCertificateNames(
+ const CERTCertificate *cert, PLArenaPool *arena,
+ PRBool includeSubjectCommonName);
/*
* Creates or adds to a list of all certs with a give subject name, sorted by
* validity time, newest first. Invalid certs are considered older than
* valid certs. If validOnly is set, do not include invalid certs on list.
*/
-CERTCertList *
-CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- const SECItem *name, PRTime sorttime,
- PRBool validOnly);
+CERTCertList *CERT_CreateSubjectCertList(CERTCertList *certList,
+ CERTCertDBHandle *handle,
+ const SECItem *name, PRTime sorttime,
+ PRBool validOnly);
/*
* remove certs from a list that don't have keyUsage and certType
* that match the given usage.
*/
-SECStatus
-CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
- PRBool ca);
+SECStatus CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
+ PRBool ca);
/*
* check the key usage of a cert against a set of required values
*/
-SECStatus
-CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage);
+SECStatus CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage);
/*
* return required key usage and cert type based on cert usage
*/
-SECStatus
-CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage,
- PRBool ca,
- unsigned int *retKeyUsage,
- unsigned int *retCertType);
+SECStatus CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, PRBool ca,
+ unsigned int *retKeyUsage,
+ unsigned int *retCertType);
/*
* return required trust flags for various cert usages for CAs
*/
-SECStatus
-CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
- unsigned int *retFlags,
- SECTrustType *retTrustType);
+SECStatus CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
+ unsigned int *retFlags,
+ SECTrustType *retTrustType);
/*
* Find all user certificates that match the given criteria.
- *
+ *
* "handle" - database to search
* "usage" - certificate usage to match
* "oneCertPerName" - if set then only return the "best" cert per
@@ -1327,28 +1263,24 @@
* "validOnly" - only return certs that are curently valid
* "proto_win" - window handle passed to pkcs11
*/
-CERTCertList *
-CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
- SECCertUsage usage,
- PRBool oneCertPerName,
- PRBool validOnly,
- void *proto_win);
+CERTCertList *CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
+ SECCertUsage usage,
+ PRBool oneCertPerName, PRBool validOnly,
+ void *proto_win);
/*
* Find a user certificate that matchs the given criteria.
- *
+ *
* "handle" - database to search
* "nickname" - nickname to match
* "usage" - certificate usage to match
* "validOnly" - only return certs that are curently valid
* "proto_win" - window handle passed to pkcs11
*/
-CERTCertificate *
-CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
- const char *nickname,
- SECCertUsage usage,
- PRBool validOnly,
- void *proto_win);
+CERTCertificate *CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
+ const char *nickname,
+ SECCertUsage usage, PRBool validOnly,
+ void *proto_win);
/*
* Filter a list of certificates, removing those certs that do not have
@@ -1360,15 +1292,13 @@
* "usage" - what use the certs are for, this is used when
* selecting CA certs
*/
-SECStatus
-CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
- char **caNames, SECCertUsage usage);
+SECStatus CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
+ char **caNames, SECCertUsage usage);
/*
* Filter a list of certificates, removing those certs that aren't user certs
*/
-SECStatus
-CERT_FilterCertListForUserCerts(CERTCertList *certList);
+SECStatus CERT_FilterCertListForUserCerts(CERTCertList *certList);
/*
* Collect the nicknames from all certs in a CertList. If the cert is not
@@ -1379,9 +1309,9 @@
* "notYetGoodString" - the string to append to the nickname of any cert
* that is not yet valid
*/
-CERTCertNicknames *
-CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
- char *notYetGoodString);
+CERTCertNicknames *CERT_NicknameStringsFromCertList(CERTCertList *certList,
+ char *expiredString,
+ char *notYetGoodString);
/*
* Extract the nickname from a nickmake string that may have either
@@ -1395,9 +1325,8 @@
*
* Returns the raw nickname
*/
-char *
-CERT_ExtractNicknameString(char *namestring, char *expiredString,
- char *notYetGoodString);
+char *CERT_ExtractNicknameString(char *namestring, char *expiredString,
+ char *notYetGoodString);
/*
* Given a certificate, return a string containing the nickname, and possibly
@@ -1412,16 +1341,16 @@
* "notYetGoodString" - the string to append to the nickname if the cert is
* not yet good.
*/
-char *
-CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
- char *expiredString, char *notYetGoodString);
+char *CERT_GetCertNicknameWithValidity(PLArenaPool *arena,
+ CERTCertificate *cert,
+ char *expiredString,
+ char *notYetGoodString);
/*
* Return the string representation of a DER encoded distinguished name
* "dername" - The DER encoded name to convert
*/
-char *
-CERT_DerNameToAscii(SECItem *dername);
+char *CERT_DerNameToAscii(SECItem *dername);
/*
* Supported usage values and types:
@@ -1433,10 +1362,10 @@
* certUsageObjectSigner
*/
-CERTCertificate *
-CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
- CERTCertOwner owner, SECCertUsage usage,
- PRBool preferTrusted, PRTime validTime, PRBool validOnly);
+CERTCertificate *CERT_FindMatchingCert(CERTCertDBHandle *handle,
+ SECItem *derName, CERTCertOwner owner,
+ SECCertUsage usage, PRBool preferTrusted,
+ PRTime validTime, PRBool validOnly);
/*
* Acquire the global lock on the cert database.
@@ -1446,21 +1375,18 @@
* changing(maybe just adding?) the trust of a cert
* adjusting the reference count of a cert
*/
-void
-CERT_LockDB(CERTCertDBHandle *handle);
+void CERT_LockDB(CERTCertDBHandle *handle);
/*
* Free the global cert database lock.
*/
-void
-CERT_UnlockDB(CERTCertDBHandle *handle);
+void CERT_UnlockDB(CERTCertDBHandle *handle);
/*
* Get the certificate status checking configuratino data for
* the certificate database
*/
-CERTStatusConfig *
-CERT_GetStatusConfig(CERTCertDBHandle *handle);
+CERTStatusConfig *CERT_GetStatusConfig(CERTCertDBHandle *handle);
/*
* Set the certificate status checking information for the
@@ -1468,10 +1394,7 @@
* database and will be freed by calling the 'Destroy' function in
* the configuration object.
*/
-void
-CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *config);
-
-
+void CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *config);
/*
* Acquire the cert reference count lock
@@ -1479,14 +1402,12 @@
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
*/
-void
-CERT_LockCertRefCount(CERTCertificate *cert);
+void CERT_LockCertRefCount(CERTCertificate *cert);
/*
* Free the cert reference count lock
*/
-void
-CERT_UnlockCertRefCount(CERTCertificate *cert);
+void CERT_UnlockCertRefCount(CERTCertificate *cert);
/*
* Acquire the cert trust lock
@@ -1494,14 +1415,12 @@
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
*/
-void
-CERT_LockCertTrust(const CERTCertificate *cert);
+void CERT_LockCertTrust(const CERTCertificate *cert);
/*
* Free the cert trust lock
*/
-void
-CERT_UnlockCertTrust(const CERTCertificate *cert);
+void CERT_UnlockCertTrust(const CERTCertificate *cert);
/*
* Digest the cert's subject public key using the specified algorithm.
@@ -1513,47 +1432,44 @@
* non-null, the data is put there, otherwise a SECItem is allocated.
* Allocation from "arena" if it is non-null, heap otherwise. Any problem
* results in a NULL being returned (and an appropriate error set).
- */
-extern SECItem *
-CERT_GetSubjectPublicKeyDigest(PLArenaPool *arena, const CERTCertificate *cert,
- SECOidTag digestAlg, SECItem *fill);
+ */
+extern SECItem *CERT_GetSubjectPublicKeyDigest(PLArenaPool *arena,
+ const CERTCertificate *cert,
+ SECOidTag digestAlg,
+ SECItem *fill);
/*
* Digest the cert's subject name using the specified algorithm.
*/
-extern SECItem *
-CERT_GetSubjectNameDigest(PLArenaPool *arena, const CERTCertificate *cert,
- SECOidTag digestAlg, SECItem *fill);
+extern SECItem *CERT_GetSubjectNameDigest(PLArenaPool *arena,
+ const CERTCertificate *cert,
+ SECOidTag digestAlg, SECItem *fill);
-SECStatus CERT_CheckCRL(CERTCertificate* cert, CERTCertificate* issuer,
- const SECItem* dp, PRTime t, void* wincx);
-
+SECStatus CERT_CheckCRL(CERTCertificate *cert, CERTCertificate *issuer,
+ const SECItem *dp, PRTime t, void *wincx);
/*
* Add a CERTNameConstraint to the CERTNameConstraint list
*/
-extern CERTNameConstraint *
-CERT_AddNameConstraint(CERTNameConstraint *list,
- CERTNameConstraint *constraint);
+extern CERTNameConstraint *CERT_AddNameConstraint(
+ CERTNameConstraint *list, CERTNameConstraint *constraint);
/*
* Allocate space and copy CERTNameConstraint from src to dest.
* Arena is used to allocate result(if dest eq NULL) and its members
* SECItem data.
*/
-extern CERTNameConstraint *
-CERT_CopyNameConstraint(PLArenaPool *arena,
- CERTNameConstraint *dest,
- CERTNameConstraint *src);
+extern CERTNameConstraint *CERT_CopyNameConstraint(PLArenaPool *arena,
+ CERTNameConstraint *dest,
+ CERTNameConstraint *src);
/*
* Verify name against all the constraints relevant to that type of
* the name.
*/
-extern SECStatus
-CERT_CheckNameSpace(PLArenaPool *arena,
- const CERTNameConstraints *constraints,
- const CERTGeneralName *currentName);
+extern SECStatus CERT_CheckNameSpace(PLArenaPool *arena,
+ const CERTNameConstraints *constraints,
+ const CERTGeneralName *currentName);
/*
* Extract and allocate the name constraints extension from the CA cert.
@@ -1561,84 +1477,70 @@
* CERT_GetImposedNameConstraints returns a name constraints extension
* for the subject of the certificate, then that extension will be returned.
*/
-extern SECStatus
-CERT_FindNameConstraintsExten(PLArenaPool *arena,
- CERTCertificate *cert,
- CERTNameConstraints **constraints);
+extern SECStatus CERT_FindNameConstraintsExten(
+ PLArenaPool *arena, CERTCertificate *cert,
+ CERTNameConstraints **constraints);
/*
* Initialize a new GERTGeneralName fields (link)
*/
-extern CERTGeneralName *
-CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type);
+extern CERTGeneralName *CERT_NewGeneralName(PLArenaPool *arena,
+ CERTGeneralNameType type);
/*
* Lookup a CERTGeneralNameType constant by its human readable string.
*/
-extern CERTGeneralNameType
-CERT_GetGeneralNameTypeFromString(const char *string);
+extern CERTGeneralNameType CERT_GetGeneralNameTypeFromString(
+ const char *string);
/*
* PKIX extension encoding routines
*/
-extern SECStatus
-CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena,
- CERTCertificatePolicyConstraints *constr,
- SECItem *dest);
-extern SECStatus
-CERT_EncodeInhibitAnyExtension(PLArenaPool *arena,
- CERTCertificateInhibitAny *inhibitAny,
- SECItem *dest);
-extern SECStatus
-CERT_EncodePolicyMappingExtension(PLArenaPool *arena,
- CERTCertificatePolicyMappings *maps,
- SECItem *dest);
+extern SECStatus CERT_EncodePolicyConstraintsExtension(
+ PLArenaPool *arena, CERTCertificatePolicyConstraints *constr,
+ SECItem *dest);
+extern SECStatus CERT_EncodeInhibitAnyExtension(
+ PLArenaPool *arena, CERTCertificateInhibitAny *inhibitAny, SECItem *dest);
+extern SECStatus CERT_EncodePolicyMappingExtension(
+ PLArenaPool *arena, CERTCertificatePolicyMappings *maps, SECItem *dest);
extern SECStatus CERT_EncodeInfoAccessExtension(PLArenaPool *arena,
- CERTAuthInfoAccess **info,
- SECItem *dest);
-extern SECStatus
-CERT_EncodeUserNotice(PLArenaPool *arena,
- CERTUserNotice *notice,
- SECItem *dest);
+ CERTAuthInfoAccess **info,
+ SECItem *dest);
+extern SECStatus CERT_EncodeUserNotice(PLArenaPool *arena,
+ CERTUserNotice *notice, SECItem *dest);
-extern SECStatus
-CERT_EncodeDisplayText(PLArenaPool *arena,
- SECItem *text,
- SECItem *dest);
+extern SECStatus CERT_EncodeDisplayText(PLArenaPool *arena, SECItem *text,
+ SECItem *dest);
-extern SECStatus
-CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
- CERTPolicyInfo **info,
- SECItem *dest);
-extern SECStatus
-CERT_EncodeNoticeReference(PLArenaPool *arena,
- CERTNoticeReference *reference,
- SECItem *dest);
+extern SECStatus CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
+ CERTPolicyInfo **info,
+ SECItem *dest);
+extern SECStatus CERT_EncodeNoticeReference(PLArenaPool *arena,
+ CERTNoticeReference *reference,
+ SECItem *dest);
/*
* Returns a pointer to a static structure.
*/
-extern const CERTRevocationFlags*
-CERT_GetPKIXVerifyNistRevocationPolicy(void);
+extern const CERTRevocationFlags *CERT_GetPKIXVerifyNistRevocationPolicy(void);
/*
* Returns a pointer to a static structure.
*/
-extern const CERTRevocationFlags*
-CERT_GetClassicOCSPEnabledSoftFailurePolicy(void);
+extern const CERTRevocationFlags *CERT_GetClassicOCSPEnabledSoftFailurePolicy(
+ void);
/*
* Returns a pointer to a static structure.
*/
-extern const CERTRevocationFlags*
-CERT_GetClassicOCSPEnabledHardFailurePolicy(void);
+extern const CERTRevocationFlags *CERT_GetClassicOCSPEnabledHardFailurePolicy(
+ void);
/*
* Returns a pointer to a static structure.
*/
-extern const CERTRevocationFlags*
-CERT_GetClassicOCSPDisabledPolicy(void);
+extern const CERTRevocationFlags *CERT_GetClassicOCSPDisabledPolicy(void);
/*
* Verify a Cert with libpkix
@@ -1647,12 +1549,10 @@
* paramsOut specifies the parameters the caller would like to get back.
* the caller may pass NULL, in which case no parameters are returned.
*/
-extern SECStatus CERT_PKIXVerifyCert(
- CERTCertificate *cert,
- SECCertificateUsage usages,
- CERTValInParam *paramsIn,
- CERTValOutParam *paramsOut,
- void *wincx);
+extern SECStatus CERT_PKIXVerifyCert(CERTCertificate *cert,
+ SECCertificateUsage usages,
+ CERTValInParam *paramsIn,
+ CERTValOutParam *paramsOut, void *wincx);
/* Makes old cert validation APIs(CERT_VerifyCert, CERT_VerifyCertificate)
* to use libpkix validation engine. The function should be called ones at
@@ -1669,8 +1569,7 @@
* and allocate the inner arrays of the given sizes.
* To cleanup call CERT_DestroyCERTRevocationFlags.
*/
-extern CERTRevocationFlags *
-CERT_AllocCERTRevocationFlags(
+extern CERTRevocationFlags *CERT_AllocCERTRevocationFlags(
PRUint32 number_leaf_methods, PRUint32 number_leaf_pref_methods,
PRUint32 number_chain_methods, PRUint32 number_chain_pref_methods);
@@ -1678,8 +1577,7 @@
* Destroy the arrays inside flags,
* and destroy the object pointed to by flags, too.
*/
-extern void
-CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags);
+extern void CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags);
SEC_END_PROTOS
diff --git a/nss/lib/certdb/certdb.c b/nss/lib/certdb/certdb.c
index f282bbb..80b83ed 100644
--- a/nss/lib/certdb/certdb.c
+++ b/nss/lib/certdb/certdb.c
@@ -26,7 +26,7 @@
#include "secerr.h"
#include "sslerr.h"
#include "pk11func.h"
-#include "xconst.h" /* for CERT_DecodeAltNameExtension */
+#include "xconst.h" /* for CERT_DecodeAltNameExtension */
#include "pki.h"
#include "pki3hack.h"
@@ -41,17 +41,13 @@
* Certificate database handling code
*/
-
const SEC_ASN1Template CERT_CertExtensionTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertExtension) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTCertExtension,id) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
- offsetof(CERTCertExtension,critical) },
- { SEC_ASN1_OCTET_STRING,
- offsetof(CERTCertExtension,value) },
- { 0, }
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertExtension) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CERTCertExtension, id) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+ offsetof(CERTCertExtension, critical) },
+ { SEC_ASN1_OCTET_STRING, offsetof(CERTCertExtension, value) },
+ { 0 }
};
const SEC_ASN1Template CERT_SequenceOfCertExtensionTemplate[] = {
@@ -59,80 +55,60 @@
};
const SEC_ASN1Template CERT_TimeChoiceTemplate[] = {
- { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) },
- { SEC_ASN1_UTC_TIME, 0, 0, siUTCTime },
- { SEC_ASN1_GENERALIZED_TIME, 0, 0, siGeneralizedTime },
- { 0 }
+ { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) },
+ { SEC_ASN1_UTC_TIME, 0, 0, siUTCTime },
+ { SEC_ASN1_GENERALIZED_TIME, 0, 0, siGeneralizedTime },
+ { 0 }
};
const SEC_ASN1Template CERT_ValidityTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTValidity) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTValidity,notBefore),
- SEC_ASN1_SUB(CERT_TimeChoiceTemplate), 0 },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTValidity,notAfter),
- SEC_ASN1_SUB(CERT_TimeChoiceTemplate), 0 },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTValidity) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTValidity, notBefore),
+ SEC_ASN1_SUB(CERT_TimeChoiceTemplate), 0 },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTValidity, notAfter),
+ SEC_ASN1_SUB(CERT_TimeChoiceTemplate), 0 },
{ 0 }
};
const SEC_ASN1Template CERT_CertificateTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertificate) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, /* XXX DER_DEFAULT */
- offsetof(CERTCertificate,version),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
- { SEC_ASN1_INTEGER,
- offsetof(CERTCertificate,serialNumber) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTCertificate,signature),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_SAVE,
- offsetof(CERTCertificate,derIssuer) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,issuer),
- CERT_NameTemplate },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,validity),
- CERT_ValidityTemplate },
- { SEC_ASN1_SAVE,
- offsetof(CERTCertificate,derSubject) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,subject),
- CERT_NameTemplate },
- { SEC_ASN1_SAVE,
- offsetof(CERTCertificate,derPublicKey) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCertificate,subjectPublicKeyInfo),
- CERT_SubjectPublicKeyInfoTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
- offsetof(CERTCertificate,issuerID),
- SEC_ASN1_SUB(SEC_BitStringTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
- offsetof(CERTCertificate,subjectID),
- SEC_ASN1_SUB(SEC_BitStringTemplate) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 3,
- offsetof(CERTCertificate,extensions),
- CERT_SequenceOfCertExtensionTemplate },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificate) },
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, /* XXX DER_DEFAULT */
+ offsetof(CERTCertificate, version),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ { SEC_ASN1_INTEGER, offsetof(CERTCertificate, serialNumber) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCertificate, signature),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_SAVE, offsetof(CERTCertificate, derIssuer) },
+ { SEC_ASN1_INLINE, offsetof(CERTCertificate, issuer), CERT_NameTemplate },
+ { SEC_ASN1_INLINE, offsetof(CERTCertificate, validity),
+ CERT_ValidityTemplate },
+ { SEC_ASN1_SAVE, offsetof(CERTCertificate, derSubject) },
+ { SEC_ASN1_INLINE, offsetof(CERTCertificate, subject), CERT_NameTemplate },
+ { SEC_ASN1_SAVE, offsetof(CERTCertificate, derPublicKey) },
+ { SEC_ASN1_INLINE, offsetof(CERTCertificate, subjectPublicKeyInfo),
+ CERT_SubjectPublicKeyInfoTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+ offsetof(CERTCertificate, issuerID),
+ SEC_ASN1_SUB(SEC_BitStringTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+ offsetof(CERTCertificate, subjectID),
+ SEC_ASN1_SUB(SEC_BitStringTemplate) },
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | 3,
+ offsetof(CERTCertificate, extensions),
+ CERT_SequenceOfCertExtensionTemplate },
{ 0 }
};
-const SEC_ASN1Template SEC_SignedCertificateTemplate[] =
-{
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertificate) },
- { SEC_ASN1_SAVE,
- offsetof(CERTCertificate,signatureWrap.data) },
- { SEC_ASN1_INLINE,
- 0, CERT_CertificateTemplate },
+const SEC_ASN1Template SEC_SignedCertificateTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificate) },
+ { SEC_ASN1_SAVE, offsetof(CERTCertificate, signatureWrap.data) },
+ { SEC_ASN1_INLINE, 0, CERT_CertificateTemplate },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTCertificate,signatureWrap.signatureAlgorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTCertificate,signatureWrap.signature) },
+ offsetof(CERTCertificate, signatureWrap.signatureAlgorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_BIT_STRING, offsetof(CERTCertificate, signatureWrap.signature) },
{ 0 }
};
@@ -140,16 +116,15 @@
* Find the subjectName in a DER encoded certificate
*/
const SEC_ASN1Template SEC_CertSubjectTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECItem) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- 0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
- { SEC_ASN1_SKIP }, /* serial number */
- { SEC_ASN1_SKIP }, /* signature algorithm */
- { SEC_ASN1_SKIP }, /* issuer */
- { SEC_ASN1_SKIP }, /* validity */
- { SEC_ASN1_ANY, 0, NULL }, /* subject */
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ 0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
+ { SEC_ASN1_SKIP }, /* serial number */
+ { SEC_ASN1_SKIP }, /* signature algorithm */
+ { SEC_ASN1_SKIP }, /* issuer */
+ { SEC_ASN1_SKIP }, /* validity */
+ { SEC_ASN1_ANY, 0, NULL }, /* subject */
{ SEC_ASN1_SKIP_REST },
{ 0 }
};
@@ -158,14 +133,13 @@
* Find the issuerName in a DER encoded certificate
*/
const SEC_ASN1Template SEC_CertIssuerTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECItem) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- 0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
- { SEC_ASN1_SKIP }, /* serial number */
- { SEC_ASN1_SKIP }, /* signature algorithm */
- { SEC_ASN1_ANY, 0, NULL }, /* issuer */
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ 0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
+ { SEC_ASN1_SKIP }, /* serial number */
+ { SEC_ASN1_SKIP }, /* signature algorithm */
+ { SEC_ASN1_ANY, 0, NULL }, /* issuer */
{ SEC_ASN1_SKIP_REST },
{ 0 }
};
@@ -173,12 +147,11 @@
* Find the subjectName in a DER encoded certificate
*/
const SEC_ASN1Template SEC_CertSerialNumberTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECItem) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- 0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
- { SEC_ASN1_ANY, 0, NULL }, /* serial number */
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ 0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
+ { SEC_ASN1_ANY, 0, NULL }, /* serial number */
{ SEC_ASN1_SKIP_REST },
{ 0 }
};
@@ -189,16 +162,13 @@
* identifier of a certificate.
*/
const SEC_ASN1Template CERT_CertKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertKey) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- 0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
- { SEC_ASN1_INTEGER,
- offsetof(CERTCertKey,serialNumber) },
- { SEC_ASN1_SKIP }, /* signature algorithm */
- { SEC_ASN1_ANY,
- offsetof(CERTCertKey,derIssuer) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertKey) },
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ 0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
+ { SEC_ASN1_INTEGER, offsetof(CERTCertKey, serialNumber) },
+ { SEC_ASN1_SKIP }, /* signature algorithm */
+ { SEC_ASN1_ANY, offsetof(CERTCertKey, derIssuer) },
{ SEC_ASN1_SKIP_REST },
{ 0 }
};
@@ -210,17 +180,17 @@
SECStatus
CERT_KeyFromIssuerAndSN(PLArenaPool *arena, SECItem *issuer, SECItem *sn,
- SECItem *key)
+ SECItem *key)
{
key->len = sn->len + issuer->len;
if ((sn->data == NULL) || (issuer->data == NULL)) {
- goto loser;
+ goto loser;
}
-
- key->data = (unsigned char*)PORT_ArenaAlloc(arena, key->len);
- if ( !key->data ) {
- goto loser;
+
+ key->data = (unsigned char *)PORT_ArenaAlloc(arena, key->len);
+ if (!key->data) {
+ goto loser;
}
/* copy the serialNumber */
@@ -229,13 +199,12 @@
/* copy the issuer */
PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
- return(SECSuccess);
+ return (SECSuccess);
loser:
- return(SECFailure);
+ return (SECFailure);
}
-
/*
* Extract the subject name from a DER certificate
*/
@@ -246,41 +215,42 @@
PLArenaPool *arena;
CERTSignedData sd;
void *tmpptr;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( ! arena ) {
- return(SECFailure);
+
+ if (!arena) {
+ return (SECFailure);
}
-
+
PORT_Memset(&sd, 0, sizeof(CERTSignedData));
rv = SEC_QuickDERDecodeItem(arena, &sd, CERT_SignedDataTemplate, derCert);
-
- if ( rv ) {
- goto loser;
- }
-
- PORT_Memset(derName, 0, sizeof(SECItem));
- rv = SEC_QuickDERDecodeItem(arena, derName, SEC_CertSubjectTemplate, &sd.data);
- if ( rv ) {
- goto loser;
+ if (rv) {
+ goto loser;
+ }
+
+ PORT_Memset(derName, 0, sizeof(SECItem));
+ rv = SEC_QuickDERDecodeItem(arena, derName, SEC_CertSubjectTemplate,
+ &sd.data);
+
+ if (rv) {
+ goto loser;
}
tmpptr = derName->data;
- derName->data = (unsigned char*)PORT_Alloc(derName->len);
- if ( derName->data == NULL ) {
- goto loser;
+ derName->data = (unsigned char *)PORT_Alloc(derName->len);
+ if (derName->data == NULL) {
+ goto loser;
}
-
+
PORT_Memcpy(derName->data, tmpptr, derName->len);
-
+
PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
+ return (SECSuccess);
loser:
PORT_FreeArena(arena, PR_FALSE);
- return(SECFailure);
+ return (SECFailure);
}
SECStatus
@@ -290,41 +260,42 @@
PLArenaPool *arena;
CERTSignedData sd;
void *tmpptr;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( ! arena ) {
- return(SECFailure);
+
+ if (!arena) {
+ return (SECFailure);
}
-
+
PORT_Memset(&sd, 0, sizeof(CERTSignedData));
rv = SEC_QuickDERDecodeItem(arena, &sd, CERT_SignedDataTemplate, derCert);
-
- if ( rv ) {
- goto loser;
- }
-
- PORT_Memset(derName, 0, sizeof(SECItem));
- rv = SEC_QuickDERDecodeItem(arena, derName, SEC_CertIssuerTemplate, &sd.data);
- if ( rv ) {
- goto loser;
+ if (rv) {
+ goto loser;
+ }
+
+ PORT_Memset(derName, 0, sizeof(SECItem));
+ rv = SEC_QuickDERDecodeItem(arena, derName, SEC_CertIssuerTemplate,
+ &sd.data);
+
+ if (rv) {
+ goto loser;
}
tmpptr = derName->data;
- derName->data = (unsigned char*)PORT_Alloc(derName->len);
- if ( derName->data == NULL ) {
- goto loser;
+ derName->data = (unsigned char *)PORT_Alloc(derName->len);
+ if (derName->data == NULL) {
+ goto loser;
}
-
+
PORT_Memcpy(derName->data, tmpptr, derName->len);
-
+
PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
+ return (SECSuccess);
loser:
PORT_FreeArena(arena, PR_FALSE);
- return(SECFailure);
+ return (SECFailure);
}
SECStatus
@@ -334,41 +305,42 @@
PLArenaPool *arena;
CERTSignedData sd;
void *tmpptr;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( ! arena ) {
- return(SECFailure);
+
+ if (!arena) {
+ return (SECFailure);
}
-
+
PORT_Memset(&sd, 0, sizeof(CERTSignedData));
rv = SEC_QuickDERDecodeItem(arena, &sd, CERT_SignedDataTemplate, derCert);
-
- if ( rv ) {
- goto loser;
- }
-
- PORT_Memset(derName, 0, sizeof(SECItem));
- rv = SEC_QuickDERDecodeItem(arena, derName, SEC_CertSerialNumberTemplate, &sd.data);
- if ( rv ) {
- goto loser;
+ if (rv) {
+ goto loser;
+ }
+
+ PORT_Memset(derName, 0, sizeof(SECItem));
+ rv = SEC_QuickDERDecodeItem(arena, derName, SEC_CertSerialNumberTemplate,
+ &sd.data);
+
+ if (rv) {
+ goto loser;
}
tmpptr = derName->data;
- derName->data = (unsigned char*)PORT_Alloc(derName->len);
- if ( derName->data == NULL ) {
- goto loser;
+ derName->data = (unsigned char *)PORT_Alloc(derName->len);
+ if (derName->data == NULL) {
+ goto loser;
}
-
+
PORT_Memcpy(derName->data, tmpptr, derName->len);
-
+
PORT_FreeArena(arena, PR_FALSE);
- return(SECSuccess);
+ return (SECSuccess);
loser:
PORT_FreeArena(arena, PR_FALSE);
- return(SECFailure);
+ return (SECFailure);
}
/*
@@ -388,25 +360,25 @@
}
PORT_Memset(&sd, 0, sizeof(CERTSignedData));
- rv = SEC_QuickDERDecodeItem(reqArena, &sd, CERT_SignedDataTemplate,
- derCert);
-
- if ( rv ) {
- goto loser;
+ rv =
+ SEC_QuickDERDecodeItem(reqArena, &sd, CERT_SignedDataTemplate, derCert);
+
+ if (rv) {
+ goto loser;
}
-
+
PORT_Memset(&certkey, 0, sizeof(CERTCertKey));
rv = SEC_QuickDERDecodeItem(reqArena, &certkey, CERT_CertKeyTemplate,
&sd.data);
- if ( rv ) {
- goto loser;
+ if (rv) {
+ goto loser;
}
- return(CERT_KeyFromIssuerAndSN(reqArena, &certkey.derIssuer,
- &certkey.serialNumber, key));
+ return (CERT_KeyFromIssuerAndSN(reqArena, &certkey.derIssuer,
+ &certkey.serialNumber, key));
loser:
- return(SECFailure);
+ return (SECFailure);
}
/*
@@ -418,50 +390,48 @@
{
SECStatus rv;
SECItem tmpitem;
-
+
rv = CERT_FindKeyUsageExtension(cert, &tmpitem);
- if ( rv == SECSuccess ) {
- /* remember the actual value of the extension */
- cert->rawKeyUsage = tmpitem.data[0];
- cert->keyUsagePresent = PR_TRUE;
- cert->keyUsage = tmpitem.data[0];
+ if (rv == SECSuccess) {
+ /* remember the actual value of the extension */
+ cert->rawKeyUsage = tmpitem.data[0];
+ cert->keyUsagePresent = PR_TRUE;
+ cert->keyUsage = tmpitem.data[0];
- PORT_Free(tmpitem.data);
- tmpitem.data = NULL;
-
+ PORT_Free(tmpitem.data);
+ tmpitem.data = NULL;
} else {
- /* if the extension is not present, then we allow all uses */
- cert->keyUsage = KU_ALL;
- cert->rawKeyUsage = KU_ALL;
- cert->keyUsagePresent = PR_FALSE;
+ /* if the extension is not present, then we allow all uses */
+ cert->keyUsage = KU_ALL;
+ cert->rawKeyUsage = KU_ALL;
+ cert->keyUsagePresent = PR_FALSE;
}
- if ( CERT_GovtApprovedBitSet(cert) ) {
- cert->keyUsage |= KU_NS_GOVT_APPROVED;
- cert->rawKeyUsage |= KU_NS_GOVT_APPROVED;
+ if (CERT_GovtApprovedBitSet(cert)) {
+ cert->keyUsage |= KU_NS_GOVT_APPROVED;
+ cert->rawKeyUsage |= KU_NS_GOVT_APPROVED;
}
-
- return(SECSuccess);
+
+ return (SECSuccess);
}
-
static SECStatus
findOIDinOIDSeqByTagNum(CERTOidSequence *seq, SECOidTag tagnum)
{
SECItem **oids;
SECItem *oid;
SECStatus rv = SECFailure;
-
+
if (seq != NULL) {
- oids = seq->oids;
- while (oids != NULL && *oids != NULL) {
- oid = *oids;
- if (SECOID_FindOIDTag(oid) == tagnum) {
- rv = SECSuccess;
- break;
- }
- oids++;
- }
+ oids = seq->oids;
+ while (oids != NULL && *oids != NULL) {
+ oid = *oids;
+ if (SECOID_FindOIDTag(oid) == tagnum) {
+ rv = SECSuccess;
+ break;
+ }
+ oids++;
+ }
}
return rv;
}
@@ -500,132 +470,121 @@
tmpitem.data = NULL;
CERT_FindNSCertTypeExtension(cert, &tmpitem);
encodedExtKeyUsage.data = NULL;
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE,
- &encodedExtKeyUsage);
+ rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE,
+ &encodedExtKeyUsage);
if (rv == SECSuccess) {
- extKeyUsage = CERT_DecodeOidSequence(&encodedExtKeyUsage);
+ extKeyUsage = CERT_DecodeOidSequence(&encodedExtKeyUsage);
}
rv = CERT_FindBasicConstraintExten(cert, &basicConstraint);
if (rv == SECSuccess) {
- basicConstraintPresent = PR_TRUE;
+ basicConstraintPresent = PR_TRUE;
}
if (tmpitem.data != NULL || extKeyUsage != NULL) {
- if (tmpitem.data == NULL) {
- nsCertType = 0;
- } else {
- nsCertType = tmpitem.data[0];
- }
+ if (tmpitem.data == NULL) {
+ nsCertType = 0;
+ } else {
+ nsCertType = tmpitem.data[0];
+ }
- /* free tmpitem data pointer to avoid memory leak */
- PORT_Free(tmpitem.data);
- tmpitem.data = NULL;
-
- /*
- * for this release, we will allow SSL certs with an email address
- * to be used for email
- */
- if ( ( nsCertType & NS_CERT_TYPE_SSL_CLIENT ) &&
- cert->emailAddr && cert->emailAddr[0]) {
- nsCertType |= NS_CERT_TYPE_EMAIL;
- }
- /*
- * for this release, we will allow SSL intermediate CAs to be
- * email intermediate CAs too.
- */
- if ( nsCertType & NS_CERT_TYPE_SSL_CA ) {
- nsCertType |= NS_CERT_TYPE_EMAIL_CA;
- }
- /*
- * allow a cert with the extended key usage of EMail Protect
- * to be used for email or as an email CA, if basic constraints
- * indicates that it is a CA.
- */
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT) ==
- SECSuccess) {
- if (basicConstraintPresent == PR_TRUE &&
- (basicConstraint.isCA)) {
- nsCertType |= NS_CERT_TYPE_EMAIL_CA;
- } else {
- nsCertType |= NS_CERT_TYPE_EMAIL;
- }
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) ==
- SECSuccess){
- if (basicConstraintPresent == PR_TRUE &&
- (basicConstraint.isCA)) {
- nsCertType |= NS_CERT_TYPE_SSL_CA;
- } else {
- nsCertType |= NS_CERT_TYPE_SSL_SERVER;
- }
- }
- /*
- * Treat certs with step-up OID as also having SSL server type.
- * COMODO needs this behaviour until June 2020. See Bug 737802.
- */
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) ==
- SECSuccess){
- if (basicConstraintPresent == PR_TRUE &&
- (basicConstraint.isCA)) {
- nsCertType |= NS_CERT_TYPE_SSL_CA;
- } else {
- nsCertType |= NS_CERT_TYPE_SSL_SERVER;
- }
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) ==
- SECSuccess){
- if (basicConstraintPresent == PR_TRUE &&
- (basicConstraint.isCA)) {
- nsCertType |= NS_CERT_TYPE_SSL_CA;
- } else {
- nsCertType |= NS_CERT_TYPE_SSL_CLIENT;
- }
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_CODE_SIGN) ==
- SECSuccess) {
- if (basicConstraintPresent == PR_TRUE &&
- (basicConstraint.isCA)) {
- nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
- } else {
- nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING;
- }
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_EXT_KEY_USAGE_TIME_STAMP) ==
- SECSuccess) {
- nsCertType |= EXT_KEY_USAGE_TIME_STAMP;
- }
- if (findOIDinOIDSeqByTagNum(extKeyUsage,
- SEC_OID_OCSP_RESPONDER) ==
- SECSuccess) {
- nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
- }
+ /* free tmpitem data pointer to avoid memory leak */
+ PORT_Free(tmpitem.data);
+ tmpitem.data = NULL;
+
+ /*
+ * for this release, we will allow SSL certs with an email address
+ * to be used for email
+ */
+ if ((nsCertType & NS_CERT_TYPE_SSL_CLIENT) && cert->emailAddr &&
+ cert->emailAddr[0]) {
+ nsCertType |= NS_CERT_TYPE_EMAIL;
+ }
+ /*
+ * for this release, we will allow SSL intermediate CAs to be
+ * email intermediate CAs too.
+ */
+ if (nsCertType & NS_CERT_TYPE_SSL_CA) {
+ nsCertType |= NS_CERT_TYPE_EMAIL_CA;
+ }
+ /*
+ * allow a cert with the extended key usage of EMail Protect
+ * to be used for email or as an email CA, if basic constraints
+ * indicates that it is a CA.
+ */
+ if (findOIDinOIDSeqByTagNum(extKeyUsage,
+ SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT) ==
+ SECSuccess) {
+ if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+ nsCertType |= NS_CERT_TYPE_EMAIL_CA;
+ } else {
+ nsCertType |= NS_CERT_TYPE_EMAIL;
+ }
+ }
+ if (findOIDinOIDSeqByTagNum(
+ extKeyUsage, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) == SECSuccess) {
+ if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+ nsCertType |= NS_CERT_TYPE_SSL_CA;
+ } else {
+ nsCertType |= NS_CERT_TYPE_SSL_SERVER;
+ }
+ }
+ /*
+ * Treat certs with step-up OID as also having SSL server type.
+ * COMODO needs this behaviour until June 2020. See Bug 737802.
+ */
+ if (findOIDinOIDSeqByTagNum(extKeyUsage,
+ SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) ==
+ SECSuccess) {
+ if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+ nsCertType |= NS_CERT_TYPE_SSL_CA;
+ } else {
+ nsCertType |= NS_CERT_TYPE_SSL_SERVER;
+ }
+ }
+ if (findOIDinOIDSeqByTagNum(
+ extKeyUsage, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) == SECSuccess) {
+ if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+ nsCertType |= NS_CERT_TYPE_SSL_CA;
+ } else {
+ nsCertType |= NS_CERT_TYPE_SSL_CLIENT;
+ }
+ }
+ if (findOIDinOIDSeqByTagNum(
+ extKeyUsage, SEC_OID_EXT_KEY_USAGE_CODE_SIGN) == SECSuccess) {
+ if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+ nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
+ } else {
+ nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING;
+ }
+ }
+ if (findOIDinOIDSeqByTagNum(
+ extKeyUsage, SEC_OID_EXT_KEY_USAGE_TIME_STAMP) == SECSuccess) {
+ nsCertType |= EXT_KEY_USAGE_TIME_STAMP;
+ }
+ if (findOIDinOIDSeqByTagNum(extKeyUsage, SEC_OID_OCSP_RESPONDER) ==
+ SECSuccess) {
+ nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
+ }
} else {
- /* If no NS Cert Type extension and no EKU extension, then */
- nsCertType = 0;
- if (CERT_IsCACert(cert, &nsCertType))
- nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
- /* if the basic constraint extension says the cert is a CA, then
- allow SSL CA and EMAIL CA and Status Responder */
- if (basicConstraintPresent && basicConstraint.isCA ) {
- nsCertType |= (NS_CERT_TYPE_SSL_CA |
- NS_CERT_TYPE_EMAIL_CA |
- EXT_KEY_USAGE_STATUS_RESPONDER);
- }
- /* allow any ssl or email (no ca or object signing. */
- nsCertType |= NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER |
- NS_CERT_TYPE_EMAIL;
+ /* If no NS Cert Type extension and no EKU extension, then */
+ nsCertType = 0;
+ if (CERT_IsCACert(cert, &nsCertType))
+ nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
+ /* if the basic constraint extension says the cert is a CA, then
+ allow SSL CA and EMAIL CA and Status Responder */
+ if (basicConstraintPresent && basicConstraint.isCA) {
+ nsCertType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
+ EXT_KEY_USAGE_STATUS_RESPONDER);
+ }
+ /* allow any ssl or email (no ca or object signing. */
+ nsCertType |= NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER |
+ NS_CERT_TYPE_EMAIL;
}
if (encodedExtKeyUsage.data != NULL) {
- PORT_Free(encodedExtKeyUsage.data);
+ PORT_Free(encodedExtKeyUsage.data);
}
if (extKeyUsage != NULL) {
- CERT_DestroyOidSequence(extKeyUsage);
+ CERT_DestroyOidSequence(extKeyUsage);
}
return nsCertType;
}
@@ -638,44 +597,44 @@
{
SECItem tmpitem;
SECStatus rv;
-
+
cert->subjectKeyID.len = 0;
/* see of the cert has a key identifier extension */
rv = CERT_FindSubjectKeyIDExtension(cert, &tmpitem);
- if ( rv == SECSuccess ) {
- cert->subjectKeyID.data = (unsigned char*) PORT_ArenaAlloc(cert->arena, tmpitem.len);
- if ( cert->subjectKeyID.data != NULL ) {
- PORT_Memcpy(cert->subjectKeyID.data, tmpitem.data, tmpitem.len);
- cert->subjectKeyID.len = tmpitem.len;
- cert->keyIDGenerated = PR_FALSE;
- }
-
- PORT_Free(tmpitem.data);
+ if (rv == SECSuccess) {
+ cert->subjectKeyID.data =
+ (unsigned char *)PORT_ArenaAlloc(cert->arena, tmpitem.len);
+ if (cert->subjectKeyID.data != NULL) {
+ PORT_Memcpy(cert->subjectKeyID.data, tmpitem.data, tmpitem.len);
+ cert->subjectKeyID.len = tmpitem.len;
+ cert->keyIDGenerated = PR_FALSE;
+ }
+
+ PORT_Free(tmpitem.data);
}
-
+
/* if the cert doesn't have a key identifier extension, then generate one*/
- if ( cert->subjectKeyID.len == 0 ) {
- /*
- * pkix says that if the subjectKeyID is not present, then we should
- * use the SHA-1 hash of the DER-encoded publicKeyInfo from the cert
- */
- cert->subjectKeyID.data = (unsigned char *)PORT_ArenaAlloc(cert->arena, SHA1_LENGTH);
- if ( cert->subjectKeyID.data != NULL ) {
- rv = PK11_HashBuf(SEC_OID_SHA1,cert->subjectKeyID.data,
- cert->derPublicKey.data,
- cert->derPublicKey.len);
- if ( rv == SECSuccess ) {
- cert->subjectKeyID.len = SHA1_LENGTH;
- }
- }
+ if (cert->subjectKeyID.len == 0) {
+ /*
+ * pkix says that if the subjectKeyID is not present, then we should
+ * use the SHA-1 hash of the DER-encoded publicKeyInfo from the cert
+ */
+ cert->subjectKeyID.data =
+ (unsigned char *)PORT_ArenaAlloc(cert->arena, SHA1_LENGTH);
+ if (cert->subjectKeyID.data != NULL) {
+ rv = PK11_HashBuf(SEC_OID_SHA1, cert->subjectKeyID.data,
+ cert->derPublicKey.data, cert->derPublicKey.len);
+ if (rv == SECSuccess) {
+ cert->subjectKeyID.len = SHA1_LENGTH;
+ }
+ }
}
- if ( cert->subjectKeyID.len == 0 ) {
- return(SECFailure);
+ if (cert->subjectKeyID.len == 0) {
+ return (SECFailure);
}
- return(SECSuccess);
-
+ return (SECSuccess);
}
static PRBool
@@ -689,48 +648,48 @@
/* it MUST be self-issued to be a root */
if (cert->derIssuer.len == 0 ||
- !SECITEM_ItemsAreEqual(&cert->derIssuer, &cert->derSubject))
- {
- return PR_FALSE;
+ !SECITEM_ItemsAreEqual(&cert->derIssuer, &cert->derSubject)) {
+ return PR_FALSE;
}
/* check the authKeyID extension */
if (cert->authKeyID) {
- /* authority key identifier is present */
- if (cert->authKeyID->keyID.len > 0) {
- /* the keyIdentifier field is set, look for subjectKeyID */
- rv = CERT_FindSubjectKeyIDExtension(cert, &tmpitem);
- if (rv == SECSuccess) {
- PRBool match;
- /* also present, they MUST match for it to be a root */
- match = SECITEM_ItemsAreEqual(&cert->authKeyID->keyID,
- &tmpitem);
- PORT_Free(tmpitem.data);
- if (!match) return PR_FALSE; /* else fall through */
- } else {
- /* the subject key ID is required when AKI is present */
- return PR_FALSE;
- }
- }
- if (cert->authKeyID->authCertIssuer) {
- SECItem *caName;
- caName = (SECItem *)CERT_GetGeneralNameByType(
- cert->authKeyID->authCertIssuer,
- certDirectoryName, PR_TRUE);
- if (caName) {
- if (!SECITEM_ItemsAreEqual(&cert->derIssuer, caName)) {
- return PR_FALSE;
- } /* else fall through */
- } /* else ??? could not get general name as directory name? */
- }
- if (cert->authKeyID->authCertSerialNumber.len > 0) {
- if (!SECITEM_ItemsAreEqual(&cert->serialNumber,
- &cert->authKeyID->authCertSerialNumber)) {
- return PR_FALSE;
- } /* else fall through */
- }
- /* all of the AKI fields that were present passed the test */
- return PR_TRUE;
+ /* authority key identifier is present */
+ if (cert->authKeyID->keyID.len > 0) {
+ /* the keyIdentifier field is set, look for subjectKeyID */
+ rv = CERT_FindSubjectKeyIDExtension(cert, &tmpitem);
+ if (rv == SECSuccess) {
+ PRBool match;
+ /* also present, they MUST match for it to be a root */
+ match =
+ SECITEM_ItemsAreEqual(&cert->authKeyID->keyID, &tmpitem);
+ PORT_Free(tmpitem.data);
+ if (!match)
+ return PR_FALSE; /* else fall through */
+ } else {
+ /* the subject key ID is required when AKI is present */
+ return PR_FALSE;
+ }
+ }
+ if (cert->authKeyID->authCertIssuer) {
+ SECItem *caName;
+ caName = (SECItem *)CERT_GetGeneralNameByType(
+ cert->authKeyID->authCertIssuer, certDirectoryName, PR_TRUE);
+ if (caName) {
+ if (!SECITEM_ItemsAreEqual(&cert->derIssuer, caName)) {
+ return PR_FALSE;
+ } /* else fall through */
+ } /* else ??? could not get general name as directory name? */
+ }
+ if (cert->authKeyID->authCertSerialNumber.len > 0) {
+ if (!SECITEM_ItemsAreEqual(
+ &cert->serialNumber,
+ &cert->authKeyID->authCertSerialNumber)) {
+ return PR_FALSE;
+ } /* else fall through */
+ }
+ /* all of the AKI fields that were present passed the test */
+ return PR_TRUE;
}
/* else the AKI was not present, so this is a root */
return PR_TRUE;
@@ -741,7 +700,7 @@
*/
CERTCertificate *
CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
- char *nickname)
+ char *nickname)
{
CERTCertificate *cert;
PLArenaPool *arena;
@@ -749,83 +708,83 @@
int rv;
int len;
char *tmpname;
-
+
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- return 0;
+
+ if (!arena) {
+ return 0;
}
/* allocate the certificate structure */
cert = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
-
- if ( !cert ) {
- goto loser;
+
+ if (!cert) {
+ goto loser;
}
-
+
cert->arena = arena;
-
- if ( copyDER ) {
- /* copy the DER data for the cert into this arena */
- data = (void *)PORT_ArenaAlloc(arena, derSignedCert->len);
- if ( !data ) {
- goto loser;
- }
- cert->derCert.data = (unsigned char *)data;
- cert->derCert.len = derSignedCert->len;
- PORT_Memcpy(data, derSignedCert->data, derSignedCert->len);
+
+ if (copyDER) {
+ /* copy the DER data for the cert into this arena */
+ data = (void *)PORT_ArenaAlloc(arena, derSignedCert->len);
+ if (!data) {
+ goto loser;
+ }
+ cert->derCert.data = (unsigned char *)data;
+ cert->derCert.len = derSignedCert->len;
+ PORT_Memcpy(data, derSignedCert->data, derSignedCert->len);
} else {
- /* point to passed in DER data */
- cert->derCert = *derSignedCert;
+ /* point to passed in DER data */
+ cert->derCert = *derSignedCert;
}
/* decode the certificate info */
rv = SEC_QuickDERDecodeItem(arena, cert, SEC_SignedCertificateTemplate,
- &cert->derCert);
+ &cert->derCert);
- if ( rv ) {
- goto loser;
+ if (rv) {
+ goto loser;
}
- if (cert_HasUnknownCriticalExten (cert->extensions) == PR_TRUE) {
+ if (cert_HasUnknownCriticalExten(cert->extensions) == PR_TRUE) {
cert->options.bits.hasUnsupportedCriticalExt = PR_TRUE;
}
/* generate and save the database key for the cert */
rv = CERT_KeyFromIssuerAndSN(arena, &cert->derIssuer, &cert->serialNumber,
- &cert->certKey);
- if ( rv ) {
- goto loser;
+ &cert->certKey);
+ if (rv) {
+ goto loser;
}
/* set the nickname */
- if ( nickname == NULL ) {
- cert->nickname = NULL;
+ if (nickname == NULL) {
+ cert->nickname = NULL;
} else {
- /* copy and install the nickname */
- len = PORT_Strlen(nickname) + 1;
- cert->nickname = (char*)PORT_ArenaAlloc(arena, len);
- if ( cert->nickname == NULL ) {
- goto loser;
- }
+ /* copy and install the nickname */
+ len = PORT_Strlen(nickname) + 1;
+ cert->nickname = (char *)PORT_ArenaAlloc(arena, len);
+ if (cert->nickname == NULL) {
+ goto loser;
+ }
- PORT_Memcpy(cert->nickname, nickname, len);
+ PORT_Memcpy(cert->nickname, nickname, len);
}
/* set the email address */
cert->emailAddr = cert_GetCertificateEmailAddresses(cert);
-
+
/* initialize the subjectKeyID */
rv = cert_GetKeyID(cert);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* initialize keyUsage */
rv = GetKeyUsage(cert);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* determine if this is a root cert */
@@ -833,46 +792,45 @@
/* initialize the certType */
rv = cert_GetCertType(cert);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
tmpname = CERT_NameToAscii(&cert->subject);
- if ( tmpname != NULL ) {
- cert->subjectName = PORT_ArenaStrdup(cert->arena, tmpname);
- PORT_Free(tmpname);
+ if (tmpname != NULL) {
+ cert->subjectName = PORT_ArenaStrdup(cert->arena, tmpname);
+ PORT_Free(tmpname);
}
-
+
tmpname = CERT_NameToAscii(&cert->issuer);
- if ( tmpname != NULL ) {
- cert->issuerName = PORT_ArenaStrdup(cert->arena, tmpname);
- PORT_Free(tmpname);
+ if (tmpname != NULL) {
+ cert->issuerName = PORT_ArenaStrdup(cert->arena, tmpname);
+ PORT_Free(tmpname);
}
-
+
cert->referenceCount = 1;
cert->slot = NULL;
cert->pkcs11ID = CK_INVALID_HANDLE;
cert->dbnickname = NULL;
-
- return(cert);
-
+
+ return (cert);
+
loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
}
-
- return(0);
+
+ return (0);
}
CERTCertificate *
__CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
- char *nickname)
+ char *nickname)
{
return CERT_DecodeDERCertificate(derSignedCert, copyDER, nickname);
}
-
CERTValidity *
CERT_CreateValidity(PRTime notBefore, PRTime notAfter)
{
@@ -881,26 +839,28 @@
PLArenaPool *arena;
if (notBefore > notAfter) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- return(0);
+
+ if (!arena) {
+ return (0);
}
-
- v = (CERTValidity*) PORT_ArenaZAlloc(arena, sizeof(CERTValidity));
+
+ v = (CERTValidity *)PORT_ArenaZAlloc(arena, sizeof(CERTValidity));
if (v) {
- v->arena = arena;
- rv = DER_EncodeTimeChoice(arena, &v->notBefore, notBefore);
- if (rv) goto loser;
- rv = DER_EncodeTimeChoice(arena, &v->notAfter, notAfter);
- if (rv) goto loser;
+ v->arena = arena;
+ rv = DER_EncodeTimeChoice(arena, &v->notBefore, notBefore);
+ if (rv)
+ goto loser;
+ rv = DER_EncodeTimeChoice(arena, &v->notAfter, notAfter);
+ if (rv)
+ goto loser;
}
return v;
- loser:
+loser:
CERT_DestroyValidity(v);
return 0;
}
@@ -912,9 +872,10 @@
CERT_DestroyValidity(to);
to->arena = arena;
-
+
rv = SECITEM_CopyItem(arena, &to->notBefore, &from->notBefore);
- if (rv) return rv;
+ if (rv)
+ return rv;
rv = SECITEM_CopyItem(arena, &to->notAfter, &from->notAfter);
return rv;
}
@@ -923,7 +884,7 @@
CERT_DestroyValidity(CERTValidity *v)
{
if (v && v->arena) {
- PORT_FreeArena(v->arena, PR_FALSE);
+ PORT_FreeArena(v->arena, PR_FALSE);
}
return;
}
@@ -934,20 +895,19 @@
** valid. The slop is designed to allow for some variance in the clocks
** of the machine checking the certificate.
*/
-#define PENDING_SLOP (24L*60L*60L) /* seconds per day */
-static PRInt32 pendingSlop = PENDING_SLOP; /* seconds */
+#define PENDING_SLOP (24L * 60L * 60L) /* seconds per day */
+static PRInt32 pendingSlop = PENDING_SLOP; /* seconds */
PRInt32
CERT_GetSlopTime(void)
{
- return pendingSlop; /* seconds */
+ return pendingSlop; /* seconds */
}
-SECStatus
-CERT_SetSlopTime(PRInt32 slop) /* seconds */
+SECStatus CERT_SetSlopTime(PRInt32 slop) /* seconds */
{
if (slop < 0)
- return SECFailure;
+ return SECFailure;
pendingSlop = slop;
return SECSuccess;
}
@@ -961,20 +921,20 @@
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
-
+
/* convert DER not-before time */
rv = DER_DecodeTimeChoice(notBefore, &c->validity.notBefore);
if (rv) {
- return(SECFailure);
+ return (SECFailure);
}
-
+
/* convert DER not-after time */
rv = DER_DecodeTimeChoice(notAfter, &c->validity.notAfter);
if (rv) {
- return(SECFailure);
+ return (SECFailure);
}
- return(SECSuccess);
+ return (SECSuccess);
}
/*
@@ -989,77 +949,77 @@
if (!c) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return(secCertTimeUndetermined);
+ return (secCertTimeUndetermined);
}
/* if cert is already marked OK, then don't bother to check */
- if ( allowOverride && c->timeOK ) {
- return(secCertTimeValid);
+ if (allowOverride && c->timeOK) {
+ return (secCertTimeValid);
}
rv = CERT_GetCertTimes(c, ¬Before, ¬After);
-
+
if (rv) {
- return(secCertTimeExpired); /*XXX is this the right thing to do here?*/
+ return (secCertTimeExpired); /*XXX is this the right thing to do here?*/
}
-
+
LL_I2L(llPendingSlop, pendingSlop);
/* convert to micro seconds */
LL_UI2L(tmp1, PR_USEC_PER_SEC);
LL_MUL(llPendingSlop, llPendingSlop, tmp1);
LL_SUB(notBefore, notBefore, llPendingSlop);
- if ( LL_CMP( t, <, notBefore ) ) {
- PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
- return(secCertTimeNotValidYet);
+ if (LL_CMP(t, <, notBefore)) {
+ PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
+ return (secCertTimeNotValidYet);
}
- if ( LL_CMP( t, >, notAfter) ) {
- PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
- return(secCertTimeExpired);
+ if (LL_CMP(t, >, notAfter)) {
+ PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
+ return (secCertTimeExpired);
}
- return(secCertTimeValid);
+ return (secCertTimeValid);
}
SECStatus
SEC_GetCrlTimes(CERTCrl *date, PRTime *notBefore, PRTime *notAfter)
{
int rv;
-
+
/* convert DER not-before time */
rv = DER_DecodeTimeChoice(notBefore, &date->lastUpdate);
if (rv) {
- return(SECFailure);
+ return (SECFailure);
}
-
+
/* convert DER not-after time */
if (date->nextUpdate.data) {
- rv = DER_DecodeTimeChoice(notAfter, &date->nextUpdate);
- if (rv) {
- return(SECFailure);
- }
+ rv = DER_DecodeTimeChoice(notAfter, &date->nextUpdate);
+ if (rv) {
+ return (SECFailure);
+ }
+ } else {
+ LL_I2L(*notAfter, 0L);
}
- else {
- LL_I2L(*notAfter, 0L);
- }
- return(SECSuccess);
+ return (SECSuccess);
}
/* These routines should probably be combined with the cert
* routines using an common extraction routine.
*/
SECCertTimeValidity
-SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) {
+SEC_CheckCrlTimes(CERTCrl *crl, PRTime t)
+{
PRTime notBefore, notAfter, llPendingSlop, tmp1;
SECStatus rv;
if (!crl) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return(secCertTimeUndetermined);
+ return (secCertTimeUndetermined);
}
rv = SEC_GetCrlTimes(crl, ¬Before, ¬After);
-
+
if (rv) {
- return(secCertTimeExpired);
+ return (secCertTimeExpired);
}
LL_I2L(llPendingSlop, pendingSlop);
@@ -1067,155 +1027,157 @@
LL_I2L(tmp1, PR_USEC_PER_SEC);
LL_MUL(llPendingSlop, llPendingSlop, tmp1);
LL_SUB(notBefore, notBefore, llPendingSlop);
- if ( LL_CMP( t, <, notBefore ) ) {
- PORT_SetError(SEC_ERROR_CRL_EXPIRED);
- return(secCertTimeNotValidYet);
+ if (LL_CMP(t, <, notBefore)) {
+ PORT_SetError(SEC_ERROR_CRL_EXPIRED);
+ return (secCertTimeNotValidYet);
}
/* If next update is omitted and the test for notBefore passes, then
we assume that the crl is up to date.
*/
- if ( LL_IS_ZERO(notAfter) ) {
- return(secCertTimeValid);
+ if (LL_IS_ZERO(notAfter)) {
+ return (secCertTimeValid);
}
- if ( LL_CMP( t, >, notAfter) ) {
- PORT_SetError(SEC_ERROR_CRL_EXPIRED);
- return(secCertTimeExpired);
+ if (LL_CMP(t, >, notAfter)) {
+ PORT_SetError(SEC_ERROR_CRL_EXPIRED);
+ return (secCertTimeExpired);
}
- return(secCertTimeValid);
+ return (secCertTimeValid);
}
PRBool
-SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old) {
+SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old)
+{
PRTime newNotBefore, newNotAfter;
PRTime oldNotBefore, oldNotAfter;
SECStatus rv;
/* problems with the new CRL? reject it */
rv = SEC_GetCrlTimes(inNew, &newNotBefore, &newNotAfter);
- if (rv) return PR_FALSE;
+ if (rv)
+ return PR_FALSE;
/* problems with the old CRL? replace it */
rv = SEC_GetCrlTimes(old, &oldNotBefore, &oldNotAfter);
- if (rv) return PR_TRUE;
+ if (rv)
+ return PR_TRUE;
/* Question: what about the notAfter's? */
return ((PRBool)LL_CMP(oldNotBefore, <, newNotBefore));
}
-
+
/*
- * return required key usage and cert type based on cert usage
+ * return required key usage and cert type based on cert usage
*/
SECStatus
-CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage,
- PRBool ca,
- unsigned int *retKeyUsage,
- unsigned int *retCertType)
+CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, PRBool ca,
+ unsigned int *retKeyUsage,
+ unsigned int *retCertType)
{
unsigned int requiredKeyUsage = 0;
unsigned int requiredCertType = 0;
-
- if ( ca ) {
- switch ( usage ) {
- case certUsageSSLServerWithStepUp:
- requiredKeyUsage = KU_NS_GOVT_APPROVED | KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageSSLClient:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageSSLServer:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageSSLCA:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageEmailSigner:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_EMAIL_CA;
- break;
- case certUsageEmailRecipient:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_EMAIL_CA;
- break;
- case certUsageObjectSigner:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA;
- break;
- case certUsageAnyCA:
- case certUsageVerifyCA:
- case certUsageStatusResponder:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA |
- NS_CERT_TYPE_EMAIL_CA |
- NS_CERT_TYPE_SSL_CA;
- break;
- default:
- PORT_Assert(0);
- goto loser;
- }
+
+ if (ca) {
+ switch (usage) {
+ case certUsageSSLServerWithStepUp:
+ requiredKeyUsage = KU_NS_GOVT_APPROVED | KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_SSL_CA;
+ break;
+ case certUsageSSLClient:
+ requiredKeyUsage = KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_SSL_CA;
+ break;
+ case certUsageSSLServer:
+ requiredKeyUsage = KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_SSL_CA;
+ break;
+ case certUsageSSLCA:
+ requiredKeyUsage = KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_SSL_CA;
+ break;
+ case certUsageEmailSigner:
+ requiredKeyUsage = KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_EMAIL_CA;
+ break;
+ case certUsageEmailRecipient:
+ requiredKeyUsage = KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_EMAIL_CA;
+ break;
+ case certUsageObjectSigner:
+ requiredKeyUsage = KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA;
+ break;
+ case certUsageAnyCA:
+ case certUsageVerifyCA:
+ case certUsageStatusResponder:
+ requiredKeyUsage = KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA |
+ NS_CERT_TYPE_EMAIL_CA | NS_CERT_TYPE_SSL_CA;
+ break;
+ default:
+ PORT_Assert(0);
+ goto loser;
+ }
} else {
- switch ( usage ) {
- case certUsageSSLClient:
- /*
- * RFC 5280 lists digitalSignature and keyAgreement for
- * id-kp-clientAuth. NSS does not support the *_fixed_dh and
- * *_fixed_ecdh client certificate types.
- */
- requiredKeyUsage = KU_DIGITAL_SIGNATURE;
- requiredCertType = NS_CERT_TYPE_SSL_CLIENT;
- break;
- case certUsageSSLServer:
- requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
- requiredCertType = NS_CERT_TYPE_SSL_SERVER;
- break;
- case certUsageSSLServerWithStepUp:
- requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT |
- KU_NS_GOVT_APPROVED;
- requiredCertType = NS_CERT_TYPE_SSL_SERVER;
- break;
- case certUsageSSLCA:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_SSL_CA;
- break;
- case certUsageEmailSigner:
- requiredKeyUsage = KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION;
- requiredCertType = NS_CERT_TYPE_EMAIL;
- break;
- case certUsageEmailRecipient:
- requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
- requiredCertType = NS_CERT_TYPE_EMAIL;
- break;
- case certUsageObjectSigner:
- /* RFC 5280 lists only digitalSignature for id-kp-codeSigning. */
- requiredKeyUsage = KU_DIGITAL_SIGNATURE;
- requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING;
- break;
- case certUsageStatusResponder:
- requiredKeyUsage = KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION;
- requiredCertType = EXT_KEY_USAGE_STATUS_RESPONDER;
- break;
- default:
- PORT_Assert(0);
- goto loser;
- }
+ switch (usage) {
+ case certUsageSSLClient:
+ /*
+ * RFC 5280 lists digitalSignature and keyAgreement for
+ * id-kp-clientAuth. NSS does not support the *_fixed_dh and
+ * *_fixed_ecdh client certificate types.
+ */
+ requiredKeyUsage = KU_DIGITAL_SIGNATURE;
+ requiredCertType = NS_CERT_TYPE_SSL_CLIENT;
+ break;
+ case certUsageSSLServer:
+ requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
+ requiredCertType = NS_CERT_TYPE_SSL_SERVER;
+ break;
+ case certUsageSSLServerWithStepUp:
+ requiredKeyUsage =
+ KU_KEY_AGREEMENT_OR_ENCIPHERMENT | KU_NS_GOVT_APPROVED;
+ requiredCertType = NS_CERT_TYPE_SSL_SERVER;
+ break;
+ case certUsageSSLCA:
+ requiredKeyUsage = KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_SSL_CA;
+ break;
+ case certUsageEmailSigner:
+ requiredKeyUsage = KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION;
+ requiredCertType = NS_CERT_TYPE_EMAIL;
+ break;
+ case certUsageEmailRecipient:
+ requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
+ requiredCertType = NS_CERT_TYPE_EMAIL;
+ break;
+ case certUsageObjectSigner:
+ /* RFC 5280 lists only digitalSignature for id-kp-codeSigning.
+ */
+ requiredKeyUsage = KU_DIGITAL_SIGNATURE;
+ requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING;
+ break;
+ case certUsageStatusResponder:
+ requiredKeyUsage = KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION;
+ requiredCertType = EXT_KEY_USAGE_STATUS_RESPONDER;
+ break;
+ default:
+ PORT_Assert(0);
+ goto loser;
+ }
}
- if ( retKeyUsage != NULL ) {
- *retKeyUsage = requiredKeyUsage;
+ if (retKeyUsage != NULL) {
+ *retKeyUsage = requiredKeyUsage;
}
- if ( retCertType != NULL ) {
- *retCertType = requiredCertType;
+ if (retCertType != NULL) {
+ *retCertType = requiredCertType;
}
- return(SECSuccess);
+ return (SECSuccess);
loser:
- return(SECFailure);
+ return (SECFailure);
}
/*
@@ -1226,60 +1188,60 @@
{
if (!cert) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ return SECFailure;
}
/* choose between key agreement or key encipherment based on key
* type in cert
*/
- if ( requiredUsage & KU_KEY_AGREEMENT_OR_ENCIPHERMENT ) {
- KeyType keyType = CERT_GetCertKeyType(&cert->subjectPublicKeyInfo);
- /* turn off the special bit */
- requiredUsage &= (~KU_KEY_AGREEMENT_OR_ENCIPHERMENT);
+ if (requiredUsage & KU_KEY_AGREEMENT_OR_ENCIPHERMENT) {
+ KeyType keyType = CERT_GetCertKeyType(&cert->subjectPublicKeyInfo);
+ /* turn off the special bit */
+ requiredUsage &= (~KU_KEY_AGREEMENT_OR_ENCIPHERMENT);
- switch (keyType) {
- case rsaKey:
- requiredUsage |= KU_KEY_ENCIPHERMENT;
- break;
- case dsaKey:
- requiredUsage |= KU_DIGITAL_SIGNATURE;
- break;
- case dhKey:
- requiredUsage |= KU_KEY_AGREEMENT;
- break;
- case ecKey:
- /* Accept either signature or agreement. */
- if (!(cert->keyUsage & (KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)))
- goto loser;
- break;
- default:
- goto loser;
- }
+ switch (keyType) {
+ case rsaKey:
+ requiredUsage |= KU_KEY_ENCIPHERMENT;
+ break;
+ case dsaKey:
+ requiredUsage |= KU_DIGITAL_SIGNATURE;
+ break;
+ case dhKey:
+ requiredUsage |= KU_KEY_AGREEMENT;
+ break;
+ case ecKey:
+ /* Accept either signature or agreement. */
+ if (!(cert->keyUsage &
+ (KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)))
+ goto loser;
+ break;
+ default:
+ goto loser;
+ }
}
/* Allow either digital signature or non-repudiation */
- if ( requiredUsage & KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION ) {
- /* turn off the special bit */
- requiredUsage &= (~KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION);
+ if (requiredUsage & KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION) {
+ /* turn off the special bit */
+ requiredUsage &= (~KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION);
if (!(cert->keyUsage & (KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION)))
- goto loser;
- }
-
- if ( (cert->keyUsage & requiredUsage) == requiredUsage )
- return SECSuccess;
+ goto loser;
+ }
+
+ if ((cert->keyUsage & requiredUsage) == requiredUsage)
+ return SECSuccess;
loser:
PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
return SECFailure;
}
-
CERTCertificate *
CERT_DupCertificate(CERTCertificate *c)
{
if (c) {
- NSSCertificate *tmp = STAN_GetNSSCertificate(c);
- nssCertificate_AddRef(tmp);
+ NSSCertificate *tmp = STAN_GetNSSCertificate(c);
+ nssCertificate_AddRef(tmp);
}
return c;
}
@@ -1294,37 +1256,37 @@
CERT_SetDefaultCertDB(CERTCertDBHandle *handle)
{
default_cert_db_handle = handle;
-
+
return;
}
CERTCertDBHandle *
CERT_GetDefaultCertDB(void)
{
- return(default_cert_db_handle);
+ return (default_cert_db_handle);
}
/* XXX this would probably be okay/better as an xp routine? */
static void
sec_lower_string(char *s)
{
- if ( s == NULL ) {
- return;
+ if (s == NULL) {
+ return;
}
-
- while ( *s ) {
- *s = PORT_Tolower(*s);
- s++;
+
+ while (*s) {
+ *s = PORT_Tolower(*s);
+ s++;
}
-
+
return;
}
static PRBool
cert_IsIPAddr(const char *hn)
{
- PRBool isIPaddr = PR_FALSE;
- PRNetAddr netAddr;
+ PRBool isIPaddr = PR_FALSE;
+ PRNetAddr netAddr;
isIPaddr = (PR_SUCCESS == PR_StringToNetAddr(hn, &netAddr));
return isIPaddr;
}
@@ -1337,16 +1299,16 @@
CERT_AddOKDomainName(CERTCertificate *cert, const char *hn)
{
CERTOKDomainName *domainOK;
- int newNameLen;
+ int newNameLen;
if (!hn || !(newNameLen = strlen(hn))) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
- domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(cert->arena,
- (sizeof *domainOK) + newNameLen);
- if (!domainOK)
- return SECFailure; /* error code is already set. */
+ domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(
+ cert->arena, (sizeof *domainOK) + newNameLen);
+ if (!domainOK)
+ return SECFailure; /* error code is already set. */
PORT_Strcpy(domainOK->name, hn);
sec_lower_string(domainOK->name);
@@ -1364,177 +1326,180 @@
** This function may modify string cn, so caller must pass a modifiable copy.
*/
static SECStatus
-cert_TestHostName(char * cn, const char * hn)
+cert_TestHostName(char *cn, const char *hn)
{
static int useShellExp = -1;
if (useShellExp < 0) {
- useShellExp = (NULL != PR_GetEnv("NSS_USE_SHEXP_IN_CERT_NAME"));
+ useShellExp = (NULL != PR_GetEnvSecure("NSS_USE_SHEXP_IN_CERT_NAME"));
}
if (useShellExp) {
- /* Backward compatible code, uses Shell Expressions (SHEXP). */
- int regvalid = PORT_RegExpValid(cn);
- if (regvalid != NON_SXP) {
- SECStatus rv;
- /* cn is a regular expression, try to match the shexp */
- int match = PORT_RegExpCaseSearch(hn, cn);
+ /* Backward compatible code, uses Shell Expressions (SHEXP). */
+ int regvalid = PORT_RegExpValid(cn);
+ if (regvalid != NON_SXP) {
+ SECStatus rv;
+ /* cn is a regular expression, try to match the shexp */
+ int match = PORT_RegExpCaseSearch(hn, cn);
- if ( match == 0 ) {
- rv = SECSuccess;
- } else {
- PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
- rv = SECFailure;
- }
- return rv;
- }
+ if (match == 0) {
+ rv = SECSuccess;
+ } else {
+ PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
+ rv = SECFailure;
+ }
+ return rv;
+ }
} else {
- /* New approach conforms to RFC 6125. */
- char *wildcard = PORT_Strchr(cn, '*');
- char *firstcndot = PORT_Strchr(cn, '.');
- char *secondcndot = firstcndot ? PORT_Strchr(firstcndot+1, '.') : NULL;
- char *firsthndot = PORT_Strchr(hn, '.');
+ /* New approach conforms to RFC 6125. */
+ char *wildcard = PORT_Strchr(cn, '*');
+ char *firstcndot = PORT_Strchr(cn, '.');
+ char *secondcndot =
+ firstcndot ? PORT_Strchr(firstcndot + 1, '.') : NULL;
+ char *firsthndot = PORT_Strchr(hn, '.');
- /* For a cn pattern to be considered valid, the wildcard character...
- * - may occur only in a DNS name with at least 3 components, and
- * - may occur only as last character in the first component, and
- * - may be preceded by additional characters, and
- * - must not be preceded by an IDNA ACE prefix (xn--)
- */
- if (wildcard && secondcndot && secondcndot[1] && firsthndot
- && firstcndot - wildcard == 1 /* wildcard is last char in first component */
- && secondcndot - firstcndot > 1 /* second component is non-empty */
- && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
- && !PORT_Strncasecmp(cn, hn, wildcard - cn)
- && !PORT_Strcasecmp(firstcndot, firsthndot)
- /* If hn starts with xn--, then cn must start with wildcard */
- && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) {
- /* valid wildcard pattern match */
- return SECSuccess;
- }
+ /* For a cn pattern to be considered valid, the wildcard character...
+ * - may occur only in a DNS name with at least 3 components, and
+ * - may occur only as last character in the first component, and
+ * - may be preceded by additional characters, and
+ * - must not be preceded by an IDNA ACE prefix (xn--)
+ */
+ if (wildcard && secondcndot && secondcndot[1] && firsthndot &&
+ firstcndot - wildcard == 1 /* wildcard is last char in first component */
+ && secondcndot - firstcndot > 1 /* second component is non-empty */
+ && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
+ && !PORT_Strncasecmp(cn, hn, wildcard - cn) &&
+ !PORT_Strcasecmp(firstcndot, firsthndot)
+ /* If hn starts with xn--, then cn must start with wildcard */
+ && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) {
+ /* valid wildcard pattern match */
+ return SECSuccess;
+ }
}
- /* String cn has no wildcard or shell expression.
- * Compare entire string hn with cert name.
+ /* String cn has no wildcard or shell expression.
+ * Compare entire string hn with cert name.
*/
if (PORT_Strcasecmp(hn, cn) == 0) {
- return SECSuccess;
+ return SECSuccess;
}
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
return SECFailure;
}
-
SECStatus
cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
{
- PLArenaPool * arena = NULL;
- CERTGeneralName * nameList = NULL;
- CERTGeneralName * current;
- char * cn;
- int cnBufLen;
- int DNSextCount = 0;
- int IPextCount = 0;
- PRBool isIPaddr = PR_FALSE;
- SECStatus rv = SECFailure;
- SECItem subAltName;
- PRNetAddr netAddr;
- char cnbuf[128];
+ PLArenaPool *arena = NULL;
+ CERTGeneralName *nameList = NULL;
+ CERTGeneralName *current;
+ char *cn;
+ int cnBufLen;
+ int DNSextCount = 0;
+ int IPextCount = 0;
+ PRBool isIPaddr = PR_FALSE;
+ SECStatus rv = SECFailure;
+ SECItem subAltName;
+ PRNetAddr netAddr;
+ char cnbuf[128];
subAltName.data = NULL;
- cn = cnbuf;
+ cn = cnbuf;
cnBufLen = sizeof cnbuf;
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
- &subAltName);
+ rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
+ &subAltName);
if (rv != SECSuccess) {
- goto fail;
+ goto fail;
}
isIPaddr = (PR_SUCCESS == PR_StringToNetAddr(hn, &netAddr));
rv = SECFailure;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena)
- goto fail;
+ if (!arena)
+ goto fail;
nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName);
if (!current)
- goto fail;
+ goto fail;
do {
- switch (current->type) {
- case certDNSName:
- if (!isIPaddr) {
- /* DNS name current->name.other.data is not null terminated.
- ** so must copy it.
- */
- int cnLen = current->name.other.len;
- rv = CERT_RFC1485_EscapeAndQuote(cn, cnBufLen,
- (char *)current->name.other.data,
- cnLen);
- if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_OUTPUT_LEN) {
- cnBufLen = cnLen * 3 + 3; /* big enough for worst case */
- cn = (char *)PORT_ArenaAlloc(arena, cnBufLen);
- if (!cn)
- goto fail;
- rv = CERT_RFC1485_EscapeAndQuote(cn, cnBufLen,
- (char *)current->name.other.data,
- cnLen);
- }
- if (rv == SECSuccess)
- rv = cert_TestHostName(cn ,hn);
- if (rv == SECSuccess)
- goto finish;
- }
- DNSextCount++;
- break;
- case certIPAddress:
- if (isIPaddr) {
- int match = 0;
- PRIPv6Addr v6Addr;
- if (current->name.other.len == 4 && /* IP v4 address */
- netAddr.inet.family == PR_AF_INET) {
- match = !memcmp(&netAddr.inet.ip,
- current->name.other.data, 4);
- } else if (current->name.other.len == 16 && /* IP v6 address */
- netAddr.ipv6.family == PR_AF_INET6) {
- match = !memcmp(&netAddr.ipv6.ip,
- current->name.other.data, 16);
- } else if (current->name.other.len == 16 && /* IP v6 address */
- netAddr.inet.family == PR_AF_INET) {
- /* convert netAddr to ipv6, then compare. */
- /* ipv4 must be in Network Byte Order on input. */
- PR_ConvertIPv4AddrToIPv6(netAddr.inet.ip, &v6Addr);
- match = !memcmp(&v6Addr, current->name.other.data, 16);
- } else if (current->name.other.len == 4 && /* IP v4 address */
- netAddr.inet.family == PR_AF_INET6) {
- /* convert netAddr to ipv6, then compare. */
- PRUint32 ipv4 = (current->name.other.data[0] << 24) |
- (current->name.other.data[1] << 16) |
- (current->name.other.data[2] << 8) |
- current->name.other.data[3];
- /* ipv4 must be in Network Byte Order on input. */
- PR_ConvertIPv4AddrToIPv6(PR_htonl(ipv4), &v6Addr);
- match = !memcmp(&netAddr.ipv6.ip, &v6Addr, 16);
- }
- if (match) {
- rv = SECSuccess;
- goto finish;
- }
- }
- IPextCount++;
- break;
- default:
- break;
- }
- current = CERT_GetNextGeneralName(current);
+ switch (current->type) {
+ case certDNSName:
+ if (!isIPaddr) {
+ /* DNS name current->name.other.data is not null terminated.
+ ** so must copy it.
+ */
+ int cnLen = current->name.other.len;
+ rv = CERT_RFC1485_EscapeAndQuote(
+ cn, cnBufLen, (char *)current->name.other.data, cnLen);
+ if (rv != SECSuccess &&
+ PORT_GetError() == SEC_ERROR_OUTPUT_LEN) {
+ cnBufLen =
+ cnLen * 3 + 3; /* big enough for worst case */
+ cn = (char *)PORT_ArenaAlloc(arena, cnBufLen);
+ if (!cn)
+ goto fail;
+ rv = CERT_RFC1485_EscapeAndQuote(
+ cn, cnBufLen, (char *)current->name.other.data,
+ cnLen);
+ }
+ if (rv == SECSuccess)
+ rv = cert_TestHostName(cn, hn);
+ if (rv == SECSuccess)
+ goto finish;
+ }
+ DNSextCount++;
+ break;
+ case certIPAddress:
+ if (isIPaddr) {
+ int match = 0;
+ PRIPv6Addr v6Addr;
+ if (current->name.other.len == 4 && /* IP v4 address */
+ netAddr.inet.family == PR_AF_INET) {
+ match = !memcmp(&netAddr.inet.ip,
+ current->name.other.data, 4);
+ } else if (current->name.other.len ==
+ 16 && /* IP v6 address */
+ netAddr.ipv6.family == PR_AF_INET6) {
+ match = !memcmp(&netAddr.ipv6.ip,
+ current->name.other.data, 16);
+ } else if (current->name.other.len ==
+ 16 && /* IP v6 address */
+ netAddr.inet.family == PR_AF_INET) {
+ /* convert netAddr to ipv6, then compare. */
+ /* ipv4 must be in Network Byte Order on input. */
+ PR_ConvertIPv4AddrToIPv6(netAddr.inet.ip, &v6Addr);
+ match = !memcmp(&v6Addr, current->name.other.data, 16);
+ } else if (current->name.other.len == 4 && /* IP v4 address */
+ netAddr.inet.family == PR_AF_INET6) {
+ /* convert netAddr to ipv6, then compare. */
+ PRUint32 ipv4 = (current->name.other.data[0] << 24) |
+ (current->name.other.data[1] << 16) |
+ (current->name.other.data[2] << 8) |
+ current->name.other.data[3];
+ /* ipv4 must be in Network Byte Order on input. */
+ PR_ConvertIPv4AddrToIPv6(PR_htonl(ipv4), &v6Addr);
+ match = !memcmp(&netAddr.ipv6.ip, &v6Addr, 16);
+ }
+ if (match) {
+ rv = SECSuccess;
+ goto finish;
+ }
+ }
+ IPextCount++;
+ break;
+ default:
+ break;
+ }
+ current = CERT_GetNextGeneralName(current);
} while (current != nameList);
fail:
if (!(isIPaddr ? IPextCount : DNSextCount)) {
- /* no relevant value in the extension was found. */
- PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
+ /* no relevant value in the extension was found. */
+ PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
} else {
- PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
+ PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
}
rv = SECFailure;
@@ -1542,11 +1507,11 @@
/* Don't free nameList, it's part of the arena. */
if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
if (subAltName.data) {
- SECITEM_FreeItem(&subAltName, PR_FALSE);
+ SECITEM_FreeItem(&subAltName, PR_FALSE);
}
return rv;
@@ -1562,19 +1527,19 @@
CERTGeneralName *
cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena)
{
- CERTGeneralName * nameList = NULL;
- SECStatus rv = SECFailure;
- SECItem subAltName;
+ CERTGeneralName *nameList = NULL;
+ SECStatus rv = SECFailure;
+ SECItem subAltName;
if (!cert || !arena)
- return NULL;
+ return NULL;
subAltName.data = NULL;
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
+ rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
&subAltName);
if (rv != SECSuccess)
- return NULL;
+ return NULL;
nameList = CERT_DecodeAltNameExtension(arena, &subAltName);
SECITEM_FreeItem(&subAltName, PR_FALSE);
@@ -1584,21 +1549,21 @@
PRUint32
cert_CountDNSPatterns(CERTGeneralName *firstName)
{
- CERTGeneralName * current;
+ CERTGeneralName *current;
PRUint32 count = 0;
if (!firstName)
- return 0;
+ return 0;
current = firstName;
do {
switch (current->type) {
- case certDNSName:
- case certIPAddress:
- ++count;
- break;
- default:
- break;
+ case certDNSName:
+ case certIPAddress:
+ ++count;
+ break;
+ default:
+ break;
}
current = CERT_GetNextGeneralName(current);
} while (current != firstName);
@@ -1610,27 +1575,27 @@
#define INET6_ADDRSTRLEN 46
#endif
-/* will fill nickNames,
+/* will fill nickNames,
* will allocate all data from nickNames->arena,
* numberOfGeneralNames should have been obtained from cert_CountDNSPatterns,
* will ensure the numberOfGeneralNames matches the number of output entries.
*/
SECStatus
cert_GetDNSPatternsFromGeneralNames(CERTGeneralName *firstName,
- PRUint32 numberOfGeneralNames,
+ PRUint32 numberOfGeneralNames,
CERTCertNicknames *nickNames)
{
CERTGeneralName *currentInput;
char **currentOutput;
if (!firstName || !nickNames || !numberOfGeneralNames)
- return SECFailure;
+ return SECFailure;
nickNames->numnicknames = numberOfGeneralNames;
- nickNames->nicknames = PORT_ArenaAlloc(nickNames->arena,
- sizeof(char *) * numberOfGeneralNames);
+ nickNames->nicknames = PORT_ArenaAlloc(
+ nickNames->arena, sizeof(char *) * numberOfGeneralNames);
if (!nickNames->nicknames)
- return SECFailure;
+ return SECFailure;
currentInput = firstName;
currentOutput = nickNames->nicknames;
@@ -1640,47 +1605,49 @@
PRNetAddr addr;
if (numberOfGeneralNames < 1) {
- /* internal consistency error */
- return SECFailure;
+ /* internal consistency error */
+ return SECFailure;
}
switch (currentInput->type) {
- case certDNSName:
- /* DNS name currentInput->name.other.data is not null terminated.
- ** so must copy it.
- */
- cn = (char *)PORT_ArenaAlloc(nickNames->arena,
- currentInput->name.other.len + 1);
- if (!cn)
- return SECFailure;
- PORT_Memcpy(cn, currentInput->name.other.data,
+ case certDNSName:
+ /* DNS name currentInput->name.other.data is not null
+ *terminated.
+ ** so must copy it.
+ */
+ cn = (char *)PORT_ArenaAlloc(nickNames->arena,
+ currentInput->name.other.len + 1);
+ if (!cn)
+ return SECFailure;
+ PORT_Memcpy(cn, currentInput->name.other.data,
currentInput->name.other.len);
- cn[currentInput->name.other.len] = 0;
- break;
- case certIPAddress:
- if (currentInput->name.other.len == 4) {
- addr.inet.family = PR_AF_INET;
- memcpy(&addr.inet.ip, currentInput->name.other.data,
- currentInput->name.other.len);
- } else if (currentInput->name.other.len == 16) {
- addr.ipv6.family = PR_AF_INET6;
- memcpy(&addr.ipv6.ip, currentInput->name.other.data,
- currentInput->name.other.len);
- }
- if (PR_NetAddrToString(&addr, ipbuf, sizeof(ipbuf)) == PR_FAILURE)
- return SECFailure;
- cn = PORT_ArenaStrdup(nickNames->arena, ipbuf);
- if (!cn)
- return SECFailure;
- break;
- default:
- break;
+ cn[currentInput->name.other.len] = 0;
+ break;
+ case certIPAddress:
+ if (currentInput->name.other.len == 4) {
+ addr.inet.family = PR_AF_INET;
+ memcpy(&addr.inet.ip, currentInput->name.other.data,
+ currentInput->name.other.len);
+ } else if (currentInput->name.other.len == 16) {
+ addr.ipv6.family = PR_AF_INET6;
+ memcpy(&addr.ipv6.ip, currentInput->name.other.data,
+ currentInput->name.other.len);
+ }
+ if (PR_NetAddrToString(&addr, ipbuf, sizeof(ipbuf)) ==
+ PR_FAILURE)
+ return SECFailure;
+ cn = PORT_ArenaStrdup(nickNames->arena, ipbuf);
+ if (!cn)
+ return SECFailure;
+ break;
+ default:
+ break;
}
if (cn) {
- *currentOutput = cn;
- nickNames->totallen += PORT_Strlen(cn);
- ++currentOutput;
- --numberOfGeneralNames;
+ *currentOutput = cn;
+ nickNames->totallen += PORT_Strlen(cn);
+ ++currentOutput;
+ --numberOfGeneralNames;
}
currentInput = CERT_GetNextGeneralName(currentInput);
} while (currentInput != firstName);
@@ -1701,16 +1668,16 @@
CERTCertNicknames *nickNames;
PLArenaPool *arena;
char *singleName;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
return NULL;
}
-
+
nickNames = PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
if (!nickNames) {
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
+ PORT_FreeArena(arena, PR_FALSE);
+ return NULL;
}
/* init the structure */
@@ -1722,40 +1689,41 @@
generalNames = cert_GetSubjectAltNameList(cert, arena);
if (generalNames) {
- SECStatus rv_getnames = SECFailure;
- PRUint32 numNames = cert_CountDNSPatterns(generalNames);
+ SECStatus rv_getnames = SECFailure;
+ PRUint32 numNames = cert_CountDNSPatterns(generalNames);
- if (numNames) {
- rv_getnames = cert_GetDNSPatternsFromGeneralNames(generalNames,
- numNames, nickNames);
- }
-
- /* if there were names, we'll exit now, either with success or failure */
- if (numNames) {
- if (rv_getnames == SECSuccess) {
- return nickNames;
+ if (numNames) {
+ rv_getnames = cert_GetDNSPatternsFromGeneralNames(
+ generalNames, numNames, nickNames);
}
- /* failure to produce output */
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
- }
+ /* if there were names, we'll exit now, either with success or failure
+ */
+ if (numNames) {
+ if (rv_getnames == SECSuccess) {
+ return nickNames;
+ }
+
+ /* failure to produce output */
+ PORT_FreeArena(arena, PR_FALSE);
+ return NULL;
+ }
}
/* no SAN extension or no names found in extension */
singleName = CERT_GetCommonName(&cert->subject);
if (singleName) {
- nickNames->numnicknames = 1;
- nickNames->nicknames = PORT_ArenaAlloc(arena, sizeof(char *));
- if (nickNames->nicknames) {
- *nickNames->nicknames = PORT_ArenaStrdup(arena, singleName);
- }
- PORT_Free(singleName);
+ nickNames->numnicknames = 1;
+ nickNames->nicknames = PORT_ArenaAlloc(arena, sizeof(char *));
+ if (nickNames->nicknames) {
+ *nickNames->nicknames = PORT_ArenaStrdup(arena, singleName);
+ }
+ PORT_Free(singleName);
- /* Did we allocate both the buffer of pointers and the string? */
- if (nickNames->nicknames && *nickNames->nicknames) {
- return nickNames;
- }
+ /* Did we allocate both the buffer of pointers and the string? */
+ if (nickNames->nicknames && *nickNames->nicknames) {
+ return nickNames;
+ }
}
PORT_FreeArena(arena, PR_FALSE);
@@ -1769,20 +1737,20 @@
SECStatus
CERT_VerifyCertName(const CERTCertificate *cert, const char *hn)
{
- char * cn;
+ char *cn;
SECStatus rv;
CERTOKDomainName *domainOK;
if (!hn || !strlen(hn)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* if the name is one that the user has already approved, it's OK. */
for (domainOK = cert->domainOK; domainOK; domainOK = domainOK->next) {
- if (0 == PORT_Strcasecmp(hn, domainOK->name)) {
- return SECSuccess;
- }
+ if (0 == PORT_Strcasecmp(hn, domainOK->name)) {
+ return SECSuccess;
+ }
}
/* Per RFC 2818, if the SubjectAltName extension is present, it must
@@ -1790,14 +1758,14 @@
*/
rv = cert_VerifySubjectAltName(cert, hn);
if (rv == SECSuccess || PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND)
- return rv;
+ return rv;
cn = CERT_GetCommonName(&cert->subject);
- if ( cn ) {
+ if (cn) {
PRBool isIPaddr = cert_IsIPAddr(hn);
if (isIPaddr) {
if (PORT_Strcasecmp(hn, cn) == 0) {
- rv = SECSuccess;
+ rv = SECSuccess;
} else {
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
rv = SECFailure;
@@ -1805,9 +1773,9 @@
} else {
rv = cert_TestHostName(cn, hn);
}
- PORT_Free(cn);
- } else
- PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
+ PORT_Free(cn);
+ } else
+ PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
return rv;
}
@@ -1815,48 +1783,48 @@
CERT_CompareCerts(const CERTCertificate *c1, const CERTCertificate *c2)
{
SECComparison comp;
-
+
comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
- if ( comp == SECEqual ) { /* certs are the same */
- return(PR_TRUE);
+ if (comp == SECEqual) { /* certs are the same */
+ return (PR_TRUE);
} else {
- return(PR_FALSE);
+ return (PR_FALSE);
}
}
static SECStatus
-StringsEqual(char *s1, char *s2) {
- if ( ( s1 == NULL ) || ( s2 == NULL ) ) {
- if ( s1 != s2 ) { /* only one is null */
- return(SECFailure);
- }
- return(SECSuccess); /* both are null */
- }
-
- if ( PORT_Strcmp( s1, s2 ) != 0 ) {
- return(SECFailure); /* not equal */
+StringsEqual(char *s1, char *s2)
+{
+ if ((s1 == NULL) || (s2 == NULL)) {
+ if (s1 != s2) { /* only one is null */
+ return (SECFailure);
+ }
+ return (SECSuccess); /* both are null */
}
- return(SECSuccess); /* strings are equal */
+ if (PORT_Strcmp(s1, s2) != 0) {
+ return (SECFailure); /* not equal */
+ }
+
+ return (SECSuccess); /* strings are equal */
}
-
PRBool
CERT_CompareCertsForRedirection(CERTCertificate *c1, CERTCertificate *c2)
{
SECComparison comp;
char *c1str, *c2str;
SECStatus eq;
-
+
comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
- if ( comp == SECEqual ) { /* certs are the same */
- return(PR_TRUE);
+ if (comp == SECEqual) { /* certs are the same */
+ return (PR_TRUE);
}
-
+
/* check if they are issued by the same CA */
comp = SECITEM_CompareItem(&c1->derIssuer, &c2->derIssuer);
- if ( comp != SECEqual ) { /* different issuer */
- return(PR_FALSE);
+ if (comp != SECEqual) { /* different issuer */
+ return (PR_FALSE);
}
/* check country name */
@@ -1865,8 +1833,8 @@
eq = StringsEqual(c1str, c2str);
PORT_Free(c1str);
PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
+ if (eq != SECSuccess) {
+ return (PR_FALSE);
}
/* check locality name */
@@ -1875,18 +1843,18 @@
eq = StringsEqual(c1str, c2str);
PORT_Free(c1str);
PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
+ if (eq != SECSuccess) {
+ return (PR_FALSE);
}
-
+
/* check state name */
c1str = CERT_GetStateName(&c1->subject);
c2str = CERT_GetStateName(&c2->subject);
eq = StringsEqual(c1str, c2str);
PORT_Free(c1str);
PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
+ if (eq != SECSuccess) {
+ return (PR_FALSE);
}
/* check org name */
@@ -1895,11 +1863,11 @@
eq = StringsEqual(c1str, c2str);
PORT_Free(c1str);
PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
+ if (eq != SECSuccess) {
+ return (PR_FALSE);
}
-#ifdef NOTDEF
+#ifdef NOTDEF
/* check orgUnit name */
/*
* We need to revisit this and decide which fields should be allowed to be
@@ -1910,46 +1878,44 @@
eq = StringsEqual(c1str, c2str);
PORT_Free(c1str);
PORT_Free(c2str);
- if ( eq != SECSuccess ) {
- return(PR_FALSE);
+ if (eq != SECSuccess) {
+ return (PR_FALSE);
}
#endif
- return(PR_TRUE); /* all fields but common name are the same */
+ return (PR_TRUE); /* all fields but common name are the same */
}
-
/* CERT_CertChainFromCert and CERT_DestroyCertificateList moved
to certhigh.c */
-
CERTIssuerAndSN *
CERT_GetCertIssuerAndSN(PLArenaPool *arena, CERTCertificate *cert)
{
CERTIssuerAndSN *result;
SECStatus rv;
- if ( arena == NULL ) {
- arena = cert->arena;
+ if (arena == NULL) {
+ arena = cert->arena;
}
-
- result = (CERTIssuerAndSN*)PORT_ArenaZAlloc(arena, sizeof(*result));
+
+ result = (CERTIssuerAndSN *)PORT_ArenaZAlloc(arena, sizeof(*result));
if (result == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
rv = SECITEM_CopyItem(arena, &result->derIssuer, &cert->derIssuer);
if (rv != SECSuccess)
- return NULL;
+ return NULL;
rv = CERT_CopyName(arena, &result->issuer, &cert->issuer);
if (rv != SECSuccess)
- return NULL;
+ return NULL;
rv = SECITEM_CopyItem(arena, &result->serialNumber, &cert->serialNumber);
if (rv != SECSuccess)
- return NULL;
+ return NULL;
return result;
}
@@ -1962,85 +1928,84 @@
char *nickname = NULL;
int count;
CERTCertificate *dummycert;
-
+
firstname = CERT_GetCommonName(&cert->subject);
- if ( firstname == NULL ) {
- firstname = CERT_GetOrgUnitName(&cert->subject);
+ if (firstname == NULL) {
+ firstname = CERT_GetOrgUnitName(&cert->subject);
}
org = CERT_GetOrgName(&cert->issuer);
if (org == NULL) {
- org = CERT_GetDomainComponentName(&cert->issuer);
- if (org == NULL) {
- if (firstname) {
- org = firstname;
- firstname = NULL;
- } else {
- org = PORT_Strdup("Unknown CA");
- }
- }
+ org = CERT_GetDomainComponentName(&cert->issuer);
+ if (org == NULL) {
+ if (firstname) {
+ org = firstname;
+ firstname = NULL;
+ } else {
+ org = PORT_Strdup("Unknown CA");
+ }
+ }
}
/* can only fail if PORT_Strdup fails, in which case
* we're having memory problems. */
if (org == NULL) {
- goto done;
+ goto done;
}
-
count = 1;
- while ( 1 ) {
+ while (1) {
- if ( firstname ) {
- if ( count == 1 ) {
- nickname = PR_smprintf("%s - %s", firstname, org);
- } else {
- nickname = PR_smprintf("%s - %s #%d", firstname, org, count);
- }
- } else {
- if ( count == 1 ) {
- nickname = PR_smprintf("%s", org);
- } else {
- nickname = PR_smprintf("%s #%d", org, count);
- }
- }
- if ( nickname == NULL ) {
- goto done;
- }
+ if (firstname) {
+ if (count == 1) {
+ nickname = PR_smprintf("%s - %s", firstname, org);
+ } else {
+ nickname = PR_smprintf("%s - %s #%d", firstname, org, count);
+ }
+ } else {
+ if (count == 1) {
+ nickname = PR_smprintf("%s", org);
+ } else {
+ nickname = PR_smprintf("%s #%d", org, count);
+ }
+ }
+ if (nickname == NULL) {
+ goto done;
+ }
- /* look up the nickname to make sure it isn't in use already */
- dummycert = CERT_FindCertByNickname(cert->dbhandle, nickname);
+ /* look up the nickname to make sure it isn't in use already */
+ dummycert = CERT_FindCertByNickname(cert->dbhandle, nickname);
- if ( dummycert == NULL ) {
- goto done;
- }
-
- /* found a cert, destroy it and loop */
- CERT_DestroyCertificate(dummycert);
+ if (dummycert == NULL) {
+ goto done;
+ }
- /* free the nickname */
- PORT_Free(nickname);
+ /* found a cert, destroy it and loop */
+ CERT_DestroyCertificate(dummycert);
- count++;
+ /* free the nickname */
+ PORT_Free(nickname);
+
+ count++;
}
done:
- if ( firstname ) {
- PORT_Free(firstname);
+ if (firstname) {
+ PORT_Free(firstname);
}
- if ( org ) {
- PORT_Free(org);
+ if (org) {
+ PORT_Free(org);
}
-
- return(nickname);
+
+ return (nickname);
}
/* CERT_Import_CAChain moved to certhigh.c */
void
-CERT_DestroyCrl (CERTSignedCrl *crl)
+CERT_DestroyCrl(CERTSignedCrl *crl)
{
- SEC_DestroyCrl (crl);
+ SEC_DestroyCrl(crl);
}
static int
@@ -2048,9 +2013,9 @@
{
int version = 0;
if (cert && cert->version.data && cert->version.len) {
- version = DER_GetInteger(&cert->version);
- if (version < 0)
- version = 0;
+ version = DER_GetInteger(&cert->version);
+ if (version < 0)
+ version = 0;
}
return version;
}
@@ -2063,35 +2028,35 @@
rv = CERT_GetCertTrust(cert, &trust);
- if (rv == SECSuccess && (trust.sslFlags |
- trust.emailFlags |
- trust.objectSigningFlags)) {
+ if (rv == SECSuccess &&
+ (trust.sslFlags | trust.emailFlags | trust.objectSigningFlags)) {
- if (trust.sslFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED))
- cType |= NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT;
- if (trust.sslFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
- cType |= NS_CERT_TYPE_SSL_CA;
+ if (trust.sslFlags & (CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED))
+ cType |= NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_SSL_CLIENT;
+ if (trust.sslFlags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA))
+ cType |= NS_CERT_TYPE_SSL_CA;
#if defined(CERTDB_NOT_TRUSTED)
- if (trust.sslFlags & CERTDB_NOT_TRUSTED)
- cType &= ~(NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT|
- NS_CERT_TYPE_SSL_CA);
+ if (trust.sslFlags & CERTDB_NOT_TRUSTED)
+ cType &= ~(NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_SSL_CLIENT |
+ NS_CERT_TYPE_SSL_CA);
#endif
- if (trust.emailFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED))
- cType |= NS_CERT_TYPE_EMAIL;
- if (trust.emailFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
- cType |= NS_CERT_TYPE_EMAIL_CA;
+ if (trust.emailFlags & (CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED))
+ cType |= NS_CERT_TYPE_EMAIL;
+ if (trust.emailFlags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA))
+ cType |= NS_CERT_TYPE_EMAIL_CA;
#if defined(CERTDB_NOT_TRUSTED)
- if (trust.emailFlags & CERTDB_NOT_TRUSTED)
- cType &= ~(NS_CERT_TYPE_EMAIL|NS_CERT_TYPE_EMAIL_CA);
+ if (trust.emailFlags & CERTDB_NOT_TRUSTED)
+ cType &= ~(NS_CERT_TYPE_EMAIL | NS_CERT_TYPE_EMAIL_CA);
#endif
- if (trust.objectSigningFlags & (CERTDB_TERMINAL_RECORD|CERTDB_TRUSTED))
- cType |= NS_CERT_TYPE_OBJECT_SIGNING;
- if (trust.objectSigningFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
- cType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
+ if (trust.objectSigningFlags &
+ (CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED))
+ cType |= NS_CERT_TYPE_OBJECT_SIGNING;
+ if (trust.objectSigningFlags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA))
+ cType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
#if defined(CERTDB_NOT_TRUSTED)
- if (trust.objectSigningFlags & CERTDB_NOT_TRUSTED)
- cType &= ~(NS_CERT_TYPE_OBJECT_SIGNING|
- NS_CERT_TYPE_OBJECT_SIGNING_CA);
+ if (trust.objectSigningFlags & CERTDB_NOT_TRUSTED)
+ cType &=
+ ~(NS_CERT_TYPE_OBJECT_SIGNING | NS_CERT_TYPE_OBJECT_SIGNING_CA);
#endif
}
return cType;
@@ -2107,48 +2072,52 @@
unsigned int cType = cert->nsCertType;
PRBool ret = PR_FALSE;
- if (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
- NS_CERT_TYPE_OBJECT_SIGNING_CA)) {
+ if (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
+ NS_CERT_TYPE_OBJECT_SIGNING_CA)) {
ret = PR_TRUE;
} else {
- SECStatus rv;
- CERTBasicConstraints constraints;
+ SECStatus rv;
+ CERTBasicConstraints constraints;
- rv = CERT_FindBasicConstraintExten(cert, &constraints);
- if (rv == SECSuccess && constraints.isCA) {
- ret = PR_TRUE;
- cType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
- }
+ rv = CERT_FindBasicConstraintExten(cert, &constraints);
+ if (rv == SECSuccess && constraints.isCA) {
+ ret = PR_TRUE;
+ cType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
+ }
}
/* finally check if it's an X.509 v1 root CA */
- if (!ret &&
+ if (!ret &&
(cert->isRoot && cert_Version(cert) < SEC_CERTIFICATE_VERSION_3)) {
- ret = PR_TRUE;
- cType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
+ ret = PR_TRUE;
+ cType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
}
/* Now apply trust overrides, if any */
cType = cert_ComputeTrustOverrides(cert, cType);
ret = (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
- NS_CERT_TYPE_OBJECT_SIGNING_CA)) ? PR_TRUE : PR_FALSE;
+ NS_CERT_TYPE_OBJECT_SIGNING_CA))
+ ? PR_TRUE
+ : PR_FALSE;
if (rettype != NULL) {
- *rettype = cType;
+ *rettype = cType;
}
return ret;
}
PRBool
-CERT_IsCADERCert(SECItem *derCert, unsigned int *type) {
+CERT_IsCADERCert(SECItem *derCert, unsigned int *type)
+{
CERTCertificate *cert;
PRBool isCA;
/* This is okay -- only looks at extensions */
cert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
- if (cert == NULL) return PR_FALSE;
+ if (cert == NULL)
+ return PR_FALSE;
- isCA = CERT_IsCACert(cert,type);
- CERT_DestroyCertificate (cert);
+ isCA = CERT_IsCACert(cert, type);
+ CERT_DestroyCertificate(cert);
return isCA;
}
@@ -2160,51 +2129,51 @@
/* This is okay -- only looks at extensions */
cert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
- if (cert == NULL) return PR_FALSE;
+ if (cert == NULL)
+ return PR_FALSE;
isRoot = cert->isRoot;
- CERT_DestroyCertificate (cert);
+ CERT_DestroyCertificate(cert);
return isRoot;
}
CERTCompareValidityStatus
-CERT_CompareValidityTimes(CERTValidity* val_a, CERTValidity* val_b)
+CERT_CompareValidityTimes(CERTValidity *val_a, CERTValidity *val_b)
{
PRTime notBeforeA, notBeforeB, notAfterA, notAfterB;
- if (!val_a || !val_b)
- {
+ if (!val_a || !val_b) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return certValidityUndetermined;
}
- if ( SECSuccess != DER_DecodeTimeChoice(¬BeforeA, &val_a->notBefore) ||
- SECSuccess != DER_DecodeTimeChoice(¬BeforeB, &val_b->notBefore) ||
- SECSuccess != DER_DecodeTimeChoice(¬AfterA, &val_a->notAfter) ||
- SECSuccess != DER_DecodeTimeChoice(¬AfterB, &val_b->notAfter) ) {
+ if (SECSuccess != DER_DecodeTimeChoice(¬BeforeA, &val_a->notBefore) ||
+ SECSuccess != DER_DecodeTimeChoice(¬BeforeB, &val_b->notBefore) ||
+ SECSuccess != DER_DecodeTimeChoice(¬AfterA, &val_a->notAfter) ||
+ SECSuccess != DER_DecodeTimeChoice(¬AfterB, &val_b->notAfter)) {
return certValidityUndetermined;
}
/* sanity check */
- if (LL_CMP(notBeforeA,>,notAfterA) || LL_CMP(notBeforeB,>,notAfterB)) {
+ if (LL_CMP(notBeforeA, >, notAfterA) || LL_CMP(notBeforeB, >, notAfterB)) {
PORT_SetError(SEC_ERROR_INVALID_TIME);
return certValidityUndetermined;
}
- if (LL_CMP(notAfterA,!=,notAfterB)) {
+ if (LL_CMP(notAfterA, !=, notAfterB)) {
/* one cert validity goes farther into the future, select it */
- return LL_CMP(notAfterA,<,notAfterB) ?
- certValidityChooseB : certValidityChooseA;
+ return LL_CMP(notAfterA, <, notAfterB) ? certValidityChooseB
+ : certValidityChooseA;
}
/* the two certs have the same expiration date */
- PORT_Assert(LL_CMP(notAfterA, == , notAfterB));
+ PORT_Assert(LL_CMP(notAfterA, ==, notAfterB));
/* do they also have the same start date ? */
- if (LL_CMP(notBeforeA,==,notBeforeB)) {
- return certValidityEqual;
+ if (LL_CMP(notBeforeA, ==, notBeforeB)) {
+ return certValidityEqual;
}
/* choose cert with the later start date */
- return LL_CMP(notBeforeA,<,notBeforeB) ?
- certValidityChooseB : certValidityChooseA;
+ return LL_CMP(notBeforeA, <, notBeforeB) ? certValidityChooseB
+ : certValidityChooseA;
}
/*
@@ -2216,52 +2185,52 @@
PRTime notBeforeA, notAfterA, notBeforeB, notAfterB, now;
SECStatus rv;
PRBool newerbefore, newerafter;
-
+
rv = CERT_GetCertTimes(certa, ¬BeforeA, ¬AfterA);
- if ( rv != SECSuccess ) {
- return(PR_FALSE);
+ if (rv != SECSuccess) {
+ return (PR_FALSE);
}
-
+
rv = CERT_GetCertTimes(certb, ¬BeforeB, ¬AfterB);
- if ( rv != SECSuccess ) {
- return(PR_TRUE);
+ if (rv != SECSuccess) {
+ return (PR_TRUE);
}
newerbefore = PR_FALSE;
- if ( LL_CMP(notBeforeA, >, notBeforeB) ) {
- newerbefore = PR_TRUE;
+ if (LL_CMP(notBeforeA, >, notBeforeB)) {
+ newerbefore = PR_TRUE;
}
newerafter = PR_FALSE;
- if ( LL_CMP(notAfterA, >, notAfterB) ) {
- newerafter = PR_TRUE;
+ if (LL_CMP(notAfterA, >, notAfterB)) {
+ newerafter = PR_TRUE;
}
-
- if ( newerbefore && newerafter ) {
- return(PR_TRUE);
+
+ if (newerbefore && newerafter) {
+ return (PR_TRUE);
}
-
- if ( ( !newerbefore ) && ( !newerafter ) ) {
- return(PR_FALSE);
+
+ if ((!newerbefore) && (!newerafter)) {
+ return (PR_FALSE);
}
/* get current time */
now = PR_Now();
- if ( newerbefore ) {
- /* cert A was issued after cert B, but expires sooner */
- /* if A is expired, then pick B */
- if ( LL_CMP(notAfterA, <, now ) ) {
- return(PR_FALSE);
- }
- return(PR_TRUE);
+ if (newerbefore) {
+ /* cert A was issued after cert B, but expires sooner */
+ /* if A is expired, then pick B */
+ if (LL_CMP(notAfterA, <, now)) {
+ return (PR_FALSE);
+ }
+ return (PR_TRUE);
} else {
- /* cert B was issued after cert A, but expires sooner */
- /* if B is expired, then pick A */
- if ( LL_CMP(notAfterB, <, now ) ) {
- return(PR_TRUE);
- }
- return(PR_FALSE);
+ /* cert B was issued after cert A, but expires sooner */
+ /* if B is expired, then pick A */
+ if (LL_CMP(notAfterB, <, now)) {
+ return (PR_TRUE);
+ }
+ return (PR_FALSE);
}
}
@@ -2269,17 +2238,17 @@
CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts)
{
unsigned int i;
-
- if ( certs ) {
- for ( i = 0; i < ncerts; i++ ) {
- if ( certs[i] ) {
- CERT_DestroyCertificate(certs[i]);
- }
- }
- PORT_Free(certs);
+ if (certs) {
+ for (i = 0; i < ncerts; i++) {
+ if (certs[i]) {
+ CERT_DestroyCertificate(certs[i]);
+ }
+ }
+
+ PORT_Free(certs);
}
-
+
return;
}
@@ -2289,23 +2258,23 @@
char *retaddr;
char *str;
- if ( emailAddr == NULL ) {
- return(NULL);
+ if (emailAddr == NULL) {
+ return (NULL);
}
-
+
/* copy the string */
str = retaddr = PORT_Strdup(emailAddr);
- if ( str == NULL ) {
- return(NULL);
+ if (str == NULL) {
+ return (NULL);
}
-
+
/* make it lower case */
- while ( *str ) {
- *str = tolower( *str );
- str++;
+ while (*str) {
+ *str = tolower(*str);
+ str++;
}
-
- return(retaddr);
+
+ return (retaddr);
}
/*
@@ -2318,67 +2287,67 @@
unsigned int *pflags;
if (!trust) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
trust->sslFlags = 0;
trust->emailFlags = 0;
trust->objectSigningFlags = 0;
if (!trusts) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
pflags = &trust->sslFlags;
- for (i=0; i < PORT_Strlen(trusts); i++) {
- switch (trusts[i]) {
- case 'p':
- *pflags = *pflags | CERTDB_TERMINAL_RECORD;
- break;
+ for (i = 0; i < PORT_Strlen(trusts); i++) {
+ switch (trusts[i]) {
+ case 'p':
+ *pflags = *pflags | CERTDB_TERMINAL_RECORD;
+ break;
- case 'P':
- *pflags = *pflags | CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD;
- break;
+ case 'P':
+ *pflags = *pflags | CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD;
+ break;
- case 'w':
- *pflags = *pflags | CERTDB_SEND_WARN;
- break;
+ case 'w':
+ *pflags = *pflags | CERTDB_SEND_WARN;
+ break;
- case 'c':
- *pflags = *pflags | CERTDB_VALID_CA;
- break;
+ case 'c':
+ *pflags = *pflags | CERTDB_VALID_CA;
+ break;
- case 'T':
- *pflags = *pflags | CERTDB_TRUSTED_CLIENT_CA | CERTDB_VALID_CA;
- break;
+ case 'T':
+ *pflags = *pflags | CERTDB_TRUSTED_CLIENT_CA | CERTDB_VALID_CA;
+ break;
- case 'C' :
- *pflags = *pflags | CERTDB_TRUSTED_CA | CERTDB_VALID_CA;
- break;
+ case 'C':
+ *pflags = *pflags | CERTDB_TRUSTED_CA | CERTDB_VALID_CA;
+ break;
- case 'u':
- *pflags = *pflags | CERTDB_USER;
- break;
+ case 'u':
+ *pflags = *pflags | CERTDB_USER;
+ break;
- case 'i':
- *pflags = *pflags | CERTDB_INVISIBLE_CA;
- break;
- case 'g':
- *pflags = *pflags | CERTDB_GOVT_APPROVED_CA;
- break;
+ case 'i':
+ *pflags = *pflags | CERTDB_INVISIBLE_CA;
+ break;
+ case 'g':
+ *pflags = *pflags | CERTDB_GOVT_APPROVED_CA;
+ break;
- case ',':
- if ( pflags == &trust->sslFlags ) {
- pflags = &trust->emailFlags;
- } else {
- pflags = &trust->objectSigningFlags;
- }
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
+ case ',':
+ if (pflags == &trust->sslFlags) {
+ pflags = &trust->emailFlags;
+ } else {
+ pflags = &trust->objectSigningFlags;
+ }
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
}
return SECSuccess;
@@ -2388,26 +2357,25 @@
EncodeFlags(char *trusts, unsigned int flags)
{
if (flags & CERTDB_VALID_CA)
- if (!(flags & CERTDB_TRUSTED_CA) &&
- !(flags & CERTDB_TRUSTED_CLIENT_CA))
- PORT_Strcat(trusts, "c");
+ if (!(flags & CERTDB_TRUSTED_CA) && !(flags & CERTDB_TRUSTED_CLIENT_CA))
+ PORT_Strcat(trusts, "c");
if (flags & CERTDB_TERMINAL_RECORD)
- if (!(flags & CERTDB_TRUSTED))
- PORT_Strcat(trusts, "p");
+ if (!(flags & CERTDB_TRUSTED))
+ PORT_Strcat(trusts, "p");
if (flags & CERTDB_TRUSTED_CA)
- PORT_Strcat(trusts, "C");
+ PORT_Strcat(trusts, "C");
if (flags & CERTDB_TRUSTED_CLIENT_CA)
- PORT_Strcat(trusts, "T");
+ PORT_Strcat(trusts, "T");
if (flags & CERTDB_TRUSTED)
- PORT_Strcat(trusts, "P");
+ PORT_Strcat(trusts, "P");
if (flags & CERTDB_USER)
- PORT_Strcat(trusts, "u");
+ PORT_Strcat(trusts, "u");
if (flags & CERTDB_SEND_WARN)
- PORT_Strcat(trusts, "w");
+ PORT_Strcat(trusts, "w");
if (flags & CERTDB_INVISIBLE_CA)
- PORT_Strcat(trusts, "I");
+ PORT_Strcat(trusts, "I");
if (flags & CERTDB_GOVT_APPROVED_CA)
- PORT_Strcat(trusts, "G");
+ PORT_Strcat(trusts, "G");
return;
}
@@ -2419,96 +2387,93 @@
char tmpTrustSigning[32];
char *retstr = NULL;
- if ( trust ) {
- tmpTrustSSL[0] = '\0';
- tmpTrustEmail[0] = '\0';
- tmpTrustSigning[0] = '\0';
-
- EncodeFlags(tmpTrustSSL, trust->sslFlags);
- EncodeFlags(tmpTrustEmail, trust->emailFlags);
- EncodeFlags(tmpTrustSigning, trust->objectSigningFlags);
-
- retstr = PR_smprintf("%s,%s,%s", tmpTrustSSL, tmpTrustEmail,
- tmpTrustSigning);
+ if (trust) {
+ tmpTrustSSL[0] = '\0';
+ tmpTrustEmail[0] = '\0';
+ tmpTrustSigning[0] = '\0';
+
+ EncodeFlags(tmpTrustSSL, trust->sslFlags);
+ EncodeFlags(tmpTrustEmail, trust->emailFlags);
+ EncodeFlags(tmpTrustSigning, trust->objectSigningFlags);
+
+ retstr = PR_smprintf("%s,%s,%s", tmpTrustSSL, tmpTrustEmail,
+ tmpTrustSigning);
}
-
- return(retstr);
+
+ return (retstr);
}
SECStatus
CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
- unsigned int ncerts, SECItem **derCerts,
- CERTCertificate ***retCerts, PRBool keepCerts,
- PRBool caOnly, char *nickname)
+ unsigned int ncerts, SECItem **derCerts,
+ CERTCertificate ***retCerts, PRBool keepCerts, PRBool caOnly,
+ char *nickname)
{
unsigned int i;
CERTCertificate **certs = NULL;
unsigned int fcerts = 0;
- if ( ncerts ) {
- certs = PORT_ZNewArray(CERTCertificate*, ncerts);
- if ( certs == NULL ) {
- return(SECFailure);
- }
-
- /* decode all of the certs into the temporary DB */
- for ( i = 0, fcerts= 0; i < ncerts; i++) {
- certs[fcerts] = CERT_NewTempCertificate(certdb,
- derCerts[i],
- NULL,
- PR_FALSE,
- PR_TRUE);
- if (certs[fcerts]) {
- SECItem subjKeyID = {siBuffer, NULL, 0};
- if (CERT_FindSubjectKeyIDExtension(certs[fcerts],
- &subjKeyID) == SECSuccess) {
- if (subjKeyID.data) {
- cert_AddSubjectKeyIDMapping(&subjKeyID, certs[fcerts]);
- }
- SECITEM_FreeItem(&subjKeyID, PR_FALSE);
- }
- fcerts++;
- }
- }
+ if (ncerts) {
+ certs = PORT_ZNewArray(CERTCertificate *, ncerts);
+ if (certs == NULL) {
+ return (SECFailure);
+ }
- if ( keepCerts ) {
- for ( i = 0; i < fcerts; i++ ) {
- char* canickname = NULL;
+ /* decode all of the certs into the temporary DB */
+ for (i = 0, fcerts = 0; i < ncerts; i++) {
+ certs[fcerts] = CERT_NewTempCertificate(certdb, derCerts[i], NULL,
+ PR_FALSE, PR_TRUE);
+ if (certs[fcerts]) {
+ SECItem subjKeyID = { siBuffer, NULL, 0 };
+ if (CERT_FindSubjectKeyIDExtension(certs[fcerts], &subjKeyID) ==
+ SECSuccess) {
+ if (subjKeyID.data) {
+ cert_AddSubjectKeyIDMapping(&subjKeyID, certs[fcerts]);
+ }
+ SECITEM_FreeItem(&subjKeyID, PR_FALSE);
+ }
+ fcerts++;
+ }
+ }
+
+ if (keepCerts) {
+ for (i = 0; i < fcerts; i++) {
+ char *canickname = NULL;
PRBool isCA;
- SECKEY_UpdateCertPQG(certs[i]);
-
+ SECKEY_UpdateCertPQG(certs[i]);
+
isCA = CERT_IsCACert(certs[i], NULL);
- if ( isCA ) {
+ if (isCA) {
canickname = CERT_MakeCANickname(certs[i]);
}
- if(isCA && (fcerts > 1)) {
- /* if we are importing only a single cert and specifying
- * a nickname, we want to use that nickname if it a CA,
- * otherwise if there are more than one cert, we don't
- * know which cert it belongs to. But we still may try
+ if (isCA && (fcerts > 1)) {
+ /* if we are importing only a single cert and specifying
+ * a nickname, we want to use that nickname if it a CA,
+ * otherwise if there are more than one cert, we don't
+ * know which cert it belongs to. But we still may try
* the individual canickname from the cert itself.
- */
+ */
/* Bug 1192442 - propagate errors from these calls. */
- (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL);
- } else {
- (void)CERT_AddTempCertToPerm(certs[i],
- nickname?nickname:canickname, NULL);
- }
+ (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL);
+ } else {
+ (void)CERT_AddTempCertToPerm(
+ certs[i], nickname ? nickname : canickname, NULL);
+ }
PORT_Free(canickname);
- /* don't care if it fails - keep going */
- }
- }
+ /* don't care if it fails - keep going */
+ }
+ }
}
- if ( retCerts ) {
- *retCerts = certs;
+ if (retCerts) {
+ *retCerts = certs;
} else {
- if (certs) {
- CERT_DestroyCertArray(certs, fcerts);
- }
+ if (certs) {
+ CERT_DestroyCertArray(certs, fcerts);
+ }
}
return (fcerts || !ncerts) ? SECSuccess : SECFailure;
@@ -2523,29 +2488,29 @@
{
PLArenaPool *arena = NULL;
CERTCertList *ret = NULL;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- goto loser;
+ if (arena == NULL) {
+ goto loser;
}
-
+
ret = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
- if ( ret == NULL ) {
- goto loser;
+ if (ret == NULL) {
+ goto loser;
}
-
+
ret->arena = arena;
-
+
PR_INIT_CLIST(&ret->list);
-
- return(ret);
+
+ return (ret);
loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (arena != NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
}
-
- return(NULL);
+
+ return (NULL);
}
void
@@ -2553,14 +2518,14 @@
{
PRCList *node;
- while( !PR_CLIST_IS_EMPTY(&certs->list) ) {
- node = PR_LIST_HEAD(&certs->list);
- CERT_DestroyCertificate(((CERTCertListNode *)node)->cert);
- PR_REMOVE_LINK(node);
+ while (!PR_CLIST_IS_EMPTY(&certs->list)) {
+ node = PR_LIST_HEAD(&certs->list);
+ CERT_DestroyCertificate(((CERTCertListNode *)node)->cert);
+ PR_REMOVE_LINK(node);
}
-
+
PORT_FreeArena(certs->arena, PR_FALSE);
-
+
return;
}
@@ -2572,27 +2537,26 @@
return;
}
-
SECStatus
-CERT_AddCertToListTailWithData(CERTCertList *certs,
- CERTCertificate *cert, void *appData)
+CERT_AddCertToListTailWithData(CERTCertList *certs, CERTCertificate *cert,
+ void *appData)
{
CERTCertListNode *node;
-
+
node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
- sizeof(CERTCertListNode));
- if ( node == NULL ) {
- goto loser;
+ sizeof(CERTCertListNode));
+ if (node == NULL) {
+ goto loser;
}
-
+
PR_INSERT_BEFORE(&node->links, &certs->list);
/* certs->count++; */
node->cert = cert;
node->appData = appData;
- return(SECSuccess);
-
+ return (SECSuccess);
+
loser:
- return(SECFailure);
+ return (SECFailure);
}
SECStatus
@@ -2602,30 +2566,31 @@
}
SECStatus
-CERT_AddCertToListHeadWithData(CERTCertList *certs,
- CERTCertificate *cert, void *appData)
+CERT_AddCertToListHeadWithData(CERTCertList *certs, CERTCertificate *cert,
+ void *appData)
{
CERTCertListNode *node;
CERTCertListNode *head;
-
+
head = CERT_LIST_HEAD(certs);
- if (head == NULL) return CERT_AddCertToListTail(certs,cert);
+ if (head == NULL)
+ return CERT_AddCertToListTail(certs, cert);
node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
- sizeof(CERTCertListNode));
- if ( node == NULL ) {
- goto loser;
+ sizeof(CERTCertListNode));
+ if (node == NULL) {
+ goto loser;
}
-
+
PR_INSERT_BEFORE(&node->links, &head->links);
/* certs->count++; */
node->cert = cert;
node->appData = appData;
- return(SECSuccess);
-
+ return (SECSuccess);
+
loser:
- return(SECFailure);
+ return (SECFailure);
}
SECStatus
@@ -2639,9 +2604,7 @@
* Not valid certs are considered older than valid certs.
*/
PRBool
-CERT_SortCBValidity(CERTCertificate *certa,
- CERTCertificate *certb,
- void *arg)
+CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb, void *arg)
{
PRTime sorttime;
PRTime notBeforeA, notAfterA, notBeforeB, notAfterB;
@@ -2650,113 +2613,110 @@
PRBool aNotValid = PR_FALSE, bNotValid = PR_FALSE;
sorttime = *(PRTime *)arg;
-
+
rv = CERT_GetCertTimes(certa, ¬BeforeA, ¬AfterA);
- if ( rv != SECSuccess ) {
- return(PR_FALSE);
+ if (rv != SECSuccess) {
+ return (PR_FALSE);
}
-
+
rv = CERT_GetCertTimes(certb, ¬BeforeB, ¬AfterB);
- if ( rv != SECSuccess ) {
- return(PR_TRUE);
+ if (rv != SECSuccess) {
+ return (PR_TRUE);
}
newerbefore = PR_FALSE;
- if ( LL_CMP(notBeforeA, >, notBeforeB) ) {
- newerbefore = PR_TRUE;
+ if (LL_CMP(notBeforeA, >, notBeforeB)) {
+ newerbefore = PR_TRUE;
}
newerafter = PR_FALSE;
- if ( LL_CMP(notAfterA, >, notAfterB) ) {
- newerafter = PR_TRUE;
+ if (LL_CMP(notAfterA, >, notAfterB)) {
+ newerafter = PR_TRUE;
}
/* check if A is valid at sorttime */
- if ( CERT_CheckCertValidTimes(certa, sorttime, PR_FALSE)
- != secCertTimeValid ) {
- aNotValid = PR_TRUE;
+ if (CERT_CheckCertValidTimes(certa, sorttime, PR_FALSE) !=
+ secCertTimeValid) {
+ aNotValid = PR_TRUE;
}
/* check if B is valid at sorttime */
- if ( CERT_CheckCertValidTimes(certb, sorttime, PR_FALSE)
- != secCertTimeValid ) {
- bNotValid = PR_TRUE;
+ if (CERT_CheckCertValidTimes(certb, sorttime, PR_FALSE) !=
+ secCertTimeValid) {
+ bNotValid = PR_TRUE;
}
/* a is valid, b is not */
- if ( bNotValid && ( ! aNotValid ) ) {
- return(PR_TRUE);
+ if (bNotValid && (!aNotValid)) {
+ return (PR_TRUE);
}
/* b is valid, a is not */
- if ( aNotValid && ( ! bNotValid ) ) {
- return(PR_FALSE);
- }
-
- /* a and b are either valid or not valid */
- if ( newerbefore && newerafter ) {
- return(PR_TRUE);
- }
-
- if ( ( !newerbefore ) && ( !newerafter ) ) {
- return(PR_FALSE);
+ if (aNotValid && (!bNotValid)) {
+ return (PR_FALSE);
}
- if ( newerbefore ) {
- /* cert A was issued after cert B, but expires sooner */
- return(PR_TRUE);
+ /* a and b are either valid or not valid */
+ if (newerbefore && newerafter) {
+ return (PR_TRUE);
+ }
+
+ if ((!newerbefore) && (!newerafter)) {
+ return (PR_FALSE);
+ }
+
+ if (newerbefore) {
+ /* cert A was issued after cert B, but expires sooner */
+ return (PR_TRUE);
} else {
- /* cert B was issued after cert A, but expires sooner */
- return(PR_FALSE);
+ /* cert B was issued after cert A, but expires sooner */
+ return (PR_FALSE);
}
}
-
SECStatus
-CERT_AddCertToListSorted(CERTCertList *certs,
- CERTCertificate *cert,
- CERTSortCallback f,
- void *arg)
+CERT_AddCertToListSorted(CERTCertList *certs, CERTCertificate *cert,
+ CERTSortCallback f, void *arg)
{
CERTCertListNode *node;
CERTCertListNode *head;
PRBool ret;
-
+
node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
- sizeof(CERTCertListNode));
- if ( node == NULL ) {
- goto loser;
+ sizeof(CERTCertListNode));
+ if (node == NULL) {
+ goto loser;
}
-
+
head = CERT_LIST_HEAD(certs);
-
- while ( !CERT_LIST_END(head, certs) ) {
- /* if cert is already in the list, then don't add it again */
- if ( cert == head->cert ) {
- /*XXX*/
- /* don't keep a reference */
- CERT_DestroyCertificate(cert);
- goto done;
- }
-
- ret = (* f)(cert, head->cert, arg);
- /* if sort function succeeds, then insert before current node */
- if ( ret ) {
- PR_INSERT_BEFORE(&node->links, &head->links);
- goto done;
- }
+ while (!CERT_LIST_END(head, certs)) {
- head = CERT_LIST_NEXT(head);
+ /* if cert is already in the list, then don't add it again */
+ if (cert == head->cert) {
+ /*XXX*/
+ /* don't keep a reference */
+ CERT_DestroyCertificate(cert);
+ goto done;
+ }
+
+ ret = (*f)(cert, head->cert, arg);
+ /* if sort function succeeds, then insert before current node */
+ if (ret) {
+ PR_INSERT_BEFORE(&node->links, &head->links);
+ goto done;
+ }
+
+ head = CERT_LIST_NEXT(head);
}
/* if we get to the end, then just insert it at the tail */
PR_INSERT_BEFORE(&node->links, &certs->list);
-done:
+done:
/* certs->count++; */
node->cert = cert;
- return(SECSuccess);
-
+ return (SECSuccess);
+
loser:
- return(SECFailure);
+ return (SECFailure);
}
/* This routine is here because pcertdb.c still has a call to it.
@@ -2769,74 +2729,75 @@
*/
SECStatus
CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
- PRBool ca)
+ PRBool ca)
{
unsigned int requiredKeyUsage;
unsigned int requiredCertType;
CERTCertListNode *node, *savenode;
SECStatus rv;
-
- if (certList == NULL) goto loser;
+
+ if (certList == NULL)
+ goto loser;
rv = CERT_KeyUsageAndTypeForCertUsage(usage, ca, &requiredKeyUsage,
- &requiredCertType);
- if ( rv != SECSuccess ) {
- goto loser;
+ &requiredCertType);
+ if (rv != SECSuccess) {
+ goto loser;
}
node = CERT_LIST_HEAD(certList);
-
- while ( !CERT_LIST_END(node, certList) ) {
- PRBool bad = (PRBool)(!node->cert);
+ while (!CERT_LIST_END(node, certList)) {
- /* bad key usage ? */
- if ( !bad &&
- CERT_CheckKeyUsage(node->cert, requiredKeyUsage) != SECSuccess ) {
- bad = PR_TRUE;
- }
- /* bad cert type ? */
- if ( !bad ) {
- unsigned int certType = 0;
- if ( ca ) {
- /* This function returns a more comprehensive cert type that
- * takes trust flags into consideration. Should probably
- * fix the cert decoding code to do this.
- */
- (void)CERT_IsCACert(node->cert, &certType);
- } else {
- certType = node->cert->nsCertType;
- }
- if ( !( certType & requiredCertType ) ) {
- bad = PR_TRUE;
- }
- }
+ PRBool bad = (PRBool)(!node->cert);
- if ( bad ) {
- /* remove the node if it is bad */
- savenode = CERT_LIST_NEXT(node);
- CERT_RemoveCertListNode(node);
- node = savenode;
- } else {
- node = CERT_LIST_NEXT(node);
- }
+ /* bad key usage ? */
+ if (!bad &&
+ CERT_CheckKeyUsage(node->cert, requiredKeyUsage) != SECSuccess) {
+ bad = PR_TRUE;
+ }
+ /* bad cert type ? */
+ if (!bad) {
+ unsigned int certType = 0;
+ if (ca) {
+ /* This function returns a more comprehensive cert type that
+ * takes trust flags into consideration. Should probably
+ * fix the cert decoding code to do this.
+ */
+ (void)CERT_IsCACert(node->cert, &certType);
+ } else {
+ certType = node->cert->nsCertType;
+ }
+ if (!(certType & requiredCertType)) {
+ bad = PR_TRUE;
+ }
+ }
+
+ if (bad) {
+ /* remove the node if it is bad */
+ savenode = CERT_LIST_NEXT(node);
+ CERT_RemoveCertListNode(node);
+ node = savenode;
+ } else {
+ node = CERT_LIST_NEXT(node);
+ }
}
- return(SECSuccess);
-
+ return (SECSuccess);
+
loser:
- return(SECFailure);
+ return (SECFailure);
}
-PRBool CERT_IsUserCert(CERTCertificate* cert)
+PRBool
+CERT_IsUserCert(CERTCertificate *cert)
{
CERTCertTrust trust;
SECStatus rv = SECFailure;
rv = CERT_GetCertTrust(cert, &trust);
if (rv == SECSuccess &&
- ((trust.sslFlags & CERTDB_USER ) ||
- (trust.emailFlags & CERTDB_USER ) ||
- (trust.objectSigningFlags & CERTDB_USER )) ) {
+ ((trust.sslFlags & CERTDB_USER) || (trust.emailFlags & CERTDB_USER) ||
+ (trust.objectSigningFlags & CERTDB_USER))) {
return PR_TRUE;
} else {
return PR_FALSE;
@@ -2854,21 +2815,21 @@
}
node = CERT_LIST_HEAD(certList);
-
- while ( ! CERT_LIST_END(node, certList) ) {
- cert = node->cert;
- if ( PR_TRUE != CERT_IsUserCert(cert) ) {
- /* Not a User Cert, so remove this cert from the list */
- freenode = node;
- node = CERT_LIST_NEXT(node);
- CERT_RemoveCertListNode(freenode);
- } else {
- /* Is a User cert, so leave it in the list */
- node = CERT_LIST_NEXT(node);
- }
+
+ while (!CERT_LIST_END(node, certList)) {
+ cert = node->cert;
+ if (PR_TRUE != CERT_IsUserCert(cert)) {
+ /* Not a User Cert, so remove this cert from the list */
+ freenode = node;
+ node = CERT_LIST_NEXT(node);
+ CERT_RemoveCertListNode(freenode);
+ } else {
+ /* Is a User cert, so leave it in the list */
+ node = CERT_LIST_NEXT(node);
+ }
}
- return(SECSuccess);
+ return (SECSuccess);
}
static PZLock *certRefCountLock = NULL;
@@ -2894,7 +2855,7 @@
CERT_UnlockCertRefCount(CERTCertificate *cert)
{
PORT_Assert(certRefCountLock != NULL);
-
+
#ifdef DEBUG
{
PRStatus prstat = PZ_Unlock(certRefCountLock);
@@ -2924,7 +2885,7 @@
SECStatus
cert_InitLocks(void)
{
- if ( certRefCountLock == NULL ) {
+ if (certRefCountLock == NULL) {
certRefCountLock = PZ_NewLock(nssILockRefLock);
PORT_Assert(certRefCountLock != NULL);
if (!certRefCountLock) {
@@ -2932,7 +2893,7 @@
}
}
- if ( certTrustLock == NULL ) {
+ if (certTrustLock == NULL) {
certTrustLock = PZ_NewLock(nssILockCertDB);
PORT_Assert(certTrustLock != NULL);
if (!certTrustLock) {
@@ -2940,7 +2901,7 @@
certRefCountLock = NULL;
return SECFailure;
}
- }
+ }
return SECSuccess;
}
@@ -2975,7 +2936,7 @@
CERT_UnlockCertTrust(const CERTCertificate *cert)
{
PORT_Assert(certTrustLock != NULL);
-
+
#ifdef DEBUG
{
PRStatus prstat = PZ_Unlock(certTrustLock);
@@ -2986,14 +2947,13 @@
#endif
}
-
/*
* Get the StatusConfig data for this handle
*/
CERTStatusConfig *
CERT_GetStatusConfig(CERTCertDBHandle *handle)
{
- return handle->statusConfig;
+ return handle->statusConfig;
}
/*
@@ -3003,8 +2963,8 @@
void
CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *statusConfig)
{
- PORT_Assert(handle->statusConfig == NULL);
- handle->statusConfig = statusConfig;
+ PORT_Assert(handle->statusConfig == NULL);
+ handle->statusConfig = statusConfig;
}
/*
@@ -3012,37 +2972,40 @@
*/
static PLHashTable *gSubjKeyIDHash = NULL;
-static PRLock *gSubjKeyIDLock = NULL;
+static PRLock *gSubjKeyIDLock = NULL;
static PLHashTable *gSubjKeyIDSlotCheckHash = NULL;
-static PRLock *gSubjKeyIDSlotCheckLock = NULL;
+static PRLock *gSubjKeyIDSlotCheckLock = NULL;
-static void *cert_AllocTable(void *pool, PRSize size)
+static void *
+cert_AllocTable(void *pool, PRSize size)
{
return PORT_Alloc(size);
}
-static void cert_FreeTable(void *pool, void *item)
+static void
+cert_FreeTable(void *pool, void *item)
{
PORT_Free(item);
}
-static PLHashEntry* cert_AllocEntry(void *pool, const void *key)
+static PLHashEntry *
+cert_AllocEntry(void *pool, const void *key)
{
return PORT_New(PLHashEntry);
}
-static void cert_FreeEntry(void *pool, PLHashEntry *he, PRUintn flag)
+static void
+cert_FreeEntry(void *pool, PLHashEntry *he, PRUintn flag)
{
- SECITEM_FreeItem((SECItem*)(he->value), PR_TRUE);
+ SECITEM_FreeItem((SECItem *)(he->value), PR_TRUE);
if (flag == HT_FREE_ENTRY) {
- SECITEM_FreeItem((SECItem*)(he->key), PR_TRUE);
+ SECITEM_FreeItem((SECItem *)(he->key), PR_TRUE);
PORT_Free(he);
}
}
-static PLHashAllocOps cert_AllocOps = {
- cert_AllocTable, cert_FreeTable, cert_AllocEntry, cert_FreeEntry
-};
+static PLHashAllocOps cert_AllocOps = { cert_AllocTable, cert_FreeTable,
+ cert_AllocEntry, cert_FreeEntry };
SECStatus
cert_CreateSubjectKeyIDSlotCheckHash(void)
@@ -3051,10 +3014,9 @@
* This hash is used to remember the series of a slot
* when we last checked for user certs
*/
- gSubjKeyIDSlotCheckHash = PL_NewHashTable(0, SECITEM_Hash,
- SECITEM_HashCompare,
- SECITEM_HashCompare,
- &cert_AllocOps, NULL);
+ gSubjKeyIDSlotCheckHash =
+ PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
+ SECITEM_HashCompare, &cert_AllocOps, NULL);
if (!gSubjKeyIDSlotCheckHash) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return SECFailure;
@@ -3073,8 +3035,7 @@
cert_CreateSubjectKeyIDHashTable(void)
{
gSubjKeyIDHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
- SECITEM_HashCompare,
- &cert_AllocOps, NULL);
+ SECITEM_HashCompare, &cert_AllocOps, NULL);
if (!gSubjKeyIDHash) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return SECFailure;
@@ -3088,8 +3049,8 @@
}
/* initialize the companion hash (for remembering slot series) */
if (cert_CreateSubjectKeyIDSlotCheckHash() != SECSuccess) {
- cert_DestroySubjectKeyIDHashTable();
- return SECFailure;
+ cert_DestroySubjectKeyIDHashTable();
+ return SECFailure;
}
return SECSuccess;
}
@@ -3101,8 +3062,8 @@
SECStatus rv = SECFailure;
if (!gSubjKeyIDLock) {
- /* If one is created, then both are there. So only check for one. */
- return SECFailure;
+ /* If one is created, then both are there. So only check for one. */
+ return SECFailure;
}
newVal = SECITEM_DupItem(&cert->derCert);
@@ -3118,18 +3079,18 @@
}
PR_Lock(gSubjKeyIDLock);
- /* The hash table implementation does not free up the memory
- * associated with the key of an already existing entry if we add a
- * duplicate, so we would wind up leaking the previously allocated
+ /* The hash table implementation does not free up the memory
+ * associated with the key of an already existing entry if we add a
+ * duplicate, so we would wind up leaking the previously allocated
* key if we don't remove before adding.
*/
- oldVal = (SECItem*)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
+ oldVal = (SECItem *)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
if (oldVal) {
PL_HashTableRemove(gSubjKeyIDHash, subjKeyID);
}
- rv = (PL_HashTableAdd(gSubjKeyIDHash, newKeyID, newVal)) ? SECSuccess :
- SECFailure;
+ rv = (PL_HashTableAdd(gSubjKeyIDHash, newKeyID, newVal)) ? SECSuccess
+ : SECFailure;
PR_Unlock(gSubjKeyIDLock);
done:
return rv;
@@ -3143,8 +3104,8 @@
return SECFailure;
PR_Lock(gSubjKeyIDLock);
- rv = (PL_HashTableRemove(gSubjKeyIDHash, subjKeyID)) ? SECSuccess :
- SECFailure;
+ rv = (PL_HashTableRemove(gSubjKeyIDHash, subjKeyID)) ? SECSuccess
+ : SECFailure;
PR_Unlock(gSubjKeyIDLock);
return rv;
}
@@ -3156,12 +3117,12 @@
SECStatus rv = SECFailure;
if (!gSubjKeyIDSlotCheckLock) {
- return rv;
+ return rv;
}
newSlotid = SECITEM_DupItem(slotid);
newSeries = SECITEM_AllocItem(NULL, NULL, sizeof(int));
- if (!newSlotid || !newSeries ) {
+ if (!newSlotid || !newSeries) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto loser;
}
@@ -3170,17 +3131,18 @@
PR_Lock(gSubjKeyIDSlotCheckLock);
oldSeries = (SECItem *)PL_HashTableLookup(gSubjKeyIDSlotCheckHash, slotid);
if (oldSeries) {
- /*
- * make sure we don't leak the key of an existing entry
- * (similar to cert_AddSubjectKeyIDMapping, see comment there)
- */
+ /*
+ * make sure we don't leak the key of an existing entry
+ * (similar to cert_AddSubjectKeyIDMapping, see comment there)
+ */
PL_HashTableRemove(gSubjKeyIDSlotCheckHash, slotid);
}
- rv = (PL_HashTableAdd(gSubjKeyIDSlotCheckHash, newSlotid, newSeries)) ?
- SECSuccess : SECFailure;
+ rv = (PL_HashTableAdd(gSubjKeyIDSlotCheckHash, newSlotid, newSeries))
+ ? SECSuccess
+ : SECFailure;
PR_Unlock(gSubjKeyIDSlotCheckLock);
if (rv == SECSuccess) {
- return rv;
+ return rv;
}
loser:
@@ -3200,23 +3162,23 @@
int series;
if (!gSubjKeyIDSlotCheckLock) {
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return -1;
+ PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+ return -1;
}
PR_Lock(gSubjKeyIDSlotCheckLock);
seriesItem = (SECItem *)PL_HashTableLookup(gSubjKeyIDSlotCheckHash, slotid);
PR_Unlock(gSubjKeyIDSlotCheckLock);
- /* getting a null series just means we haven't registered one yet,
- * just return 0 */
+ /* getting a null series just means we haven't registered one yet,
+ * just return 0 */
if (seriesItem == NULL) {
- return 0;
+ return 0;
}
/* if we got a series back, assert if it's not the proper length. */
PORT_Assert(seriesItem->len == sizeof(int));
if (seriesItem->len != sizeof(int)) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return -1;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return -1;
}
PORT_Memcpy(&series, seriesItem->data, sizeof(int));
return series;
@@ -3251,16 +3213,16 @@
return SECSuccess;
}
-SECItem*
+SECItem *
cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID)
{
- SECItem *val;
-
+ SECItem *val;
+
if (!gSubjKeyIDLock)
return NULL;
PR_Lock(gSubjKeyIDLock);
- val = (SECItem*)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
+ val = (SECItem *)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
if (val) {
val = SECITEM_DupItem(val);
}
@@ -3268,7 +3230,7 @@
return val;
}
-CERTCertificate*
+CERTCertificate *
CERT_FindCertBySubjectKeyID(CERTCertDBHandle *handle, SECItem *subjKeyID)
{
CERTCertificate *cert = NULL;
diff --git a/nss/lib/certdb/certdb.h b/nss/lib/certdb/certdb.h
index d358dfd..cb39b98 100644
--- a/nss/lib/certdb/certdb.h
+++ b/nss/lib/certdb/certdb.h
@@ -5,18 +5,17 @@
#ifndef _CERTDB_H_
#define _CERTDB_H_
-
/* common flags for all types of certificates */
-#define CERTDB_TERMINAL_RECORD (1u<<0)
-#define CERTDB_TRUSTED (1u<<1)
-#define CERTDB_SEND_WARN (1u<<2)
-#define CERTDB_VALID_CA (1u<<3)
-#define CERTDB_TRUSTED_CA (1u<<4) /* trusted for issuing server certs */
-#define CERTDB_NS_TRUSTED_CA (1u<<5)
-#define CERTDB_USER (1u<<6)
-#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */
-#define CERTDB_INVISIBLE_CA (1u<<8) /* don't show in UI */
-#define CERTDB_GOVT_APPROVED_CA (1u<<9) /* can do strong crypto in export ver */
+#define CERTDB_TERMINAL_RECORD (1u << 0)
+#define CERTDB_TRUSTED (1u << 1)
+#define CERTDB_SEND_WARN (1u << 2)
+#define CERTDB_VALID_CA (1u << 3)
+#define CERTDB_TRUSTED_CA (1u << 4) /* trusted for issuing server certs */
+#define CERTDB_NS_TRUSTED_CA (1u << 5)
+#define CERTDB_USER (1u << 6)
+#define CERTDB_TRUSTED_CLIENT_CA (1u << 7) /* trusted for issuing client certs */
+#define CERTDB_INVISIBLE_CA (1u << 8) /* don't show in UI */
+#define CERTDB_GOVT_APPROVED_CA (1u << 9) /* can do strong crypto in export ver */
/* old usage, to keep old programs compiling */
/* On Windows, Mac, and Linux (and other gcc platforms), we can give compile
@@ -26,54 +25,48 @@
#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated));
#else
-typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated
- ("CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD")));
+typedef unsigned int __CERTDB_VALID_PEER __attribute__((
+ deprecated("CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD")));
#endif
-#define CERTDB_VALID_PEER ((__CERTDB_VALID_PEER) CERTDB_TERMINAL_RECORD)
+#define CERTDB_VALID_PEER ((__CERTDB_VALID_PEER)CERTDB_TERMINAL_RECORD)
#else
#ifdef _WIN32
#pragma deprecated(CERTDB_VALID_PEER)
#endif
-#define CERTDB_VALID_PEER CERTDB_TERMINAL_RECORD
+#define CERTDB_VALID_PEER CERTDB_TERMINAL_RECORD
#endif
SEC_BEGIN_PROTOS
-CERTSignedCrl *
-SEC_FindCrlByKey(CERTCertDBHandle *handle, SECItem *crlKey, int type);
+CERTSignedCrl *SEC_FindCrlByKey(CERTCertDBHandle *handle, SECItem *crlKey,
+ int type);
-CERTSignedCrl *
-SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey, int type);
+CERTSignedCrl *SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey,
+ int type);
-CERTSignedCrl *
-SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type);
+CERTSignedCrl *SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl,
+ int type);
-PRBool
-SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
- CERTCertDBHandle *handle);
-CERTSignedCrl *
-SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type);
+PRBool SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
+ CERTCertDBHandle *handle);
+CERTSignedCrl *SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl,
+ int type);
-SECStatus
-SEC_DeletePermCRL(CERTSignedCrl *crl);
+SECStatus SEC_DeletePermCRL(CERTSignedCrl *crl);
+SECStatus SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes,
+ int type);
-SECStatus
-SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type);
+SECStatus SEC_DestroyCrl(CERTSignedCrl *crl);
-SECStatus
-SEC_DestroyCrl(CERTSignedCrl *crl);
+CERTSignedCrl *SEC_DupCrl(CERTSignedCrl *acrl);
-CERTSignedCrl* SEC_DupCrl(CERTSignedCrl* acrl);
-
-SECStatus
-CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
- CERTCertTrust *trust);
+SECStatus CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
+ CERTCertTrust *trust);
SECStatus SEC_DeletePermCertificate(CERTCertificate *cert);
-PRBool
-SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
+PRBool SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
/*
** Extract the validity times from a CRL
@@ -81,8 +74,7 @@
** "notBefore" is the start of the validity period (last update)
** "notAfter" is the end of the validity period (next update)
*/
-SECStatus
-SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter);
+SECStatus SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter);
/*
** Check the validity times of a crl vs. time 't', allowing
@@ -90,8 +82,7 @@
** "crl" is the certificate to be checked
** "t" is the time to check against
*/
-SECCertTimeValidity
-SEC_CheckCrlTimes(CERTCrl *crl, PRTime t);
+SECCertTimeValidity SEC_CheckCrlTimes(CERTCrl *crl, PRTime t);
SEC_END_PROTOS
diff --git a/nss/lib/certdb/certi.h b/nss/lib/certdb/certi.h
index ff7a7b8..df0d7c5 100644
--- a/nss/lib/certdb/certi.h
+++ b/nss/lib/certdb/certi.h
@@ -38,8 +38,7 @@
typedef struct PreAllocatorStr PreAllocator;
-struct PreAllocatorStr
-{
+struct PreAllocatorStr {
PRSize len;
void* data;
PRSize used;
@@ -56,32 +55,31 @@
CRLEntryCache *prev, *next;
};
-#define CRL_CACHE_INVALID_CRLS 0x0001 /* this state will be set
- if we have CRL objects with an invalid DER or signature. Can be
- cleared if the invalid objects are deleted from the token */
-#define CRL_CACHE_LAST_FETCH_FAILED 0x0002 /* this state will be set
- if the last CRL fetch encountered an error. Can be cleared if a
- new fetch succeeds */
+#define CRL_CACHE_INVALID_CRLS 0x0001 /* this state will be set
+ if we have CRL objects with an invalid DER or signature. Can be
+ cleared if the invalid objects are deleted from the token */
+#define CRL_CACHE_LAST_FETCH_FAILED 0x0002 /* this state will be set
+ if the last CRL fetch encountered an error. Can be cleared if a
+ new fetch succeeds */
-#define CRL_CACHE_OUT_OF_MEMORY 0x0004 /* this state will be set
- if we don't have enough memory to build the hash table of entries */
+#define CRL_CACHE_OUT_OF_MEMORY 0x0004 /* this state will be set
+ if we don't have enough memory to build the hash table of entries */
typedef enum {
- CRL_OriginToken = 0, /* CRL came from PKCS#11 token */
- CRL_OriginExplicit = 1 /* CRL was explicitly added to the cache, from RAM */
+ CRL_OriginToken = 0, /* CRL came from PKCS#11 token */
+ CRL_OriginExplicit = 1 /* CRL was explicitly added to the cache, from RAM */
} CRLOrigin;
typedef enum {
- dpcacheNoEntry = 0, /* no entry found for this SN */
- dpcacheFoundEntry = 1, /* entry found for this SN */
- dpcacheCallerError = 2, /* invalid args */
- dpcacheInvalidCacheError = 3, /* CRL in cache may be bad DER */
- /* or unverified */
- dpcacheEmpty = 4, /* no CRL in cache */
- dpcacheLookupError = 5 /* internal error */
+ dpcacheNoEntry = 0, /* no entry found for this SN */
+ dpcacheFoundEntry = 1, /* entry found for this SN */
+ dpcacheCallerError = 2, /* invalid args */
+ dpcacheInvalidCacheError = 3, /* CRL in cache may be bad DER */
+ /* or unverified */
+ dpcacheEmpty = 4, /* no CRL in cache */
+ dpcacheLookupError = 5 /* internal error */
} dpcacheStatus;
-
struct CachedCrlStr {
CERTSignedCrl* crl;
CRLOrigin origin;
@@ -98,11 +96,11 @@
*/
PLHashTable* entries;
PreAllocator* prebuffer; /* big pre-allocated buffer mentioned above */
- PRBool sigChecked; /* this CRL signature has already been checked */
- PRBool sigValid; /* signature verification status .
- Only meaningful if checked is PR_TRUE . */
- PRBool unbuildable; /* Avoid using assosiated CRL is it fails
- * a decoding step */
+ PRBool sigChecked; /* this CRL signature has already been checked */
+ PRBool sigValid; /* signature verification status .
+ Only meaningful if checked is PR_TRUE . */
+ PRBool unbuildable; /* Avoid using assosiated CRL is it fails
+ * a decoding step */
};
/* CRL distribution point cache object
@@ -116,15 +114,15 @@
#else
PRLock* lock;
#endif
- SECItem *issuerDERCert; /* issuer DER cert. Don't hold a reference
- to the actual cert so the trust can be
- updated on the cert automatically.
- XXX there may be multiple issuer certs,
- with different validity dates. Also
- need to deal with SKID/AKID . See
- bugzilla 217387, 233118 */
+ SECItem* issuerDERCert; /* issuer DER cert. Don't hold a reference
+ to the actual cert so the trust can be
+ updated on the cert automatically.
+ XXX there may be multiple issuer certs,
+ with different validity dates. Also
+ need to deal with SKID/AKID . See
+ bugzilla 217387, 233118 */
- CERTCertDBHandle *dbHandle;
+ CERTCertDBHandle* dbHandle;
SECItem* subject; /* DER of issuer subject */
SECItem* distributionPoint; /* DER of distribution point. This may be
@@ -133,31 +131,31 @@
Currently not used. */
/* array of full CRLs matching this distribution point */
- PRUint32 ncrls; /* total number of CRLs in crls */
- CachedCrl** crls; /* array of all matching CRLs */
+ PRUint32 ncrls; /* total number of CRLs in crls */
+ CachedCrl** crls; /* array of all matching CRLs */
/* XCRL With iCRLs and multiple DPs, the CRL can be shared accross several
issuers. In the future, we'll need to globally recycle the CRL in a
separate list in order to avoid extra lookups, decodes, and copies */
/* pointers to good decoded CRLs used to build the cache */
- CachedCrl* selected; /* full CRL selected for use in the cache */
+ CachedCrl* selected; /* full CRL selected for use in the cache */
#if 0
/* for future use */
PRInt32 numdeltas; /* number of delta CRLs used for the cache */
CachedCrl** deltas; /* delta CRLs used for the cache */
#endif
/* cache invalidity bitflag */
- PRUint16 invalid; /* this state will be set if either
- CRL_CACHE_INVALID_CRLS or CRL_CACHE_LAST_FETCH_FAILED is set.
- In those cases, all certs are considered to have unknown status.
- The invalid state can only be cleared during an update if all
- error states are cleared */
- PRBool refresh; /* manual refresh from tokens has been forced */
- PRBool mustchoose; /* trigger reselection algorithm, for case when
- RAM CRL objects are dropped from the cache */
- PRTime lastfetch; /* time a CRL token fetch was last performed */
- PRTime lastcheck; /* time CRL token objects were last checked for
- existence */
+ PRUint16 invalid; /* this state will be set if either
+ CRL_CACHE_INVALID_CRLS or CRL_CACHE_LAST_FETCH_FAILED is set.
+ In those cases, all certs are considered to have unknown status.
+ The invalid state can only be cleared during an update if all
+ error states are cleared */
+ PRBool refresh; /* manual refresh from tokens has been forced */
+ PRBool mustchoose; /* trigger reselection algorithm, for case when
+ RAM CRL objects are dropped from the cache */
+ PRTime lastfetch; /* time a CRL token fetch was last performed */
+ PRTime lastcheck; /* time CRL token objects were last checked for
+ existence */
};
/* CRL issuer cache object
@@ -168,7 +166,7 @@
*/
struct CRLIssuerCacheStr {
- SECItem* subject; /* DER of issuer subject */
+ SECItem* subject; /* DER of issuer subject */
CRLDPCache* dpp;
};
@@ -194,46 +192,40 @@
** null-terminated strings, terminated by a zero-length string.
** This function is intended to be internal to NSS.
*/
-extern char * cert_GetCertificateEmailAddresses(CERTCertificate *cert);
+extern char* cert_GetCertificateEmailAddresses(CERTCertificate* cert);
/*
* These functions are used to map subjectKeyID extension values to certs
* and to keep track of the checks for user certificates in each slot
*/
-SECStatus
-cert_CreateSubjectKeyIDHashTable(void);
+SECStatus cert_CreateSubjectKeyIDHashTable(void);
-SECStatus
-cert_AddSubjectKeyIDMapping(SECItem *subjKeyID, CERTCertificate *cert);
+SECStatus cert_AddSubjectKeyIDMapping(SECItem* subjKeyID,
+ CERTCertificate* cert);
-SECStatus
-cert_UpdateSubjectKeyIDSlotCheck(SECItem *slotid, int series);
+SECStatus cert_UpdateSubjectKeyIDSlotCheck(SECItem* slotid, int series);
-int
-cert_SubjectKeyIDSlotCheckSeries(SECItem *slotid);
+int cert_SubjectKeyIDSlotCheckSeries(SECItem* slotid);
/*
* Call this function to remove an entry from the mapping table.
*/
-SECStatus
-cert_RemoveSubjectKeyIDMapping(SECItem *subjKeyID);
+SECStatus cert_RemoveSubjectKeyIDMapping(SECItem* subjKeyID);
-SECStatus
-cert_DestroySubjectKeyIDHashTable(void);
+SECStatus cert_DestroySubjectKeyIDHashTable(void);
-SECItem*
-cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID);
+SECItem* cert_FindDERCertBySubjectKeyID(SECItem* subjKeyID);
/* return maximum length of AVA value based on its type OID tag. */
extern int cert_AVAOidTagToMaxLen(SECOidTag tag);
/* Make an AVA, allocated from pool, from OID and DER encoded value */
-extern CERTAVA * CERT_CreateAVAFromRaw(PLArenaPool *pool,
- const SECItem * OID, const SECItem * value);
+extern CERTAVA* CERT_CreateAVAFromRaw(PLArenaPool* pool, const SECItem* OID,
+ const SECItem* value);
/* Make an AVA from binary input specified by SECItem */
-extern CERTAVA * CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind,
- int valueType, SECItem *value);
+extern CERTAVA* CERT_CreateAVAFromSECItem(PLArenaPool* arena, SECOidTag kind,
+ int valueType, SECItem* value);
/*
* get a DPCache object for the given issuer subject and dp
@@ -260,10 +252,11 @@
/* Like CERT_VerifyCert, except with an additional argument, flags. The
* flags are defined immediately below.
*/
-SECStatus
-cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, PRTime t,
- PRUint32 flags, void *wincx, CERTVerifyLog *log);
+SECStatus cert_VerifyCertWithFlags(CERTCertDBHandle* handle,
+ CERTCertificate* cert, PRBool checkSig,
+ SECCertUsage certUsage, PRTime t,
+ PRUint32 flags, void* wincx,
+ CERTVerifyLog* log);
/* Use the default settings.
* cert_VerifyCertWithFlags(..., CERT_VERIFYCERT_USE_DEFAULTS, ...) is
@@ -281,15 +274,10 @@
/* Interface function for libpkix cert validation engine:
* cert_verify wrapper. */
-SECStatus
-cert_VerifyCertChainPkix(CERTCertificate *cert,
- PRBool checkSig,
- SECCertUsage requiredUsage,
- PRTime time,
- void *wincx,
- CERTVerifyLog *log,
- PRBool *sigError,
- PRBool *revoked);
+SECStatus cert_VerifyCertChainPkix(CERTCertificate* cert, PRBool checkSig,
+ SECCertUsage requiredUsage, PRTime time,
+ void* wincx, CERTVerifyLog* log,
+ PRBool* sigError, PRBool* revoked);
SECStatus cert_InitLocks(void);
@@ -298,17 +286,16 @@
/*
* fill in nsCertType field of the cert based on the cert extension
*/
-extern SECStatus cert_GetCertType(CERTCertificate *cert);
+extern SECStatus cert_GetCertType(CERTCertificate* cert);
/*
- * compute and return the value of nsCertType for cert, but do not
+ * compute and return the value of nsCertType for cert, but do not
* update the CERTCertificate.
*/
-extern PRUint32 cert_ComputeCertType(CERTCertificate *cert);
+extern PRUint32 cert_ComputeCertType(CERTCertificate* cert);
-void cert_AddToVerifyLog(CERTVerifyLog *log,CERTCertificate *cert,
- long errorCode, unsigned int depth,
- void *arg);
+void cert_AddToVerifyLog(CERTVerifyLog* log, CERTCertificate* cert,
+ long errorCode, unsigned int depth, void* arg);
/* Insert a DER CRL into the CRL cache, and take ownership of it.
*
@@ -323,7 +310,7 @@
* the same encoding. To facilitate X.500 name matching, a canonicalized
* encoding of the GeneralName should be used, if available.
*/
-
+
SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
const SECItem* canonicalizedName);
@@ -336,15 +323,15 @@
* and read by cert_FindCRLByGeneralName */
struct NamedCRLCacheEntryStr {
SECItem* canonicalizedName;
- SECItem* crl; /* DER, kept only if CRL
- * is successfully cached */
+ SECItem* crl; /* DER, kept only if CRL
+ * is successfully cached */
PRBool inCRLCache;
PRTime successfulInsertionTime; /* insertion time */
PRTime lastAttemptTime; /* time of last call to
cert_CacheCRLByGeneralName with this name */
- PRBool badDER; /* ASN.1 error */
- PRBool dupe; /* matching DER CRL already in CRL cache */
- PRBool unsupported; /* IDP, delta, any other reason */
+ PRBool badDER; /* ASN.1 error */
+ PRBool dupe; /* matching DER CRL already in CRL cache */
+ PRBool unsupported; /* IDP, delta, any other reason */
};
typedef enum {
@@ -355,12 +342,12 @@
/* Returns detailed status of the cert(revStatus variable). Tells if
* issuer cache has OriginFetchedWithTimeout crl in it. */
-SECStatus
-cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer,
- const SECItem* dp, PRTime t, void *wincx,
- CERTRevocationStatus *revStatus,
- CERTCRLEntryReasonCode *revReason);
-
+SECStatus cert_CheckCertRevocationStatus(CERTCertificate* cert,
+ CERTCertificate* issuer,
+ const SECItem* dp, PRTime t,
+ void* wincx,
+ CERTRevocationStatus* revStatus,
+ CERTCRLEntryReasonCode* revReason);
SECStatus cert_AcquireNamedCRLCache(NamedCRLCache** returned);
@@ -374,26 +361,21 @@
SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc);
/* This is private for now. Maybe shoule be public. */
-CERTGeneralName *
-cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena);
+CERTGeneralName* cert_GetSubjectAltNameList(const CERTCertificate* cert,
+ PLArenaPool* arena);
/* Count DNS names and IP addresses in a list of GeneralNames */
-PRUint32
-cert_CountDNSPatterns(CERTGeneralName *firstName);
+PRUint32 cert_CountDNSPatterns(CERTGeneralName* firstName);
/*
* returns the trust status of the leaf certificate based on usage.
- * If the leaf is explicitly untrusted, this function will fail and
+ * If the leaf is explicitly untrusted, this function will fail and
* failedFlags will be set to the trust bit value that lead to the failure.
- * If the leaf is trusted, isTrusted is set to true and the function returns
- * SECSuccess. This function does not check if the cert is fit for a
+ * If the leaf is trusted, isTrusted is set to true and the function returns
+ * SECSuccess. This function does not check if the cert is fit for a
* particular usage.
*/
-SECStatus
-cert_CheckLeafTrust(CERTCertificate *cert,
- SECCertUsage usage,
- unsigned int *failedFlags,
- PRBool *isTrusted);
+SECStatus cert_CheckLeafTrust(CERTCertificate* cert, SECCertUsage usage,
+ unsigned int* failedFlags, PRBool* isTrusted);
#endif /* _CERTI_H_ */
-
diff --git a/nss/lib/certdb/certt.h b/nss/lib/certdb/certt.h
index d8b559c..4c31c29 100644
--- a/nss/lib/certdb/certt.h
+++ b/nss/lib/certdb/certt.h
@@ -23,49 +23,49 @@
struct NSSTrustDomainStr;
/* Non-opaque objects */
-typedef struct CERTAVAStr CERTAVA;
-typedef struct CERTAttributeStr CERTAttribute;
-typedef struct CERTAuthInfoAccessStr CERTAuthInfoAccess;
-typedef struct CERTAuthKeyIDStr CERTAuthKeyID;
-typedef struct CERTBasicConstraintsStr CERTBasicConstraints;
-typedef struct NSSTrustDomainStr CERTCertDBHandle;
-typedef struct CERTCertExtensionStr CERTCertExtension;
-typedef struct CERTCertKeyStr CERTCertKey;
-typedef struct CERTCertListStr CERTCertList;
-typedef struct CERTCertListNodeStr CERTCertListNode;
-typedef struct CERTCertNicknamesStr CERTCertNicknames;
-typedef struct CERTCertTrustStr CERTCertTrust;
-typedef struct CERTCertificateStr CERTCertificate;
-typedef struct CERTCertificateListStr CERTCertificateList;
-typedef struct CERTCertificateRequestStr CERTCertificateRequest;
-typedef struct CERTCrlStr CERTCrl;
-typedef struct CERTCrlDistributionPointsStr CERTCrlDistributionPoints;
-typedef struct CERTCrlEntryStr CERTCrlEntry;
-typedef struct CERTCrlHeadNodeStr CERTCrlHeadNode;
-typedef struct CERTCrlKeyStr CERTCrlKey;
-typedef struct CERTCrlNodeStr CERTCrlNode;
-typedef struct CERTDERCertsStr CERTDERCerts;
-typedef struct CERTDistNamesStr CERTDistNames;
-typedef struct CERTGeneralNameStr CERTGeneralName;
-typedef struct CERTGeneralNameListStr CERTGeneralNameList;
-typedef struct CERTIssuerAndSNStr CERTIssuerAndSN;
-typedef struct CERTNameStr CERTName;
-typedef struct CERTNameConstraintStr CERTNameConstraint;
-typedef struct CERTNameConstraintsStr CERTNameConstraints;
-typedef struct CERTOKDomainNameStr CERTOKDomainName;
-typedef struct CERTPrivKeyUsagePeriodStr CERTPrivKeyUsagePeriod;
-typedef struct CERTPublicKeyAndChallengeStr CERTPublicKeyAndChallenge;
-typedef struct CERTRDNStr CERTRDN;
-typedef struct CERTSignedCrlStr CERTSignedCrl;
-typedef struct CERTSignedDataStr CERTSignedData;
-typedef struct CERTStatusConfigStr CERTStatusConfig;
-typedef struct CERTSubjectListStr CERTSubjectList;
-typedef struct CERTSubjectNodeStr CERTSubjectNode;
-typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
-typedef struct CERTValidityStr CERTValidity;
-typedef struct CERTVerifyLogStr CERTVerifyLog;
-typedef struct CERTVerifyLogNodeStr CERTVerifyLogNode;
-typedef struct CRLDistributionPointStr CRLDistributionPoint;
+typedef struct CERTAVAStr CERTAVA;
+typedef struct CERTAttributeStr CERTAttribute;
+typedef struct CERTAuthInfoAccessStr CERTAuthInfoAccess;
+typedef struct CERTAuthKeyIDStr CERTAuthKeyID;
+typedef struct CERTBasicConstraintsStr CERTBasicConstraints;
+typedef struct NSSTrustDomainStr CERTCertDBHandle;
+typedef struct CERTCertExtensionStr CERTCertExtension;
+typedef struct CERTCertKeyStr CERTCertKey;
+typedef struct CERTCertListStr CERTCertList;
+typedef struct CERTCertListNodeStr CERTCertListNode;
+typedef struct CERTCertNicknamesStr CERTCertNicknames;
+typedef struct CERTCertTrustStr CERTCertTrust;
+typedef struct CERTCertificateStr CERTCertificate;
+typedef struct CERTCertificateListStr CERTCertificateList;
+typedef struct CERTCertificateRequestStr CERTCertificateRequest;
+typedef struct CERTCrlStr CERTCrl;
+typedef struct CERTCrlDistributionPointsStr CERTCrlDistributionPoints;
+typedef struct CERTCrlEntryStr CERTCrlEntry;
+typedef struct CERTCrlHeadNodeStr CERTCrlHeadNode;
+typedef struct CERTCrlKeyStr CERTCrlKey;
+typedef struct CERTCrlNodeStr CERTCrlNode;
+typedef struct CERTDERCertsStr CERTDERCerts;
+typedef struct CERTDistNamesStr CERTDistNames;
+typedef struct CERTGeneralNameStr CERTGeneralName;
+typedef struct CERTGeneralNameListStr CERTGeneralNameList;
+typedef struct CERTIssuerAndSNStr CERTIssuerAndSN;
+typedef struct CERTNameStr CERTName;
+typedef struct CERTNameConstraintStr CERTNameConstraint;
+typedef struct CERTNameConstraintsStr CERTNameConstraints;
+typedef struct CERTOKDomainNameStr CERTOKDomainName;
+typedef struct CERTPrivKeyUsagePeriodStr CERTPrivKeyUsagePeriod;
+typedef struct CERTPublicKeyAndChallengeStr CERTPublicKeyAndChallenge;
+typedef struct CERTRDNStr CERTRDN;
+typedef struct CERTSignedCrlStr CERTSignedCrl;
+typedef struct CERTSignedDataStr CERTSignedData;
+typedef struct CERTStatusConfigStr CERTStatusConfig;
+typedef struct CERTSubjectListStr CERTSubjectList;
+typedef struct CERTSubjectNodeStr CERTSubjectNode;
+typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
+typedef struct CERTValidityStr CERTValidity;
+typedef struct CERTVerifyLogStr CERTVerifyLog;
+typedef struct CERTVerifyLogNodeStr CERTVerifyLogNode;
+typedef struct CRLDistributionPointStr CRLDistributionPoint;
/* CRL extensions type */
typedef unsigned long CERTCrlNumber;
@@ -150,10 +150,13 @@
trustTypeNone = 3
} SECTrustType;
-#define SEC_GET_TRUST_FLAGS(trust,type) \
- (((type)==trustSSL)?((trust)->sslFlags): \
- (((type)==trustEmail)?((trust)->emailFlags): \
- (((type)==trustObjectSigning)?((trust)->objectSigningFlags):0)))
+#define SEC_GET_TRUST_FLAGS(trust, type) \
+ (((type) == trustSSL) \
+ ? ((trust)->sslFlags) \
+ : (((type) == trustEmail) ? ((trust)->emailFlags) \
+ : (((type) == trustObjectSigning) \
+ ? ((trust)->objectSigningFlags) \
+ : 0)))
/*
** An X.509.3 certificate extension
@@ -195,12 +198,12 @@
/* The following fields are static after the cert has been decoded */
char *subjectName;
char *issuerName;
- CERTSignedData signatureWrap; /* XXX */
- SECItem derCert; /* original DER for the cert */
- SECItem derIssuer; /* DER for issuer name */
- SECItem derSubject; /* DER for subject name */
- SECItem derPublicKey; /* DER for the public key */
- SECItem certKey; /* database key for this cert */
+ CERTSignedData signatureWrap; /* XXX */
+ SECItem derCert; /* original DER for the cert */
+ SECItem derIssuer; /* DER for issuer name */
+ SECItem derSubject; /* DER for subject name */
+ SECItem derPublicKey; /* DER for the public key */
+ SECItem certKey; /* database key for this cert */
SECItem version;
SECItem serialNumber;
SECAlgorithmID signature;
@@ -213,21 +216,21 @@
CERTCertExtension **extensions;
char *emailAddr;
CERTCertDBHandle *dbhandle;
- SECItem subjectKeyID; /* x509v3 subject key identifier */
- PRBool keyIDGenerated; /* was the keyid generated? */
- unsigned int keyUsage; /* what uses are allowed for this cert */
- unsigned int rawKeyUsage; /* value of the key usage extension */
- PRBool keyUsagePresent; /* was the key usage extension present */
- PRUint32 nsCertType; /* value of the ns cert type extension */
- /* must be 32-bit for PR_ATOMIC_SET */
+ SECItem subjectKeyID; /* x509v3 subject key identifier */
+ PRBool keyIDGenerated; /* was the keyid generated? */
+ unsigned int keyUsage; /* what uses are allowed for this cert */
+ unsigned int rawKeyUsage; /* value of the key usage extension */
+ PRBool keyUsagePresent; /* was the key usage extension present */
+ PRUint32 nsCertType; /* value of the ns cert type extension */
+ /* must be 32-bit for PR_ATOMIC_SET */
/* these values can be set by the application to bypass certain checks
* or to keep the cert in memory for an entire session.
* XXX - need an api to set these
*/
- PRBool keepSession; /* keep this cert for entire session*/
- PRBool timeOK; /* is the bad validity time ok? */
- CERTOKDomainName *domainOK; /* these domain names are ok */
+ PRBool keepSession; /* keep this cert for entire session*/
+ PRBool timeOK; /* is the bad validity time ok? */
+ CERTOKDomainName *domainOK; /* these domain names are ok */
/*
* these values can change when the cert changes state. These state
@@ -238,7 +241,7 @@
PRBool istemp;
char *nickname;
char *dbnickname;
- struct NSSCertificateStr *nssCertificate; /* This is Stan stuff. */
+ struct NSSCertificateStr *nssCertificate; /* This is Stan stuff. */
CERTCertTrust *trust;
/* the reference count is modified whenever someone looks up, dups
@@ -255,8 +258,8 @@
/* these belong in the static section, but are here to maintain
* the structure's integrity
*/
- CERTAuthKeyID * authKeyID; /* x509v3 authority key identifier */
- PRBool isRoot; /* cert is the end of a chain */
+ CERTAuthKeyID *authKeyID; /* x509v3 authority key identifier */
+ PRBool isRoot; /* cert is the end of a chain */
/* these fields are used by client GUI code to keep track of ssl sockets
* that are blocked waiting on GUI feedback related to this cert.
@@ -264,33 +267,33 @@
* data structure. They are only used by the browser right now.
*/
union {
- void* apointer; /* was struct SECSocketNode* authsocketlist */
+ void *apointer; /* was struct SECSocketNode* authsocketlist */
struct {
- unsigned int hasUnsupportedCriticalExt :1;
+ unsigned int hasUnsupportedCriticalExt : 1;
/* add any new option bits needed here */
} bits;
} options;
int series; /* was int authsocketcount; record the series of the pkcs11ID */
/* This is PKCS #11 stuff. */
- PK11SlotInfo *slot; /*if this cert came of a token, which is it*/
- CK_OBJECT_HANDLE pkcs11ID; /*and which object on that token is it */
- PRBool ownSlot; /*true if the cert owns the slot reference */
+ PK11SlotInfo *slot; /*if this cert came of a token, which is it*/
+ CK_OBJECT_HANDLE pkcs11ID; /*and which object on that token is it */
+ PRBool ownSlot; /*true if the cert owns the slot reference */
};
-#define SEC_CERTIFICATE_VERSION_1 0 /* default created */
-#define SEC_CERTIFICATE_VERSION_2 1 /* v2 */
-#define SEC_CERTIFICATE_VERSION_3 2 /* v3 extensions */
+#define SEC_CERTIFICATE_VERSION_1 0 /* default created */
+#define SEC_CERTIFICATE_VERSION_2 1 /* v2 */
+#define SEC_CERTIFICATE_VERSION_3 2 /* v3 extensions */
-#define SEC_CRL_VERSION_1 0 /* default */
-#define SEC_CRL_VERSION_2 1 /* v2 extensions */
+#define SEC_CRL_VERSION_1 0 /* default */
+#define SEC_CRL_VERSION_2 1 /* v2 extensions */
/*
* used to identify class of cert in mime stream code
*/
-#define SEC_CERT_CLASS_CA 1
-#define SEC_CERT_CLASS_SERVER 2
-#define SEC_CERT_CLASS_USER 3
-#define SEC_CERT_CLASS_EMAIL 4
+#define SEC_CERT_CLASS_CA 1
+#define SEC_CERT_CLASS_SERVER 2
+#define SEC_CERT_CLASS_USER 3
+#define SEC_CERT_CLASS_EMAIL 4
struct CERTDERCertsStr {
PLArenaPool *arena;
@@ -318,15 +321,14 @@
CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
CERTAttribute **attributes;
};
-#define SEC_CERTIFICATE_REQUEST_VERSION 0 /* what we *create* */
-
+#define SEC_CERTIFICATE_REQUEST_VERSION 0 /* what we *create* */
/*
** A certificate list object.
*/
struct CERTCertificateListStr {
SECItem *certs;
- int len; /* number of certs */
+ int len; /* number of certs */
PLArenaPool *arena;
};
@@ -344,13 +346,13 @@
#define CERT_LIST_HEAD(l) ((CERTCertListNode *)PR_LIST_HEAD(&l->list))
#define CERT_LIST_TAIL(l) ((CERTCertListNode *)PR_LIST_TAIL(&l->list))
#define CERT_LIST_NEXT(n) ((CERTCertListNode *)n->links.next)
-#define CERT_LIST_END(n,l) (((void *)n) == ((void *)&l->list))
+#define CERT_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
#define CERT_LIST_EMPTY(l) CERT_LIST_END(CERT_LIST_HEAD(l), l)
struct CERTCrlEntryStr {
SECItem serialNumber;
SECItem revocationDate;
- CERTCertExtension **extensions;
+ CERTCertExtension **extensions;
};
struct CERTCrlStr {
@@ -360,18 +362,18 @@
SECItem derName;
CERTName name;
SECItem lastUpdate;
- SECItem nextUpdate; /* optional for x.509 CRL */
+ SECItem nextUpdate; /* optional for x.509 CRL */
CERTCrlEntry **entries;
- CERTCertExtension **extensions;
+ CERTCertExtension **extensions;
/* can't add anything there for binary backwards compatibility reasons */
};
struct CERTCrlKeyStr {
SECItem derName;
- SECItem dummy; /* The decoder can not skip a primitive,
- this serves as a place holder for the
- decoder to finish its task only
- */
+ SECItem dummy; /* The decoder can not skip a primitive,
+ this serves as a place holder for the
+ decoder to finish its task only
+ */
};
struct CERTSignedCrlStr {
@@ -383,15 +385,14 @@
PRBool istemp;
int referenceCount;
CERTCertDBHandle *dbhandle;
- CERTSignedData signatureWrap; /* XXX */
+ CERTSignedData signatureWrap; /* XXX */
char *url;
SECItem *derCrl;
PK11SlotInfo *slot;
CK_OBJECT_HANDLE pkcs11ID;
- void* opaque; /* do not touch */
+ void *opaque; /* do not touch */
};
-
struct CERTCrlHeadNodeStr {
PLArenaPool *arena;
CERTCertDBHandle *dbhandle;
@@ -399,46 +400,41 @@
CERTCrlNode *last;
};
-
struct CERTCrlNodeStr {
CERTCrlNode *next;
- int type;
+ int type;
CERTSignedCrl *crl;
};
-
/*
* Array of X.500 Distinguished Names
*/
struct CERTDistNamesStr {
PLArenaPool *arena;
int nnames;
- SECItem *names;
+ SECItem *names;
void *head; /* private */
};
+#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
+#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
+#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
+#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
+#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
+#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
+#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
+#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
-#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
-#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
-#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
-#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
-#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
-#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
-#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
-#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
+#define EXT_KEY_USAGE_TIME_STAMP (0x8000)
+#define EXT_KEY_USAGE_STATUS_RESPONDER (0x4000)
-#define EXT_KEY_USAGE_TIME_STAMP (0x8000)
-#define EXT_KEY_USAGE_STATUS_RESPONDER (0x4000)
+#define NS_CERT_TYPE_APP \
+ (NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \
+ NS_CERT_TYPE_OBJECT_SIGNING)
-#define NS_CERT_TYPE_APP ( NS_CERT_TYPE_SSL_CLIENT | \
- NS_CERT_TYPE_SSL_SERVER | \
- NS_CERT_TYPE_EMAIL | \
- NS_CERT_TYPE_OBJECT_SIGNING )
-
-#define NS_CERT_TYPE_CA ( NS_CERT_TYPE_SSL_CA | \
- NS_CERT_TYPE_EMAIL_CA | \
- NS_CERT_TYPE_OBJECT_SIGNING_CA | \
- EXT_KEY_USAGE_STATUS_RESPONDER )
+#define NS_CERT_TYPE_CA \
+ (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA | \
+ NS_CERT_TYPE_OBJECT_SIGNING_CA | EXT_KEY_USAGE_STATUS_RESPONDER)
typedef enum SECCertUsageEnum {
certUsageSSLClient = 0,
certUsageSSLServer = 1,
@@ -456,19 +452,19 @@
typedef PRInt64 SECCertificateUsage;
-#define certificateUsageCheckAllUsages (0x0000)
-#define certificateUsageSSLClient (0x0001)
-#define certificateUsageSSLServer (0x0002)
-#define certificateUsageSSLServerWithStepUp (0x0004)
-#define certificateUsageSSLCA (0x0008)
-#define certificateUsageEmailSigner (0x0010)
-#define certificateUsageEmailRecipient (0x0020)
-#define certificateUsageObjectSigner (0x0040)
-#define certificateUsageUserCertImport (0x0080)
-#define certificateUsageVerifyCA (0x0100)
-#define certificateUsageProtectedObjectSigner (0x0200)
-#define certificateUsageStatusResponder (0x0400)
-#define certificateUsageAnyCA (0x0800)
+#define certificateUsageCheckAllUsages (0x0000)
+#define certificateUsageSSLClient (0x0001)
+#define certificateUsageSSLServer (0x0002)
+#define certificateUsageSSLServerWithStepUp (0x0004)
+#define certificateUsageSSLCA (0x0008)
+#define certificateUsageEmailSigner (0x0010)
+#define certificateUsageEmailRecipient (0x0020)
+#define certificateUsageObjectSigner (0x0040)
+#define certificateUsageUserCertImport (0x0080)
+#define certificateUsageVerifyCA (0x0100)
+#define certificateUsageProtectedObjectSigner (0x0200)
+#define certificateUsageStatusResponder (0x0400)
+#define certificateUsageAnyCA (0x0800)
#define certificateUsageHighest certificateUsageAnyCA
@@ -498,9 +494,8 @@
* CERT_CompareValidityTimes.
*/
-typedef enum CERTCompareValidityStatusEnum
-{
- certValidityUndetermined = 0, /* the function is unable to select one cert
+typedef enum CERTCompareValidityStatusEnum {
+ certValidityUndetermined = 0, /* the function is unable to select one cert
over another */
certValidityChooseB = 1, /* cert B should be preferred */
certValidityEqual = 2, /* both certs have the same validity period */
@@ -512,10 +507,10 @@
*/
/* these are values for the what argument below */
-#define SEC_CERT_NICKNAMES_ALL 1
-#define SEC_CERT_NICKNAMES_USER 2
-#define SEC_CERT_NICKNAMES_SERVER 3
-#define SEC_CERT_NICKNAMES_CA 4
+#define SEC_CERT_NICKNAMES_ALL 1
+#define SEC_CERT_NICKNAMES_USER 2
+#define SEC_CERT_NICKNAMES_SERVER 3
+#define SEC_CERT_NICKNAMES_CA 4
struct CERTCertNicknamesStr {
PLArenaPool *arena;
@@ -532,24 +527,19 @@
SECItem serialNumber;
};
-
/* X.509 v3 Key Usage Extension flags */
-#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
-#define KU_NON_REPUDIATION (0x40) /* bit 1 */
-#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
-#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
-#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
-#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
-#define KU_CRL_SIGN (0x02) /* bit 6 */
-#define KU_ENCIPHER_ONLY (0x01) /* bit 7 */
-#define KU_ALL (KU_DIGITAL_SIGNATURE | \
- KU_NON_REPUDIATION | \
- KU_KEY_ENCIPHERMENT | \
- KU_DATA_ENCIPHERMENT | \
- KU_KEY_AGREEMENT | \
- KU_KEY_CERT_SIGN | \
- KU_CRL_SIGN | \
- KU_ENCIPHER_ONLY)
+#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
+#define KU_NON_REPUDIATION (0x40) /* bit 1 */
+#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
+#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
+#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
+#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
+#define KU_CRL_SIGN (0x02) /* bit 6 */
+#define KU_ENCIPHER_ONLY (0x01) /* bit 7 */
+#define KU_ALL \
+ (KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT | \
+ KU_DATA_ENCIPHERMENT | KU_KEY_AGREEMENT | KU_KEY_CERT_SIGN | \
+ KU_CRL_SIGN | KU_ENCIPHER_ONLY)
/* This value will not occur in certs. It is used internally for the case
* when either digital signature or non-repudiation is the correct value.
@@ -565,40 +555,40 @@
/* internal bits that do not match bits in the x509v3 spec, but are used
* for similar purposes
*/
-#define KU_NS_GOVT_APPROVED (0x8000) /*don't make part of KU_ALL!*/
+#define KU_NS_GOVT_APPROVED (0x8000) /*don't make part of KU_ALL!*/
/*
- * x.509 v3 Basic Constraints Extension
- * If isCA is false, the pathLenConstraint is ignored.
- * Otherwise, the following pathLenConstraint values will apply:
- * < 0 - there is no limit to the certificate path
- * 0 - CA can issues end-entity certificates only
- * > 0 - the number of certificates in the certificate path is
- * limited to this number
- */
+* x.509 v3 Basic Constraints Extension
+* If isCA is false, the pathLenConstraint is ignored.
+* Otherwise, the following pathLenConstraint values will apply:
+* < 0 - there is no limit to the certificate path
+* 0 - CA can issues end-entity certificates only
+* > 0 - the number of certificates in the certificate path is
+* limited to this number
+*/
#define CERT_UNLIMITED_PATH_CONSTRAINT -2
struct CERTBasicConstraintsStr {
- PRBool isCA; /* on if is CA */
- int pathLenConstraint; /* maximum number of certificates that can be
- in the cert path. Only applies to a CA
- certificate; otherwise, it's ignored.
- */
+ PRBool isCA; /* on if is CA */
+ int pathLenConstraint; /* maximum number of certificates that can be
+ in the cert path. Only applies to a CA
+ certificate; otherwise, it's ignored.
+ */
};
/* Maximum length of a certificate chain */
#define CERT_MAX_CERT_CHAIN 20
-#define CERT_MAX_SERIAL_NUMBER_BYTES 20 /* from RFC 3280 */
-#define CERT_MAX_DN_BYTES 4096 /* arbitrary */
+#define CERT_MAX_SERIAL_NUMBER_BYTES 20 /* from RFC 3280 */
+#define CERT_MAX_DN_BYTES 4096 /* arbitrary */
/* x.509 v3 Reason Flags, used in CRLDistributionPoint Extension */
-#define RF_UNUSED (0x80) /* bit 0 */
-#define RF_KEY_COMPROMISE (0x40) /* bit 1 */
-#define RF_CA_COMPROMISE (0x20) /* bit 2 */
-#define RF_AFFILIATION_CHANGED (0x10) /* bit 3 */
-#define RF_SUPERSEDED (0x08) /* bit 4 */
-#define RF_CESSATION_OF_OPERATION (0x04) /* bit 5 */
-#define RF_CERTIFICATE_HOLD (0x02) /* bit 6 */
+#define RF_UNUSED (0x80) /* bit 0 */
+#define RF_KEY_COMPROMISE (0x40) /* bit 1 */
+#define RF_CA_COMPROMISE (0x20) /* bit 2 */
+#define RF_AFFILIATION_CHANGED (0x10) /* bit 3 */
+#define RF_SUPERSEDED (0x08) /* bit 4 */
+#define RF_CESSATION_OF_OPERATION (0x04) /* bit 5 */
+#define RF_CERTIFICATE_HOLD (0x02) /* bit 6 */
/* enum for CRL Entry Reason Code */
typedef enum CERTCRLEntryReasonCodeEnum {
@@ -628,23 +618,20 @@
certRegisterID = 9
} CERTGeneralNameType;
-
typedef struct OtherNameStr {
- SECItem name;
- SECItem oid;
-}OtherName;
-
-
+ SECItem name;
+ SECItem oid;
+} OtherName;
struct CERTGeneralNameStr {
- CERTGeneralNameType type; /* name type */
+ CERTGeneralNameType type; /* name type */
union {
- CERTName directoryName; /* distinguish name */
- OtherName OthName; /* Other Name */
- SECItem other; /* the rest of the name forms */
- }name;
- SECItem derDirectoryName; /* this is saved to simplify directory name
- comparison */
+ CERTName directoryName; /* distinguish name */
+ OtherName OthName; /* Other Name */
+ SECItem other; /* the rest of the name forms */
+ } name;
+ SECItem derDirectoryName; /* this is saved to simplify directory name
+ comparison */
PRCList l;
};
@@ -657,22 +644,20 @@
};
struct CERTNameConstraintStr {
- CERTGeneralName name;
- SECItem DERName;
- SECItem min;
- SECItem max;
- PRCList l;
+ CERTGeneralName name;
+ SECItem DERName;
+ SECItem min;
+ SECItem max;
+ PRCList l;
};
-
struct CERTNameConstraintsStr {
- CERTNameConstraint *permited;
- CERTNameConstraint *excluded;
- SECItem **DERPermited;
- SECItem **DERExcluded;
+ CERTNameConstraint *permited;
+ CERTNameConstraint *excluded;
+ SECItem **DERPermited;
+ SECItem **DERExcluded;
};
-
/* Private Key Usage Period extension struct. */
struct CERTPrivKeyUsagePeriodStr {
SECItem notBefore;
@@ -684,14 +669,14 @@
issuer field, we only support URI now.
*/
struct CERTAuthKeyIDStr {
- SECItem keyID; /* unique key identifier */
- CERTGeneralName *authCertIssuer; /* CA's issuer name. End with a NULL */
- SECItem authCertSerialNumber; /* CA's certificate serial number */
- SECItem **DERAuthCertIssuer; /* This holds the DER encoded format of
- the authCertIssuer field. It is used
- by the encoding engine. It should be
- used as a read only field by the caller.
- */
+ SECItem keyID; /* unique key identifier */
+ CERTGeneralName *authCertIssuer; /* CA's issuer name. End with a NULL */
+ SECItem authCertSerialNumber; /* CA's certificate serial number */
+ SECItem **DERAuthCertIssuer; /* This holds the DER encoded format of
+ the authCertIssuer field. It is used
+ by the encoding engine. It should be
+ used as a read only field by the caller.
+ */
};
/* x.509 v3 CRL Distributeion Point */
@@ -700,19 +685,19 @@
* defined the types of CRL Distribution points
*/
typedef enum DistributionPointTypesEnum {
- generalName = 1, /* only support this for now */
+ generalName = 1, /* only support this for now */
relativeDistinguishedName = 2
} DistributionPointTypes;
struct CRLDistributionPointStr {
DistributionPointTypes distPointType;
union {
- CERTGeneralName *fullName;
- CERTRDN relativeName;
+ CERTGeneralName *fullName;
+ CERTRDN relativeName;
} distPoint;
SECItem reasons;
CERTGeneralName *crlIssuer;
-
+
/* Reserved for internal use only*/
SECItem derDistPoint;
SECItem derRelativeName;
@@ -731,15 +716,14 @@
* once.
*/
struct CERTVerifyLogNodeStr {
- CERTCertificate *cert; /* what cert had the error */
- long error; /* what error was it? */
- unsigned int depth; /* how far up the chain are we */
- void *arg; /* error specific argument */
+ CERTCertificate *cert; /* what cert had the error */
+ long error; /* what error was it? */
+ unsigned int depth; /* how far up the chain are we */
+ void *arg; /* error specific argument */
struct CERTVerifyLogNodeStr *next; /* next in the list */
struct CERTVerifyLogNodeStr *prev; /* next in the list */
};
-
struct CERTVerifyLogStr {
PLArenaPool *arena;
unsigned int count;
@@ -747,36 +731,32 @@
struct CERTVerifyLogNodeStr *tail;
};
-
struct CERTOKDomainNameStr {
CERTOKDomainName *next;
- char name[1]; /* actual length may be longer. */
+ char name[1]; /* actual length may be longer. */
};
+typedef SECStatus(PR_CALLBACK *CERTStatusChecker)(CERTCertDBHandle *handle,
+ CERTCertificate *cert,
+ PRTime time, void *pwArg);
-typedef SECStatus (PR_CALLBACK *CERTStatusChecker) (CERTCertDBHandle *handle,
- CERTCertificate *cert,
- PRTime time,
- void *pwArg);
-
-typedef SECStatus (PR_CALLBACK *CERTStatusDestroy) (CERTStatusConfig *handle);
+typedef SECStatus(PR_CALLBACK *CERTStatusDestroy)(CERTStatusConfig *handle);
struct CERTStatusConfigStr {
- CERTStatusChecker statusChecker; /* NULL means no checking enabled */
- CERTStatusDestroy statusDestroy; /* enabled or no, will clean up */
- void *statusContext; /* cx specific to checking protocol */
+ CERTStatusChecker statusChecker; /* NULL means no checking enabled */
+ CERTStatusDestroy statusDestroy; /* enabled or no, will clean up */
+ void *statusContext; /* cx specific to checking protocol */
};
struct CERTAuthInfoAccessStr {
SECItem method;
SECItem derLocation;
- CERTGeneralName *location; /* decoded location */
+ CERTGeneralName *location; /* decoded location */
};
-
/* This is the typedef for the callback passed to CERT_OpenCertDB() */
/* callback to return database name based on version number */
-typedef char * (*CERTDBNameFunc)(void *arg, int dbVersion);
+typedef char *(*CERTDBNameFunc)(void *arg, int dbVersion);
/*
* types of cert packages that we can decode
@@ -875,10 +855,8 @@
* to indicate an fatal error that will cause path validation to fail
* immediately.
*/
-typedef SECStatus (*CERTChainVerifyCallbackFunc)
- (void *isChainValidArg,
- const CERTCertList *currentChain,
- PRBool *chainOK);
+typedef SECStatus (*CERTChainVerifyCallbackFunc)(
+ void *isChainValidArg, const CERTCertList *currentChain, PRBool *chainOK);
/*
* Note: If extending this structure, it will be necessary to change the
@@ -895,87 +873,91 @@
*/
typedef enum {
- cert_pi_end = 0, /* SPECIAL: signifies end of array of
- * CERTValParam* */
- cert_pi_nbioContext = 1, /* specify a non-blocking IO context used to
- * resume a session. If this argument is
- * specified, no other arguments should be.
- * Specified in value.pointer.p. If the
- * operation completes the context will be
- * freed. */
- cert_pi_nbioAbort = 2, /* specify a non-blocking IO context for an
- * existing operation which the caller wants
- * to abort. If this argument is
- * specified, no other arguments should be.
- * Specified in value.pointer.p. If the
- * operation succeeds the context will be
- * freed. */
- cert_pi_certList = 3, /* specify the chain to validate against. If
- * this value is given, then the path
- * construction step in the validation is
- * skipped. Specified in value.pointer.chain */
- cert_pi_policyOID = 4, /* validate certificate for policy OID.
- * Specified in value.array.oids. Cert must
- * be good for at least one OID in order
- * to validate. Default is that the user is not
- * concerned about certificate policy. */
- cert_pi_policyFlags = 5, /* flags for each policy specified in policyOID.
- * Specified in value.scalar.ul. Policy flags
- * apply to all specified oids.
- * Use CERT_POLICY_FLAG_* macros below. If not
- * specified policy flags default to 0 */
- cert_pi_keyusage = 6, /* specify what the keyusages the certificate
- * will be evaluated against, specified in
- * value.scalar.ui. The cert must validate for
- * at least one of the specified key usages.
- * Values match the KU_ bit flags defined
- * in this file. Default is derived from
- * the 'usages' function argument */
- cert_pi_extendedKeyusage= 7, /* specify what the required extended key
- * usage of the certificate. Specified as
- * an array of oidTags in value.array.oids.
- * The cert must validate for at least one
- * of the specified extended key usages.
- * If not specified, no extended key usages
- * will be checked. */
- cert_pi_date = 8, /* validate certificate is valid as of date
- * specified in value.scalar.time. A special
- * value '0' indicates 'now'. default is '0' */
- cert_pi_revocationFlags = 9, /* Specify what revocation checking to do.
- * See CERT_REV_FLAG_* macros below
- * Set in value.pointer.revocation */
- cert_pi_certStores = 10,/* Bitmask of Cert Store flags (see below)
- * Set in value.scalar.ui */
- cert_pi_trustAnchors = 11,/* Specify the list of trusted roots to
- * validate against.
- * The default set of trusted roots, these are
- * root CA certs from libnssckbi.so or CA
- * certs trusted by user, are used in any of
- * the following cases:
- * * when the parameter is not set.
- * * when the list of trust anchors is empty.
- * Note that this handling can be further altered by altering the
- * cert_pi_useOnlyTrustAnchors flag
- * Specified in value.pointer.chain */
- cert_pi_useAIACertFetch = 12, /* Enables cert fetching using AIA extension.
- * In NSS 3.12.1 or later. Default is off.
- * Value is in value.scalar.b */
- cert_pi_chainVerifyCallback = 13,
- /* The callback container for doing extra
- * validation on the currently calculated chain.
- * Value is in value.pointer.chainVerifyCallback */
- cert_pi_useOnlyTrustAnchors = 14,/* If true, disables trusting any
- * certificates other than the ones passed in via cert_pi_trustAnchors.
- * If false, then the certificates specified via cert_pi_trustAnchors
- * will be combined with the pre-existing trusted roots, but only for
- * the certificate validation being performed.
- * If no value has been supplied via cert_pi_trustAnchors, this has no
- * effect.
- * The default value is true, meaning if this is not supplied, only
- * trust anchors supplied via cert_pi_trustAnchors are trusted.
- * Specified in value.scalar.b */
- cert_pi_max /* SPECIAL: signifies maximum allowed value,
- * can increase in future releases */
+ cert_pi_end = 0, /* SPECIAL: signifies end of array of
+ * CERTValParam* */
+ cert_pi_nbioContext = 1, /* specify a non-blocking IO context used to
+ * resume a session. If this argument is
+ * specified, no other arguments should be.
+ * Specified in value.pointer.p. If the
+ * operation completes the context will be
+ * freed. */
+ cert_pi_nbioAbort = 2, /* specify a non-blocking IO context for an
+ * existing operation which the caller wants
+ * to abort. If this argument is
+ * specified, no other arguments should be.
+ * Specified in value.pointer.p. If the
+ * operation succeeds the context will be
+ * freed. */
+ cert_pi_certList = 3, /* specify the chain to validate against. If
+ * this value is given, then the path
+ * construction step in the validation is
+ * skipped. Specified in value.pointer.chain */
+ cert_pi_policyOID = 4, /* validate certificate for policy OID.
+ * Specified in value.array.oids. Cert must
+ * be good for at least one OID in order
+ * to validate. Default is that the user is not
+ * concerned about certificate policy. */
+ cert_pi_policyFlags = 5, /* flags for each policy specified in policyOID.
+ * Specified in value.scalar.ul. Policy flags
+ * apply to all specified oids.
+ * Use CERT_POLICY_FLAG_* macros below. If not
+ * specified policy flags default to 0 */
+ cert_pi_keyusage = 6, /* specify what the keyusages the certificate
+ * will be evaluated against, specified in
+ * value.scalar.ui. The cert must validate for
+ * at least one of the specified key usages.
+ * Values match the KU_ bit flags defined
+ * in this file. Default is derived from
+ * the 'usages' function argument */
+ cert_pi_extendedKeyusage = 7, /* specify what the required extended key
+ * usage of the certificate. Specified as
+ * an array of oidTags in value.array.oids.
+ * The cert must validate for at least one
+ * of the specified extended key usages.
+ * If not specified, no extended key usages
+ * will be checked. */
+ cert_pi_date = 8, /* validate certificate is valid as of date
+ * specified in value.scalar.time. A special
+ * value '0' indicates 'now'. default is '0' */
+ cert_pi_revocationFlags = 9, /* Specify what revocation checking to do.
+ * See CERT_REV_FLAG_* macros below
+ * Set in value.pointer.revocation */
+ cert_pi_certStores = 10, /* Bitmask of Cert Store flags (see below)
+ * Set in value.scalar.ui */
+ cert_pi_trustAnchors =
+ 11, /* Specify the list of trusted roots to
+ * validate against.
+ * The default set of trusted roots, these are
+ * root CA certs from libnssckbi.so or CA
+ * certs trusted by user, are used in any of
+ * the following cases:
+ * * when the parameter is not set.
+ * * when the list of trust anchors is
+ * empty.
+ * Note that this handling can be further
+ * altered by altering the
+ * cert_pi_useOnlyTrustAnchors flag
+ * Specified in value.pointer.chain */
+ cert_pi_useAIACertFetch = 12, /* Enables cert fetching using AIA extension.
+ * In NSS 3.12.1 or later. Default is off.
+ * Value is in value.scalar.b */
+ cert_pi_chainVerifyCallback = 13,
+ /* The callback container for doing extra
+ * validation on the currently calculated chain.
+ * Value is in value.pointer.chainVerifyCallback */
+ cert_pi_useOnlyTrustAnchors = 14,
+ /* If true, disables trusting any
+ * certificates other than the ones passed in via cert_pi_trustAnchors.
+ * If false, then the certificates specified via cert_pi_trustAnchors
+ * will be combined with the pre-existing trusted roots, but only
+ * for the certificate validation being performed.
+ * If no value has been supplied via cert_pi_trustAnchors, this has
+ * no effect.
+ * The default value is true, meaning if this is not supplied, only
+ * trust anchors supplied via cert_pi_trustAnchors are trusted.
+ * Specified in value.scalar.b */
+ cert_pi_max /* SPECIAL: signifies maximum allowed value,
+ * can increase in future releases */
} CERTValParamInType;
/*
@@ -987,39 +969,39 @@
* If SECWouldBlock is returned, only cert_pi_nbioContext is returned.
*/
typedef enum {
- cert_po_end = 0, /* SPECIAL: signifies end of array of
- * CERTValParam* */
- cert_po_nbioContext = 1, /* Return a nonblocking context. If no
- * non-blocking context is specified, then
- * blocking IO will be used.
- * Returned in value.pointer.p. The context is
- * freed after an abort or a complete operation.
- * This value is only returned on SECWouldBlock.
- */
- cert_po_trustAnchor = 2, /* Return the trust anchor for the chain that
- * was validated. Returned in
- * value.pointer.cert, this value is only
- * returned on SECSuccess. */
- cert_po_certList = 3, /* Return the entire chain that was validated.
- * Returned in value.pointer.certList. If no
- * chain could be constructed, this value
- * would be NULL. */
- cert_po_policyOID = 4, /* Return the policies that were found to be
- * valid. Returned in value.array.oids as an
- * array. This is only returned on
- * SECSuccess. */
- cert_po_errorLog = 5, /* Return a log of problems with the chain.
- * Returned in value.pointer.log */
- cert_po_usages = 6, /* Return what usages the certificate is valid
- for. Returned in value.scalar.usages */
- cert_po_keyUsage = 7, /* Return what key usages the certificate
- * is valid for.
- * Returned in value.scalar.usage */
- cert_po_extendedKeyusage= 8, /* Return what extended key usages the
- * certificate is valid for.
- * Returned in value.array.oids */
- cert_po_max /* SPECIAL: signifies maximum allowed value,
- * can increase in future releases */
+ cert_po_end = 0, /* SPECIAL: signifies end of array of
+ * CERTValParam* */
+ cert_po_nbioContext = 1, /* Return a nonblocking context. If no
+ * non-blocking context is specified, then
+ * blocking IO will be used.
+ * Returned in value.pointer.p. The context is
+ * freed after an abort or a complete operation.
+ * This value is only returned on SECWouldBlock.
+ */
+ cert_po_trustAnchor = 2, /* Return the trust anchor for the chain that
+ * was validated. Returned in
+ * value.pointer.cert, this value is only
+ * returned on SECSuccess. */
+ cert_po_certList = 3, /* Return the entire chain that was validated.
+ * Returned in value.pointer.certList. If no
+ * chain could be constructed, this value
+ * would be NULL. */
+ cert_po_policyOID = 4, /* Return the policies that were found to be
+ * valid. Returned in value.array.oids as an
+ * array. This is only returned on
+ * SECSuccess. */
+ cert_po_errorLog = 5, /* Return a log of problems with the chain.
+ * Returned in value.pointer.log */
+ cert_po_usages = 6, /* Return what usages the certificate is valid
+ for. Returned in value.scalar.usages */
+ cert_po_keyUsage = 7, /* Return what key usages the certificate
+ * is valid for.
+ * Returned in value.scalar.usage */
+ cert_po_extendedKeyusage = 8, /* Return what extended key usages the
+ * certificate is valid for.
+ * Returned in value.array.oids */
+ cert_po_max /* SPECIAL: signifies maximum allowed value,
+ * can increase in future releases */
} CERTValParamOutType;
@@ -1029,7 +1011,6 @@
cert_revocation_method_count
} CERTRevocationMethodIndex;
-
/*
* The following flags are supposed to be used to control bits in
* each integer contained in the array pointed to be:
@@ -1042,8 +1023,8 @@
* Whether or not to use a method for revocation testing.
* If set to "do not test", then all other flags are ignored.
*/
-#define CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0UL
-#define CERT_REV_M_TEST_USING_THIS_METHOD 1UL
+#define CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0UL
+#define CERT_REV_M_TEST_USING_THIS_METHOD 1UL
/*
* Whether or not NSS is allowed to attempt to fetch fresh information
@@ -1051,8 +1032,8 @@
* (Although fetching will never happen if fresh information for the
* method is already locally available.)
*/
-#define CERT_REV_M_ALLOW_NETWORK_FETCHING 0UL
-#define CERT_REV_M_FORBID_NETWORK_FETCHING 2UL
+#define CERT_REV_M_ALLOW_NETWORK_FETCHING 0UL
+#define CERT_REV_M_FORBID_NETWORK_FETCHING 2UL
/*
* Example for an implicit default source:
@@ -1060,14 +1041,14 @@
* IGNORE means:
* ignore the implicit default source, whether it's configured or not.
* ALLOW means:
- * if an implicit default source is configured,
+ * if an implicit default source is configured,
* then it overrides any available or missing source in the cert.
* if no implicit default source is configured,
- * then we continue to use what's available (or not available)
+ * then we continue to use what's available (or not available)
* in the certs.
- */
-#define CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0UL
-#define CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 4UL
+ */
+#define CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0UL
+#define CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 4UL
/*
* Defines the behavior if no fresh information is available,
@@ -1075,14 +1056,14 @@
* information is unknown (even after considering implicit sources,
* if allowed by other flags).
* SKIPT_TEST means:
- * We ignore that no fresh information is available and
+ * We ignore that no fresh information is available and
* skip this test.
* REQUIRE_INFO means:
* We still require that fresh information is available.
* Other flags define what happens on missing fresh info.
*/
-#define CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0UL
-#define CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 8UL
+#define CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0UL
+#define CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 8UL
/*
* Defines the behavior if we are unable to obtain fresh information.
@@ -1091,8 +1072,8 @@
* FAIL means:
* Return "cert revoked".
*/
-#define CERT_REV_M_IGNORE_MISSING_FRESH_INFO 0UL
-#define CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO 16UL
+#define CERT_REV_M_IGNORE_MISSING_FRESH_INFO 0UL
+#define CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO 16UL
/*
* What should happen if we were able to find fresh information using
@@ -1104,8 +1085,8 @@
* We will continue and test the next allowed
* specified method.
*/
-#define CERT_REV_M_STOP_TESTING_ON_FRESH_INFO 0UL
-#define CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 32UL
+#define CERT_REV_M_STOP_TESTING_ON_FRESH_INFO 0UL
+#define CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 32UL
/* When this flag is used, libpkix will never attempt to use the GET HTTP
* method for OCSP requests; it will always use POST.
@@ -1131,8 +1112,8 @@
* which are already locally available. Only after that is done
* consider to fetch from the network (as allowed by other flags).
*/
-#define CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY 0UL
-#define CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 1UL
+#define CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY 0UL
+#define CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 1UL
/*
* Use this flag to specify that it's necessary that fresh information
@@ -1147,10 +1128,9 @@
* This setting overrides the CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
* flag on all methods.
*/
-#define CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0UL
+#define CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0UL
#define CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 2UL
-
typedef struct {
/*
* The size of the array that cert_rev_flags_per_method points to,
@@ -1163,20 +1143,20 @@
* A pointer to an array of integers.
* Each integer defines revocation checking for a single method,
* by having individual CERT_REV_M_* bits set or not set.
- * The meaning of index numbers into this array are defined by
+ * The meaning of index numbers into this array are defined by
* enum CERTRevocationMethodIndex
* The size of the array must be specified by the caller in the separate
* variable number_of_defined_methods.
- * The size of the array may be smaller than
+ * The size of the array may be smaller than
* cert_revocation_method_count, it can happen if a caller
* is not yet aware of the latest revocation methods
* (or does not want to use them).
- */
+ */
PRUint64 *cert_rev_flags_per_method;
/*
* How many preferred methods are specified?
- * This is equivalent to the size of the array that
+ * This is equivalent to the size of the array that
* preferred_methods points to.
* It's allowed to set this value to zero,
* then NSS will decide which methods to prefer.
@@ -1207,50 +1187,49 @@
typedef struct CERTValParamInValueStr {
union {
- PRBool b;
- PRInt32 i;
+ PRBool b;
+ PRInt32 i;
PRUint32 ui;
- PRInt64 l;
+ PRInt64 l;
PRUint64 ul;
PRTime time;
} scalar;
union {
- const void* p;
- const char* s;
- const CERTCertificate* cert;
+ const void *p;
+ const char *s;
+ const CERTCertificate *cert;
const CERTCertList *chain;
const CERTRevocationFlags *revocation;
const CERTChainVerifyCallback *chainVerifyCallback;
} pointer;
union {
- const PRInt32 *pi;
+ const PRInt32 *pi;
const PRUint32 *pui;
- const PRInt64 *pl;
+ const PRInt64 *pl;
const PRUint64 *pul;
const SECOidTag *oids;
} array;
int arraySize;
} CERTValParamInValue;
-
typedef struct CERTValParamOutValueStr {
union {
- PRBool b;
- PRInt32 i;
+ PRBool b;
+ PRInt32 i;
PRUint32 ui;
- PRInt64 l;
+ PRInt64 l;
PRUint64 ul;
SECCertificateUsage usages;
} scalar;
union {
- void* p;
- char* s;
+ void *p;
+ char *s;
CERTVerifyLog *log;
- CERTCertificate* cert;
+ CERTCertificate *cert;
CERTCertList *chain;
} pointer;
union {
- void *p;
+ void *p;
SECOidTag *oids;
} array;
int arraySize;
@@ -1270,35 +1249,35 @@
* Levels of standards conformance strictness for CERT_NameToAsciiInvertible
*/
typedef enum CertStrictnessLevels {
- CERT_N2A_READABLE = 0, /* maximum human readability */
- CERT_N2A_STRICT = 10, /* strict RFC compliance */
- CERT_N2A_INVERTIBLE = 20 /* maximum invertibility,
- all DirectoryStrings encoded in hex */
+ CERT_N2A_READABLE = 0, /* maximum human readability */
+ CERT_N2A_STRICT = 10, /* strict RFC compliance */
+ CERT_N2A_INVERTIBLE = 20 /* maximum invertibility,
+ all DirectoryStrings encoded in hex */
} CertStrictnessLevel;
/*
* policy flag defines
*/
-#define CERT_POLICY_FLAG_NO_MAPPING 1
-#define CERT_POLICY_FLAG_EXPLICIT 2
-#define CERT_POLICY_FLAG_NO_ANY 4
+#define CERT_POLICY_FLAG_NO_MAPPING 1
+#define CERT_POLICY_FLAG_EXPLICIT 2
+#define CERT_POLICY_FLAG_NO_ANY 4
/*
* CertStore flags
*/
-#define CERT_ENABLE_LDAP_FETCH 1
-#define CERT_ENABLE_HTTP_FETCH 2
+#define CERT_ENABLE_LDAP_FETCH 1
+#define CERT_ENABLE_HTTP_FETCH 2
/* This functin pointer type may be used for any function that takes
* a CERTCertificate * and returns an allocated string, which must be
* freed by a call to PORT_Free.
*/
-typedef char * (*CERT_StringFromCertFcn)(CERTCertificate *cert);
+typedef char *(*CERT_StringFromCertFcn)(CERTCertificate *cert);
/* XXX Lisa thinks the template declarations belong in cert.h, not here? */
-#include "secasn1t.h" /* way down here because I expect template stuff to
- * move out of here anyway */
+#include "secasn1t.h" /* way down here because I expect template stuff to
+ * move out of here anyway */
SEC_BEGIN_PROTOS
diff --git a/nss/lib/certdb/certv3.c b/nss/lib/certdb/certv3.c
index 1735b5e..4918ec1 100644
--- a/nss/lib/certdb/certv3.c
+++ b/nss/lib/certdb/certv3.c
@@ -15,17 +15,15 @@
#include "secerr.h"
SECStatus
-CERT_FindCertExtensionByOID(CERTCertificate *cert, SECItem *oid,
- SECItem *value)
+CERT_FindCertExtensionByOID(CERTCertificate *cert, SECItem *oid, SECItem *value)
{
- return (cert_FindExtensionByOID (cert->extensions, oid, value));
+ return (cert_FindExtensionByOID(cert->extensions, oid, value));
}
-
SECStatus
CERT_FindCertExtension(const CERTCertificate *cert, int tag, SECItem *value)
{
- return (cert_FindExtension (cert->extensions, tag, value));
+ return (cert_FindExtension(cert->extensions, tag, value));
}
static void
@@ -34,13 +32,13 @@
CERTCertificate *cert = (CERTCertificate *)object;
cert->extensions = exts;
- DER_SetUInteger (cert->arena, &(cert->version), SEC_CERTIFICATE_VERSION_3);
+ DER_SetUInteger(cert->arena, &(cert->version), SEC_CERTIFICATE_VERSION_3);
}
void *
CERT_StartCertExtensions(CERTCertificate *cert)
{
- return (cert_StartExtensions ((void *)cert, cert->arena, SetExts));
+ return (cert_StartExtensions((void *)cert, cert->arena, SetExts));
}
/*
@@ -50,62 +48,60 @@
CERT_FindNSCertTypeExtension(CERTCertificate *cert, SECItem *retItem)
{
- return (CERT_FindBitStringExtension
- (cert->extensions, SEC_OID_NS_CERT_EXT_CERT_TYPE, retItem));
+ return (CERT_FindBitStringExtension(
+ cert->extensions, SEC_OID_NS_CERT_EXT_CERT_TYPE, retItem));
}
-
/*
* get the value of a string type extension
*/
char *
CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag)
{
- SECItem wrapperItem, tmpItem = {siBuffer,0};
+ SECItem wrapperItem, tmpItem = { siBuffer, 0 };
SECStatus rv;
PLArenaPool *arena = NULL;
char *retstring = NULL;
-
+
wrapperItem.data = NULL;
tmpItem.data = NULL;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( ! arena ) {
- goto loser;
- }
-
- rv = cert_FindExtension(cert->extensions, oidtag,
- &wrapperItem);
- if ( rv != SECSuccess ) {
- goto loser;
+
+ if (!arena) {
+ goto loser;
}
- rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
- SEC_ASN1_GET(SEC_IA5StringTemplate), &wrapperItem);
-
- if ( rv != SECSuccess ) {
- goto loser;
+ rv = cert_FindExtension(cert->extensions, oidtag, &wrapperItem);
+ if (rv != SECSuccess) {
+ goto loser;
}
- retstring = (char *)PORT_Alloc(tmpItem.len + 1 );
- if ( retstring == NULL ) {
- goto loser;
+ rv = SEC_QuickDERDecodeItem(
+ arena, &tmpItem, SEC_ASN1_GET(SEC_IA5StringTemplate), &wrapperItem);
+
+ if (rv != SECSuccess) {
+ goto loser;
}
-
+
+ retstring = (char *)PORT_Alloc(tmpItem.len + 1);
+ if (retstring == NULL) {
+ goto loser;
+ }
+
PORT_Memcpy(retstring, tmpItem.data, tmpItem.len);
retstring[tmpItem.len] = '\0';
loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if ( wrapperItem.data ) {
- PORT_Free(wrapperItem.data);
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
}
- return(retstring);
+ if (wrapperItem.data) {
+ PORT_Free(wrapperItem.data);
+ }
+
+ return (retstring);
}
/*
@@ -116,7 +112,7 @@
{
return (CERT_FindBitStringExtension(cert->extensions,
- SEC_OID_X509_KEY_USAGE, retItem));
+ SEC_OID_X509_KEY_USAGE, retItem));
}
/*
@@ -127,24 +123,24 @@
{
SECStatus rv;
- SECItem encodedValue = {siBuffer, NULL, 0 };
- SECItem decodedValue = {siBuffer, NULL, 0 };
+ SECItem encodedValue = { siBuffer, NULL, 0 };
+ SECItem decodedValue = { siBuffer, NULL, 0 };
- rv = cert_FindExtension
- (cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID, &encodedValue);
+ rv = cert_FindExtension(cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID,
+ &encodedValue);
if (rv == SECSuccess) {
- PLArenaPool * tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (tmpArena) {
- rv = SEC_QuickDERDecodeItem(tmpArena, &decodedValue,
- SEC_ASN1_GET(SEC_OctetStringTemplate),
- &encodedValue);
- if (rv == SECSuccess) {
- rv = SECITEM_CopyItem(NULL, retItem, &decodedValue);
- }
- PORT_FreeArena(tmpArena, PR_FALSE);
- } else {
- rv = SECFailure;
- }
+ PLArenaPool *tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (tmpArena) {
+ rv = SEC_QuickDERDecodeItem(tmpArena, &decodedValue,
+ SEC_ASN1_GET(SEC_OctetStringTemplate),
+ &encodedValue);
+ if (rv == SECSuccess) {
+ rv = SECITEM_CopyItem(NULL, retItem, &decodedValue);
+ }
+ PORT_FreeArena(tmpArena, PR_FALSE);
+ } else {
+ rv = SECFailure;
+ }
}
SECITEM_FreeItem(&encodedValue, PR_FALSE);
return rv;
@@ -152,7 +148,7 @@
SECStatus
CERT_FindBasicConstraintExten(CERTCertificate *cert,
- CERTBasicConstraints *value)
+ CERTBasicConstraints *value)
{
SECItem encodedExtenValue;
SECStatus rv;
@@ -161,42 +157,42 @@
encodedExtenValue.len = 0;
rv = cert_FindExtension(cert->extensions, SEC_OID_X509_BASIC_CONSTRAINTS,
- &encodedExtenValue);
- if ( rv != SECSuccess ) {
- return (rv);
+ &encodedExtenValue);
+ if (rv != SECSuccess) {
+ return (rv);
}
- rv = CERT_DecodeBasicConstraintValue (value, &encodedExtenValue);
-
+ rv = CERT_DecodeBasicConstraintValue(value, &encodedExtenValue);
+
/* free the raw extension data */
PORT_Free(encodedExtenValue.data);
encodedExtenValue.data = NULL;
-
- return(rv);
+
+ return (rv);
}
CERTAuthKeyID *
-CERT_FindAuthKeyIDExten (PLArenaPool *arena, CERTCertificate *cert)
+CERT_FindAuthKeyIDExten(PLArenaPool *arena, CERTCertificate *cert)
{
SECItem encodedExtenValue;
SECStatus rv;
CERTAuthKeyID *ret;
-
+
encodedExtenValue.data = NULL;
encodedExtenValue.len = 0;
rv = cert_FindExtension(cert->extensions, SEC_OID_X509_AUTH_KEY_ID,
- &encodedExtenValue);
- if ( rv != SECSuccess ) {
- return (NULL);
+ &encodedExtenValue);
+ if (rv != SECSuccess) {
+ return (NULL);
}
- ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue);
+ ret = CERT_DecodeAuthKeyID(arena, &encodedExtenValue);
PORT_Free(encodedExtenValue.data);
encodedExtenValue.data = NULL;
-
- return(ret);
+
+ return (ret);
}
SECStatus
@@ -207,9 +203,9 @@
/* There is no extension, v1 or v2 certificate */
if (cert->extensions == NULL) {
- return (SECSuccess);
+ return (SECSuccess);
}
-
+
keyUsage.data = NULL;
/* This code formerly ignored the Key Usage extension if it was
@@ -218,12 +214,12 @@
*/
rv = CERT_FindKeyUsageExtension(cert, &keyUsage);
if (rv == SECFailure) {
- rv = (PORT_GetError () == SEC_ERROR_EXTENSION_NOT_FOUND) ?
- SECSuccess : SECFailure;
+ rv = (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) ? SECSuccess
+ : SECFailure;
} else if (!(keyUsage.data[0] & usage)) {
- PORT_SetError (SEC_ERROR_CERT_USAGES_INVALID);
- rv = SECFailure;
+ PORT_SetError(SEC_ERROR_CERT_USAGES_INVALID);
+ rv = SECFailure;
}
- PORT_Free (keyUsage.data);
+ PORT_Free(keyUsage.data);
return (rv);
}
diff --git a/nss/lib/certdb/certxutl.c b/nss/lib/certdb/certxutl.c
index 67dd1a1..1610da2 100644
--- a/nss/lib/certdb/certxutl.c
+++ b/nss/lib/certdb/certxutl.c
@@ -16,93 +16,93 @@
#include "secerr.h"
#ifdef OLD
-#include "ocspti.h" /* XXX a better extensions interface would not
+#include "ocspti.h" /* XXX a better extensions interface would not
* require knowledge of data structures of callers */
#endif
static CERTCertExtension *
-GetExtension (CERTCertExtension **extensions, SECItem *oid)
+GetExtension(CERTCertExtension **extensions, SECItem *oid)
{
CERTCertExtension **exts;
CERTCertExtension *ext = NULL;
SECComparison comp;
exts = extensions;
-
- if (exts) {
- while ( *exts ) {
- ext = *exts;
- comp = SECITEM_CompareItem(oid, &ext->id);
- if ( comp == SECEqual )
- break;
- exts++;
- }
- return (*exts ? ext : NULL);
+ if (exts) {
+ while (*exts) {
+ ext = *exts;
+ comp = SECITEM_CompareItem(oid, &ext->id);
+ if (comp == SECEqual)
+ break;
+
+ exts++;
+ }
+ return (*exts ? ext : NULL);
}
return (NULL);
}
SECStatus
-cert_FindExtensionByOID (CERTCertExtension **extensions, SECItem *oid, SECItem *value)
+cert_FindExtensionByOID(CERTCertExtension **extensions, SECItem *oid,
+ SECItem *value)
{
CERTCertExtension *ext;
SECStatus rv = SECSuccess;
-
- ext = GetExtension (extensions, oid);
+
+ ext = GetExtension(extensions, oid);
if (ext == NULL) {
- PORT_SetError (SEC_ERROR_EXTENSION_NOT_FOUND);
- return (SECFailure);
+ PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
+ return (SECFailure);
}
if (value)
- rv = SECITEM_CopyItem(NULL, value, &ext->value);
+ rv = SECITEM_CopyItem(NULL, value, &ext->value);
return (rv);
}
-
SECStatus
-CERT_GetExtenCriticality (CERTCertExtension **extensions, int tag, PRBool *isCritical)
+CERT_GetExtenCriticality(CERTCertExtension **extensions, int tag,
+ PRBool *isCritical)
{
CERTCertExtension *ext;
SECOidData *oid;
if (!isCritical)
- return (SECSuccess);
-
+ return (SECSuccess);
+
/* find the extension in the extensions list */
oid = SECOID_FindOIDByTag((SECOidTag)tag);
- if ( !oid ) {
- return(SECFailure);
+ if (!oid) {
+ return (SECFailure);
}
- ext = GetExtension (extensions, &oid->oid);
+ ext = GetExtension(extensions, &oid->oid);
if (ext == NULL) {
- PORT_SetError (SEC_ERROR_EXTENSION_NOT_FOUND);
- return (SECFailure);
+ PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
+ return (SECFailure);
}
/* If the criticality is omitted, then it is false by default.
ex->critical.data is NULL */
if (ext->critical.data == NULL)
- *isCritical = PR_FALSE;
+ *isCritical = PR_FALSE;
else
- *isCritical = (ext->critical.data[0] == 0xff) ? PR_TRUE : PR_FALSE;
- return (SECSuccess);
+ *isCritical = (ext->critical.data[0] == 0xff) ? PR_TRUE : PR_FALSE;
+ return (SECSuccess);
}
SECStatus
cert_FindExtension(CERTCertExtension **extensions, int tag, SECItem *value)
{
SECOidData *oid;
-
+
oid = SECOID_FindOIDByTag((SECOidTag)tag);
- if ( !oid ) {
- return(SECFailure);
+ if (!oid) {
+ return (SECFailure);
}
- return(cert_FindExtensionByOID(extensions, &oid->oid, value));
+ return (cert_FindExtensionByOID(extensions, &oid->oid, value));
}
-
typedef struct _extNode {
struct _extNode *next;
CERTCertExtension *ext;
@@ -115,7 +115,7 @@
PLArenaPool *arena;
extNode *head;
int count;
-}extRec;
+} extRec;
/*
* cert_StartExtensions
@@ -125,20 +125,20 @@
*/
void *
cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
- void (*setExts)(void *object, CERTCertExtension **exts))
+ void (*setExts)(void *object, CERTCertExtension **exts))
{
PLArenaPool *arena;
extRec *handle;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- return(0);
+ if (!arena) {
+ return (0);
}
handle = (extRec *)PORT_ArenaAlloc(arena, sizeof(extRec));
- if ( !handle ) {
- PORT_FreeArena(arena, PR_FALSE);
- return(0);
+ if (!handle) {
+ PORT_FreeArena(arena, PR_FALSE);
+ return (0);
}
handle->object = owner;
@@ -148,8 +148,8 @@
handle->arena = arena;
handle->head = 0;
handle->count = 0;
-
- return(handle);
+
+ return (handle);
}
static unsigned char hextrue = 0xff;
@@ -158,77 +158,77 @@
* Note - assumes that data pointed to by oid->data will not move
*/
SECStatus
-CERT_AddExtensionByOID (void *exthandle, SECItem *oid, SECItem *value,
- PRBool critical, PRBool copyData)
+CERT_AddExtensionByOID(void *exthandle, SECItem *oid, SECItem *value,
+ PRBool critical, PRBool copyData)
{
CERTCertExtension *ext;
SECStatus rv;
extNode *node;
extRec *handle;
-
+
handle = (extRec *)exthandle;
/* allocate space for extension and list node */
- ext = (CERTCertExtension*)PORT_ArenaZAlloc(handle->ownerArena,
- sizeof(CERTCertExtension));
- if ( !ext ) {
- return(SECFailure);
+ ext = (CERTCertExtension *)PORT_ArenaZAlloc(handle->ownerArena,
+ sizeof(CERTCertExtension));
+ if (!ext) {
+ return (SECFailure);
}
- node = (extNode*)PORT_ArenaAlloc(handle->arena, sizeof(extNode));
- if ( !node ) {
- return(SECFailure);
+ node = (extNode *)PORT_ArenaAlloc(handle->arena, sizeof(extNode));
+ if (!node) {
+ return (SECFailure);
}
/* add to list */
node->next = handle->head;
handle->head = node;
-
+
/* point to ext struct */
node->ext = ext;
-
+
/* the object ID of the extension */
ext->id = *oid;
-
+
/* set critical field */
- if ( critical ) {
- ext->critical.data = (unsigned char*)&hextrue;
- ext->critical.len = 1;
+ if (critical) {
+ ext->critical.data = (unsigned char *)&hextrue;
+ ext->critical.len = 1;
}
/* set the value */
- if ( copyData ) {
- rv = SECITEM_CopyItem(handle->ownerArena, &ext->value, value);
- if ( rv ) {
- return(SECFailure);
- }
+ if (copyData) {
+ rv = SECITEM_CopyItem(handle->ownerArena, &ext->value, value);
+ if (rv) {
+ return (SECFailure);
+ }
} else {
- ext->value = *value;
+ ext->value = *value;
}
-
- handle->count++;
-
- return(SECSuccess);
+ handle->count++;
+
+ return (SECSuccess);
}
SECStatus
-CERT_AddExtension(void *exthandle, int idtag, SECItem *value,
- PRBool critical, PRBool copyData)
+CERT_AddExtension(void *exthandle, int idtag, SECItem *value, PRBool critical,
+ PRBool copyData)
{
SECOidData *oid;
-
+
oid = SECOID_FindOIDByTag((SECOidTag)idtag);
- if ( !oid ) {
- return(SECFailure);
+ if (!oid) {
+ return (SECFailure);
}
- return(CERT_AddExtensionByOID(exthandle, &oid->oid, value, critical, copyData));
+ return (CERT_AddExtensionByOID(exthandle, &oid->oid, value, critical,
+ copyData));
}
SECStatus
CERT_EncodeAndAddExtension(void *exthandle, int idtag, void *value,
- PRBool critical, const SEC_ASN1Template *atemplate)
+ PRBool critical, const SEC_ASN1Template *atemplate)
{
extRec *handle;
SECItem *encitem;
@@ -236,45 +236,43 @@
handle = (extRec *)exthandle;
encitem = SEC_ASN1EncodeItem(handle->ownerArena, NULL, value, atemplate);
- if ( encitem == NULL ) {
- return(SECFailure);
+ if (encitem == NULL) {
+ return (SECFailure);
}
return CERT_AddExtension(exthandle, idtag, encitem, critical, PR_FALSE);
}
void
-PrepareBitStringForEncoding (SECItem *bitsmap, SECItem *value)
+PrepareBitStringForEncoding(SECItem *bitsmap, SECItem *value)
{
- unsigned char onebyte;
- unsigned int i, len = 0;
+ unsigned char onebyte;
+ unsigned int i, len = 0;
- /* to prevent warning on some platform at compile time */
- onebyte = '\0';
- /* Get the position of the right-most turn-on bit */
- for (i = 0; i < (value->len ) * 8; ++i) {
- if (i % 8 == 0)
- onebyte = value->data[i/8];
- if (onebyte & 0x80)
- len = i;
- onebyte <<= 1;
-
- }
- bitsmap->data = value->data;
- /* Add one here since we work with base 1 */
- bitsmap->len = len + 1;
+ /* to prevent warning on some platform at compile time */
+ onebyte = '\0';
+ /* Get the position of the right-most turn-on bit */
+ for (i = 0; i < (value->len) * 8; ++i) {
+ if (i % 8 == 0)
+ onebyte = value->data[i / 8];
+ if (onebyte & 0x80)
+ len = i;
+ onebyte <<= 1;
+ }
+ bitsmap->data = value->data;
+ /* Add one here since we work with base 1 */
+ bitsmap->len = len + 1;
}
SECStatus
-CERT_EncodeAndAddBitStrExtension (void *exthandle, int idtag,
- SECItem *value, PRBool critical)
+CERT_EncodeAndAddBitStrExtension(void *exthandle, int idtag, SECItem *value,
+ PRBool critical)
{
- SECItem bitsmap;
-
- PrepareBitStringForEncoding (&bitsmap, value);
- return (CERT_EncodeAndAddExtension
- (exthandle, idtag, &bitsmap, critical,
- SEC_ASN1_GET(SEC_BitStringTemplate)));
+ SECItem bitsmap;
+
+ PrepareBitStringForEncoding(&bitsmap, value);
+ return (CERT_EncodeAndAddExtension(exthandle, idtag, &bitsmap, critical,
+ SEC_ASN1_GET(SEC_BitStringTemplate)));
}
SECStatus
@@ -284,53 +282,53 @@
extNode *node;
CERTCertExtension **exts;
SECStatus rv = SECFailure;
-
+
handle = (extRec *)exthandle;
/* allocate space for extensions array */
exts = PORT_ArenaNewArray(handle->ownerArena, CERTCertExtension *,
- handle->count + 1);
+ handle->count + 1);
if (exts == NULL) {
- goto loser;
+ goto loser;
}
- /* put extensions in owner object and update its version number */
+/* put extensions in owner object and update its version number */
#ifdef OLD
switch (handle->type) {
- case CertificateExtensions:
- handle->owner.cert->extensions = exts;
- DER_SetUInteger (ownerArena, &(handle->owner.cert->version),
- SEC_CERTIFICATE_VERSION_3);
- break;
- case CrlExtensions:
- handle->owner.crl->extensions = exts;
- DER_SetUInteger (ownerArena, &(handle->owner.crl->version),
- SEC_CRL_VERSION_2);
- break;
- case OCSPRequestExtensions:
- handle->owner.request->tbsRequest->requestExtensions = exts;
- break;
- case OCSPSingleRequestExtensions:
- handle->owner.singleRequest->singleRequestExtensions = exts;
- break;
- case OCSPResponseSingleExtensions:
- handle->owner.singleResponse->singleExtensions = exts;
- break;
+ case CertificateExtensions:
+ handle->owner.cert->extensions = exts;
+ DER_SetUInteger(ownerArena, &(handle->owner.cert->version),
+ SEC_CERTIFICATE_VERSION_3);
+ break;
+ case CrlExtensions:
+ handle->owner.crl->extensions = exts;
+ DER_SetUInteger(ownerArena, &(handle->owner.crl->version),
+ SEC_CRL_VERSION_2);
+ break;
+ case OCSPRequestExtensions:
+ handle->owner.request->tbsRequest->requestExtensions = exts;
+ break;
+ case OCSPSingleRequestExtensions:
+ handle->owner.singleRequest->singleRequestExtensions = exts;
+ break;
+ case OCSPResponseSingleExtensions:
+ handle->owner.singleResponse->singleExtensions = exts;
+ break;
}
#endif
handle->setExts(handle->object, exts);
-
+
/* update the version number */
/* copy each extension pointer */
node = handle->head;
- while ( node ) {
- *exts = node->ext;
-
- node = node->next;
- exts++;
+ while (node) {
+ *exts = node->ext;
+
+ node = node->next;
+ exts++;
}
/* terminate the array of extensions */
@@ -352,19 +350,18 @@
SECOidTag tag;
extNode *node;
extRec *handle = exthandle;
-
+
if (!exthandle || !extensions) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
while ((ext = *extensions++) != NULL) {
tag = SECOID_FindOIDTag(&ext->id);
- for (node=handle->head; node != NULL; node=node->next) {
+ for (node = handle->head; node != NULL; node = node->next) {
if (tag == 0) {
if (SECITEM_ItemsAreEqual(&ext->id, &node->ext->id))
break;
- }
- else {
+ } else {
if (SECOID_FindOIDTag(&node->ext->id) == tag) {
break;
}
@@ -372,15 +369,15 @@
}
if (node == NULL) {
PRBool critical = (ext->critical.len != 0 &&
- ext->critical.data[ext->critical.len - 1] != 0);
+ ext->critical.data[ext->critical.len - 1] != 0);
if (critical && tag == SEC_OID_UNKNOWN) {
- PORT_SetError(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
- rv = SECFailure;
- break;
+ PORT_SetError(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
+ rv = SECFailure;
+ break;
}
/* add to list */
- rv = CERT_AddExtensionByOID (exthandle, &ext->id, &ext->value,
- critical, PR_TRUE);
+ rv = CERT_AddExtensionByOID(exthandle, &ext->id, &ext->value,
+ critical, PR_TRUE);
if (rv != SECSuccess)
break;
}
@@ -392,108 +389,107 @@
* get the value of the Netscape Certificate Type Extension
*/
SECStatus
-CERT_FindBitStringExtension (CERTCertExtension **extensions, int tag,
- SECItem *retItem)
+CERT_FindBitStringExtension(CERTCertExtension **extensions, int tag,
+ SECItem *retItem)
{
- SECItem wrapperItem, tmpItem = {siBuffer,0};
+ SECItem wrapperItem, tmpItem = { siBuffer, 0 };
SECStatus rv;
PLArenaPool *arena = NULL;
-
+
wrapperItem.data = NULL;
tmpItem.data = NULL;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( ! arena ) {
- return(SECFailure);
+
+ if (!arena) {
+ return (SECFailure);
}
-
+
rv = cert_FindExtension(extensions, tag, &wrapperItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
- rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
- SEC_ASN1_GET(SEC_BitStringTemplate),
- &wrapperItem);
+ rv = SEC_QuickDERDecodeItem(
+ arena, &tmpItem, SEC_ASN1_GET(SEC_BitStringTemplate), &wrapperItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
- retItem->data = (unsigned char *)PORT_Alloc( ( tmpItem.len + 7 ) >> 3 );
- if ( retItem->data == NULL ) {
- goto loser;
+ retItem->data = (unsigned char *)PORT_Alloc((tmpItem.len + 7) >> 3);
+ if (retItem->data == NULL) {
+ goto loser;
}
-
- PORT_Memcpy(retItem->data, tmpItem.data, ( tmpItem.len + 7 ) >> 3);
+
+ PORT_Memcpy(retItem->data, tmpItem.data, (tmpItem.len + 7) >> 3);
retItem->len = tmpItem.len;
-
+
rv = SECSuccess;
goto done;
-
+
loser:
rv = SECFailure;
done:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if ( wrapperItem.data ) {
- PORT_Free(wrapperItem.data);
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
}
- return(rv);
+ if (wrapperItem.data) {
+ PORT_Free(wrapperItem.data);
+ }
+
+ return (rv);
}
PRBool
-cert_HasCriticalExtension (CERTCertExtension **extensions)
+cert_HasCriticalExtension(CERTCertExtension **extensions)
{
CERTCertExtension **exts;
CERTCertExtension *ext = NULL;
PRBool hasCriticalExten = PR_FALSE;
-
+
exts = extensions;
-
+
if (exts) {
- while ( *exts ) {
- ext = *exts;
- /* If the criticality is omitted, it's non-critical */
- if (ext->critical.data && ext->critical.data[0] == 0xff) {
- hasCriticalExten = PR_TRUE;
- break;
- }
- exts++;
- }
+ while (*exts) {
+ ext = *exts;
+ /* If the criticality is omitted, it's non-critical */
+ if (ext->critical.data && ext->critical.data[0] == 0xff) {
+ hasCriticalExten = PR_TRUE;
+ break;
+ }
+ exts++;
+ }
}
return (hasCriticalExten);
}
PRBool
-cert_HasUnknownCriticalExten (CERTCertExtension **extensions)
+cert_HasUnknownCriticalExten(CERTCertExtension **extensions)
{
CERTCertExtension **exts;
CERTCertExtension *ext = NULL;
PRBool hasUnknownCriticalExten = PR_FALSE;
-
+
exts = extensions;
-
+
if (exts) {
- while ( *exts ) {
- ext = *exts;
- /* If the criticality is omitted, it's non-critical.
- If an extension is critical, make sure that we know
- how to process the extension.
+ while (*exts) {
+ ext = *exts;
+ /* If the criticality is omitted, it's non-critical.
+ If an extension is critical, make sure that we know
+ how to process the extension.
*/
- if (ext->critical.data && ext->critical.data[0] == 0xff) {
- if (SECOID_KnownCertExtenOID (&ext->id) == PR_FALSE) {
- hasUnknownCriticalExten = PR_TRUE;
- break;
- }
- }
- exts++;
- }
+ if (ext->critical.data && ext->critical.data[0] == 0xff) {
+ if (SECOID_KnownCertExtenOID(&ext->id) == PR_FALSE) {
+ hasUnknownCriticalExten = PR_TRUE;
+ break;
+ }
+ }
+ exts++;
+ }
}
return (hasUnknownCriticalExten);
}
diff --git a/nss/lib/certdb/certxutl.h b/nss/lib/certdb/certxutl.h
index 05ad572..a8c76b5 100644
--- a/nss/lib/certdb/certxutl.h
+++ b/nss/lib/certdb/certxutl.h
@@ -7,7 +7,6 @@
*
*/
-
#ifndef _CERTXUTL_H_
#define _CERTXUTL_H_
@@ -23,28 +22,23 @@
} ExtensionsType;
#endif
-extern PRBool
-cert_HasCriticalExtension (CERTCertExtension **extensions);
+extern PRBool cert_HasCriticalExtension(CERTCertExtension **extensions);
-extern SECStatus
-CERT_FindBitStringExtension (CERTCertExtension **extensions,
- int tag, SECItem *retItem);
-extern void *
-cert_StartExtensions (void *owner, PLArenaPool *arena,
- void (*setExts)(void *object, CERTCertExtension **exts));
+extern SECStatus CERT_FindBitStringExtension(CERTCertExtension **extensions,
+ int tag, SECItem *retItem);
+extern void *cert_StartExtensions(void *owner, PLArenaPool *arena,
+ void (*setExts)(void *object,
+ CERTCertExtension **exts));
-extern SECStatus
-cert_FindExtension (CERTCertExtension **extensions, int tag, SECItem *value);
+extern SECStatus cert_FindExtension(CERTCertExtension **extensions, int tag,
+ SECItem *value);
-extern SECStatus
-cert_FindExtensionByOID (CERTCertExtension **extensions,
- SECItem *oid, SECItem *value);
+extern SECStatus cert_FindExtensionByOID(CERTCertExtension **extensions,
+ SECItem *oid, SECItem *value);
-extern SECStatus
-cert_GetExtenCriticality (CERTCertExtension **extensions,
- int tag, PRBool *isCritical);
+extern SECStatus cert_GetExtenCriticality(CERTCertExtension **extensions,
+ int tag, PRBool *isCritical);
-extern PRBool
-cert_HasUnknownCriticalExten (CERTCertExtension **extensions);
+extern PRBool cert_HasUnknownCriticalExten(CERTCertExtension **extensions);
#endif
diff --git a/nss/lib/certdb/crl.c b/nss/lib/certdb/crl.c
index 05ded13..a7baf53 100644
--- a/nss/lib/certdb/crl.c
+++ b/nss/lib/certdb/crl.c
@@ -5,7 +5,7 @@
/*
* Moved from secpkcs7.c
*/
-
+
#include "cert.h"
#include "certi.h"
#include "secder.h"
@@ -25,19 +25,16 @@
#include "pk11priv.h"
const SEC_ASN1Template SEC_CERTExtensionTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertExtension) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTCertExtension,id) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
- offsetof(CERTCertExtension,critical), },
- { SEC_ASN1_OCTET_STRING,
- offsetof(CERTCertExtension,value) },
- { 0, }
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertExtension) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CERTCertExtension, id) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+ offsetof(CERTCertExtension, critical) },
+ { SEC_ASN1_OCTET_STRING, offsetof(CERTCertExtension, value) },
+ { 0 }
};
static const SEC_ASN1Template SEC_CERTExtensionsTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, SEC_CERTExtensionTemplate}
+ { SEC_ASN1_SEQUENCE_OF, 0, SEC_CERTExtensionTemplate }
};
/*
@@ -46,15 +43,10 @@
*/
const SEC_ASN1Template CERT_IssuerAndSNTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTIssuerAndSN) },
- { SEC_ASN1_SAVE,
- offsetof(CERTIssuerAndSN,derIssuer) },
- { SEC_ASN1_INLINE,
- offsetof(CERTIssuerAndSN,issuer),
- CERT_NameTemplate },
- { SEC_ASN1_INTEGER,
- offsetof(CERTIssuerAndSN,serialNumber) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTIssuerAndSN) },
+ { SEC_ASN1_SAVE, offsetof(CERTIssuerAndSN, derIssuer) },
+ { SEC_ASN1_INLINE, offsetof(CERTIssuerAndSN, issuer), CERT_NameTemplate },
+ { SEC_ASN1_INTEGER, offsetof(CERTIssuerAndSN, serialNumber) },
{ 0 }
};
@@ -62,132 +54,97 @@
SEC_ASN1_MKSUB(CERT_TimeChoiceTemplate)
static const SEC_ASN1Template cert_CrlKeyTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrlKey) },
- { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(CERTCrlKey,dummy) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrlKey) },
+ { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(CERTCrlKey, dummy) },
{ SEC_ASN1_SKIP },
- { SEC_ASN1_ANY, offsetof(CERTCrlKey,derName) },
+ { SEC_ASN1_ANY, offsetof(CERTCrlKey, derName) },
{ SEC_ASN1_SKIP_REST },
{ 0 }
};
static const SEC_ASN1Template cert_CrlEntryTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrlEntry) },
- { SEC_ASN1_INTEGER,
- offsetof(CERTCrlEntry,serialNumber) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTCrlEntry,revocationDate),
- SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrlEntry) },
+ { SEC_ASN1_INTEGER, offsetof(CERTCrlEntry, serialNumber) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrlEntry, revocationDate),
+ SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCrlEntry, extensions),
- SEC_CERTExtensionTemplate},
+ offsetof(CERTCrlEntry, extensions), SEC_CERTExtensionTemplate },
{ 0 }
};
const SEC_ASN1Template CERT_CrlTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrl) },
- { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof (CERTCrl, version) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTCrl,signatureAlg),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate)},
- { SEC_ASN1_SAVE,
- offsetof(CERTCrl,derName) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCrl,name),
- CERT_NameTemplate },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTCrl,lastUpdate),
- SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrl) },
+ { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(CERTCrl, version) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrl, signatureAlg),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_SAVE, offsetof(CERTCrl, derName) },
+ { SEC_ASN1_INLINE, offsetof(CERTCrl, name), CERT_NameTemplate },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrl, lastUpdate),
+ SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
{ SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
- offsetof(CERTCrl,nextUpdate),
- SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCrl,entries),
- cert_CrlEntryTemplate },
+ offsetof(CERTCrl, nextUpdate), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF, offsetof(CERTCrl, entries),
+ cert_CrlEntryTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_EXPLICIT | 0,
- offsetof(CERTCrl,extensions),
- SEC_CERTExtensionsTemplate},
+ SEC_ASN1_EXPLICIT | 0,
+ offsetof(CERTCrl, extensions), SEC_CERTExtensionsTemplate },
{ 0 }
};
const SEC_ASN1Template CERT_CrlTemplateNoEntries[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrl) },
- { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof (CERTCrl, version) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTCrl,signatureAlg),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_SAVE,
- offsetof(CERTCrl,derName) },
- { SEC_ASN1_INLINE,
- offsetof(CERTCrl,name),
- CERT_NameTemplate },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTCrl,lastUpdate),
- SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrl) },
+ { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(CERTCrl, version) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrl, signatureAlg),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_SAVE, offsetof(CERTCrl, derName) },
+ { SEC_ASN1_INLINE, offsetof(CERTCrl, name), CERT_NameTemplate },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrl, lastUpdate),
+ SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
{ SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
- offsetof(CERTCrl,nextUpdate),
- SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+ offsetof(CERTCrl, nextUpdate), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF |
SEC_ASN1_SKIP }, /* skip entries */
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_EXPLICIT | 0,
- offsetof(CERTCrl,extensions),
- SEC_CERTExtensionsTemplate },
+ SEC_ASN1_EXPLICIT | 0,
+ offsetof(CERTCrl, extensions), SEC_CERTExtensionsTemplate },
{ 0 }
};
const SEC_ASN1Template CERT_CrlTemplateEntriesOnly[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCrl) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrl) },
{ SEC_ASN1_SKIP | SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL },
{ SEC_ASN1_SKIP },
{ SEC_ASN1_SKIP },
{ SEC_ASN1_SKIP | SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTCrl,lastUpdate),
- SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+ offsetof(CERTCrl, lastUpdate), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
{ SEC_ASN1_SKIP | SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
- offsetof(CERTCrl,nextUpdate),
- SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCrl,entries),
- cert_CrlEntryTemplate }, /* decode entries */
+ offsetof(CERTCrl, nextUpdate), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF, offsetof(CERTCrl, entries),
+ cert_CrlEntryTemplate }, /* decode entries */
{ SEC_ASN1_SKIP_REST },
{ 0 }
};
const SEC_ASN1Template CERT_SignedCrlTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSignedCrl) },
- { SEC_ASN1_SAVE,
- offsetof(CERTSignedCrl,signatureWrap.data) },
- { SEC_ASN1_INLINE,
- offsetof(CERTSignedCrl,crl),
- CERT_CrlTemplate },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN ,
- offsetof(CERTSignedCrl,signatureWrap.signatureAlgorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTSignedCrl,signatureWrap.signature) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTSignedCrl) },
+ { SEC_ASN1_SAVE, offsetof(CERTSignedCrl, signatureWrap.data) },
+ { SEC_ASN1_INLINE, offsetof(CERTSignedCrl, crl), CERT_CrlTemplate },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+ offsetof(CERTSignedCrl, signatureWrap.signatureAlgorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_BIT_STRING, offsetof(CERTSignedCrl, signatureWrap.signature) },
{ 0 }
};
static const SEC_ASN1Template cert_SignedCrlTemplateNoEntries[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSignedCrl) },
- { SEC_ASN1_SAVE,
- offsetof(CERTSignedCrl,signatureWrap.data) },
- { SEC_ASN1_INLINE,
- offsetof(CERTSignedCrl,crl),
- CERT_CrlTemplateNoEntries },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTSignedCrl) },
+ { SEC_ASN1_SAVE, offsetof(CERTSignedCrl, signatureWrap.data) },
+ { SEC_ASN1_INLINE, offsetof(CERTSignedCrl, crl),
+ CERT_CrlTemplateNoEntries },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTSignedCrl,signatureWrap.signatureAlgorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTSignedCrl,signatureWrap.signature) },
+ offsetof(CERTSignedCrl, signatureWrap.signatureAlgorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_BIT_STRING, offsetof(CERTSignedCrl, signatureWrap.signature) },
{ 0 }
};
@@ -196,22 +153,23 @@
};
/* get CRL version */
-int cert_get_crl_version(CERTCrl * crl)
+int
+cert_get_crl_version(CERTCrl* crl)
{
/* CRL version is defaulted to v1 */
int version = SEC_CRL_VERSION_1;
if (crl && crl->version.data != 0) {
- version = (int)DER_GetUInteger (&crl->version);
+ version = (int)DER_GetUInteger(&crl->version);
}
return version;
}
-
/* check the entries in the CRL */
-SECStatus cert_check_crl_entries (CERTCrl *crl)
+SECStatus
+cert_check_crl_entries(CERTCrl* crl)
{
- CERTCrlEntry **entries;
- CERTCrlEntry *entry;
+ CERTCrlEntry** entries;
+ CERTCrlEntry* entry;
PRBool hasCriticalExten = PR_FALSE;
SECStatus rv = SECSuccess;
@@ -229,16 +187,17 @@
*/
entries = crl->entries;
while (*entries) {
- entry = *entries;
- if (entry->extensions) {
- /* If there is a critical extension in the entries, then the
- CRL must be of version 2. If we already saw a critical extension,
- there is no need to check the version again.
- */
+ entry = *entries;
+ if (entry->extensions) {
+ /* If there is a critical extension in the entries, then the
+ CRL must be of version 2. If we already saw a critical
+ extension,
+ there is no need to check the version again.
+ */
if (hasCriticalExten == PR_FALSE) {
- hasCriticalExten = cert_HasCriticalExtension (entry->extensions);
+ hasCriticalExten = cert_HasCriticalExtension(entry->extensions);
if (hasCriticalExten) {
- if (cert_get_crl_version(crl) != SEC_CRL_VERSION_2) {
+ if (cert_get_crl_version(crl) != SEC_CRL_VERSION_2) {
/* only CRL v2 critical extensions are supported */
PORT_SetError(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION);
rv = SECFailure;
@@ -247,19 +206,19 @@
}
}
- /* For each entry, make sure that it does not contain an unknown
- critical extension. If it does, we must reject the CRL since
- we don't know how to process the extension.
- */
- if (cert_HasUnknownCriticalExten (entry->extensions) == PR_TRUE) {
- PORT_SetError (SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION);
- rv = SECFailure;
- break;
- }
- }
- ++entries;
+ /* For each entry, make sure that it does not contain an unknown
+ critical extension. If it does, we must reject the CRL since
+ we don't know how to process the extension.
+ */
+ if (cert_HasUnknownCriticalExten(entry->extensions) == PR_TRUE) {
+ PORT_SetError(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION);
+ rv = SECFailure;
+ break;
+ }
+ }
+ ++entries;
}
- return(rv);
+ return (rv);
}
/* Check the version of the CRL. If there is a critical extension in the crl
@@ -267,33 +226,34 @@
the crl contains critical extension(s), then we must recognized the
extension's OID.
*/
-SECStatus cert_check_crl_version (CERTCrl *crl)
+SECStatus
+cert_check_crl_version(CERTCrl* crl)
{
PRBool hasCriticalExten = PR_FALSE;
int version = cert_get_crl_version(crl);
-
+
if (version > SEC_CRL_VERSION_2) {
- PORT_SetError (SEC_ERROR_CRL_INVALID_VERSION);
- return (SECFailure);
+ PORT_SetError(SEC_ERROR_CRL_INVALID_VERSION);
+ return (SECFailure);
}
/* Check the crl extensions for a critial extension. If one is found,
and the version is not v2, then we are done.
*/
if (crl->extensions) {
- hasCriticalExten = cert_HasCriticalExtension (crl->extensions);
- if (hasCriticalExten) {
+ hasCriticalExten = cert_HasCriticalExtension(crl->extensions);
+ if (hasCriticalExten) {
if (version != SEC_CRL_VERSION_2) {
/* only CRL v2 critical extensions are supported */
PORT_SetError(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION);
return (SECFailure);
}
- /* make sure that there is no unknown critical extension */
- if (cert_HasUnknownCriticalExten (crl->extensions) == PR_TRUE) {
- PORT_SetError (SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION);
- return (SECFailure);
- }
- }
+ /* make sure that there is no unknown critical extension */
+ if (cert_HasUnknownCriticalExten(crl->extensions) == PR_TRUE) {
+ PORT_SetError(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION);
+ return (SECFailure);
+ }
+ }
}
return (SECSuccess);
@@ -304,7 +264,7 @@
* DER crl.
*/
SECStatus
-CERT_KeyFromDERCrl(PLArenaPool *arena, SECItem *derCrl, SECItem *key)
+CERT_KeyFromDERCrl(PLArenaPool* arena, SECItem* derCrl, SECItem* key)
{
SECStatus rv;
CERTSignedData sd;
@@ -317,11 +277,12 @@
} else {
myArena = arena;
}
- PORT_Memset (&sd, 0, sizeof (sd));
- rv = SEC_QuickDERDecodeItem (myArena, &sd, CERT_SignedDataTemplate, derCrl);
+ PORT_Memset(&sd, 0, sizeof(sd));
+ rv = SEC_QuickDERDecodeItem(myArena, &sd, CERT_SignedDataTemplate, derCrl);
if (SECSuccess == rv) {
- PORT_Memset (&crlkey, 0, sizeof (crlkey));
- rv = SEC_QuickDERDecodeItem(myArena, &crlkey, cert_CrlKeyTemplate, &sd.data);
+ PORT_Memset(&crlkey, 0, sizeof(crlkey));
+ rv = SEC_QuickDERDecodeItem(myArena, &crlkey, cert_CrlKeyTemplate,
+ &sd.data);
}
/* make a copy so the data doesn't point to memory inside derCrl, which
@@ -339,15 +300,15 @@
#define GetOpaqueCRLFields(x) ((OpaqueCRLFields*)x->opaque)
-SECStatus CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl)
+SECStatus
+CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl)
{
SECStatus rv = SECSuccess;
SECItem* crldata = NULL;
OpaqueCRLFields* extended = NULL;
- if ( (!crl) ||
- (!(extended = (OpaqueCRLFields*) crl->opaque)) ||
- (PR_TRUE == extended->decodingError) ) {
+ if ((!crl) || (!(extended = (OpaqueCRLFields*)crl->opaque)) ||
+ (PR_TRUE == extended->decodingError)) {
rv = SECFailure;
} else {
if (PR_FALSE == extended->partial) {
@@ -365,10 +326,8 @@
}
if (SECSuccess == rv) {
- rv = SEC_QuickDERDecodeItem(crl->arena,
- &crl->crl,
- CERT_CrlTemplateEntriesOnly,
- crldata);
+ rv = SEC_QuickDERDecodeItem(crl->arena, &crl->crl,
+ CERT_CrlTemplateEntriesOnly, crldata);
if (SECSuccess == rv) {
extended->partial = PR_FALSE; /* successful decode, avoid
decoding again */
@@ -391,12 +350,12 @@
* take a DER CRL and decode it into a CRL structure
* allow reusing the input DER without making a copy
*/
-CERTSignedCrl *
-CERT_DecodeDERCrlWithFlags(PLArenaPool *narena, SECItem *derSignedCrl,
- int type, PRInt32 options)
+CERTSignedCrl*
+CERT_DecodeDERCrlWithFlags(PLArenaPool* narena, SECItem* derSignedCrl, int type,
+ PRInt32 options)
{
- PLArenaPool *arena;
- CERTSignedCrl *crl;
+ PLArenaPool* arena;
+ CERTSignedCrl* crl;
SECStatus rv;
OpaqueCRLFields* extended = NULL;
const SEC_ASN1Template* crlTemplate = CERT_SignedCrlTemplate;
@@ -408,8 +367,8 @@
return NULL;
}
- /* Adopting DER requires not copying it. Code that sets ADOPT flag
- * but doesn't set DONT_COPY probably doesn't know What it is doing.
+ /* Adopting DER requires not copying it. Code that sets ADOPT flag
+ * but doesn't set DONT_COPY probably doesn't know What it is doing.
* That condition is a programming error in the caller.
*/
testOptions &= (CRL_DECODE_ADOPT_HEAP_DER | CRL_DECODE_DONT_COPY_DER);
@@ -421,29 +380,29 @@
/* make a new arena if needed */
if (narena == NULL) {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- return NULL;
- }
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ return NULL;
+ }
} else {
- arena = narena;
+ arena = narena;
}
/* allocate the CRL structure */
- crl = (CERTSignedCrl *)PORT_ArenaZAlloc(arena, sizeof(CERTSignedCrl));
- if ( !crl ) {
+ crl = (CERTSignedCrl*)PORT_ArenaZAlloc(arena, sizeof(CERTSignedCrl));
+ if (!crl) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
+ goto loser;
}
crl->arena = arena;
/* allocate opaque fields */
crl->opaque = (void*)PORT_ArenaZAlloc(arena, sizeof(OpaqueCRLFields));
- if ( !crl->opaque ) {
- goto loser;
+ if (!crl->opaque) {
+ goto loser;
}
- extended = (OpaqueCRLFields*) crl->opaque;
+ extended = (OpaqueCRLFields*)crl->opaque;
if (options & CRL_DECODE_ADOPT_HEAP_DER) {
extended->heapDER = PR_TRUE;
}
@@ -452,7 +411,7 @@
must keep derSignedCrl until it
destroys the CRL */
} else {
- crl->derCrl = (SECItem *)PORT_ArenaZAlloc(arena,sizeof(SECItem));
+ crl->derCrl = (SECItem*)PORT_ArenaZAlloc(arena, sizeof(SECItem));
if (crl->derCrl == NULL) {
goto loser;
}
@@ -471,45 +430,45 @@
/* decode the CRL info */
switch (type) {
- case SEC_CRL_TYPE:
- rv = SEC_QuickDERDecodeItem(arena, crl, crlTemplate, crl->derCrl);
- if (rv != SECSuccess) {
- extended->badDER = PR_TRUE;
+ case SEC_CRL_TYPE:
+ rv = SEC_QuickDERDecodeItem(arena, crl, crlTemplate, crl->derCrl);
+ if (rv != SECSuccess) {
+ extended->badDER = PR_TRUE;
+ break;
+ }
+ /* check for critical extensions */
+ rv = cert_check_crl_version(&crl->crl);
+ if (rv != SECSuccess) {
+ extended->badExtensions = PR_TRUE;
+ break;
+ }
+
+ if (PR_TRUE == extended->partial) {
+ /* partial decoding, don't verify entries */
+ break;
+ }
+
+ rv = cert_check_crl_entries(&crl->crl);
+ if (rv != SECSuccess) {
+ extended->badExtensions = PR_TRUE;
+ }
+
break;
- }
- /* check for critical extensions */
- rv = cert_check_crl_version (&crl->crl);
- if (rv != SECSuccess) {
- extended->badExtensions = PR_TRUE;
+
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
break;
- }
-
- if (PR_TRUE == extended->partial) {
- /* partial decoding, don't verify entries */
- break;
- }
-
- rv = cert_check_crl_entries(&crl->crl);
- if (rv != SECSuccess) {
- extended->badExtensions = PR_TRUE;
- }
-
- break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- break;
}
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
crl->referenceCount = 1;
-
- return(crl);
-
+
+ return (crl);
+
loser:
if (options & CRL_DECODE_KEEP_BAD_CRL) {
if (extended) {
@@ -517,22 +476,22 @@
}
if (crl) {
crl->referenceCount = 1;
- return(crl);
+ return (crl);
}
}
- if ((narena == NULL) && arena ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if ((narena == NULL) && arena) {
+ PORT_FreeArena(arena, PR_FALSE);
}
-
- return(0);
+
+ return (0);
}
/*
* take a DER CRL and decode it into a CRL structure
*/
-CERTSignedCrl *
-CERT_DecodeDERCrl(PLArenaPool *narena, SECItem *derSignedCrl, int type)
+CERTSignedCrl*
+CERT_DecodeDERCrl(PLArenaPool* narena, SECItem* derSignedCrl, int type)
{
return CERT_DecodeDERCrlWithFlags(narena, derSignedCrl, type,
CRL_DECODE_DEFAULT_OPTIONS);
@@ -555,14 +514,14 @@
* considered to be revoked
*/
static SECStatus
-SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
+SEC_FindCrlByKeyOnSlot(PK11SlotInfo* slot, SECItem* crlKey, int type,
CERTSignedCrl** decoded, PRInt32 decodeoptions)
{
SECStatus rv = SECSuccess;
- CERTSignedCrl *crl = NULL;
- SECItem *derCrl = NULL;
+ CERTSignedCrl* crl = NULL;
+ SECItem* derCrl = NULL;
CK_OBJECT_HANDLE crlHandle = 0;
- char *url = NULL;
+ char* url = NULL;
PORT_Assert(decoded);
if (!decoded) {
@@ -572,46 +531,46 @@
derCrl = PK11_FindCrlByName(&slot, &crlHandle, crlKey, type, &url);
if (derCrl == NULL) {
- /* if we had a problem other than the CRL just didn't exist, return
- * a failure to the upper level */
- int nsserror = PORT_GetError();
- if (nsserror != SEC_ERROR_CRL_NOT_FOUND) {
- rv = SECFailure;
- }
- goto loser;
+ /* if we had a problem other than the CRL just didn't exist, return
+ * a failure to the upper level */
+ int nsserror = PORT_GetError();
+ if (nsserror != SEC_ERROR_CRL_NOT_FOUND) {
+ rv = SECFailure;
+ }
+ goto loser;
}
PORT_Assert(crlHandle != CK_INVALID_HANDLE);
/* PK11_FindCrlByName obtained a slot reference. */
-
+
/* derCRL is a fresh HEAP copy made for us by PK11_FindCrlByName.
- Force adoption of the DER CRL from the heap - this will cause it
+ Force adoption of the DER CRL from the heap - this will cause it
to be automatically freed when SEC_DestroyCrl is invoked */
decodeoptions |= (CRL_DECODE_ADOPT_HEAP_DER | CRL_DECODE_DONT_COPY_DER);
crl = CERT_DecodeDERCrlWithFlags(NULL, derCrl, type, decodeoptions);
if (crl) {
crl->slot = slot;
- slot = NULL; /* adopt it */
- derCrl = NULL; /* adopted by the crl struct */
+ slot = NULL; /* adopt it */
+ derCrl = NULL; /* adopted by the crl struct */
crl->pkcs11ID = crlHandle;
if (url) {
- crl->url = PORT_ArenaStrdup(crl->arena,url);
+ crl->url = PORT_ArenaStrdup(crl->arena, url);
}
} else {
rv = SECFailure;
}
-
+
if (url) {
- PORT_Free(url);
+ PORT_Free(url);
}
if (slot) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
loser:
if (derCrl) {
- SECITEM_FreeItem(derCrl, PR_TRUE);
+ SECITEM_FreeItem(derCrl, PR_TRUE);
}
*decoded = crl;
@@ -619,10 +578,9 @@
return rv;
}
-
-CERTSignedCrl *
-crl_storeCRL (PK11SlotInfo *slot,char *url,
- CERTSignedCrl *newCrl, SECItem *derCrl, int type)
+CERTSignedCrl*
+crl_storeCRL(PK11SlotInfo* slot, char* url, CERTSignedCrl* newCrl,
+ SECItem* derCrl, int type)
{
CERTSignedCrl *oldCrl = NULL, *crl = NULL;
PRBool deleteOldCrl = PR_FALSE;
@@ -639,38 +597,37 @@
/* we can't use the cache here because we must look in the same
token */
- (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type,
- &oldCrl, CRL_DECODE_SKIP_ENTRIES);
+ (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, &oldCrl,
+ CRL_DECODE_SKIP_ENTRIES);
/* if there is an old crl on the token, make sure the one we are
installing is newer. If not, exit out, otherwise delete the
old crl.
*/
if (oldCrl != NULL) {
- /* if it's already there, quietly continue */
- if (SECITEM_CompareItem(newCrl->derCrl, oldCrl->derCrl)
- == SECEqual) {
- crl = newCrl;
- crl->slot = PK11_ReferenceSlot(slot);
- crl->pkcs11ID = oldCrl->pkcs11ID;
- if (oldCrl->url && !url)
- url = oldCrl->url;
- if (url)
- crl->url = PORT_ArenaStrdup(crl->arena, url);
- goto done;
- }
- if (!SEC_CrlIsNewer(&newCrl->crl,&oldCrl->crl)) {
+ /* if it's already there, quietly continue */
+ if (SECITEM_CompareItem(newCrl->derCrl, oldCrl->derCrl) == SECEqual) {
+ crl = newCrl;
+ crl->slot = PK11_ReferenceSlot(slot);
+ crl->pkcs11ID = oldCrl->pkcs11ID;
+ if (oldCrl->url && !url)
+ url = oldCrl->url;
+ if (url)
+ crl->url = PORT_ArenaStrdup(crl->arena, url);
+ goto done;
+ }
+ if (!SEC_CrlIsNewer(&newCrl->crl, &oldCrl->crl)) {
PORT_SetError(SEC_ERROR_OLD_CRL);
goto done;
}
/* if we have a url in the database, use that one */
if (oldCrl->url && !url) {
- url = oldCrl->url;
+ url = oldCrl->url;
}
/* really destroy this crl */
/* first drum it out of the permanment Data base */
- deleteOldCrl = PR_TRUE;
+ deleteOldCrl = PR_TRUE;
}
/* invalidate CRL cache for this issuer */
@@ -678,20 +635,20 @@
/* Write the new entry into the data base */
crlHandle = PK11_PutCrl(slot, derCrl, &newCrl->crl.derName, url, type);
if (crlHandle != CK_INVALID_HANDLE) {
- crl = newCrl;
- crl->slot = PK11_ReferenceSlot(slot);
- crl->pkcs11ID = crlHandle;
- if (url) {
- crl->url = PORT_ArenaStrdup(crl->arena,url);
- }
+ crl = newCrl;
+ crl->slot = PK11_ReferenceSlot(slot);
+ crl->pkcs11ID = crlHandle;
+ if (url) {
+ crl->url = PORT_ArenaStrdup(crl->arena, url);
+ }
}
done:
if (oldCrl) {
- if (deleteOldCrl && crlHandle != CK_INVALID_HANDLE) {
- SEC_DeletePermCRL(oldCrl);
- }
- SEC_DestroyCrl(oldCrl);
+ if (deleteOldCrl && crlHandle != CK_INVALID_HANDLE) {
+ SEC_DeletePermCRL(oldCrl);
+ }
+ SEC_DestroyCrl(oldCrl);
}
return crl;
@@ -704,50 +661,51 @@
* The signature on this CRL must be checked before you
* load it. ???
*/
-CERTSignedCrl *
-SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type)
+CERTSignedCrl*
+SEC_NewCrl(CERTCertDBHandle* handle, char* url, SECItem* derCrl, int type)
{
CERTSignedCrl* retCrl = NULL;
PK11SlotInfo* slot = PK11_GetInternalKeySlot();
- retCrl = PK11_ImportCRL(slot, derCrl, url, type, NULL,
- CRL_IMPORT_BYPASS_CHECKS, NULL, CRL_DECODE_DEFAULT_OPTIONS);
+ retCrl =
+ PK11_ImportCRL(slot, derCrl, url, type, NULL, CRL_IMPORT_BYPASS_CHECKS,
+ NULL, CRL_DECODE_DEFAULT_OPTIONS);
PK11_FreeSlot(slot);
return retCrl;
}
-
-CERTSignedCrl *
-SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type)
+
+CERTSignedCrl*
+SEC_FindCrlByDERCert(CERTCertDBHandle* handle, SECItem* derCrl, int type)
{
- PLArenaPool *arena;
+ PLArenaPool* arena;
SECItem crlKey;
SECStatus rv;
- CERTSignedCrl *crl = NULL;
-
+ CERTSignedCrl* crl = NULL;
+
/* create a scratch arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- return(NULL);
+ if (arena == NULL) {
+ return (NULL);
}
-
+
/* extract the database key from the cert */
rv = CERT_KeyFromDERCrl(arena, derCrl, &crlKey);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* find the crl */
crl = SEC_FindCrlByName(handle, &crlKey, type);
-
+
loser:
PORT_FreeArena(arena, PR_FALSE);
- return(crl);
+ return (crl);
}
-CERTSignedCrl* SEC_DupCrl(CERTSignedCrl* acrl)
+CERTSignedCrl*
+SEC_DupCrl(CERTSignedCrl* acrl)
{
- if (acrl)
- {
+ if (acrl) {
PR_ATOMIC_INCREMENT(&acrl->referenceCount);
return acrl;
}
@@ -755,13 +713,13 @@
}
SECStatus
-SEC_DestroyCrl(CERTSignedCrl *crl)
+SEC_DestroyCrl(CERTSignedCrl* crl)
{
if (crl) {
- if (PR_ATOMIC_DECREMENT(&crl->referenceCount) < 1) {
- if (crl->slot) {
- PK11_FreeSlot(crl->slot);
- }
+ if (PR_ATOMIC_DECREMENT(&crl->referenceCount) < 1) {
+ if (crl->slot) {
+ PK11_FreeSlot(crl->slot);
+ }
if (GetOpaqueCRLFields(crl) &&
PR_TRUE == GetOpaqueCRLFields(crl)->heapDER) {
SECITEM_FreeItem(crl->derCrl, PR_TRUE);
@@ -769,7 +727,7 @@
if (crl->arena) {
PORT_FreeArena(crl->arena, PR_FALSE);
}
- }
+ }
return SECSuccess;
} else {
return SECFailure;
@@ -777,21 +735,21 @@
}
SECStatus
-SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type)
+SEC_LookupCrls(CERTCertDBHandle* handle, CERTCrlHeadNode** nodes, int type)
{
- CERTCrlHeadNode *head;
- PLArenaPool *arena = NULL;
+ CERTCrlHeadNode* head;
+ PLArenaPool* arena = NULL;
SECStatus rv;
*nodes = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- return SECFailure;
+ if (arena == NULL) {
+ return SECFailure;
}
/* build a head structure */
- head = (CERTCrlHeadNode *)PORT_ArenaAlloc(arena, sizeof(CERTCrlHeadNode));
+ head = (CERTCrlHeadNode*)PORT_ArenaAlloc(arena, sizeof(CERTCrlHeadNode));
head->arena = arena;
head->first = NULL;
head->last = NULL;
@@ -801,12 +759,12 @@
*nodes = head;
rv = PK11_LookupCrls(head, type, NULL);
-
+
if (rv != SECSuccess) {
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- *nodes = NULL;
- }
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
+ *nodes = NULL;
+ }
}
return rv;
@@ -824,7 +782,7 @@
/* constructor */
static SECStatus CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl,
- CRLOrigin origin);
+ CRLOrigin origin);
/* destructor */
static SECStatus CachedCrl_Destroy(CachedCrl* crl);
@@ -838,11 +796,11 @@
Or are they the same token object, but with different DER ? */
static SECStatus CachedCrl_Compare(CachedCrl* a, CachedCrl* b, PRBool* isDupe,
- PRBool* isUpdated);
+ PRBool* isUpdated);
/* create a DPCache object */
static SECStatus DPCache_Create(CRLDPCache** returned, CERTCertificate* issuer,
- const SECItem* subject, SECItem* dp);
+ const SECItem* subject, SECItem* dp);
/* destructor for CRL DPCache object */
static SECStatus DPCache_Destroy(CRLDPCache* cache);
@@ -859,7 +817,8 @@
/* update the content of the CRL cache, including fetching of CRLs, and
reprocessing with specified issuer and date */
static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* issuer,
- PRBool readlocked, PRTime vfdate, void* wincx);
+ PRBool readlocked, PRTime vfdate,
+ void* wincx);
/* returns true if there are CRLs from PKCS#11 slots */
static PRBool DPCache_HasTokenCRLs(CRLDPCache* cache);
@@ -872,8 +831,8 @@
/* create an issuer cache object (per CA subject ) */
static SECStatus IssuerCache_Create(CRLIssuerCache** returned,
- CERTCertificate* issuer,
- const SECItem* subject, const SECItem* dp);
+ CERTCertificate* issuer,
+ const SECItem* subject, const SECItem* dp);
/* destructor for CRL IssuerCache object */
SECStatus IssuerCache_Destroy(CRLIssuerCache* cache);
@@ -881,8 +840,8 @@
/* add a DPCache to the issuer cache */
static SECStatus IssuerCache_AddDP(CRLIssuerCache* cache,
CERTCertificate* issuer,
- const SECItem* subject,
- const SECItem* dp, CRLDPCache** newdpc);
+ const SECItem* subject, const SECItem* dp,
+ CRLDPCache** newdpc);
/* get a particular DPCache object from an IssuerCache */
static CRLDPCache* IssuerCache_GetDPCache(CRLIssuerCache* cache,
@@ -893,37 +852,35 @@
*/
/* allocate memory for hash table */
-static void * PR_CALLBACK
-PreAllocTable(void *pool, PRSize size)
+static void* PR_CALLBACK
+PreAllocTable(void* pool, PRSize size)
{
PreAllocator* alloc = (PreAllocator*)pool;
PORT_Assert(alloc);
- if (!alloc)
- {
+ if (!alloc) {
/* no allocator, or buffer full */
return NULL;
}
- if (size > (alloc->len - alloc->used))
- {
+ if (size > (alloc->len - alloc->used)) {
/* initial buffer full, let's use the arena */
alloc->extra += size;
return PORT_ArenaAlloc(alloc->arena, size);
}
/* use the initial buffer */
alloc->used += size;
- return (char*) alloc->data + alloc->used - size;
+ return (char*)alloc->data + alloc->used - size;
}
/* free hash table memory.
Individual PreAllocator elements cannot be freed, so this is a no-op. */
static void PR_CALLBACK
-PreFreeTable(void *pool, void *item)
+PreFreeTable(void* pool, void* item)
{
}
/* allocate memory for hash table */
-static PLHashEntry * PR_CALLBACK
-PreAllocEntry(void *pool, const void *key)
+static PLHashEntry* PR_CALLBACK
+PreAllocEntry(void* pool, const void* key)
{
return PreAllocTable(pool, sizeof(PLHashEntry));
}
@@ -931,55 +888,47 @@
/* free hash table entry.
Individual PreAllocator elements cannot be freed, so this is a no-op. */
static void PR_CALLBACK
-PreFreeEntry(void *pool, PLHashEntry *he, PRUintn flag)
+PreFreeEntry(void* pool, PLHashEntry* he, PRUintn flag)
{
}
/* methods required for PL hash table functions */
-static PLHashAllocOps preAllocOps =
-{
- PreAllocTable, PreFreeTable,
- PreAllocEntry, PreFreeEntry
-};
+static PLHashAllocOps preAllocOps = { PreAllocTable, PreFreeTable,
+ PreAllocEntry, PreFreeEntry };
/* destructor for PreAllocator object */
-void PreAllocator_Destroy(PreAllocator* PreAllocator)
+void
+PreAllocator_Destroy(PreAllocator* PreAllocator)
{
- if (!PreAllocator)
- {
+ if (!PreAllocator) {
return;
}
- if (PreAllocator->arena)
- {
+ if (PreAllocator->arena) {
PORT_FreeArena(PreAllocator->arena, PR_TRUE);
}
}
/* constructor for PreAllocator object */
-PreAllocator* PreAllocator_Create(PRSize size)
+PreAllocator*
+PreAllocator_Create(PRSize size)
{
PLArenaPool* arena = NULL;
PreAllocator* prebuffer = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena)
- {
+ if (!arena) {
return NULL;
}
- prebuffer = (PreAllocator*)PORT_ArenaZAlloc(arena,
- sizeof(PreAllocator));
- if (!prebuffer)
- {
+ prebuffer = (PreAllocator*)PORT_ArenaZAlloc(arena, sizeof(PreAllocator));
+ if (!prebuffer) {
PORT_FreeArena(arena, PR_TRUE);
return NULL;
}
prebuffer->arena = arena;
- if (size)
- {
+ if (size) {
prebuffer->len = size;
prebuffer->data = PORT_ArenaAlloc(arena, size);
- if (!prebuffer->data)
- {
+ if (!prebuffer->data) {
PORT_FreeArena(arena, PR_TRUE);
return NULL;
}
@@ -1000,25 +949,24 @@
to query the tokens for CRL objects, in order to discover new objects, if
the cache does not contain any token CRLs . In microseconds */
-PRTime CRLCache_TokenRefetch_Interval = 600 * 1000000 ; /* how often
- to query the tokens for CRL objects, in order to discover new objects, if
- the cache already contains token CRLs In microseconds */
+PRTime CRLCache_TokenRefetch_Interval = 600 * 1000000; /* how often
+ to query the tokens for CRL objects, in order to discover new objects, if
+ the cache already contains token CRLs In microseconds */
PRTime CRLCache_ExistenceCheck_Interval = 60 * 1000000; /* how often to check
if a token CRL object still exists. In microseconds */
/* this function is called at NSS initialization time */
-SECStatus InitCRLCache(void)
+SECStatus
+InitCRLCache(void)
{
- if (PR_FALSE == crlcache_initialized)
- {
+ if (PR_FALSE == crlcache_initialized) {
PORT_Assert(NULL == crlcache.lock);
PORT_Assert(NULL == crlcache.issuers);
PORT_Assert(NULL == namedCRLCache.lock);
PORT_Assert(NULL == namedCRLCache.entries);
if (crlcache.lock || crlcache.issuers || namedCRLCache.lock ||
- namedCRLCache.entries)
- {
+ namedCRLCache.entries) {
/* CRL cache already partially initialized */
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
@@ -1030,14 +978,12 @@
#endif
namedCRLCache.lock = PR_NewLock();
crlcache.issuers = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
- PL_CompareValues, NULL, NULL);
- namedCRLCache.entries = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
- PL_CompareValues, NULL, NULL);
+ PL_CompareValues, NULL, NULL);
+ namedCRLCache.entries = PL_NewHashTable(
+ 0, SECITEM_Hash, SECITEM_HashCompare, PL_CompareValues, NULL, NULL);
if (!crlcache.lock || !namedCRLCache.lock || !crlcache.issuers ||
- !namedCRLCache.entries)
- {
- if (crlcache.lock)
- {
+ !namedCRLCache.entries) {
+ if (crlcache.lock) {
#ifdef GLOBAL_RWLOCK
NSSRWLock_Destroy(crlcache.lock);
#else
@@ -1045,18 +991,15 @@
#endif
crlcache.lock = NULL;
}
- if (namedCRLCache.lock)
- {
+ if (namedCRLCache.lock) {
PR_DestroyLock(namedCRLCache.lock);
namedCRLCache.lock = NULL;
}
- if (crlcache.issuers)
- {
+ if (crlcache.issuers) {
PL_HashTableDestroy(crlcache.issuers);
crlcache.issuers = NULL;
}
- if (namedCRLCache.entries)
- {
+ if (namedCRLCache.entries) {
PL_HashTableDestroy(namedCRLCache.entries);
namedCRLCache.entries = NULL;
}
@@ -1065,18 +1008,13 @@
}
crlcache_initialized = PR_TRUE;
return SECSuccess;
- }
- else
- {
+ } else {
PORT_Assert(crlcache.lock);
PORT_Assert(crlcache.issuers);
- if ( (NULL == crlcache.lock) || (NULL == crlcache.issuers) )
- {
+ if ((NULL == crlcache.lock) || (NULL == crlcache.issuers)) {
/* CRL cache not fully initialized */
return SECFailure;
- }
- else
- {
+ } else {
/* CRL cache already initialized */
return SECSuccess;
}
@@ -1084,56 +1022,47 @@
}
/* destructor for CRL DPCache object */
-static SECStatus DPCache_Destroy(CRLDPCache* cache)
+static SECStatus
+DPCache_Destroy(CRLDPCache* cache)
{
PRUint32 i = 0;
PORT_Assert(cache);
- if (!cache)
- {
+ if (!cache) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- if (cache->lock)
- {
+ if (cache->lock) {
#ifdef DPC_RWLOCK
NSSRWLock_Destroy(cache->lock);
#else
PR_DestroyLock(cache->lock);
#endif
- }
- else
- {
+ } else {
PORT_Assert(0);
return SECFailure;
}
/* destroy all our CRL objects */
- for (i=0;i<cache->ncrls;i++)
- {
+ for (i = 0; i < cache->ncrls; i++) {
if (!cache->crls || !cache->crls[i] ||
- SECSuccess != CachedCrl_Destroy(cache->crls[i]))
- {
+ SECSuccess != CachedCrl_Destroy(cache->crls[i])) {
return SECFailure;
}
}
/* free the array of CRLs */
- if (cache->crls)
- {
- PORT_Free(cache->crls);
+ if (cache->crls) {
+ PORT_Free(cache->crls);
}
/* destroy the cert */
- if (cache->issuerDERCert)
- {
+ if (cache->issuerDERCert) {
SECITEM_FreeItem(cache->issuerDERCert, PR_TRUE);
}
/* free the subject */
- if (cache->subject)
- {
+ if (cache->subject) {
SECITEM_FreeItem(cache->subject, PR_TRUE);
}
/* free the distribution points */
- if (cache->distributionPoint)
- {
+ if (cache->distributionPoint) {
SECITEM_FreeItem(cache->distributionPoint, PR_TRUE);
}
PORT_Free(cache);
@@ -1141,38 +1070,32 @@
}
/* destructor for CRL IssuerCache object */
-SECStatus IssuerCache_Destroy(CRLIssuerCache* cache)
+SECStatus
+IssuerCache_Destroy(CRLIssuerCache* cache)
{
PORT_Assert(cache);
- if (!cache)
- {
+ if (!cache) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
#ifdef XCRL
- if (cache->lock)
- {
+ if (cache->lock) {
NSSRWLock_Destroy(cache->lock);
- }
- else
- {
+ } else {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- if (cache->issuer)
- {
+ if (cache->issuer) {
CERT_DestroyCertificate(cache->issuer);
}
#endif
/* free the subject */
- if (cache->subject)
- {
+ if (cache->subject) {
SECITEM_FreeItem(cache->subject, PR_TRUE);
}
- if (SECSuccess != DPCache_Destroy(cache->dpp))
- {
+ if (SECSuccess != DPCache_Destroy(cache->dpp)) {
PORT_Assert(0);
return SECFailure;
}
@@ -1181,19 +1104,18 @@
}
/* create a named CRL entry object */
-static SECStatus NamedCRLCacheEntry_Create(NamedCRLCacheEntry** returned)
+static SECStatus
+NamedCRLCacheEntry_Create(NamedCRLCacheEntry** returned)
{
NamedCRLCacheEntry* entry = NULL;
- if (!returned)
- {
+ if (!returned) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
*returned = NULL;
- entry = (NamedCRLCacheEntry*) PORT_ZAlloc(sizeof(NamedCRLCacheEntry));
- if (!entry)
- {
+ entry = (NamedCRLCacheEntry*)PORT_ZAlloc(sizeof(NamedCRLCacheEntry));
+ if (!entry) {
return SECFailure;
}
*returned = entry;
@@ -1201,21 +1123,19 @@
}
/* destroy a named CRL entry object */
-static SECStatus NamedCRLCacheEntry_Destroy(NamedCRLCacheEntry* entry)
+static SECStatus
+NamedCRLCacheEntry_Destroy(NamedCRLCacheEntry* entry)
{
- if (!entry)
- {
+ if (!entry) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- if (entry->crl)
- {
+ if (entry->crl) {
/* named CRL cache owns DER memory */
SECITEM_ZfreeItem(entry->crl, PR_TRUE);
}
- if (entry->canonicalizedName)
- {
+ if (entry->canonicalizedName) {
SECITEM_FreeItem(entry->canonicalizedName, PR_TRUE);
}
PORT_Free(entry);
@@ -1223,25 +1143,22 @@
}
/* callback function used in hash table destructor */
-static PRIntn PR_CALLBACK FreeIssuer(PLHashEntry *he, PRIntn i, void *arg)
+static PRIntn PR_CALLBACK
+FreeIssuer(PLHashEntry* he, PRIntn i, void* arg)
{
CRLIssuerCache* issuer = NULL;
- SECStatus* rv = (SECStatus*) arg;
+ SECStatus* rv = (SECStatus*)arg;
PORT_Assert(he);
- if (!he)
- {
+ if (!he) {
return HT_ENUMERATE_NEXT;
}
- issuer = (CRLIssuerCache*) he->value;
+ issuer = (CRLIssuerCache*)he->value;
PORT_Assert(issuer);
- if (issuer)
- {
- if (SECSuccess != IssuerCache_Destroy(issuer))
- {
+ if (issuer) {
+ if (SECSuccess != IssuerCache_Destroy(issuer)) {
PORT_Assert(rv);
- if (rv)
- {
+ if (rv) {
*rv = SECFailure;
}
return HT_ENUMERATE_NEXT;
@@ -1251,25 +1168,22 @@
}
/* callback function used in hash table destructor */
-static PRIntn PR_CALLBACK FreeNamedEntries(PLHashEntry *he, PRIntn i, void *arg)
+static PRIntn PR_CALLBACK
+FreeNamedEntries(PLHashEntry* he, PRIntn i, void* arg)
{
NamedCRLCacheEntry* entry = NULL;
- SECStatus* rv = (SECStatus*) arg;
+ SECStatus* rv = (SECStatus*)arg;
PORT_Assert(he);
- if (!he)
- {
+ if (!he) {
return HT_ENUMERATE_NEXT;
}
- entry = (NamedCRLCacheEntry*) he->value;
+ entry = (NamedCRLCacheEntry*)he->value;
PORT_Assert(entry);
- if (entry)
- {
- if (SECSuccess != NamedCRLCacheEntry_Destroy(entry))
- {
+ if (entry) {
+ if (SECSuccess != NamedCRLCacheEntry_Destroy(entry)) {
PORT_Assert(rv);
- if (rv)
- {
+ if (rv) {
*rv = SECFailure;
}
return HT_ENUMERATE_NEXT;
@@ -1279,23 +1193,22 @@
}
/* needs to be called at NSS shutdown time
- This will destroy the global CRL cache, including
+ This will destroy the global CRL cache, including
- the hash table of issuer cache objects
- the issuer cache objects
- DPCache objects in issuer cache objects */
-SECStatus ShutdownCRLCache(void)
+SECStatus
+ShutdownCRLCache(void)
{
SECStatus rv = SECSuccess;
- if (PR_FALSE == crlcache_initialized &&
- !crlcache.lock && !crlcache.issuers)
- {
+ if (PR_FALSE == crlcache_initialized && !crlcache.lock &&
+ !crlcache.issuers) {
/* CRL cache has already been shut down */
return SECSuccess;
}
if (PR_TRUE == crlcache_initialized &&
(!crlcache.lock || !crlcache.issuers || !namedCRLCache.lock ||
- !namedCRLCache.entries))
- {
+ !namedCRLCache.entries)) {
/* CRL cache has partially been shut down */
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
@@ -1306,7 +1219,7 @@
/* free the hash table of issuers */
PL_HashTableDestroy(crlcache.issuers);
crlcache.issuers = NULL;
- /* free the global lock */
+/* free the global lock */
#ifdef GLOBAL_RWLOCK
NSSRWLock_Destroy(crlcache.lock);
#else
@@ -1331,57 +1244,49 @@
/* add a new CRL object to the dynamic array of CRLs of the DPCache, and
returns the cached CRL object . Needs write access to DPCache. */
-static SECStatus DPCache_AddCRL(CRLDPCache* cache, CachedCrl* newcrl,
- PRBool* added)
+static SECStatus
+DPCache_AddCRL(CRLDPCache* cache, CachedCrl* newcrl, PRBool* added)
{
CachedCrl** newcrls = NULL;
PRUint32 i = 0;
PORT_Assert(cache);
PORT_Assert(newcrl);
PORT_Assert(added);
- if (!cache || !newcrl || !added)
- {
+ if (!cache || !newcrl || !added) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
*added = PR_FALSE;
/* before adding a new CRL, check if it is a duplicate */
- for (i=0;i<cache->ncrls;i++)
- {
+ for (i = 0; i < cache->ncrls; i++) {
CachedCrl* existing = NULL;
SECStatus rv = SECSuccess;
PRBool dupe = PR_FALSE, updated = PR_FALSE;
- if (!cache->crls)
- {
+ if (!cache->crls) {
PORT_Assert(0);
return SECFailure;
}
existing = cache->crls[i];
- if (!existing)
- {
+ if (!existing) {
PORT_Assert(0);
return SECFailure;
}
rv = CachedCrl_Compare(existing, newcrl, &dupe, &updated);
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- if (PR_TRUE == dupe)
- {
+ if (PR_TRUE == dupe) {
/* dupe */
PORT_SetError(SEC_ERROR_CRL_ALREADY_EXISTS);
return SECSuccess;
}
- if (PR_TRUE == updated)
- {
+ if (PR_TRUE == updated) {
/* this token CRL is in the same slot and has the same object ID,
but different content. We need to remove the old object */
- if (SECSuccess != DPCache_RemoveCRL(cache, i))
- {
+ if (SECSuccess != DPCache_RemoveCRL(cache, i)) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return PR_FALSE;
@@ -1389,44 +1294,41 @@
}
}
- newcrls = (CachedCrl**)PORT_Realloc(cache->crls,
- (cache->ncrls+1)*sizeof(CachedCrl*));
- if (!newcrls)
- {
+ newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) *
+ sizeof(CachedCrl*));
+ if (!newcrls) {
return SECFailure;
}
cache->crls = newcrls;
cache->ncrls++;
- cache->crls[cache->ncrls-1] = newcrl;
+ cache->crls[cache->ncrls - 1] = newcrl;
*added = PR_TRUE;
return SECSuccess;
}
/* remove CRL at offset specified */
-static SECStatus DPCache_RemoveCRL(CRLDPCache* cache, PRUint32 offset)
+static SECStatus
+DPCache_RemoveCRL(CRLDPCache* cache, PRUint32 offset)
{
CachedCrl* acrl = NULL;
PORT_Assert(cache);
- if (!cache || (!cache->crls) || (!(offset<cache->ncrls)) )
- {
+ if (!cache || (!cache->crls) || (!(offset < cache->ncrls))) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
acrl = cache->crls[offset];
PORT_Assert(acrl);
- if (!acrl)
- {
+ if (!acrl) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- cache->crls[offset] = cache->crls[cache->ncrls-1];
- cache->crls[cache->ncrls-1] = NULL;
+ cache->crls[offset] = cache->crls[cache->ncrls - 1];
+ cache->crls[cache->ncrls - 1] = NULL;
cache->ncrls--;
if (cache->selected == acrl) {
cache->selected = NULL;
}
- if (SECSuccess != CachedCrl_Destroy(acrl))
- {
+ if (SECSuccess != CachedCrl_Destroy(acrl)) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
@@ -1442,7 +1344,8 @@
PKCS#11 object of the same ID and subject (which actually happens in
softoken), but this function has no way of knowing that the object
value changed, since CKA_VALUE isn't checked. */
-static PRBool TokenCRLStillExists(CERTSignedCrl* crl)
+static PRBool
+TokenCRLStillExists(CERTSignedCrl* crl)
{
NSSItem newsubject;
SECItem subject;
@@ -1455,20 +1358,17 @@
SECItem* oldSubject = NULL;
PORT_Assert(crl);
- if (!crl)
- {
+ if (!crl) {
return PR_FALSE;
}
slot = crl->slot;
PORT_Assert(crl->slot);
- if (!slot)
- {
+ if (!slot) {
return PR_FALSE;
}
oldSubject = &crl->crl.derName;
PORT_Assert(oldSubject);
- if (!oldSubject)
- {
+ if (!oldSubject) {
return PR_FALSE;
}
@@ -1478,14 +1378,12 @@
/* first, make an nssCryptokiObject */
instance.handle = crl->pkcs11ID;
PORT_Assert(instance.handle);
- if (!instance.handle)
- {
+ if (!instance.handle) {
return PR_FALSE;
}
instance.token = PK11Slot_GetNSSToken(slot);
PORT_Assert(instance.token);
- if (!instance.token)
- {
+ if (!instance.token) {
return PR_FALSE;
}
instance.isTokenObject = PR_TRUE;
@@ -1493,34 +1391,25 @@
arena = NSSArena_Create();
PORT_Assert(arena);
- if (!arena)
- {
+ if (!arena) {
return PR_FALSE;
}
- status = nssCryptokiCRL_GetAttributes(&instance,
- NULL, /* XXX sessionOpt */
- arena,
- NULL,
- &newsubject, /* subject */
- &crl_class, /* class */
- NULL,
- NULL);
- if (PR_SUCCESS == status)
- {
+ status =
+ nssCryptokiCRL_GetAttributes(&instance, NULL, /* XXX sessionOpt */
+ arena, NULL, &newsubject, /* subject */
+ &crl_class, /* class */
+ NULL, NULL);
+ if (PR_SUCCESS == status) {
subject.data = newsubject.data;
subject.len = newsubject.size;
- if (SECITEM_CompareItem(oldSubject, &subject) != SECEqual)
- {
+ if (SECITEM_CompareItem(oldSubject, &subject) != SECEqual) {
xstatus = PR_FALSE;
}
- if (CKO_NETSCAPE_CRL != crl_class)
- {
+ if (CKO_NETSCAPE_CRL != crl_class) {
xstatus = PR_FALSE;
}
- }
- else
- {
+ } else {
xstatus = PR_FALSE;
}
NSSArena_Destroy(arena);
@@ -1528,19 +1417,18 @@
}
/* verify the signature of a CRL against its issuer at a given date */
-static SECStatus CERT_VerifyCRL(
- CERTSignedCrl* crlobject,
- CERTCertificate* issuer,
- PRTime vfdate,
- void* wincx)
+static SECStatus
+CERT_VerifyCRL(CERTSignedCrl* crlobject, CERTCertificate* issuer, PRTime vfdate,
+ void* wincx)
{
- return CERT_VerifySignedData(&crlobject->signatureWrap,
- issuer, vfdate, wincx);
+ return CERT_VerifySignedData(&crlobject->signatureWrap, issuer, vfdate,
+ wincx);
}
/* verify a CRL and update cache state */
-static SECStatus CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject,
- PRTime vfdate, void* wincx)
+static SECStatus
+CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, PRTime vfdate,
+ void* wincx)
{
/* Check if it is an invalid CRL
if we got a bad CRL, we want to cache it in order to avoid
@@ -1554,66 +1442,56 @@
the issuer certificate becomes available if that causes the
signature to verify */
- if (!cache || !crlobject)
- {
+ if (!cache || !crlobject) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- if (PR_TRUE == GetOpaqueCRLFields(crlobject->crl)->decodingError)
- {
+ if (PR_TRUE == GetOpaqueCRLFields(crlobject->crl)->decodingError) {
crlobject->sigChecked = PR_TRUE; /* we can never verify a CRL
with bogus DER. Mark it checked so we won't try again */
PORT_SetError(SEC_ERROR_BAD_DER);
return SECSuccess;
- }
- else
- {
+ } else {
SECStatus signstatus = SECFailure;
- if (cache->issuerDERCert)
- {
- CERTCertificate *issuer = CERT_NewTempCertificate(cache->dbHandle,
- cache->issuerDERCert, NULL, PR_FALSE, PR_TRUE);
+ if (cache->issuerDERCert) {
+ CERTCertificate* issuer = CERT_NewTempCertificate(
+ cache->dbHandle, cache->issuerDERCert, NULL, PR_FALSE, PR_TRUE);
- if (issuer) {
- signstatus = CERT_VerifyCRL(crlobject->crl, issuer, vfdate,
- wincx);
- CERT_DestroyCertificate(issuer);
- }
+ if (issuer) {
+ signstatus =
+ CERT_VerifyCRL(crlobject->crl, issuer, vfdate, wincx);
+ CERT_DestroyCertificate(issuer);
+ }
}
- if (SECSuccess != signstatus)
- {
- if (!cache->issuerDERCert)
- {
+ if (SECSuccess != signstatus) {
+ if (!cache->issuerDERCert) {
/* we tried to verify without an issuer cert . This is
because this CRL came through a call to SEC_FindCrlByName.
So, we don't cache this verification failure. We'll try
to verify the CRL again when a certificate from that issuer
becomes available */
- } else
- {
+ } else {
crlobject->sigChecked = PR_TRUE;
}
PORT_SetError(SEC_ERROR_CRL_BAD_SIGNATURE);
return SECSuccess;
- } else
- {
+ } else {
crlobject->sigChecked = PR_TRUE;
crlobject->sigValid = PR_TRUE;
}
}
-
+
return SECSuccess;
}
/* fetch the CRLs for this DP from the PKCS#11 tokens */
-static SECStatus DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate,
- void* wincx)
+static SECStatus
+DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate, void* wincx)
{
SECStatus rv = SECSuccess;
CERTCrlHeadNode head;
- if (!cache)
- {
+ if (!cache) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
@@ -1626,67 +1504,52 @@
/* if this function fails, something very wrong happened, such as an out
of memory error during CRL decoding. We don't want to proceed and must
mark the cache object invalid */
- if (SECFailure == rv)
- {
+ if (SECFailure == rv) {
/* fetch failed, add error bit */
cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED;
- } else
- {
+ } else {
/* fetch was successful, clear this error bit */
cache->invalid &= (~CRL_CACHE_LAST_FETCH_FAILED);
}
/* add any CRLs found to our array */
- if (SECSuccess == rv)
- {
+ if (SECSuccess == rv) {
CERTCrlNode* crlNode = NULL;
- for (crlNode = head.first; crlNode ; crlNode = crlNode->next)
- {
+ for (crlNode = head.first; crlNode; crlNode = crlNode->next) {
CachedCrl* returned = NULL;
CERTSignedCrl* crlobject = crlNode->crl;
- if (!crlobject)
- {
+ if (!crlobject) {
PORT_Assert(0);
continue;
}
rv = CachedCrl_Create(&returned, crlobject, CRL_OriginToken);
- if (SECSuccess == rv)
- {
+ if (SECSuccess == rv) {
PRBool added = PR_FALSE;
rv = DPCache_AddCRL(cache, returned, &added);
- if (PR_TRUE != added)
- {
+ if (PR_TRUE != added) {
rv = CachedCrl_Destroy(returned);
returned = NULL;
- }
- else if (vfdate)
- {
+ } else if (vfdate) {
rv = CachedCrl_Verify(cache, returned, vfdate, wincx);
}
- }
- else
- {
+ } else {
/* not enough memory to add the CRL to the cache. mark it
invalid so we will try again . */
cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED;
}
- if (SECFailure == rv)
- {
+ if (SECFailure == rv) {
break;
}
}
}
- if (head.arena)
- {
+ if (head.arena) {
CERTCrlNode* crlNode = NULL;
/* clean up the CRL list in case we got a partial one
during a failed fetch */
- for (crlNode = head.first; crlNode ; crlNode = crlNode->next)
- {
- if (crlNode->crl)
- {
+ for (crlNode = head.first; crlNode; crlNode = crlNode->next) {
+ if (crlNode->crl) {
SEC_DestroyCrl(crlNode->crl); /* free the CRL. Either it got
added to the cache and the refcount got bumped, or not, and
thus we need to free its RAM */
@@ -1698,69 +1561,56 @@
return rv;
}
-static SECStatus CachedCrl_GetEntry(CachedCrl* crl, const SECItem* sn,
- CERTCrlEntry** returned)
+static SECStatus
+CachedCrl_GetEntry(CachedCrl* crl, const SECItem* sn, CERTCrlEntry** returned)
{
CERTCrlEntry* acrlEntry;
-
+
PORT_Assert(crl);
PORT_Assert(crl->entries);
PORT_Assert(sn);
PORT_Assert(returned);
- if (!crl || !sn || !returned || !crl->entries)
- {
+ if (!crl || !sn || !returned || !crl->entries) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
acrlEntry = PL_HashTableLookup(crl->entries, (void*)sn);
- if (acrlEntry)
- {
+ if (acrlEntry) {
*returned = acrlEntry;
- }
- else
- {
+ } else {
*returned = NULL;
}
return SECSuccess;
}
/* check if a particular SN is in the CRL cache and return its entry */
-dpcacheStatus DPCache_Lookup(CRLDPCache* cache, const SECItem* sn,
- CERTCrlEntry** returned)
+dpcacheStatus
+DPCache_Lookup(CRLDPCache* cache, const SECItem* sn, CERTCrlEntry** returned)
{
SECStatus rv;
- if (!cache || !sn || !returned)
- {
+ if (!cache || !sn || !returned) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
/* no cache or SN to look up, or no way to return entry */
return dpcacheCallerError;
}
*returned = NULL;
- if (0 != cache->invalid)
- {
+ if (0 != cache->invalid) {
/* the cache contains a bad CRL, or there was a CRL fetching error. */
PORT_SetError(SEC_ERROR_CRL_INVALID);
return dpcacheInvalidCacheError;
}
- if (!cache->selected)
- {
+ if (!cache->selected) {
/* no CRL means no entry to return. This is OK, except for
* NIST policy */
return dpcacheEmpty;
}
rv = CachedCrl_GetEntry(cache->selected, sn, returned);
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
return dpcacheLookupError;
- }
- else
- {
- if (*returned)
- {
+ } else {
+ if (*returned) {
return dpcacheFoundEntry;
- }
- else
- {
+ } else {
return dpcacheNoEntry;
}
}
@@ -1768,45 +1618,43 @@
#if defined(DPC_RWLOCK)
-#define DPCache_LockWrite() \
-{ \
- if (readlocked) \
- { \
- NSSRWLock_UnlockRead(cache->lock); \
- } \
- NSSRWLock_LockWrite(cache->lock); \
-}
+#define DPCache_LockWrite() \
+ { \
+ if (readlocked) { \
+ NSSRWLock_UnlockRead(cache->lock); \
+ } \
+ NSSRWLock_LockWrite(cache->lock); \
+ }
-#define DPCache_UnlockWrite() \
-{ \
- if (readlocked) \
- { \
- NSSRWLock_LockRead(cache->lock); \
- } \
- NSSRWLock_UnlockWrite(cache->lock); \
-}
+#define DPCache_UnlockWrite() \
+ { \
+ if (readlocked) { \
+ NSSRWLock_LockRead(cache->lock); \
+ } \
+ NSSRWLock_UnlockWrite(cache->lock); \
+ }
#else
/* with a global lock, we are always locked for read before we need write
access, so do nothing */
-#define DPCache_LockWrite() \
-{ \
-}
+#define DPCache_LockWrite() \
+ { \
+ }
-#define DPCache_UnlockWrite() \
-{ \
-}
+#define DPCache_UnlockWrite() \
+ { \
+ }
#endif
/* update the content of the CRL cache, including fetching of CRLs, and
reprocessing with specified issuer and date . We are always holding
either the read or write lock on DPCache upon entry. */
-static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate*
- issuer, PRBool readlocked, PRTime vfdate,
- void* wincx)
+static SECStatus
+DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* issuer,
+ PRBool readlocked, PRTime vfdate, void* wincx)
{
/* Update the CRLDPCache now. We don't cache token CRL lookup misses
yet, as we have no way of getting notified of new PKCS#11 object
@@ -1821,8 +1669,7 @@
PRTime lastfetch = 0;
PRBool mustunlock = PR_FALSE;
- if (!cache)
- {
+ if (!cache) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
@@ -1839,36 +1686,32 @@
*/
forcedrefresh = cache->refresh;
lastfetch = cache->lastfetch;
- if (PR_TRUE != forcedrefresh &&
- (!(cache->invalid & CRL_CACHE_LAST_FETCH_FAILED)))
- {
+ if (PR_TRUE != forcedrefresh &&
+ (!(cache->invalid & CRL_CACHE_LAST_FETCH_FAILED))) {
now = PR_Now();
hastokenCRLs = DPCache_HasTokenCRLs(cache);
}
- if ( (0 == lastfetch) ||
+ if ((0 == lastfetch) ||
- (PR_TRUE == forcedrefresh) ||
+ (PR_TRUE == forcedrefresh) ||
- (cache->invalid & CRL_CACHE_LAST_FETCH_FAILED) ||
+ (cache->invalid & CRL_CACHE_LAST_FETCH_FAILED) ||
- ( (PR_FALSE == hastokenCRLs) &&
- ( (now - cache->lastfetch > CRLCache_Empty_TokenFetch_Interval) ||
- (now < cache->lastfetch)) ) ||
+ ((PR_FALSE == hastokenCRLs) &&
+ ((now - cache->lastfetch > CRLCache_Empty_TokenFetch_Interval) ||
+ (now < cache->lastfetch))) ||
- ( (PR_TRUE == hastokenCRLs) &&
- ((now - cache->lastfetch > CRLCache_TokenRefetch_Interval) ||
- (now < cache->lastfetch)) ) )
- {
+ ((PR_TRUE == hastokenCRLs) &&
+ ((now - cache->lastfetch > CRLCache_TokenRefetch_Interval) ||
+ (now < cache->lastfetch)))) {
/* the cache needs to be refreshed, and/or we had zero CRL for this
DP. Try to get one from PKCS#11 tokens */
DPCache_LockWrite();
/* check if another thread updated before us, and skip update if so */
- if (lastfetch == cache->lastfetch)
- {
+ if (lastfetch == cache->lastfetch) {
/* we are the first */
rv = DPCache_FetchFromTokens(cache, vfdate, wincx);
- if (PR_TRUE == cache->refresh)
- {
+ if (PR_TRUE == cache->refresh) {
cache->refresh = PR_FALSE; /* clear refresh state */
}
dirty = PR_TRUE;
@@ -1881,38 +1724,31 @@
we'll do this inexpensive existence check either
1) if there was a token object fetch
2) every minute */
- if (( PR_TRUE != dirty) && (!now) )
- {
+ if ((PR_TRUE != dirty) && (!now)) {
now = PR_Now();
}
- if ( (PR_TRUE == dirty) ||
- ( (now - cache->lastcheck > CRLCache_ExistenceCheck_Interval) ||
- (now < cache->lastcheck)) )
- {
+ if ((PR_TRUE == dirty) ||
+ ((now - cache->lastcheck > CRLCache_ExistenceCheck_Interval) ||
+ (now < cache->lastcheck))) {
PRTime lastcheck = cache->lastcheck;
mustunlock = PR_FALSE;
/* check if all CRLs still exist */
- for (i = 0; (i < cache->ncrls) ; i++)
- {
+ for (i = 0; (i < cache->ncrls); i++) {
CachedCrl* savcrl = cache->crls[i];
- if ( (!savcrl) || (savcrl && CRL_OriginToken != savcrl->origin))
- {
+ if ((!savcrl) || (savcrl && CRL_OriginToken != savcrl->origin)) {
/* we only want to check token CRLs */
continue;
}
- if ((PR_TRUE != TokenCRLStillExists(savcrl->crl)))
- {
-
+ if ((PR_TRUE != TokenCRLStillExists(savcrl->crl))) {
+
/* this CRL is gone */
- if (PR_TRUE != mustunlock)
- {
+ if (PR_TRUE != mustunlock) {
DPCache_LockWrite();
mustunlock = PR_TRUE;
}
/* first, we need to check if another thread did an update
before we did */
- if (lastcheck == cache->lastcheck)
- {
+ if (lastcheck == cache->lastcheck) {
/* the CRL is gone. And we are the one to do the update */
DPCache_RemoveCRL(cache, i);
dirty = PR_TRUE;
@@ -1921,8 +1757,7 @@
updates in this thread for the remaining CRLs */
}
}
- if (PR_TRUE == mustunlock)
- {
+ if (PR_TRUE == mustunlock) {
cache->lastcheck = PR_Now();
DPCache_UnlockWrite();
mustunlock = PR_FALSE;
@@ -1931,15 +1766,13 @@
/* add issuer certificate if it was previously unavailable */
if (issuer && (NULL == cache->issuerDERCert) &&
- (SECSuccess == CERT_CheckCertUsage(issuer, KU_CRL_SIGN)))
- {
+ (SECSuccess == CERT_CheckCertUsage(issuer, KU_CRL_SIGN))) {
/* if we didn't have a valid issuer cert yet, but we do now. add it */
DPCache_LockWrite();
- if (!cache->issuerDERCert)
- {
+ if (!cache->issuerDERCert) {
dirty = PR_TRUE;
- cache->dbHandle = issuer->dbhandle;
- cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
+ cache->dbHandle = issuer->dbhandle;
+ cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
}
DPCache_UnlockWrite();
}
@@ -1950,21 +1783,16 @@
SEC_FindCrlByName, or through manual insertion, rather than through a
certificate verification (CERT_CheckCRL) */
- if (cache->issuerDERCert && vfdate )
- {
- mustunlock = PR_FALSE;
+ if (cache->issuerDERCert && vfdate) {
+ mustunlock = PR_FALSE;
/* re-process all unverified CRLs */
- for (i = 0; i < cache->ncrls ; i++)
- {
+ for (i = 0; i < cache->ncrls; i++) {
CachedCrl* savcrl = cache->crls[i];
- if (!savcrl)
- {
+ if (!savcrl) {
continue;
}
- if (PR_TRUE != savcrl->sigChecked)
- {
- if (!mustunlock)
- {
+ if (PR_TRUE != savcrl->sigChecked) {
+ if (!mustunlock) {
DPCache_LockWrite();
mustunlock = PR_TRUE;
}
@@ -1972,9 +1800,8 @@
it before we did, and abort if it has been modified since
we acquired the lock. Make sure first that the CRL is still
in the array at the same position */
- if ( (i<cache->ncrls) && (savcrl == cache->crls[i]) &&
- (PR_TRUE != savcrl->sigChecked) )
- {
+ if ((i < cache->ncrls) && (savcrl == cache->crls[i]) &&
+ (PR_TRUE != savcrl->sigChecked)) {
/* the CRL is still there, unverified. Do it */
CachedCrl_Verify(cache, savcrl, vfdate, wincx);
dirty = PR_TRUE;
@@ -1982,191 +1809,164 @@
/* stay locked here intentionally so we do all the other
updates in this thread for the remaining CRLs */
}
- if (mustunlock && !dirty)
- {
+ if (mustunlock && !dirty) {
DPCache_UnlockWrite();
mustunlock = PR_FALSE;
}
}
}
- if (dirty || cache->mustchoose)
- {
+ if (dirty || cache->mustchoose) {
/* changes to the content of the CRL cache necessitate examining all
CRLs for selection of the most appropriate one to cache */
- if (!mustunlock)
- {
- DPCache_LockWrite();
- mustunlock = PR_TRUE;
- }
+ if (!mustunlock) {
+ DPCache_LockWrite();
+ mustunlock = PR_TRUE;
+ }
DPCache_SelectCRL(cache);
cache->mustchoose = PR_FALSE;
}
if (mustunlock)
- DPCache_UnlockWrite();
+ DPCache_UnlockWrite();
return rv;
}
/* callback for qsort to sort by thisUpdate */
-static int SortCRLsByThisUpdate(const void* arg1, const void* arg2)
+static int
+SortCRLsByThisUpdate(const void* arg1, const void* arg2)
{
PRTime timea, timeb;
SECStatus rv = SECSuccess;
- CachedCrl* a, *b;
+ CachedCrl *a, *b;
- a = *(CachedCrl**) arg1;
- b = *(CachedCrl**) arg2;
+ a = *(CachedCrl**)arg1;
+ b = *(CachedCrl**)arg2;
- if (!a || !b)
- {
+ if (!a || !b) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
rv = SECFailure;
}
- if (SECSuccess == rv)
- {
+ if (SECSuccess == rv) {
rv = DER_DecodeTimeChoice(&timea, &a->crl->crl.lastUpdate);
- }
- if (SECSuccess == rv)
- {
+ }
+ if (SECSuccess == rv) {
rv = DER_DecodeTimeChoice(&timeb, &b->crl->crl.lastUpdate);
}
- if (SECSuccess == rv)
- {
- if (timea > timeb)
- {
+ if (SECSuccess == rv) {
+ if (timea > timeb) {
return 1; /* a is better than b */
}
- if (timea < timeb )
- {
+ if (timea < timeb) {
return -1; /* a is not as good as b */
}
}
/* if they are equal, or if all else fails, use pointer differences */
PORT_Assert(a != b); /* they should never be equal */
- return a>b?1:-1;
+ return a > b ? 1 : -1;
}
/* callback for qsort to sort a set of disparate CRLs, some of which are
invalid DER or failed signature check.
-
+
Validated CRLs are differentiated by thisUpdate .
Validated CRLs are preferred over non-validated CRLs .
Proper DER CRLs are preferred over non-DER data .
*/
-static int SortImperfectCRLs(const void* arg1, const void* arg2)
+static int
+SortImperfectCRLs(const void* arg1, const void* arg2)
{
- CachedCrl* a, *b;
+ CachedCrl *a, *b;
- a = *(CachedCrl**) arg1;
- b = *(CachedCrl**) arg2;
+ a = *(CachedCrl**)arg1;
+ b = *(CachedCrl**)arg2;
- if (!a || !b)
- {
+ if (!a || !b) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
PORT_Assert(0);
- }
- else
- {
+ } else {
PRBool aDecoded = PR_FALSE, bDecoded = PR_FALSE;
- if ( (PR_TRUE == a->sigValid) && (PR_TRUE == b->sigValid) )
- {
+ if ((PR_TRUE == a->sigValid) && (PR_TRUE == b->sigValid)) {
/* both CRLs have been validated, choose the latest one */
return SortCRLsByThisUpdate(arg1, arg2);
}
- if (PR_TRUE == a->sigValid)
- {
+ if (PR_TRUE == a->sigValid) {
return 1; /* a is greater than b */
}
- if (PR_TRUE == b->sigValid)
- {
+ if (PR_TRUE == b->sigValid) {
return -1; /* a is not as good as b */
}
aDecoded = GetOpaqueCRLFields(a->crl)->decodingError;
bDecoded = GetOpaqueCRLFields(b->crl)->decodingError;
/* neither CRL had its signature check pass */
- if ( (PR_FALSE == aDecoded) && (PR_FALSE == bDecoded) )
- {
+ if ((PR_FALSE == aDecoded) && (PR_FALSE == bDecoded)) {
/* both CRLs are proper DER, choose the latest one */
return SortCRLsByThisUpdate(arg1, arg2);
}
- if (PR_FALSE == aDecoded)
- {
+ if (PR_FALSE == aDecoded) {
return 1; /* a is better than b */
}
- if (PR_FALSE == bDecoded)
- {
+ if (PR_FALSE == bDecoded) {
return -1; /* a is not as good as b */
}
/* both are invalid DER. sigh. */
}
/* if they are equal, or if all else fails, use pointer differences */
PORT_Assert(a != b); /* they should never be equal */
- return a>b?1:-1;
+ return a > b ? 1 : -1;
}
-
/* Pick best CRL to use . needs write access */
-static SECStatus DPCache_SelectCRL(CRLDPCache* cache)
+static SECStatus
+DPCache_SelectCRL(CRLDPCache* cache)
{
PRUint32 i;
PRBool valid = PR_TRUE;
CachedCrl* selected = NULL;
PORT_Assert(cache);
- if (!cache)
- {
+ if (!cache) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* if any invalid CRL is present, then the CRL cache is
considered invalid, for security reasons */
- for (i = 0 ; i<cache->ncrls; i++)
- {
+ for (i = 0; i < cache->ncrls; i++) {
if (!cache->crls[i] || !cache->crls[i]->sigChecked ||
- !cache->crls[i]->sigValid)
- {
+ !cache->crls[i]->sigValid) {
valid = PR_FALSE;
break;
}
}
- if (PR_TRUE == valid)
- {
+ if (PR_TRUE == valid) {
/* all CRLs are valid, clear this error */
cache->invalid &= (~CRL_CACHE_INVALID_CRLS);
- } else
- {
+ } else {
/* some CRLs are invalid, set this error */
cache->invalid |= CRL_CACHE_INVALID_CRLS;
}
- if (cache->invalid)
- {
+ if (cache->invalid) {
/* cache is in an invalid state, so reset it */
- if (cache->selected)
- {
+ if (cache->selected) {
cache->selected = NULL;
}
/* also sort the CRLs imperfectly */
- qsort(cache->crls, cache->ncrls, sizeof(CachedCrl*),
- SortImperfectCRLs);
+ qsort(cache->crls, cache->ncrls, sizeof(CachedCrl*), SortImperfectCRLs);
return SECSuccess;
}
/* all CRLs are good, sort them by thisUpdate */
- qsort(cache->crls, cache->ncrls, sizeof(CachedCrl*),
- SortCRLsByThisUpdate);
+ qsort(cache->crls, cache->ncrls, sizeof(CachedCrl*), SortCRLsByThisUpdate);
- if (cache->ncrls)
- {
+ if (cache->ncrls) {
/* pick the newest CRL */
- selected = cache->crls[cache->ncrls-1];
-
+ selected = cache->crls[cache->ncrls - 1];
+
/* and populate the cache */
- if (SECSuccess != CachedCrl_Populate(selected))
- {
+ if (SECSuccess != CachedCrl_Populate(selected)) {
return SECFailure;
}
}
@@ -2177,22 +1977,21 @@
}
/* initialize a DPCache object */
-static SECStatus DPCache_Create(CRLDPCache** returned, CERTCertificate* issuer,
- const SECItem* subject, SECItem* dp)
+static SECStatus
+DPCache_Create(CRLDPCache** returned, CERTCertificate* issuer,
+ const SECItem* subject, SECItem* dp)
{
CRLDPCache* cache = NULL;
PORT_Assert(returned);
/* issuer and dp are allowed to be NULL */
- if (!returned || !subject)
- {
+ if (!returned || !subject) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
*returned = NULL;
cache = PORT_ZAlloc(sizeof(CRLDPCache));
- if (!cache)
- {
+ if (!cache) {
return SECFailure;
}
#ifdef DPC_RWLOCK
@@ -2200,15 +1999,13 @@
#else
cache->lock = PR_NewLock();
#endif
- if (!cache->lock)
- {
- PORT_Free(cache);
+ if (!cache->lock) {
+ PORT_Free(cache);
return SECFailure;
}
- if (issuer)
- {
- cache->dbHandle = issuer->dbhandle;
- cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
+ if (issuer) {
+ cache->dbHandle = issuer->dbhandle;
+ cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
}
cache->distributionPoint = SECITEM_DupItem(dp);
cache->subject = SECITEM_DupItem(subject);
@@ -2219,45 +2016,39 @@
}
/* create an issuer cache object (per CA subject ) */
-static SECStatus IssuerCache_Create(CRLIssuerCache** returned,
- CERTCertificate* issuer,
- const SECItem* subject, const SECItem* dp)
+static SECStatus
+IssuerCache_Create(CRLIssuerCache** returned, CERTCertificate* issuer,
+ const SECItem* subject, const SECItem* dp)
{
SECStatus rv = SECSuccess;
CRLIssuerCache* cache = NULL;
PORT_Assert(returned);
PORT_Assert(subject);
/* issuer and dp are allowed to be NULL */
- if (!returned || !subject)
- {
+ if (!returned || !subject) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
*returned = NULL;
- cache = (CRLIssuerCache*) PORT_ZAlloc(sizeof(CRLIssuerCache));
- if (!cache)
- {
+ cache = (CRLIssuerCache*)PORT_ZAlloc(sizeof(CRLIssuerCache));
+ if (!cache) {
return SECFailure;
}
cache->subject = SECITEM_DupItem(subject);
#ifdef XCRL
cache->lock = NSSRWLock_New(NSS_RWLOCK_RANK_NONE, NULL);
- if (!cache->lock)
- {
+ if (!cache->lock) {
rv = SECFailure;
}
- if (SECSuccess == rv && issuer)
- {
+ if (SECSuccess == rv && issuer) {
cache->issuer = CERT_DupCertificate(issuer);
- if (!cache->issuer)
- {
+ if (!cache->issuer) {
rv = SECFailure;
}
}
#endif
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
PORT_Assert(SECSuccess == IssuerCache_Destroy(cache));
return SECFailure;
}
@@ -2266,31 +2057,25 @@
}
/* add a DPCache to the issuer cache */
-static SECStatus IssuerCache_AddDP(CRLIssuerCache* cache,
- CERTCertificate* issuer,
- const SECItem* subject,
- const SECItem* dp,
- CRLDPCache** newdpc)
+static SECStatus
+IssuerCache_AddDP(CRLIssuerCache* cache, CERTCertificate* issuer,
+ const SECItem* subject, const SECItem* dp,
+ CRLDPCache** newdpc)
{
/* now create the required DP cache object */
- if (!cache || !subject || !newdpc)
- {
+ if (!cache || !subject || !newdpc) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- if (!dp)
- {
+ if (!dp) {
/* default distribution point */
SECStatus rv = DPCache_Create(&cache->dpp, issuer, subject, NULL);
- if (SECSuccess == rv)
- {
+ if (SECSuccess == rv) {
*newdpc = cache->dpp;
return SECSuccess;
}
- }
- else
- {
+ } else {
/* we should never hit this until we support multiple DPs */
PORT_Assert(dp);
/* XCRL allocate a new distribution point cache object, initialize it,
@@ -2300,27 +2085,26 @@
}
/* add an IssuerCache to the global hash table of issuers */
-static SECStatus CRLCache_AddIssuer(CRLIssuerCache* issuer)
-{
+static SECStatus
+CRLCache_AddIssuer(CRLIssuerCache* issuer)
+{
PORT_Assert(issuer);
PORT_Assert(crlcache.issuers);
- if (!issuer || !crlcache.issuers)
- {
+ if (!issuer || !crlcache.issuers) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- if (NULL == PL_HashTableAdd(crlcache.issuers, (void*) issuer->subject,
- (void*) issuer))
- {
+ if (NULL == PL_HashTableAdd(crlcache.issuers, (void*)issuer->subject,
+ (void*)issuer)) {
return SECFailure;
}
return SECSuccess;
}
/* retrieve the issuer cache object for a given issuer subject */
-static SECStatus CRLCache_GetIssuerCache(CRLCache* cache,
- const SECItem* subject,
- CRLIssuerCache** returned)
+static SECStatus
+CRLCache_GetIssuerCache(CRLCache* cache, const SECItem* subject,
+ CRLIssuerCache** returned)
{
/* we need to look up the issuer in the hash table */
SECStatus rv = SECSuccess;
@@ -2328,58 +2112,51 @@
PORT_Assert(subject);
PORT_Assert(returned);
PORT_Assert(crlcache.issuers);
- if (!cache || !subject || !returned || !crlcache.issuers)
- {
+ if (!cache || !subject || !returned || !crlcache.issuers) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
rv = SECFailure;
}
- if (SECSuccess == rv)
- {
- *returned = (CRLIssuerCache*) PL_HashTableLookup(crlcache.issuers,
- (void*) subject);
+ if (SECSuccess == rv) {
+ *returned = (CRLIssuerCache*)PL_HashTableLookup(crlcache.issuers,
+ (void*)subject);
}
return rv;
}
/* retrieve the full CRL object that best matches the content of a DPCache */
-static CERTSignedCrl* GetBestCRL(CRLDPCache* cache, PRBool entries)
+static CERTSignedCrl*
+GetBestCRL(CRLDPCache* cache, PRBool entries)
{
CachedCrl* acrl = NULL;
PORT_Assert(cache);
- if (!cache)
- {
+ if (!cache) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return NULL;
}
- if (0 == cache->ncrls)
- {
+ if (0 == cache->ncrls) {
/* empty cache*/
PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
return NULL;
- }
+ }
/* if we have a valid full CRL selected, return it */
- if (cache->selected)
- {
+ if (cache->selected) {
return SEC_DupCrl(cache->selected->crl);
}
/* otherwise, use latest valid DER CRL */
- acrl = cache->crls[cache->ncrls-1];
+ acrl = cache->crls[cache->ncrls - 1];
- if (acrl && (PR_FALSE == GetOpaqueCRLFields(acrl->crl)->decodingError) )
- {
+ if (acrl && (PR_FALSE == GetOpaqueCRLFields(acrl->crl)->decodingError)) {
SECStatus rv = SECSuccess;
- if (PR_TRUE == entries)
- {
+ if (PR_TRUE == entries) {
rv = CERT_CompleteCRLDecodeEntries(acrl->crl);
}
- if (SECSuccess == rv)
- {
+ if (SECSuccess == rv) {
return SEC_DupCrl(acrl->crl);
}
}
@@ -2389,7 +2166,8 @@
}
/* get a particular DPCache object from an IssuerCache */
-static CRLDPCache* IssuerCache_GetDPCache(CRLIssuerCache* cache, const SECItem* dp)
+static CRLDPCache*
+IssuerCache_GetDPCache(CRLIssuerCache* cache, const SECItem* dp)
{
CRLDPCache* dpp = NULL;
PORT_Assert(cache);
@@ -2397,8 +2175,7 @@
full CRL. So we can return the global one without locking. In
the future we will have a lock */
PORT_Assert(NULL == dp);
- if (!cache || dp)
- {
+ if (!cache || dp) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return NULL;
}
@@ -2415,9 +2192,10 @@
/* get a DPCache object for the given issuer subject and dp
Automatically creates the cache object if it doesn't exist yet.
*/
-SECStatus AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
- const SECItem* dp, PRTime t, void* wincx,
- CRLDPCache** dpcache, PRBool* writeLocked)
+SECStatus
+AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
+ const SECItem* dp, PRTime t, void* wincx, CRLDPCache** dpcache,
+ PRBool* writeLocked)
{
SECStatus rv = SECSuccess;
CRLIssuerCache* issuercache = NULL;
@@ -2425,8 +2203,7 @@
PRBool globalwrite = PR_FALSE;
#endif
PORT_Assert(crlcache.lock);
- if (!crlcache.lock)
- {
+ if (!crlcache.lock) {
/* CRL cache is not initialized */
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
@@ -2437,8 +2214,7 @@
PR_Lock(crlcache.lock);
#endif
rv = CRLCache_GetIssuerCache(&crlcache, subject, &issuercache);
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
#ifdef GLOBAL_RWLOCK
NSSRWLock_UnlockRead(crlcache.lock);
#else
@@ -2447,28 +2223,24 @@
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- if (!issuercache)
- {
+ if (!issuercache) {
/* there is no cache for this issuer yet. This means this is the
first time we look up a cert from that issuer, and we need to
create the cache. */
-
+
rv = IssuerCache_Create(&issuercache, issuer, subject, dp);
- if (SECSuccess == rv && !issuercache)
- {
+ if (SECSuccess == rv && !issuercache) {
PORT_Assert(issuercache);
rv = SECFailure;
}
- if (SECSuccess == rv)
- {
+ if (SECSuccess == rv) {
/* This is the first time we look up a cert of this issuer.
Create the DPCache for this DP . */
rv = IssuerCache_AddDP(issuercache, issuer, subject, dp, dpcache);
}
- if (SECSuccess == rv)
- {
+ if (SECSuccess == rv) {
/* lock the DPCache for write to ensure the update happens in this
thread */
*writeLocked = PR_TRUE;
@@ -2478,11 +2250,10 @@
PR_Lock((*dpcache)->lock);
#endif
}
-
- if (SECSuccess == rv)
- {
- /* now add the new issuer cache to the global hash table of
- issuers */
+
+ if (SECSuccess == rv) {
+/* now add the new issuer cache to the global hash table of
+ issuers */
#ifdef GLOBAL_RWLOCK
CRLIssuerCache* existing = NULL;
NSSRWLock_UnlockRead(crlcache.lock);
@@ -2491,37 +2262,30 @@
NSSRWLock_LockWrite(crlcache.lock);
globalwrite = PR_TRUE;
rv = CRLCache_GetIssuerCache(&crlcache, subject, &existing);
- if (!existing)
- {
+ if (!existing) {
#endif
rv = CRLCache_AddIssuer(issuercache);
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
/* failure */
rv = SECFailure;
}
#ifdef GLOBAL_RWLOCK
- }
- else
- {
+ } else {
/* somebody else updated before we did */
IssuerCache_Destroy(issuercache); /* destroy the new object */
- issuercache = existing; /* use the existing one */
+ issuercache = existing; /* use the existing one */
*dpcache = IssuerCache_GetDPCache(issuercache, dp);
}
#endif
}
- /* now unlock the global cache. We only want to lock the issuer hash
- table addition. Holding it longer would hurt scalability */
+/* now unlock the global cache. We only want to lock the issuer hash
+ table addition. Holding it longer would hurt scalability */
#ifdef GLOBAL_RWLOCK
- if (PR_TRUE == globalwrite)
- {
+ if (PR_TRUE == globalwrite) {
NSSRWLock_UnlockWrite(crlcache.lock);
globalwrite = PR_FALSE;
- }
- else
- {
+ } else {
NSSRWLock_UnlockRead(crlcache.lock);
}
#else
@@ -2529,10 +2293,8 @@
#endif
/* if there was a failure adding an issuer cache object, destroy it */
- if (SECSuccess != rv && issuercache)
- {
- if (PR_TRUE == *writeLocked)
- {
+ if (SECSuccess != rv && issuercache) {
+ if (PR_TRUE == *writeLocked) {
#ifdef DPC_RWLOCK
NSSRWLock_UnlockWrite((*dpcache)->lock);
#else
@@ -2543,12 +2305,10 @@
issuercache = NULL;
}
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
return SECFailure;
}
- } else
- {
+ } else {
#ifdef GLOBAL_RWLOCK
NSSRWLock_UnlockRead(crlcache.lock);
#else
@@ -2558,27 +2318,22 @@
}
/* we now have a DPCache that we can use for lookups */
/* lock it for read, unless we already locked for write */
- if (PR_FALSE == *writeLocked)
- {
+ if (PR_FALSE == *writeLocked) {
#ifdef DPC_RWLOCK
NSSRWLock_LockRead((*dpcache)->lock);
#else
PR_Lock((*dpcache)->lock);
#endif
}
-
- if (SECSuccess == rv)
- {
+
+ if (SECSuccess == rv) {
/* currently there is always one and only one DPCache per issuer */
PORT_Assert(*dpcache);
- if (*dpcache)
- {
+ if (*dpcache) {
/* make sure the DP cache is up to date before using it */
rv = DPCache_GetUpToDate(*dpcache, issuer, PR_FALSE == *writeLocked,
t, wincx);
- }
- else
- {
+ } else {
rv = SECFailure;
}
}
@@ -2586,20 +2341,17 @@
}
/* unlock access to the DPCache */
-void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked)
+void
+ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked)
{
- if (!dpcache)
- {
+ if (!dpcache) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return;
}
#ifdef DPC_RWLOCK
- if (PR_TRUE == writeLocked)
- {
+ if (PR_TRUE == writeLocked) {
NSSRWLock_UnlockWrite(dpcache->lock);
- }
- else
- {
+ } else {
NSSRWLock_UnlockRead(dpcache->lock);
}
#else
@@ -2609,9 +2361,9 @@
SECStatus
cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer,
- const SECItem* dp, PRTime t, void *wincx,
- CERTRevocationStatus *revStatus,
- CERTCRLEntryReasonCode *revReason)
+ const SECItem* dp, PRTime t, void* wincx,
+ CERTRevocationStatus* revStatus,
+ CERTCRLEntryReasonCode* revReason)
{
PRBool lockedwrite = PR_FALSE;
SECStatus rv = SECSuccess;
@@ -2621,23 +2373,20 @@
CERTCrlEntry* entry = NULL;
dpcacheStatus ds;
- if (!cert || !issuer)
- {
+ if (!cert || !issuer) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- if (revStatus)
- {
+ if (revStatus) {
*revStatus = status;
}
- if (revReason)
- {
+ if (revReason) {
*revReason = reason;
}
- if (t && secCertTimeValid != CERT_CheckCertValidTimes(issuer, t, PR_FALSE))
- {
+ if (t &&
+ secCertTimeValid != CERT_CheckCertValidTimes(issuer, t, PR_FALSE)) {
/* we won't be able to check the CRL's signature if the issuer cert
is expired as of the time we are verifying. This may cause a valid
CRL to be cached as bad. short-circuit to avoid this case. */
@@ -2648,50 +2397,39 @@
rv = AcquireDPCache(issuer, &issuer->derSubject, dp, t, wincx, &dpcache,
&lockedwrite);
PORT_Assert(SECSuccess == rv);
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* now look up the certificate SN in the DP cache's CRL */
ds = DPCache_Lookup(dpcache, &cert->serialNumber, &entry);
- switch (ds)
- {
+ switch (ds) {
case dpcacheFoundEntry:
PORT_Assert(entry);
/* check the time if we have one */
- if (entry->revocationDate.data && entry->revocationDate.len)
- {
+ if (entry->revocationDate.data && entry->revocationDate.len) {
PRTime revocationDate = 0;
- if (SECSuccess == DER_DecodeTimeChoice(&revocationDate,
- &entry->revocationDate))
- {
+ if (SECSuccess ==
+ DER_DecodeTimeChoice(&revocationDate,
+ &entry->revocationDate)) {
/* we got a good revocation date, only consider the
certificate revoked if the time we are inquiring about
is past the revocation date */
- if (t>=revocationDate)
- {
+ if (t >= revocationDate) {
rv = SECFailure;
- }
- else
- {
+ } else {
status = certRevocationStatusValid;
}
- }
- else
- {
+ } else {
/* invalid revocation date, consider the certificate
permanently revoked */
rv = SECFailure;
}
- }
- else
- {
+ } else {
/* no revocation date, certificate is permanently revoked */
rv = SECFailure;
}
- if (SECFailure == rv)
- {
+ if (SECFailure == rv) {
(void)CERT_FindCRLEntryReasonExten(entry, &reason);
PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
}
@@ -2718,12 +2456,10 @@
}
ReleaseDPCache(dpcache, lockedwrite);
- if (revStatus)
- {
+ if (revStatus) {
*revStatus = status;
}
- if (revReason)
- {
+ if (revReason) {
*revReason = reason;
}
return rv;
@@ -2731,31 +2467,29 @@
/* check CRL revocation status of given certificate and issuer */
SECStatus
-CERT_CheckCRL(CERTCertificate* cert, CERTCertificate* issuer,
- const SECItem* dp, PRTime t, void* wincx)
+CERT_CheckCRL(CERTCertificate* cert, CERTCertificate* issuer, const SECItem* dp,
+ PRTime t, void* wincx)
{
- return cert_CheckCertRevocationStatus(cert, issuer, dp, t, wincx,
- NULL, NULL);
+ return cert_CheckCertRevocationStatus(cert, issuer, dp, t, wincx, NULL,
+ NULL);
}
/* retrieve full CRL object that best matches the cache status */
-CERTSignedCrl *
-SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey, int type)
+CERTSignedCrl*
+SEC_FindCrlByName(CERTCertDBHandle* handle, SECItem* crlKey, int type)
{
CERTSignedCrl* acrl = NULL;
CRLDPCache* dpcache = NULL;
SECStatus rv = SECSuccess;
PRBool writeLocked = PR_FALSE;
- if (!crlKey)
- {
+ if (!crlKey) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
rv = AcquireDPCache(NULL, crlKey, NULL, 0, NULL, &dpcache, &writeLocked);
- if (SECSuccess == rv)
- {
+ if (SECSuccess == rv) {
acrl = GetBestCRL(dpcache, PR_TRUE); /* decode entries, because
SEC_FindCrlByName always returned fully decoded CRLs in the past */
ReleaseDPCache(dpcache, writeLocked);
@@ -2765,24 +2499,24 @@
/* invalidate the CRL cache for a given issuer, which forces a refetch of
CRL objects from PKCS#11 tokens */
-void CERT_CRLCacheRefreshIssuer(CERTCertDBHandle* dbhandle, SECItem* crlKey)
+void
+CERT_CRLCacheRefreshIssuer(CERTCertDBHandle* dbhandle, SECItem* crlKey)
{
CRLDPCache* cache = NULL;
SECStatus rv = SECSuccess;
PRBool writeLocked = PR_FALSE;
PRBool readlocked;
- (void) dbhandle; /* silence compiler warnings */
+ (void)dbhandle; /* silence compiler warnings */
/* XCRL we will need to refresh all the DPs of the issuer in the future,
not just the default one */
rv = AcquireDPCache(NULL, crlKey, NULL, 0, NULL, &cache, &writeLocked);
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
return;
}
/* we need to invalidate the DPCache here */
- readlocked = (writeLocked == PR_TRUE? PR_FALSE : PR_TRUE);
+ readlocked = (writeLocked == PR_TRUE ? PR_FALSE : PR_TRUE);
DPCache_LockWrite();
cache->refresh = PR_TRUE;
DPCache_UnlockWrite();
@@ -2791,7 +2525,8 @@
}
/* add the specified RAM CRL object to the cache */
-SECStatus CERT_CacheCRL(CERTCertDBHandle* dbhandle, SECItem* newdercrl)
+SECStatus
+CERT_CacheCRL(CERTCertDBHandle* dbhandle, SECItem* newdercrl)
{
CRLDPCache* cache = NULL;
SECStatus rv = SECSuccess;
@@ -2801,9 +2536,8 @@
PRBool added = PR_FALSE;
CERTSignedCrl* newcrl = NULL;
int realerror = 0;
-
- if (!dbhandle || !newdercrl)
- {
+
+ if (!dbhandle || !newdercrl) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -2811,55 +2545,49 @@
/* first decode the DER CRL to make sure it's OK */
newcrl = CERT_DecodeDERCrlWithFlags(NULL, newdercrl, SEC_CRL_TYPE,
CRL_DECODE_DONT_COPY_DER |
- CRL_DECODE_SKIP_ENTRIES);
+ CRL_DECODE_SKIP_ENTRIES);
- if (!newcrl)
- {
+ if (!newcrl) {
return SECFailure;
}
/* XXX check if it has IDP extension. If so, do not proceed and set error */
- rv = AcquireDPCache(NULL,
- &newcrl->crl.derName,
- NULL, 0, NULL, &cache, &writeLocked);
- if (SECSuccess == rv)
- {
- readlocked = (writeLocked == PR_TRUE? PR_FALSE : PR_TRUE);
-
+ rv = AcquireDPCache(NULL, &newcrl->crl.derName, NULL, 0, NULL, &cache,
+ &writeLocked);
+ if (SECSuccess == rv) {
+ readlocked = (writeLocked == PR_TRUE ? PR_FALSE : PR_TRUE);
+
rv = CachedCrl_Create(&returned, newcrl, CRL_OriginExplicit);
- if (SECSuccess == rv && returned)
- {
+ if (SECSuccess == rv && returned) {
DPCache_LockWrite();
rv = DPCache_AddCRL(cache, returned, &added);
- if (PR_TRUE != added)
- {
+ if (PR_TRUE != added) {
realerror = PORT_GetError();
CachedCrl_Destroy(returned);
returned = NULL;
}
DPCache_UnlockWrite();
}
-
+
ReleaseDPCache(cache, writeLocked);
-
- if (!added)
- {
+
+ if (!added) {
rv = SECFailure;
}
}
SEC_DestroyCrl(newcrl); /* free the CRL. Either it got added to the cache
and the refcount got bumped, or not, and thus we need to free its
RAM */
- if (realerror)
- {
+ if (realerror) {
PORT_SetError(realerror);
}
return rv;
}
/* remove the specified RAM CRL object from the cache */
-SECStatus CERT_UncacheCRL(CERTCertDBHandle* dbhandle, SECItem* olddercrl)
+SECStatus
+CERT_UncacheCRL(CERTCertDBHandle* dbhandle, SECItem* olddercrl)
{
CRLDPCache* cache = NULL;
SECStatus rv = SECSuccess;
@@ -2868,9 +2596,8 @@
PRBool removed = PR_FALSE;
PRUint32 i;
CERTSignedCrl* oldcrl = NULL;
-
- if (!dbhandle || !olddercrl)
- {
+
+ if (!dbhandle || !olddercrl) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -2878,39 +2605,32 @@
/* first decode the DER CRL to make sure it's OK */
oldcrl = CERT_DecodeDERCrlWithFlags(NULL, olddercrl, SEC_CRL_TYPE,
CRL_DECODE_DONT_COPY_DER |
- CRL_DECODE_SKIP_ENTRIES);
+ CRL_DECODE_SKIP_ENTRIES);
- if (!oldcrl)
- {
+ if (!oldcrl) {
/* if this DER CRL can't decode, it can't be in the cache */
return SECFailure;
}
- rv = AcquireDPCache(NULL,
- &oldcrl->crl.derName,
- NULL, 0, NULL, &cache, &writeLocked);
- if (SECSuccess == rv)
- {
+ rv = AcquireDPCache(NULL, &oldcrl->crl.derName, NULL, 0, NULL, &cache,
+ &writeLocked);
+ if (SECSuccess == rv) {
CachedCrl* returned = NULL;
- readlocked = (writeLocked == PR_TRUE? PR_FALSE : PR_TRUE);
-
+ readlocked = (writeLocked == PR_TRUE ? PR_FALSE : PR_TRUE);
+
rv = CachedCrl_Create(&returned, oldcrl, CRL_OriginExplicit);
- if (SECSuccess == rv && returned)
- {
+ if (SECSuccess == rv && returned) {
DPCache_LockWrite();
- for (i=0;i<cache->ncrls;i++)
- {
+ for (i = 0; i < cache->ncrls; i++) {
PRBool dupe = PR_FALSE, updated = PR_FALSE;
- rv = CachedCrl_Compare(returned, cache->crls[i],
- &dupe, &updated);
- if (SECSuccess != rv)
- {
+ rv = CachedCrl_Compare(returned, cache->crls[i], &dupe,
+ &updated);
+ if (SECSuccess != rv) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
break;
}
- if (PR_TRUE == dupe)
- {
+ if (PR_TRUE == dupe) {
rv = DPCache_RemoveCRL(cache, i); /* got a match */
if (SECSuccess == rv) {
cache->mustchoose = PR_TRUE;
@@ -2919,32 +2639,31 @@
break;
}
}
-
+
DPCache_UnlockWrite();
- if (SECSuccess != CachedCrl_Destroy(returned) ) {
+ if (SECSuccess != CachedCrl_Destroy(returned)) {
rv = SECFailure;
}
}
ReleaseDPCache(cache, writeLocked);
}
- if (SECSuccess != SEC_DestroyCrl(oldcrl) ) {
+ if (SECSuccess != SEC_DestroyCrl(oldcrl)) {
/* need to do this because object is refcounted */
rv = SECFailure;
}
- if (SECSuccess == rv && PR_TRUE != removed)
- {
+ if (SECSuccess == rv && PR_TRUE != removed) {
PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
}
return rv;
}
-SECStatus cert_AcquireNamedCRLCache(NamedCRLCache** returned)
+SECStatus
+cert_AcquireNamedCRLCache(NamedCRLCache** returned)
{
PORT_Assert(returned);
- if (!namedCRLCache.lock)
- {
+ if (!namedCRLCache.lock) {
PORT_Assert(0);
return SECFailure;
}
@@ -2956,28 +2675,26 @@
/* This must be called only while cache is acquired, and the entry is only
* valid until cache is released.
*/
-SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc,
- const SECItem* canonicalizedName,
- NamedCRLCacheEntry** retEntry)
+SECStatus
+cert_FindCRLByGeneralName(NamedCRLCache* ncc, const SECItem* canonicalizedName,
+ NamedCRLCacheEntry** retEntry)
{
- if (!ncc || !canonicalizedName || !retEntry)
- {
+ if (!ncc || !canonicalizedName || !retEntry) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- *retEntry = (NamedCRLCacheEntry*) PL_HashTableLookup(namedCRLCache.entries,
- (void*) canonicalizedName);
+ *retEntry = (NamedCRLCacheEntry*)PL_HashTableLookup(
+ namedCRLCache.entries, (void*)canonicalizedName);
return SECSuccess;
}
-SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc)
+SECStatus
+cert_ReleaseNamedCRLCache(NamedCRLCache* ncc)
{
- if (!ncc)
- {
+ if (!ncc) {
return SECFailure;
}
- if (!ncc->lock)
- {
+ if (!ncc->lock) {
PORT_Assert(0);
return SECFailure;
}
@@ -2986,16 +2703,15 @@
}
/* creates new named cache entry from CRL, and tries to add it to CRL cache */
-static SECStatus addCRLToCache(CERTCertDBHandle* dbhandle, SECItem* crl,
- const SECItem* canonicalizedName,
- NamedCRLCacheEntry** newEntry)
+static SECStatus
+addCRLToCache(CERTCertDBHandle* dbhandle, SECItem* crl,
+ const SECItem* canonicalizedName, NamedCRLCacheEntry** newEntry)
{
SECStatus rv = SECSuccess;
NamedCRLCacheEntry* entry = NULL;
/* create new named entry */
- if (SECSuccess != NamedCRLCacheEntry_Create(newEntry) || !*newEntry)
- {
+ if (SECSuccess != NamedCRLCacheEntry_Create(newEntry) || !*newEntry) {
/* no need to keep unused CRL around */
SECITEM_ZfreeItem(crl, PR_TRUE);
return SECFailure;
@@ -3004,22 +2720,17 @@
entry->crl = crl; /* named CRL cache owns DER */
entry->lastAttemptTime = PR_Now();
entry->canonicalizedName = SECITEM_DupItem(canonicalizedName);
- if (!entry->canonicalizedName)
- {
+ if (!entry->canonicalizedName) {
rv = NamedCRLCacheEntry_Destroy(entry); /* destroys CRL too */
PORT_Assert(SECSuccess == rv);
return SECFailure;
}
/* now, attempt to insert CRL into CRL cache */
- if (SECSuccess == CERT_CacheCRL(dbhandle, entry->crl))
- {
+ if (SECSuccess == CERT_CacheCRL(dbhandle, entry->crl)) {
entry->inCRLCache = PR_TRUE;
entry->successfulInsertionTime = entry->lastAttemptTime;
- }
- else
- {
- switch (PR_GetError())
- {
+ } else {
+ switch (PR_GetError()) {
case SEC_ERROR_CRL_ALREADY_EXISTS:
entry->dupe = PR_TRUE;
break;
@@ -3044,18 +2755,18 @@
/* take ownership of CRL, and insert it into the named CRL cache
* and indexed CRL cache
*/
-SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
- const SECItem* canonicalizedName)
+SECStatus
+cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
+ const SECItem* canonicalizedName)
{
- NamedCRLCacheEntry* oldEntry, * newEntry = NULL;
+ NamedCRLCacheEntry *oldEntry, *newEntry = NULL;
NamedCRLCache* ncc = NULL;
SECStatus rv = SECSuccess;
PORT_Assert(namedCRLCache.lock);
PORT_Assert(namedCRLCache.entries);
- if (!crl || !canonicalizedName)
- {
+ if (!crl || !canonicalizedName) {
PORT_Assert(0);
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -3063,106 +2774,84 @@
rv = cert_AcquireNamedCRLCache(&ncc);
PORT_Assert(SECSuccess == rv);
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
SECITEM_ZfreeItem(crl, PR_TRUE);
return SECFailure;
}
rv = cert_FindCRLByGeneralName(ncc, canonicalizedName, &oldEntry);
PORT_Assert(SECSuccess == rv);
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
rv = cert_ReleaseNamedCRLCache(ncc);
SECITEM_ZfreeItem(crl, PR_TRUE);
return SECFailure;
}
- if (SECSuccess == addCRLToCache(dbhandle, crl, canonicalizedName,
- &newEntry) )
- {
- if (!oldEntry)
- {
+ if (SECSuccess ==
+ addCRLToCache(dbhandle, crl, canonicalizedName, &newEntry)) {
+ if (!oldEntry) {
/* add new good entry to the hash table */
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
- (void*) newEntry->canonicalizedName,
- (void*) newEntry))
- {
+ (void*)newEntry->canonicalizedName,
+ (void*)newEntry)) {
PORT_Assert(0);
NamedCRLCacheEntry_Destroy(newEntry);
rv = SECFailure;
}
- }
- else
- {
+ } else {
PRBool removed;
/* remove the old CRL from the cache if needed */
- if (oldEntry->inCRLCache)
- {
+ if (oldEntry->inCRLCache) {
rv = CERT_UncacheCRL(dbhandle, oldEntry->crl);
PORT_Assert(SECSuccess == rv);
}
removed = PL_HashTableRemove(namedCRLCache.entries,
- (void*) oldEntry->canonicalizedName);
+ (void*)oldEntry->canonicalizedName);
PORT_Assert(removed);
- if (!removed)
- {
+ if (!removed) {
rv = SECFailure;
- /* leak old entry since we couldn't remove it from the hash table */
- }
- else
- {
+ /* leak old entry since we couldn't remove it from the hash
+ * table */
+ } else {
PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
}
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
- (void*) newEntry->canonicalizedName,
- (void*) newEntry))
- {
+ (void*)newEntry->canonicalizedName,
+ (void*)newEntry)) {
PORT_Assert(0);
rv = SECFailure;
}
}
- } else
- {
+ } else {
/* error adding new CRL to cache */
- if (!oldEntry)
- {
+ if (!oldEntry) {
/* no old cache entry, use the new one even though it's bad */
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
- (void*) newEntry->canonicalizedName,
- (void*) newEntry))
- {
+ (void*)newEntry->canonicalizedName,
+ (void*)newEntry)) {
PORT_Assert(0);
rv = SECFailure;
}
- }
- else
- {
- if (oldEntry->inCRLCache)
- {
+ } else {
+ if (oldEntry->inCRLCache) {
/* previous cache entry was good, keep it and update time */
- oldEntry-> lastAttemptTime = newEntry->lastAttemptTime;
+ oldEntry->lastAttemptTime = newEntry->lastAttemptTime;
/* throw away new bad entry */
rv = NamedCRLCacheEntry_Destroy(newEntry);
PORT_Assert(SECSuccess == rv);
- }
- else
- {
+ } else {
/* previous cache entry was bad, just replace it */
- PRBool removed = PL_HashTableRemove(namedCRLCache.entries,
- (void*) oldEntry->canonicalizedName);
+ PRBool removed = PL_HashTableRemove(
+ namedCRLCache.entries, (void*)oldEntry->canonicalizedName);
PORT_Assert(removed);
- if (!removed)
- {
- /* leak old entry since we couldn't remove it from the hash table */
+ if (!removed) {
+ /* leak old entry since we couldn't remove it from the hash
+ * table */
rv = SECFailure;
- }
- else
- {
+ } else {
PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
}
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
- (void*) newEntry->canonicalizedName,
- (void*) newEntry))
- {
+ (void*)newEntry->canonicalizedName,
+ (void*)newEntry)) {
PORT_Assert(0);
rv = SECFailure;
}
@@ -3174,18 +2863,16 @@
return rv;
}
-static SECStatus CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl,
- CRLOrigin origin)
+static SECStatus
+CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl, CRLOrigin origin)
{
CachedCrl* newcrl = NULL;
- if (!returned)
- {
+ if (!returned) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
newcrl = PORT_ZAlloc(sizeof(CachedCrl));
- if (!newcrl)
- {
+ if (!newcrl) {
return SECFailure;
}
newcrl->crl = SEC_DupCrl(crl);
@@ -3195,33 +2882,31 @@
}
/* empty the cache content */
-static SECStatus CachedCrl_Depopulate(CachedCrl* crl)
+static SECStatus
+CachedCrl_Depopulate(CachedCrl* crl)
{
- if (!crl)
- {
+ if (!crl) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
- /* destroy the hash table */
- if (crl->entries)
- {
+ /* destroy the hash table */
+ if (crl->entries) {
PL_HashTableDestroy(crl->entries);
crl->entries = NULL;
}
/* free the pre buffer */
- if (crl->prebuffer)
- {
+ if (crl->prebuffer) {
PreAllocator_Destroy(crl->prebuffer);
crl->prebuffer = NULL;
}
return SECSuccess;
}
-static SECStatus CachedCrl_Destroy(CachedCrl* crl)
+static SECStatus
+CachedCrl_Destroy(CachedCrl* crl)
{
- if (!crl)
- {
+ if (!crl) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
@@ -3232,56 +2917,52 @@
}
/* create hash table of CRL entries */
-static SECStatus CachedCrl_Populate(CachedCrl* crlobject)
+static SECStatus
+CachedCrl_Populate(CachedCrl* crlobject)
{
SECStatus rv = SECFailure;
CERTCrlEntry** crlEntry = NULL;
PRUint32 numEntries = 0;
- if (!crlobject)
- {
+ if (!crlobject) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* complete the entry decoding . XXX thread-safety of CRL object */
rv = CERT_CompleteCRLDecodeEntries(crlobject->crl);
- if (SECSuccess != rv)
- {
+ if (SECSuccess != rv) {
crlobject->unbuildable = PR_TRUE; /* don't try to build this again */
return SECFailure;
}
- if (crlobject->entries && crlobject->prebuffer)
- {
+ if (crlobject->entries && crlobject->prebuffer) {
/* cache is already built */
return SECSuccess;
}
- /* build the hash table from the full CRL */
+ /* build the hash table from the full CRL */
/* count CRL entries so we can pre-allocate space for hash table entries */
for (crlEntry = crlobject->crl->crl.entries; crlEntry && *crlEntry;
- crlEntry++)
- {
+ crlEntry++) {
numEntries++;
}
- crlobject->prebuffer = PreAllocator_Create(numEntries*sizeof(PLHashEntry));
+ crlobject->prebuffer =
+ PreAllocator_Create(numEntries * sizeof(PLHashEntry));
PORT_Assert(crlobject->prebuffer);
- if (!crlobject->prebuffer)
- {
+ if (!crlobject->prebuffer) {
return SECFailure;
}
/* create a new hash table */
- crlobject->entries = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
- PL_CompareValues, &preAllocOps, crlobject->prebuffer);
+ crlobject->entries =
+ PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, PL_CompareValues,
+ &preAllocOps, crlobject->prebuffer);
PORT_Assert(crlobject->entries);
- if (!crlobject->entries)
- {
+ if (!crlobject->entries) {
return SECFailure;
}
/* add all serial numbers to the hash table */
for (crlEntry = crlobject->crl->crl.entries; crlEntry && *crlEntry;
- crlEntry++)
- {
+ crlEntry++) {
PL_HashTableAdd(crlobject->entries, &(*crlEntry)->serialNumber,
*crlEntry);
}
@@ -3290,14 +2971,13 @@
}
/* returns true if there are CRLs from PKCS#11 slots */
-static PRBool DPCache_HasTokenCRLs(CRLDPCache* cache)
+static PRBool
+DPCache_HasTokenCRLs(CRLDPCache* cache)
{
PRBool answer = PR_FALSE;
PRUint32 i;
- for (i=0;i<cache->ncrls;i++)
- {
- if (cache->crls[i] && (CRL_OriginToken == cache->crls[i]->origin) )
- {
+ for (i = 0; i < cache->ncrls; i++) {
+ if (cache->crls[i] && (CRL_OriginToken == cache->crls[i]->origin)) {
answer = PR_TRUE;
break;
}
@@ -3310,63 +2990,53 @@
This can happen if the DER CRL got updated in the token, but the PKCS#11
object ID did not change. NSS softoken has the unfortunate property to
never change the object ID for CRL objects. */
-static SECStatus CachedCrl_Compare(CachedCrl* a, CachedCrl* b, PRBool* isDupe,
- PRBool* isUpdated)
+static SECStatus
+CachedCrl_Compare(CachedCrl* a, CachedCrl* b, PRBool* isDupe, PRBool* isUpdated)
{
PORT_Assert(a);
PORT_Assert(b);
PORT_Assert(isDupe);
PORT_Assert(isUpdated);
- if (!a || !b || !isDupe || !isUpdated || !a->crl || !b->crl)
- {
+ if (!a || !b || !isDupe || !isUpdated || !a->crl || !b->crl) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
*isDupe = *isUpdated = PR_FALSE;
- if (a == b)
- {
+ if (a == b) {
/* dupe */
*isDupe = PR_TRUE;
*isUpdated = PR_FALSE;
return SECSuccess;
}
- if (b->origin != a->origin)
- {
+ if (b->origin != a->origin) {
/* CRLs of different origins are not considered dupes,
and can't be updated either */
return SECSuccess;
}
- if (CRL_OriginToken == b->origin)
- {
+ if (CRL_OriginToken == b->origin) {
/* for token CRLs, slot and PKCS#11 object handle must match for CRL
to truly be a dupe */
- if ( (b->crl->slot == a->crl->slot) &&
- (b->crl->pkcs11ID == a->crl->pkcs11ID) )
- {
+ if ((b->crl->slot == a->crl->slot) &&
+ (b->crl->pkcs11ID == a->crl->pkcs11ID)) {
/* ASN.1 DER needs to match for dupe check */
/* could optimize by just checking a few fields like thisUpdate */
- if ( SECEqual == SECITEM_CompareItem(b->crl->derCrl,
- a->crl->derCrl) )
- {
+ if (SECEqual ==
+ SECITEM_CompareItem(b->crl->derCrl, a->crl->derCrl)) {
*isDupe = PR_TRUE;
- }
- else
- {
+ } else {
*isUpdated = PR_TRUE;
}
}
return SECSuccess;
}
- if (CRL_OriginExplicit == b->origin)
- {
+ if (CRL_OriginExplicit == b->origin) {
/* We need to make sure this is the same object that the user provided
to CERT_CacheCRL previously. That API takes a SECItem*, thus, we
just do a pointer comparison here.
*/
- if (b->crl->derCrl == a->crl->derCrl)
- {
+ if (b->crl->derCrl == a->crl->derCrl) {
*isDupe = PR_TRUE;
}
}
diff --git a/nss/lib/certdb/genname.c b/nss/lib/certdb/genname.c
index 6529a6a..fe48df8 100644
--- a/nss/lib/certdb/genname.c
+++ b/nss/lib/certdb/genname.c
@@ -26,13 +26,11 @@
static const SEC_ASN1Template CERTNameConstraintTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraint) },
{ SEC_ASN1_ANY, offsetof(CERTNameConstraint, DERName) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(CERTNameConstraint, min),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
- offsetof(CERTNameConstraint, max),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
- { 0, }
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ offsetof(CERTNameConstraint, min), SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+ offsetof(CERTNameConstraint, max), SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ { 0 }
};
const SEC_ASN1Template CERT_NameConstraintSubtreeSubTemplate[] = {
@@ -41,119 +39,108 @@
static const SEC_ASN1Template CERTNameConstraintsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraints) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTNameConstraints, DERPermited),
- CERT_NameConstraintSubtreeSubTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CERTNameConstraints, DERExcluded),
- CERT_NameConstraintSubtreeSubTemplate},
- { 0, }
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(CERTNameConstraints, DERPermited),
+ CERT_NameConstraintSubtreeSubTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(CERTNameConstraints, DERExcluded),
+ CERT_NameConstraintSubtreeSubTemplate },
+ { 0 }
};
-
static const SEC_ASN1Template CERTOthNameTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(OtherName) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(OtherName, oid) },
+ { SEC_ASN1_OBJECT_ID, offsetof(OtherName, oid) },
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
- SEC_ASN1_XTRN | 0, offsetof(OtherName, name),
- SEC_ASN1_SUB(SEC_AnyTemplate) },
- { 0, }
+ SEC_ASN1_XTRN | 0,
+ offsetof(OtherName, name), SEC_ASN1_SUB(SEC_AnyTemplate) },
+ { 0 }
};
static const SEC_ASN1Template CERTOtherNameTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0 ,
- offsetof(CERTGeneralName, name.OthName), CERTOthNameTemplate,
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
+ offsetof(CERTGeneralName, name.OthName), CERTOthNameTemplate,
sizeof(CERTGeneralName) }
};
static const SEC_ASN1Template CERT_RFC822NameTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 ,
- offsetof(CERTGeneralName, name.other),
- SEC_ASN1_SUB(SEC_IA5StringTemplate),
- sizeof (CERTGeneralName)}
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+ offsetof(CERTGeneralName, name.other),
+ SEC_ASN1_SUB(SEC_IA5StringTemplate), sizeof(CERTGeneralName) }
};
static const SEC_ASN1Template CERT_DNSNameTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2 ,
- offsetof(CERTGeneralName, name.other),
- SEC_ASN1_SUB(SEC_IA5StringTemplate),
- sizeof (CERTGeneralName)}
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+ offsetof(CERTGeneralName, name.other),
+ SEC_ASN1_SUB(SEC_IA5StringTemplate), sizeof(CERTGeneralName) }
};
static const SEC_ASN1Template CERT_X400AddressTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_XTRN | 3,
- offsetof(CERTGeneralName, name.other), SEC_ASN1_SUB(SEC_AnyTemplate),
- sizeof (CERTGeneralName)}
+ offsetof(CERTGeneralName, name.other), SEC_ASN1_SUB(SEC_AnyTemplate),
+ sizeof(CERTGeneralName) }
};
static const SEC_ASN1Template CERT_DirectoryNameTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
- SEC_ASN1_XTRN | 4, offsetof(CERTGeneralName, derDirectoryName),
- SEC_ASN1_SUB(SEC_AnyTemplate), sizeof (CERTGeneralName)}
+ SEC_ASN1_XTRN | 4,
+ offsetof(CERTGeneralName, derDirectoryName),
+ SEC_ASN1_SUB(SEC_AnyTemplate), sizeof(CERTGeneralName) }
};
-
static const SEC_ASN1Template CERT_EDIPartyNameTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_XTRN | 5,
- offsetof(CERTGeneralName, name.other), SEC_ASN1_SUB(SEC_AnyTemplate),
- sizeof (CERTGeneralName)}
+ offsetof(CERTGeneralName, name.other), SEC_ASN1_SUB(SEC_AnyTemplate),
+ sizeof(CERTGeneralName) }
};
static const SEC_ASN1Template CERT_URITemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 6 ,
- offsetof(CERTGeneralName, name.other),
- SEC_ASN1_SUB(SEC_IA5StringTemplate),
- sizeof (CERTGeneralName)}
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 6,
+ offsetof(CERTGeneralName, name.other),
+ SEC_ASN1_SUB(SEC_IA5StringTemplate), sizeof(CERTGeneralName) }
};
static const SEC_ASN1Template CERT_IPAddressTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 7 ,
- offsetof(CERTGeneralName, name.other),
- SEC_ASN1_SUB(SEC_OctetStringTemplate),
- sizeof (CERTGeneralName)}
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 7,
+ offsetof(CERTGeneralName, name.other),
+ SEC_ASN1_SUB(SEC_OctetStringTemplate), sizeof(CERTGeneralName) }
};
static const SEC_ASN1Template CERT_RegisteredIDTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 8 ,
- offsetof(CERTGeneralName, name.other),
- SEC_ASN1_SUB(SEC_ObjectIDTemplate),
- sizeof (CERTGeneralName)}
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 8,
+ offsetof(CERTGeneralName, name.other), SEC_ASN1_SUB(SEC_ObjectIDTemplate),
+ sizeof(CERTGeneralName) }
};
-
const SEC_ASN1Template CERT_GeneralNamesTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN , 0, SEC_ASN1_SUB(SEC_AnyTemplate) }
+ { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(SEC_AnyTemplate) }
};
-
static struct {
CERTGeneralNameType type;
char *name;
-} typesArray[] = {
- { certOtherName, "other" },
- { certRFC822Name, "email" },
- { certRFC822Name, "rfc822" },
- { certDNSName, "dns" },
- { certX400Address, "x400" },
- { certX400Address, "x400addr" },
- { certDirectoryName, "directory" },
- { certDirectoryName, "dn" },
- { certEDIPartyName, "edi" },
- { certEDIPartyName, "ediparty" },
- { certURI, "uri" },
- { certIPAddress, "ip" },
- { certIPAddress, "ipaddr" },
- { certRegisterID, "registerid" }
-};
+} typesArray[] = { { certOtherName, "other" },
+ { certRFC822Name, "email" },
+ { certRFC822Name, "rfc822" },
+ { certDNSName, "dns" },
+ { certX400Address, "x400" },
+ { certX400Address, "x400addr" },
+ { certDirectoryName, "directory" },
+ { certDirectoryName, "dn" },
+ { certEDIPartyName, "edi" },
+ { certEDIPartyName, "ediparty" },
+ { certURI, "uri" },
+ { certIPAddress, "ip" },
+ { certIPAddress, "ipaddr" },
+ { certRegisterID, "registerid" } };
CERTGeneralNameType
CERT_GetGeneralNameTypeFromString(const char *string)
{
- int types_count = sizeof(typesArray)/sizeof(typesArray[0]);
+ int types_count = sizeof(typesArray) / sizeof(typesArray[0]);
int i;
- for (i=0; i < types_count; i++) {
+ for (i = 0; i < types_count; i++) {
if (PORT_Strcasecmp(string, typesArray[i].name) == 0) {
return typesArray[i].type;
}
@@ -164,12 +151,11 @@
CERTGeneralName *
CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type)
{
- CERTGeneralName *name = arena
- ? PORT_ArenaZNew(arena, CERTGeneralName)
- : PORT_ZNew(CERTGeneralName);
+ CERTGeneralName *name = arena ? PORT_ArenaZNew(arena, CERTGeneralName)
+ : PORT_ZNew(CERTGeneralName);
if (name) {
- name->type = type;
- name->l.prev = name->l.next = &name->l;
+ name->type = type;
+ name->l.prev = name->l.next = &name->l;
}
return name;
}
@@ -179,9 +165,8 @@
** This function does not change the destinate's GeneralName's list linkage.
*/
SECStatus
-cert_CopyOneGeneralName(PLArenaPool *arena,
- CERTGeneralName *dest,
- CERTGeneralName *src)
+cert_CopyOneGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
+ CERTGeneralName *src)
{
SECStatus rv;
void *mark = NULL;
@@ -192,27 +177,25 @@
mark = PORT_ArenaMark(arena);
switch (src->type) {
- case certDirectoryName:
- rv = SECITEM_CopyItem(arena, &dest->derDirectoryName,
- &src->derDirectoryName);
- if (rv == SECSuccess)
- rv = CERT_CopyName(arena, &dest->name.directoryName,
- &src->name.directoryName);
- break;
+ case certDirectoryName:
+ rv = SECITEM_CopyItem(arena, &dest->derDirectoryName,
+ &src->derDirectoryName);
+ if (rv == SECSuccess)
+ rv = CERT_CopyName(arena, &dest->name.directoryName,
+ &src->name.directoryName);
+ break;
- case certOtherName:
- rv = SECITEM_CopyItem(arena, &dest->name.OthName.name,
- &src->name.OthName.name);
- if (rv == SECSuccess)
- rv = SECITEM_CopyItem(arena, &dest->name.OthName.oid,
- &src->name.OthName.oid);
- break;
+ case certOtherName:
+ rv = SECITEM_CopyItem(arena, &dest->name.OthName.name,
+ &src->name.OthName.name);
+ if (rv == SECSuccess)
+ rv = SECITEM_CopyItem(arena, &dest->name.OthName.oid,
+ &src->name.OthName.oid);
+ break;
- default:
- rv = SECITEM_CopyItem(arena, &dest->name.other,
- &src->name.other);
- break;
-
+ default:
+ rv = SECITEM_CopyItem(arena, &dest->name.other, &src->name.other);
+ break;
}
if (rv != SECSuccess) {
PORT_ArenaRelease(arena, mark);
@@ -222,50 +205,50 @@
return rv;
}
-
void
CERT_DestroyGeneralNameList(CERTGeneralNameList *list)
{
PZLock *lock;
if (list != NULL) {
- lock = list->lock;
- PZ_Lock(lock);
- if (--list->refCount <= 0 && list->arena != NULL) {
- PORT_FreeArena(list->arena, PR_FALSE);
- PZ_Unlock(lock);
- PZ_DestroyLock(lock);
- } else {
- PZ_Unlock(lock);
- }
+ lock = list->lock;
+ PZ_Lock(lock);
+ if (--list->refCount <= 0 && list->arena != NULL) {
+ PORT_FreeArena(list->arena, PR_FALSE);
+ PZ_Unlock(lock);
+ PZ_DestroyLock(lock);
+ } else {
+ PZ_Unlock(lock);
+ }
}
return;
}
CERTGeneralNameList *
-CERT_CreateGeneralNameList(CERTGeneralName *name) {
+CERT_CreateGeneralNameList(CERTGeneralName *name)
+{
PLArenaPool *arena;
CERTGeneralNameList *list = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- goto done;
+ goto done;
}
list = PORT_ArenaZNew(arena, CERTGeneralNameList);
if (!list)
- goto loser;
+ goto loser;
if (name != NULL) {
- SECStatus rv;
- list->name = CERT_NewGeneralName(arena, (CERTGeneralNameType)0);
- if (!list->name)
- goto loser;
- rv = CERT_CopyGeneralName(arena, list->name, name);
- if (rv != SECSuccess)
- goto loser;
+ SECStatus rv;
+ list->name = CERT_NewGeneralName(arena, (CERTGeneralNameType)0);
+ if (!list->name)
+ goto loser;
+ rv = CERT_CopyGeneralName(arena, list->name, name);
+ if (rv != SECSuccess)
+ goto loser;
}
list->lock = PZ_NewLock(nssILockList);
if (!list->lock)
- goto loser;
+ goto loser;
list->arena = arena;
list->refCount = 1;
done:
@@ -280,9 +263,9 @@
CERT_GetNextGeneralName(CERTGeneralName *current)
{
PRCList *next;
-
+
next = current->l.next;
- return (CERTGeneralName *) (((char *) next) - offsetof(CERTGeneralName, l));
+ return (CERTGeneralName *)(((char *)next) - offsetof(CERTGeneralName, l));
}
CERTGeneralName *
@@ -290,16 +273,17 @@
{
PRCList *prev;
prev = current->l.prev;
- return (CERTGeneralName *) (((char *) prev) - offsetof(CERTGeneralName, l));
+ return (CERTGeneralName *)(((char *)prev) - offsetof(CERTGeneralName, l));
}
CERTNameConstraint *
CERT_GetNextNameConstraint(CERTNameConstraint *current)
{
PRCList *next;
-
+
next = current->l.next;
- return (CERTNameConstraint *) (((char *) next) - offsetof(CERTNameConstraint, l));
+ return (CERTNameConstraint *)(((char *)next) -
+ offsetof(CERTNameConstraint, l));
}
CERTNameConstraint *
@@ -307,58 +291,78 @@
{
PRCList *prev;
prev = current->l.prev;
- return (CERTNameConstraint *) (((char *) prev) - offsetof(CERTNameConstraint, l));
+ return (CERTNameConstraint *)(((char *)prev) -
+ offsetof(CERTNameConstraint, l));
}
SECItem *
-CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest, PLArenaPool *arena)
+CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
+ PLArenaPool *arena)
{
- const SEC_ASN1Template * template;
+ const SEC_ASN1Template *template;
PORT_Assert(arena);
if (arena == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
/* TODO: mark arena */
if (dest == NULL) {
- dest = PORT_ArenaZNew(arena, SECItem);
- if (!dest)
- goto loser;
+ dest = PORT_ArenaZNew(arena, SECItem);
+ if (!dest)
+ goto loser;
}
if (genName->type == certDirectoryName) {
- if (genName->derDirectoryName.data == NULL) {
- /* The field hasn't been encoded yet. */
- SECItem * pre_dest =
- SEC_ASN1EncodeItem (arena, &(genName->derDirectoryName),
- &(genName->name.directoryName),
- CERT_NameTemplate);
+ if (genName->derDirectoryName.data == NULL) {
+ /* The field hasn't been encoded yet. */
+ SECItem *pre_dest = SEC_ASN1EncodeItem(
+ arena, &(genName->derDirectoryName),
+ &(genName->name.directoryName), CERT_NameTemplate);
if (!pre_dest)
goto loser;
- }
- if (genName->derDirectoryName.data == NULL) {
- goto loser;
- }
+ }
+ if (genName->derDirectoryName.data == NULL) {
+ goto loser;
+ }
}
switch (genName->type) {
- case certURI: template = CERT_URITemplate; break;
- case certRFC822Name: template = CERT_RFC822NameTemplate; break;
- case certDNSName: template = CERT_DNSNameTemplate; break;
- case certIPAddress: template = CERT_IPAddressTemplate; break;
- case certOtherName: template = CERTOtherNameTemplate; break;
- case certRegisterID: template = CERT_RegisteredIDTemplate; break;
- /* for this type, we expect the value is already encoded */
- case certEDIPartyName: template = CERT_EDIPartyNameTemplate; break;
- /* for this type, we expect the value is already encoded */
- case certX400Address: template = CERT_X400AddressTemplate; break;
- case certDirectoryName: template = CERT_DirectoryNameTemplate; break;
- default:
- PORT_Assert(0); goto loser;
+ case certURI:
+ template = CERT_URITemplate;
+ break;
+ case certRFC822Name:
+ template = CERT_RFC822NameTemplate;
+ break;
+ case certDNSName:
+ template = CERT_DNSNameTemplate;
+ break;
+ case certIPAddress:
+ template = CERT_IPAddressTemplate;
+ break;
+ case certOtherName:
+ template = CERTOtherNameTemplate;
+ break;
+ case certRegisterID:
+ template = CERT_RegisteredIDTemplate;
+ break;
+ /* for this type, we expect the value is already encoded */
+ case certEDIPartyName:
+ template = CERT_EDIPartyNameTemplate;
+ break;
+ /* for this type, we expect the value is already encoded */
+ case certX400Address:
+ template = CERT_X400AddressTemplate;
+ break;
+ case certDirectoryName:
+ template = CERT_DirectoryNameTemplate;
+ break;
+ default:
+ PORT_Assert(0);
+ goto loser;
}
dest = SEC_ASN1EncodeItem(arena, dest, genName, template);
if (!dest) {
- goto loser;
+ goto loser;
}
/* TODO: unmark arena */
return dest;
@@ -370,34 +374,34 @@
SECItem **
cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names)
{
- CERTGeneralName *current_name;
- SECItem **items = NULL;
- int count = 0;
- int i;
- PRCList *head;
+ CERTGeneralName *current_name;
+ SECItem **items = NULL;
+ int count = 0;
+ int i;
+ PRCList *head;
PORT_Assert(arena);
/* TODO: mark arena */
current_name = names;
if (names != NULL) {
- count = 1;
+ count = 1;
}
head = &(names->l);
while (current_name->l.next != head) {
- current_name = CERT_GetNextGeneralName(current_name);
- ++count;
+ current_name = CERT_GetNextGeneralName(current_name);
+ ++count;
}
current_name = CERT_GetNextGeneralName(current_name);
items = PORT_ArenaNewArray(arena, SECItem *, count + 1);
if (items == NULL) {
- goto loser;
+ goto loser;
}
for (i = 0; i < count; i++) {
- items[i] = CERT_EncodeGeneralName(current_name, (SECItem *)NULL, arena);
- if (items[i] == NULL) {
- goto loser;
- }
- current_name = CERT_GetNextGeneralName(current_name);
+ items[i] = CERT_EncodeGeneralName(current_name, (SECItem *)NULL, arena);
+ if (items[i] == NULL) {
+ goto loser;
+ }
+ current_name = CERT_GetNextGeneralName(current_name);
}
items[i] = NULL;
/* TODO: unmark arena */
@@ -408,14 +412,13 @@
}
CERTGeneralName *
-CERT_DecodeGeneralName(PLArenaPool *reqArena,
- SECItem *encodedName,
- CERTGeneralName *genName)
+CERT_DecodeGeneralName(PLArenaPool *reqArena, SECItem *encodedName,
+ CERTGeneralName *genName)
{
- const SEC_ASN1Template * template;
- CERTGeneralNameType genNameType;
- SECStatus rv = SECSuccess;
- SECItem* newEncodedName;
+ const SEC_ASN1Template *template;
+ CERTGeneralNameType genNameType;
+ SECStatus rv = SECSuccess;
+ SECItem *newEncodedName;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -430,36 +433,54 @@
/* TODO: mark arena */
genNameType = (CERTGeneralNameType)((*(newEncodedName->data) & 0x0f) + 1);
if (genName == NULL) {
- genName = CERT_NewGeneralName(reqArena, genNameType);
- if (!genName)
- goto loser;
+ genName = CERT_NewGeneralName(reqArena, genNameType);
+ if (!genName)
+ goto loser;
} else {
- genName->type = genNameType;
- genName->l.prev = genName->l.next = &genName->l;
+ genName->type = genNameType;
+ genName->l.prev = genName->l.next = &genName->l;
}
switch (genNameType) {
- case certURI: template = CERT_URITemplate; break;
- case certRFC822Name: template = CERT_RFC822NameTemplate; break;
- case certDNSName: template = CERT_DNSNameTemplate; break;
- case certIPAddress: template = CERT_IPAddressTemplate; break;
- case certOtherName: template = CERTOtherNameTemplate; break;
- case certRegisterID: template = CERT_RegisteredIDTemplate; break;
- case certEDIPartyName: template = CERT_EDIPartyNameTemplate; break;
- case certX400Address: template = CERT_X400AddressTemplate; break;
- case certDirectoryName: template = CERT_DirectoryNameTemplate; break;
- default:
- goto loser;
+ case certURI:
+ template = CERT_URITemplate;
+ break;
+ case certRFC822Name:
+ template = CERT_RFC822NameTemplate;
+ break;
+ case certDNSName:
+ template = CERT_DNSNameTemplate;
+ break;
+ case certIPAddress:
+ template = CERT_IPAddressTemplate;
+ break;
+ case certOtherName:
+ template = CERTOtherNameTemplate;
+ break;
+ case certRegisterID:
+ template = CERT_RegisteredIDTemplate;
+ break;
+ case certEDIPartyName:
+ template = CERT_EDIPartyNameTemplate;
+ break;
+ case certX400Address:
+ template = CERT_X400AddressTemplate;
+ break;
+ case certDirectoryName:
+ template = CERT_DirectoryNameTemplate;
+ break;
+ default:
+ goto loser;
}
rv = SEC_QuickDERDecodeItem(reqArena, genName, template, newEncodedName);
- if (rv != SECSuccess)
- goto loser;
+ if (rv != SECSuccess)
+ goto loser;
if (genNameType == certDirectoryName) {
- rv = SEC_QuickDERDecodeItem(reqArena, &(genName->name.directoryName),
- CERT_NameTemplate,
- &(genName->derDirectoryName));
+ rv = SEC_QuickDERDecodeItem(reqArena, &(genName->name.directoryName),
+ CERT_NameTemplate,
+ &(genName->derDirectoryName));
if (rv != SECSuccess)
- goto loser;
+ goto loser;
}
/* TODO: unmark arena */
@@ -470,35 +491,34 @@
}
CERTGeneralName *
-cert_DecodeGeneralNames (PLArenaPool *arena,
- SECItem **encodedGenName)
+cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName)
{
- PRCList *head = NULL;
- PRCList *tail = NULL;
- CERTGeneralName *currentName = NULL;
+ PRCList *head = NULL;
+ PRCList *tail = NULL;
+ CERTGeneralName *currentName = NULL;
PORT_Assert(arena);
if (!encodedGenName || !arena) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
/* TODO: mark arena */
while (*encodedGenName != NULL) {
- currentName = CERT_DecodeGeneralName(arena, *encodedGenName, NULL);
- if (currentName == NULL)
- break;
- if (head == NULL) {
- head = &(currentName->l);
- tail = head;
- }
- currentName->l.next = head;
- currentName->l.prev = tail;
- tail = head->prev = tail->next = &(currentName->l);
- encodedGenName++;
+ currentName = CERT_DecodeGeneralName(arena, *encodedGenName, NULL);
+ if (currentName == NULL)
+ break;
+ if (head == NULL) {
+ head = &(currentName->l);
+ tail = head;
+ }
+ currentName->l.next = head;
+ currentName->l.prev = tail;
+ tail = head->prev = tail->next = &(currentName->l);
+ encodedGenName++;
}
if (currentName) {
- /* TODO: unmark arena */
- return CERT_GetNextGeneralName(currentName);
+ /* TODO: unmark arena */
+ return CERT_GetNextGeneralName(currentName);
}
/* TODO: release arena to mark */
return NULL;
@@ -513,76 +533,73 @@
SECStatus
cert_DestroyGeneralNames(CERTGeneralName *name)
{
- CERTGeneralName *first;
- CERTGeneralName *next = NULL;
-
+ CERTGeneralName *first;
+ CERTGeneralName *next = NULL;
first = name;
do {
- next = CERT_GetNextGeneralName(name);
- PORT_Free(name);
- name = next;
+ next = CERT_GetNextGeneralName(name);
+ PORT_Free(name);
+ name = next;
} while (name != first);
return SECSuccess;
}
static SECItem *
-cert_EncodeNameConstraint(CERTNameConstraint *constraint,
- SECItem *dest,
- PLArenaPool *arena)
+cert_EncodeNameConstraint(CERTNameConstraint *constraint, SECItem *dest,
+ PLArenaPool *arena)
{
PORT_Assert(arena);
if (dest == NULL) {
- dest = PORT_ArenaZNew(arena, SECItem);
- if (dest == NULL) {
- return NULL;
- }
+ dest = PORT_ArenaZNew(arena, SECItem);
+ if (dest == NULL) {
+ return NULL;
+ }
}
CERT_EncodeGeneralName(&(constraint->name), &(constraint->DERName), arena);
-
- dest = SEC_ASN1EncodeItem (arena, dest, constraint,
- CERTNameConstraintTemplate);
- return dest;
-}
-SECStatus
-cert_EncodeNameConstraintSubTree(CERTNameConstraint *constraints,
- PLArenaPool *arena,
- SECItem ***dest,
- PRBool permited)
+ dest =
+ SEC_ASN1EncodeItem(arena, dest, constraint, CERTNameConstraintTemplate);
+ return dest;
+}
+
+SECStatus
+cert_EncodeNameConstraintSubTree(CERTNameConstraint *constraints,
+ PLArenaPool *arena, SECItem ***dest,
+ PRBool permited)
{
- CERTNameConstraint *current_constraint = constraints;
- SECItem **items = NULL;
- int count = 0;
- int i;
- PRCList *head;
+ CERTNameConstraint *current_constraint = constraints;
+ SECItem **items = NULL;
+ int count = 0;
+ int i;
+ PRCList *head;
PORT_Assert(arena);
/* TODO: mark arena */
if (constraints != NULL) {
- count = 1;
+ count = 1;
}
head = &constraints->l;
while (current_constraint->l.next != head) {
- current_constraint = CERT_GetNextNameConstraint(current_constraint);
- ++count;
+ current_constraint = CERT_GetNextNameConstraint(current_constraint);
+ ++count;
}
current_constraint = CERT_GetNextNameConstraint(current_constraint);
items = PORT_ArenaZNewArray(arena, SECItem *, count + 1);
if (items == NULL) {
- goto loser;
+ goto loser;
}
for (i = 0; i < count; i++) {
- items[i] = cert_EncodeNameConstraint(current_constraint,
- (SECItem *) NULL, arena);
- if (items[i] == NULL) {
- goto loser;
- }
- current_constraint = CERT_GetNextNameConstraint(current_constraint);
+ items[i] = cert_EncodeNameConstraint(current_constraint,
+ (SECItem *)NULL, arena);
+ if (items[i] == NULL) {
+ goto loser;
+ }
+ current_constraint = CERT_GetNextNameConstraint(current_constraint);
}
*dest = items;
if (*dest == NULL) {
- goto loser;
+ goto loser;
}
/* TODO: unmark arena */
return SECSuccess;
@@ -591,35 +608,32 @@
return SECFailure;
}
-SECStatus
-cert_EncodeNameConstraints(CERTNameConstraints *constraints,
- PLArenaPool *arena,
- SECItem *dest)
+SECStatus
+cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena,
+ SECItem *dest)
{
- SECStatus rv = SECSuccess;
+ SECStatus rv = SECSuccess;
PORT_Assert(arena);
/* TODO: mark arena */
if (constraints->permited != NULL) {
- rv = cert_EncodeNameConstraintSubTree(constraints->permited, arena,
- &constraints->DERPermited,
- PR_TRUE);
- if (rv == SECFailure) {
- goto loser;
- }
+ rv = cert_EncodeNameConstraintSubTree(
+ constraints->permited, arena, &constraints->DERPermited, PR_TRUE);
+ if (rv == SECFailure) {
+ goto loser;
+ }
}
if (constraints->excluded != NULL) {
- rv = cert_EncodeNameConstraintSubTree(constraints->excluded, arena,
- &constraints->DERExcluded,
- PR_FALSE);
- if (rv == SECFailure) {
- goto loser;
- }
+ rv = cert_EncodeNameConstraintSubTree(
+ constraints->excluded, arena, &constraints->DERExcluded, PR_FALSE);
+ if (rv == SECFailure) {
+ goto loser;
+ }
}
- dest = SEC_ASN1EncodeItem(arena, dest, constraints,
- CERTNameConstraintsTemplate);
+ dest = SEC_ASN1EncodeItem(arena, dest, constraints,
+ CERTNameConstraintsTemplate);
if (dest == NULL) {
- goto loser;
+ goto loser;
}
/* TODO: unmark arena */
return SECSuccess;
@@ -628,15 +642,13 @@
return SECFailure;
}
-
CERTNameConstraint *
-cert_DecodeNameConstraint(PLArenaPool *reqArena,
- SECItem *encodedConstraint)
+cert_DecodeNameConstraint(PLArenaPool *reqArena, SECItem *encodedConstraint)
{
- CERTNameConstraint *constraint;
- SECStatus rv = SECSuccess;
- CERTGeneralName *temp;
- SECItem* newEncodedConstraint;
+ CERTNameConstraint *constraint;
+ SECStatus rv = SECSuccess;
+ CERTGeneralName *temp;
+ SECItem *newEncodedConstraint;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -649,21 +661,20 @@
/* TODO: mark arena */
constraint = PORT_ArenaZNew(reqArena, CERTNameConstraint);
if (!constraint)
- goto loser;
- rv = SEC_QuickDERDecodeItem(reqArena, constraint,
- CERTNameConstraintTemplate,
- newEncodedConstraint);
+ goto loser;
+ rv = SEC_QuickDERDecodeItem(
+ reqArena, constraint, CERTNameConstraintTemplate, newEncodedConstraint);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
temp = CERT_DecodeGeneralName(reqArena, &(constraint->DERName),
&(constraint->name));
if (temp != &(constraint->name)) {
- goto loser;
+ goto loser;
}
- /* ### sjlee: since the name constraint contains only one
- * CERTGeneralName, the list within CERTGeneralName shouldn't
+ /* ### sjlee: since the name constraint contains only one
+ * CERTGeneralName, the list within CERTGeneralName shouldn't
* point anywhere else. Otherwise, bad things will happen.
*/
constraint->name.l.prev = constraint->name.l.next = &(constraint->name.l);
@@ -675,30 +686,29 @@
}
static CERTNameConstraint *
-cert_DecodeNameConstraintSubTree(PLArenaPool *arena,
- SECItem **subTree,
- PRBool permited)
+cert_DecodeNameConstraintSubTree(PLArenaPool *arena, SECItem **subTree,
+ PRBool permited)
{
- CERTNameConstraint *current = NULL;
- CERTNameConstraint *first = NULL;
- CERTNameConstraint *last = NULL;
- int i = 0;
+ CERTNameConstraint *current = NULL;
+ CERTNameConstraint *first = NULL;
+ CERTNameConstraint *last = NULL;
+ int i = 0;
PORT_Assert(arena);
/* TODO: mark arena */
while (subTree[i] != NULL) {
- current = cert_DecodeNameConstraint(arena, subTree[i]);
- if (current == NULL) {
- goto loser;
- }
- if (first == NULL) {
- first = current;
- } else {
- current->l.prev = &(last->l);
- last->l.next = &(current->l);
- }
- last = current;
- i++;
+ current = cert_DecodeNameConstraint(arena, subTree[i]);
+ if (current == NULL) {
+ goto loser;
+ }
+ if (first == NULL) {
+ first = current;
+ } else {
+ current->l.prev = &(last->l);
+ last->l.next = &(current->l);
+ }
+ last = current;
+ i++;
}
first->l.prev = &(last->l);
last->l.next = &(first->l);
@@ -710,12 +720,12 @@
}
CERTNameConstraints *
-cert_DecodeNameConstraints(PLArenaPool *reqArena,
- const SECItem *encodedConstraints)
+cert_DecodeNameConstraints(PLArenaPool *reqArena,
+ const SECItem *encodedConstraints)
{
- CERTNameConstraints *constraints;
- SECStatus rv;
- SECItem* newEncodedConstraints;
+ CERTNameConstraints *constraints;
+ SECStatus rv;
+ SECItem *newEncodedConstraints;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -727,33 +737,29 @@
/* TODO: mark arena */
constraints = PORT_ArenaZNew(reqArena, CERTNameConstraints);
if (constraints == NULL) {
- goto loser;
+ goto loser;
}
rv = SEC_QuickDERDecodeItem(reqArena, constraints,
CERTNameConstraintsTemplate,
newEncodedConstraints);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
- if (constraints->DERPermited != NULL &&
+ if (constraints->DERPermited != NULL &&
constraints->DERPermited[0] != NULL) {
- constraints->permited =
- cert_DecodeNameConstraintSubTree(reqArena,
- constraints->DERPermited,
- PR_TRUE);
- if (constraints->permited == NULL) {
- goto loser;
- }
+ constraints->permited = cert_DecodeNameConstraintSubTree(
+ reqArena, constraints->DERPermited, PR_TRUE);
+ if (constraints->permited == NULL) {
+ goto loser;
+ }
}
- if (constraints->DERExcluded != NULL &&
+ if (constraints->DERExcluded != NULL &&
constraints->DERExcluded[0] != NULL) {
- constraints->excluded =
- cert_DecodeNameConstraintSubTree(reqArena,
- constraints->DERExcluded,
- PR_FALSE);
- if (constraints->excluded == NULL) {
- goto loser;
- }
+ constraints->excluded = cert_DecodeNameConstraintSubTree(
+ reqArena, constraints->DERExcluded, PR_FALSE);
+ if (constraints->excluded == NULL) {
+ goto loser;
+ }
}
/* TODO: unmark arena */
return constraints;
@@ -763,22 +769,21 @@
}
/* Copy a chain of one or more general names to a destination chain.
-** Caller has allocated at least the first destination GeneralName struct.
+** Caller has allocated at least the first destination GeneralName struct.
** Both source and destination chains are circular doubly-linked lists.
** The first source struct is copied to the first destination struct.
-** If the source chain has more than one member, and the destination chain
-** has only one member, then this function allocates new structs for all but
-** the first copy from the arena and links them into the destination list.
+** If the source chain has more than one member, and the destination chain
+** has only one member, then this function allocates new structs for all but
+** the first copy from the arena and links them into the destination list.
** If the destination struct is part of a list with more than one member,
** then this function traverses both the source and destination lists,
** copying each source struct to the corresponding dest struct.
-** In that case, the destination list MUST contain at least as many
+** In that case, the destination list MUST contain at least as many
** structs as the source list or some dest entries will be overwritten.
*/
SECStatus
-CERT_CopyGeneralName(PLArenaPool *arena,
- CERTGeneralName *dest,
- CERTGeneralName *src)
+CERT_CopyGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
+ CERTGeneralName *src)
{
SECStatus rv;
CERTGeneralName *destHead = dest;
@@ -786,31 +791,31 @@
PORT_Assert(dest != NULL);
if (!dest) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
/* TODO: mark arena */
do {
- rv = cert_CopyOneGeneralName(arena, dest, src);
- if (rv != SECSuccess)
- goto loser;
- src = CERT_GetNextGeneralName(src);
- /* if there is only one general name, we shouldn't do this */
- if (src != srcHead) {
- if (dest->l.next == &destHead->l) {
- CERTGeneralName *temp;
- temp = CERT_NewGeneralName(arena, (CERTGeneralNameType)0);
- if (!temp)
- goto loser;
- temp->l.next = &destHead->l;
- temp->l.prev = &dest->l;
- destHead->l.prev = &temp->l;
- dest->l.next = &temp->l;
- dest = temp;
- } else {
- dest = CERT_GetNextGeneralName(dest);
- }
- }
+ rv = cert_CopyOneGeneralName(arena, dest, src);
+ if (rv != SECSuccess)
+ goto loser;
+ src = CERT_GetNextGeneralName(src);
+ /* if there is only one general name, we shouldn't do this */
+ if (src != srcHead) {
+ if (dest->l.next == &destHead->l) {
+ CERTGeneralName *temp;
+ temp = CERT_NewGeneralName(arena, (CERTGeneralNameType)0);
+ if (!temp)
+ goto loser;
+ temp->l.next = &destHead->l;
+ temp->l.prev = &dest->l;
+ destHead->l.prev = &temp->l;
+ dest->l.next = &temp->l;
+ dest = temp;
+ } else {
+ dest = CERT_GetNextGeneralName(dest);
+ }
+ }
} while (src != srcHead && rv == SECSuccess);
/* TODO: unmark arena */
return rv;
@@ -819,49 +824,47 @@
return SECFailure;
}
-
CERTGeneralNameList *
CERT_DupGeneralNameList(CERTGeneralNameList *list)
{
if (list != NULL) {
- PZ_Lock(list->lock);
- list->refCount++;
- PZ_Unlock(list->lock);
+ PZ_Lock(list->lock);
+ list->refCount++;
+ PZ_Unlock(list->lock);
}
return list;
}
/* Allocate space and copy CERTNameConstraint from src to dest */
CERTNameConstraint *
-CERT_CopyNameConstraint(PLArenaPool *arena,
- CERTNameConstraint *dest,
- CERTNameConstraint *src)
+CERT_CopyNameConstraint(PLArenaPool *arena, CERTNameConstraint *dest,
+ CERTNameConstraint *src)
{
- SECStatus rv;
-
+ SECStatus rv;
+
/* TODO: mark arena */
if (dest == NULL) {
- dest = PORT_ArenaZNew(arena, CERTNameConstraint);
- if (!dest)
- goto loser;
- /* mark that it is not linked */
- dest->name.l.prev = dest->name.l.next = &(dest->name.l);
+ dest = PORT_ArenaZNew(arena, CERTNameConstraint);
+ if (!dest)
+ goto loser;
+ /* mark that it is not linked */
+ dest->name.l.prev = dest->name.l.next = &(dest->name.l);
}
rv = CERT_CopyGeneralName(arena, &dest->name, &src->name);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
rv = SECITEM_CopyItem(arena, &dest->DERName, &src->DERName);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
rv = SECITEM_CopyItem(arena, &dest->min, &src->min);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
rv = SECITEM_CopyItem(arena, &dest->max, &src->max);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
dest->l.prev = dest->l.next = &dest->l;
/* TODO: unmark arena */
@@ -871,7 +874,6 @@
return NULL;
}
-
CERTGeneralName *
cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2)
{
@@ -880,54 +882,52 @@
PRCList *end1;
PRCList *end2;
- if (list1 == NULL){
- return list2;
+ if (list1 == NULL) {
+ return list2;
} else if (list2 == NULL) {
- return list1;
+ return list1;
} else {
- begin1 = &list1->l;
- begin2 = &list2->l;
- end1 = list1->l.prev;
- end2 = list2->l.prev;
- end1->next = begin2;
- end2->next = begin1;
- begin1->prev = end2;
- begin2->prev = end1;
- return list1;
+ begin1 = &list1->l;
+ begin2 = &list2->l;
+ end1 = list1->l.prev;
+ end2 = list2->l.prev;
+ end1->next = begin2;
+ end2->next = begin1;
+ begin1->prev = end2;
+ begin2->prev = end1;
+ return list1;
}
}
-
CERTNameConstraint *
-cert_CombineConstraintsLists(CERTNameConstraint *list1, CERTNameConstraint *list2)
+cert_CombineConstraintsLists(CERTNameConstraint *list1,
+ CERTNameConstraint *list2)
{
PRCList *begin1;
PRCList *begin2;
PRCList *end1;
PRCList *end2;
- if (list1 == NULL){
- return list2;
+ if (list1 == NULL) {
+ return list2;
} else if (list2 == NULL) {
- return list1;
+ return list1;
} else {
- begin1 = &list1->l;
- begin2 = &list2->l;
- end1 = list1->l.prev;
- end2 = list2->l.prev;
- end1->next = begin2;
- end2->next = begin1;
- begin1->prev = end2;
- begin2->prev = end1;
- return list1;
+ begin1 = &list1->l;
+ begin2 = &list2->l;
+ end1 = list1->l.prev;
+ end2 = list2->l.prev;
+ end1->next = begin2;
+ end2->next = begin1;
+ begin1->prev = end2;
+ begin2->prev = end1;
+ return list1;
}
}
-
/* Add a CERTNameConstraint to the CERTNameConstraint list */
CERTNameConstraint *
-CERT_AddNameConstraint(CERTNameConstraint *list,
- CERTNameConstraint *constraint)
+CERT_AddNameConstraint(CERTNameConstraint *list, CERTNameConstraint *constraint)
{
PORT_Assert(constraint != NULL);
constraint->l.next = constraint->l.prev = &constraint->l;
@@ -935,33 +935,32 @@
return list;
}
-
SECStatus
-CERT_GetNameConstraintByType (CERTNameConstraint *constraints,
- CERTGeneralNameType type,
- CERTNameConstraint **returnList,
- PLArenaPool *arena)
+CERT_GetNameConstraintByType(CERTNameConstraint *constraints,
+ CERTGeneralNameType type,
+ CERTNameConstraint **returnList,
+ PLArenaPool *arena)
{
CERTNameConstraint *current = NULL;
- void *mark = NULL;
+ void *mark = NULL;
*returnList = NULL;
if (!constraints)
- return SECSuccess;
+ return SECSuccess;
mark = PORT_ArenaMark(arena);
current = constraints;
do {
- PORT_Assert(current->name.type);
- if (current->name.type == type) {
- CERTNameConstraint *temp;
- temp = CERT_CopyNameConstraint(arena, NULL, current);
- if (temp == NULL)
- goto loser;
- *returnList = CERT_AddNameConstraint(*returnList, temp);
- }
- current = CERT_GetNextNameConstraint(current);
+ PORT_Assert(current->name.type);
+ if (current->name.type == type) {
+ CERTNameConstraint *temp;
+ temp = CERT_CopyNameConstraint(arena, NULL, current);
+ if (temp == NULL)
+ goto loser;
+ *returnList = CERT_AddNameConstraint(*returnList, temp);
+ }
+ current = CERT_GetNextNameConstraint(current);
} while (current != constraints);
PORT_ArenaUnmark(arena, mark);
return SECSuccess;
@@ -972,39 +971,41 @@
}
void *
-CERT_GetGeneralNameByType (CERTGeneralName *genNames,
- CERTGeneralNameType type, PRBool derFormat)
+CERT_GetGeneralNameByType(CERTGeneralName *genNames, CERTGeneralNameType type,
+ PRBool derFormat)
{
CERTGeneralName *current;
-
+
if (!genNames)
- return NULL;
+ return NULL;
current = genNames;
do {
- if (current->type == type) {
- switch (type) {
- case certDNSName:
- case certEDIPartyName:
- case certIPAddress:
- case certRegisterID:
- case certRFC822Name:
- case certX400Address:
- case certURI:
- return (void *)¤t->name.other; /* SECItem * */
+ if (current->type == type) {
+ switch (type) {
+ case certDNSName:
+ case certEDIPartyName:
+ case certIPAddress:
+ case certRegisterID:
+ case certRFC822Name:
+ case certX400Address:
+ case certURI:
+ return (void *)¤t->name.other; /* SECItem * */
- case certOtherName:
- return (void *)¤t->name.OthName; /* OthName * */
+ case certOtherName:
+ return (void *)¤t->name.OthName; /* OthName * */
- case certDirectoryName:
- return derFormat
- ? (void *)¤t->derDirectoryName /* SECItem * */
- : (void *)¤t->name.directoryName; /* CERTName * */
- }
- PORT_Assert(0);
- return NULL;
- }
- current = CERT_GetNextGeneralName(current);
+ case certDirectoryName:
+ return derFormat
+ ? (void *)¤t
+ ->derDirectoryName /* SECItem * */
+ : (void *)¤t->name
+ .directoryName; /* CERTName * */
+ }
+ PORT_Assert(0);
+ return NULL;
+ }
+ current = CERT_GetNextGeneralName(current);
} while (current != genNames);
return NULL;
}
@@ -1012,60 +1013,61 @@
int
CERT_GetNamesLength(CERTGeneralName *names)
{
- int length = 0;
- CERTGeneralName *first;
+ int length = 0;
+ CERTGeneralName *first;
first = names;
if (names != NULL) {
- do {
- length++;
- names = CERT_GetNextGeneralName(names);
- } while (names != first);
+ do {
+ length++;
+ names = CERT_GetNextGeneralName(names);
+ } while (names != first);
}
return length;
}
-/* Creates new GeneralNames for any email addresses found in the
+/* Creates new GeneralNames for any email addresses found in the
** input DN, and links them onto the list for the DN.
*/
SECStatus
cert_ExtractDNEmailAddrs(CERTGeneralName *name, PLArenaPool *arena)
{
CERTGeneralName *nameList = NULL;
- const CERTRDN **nRDNs = (const CERTRDN **)(name->name.directoryName.rdns);
- SECStatus rv = SECSuccess;
+ const CERTRDN **nRDNs = (const CERTRDN **)(name->name.directoryName.rdns);
+ SECStatus rv = SECSuccess;
PORT_Assert(name->type == certDirectoryName);
if (name->type != certDirectoryName) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ return SECFailure;
}
/* TODO: mark arena */
while (nRDNs && *nRDNs) { /* loop over RDNs */
- const CERTRDN *nRDN = *nRDNs++;
- CERTAVA **nAVAs = nRDN->avas;
- while (nAVAs && *nAVAs) { /* loop over AVAs */
- int tag;
- CERTAVA *nAVA = *nAVAs++;
- tag = CERT_GetAVATag(nAVA);
- if ( tag == SEC_OID_PKCS9_EMAIL_ADDRESS ||
- tag == SEC_OID_RFC1274_MAIL) { /* email AVA */
- CERTGeneralName *newName = NULL;
- SECItem *avaValue = CERT_DecodeAVAValue(&nAVA->value);
- if (!avaValue)
- goto loser;
- rv = SECFailure;
+ const CERTRDN *nRDN = *nRDNs++;
+ CERTAVA **nAVAs = nRDN->avas;
+ while (nAVAs && *nAVAs) { /* loop over AVAs */
+ int tag;
+ CERTAVA *nAVA = *nAVAs++;
+ tag = CERT_GetAVATag(nAVA);
+ if (tag == SEC_OID_PKCS9_EMAIL_ADDRESS ||
+ tag == SEC_OID_RFC1274_MAIL) { /* email AVA */
+ CERTGeneralName *newName = NULL;
+ SECItem *avaValue = CERT_DecodeAVAValue(&nAVA->value);
+ if (!avaValue)
+ goto loser;
+ rv = SECFailure;
newName = CERT_NewGeneralName(arena, certRFC822Name);
- if (newName) {
- rv = SECITEM_CopyItem(arena, &newName->name.other, avaValue);
- }
- SECITEM_FreeItem(avaValue, PR_TRUE);
- if (rv != SECSuccess)
- goto loser;
- nameList = cert_CombineNamesLists(nameList, newName);
- } /* handle one email AVA */
- } /* loop over AVAs */
- } /* loop over RDNs */
+ if (newName) {
+ rv =
+ SECITEM_CopyItem(arena, &newName->name.other, avaValue);
+ }
+ SECITEM_FreeItem(avaValue, PR_TRUE);
+ if (rv != SECSuccess)
+ goto loser;
+ nameList = cert_CombineNamesLists(nameList, newName);
+ } /* handle one email AVA */
+ } /* loop over AVAs */
+ } /* loop over RDNs */
/* combine new names with old one. */
name = cert_CombineNamesLists(name, nameList);
/* TODO: unmark arena */
@@ -1076,7 +1078,7 @@
return SECFailure;
}
-/* Extract all names except Subject Common Name from a cert
+/* Extract all names except Subject Common Name from a cert
** in preparation for a name constraints test.
*/
CERTGeneralName *
@@ -1093,30 +1095,30 @@
PLArenaPool *arena,
PRBool includeSubjectCommonName)
{
- CERTGeneralName *DN;
- CERTGeneralName *SAN;
- PRUint32 numDNSNames = 0;
- SECStatus rv;
+ CERTGeneralName *DN;
+ CERTGeneralName *SAN;
+ PRUint32 numDNSNames = 0;
+ SECStatus rv;
if (!arena) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
/* TODO: mark arena */
DN = CERT_NewGeneralName(arena, certDirectoryName);
if (DN == NULL) {
- goto loser;
+ goto loser;
}
rv = CERT_CopyName(arena, &DN->name.directoryName, &cert->subject);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
rv = SECITEM_CopyItem(arena, &DN->derDirectoryName, &cert->derSubject);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
- /* Extract email addresses from DN, construct CERTGeneralName structs
- ** for them, add them to the name list
+ /* Extract email addresses from DN, construct CERTGeneralName structs
+ ** for them, add them to the name list
*/
rv = cert_ExtractDNEmailAddrs(DN, arena);
if (rv != SECSuccess)
@@ -1125,35 +1127,35 @@
/* Now extract any GeneralNames from the subject name names extension. */
SAN = cert_GetSubjectAltNameList(cert, arena);
if (SAN) {
- numDNSNames = cert_CountDNSPatterns(SAN);
- DN = cert_CombineNamesLists(DN, SAN);
+ numDNSNames = cert_CountDNSPatterns(SAN);
+ DN = cert_CombineNamesLists(DN, SAN);
}
if (!numDNSNames && includeSubjectCommonName) {
- char *cn = CERT_GetCommonName(&cert->subject);
- if (cn) {
- CERTGeneralName *CN = CERT_NewGeneralName(arena, certDNSName);
- if (CN) {
- SECItem cnItem = {siBuffer, NULL, 0};
- cnItem.data = (unsigned char *)cn;
- cnItem.len = strlen(cn);
- rv = SECITEM_CopyItem(arena, &CN->name.other, &cnItem);
- if (rv == SECSuccess) {
- DN = cert_CombineNamesLists(DN, CN);
- }
- }
- PORT_Free(cn);
- }
+ char *cn = CERT_GetCommonName(&cert->subject);
+ if (cn) {
+ CERTGeneralName *CN = CERT_NewGeneralName(arena, certDNSName);
+ if (CN) {
+ SECItem cnItem = { siBuffer, NULL, 0 };
+ cnItem.data = (unsigned char *)cn;
+ cnItem.len = strlen(cn);
+ rv = SECITEM_CopyItem(arena, &CN->name.other, &cnItem);
+ if (rv == SECSuccess) {
+ DN = cert_CombineNamesLists(DN, CN);
+ }
+ }
+ PORT_Free(cn);
+ }
}
if (rv == SECSuccess) {
- /* TODO: unmark arena */
- return DN;
+ /* TODO: unmark arena */
+ return DN;
}
loser:
/* TODO: release arena to mark */
return NULL;
}
-/* Returns SECSuccess if name matches constraint per RFC 3280 rules for
+/* Returns SECSuccess if name matches constraint per RFC 3280 rules for
** URI name constraints. SECFailure otherwise.
** If the constraint begins with a dot, it is a domain name, otherwise
** It is a host name. Examples:
@@ -1177,24 +1179,24 @@
*/
if (!constraint->len)
return SECFailure;
- if (constraint->data[0] != '.') {
- /* constraint is a host name. */
- if (name->len != constraint->len ||
- PL_strncasecmp((char *)name->data,
- (char *)constraint->data, constraint->len))
- return SECFailure;
- return SECSuccess;
+ if (constraint->data[0] != '.') {
+ /* constraint is a host name. */
+ if (name->len != constraint->len ||
+ PL_strncasecmp((char *)name->data, (char *)constraint->data,
+ constraint->len))
+ return SECFailure;
+ return SECSuccess;
}
/* constraint is a domain name. */
if (name->len < constraint->len)
return SECFailure;
offset = name->len - constraint->len;
- if (PL_strncasecmp((char *)(name->data + offset),
- (char *)constraint->data, constraint->len))
+ if (PL_strncasecmp((char *)(name->data + offset), (char *)constraint->data,
+ constraint->len))
return SECFailure;
- if (!offset ||
+ if (!offset ||
(name->data[offset - 1] == '.') + (constraint->data[0] == '.') == 1)
- return SECSuccess;
+ return SECSuccess;
return SECFailure;
}
@@ -1217,9 +1219,9 @@
** foo.bar.com nofoo.bar.com MATCHES NO MATCH
** .foo.bar.com www.foo.bar.com matches matches? disallowed?
** .foo.bar.com foo.bar.com no match no match
-** .foo.bar.com www..foo.bar.com matches probably not
+** .foo.bar.com www..foo.bar.com matches probably not
**
-** We will try to conform to NIST's PKITS tests, and the unstated
+** We will try to conform to NIST's PKITS tests, and the unstated
** rules they imply.
*/
static SECStatus
@@ -1234,12 +1236,12 @@
if (name->len < constraint->len)
return SECFailure;
offset = name->len - constraint->len;
- if (PL_strncasecmp((char *)(name->data + offset),
- (char *)constraint->data, constraint->len))
+ if (PL_strncasecmp((char *)(name->data + offset), (char *)constraint->data,
+ constraint->len))
return SECFailure;
- if (!offset ||
+ if (!offset ||
(name->data[offset - 1] == '.') + (constraint->data[0] == '.') == 1)
- return SECSuccess;
+ return SECSuccess;
return SECFailure;
}
@@ -1247,7 +1249,7 @@
** internet email addresses. SECFailure otherwise.
** If constraint contains a '@' then the two strings much match exactly.
** Else if constraint starts with a '.'. then it must match the right-most
-** substring of the name,
+** substring of the name,
** else constraint string must match entire name after the name's '@'.
** Empty constraint string matches all names. All comparisons case insensitive.
*/
@@ -1262,16 +1264,17 @@
if (constraint->len == 1 && constraint->data[0] == '.')
return SECSuccess;
for (offset = constraint->len - 1; offset >= 0; --offset) {
- if (constraint->data[offset] == '@') {
- return (name->len == constraint->len &&
- !PL_strncasecmp((char *)name->data,
- (char *)constraint->data, constraint->len))
- ? SECSuccess : SECFailure;
- }
+ if (constraint->data[offset] == '@') {
+ return (name->len == constraint->len &&
+ !PL_strncasecmp((char *)name->data,
+ (char *)constraint->data, constraint->len))
+ ? SECSuccess
+ : SECFailure;
+ }
}
offset = name->len - constraint->len;
- if (PL_strncasecmp((char *)(name->data + offset),
- (char *)constraint->data, constraint->len))
+ if (PL_strncasecmp((char *)(name->data + offset), (char *)constraint->data,
+ constraint->len))
return SECFailure;
if (constraint->data[0] == '.')
return SECSuccess;
@@ -1282,9 +1285,9 @@
/* name contains either a 4 byte IPv4 address or a 16 byte IPv6 address.
** constraint contains an address of the same length, and a subnet mask
-** of the same length. Compare name's address to the constraint's
+** of the same length. Compare name's address to the constraint's
** address, subject to the mask.
-** Return SECSuccess if they match, SECFailure if they don't.
+** Return SECSuccess if they match, SECFailure if they don't.
*/
static SECStatus
compareIPaddrN2C(const SECItem *name, const SECItem *constraint)
@@ -1292,67 +1295,67 @@
int i;
if (name->len == 4 && constraint->len == 8) { /* ipv4 addr */
for (i = 0; i < 4; i++) {
- if ((name->data[i] ^ constraint->data[i]) & constraint->data[i+4])
- goto loser;
- }
- return SECSuccess;
+ if ((name->data[i] ^ constraint->data[i]) & constraint->data[i + 4])
+ goto loser;
+ }
+ return SECSuccess;
}
if (name->len == 16 && constraint->len == 32) { /* ipv6 addr */
for (i = 0; i < 16; i++) {
- if ((name->data[i] ^ constraint->data[i]) & constraint->data[i+16])
- goto loser;
- }
- return SECSuccess;
+ if ((name->data[i] ^ constraint->data[i]) &
+ constraint->data[i + 16])
+ goto loser;
+ }
+ return SECSuccess;
}
loser:
return SECFailure;
}
-/* start with a SECItem that points to a URI. Parse it lookingg for
+/* start with a SECItem that points to a URI. Parse it lookingg for
** a hostname. Modify item->data and item->len to define the hostname,
-** but do not modify and data at item->data.
+** but do not modify and data at item->data.
** If anything goes wrong, the contents of *item are undefined.
*/
static SECStatus
-parseUriHostname(SECItem * item)
+parseUriHostname(SECItem *item)
{
int i;
PRBool found = PR_FALSE;
- for (i = 0; (unsigned)(i+2) < item->len; ++i) {
- if (item->data[i ] == ':' &&
- item->data[i+1] == '/' &&
- item->data[i+2] == '/') {
- i += 3;
- item->data += i;
- item->len -= i;
- found = PR_TRUE;
- break;
- }
+ for (i = 0; (unsigned)(i + 2) < item->len; ++i) {
+ if (item->data[i] == ':' && item->data[i + 1] == '/' &&
+ item->data[i + 2] == '/') {
+ i += 3;
+ item->data += i;
+ item->len -= i;
+ found = PR_TRUE;
+ break;
+ }
}
- if (!found)
+ if (!found)
return SECFailure;
/* now look for a '/', which is an upper bound in the end of the name */
for (i = 0; (unsigned)i < item->len; ++i) {
- if (item->data[i] == '/') {
- item->len = i;
- break;
- }
+ if (item->data[i] == '/') {
+ item->len = i;
+ break;
+ }
}
/* now look for a ':', which marks the end of the name */
- for (i = item->len; --i >= 0; ) {
+ for (i = item->len; --i >= 0;) {
if (item->data[i] == ':') {
- item->len = i;
- break;
- }
+ item->len = i;
+ break;
+ }
}
/* now look for an '@', which marks the beginning of the hostname */
for (i = 0; (unsigned)i < item->len; ++i) {
- if (item->data[i] == '@') {
- ++i;
- item->data += i;
- item->len -= i;
- break;
- }
+ if (item->data[i] == '@') {
+ ++i;
+ item->data += i;
+ item->len -= i;
+ break;
+ }
}
return item->len ? SECSuccess : SECFailure;
}
@@ -1360,144 +1363,145 @@
/* This function takes one name, and a list of constraints.
** It searches the constraints looking for a match.
** It returns SECSuccess if the name satisfies the constraints, i.e.,
-** if excluded, then the name does not match any constraint,
+** if excluded, then the name does not match any constraint,
** if permitted, then the name matches at least one constraint.
** It returns SECFailure if the name fails to satisfy the constraints,
** or if some code fails (e.g. out of memory, or invalid constraint)
*/
SECStatus
-cert_CompareNameWithConstraints(const CERTGeneralName *name,
- const CERTNameConstraint *constraints,
- PRBool excluded)
+cert_CompareNameWithConstraints(const CERTGeneralName *name,
+ const CERTNameConstraint *constraints,
+ PRBool excluded)
{
- SECStatus rv = SECSuccess;
- SECStatus matched = SECFailure;
+ SECStatus rv = SECSuccess;
+ SECStatus matched = SECFailure;
const CERTNameConstraint *current;
- PORT_Assert(constraints); /* caller should not call with NULL */
+ PORT_Assert(constraints); /* caller should not call with NULL */
if (!constraints) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
current = constraints;
do {
- rv = SECSuccess;
- matched = SECFailure;
- PORT_Assert(name->type == current->name.type);
- switch (name->type) {
+ rv = SECSuccess;
+ matched = SECFailure;
+ PORT_Assert(name->type == current->name.type);
+ switch (name->type) {
- case certDNSName:
- matched = compareDNSN2C(&name->name.other,
- ¤t->name.name.other);
- break;
+ case certDNSName:
+ matched =
+ compareDNSN2C(&name->name.other, ¤t->name.name.other);
+ break;
- case certRFC822Name:
- matched = compareRFC822N2C(&name->name.other,
- ¤t->name.name.other);
- break;
+ case certRFC822Name:
+ matched = compareRFC822N2C(&name->name.other,
+ ¤t->name.name.other);
+ break;
- case certURI:
- {
- /* make a modifiable copy of the URI SECItem. */
- SECItem uri = name->name.other;
- /* find the hostname in the URI */
- rv = parseUriHostname(&uri);
- if (rv == SECSuccess) {
- /* does our hostname meet the constraint? */
- matched = compareURIN2C(&uri, ¤t->name.name.other);
- }
- }
- break;
+ case certURI: {
+ /* make a modifiable copy of the URI SECItem. */
+ SECItem uri = name->name.other;
+ /* find the hostname in the URI */
+ rv = parseUriHostname(&uri);
+ if (rv == SECSuccess) {
+ /* does our hostname meet the constraint? */
+ matched = compareURIN2C(&uri, ¤t->name.name.other);
+ }
+ } break;
- case certDirectoryName:
- /* Determine if the constraint directory name is a "prefix"
- ** for the directory name being tested.
- */
- {
- /* status defaults to SECEqual, so that a constraint with
- ** no AVAs will be a wildcard, matching all directory names.
- */
- SECComparison status = SECEqual;
- const CERTRDN **cRDNs =
- (const CERTRDN **)current->name.name.directoryName.rdns;
- const CERTRDN **nRDNs =
- (const CERTRDN **)name->name.directoryName.rdns;
- while (cRDNs && *cRDNs && nRDNs && *nRDNs) {
- /* loop over name RDNs and constraint RDNs in lock step */
- const CERTRDN *cRDN = *cRDNs++;
- const CERTRDN *nRDN = *nRDNs++;
- CERTAVA **cAVAs = cRDN->avas;
- while (cAVAs && *cAVAs) { /* loop over constraint AVAs */
- CERTAVA *cAVA = *cAVAs++;
- CERTAVA **nAVAs = nRDN->avas;
- while (nAVAs && *nAVAs) { /* loop over name AVAs */
- CERTAVA *nAVA = *nAVAs++;
- status = CERT_CompareAVA(cAVA, nAVA);
- if (status == SECEqual)
- break;
- } /* loop over name AVAs */
- if (status != SECEqual)
- break;
- } /* loop over constraint AVAs */
- if (status != SECEqual)
- break;
- } /* loop over name RDNs and constraint RDNs */
- matched = (status == SECEqual) ? SECSuccess : SECFailure;
- break;
- }
+ case certDirectoryName:
+ /* Determine if the constraint directory name is a "prefix"
+ ** for the directory name being tested.
+ */
+ {
+ /* status defaults to SECEqual, so that a constraint with
+ ** no AVAs will be a wildcard, matching all directory names.
+ */
+ SECComparison status = SECEqual;
+ const CERTRDN **cRDNs =
+ (const CERTRDN **)current->name.name.directoryName.rdns;
+ const CERTRDN **nRDNs =
+ (const CERTRDN **)name->name.directoryName.rdns;
+ while (cRDNs && *cRDNs && nRDNs && *nRDNs) {
+ /* loop over name RDNs and constraint RDNs in lock step
+ */
+ const CERTRDN *cRDN = *cRDNs++;
+ const CERTRDN *nRDN = *nRDNs++;
+ CERTAVA **cAVAs = cRDN->avas;
+ while (cAVAs &&
+ *cAVAs) { /* loop over constraint AVAs */
+ CERTAVA *cAVA = *cAVAs++;
+ CERTAVA **nAVAs = nRDN->avas;
+ while (nAVAs && *nAVAs) { /* loop over name AVAs */
+ CERTAVA *nAVA = *nAVAs++;
+ status = CERT_CompareAVA(cAVA, nAVA);
+ if (status == SECEqual)
+ break;
+ } /* loop over name AVAs */
+ if (status != SECEqual)
+ break;
+ } /* loop over constraint AVAs */
+ if (status != SECEqual)
+ break;
+ } /* loop over name RDNs and constraint RDNs */
+ matched = (status == SECEqual) ? SECSuccess : SECFailure;
+ break;
+ }
- case certIPAddress: /* type 8 */
- matched = compareIPaddrN2C(&name->name.other,
- ¤t->name.name.other);
- break;
+ case certIPAddress: /* type 8 */
+ matched = compareIPaddrN2C(&name->name.other,
+ ¤t->name.name.other);
+ break;
- /* NSS does not know how to compare these "Other" type names with
- ** their respective constraints. But it does know how to tell
- ** if the constraint applies to the type of name (by comparing
- ** the constraint OID to the name OID). NSS makes no use of "Other"
- ** type names at all, so NSS errs on the side of leniency for these
- ** types, provided that their OIDs match. So, when an "Other"
- ** name constraint appears in an excluded subtree, it never causes
- ** a name to fail. When an "Other" name constraint appears in a
- ** permitted subtree, AND the constraint's OID matches the name's
- ** OID, then name is treated as if it matches the constraint.
- */
- case certOtherName: /* type 1 */
- matched = (!excluded &&
- name->type == current->name.type &&
- SECITEM_ItemsAreEqual(&name->name.OthName.oid,
- ¤t->name.name.OthName.oid))
- ? SECSuccess : SECFailure;
- break;
+ /* NSS does not know how to compare these "Other" type names with
+ ** their respective constraints. But it does know how to tell
+ ** if the constraint applies to the type of name (by comparing
+ ** the constraint OID to the name OID). NSS makes no use of "Other"
+ ** type names at all, so NSS errs on the side of leniency for these
+ ** types, provided that their OIDs match. So, when an "Other"
+ ** name constraint appears in an excluded subtree, it never causes
+ ** a name to fail. When an "Other" name constraint appears in a
+ ** permitted subtree, AND the constraint's OID matches the name's
+ ** OID, then name is treated as if it matches the constraint.
+ */
+ case certOtherName: /* type 1 */
+ matched =
+ (!excluded && name->type == current->name.type &&
+ SECITEM_ItemsAreEqual(&name->name.OthName.oid,
+ ¤t->name.name.OthName.oid))
+ ? SECSuccess
+ : SECFailure;
+ break;
- /* NSS does not know how to compare these types of names with their
- ** respective constraints. But NSS makes no use of these types of
- ** names at all, so it errs on the side of leniency for these types.
- ** Constraints for these types of names never cause the name to
- ** fail the constraints test. NSS behaves as if the name matched
- ** for permitted constraints, and did not match for excluded ones.
- */
- case certX400Address: /* type 4 */
- case certEDIPartyName: /* type 6 */
- case certRegisterID: /* type 9 */
- matched = excluded ? SECFailure : SECSuccess;
- break;
+ /* NSS does not know how to compare these types of names with their
+ ** respective constraints. But NSS makes no use of these types of
+ ** names at all, so it errs on the side of leniency for these types.
+ ** Constraints for these types of names never cause the name to
+ ** fail the constraints test. NSS behaves as if the name matched
+ ** for permitted constraints, and did not match for excluded ones.
+ */
+ case certX400Address: /* type 4 */
+ case certEDIPartyName: /* type 6 */
+ case certRegisterID: /* type 9 */
+ matched = excluded ? SECFailure : SECSuccess;
+ break;
- default: /* non-standard types are not supported */
- rv = SECFailure;
- break;
- }
- if (matched == SECSuccess || rv != SECSuccess)
- break;
- current = CERT_GetNextNameConstraint((CERTNameConstraint*)current);
+ default: /* non-standard types are not supported */
+ rv = SECFailure;
+ break;
+ }
+ if (matched == SECSuccess || rv != SECSuccess)
+ break;
+ current = CERT_GetNextNameConstraint((CERTNameConstraint *)current);
} while (current != constraints);
if (rv == SECSuccess) {
- if (matched == SECSuccess)
- rv = excluded ? SECFailure : SECSuccess;
- else
- rv = excluded ? SECSuccess : SECFailure;
- return rv;
+ if (matched == SECSuccess)
+ rv = excluded ? SECFailure : SECSuccess;
+ else
+ rv = excluded ? SECSuccess : SECFailure;
+ return rv;
}
return SECFailure;
@@ -1524,14 +1528,14 @@
rv = SECFailure;
goto done;
}
-
+
rv = cert_CopyOneGeneralName(arena, ¤t->name, name);
if (rv != SECSuccess) {
goto done;
}
-
+
current->name.l.prev = current->name.l.next = &(current->name.l);
-
+
if (first == NULL) {
*constraints = current;
PR_INIT_CLIST(¤t->l);
@@ -1569,51 +1573,55 @@
*
*/
-#define STRING_TO_SECITEM(str) \
-{ siBuffer, (unsigned char*) str, sizeof(str) - 1 }
+#define STRING_TO_SECITEM(str) \
+ { \
+ siBuffer, (unsigned char *)str, sizeof(str) - 1 \
+ }
-#define NAME_CONSTRAINTS_ENTRY(CA) \
- { \
- STRING_TO_SECITEM(CA ## _SUBJECT_DN), \
- STRING_TO_SECITEM(CA ## _NAME_CONSTRAINTS) \
+#define NAME_CONSTRAINTS_ENTRY(CA) \
+ { \
+ STRING_TO_SECITEM(CA##_SUBJECT_DN), \
+ STRING_TO_SECITEM(CA##_NAME_CONSTRAINTS) \
}
/* Agence Nationale de la Securite des Systemes d'Information (ANSSI) */
-#define ANSSI_SUBJECT_DN \
- "\x30\x81\x85" \
- "\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02" "FR" /* C */ \
- "\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x13\x06" "France" /* ST */ \
- "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" "Paris" /* L */ \
- "\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07" "PM/SGDN" /* O */ \
- "\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05" "DCSSI" /* OU */ \
- "\x31\x0E\x30\x0C\x06\x03\x55\x04\x03\x13\x05" "IGC/A" /* CN */ \
- "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" \
- "\x16\x14" "[email protected]" /* emailAddress */ \
+/* clang-format off */
-#define ANSSI_NAME_CONSTRAINTS \
- "\x30\x5D\xA0\x5B" \
- "\x30\x05\x82\x03" ".fr" \
- "\x30\x05\x82\x03" ".gp" \
- "\x30\x05\x82\x03" ".gf" \
- "\x30\x05\x82\x03" ".mq" \
- "\x30\x05\x82\x03" ".re" \
- "\x30\x05\x82\x03" ".yt" \
- "\x30\x05\x82\x03" ".pm" \
- "\x30\x05\x82\x03" ".bl" \
- "\x30\x05\x82\x03" ".mf" \
- "\x30\x05\x82\x03" ".wf" \
- "\x30\x05\x82\x03" ".pf" \
- "\x30\x05\x82\x03" ".nc" \
- "\x30\x05\x82\x03" ".tf" \
+#define ANSSI_SUBJECT_DN \
+ "\x30\x81\x85" \
+ "\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02" "FR" /* C */ \
+ "\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x13\x06" "France" /* ST */ \
+ "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" "Paris" /* L */ \
+ "\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07" "PM/SGDN" /* O */ \
+ "\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05" "DCSSI" /* OU */ \
+ "\x31\x0E\x30\x0C\x06\x03\x55\x04\x03\x13\x05" "IGC/A" /* CN */ \
+ "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" \
+ "\x16\x14" "[email protected]" /* emailAddress */ \
-static const SECItem builtInNameConstraints[][2] = {
- NAME_CONSTRAINTS_ENTRY(ANSSI)
-};
+#define ANSSI_NAME_CONSTRAINTS \
+ "\x30\x5D\xA0\x5B" \
+ "\x30\x05\x82\x03" ".fr" \
+ "\x30\x05\x82\x03" ".gp" \
+ "\x30\x05\x82\x03" ".gf" \
+ "\x30\x05\x82\x03" ".mq" \
+ "\x30\x05\x82\x03" ".re" \
+ "\x30\x05\x82\x03" ".yt" \
+ "\x30\x05\x82\x03" ".pm" \
+ "\x30\x05\x82\x03" ".bl" \
+ "\x30\x05\x82\x03" ".mf" \
+ "\x30\x05\x82\x03" ".wf" \
+ "\x30\x05\x82\x03" ".pf" \
+ "\x30\x05\x82\x03" ".nc" \
+ "\x30\x05\x82\x03" ".tf"
+
+/* clang-format on */
+
+static const SECItem builtInNameConstraints[][2] = { NAME_CONSTRAINTS_ENTRY(
+ ANSSI) };
SECStatus
-CERT_GetImposedNameConstraints(const SECItem *derSubject,
- SECItem *extensions)
+CERT_GetImposedNameConstraints(const SECItem *derSubject, SECItem *extensions)
{
size_t i;
@@ -1624,8 +1632,7 @@
for (i = 0; i < PR_ARRAY_SIZE(builtInNameConstraints); ++i) {
if (SECITEM_ItemsAreEqual(derSubject, &builtInNameConstraints[i][0])) {
- return SECITEM_CopyItem(NULL,
- extensions,
+ return SECITEM_CopyItem(NULL, extensions,
&builtInNameConstraints[i][1]);
}
}
@@ -1634,24 +1641,23 @@
return SECFailure;
}
-/*
+/*
* Extract the name constraints extension from the CA cert.
* If the certificate contains no name constraints extension, but
* CERT_GetImposedNameConstraints returns a name constraints extension
* for the subject of the certificate, then that extension will be returned.
*/
SECStatus
-CERT_FindNameConstraintsExten(PLArenaPool *arena,
- CERTCertificate *cert,
+CERT_FindNameConstraintsExten(PLArenaPool *arena, CERTCertificate *cert,
CERTNameConstraints **constraints)
{
- SECStatus rv = SECSuccess;
- SECItem constraintsExtension;
- void *mark = NULL;
-
+ SECStatus rv = SECSuccess;
+ SECItem constraintsExtension;
+ void *mark = NULL;
+
*constraints = NULL;
- rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS,
+ rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS,
&constraintsExtension);
if (rv != SECSuccess) {
if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
@@ -1660,10 +1666,10 @@
rv = CERT_GetImposedNameConstraints(&cert->derSubject,
&constraintsExtension);
if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
- return SECSuccess;
- }
- return rv;
+ if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
+ return SECSuccess;
+ }
+ return rv;
}
}
@@ -1673,7 +1679,7 @@
if (*constraints == NULL) { /* decode failed */
rv = SECFailure;
}
- PORT_Free (constraintsExtension.data);
+ PORT_Free(constraintsExtension.data);
if (rv == SECFailure) {
PORT_ArenaRelease(arena, mark);
@@ -1688,42 +1694,39 @@
** the name.
*/
SECStatus
-CERT_CheckNameSpace(PLArenaPool *arena,
- const CERTNameConstraints *constraints,
- const CERTGeneralName *currentName)
+CERT_CheckNameSpace(PLArenaPool *arena, const CERTNameConstraints *constraints,
+ const CERTGeneralName *currentName)
{
- CERTNameConstraint *matchingConstraints;
- SECStatus rv = SECSuccess;
-
+ CERTNameConstraint *matchingConstraints;
+ SECStatus rv = SECSuccess;
+
if (constraints->excluded != NULL) {
- rv = CERT_GetNameConstraintByType(constraints->excluded,
- currentName->type,
+ rv = CERT_GetNameConstraintByType(constraints->excluded,
+ currentName->type,
&matchingConstraints, arena);
if (rv == SECSuccess && matchingConstraints != NULL) {
- rv = cert_CompareNameWithConstraints(currentName,
- matchingConstraints,
- PR_TRUE);
+ rv = cert_CompareNameWithConstraints(currentName,
+ matchingConstraints, PR_TRUE);
}
if (rv != SECSuccess) {
- return(rv);
- }
- }
-
- if (constraints->permited != NULL) {
- rv = CERT_GetNameConstraintByType(constraints->permited,
- currentName->type,
- &matchingConstraints, arena);
- if (rv == SECSuccess && matchingConstraints != NULL) {
- rv = cert_CompareNameWithConstraints(currentName,
- matchingConstraints,
- PR_FALSE);
- }
- if (rv != SECSuccess) {
- return(rv);
+ return (rv);
}
}
- return(SECSuccess);
+ if (constraints->permited != NULL) {
+ rv = CERT_GetNameConstraintByType(constraints->permited,
+ currentName->type,
+ &matchingConstraints, arena);
+ if (rv == SECSuccess && matchingConstraints != NULL) {
+ rv = cert_CompareNameWithConstraints(currentName,
+ matchingConstraints, PR_FALSE);
+ }
+ if (rv != SECSuccess) {
+ return (rv);
+ }
+ }
+
+ return (SECSuccess);
}
/* Extract the name constraints extension from the CA cert.
@@ -1734,45 +1737,43 @@
** contained that name.
*/
SECStatus
-CERT_CompareNameSpace(CERTCertificate *cert,
- CERTGeneralName *namesList,
- CERTCertificate **certsList,
- PLArenaPool *reqArena,
- CERTCertificate **pBadCert)
+CERT_CompareNameSpace(CERTCertificate *cert, CERTGeneralName *namesList,
+ CERTCertificate **certsList, PLArenaPool *reqArena,
+ CERTCertificate **pBadCert)
{
- SECStatus rv = SECSuccess;
- CERTNameConstraints *constraints;
- CERTGeneralName *currentName;
- int count = 0;
- CERTCertificate *badCert = NULL;
+ SECStatus rv = SECSuccess;
+ CERTNameConstraints *constraints;
+ CERTGeneralName *currentName;
+ int count = 0;
+ CERTCertificate *badCert = NULL;
/* If no names to check, then no names can be bad. */
if (!namesList)
- goto done;
+ goto done;
rv = CERT_FindNameConstraintsExten(reqArena, cert, &constraints);
if (rv != SECSuccess) {
- count = -1;
- goto done;
+ count = -1;
+ goto done;
}
currentName = namesList;
do {
- if (constraints){
- rv = CERT_CheckNameSpace(reqArena, constraints, currentName);
- if (rv != SECSuccess) {
- break;
- }
- }
- currentName = CERT_GetNextGeneralName(currentName);
- count ++;
+ if (constraints) {
+ rv = CERT_CheckNameSpace(reqArena, constraints, currentName);
+ if (rv != SECSuccess) {
+ break;
+ }
+ }
+ currentName = CERT_GetNextGeneralName(currentName);
+ count++;
} while (currentName != namesList);
done:
if (rv != SECSuccess) {
- badCert = (count >= 0) ? certsList[count] : cert;
+ badCert = (count >= 0) ? certsList[count] : cert;
}
if (pBadCert)
- *pBadCert = badCert;
+ *pBadCert = badCert;
return rv;
}
@@ -1789,7 +1790,7 @@
currentA = a;
currentB = b;
if (a != NULL) {
- do {
+ do {
if (currentB == NULL) {
return SECFailure;
}
@@ -1815,14 +1816,14 @@
case certX400Address:
case certURI:
if (SECITEM_CompareItem(¤tA->name.other,
- ¤tB->name.other)
+ ¤tB->name.other)
== SECEqual) {
found = PR_TRUE;
}
break;
case certOtherName:
if (SECITEM_CompareItem(¤tA->name.OthName.oid,
- ¤tB->name.OthName.oid)
+ ¤tB->name.OthName.oid)
== SECEqual &&
SECITEM_CompareItem(¤tA->name.OthName.name,
¤tB->name.OthName.name)
@@ -1837,7 +1838,7 @@
found = PR_TRUE;
}
}
-
+
}
currentB = CERT_GetNextGeneralName(currentB);
} while (currentB != b && found != PR_TRUE);
@@ -1880,7 +1881,7 @@
CERTGeneralNameType type,
PLArenaPool *arena)
{
- CERTName *name = NULL;
+ CERTName *name = NULL;
SECItem *item = NULL;
OtherName *other = NULL;
OtherName *tmpOther = NULL;
@@ -1902,7 +1903,7 @@
if (item != NULL) {
XXX SECITEM_CopyItem(arena, item, (SECItem *) data);
}
- } else {
+ } else {
item = SECITEM_DupItem((SECItem *) data);
}
PZ_Unlock(list->lock);
@@ -1943,7 +1944,7 @@
** that can fail.
*/
void
-CERT_AddGeneralNameToList(CERTGeneralNameList *list,
+CERT_AddGeneralNameToList(CERTGeneralNameList *list,
CERTGeneralNameType type,
void *data, SECItem *oid)
{
diff --git a/nss/lib/certdb/genname.h b/nss/lib/certdb/genname.h
index 091c82c..5824157 100644
--- a/nss/lib/certdb/genname.h
+++ b/nss/lib/certdb/genname.h
@@ -17,89 +17,76 @@
extern const SEC_ASN1Template CERT_GeneralNamesTemplate[];
-extern SECItem **
-cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names);
+extern SECItem **cert_EncodeGeneralNames(PLArenaPool *arena,
+ CERTGeneralName *names);
-extern CERTGeneralName *
-cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName);
+extern CERTGeneralName *cert_DecodeGeneralNames(PLArenaPool *arena,
+ SECItem **encodedGenName);
-extern SECStatus
-cert_DestroyGeneralNames(CERTGeneralName *name);
+extern SECStatus cert_DestroyGeneralNames(CERTGeneralName *name);
-extern SECStatus
-cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena,
- SECItem *dest);
+extern SECStatus cert_EncodeNameConstraints(CERTNameConstraints *constraints,
+ PLArenaPool *arena, SECItem *dest);
-extern CERTNameConstraints *
-cert_DecodeNameConstraints(PLArenaPool *arena, const SECItem *encodedConstraints);
+extern CERTNameConstraints *cert_DecodeNameConstraints(
+ PLArenaPool *arena, const SECItem *encodedConstraints);
-extern CERTGeneralName *
-cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2);
+extern CERTGeneralName *cert_CombineNamesLists(CERTGeneralName *list1,
+ CERTGeneralName *list2);
-extern CERTNameConstraint *
-cert_CombineConstraintsLists(CERTNameConstraint *list1, CERTNameConstraint *list2);
+extern CERTNameConstraint *cert_CombineConstraintsLists(
+ CERTNameConstraint *list1, CERTNameConstraint *list2);
/*********************************************************************/
/* A thread safe implementation of General Names */
/*********************************************************************/
/* Destroy a Single CERTGeneralName */
-void
-CERT_DestroyGeneralName(CERTGeneralName *name);
+void CERT_DestroyGeneralName(CERTGeneralName *name);
-SECStatus
-CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b);
+SECStatus CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b);
-SECStatus
-CERT_CopyGeneralName(PLArenaPool *arena,
- CERTGeneralName *dest,
- CERTGeneralName *src);
+SECStatus CERT_CopyGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
+ CERTGeneralName *src);
-/* General Name Lists are a thread safe, reference counting layer to
+/* General Name Lists are a thread safe, reference counting layer to
* general names */
/* Destroys a CERTGeneralNameList */
-void
-CERT_DestroyGeneralNameList(CERTGeneralNameList *list);
+void CERT_DestroyGeneralNameList(CERTGeneralNameList *list);
/* Creates a CERTGeneralNameList */
-CERTGeneralNameList *
-CERT_CreateGeneralNameList(CERTGeneralName *name);
+CERTGeneralNameList *CERT_CreateGeneralNameList(CERTGeneralName *name);
/* Compares two CERTGeneralNameList */
-SECStatus
-CERT_CompareGeneralNameLists(CERTGeneralNameList *a, CERTGeneralNameList *b);
+SECStatus CERT_CompareGeneralNameLists(CERTGeneralNameList *a,
+ CERTGeneralNameList *b);
/* returns a copy of the first name of the type requested */
-void *
-CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
- CERTGeneralNameType type,
- PLArenaPool *arena);
+void *CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
+ CERTGeneralNameType type,
+ PLArenaPool *arena);
/* Adds a name to the tail of the list */
-void
-CERT_AddGeneralNameToList(CERTGeneralNameList *list,
- CERTGeneralNameType type,
- void *data, SECItem *oid);
+void CERT_AddGeneralNameToList(CERTGeneralNameList *list,
+ CERTGeneralNameType type, void *data,
+ SECItem *oid);
/* returns a duplicate of the CERTGeneralNameList */
-CERTGeneralNameList *
-CERT_DupGeneralNameList(CERTGeneralNameList *list);
+CERTGeneralNameList *CERT_DupGeneralNameList(CERTGeneralNameList *list);
/* returns the number of CERTGeneralName objects in the doubly linked
** list of which *names is a member.
*/
-extern int
-CERT_GetNamesLength(CERTGeneralName *names);
+extern int CERT_GetNamesLength(CERTGeneralName *names);
/************************************************************************/
-SECStatus
-CERT_CompareNameSpace(CERTCertificate *cert,
- CERTGeneralName *namesList,
- CERTCertificate **certsList,
- PLArenaPool *reqArena,
- CERTCertificate **pBadCert);
+SECStatus CERT_CompareNameSpace(CERTCertificate *cert,
+ CERTGeneralName *namesList,
+ CERTCertificate **certsList,
+ PLArenaPool *reqArena,
+ CERTCertificate **pBadCert);
SEC_END_PROTOS
diff --git a/nss/lib/certdb/polcyxtn.c b/nss/lib/certdb/polcyxtn.c
index cef4783..aae34e2 100644
--- a/nss/lib/certdb/polcyxtn.c
+++ b/nss/lib/certdb/polcyxtn.c
@@ -20,95 +20,81 @@
const SEC_ASN1Template CERT_DisplayTextTypeTemplate[] = {
{ SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) },
- { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString},
- { SEC_ASN1_VISIBLE_STRING , 0, 0, siVisibleString},
- { SEC_ASN1_BMP_STRING , 0, 0, siBMPString },
- { SEC_ASN1_UTF8_STRING , 0, 0, siUTF8String },
+ { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString },
+ { SEC_ASN1_VISIBLE_STRING, 0, 0, siVisibleString },
+ { SEC_ASN1_BMP_STRING, 0, 0, siBMPString },
+ { SEC_ASN1_UTF8_STRING, 0, 0, siUTF8String },
{ 0 }
};
const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTNoticeReference) },
- { SEC_ASN1_INLINE,
- offsetof(CERTNoticeReference, organization),
- CERT_DisplayTextTypeTemplate, 0 },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNoticeReference) },
+ { SEC_ASN1_INLINE, offsetof(CERTNoticeReference, organization),
+ CERT_DisplayTextTypeTemplate, 0 },
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
- offsetof(CERTNoticeReference, noticeNumbers),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ offsetof(CERTNoticeReference, noticeNumbers),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
{ 0 }
};
const SEC_ASN1Template CERT_UserNoticeTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTUserNotice) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTUserNotice) },
{ SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
- offsetof(CERTUserNotice, noticeReference),
- CERT_NoticeReferenceTemplate, 0 },
+ offsetof(CERTUserNotice, noticeReference), CERT_NoticeReferenceTemplate,
+ 0 },
{ SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
- offsetof(CERTUserNotice, displayText),
- CERT_DisplayTextTypeTemplate, 0 },
+ offsetof(CERTUserNotice, displayText), CERT_DisplayTextTypeTemplate, 0 },
{ 0 }
};
const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPolicyQualifier) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyQualifier, qualifierID) },
- { SEC_ASN1_ANY,
- offsetof(CERTPolicyQualifier, qualifierValue) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyQualifier) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyQualifier, qualifierID) },
+ { SEC_ASN1_ANY, offsetof(CERTPolicyQualifier, qualifierValue) },
{ 0 }
};
const SEC_ASN1Template CERT_PolicyInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPolicyInfo) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyInfo, policyID) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyInfo) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyInfo, policyID) },
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL,
- offsetof(CERTPolicyInfo, policyQualifiers),
- CERT_PolicyQualifierTemplate },
+ offsetof(CERTPolicyInfo, policyQualifiers),
+ CERT_PolicyQualifierTemplate },
{ 0 }
};
const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCertificatePolicies, policyInfos),
- CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
+ { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicies, policyInfos),
+ CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
};
const SEC_ASN1Template CERT_PolicyMapTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPolicyMap) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyMap, issuerDomainPolicy) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyMap, subjectDomainPolicy) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyMap) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, issuerDomainPolicy) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, subjectDomainPolicy) },
{ 0 }
};
const SEC_ASN1Template CERT_PolicyMappingsTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCertificatePolicyMappings, policyMaps),
- CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) }
+ { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicyMappings, policyMaps),
+ CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) }
};
const SEC_ASN1Template CERT_PolicyConstraintsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificatePolicyConstraints) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
- offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
{ 0 }
};
const SEC_ASN1Template CERT_InhibitAnyTemplate[] = {
{ SEC_ASN1_INTEGER,
- offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts),
- NULL, sizeof(CERTCertificateInhibitAny) }
+ offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts), NULL,
+ sizeof(CERTCertificateInhibitAny) }
};
static void
@@ -118,30 +104,30 @@
char *lastspace = NULL;
int curlen = 0;
int c;
-
+
tmpstr = string;
- while ( ( c = *tmpstr ) != '\0' ) {
- switch ( c ) {
- case ' ':
- lastspace = tmpstr;
- break;
- case '\n':
- lastspace = NULL;
- curlen = 0;
- break;
- }
-
- if ( ( curlen >= 55 ) && ( lastspace != NULL ) ) {
- *lastspace = '\n';
- curlen = ( tmpstr - lastspace );
- lastspace = NULL;
- }
-
- curlen++;
- tmpstr++;
+ while ((c = *tmpstr) != '\0') {
+ switch (c) {
+ case ' ':
+ lastspace = tmpstr;
+ break;
+ case '\n':
+ lastspace = NULL;
+ curlen = 0;
+ break;
+ }
+
+ if ((curlen >= 55) && (lastspace != NULL)) {
+ *lastspace = '\n';
+ curlen = (tmpstr - lastspace);
+ lastspace = NULL;
+ }
+
+ curlen++;
+ tmpstr++;
}
-
+
return;
}
@@ -154,69 +140,69 @@
CERTPolicyInfo **policyInfos, *policyInfo;
CERTPolicyQualifier **policyQualifiers, *policyQualifier;
SECItem newExtnValue;
-
+
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- goto loser;
+
+ if (!arena) {
+ goto loser;
}
/* allocate the certificate policies structure */
- policies = (CERTCertificatePolicies *)
- PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicies));
-
- if ( policies == NULL ) {
- goto loser;
+ policies = (CERTCertificatePolicies *)PORT_ArenaZAlloc(
+ arena, sizeof(CERTCertificatePolicies));
+
+ if (policies == NULL) {
+ goto loser;
}
-
+
policies->arena = arena;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* decode the policy info */
- rv = SEC_QuickDERDecodeItem(arena, policies, CERT_CertificatePoliciesTemplate,
- &newExtnValue);
+ rv = SEC_QuickDERDecodeItem(
+ arena, policies, CERT_CertificatePoliciesTemplate, &newExtnValue);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* initialize the oid tags */
policyInfos = policies->policyInfos;
- while (*policyInfos != NULL ) {
- policyInfo = *policyInfos;
- policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
- policyQualifiers = policyInfo->policyQualifiers;
- while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
- policyQualifier = *policyQualifiers;
- policyQualifier->oid =
- SECOID_FindOIDTag(&policyQualifier->qualifierID);
- policyQualifiers++;
- }
- policyInfos++;
+ while (*policyInfos != NULL) {
+ policyInfo = *policyInfos;
+ policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
+ policyQualifiers = policyInfo->policyQualifiers;
+ while (policyQualifiers != NULL && *policyQualifiers != NULL) {
+ policyQualifier = *policyQualifiers;
+ policyQualifier->oid =
+ SECOID_FindOIDTag(&policyQualifier->qualifierID);
+ policyQualifiers++;
+ }
+ policyInfos++;
}
- return(policies);
-
+ return (policies);
+
loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (arena != NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
}
-
- return(NULL);
+
+ return (NULL);
}
void
CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies)
{
- if ( policies != NULL ) {
- PORT_FreeArena(policies->arena, PR_FALSE);
+ if (policies != NULL) {
+ PORT_FreeArena(policies->arena, PR_FALSE);
}
return;
}
@@ -228,17 +214,17 @@
SECStatus rv;
CERTCertificatePolicyMappings *mappings;
SECItem newExtnValue;
-
+
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
+ if (!arena) {
goto loser;
}
/* allocate the policy mappings structure */
- mappings = (CERTCertificatePolicyMappings *)
- PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicyMappings));
- if ( mappings == NULL ) {
+ mappings = (CERTCertificatePolicyMappings *)PORT_ArenaZAlloc(
+ arena, sizeof(CERTCertificatePolicyMappings));
+ if (mappings == NULL) {
goto loser;
}
mappings->arena = arena;
@@ -246,40 +232,39 @@
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
- if ( rv != SECSuccess ) {
+ if (rv != SECSuccess) {
goto loser;
}
/* decode the policy mappings */
- rv = SEC_QuickDERDecodeItem
- (arena, mappings, CERT_PolicyMappingsTemplate, &newExtnValue);
- if ( rv != SECSuccess ) {
+ rv = SEC_QuickDERDecodeItem(arena, mappings, CERT_PolicyMappingsTemplate,
+ &newExtnValue);
+ if (rv != SECSuccess) {
goto loser;
}
- return(mappings);
-
+ return (mappings);
+
loser:
- if ( arena != NULL ) {
+ if (arena != NULL) {
PORT_FreeArena(arena, PR_FALSE);
}
-
- return(NULL);
+
+ return (NULL);
}
SECStatus
CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings)
{
- if ( mappings != NULL ) {
+ if (mappings != NULL) {
PORT_FreeArena(mappings->arena, PR_FALSE);
}
return SECSuccess;
}
SECStatus
-CERT_DecodePolicyConstraintsExtension
- (CERTCertificatePolicyConstraints *decodedValue,
- const SECItem *encodedValue)
+CERT_DecodePolicyConstraintsExtension(
+ CERTCertificatePolicyConstraints *decodedValue, const SECItem *encodedValue)
{
CERTCertificatePolicyConstraints decodeContext;
PLArenaPool *arena = NULL;
@@ -296,10 +281,11 @@
do {
/* decode the policy constraints */
- rv = SEC_QuickDERDecodeItem(arena,
- &decodeContext, CERT_PolicyConstraintsTemplate, encodedValue);
+ rv = SEC_QuickDERDecodeItem(arena, &decodeContext,
+ CERT_PolicyConstraintsTemplate,
+ encodedValue);
- if ( rv != SECSuccess ) {
+ if (rv != SECSuccess) {
break;
}
@@ -307,35 +293,36 @@
*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1;
} else {
*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data =
- DER_GetInteger(&decodeContext.explicitPolicySkipCerts);
+ DER_GetInteger(&decodeContext.explicitPolicySkipCerts);
}
if (decodeContext.inhibitMappingSkipCerts.len == 0) {
*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1;
} else {
*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data =
- DER_GetInteger(&decodeContext.inhibitMappingSkipCerts);
+ DER_GetInteger(&decodeContext.inhibitMappingSkipCerts);
}
if ((*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data ==
- PR_INT32_MIN) ||
+ PR_INT32_MIN) ||
(*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data ==
- PR_INT32_MAX) ||
+ PR_INT32_MAX) ||
(*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data ==
- PR_INT32_MIN) ||
+ PR_INT32_MIN) ||
(*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data ==
- PR_INT32_MAX)) {
+ PR_INT32_MAX)) {
rv = SECFailure;
}
-
+
} while (0);
PORT_FreeArena(arena, PR_FALSE);
- return(rv);
+ return (rv);
}
-SECStatus CERT_DecodeInhibitAnyExtension
- (CERTCertificateInhibitAny *decodedValue, SECItem *encodedValue)
+SECStatus
+CERT_DecodeInhibitAnyExtension(CERTCertificateInhibitAny *decodedValue,
+ SECItem *encodedValue)
{
CERTCertificateInhibitAny decodeContext;
PLArenaPool *arena = NULL;
@@ -343,7 +330,7 @@
/* make a new arena */
arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
- if ( !arena ) {
+ if (!arena) {
return SECFailure;
}
@@ -351,20 +338,20 @@
/* decode the policy mappings */
decodeContext.inhibitAnySkipCerts.type = siUnsignedInteger;
- rv = SEC_QuickDERDecodeItem(arena,
- &decodeContext, CERT_InhibitAnyTemplate, encodedValue);
+ rv = SEC_QuickDERDecodeItem(arena, &decodeContext,
+ CERT_InhibitAnyTemplate, encodedValue);
- if ( rv != SECSuccess ) {
+ if (rv != SECSuccess) {
break;
}
*(PRInt32 *)decodedValue->inhibitAnySkipCerts.data =
- DER_GetInteger(&decodeContext.inhibitAnySkipCerts);
+ DER_GetInteger(&decodeContext.inhibitAnySkipCerts);
} while (0);
PORT_FreeArena(arena, PR_FALSE);
- return(rv);
+ return (rv);
}
CERTUserNotice *
@@ -374,37 +361,37 @@
SECStatus rv;
CERTUserNotice *userNotice;
SECItem newNoticeItem;
-
+
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- goto loser;
+
+ if (!arena) {
+ goto loser;
}
/* allocate the userNotice structure */
- userNotice = (CERTUserNotice *)PORT_ArenaZAlloc(arena,
- sizeof(CERTUserNotice));
-
- if ( userNotice == NULL ) {
- goto loser;
+ userNotice =
+ (CERTUserNotice *)PORT_ArenaZAlloc(arena, sizeof(CERTUserNotice));
+
+ if (userNotice == NULL) {
+ goto loser;
}
-
+
userNotice->arena = arena;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* decode the user notice */
- rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate,
- &newNoticeItem);
+ rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate,
+ &newNoticeItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
if (userNotice->derNoticeReference.data != NULL) {
@@ -414,24 +401,24 @@
&userNotice->derNoticeReference);
if (rv == SECFailure) {
goto loser;
- }
+ }
}
- return(userNotice);
-
+ return (userNotice);
+
loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (arena != NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
}
-
- return(NULL);
+
+ return (NULL);
}
void
CERT_DestroyUserNotice(CERTUserNotice *userNotice)
{
- if ( userNotice != NULL ) {
- PORT_FreeArena(userNotice->arena, PR_FALSE);
+ if (userNotice != NULL) {
+ PORT_FreeArena(userNotice->arena, PR_FALSE);
}
return;
}
@@ -459,74 +446,73 @@
SECItem *displayText;
SECItem **noticeNumbers;
unsigned int strnum;
-
+
/* decode the user notice */
userNotice = CERT_DecodeUserNotice(noticeItem);
- if ( userNotice == NULL ) {
- return(NULL);
+ if (userNotice == NULL) {
+ return (NULL);
}
-
+
org = &userNotice->noticeReference.organization;
- if ( (org->len != 0 ) && ( policyStringCB != NULL ) ) {
- /* has a noticeReference */
+ if ((org->len != 0) && (policyStringCB != NULL)) {
+ /* has a noticeReference */
- /* extract the org string */
- len = org->len;
- stringbuf = (char*)PORT_Alloc(len + 1);
- if ( stringbuf != NULL ) {
- PORT_Memcpy(stringbuf, org->data, len);
- stringbuf[len] = '\0';
+ /* extract the org string */
+ len = org->len;
+ stringbuf = (char *)PORT_Alloc(len + 1);
+ if (stringbuf != NULL) {
+ PORT_Memcpy(stringbuf, org->data, len);
+ stringbuf[len] = '\0';
- noticeNumbers = userNotice->noticeReference.noticeNumbers;
- while ( *noticeNumbers != NULL ) {
- /* XXX - only one byte integers right now*/
- strnum = (*noticeNumbers)->data[0];
- policystr = (* policyStringCB)(stringbuf,
- strnum,
- policyStringCBArg);
- if ( policystr != NULL ) {
- if ( retstr != NULL ) {
- retstr = PR_sprintf_append(retstr, "\n%s", policystr);
- } else {
- retstr = PR_sprintf_append(retstr, "%s", policystr);
- }
+ noticeNumbers = userNotice->noticeReference.noticeNumbers;
+ while (*noticeNumbers != NULL) {
+ /* XXX - only one byte integers right now*/
+ strnum = (*noticeNumbers)->data[0];
+ policystr =
+ (*policyStringCB)(stringbuf, strnum, policyStringCBArg);
+ if (policystr != NULL) {
+ if (retstr != NULL) {
+ retstr = PR_sprintf_append(retstr, "\n%s", policystr);
+ } else {
+ retstr = PR_sprintf_append(retstr, "%s", policystr);
+ }
- PORT_Free(policystr);
- }
-
- noticeNumbers++;
- }
+ PORT_Free(policystr);
+ }
- PORT_Free(stringbuf);
- }
+ noticeNumbers++;
+ }
+
+ PORT_Free(stringbuf);
+ }
}
- if ( retstr == NULL ) {
- if ( userNotice->displayText.len != 0 ) {
- displayText = &userNotice->displayText;
+ if (retstr == NULL) {
+ if (userNotice->displayText.len != 0) {
+ displayText = &userNotice->displayText;
- if ( displayText->len > 2 ) {
- if ( displayText->data[0] == SEC_ASN1_VISIBLE_STRING ) {
- headerlen = 2;
- if ( displayText->data[1] & 0x80 ) {
- /* multibyte length */
- headerlen += ( displayText->data[1] & 0x7f );
- }
+ if (displayText->len > 2) {
+ if (displayText->data[0] == SEC_ASN1_VISIBLE_STRING) {
+ headerlen = 2;
+ if (displayText->data[1] & 0x80) {
+ /* multibyte length */
+ headerlen += (displayText->data[1] & 0x7f);
+ }
- len = displayText->len - headerlen;
- retstr = (char*)PORT_Alloc(len + 1);
- if ( retstr != NULL ) {
- PORT_Memcpy(retstr, &displayText->data[headerlen],len);
- retstr[len] = '\0';
- }
- }
- }
- }
+ len = displayText->len - headerlen;
+ retstr = (char *)PORT_Alloc(len + 1);
+ if (retstr != NULL) {
+ PORT_Memcpy(retstr, &displayText->data[headerlen], len);
+ retstr[len] = '\0';
+ }
+ }
+ }
+ }
}
-
+
CERT_DestroyUserNotice(userNotice);
-
- return(retstr);
+
+ return (retstr);
}
char *
@@ -540,65 +526,63 @@
CERTPolicyQualifier **policyQualifiers, *qualifier;
policyItem.data = NULL;
-
+
rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES,
- &policyItem);
- if ( rv != SECSuccess ) {
- goto nopolicy;
+ &policyItem);
+ if (rv != SECSuccess) {
+ goto nopolicy;
}
policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
- if ( policies == NULL ) {
- goto nopolicy;
+ if (policies == NULL) {
+ goto nopolicy;
}
policyInfos = policies->policyInfos;
/* search through policyInfos looking for the verisign policy */
- while (*policyInfos != NULL ) {
- if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) {
- policyQualifiers = (*policyInfos)->policyQualifiers;
- /* search through the policy qualifiers looking for user notice */
- while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
- qualifier = *policyQualifiers;
- if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) {
- retstring =
- stringFromUserNotice(&qualifier->qualifierValue);
- break;
- }
+ while (*policyInfos != NULL) {
+ if ((*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES) {
+ policyQualifiers = (*policyInfos)->policyQualifiers;
+ /* search through the policy qualifiers looking for user notice */
+ while (policyQualifiers != NULL && *policyQualifiers != NULL) {
+ qualifier = *policyQualifiers;
+ if (qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER) {
+ retstring =
+ stringFromUserNotice(&qualifier->qualifierValue);
+ break;
+ }
- policyQualifiers++;
- }
- break;
- }
- policyInfos++;
+ policyQualifiers++;
+ }
+ break;
+ }
+ policyInfos++;
}
nopolicy:
- if ( policyItem.data != NULL ) {
- PORT_Free(policyItem.data);
+ if (policyItem.data != NULL) {
+ PORT_Free(policyItem.data);
}
- if ( policies != NULL ) {
- CERT_DestroyCertificatePoliciesExtension(policies);
+ if (policies != NULL) {
+ CERT_DestroyCertificatePoliciesExtension(policies);
}
-
- if ( retstring == NULL ) {
- retstring = CERT_FindNSStringExtension(cert,
- SEC_OID_NS_CERT_EXT_COMMENT);
+
+ if (retstring == NULL) {
+ retstring =
+ CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_COMMENT);
}
-
- if ( retstring != NULL ) {
- breakLines(retstring);
+
+ if (retstring != NULL) {
+ breakLines(retstring);
}
-
- return(retstring);
+
+ return (retstring);
}
-
const SEC_ASN1Template CERT_OidSeqTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
- offsetof(CERTOidSequence, oids),
- SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
+ { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids),
+ SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
};
CERTOidSequence *
@@ -608,53 +592,53 @@
SECStatus rv;
CERTOidSequence *oidSeq;
SECItem newSeqItem;
-
+
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- goto loser;
+
+ if (!arena) {
+ goto loser;
}
/* allocate the userNotice structure */
- oidSeq = (CERTOidSequence *)PORT_ArenaZAlloc(arena,
- sizeof(CERTOidSequence));
-
- if ( oidSeq == NULL ) {
- goto loser;
+ oidSeq =
+ (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
+
+ if (oidSeq == NULL) {
+ goto loser;
}
-
+
oidSeq->arena = arena;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* decode the user notice */
- rv = SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem);
+ rv =
+ SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
- return(oidSeq);
-
+ return (oidSeq);
+
loser:
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
- return(NULL);
+ return (NULL);
}
-
void
CERT_DestroyOidSequence(CERTOidSequence *oidSeq)
{
- if ( oidSeq != NULL ) {
- PORT_FreeArena(oidSeq->arena, PR_FALSE);
+ if (oidSeq != NULL) {
+ PORT_FreeArena(oidSeq->arena, PR_FALSE);
}
return;
}
@@ -669,29 +653,29 @@
SECItem **oids;
SECItem *oid;
SECOidTag oidTag;
-
+
extItem.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
oidSeq = CERT_DecodeOidSequence(&extItem);
- if ( oidSeq == NULL ) {
- goto loser;
+ if (oidSeq == NULL) {
+ goto loser;
}
oids = oidSeq->oids;
- while ( oids != NULL && *oids != NULL ) {
- oid = *oids;
-
- oidTag = SECOID_FindOIDTag(oid);
-
- if ( oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED ) {
- goto success;
- }
-
- oids++;
+ while (oids != NULL && *oids != NULL) {
+ oid = *oids;
+
+ oidTag = SECOID_FindOIDTag(oid);
+
+ if (oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) {
+ goto success;
+ }
+
+ oids++;
}
loser:
@@ -700,16 +684,15 @@
success:
ret = PR_TRUE;
done:
- if ( oidSeq != NULL ) {
- CERT_DestroyOidSequence(oidSeq);
+ if (oidSeq != NULL) {
+ CERT_DestroyOidSequence(oidSeq);
}
if (extItem.data != NULL) {
- PORT_Free(extItem.data);
+ PORT_Free(extItem.data);
}
- return(ret);
+ return (ret);
}
-
SECStatus
CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena,
CERTCertificatePolicyConstraints *constr,
@@ -719,14 +702,14 @@
PORT_Assert(constr != NULL && dest != NULL);
if (constr == NULL || dest == NULL) {
- return SECFailure;
+ return SECFailure;
}
- if (SEC_ASN1EncodeItem (arena, dest, constr,
- CERT_PolicyConstraintsTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, dest, constr,
+ CERT_PolicyConstraintsTemplate) == NULL) {
+ rv = SECFailure;
}
- return(rv);
+ return (rv);
}
SECStatus
@@ -738,75 +721,69 @@
PORT_Assert(mapping != NULL && dest != NULL);
if (mapping == NULL || dest == NULL) {
- return SECFailure;
+ return SECFailure;
}
- if (SEC_ASN1EncodeItem (arena, dest, mapping,
- CERT_PolicyMappingsTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, dest, mapping, CERT_PolicyMappingsTemplate) ==
+ NULL) {
+ rv = SECFailure;
}
- return(rv);
+ return (rv);
}
-
-
SECStatus
-CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
- CERTPolicyInfo **info,
+CERT_EncodeCertPoliciesExtension(PLArenaPool *arena, CERTPolicyInfo **info,
SECItem *dest)
{
SECStatus rv = SECSuccess;
PORT_Assert(info != NULL && dest != NULL);
if (info == NULL || dest == NULL) {
- return SECFailure;
+ return SECFailure;
}
- if (SEC_ASN1EncodeItem (arena, dest, info,
- CERT_CertificatePoliciesTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, dest, info,
+ CERT_CertificatePoliciesTemplate) == NULL) {
+ rv = SECFailure;
}
- return(rv);
+ return (rv);
}
SECStatus
-CERT_EncodeUserNotice(PLArenaPool *arena,
- CERTUserNotice *notice,
- SECItem *dest)
+CERT_EncodeUserNotice(PLArenaPool *arena, CERTUserNotice *notice, SECItem *dest)
{
SECStatus rv = SECSuccess;
PORT_Assert(notice != NULL && dest != NULL);
if (notice == NULL || dest == NULL) {
- return SECFailure;
+ return SECFailure;
}
- if (SEC_ASN1EncodeItem(arena, dest,
- notice, CERT_UserNoticeTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, dest, notice, CERT_UserNoticeTemplate) ==
+ NULL) {
+ rv = SECFailure;
}
- return(rv);
+ return (rv);
}
SECStatus
-CERT_EncodeNoticeReference(PLArenaPool *arena,
- CERTNoticeReference *reference,
+CERT_EncodeNoticeReference(PLArenaPool *arena, CERTNoticeReference *reference,
SECItem *dest)
{
SECStatus rv = SECSuccess;
-
+
PORT_Assert(reference != NULL && dest != NULL);
if (reference == NULL || dest == NULL) {
- return SECFailure;
+ return SECFailure;
}
- if (SEC_ASN1EncodeItem (arena, dest, reference,
- CERT_NoticeReferenceTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, dest, reference,
+ CERT_NoticeReferenceTemplate) == NULL) {
+ rv = SECFailure;
}
- return(rv);
+ return (rv);
}
SECStatus
@@ -818,12 +795,12 @@
PORT_Assert(certInhibitAny != NULL && dest != NULL);
if (certInhibitAny == NULL || dest == NULL) {
- return SECFailure;
+ return SECFailure;
}
- if (SEC_ASN1EncodeItem (arena, dest, certInhibitAny,
- CERT_InhibitAnyTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, dest, certInhibitAny,
+ CERT_InhibitAnyTemplate) == NULL) {
+ rv = SECFailure;
}
- return(rv);
+ return (rv);
}
diff --git a/nss/lib/certdb/secname.c b/nss/lib/certdb/secname.c
index 88a0cf7..1fcae97 100644
--- a/nss/lib/certdb/secname.c
+++ b/nss/lib/certdb/secname.c
@@ -4,7 +4,7 @@
#include "cert.h"
#include "secoid.h"
-#include "secder.h" /* XXX remove this when remove the DERTemplates */
+#include "secder.h" /* XXX remove this when remove the DERTemplates */
#include "secasn1.h"
#include "secitem.h"
#include <stdarg.h>
@@ -12,29 +12,25 @@
#include "certi.h"
static const SEC_ASN1Template cert_AVATemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTAVA) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTAVA,type), },
- { SEC_ASN1_ANY,
- offsetof(CERTAVA,value), },
- { 0, }
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAVA) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CERTAVA, type) },
+ { SEC_ASN1_ANY, offsetof(CERTAVA, value) },
+ { 0 }
};
const SEC_ASN1Template CERT_RDNTemplate[] = {
- { SEC_ASN1_SET_OF,
- offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
+ { SEC_ASN1_SET_OF, offsetof(CERTRDN, avas), cert_AVATemplate,
+ sizeof(CERTRDN) }
};
-
static int
CountArray(void **array)
{
int count = 0;
if (array) {
- while (*array++) {
- count++;
- }
+ while (*array++) {
+ count++;
+ }
}
return count;
}
@@ -49,36 +45,36 @@
count = 0;
ap = array;
if (ap) {
- while (*ap++) {
- count++;
- }
+ while (*ap++) {
+ count++;
+ }
}
if (array) {
- array = (void**) PORT_ArenaGrow(arena, array,
- (count + 1) * sizeof(void *),
- (count + 2) * sizeof(void *));
+ array =
+ (void **)PORT_ArenaGrow(arena, array, (count + 1) * sizeof(void *),
+ (count + 2) * sizeof(void *));
} else {
- array = (void**) PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
+ array = (void **)PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
}
if (array) {
- array[count] = element;
- array[count+1] = 0;
+ array[count] = element;
+ array[count + 1] = 0;
}
return array;
}
-
SECOidTag
CERT_GetAVATag(CERTAVA *ava)
{
SECOidData *oid;
- if (!ava->type.data) return (SECOidTag)-1;
+ if (!ava->type.data)
+ return (SECOidTag)-1;
oid = SECOID_FindOID(&ava->type);
-
- if ( oid ) {
- return(oid->offset);
+
+ if (oid) {
+ return (oid->offset);
}
return (SECOidTag)-1;
}
@@ -89,25 +85,25 @@
unsigned char *oid;
unsigned oidLen;
unsigned char *cp;
- int maxLen;
+ int maxLen;
SECOidData *oidrec;
oidrec = SECOID_FindOIDByTag(type);
if (oidrec == NULL)
- return SECFailure;
+ return SECFailure;
oid = oidrec->oid.data;
oidLen = oidrec->oid.len;
maxLen = cert_AVAOidTagToMaxLen(type);
if (maxLen < 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
- it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, oidLen);
+ it->data = cp = (unsigned char *)PORT_ArenaAlloc(arena, oidLen);
if (cp == NULL) {
- return SECFailure;
+ return SECFailure;
}
it->len = oidLen;
PORT_Memcpy(cp, oid, oidLen);
@@ -123,65 +119,66 @@
unsigned valueLen, valueLenLen, total;
unsigned ucs4Len = 0, ucs4MaxLen;
- value = in->data;
+ value = in->data;
valueLen = in->len;
switch (valueType) {
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_T61_STRING:
- case SEC_ASN1_UTF8_STRING: /* no conversion required */
- break;
- case SEC_ASN1_UNIVERSAL_STRING:
- ucs4MaxLen = valueLen * 6;
- ucs4Val = (PRUint8 *)PORT_ArenaZAlloc(arena, ucs4MaxLen);
- if(!ucs4Val || !PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen,
- ucs4Val, ucs4MaxLen, &ucs4Len)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- value = ucs4Val;
- valueLen = ucs4Len;
- maxLen *= 4;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ case SEC_ASN1_PRINTABLE_STRING:
+ case SEC_ASN1_IA5_STRING:
+ case SEC_ASN1_T61_STRING:
+ case SEC_ASN1_UTF8_STRING: /* no conversion required */
+ break;
+ case SEC_ASN1_UNIVERSAL_STRING:
+ ucs4MaxLen = valueLen * 6;
+ ucs4Val = (PRUint8 *)PORT_ArenaZAlloc(arena, ucs4MaxLen);
+ if (!ucs4Val ||
+ !PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen, ucs4Val,
+ ucs4MaxLen, &ucs4Len)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ value = ucs4Val;
+ valueLen = ucs4Len;
+ maxLen *= 4;
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (valueLen > maxLen) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
valueLenLen = DER_LengthLength(valueLen);
total = 1 + valueLenLen + valueLen;
- cp = (PRUint8*)PORT_ArenaAlloc(arena, total);
+ cp = (PRUint8 *)PORT_ArenaAlloc(arena, total);
if (!cp) {
- return SECFailure;
+ return SECFailure;
}
out->data = cp;
- out->len = total;
+ out->len = total;
cp = (PRUint8 *)DER_StoreHeader(cp, valueType, valueLen);
PORT_Memcpy(cp, value, valueLen);
return SECSuccess;
}
CERTAVA *
-CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem * OID,
- const SECItem * value)
+CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem *OID,
+ const SECItem *value)
{
CERTAVA *ava;
int rv;
ava = PORT_ArenaZNew(pool, CERTAVA);
if (ava) {
- rv = SECITEM_CopyItem(pool, &ava->type, OID);
- if (rv)
- return NULL;
+ rv = SECITEM_CopyItem(pool, &ava->type, OID);
+ if (rv)
+ return NULL;
- rv = SECITEM_CopyItem(pool, &ava->value, value);
- if (rv)
- return NULL;
+ rv = SECITEM_CopyItem(pool, &ava->value, value);
+ if (rv)
+ return NULL;
}
return ava;
}
@@ -194,18 +191,18 @@
int rv;
unsigned maxLen;
- ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
+ ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
if (ava) {
- rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
- if (rv) {
- /* Illegal AVA type */
- return NULL;
- }
- rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
- if (rv) {
- /* Illegal value type */
- return NULL;
- }
+ rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
+ if (rv) {
+ /* Illegal AVA type */
+ return NULL;
+ }
+ rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
+ if (rv) {
+ /* Illegal value type */
+ return NULL;
+ }
}
return ava;
}
@@ -216,7 +213,7 @@
SECItem item = { siBuffer, NULL, 0 };
item.data = (PRUint8 *)value;
- item.len = PORT_Strlen(value);
+ item.len = PORT_Strlen(value);
return CERT_CreateAVAFromSECItem(arena, kind, valueType, &item);
}
@@ -227,16 +224,18 @@
CERTAVA *ava;
int rv;
- ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
+ ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
if (ava) {
- rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
- if (rv) goto loser;
- rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
- if (rv) goto loser;
+ rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
+ if (rv)
+ goto loser;
+ rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
+ if (rv)
+ goto loser;
}
return ava;
- loser:
+loser:
return 0;
}
@@ -249,34 +248,34 @@
unsigned count;
CERTAVA **avap;
- rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN));
+ rdn = (CERTRDN *)PORT_ArenaAlloc(arena, sizeof(CERTRDN));
if (rdn) {
- /* Count number of avas going into the rdn */
- count = 0;
- if (ava0) {
- count++;
- va_start(ap, ava0);
- while ((ava = va_arg(ap, CERTAVA*)) != 0) {
- count++;
- }
- va_end(ap);
- }
+ /* Count number of avas going into the rdn */
+ count = 0;
+ if (ava0) {
+ count++;
+ va_start(ap, ava0);
+ while ((ava = va_arg(ap, CERTAVA *)) != 0) {
+ count++;
+ }
+ va_end(ap);
+ }
- /* Now fill in the pointers */
- rdn->avas = avap =
- (CERTAVA**) PORT_ArenaAlloc( arena, (count + 1)*sizeof(CERTAVA*));
- if (!avap) {
- return 0;
- }
- if (ava0) {
- *avap++ = ava0;
- va_start(ap, ava0);
- while ((ava = va_arg(ap, CERTAVA*)) != 0) {
- *avap++ = ava;
- }
- va_end(ap);
- }
- *avap++ = 0;
+ /* Now fill in the pointers */
+ rdn->avas = avap =
+ (CERTAVA **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTAVA *));
+ if (!avap) {
+ return 0;
+ }
+ if (ava0) {
+ *avap++ = ava0;
+ va_start(ap, ava0);
+ while ((ava = va_arg(ap, CERTAVA *)) != 0) {
+ *avap++ = ava;
+ }
+ va_end(ap);
+ }
+ *avap++ = 0;
}
return rdn;
}
@@ -284,7 +283,7 @@
SECStatus
CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
{
- rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
+ rdn->avas = (CERTAVA **)AddToArray(arena, (void **)rdn->avas, ava);
return rdn->avas ? SECSuccess : SECFailure;
}
@@ -297,20 +296,20 @@
/* Copy each ava from from */
avas = from->avas;
if (avas) {
- if (avas[0] == NULL) {
- rv = CERT_AddAVA(arena, to, NULL);
- return rv;
- }
- while ((fava = *avas++) != 0) {
- tava = CERT_CopyAVA(arena, fava);
- if (!tava) {
- rv = SECFailure;
- break;
- }
- rv = CERT_AddAVA(arena, to, tava);
- if (rv != SECSuccess)
- break;
- }
+ if (avas[0] == NULL) {
+ rv = CERT_AddAVA(arena, to, NULL);
+ return rv;
+ }
+ while ((fava = *avas++) != 0) {
+ tava = CERT_CopyAVA(arena, fava);
+ if (!tava) {
+ rv = SECFailure;
+ break;
+ }
+ rv = CERT_AddAVA(arena, to, tava);
+ if (rv != SECSuccess)
+ break;
+ }
}
return rv;
}
@@ -318,8 +317,8 @@
/************************************************************************/
const SEC_ASN1Template CERT_NameTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) }
+ { SEC_ASN1_SEQUENCE_OF, offsetof(CERTName, rdns), CERT_RDNTemplate,
+ sizeof(CERTName) }
};
SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate)
@@ -333,71 +332,71 @@
unsigned count;
CERTRDN **rdnp;
PLArenaPool *arena;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- return(0);
+ if (!arena) {
+ return (0);
}
-
- name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName));
+
+ name = (CERTName *)PORT_ArenaAlloc(arena, sizeof(CERTName));
if (name) {
- name->arena = arena;
-
- /* Count number of RDNs going into the Name */
- if (!rdn0) {
- count = 0;
- } else {
- count = 1;
- va_start(ap, rdn0);
- while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
- count++;
- }
- va_end(ap);
- }
+ name->arena = arena;
- /* Allocate space (including space for terminal null ptr) */
- name->rdns = rdnp =
- (CERTRDN**) PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN*));
- if (!name->rdns) {
- goto loser;
- }
+ /* Count number of RDNs going into the Name */
+ if (!rdn0) {
+ count = 0;
+ } else {
+ count = 1;
+ va_start(ap, rdn0);
+ while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
+ count++;
+ }
+ va_end(ap);
+ }
- /* Now fill in the pointers */
- if (count > 0) {
- *rdnp++ = rdn0;
- va_start(ap, rdn0);
- while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
- *rdnp++ = rdn;
- }
- va_end(ap);
- }
+ /* Allocate space (including space for terminal null ptr) */
+ name->rdns = rdnp =
+ (CERTRDN **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN *));
+ if (!name->rdns) {
+ goto loser;
+ }
- /* null terminate the list */
- *rdnp++ = 0;
+ /* Now fill in the pointers */
+ if (count > 0) {
+ *rdnp++ = rdn0;
+ va_start(ap, rdn0);
+ while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
+ *rdnp++ = rdn;
+ }
+ va_end(ap);
+ }
+
+ /* null terminate the list */
+ *rdnp++ = 0;
}
return name;
loser:
PORT_FreeArena(arena, PR_FALSE);
- return(0);
+ return (0);
}
void
CERT_DestroyName(CERTName *name)
{
- if (name)
- {
+ if (name) {
PLArenaPool *arena = name->arena;
name->rdns = NULL;
- name->arena = NULL;
- if (arena) PORT_FreeArena(arena, PR_FALSE);
+ name->arena = NULL;
+ if (arena)
+ PORT_FreeArena(arena, PR_FALSE);
}
}
SECStatus
CERT_AddRDN(CERTName *name, CERTRDN *rdn)
{
- name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
+ name->rdns = (CERTRDN **)AddToArray(name->arena, (void **)name->rdns, rdn);
return name->rdns ? SECSuccess : SECFailure;
}
@@ -408,8 +407,8 @@
SECStatus rv = SECSuccess;
if (!to || !from) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
CERT_DestroyName(to);
@@ -418,23 +417,23 @@
/* Copy each rdn from from */
rdns = from->rdns;
if (rdns) {
- if (rdns[0] == NULL) {
- rv = CERT_AddRDN(to, NULL);
- return rv;
- }
- while ((frdn = *rdns++) != NULL) {
- trdn = CERT_CreateRDN(arena, NULL);
- if (!trdn) {
- rv = SECFailure;
- break;
- }
- rv = CERT_CopyRDN(arena, trdn, frdn);
- if (rv != SECSuccess)
- break;
- rv = CERT_AddRDN(to, trdn);
- if (rv != SECSuccess)
- break;
- }
+ if (rdns[0] == NULL) {
+ rv = CERT_AddRDN(to, NULL);
+ return rv;
+ }
+ while ((frdn = *rdns++) != NULL) {
+ trdn = CERT_CreateRDN(arena, NULL);
+ if (!trdn) {
+ rv = SECFailure;
+ break;
+ }
+ rv = CERT_CopyRDN(arena, trdn, frdn);
+ if (rv != SECSuccess)
+ break;
+ rv = CERT_AddRDN(to, trdn);
+ if (rv != SECSuccess)
+ break;
+ }
}
return rv;
}
@@ -442,34 +441,35 @@
/************************************************************************/
static void
-canonicalize(SECItem * foo)
+canonicalize(SECItem *foo)
{
int ch, lastch, len, src, dest;
/* strip trailing whitespace. */
len = foo->len;
- while (len > 0 && ((ch = foo->data[len - 1]) == ' ' ||
- ch == '\t' || ch == '\r' || ch == '\n')) {
- len--;
+ while (len > 0 && ((ch = foo->data[len - 1]) == ' ' || ch == '\t' ||
+ ch == '\r' || ch == '\n')) {
+ len--;
}
src = 0;
/* strip leading whitespace. */
- while (src < len && ((ch = foo->data[src]) == ' ' ||
- ch == '\t' || ch == '\r' || ch == '\n')) {
- src++;
+ while (src < len && ((ch = foo->data[src]) == ' ' || ch == '\t' ||
+ ch == '\r' || ch == '\n')) {
+ src++;
}
- dest = 0; lastch = ' ';
+ dest = 0;
+ lastch = ' ';
while (src < len) {
ch = foo->data[src++];
- if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n') {
- ch = ' ';
- if (ch == lastch)
- continue;
- } else if (ch >= 'A' && ch <= 'Z') {
- ch |= 0x20; /* downshift */
- }
- foo->data[dest++] = lastch = ch;
+ if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n') {
+ ch = ' ';
+ if (ch == lastch)
+ continue;
+ } else if (ch >= 'A' && ch <= 'Z') {
+ ch |= 0x20; /* downshift */
+ }
+ foo->data[dest++] = lastch = ch;
}
foo->len = dest;
}
@@ -479,14 +479,13 @@
CERT_CompareDERPrintableStrings(const SECItem *a, const SECItem *b)
{
SECComparison rv = SECLessThan;
- SECItem * aVal = CERT_DecodeAVAValue(a);
- SECItem * bVal = CERT_DecodeAVAValue(b);
+ SECItem *aVal = CERT_DecodeAVAValue(a);
+ SECItem *bVal = CERT_DecodeAVAValue(b);
- if (aVal && aVal->len && aVal->data &&
- bVal && bVal->len && bVal->data) {
- canonicalize(aVal);
- canonicalize(bVal);
- rv = SECITEM_CompareItem(aVal, bVal);
+ if (aVal && aVal->len && aVal->data && bVal && bVal->len && bVal->data) {
+ canonicalize(aVal);
+ canonicalize(bVal);
+ rv = SECITEM_CompareItem(aVal, bVal);
}
SECITEM_FreeItem(aVal, PR_TRUE);
SECITEM_FreeItem(bVal, PR_TRUE);
@@ -500,30 +499,30 @@
rv = SECITEM_CompareItem(&a->type, &b->type);
if (SECEqual != rv)
- return rv; /* Attribute types don't match. */
+ return rv; /* Attribute types don't match. */
/* Let's be optimistic. Maybe the values will just compare equal. */
rv = SECITEM_CompareItem(&a->value, &b->value);
if (SECEqual == rv)
- return rv; /* values compared exactly. */
+ return rv; /* values compared exactly. */
if (a->value.len && a->value.data && b->value.len && b->value.data) {
- /* Here, the values did not match.
- ** If the values had different encodings, convert them to the same
- ** encoding and compare that way.
- */
- if (a->value.data[0] != b->value.data[0]) {
- /* encodings differ. Convert both to UTF-8 and compare. */
- SECItem * aVal = CERT_DecodeAVAValue(&a->value);
- SECItem * bVal = CERT_DecodeAVAValue(&b->value);
- if (aVal && aVal->len && aVal->data &&
- bVal && bVal->len && bVal->data) {
- rv = SECITEM_CompareItem(aVal, bVal);
- }
- SECITEM_FreeItem(aVal, PR_TRUE);
- SECITEM_FreeItem(bVal, PR_TRUE);
- } else if (a->value.data[0] == 0x13) { /* both are printable strings. */
- /* printable strings */
- rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
- }
+ /* Here, the values did not match.
+ ** If the values had different encodings, convert them to the same
+ ** encoding and compare that way.
+ */
+ if (a->value.data[0] != b->value.data[0]) {
+ /* encodings differ. Convert both to UTF-8 and compare. */
+ SECItem *aVal = CERT_DecodeAVAValue(&a->value);
+ SECItem *bVal = CERT_DecodeAVAValue(&b->value);
+ if (aVal && aVal->len && aVal->data && bVal && bVal->len &&
+ bVal->data) {
+ rv = SECITEM_CompareItem(aVal, bVal);
+ }
+ SECITEM_FreeItem(aVal, PR_TRUE);
+ SECITEM_FreeItem(bVal, PR_TRUE);
+ } else if (a->value.data[0] == 0x13) { /* both are printable strings. */
+ /* printable strings */
+ rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
+ }
}
return rv;
}
@@ -543,23 +542,25 @@
** Make sure array of ava's are the same length. If not, then we are
** not equal
*/
- ac = CountArray((void**) aavas);
- bc = CountArray((void**) bavas);
- if (ac < bc) return SECLessThan;
- if (ac > bc) return SECGreaterThan;
+ ac = CountArray((void **)aavas);
+ bc = CountArray((void **)bavas);
+ if (ac < bc)
+ return SECLessThan;
+ if (ac > bc)
+ return SECGreaterThan;
while (NULL != (aava = *aavas++)) {
- for (bavas = b->avas; NULL != (bava = *bavas++); ) {
- rv = SECITEM_CompareItem(&aava->type, &bava->type);
- if (SECEqual == rv) {
- rv = CERT_CompareAVA(aava, bava);
- if (SECEqual != rv)
- return rv;
- break;
- }
- }
- if (!bava) /* didn't find a match */
- return SECGreaterThan;
+ for (bavas = b->avas; NULL != (bava = *bavas++);) {
+ rv = SECITEM_CompareItem(&aava->type, &bava->type);
+ if (SECEqual == rv) {
+ rv = CERT_CompareAVA(aava, bava);
+ if (SECEqual != rv)
+ return rv;
+ break;
+ }
+ }
+ if (!bava) /* didn't find a match */
+ return SECGreaterThan;
}
return rv;
}
@@ -579,19 +580,22 @@
** Make sure array of rdn's are the same length. If not, then we are
** not equal
*/
- ac = CountArray((void**) ardns);
- bc = CountArray((void**) brdns);
- if (ac < bc) return SECLessThan;
- if (ac > bc) return SECGreaterThan;
+ ac = CountArray((void **)ardns);
+ bc = CountArray((void **)brdns);
+ if (ac < bc)
+ return SECLessThan;
+ if (ac > bc)
+ return SECGreaterThan;
for (;;) {
- ardn = *ardns++;
- brdn = *brdns++;
- if (!ardn) {
- break;
- }
- rv = CERT_CompareRDN(ardn, brdn);
- if (rv) return rv;
+ ardn = *ardns++;
+ brdn = *brdns++;
+ if (!ardn) {
+ break;
+ }
+ rv = CERT_CompareRDN(ardn, brdn);
+ if (rv)
+ return rv;
}
return rv;
}
@@ -600,47 +604,47 @@
SECItem *
CERT_DecodeAVAValue(const SECItem *derAVAValue)
{
- SECItem *retItem;
- const SEC_ASN1Template *theTemplate = NULL;
- enum { conv_none, conv_ucs4, conv_ucs2, conv_iso88591 } convert = conv_none;
- SECItem avaValue = {siBuffer, 0};
- PLArenaPool *newarena = NULL;
+ SECItem *retItem;
+ const SEC_ASN1Template *theTemplate = NULL;
+ enum { conv_none, conv_ucs4, conv_ucs2, conv_iso88591 } convert = conv_none;
+ SECItem avaValue = { siBuffer, 0 };
+ PLArenaPool *newarena = NULL;
if (!derAVAValue || !derAVAValue->len || !derAVAValue->data) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
- switch(derAVAValue->data[0]) {
- case SEC_ASN1_UNIVERSAL_STRING:
- convert = conv_ucs4;
- theTemplate = SEC_ASN1_GET(SEC_UniversalStringTemplate);
- break;
- case SEC_ASN1_IA5_STRING:
- theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate);
- break;
- case SEC_ASN1_PRINTABLE_STRING:
- theTemplate = SEC_ASN1_GET(SEC_PrintableStringTemplate);
- break;
- case SEC_ASN1_T61_STRING:
- /*
- * Per common practice, we're not decoding actual T.61, but instead
- * treating T61-labeled strings as containing ISO-8859-1.
- */
- convert = conv_iso88591;
- theTemplate = SEC_ASN1_GET(SEC_T61StringTemplate);
- break;
- case SEC_ASN1_BMP_STRING:
- convert = conv_ucs2;
- theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate);
- break;
- case SEC_ASN1_UTF8_STRING:
- /* No conversion needed ! */
- theTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return NULL;
+ switch (derAVAValue->data[0]) {
+ case SEC_ASN1_UNIVERSAL_STRING:
+ convert = conv_ucs4;
+ theTemplate = SEC_ASN1_GET(SEC_UniversalStringTemplate);
+ break;
+ case SEC_ASN1_IA5_STRING:
+ theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate);
+ break;
+ case SEC_ASN1_PRINTABLE_STRING:
+ theTemplate = SEC_ASN1_GET(SEC_PrintableStringTemplate);
+ break;
+ case SEC_ASN1_T61_STRING:
+ /*
+ * Per common practice, we're not decoding actual T.61, but instead
+ * treating T61-labeled strings as containing ISO-8859-1.
+ */
+ convert = conv_iso88591;
+ theTemplate = SEC_ASN1_GET(SEC_T61StringTemplate);
+ break;
+ case SEC_ASN1_BMP_STRING:
+ convert = conv_ucs2;
+ theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate);
+ break;
+ case SEC_ASN1_UTF8_STRING:
+ /* No conversion needed ! */
+ theTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_AVA);
+ return NULL;
}
PORT_Memset(&avaValue, 0, sizeof(SECItem));
@@ -648,51 +652,54 @@
if (!newarena) {
return NULL;
}
- if(SEC_QuickDERDecodeItem(newarena, &avaValue, theTemplate, derAVAValue)
- != SECSuccess) {
- PORT_FreeArena(newarena, PR_FALSE);
- return NULL;
+ if (SEC_QuickDERDecodeItem(newarena, &avaValue, theTemplate, derAVAValue) !=
+ SECSuccess) {
+ PORT_FreeArena(newarena, PR_FALSE);
+ return NULL;
}
if (convert != conv_none) {
- unsigned int utf8ValLen = avaValue.len * 3;
- unsigned char *utf8Val = (unsigned char*)
- PORT_ArenaZAlloc(newarena, utf8ValLen);
+ unsigned int utf8ValLen = avaValue.len * 3;
+ unsigned char *utf8Val =
+ (unsigned char *)PORT_ArenaZAlloc(newarena, utf8ValLen);
switch (convert) {
- case conv_ucs4:
- if(avaValue.len % 4 != 0 ||
- !PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
- utf8Val, utf8ValLen, &utf8ValLen)) {
- PORT_FreeArena(newarena, PR_FALSE);
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return NULL;
- }
- break;
- case conv_ucs2:
- if(avaValue.len % 2 != 0 ||
- !PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
- utf8Val, utf8ValLen, &utf8ValLen)) {
- PORT_FreeArena(newarena, PR_FALSE);
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return NULL;
- }
- break;
- case conv_iso88591:
- if(!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
- utf8Val, utf8ValLen, &utf8ValLen)) {
- PORT_FreeArena(newarena, PR_FALSE);
- PORT_SetError(SEC_ERROR_INVALID_AVA);
- return NULL;
- }
- break;
- case conv_none:
- PORT_Assert(0); /* not reached */
- break;
- }
-
- avaValue.data = utf8Val;
- avaValue.len = utf8ValLen;
+ case conv_ucs4:
+ if (avaValue.len % 4 != 0 ||
+ !PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data,
+ avaValue.len, utf8Val, utf8ValLen,
+ &utf8ValLen)) {
+ PORT_FreeArena(newarena, PR_FALSE);
+ PORT_SetError(SEC_ERROR_INVALID_AVA);
+ return NULL;
+ }
+ break;
+ case conv_ucs2:
+ if (avaValue.len % 2 != 0 ||
+ !PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data,
+ avaValue.len, utf8Val, utf8ValLen,
+ &utf8ValLen)) {
+ PORT_FreeArena(newarena, PR_FALSE);
+ PORT_SetError(SEC_ERROR_INVALID_AVA);
+ return NULL;
+ }
+ break;
+ case conv_iso88591:
+ if (!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
+ utf8Val, utf8ValLen,
+ &utf8ValLen)) {
+ PORT_FreeArena(newarena, PR_FALSE);
+ PORT_SetError(SEC_ERROR_INVALID_AVA);
+ return NULL;
+ }
+ break;
+ case conv_none:
+ PORT_Assert(0); /* not reached */
+ break;
+ }
+
+ avaValue.data = utf8Val;
+ avaValue.len = utf8ValLen;
}
retItem = SECITEM_DupItem(&avaValue);
diff --git a/nss/lib/certdb/stanpcertdb.c b/nss/lib/certdb/stanpcertdb.c
index 1e1e06c..a65ad5c 100644
--- a/nss/lib/certdb/stanpcertdb.c
+++ b/nss/lib/certdb/stanpcertdb.c
@@ -33,18 +33,18 @@
PRBool
SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
- CERTCertDBHandle *handle)
+ CERTCertDBHandle *handle)
{
CERTCertificate *cert;
PRBool conflict = PR_FALSE;
- cert=CERT_FindCertByNickname(handle, nickname);
+ cert = CERT_FindCertByNickname(handle, nickname);
if (!cert) {
- return conflict;
+ return conflict;
}
- conflict = !SECITEM_ItemsAreEqual(derSubject,&cert->derSubject);
+ conflict = !SECITEM_ItemsAreEqual(derSubject, &cert->derSubject);
CERT_DestroyCertificate(cert);
return conflict;
}
@@ -64,15 +64,15 @@
certTrust = nssTrust_GetCERTCertTrustForCert(c, cert);
if (certTrust) {
- NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c);
- if (nssTrust) {
- nssrv = STAN_DeleteCertTrustMatchingSlot(c);
- if (nssrv != PR_SUCCESS) {
- CERT_MapStanError();
- }
- /* This call always returns PR_SUCCESS! */
- (void) nssTrust_Destroy(nssTrust);
- }
+ NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c);
+ if (nssTrust) {
+ nssrv = STAN_DeleteCertTrustMatchingSlot(c);
+ if (nssrv != PR_SUCCESS) {
+ CERT_MapStanError();
+ }
+ /* This call always returns PR_SUCCESS! */
+ (void)nssTrust_Destroy(nssTrust);
+ }
}
/* get rid of the token instances */
@@ -91,14 +91,14 @@
{
SECStatus rv;
CERT_LockCertTrust(cert);
- if ( cert->trust == NULL ) {
- rv = SECFailure;
+ if (cert->trust == NULL) {
+ rv = SECFailure;
} else {
- *trust = *cert->trust;
- rv = SECSuccess;
+ *trust = *cert->trust;
+ rv = SECSuccess;
}
CERT_UnlockCertTrust(cert);
- return(rv);
+ return (rv);
}
extern const NSSError NSS_ERROR_NO_ERROR;
@@ -141,14 +141,11 @@
extern const NSSError NSS_ERROR_ALREADY_INITIALIZED;
extern const NSSError NSS_ERROR_PKCS11;
-
/* Look at the stan error stack and map it to NSS 3 errors */
-#define STAN_MAP_ERROR(x,y) \
- else if (error == (x)) { \
- secError = y; \
- } \
+#define STAN_MAP_ERROR(x, y) \
+ else if (error == (x)) { secError = y; }
-/*
+/*
* map Stan errors into NSS errors
* This function examines the stan error stack and automatically sets
* PORT_SetError(); to the appropriate SEC_ERROR value.
@@ -165,85 +162,79 @@
errorStack = NSS_GetErrorStack();
if (errorStack == 0) {
- PORT_SetError(0);
- return;
- }
+ PORT_SetError(0);
+ return;
+ }
error = prevError = CKR_GENERAL_ERROR;
/* get the 'top 2' error codes from the stack */
- for (i=0; errorStack[i]; i++) {
- prevError = error;
- error = errorStack[i];
+ for (i = 0; errorStack[i]; i++) {
+ prevError = error;
+ error = errorStack[i];
}
if (error == NSS_ERROR_PKCS11) {
- /* map it */
- secError = PK11_MapError(prevError);
+ /* map it */
+ secError = PK11_MapError(prevError);
}
- STAN_MAP_ERROR(NSS_ERROR_NO_ERROR, 0)
- STAN_MAP_ERROR(NSS_ERROR_NO_MEMORY, SEC_ERROR_NO_MEMORY)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_BASE64, SEC_ERROR_BAD_DATA)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_BER, SEC_ERROR_BAD_DER)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_ATAV, SEC_ERROR_INVALID_AVA)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_PASSWORD,SEC_ERROR_BAD_PASSWORD)
- STAN_MAP_ERROR(NSS_ERROR_BUSY, SEC_ERROR_BUSY)
- STAN_MAP_ERROR(NSS_ERROR_DEVICE_ERROR, SEC_ERROR_IO)
- STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND,
- SEC_ERROR_UNKNOWN_ISSUER)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_CERTIFICATE, SEC_ERROR_CERT_NOT_VALID)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_UTF8, SEC_ERROR_BAD_DATA)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_NSSOID, SEC_ERROR_BAD_DATA)
+ STAN_MAP_ERROR(NSS_ERROR_NO_ERROR, 0)
+ STAN_MAP_ERROR(NSS_ERROR_NO_MEMORY, SEC_ERROR_NO_MEMORY)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_BASE64, SEC_ERROR_BAD_DATA)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_BER, SEC_ERROR_BAD_DER)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_ATAV, SEC_ERROR_INVALID_AVA)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_PASSWORD, SEC_ERROR_BAD_PASSWORD)
+ STAN_MAP_ERROR(NSS_ERROR_BUSY, SEC_ERROR_BUSY)
+ STAN_MAP_ERROR(NSS_ERROR_DEVICE_ERROR, SEC_ERROR_IO)
+ STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND,
+ SEC_ERROR_UNKNOWN_ISSUER)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_CERTIFICATE, SEC_ERROR_CERT_NOT_VALID)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_UTF8, SEC_ERROR_BAD_DATA)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_NSSOID, SEC_ERROR_BAD_DATA)
- /* these are library failure for lack of a better error code */
- STAN_MAP_ERROR(NSS_ERROR_NOT_FOUND, SEC_ERROR_LIBRARY_FAILURE)
- STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_IN_CACHE,
- SEC_ERROR_LIBRARY_FAILURE)
- STAN_MAP_ERROR(NSS_ERROR_MAXIMUM_FOUND, SEC_ERROR_LIBRARY_FAILURE)
- STAN_MAP_ERROR(NSS_ERROR_USER_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
- STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_INITIALIZED,
- SEC_ERROR_LIBRARY_FAILURE)
- STAN_MAP_ERROR(NSS_ERROR_ALREADY_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
- STAN_MAP_ERROR(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD,
- SEC_ERROR_LIBRARY_FAILURE)
- STAN_MAP_ERROR(NSS_ERROR_HASH_COLLISION, SEC_ERROR_LIBRARY_FAILURE)
+ /* these are library failure for lack of a better error code */
+ STAN_MAP_ERROR(NSS_ERROR_NOT_FOUND, SEC_ERROR_LIBRARY_FAILURE)
+ STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_IN_CACHE, SEC_ERROR_LIBRARY_FAILURE)
+ STAN_MAP_ERROR(NSS_ERROR_MAXIMUM_FOUND, SEC_ERROR_LIBRARY_FAILURE)
+ STAN_MAP_ERROR(NSS_ERROR_USER_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
+ STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
+ STAN_MAP_ERROR(NSS_ERROR_ALREADY_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
+ STAN_MAP_ERROR(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD,
+ SEC_ERROR_LIBRARY_FAILURE)
+ STAN_MAP_ERROR(NSS_ERROR_HASH_COLLISION, SEC_ERROR_LIBRARY_FAILURE)
- STAN_MAP_ERROR(NSS_ERROR_INTERNAL_ERROR, SEC_ERROR_LIBRARY_FAILURE)
+ STAN_MAP_ERROR(NSS_ERROR_INTERNAL_ERROR, SEC_ERROR_LIBRARY_FAILURE)
- /* these are all invalid arguments */
- STAN_MAP_ERROR(NSS_ERROR_INVALID_ARGUMENT, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_POINTER, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA_MARK, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_DUPLICATE_POINTER, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_POINTER_NOT_REGISTERED, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_EMPTY, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_VALUE_TOO_LARGE, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_UNSUPPORTED_TYPE, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_BUFFER_TOO_SHORT, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_ATOB_CONTEXT, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_BTOA_CONTEXT, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_ITEM, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_STRING, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1ENCODER, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1DECODER, SEC_ERROR_INVALID_ARGS)
- STAN_MAP_ERROR(NSS_ERROR_UNKNOWN_ATTRIBUTE, SEC_ERROR_INVALID_ARGS)
- else {
- secError = SEC_ERROR_LIBRARY_FAILURE;
- }
+ /* these are all invalid arguments */
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_ARGUMENT, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_POINTER, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA_MARK, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_DUPLICATE_POINTER, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_POINTER_NOT_REGISTERED, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_EMPTY, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_VALUE_TOO_LARGE, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_UNSUPPORTED_TYPE, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_BUFFER_TOO_SHORT, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_ATOB_CONTEXT, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_BTOA_CONTEXT, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_ITEM, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_STRING, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1ENCODER, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1DECODER, SEC_ERROR_INVALID_ARGS)
+ STAN_MAP_ERROR(NSS_ERROR_UNKNOWN_ATTRIBUTE, SEC_ERROR_INVALID_ARGS)
+ else { secError = SEC_ERROR_LIBRARY_FAILURE; }
PORT_SetError(secError);
}
-
-
SECStatus
CERT_ChangeCertTrust(CERTCertDBHandle *handle, CERTCertificate *cert,
- CERTCertTrust *trust)
+ CERTCertTrust *trust)
{
SECStatus rv = SECSuccess;
PRStatus ret;
ret = STAN_ChangeCertTrust(cert, trust);
if (ret != PR_SUCCESS) {
- rv = SECFailure;
- CERT_MapStanError();
+ rv = SECFailure;
+ CERT_MapStanError();
}
return rv;
}
@@ -252,7 +243,7 @@
SECStatus
__CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
- CERTCertTrust *trust)
+ CERTCertTrust *trust)
{
NSSUTF8 *stanNick;
PK11SlotInfo *slot;
@@ -260,31 +251,31 @@
NSSCryptoContext *context;
nssCryptokiObject *permInstance;
NSSCertificate *c = STAN_GetNSSCertificate(cert);
- nssCertificateStoreTrace lockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};
- nssCertificateStoreTrace unlockTrace = {NULL, NULL, PR_FALSE, PR_FALSE};
+ nssCertificateStoreTrace lockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
+ nssCertificateStoreTrace unlockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
SECStatus rv;
PRStatus ret;
if (c == NULL) {
- CERT_MapStanError();
+ CERT_MapStanError();
return SECFailure;
}
context = c->object.cryptoContext;
if (!context) {
- PORT_SetError(SEC_ERROR_ADDING_CERT);
- return SECFailure; /* wasn't a temp cert */
+ PORT_SetError(SEC_ERROR_ADDING_CERT);
+ return SECFailure; /* wasn't a temp cert */
}
stanNick = nssCertificate_GetNickname(c, NULL);
if (stanNick && nickname && strcmp(nickname, stanNick) != 0) {
- /* different: take the new nickname */
- cert->nickname = NULL;
+ /* different: take the new nickname */
+ cert->nickname = NULL;
nss_ZFreeIf(stanNick);
- stanNick = NULL;
+ stanNick = NULL;
}
if (!stanNick && nickname) {
/* Either there was no nickname yet, or we have a new nickname */
- stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, NULL);
+ stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, NULL);
} /* else: old stanNick is identical to new nickname */
/* Delete the temp instance */
nssCertificateStore_Lock(context->certStore, &lockTrace);
@@ -294,24 +285,17 @@
/* Import the perm instance onto the internal token */
slot = PK11_GetInternalKeySlot();
internal = PK11Slot_GetNSSToken(slot);
- permInstance = nssToken_ImportCertificate(internal, NULL,
- NSSCertificateType_PKIX,
- &c->id,
- stanNick,
- &c->encoding,
- &c->issuer,
- &c->subject,
- &c->serial,
- cert->emailAddr,
- PR_TRUE);
+ permInstance = nssToken_ImportCertificate(
+ internal, NULL, NSSCertificateType_PKIX, &c->id, stanNick, &c->encoding,
+ &c->issuer, &c->subject, &c->serial, cert->emailAddr, PR_TRUE);
nss_ZFreeIf(stanNick);
stanNick = NULL;
PK11_FreeSlot(slot);
if (!permInstance) {
- if (NSS_GetError() == NSS_ERROR_INVALID_CERTIFICATE) {
- PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
- }
- return SECFailure;
+ if (NSS_GetError() == NSS_ERROR_INVALID_CERTIFICATE) {
+ PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
+ }
+ return SECFailure;
}
nssPKIObject_AddInstance(&c->object, permInstance);
nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
@@ -319,33 +303,33 @@
cert->nssCertificate = NULL;
cert = STAN_GetCERTCertificateOrRelease(c); /* should return same pointer */
if (!cert) {
- CERT_MapStanError();
+ CERT_MapStanError();
return SECFailure;
}
cert->istemp = PR_FALSE;
cert->isperm = PR_TRUE;
if (!trust) {
- return SECSuccess;
+ return SECSuccess;
}
ret = STAN_ChangeCertTrust(cert, trust);
rv = SECSuccess;
if (ret != PR_SUCCESS) {
- rv = SECFailure;
- CERT_MapStanError();
+ rv = SECFailure;
+ CERT_MapStanError();
}
return rv;
}
SECStatus
CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
- CERTCertTrust *trust)
+ CERTCertTrust *trust)
{
return __CERT_AddTempCertToPerm(cert, nickname, trust);
}
CERTCertificate *
CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
- char *nickname, PRBool isperm, PRBool copyDER)
+ char *nickname, PRBool isperm, PRBool copyDER)
{
NSSCertificate *c;
CERTCertificate *cc;
@@ -354,52 +338,52 @@
NSSCryptoContext *gCC = STAN_GetDefaultCryptoContext();
NSSTrustDomain *gTD = STAN_GetDefaultTrustDomain();
if (!isperm) {
- NSSDER encoding;
- NSSITEM_FROM_SECITEM(&encoding, derCert);
- /* First, see if it is already a temp cert */
- c = NSSCryptoContext_FindCertificateByEncodedCertificate(gCC,
- &encoding);
- if (!c) {
- /* Then, see if it is already a perm cert */
- c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle,
- &encoding);
- }
- if (c) {
- /* actually, that search ends up going by issuer/serial,
- * so it is still possible to return a cert with the same
- * issuer/serial but a different encoding, and we're
- * going to reject that
- */
- if (!nssItem_Equal(&c->encoding, &encoding, NULL)) {
- nssCertificate_Destroy(c);
- PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
- cc = NULL;
- } else {
- cc = STAN_GetCERTCertificateOrRelease(c);
- if (cc == NULL) {
- CERT_MapStanError();
- }
- }
- return cc;
- }
+ NSSDER encoding;
+ NSSITEM_FROM_SECITEM(&encoding, derCert);
+ /* First, see if it is already a temp cert */
+ c = NSSCryptoContext_FindCertificateByEncodedCertificate(gCC,
+ &encoding);
+ if (!c) {
+ /* Then, see if it is already a perm cert */
+ c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle,
+ &encoding);
+ }
+ if (c) {
+ /* actually, that search ends up going by issuer/serial,
+ * so it is still possible to return a cert with the same
+ * issuer/serial but a different encoding, and we're
+ * going to reject that
+ */
+ if (!nssItem_Equal(&c->encoding, &encoding, NULL)) {
+ nssCertificate_Destroy(c);
+ PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
+ cc = NULL;
+ } else {
+ cc = STAN_GetCERTCertificateOrRelease(c);
+ if (cc == NULL) {
+ CERT_MapStanError();
+ }
+ }
+ return cc;
+ }
}
pkio = nssPKIObject_Create(NULL, NULL, gTD, gCC, nssPKIMonitor);
if (!pkio) {
- CERT_MapStanError();
- return NULL;
+ CERT_MapStanError();
+ return NULL;
}
c = nss_ZNEW(pkio->arena, NSSCertificate);
if (!c) {
- CERT_MapStanError();
- nssPKIObject_Destroy(pkio);
- return NULL;
+ CERT_MapStanError();
+ nssPKIObject_Destroy(pkio);
+ return NULL;
}
c->object = *pkio;
if (copyDER) {
- nssItem_Create(c->object.arena, &c->encoding,
- derCert->len, derCert->data);
+ nssItem_Create(c->object.arena, &c->encoding, derCert->len,
+ derCert->data);
} else {
- NSSITEM_FROM_SECITEM(&c->encoding, derCert);
+ NSSITEM_FROM_SECITEM(&c->encoding, derCert);
}
/* Forces a decoding of the cert in order to obtain the parts used
* below
@@ -408,40 +392,40 @@
* allocated so far for 'c' */
cc = STAN_GetCERTCertificate(c);
if (!cc) {
- CERT_MapStanError();
+ CERT_MapStanError();
goto loser;
}
- nssItem_Create(c->object.arena,
- &c->issuer, cc->derIssuer.len, cc->derIssuer.data);
- nssItem_Create(c->object.arena,
- &c->subject, cc->derSubject.len, cc->derSubject.data);
+ nssItem_Create(c->object.arena, &c->issuer, cc->derIssuer.len,
+ cc->derIssuer.data);
+ nssItem_Create(c->object.arena, &c->subject, cc->derSubject.len,
+ cc->derSubject.data);
if (PR_TRUE) {
- /* CERTCertificate stores serial numbers decoded. I need the DER
- * here. sigh.
- */
- SECItem derSerial = { 0 };
- CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
- if (!derSerial.data) goto loser;
- nssItem_Create(c->object.arena, &c->serial, derSerial.len, derSerial.data);
- PORT_Free(derSerial.data);
+ /* CERTCertificate stores serial numbers decoded. I need the DER
+ * here. sigh.
+ */
+ SECItem derSerial = { 0 };
+ CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
+ if (!derSerial.data)
+ goto loser;
+ nssItem_Create(c->object.arena, &c->serial, derSerial.len,
+ derSerial.data);
+ PORT_Free(derSerial.data);
}
if (nickname) {
- c->object.tempName = nssUTF8_Create(c->object.arena,
- nssStringType_UTF8String,
- (NSSUTF8 *)nickname,
- PORT_Strlen(nickname));
+ c->object.tempName =
+ nssUTF8_Create(c->object.arena, nssStringType_UTF8String,
+ (NSSUTF8 *)nickname, PORT_Strlen(nickname));
}
if (cc->emailAddr && cc->emailAddr[0]) {
- c->email = nssUTF8_Create(c->object.arena,
- nssStringType_PrintableString,
- (NSSUTF8 *)cc->emailAddr,
- PORT_Strlen(cc->emailAddr));
+ c->email = nssUTF8_Create(
+ c->object.arena, nssStringType_PrintableString,
+ (NSSUTF8 *)cc->emailAddr, PORT_Strlen(cc->emailAddr));
}
tempCert = NSSCryptoContext_FindOrImportCertificate(gCC, c);
if (!tempCert) {
- CERT_MapStanError();
- goto loser;
+ CERT_MapStanError();
+ goto loser;
}
/* destroy our copy */
NSSCertificate_Destroy(c);
@@ -449,9 +433,9 @@
c = tempCert;
cc = STAN_GetCERTCertificateOrRelease(c);
if (!cc) {
- /* STAN_GetCERTCertificateOrRelease destroys c on failure. */
- CERT_MapStanError();
- return NULL;
+ /* STAN_GetCERTCertificateOrRelease destroys c on failure. */
+ CERT_MapStanError();
+ return NULL;
}
cc->istemp = PR_TRUE;
@@ -466,20 +450,20 @@
/* This symbol is exported for backward compatibility. */
CERTCertificate *
__CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
- char *nickname, PRBool isperm, PRBool copyDER)
+ char *nickname, PRBool isperm, PRBool copyDER)
{
- return CERT_NewTempCertificate(handle, derCert, nickname,
- isperm, copyDER);
+ return CERT_NewTempCertificate(handle, derCert, nickname, isperm, copyDER);
}
/* maybe all the wincx's should be some const for internal token login? */
CERTCertificate *
-CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN)
+CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
+ CERTIssuerAndSN *issuerAndSN)
{
PK11SlotInfo *slot;
CERTCertificate *cert;
- cert = PK11_FindCertByIssuerAndSN(&slot,issuerAndSN,NULL);
+ cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, NULL);
if (cert && slot) {
PK11_FreeSlot(slot);
}
@@ -493,9 +477,9 @@
NSSUsage usage;
NSSCertificate *arr[3];
if (!ct) {
- return nssCertificate_AddRef(cp);
+ return nssCertificate_AddRef(cp);
} else if (!cp) {
- return nssCertificate_AddRef(ct);
+ return nssCertificate_AddRef(ct);
}
arr[0] = ct;
arr[1] = cp;
@@ -514,16 +498,16 @@
NSSITEM_FROM_SECITEM(&subject, name);
usage.anyUsage = PR_TRUE;
cc = STAN_GetDefaultCryptoContext();
- ct = NSSCryptoContext_FindBestCertificateBySubject(cc, &subject,
- NULL, &usage, NULL);
- cp = NSSTrustDomain_FindBestCertificateBySubject(handle, &subject,
- NULL, &usage, NULL);
+ ct = NSSCryptoContext_FindBestCertificateBySubject(cc, &subject, NULL,
+ &usage, NULL);
+ cp = NSSTrustDomain_FindBestCertificateBySubject(handle, &subject, NULL,
+ &usage, NULL);
c = get_best_temp_or_perm(ct, cp);
if (ct) {
- CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+ CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
if (cp) {
- CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(cp));
+ CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(cp));
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}
@@ -535,19 +519,20 @@
CERTCertificate *cert = NULL;
CERTCertListNode *node, *head;
- list = CERT_CreateSubjectCertList(NULL,handle,name,0,PR_FALSE);
- if (list == NULL) return NULL;
+ list = CERT_CreateSubjectCertList(NULL, handle, name, 0, PR_FALSE);
+ if (list == NULL)
+ return NULL;
node = head = CERT_LIST_HEAD(list);
if (head) {
- do {
- if (node->cert &&
- SECITEM_ItemsAreEqual(&node->cert->subjectKeyID, keyID) ) {
- cert = CERT_DupCertificate(node->cert);
- goto done;
- }
- node = CERT_LIST_NEXT(node);
- } while (node && head != node);
+ do {
+ if (node->cert &&
+ SECITEM_ItemsAreEqual(&node->cert->subjectKeyID, keyID)) {
+ cert = CERT_DupCertificate(node->cert);
+ goto done;
+ }
+ node = CERT_LIST_NEXT(node);
+ } while (node && head != node);
}
PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
done:
@@ -566,18 +551,18 @@
NSSUsage usage;
usage.anyUsage = PR_TRUE;
cc = STAN_GetDefaultCryptoContext();
- ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname,
- NULL, &usage, NULL);
+ ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, NULL,
+ &usage, NULL);
cert = PK11_FindCertFromNickname(nickname, NULL);
c = NULL;
if (cert) {
- c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
- CERT_DestroyCertificate(cert);
- if (ct) {
- CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
- }
+ c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
+ CERT_DestroyCertificate(cert);
+ if (ct) {
+ CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+ }
} else {
- c = ct;
+ c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}
@@ -592,17 +577,17 @@
cc = STAN_GetDefaultCryptoContext();
c = NSSCryptoContext_FindCertificateByEncodedCertificate(cc, &encoding);
if (!c) {
- c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle,
- &encoding);
- if (!c) return NULL;
+ c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle,
+ &encoding);
+ if (!c)
+ return NULL;
}
return STAN_GetCERTCertificateOrRelease(c);
}
static CERTCertificate *
-common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
- const char *name,
- PRBool anyUsage,
+common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
+ const char *name, PRBool anyUsage,
SECCertUsage lookingForUsage)
{
NSSCryptoContext *cc;
@@ -613,63 +598,61 @@
if (NULL == name) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ return NULL;
}
usage.anyUsage = anyUsage;
if (!anyUsage) {
- usage.nss3lookingForCA = PR_FALSE;
- usage.nss3usage = lookingForUsage;
+ usage.nss3lookingForCA = PR_FALSE;
+ usage.nss3usage = lookingForUsage;
}
cc = STAN_GetDefaultCryptoContext();
- ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name,
- NULL, &usage, NULL);
+ ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, NULL, &usage,
+ NULL);
if (!ct && PORT_Strchr(name, '@') != NULL) {
- char* lowercaseName = CERT_FixupEmailAddr(name);
+ char *lowercaseName = CERT_FixupEmailAddr(name);
if (lowercaseName) {
- ct = NSSCryptoContext_FindBestCertificateByEmail(cc, lowercaseName,
- NULL, &usage, NULL);
+ ct = NSSCryptoContext_FindBestCertificateByEmail(
+ cc, lowercaseName, NULL, &usage, NULL);
PORT_Free(lowercaseName);
}
}
if (anyUsage) {
- cert = PK11_FindCertFromNickname(name, NULL);
- }
- else {
- if (ct) {
- /* Does ct really have the required usage? */
- nssDecodedCert *dc;
- dc = nssCertificate_GetDecoding(ct);
- if (!dc->matchUsage(dc, &usage)) {
- CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
- ct = NULL;
- }
- }
-
- certlist = PK11_FindCertsFromNickname(name, NULL);
- if (certlist) {
- SECStatus rv = CERT_FilterCertListByUsage(certlist,
- lookingForUsage,
- PR_FALSE);
- if (SECSuccess == rv &&
- !CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) {
- cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert);
+ cert = PK11_FindCertFromNickname(name, NULL);
+ } else {
+ if (ct) {
+ /* Does ct really have the required usage? */
+ nssDecodedCert *dc;
+ dc = nssCertificate_GetDecoding(ct);
+ if (!dc->matchUsage(dc, &usage)) {
+ CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+ ct = NULL;
+ }
}
- CERT_DestroyCertList(certlist);
- }
+
+ certlist = PK11_FindCertsFromNickname(name, NULL);
+ if (certlist) {
+ SECStatus rv =
+ CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE);
+ if (SECSuccess == rv &&
+ !CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) {
+ cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert);
+ }
+ CERT_DestroyCertList(certlist);
+ }
}
if (cert) {
- c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
- CERT_DestroyCertificate(cert);
- if (ct) {
- CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
- }
+ c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
+ CERT_DestroyCertificate(cert);
+ if (ct) {
+ CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+ }
} else {
- c = ct;
+ c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}
@@ -677,43 +660,41 @@
CERTCertificate *
CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
{
- return common_FindCertByNicknameOrEmailAddrForUsage(handle, name,
- PR_TRUE, 0);
+ return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
+ 0);
}
CERTCertificate *
-CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
- const char *name,
+CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
+ const char *name,
SECCertUsage lookingForUsage)
{
- return common_FindCertByNicknameOrEmailAddrForUsage(handle, name,
- PR_FALSE,
- lookingForUsage);
+ return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
+ lookingForUsage);
}
-static void
+static void
add_to_subject_list(CERTCertList *certList, CERTCertificate *cert,
PRBool validOnly, PRTime sorttime)
{
SECStatus secrv;
if (!validOnly ||
- CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE)
- == secCertTimeValid) {
- secrv = CERT_AddCertToListSorted(certList, cert,
- CERT_SortCBValidity,
- (void *)&sorttime);
- if (secrv != SECSuccess) {
- CERT_DestroyCertificate(cert);
- }
+ CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE) ==
+ secCertTimeValid) {
+ secrv = CERT_AddCertToListSorted(certList, cert, CERT_SortCBValidity,
+ (void *)&sorttime);
+ if (secrv != SECSuccess) {
+ CERT_DestroyCertificate(cert);
+ }
} else {
- CERT_DestroyCertificate(cert);
+ CERT_DestroyCertificate(cert);
}
}
CERTCertList *
CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- const SECItem *name, PRTime sorttime,
- PRBool validOnly)
+ const SECItem *name, PRTime sorttime,
+ PRBool validOnly)
{
NSSCryptoContext *cc;
NSSCertificate **tSubjectCerts, **pSubjectCerts;
@@ -724,45 +705,40 @@
cc = STAN_GetDefaultCryptoContext();
NSSITEM_FROM_SECITEM(&subject, name);
/* Collect both temp and perm certs for the subject */
- tSubjectCerts = NSSCryptoContext_FindCertificatesBySubject(cc,
- &subject,
- NULL,
- 0,
- NULL);
- pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle,
- &subject,
- NULL,
- 0,
- NULL);
+ tSubjectCerts =
+ NSSCryptoContext_FindCertificatesBySubject(cc, &subject, NULL, 0, NULL);
+ pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle, &subject,
+ NULL, 0, NULL);
if (!tSubjectCerts && !pSubjectCerts) {
- return NULL;
+ return NULL;
}
if (certList == NULL) {
- certList = CERT_NewCertList();
- myList = PR_TRUE;
- if (!certList) goto loser;
+ certList = CERT_NewCertList();
+ myList = PR_TRUE;
+ if (!certList)
+ goto loser;
}
/* Iterate over the matching temp certs. Add them to the list */
ci = tSubjectCerts;
while (ci && *ci) {
- cert = STAN_GetCERTCertificateOrRelease(*ci);
- /* *ci may be invalid at this point, don't reference it again */
+ cert = STAN_GetCERTCertificateOrRelease(*ci);
+ /* *ci may be invalid at this point, don't reference it again */
if (cert) {
- /* NOTE: add_to_subject_list adopts the incoming cert. */
- add_to_subject_list(certList, cert, validOnly, sorttime);
+ /* NOTE: add_to_subject_list adopts the incoming cert. */
+ add_to_subject_list(certList, cert, validOnly, sorttime);
}
- ci++;
+ ci++;
}
/* Iterate over the matching perm certs. Add them to the list */
ci = pSubjectCerts;
while (ci && *ci) {
- cert = STAN_GetCERTCertificateOrRelease(*ci);
- /* *ci may be invalid at this point, don't reference it again */
+ cert = STAN_GetCERTCertificateOrRelease(*ci);
+ /* *ci may be invalid at this point, don't reference it again */
if (cert) {
- /* NOTE: add_to_subject_list adopts the incoming cert. */
- add_to_subject_list(certList, cert, validOnly, sorttime);
+ /* NOTE: add_to_subject_list adopts the incoming cert. */
+ add_to_subject_list(certList, cert, validOnly, sorttime);
}
- ci++;
+ ci++;
}
/* all the references have been adopted or freed at this point, just
* free the arrays now */
@@ -774,7 +750,7 @@
nssCertificateArray_Destroy(tSubjectCerts);
nssCertificateArray_Destroy(pSubjectCerts);
if (myList && certList != NULL) {
- CERT_DestroyCertList(certList);
+ CERT_DestroyCertList(certList);
}
return NULL;
}
@@ -782,19 +758,19 @@
void
CERT_DestroyCertificate(CERTCertificate *cert)
{
- if ( cert ) {
- /* don't use STAN_GetNSSCertificate because we don't want to
- * go to the trouble of translating the CERTCertificate into
- * an NSSCertificate just to destroy it. If it hasn't been done
- * yet, don't do it at all.
- */
- NSSCertificate *tmp = cert->nssCertificate;
- if (tmp) {
- /* delete the NSSCertificate */
- NSSCertificate_Destroy(tmp);
- } else if (cert->arena) {
- PORT_FreeArena(cert->arena, PR_FALSE);
- }
+ if (cert) {
+ /* don't use STAN_GetNSSCertificate because we don't want to
+ * go to the trouble of translating the CERTCertificate into
+ * an NSSCertificate just to destroy it. If it hasn't been done
+ * yet, don't do it at all.
+ */
+ NSSCertificate *tmp = cert->nssCertificate;
+ if (tmp) {
+ /* delete the NSSCertificate */
+ NSSCertificate_Destroy(tmp);
+ } else if (cert->arena) {
+ PORT_FreeArena(cert->arena, PR_FALSE);
+ }
}
return;
}
@@ -807,8 +783,8 @@
}
SECStatus
-certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
- SECItem *emailProfile, SECItem *profileTime)
+certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
+ SECItem *emailProfile, SECItem *profileTime)
{
PRTime oldtime;
PRTime newtime;
@@ -824,111 +800,109 @@
PRBool freeOldProfile = PR_FALSE;
c = STAN_GetNSSCertificate(cert);
- if (!c) return SECFailure;
+ if (!c)
+ return SECFailure;
cc = c->object.cryptoContext;
if (cc != NULL) {
- stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
- if (stanProfile) {
- PORT_Assert(stanProfile->profileData);
- SECITEM_FROM_NSSITEM(&oldprof, stanProfile->profileData);
- oldProfile = &oldprof;
- SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime);
- oldProfileTime = &oldproftime;
- }
+ stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
+ if (stanProfile) {
+ PORT_Assert(stanProfile->profileData);
+ SECITEM_FROM_NSSITEM(&oldprof, stanProfile->profileData);
+ oldProfile = &oldprof;
+ SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime);
+ oldProfileTime = &oldproftime;
+ }
} else {
- oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr,
- &cert->derSubject, &oldProfileTime);
- freeOldProfile = PR_TRUE;
+ oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr,
+ &cert->derSubject, &oldProfileTime);
+ freeOldProfile = PR_TRUE;
}
saveit = PR_FALSE;
-
+
/* both profileTime and emailProfile have to exist or not exist */
- if ( emailProfile == NULL ) {
- profileTime = NULL;
- } else if ( profileTime == NULL ) {
- emailProfile = NULL;
- }
-
- if ( oldProfileTime == NULL ) {
- saveit = PR_TRUE;
- } else {
- /* there was already a profile for this email addr */
- if ( profileTime ) {
- /* we have an old and new profile - save whichever is more recent*/
- if ( oldProfileTime->len == 0 ) {
- /* always replace if old entry doesn't have a time */
- oldtime = LL_MININT;
- } else {
- rv = DER_UTCTimeToTime(&oldtime, oldProfileTime);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- }
-
- rv = DER_UTCTimeToTime(&newtime, profileTime);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- if ( LL_CMP(newtime, >, oldtime ) ) {
- /* this is a newer profile, save it and cert */
- saveit = PR_TRUE;
- }
- } else {
- saveit = PR_TRUE;
- }
+ if (emailProfile == NULL) {
+ profileTime = NULL;
+ } else if (profileTime == NULL) {
+ emailProfile = NULL;
}
+ if (oldProfileTime == NULL) {
+ saveit = PR_TRUE;
+ } else {
+ /* there was already a profile for this email addr */
+ if (profileTime) {
+ /* we have an old and new profile - save whichever is more recent*/
+ if (oldProfileTime->len == 0) {
+ /* always replace if old entry doesn't have a time */
+ oldtime = LL_MININT;
+ } else {
+ rv = DER_UTCTimeToTime(&oldtime, oldProfileTime);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ }
+
+ rv = DER_UTCTimeToTime(&newtime, profileTime);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+
+ if (LL_CMP(newtime, >, oldtime)) {
+ /* this is a newer profile, save it and cert */
+ saveit = PR_TRUE;
+ }
+ } else {
+ saveit = PR_TRUE;
+ }
+ }
if (saveit) {
- if (cc) {
- if (stanProfile) {
- /* stanProfile is already stored in the crypto context,
- * overwrite the data
- */
- NSSArena *arena = stanProfile->object.arena;
- stanProfile->profileTime = nssItem_Create(arena,
- NULL,
- profileTime->len,
- profileTime->data);
- stanProfile->profileData = nssItem_Create(arena,
- NULL,
- emailProfile->len,
- emailProfile->data);
- } else if (profileTime && emailProfile) {
- PRStatus nssrv;
- NSSItem profTime, profData;
- NSSITEM_FROM_SECITEM(&profTime, profileTime);
- NSSITEM_FROM_SECITEM(&profData, emailProfile);
- stanProfile = nssSMIMEProfile_Create(c, &profTime, &profData);
- if (!stanProfile) goto loser;
- nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile);
- rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
- }
- } else {
- rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr,
- &cert->derSubject, emailProfile, profileTime);
- }
+ if (cc) {
+ if (stanProfile) {
+ /* stanProfile is already stored in the crypto context,
+ * overwrite the data
+ */
+ NSSArena *arena = stanProfile->object.arena;
+ stanProfile->profileTime = nssItem_Create(
+ arena, NULL, profileTime->len, profileTime->data);
+ stanProfile->profileData = nssItem_Create(
+ arena, NULL, emailProfile->len, emailProfile->data);
+ } else if (profileTime && emailProfile) {
+ PRStatus nssrv;
+ NSSItem profTime, profData;
+ NSSITEM_FROM_SECITEM(&profTime, profileTime);
+ NSSITEM_FROM_SECITEM(&profData, emailProfile);
+ stanProfile = nssSMIMEProfile_Create(c, &profTime, &profData);
+ if (!stanProfile)
+ goto loser;
+ nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile);
+ rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
+ }
+ } else {
+ rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr,
+ &cert->derSubject, emailProfile,
+ profileTime);
+ }
} else {
- rv = SECSuccess;
+ rv = SECSuccess;
}
loser:
if (oldProfile && freeOldProfile) {
- SECITEM_FreeItem(oldProfile,PR_TRUE);
+ SECITEM_FreeItem(oldProfile, PR_TRUE);
}
if (oldProfileTime && freeOldProfile) {
- SECITEM_FreeItem(oldProfileTime,PR_TRUE);
+ SECITEM_FreeItem(oldProfileTime, PR_TRUE);
}
if (stanProfile) {
- nssSMIMEProfile_Destroy(stanProfile);
+ nssSMIMEProfile_Destroy(stanProfile);
}
if (slot) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
-
- return(rv);
+
+ return (rv);
}
/*
@@ -939,7 +913,7 @@
SECStatus
CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
- SECItem *profileTime)
+ SECItem *profileTime)
{
const char *emailAddr;
SECStatus rv;
@@ -948,40 +922,39 @@
return SECFailure;
}
- if (cert->slot && !PK11_IsInternal(cert->slot)) {
+ if (cert->slot && !PK11_IsInternal(cert->slot)) {
/* this cert comes from an external source, we need to add it
to the cert db before creating an S/MIME profile */
- PK11SlotInfo* internalslot = PK11_GetInternalKeySlot();
+ PK11SlotInfo *internalslot = PK11_GetInternalKeySlot();
if (!internalslot) {
return SECFailure;
}
- rv = PK11_ImportCert(internalslot, cert,
- CK_INVALID_HANDLE, NULL, PR_FALSE);
+ rv = PK11_ImportCert(internalslot, cert, CK_INVALID_HANDLE, NULL,
+ PR_FALSE);
PK11_FreeSlot(internalslot);
- if (rv != SECSuccess ) {
+ if (rv != SECSuccess) {
return SECFailure;
}
}
if (cert->slot && cert->isperm && CERT_IsUserCert(cert) &&
- (!emailProfile || !emailProfile->len)) {
- /* Don't clobber emailProfile for user certs. */
- return SECSuccess;
+ (!emailProfile || !emailProfile->len)) {
+ /* Don't clobber emailProfile for user certs. */
+ return SECSuccess;
}
for (emailAddr = CERT_GetFirstEmailAddress(cert); emailAddr != NULL;
- emailAddr = CERT_GetNextEmailAddress(cert,emailAddr)) {
- rv = certdb_SaveSingleProfile(cert,emailAddr,emailProfile,profileTime);
- if (rv != SECSuccess) {
- return SECFailure;
- }
+ emailAddr = CERT_GetNextEmailAddress(cert, emailAddr)) {
+ rv = certdb_SaveSingleProfile(cert, emailAddr, emailProfile,
+ profileTime);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
}
return SECSuccess;
-
}
-
SECItem *
CERT_FindSMimeProfile(CERTCertificate *cert)
{
@@ -991,29 +964,30 @@
SECItem *rvItem = NULL;
if (!cert || !cert->emailAddr || !cert->emailAddr[0]) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
c = STAN_GetNSSCertificate(cert);
- if (!c) return NULL;
+ if (!c)
+ return NULL;
cc = c->object.cryptoContext;
if (cc != NULL) {
- nssSMIMEProfile *stanProfile;
- stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
- if (stanProfile) {
- rvItem = SECITEM_AllocItem(NULL, NULL,
- stanProfile->profileData->size);
- if (rvItem) {
- rvItem->data = stanProfile->profileData->data;
- }
- nssSMIMEProfile_Destroy(stanProfile);
- }
- return rvItem;
+ nssSMIMEProfile *stanProfile;
+ stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
+ if (stanProfile) {
+ rvItem =
+ SECITEM_AllocItem(NULL, NULL, stanProfile->profileData->size);
+ if (rvItem) {
+ rvItem->data = stanProfile->profileData->data;
+ }
+ nssSMIMEProfile_Destroy(stanProfile);
+ }
+ return rvItem;
}
rvItem =
- PK11_FindSMimeProfile(&slot, cert->emailAddr, &cert->derSubject, NULL);
+ PK11_FindSMimeProfile(&slot, cert->emailAddr, &cert->derSubject, NULL);
if (slot) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
return rvItem;
}
@@ -1050,23 +1024,18 @@
SECStatus
__CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle,
- SECItem *derSubject,
- void *cb, void *cbarg)
+ SECItem *derSubject, void *cb, void *cbarg)
{
PORT_Assert("CERT_TraversePermCertsForSubject is Deprecated" == NULL);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
}
-
SECStatus
__CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname,
- void *cb, void *cbarg)
+ void *cb, void *cbarg)
{
PORT_Assert("CERT_TraversePermCertsForNickname is Deprecated" == NULL);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
}
-
-
-
diff --git a/nss/lib/certdb/xauthkid.c b/nss/lib/certdb/xauthkid.c
index 4faf017..c7ef046 100644
--- a/nss/lib/certdb/xauthkid.c
+++ b/nss/lib/certdb/xauthkid.c
@@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
- * X.509 v3 Subject Key Usage Extension
+ * X.509 v3 Subject Key Usage Extension
*
*/
@@ -14,7 +14,7 @@
#include "secasn1t.h"
#include "secasn1.h"
#include "secport.h"
-#include "certt.h"
+#include "certt.h"
#include "genname.h"
#include "secerr.h"
@@ -24,105 +24,105 @@
const SEC_ASN1Template CERTAuthKeyIDTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(CERTAuthKeyID,keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate)},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate},
+ offsetof(CERTAuthKeyID, keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
- offsetof(CERTAuthKeyID,authCertSerialNumber),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ offsetof(CERTAuthKeyID, authCertSerialNumber),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
{ 0 }
};
-
-
-SECStatus CERT_EncodeAuthKeyID (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
+SECStatus
+CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value,
+ SECItem *encodedValue)
{
SECStatus rv = SECFailure;
-
- PORT_Assert (value);
- PORT_Assert (arena);
- PORT_Assert (value->DERAuthCertIssuer == NULL);
- PORT_Assert (encodedValue);
+
+ PORT_Assert(value);
+ PORT_Assert(arena);
+ PORT_Assert(value->DERAuthCertIssuer == NULL);
+ PORT_Assert(encodedValue);
do {
-
- /* If both of the authCertIssuer and the serial number exist, encode
- the name first. Otherwise, it is an error if one exist and the other
- is not.
- */
- if (value->authCertIssuer) {
- if (!value->authCertSerialNumber.data) {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- break;
- }
- value->DERAuthCertIssuer = cert_EncodeGeneralNames
- (arena, value->authCertIssuer);
- if (!value->DERAuthCertIssuer) {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- break;
- }
- }
- else if (value->authCertSerialNumber.data) {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- break;
- }
+ /* If both of the authCertIssuer and the serial number exist, encode
+ the name first. Otherwise, it is an error if one exist and the other
+ is not.
+ */
+ if (value->authCertIssuer) {
+ if (!value->authCertSerialNumber.data) {
+ PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+ break;
+ }
- if (SEC_ASN1EncodeItem (arena, encodedValue, value,
- CERTAuthKeyIDTemplate) == NULL)
- break;
- rv = SECSuccess;
+ value->DERAuthCertIssuer =
+ cert_EncodeGeneralNames(arena, value->authCertIssuer);
+ if (!value->DERAuthCertIssuer) {
+ PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+ break;
+ }
+ } else if (value->authCertSerialNumber.data) {
+ PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+ break;
+ }
+
+ if (SEC_ASN1EncodeItem(arena, encodedValue, value,
+ CERTAuthKeyIDTemplate) == NULL)
+ break;
+ rv = SECSuccess;
} while (0);
- return(rv);
+ return (rv);
}
CERTAuthKeyID *
-CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue)
+CERT_DecodeAuthKeyID(PLArenaPool *arena, const SECItem *encodedValue)
{
- CERTAuthKeyID * value = NULL;
- SECStatus rv = SECFailure;
- void * mark;
- SECItem newEncodedValue;
+ CERTAuthKeyID *value = NULL;
+ SECStatus rv = SECFailure;
+ void *mark;
+ SECItem newEncodedValue;
- PORT_Assert (arena);
-
+ PORT_Assert(arena);
+
do {
- mark = PORT_ArenaMark (arena);
- value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value));
- if (value == NULL)
- break;
- value->DERAuthCertIssuer = NULL;
+ mark = PORT_ArenaMark(arena);
+ value = (CERTAuthKeyID *)PORT_ArenaZAlloc(arena, sizeof(*value));
+ if (value == NULL)
+ break;
+ value->DERAuthCertIssuer = NULL;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
- if ( rv != SECSuccess ) {
- break;
+ if (rv != SECSuccess) {
+ break;
}
- rv = SEC_QuickDERDecodeItem
- (arena, value, CERTAuthKeyIDTemplate, &newEncodedValue);
- if (rv != SECSuccess)
- break;
+ rv = SEC_QuickDERDecodeItem(arena, value, CERTAuthKeyIDTemplate,
+ &newEncodedValue);
+ if (rv != SECSuccess)
+ break;
- value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer);
- if (value->authCertIssuer == NULL)
- break;
-
- /* what if the general name contains other format but not URI ?
- hl
- */
- if ((value->authCertSerialNumber.data && !value->authCertIssuer) ||
- (!value->authCertSerialNumber.data && value->authCertIssuer)){
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- break;
- }
+ value->authCertIssuer =
+ cert_DecodeGeneralNames(arena, value->DERAuthCertIssuer);
+ if (value->authCertIssuer == NULL)
+ break;
+
+ /* what if the general name contains other format but not URI ?
+ hl
+ */
+ if ((value->authCertSerialNumber.data && !value->authCertIssuer) ||
+ (!value->authCertSerialNumber.data && value->authCertIssuer)) {
+ PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+ break;
+ }
} while (0);
if (rv != SECSuccess) {
- PORT_ArenaRelease (arena, mark);
- return ((CERTAuthKeyID *)NULL);
- }
+ PORT_ArenaRelease(arena, mark);
+ return ((CERTAuthKeyID *)NULL);
+ }
PORT_ArenaUnmark(arena, mark);
return (value);
}
diff --git a/nss/lib/certdb/xbsconst.c b/nss/lib/certdb/xbsconst.c
index 7a3cb1c..8a448ed 100644
--- a/nss/lib/certdb/xbsconst.c
+++ b/nss/lib/certdb/xbsconst.c
@@ -3,11 +3,11 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
- * X.509 v3 Basic Constraints Extension
+ * X.509 v3 Basic Constraints Extension
*/
#include "prtypes.h"
-#include <limits.h> /* for LONG_MAX */
+#include <limits.h> /* for LONG_MAX */
#include "seccomon.h"
#include "secdert.h"
#include "secoidt.h"
@@ -18,128 +18,130 @@
#include "prprf.h"
#include "secerr.h"
-typedef struct EncodedContext{
+typedef struct EncodedContext {
SECItem isCA;
SECItem pathLenConstraint;
SECItem encodedValue;
PLArenaPool *arena;
-}EncodedContext;
+} EncodedContext;
static const SEC_ASN1Template CERTBasicConstraintsTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(EncodedContext) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
- offsetof(EncodedContext,isCA)},
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(EncodedContext) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+ offsetof(EncodedContext, isCA) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
- offsetof(EncodedContext,pathLenConstraint) },
- { 0, }
+ offsetof(EncodedContext, pathLenConstraint) },
+ { 0 }
};
static unsigned char hexTrue = 0xff;
static unsigned char hexFalse = 0x00;
-#define GEN_BREAK(status) rv = status; break;
+#define GEN_BREAK(status) \
+ rv = status; \
+ break;
-SECStatus CERT_EncodeBasicConstraintValue
- (PLArenaPool *arena, CERTBasicConstraints *value, SECItem *encodedValue)
+SECStatus
+CERT_EncodeBasicConstraintValue(PLArenaPool *arena, CERTBasicConstraints *value,
+ SECItem *encodedValue)
{
EncodedContext encodeContext;
PLArenaPool *our_pool = NULL;
SECStatus rv = SECSuccess;
do {
- PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
- if (!value->isCA && value->pathLenConstraint >= 0) {
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- GEN_BREAK (SECFailure);
- }
+ PORT_Memset(&encodeContext, 0, sizeof(encodeContext));
+ if (!value->isCA && value->pathLenConstraint >= 0) {
+ PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+ GEN_BREAK(SECFailure);
+ }
encodeContext.arena = arena;
- if (value->isCA == PR_TRUE) {
- encodeContext.isCA.data = &hexTrue ;
- encodeContext.isCA.len = 1;
- }
+ if (value->isCA == PR_TRUE) {
+ encodeContext.isCA.data = &hexTrue;
+ encodeContext.isCA.len = 1;
+ }
- /* If the pathLenConstraint is less than 0, then it should be
- * omitted from the encoding.
- */
- if (value->isCA && value->pathLenConstraint >= 0) {
- our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (our_pool == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- GEN_BREAK (SECFailure);
- }
- if (SEC_ASN1EncodeUnsignedInteger
- (our_pool, &encodeContext.pathLenConstraint,
- (unsigned long)value->pathLenConstraint) == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- GEN_BREAK (SECFailure);
- }
- }
- if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
- CERTBasicConstraintsTemplate) == NULL) {
- GEN_BREAK (SECFailure);
- }
+ /* If the pathLenConstraint is less than 0, then it should be
+ * omitted from the encoding.
+ */
+ if (value->isCA && value->pathLenConstraint >= 0) {
+ our_pool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+ if (our_pool == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ GEN_BREAK(SECFailure);
+ }
+ if (SEC_ASN1EncodeUnsignedInteger(
+ our_pool, &encodeContext.pathLenConstraint,
+ (unsigned long)value->pathLenConstraint) == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ GEN_BREAK(SECFailure);
+ }
+ }
+ if (SEC_ASN1EncodeItem(arena, encodedValue, &encodeContext,
+ CERTBasicConstraintsTemplate) == NULL) {
+ GEN_BREAK(SECFailure);
+ }
} while (0);
if (our_pool)
- PORT_FreeArena (our_pool, PR_FALSE);
- return(rv);
-
+ PORT_FreeArena(our_pool, PR_FALSE);
+ return (rv);
}
-SECStatus CERT_DecodeBasicConstraintValue
- (CERTBasicConstraints *value, const SECItem *encodedValue)
+SECStatus
+CERT_DecodeBasicConstraintValue(CERTBasicConstraints *value,
+ const SECItem *encodedValue)
{
EncodedContext decodeContext;
PLArenaPool *our_pool;
SECStatus rv = SECSuccess;
do {
- PORT_Memset (&decodeContext, 0, sizeof (decodeContext));
- /* initialize the value just in case we got "0x30 00", or when the
- pathLenConstraint is omitted.
+ PORT_Memset(&decodeContext, 0, sizeof(decodeContext));
+ /* initialize the value just in case we got "0x30 00", or when the
+ pathLenConstraint is omitted.
*/
- decodeContext.isCA.data =&hexFalse;
- decodeContext.isCA.len = 1;
-
- our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (our_pool == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- GEN_BREAK (SECFailure);
- }
+ decodeContext.isCA.data = &hexFalse;
+ decodeContext.isCA.len = 1;
- rv = SEC_QuickDERDecodeItem
- (our_pool, &decodeContext, CERTBasicConstraintsTemplate, encodedValue);
- if (rv == SECFailure)
- break;
-
- value->isCA = decodeContext.isCA.data
- ? (PRBool)(decodeContext.isCA.data[0] != 0)
- : PR_FALSE;
- if (decodeContext.pathLenConstraint.data == NULL) {
- /* if the pathLenConstraint is not encoded, and the current setting
- is CA, then the pathLenConstraint should be set to a negative number
- for unlimited certificate path.
- */
- if (value->isCA)
- value->pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
- } else if (value->isCA) {
- long len = DER_GetInteger (&decodeContext.pathLenConstraint);
- if (len < 0 || len == LONG_MAX) {
- PORT_SetError (SEC_ERROR_BAD_DER);
- GEN_BREAK (SECFailure);
- }
- value->pathLenConstraint = len;
- } else {
- /* here we get an error where the subject is not a CA, but
- the pathLenConstraint is set */
- PORT_SetError (SEC_ERROR_BAD_DER);
- GEN_BREAK (SECFailure);
- break;
- }
-
+ our_pool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+ if (our_pool == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ GEN_BREAK(SECFailure);
+ }
+
+ rv = SEC_QuickDERDecodeItem(our_pool, &decodeContext,
+ CERTBasicConstraintsTemplate, encodedValue);
+ if (rv == SECFailure)
+ break;
+
+ value->isCA = decodeContext.isCA.data
+ ? (PRBool)(decodeContext.isCA.data[0] != 0)
+ : PR_FALSE;
+ if (decodeContext.pathLenConstraint.data == NULL) {
+ /* if the pathLenConstraint is not encoded, and the current setting
+ is CA, then the pathLenConstraint should be set to a negative
+ number
+ for unlimited certificate path.
+ */
+ if (value->isCA)
+ value->pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
+ } else if (value->isCA) {
+ long len = DER_GetInteger(&decodeContext.pathLenConstraint);
+ if (len < 0 || len == LONG_MAX) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ GEN_BREAK(SECFailure);
+ }
+ value->pathLenConstraint = len;
+ } else {
+ /* here we get an error where the subject is not a CA, but
+ the pathLenConstraint is set */
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ GEN_BREAK(SECFailure);
+ break;
+ }
+
} while (0);
- PORT_FreeArena (our_pool, PR_FALSE);
+ PORT_FreeArena(our_pool, PR_FALSE);
return (rv);
-
}
diff --git a/nss/lib/certdb/xconst.c b/nss/lib/certdb/xconst.c
index 495987c..9a5634a 100644
--- a/nss/lib/certdb/xconst.c
+++ b/nss/lib/certdb/xconst.c
@@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
- * X.509 Extension Encoding
+ * X.509 Extension Encoding
*/
#include "prtypes.h"
@@ -20,12 +20,10 @@
#include "secasn1.h"
#include "secerr.h"
-
static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {
{ SEC_ASN1_OCTET_STRING }
};
-
static const SEC_ASN1Template CERTIA5TypeTemplate[] = {
{ SEC_ASN1_IA5_STRING }
};
@@ -33,40 +31,34 @@
SEC_ASN1_MKSUB(SEC_GeneralizedTimeTemplate)
static const SEC_ASN1Template CERTPrivateKeyUsagePeriodTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPrivKeyUsagePeriod) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(CERTPrivKeyUsagePeriod, notBefore),
- SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
- offsetof(CERTPrivKeyUsagePeriod, notAfter),
- SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate)},
- { 0, }
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPrivKeyUsagePeriod) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ offsetof(CERTPrivKeyUsagePeriod, notBefore),
+ SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+ offsetof(CERTPrivKeyUsagePeriod, notAfter),
+ SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
+ { 0 }
};
-
const SEC_ASN1Template CERTAltNameTemplate[] = {
- { SEC_ASN1_CONSTRUCTED, offsetof(CERTAltNameEncodedContext, encodedGenName),
- CERT_GeneralNamesTemplate}
+ { SEC_ASN1_CONSTRUCTED, offsetof(CERTAltNameEncodedContext, encodedGenName),
+ CERT_GeneralNamesTemplate }
};
const SEC_ASN1Template CERTAuthInfoAccessItemTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTAuthInfoAccess) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTAuthInfoAccess, method) },
- { SEC_ASN1_ANY,
- offsetof(CERTAuthInfoAccess, derLocation) },
- { 0, }
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthInfoAccess) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CERTAuthInfoAccess, method) },
+ { SEC_ASN1_ANY, offsetof(CERTAuthInfoAccess, derLocation) },
+ { 0 }
};
const SEC_ASN1Template CERTAuthInfoAccessTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF, 0, CERTAuthInfoAccessItemTemplate }
};
-
-SECStatus
-CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem* srcString,
+SECStatus
+CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem *srcString,
SECItem *encodedValue)
{
SECStatus rv = SECSuccess;
@@ -75,27 +67,26 @@
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- if (SEC_ASN1EncodeItem (arena, encodedValue, srcString,
- CERTSubjectKeyIDTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, encodedValue, srcString,
+ CERTSubjectKeyIDTemplate) == NULL) {
+ rv = SECFailure;
}
-
- return(rv);
-}
+ return (rv);
+}
SECStatus
CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
- CERTPrivKeyUsagePeriod *pkup,
- SECItem *encodedValue)
+ CERTPrivKeyUsagePeriod *pkup,
+ SECItem *encodedValue)
{
SECStatus rv = SECSuccess;
- if (SEC_ASN1EncodeItem (arena, encodedValue, pkup,
- CERTPrivateKeyUsagePeriodTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, encodedValue, pkup,
+ CERTPrivateKeyUsagePeriodTemplate) == NULL) {
+ rv = SECFailure;
}
- return(rv);
+ return (rv);
}
CERTPrivKeyUsagePeriod *
@@ -107,63 +98,62 @@
/* allocate the certificate policies structure */
pPeriod = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
- if ( pPeriod == NULL ) {
- goto loser;
+ if (pPeriod == NULL) {
+ goto loser;
}
-
+
pPeriod->arena = arena;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
- rv = SEC_QuickDERDecodeItem(arena, pPeriod,
- CERTPrivateKeyUsagePeriodTemplate,
- &newExtnValue);
- if ( rv != SECSuccess ) {
- goto loser;
+ rv = SEC_QuickDERDecodeItem(
+ arena, pPeriod, CERTPrivateKeyUsagePeriodTemplate, &newExtnValue);
+ if (rv != SECSuccess) {
+ goto loser;
}
return pPeriod;
-
+
loser:
return NULL;
}
-
-SECStatus
-CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value, SECItem *encodedValue)
+SECStatus
+CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
+ SECItem *encodedValue)
{
SECItem encodeContext;
SECStatus rv = SECSuccess;
+ PORT_Memset(&encodeContext, 0, sizeof(encodeContext));
- PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
-
if (value != NULL) {
- encodeContext.data = (unsigned char *)value;
- encodeContext.len = strlen(value);
+ encodeContext.data = (unsigned char *)value;
+ encodeContext.len = strlen(value);
}
- if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
- CERTIA5TypeTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, encodedValue, &encodeContext,
+ CERTIA5TypeTemplate) == NULL) {
+ rv = SECFailure;
}
-
- return(rv);
+
+ return (rv);
}
SECStatus
-CERT_EncodeAltNameExtension(PLArenaPool *arena, CERTGeneralName *value, SECItem *encodedValue)
+CERT_EncodeAltNameExtension(PLArenaPool *arena, CERTGeneralName *value,
+ SECItem *encodedValue)
{
- SECItem **encodedGenName;
- SECStatus rv = SECSuccess;
+ SECItem **encodedGenName;
+ SECStatus rv = SECSuccess;
encodedGenName = cert_EncodeGeneralNames(arena, value);
- if (SEC_ASN1EncodeItem (arena, encodedValue, &encodedGenName,
- CERT_GeneralNamesTemplate) == NULL) {
- rv = SECFailure;
+ if (SEC_ASN1EncodeItem(arena, encodedValue, &encodedGenName,
+ CERT_GeneralNamesTemplate) == NULL) {
+ rv = SECFailure;
}
return rv;
@@ -172,9 +162,9 @@
CERTGeneralName *
CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName)
{
- SECStatus rv = SECSuccess;
- CERTAltNameEncodedContext encodedContext;
- SECItem* newEncodedAltName;
+ SECStatus rv = SECSuccess;
+ CERTAltNameEncodedContext encodedContext;
+ SECItem *newEncodedAltName;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -188,14 +178,13 @@
encodedContext.encodedGenName = NULL;
PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext));
- rv = SEC_QuickDERDecodeItem (reqArena, &encodedContext,
- CERT_GeneralNamesTemplate, newEncodedAltName);
+ rv = SEC_QuickDERDecodeItem(reqArena, &encodedContext,
+ CERT_GeneralNamesTemplate, newEncodedAltName);
if (rv == SECFailure) {
- goto loser;
+ goto loser;
}
if (encodedContext.encodedGenName && encodedContext.encodedGenName[0])
- return cert_DecodeGeneralNames(reqArena,
- encodedContext.encodedGenName);
+ return cert_DecodeGeneralNames(reqArena, encodedContext.encodedGenName);
/* Extension contained an empty GeneralNames sequence */
/* Treat as extension not found */
PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
@@ -203,35 +192,32 @@
return NULL;
}
-
SECStatus
-CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
- CERTNameConstraints *value,
- SECItem *encodedValue)
+CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
+ CERTNameConstraints *value,
+ SECItem *encodedValue)
{
- SECStatus rv = SECSuccess;
-
+ SECStatus rv = SECSuccess;
+
rv = cert_EncodeNameConstraints(value, arena, encodedValue);
return rv;
}
-
CERTNameConstraints *
-CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
- const SECItem *encodedConstraints)
+CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
+ const SECItem *encodedConstraints)
{
return cert_DecodeNameConstraints(arena, encodedConstraints);
}
-
CERTAuthInfoAccess **
CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
- const SECItem *encodedExtension)
+ const SECItem *encodedExtension)
{
CERTAuthInfoAccess **info = NULL;
SECStatus rv;
int i;
- SECItem* newEncodedExtension;
+ SECItem *newEncodedExtension;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -243,24 +229,22 @@
return NULL;
}
- rv = SEC_QuickDERDecodeItem(reqArena, &info, CERTAuthInfoAccessTemplate,
- newEncodedExtension);
+ rv = SEC_QuickDERDecodeItem(reqArena, &info, CERTAuthInfoAccessTemplate,
+ newEncodedExtension);
if (rv != SECSuccess || info == NULL) {
- return NULL;
+ return NULL;
}
for (i = 0; info[i] != NULL; i++) {
- info[i]->location = CERT_DecodeGeneralName(reqArena,
- &(info[i]->derLocation),
- NULL);
+ info[i]->location =
+ CERT_DecodeGeneralName(reqArena, &(info[i]->derLocation), NULL);
}
return info;
}
SECStatus
-CERT_EncodeInfoAccessExtension(PLArenaPool *arena,
- CERTAuthInfoAccess **info,
- SECItem *dest)
+CERT_EncodeInfoAccessExtension(PLArenaPool *arena, CERTAuthInfoAccess **info,
+ SECItem *dest)
{
SECItem *dummy;
int i;
@@ -268,19 +252,18 @@
PORT_Assert(info != NULL);
PORT_Assert(dest != NULL);
if (info == NULL || dest == NULL) {
- return SECFailure;
+ return SECFailure;
}
for (i = 0; info[i] != NULL; i++) {
- if (CERT_EncodeGeneralName(info[i]->location, &(info[i]->derLocation),
- arena) == NULL)
- /* Note that this may leave some of the locations filled in. */
- return SECFailure;
+ if (CERT_EncodeGeneralName(info[i]->location, &(info[i]->derLocation),
+ arena) == NULL)
+ /* Note that this may leave some of the locations filled in. */
+ return SECFailure;
}
- dummy = SEC_ASN1EncodeItem(arena, dest, &info,
- CERTAuthInfoAccessTemplate);
+ dummy = SEC_ASN1EncodeItem(arena, dest, &info, CERTAuthInfoAccessTemplate);
if (dummy == NULL) {
- return SECFailure;
+ return SECFailure;
}
return SECSuccess;
}
diff --git a/nss/lib/certdb/xconst.h b/nss/lib/certdb/xconst.h
index 72767c3..8cf2e82 100644
--- a/nss/lib/certdb/xconst.h
+++ b/nss/lib/certdb/xconst.h
@@ -10,27 +10,21 @@
SECItem **encodedGenName;
} CERTAltNameEncodedContext;
-
-
SEC_BEGIN_PROTOS
-extern SECStatus
-CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
- CERTPrivKeyUsagePeriod *pkup,
- SECItem *encodedValue);
+extern SECStatus CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
+ CERTPrivKeyUsagePeriod *pkup,
+ SECItem *encodedValue);
-extern SECStatus
-CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
- CERTNameConstraints *value,
- SECItem *encodedValue);
+extern SECStatus CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
+ CERTNameConstraints *value,
+ SECItem *encodedValue);
-extern SECStatus
-CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
- SECItem *encodedValue);
+extern SECStatus CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
+ SECItem *encodedValue);
-SECStatus
-cert_EncodeAuthInfoAccessExtension(PLArenaPool *arena,
- CERTAuthInfoAccess **info,
- SECItem *dest);
+SECStatus cert_EncodeAuthInfoAccessExtension(PLArenaPool *arena,
+ CERTAuthInfoAccess **info,
+ SECItem *dest);
SEC_END_PROTOS
#endif
diff --git a/nss/lib/certhigh/certhigh.c b/nss/lib/certhigh/certhigh.c
index b06b7af..35064b5 100644
--- a/nss/lib/certhigh/certhigh.c
+++ b/nss/lib/certhigh/certhigh.c
@@ -17,36 +17,36 @@
#include "pkitm.h"
#include "pki3hack.h"
-
PRBool
-CERT_MatchNickname(char *name1, char *name2) {
- char *nickname1= NULL;
+CERT_MatchNickname(char *name1, char *name2)
+{
+ char *nickname1 = NULL;
char *nickname2 = NULL;
char *token1;
char *token2;
/* first deal with the straight comparison */
if (PORT_Strcmp(name1, name2) == 0) {
- return PR_TRUE;
+ return PR_TRUE;
}
/* we need to handle the case where one name has an explicit token and the other
* doesn't */
- token1 = PORT_Strchr(name1,':');
- token2 = PORT_Strchr(name2,':');
+ token1 = PORT_Strchr(name1, ':');
+ token2 = PORT_Strchr(name2, ':');
if ((token1 && token2) || (!token1 && !token2)) {
- /* either both token names are specified or neither are, not match */
- return PR_FALSE;
+ /* either both token names are specified or neither are, not match */
+ return PR_FALSE;
}
if (token1) {
- nickname1=token1;
- nickname2=name2;
+ nickname1 = token1;
+ nickname2 = name2;
} else {
- nickname1=token2;
- nickname2=name1;
+ nickname1 = token2;
+ nickname2 = name1;
}
nickname1++;
- if (PORT_Strcmp(nickname1,nickname2) != 0) {
- return PR_FALSE;
+ if (PORT_Strcmp(nickname1, nickname2) != 0) {
+ return PR_FALSE;
}
/* Bug 1192443 - compare the other token with the internal slot here */
return PR_TRUE;
@@ -54,7 +54,7 @@
/*
* Find all user certificates that match the given criteria.
- *
+ *
* "handle" - database to search
* "usage" - certificate usage to match
* "oneCertPerName" - if set then only return the "best" cert per
@@ -64,10 +64,10 @@
*/
CERTCertList *
CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
- SECCertUsage usage,
- PRBool oneCertPerName,
- PRBool validOnly,
- void *proto_win)
+ SECCertUsage usage,
+ PRBool oneCertPerName,
+ PRBool validOnly,
+ void *proto_win)
{
CERTCertNicknames *nicknames = NULL;
char **nnptr;
@@ -79,29 +79,29 @@
CERTCertListNode *node = NULL;
CERTCertListNode *freenode = NULL;
int n;
-
+
time = PR_Now();
-
+
nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER,
- proto_win);
-
- if ( ( nicknames == NULL ) || ( nicknames->numnicknames == 0 ) ) {
- goto loser;
+ proto_win);
+
+ if ((nicknames == NULL) || (nicknames->numnicknames == 0)) {
+ goto loser;
}
nnptr = nicknames->nicknames;
nn = nicknames->numnicknames;
- while ( nn > 0 ) {
- cert = NULL;
- /* use the pk11 call so that we pick up any certs on tokens,
+ while (nn > 0) {
+ cert = NULL;
+ /* use the pk11 call so that we pick up any certs on tokens,
* which may require login
*/
- if ( proto_win != NULL ) {
- cert = PK11_FindCertFromNickname(*nnptr,proto_win);
- }
+ if (proto_win != NULL) {
+ cert = PK11_FindCertFromNickname(*nnptr, proto_win);
+ }
- /* Sigh, It turns out if the cert is already in the temp db, because
+ /* Sigh, It turns out if the cert is already in the temp db, because
* it's in the perm db, then the nickname lookup doesn't work.
* since we already have the cert here, though, than we can just call
* CERT_CreateSubjectCertList directly. For those cases where we didn't
@@ -109,104 +109,104 @@
* or because the nickname is for a peer, server, or CA cert, then we
* go look the cert up.
*/
- if (cert == NULL) {
- cert = CERT_FindCertByNickname(handle,*nnptr);
- }
+ if (cert == NULL) {
+ cert = CERT_FindCertByNickname(handle, *nnptr);
+ }
- if ( cert != NULL ) {
- /* collect certs for this nickname, sorting them into the list */
- certList = CERT_CreateSubjectCertList(certList, handle,
- &cert->derSubject, time, validOnly);
+ if (cert != NULL) {
+ /* collect certs for this nickname, sorting them into the list */
+ certList = CERT_CreateSubjectCertList(certList, handle,
+ &cert->derSubject, time, validOnly);
- CERT_FilterCertListForUserCerts(certList);
-
- /* drop the extra reference */
- CERT_DestroyCertificate(cert);
- }
-
- nnptr++;
- nn--;
+ CERT_FilterCertListForUserCerts(certList);
+
+ /* drop the extra reference */
+ CERT_DestroyCertificate(cert);
+ }
+
+ nnptr++;
+ nn--;
}
/* remove certs with incorrect usage */
rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* remove any extra certs for each name */
- if ( oneCertPerName ) {
- PRBool *flags;
+ if (oneCertPerName) {
+ PRBool *flags;
- nn = nicknames->numnicknames;
- nnptr = nicknames->nicknames;
-
- flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn);
- if ( flags == NULL ) {
- goto loser;
- }
-
- node = CERT_LIST_HEAD(certList);
-
- /* treverse all certs in the list */
- while ( !CERT_LIST_END(node, certList) ) {
+ nn = nicknames->numnicknames;
+ nnptr = nicknames->nicknames;
- /* find matching nickname index */
- for ( n = 0; n < nn; n++ ) {
- if ( CERT_MatchNickname(nnptr[n], node->cert->nickname) ) {
- /* We found a match. If this is the first one, then
+ flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn);
+ if (flags == NULL) {
+ goto loser;
+ }
+
+ node = CERT_LIST_HEAD(certList);
+
+ /* treverse all certs in the list */
+ while (!CERT_LIST_END(node, certList)) {
+
+ /* find matching nickname index */
+ for (n = 0; n < nn; n++) {
+ if (CERT_MatchNickname(nnptr[n], node->cert->nickname)) {
+ /* We found a match. If this is the first one, then
* set the flag and move on to the next cert. If this
* is not the first one then delete it from the list.
*/
- if ( flags[n] ) {
- /* We have already seen a cert with this nickname,
+ if (flags[n]) {
+ /* We have already seen a cert with this nickname,
* so delete this one.
*/
- freenode = node;
- node = CERT_LIST_NEXT(node);
- CERT_RemoveCertListNode(freenode);
- } else {
- /* keep the first cert for each nickname, but set the
+ freenode = node;
+ node = CERT_LIST_NEXT(node);
+ CERT_RemoveCertListNode(freenode);
+ } else {
+ /* keep the first cert for each nickname, but set the
* flag so we know to delete any others with the same
* nickname.
*/
- flags[n] = PR_TRUE;
- node = CERT_LIST_NEXT(node);
- }
- break;
- }
- }
- if ( n == nn ) {
- /* if we get here it means that we didn't find a matching
+ flags[n] = PR_TRUE;
+ node = CERT_LIST_NEXT(node);
+ }
+ break;
+ }
+ }
+ if (n == nn) {
+ /* if we get here it means that we didn't find a matching
* nickname, which should not happen.
*/
- PORT_Assert(0);
- node = CERT_LIST_NEXT(node);
- }
- }
- PORT_Free(flags);
+ PORT_Assert(0);
+ node = CERT_LIST_NEXT(node);
+ }
+ }
+ PORT_Free(flags);
}
goto done;
-
+
loser:
- if ( certList != NULL ) {
- CERT_DestroyCertList(certList);
- certList = NULL;
+ if (certList != NULL) {
+ CERT_DestroyCertList(certList);
+ certList = NULL;
}
done:
- if ( nicknames != NULL ) {
- CERT_FreeNicknames(nicknames);
+ if (nicknames != NULL) {
+ CERT_FreeNicknames(nicknames);
}
- return(certList);
+ return (certList);
}
/*
* Find a user certificate that matchs the given criteria.
- *
+ *
* "handle" - database to search
* "nickname" - nickname to match
* "usage" - certificate usage to match
@@ -215,131 +215,129 @@
*/
CERTCertificate *
CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
- const char *nickname,
- SECCertUsage usage,
- PRBool validOnly,
- void *proto_win)
+ const char *nickname,
+ SECCertUsage usage,
+ PRBool validOnly,
+ void *proto_win)
{
CERTCertificate *cert = NULL;
CERTCertList *certList = NULL;
SECStatus rv;
PRTime time;
-
+
time = PR_Now();
-
+
/* use the pk11 call so that we pick up any certs on tokens,
* which may require login
*/
/* XXX - why is this restricted? */
- if ( proto_win != NULL ) {
- cert = PK11_FindCertFromNickname(nickname,proto_win);
+ if (proto_win != NULL) {
+ cert = PK11_FindCertFromNickname(nickname, proto_win);
}
-
/* sigh, There are still problems find smart cards from the temp
* db. This will get smart cards working again. The real fix
* is to make sure we can search the temp db by their token nickname.
*/
if (cert == NULL) {
- cert = CERT_FindCertByNickname(handle,nickname);
+ cert = CERT_FindCertByNickname(handle, nickname);
}
- if ( cert != NULL ) {
- unsigned int requiredKeyUsage;
- unsigned int requiredCertType;
+ if (cert != NULL) {
+ unsigned int requiredKeyUsage;
+ unsigned int requiredCertType;
- rv = CERT_KeyUsageAndTypeForCertUsage(usage, PR_FALSE,
- &requiredKeyUsage, &requiredCertType);
- if ( rv != SECSuccess ) {
- /* drop the extra reference */
- CERT_DestroyCertificate(cert);
- cert = NULL;
- goto loser;
- }
- /* If we already found the right cert, just return it */
- if ( (!validOnly || CERT_CheckCertValidTimes(cert, time, PR_FALSE)
- == secCertTimeValid) &&
- (CERT_CheckKeyUsage(cert, requiredKeyUsage) == SECSuccess) &&
- (cert->nsCertType & requiredCertType) &&
- CERT_IsUserCert(cert) ) {
- return(cert);
- }
+ rv = CERT_KeyUsageAndTypeForCertUsage(usage, PR_FALSE,
+ &requiredKeyUsage, &requiredCertType);
+ if (rv != SECSuccess) {
+ /* drop the extra reference */
+ CERT_DestroyCertificate(cert);
+ cert = NULL;
+ goto loser;
+ }
+ /* If we already found the right cert, just return it */
+ if ((!validOnly || CERT_CheckCertValidTimes(cert, time, PR_FALSE) ==
+ secCertTimeValid) &&
+ (CERT_CheckKeyUsage(cert, requiredKeyUsage) == SECSuccess) &&
+ (cert->nsCertType & requiredCertType) &&
+ CERT_IsUserCert(cert)) {
+ return (cert);
+ }
- /* collect certs for this nickname, sorting them into the list */
- certList = CERT_CreateSubjectCertList(certList, handle,
- &cert->derSubject, time, validOnly);
+ /* collect certs for this nickname, sorting them into the list */
+ certList = CERT_CreateSubjectCertList(certList, handle,
+ &cert->derSubject, time, validOnly);
- CERT_FilterCertListForUserCerts(certList);
+ CERT_FilterCertListForUserCerts(certList);
- /* drop the extra reference */
- CERT_DestroyCertificate(cert);
- cert = NULL;
+ /* drop the extra reference */
+ CERT_DestroyCertificate(cert);
+ cert = NULL;
}
-
- if ( certList == NULL ) {
- goto loser;
+
+ if (certList == NULL) {
+ goto loser;
}
-
+
/* remove certs with incorrect usage */
rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
- if ( ! CERT_LIST_END(CERT_LIST_HEAD(certList), certList) ) {
- cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert);
+ if (!CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
+ cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert);
}
-
+
loser:
- if ( certList != NULL ) {
- CERT_DestroyCertList(certList);
+ if (certList != NULL) {
+ CERT_DestroyCertList(certList);
}
- return(cert);
+ return (cert);
}
CERTCertList *
CERT_MatchUserCert(CERTCertDBHandle *handle,
- SECCertUsage usage,
- int nCANames, char **caNames,
- void *proto_win)
+ SECCertUsage usage,
+ int nCANames, char **caNames,
+ void *proto_win)
{
CERTCertList *certList = NULL;
SECStatus rv;
certList = CERT_FindUserCertsByUsage(handle, usage, PR_TRUE, PR_TRUE,
- proto_win);
- if ( certList == NULL ) {
- goto loser;
+ proto_win);
+ if (certList == NULL) {
+ goto loser;
}
-
+
rv = CERT_FilterCertListByCANames(certList, nCANames, caNames, usage);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
-
+
goto done;
-
+
loser:
- if ( certList != NULL ) {
- CERT_DestroyCertList(certList);
- certList = NULL;
+ if (certList != NULL) {
+ CERT_DestroyCertList(certList);
+ certList = NULL;
}
done:
- return(certList);
+ return (certList);
}
-
typedef struct stringNode {
struct stringNode *next;
char *string;
} stringNode;
-
+
static PRStatus
-CollectNicknames( NSSCertificate *c, void *data)
+CollectNicknames(NSSCertificate *c, void *data)
{
CERTCertNicknames *names;
PRBool saveit = PR_FALSE;
@@ -351,103 +349,104 @@
#endif
char *stanNickname;
char *nickname = NULL;
-
+
names = (CERTCertNicknames *)data;
- stanNickname = nssCertificate_GetNickname(c,NULL);
-
- if ( stanNickname ) {
+ stanNickname = nssCertificate_GetNickname(c, NULL);
+
+ if (stanNickname) {
nss_ZFreeIf(stanNickname);
stanNickname = NULL;
- if (names->what == SEC_CERT_NICKNAMES_USER) {
- saveit = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL);
- }
+ if (names->what == SEC_CERT_NICKNAMES_USER) {
+ saveit = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL);
+ }
#ifdef notdef
- else {
- td = NSSCertificate_GetTrustDomain(c);
- if (!td) {
- return PR_SUCCESS;
- }
- trust = nssTrustDomain_FindTrustForCertificate(td,c);
-
- switch(names->what) {
- case SEC_CERT_NICKNAMES_ALL:
- if ((trust->sslFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
- (trust->emailFlags & (CERTDB_VALID_CA|CERTDB_VALID_PEER) ) ||
- (trust->objectSigningFlags &
- (CERTDB_VALID_CA|CERTDB_VALID_PEER))) {
- saveit = PR_TRUE;
- }
-
- break;
- case SEC_CERT_NICKNAMES_SERVER:
- if ( trust->sslFlags & CERTDB_VALID_PEER ) {
- saveit = PR_TRUE;
- }
-
- break;
- case SEC_CERT_NICKNAMES_CA:
- if (((trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA)||
- ((trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA) ||
- ((trust->objectSigningFlags & CERTDB_VALID_CA )
- == CERTDB_VALID_CA)) {
- saveit = PR_TRUE;
- }
- break;
- }
- }
+ else {
+ td = NSSCertificate_GetTrustDomain(c);
+ if (!td) {
+ return PR_SUCCESS;
+ }
+ trust = nssTrustDomain_FindTrustForCertificate(td, c);
+
+ switch (names->what) {
+ case SEC_CERT_NICKNAMES_ALL:
+ if ((trust->sslFlags & (CERTDB_VALID_CA | CERTDB_VALID_PEER)) ||
+ (trust->emailFlags & (CERTDB_VALID_CA | CERTDB_VALID_PEER)) ||
+ (trust->objectSigningFlags &
+ (CERTDB_VALID_CA | CERTDB_VALID_PEER))) {
+ saveit = PR_TRUE;
+ }
+
+ break;
+ case SEC_CERT_NICKNAMES_SERVER:
+ if (trust->sslFlags & CERTDB_VALID_PEER) {
+ saveit = PR_TRUE;
+ }
+
+ break;
+ case SEC_CERT_NICKNAMES_CA:
+ if (((trust->sslFlags & CERTDB_VALID_CA) == CERTDB_VALID_CA) ||
+ ((trust->emailFlags & CERTDB_VALID_CA) == CERTDB_VALID_CA) ||
+ ((trust->objectSigningFlags & CERTDB_VALID_CA) ==
+ CERTDB_VALID_CA)) {
+ saveit = PR_TRUE;
+ }
+ break;
+ }
+ }
#endif
}
/* traverse the list of collected nicknames and make sure we don't make
* a duplicate
*/
- if ( saveit ) {
- nickname = STAN_GetCERTCertificateName(NULL, c);
- /* nickname can only be NULL here if we are having memory
+ if (saveit) {
+ nickname = STAN_GetCERTCertificateName(NULL, c);
+ /* nickname can only be NULL here if we are having memory
* alloc problems */
- if (nickname == NULL) {
- return PR_FAILURE;
- }
- node = (stringNode *)names->head;
- while ( node != NULL ) {
- if ( PORT_Strcmp(nickname, node->string) == 0 ) {
- /* if the string matches, then don't save this one */
- saveit = PR_FALSE;
- break;
- }
- node = node->next;
- }
+ if (nickname == NULL) {
+ return PR_FAILURE;
+ }
+ node = (stringNode *)names->head;
+ while (node != NULL) {
+ if (PORT_Strcmp(nickname, node->string) == 0) {
+ /* if the string matches, then don't save this one */
+ saveit = PR_FALSE;
+ break;
+ }
+ node = node->next;
+ }
}
- if ( saveit ) {
-
- /* allocate the node */
- node = (stringNode*)PORT_ArenaAlloc(names->arena, sizeof(stringNode));
- if ( node == NULL ) {
- PORT_Free(nickname);
- return PR_FAILURE;
- }
+ if (saveit) {
- /* copy the string */
- len = PORT_Strlen(nickname) + 1;
- node->string = (char*)PORT_ArenaAlloc(names->arena, len);
- if ( node->string == NULL ) {
- PORT_Free(nickname);
- return PR_FAILURE;
- }
- PORT_Memcpy(node->string, nickname, len);
+ /* allocate the node */
+ node = (stringNode *)PORT_ArenaAlloc(names->arena, sizeof(stringNode));
+ if (node == NULL) {
+ PORT_Free(nickname);
+ return PR_FAILURE;
+ }
- /* link it into the list */
- node->next = (stringNode *)names->head;
- names->head = (void *)node;
+ /* copy the string */
+ len = PORT_Strlen(nickname) + 1;
+ node->string = (char *)PORT_ArenaAlloc(names->arena, len);
+ if (node->string == NULL) {
+ PORT_Free(nickname);
+ return PR_FAILURE;
+ }
+ PORT_Memcpy(node->string, nickname, len);
- /* bump the count */
- names->numnicknames++;
+ /* link it into the list */
+ node->next = (stringNode *)names->head;
+ names->head = (void *)node;
+
+ /* bump the count */
+ names->numnicknames++;
}
-
- if (nickname) PORT_Free(nickname);
- return(PR_SUCCESS);
+
+ if (nickname)
+ PORT_Free(nickname);
+ return (PR_SUCCESS);
}
CERTCertNicknames *
@@ -457,16 +456,16 @@
CERTCertNicknames *names;
int i;
stringNode *node;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(NULL);
+ if (arena == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (NULL);
}
-
+
names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
- if ( names == NULL ) {
- goto loser;
+ if (names == NULL) {
+ goto loser;
}
names->arena = arena;
@@ -477,43 +476,44 @@
names->totallen = 0;
/* make sure we are logged in */
- (void) pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
-
+ (void)pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
+
NSSTrustDomain_TraverseCertificates(handle,
- CollectNicknames, (void *)names);
- if ( names->numnicknames ) {
- names->nicknames = (char**)PORT_ArenaAlloc(arena,
- names->numnicknames * sizeof(char *));
+ CollectNicknames, (void *)names);
+ if (names->numnicknames) {
+ names->nicknames = (char **)PORT_ArenaAlloc(arena,
+ names->numnicknames *
+ sizeof(char *));
- if ( names->nicknames == NULL ) {
- goto loser;
- }
-
- node = (stringNode *)names->head;
-
- for ( i = 0; i < names->numnicknames; i++ ) {
- PORT_Assert(node != NULL);
-
- names->nicknames[i] = node->string;
- names->totallen += PORT_Strlen(node->string);
- node = node->next;
- }
+ if (names->nicknames == NULL) {
+ goto loser;
+ }
- PORT_Assert(node == NULL);
+ node = (stringNode *)names->head;
+
+ for (i = 0; i < names->numnicknames; i++) {
+ PORT_Assert(node != NULL);
+
+ names->nicknames[i] = node->string;
+ names->totallen += PORT_Strlen(node->string);
+ node = node->next;
+ }
+
+ PORT_Assert(node == NULL);
}
- return(names);
-
+ return (names);
+
loser:
PORT_FreeArena(arena, PR_FALSE);
- return(NULL);
+ return (NULL);
}
void
CERT_FreeNicknames(CERTCertNicknames *nicknames)
{
PORT_FreeArena(nicknames->arena, PR_FALSE);
-
+
return;
}
@@ -528,53 +528,53 @@
CERT_FreeDistNames(CERTDistNames *names)
{
PORT_FreeArena(names->arena, PR_FALSE);
-
+
return;
}
static SECStatus
-CollectDistNames( CERTCertificate *cert, SECItem *k, void *data)
+CollectDistNames(CERTCertificate *cert, SECItem *k, void *data)
{
CERTDistNames *names;
PRBool saveit = PR_FALSE;
CERTCertTrust trust;
dnameNode *node;
int len;
-
+
names = (CERTDistNames *)data;
-
- if ( CERT_GetCertTrust(cert, &trust) == SECSuccess ) {
- /* only collect names of CAs trusted for issuing SSL clients */
- if ( trust.sslFlags & CERTDB_TRUSTED_CLIENT_CA ) {
- saveit = PR_TRUE;
- }
+
+ if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+ /* only collect names of CAs trusted for issuing SSL clients */
+ if (trust.sslFlags & CERTDB_TRUSTED_CLIENT_CA) {
+ saveit = PR_TRUE;
+ }
}
- if ( saveit ) {
- /* allocate the node */
- node = (dnameNode*)PORT_ArenaAlloc(names->arena, sizeof(dnameNode));
- if ( node == NULL ) {
- return(SECFailure);
- }
+ if (saveit) {
+ /* allocate the node */
+ node = (dnameNode *)PORT_ArenaAlloc(names->arena, sizeof(dnameNode));
+ if (node == NULL) {
+ return (SECFailure);
+ }
- /* copy the name */
- node->name.len = len = cert->derSubject.len;
- node->name.type = siBuffer;
- node->name.data = (unsigned char*)PORT_ArenaAlloc(names->arena, len);
- if ( node->name.data == NULL ) {
- return(SECFailure);
- }
- PORT_Memcpy(node->name.data, cert->derSubject.data, len);
+ /* copy the name */
+ node->name.len = len = cert->derSubject.len;
+ node->name.type = siBuffer;
+ node->name.data = (unsigned char *)PORT_ArenaAlloc(names->arena, len);
+ if (node->name.data == NULL) {
+ return (SECFailure);
+ }
+ PORT_Memcpy(node->name.data, cert->derSubject.data, len);
- /* link it into the list */
- node->next = (dnameNode *)names->head;
- names->head = (void *)node;
+ /* link it into the list */
+ node->next = (dnameNode *)names->head;
+ names->head = (void *)node;
- /* bump the count */
- names->nnames++;
+ /* bump the count */
+ names->nnames++;
}
-
- return(SECSuccess);
+
+ return (SECSuccess);
}
/*
@@ -587,18 +587,18 @@
CERTDistNames *names;
int i;
SECStatus rv;
-
+
/* allocate an arena to use */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(NULL);
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (NULL);
}
-
+
/* allocate the header structure */
names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames));
if (names == NULL) {
- goto loser;
+ goto loser;
}
/* initialize the header struct */
@@ -606,26 +606,26 @@
names->head = NULL;
names->nnames = orig->nnames;
names->names = NULL;
-
+
/* construct the array from the list */
if (orig->nnames) {
- names->names = (SECItem*)PORT_ArenaNewArray(arena, SECItem,
- orig->nnames);
- if (names->names == NULL) {
- goto loser;
- }
- for (i = 0; i < orig->nnames; i++) {
+ names->names = (SECItem *)PORT_ArenaNewArray(arena, SECItem,
+ orig->nnames);
+ if (names->names == NULL) {
+ goto loser;
+ }
+ for (i = 0; i < orig->nnames; i++) {
rv = SECITEM_CopyItem(arena, &names->names[i], &orig->names[i]);
if (rv != SECSuccess) {
goto loser;
}
}
}
- return(names);
-
+ return (names);
+
loser:
PORT_FreeArena(arena, PR_FALSE);
- return(NULL);
+ return (NULL);
}
CERTDistNames *
@@ -636,18 +636,18 @@
int i;
SECStatus rv;
dnameNode *node;
-
+
/* allocate an arena to use */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return(NULL);
+ if (arena == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (NULL);
}
-
+
/* allocate the header structure */
names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames));
- if ( names == NULL ) {
- goto loser;
+ if (names == NULL) {
+ goto loser;
}
/* initialize the header struct */
@@ -655,48 +655,48 @@
names->head = NULL;
names->nnames = 0;
names->names = NULL;
-
+
/* collect the names from the database */
rv = PK11_TraverseSlotCerts(CollectDistNames, (void *)names, NULL);
- if ( rv ) {
- goto loser;
+ if (rv) {
+ goto loser;
}
/* construct the array from the list */
- if ( names->nnames ) {
- names->names = (SECItem*)PORT_ArenaAlloc(arena, names->nnames * sizeof(SECItem));
+ if (names->nnames) {
+ names->names = (SECItem *)PORT_ArenaAlloc(arena, names->nnames * sizeof(SECItem));
- if ( names->names == NULL ) {
- goto loser;
- }
-
- node = (dnameNode *)names->head;
-
- for ( i = 0; i < names->nnames; i++ ) {
- PORT_Assert(node != NULL);
-
- names->names[i] = node->name;
- node = node->next;
- }
+ if (names->names == NULL) {
+ goto loser;
+ }
- PORT_Assert(node == NULL);
+ node = (dnameNode *)names->head;
+
+ for (i = 0; i < names->nnames; i++) {
+ PORT_Assert(node != NULL);
+
+ names->names[i] = node->name;
+ node = node->next;
+ }
+
+ PORT_Assert(node == NULL);
}
- return(names);
-
+ return (names);
+
loser:
PORT_FreeArena(arena, PR_FALSE);
- return(NULL);
+ return (NULL);
}
CERTDistNames *
CERT_DistNamesFromCertList(CERTCertList *certList)
{
- CERTDistNames * dnames = NULL;
- PLArenaPool * arena;
+ CERTDistNames *dnames = NULL;
+ PLArenaPool *arena;
CERTCertListNode *node = NULL;
- SECItem * names = NULL;
- int listLen = 0, i = 0;
+ SECItem *names = NULL;
+ int listLen = 0, i = 0;
if (certList == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -704,23 +704,26 @@
}
node = CERT_LIST_HEAD(certList);
- while ( ! CERT_LIST_END(node, certList) ) {
+ while (!CERT_LIST_END(node, certList)) {
listLen += 1;
node = CERT_LIST_NEXT(node);
}
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) goto loser;
+ if (arena == NULL)
+ goto loser;
dnames = PORT_ArenaZNew(arena, CERTDistNames);
- if (dnames == NULL) goto loser;
+ if (dnames == NULL)
+ goto loser;
dnames->arena = arena;
dnames->nnames = listLen;
dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, listLen);
- if (names == NULL) goto loser;
+ if (names == NULL)
+ goto loser;
node = CERT_LIST_HEAD(certList);
- while ( ! CERT_LIST_END(node, certList) ) {
+ while (!CERT_LIST_END(node, certList)) {
CERTCertificate *cert = node->cert;
SECStatus rv = SECITEM_CopyItem(arena, &names[i++], &cert->derSubject);
if (rv == SECFailure) {
@@ -738,38 +741,43 @@
CERTDistNames *
CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames,
- int nnames)
+ int nnames)
{
CERTDistNames *dnames = NULL;
PLArenaPool *arena;
int i, rv;
SECItem *names = NULL;
CERTCertificate *cert = NULL;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) goto loser;
+ if (arena == NULL)
+ goto loser;
dnames = PORT_ArenaZNew(arena, CERTDistNames);
- if (dnames == NULL) goto loser;
+ if (dnames == NULL)
+ goto loser;
dnames->arena = arena;
dnames->nnames = nnames;
dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, nnames);
- if (names == NULL) goto loser;
-
+ if (names == NULL)
+ goto loser;
+
for (i = 0; i < nnames; i++) {
- cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]);
- if (cert == NULL) goto loser;
- rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject);
- if (rv == SECFailure) goto loser;
- CERT_DestroyCertificate(cert);
+ cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]);
+ if (cert == NULL)
+ goto loser;
+ rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject);
+ if (rv == SECFailure)
+ goto loser;
+ CERT_DestroyCertificate(cert);
}
return dnames;
-
+
loser:
if (cert != NULL)
- CERT_DestroyCertificate(cert);
+ CERT_DestroyCertificate(cert);
if (arena != NULL)
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return NULL;
}
@@ -784,36 +792,36 @@
SECItem *nameItem;
CERTCertificate *cert = NULL;
PLArenaPool *arena = NULL;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( arena == NULL ) {
- goto loser;
+
+ if (arena == NULL) {
+ goto loser;
}
-
+
name = CERT_AsciiToName(nameStr);
-
- if ( name ) {
- nameItem = SEC_ASN1EncodeItem (arena, NULL, (void *)name,
- CERT_NameTemplate);
- if ( nameItem != NULL ) {
+
+ if (name) {
+ nameItem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+ CERT_NameTemplate);
+ if (nameItem != NULL) {
cert = CERT_FindCertByName(handle, nameItem);
- }
- CERT_DestroyName(name);
+ }
+ CERT_DestroyName(name);
}
loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
}
-
- return(cert);
+
+ return (cert);
}
/* From certv3.c */
CERTCrlDistributionPoints *
-CERT_FindCRLDistributionPoints (CERTCertificate *cert)
+CERT_FindCRLDistributionPoints(CERTCertificate *cert)
{
SECItem encodedExtenValue;
SECStatus rv;
@@ -823,9 +831,9 @@
encodedExtenValue.len = 0;
rv = cert_FindExtension(cert->extensions, SEC_OID_X509_CRL_DIST_POINTS,
- &encodedExtenValue);
- if ( rv != SECSuccess ) {
- return (NULL);
+ &encodedExtenValue);
+ if (rv != SECSuccess) {
+ return (NULL);
}
dps = CERT_DecodeCRLDistributionPoints(cert->arena, &encodedExtenValue);
@@ -836,13 +844,13 @@
}
/* From crl.c */
-CERTSignedCrl * CERT_ImportCRL
- (CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, void *wincx)
+CERTSignedCrl *
+CERT_ImportCRL(CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, void *wincx)
{
- CERTSignedCrl* retCrl = NULL;
- PK11SlotInfo* slot = PK11_GetInternalKeySlot();
+ CERTSignedCrl *retCrl = NULL;
+ PK11SlotInfo *slot = PK11_GetInternalKeySlot();
retCrl = PK11_ImportCRL(slot, derCRL, url, type, wincx,
- CRL_IMPORT_DEFAULT_OPTIONS, NULL, CRL_DECODE_DEFAULT_OPTIONS);
+ CRL_IMPORT_DEFAULT_OPTIONS, NULL, CRL_DECODE_DEFAULT_OPTIONS);
PK11_FreeSlot(slot);
return retCrl;
@@ -861,110 +869,109 @@
PRBool isca;
char *nickname;
unsigned int certtype;
-
+
handle = CERT_GetDefaultCertDB();
-
+
while (numcerts--) {
- derCert = certs;
- certs++;
+ derCert = certs;
+ certs++;
- /* decode my certificate */
- /* This use is ok -- only looks at decoded parts, calls NewTemp later */
- newcert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
- if ( newcert == NULL ) {
- goto loser;
- }
+ /* decode my certificate */
+ /* This use is ok -- only looks at decoded parts, calls NewTemp later */
+ newcert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
+ if (newcert == NULL) {
+ goto loser;
+ }
- if (!trusted) {
- /* make sure that cert is valid */
- rv = CERT_CertTimesValid(newcert);
- if ( rv == SECFailure ) {
- goto endloop;
- }
- }
+ if (!trusted) {
+ /* make sure that cert is valid */
+ rv = CERT_CertTimesValid(newcert);
+ if (rv == SECFailure) {
+ goto endloop;
+ }
+ }
- /* does it have the CA extension */
-
- /*
+ /* does it have the CA extension */
+
+ /*
* Make sure that if this is an intermediate CA in the chain that
* it was given permission by its signer to be a CA.
*/
- isca = CERT_IsCACert(newcert, &certtype);
+ isca = CERT_IsCACert(newcert, &certtype);
- if ( !isca ) {
- if (!trusted) {
- goto endloop;
- }
- trust.sslFlags = CERTDB_VALID_CA;
- trust.emailFlags = CERTDB_VALID_CA;
- trust.objectSigningFlags = CERTDB_VALID_CA;
- } else {
- /* SSL ca's must have the ssl bit set */
- if ( ( certUsage == certUsageSSLCA ) &&
- (( certtype & NS_CERT_TYPE_SSL_CA ) != NS_CERT_TYPE_SSL_CA )) {
- goto endloop;
- }
+ if (!isca) {
+ if (!trusted) {
+ goto endloop;
+ }
+ trust.sslFlags = CERTDB_VALID_CA;
+ trust.emailFlags = CERTDB_VALID_CA;
+ trust.objectSigningFlags = CERTDB_VALID_CA;
+ } else {
+ /* SSL ca's must have the ssl bit set */
+ if ((certUsage == certUsageSSLCA) &&
+ ((certtype & NS_CERT_TYPE_SSL_CA) != NS_CERT_TYPE_SSL_CA)) {
+ goto endloop;
+ }
- /* it passed all of the tests, so lets add it to the database */
- /* mark it as a CA */
- PORT_Memset((void *)&trust, 0, sizeof(trust));
- switch ( certUsage ) {
- case certUsageSSLCA:
- trust.sslFlags = CERTDB_VALID_CA;
- break;
- case certUsageUserCertImport:
- if ((certtype & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
- trust.sslFlags = CERTDB_VALID_CA;
- }
- if ((certtype & NS_CERT_TYPE_EMAIL_CA)
- == NS_CERT_TYPE_EMAIL_CA ) {
- trust.emailFlags = CERTDB_VALID_CA;
- }
- if ( ( certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA ) ==
- NS_CERT_TYPE_OBJECT_SIGNING_CA ) {
- trust.objectSigningFlags = CERTDB_VALID_CA;
- }
- break;
- default:
- PORT_Assert(0);
- break;
- }
- }
-
- cert = CERT_NewTempCertificate(handle, derCert, NULL,
- PR_FALSE, PR_FALSE);
- if ( cert == NULL ) {
- goto loser;
- }
-
- /* if the cert is temp, make it perm; otherwise we're done */
- if (cert->istemp) {
- /* get a default nickname for it */
- nickname = CERT_MakeCANickname(cert);
+ /* it passed all of the tests, so lets add it to the database */
+ /* mark it as a CA */
+ PORT_Memset((void *)&trust, 0, sizeof(trust));
+ switch (certUsage) {
+ case certUsageSSLCA:
+ trust.sslFlags = CERTDB_VALID_CA;
+ break;
+ case certUsageUserCertImport:
+ if ((certtype & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
+ trust.sslFlags = CERTDB_VALID_CA;
+ }
+ if ((certtype & NS_CERT_TYPE_EMAIL_CA) ==
+ NS_CERT_TYPE_EMAIL_CA) {
+ trust.emailFlags = CERTDB_VALID_CA;
+ }
+ if ((certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA) ==
+ NS_CERT_TYPE_OBJECT_SIGNING_CA) {
+ trust.objectSigningFlags = CERTDB_VALID_CA;
+ }
+ break;
+ default:
+ PORT_Assert(0);
+ break;
+ }
+ }
- rv = CERT_AddTempCertToPerm(cert, nickname, &trust);
+ cert = CERT_NewTempCertificate(handle, derCert, NULL,
+ PR_FALSE, PR_FALSE);
+ if (cert == NULL) {
+ goto loser;
+ }
- /* free the nickname */
- if ( nickname ) {
- PORT_Free(nickname);
- }
- } else {
- rv = SECSuccess;
- }
+ /* if the cert is temp, make it perm; otherwise we're done */
+ if (cert->istemp) {
+ /* get a default nickname for it */
+ nickname = CERT_MakeCANickname(cert);
- CERT_DestroyCertificate(cert);
- cert = NULL;
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
+ rv = CERT_AddTempCertToPerm(cert, nickname, &trust);
-endloop:
- if ( newcert ) {
- CERT_DestroyCertificate(newcert);
- newcert = NULL;
- }
-
+ /* free the nickname */
+ if (nickname) {
+ PORT_Free(nickname);
+ }
+ } else {
+ rv = SECSuccess;
+ }
+
+ CERT_DestroyCertificate(cert);
+ cert = NULL;
+
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+
+ endloop:
+ if (newcert) {
+ CERT_DestroyCertificate(newcert);
+ newcert = NULL;
+ }
}
rv = SECSuccess;
@@ -972,18 +979,18 @@
loser:
rv = SECFailure;
done:
-
- if ( newcert ) {
- CERT_DestroyCertificate(newcert);
- newcert = NULL;
+
+ if (newcert) {
+ CERT_DestroyCertificate(newcert);
+ newcert = NULL;
}
-
- if ( cert ) {
- CERT_DestroyCertificate(cert);
- cert = NULL;
+
+ if (cert) {
+ CERT_DestroyCertificate(cert);
+ cert = NULL;
}
-
- return(rv);
+
+ return (rv);
}
SECStatus
@@ -993,7 +1000,8 @@
}
SECStatus
-CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage) {
+CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage)
+{
return cert_ImportCAChain(certs, numcerts, certUsage, PR_TRUE);
}
@@ -1014,7 +1022,7 @@
CERTCertificateList *
CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
- PRBool includeRoot)
+ PRBool includeRoot)
{
CERTCertificateList *chain = NULL;
NSSCertificate **stanChain;
@@ -1022,7 +1030,7 @@
PLArenaPool *arena;
NSSUsage nssUsage;
int i, len;
- NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+ NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
NSSCryptoContext *cc = STAN_GetDefaultCryptoContext();
stanCert = STAN_GetNSSCertificate(cert);
@@ -1034,55 +1042,57 @@
nssUsage.nss3usage = usage;
nssUsage.nss3lookingForCA = PR_FALSE;
stanChain = NSSCertificate_BuildChain(stanCert, NULL, &nssUsage, NULL, NULL,
- CERT_MAX_CERT_CHAIN, NULL, NULL, td, cc);
+ CERT_MAX_CERT_CHAIN, NULL, NULL, td, cc);
if (!stanChain) {
- PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
- return NULL;
+ PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+ return NULL;
}
len = 0;
stanCert = stanChain[0];
while (stanCert) {
- stanCert = stanChain[++len];
+ stanCert = stanChain[++len];
}
arena = PORT_NewArena(4096);
if (arena == NULL) {
- goto loser;
+ goto loser;
}
- chain = (CERTCertificateList *)PORT_ArenaAlloc(arena,
- sizeof(CERTCertificateList));
- if (!chain) goto loser;
- chain->certs = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
- if (!chain->certs) goto loser;
+ chain = (CERTCertificateList *)PORT_ArenaAlloc(arena,
+ sizeof(CERTCertificateList));
+ if (!chain)
+ goto loser;
+ chain->certs = (SECItem *)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
+ if (!chain->certs)
+ goto loser;
i = 0;
stanCert = stanChain[i];
while (stanCert) {
- SECItem derCert;
- CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
- if (!cCert) {
- goto loser;
- }
- derCert.len = (unsigned int)stanCert->encoding.size;
- derCert.data = (unsigned char *)stanCert->encoding.data;
- derCert.type = siBuffer;
- SECITEM_CopyItem(arena, &chain->certs[i], &derCert);
- stanCert = stanChain[++i];
- if (!stanCert && !cCert->isRoot) {
- /* reached the end of the chain, but the final cert is
+ SECItem derCert;
+ CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
+ if (!cCert) {
+ goto loser;
+ }
+ derCert.len = (unsigned int)stanCert->encoding.size;
+ derCert.data = (unsigned char *)stanCert->encoding.data;
+ derCert.type = siBuffer;
+ SECITEM_CopyItem(arena, &chain->certs[i], &derCert);
+ stanCert = stanChain[++i];
+ if (!stanCert && !cCert->isRoot) {
+ /* reached the end of the chain, but the final cert is
* not a root. Don't discard it.
*/
- includeRoot = PR_TRUE;
- }
- CERT_DestroyCertificate(cCert);
+ includeRoot = PR_TRUE;
+ }
+ CERT_DestroyCertificate(cCert);
}
- if ( !includeRoot && len > 1) {
- chain->len = len - 1;
+ if (!includeRoot && len > 1) {
+ chain->len = len - 1;
} else {
- chain->len = len;
+ chain->len = len;
}
-
+
chain->arena = arena;
nss_ZFreeIf(stanChain);
return chain;
@@ -1090,15 +1100,15 @@
i = 0;
stanCert = stanChain[i];
while (stanCert) {
- CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
- if (cCert) {
- CERT_DestroyCertificate(cCert);
- }
- stanCert = stanChain[++i];
+ CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
+ if (cCert) {
+ CERT_DestroyCertificate(cCert);
+ }
+ stanCert = stanChain[++i];
}
nss_ZFreeIf(stanChain);
if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return NULL;
}
@@ -1115,15 +1125,19 @@
/* arena for SecCertificateList */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) goto no_memory;
+ if (arena == NULL)
+ goto no_memory;
/* build the CERTCertificateList */
chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
- if (chain == NULL) goto no_memory;
- chain->certs = (SECItem*)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem));
- if (chain->certs == NULL) goto no_memory;
+ if (chain == NULL)
+ goto no_memory;
+ chain->certs = (SECItem *)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem));
+ if (chain->certs == NULL)
+ goto no_memory;
rv = SECITEM_CopyItem(arena, chain->certs, &(cert->derCert));
- if (rv < 0) goto loser;
+ if (rv < 0)
+ goto loser;
chain->len = 1;
chain->arena = arena;
@@ -1133,41 +1147,41 @@
PORT_SetError(SEC_ERROR_NO_MEMORY);
loser:
if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return NULL;
}
CERTCertificateList *
-CERT_DupCertList(const CERTCertificateList * oldList)
+CERT_DupCertList(const CERTCertificateList *oldList)
{
CERTCertificateList *newList = NULL;
- PLArenaPool *arena = NULL;
- SECItem *newItem;
- SECItem *oldItem;
- int len = oldList->len;
- int rv;
+ PLArenaPool *arena = NULL;
+ SECItem *newItem;
+ SECItem *oldItem;
+ int len = oldList->len;
+ int rv;
/* arena for SecCertificateList */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL)
- goto no_memory;
+ if (arena == NULL)
+ goto no_memory;
/* now build the CERTCertificateList */
newList = PORT_ArenaNew(arena, CERTCertificateList);
- if (newList == NULL)
- goto no_memory;
+ if (newList == NULL)
+ goto no_memory;
newList->arena = arena;
- newItem = (SECItem*)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
- if (newItem == NULL)
- goto no_memory;
+ newItem = (SECItem *)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
+ if (newItem == NULL)
+ goto no_memory;
newList->certs = newItem;
- newList->len = len;
+ newList->len = len;
for (oldItem = oldList->certs; len > 0; --len, ++newItem, ++oldItem) {
- rv = SECITEM_CopyItem(arena, newItem, oldItem);
- if (rv < 0)
- goto loser;
+ rv = SECITEM_CopyItem(arena, newItem, oldItem);
+ if (rv < 0)
+ goto loser;
}
return newList;
@@ -1175,7 +1189,7 @@
PORT_SetError(SEC_ERROR_NO_MEMORY);
loser:
if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return NULL;
}
@@ -1185,4 +1199,3 @@
{
PORT_FreeArena(list->arena, PR_FALSE);
}
-
diff --git a/nss/lib/certhigh/certhtml.c b/nss/lib/certhigh/certhtml.c
index aad66b0..a522f69 100644
--- a/nss/lib/certhigh/certhtml.c
+++ b/nss/lib/certhigh/certhtml.c
@@ -22,31 +22,33 @@
/*
** Convert a der-encoded integer to a hex printable string form
*/
-char *CERT_Hexify (SECItem *i, int do_colon)
+char *
+CERT_Hexify(SECItem *i, int do_colon)
{
unsigned char *cp, *end;
char *rv, *o;
if (!i->len) {
- return PORT_Strdup("00");
+ return PORT_Strdup("00");
}
- rv = o = (char*) PORT_Alloc(i->len * 3);
- if (!rv) return rv;
+ rv = o = (char *)PORT_Alloc(i->len * 3);
+ if (!rv)
+ return rv;
cp = i->data;
end = cp + i->len;
while (cp < end) {
- unsigned char ch = *cp++;
- *o++ = hex[(ch >> 4) & 0xf];
- *o++ = hex[ch & 0xf];
- if (cp != end) {
- if (do_colon) {
- *o++ = ':';
- }
- }
+ unsigned char ch = *cp++;
+ *o++ = hex[(ch >> 4) & 0xf];
+ *o++ = hex[ch & 0xf];
+ if (cp != end) {
+ if (do_colon) {
+ *o++ = ':';
+ }
+ }
}
- *o = 0; /* Null terminate the string */
+ *o = 0; /* Null terminate the string */
return rv;
}
@@ -58,132 +60,132 @@
#define MAX_OUS 20
#define MAX_DC MAX_OUS
-
-char *CERT_FormatName (CERTName *name)
+char *
+CERT_FormatName(CERTName *name)
{
- CERTRDN** rdns;
- CERTRDN * rdn;
- CERTAVA** avas;
- CERTAVA* ava;
- char * buf = 0;
- char * tmpbuf = 0;
- SECItem * cn = 0;
- SECItem * email = 0;
- SECItem * org = 0;
- SECItem * loc = 0;
- SECItem * state = 0;
- SECItem * country = 0;
- SECItem * dq = 0;
+ CERTRDN **rdns;
+ CERTRDN *rdn;
+ CERTAVA **avas;
+ CERTAVA *ava;
+ char *buf = 0;
+ char *tmpbuf = 0;
+ SECItem *cn = 0;
+ SECItem *email = 0;
+ SECItem *org = 0;
+ SECItem *loc = 0;
+ SECItem *state = 0;
+ SECItem *country = 0;
+ SECItem *dq = 0;
- unsigned len = 0;
- int tag;
- int i;
- int ou_count = 0;
- int dc_count = 0;
- PRBool first;
- SECItem * orgunit[MAX_OUS];
- SECItem * dc[MAX_DC];
+ unsigned len = 0;
+ int tag;
+ int i;
+ int ou_count = 0;
+ int dc_count = 0;
+ PRBool first;
+ SECItem *orgunit[MAX_OUS];
+ SECItem *dc[MAX_DC];
/* Loop over name components and gather the interesting ones */
rdns = name->rdns;
while ((rdn = *rdns++) != 0) {
- avas = rdn->avas;
- while ((ava = *avas++) != 0) {
- tag = CERT_GetAVATag(ava);
- switch(tag) {
- case SEC_OID_AVA_COMMON_NAME:
- if (cn) {
- break;
- }
- cn = CERT_DecodeAVAValue(&ava->value);
- if (!cn) {
- goto loser;
- }
- len += cn->len;
- break;
- case SEC_OID_AVA_COUNTRY_NAME:
- if (country) {
- break;
- }
- country = CERT_DecodeAVAValue(&ava->value);
- if (!country) {
- goto loser;
- }
- len += country->len;
- break;
- case SEC_OID_AVA_LOCALITY:
- if (loc) {
- break;
- }
- loc = CERT_DecodeAVAValue(&ava->value);
- if (!loc) {
- goto loser;
- }
- len += loc->len;
- break;
- case SEC_OID_AVA_STATE_OR_PROVINCE:
- if (state) {
- break;
- }
- state = CERT_DecodeAVAValue(&ava->value);
- if (!state) {
- goto loser;
- }
- len += state->len;
- break;
- case SEC_OID_AVA_ORGANIZATION_NAME:
- if (org) {
- break;
- }
- org = CERT_DecodeAVAValue(&ava->value);
- if (!org) {
- goto loser;
- }
- len += org->len;
- break;
- case SEC_OID_AVA_DN_QUALIFIER:
- if (dq) {
- break;
- }
- dq = CERT_DecodeAVAValue(&ava->value);
- if (!dq) {
- goto loser;
- }
- len += dq->len;
- break;
- case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
- if (ou_count < MAX_OUS) {
- orgunit[ou_count] = CERT_DecodeAVAValue(&ava->value);
- if (!orgunit[ou_count]) {
- goto loser;
+ avas = rdn->avas;
+ while ((ava = *avas++) != 0) {
+ tag = CERT_GetAVATag(ava);
+ switch (tag) {
+ case SEC_OID_AVA_COMMON_NAME:
+ if (cn) {
+ break;
+ }
+ cn = CERT_DecodeAVAValue(&ava->value);
+ if (!cn) {
+ goto loser;
+ }
+ len += cn->len;
+ break;
+ case SEC_OID_AVA_COUNTRY_NAME:
+ if (country) {
+ break;
+ }
+ country = CERT_DecodeAVAValue(&ava->value);
+ if (!country) {
+ goto loser;
+ }
+ len += country->len;
+ break;
+ case SEC_OID_AVA_LOCALITY:
+ if (loc) {
+ break;
+ }
+ loc = CERT_DecodeAVAValue(&ava->value);
+ if (!loc) {
+ goto loser;
+ }
+ len += loc->len;
+ break;
+ case SEC_OID_AVA_STATE_OR_PROVINCE:
+ if (state) {
+ break;
+ }
+ state = CERT_DecodeAVAValue(&ava->value);
+ if (!state) {
+ goto loser;
+ }
+ len += state->len;
+ break;
+ case SEC_OID_AVA_ORGANIZATION_NAME:
+ if (org) {
+ break;
+ }
+ org = CERT_DecodeAVAValue(&ava->value);
+ if (!org) {
+ goto loser;
+ }
+ len += org->len;
+ break;
+ case SEC_OID_AVA_DN_QUALIFIER:
+ if (dq) {
+ break;
+ }
+ dq = CERT_DecodeAVAValue(&ava->value);
+ if (!dq) {
+ goto loser;
+ }
+ len += dq->len;
+ break;
+ case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
+ if (ou_count < MAX_OUS) {
+ orgunit[ou_count] = CERT_DecodeAVAValue(&ava->value);
+ if (!orgunit[ou_count]) {
+ goto loser;
}
- len += orgunit[ou_count++]->len;
- }
- break;
- case SEC_OID_AVA_DC:
- if (dc_count < MAX_DC) {
- dc[dc_count] = CERT_DecodeAVAValue(&ava->value);
- if (!dc[dc_count]) {
- goto loser;
- }
- len += dc[dc_count++]->len;
- }
- break;
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- case SEC_OID_RFC1274_MAIL:
- if (email) {
- break;
- }
- email = CERT_DecodeAVAValue(&ava->value);
- if (!email) {
- goto loser;
- }
- len += email->len;
- break;
- default:
- break;
- }
- }
+ len += orgunit[ou_count++]->len;
+ }
+ break;
+ case SEC_OID_AVA_DC:
+ if (dc_count < MAX_DC) {
+ dc[dc_count] = CERT_DecodeAVAValue(&ava->value);
+ if (!dc[dc_count]) {
+ goto loser;
+ }
+ len += dc[dc_count++]->len;
+ }
+ break;
+ case SEC_OID_PKCS9_EMAIL_ADDRESS:
+ case SEC_OID_RFC1274_MAIL:
+ if (email) {
+ break;
+ }
+ email = CERT_DecodeAVAValue(&ava->value);
+ if (!email) {
+ goto loser;
+ }
+ len += email->len;
+ break;
+ default:
+ break;
+ }
+ }
}
/* XXX - add some for formatting */
@@ -191,109 +193,108 @@
/* allocate buffer */
buf = (char *)PORT_Alloc(len);
- if ( !buf ) {
- goto loser;
+ if (!buf) {
+ goto loser;
}
tmpbuf = buf;
-
- if ( cn ) {
- PORT_Memcpy(tmpbuf, cn->data, cn->len);
- tmpbuf += cn->len;
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
+
+ if (cn) {
+ PORT_Memcpy(tmpbuf, cn->data, cn->len);
+ tmpbuf += cn->len;
+ PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+ tmpbuf += BREAKLEN;
}
- if ( email ) {
- PORT_Memcpy(tmpbuf, email->data, email->len);
- tmpbuf += ( email->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
+ if (email) {
+ PORT_Memcpy(tmpbuf, email->data, email->len);
+ tmpbuf += (email->len);
+ PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+ tmpbuf += BREAKLEN;
}
- for (i=ou_count-1; i >= 0; i--) {
- PORT_Memcpy(tmpbuf, orgunit[i]->data, orgunit[i]->len);
- tmpbuf += ( orgunit[i]->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
+ for (i = ou_count - 1; i >= 0; i--) {
+ PORT_Memcpy(tmpbuf, orgunit[i]->data, orgunit[i]->len);
+ tmpbuf += (orgunit[i]->len);
+ PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+ tmpbuf += BREAKLEN;
}
- if ( dq ) {
- PORT_Memcpy(tmpbuf, dq->data, dq->len);
- tmpbuf += ( dq->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
+ if (dq) {
+ PORT_Memcpy(tmpbuf, dq->data, dq->len);
+ tmpbuf += (dq->len);
+ PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+ tmpbuf += BREAKLEN;
}
- if ( org ) {
- PORT_Memcpy(tmpbuf, org->data, org->len);
- tmpbuf += ( org->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
+ if (org) {
+ PORT_Memcpy(tmpbuf, org->data, org->len);
+ tmpbuf += (org->len);
+ PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+ tmpbuf += BREAKLEN;
}
- for (i=dc_count-1; i >= 0; i--) {
- PORT_Memcpy(tmpbuf, dc[i]->data, dc[i]->len);
- tmpbuf += ( dc[i]->len );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
+ for (i = dc_count - 1; i >= 0; i--) {
+ PORT_Memcpy(tmpbuf, dc[i]->data, dc[i]->len);
+ tmpbuf += (dc[i]->len);
+ PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+ tmpbuf += BREAKLEN;
}
first = PR_TRUE;
- if ( loc ) {
- PORT_Memcpy(tmpbuf, loc->data, loc->len);
- tmpbuf += ( loc->len );
- first = PR_FALSE;
+ if (loc) {
+ PORT_Memcpy(tmpbuf, loc->data, loc->len);
+ tmpbuf += (loc->len);
+ first = PR_FALSE;
}
- if ( state ) {
- if ( !first ) {
- PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
- tmpbuf += COMMALEN;
- }
- PORT_Memcpy(tmpbuf, state->data, state->len);
- tmpbuf += ( state->len );
- first = PR_FALSE;
+ if (state) {
+ if (!first) {
+ PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
+ tmpbuf += COMMALEN;
+ }
+ PORT_Memcpy(tmpbuf, state->data, state->len);
+ tmpbuf += (state->len);
+ first = PR_FALSE;
}
- if ( country ) {
- if ( !first ) {
- PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
- tmpbuf += COMMALEN;
- }
- PORT_Memcpy(tmpbuf, country->data, country->len);
- tmpbuf += ( country->len );
- first = PR_FALSE;
+ if (country) {
+ if (!first) {
+ PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
+ tmpbuf += COMMALEN;
+ }
+ PORT_Memcpy(tmpbuf, country->data, country->len);
+ tmpbuf += (country->len);
+ first = PR_FALSE;
}
- if ( !first ) {
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
+ if (!first) {
+ PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+ tmpbuf += BREAKLEN;
}
*tmpbuf = 0;
- /* fall through and clean */
+/* fall through and clean */
loser:
- if ( cn ) {
- SECITEM_FreeItem(cn, PR_TRUE);
+ if (cn) {
+ SECITEM_FreeItem(cn, PR_TRUE);
}
- if ( email ) {
- SECITEM_FreeItem(email, PR_TRUE);
+ if (email) {
+ SECITEM_FreeItem(email, PR_TRUE);
}
- for (i=ou_count-1; i >= 0; i--) {
- SECITEM_FreeItem(orgunit[i], PR_TRUE);
+ for (i = ou_count - 1; i >= 0; i--) {
+ SECITEM_FreeItem(orgunit[i], PR_TRUE);
}
- if ( dq ) {
- SECITEM_FreeItem(dq, PR_TRUE);
+ if (dq) {
+ SECITEM_FreeItem(dq, PR_TRUE);
}
- if ( org ) {
- SECITEM_FreeItem(org, PR_TRUE);
+ if (org) {
+ SECITEM_FreeItem(org, PR_TRUE);
}
- for (i=dc_count-1; i >= 0; i--) {
- SECITEM_FreeItem(dc[i], PR_TRUE);
+ for (i = dc_count - 1; i >= 0; i--) {
+ SECITEM_FreeItem(dc[i], PR_TRUE);
}
- if ( loc ) {
- SECITEM_FreeItem(loc, PR_TRUE);
+ if (loc) {
+ SECITEM_FreeItem(loc, PR_TRUE);
}
- if ( state ) {
- SECITEM_FreeItem(state, PR_TRUE);
+ if (state) {
+ SECITEM_FreeItem(state, PR_TRUE);
}
- if ( country ) {
- SECITEM_FreeItem(country, PR_TRUE);
+ if (country) {
+ SECITEM_FreeItem(country, PR_TRUE);
}
- return(buf);
+ return (buf);
}
-
diff --git a/nss/lib/certhigh/certreq.c b/nss/lib/certhigh/certreq.c
index f5098a0..4087bc9 100644
--- a/nss/lib/certhigh/certreq.c
+++ b/nss/lib/certhigh/certreq.c
@@ -14,10 +14,10 @@
const SEC_ASN1Template CERT_AttributeTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTAttribute) },
+ 0, NULL, sizeof(CERTAttribute) },
{ SEC_ASN1_OBJECT_ID, offsetof(CERTAttribute, attrType) },
{ SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(CERTAttribute, attrValue),
- SEC_ASN1_SUB(SEC_AnyTemplate) },
+ SEC_ASN1_SUB(SEC_AnyTemplate) },
{ 0 }
};
@@ -27,18 +27,18 @@
const SEC_ASN1Template CERT_CertificateRequestTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertificateRequest) },
+ 0, NULL, sizeof(CERTCertificateRequest) },
{ SEC_ASN1_INTEGER,
- offsetof(CERTCertificateRequest,version) },
+ offsetof(CERTCertificateRequest, version) },
{ SEC_ASN1_INLINE,
- offsetof(CERTCertificateRequest,subject),
- CERT_NameTemplate },
+ offsetof(CERTCertificateRequest, subject),
+ CERT_NameTemplate },
{ SEC_ASN1_INLINE,
- offsetof(CERTCertificateRequest,subjectPublicKeyInfo),
- CERT_SubjectPublicKeyInfoTemplate },
+ offsetof(CERTCertificateRequest, subjectPublicKeyInfo),
+ CERT_SubjectPublicKeyInfoTemplate },
{ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTCertificateRequest,attributes),
- CERT_SetOfAttributeTemplate },
+ offsetof(CERTCertificateRequest, attributes),
+ CERT_SetOfAttributeTemplate },
{ 0 }
};
@@ -46,25 +46,25 @@
CERTCertificate *
CERT_CreateCertificate(unsigned long serialNumber,
- CERTName *issuer,
- CERTValidity *validity,
- CERTCertificateRequest *req)
+ CERTName *issuer,
+ CERTValidity *validity,
+ CERTCertificateRequest *req)
{
CERTCertificate *c;
int rv;
PLArenaPool *arena;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- return(0);
+
+ if (!arena) {
+ return (0);
}
c = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
-
+
if (!c) {
- PORT_FreeArena(arena, PR_FALSE);
- return 0;
+ PORT_FreeArena(arena, PR_FALSE);
+ return 0;
}
c->referenceCount = 1;
@@ -75,44 +75,50 @@
* If extensions are added, it will get changed as appropriate.
*/
rv = DER_SetUInteger(arena, &c->version, SEC_CERTIFICATE_VERSION_1);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
rv = DER_SetUInteger(arena, &c->serialNumber, serialNumber);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
rv = CERT_CopyName(arena, &c->issuer, issuer);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
rv = CERT_CopyValidity(arena, &c->validity, validity);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
rv = CERT_CopyName(arena, &c->subject, &req->subject);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
rv = SECKEY_CopySubjectPublicKeyInfo(arena, &c->subjectPublicKeyInfo,
- &req->subjectPublicKeyInfo);
- if (rv) goto loser;
+ &req->subjectPublicKeyInfo);
+ if (rv)
+ goto loser;
return c;
- loser:
+loser:
CERT_DestroyCertificate(c);
return 0;
}
/************************************************************************/
-/* It's clear from the comments that the original author of this
+/* It's clear from the comments that the original author of this
* function expected the template for certificate requests to treat
- * the attributes as a SET OF ANY. This function expected to be
+ * the attributes as a SET OF ANY. This function expected to be
* passed an array of SECItems each of which contained an already encoded
- * Attribute. But the cert request template does not treat the
+ * Attribute. But the cert request template does not treat the
* Attributes as a SET OF ANY, and AFAIK never has. Instead the template
* encodes attributes as a SET OF xxxxxxx. That is, it expects to encode
- * each of the Attributes, not have them pre-encoded. Consequently an
- * array of SECItems containing encoded Attributes is of no value to this
+ * each of the Attributes, not have them pre-encoded. Consequently an
+ * array of SECItems containing encoded Attributes is of no value to this
* function. But we cannot change the signature of this public function.
* It must continue to take SECItems.
*
- * I have recoded this function so that each SECItem contains an
+ * I have recoded this function so that each SECItem contains an
* encoded cert extension. The encoded cert extensions form the list for the
* single attribute of the cert request. In this implementation there is at most
* one attribute and it is always of type SEC_OID_PKCS9_EXTENSION_REQUEST.
@@ -120,95 +126,95 @@
CERTCertificateRequest *
CERT_CreateCertificateRequest(CERTName *subject,
- CERTSubjectPublicKeyInfo *spki,
- SECItem **attributes)
+ CERTSubjectPublicKeyInfo *spki,
+ SECItem **attributes)
{
CERTCertificateRequest *certreq;
PLArenaPool *arena;
- CERTAttribute * attribute;
- SECOidData * oidData;
+ CERTAttribute *attribute;
+ SECOidData *oidData;
SECStatus rv;
int i = 0;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- return NULL;
+ if (arena == NULL) {
+ return NULL;
}
-
+
certreq = PORT_ArenaZNew(arena, CERTCertificateRequest);
if (!certreq) {
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
+ PORT_FreeArena(arena, PR_FALSE);
+ return NULL;
}
/* below here it is safe to goto loser */
certreq->arena = arena;
-
+
rv = DER_SetUInteger(arena, &certreq->version,
- SEC_CERTIFICATE_REQUEST_VERSION);
+ SEC_CERTIFICATE_REQUEST_VERSION);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
rv = CERT_CopyName(arena, &certreq->subject, subject);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
rv = SECKEY_CopySubjectPublicKeyInfo(arena,
- &certreq->subjectPublicKeyInfo,
- spki);
+ &certreq->subjectPublicKeyInfo,
+ spki);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
- certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute*, 2);
- if(!certreq->attributes)
- goto loser;
+ certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute *, 2);
+ if (!certreq->attributes)
+ goto loser;
/* Copy over attribute information */
if (!attributes || !attributes[0]) {
- /*
+ /*
** Invent empty attribute information. According to the
** pkcs#10 spec, attributes has this ASN.1 type:
**
** attributes [0] IMPLICIT Attributes
- **
+ **
** Which means, we should create a NULL terminated list
** with the first entry being NULL;
*/
- certreq->attributes[0] = NULL;
- return certreq;
- }
+ certreq->attributes[0] = NULL;
+ return certreq;
+ }
/* allocate space for attributes */
attribute = PORT_ArenaZNew(arena, CERTAttribute);
- if (!attribute)
- goto loser;
+ if (!attribute)
+ goto loser;
- oidData = SECOID_FindOIDByTag( SEC_OID_PKCS9_EXTENSION_REQUEST );
+ oidData = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
PORT_Assert(oidData);
if (!oidData)
- goto loser;
+ goto loser;
rv = SECITEM_CopyItem(arena, &attribute->attrType, &oidData->oid);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
- for (i = 0; attributes[i] != NULL ; i++)
- ;
- attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i+1);
- if (!attribute->attrValue)
- goto loser;
+ for (i = 0; attributes[i] != NULL; i++)
+ ;
+ attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i + 1);
+ if (!attribute->attrValue)
+ goto loser;
/* copy attributes */
for (i = 0; attributes[i]; i++) {
- /*
+ /*
** Attributes are a SetOf Attribute which implies
** lexigraphical ordering. It is assumes that the
** attributes are passed in sorted. If we need to
** add functionality to sort them, there is an
** example in the PKCS 7 code.
*/
- attribute->attrValue[i] = SECITEM_ArenaDupItem(arena, attributes[i]);
- if(!attribute->attrValue[i])
- goto loser;
+ attribute->attrValue[i] = SECITEM_ArenaDupItem(arena, attributes[i]);
+ if (!attribute->attrValue[i])
+ goto loser;
}
certreq->attributes[0] = attribute;
@@ -224,7 +230,7 @@
CERT_DestroyCertificateRequest(CERTCertificateRequest *req)
{
if (req && req->arena) {
- PORT_FreeArena(req->arena, PR_FALSE);
+ PORT_FreeArena(req->arena, PR_FALSE);
}
return;
}
@@ -241,11 +247,11 @@
** attribute list by CERT_FinishCRAttributes().
*/
extern void *cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
- void (*setExts)(void *object, CERTCertExtension **exts));
+ void (*setExts)(void *object, CERTCertExtension **exts));
void *
CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req)
{
- return (cert_StartExtensions ((void *)req, req->arena, setCRExt));
+ return (cert_StartExtensions((void *)req, req->arena, setCRExt));
}
/*
@@ -257,38 +263,39 @@
*/
SECStatus
CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req)
-{ SECItem *extlist;
+{
+ SECItem *extlist;
SECOidData *oidrec;
CERTAttribute *attribute;
-
+
if (!req || !req->arena) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (req->attributes == NULL || req->attributes[0] == NULL)
return SECSuccess;
extlist = SEC_ASN1EncodeItem(req->arena, NULL, &req->attributes,
- SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate));
+ SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate));
if (extlist == NULL)
- return(SECFailure);
+ return (SECFailure);
oidrec = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
if (oidrec == NULL)
- return SECFailure;
+ return SECFailure;
/* now change the list of cert extensions into a list of attributes
*/
- req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute*, 2);
+ req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute *, 2);
attribute = PORT_ArenaZNew(req->arena, CERTAttribute);
-
+
if (req->attributes == NULL || attribute == NULL ||
SECITEM_CopyItem(req->arena, &attribute->attrType, &oidrec->oid) != 0) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
+ return SECFailure;
}
- attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem*, 2);
+ attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem *, 2);
if (attribute->attrValue == NULL)
return SECFailure;
@@ -303,22 +310,22 @@
SECStatus
CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req,
- CERTCertExtension ***exts)
+ CERTCertExtension ***exts)
{
if (req == NULL || exts == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if (req->attributes == NULL || *req->attributes == NULL)
- return SECSuccess;
-
- if ((*req->attributes)->attrValue == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- return(SEC_ASN1DecodeItem(req->arena, exts,
- SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate),
- (*req->attributes)->attrValue[0]));
+ if (req->attributes == NULL || *req->attributes == NULL)
+ return SECSuccess;
+
+ if ((*req->attributes)->attrValue == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ return (SEC_ASN1DecodeItem(req->arena, exts,
+ SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate),
+ (*req->attributes)->attrValue[0]));
}
diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c
index 855a62d..eff77fc 100644
--- a/nss/lib/certhigh/certvfy.c
+++ b/nss/lib/certhigh/certvfy.c
@@ -18,7 +18,6 @@
#include "pkix_pl_cert.h"
#endif /* NSS_DISABLE_LIBPKIX */
-
#include "nsspki.h"
#include "pkitm.h"
#include "pkim.h"
@@ -77,9 +76,10 @@
return (valid == secCertTimeValid) ? SECSuccess : SECFailure;
}
-SECStatus checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key)
+SECStatus
+checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key)
{
- SECStatus rv;
+ SECStatus rv;
SECOidTag sigAlg;
SECOidTag curve;
PRUint32 policyFlags = 0;
@@ -87,81 +87,81 @@
sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm);
- switch(sigAlg) {
+ switch (sigAlg) {
case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
- if (key->keyType != ecKey) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+ if (key->keyType != ecKey) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return SECFailure;
+ }
curve = SECKEY_GetECCOid(&key->u.ec.DEREncodedParams);
- if (curve != 0) {
- if (NSS_GetAlgorithmPolicy(curve, &policyFlags) == SECFailure ||
- !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
- PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
- return SECFailure;
- } else {
- return SECSuccess;
+ if (curve != 0) {
+ if (NSS_GetAlgorithmPolicy(curve, &policyFlags) == SECFailure ||
+ !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
+ PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+ return SECFailure;
+ } else {
+ return SECSuccess;
}
} else {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- return SECFailure;
- }
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+ return SECFailure;
+ }
return SECSuccess;
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
- case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
- case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
- if (key->keyType != rsaKey && key->keyType != rsaPssKey) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
+ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+ case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
+ case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
+ if (key->keyType != rsaKey && key->keyType != rsaPssKey) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return SECFailure;
+ }
len = 8 * key->u.rsa.modulus.len;
rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minLen);
if (rv != SECSuccess) {
return SECFailure;
- }
+ }
if (len < minLen) {
return SECFailure;
- }
+ }
return SECSuccess;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
- case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- case SEC_OID_SDN702_DSA_SIGNATURE:
- case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
- case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
- if (key->keyType != dsaKey) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
- }
+ case SEC_OID_ANSIX9_DSA_SIGNATURE:
+ case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+ case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+ case SEC_OID_SDN702_DSA_SIGNATURE:
+ case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
+ case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
+ if (key->keyType != dsaKey) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return SECFailure;
+ }
len = 8 * key->u.dsa.params.prime.len;
rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minLen);
if (rv != SECSuccess) {
return SECFailure;
- }
+ }
if (len < minLen) {
return SECFailure;
- }
+ }
return SECSuccess;
- default:
- return SECSuccess;
+ default:
+ return SECSuccess;
}
}
@@ -171,38 +171,38 @@
SECStatus
CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
SECKEYPublicKey *pubKey,
- void *wincx)
+ void *wincx)
{
- SECStatus rv;
- SECItem sig;
- SECOidTag hashAlg = SEC_OID_UNKNOWN;
+ SECStatus rv;
+ SECItem sig;
+ SECOidTag hashAlg = SEC_OID_UNKNOWN;
- if ( !pubKey || !sd ) {
- PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
- return SECFailure;
+ if (!pubKey || !sd) {
+ PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+ return SECFailure;
}
/* check the signature */
sig = sd->signature;
/* convert sig->len from bit counts to byte count. */
DER_ConvertBitString(&sig);
- rv = VFY_VerifyDataWithAlgorithmID(sd->data.data, sd->data.len, pubKey,
- &sig, &sd->signatureAlgorithm, &hashAlg, wincx);
+ rv = VFY_VerifyDataWithAlgorithmID(sd->data.data, sd->data.len, pubKey,
+ &sig, &sd->signatureAlgorithm, &hashAlg, wincx);
if (rv == SECSuccess) {
/* Are we honoring signatures for this algorithm? */
- PRUint32 policyFlags = 0;
- rv = checkKeyParams(&sd->signatureAlgorithm, pubKey);
- if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
- return SECFailure;
- }
+ PRUint32 policyFlags = 0;
+ rv = checkKeyParams(&sd->signatureAlgorithm, pubKey);
+ if (rv != SECSuccess) {
+ PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+ return SECFailure;
+ }
- rv = NSS_GetAlgorithmPolicy(hashAlg, &policyFlags);
- if (rv == SECSuccess &&
- !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
- PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
- return SECFailure;
- }
+ rv = NSS_GetAlgorithmPolicy(hashAlg, &policyFlags);
+ if (rv == SECSuccess &&
+ !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
+ PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+ return SECFailure;
+ }
}
return rv;
}
@@ -211,18 +211,18 @@
* verify the signature of a signed data object with the given DER publickey
*/
SECStatus
-CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd,
+CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd,
CERTSubjectPublicKeyInfo *pubKeyInfo,
- void *wincx)
+ void *wincx)
{
SECKEYPublicKey *pubKey;
- SECStatus rv = SECFailure;
+ SECStatus rv = SECFailure;
/* get cert's public key */
pubKey = SECKEY_ExtractPublicKey(pubKeyInfo);
if (pubKey) {
- rv = CERT_VerifySignedDataWithPublicKey(sd, pubKey, wincx);
- SECKEY_DestroyPublicKey(pubKey);
+ rv = CERT_VerifySignedDataWithPublicKey(sd, pubKey, wincx);
+ SECKEY_DestroyPublicKey(pubKey);
}
return rv;
}
@@ -232,31 +232,30 @@
*/
SECStatus
CERT_VerifySignedData(CERTSignedData *sd, CERTCertificate *cert,
- PRTime t, void *wincx)
+ PRTime t, void *wincx)
{
SECKEYPublicKey *pubKey = 0;
- SECStatus rv = SECFailure;
+ SECStatus rv = SECFailure;
SECCertTimeValidity validity;
/* check the certificate's validity */
validity = CERT_CheckCertValidTimes(cert, t, PR_FALSE);
- if ( validity != secCertTimeValid ) {
- return rv;
+ if (validity != secCertTimeValid) {
+ return rv;
}
/* get cert's public key */
pubKey = CERT_ExtractPublicKey(cert);
if (pubKey) {
- rv = CERT_VerifySignedDataWithPublicKey(sd, pubKey, wincx);
- SECKEY_DestroyPublicKey(pubKey);
+ rv = CERT_VerifySignedDataWithPublicKey(sd, pubKey, wincx);
+ SECKEY_DestroyPublicKey(pubKey);
}
return rv;
}
-
SECStatus
-SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert,
- CERTCertificate *caCert, PRTime t, void * wincx)
+SEC_CheckCRL(CERTCertDBHandle *handle, CERTCertificate *cert,
+ CERTCertificate *caCert, PRTime t, void *wincx)
{
return CERT_CheckCRL(cert, caCert, NULL, t, wincx);
}
@@ -278,33 +277,33 @@
me = STAN_GetNSSCertificate(cert);
if (!me) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
+ return NULL;
}
nssTime = NSSTime_SetPRTime(NULL, validTime);
nssUsage.anyUsage = PR_FALSE;
nssUsage.nss3usage = usage;
nssUsage.nss3lookingForCA = PR_TRUE;
- memset(chain, 0, 3*sizeof(NSSCertificate *));
- td = STAN_GetDefaultTrustDomain();
+ memset(chain, 0, 3 * sizeof(NSSCertificate *));
+ td = STAN_GetDefaultTrustDomain();
cc = STAN_GetDefaultCryptoContext();
- (void)NSSCertificate_BuildChain(me, nssTime, &nssUsage, NULL,
+ (void)NSSCertificate_BuildChain(me, nssTime, &nssUsage, NULL,
chain, 2, NULL, &status, td, cc);
nss_ZFreeIf(nssTime);
if (status == PR_SUCCESS) {
- PORT_Assert(me == chain[0]);
- /* if it's a root, the chain will only have one cert */
- if (!chain[1]) {
- /* already has a reference from the call to BuildChain */
- return cert;
- }
- NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */
- return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */
- }
- if (chain[0]) {
- PORT_Assert(me == chain[0]);
- NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */
+ PORT_Assert(me == chain[0]);
+ /* if it's a root, the chain will only have one cert */
+ if (!chain[1]) {
+ /* already has a reference from the call to BuildChain */
+ return cert;
+ }
+ NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */
+ return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */
}
- PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
+ if (chain[0]) {
+ PORT_Assert(me == chain[0]);
+ NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */
+ }
+ PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
return NULL;
}
@@ -313,136 +312,136 @@
*/
SECStatus
CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
- unsigned int *retFlags,
- SECTrustType *retTrustType)
+ unsigned int *retFlags,
+ SECTrustType *retTrustType)
{
unsigned int requiredFlags;
SECTrustType trustType;
- switch ( usage ) {
- case certUsageSSLClient:
- requiredFlags = CERTDB_TRUSTED_CLIENT_CA;
- trustType = trustSSL;
- break;
- case certUsageSSLServer:
- case certUsageSSLCA:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustSSL;
- break;
- case certUsageSSLServerWithStepUp:
- requiredFlags = CERTDB_TRUSTED_CA | CERTDB_GOVT_APPROVED_CA;
- trustType = trustSSL;
- break;
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustEmail;
- break;
- case certUsageObjectSigner:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustObjectSigning;
- break;
- case certUsageVerifyCA:
- case certUsageAnyCA:
- case certUsageStatusResponder:
- requiredFlags = CERTDB_TRUSTED_CA;
- trustType = trustTypeNone;
- break;
- default:
- PORT_Assert(0);
- goto loser;
+ switch (usage) {
+ case certUsageSSLClient:
+ requiredFlags = CERTDB_TRUSTED_CLIENT_CA;
+ trustType = trustSSL;
+ break;
+ case certUsageSSLServer:
+ case certUsageSSLCA:
+ requiredFlags = CERTDB_TRUSTED_CA;
+ trustType = trustSSL;
+ break;
+ case certUsageSSLServerWithStepUp:
+ requiredFlags = CERTDB_TRUSTED_CA | CERTDB_GOVT_APPROVED_CA;
+ trustType = trustSSL;
+ break;
+ case certUsageEmailSigner:
+ case certUsageEmailRecipient:
+ requiredFlags = CERTDB_TRUSTED_CA;
+ trustType = trustEmail;
+ break;
+ case certUsageObjectSigner:
+ requiredFlags = CERTDB_TRUSTED_CA;
+ trustType = trustObjectSigning;
+ break;
+ case certUsageVerifyCA:
+ case certUsageAnyCA:
+ case certUsageStatusResponder:
+ requiredFlags = CERTDB_TRUSTED_CA;
+ trustType = trustTypeNone;
+ break;
+ default:
+ PORT_Assert(0);
+ goto loser;
}
- if ( retFlags != NULL ) {
- *retFlags = requiredFlags;
+ if (retFlags != NULL) {
+ *retFlags = requiredFlags;
}
- if ( retTrustType != NULL ) {
- *retTrustType = trustType;
+ if (retTrustType != NULL) {
+ *retTrustType = trustType;
}
-
- return(SECSuccess);
+
+ return (SECSuccess);
loser:
- return(SECFailure);
+ return (SECFailure);
}
void
cert_AddToVerifyLog(CERTVerifyLog *log, CERTCertificate *cert, long error,
- unsigned int depth, void *arg)
+ unsigned int depth, void *arg)
{
CERTVerifyLogNode *node, *tnode;
PORT_Assert(log != NULL);
-
+
node = (CERTVerifyLogNode *)PORT_ArenaAlloc(log->arena,
- sizeof(CERTVerifyLogNode));
- if ( node != NULL ) {
- node->cert = CERT_DupCertificate(cert);
- node->error = error;
- node->depth = depth;
- node->arg = arg;
-
- if ( log->tail == NULL ) {
- /* empty list */
- log->head = log->tail = node;
- node->prev = NULL;
- node->next = NULL;
- } else if ( depth >= log->tail->depth ) {
- /* add to tail */
- node->prev = log->tail;
- log->tail->next = node;
- log->tail = node;
- node->next = NULL;
- } else if ( depth < log->head->depth ) {
- /* add at head */
- node->prev = NULL;
- node->next = log->head;
- log->head->prev = node;
- log->head = node;
- } else {
- /* add in middle */
- tnode = log->tail;
- while ( tnode != NULL ) {
- if ( depth >= tnode->depth ) {
- /* insert after tnode */
- node->prev = tnode;
- node->next = tnode->next;
- tnode->next->prev = node;
- tnode->next = node;
- break;
- }
+ sizeof(CERTVerifyLogNode));
+ if (node != NULL) {
+ node->cert = CERT_DupCertificate(cert);
+ node->error = error;
+ node->depth = depth;
+ node->arg = arg;
- tnode = tnode->prev;
- }
- }
+ if (log->tail == NULL) {
+ /* empty list */
+ log->head = log->tail = node;
+ node->prev = NULL;
+ node->next = NULL;
+ } else if (depth >= log->tail->depth) {
+ /* add to tail */
+ node->prev = log->tail;
+ log->tail->next = node;
+ log->tail = node;
+ node->next = NULL;
+ } else if (depth < log->head->depth) {
+ /* add at head */
+ node->prev = NULL;
+ node->next = log->head;
+ log->head->prev = node;
+ log->head = node;
+ } else {
+ /* add in middle */
+ tnode = log->tail;
+ while (tnode != NULL) {
+ if (depth >= tnode->depth) {
+ /* insert after tnode */
+ node->prev = tnode;
+ node->next = tnode->next;
+ tnode->next->prev = node;
+ tnode->next = node;
+ break;
+ }
- log->count++;
+ tnode = tnode->prev;
+ }
+ }
+
+ log->count++;
}
return;
}
#define EXIT_IF_NOT_LOGGING(log) \
- if ( log == NULL ) { \
- goto loser; \
+ if (log == NULL) { \
+ goto loser; \
}
-#define LOG_ERROR_OR_EXIT(log,cert,depth,arg) \
- if ( log != NULL ) { \
- cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
- (void *)(PRWord)arg); \
- } else { \
- goto loser; \
+#define LOG_ERROR_OR_EXIT(log, cert, depth, arg) \
+ if (log != NULL) { \
+ cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
+ (void *)(PRWord)arg); \
+ } else { \
+ goto loser; \
}
-#define LOG_ERROR(log,cert,depth,arg) \
- if ( log != NULL ) { \
- cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
- (void *)(PRWord)arg); \
+#define LOG_ERROR(log, cert, depth, arg) \
+ if (log != NULL) { \
+ cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
+ (void *)(PRWord)arg); \
}
static SECStatus
cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, PRBool* sigerror,
- SECCertUsage certUsage, PRTime t, void *wincx,
- CERTVerifyLog *log, PRBool* revoked)
+ PRBool checkSig, PRBool *sigerror,
+ SECCertUsage certUsage, PRTime t, void *wincx,
+ CERTVerifyLog *log, PRBool *revoked)
{
SECTrustType trustType;
CERTBasicConstraints basicConstraint;
@@ -460,7 +459,7 @@
unsigned int requiredFlags;
PLArenaPool *arena = NULL;
CERTGeneralName *namesList = NULL;
- CERTCertificate **certsList = NULL;
+ CERTCertificate **certsList = NULL;
int certsListLen = 16;
int namesCount = 0;
PRBool subjectCertIsSelfIssued;
@@ -471,177 +470,178 @@
}
if (CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_TRUE,
- &requiredCAKeyUsage,
- &caCertType)
- != SECSuccess ) {
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredCAKeyUsage = 0;
- caCertType = 0;
+ &requiredCAKeyUsage,
+ &caCertType) !=
+ SECSuccess) {
+ PORT_Assert(0);
+ EXIT_IF_NOT_LOGGING(log);
+ requiredCAKeyUsage = 0;
+ caCertType = 0;
}
- switch ( certUsage ) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- case certUsageSSLCA:
- case certUsageSSLServerWithStepUp:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageVerifyCA:
- case certUsageAnyCA:
- case certUsageStatusResponder:
- if ( CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
- &trustType) != SECSuccess ) {
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- /* XXX continuing with requiredFlags = 0 seems wrong. It'll
- * cause the following test to be true incorrectly:
- * flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType);
- * if (( flags & requiredFlags ) == requiredFlags) {
- * rv = rvFinal;
- * goto done;
- * }
- * There are three other instances of this problem.
- */
- requiredFlags = 0;
- trustType = trustSSL;
- }
- break;
- default:
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredFlags = 0;
- trustType = trustSSL;/* This used to be 0, but we need something
- * that matches the enumeration type.
- */
- caCertType = 0;
+ switch (certUsage) {
+ case certUsageSSLClient:
+ case certUsageSSLServer:
+ case certUsageSSLCA:
+ case certUsageSSLServerWithStepUp:
+ case certUsageEmailSigner:
+ case certUsageEmailRecipient:
+ case certUsageObjectSigner:
+ case certUsageVerifyCA:
+ case certUsageAnyCA:
+ case certUsageStatusResponder:
+ if (CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
+ &trustType) != SECSuccess) {
+ PORT_Assert(0);
+ EXIT_IF_NOT_LOGGING(log);
+ /* XXX continuing with requiredFlags = 0 seems wrong. It'll
+ * cause the following test to be true incorrectly:
+ * flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType);
+ * if (( flags & requiredFlags ) == requiredFlags) {
+ * rv = rvFinal;
+ * goto done;
+ * }
+ * There are three other instances of this problem.
+ */
+ requiredFlags = 0;
+ trustType = trustSSL;
+ }
+ break;
+ default:
+ PORT_Assert(0);
+ EXIT_IF_NOT_LOGGING(log);
+ requiredFlags = 0;
+ trustType = trustSSL; /* This used to be 0, but we need something
+ * that matches the enumeration type.
+ */
+ caCertType = 0;
}
-
+
subjectCert = CERT_DupCertificate(cert);
- if ( subjectCert == NULL ) {
- goto loser;
+ if (subjectCert == NULL) {
+ goto loser;
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- goto loser;
+ goto loser;
}
certsList = PORT_ZNewArray(CERTCertificate *, certsListLen);
if (certsList == NULL)
- goto loser;
+ goto loser;
/* RFC 3280 says that the name constraints will apply to the names
** in the leaf (EE) cert, whether it is self issued or not, so
** we pretend that it is not.
*/
subjectCertIsSelfIssued = PR_FALSE;
- for ( count = 0; count < CERT_MAX_CERT_CHAIN; count++ ) {
- PRBool validCAOverride = PR_FALSE;
+ for (count = 0; count < CERT_MAX_CERT_CHAIN; count++) {
+ PRBool validCAOverride = PR_FALSE;
- /* Construct a list of names for the current and all previous
- * certifcates (except leaf (EE) certs, root CAs, and self-issued
- * intermediate CAs) to be verified against the name constraints
- * extension of the issuer certificate.
- */
- if (subjectCertIsSelfIssued == PR_FALSE) {
- CERTGeneralName *subjectNameList;
- int subjectNameListLen;
- int i;
- PRBool getSubjectCN = (!count && certUsage == certUsageSSLServer);
- subjectNameList =
- CERT_GetConstrainedCertificateNames(subjectCert, arena,
- getSubjectCN);
- if (!subjectNameList)
- goto loser;
- subjectNameListLen = CERT_GetNamesLength(subjectNameList);
- if (!subjectNameListLen)
- goto loser;
- if (certsListLen <= namesCount + subjectNameListLen) {
- CERTCertificate **tmpCertsList;
- certsListLen = (namesCount + subjectNameListLen) * 2;
- tmpCertsList =
- (CERTCertificate **)PORT_Realloc(certsList,
- certsListLen * sizeof(CERTCertificate *));
- if (tmpCertsList == NULL) {
- goto loser;
- }
- certsList = tmpCertsList;
- }
- for (i = 0; i < subjectNameListLen; i++) {
- certsList[namesCount + i] = subjectCert;
- }
- namesCount += subjectNameListLen;
- namesList = cert_CombineNamesLists(namesList, subjectNameList);
- }
+ /* Construct a list of names for the current and all previous
+ * certifcates (except leaf (EE) certs, root CAs, and self-issued
+ * intermediate CAs) to be verified against the name constraints
+ * extension of the issuer certificate.
+ */
+ if (subjectCertIsSelfIssued == PR_FALSE) {
+ CERTGeneralName *subjectNameList;
+ int subjectNameListLen;
+ int i;
+ PRBool getSubjectCN = (!count && certUsage == certUsageSSLServer);
+ subjectNameList =
+ CERT_GetConstrainedCertificateNames(subjectCert, arena,
+ getSubjectCN);
+ if (!subjectNameList)
+ goto loser;
+ subjectNameListLen = CERT_GetNamesLength(subjectNameList);
+ if (!subjectNameListLen)
+ goto loser;
+ if (certsListLen <= namesCount + subjectNameListLen) {
+ CERTCertificate **tmpCertsList;
+ certsListLen = (namesCount + subjectNameListLen) * 2;
+ tmpCertsList =
+ (CERTCertificate **)PORT_Realloc(certsList,
+ certsListLen *
+ sizeof(CERTCertificate *));
+ if (tmpCertsList == NULL) {
+ goto loser;
+ }
+ certsList = tmpCertsList;
+ }
+ for (i = 0; i < subjectNameListLen; i++) {
+ certsList[namesCount + i] = subjectCert;
+ }
+ namesCount += subjectNameListLen;
+ namesList = cert_CombineNamesLists(namesList, subjectNameList);
+ }
/* check if the cert has an unsupported critical extension */
- if ( subjectCert->options.bits.hasUnsupportedCriticalExt ) {
- PORT_SetError(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
- LOG_ERROR_OR_EXIT(log,subjectCert,count,0);
- }
+ if (subjectCert->options.bits.hasUnsupportedCriticalExt) {
+ PORT_SetError(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
+ LOG_ERROR_OR_EXIT(log, subjectCert, count, 0);
+ }
- /* find the certificate of the issuer */
- issuerCert = CERT_FindCertIssuer(subjectCert, t, certUsage);
- if ( ! issuerCert ) {
- PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
- LOG_ERROR(log,subjectCert,count,0);
- goto loser;
- }
+ /* find the certificate of the issuer */
+ issuerCert = CERT_FindCertIssuer(subjectCert, t, certUsage);
+ if (!issuerCert) {
+ PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+ LOG_ERROR(log, subjectCert, count, 0);
+ goto loser;
+ }
- /* verify the signature on the cert */
- if ( checkSig ) {
- rv = CERT_VerifySignedData(&subjectCert->signatureWrap,
- issuerCert, t, wincx);
-
- if ( rv != SECSuccess ) {
+ /* verify the signature on the cert */
+ if (checkSig) {
+ rv = CERT_VerifySignedData(&subjectCert->signatureWrap,
+ issuerCert, t, wincx);
+
+ if (rv != SECSuccess) {
if (sigerror) {
*sigerror = PR_TRUE;
}
- if ( PORT_GetError() == SEC_ERROR_EXPIRED_CERTIFICATE ) {
- PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- } else {
- if (PORT_GetError() !=
- SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- }
- LOG_ERROR_OR_EXIT(log,subjectCert,count,0);
- }
- }
- }
+ if (PORT_GetError() == SEC_ERROR_EXPIRED_CERTIFICATE) {
+ PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
+ LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
+ } else {
+ if (PORT_GetError() !=
+ SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ }
+ LOG_ERROR_OR_EXIT(log, subjectCert, count, 0);
+ }
+ }
+ }
- /* If the basicConstraint extension is included in an immediate CA
- * certificate, make sure that the isCA flag is on. If the
- * pathLenConstraint component exists, it must be greater than the
- * number of CA certificates we have seen so far. If the extension
- * is omitted, we will assume that this is a CA certificate with
- * an unlimited pathLenConstraint (since it already passes the
- * netscape-cert-type extension checking).
- */
+ /* If the basicConstraint extension is included in an immediate CA
+ * certificate, make sure that the isCA flag is on. If the
+ * pathLenConstraint component exists, it must be greater than the
+ * number of CA certificates we have seen so far. If the extension
+ * is omitted, we will assume that this is a CA certificate with
+ * an unlimited pathLenConstraint (since it already passes the
+ * netscape-cert-type extension checking).
+ */
- rv = CERT_FindBasicConstraintExten(issuerCert, &basicConstraint);
- if ( rv != SECSuccess ) {
- if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- }
- pathLengthLimit = CERT_UNLIMITED_PATH_CONSTRAINT;
- /* no basic constraints found, we aren't (yet) a CA. */
- isca = PR_FALSE;
- } else {
- if ( basicConstraint.isCA == PR_FALSE ) {
- PORT_SetError (SEC_ERROR_CA_CERT_INVALID);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- }
- pathLengthLimit = basicConstraint.pathLenConstraint;
- isca = PR_TRUE;
- }
- /* make sure that the path len constraint is properly set.*/
- if (pathLengthLimit >= 0 && currentPathLen > pathLengthLimit) {
- PORT_SetError (SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID);
- LOG_ERROR_OR_EXIT(log, issuerCert, count+1, pathLengthLimit);
- }
+ rv = CERT_FindBasicConstraintExten(issuerCert, &basicConstraint);
+ if (rv != SECSuccess) {
+ if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
+ LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
+ }
+ pathLengthLimit = CERT_UNLIMITED_PATH_CONSTRAINT;
+ /* no basic constraints found, we aren't (yet) a CA. */
+ isca = PR_FALSE;
+ } else {
+ if (basicConstraint.isCA == PR_FALSE) {
+ PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
+ LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
+ }
+ pathLengthLimit = basicConstraint.pathLenConstraint;
+ isca = PR_TRUE;
+ }
+ /* make sure that the path len constraint is properly set.*/
+ if (pathLengthLimit >= 0 && currentPathLen > pathLengthLimit) {
+ PORT_SetError(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID);
+ LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, pathLengthLimit);
+ }
/* make sure that the entire chain is within the name space of the
* current issuer certificate.
@@ -654,16 +654,16 @@
goto loser;
}
- /* XXX - the error logging may need to go down into CRL stuff at some
- * point
- */
- /* check revoked list (issuer) */
+ /* XXX - the error logging may need to go down into CRL stuff at some
+ * point
+ */
+ /* check revoked list (issuer) */
rv = SEC_CheckCRL(handle, subjectCert, issuerCert, t, wincx);
if (rv == SECFailure) {
if (revoked) {
*revoked = PR_TRUE;
}
- LOG_ERROR_OR_EXIT(log,subjectCert,count,0);
+ LOG_ERROR_OR_EXIT(log, subjectCert, count, 0);
} else if (rv == SECWouldBlock) {
/* We found something fishy, so we intend to issue an
* error to the user, but the user may wish to continue
@@ -673,163 +673,164 @@
if (revoked) {
*revoked = PR_TRUE;
}
- LOG_ERROR(log,subjectCert,count,0);
+ LOG_ERROR(log, subjectCert, count, 0);
}
- if ( CERT_GetCertTrust(issuerCert, &issuerTrust) == SECSuccess) {
- /* we have some trust info, but this does NOT imply that this
- * cert is actually trusted for any purpose. The cert may be
- * explicitly UNtrusted. We won't know until we examine the
- * trust bits.
- */
- unsigned int flags;
+ if (CERT_GetCertTrust(issuerCert, &issuerTrust) == SECSuccess) {
+ /* we have some trust info, but this does NOT imply that this
+ * cert is actually trusted for any purpose. The cert may be
+ * explicitly UNtrusted. We won't know until we examine the
+ * trust bits.
+ */
+ unsigned int flags;
- if (certUsage != certUsageAnyCA &&
- certUsage != certUsageStatusResponder) {
+ if (certUsage != certUsageAnyCA &&
+ certUsage != certUsageStatusResponder) {
- /*
- * XXX This choice of trustType seems arbitrary.
- */
- if ( certUsage == certUsageVerifyCA ) {
- if ( subjectCert->nsCertType & NS_CERT_TYPE_EMAIL_CA ) {
- trustType = trustEmail;
- } else if ( subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA ) {
- trustType = trustSSL;
- } else {
- trustType = trustObjectSigning;
- }
- }
+ /*
+ * XXX This choice of trustType seems arbitrary.
+ */
+ if (certUsage == certUsageVerifyCA) {
+ if (subjectCert->nsCertType & NS_CERT_TYPE_EMAIL_CA) {
+ trustType = trustEmail;
+ } else if (subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA) {
+ trustType = trustSSL;
+ } else {
+ trustType = trustObjectSigning;
+ }
+ }
- flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType);
- if (( flags & requiredFlags ) == requiredFlags) {
- /* we found a trusted one, so return */
- rv = rvFinal;
- goto done;
- }
- if (flags & CERTDB_VALID_CA) {
- validCAOverride = PR_TRUE;
- }
- /* is it explicitly distrusted? */
- if ((flags & CERTDB_TERMINAL_RECORD) &&
- ((flags & (CERTDB_TRUSTED|CERTDB_TRUSTED_CA)) == 0)) {
- /* untrusted -- the cert is explicitly untrusted, not
- * just that it doesn't chain to a trusted cert */
- PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,flags);
- }
- } else {
+ flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType);
+ if ((flags & requiredFlags) == requiredFlags) {
+ /* we found a trusted one, so return */
+ rv = rvFinal;
+ goto done;
+ }
+ if (flags & CERTDB_VALID_CA) {
+ validCAOverride = PR_TRUE;
+ }
+ /* is it explicitly distrusted? */
+ if ((flags & CERTDB_TERMINAL_RECORD) &&
+ ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
+ /* untrusted -- the cert is explicitly untrusted, not
+ * just that it doesn't chain to a trusted cert */
+ PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
+ LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags);
+ }
+ } else {
/* Check if we have any valid trust when cheching for
* certUsageAnyCA or certUsageStatusResponder. */
for (trustType = trustSSL; trustType < trustTypeNone;
trustType++) {
flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType);
if ((flags & requiredFlags) == requiredFlags) {
- rv = rvFinal;
- goto done;
+ rv = rvFinal;
+ goto done;
}
if (flags & CERTDB_VALID_CA)
validCAOverride = PR_TRUE;
}
- /* We have 2 separate loops because we want any single trust
- * bit to allow this usage to return trusted. Only if none of
- * the trust bits are on do we check to see if the cert is
- * untrusted */
+ /* We have 2 separate loops because we want any single trust
+ * bit to allow this usage to return trusted. Only if none of
+ * the trust bits are on do we check to see if the cert is
+ * untrusted */
for (trustType = trustSSL; trustType < trustTypeNone;
trustType++) {
flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType);
- /* is it explicitly distrusted? */
- if ((flags & CERTDB_TERMINAL_RECORD) &&
- ((flags & (CERTDB_TRUSTED|CERTDB_TRUSTED_CA)) == 0)) {
- /* untrusted -- the cert is explicitly untrusted, not
- * just that it doesn't chain to a trusted cert */
- PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,flags);
- }
+ /* is it explicitly distrusted? */
+ if ((flags & CERTDB_TERMINAL_RECORD) &&
+ ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
+ /* untrusted -- the cert is explicitly untrusted, not
+ * just that it doesn't chain to a trusted cert */
+ PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
+ LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags);
+ }
}
}
}
- if (!validCAOverride) {
- /*
- * Make sure that if this is an intermediate CA in the chain that
- * it was given permission by its signer to be a CA.
- */
- /*
- * if basicConstraints says it is a ca, then we check the
- * nsCertType. If the nsCertType has any CA bits set, then
- * it must have the right one.
- */
- if (!isca || (issuerCert->nsCertType & NS_CERT_TYPE_CA)) {
- isca = (issuerCert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
- }
-
- if ( !isca ) {
- PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
- }
+ if (!validCAOverride) {
+ /*
+ * Make sure that if this is an intermediate CA in the chain that
+ * it was given permission by its signer to be a CA.
+ */
+ /*
+ * if basicConstraints says it is a ca, then we check the
+ * nsCertType. If the nsCertType has any CA bits set, then
+ * it must have the right one.
+ */
+ if (!isca || (issuerCert->nsCertType & NS_CERT_TYPE_CA)) {
+ isca = (issuerCert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
+ }
- /* make sure key usage allows cert signing */
- if (CERT_CheckKeyUsage(issuerCert, requiredCAKeyUsage) != SECSuccess) {
- PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
- LOG_ERROR_OR_EXIT(log,issuerCert,count+1,requiredCAKeyUsage);
- }
- }
+ if (!isca) {
+ PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
+ LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
+ }
- /* make sure that the issuer is not self signed. If it is, then
- * stop here to prevent looping.
- */
- if (issuerCert->isRoot) {
- PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
- LOG_ERROR(log, issuerCert, count+1, 0);
- goto loser;
- }
- /* The issuer cert will be the subject cert in the next loop.
- * A cert is self-issued if its subject and issuer are equal and
- * both are of non-zero length.
- */
- subjectCertIsSelfIssued = (PRBool)
- SECITEM_ItemsAreEqual(&issuerCert->derIssuer,
- &issuerCert->derSubject) &&
- issuerCert->derSubject.len > 0;
- if (subjectCertIsSelfIssued == PR_FALSE) {
- /* RFC 3280 says only non-self-issued intermediate CA certs
- * count in path length.
- */
- ++currentPathLen;
- }
+ /* make sure key usage allows cert signing */
+ if (CERT_CheckKeyUsage(issuerCert, requiredCAKeyUsage) != SECSuccess) {
+ PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
+ LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, requiredCAKeyUsage);
+ }
+ }
- CERT_DestroyCertificate(subjectCert);
- subjectCert = issuerCert;
- issuerCert = NULL;
+ /* make sure that the issuer is not self signed. If it is, then
+ * stop here to prevent looping.
+ */
+ if (issuerCert->isRoot) {
+ PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
+ LOG_ERROR(log, issuerCert, count + 1, 0);
+ goto loser;
+ }
+ /* The issuer cert will be the subject cert in the next loop.
+ * A cert is self-issued if its subject and issuer are equal and
+ * both are of non-zero length.
+ */
+ subjectCertIsSelfIssued = (PRBool)
+ SECITEM_ItemsAreEqual(&issuerCert->derIssuer,
+ &issuerCert->derSubject) &&
+ issuerCert->derSubject.len >
+ 0;
+ if (subjectCertIsSelfIssued == PR_FALSE) {
+ /* RFC 3280 says only non-self-issued intermediate CA certs
+ * count in path length.
+ */
+ ++currentPathLen;
+ }
+
+ CERT_DestroyCertificate(subjectCert);
+ subjectCert = issuerCert;
+ issuerCert = NULL;
}
PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
- LOG_ERROR(log,subjectCert,count,0);
+ LOG_ERROR(log, subjectCert, count, 0);
loser:
rv = SECFailure;
done:
if (certsList != NULL) {
- PORT_Free(certsList);
+ PORT_Free(certsList);
}
- if ( issuerCert ) {
- CERT_DestroyCertificate(issuerCert);
- }
-
- if ( subjectCert ) {
- CERT_DestroyCertificate(subjectCert);
+ if (issuerCert) {
+ CERT_DestroyCertificate(issuerCert);
}
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (subjectCert) {
+ CERT_DestroyCertificate(subjectCert);
+ }
+
+ if (arena != NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
}
return rv;
}
SECStatus
cert_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, PRBool* sigerror,
+ PRBool checkSig, PRBool *sigerror,
SECCertUsage certUsage, PRTime t, void *wincx,
- CERTVerifyLog *log, PRBool* revoked)
+ CERTVerifyLog *log, PRBool *revoked)
{
if (CERT_GetUsePKIXForValidation()) {
return cert_VerifyCertChainPkix(cert, checkSig, certUsage, t,
@@ -841,11 +842,11 @@
SECStatus
CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, PRTime t,
- void *wincx, CERTVerifyLog *log)
+ PRBool checkSig, SECCertUsage certUsage, PRTime t,
+ void *wincx, CERTVerifyLog *log)
{
return cert_VerifyCertChain(handle, cert, checkSig, NULL, certUsage, t,
- wincx, log, NULL);
+ wincx, log, NULL);
}
/*
@@ -853,8 +854,8 @@
*/
SECStatus
CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, PRTime t,
- void *wincx, CERTVerifyLog *log)
+ PRBool checkSig, SECCertUsage certUsage, PRTime t,
+ void *wincx, CERTVerifyLog *log)
{
SECTrustType trustType;
CERTBasicConstraints basicConstraint;
@@ -869,44 +870,43 @@
CERTCertificate *issuerCert;
CERTCertTrust certTrust;
-
if (CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_TRUE,
- &requiredCAKeyUsage,
- &caCertType) != SECSuccess ) {
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredCAKeyUsage = 0;
- caCertType = 0;
+ &requiredCAKeyUsage,
+ &caCertType) != SECSuccess) {
+ PORT_Assert(0);
+ EXIT_IF_NOT_LOGGING(log);
+ requiredCAKeyUsage = 0;
+ caCertType = 0;
}
- switch ( certUsage ) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- case certUsageSSLCA:
- case certUsageSSLServerWithStepUp:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageVerifyCA:
- case certUsageStatusResponder:
- if ( CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
- &trustType) != SECSuccess ) {
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredFlags = 0;
- trustType = trustSSL;
- }
- break;
- default:
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredFlags = 0;
- trustType = trustSSL;/* This used to be 0, but we need something
- * that matches the enumeration type.
- */
- caCertType = 0;
+ switch (certUsage) {
+ case certUsageSSLClient:
+ case certUsageSSLServer:
+ case certUsageSSLCA:
+ case certUsageSSLServerWithStepUp:
+ case certUsageEmailSigner:
+ case certUsageEmailRecipient:
+ case certUsageObjectSigner:
+ case certUsageVerifyCA:
+ case certUsageStatusResponder:
+ if (CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
+ &trustType) != SECSuccess) {
+ PORT_Assert(0);
+ EXIT_IF_NOT_LOGGING(log);
+ requiredFlags = 0;
+ trustType = trustSSL;
+ }
+ break;
+ default:
+ PORT_Assert(0);
+ EXIT_IF_NOT_LOGGING(log);
+ requiredFlags = 0;
+ trustType = trustSSL; /* This used to be 0, but we need something
+ * that matches the enumeration type.
+ */
+ caCertType = 0;
}
-
+
/* If the basicConstraint extension is included in an intermmediate CA
* certificate, make sure that the isCA flag is on. If the
* pathLenConstraint component exists, it must be greater than the
@@ -917,133 +917,136 @@
*/
rv = CERT_FindBasicConstraintExten(cert, &basicConstraint);
- if ( rv != SECSuccess ) {
- if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
- LOG_ERROR_OR_EXIT(log,cert,0,0);
- }
- /* no basic constraints found, we aren't (yet) a CA. */
- isca = PR_FALSE;
- } else {
- if ( basicConstraint.isCA == PR_FALSE ) {
- PORT_SetError (SEC_ERROR_CA_CERT_INVALID);
- LOG_ERROR_OR_EXIT(log,cert,0,0);
- }
+ if (rv != SECSuccess) {
+ if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
+ LOG_ERROR_OR_EXIT(log, cert, 0, 0);
+ }
+ /* no basic constraints found, we aren't (yet) a CA. */
+ isca = PR_FALSE;
+ } else {
+ if (basicConstraint.isCA == PR_FALSE) {
+ PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
+ LOG_ERROR_OR_EXIT(log, cert, 0, 0);
+ }
- /* can't check path length if we don't know the previous path */
- isca = PR_TRUE;
+ /* can't check path length if we don't know the previous path */
+ isca = PR_TRUE;
}
-
- if ( CERT_GetCertTrust(cert, &certTrust) == SECSuccess ) {
- /* we have some trust info, but this does NOT imply that this
- * cert is actually trusted for any purpose. The cert may be
- * explicitly UNtrusted. We won't know until we examine the
- * trust bits.
- */
+
+ if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) {
+ /* we have some trust info, but this does NOT imply that this
+ * cert is actually trusted for any purpose. The cert may be
+ * explicitly UNtrusted. We won't know until we examine the
+ * trust bits.
+ */
if (certUsage == certUsageStatusResponder) {
- /* Check the special case of certUsageStatusResponder */
+ /* Check the special case of certUsageStatusResponder */
issuerCert = CERT_FindCertIssuer(cert, t, certUsage);
if (issuerCert) {
- if (SEC_CheckCRL(handle, cert, issuerCert, t, wincx)
- != SECSuccess) {
+ if (SEC_CheckCRL(handle, cert, issuerCert, t, wincx) !=
+ SECSuccess) {
PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
CERT_DestroyCertificate(issuerCert);
goto loser;
}
CERT_DestroyCertificate(issuerCert);
}
- /* XXX We have NOT determined that this cert is trusted.
- * For years, NSS has treated this as trusted,
- * but it seems incorrect.
- */
- rv = rvFinal;
- goto done;
+ /* XXX We have NOT determined that this cert is trusted.
+ * For years, NSS has treated this as trusted,
+ * but it seems incorrect.
+ */
+ rv = rvFinal;
+ goto done;
}
- /*
- * check the trust params of the issuer
- */
- flags = SEC_GET_TRUST_FLAGS(&certTrust, trustType);
- if ( ( flags & requiredFlags ) == requiredFlags) {
- /* we found a trusted one, so return */
- rv = rvFinal;
- goto done;
- }
- if (flags & CERTDB_VALID_CA) {
- validCAOverride = PR_TRUE;
- }
- /* is it explicitly distrusted? */
- if ((flags & CERTDB_TERMINAL_RECORD) &&
- ((flags & (CERTDB_TRUSTED|CERTDB_TRUSTED_CA)) == 0)) {
- /* untrusted -- the cert is explicitly untrusted, not
- * just that it doesn't chain to a trusted cert */
- PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
- LOG_ERROR_OR_EXIT(log,cert,0,flags);
- }
+ /*
+ * check the trust params of the issuer
+ */
+ flags = SEC_GET_TRUST_FLAGS(&certTrust, trustType);
+ if ((flags & requiredFlags) == requiredFlags) {
+ /* we found a trusted one, so return */
+ rv = rvFinal;
+ goto done;
+ }
+ if (flags & CERTDB_VALID_CA) {
+ validCAOverride = PR_TRUE;
+ }
+ /* is it explicitly distrusted? */
+ if ((flags & CERTDB_TERMINAL_RECORD) &&
+ ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
+ /* untrusted -- the cert is explicitly untrusted, not
+ * just that it doesn't chain to a trusted cert */
+ PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
+ LOG_ERROR_OR_EXIT(log, cert, 0, flags);
+ }
}
if (!validCAOverride) {
- /*
- * Make sure that if this is an intermediate CA in the chain that
- * it was given permission by its signer to be a CA.
- */
- /*
- * if basicConstraints says it is a ca, then we check the
- * nsCertType. If the nsCertType has any CA bits set, then
- * it must have the right one.
- */
- if (!isca || (cert->nsCertType & NS_CERT_TYPE_CA)) {
- isca = (cert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
- }
-
- if (!isca) {
- PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
- LOG_ERROR_OR_EXIT(log,cert,0,0);
- }
-
- /* make sure key usage allows cert signing */
- if (CERT_CheckKeyUsage(cert, requiredCAKeyUsage) != SECSuccess) {
- PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
- LOG_ERROR_OR_EXIT(log,cert,0,requiredCAKeyUsage);
- }
+ /*
+ * Make sure that if this is an intermediate CA in the chain that
+ * it was given permission by its signer to be a CA.
+ */
+ /*
+ * if basicConstraints says it is a ca, then we check the
+ * nsCertType. If the nsCertType has any CA bits set, then
+ * it must have the right one.
+ */
+ if (!isca || (cert->nsCertType & NS_CERT_TYPE_CA)) {
+ isca = (cert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
+ }
+
+ if (!isca) {
+ PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
+ LOG_ERROR_OR_EXIT(log, cert, 0, 0);
+ }
+
+ /* make sure key usage allows cert signing */
+ if (CERT_CheckKeyUsage(cert, requiredCAKeyUsage) != SECSuccess) {
+ PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
+ LOG_ERROR_OR_EXIT(log, cert, 0, requiredCAKeyUsage);
+ }
}
/* make sure that the issuer is not self signed. If it is, then
* stop here to prevent looping.
*/
if (cert->isRoot) {
- PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
- LOG_ERROR(log, cert, 0, 0);
- goto loser;
+ PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
+ LOG_ERROR(log, cert, 0, 0);
+ goto loser;
}
- return CERT_VerifyCertChain(handle, cert, checkSig, certUsage, t,
- wincx, log);
+ return CERT_VerifyCertChain(handle, cert, checkSig, certUsage, t,
+ wincx, log);
loser:
rv = SECFailure;
done:
return rv;
}
-#define NEXT_USAGE() { \
- i*=2; \
- certUsage++; \
- continue; \
-}
+#define NEXT_USAGE() \
+ { \
+ i *= 2; \
+ certUsage++; \
+ continue; \
+ }
-#define VALID_USAGE() { \
- NEXT_USAGE(); \
-}
+#define VALID_USAGE() \
+ { \
+ NEXT_USAGE(); \
+ }
-#define INVALID_USAGE() { \
- if (returnedUsages) { \
- *returnedUsages &= (~i); \
- } \
- if (PR_TRUE == requiredUsage) { \
- valid = SECFailure; \
- } \
- NEXT_USAGE(); \
-}
+#define INVALID_USAGE() \
+ { \
+ if (returnedUsages) { \
+ *returnedUsages &= (~i); \
+ } \
+ if (PR_TRUE == requiredUsage) { \
+ valid = SECFailure; \
+ } \
+ NEXT_USAGE(); \
+ }
/*
- * check the leaf cert against trust and usage.
+ * check the leaf cert against trust and usage.
* returns success if the cert is not distrusted. If the cert is
* trusted, then the trusted bool will be true.
* returns failure if the cert is distrusted. If failure, flags
@@ -1051,141 +1054,140 @@
*/
SECStatus
cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
- unsigned int *failedFlags, PRBool *trusted)
+ unsigned int *failedFlags, PRBool *trusted)
{
unsigned int flags;
CERTCertTrust trust;
*failedFlags = 0;
*trusted = PR_FALSE;
-
- /* check trust flags to see if this cert is directly trusted */
- if ( CERT_GetCertTrust(cert, &trust) == SECSuccess ) {
- switch ( certUsage ) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- flags = trust.sslFlags;
-
- /* is the cert directly trusted or not trusted ? */
- if ( flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
- * authoritative */
- if ( flags & CERTDB_TRUSTED ) { /* trust this cert */
- *trusted = PR_TRUE;
- return SECSuccess;
- } else { /* don't trust this cert */
- *failedFlags = flags;
- return SECFailure;
- }
- }
- break;
- case certUsageSSLServerWithStepUp:
- /* XXX - step up certs can't be directly trusted, only distrust */
- flags = trust.sslFlags;
- if ( flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
- * authoritative */
- if (( flags & CERTDB_TRUSTED ) == 0) {
- /* don't trust this cert */
- *failedFlags = flags;
- return SECFailure;
- }
- }
- break;
- case certUsageSSLCA:
- flags = trust.sslFlags;
- if ( flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
- * authoritative */
- if (( flags & (CERTDB_TRUSTED|CERTDB_TRUSTED_CA) ) == 0) {
- /* don't trust this cert */
- *failedFlags = flags;
- return SECFailure;
- }
- }
- break;
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- flags = trust.emailFlags;
- if ( flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
- * authoritative */
- if ( flags & CERTDB_TRUSTED ) { /* trust this cert */
- *trusted = PR_TRUE;
- return SECSuccess;
- }
- else { /* don't trust this cert */
- *failedFlags = flags;
- return SECFailure;
- }
- }
-
- break;
- case certUsageObjectSigner:
- flags = trust.objectSigningFlags;
- if ( flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
- * authoritative */
- if ( flags & CERTDB_TRUSTED ) { /* trust this cert */
- *trusted = PR_TRUE;
- return SECSuccess;
- } else { /* don't trust this cert */
- *failedFlags = flags;
- return SECFailure;
- }
- }
- break;
- case certUsageVerifyCA:
- case certUsageStatusResponder:
- flags = trust.sslFlags;
- /* is the cert directly trusted or not trusted ? */
- if ( ( flags & ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) ==
- ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) {
- *trusted = PR_TRUE;
- return SECSuccess;
- }
- flags = trust.emailFlags;
- /* is the cert directly trusted or not trusted ? */
- if ( ( flags & ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) ==
- ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) {
- *trusted = PR_TRUE;
- return SECSuccess;
- }
- flags = trust.objectSigningFlags;
- /* is the cert directly trusted or not trusted ? */
- if ( ( flags & ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) ==
- ( CERTDB_VALID_CA | CERTDB_TRUSTED_CA ) ) {
- *trusted = PR_TRUE;
- return SECSuccess;
- }
- /* fall through to test distrust */
- case certUsageAnyCA:
- case certUsageUserCertImport:
- /* do we distrust these certs explicitly */
- flags = trust.sslFlags;
- if ( flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
- * authoritative */
- if ((flags & (CERTDB_TRUSTED|CERTDB_TRUSTED_CA)) == 0) {
- *failedFlags = flags;
- return SECFailure;
- }
- }
- flags = trust.emailFlags;
- if ( flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
- * authoritative */
- if ((flags & (CERTDB_TRUSTED|CERTDB_TRUSTED_CA)) == 0) {
- *failedFlags = flags;
- return SECFailure;
- }
- }
- /* fall through */
- case certUsageProtectedObjectSigner:
- flags = trust.objectSigningFlags;
- if ( flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
- * authoritative */
- if ((flags & (CERTDB_TRUSTED|CERTDB_TRUSTED_CA)) == 0) {
- *failedFlags = flags;
- return SECFailure;
- }
- }
- break;
- }
+ /* check trust flags to see if this cert is directly trusted */
+ if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+ switch (certUsage) {
+ case certUsageSSLClient:
+ case certUsageSSLServer:
+ flags = trust.sslFlags;
+
+ /* is the cert directly trusted or not trusted ? */
+ if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+ * authoritative */
+ if (flags & CERTDB_TRUSTED) { /* trust this cert */
+ *trusted = PR_TRUE;
+ return SECSuccess;
+ } else { /* don't trust this cert */
+ *failedFlags = flags;
+ return SECFailure;
+ }
+ }
+ break;
+ case certUsageSSLServerWithStepUp:
+ /* XXX - step up certs can't be directly trusted, only distrust */
+ flags = trust.sslFlags;
+ if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+ * authoritative */
+ if ((flags & CERTDB_TRUSTED) == 0) {
+ /* don't trust this cert */
+ *failedFlags = flags;
+ return SECFailure;
+ }
+ }
+ break;
+ case certUsageSSLCA:
+ flags = trust.sslFlags;
+ if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+ * authoritative */
+ if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
+ /* don't trust this cert */
+ *failedFlags = flags;
+ return SECFailure;
+ }
+ }
+ break;
+ case certUsageEmailSigner:
+ case certUsageEmailRecipient:
+ flags = trust.emailFlags;
+ if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+ * authoritative */
+ if (flags & CERTDB_TRUSTED) { /* trust this cert */
+ *trusted = PR_TRUE;
+ return SECSuccess;
+ } else { /* don't trust this cert */
+ *failedFlags = flags;
+ return SECFailure;
+ }
+ }
+
+ break;
+ case certUsageObjectSigner:
+ flags = trust.objectSigningFlags;
+
+ if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+ * authoritative */
+ if (flags & CERTDB_TRUSTED) { /* trust this cert */
+ *trusted = PR_TRUE;
+ return SECSuccess;
+ } else { /* don't trust this cert */
+ *failedFlags = flags;
+ return SECFailure;
+ }
+ }
+ break;
+ case certUsageVerifyCA:
+ case certUsageStatusResponder:
+ flags = trust.sslFlags;
+ /* is the cert directly trusted or not trusted ? */
+ if ((flags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) ==
+ (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) {
+ *trusted = PR_TRUE;
+ return SECSuccess;
+ }
+ flags = trust.emailFlags;
+ /* is the cert directly trusted or not trusted ? */
+ if ((flags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) ==
+ (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) {
+ *trusted = PR_TRUE;
+ return SECSuccess;
+ }
+ flags = trust.objectSigningFlags;
+ /* is the cert directly trusted or not trusted ? */
+ if ((flags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) ==
+ (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) {
+ *trusted = PR_TRUE;
+ return SECSuccess;
+ }
+ /* fall through to test distrust */
+ case certUsageAnyCA:
+ case certUsageUserCertImport:
+ /* do we distrust these certs explicitly */
+ flags = trust.sslFlags;
+ if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+ * authoritative */
+ if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
+ *failedFlags = flags;
+ return SECFailure;
+ }
+ }
+ flags = trust.emailFlags;
+ if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+ * authoritative */
+ if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
+ *failedFlags = flags;
+ return SECFailure;
+ }
+ }
+ /* fall through */
+ case certUsageProtectedObjectSigner:
+ flags = trust.objectSigningFlags;
+ if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+ * authoritative */
+ if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
+ *failedFlags = flags;
+ return SECFailure;
+ }
+ }
+ break;
+ }
}
return SECSuccess;
}
@@ -1204,8 +1206,8 @@
*/
SECStatus
CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertificateUsage requiredUsages, PRTime t,
- void *wincx, CERTVerifyLog *log, SECCertificateUsage* returnedUsages)
+ PRBool checkSig, SECCertificateUsage requiredUsages, PRTime t,
+ void *wincx, CERTVerifyLog *log, SECCertificateUsage *returnedUsages)
{
SECStatus rv;
SECStatus valid;
@@ -1213,7 +1215,7 @@
unsigned int requiredCertType;
unsigned int flags;
unsigned int certType;
- PRBool allowOverride;
+ PRBool allowOverride;
SECCertTimeValidity validity;
CERTStatusConfig *statusConfig;
PRInt32 i;
@@ -1237,23 +1239,23 @@
so we can skip checks for usages that aren't required */
checkAllUsages = PR_FALSE;
}
- valid = SECSuccess ; /* start off assuming cert is valid */
-
+ valid = SECSuccess; /* start off assuming cert is valid */
+
/* make sure that the cert is valid at time t */
allowOverride = (PRBool)((requiredUsages & certificateUsageSSLServer) ||
(requiredUsages & certificateUsageSSLServerWithStepUp));
validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
- if ( validity != secCertTimeValid ) {
+ if (validity != secCertTimeValid) {
valid = SECFailure;
- LOG_ERROR_OR_EXIT(log,cert,0,validity);
+ LOG_ERROR_OR_EXIT(log, cert, 0, validity);
}
/* check key usage and netscape cert type */
cert_GetCertType(cert);
certType = cert->nsCertType;
- for (i=1; i<=certificateUsageHighest &&
- (SECSuccess == valid || returnedUsages || log) ; ) {
+ for (i = 1; i <= certificateUsageHighest &&
+ (SECSuccess == valid || returnedUsages || log);) {
PRBool requiredUsage = (i & requiredUsages) ? PR_TRUE : PR_FALSE;
if (PR_FALSE == requiredUsage && PR_FALSE == checkAllUsages) {
NEXT_USAGE();
@@ -1261,74 +1263,74 @@
if (returnedUsages) {
*returnedUsages |= i; /* start off assuming this usage is valid */
}
- switch ( certUsage ) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- case certUsageSSLServerWithStepUp:
- case certUsageSSLCA:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageStatusResponder:
- rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
- &requiredKeyUsage,
- &requiredCertType);
- if ( rv != SECSuccess ) {
+ switch (certUsage) {
+ case certUsageSSLClient:
+ case certUsageSSLServer:
+ case certUsageSSLServerWithStepUp:
+ case certUsageSSLCA:
+ case certUsageEmailSigner:
+ case certUsageEmailRecipient:
+ case certUsageObjectSigner:
+ case certUsageStatusResponder:
+ rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
+ &requiredKeyUsage,
+ &requiredCertType);
+ if (rv != SECSuccess) {
+ PORT_Assert(0);
+ /* EXIT_IF_NOT_LOGGING(log); XXX ??? */
+ requiredKeyUsage = 0;
+ requiredCertType = 0;
+ INVALID_USAGE();
+ }
+ break;
+
+ case certUsageAnyCA:
+ case certUsageProtectedObjectSigner:
+ case certUsageUserCertImport:
+ case certUsageVerifyCA:
+ /* these usages cannot be verified */
+ NEXT_USAGE();
+
+ default:
PORT_Assert(0);
- /* EXIT_IF_NOT_LOGGING(log); XXX ??? */
requiredKeyUsage = 0;
requiredCertType = 0;
INVALID_USAGE();
- }
- break;
-
- case certUsageAnyCA:
- case certUsageProtectedObjectSigner:
- case certUsageUserCertImport:
- case certUsageVerifyCA:
- /* these usages cannot be verified */
- NEXT_USAGE();
-
- default:
- PORT_Assert(0);
- requiredKeyUsage = 0;
- requiredCertType = 0;
- INVALID_USAGE();
}
- if ( CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess ) {
+ if (CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess) {
if (PR_TRUE == requiredUsage) {
PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
}
- LOG_ERROR(log,cert,0,requiredKeyUsage);
+ LOG_ERROR(log, cert, 0, requiredKeyUsage);
INVALID_USAGE();
}
- if ( !( certType & requiredCertType ) ) {
+ if (!(certType & requiredCertType)) {
if (PR_TRUE == requiredUsage) {
PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE);
}
- LOG_ERROR(log,cert,0,requiredCertType);
+ LOG_ERROR(log, cert, 0, requiredCertType);
INVALID_USAGE();
}
- rv = cert_CheckLeafTrust(cert, certUsage, &flags, &trusted);
- if (rv == SECFailure) {
- if (PR_TRUE == requiredUsage) {
- PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
- }
- LOG_ERROR(log, cert, 0, flags);
- INVALID_USAGE();
- } else if (trusted) {
- VALID_USAGE();
- }
+ rv = cert_CheckLeafTrust(cert, certUsage, &flags, &trusted);
+ if (rv == SECFailure) {
+ if (PR_TRUE == requiredUsage) {
+ PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
+ }
+ LOG_ERROR(log, cert, 0, flags);
+ INVALID_USAGE();
+ } else if (trusted) {
+ VALID_USAGE();
+ }
- if (PR_TRUE == revoked || PR_TRUE == sigerror) {
- INVALID_USAGE();
- }
+ if (PR_TRUE == revoked || PR_TRUE == sigerror) {
+ INVALID_USAGE();
+ }
rv = cert_VerifyCertChain(handle, cert,
- checkSig, &sigerror,
- certUsage, t, wincx, log,
- &revoked);
+ checkSig, &sigerror,
+ certUsage, t, wincx, log,
+ &revoked);
if (rv != SECSuccess) {
/* EXIT_IF_NOT_LOGGING(log); XXX ???? */
@@ -1349,10 +1351,10 @@
if (requiredUsages != certificateUsageStatusResponder &&
statusConfig != NULL) {
if (statusConfig->statusChecker != NULL) {
- rv = (* statusConfig->statusChecker)(handle, cert,
- t, wincx);
+ rv = (*statusConfig->statusChecker)(handle, cert,
+ t, wincx);
if (rv != SECSuccess) {
- LOG_ERROR(log,cert,0,0);
+ LOG_ERROR(log, cert, 0, 0);
revoked = PR_TRUE;
INVALID_USAGE();
}
@@ -1362,15 +1364,15 @@
NEXT_USAGE();
}
-
+
loser:
- return(valid);
+ return (valid);
}
SECStatus
CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, PRTime t,
- void *wincx, CERTVerifyLog *log)
+ PRBool checkSig, SECCertUsage certUsage, PRTime t,
+ void *wincx, CERTVerifyLog *log)
{
return cert_VerifyCertWithFlags(handle, cert, checkSig, certUsage, t,
CERT_VERIFYCERT_USE_DEFAULTS, wincx, log);
@@ -1386,86 +1388,85 @@
unsigned int requiredCertType;
unsigned int failedFlags;
unsigned int certType;
- PRBool trusted;
- PRBool allowOverride;
+ PRBool trusted;
+ PRBool allowOverride;
SECCertTimeValidity validity;
CERTStatusConfig *statusConfig;
-
-#ifdef notdef
+
+#ifdef notdef
/* check if this cert is in the Evil list */
rv = CERT_CheckForEvilCert(cert);
- if ( rv != SECSuccess ) {
- PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
- LOG_ERROR_OR_EXIT(log,cert,0,0);
+ if (rv != SECSuccess) {
+ PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
+ LOG_ERROR_OR_EXIT(log, cert, 0, 0);
}
#endif
-
+
/* make sure that the cert is valid at time t */
allowOverride = (PRBool)((certUsage == certUsageSSLServer) ||
(certUsage == certUsageSSLServerWithStepUp));
validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
- if ( validity != secCertTimeValid ) {
- LOG_ERROR_OR_EXIT(log,cert,0,validity);
+ if (validity != secCertTimeValid) {
+ LOG_ERROR_OR_EXIT(log, cert, 0, validity);
}
/* check key usage and netscape cert type */
cert_GetCertType(cert);
certType = cert->nsCertType;
- switch ( certUsage ) {
- case certUsageSSLClient:
- case certUsageSSLServer:
- case certUsageSSLServerWithStepUp:
- case certUsageSSLCA:
- case certUsageEmailSigner:
- case certUsageEmailRecipient:
- case certUsageObjectSigner:
- case certUsageStatusResponder:
- rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
- &requiredKeyUsage,
- &requiredCertType);
- if ( rv != SECSuccess ) {
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredKeyUsage = 0;
- requiredCertType = 0;
- }
- break;
- case certUsageVerifyCA:
- case certUsageAnyCA:
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_CA;
- if ( ! ( certType & NS_CERT_TYPE_CA ) ) {
- certType |= NS_CERT_TYPE_CA;
- }
- break;
- default:
- PORT_Assert(0);
- EXIT_IF_NOT_LOGGING(log);
- requiredKeyUsage = 0;
- requiredCertType = 0;
+ switch (certUsage) {
+ case certUsageSSLClient:
+ case certUsageSSLServer:
+ case certUsageSSLServerWithStepUp:
+ case certUsageSSLCA:
+ case certUsageEmailSigner:
+ case certUsageEmailRecipient:
+ case certUsageObjectSigner:
+ case certUsageStatusResponder:
+ rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
+ &requiredKeyUsage,
+ &requiredCertType);
+ if (rv != SECSuccess) {
+ PORT_Assert(0);
+ EXIT_IF_NOT_LOGGING(log);
+ requiredKeyUsage = 0;
+ requiredCertType = 0;
+ }
+ break;
+ case certUsageVerifyCA:
+ case certUsageAnyCA:
+ requiredKeyUsage = KU_KEY_CERT_SIGN;
+ requiredCertType = NS_CERT_TYPE_CA;
+ if (!(certType & NS_CERT_TYPE_CA)) {
+ certType |= NS_CERT_TYPE_CA;
+ }
+ break;
+ default:
+ PORT_Assert(0);
+ EXIT_IF_NOT_LOGGING(log);
+ requiredKeyUsage = 0;
+ requiredCertType = 0;
}
- if ( CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess ) {
- PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
- LOG_ERROR_OR_EXIT(log,cert,0,requiredKeyUsage);
+ if (CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess) {
+ PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
+ LOG_ERROR_OR_EXIT(log, cert, 0, requiredKeyUsage);
}
- if ( !( certType & requiredCertType ) ) {
- PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE);
- LOG_ERROR_OR_EXIT(log,cert,0,requiredCertType);
+ if (!(certType & requiredCertType)) {
+ PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE);
+ LOG_ERROR_OR_EXIT(log, cert, 0, requiredCertType);
}
rv = cert_CheckLeafTrust(cert, certUsage, &failedFlags, &trusted);
- if (rv == SECFailure) {
- PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
- LOG_ERROR_OR_EXIT(log, cert, 0, failedFlags);
+ if (rv == SECFailure) {
+ PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
+ LOG_ERROR_OR_EXIT(log, cert, 0, failedFlags);
} else if (trusted) {
- goto done;
+ goto done;
}
-
rv = CERT_VerifyCertChain(handle, cert, checkSig, certUsage,
- t, wincx, log);
+ t, wincx, log);
if (rv != SECSuccess) {
- EXIT_IF_NOT_LOGGING(log);
+ EXIT_IF_NOT_LOGGING(log);
}
/*
@@ -1477,27 +1478,27 @@
* code.
*/
if (!(flags & CERT_VERIFYCERT_SKIP_OCSP) &&
- certUsage != certUsageStatusResponder) {
- statusConfig = CERT_GetStatusConfig(handle);
- if (statusConfig && statusConfig->statusChecker) {
- rv = (* statusConfig->statusChecker)(handle, cert,
- t, wincx);
- if (rv != SECSuccess) {
- LOG_ERROR_OR_EXIT(log,cert,0,0);
- }
- }
+ certUsage != certUsageStatusResponder) {
+ statusConfig = CERT_GetStatusConfig(handle);
+ if (statusConfig && statusConfig->statusChecker) {
+ rv = (*statusConfig->statusChecker)(handle, cert,
+ t, wincx);
+ if (rv != SECSuccess) {
+ LOG_ERROR_OR_EXIT(log, cert, 0, 0);
+ }
+ }
}
done:
if (log && log->head) {
- return SECFailure;
+ return SECFailure;
}
- return(SECSuccess);
+ return (SECSuccess);
loser:
rv = SECFailure;
-
- return(rv);
+
+ return (rv);
}
/*
@@ -1506,38 +1507,37 @@
*/
SECStatus
CERT_VerifyCertificateNow(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertificateUsage requiredUsages,
- void *wincx, SECCertificateUsage* returnedUsages)
+ PRBool checkSig, SECCertificateUsage requiredUsages,
+ void *wincx, SECCertificateUsage *returnedUsages)
{
- return(CERT_VerifyCertificate(handle, cert, checkSig,
- requiredUsages, PR_Now(), wincx, NULL, returnedUsages));
+ return (CERT_VerifyCertificate(handle, cert, checkSig,
+ requiredUsages, PR_Now(), wincx, NULL, returnedUsages));
}
/* obsolete, do not use for new code */
SECStatus
CERT_VerifyCertNow(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool checkSig, SECCertUsage certUsage, void *wincx)
+ PRBool checkSig, SECCertUsage certUsage, void *wincx)
{
- return(CERT_VerifyCert(handle, cert, checkSig,
- certUsage, PR_Now(), wincx, NULL));
+ return (CERT_VerifyCert(handle, cert, checkSig,
+ certUsage, PR_Now(), wincx, NULL));
}
-
/* [ FROM pcertdb.c ] */
/*
* Supported usage values and types:
- * certUsageSSLClient
- * certUsageSSLServer
- * certUsageSSLServerWithStepUp
- * certUsageEmailSigner
- * certUsageEmailRecipient
- * certUsageObjectSigner
+ * certUsageSSLClient
+ * certUsageSSLServer
+ * certUsageSSLServerWithStepUp
+ * certUsageEmailSigner
+ * certUsageEmailRecipient
+ * certUsageObjectSigner
*/
CERTCertificate *
CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
- CERTCertOwner owner, SECCertUsage usage,
- PRBool preferTrusted, PRTime validTime, PRBool validOnly)
+ CERTCertOwner owner, SECCertUsage usage,
+ PRBool preferTrusted, PRTime validTime, PRBool validOnly)
{
CERTCertList *certList = NULL;
CERTCertificate *cert = NULL;
@@ -1545,108 +1545,107 @@
unsigned int requiredTrustFlags;
SECTrustType requiredTrustType;
unsigned int flags;
-
+
PRBool lookingForCA = PR_FALSE;
SECStatus rv;
CERTCertListNode *node;
CERTCertificate *saveUntrustedCA = NULL;
-
+
/* if preferTrusted is set, must be a CA cert */
- PORT_Assert( ! ( preferTrusted && ( owner != certOwnerCA ) ) );
-
- if ( owner == certOwnerCA ) {
- lookingForCA = PR_TRUE;
- if ( preferTrusted ) {
- rv = CERT_TrustFlagsForCACertUsage(usage, &requiredTrustFlags,
- &requiredTrustType);
- if ( rv != SECSuccess ) {
- goto loser;
- }
- requiredTrustFlags |= CERTDB_VALID_CA;
- }
+ PORT_Assert(!(preferTrusted && (owner != certOwnerCA)));
+
+ if (owner == certOwnerCA) {
+ lookingForCA = PR_TRUE;
+ if (preferTrusted) {
+ rv = CERT_TrustFlagsForCACertUsage(usage, &requiredTrustFlags,
+ &requiredTrustType);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ requiredTrustFlags |= CERTDB_VALID_CA;
+ }
}
certList = CERT_CreateSubjectCertList(NULL, handle, derName, validTime,
- validOnly);
- if ( certList != NULL ) {
- rv = CERT_FilterCertListByUsage(certList, usage, lookingForCA);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- node = CERT_LIST_HEAD(certList);
-
- while ( !CERT_LIST_END(node, certList) ) {
- cert = node->cert;
+ validOnly);
+ if (certList != NULL) {
+ rv = CERT_FilterCertListByUsage(certList, usage, lookingForCA);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
- /* looking for a trusted CA cert */
- if ( ( owner == certOwnerCA ) && preferTrusted &&
- ( requiredTrustType != trustTypeNone ) ) {
+ node = CERT_LIST_HEAD(certList);
- if ( CERT_GetCertTrust(cert, &certTrust) != SECSuccess ) {
- flags = 0;
- } else {
- flags = SEC_GET_TRUST_FLAGS(&certTrust, requiredTrustType);
- }
+ while (!CERT_LIST_END(node, certList)) {
+ cert = node->cert;
- if ( ( flags & requiredTrustFlags ) != requiredTrustFlags ) {
- /* cert is not trusted */
- /* if this is the first cert to get this far, then save
- * it, so we can use it if we can't find a trusted one
- */
- if ( saveUntrustedCA == NULL ) {
- saveUntrustedCA = cert;
- }
- goto endloop;
- }
- }
- /* if we got this far, then this cert meets all criteria */
- break;
-
-endloop:
- node = CERT_LIST_NEXT(node);
- cert = NULL;
- }
+ /* looking for a trusted CA cert */
+ if ((owner == certOwnerCA) && preferTrusted &&
+ (requiredTrustType != trustTypeNone)) {
- /* use the saved one if we have it */
- if ( cert == NULL ) {
- cert = saveUntrustedCA;
- }
+ if (CERT_GetCertTrust(cert, &certTrust) != SECSuccess) {
+ flags = 0;
+ } else {
+ flags = SEC_GET_TRUST_FLAGS(&certTrust, requiredTrustType);
+ }
- /* if we found one then bump the ref count before freeing the list */
- if ( cert != NULL ) {
- /* bump the ref count */
- cert = CERT_DupCertificate(cert);
- }
-
- CERT_DestroyCertList(certList);
+ if ((flags & requiredTrustFlags) != requiredTrustFlags) {
+ /* cert is not trusted */
+ /* if this is the first cert to get this far, then save
+ * it, so we can use it if we can't find a trusted one
+ */
+ if (saveUntrustedCA == NULL) {
+ saveUntrustedCA = cert;
+ }
+ goto endloop;
+ }
+ }
+ /* if we got this far, then this cert meets all criteria */
+ break;
+
+ endloop:
+ node = CERT_LIST_NEXT(node);
+ cert = NULL;
+ }
+
+ /* use the saved one if we have it */
+ if (cert == NULL) {
+ cert = saveUntrustedCA;
+ }
+
+ /* if we found one then bump the ref count before freeing the list */
+ if (cert != NULL) {
+ /* bump the ref count */
+ cert = CERT_DupCertificate(cert);
+ }
+
+ CERT_DestroyCertList(certList);
}
- return(cert);
+ return (cert);
loser:
- if ( certList != NULL ) {
- CERT_DestroyCertList(certList);
+ if (certList != NULL) {
+ CERT_DestroyCertList(certList);
}
- return(NULL);
+ return (NULL);
}
-
/* [ From certdb.c ] */
/*
* Filter a list of certificates, removing those certs that do not have
* one of the named CA certs somewhere in their cert chain.
*
- * "certList" - the list of certificates to filter
- * "nCANames" - number of CA names
- * "caNames" - array of CA names in string(rfc 1485) form
- * "usage" - what use the certs are for, this is used when
- * selecting CA certs
+ * "certList" - the list of certificates to filter
+ * "nCANames" - number of CA names
+ * "caNames" - array of CA names in string(rfc 1485) form
+ * "usage" - what use the certs are for, this is used when
+ * selecting CA certs
*/
SECStatus
CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
- char **caNames, SECCertUsage usage)
+ char **caNames, SECCertUsage usage)
{
CERTCertificate *issuerCert = NULL;
CERTCertificate *subjectCert;
@@ -1656,65 +1655,64 @@
char **names;
PRBool found;
PRTime time;
-
- if ( nCANames <= 0 ) {
- return(SECSuccess);
+
+ if (nCANames <= 0) {
+ return (SECSuccess);
}
time = PR_Now();
-
+
node = CERT_LIST_HEAD(certList);
-
- while ( ! CERT_LIST_END(node, certList) ) {
- cert = node->cert;
-
- subjectCert = CERT_DupCertificate(cert);
- /* traverse the CA certs for this cert */
- found = PR_FALSE;
- while ( subjectCert != NULL ) {
- n = nCANames;
- names = caNames;
-
- if (subjectCert->issuerName != NULL) {
- while ( n > 0 ) {
- if ( PORT_Strcmp(*names, subjectCert->issuerName) == 0 ) {
- found = PR_TRUE;
- break;
- }
+ while (!CERT_LIST_END(node, certList)) {
+ cert = node->cert;
- n--;
- names++;
+ subjectCert = CERT_DupCertificate(cert);
+
+ /* traverse the CA certs for this cert */
+ found = PR_FALSE;
+ while (subjectCert != NULL) {
+ n = nCANames;
+ names = caNames;
+
+ if (subjectCert->issuerName != NULL) {
+ while (n > 0) {
+ if (PORT_Strcmp(*names, subjectCert->issuerName) == 0) {
+ found = PR_TRUE;
+ break;
+ }
+
+ n--;
+ names++;
}
- }
+ }
- if ( found ) {
- break;
- }
-
- issuerCert = CERT_FindCertIssuer(subjectCert, time, usage);
- if ( issuerCert == subjectCert ) {
- CERT_DestroyCertificate(issuerCert);
- issuerCert = NULL;
- break;
- }
- CERT_DestroyCertificate(subjectCert);
- subjectCert = issuerCert;
+ if (found) {
+ break;
+ }
- }
- CERT_DestroyCertificate(subjectCert);
- if ( !found ) {
- /* CA was not found, so remove this cert from the list */
- freenode = node;
- node = CERT_LIST_NEXT(node);
- CERT_RemoveCertListNode(freenode);
- } else {
- /* CA was found, so leave it in the list */
- node = CERT_LIST_NEXT(node);
- }
+ issuerCert = CERT_FindCertIssuer(subjectCert, time, usage);
+ if (issuerCert == subjectCert) {
+ CERT_DestroyCertificate(issuerCert);
+ issuerCert = NULL;
+ break;
+ }
+ CERT_DestroyCertificate(subjectCert);
+ subjectCert = issuerCert;
+ }
+ CERT_DestroyCertificate(subjectCert);
+ if (!found) {
+ /* CA was not found, so remove this cert from the list */
+ freenode = node;
+ node = CERT_LIST_NEXT(node);
+ CERT_RemoveCertListNode(freenode);
+ } else {
+ /* CA was found, so leave it in the list */
+ node = CERT_LIST_NEXT(node);
+ }
}
-
- return(SECSuccess);
+
+ return (SECSuccess);
}
/*
@@ -1723,70 +1721,70 @@
* certificate.
*
* "arena" - arena to allocate returned string from. If NULL, then heap
- * is used.
+ * is used.
* "cert" - the cert to get nickname from
* "expiredString" - the string to append to the nickname if the cert is
- * expired.
+ * expired.
* "notYetGoodString" - the string to append to the nickname if the cert is
- * not yet good.
+ * not yet good.
*/
char *
CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
- char *expiredString, char *notYetGoodString)
+ char *expiredString, char *notYetGoodString)
{
SECCertTimeValidity validity;
char *nickname = NULL, *tmpstr = NULL;
-
+
validity = CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE);
/* if the cert is good, then just use the nickname directly */
- if ( validity == secCertTimeValid ) {
- if ( arena == NULL ) {
- nickname = PORT_Strdup(cert->nickname);
- } else {
- nickname = PORT_ArenaStrdup(arena, cert->nickname);
- }
-
- if ( nickname == NULL ) {
- goto loser;
- }
- } else {
-
- /* if the cert is not valid, then tack one of the strings on the
- * end
- */
- if ( validity == secCertTimeExpired ) {
- tmpstr = PR_smprintf("%s%s", cert->nickname,
- expiredString);
- } else if ( validity == secCertTimeNotValidYet ) {
- /* not yet valid */
- tmpstr = PR_smprintf("%s%s", cert->nickname,
- notYetGoodString);
+ if (validity == secCertTimeValid) {
+ if (arena == NULL) {
+ nickname = PORT_Strdup(cert->nickname);
} else {
- /* undetermined */
- tmpstr = PR_smprintf("%s",
- "(NULL) (Validity Unknown)");
+ nickname = PORT_ArenaStrdup(arena, cert->nickname);
}
- if ( tmpstr == NULL ) {
- goto loser;
- }
+ if (nickname == NULL) {
+ goto loser;
+ }
+ } else {
- if ( arena ) {
- /* copy the string into the arena and free the malloc'd one */
- nickname = PORT_ArenaStrdup(arena, tmpstr);
- PORT_Free(tmpstr);
- } else {
- nickname = tmpstr;
- }
- if ( nickname == NULL ) {
- goto loser;
- }
- }
- return(nickname);
+ /* if the cert is not valid, then tack one of the strings on the
+ * end
+ */
+ if (validity == secCertTimeExpired) {
+ tmpstr = PR_smprintf("%s%s", cert->nickname,
+ expiredString);
+ } else if (validity == secCertTimeNotValidYet) {
+ /* not yet valid */
+ tmpstr = PR_smprintf("%s%s", cert->nickname,
+ notYetGoodString);
+ } else {
+ /* undetermined */
+ tmpstr = PR_smprintf("%s",
+ "(NULL) (Validity Unknown)");
+ }
+
+ if (tmpstr == NULL) {
+ goto loser;
+ }
+
+ if (arena) {
+ /* copy the string into the arena and free the malloc'd one */
+ nickname = PORT_ArenaStrdup(arena, tmpstr);
+ PORT_Free(tmpstr);
+ } else {
+ nickname = tmpstr;
+ }
+ if (nickname == NULL) {
+ goto loser;
+ }
+ }
+ return (nickname);
loser:
- return(NULL);
+ return (NULL);
}
/*
@@ -1796,27 +1794,27 @@
* "certList" - the list of certificates
* "expiredString" - the string to append to the nickname of any expired cert
* "notYetGoodString" - the string to append to the nickname of any cert
- * that is not yet valid
+ * that is not yet valid
*/
CERTCertNicknames *
CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
- char *notYetGoodString)
+ char *notYetGoodString)
{
CERTCertNicknames *names;
PLArenaPool *arena;
CERTCertListNode *node;
char **nn;
-
+
/* allocate an arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( arena == NULL ) {
- return(NULL);
+ if (arena == NULL) {
+ return (NULL);
}
-
+
/* allocate the structure */
names = PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
- if ( names == NULL ) {
- goto loser;
+ if (names == NULL) {
+ goto loser;
}
/* init the structure */
@@ -1828,49 +1826,49 @@
/* count the certs in the list */
node = CERT_LIST_HEAD(certList);
- while ( ! CERT_LIST_END(node, certList) ) {
- names->numnicknames++;
- node = CERT_LIST_NEXT(node);
+ while (!CERT_LIST_END(node, certList)) {
+ names->numnicknames++;
+ node = CERT_LIST_NEXT(node);
}
-
+
/* allocate nicknames array */
names->nicknames = PORT_ArenaAlloc(arena,
- sizeof(char *) * names->numnicknames);
- if ( names->nicknames == NULL ) {
- goto loser;
+ sizeof(char *) * names->numnicknames);
+ if (names->nicknames == NULL) {
+ goto loser;
}
/* just in case printf can't deal with null strings */
- if (expiredString == NULL ) {
- expiredString = "";
+ if (expiredString == NULL) {
+ expiredString = "";
}
- if ( notYetGoodString == NULL ) {
- notYetGoodString = "";
+ if (notYetGoodString == NULL) {
+ notYetGoodString = "";
}
-
+
/* traverse the list of certs and collect the nicknames */
nn = names->nicknames;
node = CERT_LIST_HEAD(certList);
- while ( ! CERT_LIST_END(node, certList) ) {
- *nn = CERT_GetCertNicknameWithValidity(arena, node->cert,
- expiredString,
- notYetGoodString);
- if ( *nn == NULL ) {
- goto loser;
- }
+ while (!CERT_LIST_END(node, certList)) {
+ *nn = CERT_GetCertNicknameWithValidity(arena, node->cert,
+ expiredString,
+ notYetGoodString);
+ if (*nn == NULL) {
+ goto loser;
+ }
- names->totallen += PORT_Strlen(*nn);
-
- nn++;
- node = CERT_LIST_NEXT(node);
+ names->totallen += PORT_Strlen(*nn);
+
+ nn++;
+ node = CERT_LIST_NEXT(node);
}
- return(names);
+ return (names);
loser:
PORT_FreeArena(arena, PR_FALSE);
- return(NULL);
+ return (NULL);
}
/*
@@ -1878,63 +1876,63 @@
* expiredString or notYetGoodString appended.
*
* Args:
- * "namestring" - the string containing the nickname, and possibly
- * one of the validity label strings
- * "expiredString" - the expired validity label string
- * "notYetGoodString" - the not yet good validity label string
+ * "namestring" - the string containing the nickname, and possibly
+ * one of the validity label strings
+ * "expiredString" - the expired validity label string
+ * "notYetGoodString" - the not yet good validity label string
*
* Returns the raw nickname
*/
char *
CERT_ExtractNicknameString(char *namestring, char *expiredString,
- char *notYetGoodString)
+ char *notYetGoodString)
{
int explen, nyglen, namelen;
int retlen;
char *retstr;
-
+
namelen = PORT_Strlen(namestring);
explen = PORT_Strlen(expiredString);
nyglen = PORT_Strlen(notYetGoodString);
-
- if ( namelen > explen ) {
- if ( PORT_Strcmp(expiredString, &namestring[namelen-explen]) == 0 ) {
- retlen = namelen - explen;
- retstr = (char *)PORT_Alloc(retlen+1);
- if ( retstr == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(retstr, namestring, retlen);
- retstr[retlen] = '\0';
- goto done;
- }
+
+ if (namelen > explen) {
+ if (PORT_Strcmp(expiredString, &namestring[namelen - explen]) == 0) {
+ retlen = namelen - explen;
+ retstr = (char *)PORT_Alloc(retlen + 1);
+ if (retstr == NULL) {
+ goto loser;
+ }
+
+ PORT_Memcpy(retstr, namestring, retlen);
+ retstr[retlen] = '\0';
+ goto done;
+ }
}
- if ( namelen > nyglen ) {
- if ( PORT_Strcmp(notYetGoodString, &namestring[namelen-nyglen]) == 0) {
- retlen = namelen - nyglen;
- retstr = (char *)PORT_Alloc(retlen+1);
- if ( retstr == NULL ) {
- goto loser;
- }
-
- PORT_Memcpy(retstr, namestring, retlen);
- retstr[retlen] = '\0';
- goto done;
- }
+ if (namelen > nyglen) {
+ if (PORT_Strcmp(notYetGoodString, &namestring[namelen - nyglen]) == 0) {
+ retlen = namelen - nyglen;
+ retstr = (char *)PORT_Alloc(retlen + 1);
+ if (retstr == NULL) {
+ goto loser;
+ }
+
+ PORT_Memcpy(retstr, namestring, retlen);
+ retstr[retlen] = '\0';
+ goto done;
+ }
}
/* if name string is shorter than either invalid string, then it must
* be a raw nickname
*/
retstr = PORT_Strdup(namestring);
-
+
done:
- return(retstr);
+ return (retstr);
loser:
- return(NULL);
+ return (NULL);
}
CERTCertList *
@@ -1946,7 +1944,7 @@
if (NULL == cert) {
return NULL;
}
-
+
cert = CERT_DupCertificate(cert);
if (NULL == cert) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -1960,18 +1958,18 @@
}
while (cert != NULL && ++count <= CERT_MAX_CERT_CHAIN) {
- if (SECSuccess != CERT_AddCertToListTail(chain, cert)) {
+ if (SECSuccess != CERT_AddCertToListTail(chain, cert)) {
/* return partial chain */
PORT_SetError(SEC_ERROR_NO_MEMORY);
return chain;
}
- if (cert->isRoot) {
+ if (cert->isRoot) {
/* return complete chain */
- return chain;
- }
+ return chain;
+ }
- cert = CERT_FindCertIssuer(cert, time, usage);
+ cert = CERT_FindCertIssuer(cert, time, usage);
}
/* return partial chain */
diff --git a/nss/lib/certhigh/certvfypkix.c b/nss/lib/certhigh/certvfypkix.c
index b89fe21..5c11d7f 100644
--- a/nss/lib/certhigh/certvfypkix.c
+++ b/nss/lib/certhigh/certvfypkix.c
@@ -12,7 +12,7 @@
*/
#include "prerror.h"
#include "prprf.h"
-
+
#include "nspr.h"
#include "pk11func.h"
#include "certdb.h"
@@ -38,7 +38,6 @@
PRInt32 parallelFnInvocationCount;
#endif /* PKIX_OBJECT_LEAK_TEST */
-
static PRBool usePKIXValidationEngine = PR_FALSE;
/*
@@ -104,7 +103,7 @@
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-static PKIX_Error*
+static PKIX_Error *
cert_NssKeyUsagesToPkix(
PRUint32 nssKeyUsage,
PKIX_UInt32 *pPkixKeyUsage,
@@ -120,7 +119,7 @@
if (nssKeyUsage & KU_DIGITAL_SIGNATURE) {
pkixKeyUsage |= PKIX_DIGITAL_SIGNATURE;
}
-
+
if (nssKeyUsage & KU_NON_REPUDIATION) {
pkixKeyUsage |= PKIX_NON_REPUDIATION;
}
@@ -128,19 +127,19 @@
if (nssKeyUsage & KU_KEY_ENCIPHERMENT) {
pkixKeyUsage |= PKIX_KEY_ENCIPHERMENT;
}
-
+
if (nssKeyUsage & KU_DATA_ENCIPHERMENT) {
pkixKeyUsage |= PKIX_DATA_ENCIPHERMENT;
}
-
+
if (nssKeyUsage & KU_KEY_AGREEMENT) {
pkixKeyUsage |= PKIX_KEY_AGREEMENT;
}
-
+
if (nssKeyUsage & KU_KEY_CERT_SIGN) {
pkixKeyUsage |= PKIX_KEY_CERT_SIGN;
}
-
+
if (nssKeyUsage & KU_CRL_SIGN) {
pkixKeyUsage |= PKIX_CRL_SIGN;
}
@@ -148,7 +147,7 @@
if (nssKeyUsage & KU_ENCIPHER_ONLY) {
pkixKeyUsage |= PKIX_ENCIPHER_ONLY;
}
-
+
/* Not supported. XXX we should support this once it is
* fixed in NSS */
/* pkixKeyUsage |= PKIX_DECIPHER_ONLY; */
@@ -176,17 +175,17 @@
} SECCertUsageToEku;
const SECCertUsageToEku certUsageEkuStringMap[] = {
- {certUsageSSLClient, ekuIndexSSLClient},
- {certUsageSSLServer, ekuIndexSSLServer},
- {certUsageSSLCA, ekuIndexSSLServer},
- {certUsageEmailSigner, ekuIndexEmail},
- {certUsageEmailRecipient, ekuIndexEmail},
- {certUsageObjectSigner, ekuIndexCodeSigner},
- {certUsageUserCertImport, ekuIndexUnknown},
- {certUsageVerifyCA, ekuIndexUnknown},
- {certUsageProtectedObjectSigner, ekuIndexUnknown},
- {certUsageStatusResponder, ekuIndexStatusResponder},
- {certUsageAnyCA, ekuIndexUnknown},
+ { certUsageSSLClient, ekuIndexSSLClient },
+ { certUsageSSLServer, ekuIndexSSLServer },
+ { certUsageSSLCA, ekuIndexSSLServer },
+ { certUsageEmailSigner, ekuIndexEmail },
+ { certUsageEmailRecipient, ekuIndexEmail },
+ { certUsageObjectSigner, ekuIndexCodeSigner },
+ { certUsageUserCertImport, ekuIndexUnknown },
+ { certUsageVerifyCA, ekuIndexUnknown },
+ { certUsageProtectedObjectSigner, ekuIndexUnknown },
+ { certUsageStatusResponder, ekuIndexStatusResponder },
+ { certUsageAnyCA, ekuIndexUnknown },
};
/*
@@ -200,15 +199,15 @@
* "cert"
* Pointer to CERTCertificate structure of validating cert.
* "requiredCertUsages"
- * Required usage that will be converted to pkix eku and ku.
+ * Required usage that will be converted to pkix eku and ku.
* "requiredKeyUsage",
* Additional key usages impose to cert.
* "isCA",
- * it true, convert usages for cert that is a CA cert.
+ * it true, convert usages for cert that is a CA cert.
* "ppkixEKUList"
* Returned address of a list of pkix extended key usages.
* "ppkixKU"
- * Returned address of pkix required key usages bit field.
+ * Returned address of pkix required key usages bit field.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
@@ -218,29 +217,29 @@
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-static PKIX_Error*
+static PKIX_Error *
cert_NssCertificateUsageToPkixKUAndEKU(
CERTCertificate *cert,
- SECCertUsage requiredCertUsage,
- PRUint32 requiredKeyUsages,
- PRBool isCA,
- PKIX_List **ppkixEKUList,
- PKIX_UInt32 *ppkixKU,
- void *plContext)
+ SECCertUsage requiredCertUsage,
+ PRUint32 requiredKeyUsages,
+ PRBool isCA,
+ PKIX_List **ppkixEKUList,
+ PKIX_UInt32 *ppkixKU,
+ void *plContext)
{
- PKIX_List *ekuOidsList = NULL;
- PKIX_PL_OID *ekuOid = NULL;
- int i = 0;
- int ekuIndex = ekuIndexUnknown;
+ PKIX_List *ekuOidsList = NULL;
+ PKIX_PL_OID *ekuOid = NULL;
+ int i = 0;
+ int ekuIndex = ekuIndexUnknown;
PKIX_ENTER(CERTVFYPKIX, "cert_NssCertificateUsageToPkixEku");
PKIX_NULLCHECK_TWO(ppkixEKUList, ppkixKU);
-
+
PKIX_CHECK(
PKIX_List_Create(&ekuOidsList, plContext),
PKIX_LISTCREATEFAILED);
- for (;i < PR_ARRAY_SIZE(certUsageEkuStringMap);i++) {
+ for (; i < PR_ARRAY_SIZE(certUsageEkuStringMap); i++) {
const SECCertUsageToEku *usageToEkuElem =
&certUsageEkuStringMap[i];
if (usageToEkuElem->certUsage == requiredCertUsage) {
@@ -249,25 +248,25 @@
}
}
if (ekuIndex != ekuIndexUnknown) {
- PRUint32 reqKeyUsage = 0;
- PRUint32 reqCertType = 0;
+ PRUint32 reqKeyUsage = 0;
+ PRUint32 reqCertType = 0;
CERT_KeyUsageAndTypeForCertUsage(requiredCertUsage, isCA,
&reqKeyUsage,
&reqCertType);
-
+
requiredKeyUsages |= reqKeyUsage;
-
+
PKIX_CHECK(
PKIX_PL_OID_Create(ekuOidStrings[ekuIndex], &ekuOid,
plContext),
PKIX_OIDCREATEFAILED);
-
+
PKIX_CHECK(
PKIX_List_AppendItem(ekuOidsList, (PKIX_PL_Object *)ekuOid,
plContext),
PKIX_LISTAPPENDITEMFAILED);
-
+
PKIX_DECREF(ekuOid);
}
@@ -279,7 +278,7 @@
ekuOidsList = NULL;
cleanup:
-
+
PKIX_DECREF(ekuOid);
PKIX_DECREF(ekuOidsList);
@@ -313,37 +312,36 @@
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-static PKIX_Error*
+static PKIX_Error *
cert_ProcessingParamsSetKeyAndCertUsage(
PKIX_ProcessingParams *procParams,
- SECCertUsage requiredCertUsage,
- PRUint32 requiredKeyUsages,
- void *plContext)
+ SECCertUsage requiredCertUsage,
+ PRUint32 requiredKeyUsages,
+ void *plContext)
{
- PKIX_CertSelector *certSelector = NULL;
+ PKIX_CertSelector *certSelector = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext*)plContext;
-
+ PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext *)plContext;
+
PKIX_ENTER(CERTVFYPKIX, "cert_ProcessingParamsSetKeyAndCertUsage");
PKIX_NULLCHECK_TWO(procParams, nssContext);
-
+
PKIX_CHECK(
pkix_pl_NssContext_SetCertUsage(
- ((SECCertificateUsage)1) << requiredCertUsage, nssContext),
- PKIX_NSSCONTEXTSETCERTUSAGEFAILED);
+ ((SECCertificateUsage)1) << requiredCertUsage, nssContext),
+ PKIX_NSSCONTEXTSETCERTUSAGEFAILED);
if (requiredKeyUsages) {
PKIX_CHECK(
PKIX_ProcessingParams_GetTargetCertConstraints(procParams,
&certSelector, plContext),
PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
-
+
PKIX_CHECK(
PKIX_CertSelector_GetCommonCertSelectorParams(certSelector,
&certSelParams, plContext),
PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
-
-
+
PKIX_CHECK(
PKIX_ComCertSelParams_SetKeyUsage(certSelParams, requiredKeyUsages,
plContext),
@@ -357,7 +355,7 @@
}
/*
- * Unused parameters:
+ * Unused parameters:
*
* CERTCertList *initialChain,
* CERTCertStores certStores,
@@ -398,44 +396,44 @@
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-static PKIX_Error*
+static PKIX_Error *
cert_CreatePkixProcessingParams(
- CERTCertificate *cert,
- PRBool checkSig, /* not used yet. See bug 391476 */
- PRTime time,
- void *wincx,
- PRBool useArena,
- PRBool disableOCSPRemoteFetching,
+ CERTCertificate *cert,
+ PRBool checkSig, /* not used yet. See bug 391476 */
+ PRTime time,
+ void *wincx,
+ PRBool useArena,
+ PRBool disableOCSPRemoteFetching,
PKIX_ProcessingParams **pprocParams,
- void **pplContext)
+ void **pplContext)
{
- PKIX_List *anchors = NULL;
- PKIX_PL_Cert *targetCert = NULL;
- PKIX_PL_Date *date = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_PL_Cert *targetCert = NULL;
+ PKIX_PL_Date *date = NULL;
PKIX_ProcessingParams *procParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
+ PKIX_CertSelector *certSelector = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_List *certStores = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_List *certStores = NULL;
PKIX_RevocationChecker *revChecker = NULL;
- PKIX_UInt32 methodFlags = 0;
- void *plContext = NULL;
- CERTStatusConfig *statusConfig = NULL;
-
+ PKIX_UInt32 methodFlags = 0;
+ void *plContext = NULL;
+ CERTStatusConfig *statusConfig = NULL;
+
PKIX_ENTER(CERTVFYPKIX, "cert_CreatePkixProcessingParams");
PKIX_NULLCHECK_TWO(cert, pprocParams);
-
+
PKIX_CHECK(
PKIX_PL_NssContext_Create(0, useArena, wincx, &plContext),
PKIX_NSSCONTEXTCREATEFAILED);
*pplContext = plContext;
-#ifdef PKIX_NOTDEF
+#ifdef PKIX_NOTDEF
/* Functions should be implemented in patch for 390532 */
PKIX_CHECK(
pkix_pl_NssContext_SetCertSignatureCheck(checkSig,
- (PKIX_PL_NssContext*)plContext),
+ (PKIX_PL_NssContext *)plContext),
PKIX_NSSCONTEXTSETCERTSIGNCHECKFAILED);
#endif /* PKIX_NOTDEF */
@@ -443,11 +441,11 @@
PKIX_CHECK(
PKIX_ProcessingParams_Create(&procParams, plContext),
PKIX_PROCESSINGPARAMSCREATEFAILED);
-
+
PKIX_CHECK(
PKIX_ComCertSelParams_Create(&certSelParams, plContext),
PKIX_COMCERTSELPARAMSCREATEFAILED);
-
+
PKIX_CHECK(
PKIX_PL_Cert_CreateFromCERTCertificate(cert, &targetCert, plContext),
PKIX_CERTCREATEWITHNSSCERTFAILED);
@@ -456,16 +454,16 @@
PKIX_ComCertSelParams_SetCertificate(certSelParams,
targetCert, plContext),
PKIX_COMCERTSELPARAMSSETCERTIFICATEFAILED);
-
+
PKIX_CHECK(
PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext),
PKIX_COULDNOTCREATECERTSELECTOROBJECT);
-
+
PKIX_CHECK(
PKIX_CertSelector_SetCommonCertSelectorParams(certSelector,
certSelParams, plContext),
PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
-
+
PKIX_CHECK(
PKIX_ProcessingParams_SetTargetCertConstraints(procParams,
certSelector, plContext),
@@ -482,11 +480,11 @@
PKIX_CHECK(
PKIX_PL_Pk11CertStore_Create(&certStore, plContext),
PKIX_PK11CERTSTORECREATEFAILED);
-
+
PKIX_CHECK(
PKIX_List_Create(&certStores, plContext),
PKIX_UNABLETOCREATELIST);
-
+
PKIX_CHECK(
PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore,
plContext),
@@ -507,11 +505,11 @@
PKIX_CHECK(
PKIX_RevocationChecker_Create(
- PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
- PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
- PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
- PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
- &revChecker, plContext),
+ PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+ PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
+ PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+ PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
+ &revChecker, plContext),
PKIX_REVOCATIONCHECKERCREATEFAILED);
PKIX_CHECK(
@@ -520,27 +518,27 @@
PKIX_PROCESSINGPARAMSSETREVOCATIONCHECKERFAILED);
/* CRL method flags */
- methodFlags =
+ methodFlags =
PKIX_REV_M_TEST_USING_THIS_METHOD |
PKIX_REV_M_FORBID_NETWORK_FETCHING |
- PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE | /* 0 */
- PKIX_REV_M_IGNORE_MISSING_FRESH_INFO | /* 0 */
+ PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE | /* 0 */
+ PKIX_REV_M_IGNORE_MISSING_FRESH_INFO | /* 0 */
PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO;
/* add CRL revocation method to check the leaf certificate */
PKIX_CHECK(
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
- PKIX_RevocationMethod_CRL, methodFlags,
- 0, NULL, PKIX_TRUE, plContext),
+ PKIX_RevocationMethod_CRL, methodFlags,
+ 0, NULL, PKIX_TRUE, plContext),
PKIX_REVOCATIONCHECKERADDMETHODFAILED);
/* add CRL revocation method for other certs in the chain. */
PKIX_CHECK(
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
- PKIX_RevocationMethod_CRL, methodFlags,
- 0, NULL, PKIX_FALSE, plContext),
+ PKIX_RevocationMethod_CRL, methodFlags,
+ 0, NULL, PKIX_FALSE, plContext),
PKIX_REVOCATIONCHECKERADDMETHODFAILED);
-
+
/* For compatibility with the old code, need to check that
* statusConfig is set in the db handle and status checker
* is defined befor allow ocsp status check on the leaf cert.*/
@@ -551,30 +549,30 @@
/* OCSP method flags */
methodFlags =
PKIX_REV_M_TEST_USING_THIS_METHOD |
- PKIX_REV_M_ALLOW_NETWORK_FETCHING | /* 0 */
- PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE | /* 0 */
- PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE | /* 0 */
- PKIX_REV_M_IGNORE_MISSING_FRESH_INFO | /* 0 */
+ PKIX_REV_M_ALLOW_NETWORK_FETCHING | /* 0 */
+ PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE | /* 0 */
+ PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE | /* 0 */
+ PKIX_REV_M_IGNORE_MISSING_FRESH_INFO | /* 0 */
PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO;
-
+
/* Disabling ocsp fetching when checking the status
* of ocsp response signer. Here and in the next if,
* adjust flags for ocsp signer cert validation case. */
if (disableOCSPRemoteFetching) {
methodFlags |= PKIX_REV_M_FORBID_NETWORK_FETCHING;
}
-
- if (ocsp_FetchingFailureIsVerificationFailure()
- && !disableOCSPRemoteFetching) {
+
+ if (ocsp_FetchingFailureIsVerificationFailure() &&
+ !disableOCSPRemoteFetching) {
methodFlags |=
PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO;
}
-
+
/* add OCSP revocation method to check only the leaf certificate.*/
PKIX_CHECK(
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
- PKIX_RevocationMethod_OCSP, methodFlags,
- 1, NULL, PKIX_TRUE, plContext),
+ PKIX_RevocationMethod_OCSP, methodFlags,
+ 1, NULL, PKIX_TRUE, plContext),
PKIX_REVOCATIONCHECKERADDMETHODFAILED);
}
@@ -585,14 +583,14 @@
PKIX_CHECK(
PKIX_ProcessingParams_SetExplicitPolicyRequired(procParams, PR_FALSE,
- plContext),
+ plContext),
PKIX_PROCESSINGPARAMSSETEXPLICITPOLICYREQUIRED);
PKIX_CHECK(
PKIX_ProcessingParams_SetPolicyMappingInhibited(procParams, PR_FALSE,
plContext),
PKIX_PROCESSINGPARAMSSETPOLICYMAPPINGINHIBITED);
-
+
*pprocParams = procParams;
procParams = NULL;
@@ -615,10 +613,10 @@
* DESCRIPTION:
*
* Converts pkix cert list into nss cert list.
- *
+ *
* PARAMETERS:
* "pkixCertChain"
- * Pkix certificate list.
+ * Pkix certificate list.
* "pvalidChain"
* An address of returned nss certificate list.
* "plContext"
@@ -630,18 +628,18 @@
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-static PKIX_Error*
+static PKIX_Error *
cert_PkixToNssCertsChain(
- PKIX_List *pkixCertChain,
- CERTCertList **pvalidChain,
+ PKIX_List *pkixCertChain,
+ CERTCertList **pvalidChain,
void *plContext)
{
- PLArenaPool *arena = NULL;
+ PLArenaPool *arena = NULL;
CERTCertificate *nssCert = NULL;
- CERTCertList *validChain = NULL;
- PKIX_PL_Object *certItem = NULL;
- PKIX_UInt32 length = 0;
- PKIX_UInt32 i = 0;
+ CERTCertList *validChain = NULL;
+ PKIX_PL_Object *certItem = NULL;
+ PKIX_UInt32 length = 0;
+ PKIX_UInt32 i = 0;
PKIX_ENTER(CERTVFYPKIX, "cert_PkixToNssCertsChain");
PKIX_NULLCHECK_ONE(pvalidChain);
@@ -653,7 +651,7 @@
if (arena == NULL) {
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
- validChain = (CERTCertList*)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
+ validChain = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
if (validChain == NULL) {
PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
}
@@ -665,22 +663,22 @@
PKIX_List_GetLength(pkixCertChain, &length, plContext),
PKIX_LISTGETLENGTHFAILED);
- for (i = 0; i < length; i++){
+ for (i = 0; i < length; i++) {
CERTCertListNode *node = NULL;
PKIX_CHECK(
PKIX_List_GetItem(pkixCertChain, i, &certItem, plContext),
PKIX_LISTGETITEMFAILED);
-
+
PKIX_CHECK(
- PKIX_PL_Cert_GetCERTCertificate((PKIX_PL_Cert*)certItem, &nssCert,
- plContext),
+ PKIX_PL_Cert_GetCERTCertificate((PKIX_PL_Cert *)certItem, &nssCert,
+ plContext),
PKIX_CERTGETCERTCERTIFICATEFAILED);
-
+
node =
(CERTCertListNode *)PORT_ArenaZAlloc(validChain->arena,
sizeof(CERTCertListNode));
- if ( node == NULL ) {
+ if (node == NULL) {
PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
}
@@ -695,7 +693,7 @@
*pvalidChain = validChain;
cleanup:
- if (PKIX_ERROR_RECEIVED){
+ if (PKIX_ERROR_RECEIVED) {
if (validChain) {
CERT_DestroyCertList(validChain);
} else if (arena) {
@@ -710,7 +708,6 @@
PKIX_RETURN(CERTVFYPKIX);
}
-
/*
* FUNCTION: cert_BuildAndValidateChain
* DESCRIPTION:
@@ -738,7 +735,7 @@
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-static PKIX_Error*
+static PKIX_Error *
cert_BuildAndValidateChain(
PKIX_ProcessingParams *procParams,
PKIX_BuildResult **pResult,
@@ -746,19 +743,19 @@
void *plContext)
{
PKIX_BuildResult *result = NULL;
- PKIX_VerifyNode *verifyNode = NULL;
- void *nbioContext = NULL;
- void *state = NULL;
-
+ PKIX_VerifyNode *verifyNode = NULL;
+ void *nbioContext = NULL;
+ void *state = NULL;
+
PKIX_ENTER(CERTVFYPKIX, "cert_BuildAndVerifyChain");
PKIX_NULLCHECK_TWO(procParams, pResult);
-
+
do {
if (nbioContext && state) {
/* PKIX-XXX: need to test functionality of NBIO handling in libPkix.
* See bug 391180 */
PRInt32 filesReady = 0;
- PRPollDesc *pollDesc = (PRPollDesc*)nbioContext;
+ PRPollDesc *pollDesc = (PRPollDesc *)nbioContext;
filesReady = PR_Poll(pollDesc, 1, PR_INTERVAL_NO_TIMEOUT);
if (filesReady <= 0) {
PKIX_ERROR(PKIX_PRPOLLRETBADFILENUM);
@@ -769,7 +766,7 @@
PKIX_BuildChain(procParams, &nbioContext, &state,
&result, &verifyNode, plContext),
PKIX_UNABLETOBUILDCHAIN);
-
+
} while (nbioContext && state);
*pResult = result;
@@ -782,7 +779,6 @@
PKIX_RETURN(CERTVFYPKIX);
}
-
/*
* FUNCTION: cert_PkixErrorToNssCode
* DESCRIPTION:
@@ -817,16 +813,17 @@
PKIX_ENTER(CERTVFYPKIX, "cert_PkixErrorToNssCode");
PKIX_NULLCHECK_TWO(error, pNssErr);
-
+
/* Loop until we find at least one error with non-null
* plErr code, that is going to be nss error code. */
while (errPtr) {
if (errPtr->plErr && !nssErr) {
nssErr = errPtr->plErr;
- if (!pkixLog) break;
+ if (!pkixLog)
+ break;
}
if (pkixLog) {
-#ifdef PKIX_ERROR_DESCRIPTION
+#ifdef PKIX_ERROR_DESCRIPTION
PR_LOG(pkixLog, 2, ("Error at level %d: %s\n", errLevel,
PKIX_ErrorText[errPtr->errCode]));
#else
@@ -835,7 +832,7 @@
#endif /* PKIX_ERROR_DESCRIPTION */
}
errPtr = errPtr->cause;
- errLevel += 1;
+ errLevel += 1;
}
PORT_Assert(nssErr);
if (!nssErr) {
@@ -856,7 +853,7 @@
*
* PARAMETERS:
* "log"
- * Pointed to already allocated CERTVerifyLog structure.
+ * Pointed to already allocated CERTVerifyLog structure.
* "node"
* A node of PKIX_VerifyNode tree.
* "plContext"
@@ -874,7 +871,7 @@
PKIX_VerifyNode *node,
void *plContext)
{
- PKIX_List *children = NULL;
+ PKIX_List *children = NULL;
PKIX_VerifyNode *childNode = NULL;
PKIX_ENTER(CERTVFYPKIX, "cert_GetLogFromVerifyNode");
@@ -894,26 +891,26 @@
cert_PkixErrorToNssCode(node->error, &nssErrorCode,
plContext),
PKIX_GETPKIXERRORCODEFAILED);
-
+
cert_AddToVerifyLog(log, cert, nssErrorCode, node->depth, NULL);
}
}
PKIX_RETURN(CERTVFYPKIX);
} else {
- PRUint32 i = 0;
- PKIX_UInt32 length = 0;
+ PRUint32 i = 0;
+ PKIX_UInt32 length = 0;
PKIX_CHECK(
PKIX_List_GetLength(children, &length, plContext),
PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < length; i++){
+
+ for (i = 0; i < length; i++) {
PKIX_CHECK(
- PKIX_List_GetItem(children, i, (PKIX_PL_Object**)&childNode,
+ PKIX_List_GetItem(children, i, (PKIX_PL_Object **)&childNode,
plContext),
PKIX_LISTGETITEMFAILED);
-
+
PKIX_CHECK(
cert_GetLogFromVerifyNode(log, childNode, plContext),
PKIX_ERRORINRECURSIVEEQUALSCALL);
@@ -943,7 +940,7 @@
* In case of failure it will convert:
* * pkix error to PR error code(will set it with PORT_SetError)
* * pkix validation log to nss CERTVerifyLog
- *
+ *
* PARAMETERS:
* "buildResult"
* Build results returned by PKIX_BuildChain.
@@ -968,23 +965,23 @@
* Returns a Cert Verify Error if the function fails in an unrecoverable way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-static PKIX_Error*
+static PKIX_Error *
cert_GetBuildResults(
PKIX_BuildResult *buildResult,
- PKIX_VerifyNode *verifyNode,
- PKIX_Error *error,
- CERTVerifyLog *log,
+ PKIX_VerifyNode *verifyNode,
+ PKIX_Error *error,
+ CERTVerifyLog *log,
CERTCertificate **ptrustedRoot,
- CERTCertList **pvalidChain,
- void *plContext)
+ CERTCertList **pvalidChain,
+ void *plContext)
{
PKIX_ValidateResult *validResult = NULL;
- CERTCertList *validChain = NULL;
- CERTCertificate *trustedRoot = NULL;
- PKIX_TrustAnchor *trustAnchor = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_List *pkixCertChain = NULL;
-
+ CERTCertList *validChain = NULL;
+ CERTCertificate *trustedRoot = NULL;
+ PKIX_TrustAnchor *trustAnchor = NULL;
+ PKIX_PL_Cert *trustedCert = NULL;
+ PKIX_List *pkixCertChain = NULL;
+
PKIX_ENTER(CERTVFYPKIX, "cert_GetBuildResults");
if (buildResult == NULL && error == NULL) {
PKIX_ERROR(PKIX_NULLARGUMENT);
@@ -1036,7 +1033,7 @@
plContext),
PKIX_CERTGETCERTCERTIFICATEFAILED);
}
-
+
PORT_Assert(!PKIX_ERROR_RECEIVED);
if (trustedRoot) {
@@ -1062,7 +1059,7 @@
PKIX_DECREF(error);
PKIX_DECREF(verifyNode);
PKIX_DECREF(buildResult);
-
+
PKIX_RETURN(CERTVFYPKIX);
}
@@ -1103,27 +1100,27 @@
SECStatus
cert_VerifyCertChainPkix(
CERTCertificate *cert,
- PRBool checkSig,
- SECCertUsage requiredUsage,
- PRTime time,
- void *wincx,
- CERTVerifyLog *log,
- PRBool *pSigerror,
- PRBool *pRevoked)
+ PRBool checkSig,
+ SECCertUsage requiredUsage,
+ PRTime time,
+ void *wincx,
+ CERTVerifyLog *log,
+ PRBool *pSigerror,
+ PRBool *pRevoked)
{
PKIX_ProcessingParams *procParams = NULL;
- PKIX_BuildResult *result = NULL;
- PKIX_VerifyNode *verifyNode = NULL;
- PKIX_Error *error = NULL;
+ PKIX_BuildResult *result = NULL;
+ PKIX_VerifyNode *verifyNode = NULL;
+ PKIX_Error *error = NULL;
- SECStatus rv = SECFailure;
- void *plContext = NULL;
+ SECStatus rv = SECFailure;
+ void *plContext = NULL;
#ifdef PKIX_OBJECT_LEAK_TEST
- int leakedObjNum = 0;
- int memLeakLoopCount = 0;
- int objCountTable[PKIX_NUMTYPES];
- int fnInvLocalCount = 0;
+ int leakedObjNum = 0;
+ int memLeakLoopCount = 0;
+ int objCountTable[PKIX_NUMTYPES];
+ int fnInvLocalCount = 0;
PKIX_Boolean savedUsePkixEngFlag = usePKIXValidationEngine;
if (usePKIXValidationEngine) {
@@ -1136,93 +1133,94 @@
testStartFnStackPosition = 2;
fnStackNameArr[0] = "cert_VerifyCertChainPkix";
fnStackInvCountArr[0] = 0;
- PKIX_Boolean abortOnLeak =
- (PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
- PKIX_FALSE : PKIX_TRUE;
+ PKIX_Boolean abortOnLeak =
+ (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE
+ : PKIX_TRUE;
runningLeakTest = PKIX_TRUE;
/* Prevent multi-threaded run of object leak test */
fnInvLocalCount = PR_ATOMIC_INCREMENT(¶llelFnInvocationCount);
PORT_Assert(fnInvLocalCount == 1);
-do {
- rv = SECFailure;
- plContext = NULL;
- procParams = NULL;
- result = NULL;
- verifyNode = NULL;
- error = NULL;
- errorGenerated = PKIX_FALSE;
- stackPosition = 0;
+ do {
+ rv = SECFailure;
+ plContext = NULL;
+ procParams = NULL;
+ result = NULL;
+ verifyNode = NULL;
+ error = NULL;
+ errorGenerated = PKIX_FALSE;
+ stackPosition = 0;
- if (leakedObjNum) {
- pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
- }
- memLeakLoopCount += 1;
+ if (leakedObjNum) {
+ pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
+ }
+ memLeakLoopCount += 1;
#endif /* PKIX_OBJECT_LEAK_TEST */
- error =
- cert_CreatePkixProcessingParams(cert, checkSig, time, wincx,
- PR_FALSE/*use arena*/,
- requiredUsage == certUsageStatusResponder,
- &procParams, &plContext);
- if (error) {
- goto cleanup;
- }
+ error =
+ cert_CreatePkixProcessingParams(cert, checkSig, time, wincx,
+ PR_FALSE /*use arena*/,
+ requiredUsage == certUsageStatusResponder,
+ &procParams, &plContext);
+ if (error) {
+ goto cleanup;
+ }
- error =
- cert_ProcessingParamsSetKeyAndCertUsage(procParams, requiredUsage, 0,
- plContext);
- if (error) {
- goto cleanup;
- }
+ error =
+ cert_ProcessingParamsSetKeyAndCertUsage(procParams, requiredUsage, 0,
+ plContext);
+ if (error) {
+ goto cleanup;
+ }
- error =
- cert_BuildAndValidateChain(procParams, &result, &verifyNode, plContext);
- if (error) {
- goto cleanup;
- }
-
- if (pRevoked) {
- /* Currently always PR_FALSE. Will be fixed as a part of 394077 */
- *pRevoked = PR_FALSE;
- }
- if (pSigerror) {
- /* Currently always PR_FALSE. Will be fixed as a part of 394077 */
- *pSigerror = PR_FALSE;
- }
- rv = SECSuccess;
+ error =
+ cert_BuildAndValidateChain(procParams, &result, &verifyNode, plContext);
+ if (error) {
+ goto cleanup;
+ }
-cleanup:
- error = cert_GetBuildResults(result, verifyNode, error, log, NULL, NULL,
- plContext);
- if (error) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
- }
- if (procParams) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext);
- }
- if (plContext) {
- PKIX_PL_NssContext_Destroy(plContext);
- }
+ if (pRevoked) {
+ /* Currently always PR_FALSE. Will be fixed as a part of 394077 */
+ *pRevoked = PR_FALSE;
+ }
+ if (pSigerror) {
+ /* Currently always PR_FALSE. Will be fixed as a part of 394077 */
+ *pSigerror = PR_FALSE;
+ }
+ rv = SECSuccess;
+
+ cleanup:
+ error = cert_GetBuildResults(result, verifyNode, error, log, NULL, NULL,
+ plContext);
+ if (error) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
+ }
+ if (procParams) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext);
+ }
+ if (plContext) {
+ PKIX_PL_NssContext_Destroy(plContext);
+ }
#ifdef PKIX_OBJECT_LEAK_TEST
- leakedObjNum =
- pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
-
- if (pkixLog && leakedObjNum) {
- PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
- "Stack %s\n", memLeakLoopCount, errorFnStackString));
- }
- PR_Free(errorFnStackString);
- errorFnStackString = NULL;
- if (abortOnLeak) {
- PORT_Assert(leakedObjNum == 0);
- }
+ leakedObjNum =
+ pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
-} while (errorGenerated);
+ if (pkixLog && leakedObjNum) {
+ PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
+ "Stack %s\n",
+ memLeakLoopCount, errorFnStackString));
+ }
+ PR_Free(errorFnStackString);
+ errorFnStackString = NULL;
+ if (abortOnLeak) {
+ PORT_Assert(leakedObjNum == 0);
+ }
- runningLeakTest = PKIX_FALSE;
+ } while (errorGenerated);
+
+ runningLeakTest = PKIX_FALSE;
PR_ATOMIC_DECREMENT(¶llelFnInvocationCount);
usePKIXValidationEngine = savedUsePkixEngFlag;
#endif /* PKIX_OBJECT_LEAK_TEST */
@@ -1231,50 +1229,55 @@
}
PKIX_CertSelector *
-cert_GetTargetCertConstraints(CERTCertificate *target, void *plContext)
+cert_GetTargetCertConstraints(CERTCertificate *target, void *plContext)
{
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
- PKIX_CertSelector *r= NULL;
+ PKIX_CertSelector *r = NULL;
PKIX_PL_Cert *eeCert = NULL;
PKIX_Error *error = NULL;
error = PKIX_PL_Cert_CreateFromCERTCertificate(target, &eeCert, plContext);
- if (error != NULL) goto cleanup;
+ if (error != NULL)
+ goto cleanup;
error = PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext);
- if (error != NULL) goto cleanup;
+ if (error != NULL)
+ goto cleanup;
error = PKIX_ComCertSelParams_Create(&certSelParams, plContext);
- if (error != NULL) goto cleanup;
+ if (error != NULL)
+ goto cleanup;
error = PKIX_ComCertSelParams_SetCertificate(
- certSelParams, eeCert, plContext);
- if (error != NULL) goto cleanup;
+ certSelParams, eeCert, plContext);
+ if (error != NULL)
+ goto cleanup;
- error = PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext);
- if (error != NULL) goto cleanup;
+ error = PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext);
+ if (error != NULL)
+ goto cleanup;
error = PKIX_PL_Object_IncRef((PKIX_PL_Object *)certSelector, plContext);
- if (error == NULL) r = certSelector;
+ if (error == NULL)
+ r = certSelector;
cleanup:
- if (certSelParams != NULL)
+ if (certSelParams != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)certSelParams, plContext);
- if (eeCert != NULL)
+ if (eeCert != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)eeCert, plContext);
- if (certSelector != NULL)
+ if (certSelector != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)certSelector, plContext);
if (error != NULL) {
- SECErrorCodes nssErr;
+ SECErrorCodes nssErr;
- cert_PkixErrorToNssCode(error, &nssErr, plContext);
+ cert_PkixErrorToNssCode(error, &nssErr, plContext);
PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
- PORT_SetError(nssErr);
+ PORT_SetError(nssErr);
}
return r;
@@ -1289,39 +1292,42 @@
PKIX_Error *error = NULL;
error = PKIX_PL_Pk11CertStore_Create(&certStore, plContext);
- if (error != NULL) goto cleanup;
+ if (error != NULL)
+ goto cleanup;
error = PKIX_List_Create(&certStores, plContext);
- if (error != NULL) goto cleanup;
+ if (error != NULL)
+ goto cleanup;
- error = PKIX_List_AppendItem( certStores,
- (PKIX_PL_Object *)certStore, plContext);
- if (error != NULL) goto cleanup;
+ error = PKIX_List_AppendItem(certStores,
+ (PKIX_PL_Object *)certStore, plContext);
+ if (error != NULL)
+ goto cleanup;
error = PKIX_PL_Object_IncRef((PKIX_PL_Object *)certStores, plContext);
- if (error == NULL) r = certStores;
+ if (error == NULL)
+ r = certStores;
cleanup:
- if (certStores != NULL)
+ if (certStores != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)certStores, plContext);
- if (certStore != NULL)
+ if (certStore != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)certStore, plContext);
if (error != NULL) {
- SECErrorCodes nssErr;
+ SECErrorCodes nssErr;
- cert_PkixErrorToNssCode(error, &nssErr, plContext);
+ cert_PkixErrorToNssCode(error, &nssErr, plContext);
PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
- PORT_SetError(nssErr);
+ PORT_SetError(nssErr);
}
return r;
}
-
struct fake_PKIX_PL_CertStruct {
- CERTCertificate *nssCert;
+ CERTCertificate *nssCert;
};
/* This needs to be part of the PKIX_PL_* */
@@ -1332,12 +1338,13 @@
{
struct fake_PKIX_PL_CertStruct *fcert = NULL;
- fcert = (struct fake_PKIX_PL_CertStruct*)pkix_cert;
+ fcert = (struct fake_PKIX_PL_CertStruct *)pkix_cert;
return CERT_DupCertificate(fcert->nssCert);
}
-PKIX_List *cert_PKIXMakeOIDList(const SECOidTag *oids, int oidCount, void *plContext)
+PKIX_List *
+cert_PKIXMakeOIDList(const SECOidTag *oids, int oidCount, void *plContext)
{
PKIX_List *r = NULL;
PKIX_List *policyList = NULL;
@@ -1347,16 +1354,16 @@
error = PKIX_List_Create(&policyList, plContext);
if (error != NULL) {
- goto cleanup;
+ goto cleanup;
}
- for (i=0; i<oidCount; i++) {
+ for (i = 0; i < oidCount; i++) {
error = PKIX_PL_OID_Create(oids[i], &policyOID, plContext);
if (error) {
goto cleanup;
}
- error = PKIX_List_AppendItem(policyList,
- (PKIX_PL_Object *)policyOID, plContext);
+ error = PKIX_List_AppendItem(policyList,
+ (PKIX_PL_Object *)policyOID, plContext);
if (error != NULL) {
goto cleanup;
}
@@ -1365,19 +1372,21 @@
}
error = PKIX_List_SetImmutable(policyList, plContext);
- if (error != NULL) goto cleanup;
+ if (error != NULL)
+ goto cleanup;
error = PKIX_PL_Object_IncRef((PKIX_PL_Object *)policyList, plContext);
- if (error == NULL) r = policyList;
+ if (error == NULL)
+ r = policyList;
cleanup:
- if (policyOID != NULL) {
+ if (policyOID != NULL) {
PKIX_PL_Object_DecRef((PKIX_PL_Object *)policyOID, plContext);
}
- if (policyList != NULL) {
+ if (policyList != NULL) {
PKIX_PL_Object_DecRef((PKIX_PL_Object *)policyList, plContext);
}
- if (error != NULL) {
+ if (error != NULL) {
PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
}
@@ -1393,14 +1402,13 @@
}
for (i = params; i->type != cert_po_end; i++) {
if (i->type == t) {
- return i;
+ return i;
}
}
return NULL;
}
-
-static PKIX_Error*
+static PKIX_Error *
setRevocationMethod(PKIX_RevocationChecker *revChecker,
PKIX_ProcessingParams *procParams,
const CERTRevocationTests *revTest,
@@ -1413,14 +1421,14 @@
PKIX_UInt32 methodFlags = 0;
PKIX_Error *error = NULL;
PKIX_UInt32 priority = 0;
-
+
if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) {
return NULL;
}
if (revTest->preferred_methods) {
unsigned int i = 0;
- for (;i < revTest->number_of_preferred_methods;i++) {
- if (revTest->preferred_methods[i] == certRevMethod)
+ for (; i < revTest->number_of_preferred_methods; i++) {
+ if (revTest->preferred_methods[i] == certRevMethod)
break;
}
priority = i;
@@ -1432,19 +1440,18 @@
}
error =
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
- pkixRevMethod, methodFlags,
- priority, NULL,
- isLeafTest, plContext);
+ pkixRevMethod, methodFlags,
+ priority, NULL,
+ isLeafTest, plContext);
return error;
}
-
SECStatus
-cert_pkixSetParam(PKIX_ProcessingParams *procParams,
- const CERTValInParam *param, void *plContext)
+cert_pkixSetParam(PKIX_ProcessingParams *procParams,
+ const CERTValInParam *param, void *plContext)
{
- PKIX_Error * error = NULL;
- SECStatus r=SECSuccess;
+ PKIX_Error *error = NULL;
+ SECStatus r = SECSuccess;
PKIX_PL_Date *date = NULL;
PKIX_List *policyOIDList = NULL;
PKIX_List *certListPkix = NULL;
@@ -1465,22 +1472,22 @@
/* needed? */
error = PKIX_ProcessingParams_SetExplicitPolicyRequired(
- procParams, PKIX_TRUE, plContext);
+ procParams, PKIX_TRUE, plContext);
- if (error != NULL) {
+ if (error != NULL) {
break;
}
policyOIDList = cert_PKIXMakeOIDList(param->value.array.oids,
- param->value.arraySize,plContext);
- if (policyOIDList == NULL) {
- r = SECFailure;
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- break;
- }
+ param->value.arraySize, plContext);
+ if (policyOIDList == NULL) {
+ r = SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ break;
+ }
error = PKIX_ProcessingParams_SetInitialPolicies(
- procParams,policyOIDList,plContext);
+ procParams, policyOIDList, plContext);
break;
case cert_pi_date:
@@ -1492,7 +1499,7 @@
}
} else {
error = pkix_pl_Date_CreateFromPRTime(param->value.scalar.time,
- &date, plContext);
+ &date, plContext);
if (error != NULL) {
errCode = SEC_ERROR_INVALID_TIME;
break;
@@ -1505,8 +1512,7 @@
}
break;
- case cert_pi_revocationFlags:
- {
+ case cert_pi_revocationFlags: {
PKIX_UInt32 leafIMFlags = 0;
PKIX_UInt32 chainIMFlags = 0;
PKIX_Boolean validatingResponderCert = PKIX_FALSE;
@@ -1518,7 +1524,7 @@
break;
}
- leafIMFlags =
+ leafIMFlags =
flags->leafTests.cert_rev_method_independent_flags;
chainIMFlags =
flags->chainTests.cert_rev_method_independent_flags;
@@ -1532,12 +1538,12 @@
error =
PKIX_ProcessingParams_SetRevocationChecker(procParams,
- revChecker, plContext);
+ revChecker, plContext);
if (error) {
break;
}
- if (((PKIX_PL_NssContext*)plContext)->certificateUsage &
+ if (((PKIX_PL_NssContext *)plContext)->certificateUsage &
certificateUsageStatusResponder) {
validatingResponderCert = PKIX_TRUE;
}
@@ -1582,8 +1588,7 @@
break;
}
- }
- break;
+ } break;
case cert_pi_trustAnchors:
certList = param->value.pointer.chain;
@@ -1596,10 +1601,10 @@
if (error != NULL) {
break;
}
- for(node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
- node = CERT_LIST_NEXT(node) ) {
+ for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
+ node = CERT_LIST_NEXT(node)) {
error = PKIX_PL_Cert_CreateFromCERTCertificate(node->cert,
- &certPkix, plContext);
+ &certPkix, plContext);
if (error) {
break;
}
@@ -1609,8 +1614,8 @@
break;
}
error = PKIX_List_AppendItem(certListPkix,
- (PKIX_PL_Object*)trustAnchor, plContext);
- if (error) {
+ (PKIX_PL_Object *)trustAnchor, plContext);
+ if (error) {
break;
}
PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchor, plContext);
@@ -1626,12 +1631,12 @@
case cert_pi_useAIACertFetch:
error =
PKIX_ProcessingParams_SetUseAIAForCertFetching(procParams,
- (PRBool)(param->value.scalar.b != 0),
+ (PRBool)(param->value.scalar.b !=
+ 0),
plContext);
break;
- case cert_pi_chainVerifyCallback:
- {
+ case cert_pi_chainVerifyCallback: {
const CERTChainVerifyCallback *chainVerifyCallback =
param->value.pointer.chainVerifyCallback;
if (!chainVerifyCallback || !chainVerifyCallback->isChainValid) {
@@ -1641,13 +1646,13 @@
}
nssContext->chainVerifyCallback = *chainVerifyCallback;
- }
- break;
+ } break;
case cert_pi_useOnlyTrustAnchors:
error =
PKIX_ProcessingParams_SetUseOnlyTrustAnchors(procParams,
- (PRBool)(param->value.scalar.b != 0),
+ (PRBool)(param->value.scalar.b !=
+ 0),
plContext);
break;
@@ -1660,19 +1665,19 @@
if (policyOIDList != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)policyOIDList, plContext);
- if (date != NULL)
+ if (date != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)date, plContext);
- if (revChecker != NULL)
+ if (revChecker != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)revChecker, plContext);
- if (certListPkix)
+ if (certListPkix)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)certListPkix, plContext);
- if (trustAnchor)
+ if (trustAnchor)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchor, plContext);
- if (certPkix)
+ if (certPkix)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)certPkix, plContext);
if (error != NULL) {
@@ -1681,8 +1686,7 @@
r = SECFailure;
}
- return r;
-
+ return r;
}
void
@@ -1695,207 +1699,188 @@
}
for (i = params; i->type != cert_po_end; i++) {
switch (i->type) {
- case cert_po_trustAnchor:
- if (i->value.pointer.cert) {
- CERT_DestroyCertificate(i->value.pointer.cert);
- i->value.pointer.cert = NULL;
- }
- break;
+ case cert_po_trustAnchor:
+ if (i->value.pointer.cert) {
+ CERT_DestroyCertificate(i->value.pointer.cert);
+ i->value.pointer.cert = NULL;
+ }
+ break;
- case cert_po_certList:
- if (i->value.pointer.chain) {
- CERT_DestroyCertList(i->value.pointer.chain);
- i->value.pointer.chain = NULL;
- }
- break;
+ case cert_po_certList:
+ if (i->value.pointer.chain) {
+ CERT_DestroyCertList(i->value.pointer.chain);
+ i->value.pointer.chain = NULL;
+ }
+ break;
- default:
- break;
+ default:
+ break;
}
}
}
static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_LeafFlags[2] = {
- /* crl */
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FORBID_NETWORK_FETCHING
- | CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
- /* ocsp */
- CERT_REV_M_TEST_USING_THIS_METHOD
+ /* crl */
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FORBID_NETWORK_FETCHING |
+ CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+ /* ocsp */
+ CERT_REV_M_TEST_USING_THIS_METHOD
};
static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_ChainFlags[2] = {
- /* crl */
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FORBID_NETWORK_FETCHING
- | CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
- /* ocsp */
- 0
+ /* crl */
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FORBID_NETWORK_FETCHING |
+ CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+ /* ocsp */
+ 0
};
-static CERTRevocationMethodIndex
-certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_Method_Preference = {
- cert_revocation_method_crl
-};
+static CERTRevocationMethodIndex
+ certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_Method_Preference = {
+ cert_revocation_method_crl
+ };
static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy = {
- {
- /* leafTests */
- 2,
- certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_LeafFlags,
- 1,
- &certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_Method_Preference,
- 0
- },
- {
- /* chainTests */
- 2,
- certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_ChainFlags,
- 0,
- 0,
- 0
- }
+ { /* leafTests */
+ 2,
+ certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_LeafFlags,
+ 1,
+ &certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_Method_Preference,
+ 0 },
+ { /* chainTests */
+ 2,
+ certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_ChainFlags,
+ 0,
+ 0,
+ 0 }
};
-extern const CERTRevocationFlags*
+extern const CERTRevocationFlags *
CERT_GetClassicOCSPEnabledSoftFailurePolicy()
{
return &certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy;
}
-
static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_LeafFlags[2] = {
- /* crl */
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FORBID_NETWORK_FETCHING
- | CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
- /* ocsp */
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
+ /* crl */
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FORBID_NETWORK_FETCHING |
+ CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+ /* ocsp */
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
};
static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_ChainFlags[2] = {
- /* crl */
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FORBID_NETWORK_FETCHING
- | CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
- /* ocsp */
- 0
+ /* crl */
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FORBID_NETWORK_FETCHING |
+ CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+ /* ocsp */
+ 0
};
-static CERTRevocationMethodIndex
-certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_Method_Preference = {
- cert_revocation_method_crl
-};
+static CERTRevocationMethodIndex
+ certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_Method_Preference = {
+ cert_revocation_method_crl
+ };
static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy = {
- {
- /* leafTests */
- 2,
- certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_LeafFlags,
- 1,
- &certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_Method_Preference,
- 0
- },
- {
- /* chainTests */
- 2,
- certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_ChainFlags,
- 0,
- 0,
- 0
- }
+ { /* leafTests */
+ 2,
+ certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_LeafFlags,
+ 1,
+ &certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_Method_Preference,
+ 0 },
+ { /* chainTests */
+ 2,
+ certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_ChainFlags,
+ 0,
+ 0,
+ 0 }
};
-extern const CERTRevocationFlags*
+extern const CERTRevocationFlags *
CERT_GetClassicOCSPEnabledHardFailurePolicy()
{
return &certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy;
}
-
static PRUint64 certRev_NSS_3_11_Ocsp_Disabled_Policy_LeafFlags[2] = {
- /* crl */
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FORBID_NETWORK_FETCHING
- | CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
- /* ocsp */
- 0
+ /* crl */
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FORBID_NETWORK_FETCHING |
+ CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+ /* ocsp */
+ 0
};
static PRUint64 certRev_NSS_3_11_Ocsp_Disabled_Policy_ChainFlags[2] = {
- /* crl */
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FORBID_NETWORK_FETCHING
- | CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
- /* ocsp */
- 0
+ /* crl */
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FORBID_NETWORK_FETCHING |
+ CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+ /* ocsp */
+ 0
};
static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Disabled_Policy = {
- {
- /* leafTests */
- 2,
- certRev_NSS_3_11_Ocsp_Disabled_Policy_LeafFlags,
- 0,
- 0,
- 0
- },
- {
- /* chainTests */
- 2,
- certRev_NSS_3_11_Ocsp_Disabled_Policy_ChainFlags,
- 0,
- 0,
- 0
- }
+ { /* leafTests */
+ 2,
+ certRev_NSS_3_11_Ocsp_Disabled_Policy_LeafFlags,
+ 0,
+ 0,
+ 0 },
+ { /* chainTests */
+ 2,
+ certRev_NSS_3_11_Ocsp_Disabled_Policy_ChainFlags,
+ 0,
+ 0,
+ 0 }
};
-extern const CERTRevocationFlags*
+extern const CERTRevocationFlags *
CERT_GetClassicOCSPDisabledPolicy()
{
return &certRev_NSS_3_11_Ocsp_Disabled_Policy;
}
-
static PRUint64 certRev_PKIX_Verify_Nist_Policy_LeafFlags[2] = {
- /* crl */
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
- | CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
- /* ocsp */
- 0
+ /* crl */
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO |
+ CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
+ /* ocsp */
+ 0
};
static PRUint64 certRev_PKIX_Verify_Nist_Policy_ChainFlags[2] = {
- /* crl */
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
- | CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
- /* ocsp */
- 0
+ /* crl */
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO |
+ CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
+ /* ocsp */
+ 0
};
static const CERTRevocationFlags certRev_PKIX_Verify_Nist_Policy = {
- {
- /* leafTests */
- 2,
- certRev_PKIX_Verify_Nist_Policy_LeafFlags,
- 0,
- 0,
- 0
- },
- {
- /* chainTests */
- 2,
- certRev_PKIX_Verify_Nist_Policy_ChainFlags,
- 0,
- 0,
- 0
- }
+ { /* leafTests */
+ 2,
+ certRev_PKIX_Verify_Nist_Policy_LeafFlags,
+ 0,
+ 0,
+ 0 },
+ { /* chainTests */
+ 2,
+ certRev_PKIX_Verify_Nist_Policy_ChainFlags,
+ 0,
+ 0,
+ 0 }
};
-extern const CERTRevocationFlags*
+extern const CERTRevocationFlags *
CERT_GetPKIXVerifyNistRevocationPolicy()
{
return &certRev_PKIX_Verify_Nist_Policy;
@@ -1907,56 +1892,57 @@
PRUint32 number_chain_methods, PRUint32 number_chain_pref_methods)
{
CERTRevocationFlags *flags;
-
+
flags = PORT_New(CERTRevocationFlags);
if (!flags)
- return(NULL);
-
+ return (NULL);
+
flags->leafTests.number_of_defined_methods = number_leaf_methods;
- flags->leafTests.cert_rev_flags_per_method =
+ flags->leafTests.cert_rev_flags_per_method =
PORT_NewArray(PRUint64, number_leaf_methods);
flags->leafTests.number_of_preferred_methods = number_leaf_pref_methods;
- flags->leafTests.preferred_methods =
+ flags->leafTests.preferred_methods =
PORT_NewArray(CERTRevocationMethodIndex, number_leaf_pref_methods);
flags->chainTests.number_of_defined_methods = number_chain_methods;
- flags->chainTests.cert_rev_flags_per_method =
+ flags->chainTests.cert_rev_flags_per_method =
PORT_NewArray(PRUint64, number_chain_methods);
flags->chainTests.number_of_preferred_methods = number_chain_pref_methods;
- flags->chainTests.preferred_methods =
+ flags->chainTests.preferred_methods =
PORT_NewArray(CERTRevocationMethodIndex, number_chain_pref_methods);
-
- if (!flags->leafTests.cert_rev_flags_per_method
- || !flags->leafTests.preferred_methods
- || !flags->chainTests.cert_rev_flags_per_method
- || !flags->chainTests.preferred_methods) {
+
+ if (!flags->leafTests.cert_rev_flags_per_method ||
+ !flags->leafTests.preferred_methods ||
+ !flags->chainTests.cert_rev_flags_per_method ||
+ !flags->chainTests.preferred_methods) {
CERT_DestroyCERTRevocationFlags(flags);
return (NULL);
}
-
+
return flags;
}
-void CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags)
+void
+CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags)
{
if (!flags)
- return;
-
+ return;
+
if (flags->leafTests.cert_rev_flags_per_method)
PORT_Free(flags->leafTests.cert_rev_flags_per_method);
if (flags->leafTests.preferred_methods)
PORT_Free(flags->leafTests.preferred_methods);
-
+
if (flags->chainTests.cert_rev_flags_per_method)
PORT_Free(flags->chainTests.cert_rev_flags_per_method);
if (flags->chainTests.preferred_methods)
PORT_Free(flags->chainTests.preferred_methods);
- PORT_Free(flags);
+ PORT_Free(flags);
}
/*
@@ -1984,36 +1970,37 @@
*
* CERT_PKIXVerifyCert(cert, &output, args
*/
-SECStatus CERT_PKIXVerifyCert(
- CERTCertificate *cert,
- SECCertificateUsage usages,
- CERTValInParam *paramsIn,
- CERTValOutParam *paramsOut,
- void *wincx)
+SECStatus
+CERT_PKIXVerifyCert(
+ CERTCertificate *cert,
+ SECCertificateUsage usages,
+ CERTValInParam *paramsIn,
+ CERTValOutParam *paramsOut,
+ void *wincx)
{
- SECStatus r = SECFailure;
- PKIX_Error * error = NULL;
+ SECStatus r = SECFailure;
+ PKIX_Error *error = NULL;
PKIX_ProcessingParams *procParams = NULL;
- PKIX_BuildResult * buildResult = NULL;
- void * nbioContext = NULL; /* for non-blocking IO */
- void * buildState = NULL; /* for non-blocking IO */
- PKIX_CertSelector * certSelector = NULL;
- PKIX_List * certStores = NULL;
- PKIX_ValidateResult * valResult = NULL;
- PKIX_VerifyNode * verifyNode = NULL;
- PKIX_TrustAnchor * trustAnchor = NULL;
- PKIX_PL_Cert * trustAnchorCert = NULL;
- PKIX_List * builtCertList = NULL;
- CERTValOutParam * oparam = NULL;
- int i=0;
+ PKIX_BuildResult *buildResult = NULL;
+ void *nbioContext = NULL; /* for non-blocking IO */
+ void *buildState = NULL; /* for non-blocking IO */
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certStores = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_VerifyNode *verifyNode = NULL;
+ PKIX_TrustAnchor *trustAnchor = NULL;
+ PKIX_PL_Cert *trustAnchorCert = NULL;
+ PKIX_List *builtCertList = NULL;
+ CERTValOutParam *oparam = NULL;
+ int i = 0;
void *plContext = NULL;
#ifdef PKIX_OBJECT_LEAK_TEST
- int leakedObjNum = 0;
- int memLeakLoopCount = 0;
- int objCountTable[PKIX_NUMTYPES];
- int fnInvLocalCount = 0;
+ int leakedObjNum = 0;
+ int memLeakLoopCount = 0;
+ int objCountTable[PKIX_NUMTYPES];
+ int fnInvLocalCount = 0;
PKIX_Boolean savedUsePkixEngFlag = usePKIXValidationEngine;
if (usePKIXValidationEngine) {
@@ -2026,227 +2013,229 @@
testStartFnStackPosition = 1;
fnStackNameArr[0] = "CERT_PKIXVerifyCert";
fnStackInvCountArr[0] = 0;
- PKIX_Boolean abortOnLeak =
- (PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
- PKIX_FALSE : PKIX_TRUE;
+ PKIX_Boolean abortOnLeak =
+ (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE
+ : PKIX_TRUE;
runningLeakTest = PKIX_TRUE;
/* Prevent multi-threaded run of object leak test */
fnInvLocalCount = PR_ATOMIC_INCREMENT(¶llelFnInvocationCount);
PORT_Assert(fnInvLocalCount == 1);
-do {
- r = SECFailure;
- error = NULL;
- procParams = NULL;
- buildResult = NULL;
- nbioContext = NULL; /* for non-blocking IO */
- buildState = NULL; /* for non-blocking IO */
- certSelector = NULL;
- certStores = NULL;
- valResult = NULL;
- verifyNode = NULL;
- trustAnchor = NULL;
- trustAnchorCert = NULL;
- builtCertList = NULL;
- oparam = NULL;
- i=0;
- errorGenerated = PKIX_FALSE;
- stackPosition = 0;
+ do {
+ r = SECFailure;
+ error = NULL;
+ procParams = NULL;
+ buildResult = NULL;
+ nbioContext = NULL; /* for non-blocking IO */
+ buildState = NULL; /* for non-blocking IO */
+ certSelector = NULL;
+ certStores = NULL;
+ valResult = NULL;
+ verifyNode = NULL;
+ trustAnchor = NULL;
+ trustAnchorCert = NULL;
+ builtCertList = NULL;
+ oparam = NULL;
+ i = 0;
+ errorGenerated = PKIX_FALSE;
+ stackPosition = 0;
- if (leakedObjNum) {
- pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
- }
- memLeakLoopCount += 1;
+ if (leakedObjNum) {
+ pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
+ }
+ memLeakLoopCount += 1;
#endif /* PKIX_OBJECT_LEAK_TEST */
- error = PKIX_PL_NssContext_Create(
+ error = PKIX_PL_NssContext_Create(
0, PR_FALSE /*use arena*/, wincx, &plContext);
- if (error != NULL) { /* need pkix->nss error map */
- PORT_SetError(SEC_ERROR_CERT_NOT_VALID);
- goto cleanup;
- }
-
- error = pkix_pl_NssContext_SetCertUsage(usages, plContext);
- if (error != NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto cleanup;
- }
-
- error = PKIX_ProcessingParams_Create(&procParams, plContext);
- if (error != NULL) { /* need pkix->nss error map */
- PORT_SetError(SEC_ERROR_CERT_NOT_VALID);
- goto cleanup;
- }
-
- /* local cert store should be set into procParams before
- * filling in revocation settings. */
- certStores = cert_GetCertStores(plContext);
- if (certStores == NULL) {
- goto cleanup;
- }
- error = PKIX_ProcessingParams_SetCertStores
- (procParams, certStores, plContext);
- if (error != NULL) {
- goto cleanup;
- }
-
- /* now process the extensible input parameters structure */
- if (paramsIn != NULL) {
- i=0;
- while (paramsIn[i].type != cert_pi_end) {
- if (paramsIn[i].type >= cert_pi_max) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto cleanup;
- }
- if (cert_pkixSetParam(procParams,
- ¶msIn[i],plContext) != SECSuccess) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto cleanup;
- }
- i++;
+ if (error != NULL) { /* need pkix->nss error map */
+ PORT_SetError(SEC_ERROR_CERT_NOT_VALID);
+ goto cleanup;
}
- }
- certSelector = cert_GetTargetCertConstraints(cert, plContext);
- if (certSelector == NULL) {
- goto cleanup;
- }
- error = PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext);
- if (error != NULL) {
- goto cleanup;
- }
+ error = pkix_pl_NssContext_SetCertUsage(usages, plContext);
+ if (error != NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ goto cleanup;
+ }
- error = PKIX_BuildChain( procParams, &nbioContext,
- &buildState, &buildResult, &verifyNode,
- plContext);
- if (error != NULL) {
- goto cleanup;
- }
+ error = PKIX_ProcessingParams_Create(&procParams, plContext);
+ if (error != NULL) { /* need pkix->nss error map */
+ PORT_SetError(SEC_ERROR_CERT_NOT_VALID);
+ goto cleanup;
+ }
- error = PKIX_BuildResult_GetValidateResult( buildResult, &valResult,
- plContext);
- if (error != NULL) {
- goto cleanup;
- }
-
- error = PKIX_ValidateResult_GetTrustAnchor( valResult, &trustAnchor,
- plContext);
- if (error != NULL) {
- goto cleanup;
- }
-
- if (trustAnchor != NULL) {
- error = PKIX_TrustAnchor_GetTrustedCert( trustAnchor, &trustAnchorCert,
- plContext);
+ /* local cert store should be set into procParams before
+ * filling in revocation settings. */
+ certStores = cert_GetCertStores(plContext);
+ if (certStores == NULL) {
+ goto cleanup;
+ }
+ error = PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext);
if (error != NULL) {
goto cleanup;
}
- }
-#ifdef PKIX_OBJECT_LEAK_TEST
- /* Can not continue if error was generated but not returned.
- * Jumping to cleanup. */
- if (errorGenerated) goto cleanup;
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
- oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_trustAnchor);
- if (oparam != NULL) {
- if (trustAnchorCert != NULL) {
- oparam->value.pointer.cert =
- cert_NSSCertFromPKIXCert(trustAnchorCert);
- } else {
- oparam->value.pointer.cert = NULL;
- }
- }
-
- error = PKIX_BuildResult_GetCertChain( buildResult, &builtCertList,
- plContext);
- if (error != NULL) {
- goto cleanup;
- }
-
- oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_certList);
- if (oparam != NULL) {
- error = cert_PkixToNssCertsChain(builtCertList,
- &oparam->value.pointer.chain,
- plContext);
- if (error) goto cleanup;
- }
-
- r = SECSuccess;
-
-cleanup:
- if (verifyNode) {
- /* Return validation log only upon error. */
- oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_errorLog);
-#ifdef PKIX_OBJECT_LEAK_TEST
- if (!errorGenerated)
-#endif /* PKIX_OBJECT_LEAK_TEST */
- if (r && oparam != NULL) {
- PKIX_Error *tmpError =
- cert_GetLogFromVerifyNode(oparam->value.pointer.log,
- verifyNode, plContext);
- if (tmpError) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)tmpError, plContext);
+ /* now process the extensible input parameters structure */
+ if (paramsIn != NULL) {
+ i = 0;
+ while (paramsIn[i].type != cert_pi_end) {
+ if (paramsIn[i].type >= cert_pi_max) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ goto cleanup;
+ }
+ if (cert_pkixSetParam(procParams,
+ ¶msIn[i], plContext) !=
+ SECSuccess) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ goto cleanup;
+ }
+ i++;
}
}
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)verifyNode, plContext);
- }
- if (procParams != NULL)
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext);
+ certSelector = cert_GetTargetCertConstraints(cert, plContext);
+ if (certSelector == NULL) {
+ goto cleanup;
+ }
+ error = PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext);
+ if (error != NULL) {
+ goto cleanup;
+ }
- if (trustAnchorCert != NULL)
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchorCert, plContext);
+ error = PKIX_BuildChain(procParams, &nbioContext,
+ &buildState, &buildResult, &verifyNode,
+ plContext);
+ if (error != NULL) {
+ goto cleanup;
+ }
- if (trustAnchor != NULL)
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchor, plContext);
+ error = PKIX_BuildResult_GetValidateResult(buildResult, &valResult,
+ plContext);
+ if (error != NULL) {
+ goto cleanup;
+ }
- if (valResult != NULL)
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)valResult, plContext);
+ error = PKIX_ValidateResult_GetTrustAnchor(valResult, &trustAnchor,
+ plContext);
+ if (error != NULL) {
+ goto cleanup;
+ }
- if (buildResult != NULL)
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)buildResult, plContext);
-
- if (certStores != NULL)
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)certStores, plContext);
-
- if (certSelector != NULL)
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)certSelector, plContext);
-
- if (builtCertList != NULL)
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)builtCertList, plContext);
-
- if (error != NULL) {
- SECErrorCodes nssErrorCode = 0;
-
- cert_PkixErrorToNssCode(error, &nssErrorCode, plContext);
- cert_pkixDestroyValOutParam(paramsOut);
- PORT_SetError(nssErrorCode);
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
- }
-
- PKIX_PL_NssContext_Destroy(plContext);
+ if (trustAnchor != NULL) {
+ error = PKIX_TrustAnchor_GetTrustedCert(trustAnchor, &trustAnchorCert,
+ plContext);
+ if (error != NULL) {
+ goto cleanup;
+ }
+ }
#ifdef PKIX_OBJECT_LEAK_TEST
- leakedObjNum =
- pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
+ /* Can not continue if error was generated but not returned.
+ * Jumping to cleanup. */
+ if (errorGenerated)
+ goto cleanup;
+#endif /* PKIX_OBJECT_LEAK_TEST */
- if (pkixLog && leakedObjNum) {
- PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
- "Stack %s\n", memLeakLoopCount, errorFnStackString));
- }
- PR_Free(errorFnStackString);
- errorFnStackString = NULL;
- if (abortOnLeak) {
- PORT_Assert(leakedObjNum == 0);
- }
-
-} while (errorGenerated);
+ oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_trustAnchor);
+ if (oparam != NULL) {
+ if (trustAnchorCert != NULL) {
+ oparam->value.pointer.cert =
+ cert_NSSCertFromPKIXCert(trustAnchorCert);
+ } else {
+ oparam->value.pointer.cert = NULL;
+ }
+ }
- runningLeakTest = PKIX_FALSE;
+ error = PKIX_BuildResult_GetCertChain(buildResult, &builtCertList,
+ plContext);
+ if (error != NULL) {
+ goto cleanup;
+ }
+
+ oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_certList);
+ if (oparam != NULL) {
+ error = cert_PkixToNssCertsChain(builtCertList,
+ &oparam->value.pointer.chain,
+ plContext);
+ if (error)
+ goto cleanup;
+ }
+
+ r = SECSuccess;
+
+ cleanup:
+ if (verifyNode) {
+ /* Return validation log only upon error. */
+ oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_errorLog);
+#ifdef PKIX_OBJECT_LEAK_TEST
+ if (!errorGenerated)
+#endif /* PKIX_OBJECT_LEAK_TEST */
+ if (r && oparam != NULL) {
+ PKIX_Error *tmpError =
+ cert_GetLogFromVerifyNode(oparam->value.pointer.log,
+ verifyNode, plContext);
+ if (tmpError) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)tmpError, plContext);
+ }
+ }
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)verifyNode, plContext);
+ }
+
+ if (procParams != NULL)
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext);
+
+ if (trustAnchorCert != NULL)
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchorCert, plContext);
+
+ if (trustAnchor != NULL)
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchor, plContext);
+
+ if (valResult != NULL)
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)valResult, plContext);
+
+ if (buildResult != NULL)
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)buildResult, plContext);
+
+ if (certStores != NULL)
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)certStores, plContext);
+
+ if (certSelector != NULL)
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)certSelector, plContext);
+
+ if (builtCertList != NULL)
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)builtCertList, plContext);
+
+ if (error != NULL) {
+ SECErrorCodes nssErrorCode = 0;
+
+ cert_PkixErrorToNssCode(error, &nssErrorCode, plContext);
+ cert_pkixDestroyValOutParam(paramsOut);
+ PORT_SetError(nssErrorCode);
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
+ }
+
+ PKIX_PL_NssContext_Destroy(plContext);
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+ leakedObjNum =
+ pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
+
+ if (pkixLog && leakedObjNum) {
+ PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
+ "Stack %s\n",
+ memLeakLoopCount, errorFnStackString));
+ }
+ PR_Free(errorFnStackString);
+ errorFnStackString = NULL;
+ if (abortOnLeak) {
+ PORT_Assert(leakedObjNum == 0);
+ }
+
+ } while (errorGenerated);
+
+ runningLeakTest = PKIX_FALSE;
PR_ATOMIC_DECREMENT(¶llelFnInvocationCount);
usePKIXValidationEngine = savedUsePkixEngFlag;
#endif /* PKIX_OBJECT_LEAK_TEST */
diff --git a/nss/lib/certhigh/crlv2.c b/nss/lib/certhigh/crlv2.c
index 7d8dbb9..d58d4e0 100644
--- a/nss/lib/certhigh/crlv2.c
+++ b/nss/lib/certhigh/crlv2.c
@@ -17,17 +17,15 @@
SECStatus
CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value)
{
- return (cert_FindExtensionByOID (crl->extensions, oid, value));
+ return (cert_FindExtensionByOID(crl->extensions, oid, value));
}
-
SECStatus
CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value)
{
- return (cert_FindExtension (crl->extensions, tag, value));
+ return (cert_FindExtension(crl->extensions, tag, value));
}
-
/* Callback to set extensions and adjust verison */
static void
SetCrlExts(void *object, CERTCertExtension **exts)
@@ -35,13 +33,13 @@
CERTCrl *crl = (CERTCrl *)object;
crl->extensions = exts;
- DER_SetUInteger (crl->arena, &crl->version, SEC_CRL_VERSION_2);
+ DER_SetUInteger(crl->arena, &crl->version, SEC_CRL_VERSION_2);
}
void *
CERT_StartCRLExtensions(CERTCrl *crl)
{
- return (cert_StartExtensions ((void *)crl, crl->arena, SetCrlExts));
+ return (cert_StartExtensions((void *)crl, crl->arena, SetCrlExts));
}
static void
@@ -55,11 +53,12 @@
void *
CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
{
- return (cert_StartExtensions (entry, crl->arena, SetCrlEntryExts));
+ return (cert_StartExtensions(entry, crl->arena, SetCrlEntryExts));
}
-SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
- SECItem *value)
+SECStatus
+CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
+ SECItem *value)
{
SECItem encodedExtenValue;
SECItem *tmpItem = NULL;
@@ -70,22 +69,22 @@
encodedExtenValue.len = 0;
rv = cert_FindExtension(crl->extensions, SEC_OID_X509_CRL_NUMBER,
- &encodedExtenValue);
- if ( rv != SECSuccess )
- return (rv);
+ &encodedExtenValue);
+ if (rv != SECSuccess)
+ return (rv);
mark = PORT_ArenaMark(arena);
tmpItem = SECITEM_ArenaDupItem(arena, &encodedExtenValue);
if (tmpItem) {
- rv = SEC_QuickDERDecodeItem (arena, value,
- SEC_ASN1_GET(SEC_IntegerTemplate),
- tmpItem);
+ rv = SEC_QuickDERDecodeItem(arena, value,
+ SEC_ASN1_GET(SEC_IntegerTemplate),
+ tmpItem);
} else {
rv = SECFailure;
}
- PORT_Free (encodedExtenValue.data);
+ PORT_Free(encodedExtenValue.data);
if (rv == SECFailure) {
PORT_ArenaRelease(arena, mark);
} else {
@@ -94,67 +93,68 @@
return (rv);
}
-SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
- CERTCRLEntryReasonCode *value)
+SECStatus
+CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry,
+ CERTCRLEntryReasonCode *value)
{
- SECItem wrapperItem = {siBuffer,0};
- SECItem tmpItem = {siBuffer,0};
+ SECItem wrapperItem = { siBuffer, 0 };
+ SECItem tmpItem = { siBuffer, 0 };
SECStatus rv;
PLArenaPool *arena = NULL;
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( ! arena ) {
- return(SECFailure);
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ return (SECFailure);
}
-
- rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE,
+
+ rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE,
&wrapperItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
SEC_ASN1_GET(SEC_EnumeratedTemplate),
&wrapperItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
- *value = (CERTCRLEntryReasonCode) DER_GetInteger(&tmpItem);
+ *value = (CERTCRLEntryReasonCode)DER_GetInteger(&tmpItem);
loser:
- if ( arena ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
}
-
- if ( wrapperItem.data ) {
- PORT_Free(wrapperItem.data);
+
+ if (wrapperItem.data) {
+ PORT_Free(wrapperItem.data);
}
return (rv);
}
-SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, PRTime *value)
+SECStatus
+CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value)
{
SECItem encodedExtenValue;
- SECItem decodedExtenValue = {siBuffer,0};
+ SECItem decodedExtenValue = { siBuffer, 0 };
SECStatus rv;
encodedExtenValue.data = decodedExtenValue.data = NULL;
encodedExtenValue.len = decodedExtenValue.len = 0;
- rv = cert_FindExtension
- (crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
- if ( rv != SECSuccess )
- return (rv);
+ rv = cert_FindExtension(crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
+ if (rv != SECSuccess)
+ return (rv);
- rv = SEC_ASN1DecodeItem (NULL, &decodedExtenValue,
- SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
- &encodedExtenValue);
+ rv = SEC_ASN1DecodeItem(NULL, &decodedExtenValue,
+ SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
+ &encodedExtenValue);
if (rv == SECSuccess)
- rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
- PORT_Free (decodedExtenValue.data);
- PORT_Free (encodedExtenValue.data);
+ rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
+ PORT_Free(decodedExtenValue.data);
+ PORT_Free(encodedExtenValue.data);
return (rv);
}
diff --git a/nss/lib/certhigh/ocsp.c b/nss/lib/certhigh/ocsp.c
index 86ae0a0..7e7bb51 100644
--- a/nss/lib/certhigh/ocsp.c
+++ b/nss/lib/certhigh/ocsp.c
@@ -33,13 +33,13 @@
#include "ocspi.h"
#include "genname.h"
#include "certxutl.h"
-#include "pk11func.h" /* for PK11_HashBuf */
+#include "pk11func.h" /* for PK11_HashBuf */
#include <stdarg.h>
#include <plhash.h>
#define DEFAULT_OCSP_CACHE_SIZE 1000
-#define DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 1*60*60L
-#define DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 24*60*60L
+#define DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 1 * 60 * 60L
+#define DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 24 * 60 * 60L
#define DEFAULT_OSCP_TIMEOUT_SECONDS 60
#define MICROSECONDS_PER_SECOND 1000000L
@@ -89,48 +89,45 @@
SEC_OcspFailureMode ocspFailureMode;
CERT_StringFromCertFcn alternateOCSPAIAFcn;
PRBool forcePost;
-} OCSP_Global = { NULL,
- NULL,
- DEFAULT_OCSP_CACHE_SIZE,
+} OCSP_Global = { NULL,
+ NULL,
+ DEFAULT_OCSP_CACHE_SIZE,
DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT,
DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT,
DEFAULT_OSCP_TIMEOUT_SECONDS,
- {NULL, 0, NULL, NULL},
+ { NULL, 0, NULL, NULL },
ocspMode_FailureIsVerificationFailure,
NULL,
- PR_FALSE
- };
-
-
+ PR_FALSE };
/* Forward declarations */
static SECItem *
-ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
+ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
CERTOCSPRequest *request,
const char *location,
- const char *method,
- PRTime time,
+ const char *method,
+ PRTime time,
PRBool addServiceLocator,
void *pwArg,
CERTOCSPRequest **pRequest);
static SECStatus
-ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
- CERTOCSPCertID *certID,
- CERTCertificate *cert,
- PRTime time,
+ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
+ CERTOCSPCertID *certID,
+ CERTCertificate *cert,
+ PRTime time,
void *pwArg,
PRBool *certIDWasConsumed,
SECStatus *rv_ocsp);
static SECStatus
ocsp_GetDecodedVerifiedSingleResponseForID(CERTCertDBHandle *handle,
- CERTOCSPCertID *certID,
- CERTCertificate *cert,
- PRTime time,
- void *pwArg,
- const SECItem *encodedResponse,
- CERTOCSPResponse **pDecodedResponse,
- CERTOCSPSingleResponse **pSingle);
+ CERTOCSPCertID *certID,
+ CERTCertificate *cert,
+ PRTime time,
+ void *pwArg,
+ const SECItem *encodedResponse,
+ CERTOCSPResponse **pDecodedResponse,
+ CERTOCSPSingleResponse **pSingle);
static SECStatus
ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time);
@@ -149,19 +146,20 @@
#define OCSP_TRACE_CERT(cert) dumpCertificate(cert)
#define OCSP_TRACE_CERTID(certid) dumpCertID(certid)
-#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) \
- || defined(XP_MACOSX)
+#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) || \
+ defined(XP_MACOSX)
#define NSS_HAVE_GETENV 1
#endif
-static PRBool wantOcspTrace(void)
+static PRBool
+wantOcspTrace(void)
{
static PRBool firstTime = PR_TRUE;
static PRBool wantTrace = PR_FALSE;
#ifdef NSS_HAVE_GETENV
if (firstTime) {
- char *ev = getenv("NSS_TRACE_OCSP");
+ char *ev = PR_GetEnvSecure("NSS_TRACE_OCSP");
if (ev && ev[0]) {
wantTrace = PR_TRUE;
}
@@ -176,7 +174,7 @@
{
char buf[2000];
va_list args;
-
+
if (!wantOcspTrace())
return;
va_start(args, format);
@@ -235,10 +233,10 @@
DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
- rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y",
- &beforePrintable);
- rv2 = PR_FormatTime(afterstr, 256, "%a %b %d %H:%M:%S %Y",
- &afterPrintable);
+ rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y",
+ &beforePrintable);
+ rv2 = PR_FormatTime(afterstr, 256, "%a %b %d %H:%M:%S %Y",
+ &afterPrintable);
ocsp_Trace("OCSP ## VALIDITY: %s to %s\n", rv1 ? beforestr : "",
rv2 ? afterstr : "");
}
@@ -261,27 +259,27 @@
SEC_RegisterDefaultHttpClient(const SEC_HttpClientFcn *fcnTable)
{
if (!OCSP_Global.monitor) {
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+ return SECFailure;
}
-
+
PR_EnterMonitor(OCSP_Global.monitor);
OCSP_Global.defaultHttpClientFcn = fcnTable;
PR_ExitMonitor(OCSP_Global.monitor);
-
+
return SECSuccess;
}
SECStatus
CERT_RegisterAlternateOCSPAIAInfoCallBack(
- CERT_StringFromCertFcn newCallback,
- CERT_StringFromCertFcn * oldCallback)
+ CERT_StringFromCertFcn newCallback,
+ CERT_StringFromCertFcn *oldCallback)
{
CERT_StringFromCertFcn old;
if (!OCSP_Global.monitor) {
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+ return SECFailure;
}
PR_EnterMonitor(OCSP_Global.monitor);
@@ -289,7 +287,7 @@
OCSP_Global.alternateOCSPAIAFcn = newCallback;
PR_ExitMonitor(OCSP_Global.monitor);
if (oldCallback)
- *oldCallback = old;
+ *oldCallback = old;
return SECSuccess;
}
@@ -300,18 +298,18 @@
PLHashNumber hash = 0;
unsigned int i;
unsigned char *walk;
-
+
/* a very simple hash calculation for the initial coding phase */
- walk = (unsigned char*)cid->issuerNameHash.data;
- for (i=0; i < cid->issuerNameHash.len; ++i, ++walk) {
+ walk = (unsigned char *)cid->issuerNameHash.data;
+ for (i = 0; i < cid->issuerNameHash.len; ++i, ++walk) {
hash += *walk;
}
- walk = (unsigned char*)cid->issuerKeyHash.data;
- for (i=0; i < cid->issuerKeyHash.len; ++i, ++walk) {
+ walk = (unsigned char *)cid->issuerKeyHash.data;
+ for (i = 0; i < cid->issuerKeyHash.len; ++i, ++walk) {
hash += *walk;
}
- walk = (unsigned char*)cid->serialNumber.data;
- for (i=0; i < cid->serialNumber.len; ++i, ++walk) {
+ walk = (unsigned char *)cid->serialNumber.data;
+ for (i = 0; i < cid->serialNumber.len; ++i, ++walk) {
hash += *walk;
}
return hash;
@@ -322,13 +320,13 @@
{
CERTOCSPCertID *cid1 = (CERTOCSPCertID *)v1;
CERTOCSPCertID *cid2 = (CERTOCSPCertID *)v2;
-
- return (SECEqual == SECITEM_CompareItem(&cid1->issuerNameHash,
- &cid2->issuerNameHash)
- && SECEqual == SECITEM_CompareItem(&cid1->issuerKeyHash,
- &cid2->issuerKeyHash)
- && SECEqual == SECITEM_CompareItem(&cid1->serialNumber,
- &cid2->serialNumber));
+
+ return (SECEqual == SECITEM_CompareItem(&cid1->issuerNameHash,
+ &cid2->issuerNameHash) &&
+ SECEqual == SECITEM_CompareItem(&cid1->issuerKeyHash,
+ &cid2->issuerKeyHash) &&
+ SECEqual == SECITEM_CompareItem(&cid1->serialNumber,
+ &cid2->serialNumber));
}
static SECStatus
@@ -337,32 +335,32 @@
{
SECStatus rv = SECFailure;
void *mark;
-
+
mark = PORT_ArenaMark(arena);
-
- dest->certStatusInfo.revokedInfo =
- (ocspRevokedInfo *) PORT_ArenaZAlloc(arena, sizeof(ocspRevokedInfo));
+
+ dest->certStatusInfo.revokedInfo =
+ (ocspRevokedInfo *)PORT_ArenaZAlloc(arena, sizeof(ocspRevokedInfo));
if (!dest->certStatusInfo.revokedInfo) {
goto loser;
}
-
- rv = SECITEM_CopyItem(arena,
- &dest->certStatusInfo.revokedInfo->revocationTime,
+
+ rv = SECITEM_CopyItem(arena,
+ &dest->certStatusInfo.revokedInfo->revocationTime,
&src->revocationTime);
if (rv != SECSuccess) {
goto loser;
}
-
+
if (src->revocationReason) {
- dest->certStatusInfo.revokedInfo->revocationReason =
+ dest->certStatusInfo.revokedInfo->revocationReason =
SECITEM_ArenaDupItem(arena, src->revocationReason);
if (!dest->certStatusInfo.revokedInfo->revocationReason) {
goto loser;
}
- } else {
+ } else {
dest->certStatusInfo.revokedInfo->revocationReason = NULL;
}
-
+
PORT_ArenaUnmark(arena, mark);
return SECSuccess;
@@ -373,39 +371,39 @@
static SECStatus
ocsp_CopyCertStatus(PLArenaPool *arena, ocspCertStatus *dest,
- ocspCertStatus*src)
+ ocspCertStatus *src)
{
SECStatus rv = SECFailure;
dest->certStatusType = src->certStatusType;
-
+
switch (src->certStatusType) {
- case ocspCertStatus_good:
- dest->certStatusInfo.goodInfo =
- SECITEM_ArenaDupItem(arena, src->certStatusInfo.goodInfo);
- if (dest->certStatusInfo.goodInfo != NULL) {
- rv = SECSuccess;
- }
- break;
- case ocspCertStatus_revoked:
- rv = ocsp_CopyRevokedInfo(arena, dest,
- src->certStatusInfo.revokedInfo);
- break;
- case ocspCertStatus_unknown:
- dest->certStatusInfo.unknownInfo =
- SECITEM_ArenaDupItem(arena, src->certStatusInfo.unknownInfo);
- if (dest->certStatusInfo.unknownInfo != NULL) {
- rv = SECSuccess;
- }
- break;
- case ocspCertStatus_other:
- default:
- PORT_Assert(src->certStatusType == ocspCertStatus_other);
- dest->certStatusInfo.otherInfo =
- SECITEM_ArenaDupItem(arena, src->certStatusInfo.otherInfo);
- if (dest->certStatusInfo.otherInfo != NULL) {
- rv = SECSuccess;
- }
- break;
+ case ocspCertStatus_good:
+ dest->certStatusInfo.goodInfo =
+ SECITEM_ArenaDupItem(arena, src->certStatusInfo.goodInfo);
+ if (dest->certStatusInfo.goodInfo != NULL) {
+ rv = SECSuccess;
+ }
+ break;
+ case ocspCertStatus_revoked:
+ rv = ocsp_CopyRevokedInfo(arena, dest,
+ src->certStatusInfo.revokedInfo);
+ break;
+ case ocspCertStatus_unknown:
+ dest->certStatusInfo.unknownInfo =
+ SECITEM_ArenaDupItem(arena, src->certStatusInfo.unknownInfo);
+ if (dest->certStatusInfo.unknownInfo != NULL) {
+ rv = SECSuccess;
+ }
+ break;
+ case ocspCertStatus_other:
+ default:
+ PORT_Assert(src->certStatusType == ocspCertStatus_other);
+ dest->certStatusInfo.otherInfo =
+ SECITEM_ArenaDupItem(arena, src->certStatusInfo.otherInfo);
+ if (dest->certStatusInfo.otherInfo != NULL) {
+ rv = SECSuccess;
+ }
+ break;
}
return rv;
}
@@ -453,7 +451,7 @@
}
PORT_Assert(cache->numberOfEntries > 1);
-
+
if (item == cache->LRUitem) {
PORT_Assert(item != cache->MRUitem);
PORT_Assert(item->lessRecent == NULL);
@@ -461,8 +459,7 @@
PORT_Assert(item->moreRecent->lessRecent == item);
cache->LRUitem = item->moreRecent;
cache->LRUitem->lessRecent = NULL;
- }
- else if (item == cache->MRUitem) {
+ } else if (item == cache->MRUitem) {
PORT_Assert(item->moreRecent == NULL);
PORT_Assert(item->lessRecent != NULL);
PORT_Assert(item->lessRecent->moreRecent == item);
@@ -487,7 +484,7 @@
static void
ocsp_MakeCacheEntryMostRecent(OCSPCacheData *cache, OCSPCacheItem *new_most_recent)
{
- OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent THREADID %p\n",
+ OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent THREADID %p\n",
PR_GetCurrentThread()));
PR_EnterMonitor(OCSP_Global.monitor);
if (cache->MRUitem == new_most_recent) {
@@ -504,7 +501,7 @@
static PRBool
ocsp_IsCacheDisabled(void)
{
- /*
+ /*
* maxCacheEntries == 0 means unlimited cache entries
* maxCacheEntries < 0 means cache is disabled
*/
@@ -524,12 +521,12 @@
PR_EnterMonitor(OCSP_Global.monitor);
if (ocsp_IsCacheDisabled())
goto loser;
-
+
found_ocsp_item = (OCSPCacheItem *)PL_HashTableLookup(
- cache->entries, certID);
+ cache->entries, certID);
if (!found_ocsp_item)
goto loser;
-
+
OCSP_TRACE(("OCSP ocsp_FindCacheEntry FOUND!\n"));
ocsp_MakeCacheEntryMostRecent(cache, found_ocsp_item);
@@ -556,7 +553,7 @@
{
/* The item we're removing could be either the least recently used item,
* or it could be an item that couldn't get updated with newer status info
- * because of an allocation failure, or it could get removed because we're
+ * because of an allocation failure, or it could get removed because we're
* cleaning up.
*/
OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread()));
@@ -586,8 +583,8 @@
/* Cache is not disabled. Number of cache entries is limited.
* The monitor ensures that maxCacheEntries remains positive.
*/
- while (cache->numberOfEntries >
- (PRUint32)OCSP_Global.maxCacheEntries) {
+ while (cache->numberOfEntries >
+ (PRUint32)OCSP_Global.maxCacheEntries) {
ocsp_RemoveCacheItem(cache, cache->LRUitem);
}
}
@@ -600,7 +597,7 @@
OCSP_TRACE(("OCSP CERT_ClearOCSPCache\n"));
PR_EnterMonitor(OCSP_Global.monitor);
while (OCSP_Global.cache.numberOfEntries > 0) {
- ocsp_RemoveCacheItem(&OCSP_Global.cache,
+ ocsp_RemoveCacheItem(&OCSP_Global.cache,
OCSP_Global.cache.LRUitem);
}
PR_ExitMonitor(OCSP_Global.monitor);
@@ -609,30 +606,30 @@
static SECStatus
ocsp_CreateCacheItemAndConsumeCertID(OCSPCacheData *cache,
- CERTOCSPCertID *certID,
+ CERTOCSPCertID *certID,
OCSPCacheItem **pCacheItem)
{
PLArenaPool *arena;
void *mark;
PLHashEntry *new_hash_entry;
OCSPCacheItem *item;
-
+
PORT_Assert(pCacheItem != NULL);
*pCacheItem = NULL;
PR_EnterMonitor(OCSP_Global.monitor);
arena = certID->poolp;
mark = PORT_ArenaMark(arena);
-
+
/* ZAlloc will init all Bools to False and all Pointers to NULL
and all error codes to zero/good. */
- item = (OCSPCacheItem *)PORT_ArenaZAlloc(certID->poolp,
+ item = (OCSPCacheItem *)PORT_ArenaZAlloc(certID->poolp,
sizeof(OCSPCacheItem));
if (!item) {
- goto loser;
+ goto loser;
}
item->certID = certID;
- new_hash_entry = PL_HashTableAdd(cache->entries, item->certID,
+ new_hash_entry = PL_HashTableAdd(cache->entries, item->certID,
item);
if (!new_hash_entry) {
goto loser;
@@ -644,7 +641,7 @@
PR_ExitMonitor(OCSP_Global.monitor);
return SECSuccess;
-
+
loser:
PORT_ArenaRelease(arena, mark);
PR_ExitMonitor(OCSP_Global.monitor);
@@ -666,7 +663,7 @@
if (item->certStatusArena == NULL) {
return SECFailure;
}
- rv = ocsp_CopyCertStatus(item->certStatusArena, &item->certStatus,
+ rv = ocsp_CopyCertStatus(item->certStatusArena, &item->certStatus,
response->certStatus);
if (rv != SECSuccess) {
PORT_FreeArena(item->certStatusArena, PR_FALSE);
@@ -674,11 +671,11 @@
return rv;
}
item->missingResponseError = 0;
- rv = DER_GeneralizedTimeToTime(&item->thisUpdate,
+ rv = DER_GeneralizedTimeToTime(&item->thisUpdate,
&response->thisUpdate);
item->haveThisUpdate = (rv == SECSuccess);
if (response->nextUpdate) {
- rv = DER_GeneralizedTimeToTime(&item->nextUpdate,
+ rv = DER_GeneralizedTimeToTime(&item->nextUpdate,
response->nextUpdate);
item->haveNextUpdate = (rv == SECSuccess);
} else {
@@ -694,60 +691,60 @@
PRTime now;
PRTime earliestAllowedNextFetchAttemptTime;
PRTime latestTimeWhenResponseIsConsideredFresh;
-
+
OCSP_TRACE(("OCSP ocsp_FreshenCacheItemNextFetchAttemptTime\n"));
PR_EnterMonitor(OCSP_Global.monitor);
-
+
now = PR_Now();
OCSP_TRACE_TIME("now:", now);
-
+
if (cacheItem->haveThisUpdate) {
OCSP_TRACE_TIME("thisUpdate:", cacheItem->thisUpdate);
latestTimeWhenResponseIsConsideredFresh = cacheItem->thisUpdate +
- OCSP_Global.maximumSecondsToNextFetchAttempt *
- MICROSECONDS_PER_SECOND;
- OCSP_TRACE_TIME("latestTimeWhenResponseIsConsideredFresh:",
+ OCSP_Global.maximumSecondsToNextFetchAttempt *
+ MICROSECONDS_PER_SECOND;
+ OCSP_TRACE_TIME("latestTimeWhenResponseIsConsideredFresh:",
latestTimeWhenResponseIsConsideredFresh);
} else {
latestTimeWhenResponseIsConsideredFresh = now +
- OCSP_Global.minimumSecondsToNextFetchAttempt *
- MICROSECONDS_PER_SECOND;
+ OCSP_Global.minimumSecondsToNextFetchAttempt *
+ MICROSECONDS_PER_SECOND;
OCSP_TRACE_TIME("no thisUpdate, "
- "latestTimeWhenResponseIsConsideredFresh:",
+ "latestTimeWhenResponseIsConsideredFresh:",
latestTimeWhenResponseIsConsideredFresh);
}
-
+
if (cacheItem->haveNextUpdate) {
OCSP_TRACE_TIME("have nextUpdate:", cacheItem->nextUpdate);
}
-
+
if (cacheItem->haveNextUpdate &&
cacheItem->nextUpdate < latestTimeWhenResponseIsConsideredFresh) {
latestTimeWhenResponseIsConsideredFresh = cacheItem->nextUpdate;
OCSP_TRACE_TIME("nextUpdate is smaller than latestFresh, setting "
- "latestTimeWhenResponseIsConsideredFresh:",
+ "latestTimeWhenResponseIsConsideredFresh:",
latestTimeWhenResponseIsConsideredFresh);
}
-
+
earliestAllowedNextFetchAttemptTime = now +
- OCSP_Global.minimumSecondsToNextFetchAttempt *
- MICROSECONDS_PER_SECOND;
- OCSP_TRACE_TIME("earliestAllowedNextFetchAttemptTime:",
+ OCSP_Global.minimumSecondsToNextFetchAttempt *
+ MICROSECONDS_PER_SECOND;
+ OCSP_TRACE_TIME("earliestAllowedNextFetchAttemptTime:",
earliestAllowedNextFetchAttemptTime);
-
- if (latestTimeWhenResponseIsConsideredFresh <
+
+ if (latestTimeWhenResponseIsConsideredFresh <
earliestAllowedNextFetchAttemptTime) {
- latestTimeWhenResponseIsConsideredFresh =
+ latestTimeWhenResponseIsConsideredFresh =
earliestAllowedNextFetchAttemptTime;
- OCSP_TRACE_TIME("latest < earliest, setting latest to:",
+ OCSP_TRACE_TIME("latest < earliest, setting latest to:",
latestTimeWhenResponseIsConsideredFresh);
}
-
- cacheItem->nextFetchAttemptTime =
+
+ cacheItem->nextFetchAttemptTime =
latestTimeWhenResponseIsConsideredFresh;
- OCSP_TRACE_TIME("nextFetchAttemptTime",
- latestTimeWhenResponseIsConsideredFresh);
+ OCSP_TRACE_TIME("nextFetchAttemptTime",
+ latestTimeWhenResponseIsConsideredFresh);
PR_ExitMonitor(OCSP_Global.monitor);
}
@@ -776,14 +773,14 @@
}
/*
- * Status in *certIDWasConsumed will always be correct, regardless of
+ * Status in *certIDWasConsumed will always be correct, regardless of
* return value.
* If the caller is unable to transfer ownership of certID,
* then the caller must set certIDWasConsumed to NULL,
* and this function will potentially duplicate the certID object.
*/
static SECStatus
-ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache,
+ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache,
CERTOCSPCertID *certID,
CERTOCSPSingleResponse *single,
PRBool *certIDWasConsumed)
@@ -791,13 +788,13 @@
SECStatus rv;
OCSPCacheItem *cacheItem;
OCSP_TRACE(("OCSP ocsp_CreateOrUpdateCacheEntry\n"));
-
+
if (certIDWasConsumed)
*certIDWasConsumed = PR_FALSE;
-
+
PR_EnterMonitor(OCSP_Global.monitor);
PORT_Assert(OCSP_Global.maxCacheEntries >= 0);
-
+
cacheItem = ocsp_FindCacheEntry(cache, certID);
/* Don't replace an unknown or revoked entry with an error entry, even if
@@ -867,12 +864,12 @@
CERT_SetOCSPFailureMode(SEC_OcspFailureMode ocspFailureMode)
{
switch (ocspFailureMode) {
- case ocspMode_FailureIsVerificationFailure:
- case ocspMode_FailureIsNotAVerificationFailure:
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ case ocspMode_FailureIsVerificationFailure:
+ case ocspMode_FailureIsNotAVerificationFailure:
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
PR_EnterMonitor(OCSP_Global.monitor);
@@ -886,14 +883,14 @@
PRUint32 minimumSecondsToNextFetchAttempt,
PRUint32 maximumSecondsToNextFetchAttempt)
{
- if (minimumSecondsToNextFetchAttempt > maximumSecondsToNextFetchAttempt
- || maxCacheEntries < -1) {
+ if (minimumSecondsToNextFetchAttempt > maximumSecondsToNextFetchAttempt ||
+ maxCacheEntries < -1) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
-
+
PR_EnterMonitor(OCSP_Global.monitor);
-
+
if (maxCacheEntries < 0) {
OCSP_Global.maxCacheEntries = -1; /* disable cache */
} else if (maxCacheEntries == 0) {
@@ -901,24 +898,24 @@
} else {
OCSP_Global.maxCacheEntries = maxCacheEntries;
}
-
- if (minimumSecondsToNextFetchAttempt <
- OCSP_Global.minimumSecondsToNextFetchAttempt
- || maximumSecondsToNextFetchAttempt <
+
+ if (minimumSecondsToNextFetchAttempt <
+ OCSP_Global.minimumSecondsToNextFetchAttempt ||
+ maximumSecondsToNextFetchAttempt <
OCSP_Global.maximumSecondsToNextFetchAttempt) {
/*
- * Ensure our existing cache entries are not used longer than the
+ * Ensure our existing cache entries are not used longer than the
* new settings allow, we're lazy and just clear the cache
*/
CERT_ClearOCSPCache();
}
-
- OCSP_Global.minimumSecondsToNextFetchAttempt =
+
+ OCSP_Global.minimumSecondsToNextFetchAttempt =
minimumSecondsToNextFetchAttempt;
- OCSP_Global.maximumSecondsToNextFetchAttempt =
+ OCSP_Global.maximumSecondsToNextFetchAttempt =
maximumSecondsToNextFetchAttempt;
ocsp_CheckCacheSize(&OCSP_Global.cache);
-
+
PR_ExitMonitor(OCSP_Global.monitor);
return SECSuccess;
}
@@ -932,7 +929,8 @@
}
/* this function is called at NSS initialization time */
-SECStatus OCSP_InitGlobal(void)
+SECStatus
+OCSP_InitGlobal(void)
{
SECStatus rv = SECFailure;
@@ -944,12 +942,12 @@
PR_EnterMonitor(OCSP_Global.monitor);
if (!OCSP_Global.cache.entries) {
- OCSP_Global.cache.entries =
- PL_NewHashTable(0,
- ocsp_CacheKeyHashFunction,
- ocsp_CacheKeyCompareFunction,
- PL_CompareValues,
- NULL,
+ OCSP_Global.cache.entries =
+ PL_NewHashTable(0,
+ ocsp_CacheKeyHashFunction,
+ ocsp_CacheKeyCompareFunction,
+ PL_CompareValues,
+ NULL,
NULL);
OCSP_Global.ocspFailureMode = ocspMode_FailureIsVerificationFailure;
OCSP_Global.cache.numberOfEntries = 0;
@@ -969,7 +967,8 @@
return rv;
}
-SECStatus OCSP_ShutdownGlobal(void)
+SECStatus
+OCSP_ShutdownGlobal(void)
{
if (!OCSP_Global.monitor)
return SECSuccess;
@@ -986,12 +985,12 @@
OCSP_Global.defaultHttpClientFcn = NULL;
OCSP_Global.maxCacheEntries = DEFAULT_OCSP_CACHE_SIZE;
- OCSP_Global.minimumSecondsToNextFetchAttempt =
- DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT;
+ OCSP_Global.minimumSecondsToNextFetchAttempt =
+ DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT;
OCSP_Global.maximumSecondsToNextFetchAttempt =
- DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT;
+ DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT;
OCSP_Global.ocspFailureMode =
- ocspMode_FailureIsVerificationFailure;
+ ocspMode_FailureIsVerificationFailure;
PR_ExitMonitor(OCSP_Global.monitor);
PR_DestroyMonitor(OCSP_Global.monitor);
@@ -1000,22 +999,23 @@
}
/*
- * A return value of NULL means:
+ * A return value of NULL means:
* The application did not register it's own HTTP client.
*/
-const SEC_HttpClientFcn *SEC_GetRegisteredHttpClient(void)
+const SEC_HttpClientFcn *
+SEC_GetRegisteredHttpClient(void)
{
const SEC_HttpClientFcn *retval;
if (!OCSP_Global.monitor) {
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return NULL;
+ PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+ return NULL;
}
PR_EnterMonitor(OCSP_Global.monitor);
retval = OCSP_Global.defaultHttpClientFcn;
PR_ExitMonitor(OCSP_Global.monitor);
-
+
return retval;
}
@@ -1057,7 +1057,6 @@
extern const SEC_ASN1Template ocsp_SingleResponseTemplate[];
extern const SEC_ASN1Template ocsp_TBSRequestTemplate[];
-
/*
* Request-related templates...
*/
@@ -1069,14 +1068,14 @@
*/
static const SEC_ASN1Template ocsp_OCSPRequestTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPRequest) },
+ 0, NULL, sizeof(CERTOCSPRequest) },
{ SEC_ASN1_POINTER,
- offsetof(CERTOCSPRequest, tbsRequest),
- ocsp_TBSRequestTemplate },
+ offsetof(CERTOCSPRequest, tbsRequest),
+ ocsp_TBSRequestTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTOCSPRequest, optionalSignature),
- ocsp_PointerToSignatureTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(CERTOCSPRequest, optionalSignature),
+ ocsp_PointerToSignatureTemplate },
{ 0 }
};
@@ -1095,22 +1094,22 @@
*/
const SEC_ASN1Template ocsp_TBSRequestTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspTBSRequest) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(ocspTBSRequest, version),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ 0, NULL, sizeof(ocspTBSRequest) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ offsetof(ocspTBSRequest, version),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
- offsetof(ocspTBSRequest, derRequestorName),
- SEC_ASN1_SUB(SEC_PointerToAnyTemplate) },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+ offsetof(ocspTBSRequest, derRequestorName),
+ SEC_ASN1_SUB(SEC_PointerToAnyTemplate) },
{ SEC_ASN1_SEQUENCE_OF,
- offsetof(ocspTBSRequest, requestList),
- ocsp_SingleRequestTemplate },
+ offsetof(ocspTBSRequest, requestList),
+ ocsp_SingleRequestTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
- offsetof(ocspTBSRequest, requestExtensions),
- CERT_SequenceOfCertExtensionTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
+ offsetof(ocspTBSRequest, requestExtensions),
+ CERT_SequenceOfCertExtensionTemplate },
{ 0 }
};
@@ -1122,16 +1121,16 @@
*/
static const SEC_ASN1Template ocsp_SignatureTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspSignature) },
+ 0, NULL, sizeof(ocspSignature) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(ocspSignature, signatureAlgorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ offsetof(ocspSignature, signatureAlgorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_BIT_STRING,
- offsetof(ocspSignature, signature) },
+ offsetof(ocspSignature, signature) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(ocspSignature, derCerts),
- SEC_ASN1_SUB(SEC_SequenceOfAnyTemplate) },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ offsetof(ocspSignature, derCerts),
+ SEC_ASN1_SUB(SEC_SequenceOfAnyTemplate) },
{ 0 }
};
@@ -1157,19 +1156,18 @@
* is the only way it will compile.
*/
const SEC_ASN1Template ocsp_SingleRequestTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspSingleRequest) },
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(ocspSingleRequest) },
{ SEC_ASN1_POINTER,
- offsetof(ocspSingleRequest, reqCert),
- ocsp_CertIDTemplate },
+ offsetof(ocspSingleRequest, reqCert),
+ ocsp_CertIDTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspSingleRequest, singleRequestExtensions),
- CERT_SequenceOfCertExtensionTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(ocspSingleRequest, singleRequestExtensions),
+ CERT_SequenceOfCertExtensionTemplate },
{ 0 }
};
-
/*
* This data structure and template (CertID) is used by both OCSP
* requests and responses. It is the only one that is shared.
@@ -1187,21 +1185,20 @@
* is the only way it will compile.
*/
const SEC_ASN1Template ocsp_CertIDTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPCertID) },
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(CERTOCSPCertID) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTOCSPCertID, hashAlgorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ offsetof(CERTOCSPCertID, hashAlgorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_OCTET_STRING,
- offsetof(CERTOCSPCertID, issuerNameHash) },
+ offsetof(CERTOCSPCertID, issuerNameHash) },
{ SEC_ASN1_OCTET_STRING,
- offsetof(CERTOCSPCertID, issuerKeyHash) },
- { SEC_ASN1_INTEGER,
- offsetof(CERTOCSPCertID, serialNumber) },
+ offsetof(CERTOCSPCertID, issuerKeyHash) },
+ { SEC_ASN1_INTEGER,
+ offsetof(CERTOCSPCertID, serialNumber) },
{ 0 }
};
-
/*
* Response-related templates...
*/
@@ -1212,14 +1209,14 @@
* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
*/
const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPResponse) },
- { SEC_ASN1_ENUMERATED,
- offsetof(CERTOCSPResponse, responseStatus) },
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(CERTOCSPResponse) },
+ { SEC_ASN1_ENUMERATED,
+ offsetof(CERTOCSPResponse, responseStatus) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTOCSPResponse, responseBytes),
- ocsp_PointerToResponseBytesTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(CERTOCSPResponse, responseBytes),
+ ocsp_PointerToResponseBytesTemplate },
{ 0 }
};
@@ -1230,11 +1227,11 @@
*/
const SEC_ASN1Template ocsp_ResponseBytesTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspResponseBytes) },
+ 0, NULL, sizeof(ocspResponseBytes) },
{ SEC_ASN1_OBJECT_ID,
- offsetof(ocspResponseBytes, responseType) },
+ offsetof(ocspResponseBytes, responseType) },
{ SEC_ASN1_OCTET_STRING,
- offsetof(ocspResponseBytes, response) },
+ offsetof(ocspResponseBytes, response) },
{ 0 }
};
@@ -1259,21 +1256,21 @@
*/
static const SEC_ASN1Template ocsp_BasicOCSPResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspBasicOCSPResponse) },
+ 0, NULL, sizeof(ocspBasicOCSPResponse) },
{ SEC_ASN1_ANY | SEC_ASN1_SAVE,
- offsetof(ocspBasicOCSPResponse, tbsResponseDataDER) },
+ offsetof(ocspBasicOCSPResponse, tbsResponseDataDER) },
{ SEC_ASN1_POINTER,
- offsetof(ocspBasicOCSPResponse, tbsResponseData),
- ocsp_ResponseDataTemplate },
+ offsetof(ocspBasicOCSPResponse, tbsResponseData),
+ ocsp_ResponseDataTemplate },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_BIT_STRING,
- offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
+ offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
- SEC_ASN1_SUB(SEC_SequenceOfAnyTemplate) },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
+ SEC_ASN1_SUB(SEC_SequenceOfAnyTemplate) },
{ 0 }
};
@@ -1291,22 +1288,22 @@
*/
const SEC_ASN1Template ocsp_ResponseDataTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspResponseData) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(ocspResponseData, version),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ 0, NULL, sizeof(ocspResponseData) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ offsetof(ocspResponseData, version),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
{ SEC_ASN1_ANY,
- offsetof(ocspResponseData, derResponderID) },
+ offsetof(ocspResponseData, derResponderID) },
{ SEC_ASN1_GENERALIZED_TIME,
- offsetof(ocspResponseData, producedAt) },
+ offsetof(ocspResponseData, producedAt) },
{ SEC_ASN1_SEQUENCE_OF,
- offsetof(ocspResponseData, responses),
- ocsp_SingleResponseTemplate },
+ offsetof(ocspResponseData, responses),
+ ocsp_SingleResponseTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(ocspResponseData, responseExtensions),
- CERT_SequenceOfCertExtensionTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(ocspResponseData, responseExtensions),
+ CERT_SequenceOfCertExtensionTemplate },
{ 0 }
};
@@ -1327,24 +1324,25 @@
*/
const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[] = {
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(ocspResponderID, responderIDValue.name),
- CERT_NameTemplate }
+ offsetof(ocspResponderID, responderIDValue.name),
+ CERT_NameTemplate }
};
const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[] = {
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_XTRN | 2,
- offsetof(ocspResponderID, responderIDValue.keyHash),
- SEC_ASN1_SUB(SEC_OctetStringTemplate) }
+ SEC_ASN1_XTRN | 2,
+ offsetof(ocspResponderID, responderIDValue.keyHash),
+ SEC_ASN1_SUB(SEC_OctetStringTemplate) }
};
static const SEC_ASN1Template ocsp_ResponderIDOtherTemplate[] = {
{ SEC_ASN1_ANY,
- offsetof(ocspResponderID, responderIDValue.other) }
+ offsetof(ocspResponderID, responderIDValue.other) }
};
/* Decode choice container, but leave x509 name object encoded */
static const SEC_ASN1Template ocsp_ResponderIDDerNameTemplate[] = {
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_XTRN | 1, 0, SEC_ASN1_SUB(SEC_AnyTemplate) }
+ SEC_ASN1_XTRN | 1,
+ 0, SEC_ASN1_SUB(SEC_AnyTemplate) }
};
/*
@@ -1361,22 +1359,22 @@
*/
const SEC_ASN1Template ocsp_SingleResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPSingleResponse) },
+ 0, NULL, sizeof(CERTOCSPSingleResponse) },
{ SEC_ASN1_POINTER,
- offsetof(CERTOCSPSingleResponse, certID),
- ocsp_CertIDTemplate },
+ offsetof(CERTOCSPSingleResponse, certID),
+ ocsp_CertIDTemplate },
{ SEC_ASN1_ANY,
- offsetof(CERTOCSPSingleResponse, derCertStatus) },
+ offsetof(CERTOCSPSingleResponse, derCertStatus) },
{ SEC_ASN1_GENERALIZED_TIME,
- offsetof(CERTOCSPSingleResponse, thisUpdate) },
+ offsetof(CERTOCSPSingleResponse, thisUpdate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(CERTOCSPSingleResponse, nextUpdate),
- SEC_ASN1_SUB(SEC_PointerToGeneralizedTimeTemplate) },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ offsetof(CERTOCSPSingleResponse, nextUpdate),
+ SEC_ASN1_SUB(SEC_PointerToGeneralizedTimeTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CERTOCSPSingleResponse, singleExtensions),
- CERT_SequenceOfCertExtensionTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(CERTOCSPSingleResponse, singleExtensions),
+ CERT_SequenceOfCertExtensionTemplate },
{ 0 }
};
@@ -1395,23 +1393,23 @@
*/
static const SEC_ASN1Template ocsp_CertStatusGoodTemplate[] = {
{ SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(ocspCertStatus, certStatusInfo.goodInfo),
- SEC_ASN1_SUB(SEC_NullTemplate) }
+ offsetof(ocspCertStatus, certStatusInfo.goodInfo),
+ SEC_ASN1_SUB(SEC_NullTemplate) }
};
static const SEC_ASN1Template ocsp_CertStatusRevokedTemplate[] = {
- { SEC_ASN1_POINTER | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
- ocsp_RevokedInfoTemplate }
+ { SEC_ASN1_POINTER | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
+ ocsp_RevokedInfoTemplate }
};
static const SEC_ASN1Template ocsp_CertStatusUnknownTemplate[] = {
{ SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
- offsetof(ocspCertStatus, certStatusInfo.unknownInfo),
- SEC_ASN1_SUB(SEC_NullTemplate) }
+ offsetof(ocspCertStatus, certStatusInfo.unknownInfo),
+ SEC_ASN1_SUB(SEC_NullTemplate) }
};
static const SEC_ASN1Template ocsp_CertStatusOtherTemplate[] = {
{ SEC_ASN1_POINTER | SEC_ASN1_XTRN,
- offsetof(ocspCertStatus, certStatusInfo.otherInfo),
- SEC_ASN1_SUB(SEC_AnyTemplate) }
+ offsetof(ocspCertStatus, certStatusInfo.otherInfo),
+ SEC_ASN1_SUB(SEC_AnyTemplate) }
};
/*
@@ -1425,18 +1423,17 @@
*/
const SEC_ASN1Template ocsp_RevokedInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspRevokedInfo) },
+ 0, NULL, sizeof(ocspRevokedInfo) },
{ SEC_ASN1_GENERALIZED_TIME,
- offsetof(ocspRevokedInfo, revocationTime) },
+ offsetof(ocspRevokedInfo, revocationTime) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_XTRN | 0,
- offsetof(ocspRevokedInfo, revocationReason),
- SEC_ASN1_SUB(SEC_PointerToEnumeratedTemplate) },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_XTRN | 0,
+ offsetof(ocspRevokedInfo, revocationReason),
+ SEC_ASN1_SUB(SEC_PointerToEnumeratedTemplate) },
{ 0 }
};
-
/*
* OCSP-specific extension templates:
*/
@@ -1448,25 +1445,24 @@
*/
static const SEC_ASN1Template ocsp_ServiceLocatorTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspServiceLocator) },
+ 0, NULL, sizeof(ocspServiceLocator) },
{ SEC_ASN1_POINTER,
- offsetof(ocspServiceLocator, issuer),
- CERT_NameTemplate },
+ offsetof(ocspServiceLocator, issuer),
+ CERT_NameTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
- offsetof(ocspServiceLocator, locator) },
+ offsetof(ocspServiceLocator, locator) },
{ 0 }
};
-
/*
* REQUEST SUPPORT FUNCTIONS (encode/create/decode/destroy):
*/
-/*
+/*
* FUNCTION: CERT_EncodeOCSPRequest
* DER encodes an OCSP Request, possibly adding a signature as well.
* XXX Signing is not yet supported, however; see comments in code.
- * INPUTS:
+ * INPUTS:
* PLArenaPool *arena
* The return value is allocated from here.
* If a NULL is passed in, allocation is done from the heap instead.
@@ -1482,7 +1478,7 @@
*/
SECItem *
CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
- void *pwArg)
+ void *pwArg)
{
SECStatus rv;
@@ -1491,10 +1487,10 @@
PORT_Assert(request->tbsRequest);
if (request->tbsRequest->extensionHandle != NULL) {
- rv = CERT_FinishExtensions(request->tbsRequest->extensionHandle);
- request->tbsRequest->extensionHandle = NULL;
- if (rv != SECSuccess)
- return NULL;
+ rv = CERT_FinishExtensions(request->tbsRequest->extensionHandle);
+ request->tbsRequest->extensionHandle = NULL;
+ if (rv != SECSuccess)
+ return NULL;
}
/*
@@ -1510,7 +1506,6 @@
return SEC_ASN1EncodeItem(arena, NULL, request, ocsp_OCSPRequestTemplate);
}
-
/*
* FUNCTION: CERT_DecodeOCSPRequest
* Decode a DER encoded OCSP Request.
@@ -1533,27 +1528,27 @@
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- goto loser;
+ goto loser;
}
- dest = (CERTOCSPRequest *) PORT_ArenaZAlloc(arena,
- sizeof(CERTOCSPRequest));
+ dest = (CERTOCSPRequest *)PORT_ArenaZAlloc(arena,
+ sizeof(CERTOCSPRequest));
if (dest == NULL) {
- goto loser;
+ goto loser;
}
dest->arena = arena;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newSrc, src);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
rv = SEC_QuickDERDecodeItem(arena, dest, ocsp_OCSPRequestTemplate, &newSrc);
if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
- goto loser;
+ if (PORT_GetError() == SEC_ERROR_BAD_DER)
+ PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
+ goto loser;
}
/*
@@ -1561,24 +1556,24 @@
* of doing this copying of the arena pointer.
*/
for (i = 0; dest->tbsRequest->requestList[i] != NULL; i++) {
- dest->tbsRequest->requestList[i]->arena = arena;
+ dest->tbsRequest->requestList[i]->arena = arena;
}
return dest;
loser:
if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return NULL;
}
SECStatus
-CERT_DestroyOCSPCertID(CERTOCSPCertID* certID)
+CERT_DestroyOCSPCertID(CERTOCSPCertID *certID)
{
if (certID && certID->poolp) {
- PORT_FreeArena(certID->poolp, PR_FALSE);
- return SECSuccess;
+ PORT_FreeArena(certID->poolp, PR_FALSE);
+ return SECSuccess;
}
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -1593,7 +1588,7 @@
*/
SECItem *
-ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
+ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
SECItem *fill, const SECItem *src)
{
const SECHashObject *digestObject;
@@ -1601,27 +1596,27 @@
void *mark = NULL;
void *digestBuff = NULL;
- if ( arena != NULL ) {
+ if (arena != NULL) {
mark = PORT_ArenaMark(arena);
}
digestObject = HASH_GetHashObjectByOidTag(digestAlg);
- if ( digestObject == NULL ) {
+ if (digestObject == NULL) {
goto loser;
}
if (fill == NULL || fill->data == NULL) {
- result = SECITEM_AllocItem(arena, fill, digestObject->length);
- if ( result == NULL ) {
- goto loser;
- }
- digestBuff = result->data;
+ result = SECITEM_AllocItem(arena, fill, digestObject->length);
+ if (result == NULL) {
+ goto loser;
+ }
+ digestBuff = result->data;
} else {
- if (fill->len < digestObject->length) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
- digestBuff = fill->data;
+ if (fill->len < digestObject->length) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ goto loser;
+ }
+ digestBuff = fill->data;
}
if (PK11_HashBuf(digestAlg, digestBuff,
@@ -1629,7 +1624,7 @@
goto loser;
}
- if ( arena != NULL ) {
+ if (arena != NULL) {
PORT_ArenaUnmark(arena, mark);
}
@@ -1646,7 +1641,7 @@
SECITEM_FreeItem(result, (fill == NULL) ? PR_TRUE : PR_FALSE);
}
}
- return(NULL);
+ return (NULL);
}
/*
@@ -1713,18 +1708,18 @@
certID = PORT_ArenaZNew(arena, CERTOCSPCertID);
if (certID == NULL) {
- goto loser;
+ goto loser;
}
rv = SECOID_SetAlgorithmID(arena, &certID->hashAlgorithm, SEC_OID_SHA1,
- NULL);
+ NULL);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
issuerCert = CERT_FindCertIssuer(cert, time, certUsageAnyCA);
if (issuerCert == NULL) {
- goto loser;
+ goto loser;
}
if (CERT_GetSubjectNameDigest(arena, issuerCert, SEC_OID_SHA1,
@@ -1745,29 +1740,28 @@
}
if (CERT_GetSubjectPublicKeyDigest(arena, issuerCert, SEC_OID_SHA1,
- &certID->issuerKeyHash) == NULL) {
- goto loser;
+ &certID->issuerKeyHash) == NULL) {
+ goto loser;
}
certID->issuerSHA1KeyHash.data = certID->issuerKeyHash.data;
certID->issuerSHA1KeyHash.len = certID->issuerKeyHash.len;
/* cache the other two hash algorithms as well */
if (CERT_GetSubjectPublicKeyDigest(arena, issuerCert, SEC_OID_MD5,
- &certID->issuerMD5KeyHash) == NULL) {
- goto loser;
+ &certID->issuerMD5KeyHash) == NULL) {
+ goto loser;
}
if (CERT_GetSubjectPublicKeyDigest(arena, issuerCert, SEC_OID_MD2,
- &certID->issuerMD2KeyHash) == NULL) {
- goto loser;
+ &certID->issuerMD2KeyHash) == NULL) {
+ goto loser;
}
-
/* now we are done with issuerCert */
CERT_DestroyCertificate(issuerCert);
issuerCert = NULL;
rv = SECITEM_CopyItem(arena, &certID->serialNumber, &cert->serialNumber);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
PORT_ArenaUnmark(arena, mark);
@@ -1775,25 +1769,25 @@
loser:
if (issuerCert != NULL) {
- CERT_DestroyCertificate(issuerCert);
+ CERT_DestroyCertificate(issuerCert);
}
PORT_ArenaRelease(arena, mark);
return NULL;
}
-CERTOCSPCertID*
+CERTOCSPCertID *
CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time)
{
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
CERTOCSPCertID *certID;
PORT_Assert(arena != NULL);
if (!arena)
- return NULL;
-
+ return NULL;
+
certID = ocsp_CreateCertID(arena, cert, time);
if (!certID) {
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
+ PORT_FreeArena(arena, PR_FALSE);
+ return NULL;
}
certID->poolp = arena;
return certID;
@@ -1818,11 +1812,11 @@
if (!dest)
goto loser;
-#define DUPHELP(element) \
- if (src->element.data && \
- SECITEM_CopyItem(arena, &dest->element, &src->element) \
- != SECSuccess) { \
- goto loser; \
+#define DUPHELP(element) \
+ if (src->element.data && \
+ SECITEM_CopyItem(arena, &dest->element, &src->element) != \
+ SECSuccess) { \
+ goto loser; \
}
DUPHELP(hashAlgorithm.algorithm)
@@ -1850,12 +1844,13 @@
/*
* Callback to set Extensions in request object
*/
-void SetSingleReqExts(void *object, CERTCertExtension **exts)
+void
+SetSingleReqExts(void *object, CERTCertExtension **exts)
{
- ocspSingleRequest *singleRequest =
- (ocspSingleRequest *)object;
+ ocspSingleRequest *singleRequest =
+ (ocspSingleRequest *)object;
- singleRequest->singleRequestExtensions = exts;
+ singleRequest->singleRequestExtensions = exts;
}
/*
@@ -1866,7 +1861,7 @@
*/
static SECStatus
ocsp_AddServiceLocatorExtension(ocspSingleRequest *singleRequest,
- CERTCertificate *cert)
+ CERTCertificate *cert)
{
ocspServiceLocator *serviceLocator = NULL;
void *extensionHandle = NULL;
@@ -1874,7 +1869,7 @@
serviceLocator = PORT_ZNew(ocspServiceLocator);
if (serviceLocator == NULL)
- goto loser;
+ goto loser;
/*
* Normally it would be a bad idea to do a direct reference like
@@ -1886,10 +1881,10 @@
serviceLocator->issuer = &cert->issuer;
rv = CERT_FindCertExtension(cert, SEC_OID_X509_AUTH_INFO_ACCESS,
- &serviceLocator->locator);
+ &serviceLocator->locator);
if (rv != SECSuccess) {
- if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND)
- goto loser;
+ if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND)
+ goto loser;
}
/* prepare for following loser gotos */
@@ -1897,33 +1892,33 @@
PORT_SetError(0);
extensionHandle = cert_StartExtensions(singleRequest,
- singleRequest->arena, SetSingleReqExts);
+ singleRequest->arena, SetSingleReqExts);
if (extensionHandle == NULL)
- goto loser;
+ goto loser;
rv = CERT_EncodeAndAddExtension(extensionHandle,
- SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
- serviceLocator, PR_FALSE,
- ocsp_ServiceLocatorTemplate);
+ SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
+ serviceLocator, PR_FALSE,
+ ocsp_ServiceLocatorTemplate);
loser:
if (extensionHandle != NULL) {
- /*
+ /*
* Either way we have to finish out the extension context (so it gets
* freed). But careful not to override any already-set bad status.
*/
- SECStatus tmprv = CERT_FinishExtensions(extensionHandle);
- if (rv == SECSuccess)
- rv = tmprv;
+ SECStatus tmprv = CERT_FinishExtensions(extensionHandle);
+ if (rv == SECSuccess)
+ rv = tmprv;
}
/*
* Finally, free the serviceLocator structure itself and we are done.
*/
if (serviceLocator != NULL) {
- if (serviceLocator->locator.data != NULL)
- SECITEM_FreeItem(&serviceLocator->locator, PR_FALSE);
- PORT_Free(serviceLocator);
+ if (serviceLocator->locator.data != NULL)
+ SECITEM_FreeItem(&serviceLocator->locator, PR_FALSE);
+ PORT_Free(serviceLocator);
}
return rv;
@@ -1949,18 +1944,18 @@
CERTCertListNode *node = NULL;
int i, count;
void *mark = PORT_ArenaMark(arena);
-
+
node = CERT_LIST_HEAD(certList);
for (count = 0; !CERT_LIST_END(node, certList); count++) {
node = CERT_LIST_NEXT(node);
}
if (count == 0)
- goto loser;
+ goto loser;
requestList = PORT_ArenaNewArray(arena, ocspSingleRequest *, count + 1);
if (requestList == NULL)
- goto loser;
+ goto loser;
node = CERT_LIST_HEAD(certList);
for (i = 0; !CERT_LIST_END(node, certList); i++) {
@@ -1998,7 +1993,7 @@
static ocspSingleRequest **
ocsp_CreateRequestFromCert(PLArenaPool *arena,
- CERTOCSPCertID *certID,
+ CERTOCSPCertID *certID,
CERTCertificate *singleCert,
PRTime time,
PRBool includeLocator)
@@ -2016,7 +2011,7 @@
goto loser;
requestList[0]->arena = arena;
/* certID will live longer than the request */
- requestList[0]->reqCert = certID;
+ requestList[0]->reqCert = certID;
if (includeLocator == PR_TRUE) {
SECStatus rv;
@@ -2067,8 +2062,8 @@
}
CERTOCSPRequest *
-cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
- CERTCertificate *singleCert,
+cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
+ CERTCertificate *singleCert,
PRTime time,
PRBool addServiceLocator,
CERTCertificate *signerCert)
@@ -2091,8 +2086,8 @@
* Version 1 is the default, so we need not fill in a version number.
* Now create the list of single requests, one for each cert.
*/
- request->tbsRequest->requestList =
- ocsp_CreateRequestFromCert(request->arena,
+ request->tbsRequest->requestList =
+ ocsp_CreateRequestFromCert(request->arena,
certID,
singleCert,
time,
@@ -2106,7 +2101,7 @@
/*
* FUNCTION: CERT_CreateOCSPRequest
- * Creates a CERTOCSPRequest, requesting the status of the certs in
+ * Creates a CERTOCSPRequest, requesting the status of the certs in
* the given list.
* INPUTS:
* CERTCertList *certList
@@ -2118,7 +2113,7 @@
* to this routine), who knows about where the request(s) are being
* sent and whether there are any trusted responders in place.
* PRTime time
- * Indicates the time for which the certificate status is to be
+ * Indicates the time for which the certificate status is to be
* determined -- this may be used in the search for the cert's issuer
* but has no effect on the request itself.
* PRBool addServiceLocator
@@ -2137,8 +2132,8 @@
*/
CERTOCSPRequest *
CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert)
+ PRBool addServiceLocator,
+ CERTCertificate *signerCert)
{
CERTOCSPRequest *request = NULL;
@@ -2147,7 +2142,7 @@
return NULL;
}
/*
- * XXX When we are prepared to put signing of requests back in,
+ * XXX When we are prepared to put signing of requests back in,
* we will need to allocate a signature
* structure for the request, fill in the "derCerts" field in it,
* save the signerCert there, as well as fill in the "requestorName"
@@ -2163,8 +2158,8 @@
/*
* Now create the list of single requests, one for each cert.
*/
- request->tbsRequest->requestList =
- ocsp_CreateSingleRequestList(request->arena,
+ request->tbsRequest->requestList =
+ ocsp_CreateSingleRequestList(request->arena,
certList,
time,
addServiceLocator);
@@ -2192,16 +2187,17 @@
* All errors are internal or low-level problems (e.g. no memory).
*/
-void SetRequestExts(void *object, CERTCertExtension **exts)
+void
+SetRequestExts(void *object, CERTCertExtension **exts)
{
- CERTOCSPRequest *request = (CERTOCSPRequest *)object;
+ CERTOCSPRequest *request = (CERTOCSPRequest *)object;
- request->tbsRequest->requestExtensions = exts;
+ request->tbsRequest->requestExtensions = exts;
}
SECStatus
CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request,
- SECOidTag responseType0, ...)
+ SECOidTag responseType0, ...)
{
void *extHandle;
va_list ap;
@@ -2213,60 +2209,59 @@
extHandle = request->tbsRequest->extensionHandle;
if (extHandle == NULL) {
- extHandle = cert_StartExtensions(request, request->arena, SetRequestExts);
- if (extHandle == NULL)
- goto loser;
+ extHandle = cert_StartExtensions(request, request->arena, SetRequestExts);
+ if (extHandle == NULL)
+ goto loser;
}
/* Count number of OIDS going into the extension value. */
count = 1;
if (responseType0 != SEC_OID_PKIX_OCSP_BASIC_RESPONSE) {
- va_start(ap, responseType0);
- do {
- count++;
- responseType = va_arg(ap, SECOidTag);
- } while (responseType != SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
- va_end(ap);
+ va_start(ap, responseType0);
+ do {
+ count++;
+ responseType = va_arg(ap, SECOidTag);
+ } while (responseType != SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
+ va_end(ap);
}
acceptableResponses = PORT_NewArray(SECItem *, count + 1);
if (acceptableResponses == NULL)
- goto loser;
+ goto loser;
i = 0;
responseOid = SECOID_FindOIDByTag(responseType0);
acceptableResponses[i++] = &(responseOid->oid);
if (count > 1) {
- va_start(ap, responseType0);
- for ( ; i < count; i++) {
- responseType = va_arg(ap, SECOidTag);
- responseOid = SECOID_FindOIDByTag(responseType);
- acceptableResponses[i] = &(responseOid->oid);
- }
- va_end(ap);
+ va_start(ap, responseType0);
+ for (; i < count; i++) {
+ responseType = va_arg(ap, SECOidTag);
+ responseOid = SECOID_FindOIDByTag(responseType);
+ acceptableResponses[i] = &(responseOid->oid);
+ }
+ va_end(ap);
}
acceptableResponses[i] = NULL;
rv = CERT_EncodeAndAddExtension(extHandle, SEC_OID_PKIX_OCSP_RESPONSE,
- &acceptableResponses, PR_FALSE,
- SEC_ASN1_GET(SEC_SequenceOfObjectIDTemplate));
+ &acceptableResponses, PR_FALSE,
+ SEC_ASN1_GET(SEC_SequenceOfObjectIDTemplate));
if (rv != SECSuccess)
- goto loser;
+ goto loser;
PORT_Free(acceptableResponses);
if (request->tbsRequest->extensionHandle == NULL)
- request->tbsRequest->extensionHandle = extHandle;
+ request->tbsRequest->extensionHandle = extHandle;
return SECSuccess;
loser:
if (acceptableResponses != NULL)
- PORT_Free(acceptableResponses);
+ PORT_Free(acceptableResponses);
if (extHandle != NULL)
- (void) CERT_FinishExtensions(extHandle);
+ (void)CERT_FinishExtensions(extHandle);
return rv;
}
-
/*
* FUNCTION: CERT_DestroyOCSPRequest
* Frees an OCSP Request structure.
@@ -2280,20 +2275,20 @@
CERT_DestroyOCSPRequest(CERTOCSPRequest *request)
{
if (request == NULL)
- return;
+ return;
if (request->tbsRequest != NULL) {
- if (request->tbsRequest->requestorName != NULL)
- CERT_DestroyGeneralNameList(request->tbsRequest->requestorName);
- if (request->tbsRequest->extensionHandle != NULL)
- (void) CERT_FinishExtensions(request->tbsRequest->extensionHandle);
+ if (request->tbsRequest->requestorName != NULL)
+ CERT_DestroyGeneralNameList(request->tbsRequest->requestorName);
+ if (request->tbsRequest->extensionHandle != NULL)
+ (void)CERT_FinishExtensions(request->tbsRequest->extensionHandle);
}
if (request->optionalSignature != NULL) {
- if (request->optionalSignature->cert != NULL)
- CERT_DestroyCertificate(request->optionalSignature->cert);
+ if (request->optionalSignature->cert != NULL)
+ CERT_DestroyCertificate(request->optionalSignature->cert);
- /*
+ /*
* XXX Need to free derCerts? Or do they come out of arena?
* (Currently we never fill in derCerts, which is why the
* answer is not obvious. Once we do, add any necessary code
@@ -2308,10 +2303,9 @@
*/
PORT_Assert(request->arena != NULL);
if (request->arena != NULL)
- PORT_FreeArena(request->arena, PR_FALSE);
+ PORT_FreeArena(request->arena, PR_FALSE);
}
-
/*
* RESPONSE SUPPORT FUNCTIONS (encode/create/decode/destroy):
*/
@@ -2326,17 +2320,17 @@
const SEC_ASN1Template *responderIDTemplate;
switch (responderIDType) {
- case ocspResponderID_byName:
- responderIDTemplate = ocsp_ResponderIDByNameTemplate;
- break;
- case ocspResponderID_byKey:
- responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
- break;
- case ocspResponderID_other:
- default:
- PORT_Assert(responderIDType == ocspResponderID_other);
- responderIDTemplate = ocsp_ResponderIDOtherTemplate;
- break;
+ case ocspResponderID_byName:
+ responderIDTemplate = ocsp_ResponderIDByNameTemplate;
+ break;
+ case ocspResponderID_byKey:
+ responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
+ break;
+ case ocspResponderID_other:
+ default:
+ PORT_Assert(responderIDType == ocspResponderID_other);
+ responderIDTemplate = ocsp_ResponderIDOtherTemplate;
+ break;
}
return responderIDTemplate;
@@ -2352,20 +2346,20 @@
const SEC_ASN1Template *certStatusTemplate;
switch (certStatusType) {
- case ocspCertStatus_good:
- certStatusTemplate = ocsp_CertStatusGoodTemplate;
- break;
- case ocspCertStatus_revoked:
- certStatusTemplate = ocsp_CertStatusRevokedTemplate;
- break;
- case ocspCertStatus_unknown:
- certStatusTemplate = ocsp_CertStatusUnknownTemplate;
- break;
- case ocspCertStatus_other:
- default:
- PORT_Assert(certStatusType == ocspCertStatus_other);
- certStatusTemplate = ocsp_CertStatusOtherTemplate;
- break;
+ case ocspCertStatus_good:
+ certStatusTemplate = ocsp_CertStatusGoodTemplate;
+ break;
+ case ocspCertStatus_revoked:
+ certStatusTemplate = ocsp_CertStatusRevokedTemplate;
+ break;
+ case ocspCertStatus_unknown:
+ certStatusTemplate = ocsp_CertStatusUnknownTemplate;
+ break;
+ case ocspCertStatus_other:
+ default:
+ PORT_Assert(certStatusType == ocspCertStatus_other);
+ certStatusTemplate = ocsp_CertStatusOtherTemplate;
+ break;
}
return certStatusTemplate;
@@ -2381,18 +2375,18 @@
ocspCertStatusType certStatusType;
switch (derTag) {
- case 0:
- certStatusType = ocspCertStatus_good;
- break;
- case 1:
- certStatusType = ocspCertStatus_revoked;
- break;
- case 2:
- certStatusType = ocspCertStatus_unknown;
- break;
- default:
- certStatusType = ocspCertStatus_other;
- break;
+ case 0:
+ certStatusType = ocspCertStatus_good;
+ break;
+ case 1:
+ certStatusType = ocspCertStatus_revoked;
+ break;
+ case 2:
+ certStatusType = ocspCertStatus_unknown;
+ break;
+ default:
+ certStatusType = ocspCertStatus_other;
+ break;
}
return certStatusType;
@@ -2407,7 +2401,7 @@
*/
static SECStatus
ocsp_FinishDecodingSingleResponses(PLArenaPool *reqArena,
- CERTOCSPSingleResponse **responses)
+ CERTOCSPSingleResponse **responses)
{
ocspCertStatus *certStatus;
ocspCertStatusType certStatusType;
@@ -2421,39 +2415,39 @@
return SECFailure;
}
- if (responses == NULL) /* nothing to do */
- return SECSuccess;
+ if (responses == NULL) /* nothing to do */
+ return SECSuccess;
for (i = 0; responses[i] != NULL; i++) {
- SECItem* newStatus;
- /*
+ SECItem *newStatus;
+ /*
* The following assert points out internal errors (problems in
* the template definitions or in the ASN.1 decoder itself, etc.).
*/
- PORT_Assert(responses[i]->derCertStatus.data != NULL);
+ PORT_Assert(responses[i]->derCertStatus.data != NULL);
- derTag = responses[i]->derCertStatus.data[0] & SEC_ASN1_TAGNUM_MASK;
- certStatusType = ocsp_CertStatusTypeByTag(derTag);
- certStatusTemplate = ocsp_CertStatusTemplateByType(certStatusType);
+ derTag = responses[i]->derCertStatus.data[0] & SEC_ASN1_TAGNUM_MASK;
+ certStatusType = ocsp_CertStatusTypeByTag(derTag);
+ certStatusTemplate = ocsp_CertStatusTemplateByType(certStatusType);
- certStatus = PORT_ArenaZAlloc(reqArena, sizeof(ocspCertStatus));
- if (certStatus == NULL) {
- goto loser;
- }
+ certStatus = PORT_ArenaZAlloc(reqArena, sizeof(ocspCertStatus));
+ if (certStatus == NULL) {
+ goto loser;
+ }
newStatus = SECITEM_ArenaDupItem(reqArena, &responses[i]->derCertStatus);
if (!newStatus) {
goto loser;
}
- rv = SEC_QuickDERDecodeItem(reqArena, certStatus, certStatusTemplate,
- newStatus);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto loser;
- }
+ rv = SEC_QuickDERDecodeItem(reqArena, certStatus, certStatusTemplate,
+ newStatus);
+ if (rv != SECSuccess) {
+ if (PORT_GetError() == SEC_ERROR_BAD_DER)
+ PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+ goto loser;
+ }
- certStatus->certStatusType = certStatusType;
- responses[i]->certStatus = certStatus;
+ certStatus->certStatusType = certStatusType;
+ responses[i]->certStatus = certStatus;
}
return SECSuccess;
@@ -2472,15 +2466,15 @@
CERTOCSPResponderIDType responderIDType;
switch (derTag) {
- case 1:
- responderIDType = ocspResponderID_byName;
- break;
- case 2:
- responderIDType = ocspResponderID_byKey;
- break;
- default:
- responderIDType = ocspResponderID_other;
- break;
+ case 1:
+ responderIDType = ocspResponderID_byName;
+ break;
+ case 2:
+ responderIDType = ocspResponderID_byKey;
+ break;
+ default:
+ responderIDType = ocspResponderID_other;
+ break;
}
return responderIDType;
@@ -2506,22 +2500,22 @@
basicResponse = PORT_ArenaZAlloc(arena, sizeof(ocspBasicOCSPResponse));
if (basicResponse == NULL) {
- goto loser;
+ goto loser;
}
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newsrc, src);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
rv = SEC_QuickDERDecodeItem(arena, basicResponse,
- ocsp_BasicOCSPResponseTemplate, &newsrc);
+ ocsp_BasicOCSPResponseTemplate, &newsrc);
if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto loser;
+ if (PORT_GetError() == SEC_ERROR_BAD_DER)
+ PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+ goto loser;
}
responseData = basicResponse->tbsResponseData;
@@ -2543,15 +2537,15 @@
responderID = PORT_ArenaZAlloc(arena, sizeof(ocspResponderID));
if (responderID == NULL) {
- goto loser;
+ goto loser;
}
rv = SEC_QuickDERDecodeItem(arena, responderID, responderIDTemplate,
- &responseData->derResponderID);
+ &responseData->derResponderID);
if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto loser;
+ if (PORT_GetError() == SEC_ERROR_BAD_DER)
+ PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+ goto loser;
}
responderID->responderIDType = responderIDType;
@@ -2563,7 +2557,7 @@
*/
rv = ocsp_FinishDecodingSingleResponses(arena, responseData->responses);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
PORT_ArenaUnmark(arena, mark);
@@ -2574,7 +2568,6 @@
return NULL;
}
-
/*
* Decode the responseBytes based on the responseType found in "rbytes",
* leaving the resulting translated/decoded information in there as well.
@@ -2583,38 +2576,35 @@
ocsp_DecodeResponseBytes(PLArenaPool *arena, ocspResponseBytes *rbytes)
{
if (rbytes == NULL) {
- PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
+ return SECFailure;
}
rbytes->responseTypeTag = SECOID_FindOIDTag(&rbytes->responseType);
switch (rbytes->responseTypeTag) {
- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
- {
- ocspBasicOCSPResponse *basicResponse;
+ case SEC_OID_PKIX_OCSP_BASIC_RESPONSE: {
+ ocspBasicOCSPResponse *basicResponse;
- basicResponse = ocsp_DecodeBasicOCSPResponse(arena,
- &rbytes->response);
- if (basicResponse == NULL)
- return SECFailure;
+ basicResponse = ocsp_DecodeBasicOCSPResponse(arena,
+ &rbytes->response);
+ if (basicResponse == NULL)
+ return SECFailure;
- rbytes->decodedResponse.basic = basicResponse;
- }
- break;
+ rbytes->decodedResponse.basic = basicResponse;
+ } break;
- /*
+ /*
* Add new/future response types here.
*/
- default:
- PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
- return SECFailure;
+ default:
+ PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
+ return SECFailure;
}
return SECSuccess;
}
-
/*
* FUNCTION: CERT_DecodeOCSPResponse
* Decode a DER encoded OCSP Response.
@@ -2639,37 +2629,37 @@
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- goto loser;
+ goto loser;
}
- response = (CERTOCSPResponse *) PORT_ArenaZAlloc(arena,
- sizeof(CERTOCSPResponse));
+ response = (CERTOCSPResponse *)PORT_ArenaZAlloc(arena,
+ sizeof(CERTOCSPResponse));
if (response == NULL) {
- goto loser;
+ goto loser;
}
response->arena = arena;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newSrc, src);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
rv = SEC_QuickDERDecodeItem(arena, response, ocsp_OCSPResponseTemplate, &newSrc);
if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto loser;
+ if (PORT_GetError() == SEC_ERROR_BAD_DER)
+ PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+ goto loser;
}
- sv = (ocspResponseStatus) DER_GetInteger(&response->responseStatus);
+ sv = (ocspResponseStatus)DER_GetInteger(&response->responseStatus);
response->statusValue = sv;
if (sv != ocspResponse_successful) {
- /*
+ /*
* If the response status is anything but successful, then we
* are all done with decoding; the status is all there is.
*/
- return response;
+ return response;
}
/*
@@ -2678,14 +2668,14 @@
*/
rv = ocsp_DecodeResponseBytes(arena, response->responseBytes);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
return response;
loser:
if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return NULL;
}
@@ -2711,7 +2701,7 @@
*
* FUNCTION: ocsp_GetResponseData
* Returns ocspResponseData structure and a pointer to tbs response
- * data DER from a valid ocsp response.
+ * data DER from a valid ocsp response.
* INPUTS:
* CERTOCSPResponse *response
* structure of a valid ocsp response
@@ -2729,8 +2719,8 @@
PORT_Assert(response->responseBytes != NULL);
- PORT_Assert(response->responseBytes->responseTypeTag
- == SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
+ PORT_Assert(response->responseBytes->responseTypeTag ==
+ SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
basic = response->responseBytes->decodedResponse.basic;
PORT_Assert(basic != NULL);
@@ -2761,8 +2751,8 @@
if (NULL == response->responseBytes) {
return NULL;
}
- if (response->responseBytes->responseTypeTag
- != SEC_OID_PKIX_OCSP_BASIC_RESPONSE) {
+ if (response->responseBytes->responseTypeTag !=
+ SEC_OID_PKIX_OCSP_BASIC_RESPONSE) {
return NULL;
}
basic = response->responseBytes->decodedResponse.basic;
@@ -2771,7 +2761,6 @@
return &(basic->responseSignature);
}
-
/*
* FUNCTION: CERT_DestroyOCSPResponse
* Frees an OCSP Response structure.
@@ -2785,28 +2774,26 @@
CERT_DestroyOCSPResponse(CERTOCSPResponse *response)
{
if (response != NULL) {
- ocspSignature *signature = ocsp_GetResponseSignature(response);
- if (signature && signature->cert != NULL)
- CERT_DestroyCertificate(signature->cert);
+ ocspSignature *signature = ocsp_GetResponseSignature(response);
+ if (signature && signature->cert != NULL)
+ CERT_DestroyCertificate(signature->cert);
- /*
+ /*
* We should actually never have a response without an arena,
* but check just in case. (If there isn't one, there is not
* much we can do about it...)
*/
- PORT_Assert(response->arena != NULL);
- if (response->arena != NULL) {
- PORT_FreeArena(response->arena, PR_FALSE);
- }
+ PORT_Assert(response->arena != NULL);
+ if (response->arena != NULL) {
+ PORT_FreeArena(response->arena, PR_FALSE);
+ }
}
}
-
/*
* OVERALL OCSP CLIENT SUPPORT (make and send a request, verify a response):
*/
-
/*
* Pick apart a URL, saving the important things in the passed-in pointers.
*
@@ -2822,7 +2809,7 @@
static SECStatus
ocsp_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath)
{
- unsigned short port = 80; /* default, in case not in url */
+ unsigned short port = 80; /* default, in case not in url */
char *hostname = NULL;
char *path = NULL;
const char *save;
@@ -2830,25 +2817,25 @@
int len;
if (url == NULL)
- goto loser;
+ goto loser;
/*
* Skip beginning whitespace.
*/
c = *url;
while ((c == ' ' || c == '\t') && c != '\0') {
- url++;
- c = *url;
+ url++;
+ c = *url;
}
if (c == '\0')
- goto loser;
+ goto loser;
/*
* Confirm, then skip, protocol. (Since we only know how to do http,
* that is all we will accept).
*/
if (PORT_Strncasecmp(url, "http://", 7) != 0)
- goto loser;
+ goto loser;
url += 7;
/*
@@ -2866,13 +2853,13 @@
save = url;
c = *url;
while (c != '/' && c != ':' && c != '\0' && c != ' ' && c != '\t') {
- url++;
- c = *url;
+ url++;
+ c = *url;
}
len = url - save;
hostname = PORT_Alloc(len + 1);
if (hostname == NULL)
- goto loser;
+ goto loser;
PORT_Memcpy(hostname, save, len);
hostname[len] = '\0';
@@ -2881,15 +2868,15 @@
* If so, we need to parse it (as a number) and skip it.
*/
if (c == ':') {
- url++;
- port = (unsigned short) PORT_Atoi(url);
- c = *url;
- while (c != '/' && c != '\0' && c != ' ' && c != '\t') {
- if (c < '0' || c > '9')
- goto loser;
- url++;
- c = *url;
- }
+ url++;
+ port = (unsigned short)PORT_Atoi(url);
+ c = *url;
+ while (c != '/' && c != '\0' && c != ' ' && c != '\t') {
+ if (c < '0' || c > '9')
+ goto loser;
+ url++;
+ c = *url;
+ }
}
/*
@@ -2897,21 +2884,21 @@
* if nothing else -- but if there is not we provide one.
*/
if (c == '/') {
- save = url;
- while (c != '\0' && c != ' ' && c != '\t') {
- url++;
- c = *url;
- }
- len = url - save;
- path = PORT_Alloc(len + 1);
- if (path == NULL)
- goto loser;
- PORT_Memcpy(path, save, len);
- path[len] = '\0';
+ save = url;
+ while (c != '\0' && c != ' ' && c != '\t') {
+ url++;
+ c = *url;
+ }
+ len = url - save;
+ path = PORT_Alloc(len + 1);
+ if (path == NULL)
+ goto loser;
+ PORT_Memcpy(path, save, len);
+ path[len] = '\0';
} else {
- path = PORT_Strdup("/");
- if (path == NULL)
- goto loser;
+ path = PORT_Strdup("/");
+ if (path == NULL)
+ goto loser;
}
*pHostname = hostname;
@@ -2921,7 +2908,7 @@
loser:
if (hostname != NULL)
- PORT_Free(hostname);
+ PORT_Free(hostname);
PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
return SECFailure;
}
@@ -2940,7 +2927,7 @@
sock = PR_NewTCPSocket();
if (sock == NULL)
- goto loser;
+ goto loser;
/* XXX Some day need a way to set (and get?) the following value */
timeout = PR_SecondsToInterval(30);
@@ -2954,42 +2941,42 @@
* valid numerical IP address from a hostname.
*/
if (PR_StringToNetAddr(host, &addr) != PR_SUCCESS) {
- PRIntn hostIndex;
- PRHostEnt hostEntry;
+ PRIntn hostIndex;
+ PRHostEnt hostEntry;
- netdbbuf = PORT_Alloc(PR_NETDB_BUF_SIZE);
- if (netdbbuf == NULL)
- goto loser;
+ netdbbuf = PORT_Alloc(PR_NETDB_BUF_SIZE);
+ if (netdbbuf == NULL)
+ goto loser;
- if (PR_GetHostByName(host, netdbbuf, PR_NETDB_BUF_SIZE,
- &hostEntry) != PR_SUCCESS)
- goto loser;
+ if (PR_GetHostByName(host, netdbbuf, PR_NETDB_BUF_SIZE,
+ &hostEntry) != PR_SUCCESS)
+ goto loser;
- hostIndex = 0;
- do {
- hostIndex = PR_EnumerateHostEnt(hostIndex, &hostEntry, port, &addr);
- if (hostIndex <= 0)
- goto loser;
- } while (PR_Connect(sock, &addr, timeout) != PR_SUCCESS);
+ hostIndex = 0;
+ do {
+ hostIndex = PR_EnumerateHostEnt(hostIndex, &hostEntry, port, &addr);
+ if (hostIndex <= 0)
+ goto loser;
+ } while (PR_Connect(sock, &addr, timeout) != PR_SUCCESS);
- PORT_Free(netdbbuf);
+ PORT_Free(netdbbuf);
} else {
- /*
+ /*
* First put the port into the address, then connect.
*/
- if (PR_InitializeNetAddr(PR_IpAddrNull, port, &addr) != PR_SUCCESS)
- goto loser;
- if (PR_Connect(sock, &addr, timeout) != PR_SUCCESS)
- goto loser;
+ if (PR_InitializeNetAddr(PR_IpAddrNull, port, &addr) != PR_SUCCESS)
+ goto loser;
+ if (PR_Connect(sock, &addr, timeout) != PR_SUCCESS)
+ goto loser;
}
return sock;
loser:
if (sock != NULL)
- PR_Close(sock);
+ PR_Close(sock);
if (netdbbuf != NULL)
- PORT_Free(netdbbuf);
+ PORT_Free(netdbbuf);
return NULL;
}
@@ -3024,14 +3011,14 @@
*/
rv = ocsp_ParseURL(location, &hostname, &port, &path);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
PORT_Assert(hostname != NULL);
PORT_Assert(path != NULL);
sock = ocsp_ConnectToHost(hostname, port);
if (sock == NULL)
- goto loser;
+ goto loser;
portstr[0] = '\0';
if (port != 80) {
@@ -3039,38 +3026,37 @@
}
if (!encodedRequest) {
- header = PR_smprintf("GET %s HTTP/1.0\r\n"
- "Host: %s%s\r\n\r\n",
- path, hostname, portstr);
- if (header == NULL)
- goto loser;
+ header = PR_smprintf("GET %s HTTP/1.0\r\n"
+ "Host: %s%s\r\n\r\n",
+ path, hostname, portstr);
+ if (header == NULL)
+ goto loser;
- /*
- * The NSPR documentation promises that if it can, it will write the full
- * amount; this will not return a partial value expecting us to loop.
- */
- if (PR_Write(sock, header, (PRInt32) PORT_Strlen(header)) < 0)
- goto loser;
- }
- else {
- header = PR_smprintf("POST %s HTTP/1.0\r\n"
- "Host: %s%s\r\n"
- "Content-Type: application/ocsp-request\r\n"
- "Content-Length: %u\r\n\r\n",
- path, hostname, portstr, encodedRequest->len);
- if (header == NULL)
- goto loser;
+ /*
+ * The NSPR documentation promises that if it can, it will write the full
+ * amount; this will not return a partial value expecting us to loop.
+ */
+ if (PR_Write(sock, header, (PRInt32)PORT_Strlen(header)) < 0)
+ goto loser;
+ } else {
+ header = PR_smprintf("POST %s HTTP/1.0\r\n"
+ "Host: %s%s\r\n"
+ "Content-Type: application/ocsp-request\r\n"
+ "Content-Length: %u\r\n\r\n",
+ path, hostname, portstr, encodedRequest->len);
+ if (header == NULL)
+ goto loser;
- /*
- * The NSPR documentation promises that if it can, it will write the full
- * amount; this will not return a partial value expecting us to loop.
- */
- if (PR_Write(sock, header, (PRInt32) PORT_Strlen(header)) < 0)
- goto loser;
+ /*
+ * The NSPR documentation promises that if it can, it will write the full
+ * amount; this will not return a partial value expecting us to loop.
+ */
+ if (PR_Write(sock, header, (PRInt32)PORT_Strlen(header)) < 0)
+ goto loser;
- if (PR_Write(sock, encodedRequest->data,
- (PRInt32) encodedRequest->len) < 0)
- goto loser;
+ if (PR_Write(sock, encodedRequest->data,
+ (PRInt32)encodedRequest->len) < 0)
+ goto loser;
}
returnSock = sock;
@@ -3078,13 +3064,13 @@
loser:
if (header != NULL)
- PORT_Free(header);
+ PORT_Free(header);
if (sock != NULL)
- PR_Close(sock);
+ PR_Close(sock);
if (path != NULL)
- PORT_Free(path);
+ PORT_Free(path);
if (hostname != NULL)
- PORT_Free(hostname);
+ PORT_Free(hostname);
return returnSock;
}
@@ -3099,22 +3085,16 @@
{
int total = 0;
- while (total < toread)
- {
+ while (total < toread) {
PRInt32 got;
- got = PR_Recv(fd, buf + total, (PRInt32) (toread - total), 0, timeout);
- if (got < 0)
- {
- if (0 == total)
- {
+ got = PR_Recv(fd, buf + total, (PRInt32)(toread - total), 0, timeout);
+ if (got < 0) {
+ if (0 == total) {
total = -1; /* report the error if we didn't read anything yet */
}
break;
- }
- else
- if (got == 0)
- { /* EOS */
+ } else if (got == 0) { /* EOS */
break;
}
@@ -3126,14 +3106,13 @@
#define OCSP_BUFSIZE 1024
-#define AbortHttpDecode(error) \
-{ \
- if (inBuffer) \
+#define AbortHttpDecode(error) \
+ { \
+ if (inBuffer) \
PORT_Free(inBuffer); \
- PORT_SetError(error); \
- return NULL; \
-}
-
+ PORT_SetError(error); \
+ return NULL; \
+ }
/*
* Reads on the given socket and returns an encoded response when received.
@@ -3148,92 +3127,81 @@
{
/* first read HTTP status line and headers */
- char* inBuffer = NULL;
+ char *inBuffer = NULL;
PRInt32 offset = 0;
PRInt32 inBufsize = 0;
- const PRInt32 bufSizeIncrement = OCSP_BUFSIZE; /* 1 KB at a time */
- const PRInt32 maxBufSize = 8 * bufSizeIncrement ; /* 8 KB max */
- const char* CRLF = "\r\n";
+ const PRInt32 bufSizeIncrement = OCSP_BUFSIZE; /* 1 KB at a time */
+ const PRInt32 maxBufSize = 8 * bufSizeIncrement; /* 8 KB max */
+ const char *CRLF = "\r\n";
const PRInt32 CRLFlen = strlen(CRLF);
- const char* headerEndMark = "\r\n\r\n";
+ const char *headerEndMark = "\r\n\r\n";
const PRInt32 markLen = strlen(headerEndMark);
const PRIntervalTime ocsptimeout =
PR_SecondsToInterval(30); /* hardcoded to 30s for now */
- char* headerEnd = NULL;
+ char *headerEnd = NULL;
PRBool EOS = PR_FALSE;
- const char* httpprotocol = "HTTP/";
+ const char *httpprotocol = "HTTP/";
const PRInt32 httplen = strlen(httpprotocol);
- const char* httpcode = NULL;
- const char* contenttype = NULL;
+ const char *httpcode = NULL;
+ const char *contenttype = NULL;
PRInt32 contentlength = 0;
PRInt32 bytesRead = 0;
- char* statusLineEnd = NULL;
- char* space = NULL;
- char* nextHeader = NULL;
- SECItem* result = NULL;
+ char *statusLineEnd = NULL;
+ char *space = NULL;
+ char *nextHeader = NULL;
+ SECItem *result = NULL;
/* read up to at least the end of the HTTP headers */
- do
- {
+ do {
inBufsize += bufSizeIncrement;
- inBuffer = PORT_Realloc(inBuffer, inBufsize+1);
- if (NULL == inBuffer)
- {
+ inBuffer = PORT_Realloc(inBuffer, inBufsize + 1);
+ if (NULL == inBuffer) {
AbortHttpDecode(SEC_ERROR_NO_MEMORY);
}
bytesRead = ocsp_read(sock, inBuffer + offset, bufSizeIncrement,
- ocsptimeout);
- if (bytesRead > 0)
- {
- PRInt32 searchOffset = (offset - markLen) >0 ? offset-markLen : 0;
+ ocsptimeout);
+ if (bytesRead > 0) {
+ PRInt32 searchOffset = (offset - markLen) > 0 ? offset - markLen : 0;
offset += bytesRead;
*(inBuffer + offset) = '\0'; /* NULL termination */
- headerEnd = strstr((const char*)inBuffer + searchOffset, headerEndMark);
- if (bytesRead < bufSizeIncrement)
- {
+ headerEnd = strstr((const char *)inBuffer + searchOffset, headerEndMark);
+ if (bytesRead < bufSizeIncrement) {
/* we read less data than requested, therefore we are at
EOS or there was a read error */
EOS = PR_TRUE;
}
- }
- else
- {
+ } else {
/* recv error or EOS */
EOS = PR_TRUE;
}
- } while ( (!headerEnd) && (PR_FALSE == EOS) &&
- (inBufsize < maxBufSize) );
+ } while ((!headerEnd) && (PR_FALSE == EOS) &&
+ (inBufsize < maxBufSize));
- if (!headerEnd)
- {
+ if (!headerEnd) {
AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
}
/* parse the HTTP status line */
- statusLineEnd = strstr((const char*)inBuffer, CRLF);
- if (!statusLineEnd)
- {
+ statusLineEnd = strstr((const char *)inBuffer, CRLF);
+ if (!statusLineEnd) {
AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
}
*statusLineEnd = '\0';
/* check for HTTP/ response */
- space = strchr((const char*)inBuffer, ' ');
- if (!space || PORT_Strncasecmp((const char*)inBuffer, httpprotocol, httplen) != 0 )
- {
+ space = strchr((const char *)inBuffer, ' ');
+ if (!space || PORT_Strncasecmp((const char *)inBuffer, httpprotocol, httplen) != 0) {
AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
}
/* check the HTTP status code of 200 */
- httpcode = space +1;
+ httpcode = space + 1;
space = strchr(httpcode, ' ');
- if (!space)
- {
+ if (!space) {
AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
}
*space = 0;
- if (0 != strcmp(httpcode, "200"))
- {
+ if (0 != strcmp(httpcode, "200")) {
AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
}
@@ -3243,14 +3211,12 @@
nextHeader = statusLineEnd + CRLFlen;
*headerEnd = '\0'; /* terminate */
- do
- {
- char* thisHeaderEnd = NULL;
- char* value = NULL;
- char* colon = strchr(nextHeader, ':');
-
- if (!colon)
- {
+ do {
+ char *thisHeaderEnd = NULL;
+ char *value = NULL;
+ char *colon = strchr(nextHeader, ':');
+
+ if (!colon) {
AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
}
@@ -3263,90 +3229,71 @@
and should not be an issue, but it could become one in the
future */
- if (*value != ' ')
- {
+ if (*value != ' ') {
AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
}
value++;
- thisHeaderEnd = strstr(value, CRLF);
- if (thisHeaderEnd )
- {
- *thisHeaderEnd = '\0';
+ thisHeaderEnd = strstr(value, CRLF);
+ if (thisHeaderEnd) {
+ *thisHeaderEnd = '\0';
}
- if (0 == PORT_Strcasecmp(nextHeader, "content-type"))
- {
+ if (0 == PORT_Strcasecmp(nextHeader, "content-type")) {
contenttype = value;
- }
- else
- if (0 == PORT_Strcasecmp(nextHeader, "content-length"))
- {
+ } else if (0 == PORT_Strcasecmp(nextHeader, "content-length")) {
contentlength = atoi(value);
}
- if (thisHeaderEnd )
- {
+ if (thisHeaderEnd) {
nextHeader = thisHeaderEnd + CRLFlen;
- }
- else
- {
+ } else {
nextHeader = NULL;
}
- } while (nextHeader && (nextHeader < (headerEnd + CRLFlen) ) );
+ } while (nextHeader && (nextHeader < (headerEnd + CRLFlen)));
/* check content-type */
if (!contenttype ||
- (0 != PORT_Strcasecmp(contenttype, "application/ocsp-response")) )
- {
+ (0 != PORT_Strcasecmp(contenttype, "application/ocsp-response"))) {
AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
}
/* read the body of the OCSP response */
- offset = offset - (PRInt32) (headerEnd - (const char*)inBuffer) - markLen;
- if (offset)
- {
+ offset = offset - (PRInt32)(headerEnd - (const char *)inBuffer) - markLen;
+ if (offset) {
/* move all data to the beginning of the buffer */
PORT_Memmove(inBuffer, headerEnd + markLen, offset);
}
/* resize buffer to only what's needed to hold the current response */
- inBufsize = (1 + (offset-1) / bufSizeIncrement ) * bufSizeIncrement ;
+ inBufsize = (1 + (offset - 1) / bufSizeIncrement) * bufSizeIncrement;
- while ( (PR_FALSE == EOS) &&
- ( (contentlength == 0) || (offset < contentlength) ) &&
- (inBufsize < maxBufSize)
- )
- {
+ while ((PR_FALSE == EOS) &&
+ ((contentlength == 0) || (offset < contentlength)) &&
+ (inBufsize < maxBufSize)) {
/* we still need to receive more body data */
inBufsize += bufSizeIncrement;
- inBuffer = PORT_Realloc(inBuffer, inBufsize+1);
- if (NULL == inBuffer)
- {
+ inBuffer = PORT_Realloc(inBuffer, inBufsize + 1);
+ if (NULL == inBuffer) {
AbortHttpDecode(SEC_ERROR_NO_MEMORY);
}
bytesRead = ocsp_read(sock, inBuffer + offset, bufSizeIncrement,
ocsptimeout);
- if (bytesRead > 0)
- {
+ if (bytesRead > 0) {
offset += bytesRead;
- if (bytesRead < bufSizeIncrement)
- {
+ if (bytesRead < bufSizeIncrement) {
/* we read less data than requested, therefore we are at
EOS or there was a read error */
EOS = PR_TRUE;
}
- }
- else
- {
+ } else {
/* recv error or EOS */
EOS = PR_TRUE;
}
}
- if (0 == offset)
- {
+ if (0 == offset) {
AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
}
@@ -3354,14 +3301,13 @@
* Now allocate the item to hold the data.
*/
result = SECITEM_AllocItem(arena, NULL, offset);
- if (NULL == result)
- {
+ if (NULL == result) {
AbortHttpDecode(SEC_ERROR_NO_MEMORY);
}
/*
* And copy the data left in the buffer.
- */
+ */
PORT_Memcpy(result->data, inBuffer, offset);
/* and free the temporary buffer */
@@ -3378,7 +3324,7 @@
/*
* Limit the size of http responses we are willing to accept.
*/
-#define MAX_WANTED_OCSP_RESPONSE_LEN 64*1024
+#define MAX_WANTED_OCSP_RESPONSE_LEN 64 * 1024
/* if (encodedRequest == NULL)
* then location MUST already include the full request,
@@ -3388,9 +3334,9 @@
* then the request will be sent with POST
*/
static SECItem *
-fetchOcspHttpClientV1(PLArenaPool *arena,
- const SEC_HttpClientFcnV1 *hcv1,
- const char *location,
+fetchOcspHttpClientV1(PLArenaPool *arena,
+ const SEC_HttpClientFcnV1 *hcv1,
+ const char *location,
const SECItem *encodedRequest)
{
char *hostname = NULL;
@@ -3407,13 +3353,13 @@
PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
goto loser;
}
-
+
PORT_Assert(hostname != NULL);
PORT_Assert(path != NULL);
if ((*hcv1->createSessionFcn)(
- hostname,
- port,
+ hostname,
+ port,
&pServerSession) != SECSuccess) {
PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
goto loser;
@@ -3439,8 +3385,8 @@
if (encodedRequest &&
(*hcv1->setPostDataFcn)(
- pRequestSession,
- (char*)encodedRequest->data,
+ pRequestSession,
+ (char *)encodedRequest->data,
encodedRequest->len,
"application/ocsp-request") != SECSuccess) {
PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
@@ -3453,7 +3399,7 @@
OCSP_TRACE(("OCSP trySendAndReceive %s\n", location));
if ((*hcv1->trySendAndReceiveFcn)(
- pRequestSession,
+ pRequestSession,
NULL,
&myHttpResponseCode,
NULL,
@@ -3481,15 +3427,15 @@
PORT_Memcpy(encodedResponse->data, myHttpResponseData, myHttpResponseDataLen);
loser:
- if (pRequestSession != NULL)
+ if (pRequestSession != NULL)
(*hcv1->freeFcn)(pRequestSession);
if (pServerSession != NULL)
(*hcv1->freeSessionFcn)(pServerSession);
if (path != NULL)
- PORT_Free(path);
+ PORT_Free(path);
if (hostname != NULL)
- PORT_Free(hostname);
-
+ PORT_Free(hostname);
+
return encodedResponse;
}
@@ -3518,7 +3464,7 @@
* Additionals methods for http or other protocols might be added
* in the future.
* PRTime time
- * Indicates the time for which the certificate status is to be
+ * Indicates the time for which the certificate status is to be
* determined -- this may be used in the search for the cert's issuer
* but has no other bearing on the operation.
* PRBool addServiceLocator
@@ -3546,10 +3492,10 @@
*/
SECItem *
CERT_GetEncodedOCSPResponseByMethod(PLArenaPool *arena, CERTCertList *certList,
- const char *location, const char *method,
- PRTime time, PRBool addServiceLocator,
- CERTCertificate *signerCert, void *pwArg,
- CERTOCSPRequest **pRequest)
+ const char *location, const char *method,
+ PRTime time, PRBool addServiceLocator,
+ CERTCertificate *signerCert, void *pwArg,
+ CERTOCSPRequest **pRequest)
{
CERTOCSPRequest *request;
request = CERT_CreateOCSPRequest(certList, time, addServiceLocator,
@@ -3571,25 +3517,25 @@
*/
SECItem *
CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList,
- const char *location, PRTime time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert, void *pwArg,
- CERTOCSPRequest **pRequest)
+ const char *location, PRTime time,
+ PRBool addServiceLocator,
+ CERTCertificate *signerCert, void *pwArg,
+ CERTOCSPRequest **pRequest)
{
return CERT_GetEncodedOCSPResponseByMethod(arena, certList, location,
- "POST", time, addServiceLocator,
- signerCert, pwArg, pRequest);
+ "POST", time, addServiceLocator,
+ signerCert, pwArg, pRequest);
}
/* URL encode a buffer that consists of base64-characters, only,
* which means we can use a simple encoding logic.
- *
+ *
* No output buffer size checking is performed.
* You should call the function twice, to calculate the required buffer size.
- *
- * If the outpufBuf parameter is NULL, the function will calculate the
+ *
+ * If the outpufBuf parameter is NULL, the function will calculate the
* required size, including the trailing zero termination char.
- *
+ *
* The function returns the number of bytes calculated or produced.
*/
size_t
@@ -3598,44 +3544,44 @@
const char *walkInput = NULL;
char *walkOutput = outputBuf;
size_t count = 0;
-
- for (walkInput=base64Buf; *walkInput; ++walkInput) {
- char c = *walkInput;
- if (isspace(c))
- continue;
- switch (c) {
- case '+':
- if (outputBuf) {
- strcpy(walkOutput, "%2B");
- walkOutput += 3;
- }
- count += 3;
- break;
- case '/':
- if (outputBuf) {
- strcpy(walkOutput, "%2F");
- walkOutput += 3;
- }
- count += 3;
- break;
- case '=':
- if (outputBuf) {
- strcpy(walkOutput, "%3D");
- walkOutput += 3;
- }
- count += 3;
- break;
- default:
- if (outputBuf) {
- *walkOutput = *walkInput;
- ++walkOutput;
- }
- ++count;
- break;
- }
+
+ for (walkInput = base64Buf; *walkInput; ++walkInput) {
+ char c = *walkInput;
+ if (isspace(c))
+ continue;
+ switch (c) {
+ case '+':
+ if (outputBuf) {
+ strcpy(walkOutput, "%2B");
+ walkOutput += 3;
+ }
+ count += 3;
+ break;
+ case '/':
+ if (outputBuf) {
+ strcpy(walkOutput, "%2F");
+ walkOutput += 3;
+ }
+ count += 3;
+ break;
+ case '=':
+ if (outputBuf) {
+ strcpy(walkOutput, "%3D");
+ walkOutput += 3;
+ }
+ count += 3;
+ break;
+ default:
+ if (outputBuf) {
+ *walkOutput = *walkInput;
+ ++walkOutput;
+ }
+ ++count;
+ break;
+ }
}
if (outputBuf) {
- *walkOutput = 0;
+ *walkOutput = 0;
}
++count;
return count;
@@ -3644,15 +3590,15 @@
enum { max_get_request_size = 255 }; /* defined by RFC2560 */
static SECItem *
-cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
+cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
const SECItem *encodedRequest);
static SECItem *
ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
CERTOCSPRequest *request,
const char *location,
- const char *method,
- PRTime time,
+ const char *method,
+ PRTime time,
PRBool addServiceLocator,
void *pwArg,
CERTOCSPRequest **pRequest)
@@ -3665,44 +3611,42 @@
goto loser;
rv = CERT_AddOCSPAcceptableResponses(request,
- SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
+ SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
encodedRequest = CERT_EncodeOCSPRequest(NULL, request, pwArg);
if (encodedRequest == NULL)
- goto loser;
+ goto loser;
if (!strcmp(method, "GET")) {
encodedResponse = cert_GetOCSPResponse(arena, location, encodedRequest);
- }
- else if (!strcmp(method, "POST")) {
+ } else if (!strcmp(method, "POST")) {
encodedResponse = CERT_PostOCSPRequest(arena, location, encodedRequest);
- }
- else {
- goto loser;
+ } else {
+ goto loser;
}
if (encodedResponse != NULL && pRequest != NULL) {
- *pRequest = request;
- request = NULL; /* avoid destroying below */
+ *pRequest = request;
+ request = NULL; /* avoid destroying below */
}
loser:
if (request != NULL)
- CERT_DestroyOCSPRequest(request);
+ CERT_DestroyOCSPRequest(request);
if (encodedRequest != NULL)
- SECITEM_FreeItem(encodedRequest, PR_TRUE);
+ SECITEM_FreeItem(encodedRequest, PR_TRUE);
return encodedResponse;
}
static SECItem *
-cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
+cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
const SECItem *encodedRequest);
/* using HTTP GET method */
static SECItem *
-cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
+cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
const SECItem *encodedRequest)
{
char *walkOutput = NULL;
@@ -3710,49 +3654,49 @@
size_t pathLength;
PRInt32 urlEncodedBufLength;
size_t base64size;
- char b64ReqBuf[max_get_request_size+1];
+ char b64ReqBuf[max_get_request_size + 1];
size_t slashLengthIfNeeded = 0;
size_t getURLLength;
SECItem *item;
if (!location || !*location) {
- return NULL;
+ return NULL;
}
-
+
pathLength = strlen(location);
- if (location[pathLength-1] != '/') {
- slashLengthIfNeeded = 1;
+ if (location[pathLength - 1] != '/') {
+ slashLengthIfNeeded = 1;
}
-
+
/* Calculation as documented by PL_Base64Encode function.
* Use integer conversion to avoid having to use function ceil().
*/
- base64size = (((encodedRequest->len +2)/3) * 4);
+ base64size = (((encodedRequest->len + 2) / 3) * 4);
if (base64size > max_get_request_size) {
- return NULL;
+ return NULL;
}
memset(b64ReqBuf, 0, sizeof(b64ReqBuf));
- PL_Base64Encode((const char*)encodedRequest->data, encodedRequest->len,
- b64ReqBuf);
+ PL_Base64Encode((const char *)encodedRequest->data, encodedRequest->len,
+ b64ReqBuf);
urlEncodedBufLength = ocsp_UrlEncodeBase64Buf(b64ReqBuf, NULL);
getURLLength = pathLength + urlEncodedBufLength + slashLengthIfNeeded;
-
+
/* urlEncodedBufLength already contains room for the zero terminator.
* Add another if we must add the '/' char.
*/
if (arena) {
- fullGetPath = (char*)PORT_ArenaAlloc(arena, getURLLength);
+ fullGetPath = (char *)PORT_ArenaAlloc(arena, getURLLength);
} else {
- fullGetPath = (char*)PORT_Alloc(getURLLength);
+ fullGetPath = (char *)PORT_Alloc(getURLLength);
}
if (!fullGetPath) {
- return NULL;
+ return NULL;
}
-
+
strcpy(fullGetPath, location);
walkOutput = fullGetPath + pathLength;
-
+
if (walkOutput > fullGetPath && slashLengthIfNeeded) {
strcpy(walkOutput, "/");
++walkOutput;
@@ -3761,20 +3705,20 @@
item = cert_FetchOCSPResponse(arena, fullGetPath, NULL);
if (!arena) {
- PORT_Free(fullGetPath);
+ PORT_Free(fullGetPath);
}
return item;
}
SECItem *
-CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
+CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
const SECItem *encodedRequest)
{
return cert_FetchOCSPResponse(arena, location, encodedRequest);
}
SECItem *
-cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
+cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
const SECItem *encodedRequest)
{
const SEC_HttpClientFcn *registeredHttpClient;
@@ -3784,10 +3728,10 @@
if (registeredHttpClient && registeredHttpClient->version == 1) {
encodedResponse = fetchOcspHttpClientV1(
- arena,
- ®isteredHttpClient->fcnTable.ftable1,
- location,
- encodedRequest);
+ arena,
+ ®isteredHttpClient->fcnTable.ftable1,
+ location,
+ encodedRequest);
} else {
/* use internal http client */
PRFileDesc *sock = ocsp_SendEncodedRequest(location, encodedRequest);
@@ -3801,18 +3745,18 @@
}
static SECItem *
-ocsp_GetEncodedOCSPResponseForSingleCert(PLArenaPool *arena,
- CERTOCSPCertID *certID,
- CERTCertificate *singleCert,
+ocsp_GetEncodedOCSPResponseForSingleCert(PLArenaPool *arena,
+ CERTOCSPCertID *certID,
+ CERTCertificate *singleCert,
const char *location,
- const char *method,
- PRTime time,
+ const char *method,
+ PRTime time,
PRBool addServiceLocator,
void *pwArg,
CERTOCSPRequest **pRequest)
{
CERTOCSPRequest *request;
- request = cert_CreateSingleCertOCSPRequest(certID, singleCert, time,
+ request = cert_CreateSingleCertOCSPRequest(certID, singleCert, time,
addServiceLocator, NULL);
if (!request)
return NULL;
@@ -3833,29 +3777,28 @@
PRBool retval;
CERTOidSequence *oidSeq = NULL;
-
extItem.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
oidSeq = CERT_DecodeOidSequence(&extItem);
- if ( oidSeq == NULL ) {
- goto loser;
+ if (oidSeq == NULL) {
+ goto loser;
}
oids = oidSeq->oids;
- while ( *oids != NULL ) {
- oid = *oids;
-
- oidTag = SECOID_FindOIDTag(oid);
-
- if ( oidTag == SEC_OID_OCSP_RESPONDER ) {
- goto success;
- }
-
- oids++;
+ while (*oids != NULL) {
+ oid = *oids;
+
+ oidTag = SECOID_FindOIDTag(oid);
+
+ if (oidTag == SEC_OID_OCSP_RESPONDER) {
+ goto success;
+ }
+
+ oids++;
}
loser:
@@ -3865,42 +3808,41 @@
success:
retval = PR_TRUE;
done:
- if ( extItem.data != NULL ) {
- PORT_Free(extItem.data);
+ if (extItem.data != NULL) {
+ PORT_Free(extItem.data);
}
- if ( oidSeq != NULL ) {
- CERT_DestroyOidSequence(oidSeq);
+ if (oidSeq != NULL) {
+ CERT_DestroyOidSequence(oidSeq);
}
-
- return(retval);
+
+ return (retval);
}
-
-#ifdef LATER /*
- * XXX This function is not currently used, but will
- * be needed later when we do revocation checking of
- * the responder certificate. Of course, it may need
- * revising then, if the cert extension interface has
- * changed. (Hopefully it will!)
- */
+#ifdef LATER /*
+ * XXX This function is not currently used, but will
+ * be needed later when we do revocation checking of
+ * the responder certificate. Of course, it may need
+ * revising then, if the cert extension interface has
+ * changed. (Hopefully it will!)
+ */
/* Checks a certificate to see if it has the OCSP no check extension. */
static PRBool
ocsp_CertHasNoCheckExtension(CERTCertificate *cert)
{
SECStatus rv;
-
- rv = CERT_FindCertExtension(cert, SEC_OID_PKIX_OCSP_NO_CHECK,
- NULL);
+
+ rv = CERT_FindCertExtension(cert, SEC_OID_PKIX_OCSP_NO_CHECK,
+ NULL);
if (rv == SECSuccess) {
- return PR_TRUE;
+ return PR_TRUE;
}
return PR_FALSE;
}
-#endif /* LATER */
+#endif /* LATER */
static PRBool
-ocsp_matchcert(SECItem *certIndex,CERTCertificate *testCert)
+ocsp_matchcert(SECItem *certIndex, CERTCertificate *testCert)
{
SECItem item;
unsigned char buf[HASH_LENGTH_MAX];
@@ -3908,33 +3850,33 @@
item.data = buf;
item.len = SHA1_LENGTH;
- if (CERT_GetSubjectPublicKeyDigest(NULL,testCert,SEC_OID_SHA1,
- &item) == NULL) {
- return PR_FALSE;
+ if (CERT_GetSubjectPublicKeyDigest(NULL, testCert, SEC_OID_SHA1,
+ &item) == NULL) {
+ return PR_FALSE;
}
- if (SECITEM_ItemsAreEqual(certIndex,&item)) {
- return PR_TRUE;
+ if (SECITEM_ItemsAreEqual(certIndex, &item)) {
+ return PR_TRUE;
}
- if (CERT_GetSubjectPublicKeyDigest(NULL,testCert,SEC_OID_MD5,
- &item) == NULL) {
- return PR_FALSE;
+ if (CERT_GetSubjectPublicKeyDigest(NULL, testCert, SEC_OID_MD5,
+ &item) == NULL) {
+ return PR_FALSE;
}
- if (SECITEM_ItemsAreEqual(certIndex,&item)) {
- return PR_TRUE;
+ if (SECITEM_ItemsAreEqual(certIndex, &item)) {
+ return PR_TRUE;
}
- if (CERT_GetSubjectPublicKeyDigest(NULL,testCert,SEC_OID_MD2,
- &item) == NULL) {
- return PR_FALSE;
+ if (CERT_GetSubjectPublicKeyDigest(NULL, testCert, SEC_OID_MD2,
+ &item) == NULL) {
+ return PR_FALSE;
}
- if (SECITEM_ItemsAreEqual(certIndex,&item)) {
- return PR_TRUE;
+ if (SECITEM_ItemsAreEqual(certIndex, &item)) {
+ return PR_TRUE;
}
return PR_FALSE;
}
static CERTCertificate *
-ocsp_CertGetDefaultResponder(CERTCertDBHandle *handle,CERTOCSPCertID *certID);
+ocsp_CertGetDefaultResponder(CERTCertDBHandle *handle, CERTOCSPCertID *certID);
CERTCertificate *
ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
@@ -3949,19 +3891,19 @@
PORT_Assert(tbsData->responderID != NULL);
switch (tbsData->responderID->responderIDType) {
- case ocspResponderID_byName:
- lookupByName = PR_TRUE;
- certIndex = &tbsData->derResponderID;
- break;
- case ocspResponderID_byKey:
- lookupByName = PR_FALSE;
- certIndex = &tbsData->responderID->responderIDValue.keyHash;
- break;
- case ocspResponderID_other:
- default:
- PORT_Assert(0);
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- return NULL;
+ case ocspResponderID_byName:
+ lookupByName = PR_TRUE;
+ certIndex = &tbsData->derResponderID;
+ break;
+ case ocspResponderID_byKey:
+ lookupByName = PR_FALSE;
+ certIndex = &tbsData->responderID->responderIDValue.keyHash;
+ break;
+ case ocspResponderID_other:
+ default:
+ PORT_Assert(0);
+ PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+ return NULL;
}
/*
@@ -3972,14 +3914,14 @@
* to be destroyed.
*/
if (signature->derCerts != NULL) {
- for (; signature->derCerts[certCount] != NULL; certCount++) {
- /* just counting */
- }
- rv = CERT_ImportCerts(handle, certUsageStatusResponder, certCount,
- signature->derCerts, &certs,
- PR_FALSE, PR_FALSE, NULL);
- if (rv != SECSuccess)
- goto finish;
+ for (; signature->derCerts[certCount] != NULL; certCount++) {
+ /* just counting */
+ }
+ rv = CERT_ImportCerts(handle, certUsageStatusResponder, certCount,
+ signature->derCerts, &certs,
+ PR_FALSE, PR_FALSE, NULL);
+ if (rv != SECSuccess)
+ goto finish;
}
/*
@@ -3987,51 +3929,51 @@
* The signer can be specified either by name or by key hash.
*/
if (lookupByName) {
- SECItem *crIndex = (SECItem*)certIndex;
- SECItem encodedName;
- PLArenaPool *arena;
+ SECItem *crIndex = (SECItem *)certIndex;
+ SECItem encodedName;
+ PLArenaPool *arena;
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena != NULL) {
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena != NULL) {
- rv = SEC_QuickDERDecodeItem(arena, &encodedName,
- ocsp_ResponderIDDerNameTemplate,
- crIndex);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_BAD_DER)
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- } else {
- signerCert = CERT_FindCertByName(handle, &encodedName);
- }
- PORT_FreeArena(arena, PR_FALSE);
- }
+ rv = SEC_QuickDERDecodeItem(arena, &encodedName,
+ ocsp_ResponderIDDerNameTemplate,
+ crIndex);
+ if (rv != SECSuccess) {
+ if (PORT_GetError() == SEC_ERROR_BAD_DER)
+ PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+ } else {
+ signerCert = CERT_FindCertByName(handle, &encodedName);
+ }
+ PORT_FreeArena(arena, PR_FALSE);
+ }
} else {
- /*
- * The signer is either 1) a known issuer CA we passed in,
- * 2) the default OCSP responder, or 3) an intermediate CA
- * passed in the cert list to use. Figure out which it is.
- */
- int i;
- CERTCertificate *responder =
+ /*
+ * The signer is either 1) a known issuer CA we passed in,
+ * 2) the default OCSP responder, or 3) an intermediate CA
+ * passed in the cert list to use. Figure out which it is.
+ */
+ int i;
+ CERTCertificate *responder =
ocsp_CertGetDefaultResponder(handle, NULL);
- if (responder && ocsp_matchcert(certIndex,responder)) {
- signerCert = CERT_DupCertificate(responder);
- } else if (issuer && ocsp_matchcert(certIndex,issuer)) {
- signerCert = CERT_DupCertificate(issuer);
- }
- for (i=0; (signerCert == NULL) && (i < certCount); i++) {
- if (ocsp_matchcert(certIndex,certs[i])) {
- signerCert = CERT_DupCertificate(certs[i]);
- }
- }
- if (signerCert == NULL) {
- PORT_SetError(SEC_ERROR_UNKNOWN_CERT);
- }
+ if (responder && ocsp_matchcert(certIndex, responder)) {
+ signerCert = CERT_DupCertificate(responder);
+ } else if (issuer && ocsp_matchcert(certIndex, issuer)) {
+ signerCert = CERT_DupCertificate(issuer);
+ }
+ for (i = 0; (signerCert == NULL) && (i < certCount); i++) {
+ if (ocsp_matchcert(certIndex, certs[i])) {
+ signerCert = CERT_DupCertificate(certs[i]);
+ }
+ }
+ if (signerCert == NULL) {
+ PORT_SetError(SEC_ERROR_UNKNOWN_CERT);
+ }
}
finish:
if (certs != NULL) {
- CERT_DestroyCertArray(certs, certCount);
+ CERT_DestroyCertArray(certs, certCount);
}
return signerCert;
@@ -4067,7 +4009,7 @@
rv = CERT_VerifySignedDataWithPublicKey(&signedData, signerKey, pwArg);
if (rv != SECSuccess &&
- (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE ||
+ (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE ||
PORT_GetError() == SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED)) {
PORT_SetError(SEC_ERROR_OCSP_BAD_SIGNATURE);
}
@@ -4079,7 +4021,6 @@
return rv;
}
-
/*
* FUNCTION: CERT_VerifyOCSPResponseSignature
* Check the signature on an OCSP Response. Will also perform a
@@ -4110,10 +4051,10 @@
* verifying the signer's cert, or low-level problems (no memory, etc.)
*/
SECStatus
-CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
- CERTCertDBHandle *handle, void *pwArg,
- CERTCertificate **pSignerCert,
- CERTCertificate *issuer)
+CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
+ CERTCertDBHandle *handle, void *pwArg,
+ CERTCertificate **pSignerCert,
+ CERTCertificate *issuer)
{
SECItem *tbsResponseDataDER;
CERTCertificate *signerCert = NULL;
@@ -4138,24 +4079,24 @@
* return the cached result.
*/
if (signature->wasChecked) {
- if (signature->status == SECSuccess) {
- if (pSignerCert != NULL)
- *pSignerCert = CERT_DupCertificate(signature->cert);
- } else {
- PORT_SetError(signature->failureReason);
- }
- return signature->status;
+ if (signature->status == SECSuccess) {
+ if (pSignerCert != NULL)
+ *pSignerCert = CERT_DupCertificate(signature->cert);
+ } else {
+ PORT_SetError(signature->failureReason);
+ }
+ return signature->status;
}
signerCert = ocsp_GetSignerCertificate(handle, tbsData,
signature, issuer);
if (signerCert == NULL) {
- rv = SECFailure;
- if (PORT_GetError() == SEC_ERROR_UNKNOWN_CERT) {
- /* Make the error a little more specific. */
- PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
- }
- goto finish;
+ rv = SECFailure;
+ if (PORT_GetError() == SEC_ERROR_UNKNOWN_CERT) {
+ /* Make the error a little more specific. */
+ PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
+ }
+ goto finish;
}
/*
@@ -4204,24 +4145,24 @@
finish:
if (signature->wasChecked)
- signature->status = rv;
+ signature->status = rv;
if (rv != SECSuccess) {
- signature->failureReason = PORT_GetError();
- if (signerCert != NULL)
- CERT_DestroyCertificate(signerCert);
+ signature->failureReason = PORT_GetError();
+ if (signerCert != NULL)
+ CERT_DestroyCertificate(signerCert);
} else {
- /*
- * Save signer's certificate in signature.
- */
- signature->cert = signerCert;
- if (pSignerCert != NULL) {
- /*
- * Pass pointer to signer's certificate back to our caller,
- * who is also now responsible for destroying it.
- */
- *pSignerCert = CERT_DupCertificate(signerCert);
- }
+ /*
+ * Save signer's certificate in signature.
+ */
+ signature->cert = signerCert;
+ if (pSignerCert != NULL) {
+ /*
+ * Pass pointer to signer's certificate back to our caller,
+ * who is also now responsible for destroying it.
+ */
+ *pSignerCert = CERT_DupCertificate(signerCert);
+ }
}
return rv;
@@ -4234,7 +4175,7 @@
*/
static PRBool
ocsp_CertIDsMatch(CERTOCSPCertID *requestCertID,
- CERTOCSPCertID *responseCertID)
+ CERTOCSPCertID *responseCertID)
{
PRBool match = PR_FALSE;
SECOidTag hashAlg;
@@ -4248,8 +4189,8 @@
* We just compare the easier things first.
*/
if (SECITEM_CompareItem(&requestCertID->serialNumber,
- &responseCertID->serialNumber) != SECEqual) {
- goto done;
+ &responseCertID->serialNumber) != SECEqual) {
+ goto done;
}
/*
@@ -4257,48 +4198,49 @@
* requestCertID->hashAlgorithm, we don't need to check it.
*/
if (responseCertID->hashAlgorithm.parameters.len > 2) {
- goto done;
+ goto done;
}
if (SECITEM_CompareItem(&requestCertID->hashAlgorithm.algorithm,
- &responseCertID->hashAlgorithm.algorithm) == SECEqual) {
- /*
- * If the hash algorithms match then we can do a simple compare
- * of the hash values themselves.
- */
- if ((SECITEM_CompareItem(&requestCertID->issuerNameHash,
- &responseCertID->issuerNameHash) == SECEqual)
- && (SECITEM_CompareItem(&requestCertID->issuerKeyHash,
- &responseCertID->issuerKeyHash) == SECEqual)) {
- match = PR_TRUE;
- }
- goto done;
+ &responseCertID->hashAlgorithm.algorithm) ==
+ SECEqual) {
+ /*
+ * If the hash algorithms match then we can do a simple compare
+ * of the hash values themselves.
+ */
+ if ((SECITEM_CompareItem(&requestCertID->issuerNameHash,
+ &responseCertID->issuerNameHash) == SECEqual) &&
+ (SECITEM_CompareItem(&requestCertID->issuerKeyHash,
+ &responseCertID->issuerKeyHash) == SECEqual)) {
+ match = PR_TRUE;
+ }
+ goto done;
}
hashAlg = SECOID_FindOIDTag(&responseCertID->hashAlgorithm.algorithm);
switch (hashAlg) {
- case SEC_OID_SHA1:
- keyHash = &requestCertID->issuerSHA1KeyHash;
- nameHash = &requestCertID->issuerSHA1NameHash;
- break;
- case SEC_OID_MD5:
- keyHash = &requestCertID->issuerMD5KeyHash;
- nameHash = &requestCertID->issuerMD5NameHash;
- break;
- case SEC_OID_MD2:
- keyHash = &requestCertID->issuerMD2KeyHash;
- nameHash = &requestCertID->issuerMD2NameHash;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return PR_FALSE;
+ case SEC_OID_SHA1:
+ keyHash = &requestCertID->issuerSHA1KeyHash;
+ nameHash = &requestCertID->issuerSHA1NameHash;
+ break;
+ case SEC_OID_MD5:
+ keyHash = &requestCertID->issuerMD5KeyHash;
+ nameHash = &requestCertID->issuerMD5NameHash;
+ break;
+ case SEC_OID_MD2:
+ keyHash = &requestCertID->issuerMD2KeyHash;
+ nameHash = &requestCertID->issuerMD2NameHash;
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return PR_FALSE;
}
- if ((keyHash != NULL)
- && (SECITEM_CompareItem(nameHash,
- &responseCertID->issuerNameHash) == SECEqual)
- && (SECITEM_CompareItem(keyHash,
- &responseCertID->issuerKeyHash) == SECEqual)) {
- match = PR_TRUE;
+ if ((keyHash != NULL) &&
+ (SECITEM_CompareItem(nameHash,
+ &responseCertID->issuerNameHash) == SECEqual) &&
+ (SECITEM_CompareItem(keyHash,
+ &responseCertID->issuerKeyHash) == SECEqual)) {
+ match = PR_TRUE;
}
done:
@@ -4313,27 +4255,27 @@
*/
static CERTOCSPSingleResponse *
ocsp_GetSingleResponseForCertID(CERTOCSPSingleResponse **responses,
- CERTCertDBHandle *handle,
- CERTOCSPCertID *certID)
+ CERTCertDBHandle *handle,
+ CERTOCSPCertID *certID)
{
CERTOCSPSingleResponse *single;
int i;
if (responses == NULL)
- return NULL;
+ return NULL;
for (i = 0; responses[i] != NULL; i++) {
- single = responses[i];
- if (ocsp_CertIDsMatch(certID, single->certID)) {
- return single;
- }
+ single = responses[i];
+ if (ocsp_CertIDsMatch(certID, single->certID)) {
+ return single;
+ }
}
/*
* The OCSP server should have included a response even if it knew
* nothing about the certificate in question. Since it did not,
* this will make it look as if it had.
- *
+ *
* XXX Should we make this a separate error to notice the server's
* bad behavior?
*/
@@ -4349,19 +4291,19 @@
statusConfig = CERT_GetStatusConfig(handle);
if (statusConfig != NULL) {
- ocspcx = statusConfig->statusContext;
+ ocspcx = statusConfig->statusContext;
- /*
- * This is actually an internal error, because we should never
- * have a good statusConfig without a good statusContext, too.
- * For lack of anything better, though, we just assert and use
- * the same error as if there were no statusConfig (set below).
- */
- PORT_Assert(ocspcx != NULL);
+ /*
+ * This is actually an internal error, because we should never
+ * have a good statusConfig without a good statusContext, too.
+ * For lack of anything better, though, we just assert and use
+ * the same error as if there were no statusConfig (set below).
+ */
+ PORT_Assert(ocspcx != NULL);
}
if (ocspcx == NULL)
- PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);
+ PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);
return ocspcx;
}
@@ -4377,19 +4319,19 @@
ocspcx = ocsp_GetCheckingContext(handle);
if (ocspcx == NULL)
- goto loser;
+ goto loser;
- /*
- * Right now we have only one default responder. It applies to
- * all certs when it is used, so the check is simple and certID
- * has no bearing on the answer. Someday in the future we may
- * allow configuration of different responders for different
- * issuers, and then we would have to use the issuer specified
- * in certID to determine if signerCert is the right one.
- */
+ /*
+ * Right now we have only one default responder. It applies to
+ * all certs when it is used, so the check is simple and certID
+ * has no bearing on the answer. Someday in the future we may
+ * allow configuration of different responders for different
+ * issuers, and then we would have to use the issuer specified
+ * in certID to determine if signerCert is the right one.
+ */
if (ocspcx->useDefaultResponder) {
- PORT_Assert(ocspcx->defaultResponderCert != NULL);
- return ocspcx->defaultResponderCert;
+ PORT_Assert(ocspcx->defaultResponderCert != NULL);
+ return ocspcx->defaultResponderCert;
}
loser:
@@ -4407,19 +4349,19 @@
ocspcx = ocsp_GetCheckingContext(handle);
if (ocspcx == NULL)
- return PR_FALSE;
+ return PR_FALSE;
- /*
- * Right now we have only one default responder. It applies to
- * all certs when it is used, so the check is simple and certID
- * has no bearing on the answer. Someday in the future we may
- * allow configuration of different responders for different
- * issuers, and then we would have to use the issuer specified
- * in certID to determine if signerCert is the right one.
- */
+ /*
+ * Right now we have only one default responder. It applies to
+ * all certs when it is used, so the check is simple and certID
+ * has no bearing on the answer. Someday in the future we may
+ * allow configuration of different responders for different
+ * issuers, and then we would have to use the issuer specified
+ * in certID to determine if signerCert is the right one.
+ */
if (ocspcx->useDefaultResponder &&
CERT_CompareCerts(ocspcx->defaultResponderCert, cert)) {
- return PR_TRUE;
+ return PR_TRUE;
}
return PR_FALSE;
@@ -4444,9 +4386,9 @@
*/
static PRBool
ocsp_AuthorizedResponderForCertID(CERTCertDBHandle *handle,
- CERTCertificate *signerCert,
- CERTOCSPCertID *certID,
- PRTime thisUpdate)
+ CERTCertificate *signerCert,
+ CERTOCSPCertID *certID,
+ PRTime thisUpdate)
{
CERTCertificate *issuerCert = NULL, *defRespCert;
SECItem *keyHash = NULL;
@@ -4490,7 +4432,7 @@
nameHashEQ =
(SECITEM_CompareItem(nameHash,
&certID->issuerNameHash) == SECEqual);
-
+
SECITEM_FreeItem(nameHash, PR_TRUE);
if (nameHashEQ) {
/* The issuer of the cert is the the signer of the response */
@@ -4498,7 +4440,6 @@
}
}
-
keyHashEQ = PR_FALSE;
nameHashEQ = PR_FALSE;
@@ -4529,7 +4470,7 @@
CERT_DestroyCertificate(issuerCert);
if (keyHash != NULL && nameHash != NULL) {
- keyHashEQ =
+ keyHashEQ =
(SECITEM_CompareItem(keyHash,
&certID->issuerKeyHash) == SECEqual);
@@ -4565,7 +4506,7 @@
* want something from within the last 24 hours. This macro defines that
* number in seconds.
*/
-#define OCSP_ALLOWABLE_LAPSE_SECONDS (24L * 60L * 60L)
+#define OCSP_ALLOWABLE_LAPSE_SECONDS (24L * 60L * 60L)
static PRBool
ocsp_TimeIsRecent(PRTime checkTime)
@@ -4575,19 +4516,19 @@
LL_I2L(lapse, OCSP_ALLOWABLE_LAPSE_SECONDS);
LL_I2L(tmp, PR_USEC_PER_SEC);
- LL_MUL(lapse, lapse, tmp); /* allowable lapse in microseconds */
+ LL_MUL(lapse, lapse, tmp); /* allowable lapse in microseconds */
LL_ADD(checkTime, checkTime, lapse);
if (LL_CMP(now, >, checkTime))
- return PR_FALSE;
+ return PR_FALSE;
return PR_TRUE;
}
-#define OCSP_SLOP (5L*60L) /* OCSP responses are allowed to be 5 minutes
- in the future by default */
+#define OCSP_SLOP (5L * 60L) /* OCSP responses are allowed to be 5 minutes \
+ in the future by default */
-static PRUint32 ocspsloptime = OCSP_SLOP; /* seconds */
+static PRUint32 ocspsloptime = OCSP_SLOP; /* seconds */
/*
* If an old response contains the revoked certificate status, we want
@@ -4610,7 +4551,6 @@
*/
return SECSuccess;
}
-
}
PORT_SetError(SEC_ERROR_OCSP_OLD_RESPONSE);
return SECFailure;
@@ -4638,19 +4578,19 @@
* SEC_ERROR_OCSP_OLD_RESPONSE
* SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
* Other errors are low-level problems (no memory, bad database, etc.).
- */
+ */
static SECStatus
ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
- CERTCertDBHandle *handle,
- CERTCertificate *signerCert,
- PRTime producedAt)
+ CERTCertDBHandle *handle,
+ CERTCertificate *signerCert,
+ PRTime producedAt)
{
CERTOCSPCertID *certID = single->certID;
PRTime now, thisUpdate, nextUpdate, tmstamp, tmp;
SECStatus rv;
- OCSP_TRACE(("OCSP ocsp_VerifySingleResponse, nextUpdate: %d\n",
- ((single->nextUpdate) != 0)));
+ OCSP_TRACE(("OCSP ocsp_VerifySingleResponse, nextUpdate: %d\n",
+ ((single->nextUpdate) != 0)));
/*
* If all the responder said was that the given cert was unknown to it,
* that is a valid response. Not very interesting to us, of course,
@@ -4659,7 +4599,7 @@
*/
PORT_Assert(single->certStatus != NULL);
if (single->certStatus->certStatusType == ocspCertStatus_unknown)
- return SECSuccess;
+ return SECSuccess;
/*
* We need to extract "thisUpdate" for use below and to pass along
@@ -4668,14 +4608,14 @@
*/
rv = DER_GeneralizedTimeToTime(&thisUpdate, &single->thisUpdate);
if (rv != SECSuccess)
- return rv;
+ return rv;
/*
* First confirm that signerCert is authorized to give this status.
*/
if (ocsp_AuthorizedResponderForCertID(handle, signerCert, certID,
- thisUpdate) != PR_TRUE)
- return SECFailure;
+ thisUpdate) != PR_TRUE)
+ return SECFailure;
/*
* Now check the time stuff, as described above.
@@ -4688,25 +4628,24 @@
LL_ADD(tmstamp, tmp, now); /* add current time to it */
if (LL_CMP(thisUpdate, >, tmstamp) || LL_CMP(producedAt, <, thisUpdate)) {
- PORT_SetError(SEC_ERROR_OCSP_FUTURE_RESPONSE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OCSP_FUTURE_RESPONSE);
+ return SECFailure;
}
if (single->nextUpdate != NULL) {
- rv = DER_GeneralizedTimeToTime(&nextUpdate, single->nextUpdate);
- if (rv != SECSuccess)
- return rv;
+ rv = DER_GeneralizedTimeToTime(&nextUpdate, single->nextUpdate);
+ if (rv != SECSuccess)
+ return rv;
- LL_ADD(tmp, tmp, nextUpdate);
- if (LL_CMP(tmp, <, now) || LL_CMP(producedAt, >, nextUpdate))
- return ocsp_HandleOldSingleResponse(single, now);
+ LL_ADD(tmp, tmp, nextUpdate);
+ if (LL_CMP(tmp, <, now) || LL_CMP(producedAt, >, nextUpdate))
+ return ocsp_HandleOldSingleResponse(single, now);
} else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) {
- return ocsp_HandleOldSingleResponse(single, now);
+ return ocsp_HandleOldSingleResponse(single, now);
}
return SECSuccess;
}
-
/*
* FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation
* Get the value of the URI of the OCSP responder for the given cert.
@@ -4721,7 +4660,7 @@
* extension is not present or it does not contain an entry for OCSP,
* SEC_ERROR_CERT_BAD_ACCESS_LOCATION will be set and a NULL returned.
* Any other error will also result in a NULL being returned.
- *
+ *
* This result should be freed (via PORT_Free) when no longer in use.
*/
char *
@@ -4743,13 +4682,13 @@
*/
encodedAuthInfoAccess = SECITEM_AllocItem(NULL, NULL, 0);
if (encodedAuthInfoAccess == NULL)
- goto loser;
+ goto loser;
rv = CERT_FindCertExtension(cert, SEC_OID_X509_AUTH_INFO_ACCESS,
- encodedAuthInfoAccess);
+ encodedAuthInfoAccess);
if (rv == SECFailure) {
- PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
- goto loser;
+ PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+ goto loser;
}
/*
@@ -4760,16 +4699,16 @@
*/
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL)
- goto loser;
+ goto loser;
authInfoAccess = CERT_DecodeAuthInfoAccessExtension(arena,
- encodedAuthInfoAccess);
+ encodedAuthInfoAccess);
if (authInfoAccess == NULL)
- goto loser;
+ goto loser;
for (i = 0; authInfoAccess[i] != NULL; i++) {
- if (SECOID_FindOIDTag(&authInfoAccess[i]->method) == SEC_OID_PKIX_OCSP)
- locname = authInfoAccess[i]->location;
+ if (SECOID_FindOIDTag(&authInfoAccess[i]->method) == SEC_OID_PKIX_OCSP)
+ locname = authInfoAccess[i]->location;
}
/*
@@ -4780,8 +4719,8 @@
* not there at all.
*/
if (locname == NULL) {
- PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
- goto loser;
+ PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+ goto loser;
}
/*
@@ -4790,15 +4729,15 @@
*/
location = CERT_GetGeneralNameByType(locname, certURI, PR_FALSE);
if (location == NULL) {
- /*
- * XXX Appears that CERT_GetGeneralNameByType does not set an
- * error if there is no name by that type. For lack of anything
- * better, act as if the extension was not found. In the future
- * this should probably be something more like the extension was
- * badly formed.
- */
- PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
- goto loser;
+ /*
+ * XXX Appears that CERT_GetGeneralNameByType does not set an
+ * error if there is no name by that type. For lack of anything
+ * better, act as if the extension was not found. In the future
+ * this should probably be something more like the extension was
+ * badly formed.
+ */
+ PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+ goto loser;
}
/*
@@ -4809,22 +4748,21 @@
*/
locURI = PORT_Alloc(location->len + 1);
if (locURI == NULL) {
- goto loser;
+ goto loser;
}
PORT_Memcpy(locURI, location->data, location->len);
locURI[location->len] = '\0';
loser:
if (arena != NULL)
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
if (encodedAuthInfoAccess != NULL)
- SECITEM_FreeItem(encodedAuthInfoAccess, PR_TRUE);
+ SECITEM_FreeItem(encodedAuthInfoAccess, PR_TRUE);
return locURI;
}
-
/*
* Figure out where we should go to find out the status of the given cert
* via OCSP. If allowed to use a default responder uri and a default
@@ -4840,7 +4778,7 @@
*/
char *
ocsp_GetResponderLocation(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool canUseDefault, PRBool *isDefault)
+ PRBool canUseDefault, PRBool *isDefault)
{
ocspCheckingContext *ocspcx = NULL;
char *ocspUrl = NULL;
@@ -4849,15 +4787,15 @@
ocspcx = ocsp_GetCheckingContext(handle);
}
if (ocspcx != NULL && ocspcx->useDefaultResponder) {
- /*
- * A default responder wins out, if specified.
- * XXX Someday this may be a more complicated determination based
- * on the cert's issuer. (That is, we could have different default
- * responders configured for different issuers.)
- */
- PORT_Assert(ocspcx->defaultResponderURI != NULL);
- *isDefault = PR_TRUE;
- return (PORT_Strdup(ocspcx->defaultResponderURI));
+ /*
+ * A default responder wins out, if specified.
+ * XXX Someday this may be a more complicated determination based
+ * on the cert's issuer. (That is, we could have different default
+ * responders configured for different issuers.)
+ */
+ PORT_Assert(ocspcx->defaultResponderURI != NULL);
+ *isDefault = PR_TRUE;
+ return (PORT_Strdup(ocspcx->defaultResponderURI));
}
/*
@@ -4867,16 +4805,16 @@
*isDefault = PR_FALSE;
ocspUrl = CERT_GetOCSPAuthorityInfoAccessLocation(cert);
if (!ocspUrl) {
- CERT_StringFromCertFcn altFcn;
+ CERT_StringFromCertFcn altFcn;
- PR_EnterMonitor(OCSP_Global.monitor);
- altFcn = OCSP_Global.alternateOCSPAIAFcn;
- PR_ExitMonitor(OCSP_Global.monitor);
- if (altFcn) {
- ocspUrl = (*altFcn)(cert);
- if (ocspUrl)
- *isDefault = PR_TRUE;
- }
+ PR_EnterMonitor(OCSP_Global.monitor);
+ altFcn = OCSP_Global.alternateOCSPAIAFcn;
+ PR_ExitMonitor(OCSP_Global.monitor);
+ if (altFcn) {
+ ocspUrl = (*altFcn)(cert);
+ if (ocspUrl)
+ *isDefault = PR_TRUE;
+ }
}
return ocspUrl;
}
@@ -4893,7 +4831,7 @@
rv = DER_GeneralizedTimeToTime(&revokedTime, &revokedInfo->revocationTime);
if (rv != SECSuccess)
- return rv;
+ return rv;
/*
* Set the error even if we will return success; someone might care.
@@ -4901,7 +4839,7 @@
PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
if (LL_CMP(revokedTime, >, time))
- return SECSuccess;
+ return SECSuccess;
return SECFailure;
}
@@ -4915,28 +4853,28 @@
{
SECStatus rv;
switch (status->certStatusType) {
- case ocspCertStatus_good:
- rv = SECSuccess;
- break;
- case ocspCertStatus_revoked:
- rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
- break;
- case ocspCertStatus_unknown:
- PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_CERT);
- rv = SECFailure;
- break;
- case ocspCertStatus_other:
- default:
- PORT_Assert(0);
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- rv = SECFailure;
- break;
+ case ocspCertStatus_good:
+ rv = SECSuccess;
+ break;
+ case ocspCertStatus_revoked:
+ rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
+ break;
+ case ocspCertStatus_unknown:
+ PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_CERT);
+ rv = SECFailure;
+ break;
+ case ocspCertStatus_other:
+ default:
+ PORT_Assert(0);
+ PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+ rv = SECFailure;
+ break;
}
return rv;
}
static SECStatus
-ocsp_SingleResponseCertHasGoodStatus(CERTOCSPSingleResponse *single,
+ocsp_SingleResponseCertHasGoodStatus(CERTOCSPSingleResponse *single,
PRTime time)
{
return ocsp_CertHasGoodStatus(single->certStatus, time);
@@ -4963,7 +4901,7 @@
OCSPFreshness *cacheFreshness)
{
OCSPCacheItem *cacheItem = NULL;
-
+
if (!certID || !missingResponseError || !rvOcsp || !cacheFreshness) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -4971,7 +4909,7 @@
*rvOcsp = SECFailure;
*missingResponseError = 0;
*cacheFreshness = ocspMissing;
-
+
PR_EnterMonitor(OCSP_Global.monitor);
cacheItem = ocsp_FindCacheEntry(&OCSP_Global.cache, certID);
if (cacheItem) {
@@ -4986,13 +4924,13 @@
} else {
/*
* No status cached, the previous attempt failed.
- * If OCSP is required, we never decide based on a failed attempt
+ * If OCSP is required, we never decide based on a failed attempt
* However, if OCSP is optional, a recent OCSP failure is
* an allowed good state.
*/
if (*cacheFreshness == ocspFresh &&
!ignoreGlobalOcspFailureSetting &&
- OCSP_Global.ocspFailureMode ==
+ OCSP_Global.ocspFailureMode ==
ocspMode_FailureIsNotAVerificationFailure) {
*rvOcsp = SECSuccess;
}
@@ -5064,10 +5002,10 @@
* (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
* verifying the signer's cert, or low-level problems (error allocating
* memory, error performing ASN.1 decoding, etc.).
- */
-SECStatus
+ */
+SECStatus
CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRTime time, void *pwArg)
+ PRTime time, void *pwArg)
{
CERTOCSPCertID *certID;
PRBool certIDWasConsumed = PR_FALSE;
@@ -5075,10 +5013,10 @@
SECStatus rvOcsp;
SECErrorCodes cachedErrorCode;
OCSPFreshness cachedResponseFreshness;
-
+
OCSP_TRACE_CERT(cert);
OCSP_TRACE_TIME("## requested validity time:", time);
-
+
certID = CERT_CreateOCSPCertID(cert, time);
if (!certID)
return SECFailure;
@@ -5098,7 +5036,7 @@
}
rv = ocsp_GetOCSPStatusFromNetwork(handle, certID, cert, time, pwArg,
- &certIDWasConsumed,
+ &certIDWasConsumed,
&rvOcsp);
if (rv != SECSuccess) {
PRErrorCode err = PORT_GetError();
@@ -5157,10 +5095,10 @@
*/
SECStatus
CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle,
- CERTCertificate *cert,
- PRTime time,
- const SECItem *encodedResponse,
- void *pwArg)
+ CERTCertificate *cert,
+ PRTime time,
+ const SECItem *encodedResponse,
+ void *pwArg)
{
CERTOCSPCertID *certID = NULL;
PRBool certIDWasConsumed = PR_FALSE;
@@ -5235,17 +5173,17 @@
* ocsp_CacheSingleResponse. */
rv = ocsp_GetDecodedVerifiedSingleResponseForID(handle, certID, cert,
- time, pwArg,
- encodedResponse,
- &decodedResponse,
- &singleResponse);
+ time, pwArg,
+ encodedResponse,
+ &decodedResponse,
+ &singleResponse);
if (rv == SECSuccess) {
- rvOcsp = ocsp_SingleResponseCertHasGoodStatus(singleResponse, time);
- /* Cache any valid singleResponse, regardless of status. */
- ocsp_CacheSingleResponse(certID, singleResponse, &certIDWasConsumed);
+ rvOcsp = ocsp_SingleResponseCertHasGoodStatus(singleResponse, time);
+ /* Cache any valid singleResponse, regardless of status. */
+ ocsp_CacheSingleResponse(certID, singleResponse, &certIDWasConsumed);
}
if (decodedResponse) {
- CERT_DestroyOCSPResponse(decodedResponse);
+ CERT_DestroyOCSPResponse(decodedResponse);
}
if (!certIDWasConsumed) {
CERT_DestroyOCSPCertID(certID);
@@ -5254,13 +5192,13 @@
}
/*
- * Status in *certIDWasConsumed will always be correct, regardless of
+ * Status in *certIDWasConsumed will always be correct, regardless of
* return value.
*/
static SECStatus
-ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
- CERTOCSPCertID *certID,
- CERTCertificate *cert,
+ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
+ CERTOCSPCertID *certID,
+ CERTCertificate *cert,
PRTime time,
void *pwArg,
PRBool *certIDWasConsumed,
@@ -5274,7 +5212,8 @@
CERTOCSPResponse *decodedResponse = NULL;
CERTOCSPSingleResponse *singleResponse = NULL;
- enum { stageGET, stagePOST } currentStage;
+ enum { stageGET,
+ stagePOST } currentStage;
PRBool retry = PR_FALSE;
if (!certIDWasConsumed || !rv_ocsp) {
@@ -5310,14 +5249,14 @@
location = ocsp_GetResponderLocation(handle, cert, PR_TRUE,
&locationIsDefault);
if (location == NULL) {
- int err = PORT_GetError();
- if (err == SEC_ERROR_EXTENSION_NOT_FOUND ||
- err == SEC_ERROR_CERT_BAD_ACCESS_LOCATION) {
- PORT_SetError(0);
- *rv_ocsp = SECSuccess;
- return SECSuccess;
- }
- return SECFailure;
+ int err = PORT_GetError();
+ if (err == SEC_ERROR_EXTENSION_NOT_FOUND ||
+ err == SEC_ERROR_CERT_BAD_ACCESS_LOCATION) {
+ PORT_SetError(0);
+ *rv_ocsp = SECSuccess;
+ return SECSuccess;
+ }
+ return SECFailure;
}
/*
@@ -5343,75 +5282,75 @@
*/
do {
- const char *method;
- PRBool validResponseWithAccurateInfo = PR_FALSE;
- retry = PR_FALSE;
- *rv_ocsp = SECFailure;
+ const char *method;
+ PRBool validResponseWithAccurateInfo = PR_FALSE;
+ retry = PR_FALSE;
+ *rv_ocsp = SECFailure;
- if (currentStage == stageGET) {
- method = "GET";
- } else {
- PORT_Assert(currentStage == stagePOST);
- method = "POST";
- }
+ if (currentStage == stageGET) {
+ method = "GET";
+ } else {
+ PORT_Assert(currentStage == stagePOST);
+ method = "POST";
+ }
- encodedResponse =
- ocsp_GetEncodedOCSPResponseForSingleCert(NULL, certID, cert,
- location, method,
- time, locationIsDefault,
- pwArg, &request);
+ encodedResponse =
+ ocsp_GetEncodedOCSPResponseForSingleCert(NULL, certID, cert,
+ location, method,
+ time, locationIsDefault,
+ pwArg, &request);
- if (encodedResponse) {
- rv = ocsp_GetDecodedVerifiedSingleResponseForID(handle, certID, cert,
- time, pwArg,
- encodedResponse,
- &decodedResponse,
- &singleResponse);
- if (rv == SECSuccess) {
- switch (singleResponse->certStatus->certStatusType) {
- case ocspCertStatus_good:
- case ocspCertStatus_revoked:
- validResponseWithAccurateInfo = PR_TRUE;
- break;
- default:
- break;
- }
- *rv_ocsp = ocsp_SingleResponseCertHasGoodStatus(singleResponse, time);
- }
- }
+ if (encodedResponse) {
+ rv = ocsp_GetDecodedVerifiedSingleResponseForID(handle, certID, cert,
+ time, pwArg,
+ encodedResponse,
+ &decodedResponse,
+ &singleResponse);
+ if (rv == SECSuccess) {
+ switch (singleResponse->certStatus->certStatusType) {
+ case ocspCertStatus_good:
+ case ocspCertStatus_revoked:
+ validResponseWithAccurateInfo = PR_TRUE;
+ break;
+ default:
+ break;
+ }
+ *rv_ocsp = ocsp_SingleResponseCertHasGoodStatus(singleResponse, time);
+ }
+ }
- if (currentStage == stageGET) {
- /* only accept GET response if good or revoked */
- if (validResponseWithAccurateInfo) {
- ocsp_CacheSingleResponse(certID, singleResponse,
- certIDWasConsumed);
- } else {
- retry = PR_TRUE;
- currentStage = stagePOST;
- }
- } else {
- /* cache the POST respone, regardless of status */
- if (!singleResponse) {
- cert_RememberOCSPProcessingFailure(certID, certIDWasConsumed);
- } else {
- ocsp_CacheSingleResponse(certID, singleResponse,
- certIDWasConsumed);
- }
- }
+ if (currentStage == stageGET) {
+ /* only accept GET response if good or revoked */
+ if (validResponseWithAccurateInfo) {
+ ocsp_CacheSingleResponse(certID, singleResponse,
+ certIDWasConsumed);
+ } else {
+ retry = PR_TRUE;
+ currentStage = stagePOST;
+ }
+ } else {
+ /* cache the POST respone, regardless of status */
+ if (!singleResponse) {
+ cert_RememberOCSPProcessingFailure(certID, certIDWasConsumed);
+ } else {
+ ocsp_CacheSingleResponse(certID, singleResponse,
+ certIDWasConsumed);
+ }
+ }
- if (encodedResponse) {
- SECITEM_FreeItem(encodedResponse, PR_TRUE);
- encodedResponse = NULL;
- }
- if (request) {
- CERT_DestroyOCSPRequest(request);
- request = NULL;
- }
- if (decodedResponse) {
- CERT_DestroyOCSPResponse(decodedResponse);
- decodedResponse = NULL;
- }
- singleResponse = NULL;
+ if (encodedResponse) {
+ SECITEM_FreeItem(encodedResponse, PR_TRUE);
+ encodedResponse = NULL;
+ }
+ if (request) {
+ CERT_DestroyOCSPRequest(request);
+ request = NULL;
+ }
+ if (decodedResponse) {
+ CERT_DestroyOCSPResponse(decodedResponse);
+ decodedResponse = NULL;
+ }
+ singleResponse = NULL;
} while (retry);
@@ -5454,25 +5393,25 @@
*/
static SECStatus
ocsp_GetDecodedVerifiedSingleResponseForID(CERTCertDBHandle *handle,
- CERTOCSPCertID *certID,
- CERTCertificate *cert,
- PRTime time,
- void *pwArg,
- const SECItem *encodedResponse,
- CERTOCSPResponse **pDecodedResponse,
- CERTOCSPSingleResponse **pSingle)
+ CERTOCSPCertID *certID,
+ CERTCertificate *cert,
+ PRTime time,
+ void *pwArg,
+ const SECItem *encodedResponse,
+ CERTOCSPResponse **pDecodedResponse,
+ CERTOCSPSingleResponse **pSingle)
{
CERTCertificate *signerCert = NULL;
CERTCertificate *issuerCert = NULL;
SECStatus rv = SECFailure;
if (!pSingle || !pDecodedResponse) {
- return SECFailure;
+ return SECFailure;
}
*pSingle = NULL;
*pDecodedResponse = CERT_DecodeOCSPResponse(encodedResponse);
if (!*pDecodedResponse) {
- return SECFailure;
+ return SECFailure;
}
/*
@@ -5485,7 +5424,7 @@
* in the response.
*/
if (CERT_GetOCSPResponseStatus(*pDecodedResponse) != SECSuccess) {
- goto loser;
+ goto loser;
}
/*
@@ -5496,32 +5435,32 @@
rv = CERT_VerifyOCSPResponseSignature(*pDecodedResponse, handle, pwArg,
&signerCert, issuerCert);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
- PORT_Assert(signerCert != NULL); /* internal consistency check */
+ PORT_Assert(signerCert != NULL); /* internal consistency check */
/* XXX probably should set error, return failure if signerCert is null */
/*
* Again, we are only doing one request for one cert.
* XXX When we handle cert chains, the following code will obviously
* have to be modified, in coordation with the code above that will
- * have to determine how to make multiple requests, etc.
+ * have to determine how to make multiple requests, etc.
*/
- rv = ocsp_GetVerifiedSingleResponseForCertID(handle, *pDecodedResponse, certID,
+ rv = ocsp_GetVerifiedSingleResponseForCertID(handle, *pDecodedResponse, certID,
signerCert, time, pSingle);
loser:
if (issuerCert != NULL)
- CERT_DestroyCertificate(issuerCert);
+ CERT_DestroyCertificate(issuerCert);
if (signerCert != NULL)
- CERT_DestroyCertificate(signerCert);
+ CERT_DestroyCertificate(signerCert);
return rv;
}
/*
* FUNCTION: ocsp_CacheSingleResponse
* This function requires that the caller has checked that the response
- * is valid and verified.
+ * is valid and verified.
* The (positive or negative) valid response will be used to update the cache.
* INPUTS:
* CERTOCSPCertID *certID
@@ -5532,27 +5471,27 @@
*/
void
ocsp_CacheSingleResponse(CERTOCSPCertID *certID,
- CERTOCSPSingleResponse *single,
- PRBool *certIDWasConsumed)
+ CERTOCSPSingleResponse *single,
+ PRBool *certIDWasConsumed)
{
if (single != NULL) {
- PR_EnterMonitor(OCSP_Global.monitor);
- if (OCSP_Global.maxCacheEntries >= 0) {
- ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID, single,
- certIDWasConsumed);
- /* ignore cache update failures */
- }
- PR_ExitMonitor(OCSP_Global.monitor);
+ PR_EnterMonitor(OCSP_Global.monitor);
+ if (OCSP_Global.maxCacheEntries >= 0) {
+ ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID, single,
+ certIDWasConsumed);
+ /* ignore cache update failures */
+ }
+ PR_ExitMonitor(OCSP_Global.monitor);
}
}
SECStatus
-ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
- CERTOCSPResponse *response,
- CERTOCSPCertID *certID,
- CERTCertificate *signerCert,
- PRTime time,
- CERTOCSPSingleResponse
+ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
+ CERTOCSPResponse *response,
+ CERTOCSPCertID *certID,
+ CERTCertificate *signerCert,
+ PRTime time,
+ CERTOCSPSingleResponse
**pSingleResponse)
{
SECStatus rv;
@@ -5596,11 +5535,11 @@
}
SECStatus
-CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle,
- CERTOCSPResponse *response,
- CERTOCSPCertID *certID,
- CERTCertificate *signerCert,
- PRTime time)
+CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle,
+ CERTOCSPResponse *response,
+ CERTOCSPCertID *certID,
+ CERTCertificate *signerCert,
+ PRTime time)
{
/*
* We do not update the cache, because:
@@ -5612,17 +5551,17 @@
* requires the ability to transfer ownership of the the given certID to
* the cache. The external API doesn't allow us to prevent the caller from
* destroying the certID. We don't have the original certificate available,
- * therefore we are unable to produce another certID object (that could
+ * therefore we are unable to produce another certID object (that could
* be stored in the cache).
*
* Should we ever implement code to produce a deep copy of certID,
* then this could be changed to allow updating the cache.
- * The duplication would have to be done in
+ * The duplication would have to be done in
* cert_ProcessOCSPResponse, if the out parameter to indicate
* a transfer of ownership is NULL.
*/
- return cert_ProcessOCSPResponse(handle, response, certID,
- signerCert, time,
+ return cert_ProcessOCSPResponse(handle, response, certID,
+ signerCert, time,
NULL, NULL);
}
@@ -5630,23 +5569,23 @@
* The first 5 parameters match the definition of CERT_GetOCSPStatusForCertID.
*/
SECStatus
-cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
- CERTOCSPResponse *response,
- CERTOCSPCertID *certID,
- CERTCertificate *signerCert,
- PRTime time,
- PRBool *certIDWasConsumed,
- SECStatus *cacheUpdateStatus)
+cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
+ CERTOCSPResponse *response,
+ CERTOCSPCertID *certID,
+ CERTCertificate *signerCert,
+ PRTime time,
+ PRBool *certIDWasConsumed,
+ SECStatus *cacheUpdateStatus)
{
SECStatus rv;
SECStatus rv_cache = SECSuccess;
CERTOCSPSingleResponse *single = NULL;
- rv = ocsp_GetVerifiedSingleResponseForCertID(handle, response, certID,
+ rv = ocsp_GetVerifiedSingleResponseForCertID(handle, response, certID,
signerCert, time, &single);
if (rv == SECSuccess) {
/*
- * Check whether the status says revoked, and if so
+ * Check whether the status says revoked, and if so
* how that compares to the time value passed into this routine.
*/
rv = ocsp_SingleResponseCertHasGoodStatus(single, time);
@@ -5654,15 +5593,15 @@
if (certIDWasConsumed) {
/*
- * We don't have copy-of-certid implemented. In order to update
- * the cache, the caller must supply an out variable
+ * We don't have copy-of-certid implemented. In order to update
+ * the cache, the caller must supply an out variable
* certIDWasConsumed, allowing us to return ownership status.
*/
-
+
PR_EnterMonitor(OCSP_Global.monitor);
if (OCSP_Global.maxCacheEntries >= 0) {
/* single == NULL means: remember response failure */
- rv_cache =
+ rv_cache =
ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID,
single, certIDWasConsumed);
}
@@ -5677,12 +5616,12 @@
SECStatus
cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
- PRBool *certIDWasConsumed)
+ PRBool *certIDWasConsumed)
{
SECStatus rv = SECSuccess;
PR_EnterMonitor(OCSP_Global.monitor);
if (OCSP_Global.maxCacheEntries >= 0) {
- rv = ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID, NULL,
+ rv = ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID, NULL,
certIDWasConsumed);
}
PR_ExitMonitor(OCSP_Global.monitor);
@@ -5705,12 +5644,12 @@
statusContext = statusConfig->statusContext;
PORT_Assert(statusContext != NULL);
if (statusContext == NULL)
- return SECFailure;
+ return SECFailure;
if (statusContext->defaultResponderURI != NULL)
- PORT_Free(statusContext->defaultResponderURI);
+ PORT_Free(statusContext->defaultResponderURI);
if (statusContext->defaultResponderNickname != NULL)
- PORT_Free(statusContext->defaultResponderNickname);
+ PORT_Free(statusContext->defaultResponderNickname);
PORT_Free(statusContext);
statusConfig->statusContext = NULL;
@@ -5720,7 +5659,6 @@
return SECSuccess;
}
-
/*
* FUNCTION: CERT_DisableOCSPChecking
* Turns off OCSP checking for the given certificate database.
@@ -5743,22 +5681,22 @@
ocspCheckingContext *statusContext;
if (handle == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
statusConfig = CERT_GetStatusConfig(handle);
statusContext = ocsp_GetCheckingContext(handle);
if (statusContext == NULL)
- return SECFailure;
+ return SECFailure;
if (statusConfig->statusChecker != CERT_CheckOCSPStatus) {
- /*
- * Status configuration is present, but either not currently
- * enabled or not for OCSP.
- */
- PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);
- return SECFailure;
+ /*
+ * Status configuration is present, but either not currently
+ * enabled or not for OCSP.
+ */
+ PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);
+ return SECFailure;
}
/* cache no longer necessary */
@@ -5786,17 +5724,17 @@
PORT_Assert(CERT_GetStatusConfig(handle) == NULL);
if (CERT_GetStatusConfig(handle) != NULL) {
- /* XXX or call statusConfig->statusDestroy and continue? */
- return SECFailure;
+ /* XXX or call statusConfig->statusDestroy and continue? */
+ return SECFailure;
}
statusConfig = PORT_ZNew(CERTStatusConfig);
if (statusConfig == NULL)
- goto loser;
+ goto loser;
statusContext = PORT_ZNew(ocspCheckingContext);
if (statusContext == NULL)
- goto loser;
+ goto loser;
statusConfig->statusDestroy = ocsp_DestroyStatusChecking;
statusConfig->statusContext = statusContext;
@@ -5807,11 +5745,10 @@
loser:
if (statusConfig != NULL)
- PORT_Free(statusConfig);
+ PORT_Free(statusConfig);
return SECFailure;
}
-
/*
* FUNCTION: CERT_EnableOCSPChecking
* Turns on OCSP checking for the given certificate database.
@@ -5826,23 +5763,23 @@
CERT_EnableOCSPChecking(CERTCertDBHandle *handle)
{
CERTStatusConfig *statusConfig;
-
+
SECStatus rv;
if (handle == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
statusConfig = CERT_GetStatusConfig(handle);
if (statusConfig == NULL) {
- rv = ocsp_InitStatusChecking(handle);
- if (rv != SECSuccess)
- return rv;
+ rv = ocsp_InitStatusChecking(handle);
+ if (rv != SECSuccess)
+ return rv;
- /* Get newly established value */
- statusConfig = CERT_GetStatusConfig(handle);
- PORT_Assert(statusConfig != NULL);
+ /* Get newly established value */
+ statusConfig = CERT_GetStatusConfig(handle);
+ PORT_Assert(statusConfig != NULL);
}
/*
@@ -5854,7 +5791,6 @@
return SECSuccess;
}
-
/*
* FUNCTION: CERT_SetOCSPDefaultResponder
* Specify the location and cert of the default responder.
@@ -5881,7 +5817,7 @@
*/
SECStatus
CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
- const char *url, const char *name)
+ const char *url, const char *name)
{
CERTCertificate *cert;
ocspCheckingContext *statusContext;
@@ -5890,12 +5826,12 @@
SECStatus rv;
if (handle == NULL || url == NULL || name == NULL) {
- /*
- * XXX When interface is exported, probably want better errors;
- * perhaps different one for each parameter.
- */
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ /*
+ * XXX When interface is exported, probably want better errors;
+ * perhaps different one for each parameter.
+ */
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/*
@@ -5905,15 +5841,15 @@
* XXX Shouldn't need that cast if the FindCertByNickname interface
* used const to convey that it does not modify the name. Maybe someday.
*/
- cert = CERT_FindCertByNickname(handle, (char *) name);
+ cert = CERT_FindCertByNickname(handle, (char *)name);
if (cert == NULL) {
- /*
- * look for the cert on an external token.
- */
- cert = PK11_FindCertFromNickname((char *)name, NULL);
+ /*
+ * look for the cert on an external token.
+ */
+ cert = PK11_FindCertFromNickname((char *)name, NULL);
}
if (cert == NULL)
- return SECFailure;
+ return SECFailure;
/*
* Make a copy of the url and nickname.
@@ -5921,8 +5857,8 @@
url_copy = PORT_Strdup(url);
name_copy = PORT_Strdup(name);
if (url_copy == NULL || name_copy == NULL) {
- rv = SECFailure;
- goto loser;
+ rv = SECFailure;
+ goto loser;
}
statusContext = ocsp_GetCheckingContext(handle);
@@ -5931,12 +5867,12 @@
* Allocate and init the context if it doesn't already exist.
*/
if (statusContext == NULL) {
- rv = ocsp_InitStatusChecking(handle);
- if (rv != SECSuccess)
- goto loser;
+ rv = ocsp_InitStatusChecking(handle);
+ if (rv != SECSuccess)
+ goto loser;
- statusContext = ocsp_GetCheckingContext(handle);
- PORT_Assert(statusContext != NULL); /* extreme paranoia */
+ statusContext = ocsp_GetCheckingContext(handle);
+ PORT_Assert(statusContext != NULL); /* extreme paranoia */
}
/*
@@ -5949,9 +5885,9 @@
* Get rid of old url and name if there.
*/
if (statusContext->defaultResponderNickname != NULL)
- PORT_Free(statusContext->defaultResponderNickname);
+ PORT_Free(statusContext->defaultResponderNickname);
if (statusContext->defaultResponderURI != NULL)
- PORT_Free(statusContext->defaultResponderURI);
+ PORT_Free(statusContext->defaultResponderURI);
/*
* And replace them with the new ones.
@@ -5966,13 +5902,13 @@
* enabled.
*/
if (statusContext->defaultResponderCert != NULL) {
- CERT_DestroyCertificate(statusContext->defaultResponderCert);
- statusContext->defaultResponderCert = cert;
+ CERT_DestroyCertificate(statusContext->defaultResponderCert);
+ statusContext->defaultResponderCert = cert;
/*OCSP enabled, switching responder: clear cache*/
CERT_ClearOCSPCache();
} else {
- PORT_Assert(statusContext->useDefaultResponder == PR_FALSE);
- CERT_DestroyCertificate(cert);
+ PORT_Assert(statusContext->useDefaultResponder == PR_FALSE);
+ CERT_DestroyCertificate(cert);
/*OCSP currently not enabled, no need to clear cache*/
}
@@ -5981,13 +5917,12 @@
loser:
CERT_DestroyCertificate(cert);
if (url_copy != NULL)
- PORT_Free(url_copy);
+ PORT_Free(url_copy);
if (name_copy != NULL)
- PORT_Free(name_copy);
+ PORT_Free(name_copy);
return rv;
}
-
/*
* FUNCTION: CERT_EnableOCSPDefaultResponder
* Turns on use of a default responder when OCSP checking.
@@ -6014,36 +5949,36 @@
SECCertificateUsage usage;
if (handle == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
statusContext = ocsp_GetCheckingContext(handle);
if (statusContext == NULL) {
- /*
- * Strictly speaking, the error already set is "correct",
- * but cover over it with one more helpful in this context.
- */
- PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
- return SECFailure;
+ /*
+ * Strictly speaking, the error already set is "correct",
+ * but cover over it with one more helpful in this context.
+ */
+ PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
+ return SECFailure;
}
if (statusContext->defaultResponderURI == NULL) {
- PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
+ return SECFailure;
}
if (statusContext->defaultResponderNickname == NULL) {
- PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
+ return SECFailure;
}
/*
* Find the cert for the nickname.
*/
cert = CERT_FindCertByNickname(handle,
- statusContext->defaultResponderNickname);
+ statusContext->defaultResponderNickname);
if (cert == NULL) {
cert = PK11_FindCertFromNickname(statusContext->defaultResponderNickname,
NULL);
@@ -6054,13 +5989,13 @@
*/
PORT_Assert(cert != NULL);
if (cert == NULL)
- return SECFailure;
+ return SECFailure;
- /*
- * Supplied cert should at least have a signing capability in order for us
- * to use it as a trusted responder cert. Ability to sign is guaranteed if
- * cert is validated to have any set of the usages below.
- */
+ /*
+ * Supplied cert should at least have a signing capability in order for us
+ * to use it as a trusted responder cert. Ability to sign is guaranteed if
+ * cert is validated to have any set of the usages below.
+ */
rv = CERT_VerifyCertificateNow(handle, cert, PR_TRUE,
certificateUsageCheckAllUsages,
NULL, &usage);
@@ -6071,8 +6006,8 @@
certificateUsageObjectSigner |
certificateUsageStatusResponder |
certificateUsageSSLCA)) == 0) {
- PORT_SetError(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID);
+ return SECFailure;
}
/*
@@ -6090,7 +6025,6 @@
return SECSuccess;
}
-
/*
* FUNCTION: CERT_DisableOCSPDefaultResponder
* Turns off use of a default responder when OCSP checking.
@@ -6111,23 +6045,23 @@
CERTCertificate *tmpCert;
if (handle == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
statusConfig = CERT_GetStatusConfig(handle);
if (statusConfig == NULL)
- return SECSuccess;
+ return SECSuccess;
statusContext = ocsp_GetCheckingContext(handle);
PORT_Assert(statusContext != NULL);
if (statusContext == NULL)
- return SECFailure;
+ return SECFailure;
tmpCert = statusContext->defaultResponderCert;
if (tmpCert) {
- statusContext->defaultResponderCert = NULL;
- CERT_DestroyCertificate(tmpCert);
+ statusContext->defaultResponderCert = NULL;
+ CERT_DestroyCertificate(tmpCert);
/* we don't allow a mix of cache entries from different responders */
CERT_ClearOCSPCache();
}
@@ -6159,29 +6093,29 @@
{
PORT_Assert(response);
if (response->statusValue == ocspResponse_successful)
- return SECSuccess;
+ return SECSuccess;
switch (response->statusValue) {
- case ocspResponse_malformedRequest:
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
- break;
- case ocspResponse_internalError:
- PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
- break;
- case ocspResponse_tryLater:
- PORT_SetError(SEC_ERROR_OCSP_TRY_SERVER_LATER);
- break;
- case ocspResponse_sigRequired:
- /* XXX We *should* retry with a signature, if possible. */
- PORT_SetError(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG);
- break;
- case ocspResponse_unauthorized:
- PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST);
- break;
- case ocspResponse_unused:
- default:
- PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS);
- break;
+ case ocspResponse_malformedRequest:
+ PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
+ break;
+ case ocspResponse_internalError:
+ PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
+ break;
+ case ocspResponse_tryLater:
+ PORT_SetError(SEC_ERROR_OCSP_TRY_SERVER_LATER);
+ break;
+ case ocspResponse_sigRequired:
+ /* XXX We *should* retry with a signature, if possible. */
+ PORT_SetError(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG);
+ break;
+ case ocspResponse_unauthorized:
+ PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST);
+ break;
+ case ocspResponse_unused:
+ default:
+ PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS);
+ break;
}
return SECFailure;
}
diff --git a/nss/lib/certhigh/ocsp.h b/nss/lib/certhigh/ocsp.h
index 75225eb..ac9dd64 100644
--- a/nss/lib/certhigh/ocsp.h
+++ b/nss/lib/certhigh/ocsp.h
@@ -9,7 +9,6 @@
#ifndef _OCSP_H_
#define _OCSP_H_
-
#include "plarena.h"
#include "seccomon.h"
#include "secoidt.h"
@@ -17,7 +16,6 @@
#include "certt.h"
#include "ocspt.h"
-
/************************************************************************/
SEC_BEGIN_PROTOS
@@ -134,7 +132,7 @@
*/
extern SECStatus
CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
- const char *url, const char *name);
+ const char *url, const char *name);
/*
* FUNCTION: CERT_EnableOCSPDefaultResponder
@@ -174,7 +172,7 @@
/* If forcePost is set, OCSP requests will only be sent using the HTTP POST
* method. When forcePost is not set, OCSP requests will be sent using the
* HTTP GET method, with a fallback to POST when we fail to receive a response
- * and/or when we receive an uncacheable response like "Unknown."
+ * and/or when we receive an uncacheable response like "Unknown."
*
* The default is to use GET and fallback to POST.
*/
@@ -191,7 +189,7 @@
/*
* FUNCTION: CERT_CreateOCSPRequest
- * Creates a CERTOCSPRequest, requesting the status of the certs in
+ * Creates a CERTOCSPRequest, requesting the status of the certs in
* the given list.
* INPUTS:
* CERTCertList *certList
@@ -203,7 +201,7 @@
* to this routine), who knows about where the request(s) are being
* sent and whether there are any trusted responders in place.
* PRTime time
- * Indicates the time for which the certificate status is to be
+ * Indicates the time for which the certificate status is to be
* determined -- this may be used in the search for the cert's issuer
* but has no effect on the request itself.
* PRBool addServiceLocator
@@ -221,9 +219,9 @@
* Other errors are low-level problems (no memory, bad database, etc.).
*/
extern CERTOCSPRequest *
-CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert);
+CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
+ PRBool addServiceLocator,
+ CERTCertificate *signerCert);
/*
* FUNCTION: CERT_AddOCSPAcceptableResponses
@@ -243,13 +241,13 @@
*/
extern SECStatus
CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request,
- SECOidTag responseType0, ...);
+ SECOidTag responseType0, ...);
-/*
+/*
* FUNCTION: CERT_EncodeOCSPRequest
* DER encodes an OCSP Request, possibly adding a signature as well.
* XXX Signing is not yet supported, however; see comments in code.
- * INPUTS:
+ * INPUTS:
* PLArenaPool *arena
* The return value is allocated from here.
* If a NULL is passed in, allocation is done from the heap instead.
@@ -264,8 +262,8 @@
* (e.g. no memory).
*/
extern SECItem *
-CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
- void *pwArg);
+CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
+ void *pwArg);
/*
* FUNCTION: CERT_DecodeOCSPRequest
@@ -341,7 +339,7 @@
* const char *location
* The location of the OCSP responder (a URL).
* PRTime time
- * Indicates the time for which the certificate status is to be
+ * Indicates the time for which the certificate status is to be
* determined -- this may be used in the search for the cert's issuer
* but has no other bearing on the operation.
* PRBool addServiceLocator
@@ -369,10 +367,10 @@
*/
extern SECItem *
CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList,
- const char *location, PRTime time,
- PRBool addServiceLocator,
- CERTCertificate *signerCert, void *pwArg,
- CERTOCSPRequest **pRequest);
+ const char *location, PRTime time,
+ PRBool addServiceLocator,
+ CERTCertificate *signerCert, void *pwArg,
+ CERTOCSPRequest **pRequest);
/*
* FUNCTION: CERT_VerifyOCSPResponseSignature
@@ -406,10 +404,10 @@
* verifying the signer's cert, or low-level problems (no memory, etc.)
*/
extern SECStatus
-CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
- CERTCertDBHandle *handle, void *pwArg,
- CERTCertificate **pSignerCert,
- CERTCertificate *issuerCert);
+CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
+ CERTCertDBHandle *handle, void *pwArg,
+ CERTCertificate **pSignerCert,
+ CERTCertificate *issuerCert);
/*
* FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation
@@ -425,7 +423,7 @@
* extension is not present or it does not contain an entry for OCSP,
* SEC_ERROR_EXTENSION_NOT_FOUND will be set and a NULL returned.
* Any other error will also result in a NULL being returned.
- *
+ *
* This result should be freed (via PORT_Free) when no longer in use.
*/
extern char *
@@ -433,21 +431,21 @@
/*
* FUNCTION: CERT_RegisterAlternateOCSPAIAInfoCallBack
- * This function serves two purposes.
- * 1) It registers the address of a callback function that will be
- * called for certs that have no OCSP AIA extension, to see if the
+ * This function serves two purposes.
+ * 1) It registers the address of a callback function that will be
+ * called for certs that have no OCSP AIA extension, to see if the
* callback wishes to supply an alternative URL for such an OCSP inquiry.
- * 2) It outputs the previously registered function's address to the
+ * 2) It outputs the previously registered function's address to the
* address supplied by the caller, unless that is NULL.
- * The registered callback function returns NULL, or an allocated string
+ * The registered callback function returns NULL, or an allocated string
* that may be subsequently freed by calling PORT_Free().
* RETURN:
* SECSuccess or SECFailure (if the library is not yet intialized)
*/
extern SECStatus
CERT_RegisterAlternateOCSPAIAInfoCallBack(
- CERT_StringFromCertFcn newCallback,
- CERT_StringFromCertFcn * oldCallback);
+ CERT_StringFromCertFcn newCallback,
+ CERT_StringFromCertFcn *oldCallback);
/*
* FUNCTION: CERT_ParseURL
@@ -521,10 +519,10 @@
* (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
* verifying the signer's cert, or low-level problems (error allocating
* memory, error performing ASN.1 decoding, etc.).
- */
-extern SECStatus
+ */
+extern SECStatus
CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
- PRTime time, void *pwArg);
+ PRTime time, void *pwArg);
/*
* FUNCTION: CERT_CacheOCSPResponseFromSideChannel
@@ -556,10 +554,10 @@
*/
extern SECStatus
CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle,
- CERTCertificate *cert,
- PRTime time,
- const SECItem *encodedResponse,
- void *pwArg);
+ CERTCertificate *cert,
+ PRTime time,
+ const SECItem *encodedResponse,
+ void *pwArg);
/*
* FUNCTION: CERT_GetOCSPStatusForCertID
@@ -581,11 +579,11 @@
* Return values are the same as those for CERT_CheckOCSPStatus
*/
extern SECStatus
-CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle,
- CERTOCSPResponse *response,
- CERTOCSPCertID *certID,
- CERTCertificate *signerCert,
- PRTime time);
+CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle,
+ CERTOCSPResponse *response,
+ CERTOCSPCertID *certID,
+ CERTCertificate *signerCert,
+ PRTime time);
/*
* FUNCTION CERT_GetOCSPResponseStatus
@@ -619,10 +617,10 @@
* the issuing CA may be an older expired certificate.
* RETURN:
* A new copy of a CERTOCSPCertID*. The memory for this certID
- * should be freed by calling CERT_DestroyOCSPCertID when the
+ * should be freed by calling CERT_DestroyOCSPCertID when the
* certID is no longer necessary.
*/
-extern CERTOCSPCertID*
+extern CERTOCSPCertID *
CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time);
/*
@@ -630,7 +628,7 @@
* Frees the memory associated with the certID passed in.
* INPUTS:
* CERTOCSPCertID* certID
- * The certID that the caller no longer needs and wants to
+ * The certID that the caller no longer needs and wants to
* free the associated memory.
* RETURN:
* SECSuccess if freeing the memory was successful. Returns
@@ -638,31 +636,30 @@
* a call to CERT_CreateOCSPCertID.
*/
extern SECStatus
-CERT_DestroyOCSPCertID(CERTOCSPCertID* certID);
+CERT_DestroyOCSPCertID(CERTOCSPCertID *certID);
-
-extern CERTOCSPSingleResponse*
+extern CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseGood(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate);
-extern CERTOCSPSingleResponse*
+extern CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseUnknown(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate);
-extern CERTOCSPSingleResponse*
+extern CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseRevoked(
PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate,
PRTime revocationTime,
- const CERTCRLEntryReasonCode* revocationReason);
+ const CERTCRLEntryReasonCode *revocationReason);
-extern SECItem*
+extern SECItem *
CERT_CreateEncodedOCSPSuccessResponse(
PLArenaPool *arena,
CERTCertificate *responderCert,
@@ -703,7 +700,7 @@
* SEC_ERROR_INVALID_ARGS
* Other errors are low-level problems (no memory, bad database, etc.).
*/
-extern SECItem*
+extern SECItem *
CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error);
/* Sends an OCSP request using the HTTP POST method to the location addressed
@@ -717,7 +714,7 @@
* SEC_RegisterDefaultHttpClient then that client is used. Otherwise, an
* internal HTTP client is used.
*/
-SECItem* CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
+SECItem *CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
const SECItem *encodedRequest);
/************************************************************************/
diff --git a/nss/lib/certhigh/ocspi.h b/nss/lib/certhigh/ocspi.h
index 01c20da..c946d9f 100644
--- a/nss/lib/certhigh/ocspi.h
+++ b/nss/lib/certhigh/ocspi.h
@@ -35,13 +35,15 @@
void *pwArg);
CERTOCSPRequest *
-cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
- CERTCertificate *singleCert,
+cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
+ CERTCertificate *singleCert,
PRTime time,
PRBool addServiceLocator,
CERTCertificate *signerCert);
-typedef enum { ocspMissing, ocspFresh, ocspStale } OCSPFreshness;
+typedef enum { ocspMissing,
+ ocspFresh,
+ ocspStale } OCSPFreshness;
SECStatus
ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,
@@ -84,13 +86,13 @@
*/
SECStatus
-cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
- CERTOCSPResponse *response,
- CERTOCSPCertID *certID,
- CERTCertificate *signerCert,
- PRTime time,
- PRBool *certIDWasConsumed,
- SECStatus *cacheUpdateStatus);
+cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
+ CERTOCSPResponse *response,
+ CERTOCSPCertID *certID,
+ CERTCertificate *signerCert,
+ PRTime time,
+ PRBool *certIDWasConsumed,
+ SECStatus *cacheUpdateStatus);
/*
* FUNCTION: cert_RememberOCSPProcessingFailure
@@ -109,7 +111,7 @@
SECStatus
cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
- PRBool *certIDWasConsumed);
+ PRBool *certIDWasConsumed);
/*
* FUNCTION: ocsp_GetResponderLocation
@@ -146,11 +148,11 @@
ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf);
SECStatus
-ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
- CERTOCSPResponse *response,
- CERTOCSPCertID *certID,
- CERTCertificate *signerCert,
- PRTime time,
+ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
+ CERTOCSPResponse *response,
+ CERTOCSPCertID *certID,
+ CERTCertificate *signerCert,
+ PRTime time,
CERTOCSPSingleResponse **pSingleResponse);
SECStatus
@@ -158,7 +160,7 @@
void
ocsp_CacheSingleResponse(CERTOCSPCertID *certID,
- CERTOCSPSingleResponse *single,
- PRBool *certIDWasConsumed);
+ CERTOCSPSingleResponse *single,
+ PRBool *certIDWasConsumed);
#endif /* _OCSPI_H_ */
diff --git a/nss/lib/certhigh/ocspsig.c b/nss/lib/certhigh/ocspsig.c
index 0c4c201..94606ba 100644
--- a/nss/lib/certhigh/ocspsig.c
+++ b/nss/lib/certhigh/ocspsig.c
@@ -19,12 +19,11 @@
#include "ocspi.h"
#include "pk11pub.h"
-
extern const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[];
extern const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[];
extern const SEC_ASN1Template ocsp_OCSPResponseTemplate[];
-ocspCertStatus*
+ocspCertStatus *
ocsp_CreateCertStatus(PLArenaPool *arena,
ocspCertStatusType status,
PRTime revocationTime)
@@ -45,7 +44,7 @@
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
-
+
cs = PORT_ArenaZNew(arena, ocspCertStatus);
if (!cs)
return NULL;
@@ -71,8 +70,9 @@
if (!cs->certStatusInfo.revokedInfo->revocationReason)
return NULL;
if (DER_TimeToGeneralizedTimeArena(arena,
- &cs->certStatusInfo.revokedInfo->revocationTime,
- revocationTime) != SECSuccess)
+ &cs->certStatusInfo.revokedInfo->revocationTime,
+ revocationTime) !=
+ SECSuccess)
return NULL;
break;
default:
@@ -91,11 +91,11 @@
static const SEC_ASN1Template ocsp_EncodeRevokedInfoTemplate[] = {
{ SEC_ASN1_GENERALIZED_TIME,
- offsetof(ocspRevokedInfo, revocationTime) },
+ offsetof(ocspRevokedInfo, revocationTime) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC| 0,
- offsetof(ocspRevokedInfo, revocationReason),
- mySEC_PointerToEnumeratedTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(ocspRevokedInfo, revocationReason),
+ mySEC_PointerToEnumeratedTemplate },
{ 0 }
};
@@ -110,26 +110,26 @@
static const SEC_ASN1Template ocsp_CertStatusTemplate[] = {
{ SEC_ASN1_CHOICE, offsetof(ocspCertStatus, certStatusType),
- 0, sizeof(ocspCertStatus) },
+ 0, sizeof(ocspCertStatus) },
{ SEC_ASN1_CONTEXT_SPECIFIC | 0,
- 0, mySEC_NullTemplate, ocspCertStatus_good },
+ 0, mySEC_NullTemplate, ocspCertStatus_good },
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
- ocsp_PointerToEncodeRevokedInfoTemplate, ocspCertStatus_revoked },
+ SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
+ ocsp_PointerToEncodeRevokedInfoTemplate, ocspCertStatus_revoked },
{ SEC_ASN1_CONTEXT_SPECIFIC | 2,
- 0, mySEC_NullTemplate, ocspCertStatus_unknown },
+ 0, mySEC_NullTemplate, ocspCertStatus_unknown },
{ 0 }
};
static const SEC_ASN1Template mySECOID_AlgorithmIDTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECAlgorithmID) },
+ 0, NULL, sizeof(SECAlgorithmID) },
{ SEC_ASN1_OBJECT_ID,
- offsetof(SECAlgorithmID,algorithm), },
+ offsetof(SECAlgorithmID, algorithm) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
- offsetof(SECAlgorithmID,parameters), },
- { 0, }
+ offsetof(SECAlgorithmID, parameters) },
+ { 0 }
};
static const SEC_ASN1Template mySEC_AnyTemplate[] = {
@@ -153,7 +153,7 @@
};
static const SEC_ASN1Template mySEC_GeneralizedTimeTemplate[] = {
- { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem)}
+ { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
};
static const SEC_ASN1Template mySEC_PointerToGeneralizedTimeTemplate[] = {
@@ -162,29 +162,29 @@
static const SEC_ASN1Template ocsp_myCertIDTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPCertID) },
+ 0, NULL, sizeof(CERTOCSPCertID) },
{ SEC_ASN1_INLINE,
- offsetof(CERTOCSPCertID, hashAlgorithm),
- mySECOID_AlgorithmIDTemplate },
+ offsetof(CERTOCSPCertID, hashAlgorithm),
+ mySECOID_AlgorithmIDTemplate },
{ SEC_ASN1_OCTET_STRING,
- offsetof(CERTOCSPCertID, issuerNameHash) },
+ offsetof(CERTOCSPCertID, issuerNameHash) },
{ SEC_ASN1_OCTET_STRING,
- offsetof(CERTOCSPCertID, issuerKeyHash) },
+ offsetof(CERTOCSPCertID, issuerKeyHash) },
{ SEC_ASN1_INTEGER,
- offsetof(CERTOCSPCertID, serialNumber) },
+ offsetof(CERTOCSPCertID, serialNumber) },
{ 0 }
};
static const SEC_ASN1Template myCERT_CertExtensionTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTCertExtension) },
+ 0, NULL, sizeof(CERTCertExtension) },
{ SEC_ASN1_OBJECT_ID,
- offsetof(CERTCertExtension,id) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
- offsetof(CERTCertExtension,critical) },
+ offsetof(CERTCertExtension, id) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+ offsetof(CERTCertExtension, critical) },
{ SEC_ASN1_OCTET_STRING,
- offsetof(CERTCertExtension,value) },
- { 0, }
+ offsetof(CERTCertExtension, value) },
+ { 0 }
};
static const SEC_ASN1Template myCERT_SequenceOfCertExtensionTemplate[] = {
@@ -197,66 +197,65 @@
static const SEC_ASN1Template ocsp_mySingleResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPSingleResponse) },
+ 0, NULL, sizeof(CERTOCSPSingleResponse) },
{ SEC_ASN1_POINTER,
- offsetof(CERTOCSPSingleResponse, certID),
- ocsp_myCertIDTemplate },
+ offsetof(CERTOCSPSingleResponse, certID),
+ ocsp_myCertIDTemplate },
{ SEC_ASN1_ANY,
- offsetof(CERTOCSPSingleResponse, derCertStatus) },
+ offsetof(CERTOCSPSingleResponse, derCertStatus) },
{ SEC_ASN1_GENERALIZED_TIME,
- offsetof(CERTOCSPSingleResponse, thisUpdate) },
+ offsetof(CERTOCSPSingleResponse, thisUpdate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CERTOCSPSingleResponse, nextUpdate),
- mySEC_PointerToGeneralizedTimeTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(CERTOCSPSingleResponse, nextUpdate),
+ mySEC_PointerToGeneralizedTimeTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(CERTOCSPSingleResponse, singleExtensions),
- myCERT_PointerToSequenceOfCertExtensionTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(CERTOCSPSingleResponse, singleExtensions),
+ myCERT_PointerToSequenceOfCertExtensionTemplate },
{ 0 }
};
static const SEC_ASN1Template ocsp_myResponseDataTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspResponseData) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspResponseData, version),
- mySEC_PointerToIntegerTemplate },
+ 0, NULL, sizeof(ocspResponseData) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(ocspResponseData, version),
+ mySEC_PointerToIntegerTemplate },
{ SEC_ASN1_ANY,
- offsetof(ocspResponseData, derResponderID) },
+ offsetof(ocspResponseData, derResponderID) },
{ SEC_ASN1_GENERALIZED_TIME,
- offsetof(ocspResponseData, producedAt) },
+ offsetof(ocspResponseData, producedAt) },
{ SEC_ASN1_SEQUENCE_OF,
- offsetof(ocspResponseData, responses),
- ocsp_mySingleResponseTemplate },
+ offsetof(ocspResponseData, responses),
+ ocsp_mySingleResponseTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
- offsetof(ocspResponseData, responseExtensions),
- myCERT_PointerToSequenceOfCertExtensionTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(ocspResponseData, responseExtensions),
+ myCERT_PointerToSequenceOfCertExtensionTemplate },
{ 0 }
};
-
static const SEC_ASN1Template ocsp_EncodeBasicOCSPResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(ocspBasicOCSPResponse) },
+ 0, NULL, sizeof(ocspBasicOCSPResponse) },
{ SEC_ASN1_POINTER,
- offsetof(ocspBasicOCSPResponse, tbsResponseData),
- ocsp_myResponseDataTemplate },
+ offsetof(ocspBasicOCSPResponse, tbsResponseData),
+ ocsp_myResponseDataTemplate },
{ SEC_ASN1_INLINE,
- offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
- mySECOID_AlgorithmIDTemplate },
+ offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
+ mySECOID_AlgorithmIDTemplate },
{ SEC_ASN1_BIT_STRING,
- offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
+ offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
- mySEC_PointerToSequenceOfAnyTemplate },
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
+ mySEC_PointerToSequenceOfAnyTemplate },
{ 0 }
};
-static CERTOCSPSingleResponse*
+static CERTOCSPSingleResponse *
ocsp_CreateSingleResponse(PLArenaPool *arena,
CERTOCSPCertID *id, ocspCertStatus *status,
PRTime thisUpdate, const PRTime *nextUpdate)
@@ -274,25 +273,25 @@
sr->arena = arena;
sr->certID = id;
sr->certStatus = status;
- if (DER_TimeToGeneralizedTimeArena(arena, &sr->thisUpdate, thisUpdate)
- != SECSuccess)
+ if (DER_TimeToGeneralizedTimeArena(arena, &sr->thisUpdate, thisUpdate) !=
+ SECSuccess)
return NULL;
sr->nextUpdate = NULL;
if (nextUpdate) {
sr->nextUpdate = SECITEM_AllocItem(arena, NULL, 0);
if (!sr->nextUpdate)
return NULL;
- if (DER_TimeToGeneralizedTimeArena(arena, sr->nextUpdate, *nextUpdate)
- != SECSuccess)
+ if (DER_TimeToGeneralizedTimeArena(arena, sr->nextUpdate, *nextUpdate) !=
+ SECSuccess)
return NULL;
}
- sr->singleExtensions = PORT_ArenaNewArray(arena, CERTCertExtension*, 1);
+ sr->singleExtensions = PORT_ArenaNewArray(arena, CERTCertExtension *, 1);
if (!sr->singleExtensions)
return NULL;
sr->singleExtensions[0] = NULL;
-
+
if (!SEC_ASN1EncodeItem(arena, &sr->derCertStatus,
status, ocsp_CertStatusTemplate))
return NULL;
@@ -300,13 +299,13 @@
return sr;
}
-CERTOCSPSingleResponse*
+CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseGood(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate)
{
- ocspCertStatus * cs;
+ ocspCertStatus *cs;
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
@@ -317,13 +316,13 @@
return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
}
-CERTOCSPSingleResponse*
+CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseUnknown(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate)
{
- ocspCertStatus * cs;
+ ocspCertStatus *cs;
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
@@ -334,16 +333,16 @@
return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
}
-CERTOCSPSingleResponse*
+CERTOCSPSingleResponse *
CERT_CreateOCSPSingleResponseRevoked(
PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate,
const PRTime *nextUpdate,
PRTime revocationTime,
- const CERTCRLEntryReasonCode* revocationReason)
+ const CERTCRLEntryReasonCode *revocationReason)
{
- ocspCertStatus * cs;
+ ocspCertStatus *cs;
/* revocationReason is not yet supported, so it must be NULL. */
if (!arena || revocationReason) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -357,7 +356,7 @@
/* responderCert == 0 means:
* create a response with an invalid signature (for testing purposes) */
-SECItem*
+SECItem *
CERT_CreateEncodedOCSPSuccessResponse(
PLArenaPool *arena,
CERTCertificate *responderCert,
@@ -373,12 +372,12 @@
ocspBasicOCSPResponse *br = NULL;
ocspResponseBytes *rb = NULL;
CERTOCSPResponse *response = NULL;
-
+
SECOidTag algID;
SECOidData *od = NULL;
SECKEYPrivateKey *privKey = NULL;
SECItem *result = NULL;
-
+
if (!arena || !responses) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
@@ -408,114 +407,112 @@
response = PORT_ArenaZNew(tmpArena, CERTOCSPResponse);
if (!response)
goto done;
-
- rd->version.data=NULL;
- rd->version.len=0;
+
+ rd->version.data = NULL;
+ rd->version.len = 0;
rd->responseExtensions = NULL;
rd->responses = responses;
- if (DER_TimeToGeneralizedTimeArena(tmpArena, &rd->producedAt, producedAt)
- != SECSuccess)
+ if (DER_TimeToGeneralizedTimeArena(tmpArena, &rd->producedAt, producedAt) !=
+ SECSuccess)
goto done;
if (!responderCert) {
- /* use invalid signature for testing purposes */
- unsigned char dummyChar = 'd';
- SECItem dummy;
+ /* use invalid signature for testing purposes */
+ unsigned char dummyChar = 'd';
+ SECItem dummy;
- dummy.len = 1;
- dummy.data = &dummyChar;
+ dummy.len = 1;
+ dummy.data = &dummyChar;
- /* it's easier to produdce a keyHash out of nowhere,
- * than to produce an encoded subject,
- * so for our dummy response we always use byKey
- */
-
- rid->responderIDType = ocspResponderID_byKey;
- if (!ocsp_DigestValue(tmpArena, SEC_OID_SHA1, &rid->responderIDValue.keyHash,
- &dummy))
- goto done;
+ /* it's easier to produdce a keyHash out of nowhere,
+ * than to produce an encoded subject,
+ * so for our dummy response we always use byKey
+ */
- if (!SEC_ASN1EncodeItem(tmpArena, &rd->derResponderID, rid,
- ocsp_ResponderIDByKeyTemplate))
- goto done;
+ rid->responderIDType = ocspResponderID_byKey;
+ if (!ocsp_DigestValue(tmpArena, SEC_OID_SHA1, &rid->responderIDValue.keyHash,
+ &dummy))
+ goto done;
- br->tbsResponseData = rd;
+ if (!SEC_ASN1EncodeItem(tmpArena, &rd->derResponderID, rid,
+ ocsp_ResponderIDByKeyTemplate))
+ goto done;
- if (!SEC_ASN1EncodeItem(tmpArena, &br->tbsResponseDataDER, br->tbsResponseData,
- ocsp_myResponseDataTemplate))
- goto done;
+ br->tbsResponseData = rd;
- br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem*, 1);
- if (!br->responseSignature.derCerts)
- goto done;
- br->responseSignature.derCerts[0] = NULL;
+ if (!SEC_ASN1EncodeItem(tmpArena, &br->tbsResponseDataDER, br->tbsResponseData,
+ ocsp_myResponseDataTemplate))
+ goto done;
- algID = SEC_GetSignatureAlgorithmOidTag(rsaKey, SEC_OID_SHA1);
- if (algID == SEC_OID_UNKNOWN)
- goto done;
+ br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem *, 1);
+ if (!br->responseSignature.derCerts)
+ goto done;
+ br->responseSignature.derCerts[0] = NULL;
- /* match the regular signature code, which doesn't use the arena */
- if (!SECITEM_AllocItem(NULL, &br->responseSignature.signature, 1))
- goto done;
- PORT_Memcpy(br->responseSignature.signature.data, &dummyChar, 1);
+ algID = SEC_GetSignatureAlgorithmOidTag(rsaKey, SEC_OID_SHA1);
+ if (algID == SEC_OID_UNKNOWN)
+ goto done;
- /* convert len-in-bytes to len-in-bits */
- br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
- }
- else {
- rid->responderIDType = responderIDType;
- if (responderIDType == ocspResponderID_byName) {
- responderIDTemplate = ocsp_ResponderIDByNameTemplate;
- if (CERT_CopyName(tmpArena, &rid->responderIDValue.name,
- &responderCert->subject) != SECSuccess)
- goto done;
- }
- else {
- responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
- if (!CERT_GetSubjectPublicKeyDigest(tmpArena, responderCert,
- SEC_OID_SHA1, &rid->responderIDValue.keyHash))
- goto done;
- }
+ /* match the regular signature code, which doesn't use the arena */
+ if (!SECITEM_AllocItem(NULL, &br->responseSignature.signature, 1))
+ goto done;
+ PORT_Memcpy(br->responseSignature.signature.data, &dummyChar, 1);
- if (!SEC_ASN1EncodeItem(tmpArena, &rd->derResponderID, rid,
- responderIDTemplate))
- goto done;
+ /* convert len-in-bytes to len-in-bits */
+ br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
+ } else {
+ rid->responderIDType = responderIDType;
+ if (responderIDType == ocspResponderID_byName) {
+ responderIDTemplate = ocsp_ResponderIDByNameTemplate;
+ if (CERT_CopyName(tmpArena, &rid->responderIDValue.name,
+ &responderCert->subject) != SECSuccess)
+ goto done;
+ } else {
+ responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
+ if (!CERT_GetSubjectPublicKeyDigest(tmpArena, responderCert,
+ SEC_OID_SHA1, &rid->responderIDValue.keyHash))
+ goto done;
+ }
- br->tbsResponseData = rd;
+ if (!SEC_ASN1EncodeItem(tmpArena, &rd->derResponderID, rid,
+ responderIDTemplate))
+ goto done;
- if (!SEC_ASN1EncodeItem(tmpArena, &br->tbsResponseDataDER, br->tbsResponseData,
- ocsp_myResponseDataTemplate))
- goto done;
+ br->tbsResponseData = rd;
- br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem*, 1);
- if (!br->responseSignature.derCerts)
- goto done;
- br->responseSignature.derCerts[0] = NULL;
+ if (!SEC_ASN1EncodeItem(tmpArena, &br->tbsResponseDataDER, br->tbsResponseData,
+ ocsp_myResponseDataTemplate))
+ goto done;
- privKey = PK11_FindKeyByAnyCert(responderCert, wincx);
- if (!privKey)
- goto done;
+ br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem *, 1);
+ if (!br->responseSignature.derCerts)
+ goto done;
+ br->responseSignature.derCerts[0] = NULL;
- algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, SEC_OID_SHA1);
- if (algID == SEC_OID_UNKNOWN)
- goto done;
+ privKey = PK11_FindKeyByAnyCert(responderCert, wincx);
+ if (!privKey)
+ goto done;
- if (SEC_SignData(&br->responseSignature.signature,
- br->tbsResponseDataDER.data, br->tbsResponseDataDER.len,
- privKey, algID)
- != SECSuccess)
- goto done;
+ algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, SEC_OID_SHA1);
+ if (algID == SEC_OID_UNKNOWN)
+ goto done;
- /* convert len-in-bytes to len-in-bits */
- br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
+ if (SEC_SignData(&br->responseSignature.signature,
+ br->tbsResponseDataDER.data, br->tbsResponseDataDER.len,
+ privKey, algID) !=
+ SECSuccess)
+ goto done;
- /* br->responseSignature.signature wasn't allocated from arena,
- * we must free it when done. */
+ /* convert len-in-bytes to len-in-bits */
+ br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
+
+ /* br->responseSignature.signature wasn't allocated from arena,
+ * we must free it when done. */
}
- if (SECOID_SetAlgorithmID(tmpArena, &br->responseSignature.signatureAlgorithm, algID, 0)
- != SECSuccess)
- goto done;
+ if (SECOID_SetAlgorithmID(tmpArena, &br->responseSignature.signatureAlgorithm, algID, 0) !=
+ SECSuccess)
+ goto done;
if (!SEC_ASN1EncodeItem(tmpArena, &rb->response, br,
ocsp_EncodeBasicOCSPResponseTemplate))
@@ -552,15 +549,15 @@
static const SEC_ASN1Template ocsp_OCSPErrorResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTOCSPResponse) },
+ 0, NULL, sizeof(CERTOCSPResponse) },
{ SEC_ASN1_ENUMERATED,
- offsetof(CERTOCSPResponse, responseStatus) },
+ offsetof(CERTOCSPResponse, responseStatus) },
{ 0, 0,
- mySEC_NullTemplate },
+ mySEC_NullTemplate },
{ 0 }
};
-SECItem*
+SECItem *
CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error)
{
CERTOCSPResponse response;
diff --git a/nss/lib/certhigh/ocspt.h b/nss/lib/certhigh/ocspt.h
index 888fd32..db429ff 100644
--- a/nss/lib/certhigh/ocspt.h
+++ b/nss/lib/certhigh/ocspt.h
@@ -46,8 +46,8 @@
* dependent, and should be opaque to the user.
*/
-typedef void * SEC_HTTP_SERVER_SESSION;
-typedef void * SEC_HTTP_REQUEST_SESSION;
+typedef void *SEC_HTTP_SERVER_SESSION;
+typedef void *SEC_HTTP_REQUEST_SESSION;
/*
* This function creates a SEC_HTTP_SERVER_SESSION object. The implementer of a
@@ -61,9 +61,9 @@
* after processing is finished.
*/
typedef SECStatus (*SEC_HttpServer_CreateSessionFcn)(
- const char *host,
- PRUint16 portnum,
- SEC_HTTP_SERVER_SESSION *pSession);
+ const char *host,
+ PRUint16 portnum,
+ SEC_HTTP_SERVER_SESSION *pSession);
/*
* This function is called to allow the implementation to attempt to keep
@@ -77,10 +77,10 @@
* SECWouldBlock and store a nonzero value at "pPollDesc". In that case
* the caller may wait on the poll descriptor, and should call this function
* again until SECSuccess (and a zero value at "pPollDesc") is obtained.
- */
+ */
typedef SECStatus (*SEC_HttpServer_KeepAliveSessionFcn)(
- SEC_HTTP_SERVER_SESSION session,
- PRPollDesc **pPollDesc);
+ SEC_HTTP_SERVER_SESSION session,
+ PRPollDesc **pPollDesc);
/*
* This function frees the client SEC_HTTP_SERVER_SESSION object, closes all
@@ -88,9 +88,9 @@
* frees any memory that was allocated by the client, and invalidates any
* response pointers that might have been returned by prior server or request
* functions.
- */
+ */
typedef SECStatus (*SEC_HttpServer_FreeSessionFcn)(
- SEC_HTTP_SERVER_SESSION session);
+ SEC_HTTP_SERVER_SESSION session);
/*
* This function creates a SEC_HTTP_REQUEST_SESSION object. The implementer of a
@@ -111,30 +111,30 @@
* after processing is finished.
*/
typedef SECStatus (*SEC_HttpRequest_CreateFcn)(
- SEC_HTTP_SERVER_SESSION session,
- const char *http_protocol_variant, /* usually "http" */
- const char *path_and_query_string,
- const char *http_request_method,
- const PRIntervalTime timeout,
- SEC_HTTP_REQUEST_SESSION *pRequest);
+ SEC_HTTP_SERVER_SESSION session,
+ const char *http_protocol_variant, /* usually "http" */
+ const char *path_and_query_string,
+ const char *http_request_method,
+ const PRIntervalTime timeout,
+ SEC_HTTP_REQUEST_SESSION *pRequest);
/*
* This function sets data to be sent to the server for an HTTP request
- * of http_request_method == POST. If a particular implementation
- * supports it, the details for the POST request can be set by calling
+ * of http_request_method == POST. If a particular implementation
+ * supports it, the details for the POST request can be set by calling
* this function, prior to activating the request with TrySendAndReceiveFcn.
*
- * An implementation that does not support the POST method should
+ * An implementation that does not support the POST method should
* implement a SetPostDataFcn function that returns immediately.
*
* Setting http_content_type is optional, the parameter may
* by NULL or the empty string.
- */
+ */
typedef SECStatus (*SEC_HttpRequest_SetPostDataFcn)(
- SEC_HTTP_REQUEST_SESSION request,
- const char *http_data,
- const PRUint32 http_data_len,
- const char *http_content_type);
+ SEC_HTTP_REQUEST_SESSION request,
+ const char *http_data,
+ const PRUint32 http_data_len,
+ const char *http_content_type);
/*
* This function sets an additional HTTP protocol request header.
@@ -144,11 +144,11 @@
*
* An implementation that does not support setting additional headers
* should implement an AddRequestHeaderFcn function that returns immediately.
- */
+ */
typedef SECStatus (*SEC_HttpRequest_AddHeaderFcn)(
- SEC_HTTP_REQUEST_SESSION request,
- const char *http_header_name,
- const char *http_header_value);
+ SEC_HTTP_REQUEST_SESSION request,
+ const char *http_header_name,
+ const char *http_header_value);
/*
* This function initiates or continues an HTTP request. After
@@ -180,10 +180,10 @@
* size, the function will return SECFailure.
* http_response_data_len will be set to a value different from zero to
* indicate the reason of the failure.
- * An out value of "0" means, the failure was unrelated to the
+ * An out value of "0" means, the failure was unrelated to the
* acceptable size.
* An out value of "1" means, the result data is larger than the
- * accpeptable size, but the real size is not yet known to the http client
+ * accpeptable size, but the real size is not yet known to the http client
* implementation and it stopped retrieving it,
* Any other out value combined with a return value of SECFailure
* will indicate the actual size of the server data.
@@ -195,64 +195,64 @@
* the completion of the operation.
*
* All returned pointers will be owned by the the HttpClient
- * implementation and will remain valid until the call to
+ * implementation and will remain valid until the call to
* SEC_HttpRequest_FreeFcn.
- */
+ */
typedef SECStatus (*SEC_HttpRequest_TrySendAndReceiveFcn)(
- SEC_HTTP_REQUEST_SESSION request,
- PRPollDesc **pPollDesc,
- PRUint16 *http_response_code,
- const char **http_response_content_type,
- const char **http_response_headers,
- const char **http_response_data,
- PRUint32 *http_response_data_len);
+ SEC_HTTP_REQUEST_SESSION request,
+ PRPollDesc **pPollDesc,
+ PRUint16 *http_response_code,
+ const char **http_response_content_type,
+ const char **http_response_headers,
+ const char **http_response_data,
+ PRUint32 *http_response_data_len);
/*
* Calling CancelFcn asks for premature termination of the request.
*
* Future calls to SEC_HttpRequest_TrySendAndReceive should
- * by avoided, but in this case the HttpClient implementation
+ * by avoided, but in this case the HttpClient implementation
* is expected to return immediately with SECFailure.
*
- * After calling CancelFcn, a separate call to SEC_HttpRequest_FreeFcn
+ * After calling CancelFcn, a separate call to SEC_HttpRequest_FreeFcn
* is still necessary to free resources.
- */
+ */
typedef SECStatus (*SEC_HttpRequest_CancelFcn)(
- SEC_HTTP_REQUEST_SESSION request);
+ SEC_HTTP_REQUEST_SESSION request);
/*
* Before calling this function, it must be assured the request
* has been completed, i.e. either SEC_HttpRequest_TrySendAndReceiveFcn has
* returned SECSuccess, or the request has been canceled with
* a call to SEC_HttpRequest_CancelFcn.
- *
- * This function frees the client state object, closes all sockets,
- * discards all partial results, frees any memory that was allocated
+ *
+ * This function frees the client state object, closes all sockets,
+ * discards all partial results, frees any memory that was allocated
* by the client, and invalidates all response pointers that might
* have been returned by SEC_HttpRequest_TrySendAndReceiveFcn
- */
+ */
typedef SECStatus (*SEC_HttpRequest_FreeFcn)(
- SEC_HTTP_REQUEST_SESSION request);
+ SEC_HTTP_REQUEST_SESSION request);
typedef struct SEC_HttpClientFcnV1Struct {
- SEC_HttpServer_CreateSessionFcn createSessionFcn;
- SEC_HttpServer_KeepAliveSessionFcn keepAliveSessionFcn;
- SEC_HttpServer_FreeSessionFcn freeSessionFcn;
- SEC_HttpRequest_CreateFcn createFcn;
- SEC_HttpRequest_SetPostDataFcn setPostDataFcn;
- SEC_HttpRequest_AddHeaderFcn addHeaderFcn;
- SEC_HttpRequest_TrySendAndReceiveFcn trySendAndReceiveFcn;
- SEC_HttpRequest_CancelFcn cancelFcn;
- SEC_HttpRequest_FreeFcn freeFcn;
+ SEC_HttpServer_CreateSessionFcn createSessionFcn;
+ SEC_HttpServer_KeepAliveSessionFcn keepAliveSessionFcn;
+ SEC_HttpServer_FreeSessionFcn freeSessionFcn;
+ SEC_HttpRequest_CreateFcn createFcn;
+ SEC_HttpRequest_SetPostDataFcn setPostDataFcn;
+ SEC_HttpRequest_AddHeaderFcn addHeaderFcn;
+ SEC_HttpRequest_TrySendAndReceiveFcn trySendAndReceiveFcn;
+ SEC_HttpRequest_CancelFcn cancelFcn;
+ SEC_HttpRequest_FreeFcn freeFcn;
} SEC_HttpClientFcnV1;
typedef struct SEC_HttpClientFcnStruct {
- PRInt16 version;
- union {
- SEC_HttpClientFcnV1 ftable1;
- /* SEC_HttpClientFcnV2 ftable2; */
- /* ... */
- } fcnTable;
+ PRInt16 version;
+ union {
+ SEC_HttpClientFcnV1 ftable1;
+ /* SEC_HttpClientFcnV2 ftable2; */
+ /* ... */
+ } fcnTable;
} SEC_HttpClientFcn;
/*
@@ -293,7 +293,7 @@
*/
typedef enum {
- ocspResponderID_other = -1, /* unknown kind of responderID */
+ ocspResponderID_other = -1, /* unknown kind of responderID */
ocspResponderID_byName = 1,
ocspResponderID_byKey = 2
} CERTOCSPResponderIDType;
diff --git a/nss/lib/certhigh/ocspti.h b/nss/lib/certhigh/ocspti.h
index a2b3852..d9297db 100644
--- a/nss/lib/certhigh/ocspti.h
+++ b/nss/lib/certhigh/ocspti.h
@@ -16,7 +16,6 @@
#include "seccomon.h"
#include "secoidt.h"
-
/*
* Some notes about naming conventions...
*
@@ -49,7 +48,6 @@
* way around (reference before definition).
*/
-
/*
* Forward-declarations of internal-only data structures.
*
@@ -67,12 +65,11 @@
typedef struct ocspSingleResponseStr ocspSingleResponse;
typedef struct ocspTBSRequestStr ocspTBSRequest;
-
/*
* An OCSPRequest; this is what is sent (encoded) to an OCSP responder.
*/
struct CERTOCSPRequestStr {
- PLArenaPool *arena; /* local; not part of encoding */
+ PLArenaPool *arena; /* local; not part of encoding */
ocspTBSRequest *tbsRequest;
ocspSignature *optionalSignature;
};
@@ -92,12 +89,12 @@
* in-progress extensions as they are optionally added to the request.
*/
struct ocspTBSRequestStr {
- SECItem version; /* an INTEGER */
- SECItem *derRequestorName; /* encoded GeneralName; see above */
- CERTGeneralNameList *requestorName; /* local; not part of encoding */
+ SECItem version; /* an INTEGER */
+ SECItem *derRequestorName; /* encoded GeneralName; see above */
+ CERTGeneralNameList *requestorName; /* local; not part of encoding */
ocspSingleRequest **requestList;
CERTCertExtension **requestExtensions;
- void *extensionHandle; /* local; not part of encoding */
+ void *extensionHandle; /* local; not part of encoding */
};
/*
@@ -124,12 +121,12 @@
*/
struct ocspSignatureStr {
SECAlgorithmID signatureAlgorithm;
- SECItem signature; /* a BIT STRING */
- SECItem **derCerts; /* a SEQUENCE OF Certificate */
- CERTCertificate *cert; /* local; not part of encoding */
- PRBool wasChecked; /* local; not part of encoding */
- SECStatus status; /* local; not part of encoding */
- int failureReason; /* local; not part of encoding */
+ SECItem signature; /* a BIT STRING */
+ SECItem **derCerts; /* a SEQUENCE OF Certificate */
+ CERTCertificate *cert; /* local; not part of encoding */
+ PRBool wasChecked; /* local; not part of encoding */
+ SECStatus status; /* local; not part of encoding */
+ int failureReason; /* local; not part of encoding */
};
/*
@@ -140,11 +137,11 @@
* but since that seemed confusing (vs. an OCSPRequest) and to be more
* consistent with the parallel type "SingleResponse", I called it a
* "SingleRequest".
- *
+ *
* XXX figure out how to get rid of that arena -- there must be a way
*/
struct ocspSingleRequestStr {
- PLArenaPool *arena; /* just a copy of the response arena,
+ PLArenaPool *arena; /* just a copy of the response arena,
* needed here for extension handling
* routines, on creation only */
CERTOCSPCertID *reqCert;
@@ -160,14 +157,14 @@
*/
struct CERTOCSPCertIDStr {
SECAlgorithmID hashAlgorithm;
- SECItem issuerNameHash; /* an OCTET STRING */
- SECItem issuerKeyHash; /* an OCTET STRING */
- SECItem serialNumber; /* an INTEGER */
- SECItem issuerSHA1NameHash; /* keep other hashes around when */
- SECItem issuerMD5NameHash; /* we have them */
+ SECItem issuerNameHash; /* an OCTET STRING */
+ SECItem issuerKeyHash; /* an OCTET STRING */
+ SECItem serialNumber; /* an INTEGER */
+ SECItem issuerSHA1NameHash; /* keep other hashes around when */
+ SECItem issuerMD5NameHash; /* we have them */
SECItem issuerMD2NameHash;
- SECItem issuerSHA1KeyHash; /* keep other hashes around when */
- SECItem issuerMD5KeyHash; /* we have them */
+ SECItem issuerSHA1KeyHash; /* keep other hashes around when */
+ SECItem issuerMD5KeyHash; /* we have them */
SECItem issuerMD2KeyHash;
PLArenaPool *poolp;
};
@@ -209,10 +206,10 @@
* type ocspResponseStatus.
*/
struct CERTOCSPResponseStr {
- PLArenaPool *arena; /* local; not part of encoding */
- SECItem responseStatus; /* an ENUMERATED, see above */
- ocspResponseStatus statusValue; /* local; not part of encoding */
- ocspResponseBytes *responseBytes; /* only when status is successful */
+ PLArenaPool *arena; /* local; not part of encoding */
+ SECItem responseStatus; /* an ENUMERATED, see above */
+ ocspResponseStatus statusValue; /* local; not part of encoding */
+ ocspResponseBytes *responseBytes; /* only when status is successful */
};
/*
@@ -230,12 +227,12 @@
* response types, just add them to the union.
*/
struct ocspResponseBytesStr {
- SECItem responseType; /* an OBJECT IDENTIFIER */
- SECOidTag responseTypeTag; /* local; not part of encoding */
- SECItem response; /* an OCTET STRING */
+ SECItem responseType; /* an OBJECT IDENTIFIER */
+ SECOidTag responseTypeTag; /* local; not part of encoding */
+ SECItem response; /* an OCTET STRING */
union {
- ocspBasicOCSPResponse *basic; /* when type is id-pkix-ocsp-basic */
- } decodedResponse; /* local; not part of encoding */
+ ocspBasicOCSPResponse *basic; /* when type is id-pkix-ocsp-basic */
+ } decodedResponse; /* local; not part of encoding */
};
/*
@@ -250,7 +247,7 @@
*/
struct ocspBasicOCSPResponseStr {
SECItem tbsResponseDataDER;
- ocspResponseData *tbsResponseData; /* "tbs" == To Be Signed */
+ ocspResponseData *tbsResponseData; /* "tbs" == To Be Signed */
ocspSignature responseSignature;
};
@@ -260,38 +257,38 @@
* (a per-certificate status).
*/
struct ocspResponseDataStr {
- SECItem version; /* an INTEGER */
+ SECItem version; /* an INTEGER */
SECItem derResponderID;
- ocspResponderID *responderID; /* local; not part of encoding */
- SECItem producedAt; /* a GeneralizedTime */
+ ocspResponderID *responderID; /* local; not part of encoding */
+ SECItem producedAt; /* a GeneralizedTime */
CERTOCSPSingleResponse **responses;
CERTCertExtension **responseExtensions;
};
struct ocspResponderIDStr {
- CERTOCSPResponderIDType responderIDType;/* local; not part of encoding */
+ CERTOCSPResponderIDType responderIDType; /* local; not part of encoding */
union {
- CERTName name; /* when ocspResponderID_byName */
- SECItem keyHash; /* when ocspResponderID_byKey */
- SECItem other; /* when ocspResponderID_other */
+ CERTName name; /* when ocspResponderID_byName */
+ SECItem keyHash; /* when ocspResponderID_byKey */
+ SECItem other; /* when ocspResponderID_other */
} responderIDValue;
};
/*
* The ResponseData in a BasicOCSPResponse contains a SEQUENCE OF
* SingleResponse -- one for each certificate whose status is being supplied.
- *
+ *
* XXX figure out how to get rid of that arena -- there must be a way
*/
struct CERTOCSPSingleResponseStr {
- PLArenaPool *arena; /* just a copy of the response arena,
+ PLArenaPool *arena; /* just a copy of the response arena,
* needed here for extension handling
* routines, on creation only */
CERTOCSPCertID *certID;
SECItem derCertStatus;
- ocspCertStatus *certStatus; /* local; not part of encoding */
- SECItem thisUpdate; /* a GeneralizedTime */
- SECItem *nextUpdate; /* a GeneralizedTime */
+ ocspCertStatus *certStatus; /* local; not part of encoding */
+ SECItem thisUpdate; /* a GeneralizedTime */
+ SECItem *nextUpdate; /* a GeneralizedTime */
CERTCertExtension **singleExtensions;
};
@@ -313,10 +310,10 @@
*/
typedef enum {
- ocspCertStatus_good, /* cert is not revoked */
- ocspCertStatus_revoked, /* cert is revoked */
- ocspCertStatus_unknown, /* cert was unknown to the responder */
- ocspCertStatus_other /* status was not an expected value */
+ ocspCertStatus_good, /* cert is not revoked */
+ ocspCertStatus_revoked, /* cert is revoked */
+ ocspCertStatus_unknown, /* cert was unknown to the responder */
+ ocspCertStatus_other /* status was not an expected value */
} ocspCertStatusType;
/*
@@ -327,13 +324,13 @@
* gives more detailed information.)
*/
struct ocspCertStatusStr {
- ocspCertStatusType certStatusType; /* local; not part of encoding */
+ ocspCertStatusType certStatusType; /* local; not part of encoding */
union {
- SECItem *goodInfo; /* when ocspCertStatus_good */
- ocspRevokedInfo *revokedInfo; /* when ocspCertStatus_revoked */
- SECItem *unknownInfo; /* when ocspCertStatus_unknown */
- SECItem *otherInfo; /* when ocspCertStatus_other */
- } certStatusInfo;
+ SECItem *goodInfo; /* when ocspCertStatus_good */
+ ocspRevokedInfo *revokedInfo; /* when ocspCertStatus_revoked */
+ SECItem *unknownInfo; /* when ocspCertStatus_unknown */
+ SECItem *otherInfo; /* when ocspCertStatus_other */
+ } certStatusInfo;
};
/*
@@ -341,8 +338,8 @@
* was revoked and why.
*/
struct ocspRevokedInfoStr {
- SECItem revocationTime; /* a GeneralizedTime */
- SECItem *revocationReason; /* a CRLReason; ignored for now */
+ SECItem revocationTime; /* a GeneralizedTime */
+ SECItem *revocationReason; /* a CRLReason; ignored for now */
};
/*
@@ -353,7 +350,7 @@
*/
struct ocspServiceLocatorStr {
CERTName *issuer;
- SECItem locator; /* DER encoded authInfoAccess extension from cert */
+ SECItem locator; /* DER encoded authInfoAccess extension from cert */
};
#endif /* _OCSPTI_H_ */
diff --git a/nss/lib/certhigh/xcrldist.c b/nss/lib/certhigh/xcrldist.c
index 291a9d8..4f74cdb 100644
--- a/nss/lib/certhigh/xcrldist.c
+++ b/nss/lib/certhigh/xcrldist.c
@@ -12,203 +12,201 @@
SEC_ASN1_MKSUB(SEC_AnyTemplate)
SEC_ASN1_MKSUB(SEC_BitStringTemplate)
-extern void PrepareBitStringForEncoding (SECItem *bitMap, SECItem *value);
+extern void PrepareBitStringForEncoding(SECItem *bitMap, SECItem *value);
static const SEC_ASN1Template FullNameTemplate[] = {
- {SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
- offsetof (CRLDistributionPoint,derFullName),
- CERT_GeneralNamesTemplate}
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
+ offsetof(CRLDistributionPoint, derFullName),
+ CERT_GeneralNamesTemplate }
};
static const SEC_ASN1Template RelativeNameTemplate[] = {
- {SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
- offsetof (CRLDistributionPoint,distPoint.relativeName),
- CERT_RDNTemplate}
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
+ offsetof(CRLDistributionPoint, distPoint.relativeName),
+ CERT_RDNTemplate }
};
static const SEC_ASN1Template DistributionPointNameTemplate[] = {
{ SEC_ASN1_CHOICE,
- offsetof(CRLDistributionPoint, distPointType), NULL,
- sizeof(CRLDistributionPoint) },
+ offsetof(CRLDistributionPoint, distPointType), NULL,
+ sizeof(CRLDistributionPoint) },
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
- offsetof (CRLDistributionPoint, derFullName),
- CERT_GeneralNamesTemplate, generalName },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
- offsetof (CRLDistributionPoint, distPoint.relativeName),
- CERT_RDNTemplate, relativeDistinguishedName },
+ offsetof(CRLDistributionPoint, derFullName),
+ CERT_GeneralNamesTemplate, generalName },
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
+ offsetof(CRLDistributionPoint, distPoint.relativeName),
+ CERT_RDNTemplate, relativeDistinguishedName },
{ 0 }
};
static const SEC_ASN1Template CRLDistributionPointTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRLDistributionPoint) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0,
- offsetof(CRLDistributionPoint,derDistPoint),
- SEC_ASN1_SUB(SEC_AnyTemplate)},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
- offsetof(CRLDistributionPoint,bitsmap),
- SEC_ASN1_SUB(SEC_BitStringTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_CONSTRUCTED | 2,
- offsetof(CRLDistributionPoint, derCrlIssuer),
- CERT_GeneralNamesTemplate},
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0,
+ offsetof(CRLDistributionPoint, derDistPoint),
+ SEC_ASN1_SUB(SEC_AnyTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+ offsetof(CRLDistributionPoint, bitsmap),
+ SEC_ASN1_SUB(SEC_BitStringTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_CONSTRUCTED | 2,
+ offsetof(CRLDistributionPoint, derCrlIssuer),
+ CERT_GeneralNamesTemplate },
{ 0 }
};
const SEC_ASN1Template CERTCRLDistributionPointsTemplate[] = {
- {SEC_ASN1_SEQUENCE_OF, 0, CRLDistributionPointTemplate}
+ { SEC_ASN1_SEQUENCE_OF, 0, CRLDistributionPointTemplate }
};
SECStatus
-CERT_EncodeCRLDistributionPoints (PLArenaPool *arena,
- CERTCrlDistributionPoints *value,
- SECItem *derValue)
+CERT_EncodeCRLDistributionPoints(PLArenaPool *arena,
+ CERTCrlDistributionPoints *value,
+ SECItem *derValue)
{
CRLDistributionPoint **pointList, *point;
PLArenaPool *ourPool = NULL;
SECStatus rv = SECSuccess;
- PORT_Assert (derValue);
- PORT_Assert (value && value->distPoints);
+ PORT_Assert(derValue);
+ PORT_Assert(value && value->distPoints);
do {
- ourPool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (ourPool == NULL) {
- rv = SECFailure;
- break;
- }
-
- pointList = value->distPoints;
- while (*pointList) {
- point = *pointList;
- point->derFullName = NULL;
- point->derDistPoint.data = NULL;
+ ourPool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+ if (ourPool == NULL) {
+ rv = SECFailure;
+ break;
+ }
- switch (point->distPointType) {
- case generalName:
- point->derFullName = cert_EncodeGeneralNames
- (ourPool, point->distPoint.fullName);
-
- if (!point->derFullName ||
- !SEC_ASN1EncodeItem (ourPool, &point->derDistPoint,
- point, FullNameTemplate))
- rv = SECFailure;
- break;
+ pointList = value->distPoints;
+ while (*pointList) {
+ point = *pointList;
+ point->derFullName = NULL;
+ point->derDistPoint.data = NULL;
- case relativeDistinguishedName:
- if (!SEC_ASN1EncodeItem(ourPool, &point->derDistPoint,
- point, RelativeNameTemplate))
- rv = SECFailure;
- break;
+ switch (point->distPointType) {
+ case generalName:
+ point->derFullName = cert_EncodeGeneralNames(ourPool, point->distPoint.fullName);
- default:
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- rv = SECFailure;
- break;
- }
+ if (!point->derFullName ||
+ !SEC_ASN1EncodeItem(ourPool, &point->derDistPoint,
+ point, FullNameTemplate))
+ rv = SECFailure;
+ break;
- if (rv != SECSuccess)
- break;
+ case relativeDistinguishedName:
+ if (!SEC_ASN1EncodeItem(ourPool, &point->derDistPoint,
+ point, RelativeNameTemplate))
+ rv = SECFailure;
+ break;
- if (point->reasons.data)
- PrepareBitStringForEncoding (&point->bitsmap, &point->reasons);
+ default:
+ PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+ rv = SECFailure;
+ break;
+ }
- if (point->crlIssuer) {
- point->derCrlIssuer = cert_EncodeGeneralNames
- (ourPool, point->crlIssuer);
- if (!point->derCrlIssuer) {
- rv = SECFailure;
- break;
- }
- }
- ++pointList;
- }
- if (rv != SECSuccess)
- break;
- if (!SEC_ASN1EncodeItem(arena, derValue, value,
- CERTCRLDistributionPointsTemplate)) {
- rv = SECFailure;
- break;
- }
+ if (rv != SECSuccess)
+ break;
+
+ if (point->reasons.data)
+ PrepareBitStringForEncoding(&point->bitsmap, &point->reasons);
+
+ if (point->crlIssuer) {
+ point->derCrlIssuer = cert_EncodeGeneralNames(ourPool, point->crlIssuer);
+ if (!point->derCrlIssuer) {
+ rv = SECFailure;
+ break;
+ }
+ }
+ ++pointList;
+ }
+ if (rv != SECSuccess)
+ break;
+ if (!SEC_ASN1EncodeItem(arena, derValue, value,
+ CERTCRLDistributionPointsTemplate)) {
+ rv = SECFailure;
+ break;
+ }
} while (0);
- PORT_FreeArena (ourPool, PR_FALSE);
+ PORT_FreeArena(ourPool, PR_FALSE);
return rv;
}
CERTCrlDistributionPoints *
-CERT_DecodeCRLDistributionPoints (PLArenaPool *arena, SECItem *encodedValue)
+CERT_DecodeCRLDistributionPoints(PLArenaPool *arena, SECItem *encodedValue)
{
- CERTCrlDistributionPoints *value = NULL;
- CRLDistributionPoint **pointList, *point;
- SECStatus rv = SECSuccess;
- SECItem newEncodedValue;
+ CERTCrlDistributionPoints *value = NULL;
+ CRLDistributionPoint **pointList, *point;
+ SECStatus rv = SECSuccess;
+ SECItem newEncodedValue;
- PORT_Assert (arena);
- do {
- value = PORT_ArenaZNew(arena, CERTCrlDistributionPoints);
- if (value == NULL) {
- rv = SECFailure;
- break;
- }
+ PORT_Assert(arena);
+ do {
+ value = PORT_ArenaZNew(arena, CERTCrlDistributionPoints);
+ if (value == NULL) {
+ rv = SECFailure;
+ break;
+ }
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
if (rv != SECSuccess)
- break;
+ break;
- rv = SEC_QuickDERDecodeItem(arena, &value->distPoints,
- CERTCRLDistributionPointsTemplate, &newEncodedValue);
- if (rv != SECSuccess)
- break;
+ rv = SEC_QuickDERDecodeItem(arena, &value->distPoints,
+ CERTCRLDistributionPointsTemplate, &newEncodedValue);
+ if (rv != SECSuccess)
+ break;
- pointList = value->distPoints;
- while (NULL != (point = *pointList)) {
+ pointList = value->distPoints;
+ while (NULL != (point = *pointList)) {
- /* get the data if the distributionPointName is not omitted */
- if (point->derDistPoint.data != NULL) {
- rv = SEC_QuickDERDecodeItem(arena, point,
- DistributionPointNameTemplate, &(point->derDistPoint));
- if (rv != SECSuccess)
- break;
+ /* get the data if the distributionPointName is not omitted */
+ if (point->derDistPoint.data != NULL) {
+ rv = SEC_QuickDERDecodeItem(arena, point,
+ DistributionPointNameTemplate, &(point->derDistPoint));
+ if (rv != SECSuccess)
+ break;
- switch (point->distPointType) {
- case generalName:
- point->distPoint.fullName =
- cert_DecodeGeneralNames(arena, point->derFullName);
- rv = point->distPoint.fullName ? SECSuccess : SECFailure;
- break;
+ switch (point->distPointType) {
+ case generalName:
+ point->distPoint.fullName =
+ cert_DecodeGeneralNames(arena, point->derFullName);
+ rv = point->distPoint.fullName ? SECSuccess : SECFailure;
+ break;
- case relativeDistinguishedName:
- break;
+ case relativeDistinguishedName:
+ break;
- default:
- PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
- rv = SECFailure;
- break;
- } /* end switch */
- if (rv != SECSuccess)
- break;
- } /* end if */
+ default:
+ PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+ rv = SECFailure;
+ break;
+ } /* end switch */
+ if (rv != SECSuccess)
+ break;
+ } /* end if */
- /* Get the reason code if it's not omitted in the encoding */
- if (point->bitsmap.data != NULL) {
- SECItem bitsmap = point->bitsmap;
- DER_ConvertBitString(&bitsmap);
- rv = SECITEM_CopyItem(arena, &point->reasons, &bitsmap);
- if (rv != SECSuccess)
- break;
- }
+ /* Get the reason code if it's not omitted in the encoding */
+ if (point->bitsmap.data != NULL) {
+ SECItem bitsmap = point->bitsmap;
+ DER_ConvertBitString(&bitsmap);
+ rv = SECITEM_CopyItem(arena, &point->reasons, &bitsmap);
+ if (rv != SECSuccess)
+ break;
+ }
- /* Get the crl issuer name if it's not omitted in the encoding */
- if (point->derCrlIssuer != NULL) {
- point->crlIssuer = cert_DecodeGeneralNames(arena,
- point->derCrlIssuer);
- if (!point->crlIssuer)
- break;
- }
- ++pointList;
- } /* end while points remain */
- } while (0);
- return (rv == SECSuccess ? value : NULL);
+ /* Get the crl issuer name if it's not omitted in the encoding */
+ if (point->derCrlIssuer != NULL) {
+ point->crlIssuer = cert_DecodeGeneralNames(arena,
+ point->derCrlIssuer);
+ if (!point->crlIssuer)
+ break;
+ }
+ ++pointList;
+ } /* end while points remain */
+ } while (0);
+ return (rv == SECSuccess ? value : NULL);
}
diff --git a/nss/lib/ckfw/builtins/anchor.c b/nss/lib/ckfw/builtins/anchor.c
index 51b4a56..af21c6a 100644
--- a/nss/lib/ckfw/builtins/anchor.c
+++ b/nss/lib/ckfw/builtins/anchor.c
@@ -6,7 +6,7 @@
* builtins/anchor.c
*
* This file "anchors" the actual cryptoki entry points in this module's
- * shared library, which is required for dynamic loading. See the
+ * shared library, which is required for dynamic loading. See the
* comments in nssck.api for more information.
*/
diff --git a/nss/lib/ckfw/builtins/bfind.c b/nss/lib/ckfw/builtins/bfind.c
index df35ed8..3e5da1a 100644
--- a/nss/lib/ckfw/builtins/bfind.c
+++ b/nss/lib/ckfw/builtins/bfind.c
@@ -14,258 +14,248 @@
*/
struct builtinsFOStr {
- NSSArena *arena;
- CK_ULONG n;
- CK_ULONG i;
- builtinsInternalObject **objs;
+ NSSArena *arena;
+ CK_ULONG n;
+ CK_ULONG i;
+ builtinsInternalObject **objs;
};
static void
-builtins_mdFindObjects_Final
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdFindObjects_Final(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
- NSSArena *arena = fo->arena;
+ struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
+ NSSArena *arena = fo->arena;
- nss_ZFreeIf(fo->objs);
- nss_ZFreeIf(fo);
- nss_ZFreeIf(mdFindObjects);
- if ((NSSArena *)NULL != arena) {
- NSSArena_Destroy(arena);
- }
+ nss_ZFreeIf(fo->objs);
+ nss_ZFreeIf(fo);
+ nss_ZFreeIf(mdFindObjects);
+ if ((NSSArena *)NULL != arena) {
+ NSSArena_Destroy(arena);
+ }
- return;
+ return;
}
static NSSCKMDObject *
-builtins_mdFindObjects_Next
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
+builtins_mdFindObjects_Next(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError)
{
- struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
- builtinsInternalObject *io;
+ struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
+ builtinsInternalObject *io;
- if( fo->i == fo->n ) {
- *pError = CKR_OK;
- return (NSSCKMDObject *)NULL;
- }
+ if (fo->i == fo->n) {
+ *pError = CKR_OK;
+ return (NSSCKMDObject *)NULL;
+ }
- io = fo->objs[ fo->i ];
- fo->i++;
+ io = fo->objs[fo->i];
+ fo->i++;
- return nss_builtins_CreateMDObject(arena, io, pError);
+ return nss_builtins_CreateMDObject(arena, io, pError);
}
static int
-builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) {
+builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest)
+{
unsigned char *start = src;
int len = 0;
- if (*src ++ != 2) {
- return 0;
+ if (*src++ != 2) {
+ return 0;
}
len = *src++;
if (len & 0x80) {
- int count = len & 0x7f;
- len =0;
+ int count = len & 0x7f;
+ len = 0;
- if (count+2 > size) {
- return 0;
- }
- while (count-- > 0) {
- len = (len << 8) | *src++;
- }
+ if (count + 2 > size) {
+ return 0;
+ }
+ while (count-- > 0) {
+ len = (len << 8) | *src++;
+ }
}
- if (len + (src-start) != size) {
- return 0;
+ if (len + (src - start) != size) {
+ return 0;
}
*dest = src;
return len;
}
static CK_BBOOL
-builtins_attrmatch
-(
- CK_ATTRIBUTE_PTR a,
- const NSSItem *b
-)
+builtins_attrmatch(
+ CK_ATTRIBUTE_PTR a,
+ const NSSItem *b)
{
- PRBool prb;
+ PRBool prb;
- if( a->ulValueLen != b->size ) {
- /* match a decoded serial number */
- if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
- int len;
- unsigned char *data = NULL;
+ if (a->ulValueLen != b->size) {
+ /* match a decoded serial number */
+ if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
+ int len;
+ unsigned char *data = NULL;
- len = builtins_derUnwrapInt(b->data,b->size,&data);
- if (data &&
- (len == a->ulValueLen) &&
- nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
- return CK_TRUE;
- }
+ len = builtins_derUnwrapInt(b->data, b->size, &data);
+ if (data &&
+ (len == a->ulValueLen) &&
+ nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+ return CK_TRUE;
+ }
+ }
+ return CK_FALSE;
}
- return CK_FALSE;
- }
- prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
+ prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
- if( PR_TRUE == prb ) {
- return CK_TRUE;
- } else {
- return CK_FALSE;
- }
+ if (PR_TRUE == prb) {
+ return CK_TRUE;
+ } else {
+ return CK_FALSE;
+ }
}
-
static CK_BBOOL
-builtins_match
-(
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- builtinsInternalObject *o
-)
+builtins_match(
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ builtinsInternalObject *o)
{
- CK_ULONG i;
+ CK_ULONG i;
- for( i = 0; i < ulAttributeCount; i++ ) {
- CK_ULONG j;
+ for (i = 0; i < ulAttributeCount; i++) {
+ CK_ULONG j;
- for( j = 0; j < o->n; j++ ) {
- if( o->types[j] == pTemplate[i].type ) {
- if( CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j]) ) {
- return CK_FALSE;
- } else {
- break;
+ for (j = 0; j < o->n; j++) {
+ if (o->types[j] == pTemplate[i].type) {
+ if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) {
+ return CK_FALSE;
+ } else {
+ break;
+ }
+ }
}
- }
+
+ if (j == o->n) {
+ /* Loop ran to the end: no matching attribute */
+ return CK_FALSE;
+ }
}
- if( j == o->n ) {
- /* Loop ran to the end: no matching attribute */
- return CK_FALSE;
- }
- }
-
- /* Every attribute passed */
- return CK_TRUE;
+ /* Every attribute passed */
+ return CK_TRUE;
}
NSS_IMPLEMENT NSSCKMDFindObjects *
-nss_builtins_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nss_builtins_FindObjectsInit(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- /* This could be made more efficient. I'm rather rushed. */
- NSSArena *arena;
- NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
- struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
+ /* This could be made more efficient. I'm rather rushed. */
+ NSSArena *arena;
+ NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
+ struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
- /*
+/*
* 99% of the time we get 0 or 1 matches. So we start with a small
* stack-allocated array to hold the matches and switch to a heap-allocated
* array later if the number of matches exceeds STACK_BUF_LENGTH.
*/
- #define STACK_BUF_LENGTH 1
- builtinsInternalObject *stackTemp[STACK_BUF_LENGTH];
- builtinsInternalObject **temp = stackTemp;
- PRBool tempIsHeapAllocated = PR_FALSE;
- PRUint32 i;
+#define STACK_BUF_LENGTH 1
+ builtinsInternalObject *stackTemp[STACK_BUF_LENGTH];
+ builtinsInternalObject **temp = stackTemp;
+ PRBool tempIsHeapAllocated = PR_FALSE;
+ PRUint32 i;
- arena = NSSArena_Create();
- if( (NSSArena *)NULL == arena ) {
- goto loser;
- }
-
- rv = nss_ZNEW(arena, NSSCKMDFindObjects);
- if( (NSSCKMDFindObjects *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fo = nss_ZNEW(arena, struct builtinsFOStr);
- if( (struct builtinsFOStr *)NULL == fo ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fo->arena = arena;
- /* fo->n and fo->i are already zero */
-
- rv->etc = (void *)fo;
- rv->Final = builtins_mdFindObjects_Final;
- rv->Next = builtins_mdFindObjects_Next;
- rv->null = (void *)NULL;
-
- for( i = 0; i < nss_builtins_nObjects; i++ ) {
- builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
-
- if( CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o) ) {
- if( fo->n == STACK_BUF_LENGTH ) {
- /* Switch from the small stack array to a heap-allocated array large
- * enough to handle matches in all remaining cases. */
- temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
- fo->n + nss_builtins_nObjects - i);
- if( (builtinsInternalObject **)NULL == temp ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
- tempIsHeapAllocated = PR_TRUE;
- (void)nsslibc_memcpy(temp, stackTemp,
- sizeof(builtinsInternalObject *) * fo->n);
- }
-
- temp[ fo->n ] = o;
- fo->n++;
+ arena = NSSArena_Create();
+ if ((NSSArena *)NULL == arena) {
+ goto loser;
}
- }
- fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n);
- if( (builtinsInternalObject **)NULL == fo->objs ) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
+ rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+ if ((NSSCKMDFindObjects *)NULL == rv) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
- (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n);
- if (tempIsHeapAllocated) {
- nss_ZFreeIf(temp);
- temp = (builtinsInternalObject **)NULL;
- }
+ fo = nss_ZNEW(arena, struct builtinsFOStr);
+ if ((struct builtinsFOStr *)NULL == fo) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
- return rv;
+ fo->arena = arena;
+ /* fo->n and fo->i are already zero */
- loser:
- if (tempIsHeapAllocated) {
- nss_ZFreeIf(temp);
- }
- nss_ZFreeIf(fo);
- nss_ZFreeIf(rv);
- if ((NSSArena *)NULL != arena) {
- NSSArena_Destroy(arena);
- }
- return (NSSCKMDFindObjects *)NULL;
+ rv->etc = (void *)fo;
+ rv->Final = builtins_mdFindObjects_Final;
+ rv->Next = builtins_mdFindObjects_Next;
+ rv->null = (void *)NULL;
+
+ for (i = 0; i < nss_builtins_nObjects; i++) {
+ builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
+
+ if (CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o)) {
+ if (fo->n == STACK_BUF_LENGTH) {
+ /* Switch from the small stack array to a heap-allocated array large
+ * enough to handle matches in all remaining cases. */
+ temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
+ fo->n + nss_builtins_nObjects - i);
+ if ((builtinsInternalObject **)NULL == temp) {
+ *pError =
+ CKR_HOST_MEMORY;
+ goto loser;
+ }
+ tempIsHeapAllocated = PR_TRUE;
+ (void)nsslibc_memcpy(temp, stackTemp,
+ sizeof(builtinsInternalObject *) * fo->n);
+ }
+
+ temp[fo->n] = o;
+ fo->n++;
+ }
+ }
+
+ fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n);
+ if ((builtinsInternalObject **)NULL == fo->objs) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
+
+ (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n);
+ if (tempIsHeapAllocated) {
+ nss_ZFreeIf(temp);
+ temp = (builtinsInternalObject **)NULL;
+ }
+
+ return rv;
+
+loser:
+ if (tempIsHeapAllocated) {
+ nss_ZFreeIf(temp);
+ }
+ nss_ZFreeIf(fo);
+ nss_ZFreeIf(rv);
+ if ((NSSArena *)NULL != arena) {
+ NSSArena_Destroy(arena);
+ }
+ return (NSSCKMDFindObjects *)NULL;
}
-
diff --git a/nss/lib/ckfw/builtins/binst.c b/nss/lib/ckfw/builtins/binst.c
index 8cb057d..ca1dac8 100644
--- a/nss/lib/ckfw/builtins/binst.c
+++ b/nss/lib/ckfw/builtins/binst.c
@@ -7,7 +7,7 @@
/*
* builtins/instance.c
*
- * This file implements the NSSCKMDInstance object for the
+ * This file implements the NSSCKMDInstance object for the
* "builtin objects" cryptoki module.
*/
@@ -16,84 +16,72 @@
*/
static CK_ULONG
-builtins_mdInstance_GetNSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdInstance_GetNSlots(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (CK_ULONG)1;
+ return (CK_ULONG)1;
}
static CK_VERSION
-builtins_mdInstance_GetCryptokiVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdInstance_GetCryptokiVersion(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_CryptokiVersion;
+ return nss_builtins_CryptokiVersion;
}
static NSSUTF8 *
-builtins_mdInstance_GetManufacturerID
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdInstance_GetManufacturerID(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_ManufacturerID;
+ return (NSSUTF8 *)nss_builtins_ManufacturerID;
}
static NSSUTF8 *
-builtins_mdInstance_GetLibraryDescription
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdInstance_GetLibraryDescription(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_LibraryDescription;
+ return (NSSUTF8 *)nss_builtins_LibraryDescription;
}
static CK_VERSION
-builtins_mdInstance_GetLibraryVersion
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdInstance_GetLibraryVersion(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
#define NSS_VERSION_VARIABLE __nss_builtins_version
#include "verref.h"
- return nss_builtins_LibraryVersion;
+ return nss_builtins_LibraryVersion;
}
static CK_RV
-builtins_mdInstance_GetSlots
-(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *slots[]
-)
+builtins_mdInstance_GetSlots(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDSlot *slots[])
{
- slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot;
- return CKR_OK;
+ slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot;
+ return CKR_OK;
}
const NSSCKMDInstance
-nss_builtins_mdInstance = {
- (void *)NULL, /* etc */
- NULL, /* Initialize */
- NULL, /* Finalize */
- builtins_mdInstance_GetNSlots,
- builtins_mdInstance_GetCryptokiVersion,
- builtins_mdInstance_GetManufacturerID,
- builtins_mdInstance_GetLibraryDescription,
- builtins_mdInstance_GetLibraryVersion,
- NULL, /* ModuleHandlesSessionObjects -- defaults to false */
- builtins_mdInstance_GetSlots,
- NULL, /* WaitForSlotEvent */
- (void *)NULL /* null terminator */
-};
+ nss_builtins_mdInstance = {
+ (void *)NULL, /* etc */
+ NULL, /* Initialize */
+ NULL, /* Finalize */
+ builtins_mdInstance_GetNSlots,
+ builtins_mdInstance_GetCryptokiVersion,
+ builtins_mdInstance_GetManufacturerID,
+ builtins_mdInstance_GetLibraryDescription,
+ builtins_mdInstance_GetLibraryVersion,
+ NULL, /* ModuleHandlesSessionObjects -- defaults to false */
+ builtins_mdInstance_GetSlots,
+ NULL, /* WaitForSlotEvent */
+ (void *)NULL /* null terminator */
+ };
diff --git a/nss/lib/ckfw/builtins/bobject.c b/nss/lib/ckfw/builtins/bobject.c
index 55876c0..1c0babd 100644
--- a/nss/lib/ckfw/builtins/bobject.c
+++ b/nss/lib/ckfw/builtins/bobject.c
@@ -24,199 +24,183 @@
*/
static CK_RV
-builtins_mdObject_Destroy
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdObject_Destroy(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return CKR_SESSION_READ_ONLY;
+ return CKR_SESSION_READ_ONLY;
}
static CK_BBOOL
-builtins_mdObject_IsTokenObject
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdObject_IsTokenObject(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return CK_TRUE;
+ return CK_TRUE;
}
static CK_ULONG
-builtins_mdObject_GetAttributeCount
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdObject_GetAttributeCount(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- return io->n;
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ return io->n;
}
static CK_RV
-builtins_mdObject_GetAttributeTypes
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
+builtins_mdObject_GetAttributeTypes(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount)
{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ CK_ULONG i;
- if( io->n != ulCount ) {
- return CKR_BUFFER_TOO_SMALL;
- }
+ if (io->n != ulCount) {
+ return CKR_BUFFER_TOO_SMALL;
+ }
- for( i = 0; i < io->n; i++ ) {
- typeArray[i] = io->types[i];
- }
+ for (i = 0; i < io->n; i++) {
+ typeArray[i] = io->types[i];
+ }
- return CKR_OK;
+ return CKR_OK;
}
static CK_ULONG
-builtins_mdObject_GetAttributeSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+builtins_mdObject_GetAttributeSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ CK_ULONG i;
- for( i = 0; i < io->n; i++ ) {
- if( attribute == io->types[i] ) {
- return (CK_ULONG)(io->items[i].size);
+ for (i = 0; i < io->n; i++) {
+ if (attribute == io->types[i]) {
+ return (CK_ULONG)(io->items[i].size);
+ }
}
- }
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return 0;
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+ return 0;
}
static NSSCKFWItem
-builtins_mdObject_GetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+builtins_mdObject_GetAttribute(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
- NSSCKFWItem mdItem;
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
+ NSSCKFWItem mdItem;
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ CK_ULONG i;
- mdItem.needsFreeing = PR_FALSE;
- mdItem.item = (NSSItem*) NULL;
+ mdItem.needsFreeing = PR_FALSE;
+ mdItem.item = (NSSItem *)NULL;
- for( i = 0; i < io->n; i++ ) {
- if( attribute == io->types[i] ) {
- mdItem.item = (NSSItem*) &io->items[i];
- return mdItem;
+ for (i = 0; i < io->n; i++) {
+ if (attribute == io->types[i]) {
+ mdItem.item = (NSSItem *)&io->items[i];
+ return mdItem;
+ }
}
- }
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return mdItem;
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+ return mdItem;
}
static CK_ULONG
-builtins_mdObject_GetObjectSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdObject_GetObjectSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
- CK_ULONG i;
- CK_ULONG rv = sizeof(CK_ULONG);
+ builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+ CK_ULONG i;
+ CK_ULONG rv = sizeof(CK_ULONG);
- for( i = 0; i < io->n; i++ ) {
- rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size;
- }
+ for (i = 0; i < io->n; i++) {
+ rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size;
+ }
- return rv;
+ return rv;
}
static const NSSCKMDObject
-builtins_prototype_mdObject = {
- (void *)NULL, /* etc */
- NULL, /* Finalize */
- builtins_mdObject_Destroy,
- builtins_mdObject_IsTokenObject,
- builtins_mdObject_GetAttributeCount,
- builtins_mdObject_GetAttributeTypes,
- builtins_mdObject_GetAttributeSize,
- builtins_mdObject_GetAttribute,
- NULL, /* FreeAttribute */
- NULL, /* SetAttribute */
- builtins_mdObject_GetObjectSize,
- (void *)NULL /* null terminator */
-};
+ builtins_prototype_mdObject = {
+ (void *)NULL, /* etc */
+ NULL, /* Finalize */
+ builtins_mdObject_Destroy,
+ builtins_mdObject_IsTokenObject,
+ builtins_mdObject_GetAttributeCount,
+ builtins_mdObject_GetAttributeTypes,
+ builtins_mdObject_GetAttributeSize,
+ builtins_mdObject_GetAttribute,
+ NULL, /* FreeAttribute */
+ NULL, /* SetAttribute */
+ builtins_mdObject_GetObjectSize,
+ (void *)NULL /* null terminator */
+ };
NSS_IMPLEMENT NSSCKMDObject *
-nss_builtins_CreateMDObject
-(
- NSSArena *arena,
- builtinsInternalObject *io,
- CK_RV *pError
-)
+nss_builtins_CreateMDObject(
+ NSSArena *arena,
+ builtinsInternalObject *io,
+ CK_RV *pError)
{
- if ( (void*)NULL == io->mdObject.etc) {
- (void) nsslibc_memcpy(&io->mdObject,&builtins_prototype_mdObject,
- sizeof(builtins_prototype_mdObject));
- io->mdObject.etc = (void *)io;
- }
+ if ((void *)NULL == io->mdObject.etc) {
+ (void)nsslibc_memcpy(&io->mdObject, &builtins_prototype_mdObject,
+ sizeof(builtins_prototype_mdObject));
+ io->mdObject.etc = (void *)io;
+ }
- return &io->mdObject;
+ return &io->mdObject;
}
diff --git a/nss/lib/ckfw/builtins/bsession.c b/nss/lib/ckfw/builtins/bsession.c
index 6705bfc..6828a49 100644
--- a/nss/lib/ckfw/builtins/bsession.c
+++ b/nss/lib/ckfw/builtins/bsession.c
@@ -7,69 +7,65 @@
/*
* builtins/session.c
*
- * This file implements the NSSCKMDSession object for the
+ * This file implements the NSSCKMDSession object for the
* "builtin objects" cryptoki module.
*/
static NSSCKMDFindObjects *
-builtins_mdSession_FindObjectsInit
-(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+builtins_mdSession_FindObjectsInit(
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
+ return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
}
NSS_IMPLEMENT NSSCKMDSession *
-nss_builtins_CreateSession
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
+nss_builtins_CreateSession(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError)
{
- NSSArena *arena;
- NSSCKMDSession *rv;
+ NSSArena *arena;
+ NSSCKMDSession *rv;
- arena = NSSCKFWSession_GetArena(fwSession, pError);
- if( (NSSArena *)NULL == arena ) {
- return (NSSCKMDSession *)NULL;
- }
+ arena = NSSCKFWSession_GetArena(fwSession, pError);
+ if ((NSSArena *)NULL == arena) {
+ return (NSSCKMDSession *)NULL;
+ }
- rv = nss_ZNEW(arena, NSSCKMDSession);
- if( (NSSCKMDSession *)NULL == rv ) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDSession *)NULL;
- }
+ rv = nss_ZNEW(arena, NSSCKMDSession);
+ if ((NSSCKMDSession *)NULL == rv) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKMDSession *)NULL;
+ }
- /*
- * rv was zeroed when allocated, so we only
- * need to set the non-zero members.
- */
+ /*
+ * rv was zeroed when allocated, so we only
+ * need to set the non-zero members.
+ */
- rv->etc = (void *)fwSession;
- /* rv->Close */
- /* rv->GetDeviceError */
- /* rv->Login */
- /* rv->Logout */
- /* rv->InitPIN */
- /* rv->SetPIN */
- /* rv->GetOperationStateLen */
- /* rv->GetOperationState */
- /* rv->SetOperationState */
- /* rv->CreateObject */
- /* rv->CopyObject */
- rv->FindObjectsInit = builtins_mdSession_FindObjectsInit;
- /* rv->SeedRandom */
- /* rv->GetRandom */
- /* rv->null */
+ rv->etc = (void *)fwSession;
+ /* rv->Close */
+ /* rv->GetDeviceError */
+ /* rv->Login */
+ /* rv->Logout */
+ /* rv->InitPIN */
+ /* rv->SetPIN */
+ /* rv->GetOperationStateLen */
+ /* rv->GetOperationState */
+ /* rv->SetOperationState */
+ /* rv->CreateObject */
+ /* rv->CopyObject */
+ rv->FindObjectsInit = builtins_mdSession_FindObjectsInit;
+ /* rv->SeedRandom */
+ /* rv->GetRandom */
+ /* rv->null */
- return rv;
+ return rv;
}
diff --git a/nss/lib/ckfw/builtins/bslot.c b/nss/lib/ckfw/builtins/bslot.c
index 7cc9dcd..f2ef1ef 100644
--- a/nss/lib/ckfw/builtins/bslot.c
+++ b/nss/lib/ckfw/builtins/bslot.c
@@ -12,80 +12,70 @@
*/
static NSSUTF8 *
-builtins_mdSlot_GetSlotDescription
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdSlot_GetSlotDescription(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_SlotDescription;
+ return (NSSUTF8 *)nss_builtins_SlotDescription;
}
static NSSUTF8 *
-builtins_mdSlot_GetManufacturerID
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdSlot_GetManufacturerID(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_ManufacturerID;
+ return (NSSUTF8 *)nss_builtins_ManufacturerID;
}
static CK_VERSION
-builtins_mdSlot_GetHardwareVersion
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdSlot_GetHardwareVersion(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_HardwareVersion;
+ return nss_builtins_HardwareVersion;
}
static CK_VERSION
-builtins_mdSlot_GetFirmwareVersion
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdSlot_GetFirmwareVersion(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_FirmwareVersion;
+ return nss_builtins_FirmwareVersion;
}
static NSSCKMDToken *
-builtins_mdSlot_GetToken
-(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdSlot_GetToken(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSCKMDToken *)&nss_builtins_mdToken;
+ return (NSSCKMDToken *)&nss_builtins_mdToken;
}
const NSSCKMDSlot
-nss_builtins_mdSlot = {
- (void *)NULL, /* etc */
- NULL, /* Initialize */
- NULL, /* Destroy */
- builtins_mdSlot_GetSlotDescription,
- builtins_mdSlot_GetManufacturerID,
- NULL, /* GetTokenPresent -- defaults to true */
- NULL, /* GetRemovableDevice -- defaults to false */
- NULL, /* GetHardwareSlot -- defaults to false */
- builtins_mdSlot_GetHardwareVersion,
- builtins_mdSlot_GetFirmwareVersion,
- builtins_mdSlot_GetToken,
- (void *)NULL /* null terminator */
-};
+ nss_builtins_mdSlot = {
+ (void *)NULL, /* etc */
+ NULL, /* Initialize */
+ NULL, /* Destroy */
+ builtins_mdSlot_GetSlotDescription,
+ builtins_mdSlot_GetManufacturerID,
+ NULL, /* GetTokenPresent -- defaults to true */
+ NULL, /* GetRemovableDevice -- defaults to false */
+ NULL, /* GetHardwareSlot -- defaults to false */
+ builtins_mdSlot_GetHardwareVersion,
+ builtins_mdSlot_GetFirmwareVersion,
+ builtins_mdSlot_GetToken,
+ (void *)NULL /* null terminator */
+ };
diff --git a/nss/lib/ckfw/builtins/btoken.c b/nss/lib/ckfw/builtins/btoken.c
index a68d511..ae1e138 100644
--- a/nss/lib/ckfw/builtins/btoken.c
+++ b/nss/lib/ckfw/builtins/btoken.c
@@ -12,140 +12,124 @@
*/
static NSSUTF8 *
-builtins_mdToken_GetLabel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdToken_GetLabel(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_TokenLabel;
+ return (NSSUTF8 *)nss_builtins_TokenLabel;
}
static NSSUTF8 *
-builtins_mdToken_GetManufacturerID
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdToken_GetManufacturerID(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_ManufacturerID;
+ return (NSSUTF8 *)nss_builtins_ManufacturerID;
}
static NSSUTF8 *
-builtins_mdToken_GetModel
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdToken_GetModel(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_TokenModel;
+ return (NSSUTF8 *)nss_builtins_TokenModel;
}
static NSSUTF8 *
-builtins_mdToken_GetSerialNumber
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+builtins_mdToken_GetSerialNumber(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- return (NSSUTF8 *)nss_builtins_TokenSerialNumber;
+ return (NSSUTF8 *)nss_builtins_TokenSerialNumber;
}
static CK_BBOOL
-builtins_mdToken_GetIsWriteProtected
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdToken_GetIsWriteProtected(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return CK_TRUE;
+ return CK_TRUE;
}
static CK_VERSION
-builtins_mdToken_GetHardwareVersion
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdToken_GetHardwareVersion(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_HardwareVersion;
+ return nss_builtins_HardwareVersion;
}
static CK_VERSION
-builtins_mdToken_GetFirmwareVersion
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+builtins_mdToken_GetFirmwareVersion(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- return nss_builtins_FirmwareVersion;
+ return nss_builtins_FirmwareVersion;
}
static NSSCKMDSession *
-builtins_mdToken_OpenSession
-(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_BBOOL rw,
- CK_RV *pError
-)
+builtins_mdToken_OpenSession(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession,
+ CK_BBOOL rw,
+ CK_RV *pError)
{
- return nss_builtins_CreateSession(fwSession, pError);
+ return nss_builtins_CreateSession(fwSession, pError);
}
const NSSCKMDToken
-nss_builtins_mdToken = {
- (void *)NULL, /* etc */
- NULL, /* Setup */
- NULL, /* Invalidate */
- NULL, /* InitToken -- default errs */
- builtins_mdToken_GetLabel,
- builtins_mdToken_GetManufacturerID,
- builtins_mdToken_GetModel,
- builtins_mdToken_GetSerialNumber,
- NULL, /* GetHasRNG -- default is false */
- builtins_mdToken_GetIsWriteProtected,
- NULL, /* GetLoginRequired -- default is false */
- NULL, /* GetUserPinInitialized -- default is false */
- NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
- NULL, /* GetHasClockOnToken -- default is false */
- NULL, /* GetHasProtectedAuthenticationPath -- default is false */
- NULL, /* GetSupportsDualCryptoOperations -- default is false */
- NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetMaxPinLen -- irrelevant */
- NULL, /* GetMinPinLen -- irrelevant */
- NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
- NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
- builtins_mdToken_GetHardwareVersion,
- builtins_mdToken_GetFirmwareVersion,
- NULL, /* GetUTCTime -- no clock */
- builtins_mdToken_OpenSession,
- NULL, /* GetMechanismCount -- default is zero */
- NULL, /* GetMechanismTypes -- irrelevant */
- NULL, /* GetMechanism -- irrelevant */
- (void *)NULL /* null terminator */
-};
+ nss_builtins_mdToken = {
+ (void *)NULL, /* etc */
+ NULL, /* Setup */
+ NULL, /* Invalidate */
+ NULL, /* InitToken -- default errs */
+ builtins_mdToken_GetLabel,
+ builtins_mdToken_GetManufacturerID,
+ builtins_mdToken_GetModel,
+ builtins_mdToken_GetSerialNumber,
+ NULL, /* GetHasRNG -- default is false */
+ builtins_mdToken_GetIsWriteProtected,
+ NULL, /* GetLoginRequired -- default is false */
+ NULL, /* GetUserPinInitialized -- default is false */
+ NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
+ NULL, /* GetHasClockOnToken -- default is false */
+ NULL, /* GetHasProtectedAuthenticationPath -- default is false */
+ NULL, /* GetSupportsDualCryptoOperations -- default is false */
+ NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetMaxPinLen -- irrelevant */
+ NULL, /* GetMinPinLen -- irrelevant */
+ NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+ builtins_mdToken_GetHardwareVersion,
+ builtins_mdToken_GetFirmwareVersion,
+ NULL, /* GetUTCTime -- no clock */
+ builtins_mdToken_OpenSession,
+ NULL, /* GetMechanismCount -- default is zero */
+ NULL, /* GetMechanismTypes -- irrelevant */
+ NULL, /* GetMechanism -- irrelevant */
+ (void *)NULL /* null terminator */
+ };
diff --git a/nss/lib/ckfw/builtins/builtins.h b/nss/lib/ckfw/builtins/builtins.h
index a4a90f1..a1693c2 100644
--- a/nss/lib/ckfw/builtins/builtins.h
+++ b/nss/lib/ckfw/builtins/builtins.h
@@ -21,52 +21,46 @@
#endif /* CKT_H */
struct builtinsInternalObjectStr {
- CK_ULONG n;
- const CK_ATTRIBUTE_TYPE *types;
- const NSSItem *items;
- NSSCKMDObject mdObject;
+ CK_ULONG n;
+ const CK_ATTRIBUTE_TYPE *types;
+ const NSSItem *items;
+ NSSCKMDObject mdObject;
};
typedef struct builtinsInternalObjectStr builtinsInternalObject;
-extern builtinsInternalObject nss_builtins_data[];
-extern const PRUint32 nss_builtins_nObjects;
+extern builtinsInternalObject nss_builtins_data[];
+extern const PRUint32 nss_builtins_nObjects;
-extern const CK_VERSION nss_builtins_CryptokiVersion;
-extern const CK_VERSION nss_builtins_LibraryVersion;
-extern const CK_VERSION nss_builtins_HardwareVersion;
-extern const CK_VERSION nss_builtins_FirmwareVersion;
+extern const CK_VERSION nss_builtins_CryptokiVersion;
+extern const CK_VERSION nss_builtins_LibraryVersion;
+extern const CK_VERSION nss_builtins_HardwareVersion;
+extern const CK_VERSION nss_builtins_FirmwareVersion;
-extern const NSSUTF8 nss_builtins_ManufacturerID[];
-extern const NSSUTF8 nss_builtins_LibraryDescription[];
-extern const NSSUTF8 nss_builtins_SlotDescription[];
-extern const NSSUTF8 nss_builtins_TokenLabel[];
-extern const NSSUTF8 nss_builtins_TokenModel[];
-extern const NSSUTF8 nss_builtins_TokenSerialNumber[];
+extern const NSSUTF8 nss_builtins_ManufacturerID[];
+extern const NSSUTF8 nss_builtins_LibraryDescription[];
+extern const NSSUTF8 nss_builtins_SlotDescription[];
+extern const NSSUTF8 nss_builtins_TokenLabel[];
+extern const NSSUTF8 nss_builtins_TokenModel[];
+extern const NSSUTF8 nss_builtins_TokenSerialNumber[];
extern const NSSCKMDInstance nss_builtins_mdInstance;
-extern const NSSCKMDSlot nss_builtins_mdSlot;
-extern const NSSCKMDToken nss_builtins_mdToken;
+extern const NSSCKMDSlot nss_builtins_mdSlot;
+extern const NSSCKMDToken nss_builtins_mdToken;
NSS_EXTERN NSSCKMDSession *
-nss_builtins_CreateSession
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
+nss_builtins_CreateSession(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError);
NSS_EXTERN NSSCKMDFindObjects *
-nss_builtins_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nss_builtins_FindObjectsInit(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
NSS_EXTERN NSSCKMDObject *
-nss_builtins_CreateMDObject
-(
- NSSArena *arena,
- builtinsInternalObject *io,
- CK_RV *pError
-);
+nss_builtins_CreateMDObject(
+ NSSArena *arena,
+ builtinsInternalObject *io,
+ CK_RV *pError);
diff --git a/nss/lib/ckfw/builtins/certdata.c b/nss/lib/ckfw/builtins/certdata.c
index e49121c..8586385 100644
--- a/nss/lib/ckfw/builtins/certdata.c
+++ b/nss/lib/ckfw/builtins/certdata.c
@@ -71,25 +71,25 @@
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_19 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_20 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_21 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_22 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_23 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_24 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_25 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_26 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
@@ -416,49 +416,49 @@
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_134 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_135 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_136 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_137 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_138 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_139 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_140 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_141 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_142 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_143 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_144 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_145 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_146 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_147 [] = {
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_146 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_147 [] = {
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_148 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_149 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
@@ -827,10 +827,10 @@
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_271 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_272 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_273 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
@@ -935,10 +935,10 @@
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_307 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_308 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+ CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_309 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
@@ -1174,48 +1174,6 @@
static const CK_ATTRIBUTE_TYPE nss_builtins_types_386 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_387 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_388 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_389 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_390 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_391 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_392 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_393 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_394 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_395 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_396 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_397 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_398 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_399 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_400 [] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
-};
static const NSSItem nss_builtins_items_1 [] = {
{ (void *)&cko_nss_builtin_root_list, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
@@ -1438,129 +1396,6 @@
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"Verisign Class 1 Public Primary Certification Authority - G2", (PRUint32)61 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
-"\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125"
-"\004\013\023\063\103\154\141\163\163\040\061\040\120\165\142\154"
-"\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151"
-"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151"
-"\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013"
-"\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040"
-"\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157"
-"\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145"
-"\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164"
-"\167\157\162\153"
-, (PRUint32)196 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
-"\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125"
-"\004\013\023\063\103\154\141\163\163\040\061\040\120\165\142\154"
-"\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151"
-"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151"
-"\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013"
-"\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040"
-"\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157"
-"\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145"
-"\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164"
-"\167\157\162\153"
-, (PRUint32)196 },
- { (void *)"\002\020\114\307\352\252\230\076\161\323\223\020\370\075\072\211"
-"\221\222"
-, (PRUint32)18 },
- { (void *)"\060\202\003\002\060\202\002\153\002\020\114\307\352\252\230\076"
-"\161\323\223\020\370\075\072\211\221\222\060\015\006\011\052\206"
-"\110\206\367\015\001\001\005\005\000\060\201\301\061\013\060\011"
-"\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125"
-"\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156"
-"\143\056\061\074\060\072\006\003\125\004\013\023\063\103\154\141"
-"\163\163\040\061\040\120\165\142\154\151\143\040\120\162\151\155"
-"\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157"
-"\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\062"
-"\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040\061"
-"\071\071\070\040\126\145\162\151\123\151\147\156\054\040\111\156"
-"\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151"
-"\172\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035"
-"\006\003\125\004\013\023\026\126\145\162\151\123\151\147\156\040"
-"\124\162\165\163\164\040\116\145\164\167\157\162\153\060\036\027"
-"\015\071\070\060\065\061\070\060\060\060\060\060\060\132\027\015"
-"\062\070\060\070\060\061\062\063\065\071\065\071\132\060\201\301"
-"\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027\060"
-"\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147\156"
-"\054\040\111\156\143\056\061\074\060\072\006\003\125\004\013\023"
-"\063\103\154\141\163\163\040\061\040\120\165\142\154\151\143\040"
-"\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143"
-"\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040"
-"\055\040\107\062\061\072\060\070\006\003\125\004\013\023\061\050"
-"\143\051\040\061\071\071\070\040\126\145\162\151\123\151\147\156"
-"\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164"
-"\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171"
-"\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123"
-"\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162"
-"\153\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001"
-"\001\005\000\003\201\215\000\060\201\211\002\201\201\000\252\320"
-"\272\276\026\055\270\203\324\312\322\017\274\166\061\312\224\330"
-"\035\223\214\126\002\274\331\157\032\157\122\066\156\165\126\012"
-"\125\323\337\103\207\041\021\145\212\176\217\275\041\336\153\062"
-"\077\033\204\064\225\005\235\101\065\353\222\353\226\335\252\131"
-"\077\001\123\155\231\117\355\345\342\052\132\220\301\271\304\246"
-"\025\317\310\105\353\246\135\216\234\076\360\144\044\166\245\315"
-"\253\032\157\266\330\173\121\141\156\246\177\207\310\342\267\345"
-"\064\334\101\210\352\011\100\276\163\222\075\153\347\165\002\003"
-"\001\000\001\060\015\006\011\052\206\110\206\367\015\001\001\005"
-"\005\000\003\201\201\000\251\117\303\015\307\147\276\054\313\331"
-"\250\315\055\165\347\176\025\236\073\162\353\176\353\134\055\011"
-"\207\326\153\155\140\174\345\256\305\220\043\014\134\112\320\257"
-"\261\135\363\307\266\012\333\340\025\223\015\335\003\274\307\166"
-"\212\265\335\117\303\233\023\165\270\001\300\346\311\133\153\245"
-"\270\211\334\254\244\335\162\355\116\241\367\117\274\006\323\352"
-"\310\144\164\173\302\225\101\234\145\163\130\361\220\232\074\152"
-"\261\230\311\304\207\274\317\105\155\105\342\156\042\077\376\274"
-"\017\061\134\350\362\331"
-, (PRUint32)774 }
-};
-static const NSSItem nss_builtins_items_8 [] = {
- { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"Verisign Class 1 Public Primary Certification Authority - G2", (PRUint32)61 },
- { (void *)"\047\076\341\044\127\375\304\371\014\125\350\053\126\026\177\142"
-"\365\062\345\107"
-, (PRUint32)20 },
- { (void *)"\333\043\075\371\151\372\113\271\225\200\104\163\136\175\101\203"
-, (PRUint32)16 },
- { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
-"\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125"
-"\004\013\023\063\103\154\141\163\163\040\061\040\120\165\142\154"
-"\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151"
-"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151"
-"\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013"
-"\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040"
-"\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157"
-"\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145"
-"\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164"
-"\167\157\162\153"
-, (PRUint32)196 },
- { (void *)"\002\020\114\307\352\252\230\076\161\323\223\020\370\075\072\211"
-"\221\222"
-, (PRUint32)18 },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-};
-static const NSSItem nss_builtins_items_9 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"Verisign Class 2 Public Primary Certification Authority - G2", (PRUint32)61 },
{ (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
{ (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
@@ -1646,7 +1481,7 @@
"\214\022\173\305\104\264\256"
, (PRUint32)775 }
};
-static const NSSItem nss_builtins_items_10 [] = {
+static const NSSItem nss_builtins_items_8 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -1679,130 +1514,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_11 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"Verisign Class 3 Public Primary Certification Authority - G2", (PRUint32)61 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
-"\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125"
-"\004\013\023\063\103\154\141\163\163\040\063\040\120\165\142\154"
-"\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151"
-"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151"
-"\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013"
-"\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040"
-"\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157"
-"\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145"
-"\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164"
-"\167\157\162\153"
-, (PRUint32)196 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
-"\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125"
-"\004\013\023\063\103\154\141\163\163\040\063\040\120\165\142\154"
-"\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151"
-"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151"
-"\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013"
-"\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040"
-"\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157"
-"\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145"
-"\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164"
-"\167\157\162\153"
-, (PRUint32)196 },
- { (void *)"\002\020\175\331\376\007\317\250\036\267\020\171\147\373\247\211"
-"\064\306"
-, (PRUint32)18 },
- { (void *)"\060\202\003\002\060\202\002\153\002\020\175\331\376\007\317\250"
-"\036\267\020\171\147\373\247\211\064\306\060\015\006\011\052\206"
-"\110\206\367\015\001\001\005\005\000\060\201\301\061\013\060\011"
-"\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125"
-"\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156"
-"\143\056\061\074\060\072\006\003\125\004\013\023\063\103\154\141"
-"\163\163\040\063\040\120\165\142\154\151\143\040\120\162\151\155"
-"\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157"
-"\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\062"
-"\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040\061"
-"\071\071\070\040\126\145\162\151\123\151\147\156\054\040\111\156"
-"\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151"
-"\172\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035"
-"\006\003\125\004\013\023\026\126\145\162\151\123\151\147\156\040"
-"\124\162\165\163\164\040\116\145\164\167\157\162\153\060\036\027"
-"\015\071\070\060\065\061\070\060\060\060\060\060\060\132\027\015"
-"\062\070\060\070\060\061\062\063\065\071\065\071\132\060\201\301"
-"\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027\060"
-"\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147\156"
-"\054\040\111\156\143\056\061\074\060\072\006\003\125\004\013\023"
-"\063\103\154\141\163\163\040\063\040\120\165\142\154\151\143\040"
-"\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143"
-"\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040"
-"\055\040\107\062\061\072\060\070\006\003\125\004\013\023\061\050"
-"\143\051\040\061\071\071\070\040\126\145\162\151\123\151\147\156"
-"\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164"
-"\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171"
-"\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123"
-"\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162"
-"\153\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001"
-"\001\005\000\003\201\215\000\060\201\211\002\201\201\000\314\136"
-"\321\021\135\134\151\320\253\323\271\152\114\231\037\131\230\060"
-"\216\026\205\040\106\155\107\077\324\205\040\204\341\155\263\370"
-"\244\355\014\361\027\017\073\371\247\371\045\327\301\317\204\143"
-"\362\174\143\317\242\107\362\306\133\063\216\144\100\004\150\301"
-"\200\271\144\034\105\167\307\330\156\365\225\051\074\120\350\064"
-"\327\170\037\250\272\155\103\221\225\217\105\127\136\176\305\373"
-"\312\244\004\353\352\227\067\124\060\157\273\001\107\062\063\315"
-"\334\127\233\144\151\141\370\233\035\034\211\117\134\147\002\003"
-"\001\000\001\060\015\006\011\052\206\110\206\367\015\001\001\005"
-"\005\000\003\201\201\000\121\115\315\276\134\313\230\031\234\025"
-"\262\001\071\170\056\115\017\147\160\160\231\306\020\132\224\244"
-"\123\115\124\155\053\257\015\135\100\213\144\323\327\356\336\126"
-"\141\222\137\246\304\035\020\141\066\323\054\047\074\350\051\011"
-"\271\021\144\164\314\265\163\237\034\110\251\274\141\001\356\342"
-"\027\246\014\343\100\010\073\016\347\353\104\163\052\232\361\151"
-"\222\357\161\024\303\071\254\161\247\221\011\157\344\161\006\263"
-"\272\131\127\046\171\000\366\370\015\242\063\060\050\324\252\130"
-"\240\235\235\151\221\375"
-, (PRUint32)774 }
-};
-static const NSSItem nss_builtins_items_12 [] = {
- { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"Verisign Class 3 Public Primary Certification Authority - G2", (PRUint32)61 },
- { (void *)"\205\067\034\246\345\120\024\075\316\050\003\107\033\336\072\011"
-"\350\370\167\017"
-, (PRUint32)20 },
- { (void *)"\242\063\233\114\164\170\163\324\154\347\301\363\215\313\134\351"
-, (PRUint32)16 },
- { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
-"\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125"
-"\004\013\023\063\103\154\141\163\163\040\063\040\120\165\142\154"
-"\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151"
-"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151"
-"\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013"
-"\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123"
-"\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040"
-"\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157"
-"\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145"
-"\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164"
-"\167\157\162\153"
-, (PRUint32)196 },
- { (void *)"\002\020\175\331\376\007\317\250\036\267\020\171\147\373\247\211"
-"\064\306"
-, (PRUint32)18 },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-};
-static const NSSItem nss_builtins_items_13 [] = {
+static const NSSItem nss_builtins_items_9 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -1884,7 +1596,7 @@
"\125\342\374\110\311\051\046\151\340"
, (PRUint32)889 }
};
-static const NSSItem nss_builtins_items_14 [] = {
+static const NSSItem nss_builtins_items_10 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -1909,7 +1621,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_15 [] = {
+static const NSSItem nss_builtins_items_11 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -1993,7 +1705,7 @@
"\152\374\176\102\070\100\144\022\367\236\201\341\223\056"
, (PRUint32)958 }
};
-static const NSSItem nss_builtins_items_16 [] = {
+static const NSSItem nss_builtins_items_12 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2017,7 +1729,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_17 [] = {
+static const NSSItem nss_builtins_items_13 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2124,7 +1836,7 @@
"\113\336\006\226\161\054\362\333\266\037\244\357\077\356"
, (PRUint32)1054 }
};
-static const NSSItem nss_builtins_items_18 [] = {
+static const NSSItem nss_builtins_items_14 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2157,7 +1869,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_19 [] = {
+static const NSSItem nss_builtins_items_15 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2264,7 +1976,7 @@
"\311\130\020\371\252\357\132\266\317\113\113\337\052"
, (PRUint32)1053 }
};
-static const NSSItem nss_builtins_items_20 [] = {
+static const NSSItem nss_builtins_items_16 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2297,7 +2009,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_21 [] = {
+static const NSSItem nss_builtins_items_17 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2404,7 +2116,7 @@
"\153\271\012\172\116\117\113\204\356\113\361\175\335\021"
, (PRUint32)1054 }
};
-static const NSSItem nss_builtins_items_22 [] = {
+static const NSSItem nss_builtins_items_18 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2437,7 +2149,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_23 [] = {
+static const NSSItem nss_builtins_items_19 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2465,7 +2177,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_24 [] = {
+static const NSSItem nss_builtins_items_20 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2493,7 +2205,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_25 [] = {
+static const NSSItem nss_builtins_items_21 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2521,7 +2233,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_26 [] = {
+static const NSSItem nss_builtins_items_22 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2626,7 +2338,7 @@
"\174\136\232\166\351\131\220\305\174\203\065\021\145\121"
, (PRUint32)1070 }
};
-static const NSSItem nss_builtins_items_27 [] = {
+static const NSSItem nss_builtins_items_23 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2657,7 +2369,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_28 [] = {
+static const NSSItem nss_builtins_items_24 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2739,7 +2451,7 @@
"\347\201\035\031\303\044\102\352\143\071\251"
, (PRUint32)891 }
};
-static const NSSItem nss_builtins_items_29 [] = {
+static const NSSItem nss_builtins_items_25 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2764,7 +2476,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_30 [] = {
+static const NSSItem nss_builtins_items_26 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2832,7 +2544,7 @@
"\126\224\251\125"
, (PRUint32)660 }
};
-static const NSSItem nss_builtins_items_31 [] = {
+static const NSSItem nss_builtins_items_27 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2857,7 +2569,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_32 [] = {
+static const NSSItem nss_builtins_items_28 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2924,7 +2636,7 @@
"\132\052\202\262\067\171"
, (PRUint32)646 }
};
-static const NSSItem nss_builtins_items_33 [] = {
+static const NSSItem nss_builtins_items_29 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -2949,7 +2661,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_34 [] = {
+static const NSSItem nss_builtins_items_30 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3043,7 +2755,7 @@
"\065\341\035\026\034\320\274\053\216\326\161\331"
, (PRUint32)1052 }
};
-static const NSSItem nss_builtins_items_35 [] = {
+static const NSSItem nss_builtins_items_31 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3069,7 +2781,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_36 [] = {
+static const NSSItem nss_builtins_items_32 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3167,7 +2879,7 @@
"\027\132\173\320\274\307\217\116\206\004"
, (PRUint32)1082 }
};
-static const NSSItem nss_builtins_items_37 [] = {
+static const NSSItem nss_builtins_items_33 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3194,7 +2906,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_38 [] = {
+static const NSSItem nss_builtins_items_34 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3288,7 +3000,7 @@
"\116\072\063\014\053\263\055\220\006"
, (PRUint32)1049 }
};
-static const NSSItem nss_builtins_items_39 [] = {
+static const NSSItem nss_builtins_items_35 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3314,7 +3026,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_40 [] = {
+static const NSSItem nss_builtins_items_36 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3409,7 +3121,7 @@
"\306\241"
, (PRUint32)1058 }
};
-static const NSSItem nss_builtins_items_41 [] = {
+static const NSSItem nss_builtins_items_37 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3435,7 +3147,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_42 [] = {
+static const NSSItem nss_builtins_items_38 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3547,7 +3259,7 @@
"\036\177\132\264\074"
, (PRUint32)1173 }
};
-static const NSSItem nss_builtins_items_43 [] = {
+static const NSSItem nss_builtins_items_39 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3578,7 +3290,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_44 [] = {
+static const NSSItem nss_builtins_items_40 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3656,7 +3368,7 @@
"\354\040\005\141\336"
, (PRUint32)869 }
};
-static const NSSItem nss_builtins_items_45 [] = {
+static const NSSItem nss_builtins_items_41 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3680,7 +3392,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_46 [] = {
+static const NSSItem nss_builtins_items_42 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3758,7 +3470,7 @@
"\302\005\146\200\241\313\346\063"
, (PRUint32)856 }
};
-static const NSSItem nss_builtins_items_47 [] = {
+static const NSSItem nss_builtins_items_43 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3782,7 +3494,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_48 [] = {
+static const NSSItem nss_builtins_items_44 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3861,7 +3573,7 @@
"\342\042\051\256\175\203\100\250\272\154"
, (PRUint32)874 }
};
-static const NSSItem nss_builtins_items_49 [] = {
+static const NSSItem nss_builtins_items_45 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3885,7 +3597,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_50 [] = {
+static const NSSItem nss_builtins_items_46 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3996,7 +3708,7 @@
"\244\346\216\330\371\051\110\212\316\163\376\054"
, (PRUint32)1388 }
};
-static const NSSItem nss_builtins_items_51 [] = {
+static const NSSItem nss_builtins_items_47 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4020,7 +3732,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_52 [] = {
+static const NSSItem nss_builtins_items_48 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4131,7 +3843,7 @@
"\362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222"
, (PRUint32)1392 }
};
-static const NSSItem nss_builtins_items_53 [] = {
+static const NSSItem nss_builtins_items_49 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4155,7 +3867,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_54 [] = {
+static const NSSItem nss_builtins_items_50 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4243,7 +3955,7 @@
"\222\340\134\366\007\017"
, (PRUint32)934 }
};
-static const NSSItem nss_builtins_items_55 [] = {
+static const NSSItem nss_builtins_items_51 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4270,7 +3982,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_56 [] = {
+static const NSSItem nss_builtins_items_52 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4341,7 +4053,7 @@
"\350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163"
, (PRUint32)784 }
};
-static const NSSItem nss_builtins_items_57 [] = {
+static const NSSItem nss_builtins_items_53 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4364,7 +4076,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_58 [] = {
+static const NSSItem nss_builtins_items_54 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4462,7 +4174,7 @@
"\225\351\066\226\230\156"
, (PRUint32)1078 }
};
-static const NSSItem nss_builtins_items_59 [] = {
+static const NSSItem nss_builtins_items_55 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4489,7 +4201,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_60 [] = {
+static const NSSItem nss_builtins_items_56 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4588,7 +4300,7 @@
"\354\375\051"
, (PRUint32)1091 }
};
-static const NSSItem nss_builtins_items_61 [] = {
+static const NSSItem nss_builtins_items_57 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4615,7 +4327,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_62 [] = {
+static const NSSItem nss_builtins_items_58 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4716,7 +4428,7 @@
"\160\136\310\304\170\260\142"
, (PRUint32)1095 }
};
-static const NSSItem nss_builtins_items_63 [] = {
+static const NSSItem nss_builtins_items_59 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4744,7 +4456,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_64 [] = {
+static const NSSItem nss_builtins_items_60 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4870,7 +4582,7 @@
"\112\164\066\371"
, (PRUint32)1492 }
};
-static const NSSItem nss_builtins_items_65 [] = {
+static const NSSItem nss_builtins_items_61 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4898,7 +4610,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_66 [] = {
+static const NSSItem nss_builtins_items_62 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5014,7 +4726,7 @@
"\020\005\145\325\202\020\352\302\061\315\056"
, (PRUint32)1467 }
};
-static const NSSItem nss_builtins_items_67 [] = {
+static const NSSItem nss_builtins_items_63 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5038,7 +4750,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_68 [] = {
+static const NSSItem nss_builtins_items_64 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5169,7 +4881,7 @@
"\332"
, (PRUint32)1697 }
};
-static const NSSItem nss_builtins_items_69 [] = {
+static const NSSItem nss_builtins_items_65 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5193,7 +4905,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_70 [] = {
+static const NSSItem nss_builtins_items_66 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5273,7 +4985,7 @@
"\057\317\246\356\311\160\042\024\275\375\276\154\013\003"
, (PRUint32)862 }
};
-static const NSSItem nss_builtins_items_71 [] = {
+static const NSSItem nss_builtins_items_67 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5298,7 +5010,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_72 [] = {
+static const NSSItem nss_builtins_items_68 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5371,7 +5083,7 @@
"\127\275\125\232"
, (PRUint32)804 }
};
-static const NSSItem nss_builtins_items_73 [] = {
+static const NSSItem nss_builtins_items_69 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5394,7 +5106,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_74 [] = {
+static const NSSItem nss_builtins_items_70 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5467,7 +5179,7 @@
"\160\254\337\114"
, (PRUint32)804 }
};
-static const NSSItem nss_builtins_items_75 [] = {
+static const NSSItem nss_builtins_items_71 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5490,118 +5202,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_76 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"Staat der Nederlanden Root CA", (PRUint32)30 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\125\061\013\060\011\006\003\125\004\006\023\002\116\114\061"
-"\036\060\034\006\003\125\004\012\023\025\123\164\141\141\164\040"
-"\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061"
-"\046\060\044\006\003\125\004\003\023\035\123\164\141\141\164\040"
-"\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040"
-"\122\157\157\164\040\103\101"
-, (PRUint32)87 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\125\061\013\060\011\006\003\125\004\006\023\002\116\114\061"
-"\036\060\034\006\003\125\004\012\023\025\123\164\141\141\164\040"
-"\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061"
-"\046\060\044\006\003\125\004\003\023\035\123\164\141\141\164\040"
-"\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040"
-"\122\157\157\164\040\103\101"
-, (PRUint32)87 },
- { (void *)"\002\004\000\230\226\212"
-, (PRUint32)6 },
- { (void *)"\060\202\003\272\060\202\002\242\240\003\002\001\002\002\004\000"
-"\230\226\212\060\015\006\011\052\206\110\206\367\015\001\001\005"
-"\005\000\060\125\061\013\060\011\006\003\125\004\006\023\002\116"
-"\114\061\036\060\034\006\003\125\004\012\023\025\123\164\141\141"
-"\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145"
-"\156\061\046\060\044\006\003\125\004\003\023\035\123\164\141\141"
-"\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145"
-"\156\040\122\157\157\164\040\103\101\060\036\027\015\060\062\061"
-"\062\061\067\060\071\062\063\064\071\132\027\015\061\065\061\062"
-"\061\066\060\071\061\065\063\070\132\060\125\061\013\060\011\006"
-"\003\125\004\006\023\002\116\114\061\036\060\034\006\003\125\004"
-"\012\023\025\123\164\141\141\164\040\144\145\162\040\116\145\144"
-"\145\162\154\141\156\144\145\156\061\046\060\044\006\003\125\004"
-"\003\023\035\123\164\141\141\164\040\144\145\162\040\116\145\144"
-"\145\162\154\141\156\144\145\156\040\122\157\157\164\040\103\101"
-"\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001"
-"\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001"
-"\000\230\322\265\121\021\172\201\246\024\230\161\155\276\314\347"
-"\023\033\326\047\016\172\263\152\030\034\266\141\132\325\141\011"
-"\277\336\220\023\307\147\356\335\363\332\305\014\022\236\065\125"
-"\076\054\047\210\100\153\367\334\335\042\141\365\302\307\016\365"
-"\366\325\166\123\115\217\214\274\030\166\067\205\235\350\312\111"
-"\307\322\117\230\023\011\242\076\042\210\234\177\326\362\020\145"
-"\264\356\137\030\325\027\343\370\305\375\342\235\242\357\123\016"
-"\205\167\242\017\341\060\107\356\000\347\063\175\104\147\032\013"
-"\121\350\213\240\236\120\230\150\064\122\037\056\155\001\362\140"
-"\105\362\061\353\251\061\150\051\273\172\101\236\306\031\177\224"
-"\264\121\071\003\177\262\336\247\062\233\264\107\216\157\264\112"
-"\256\345\257\261\334\260\033\141\274\231\162\336\344\211\267\172"
-"\046\135\332\063\111\133\122\234\016\365\212\255\303\270\075\350"
-"\006\152\302\325\052\013\154\173\204\275\126\005\313\206\145\222"
-"\354\104\053\260\216\271\334\160\013\106\332\255\274\143\210\071"
-"\372\333\152\376\043\372\274\344\110\364\147\053\152\021\020\041"
-"\111\002\003\001\000\001\243\201\221\060\201\216\060\014\006\003"
-"\125\035\023\004\005\060\003\001\001\377\060\117\006\003\125\035"
-"\040\004\110\060\106\060\104\006\004\125\035\040\000\060\074\060"
-"\072\006\010\053\006\001\005\005\007\002\001\026\056\150\164\164"
-"\160\072\057\057\167\167\167\056\160\153\151\157\166\145\162\150"
-"\145\151\144\056\156\154\057\160\157\154\151\143\151\145\163\057"
-"\162\157\157\164\055\160\157\154\151\143\171\060\016\006\003\125"
-"\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125"
-"\035\016\004\026\004\024\250\175\353\274\143\244\164\023\164\000"
-"\354\226\340\323\064\301\054\277\154\370\060\015\006\011\052\206"
-"\110\206\367\015\001\001\005\005\000\003\202\001\001\000\005\204"
-"\207\125\164\066\141\301\273\321\324\306\025\250\023\264\237\244"
-"\376\273\356\025\264\057\006\014\051\362\250\222\244\141\015\374"
-"\253\134\010\133\121\023\053\115\302\052\141\310\370\011\130\374"
-"\055\002\262\071\175\231\146\201\277\156\134\225\105\040\154\346"
-"\171\247\321\330\034\051\374\302\040\047\121\310\361\174\135\064"
-"\147\151\205\021\060\306\000\322\327\363\323\174\266\360\061\127"
-"\050\022\202\163\351\063\057\246\125\264\013\221\224\107\234\372"
-"\273\172\102\062\350\256\176\055\310\274\254\024\277\331\017\331"
-"\133\374\301\371\172\225\341\175\176\226\374\161\260\302\114\310"
-"\337\105\064\311\316\015\362\234\144\010\320\073\303\051\305\262"
-"\355\220\004\301\261\051\221\305\060\157\301\251\162\063\314\376"
-"\135\026\027\054\021\151\347\176\376\305\203\010\337\274\334\042"
-"\072\056\040\151\043\071\126\140\147\220\213\056\166\071\373\021"
-"\210\227\366\174\275\113\270\040\026\147\005\215\342\073\301\162"
-"\077\224\225\067\307\135\271\236\330\223\241\027\217\377\014\146"
-"\025\301\044\174\062\174\003\035\073\241\130\105\062\223"
-, (PRUint32)958 }
-};
-static const NSSItem nss_builtins_items_77 [] = {
- { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"Staat der Nederlanden Root CA", (PRUint32)30 },
- { (void *)"\020\035\372\077\325\013\313\273\233\265\140\014\031\125\244\032"
-"\364\163\072\004"
-, (PRUint32)20 },
- { (void *)"\140\204\174\132\316\333\014\324\313\247\351\376\002\306\251\300"
-, (PRUint32)16 },
- { (void *)"\060\125\061\013\060\011\006\003\125\004\006\023\002\116\114\061"
-"\036\060\034\006\003\125\004\012\023\025\123\164\141\141\164\040"
-"\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061"
-"\046\060\044\006\003\125\004\003\023\035\123\164\141\141\164\040"
-"\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040"
-"\122\157\157\164\040\103\101"
-, (PRUint32)87 },
- { (void *)"\002\004\000\230\226\212"
-, (PRUint32)6 },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-};
-static const NSSItem nss_builtins_items_78 [] = {
+static const NSSItem nss_builtins_items_72 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5715,7 +5316,7 @@
"\005\323\312\003\112\124"
, (PRUint32)1190 }
};
-static const NSSItem nss_builtins_items_79 [] = {
+static const NSSItem nss_builtins_items_73 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5747,7 +5348,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_80 [] = {
+static const NSSItem nss_builtins_items_74 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5854,7 +5455,7 @@
"\062\234\036\273\235\370\146\250"
, (PRUint32)1144 }
};
-static const NSSItem nss_builtins_items_81 [] = {
+static const NSSItem nss_builtins_items_75 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5884,7 +5485,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_82 [] = {
+static const NSSItem nss_builtins_items_76 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5990,7 +5591,7 @@
"\275\023\122\035\250\076\315\000\037\310"
, (PRUint32)1130 }
};
-static const NSSItem nss_builtins_items_83 [] = {
+static const NSSItem nss_builtins_items_77 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6020,7 +5621,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_84 [] = {
+static const NSSItem nss_builtins_items_78 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6129,7 +5730,7 @@
"\334"
, (PRUint32)1217 }
};
-static const NSSItem nss_builtins_items_85 [] = {
+static const NSSItem nss_builtins_items_79 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6157,7 +5758,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_86 [] = {
+static const NSSItem nss_builtins_items_80 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6264,7 +5865,7 @@
"\166\135\165\220\032\365\046\217\360"
, (PRUint32)1225 }
};
-static const NSSItem nss_builtins_items_87 [] = {
+static const NSSItem nss_builtins_items_81 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6291,660 +5892,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_88 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"NetLock Qualified (Class QA) Root", (PRUint32)34 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160"
-"\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145"
-"\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172"
-"\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030"
-"\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\153\061\102\060\100\006\003\125\004"
-"\003\023\071\116\145\164\114\157\143\153\040\115\151\156\157\163"
-"\151\164\145\164\164\040\113\157\172\152\145\147\171\172\157\151"
-"\040\050\103\154\141\163\163\040\121\101\051\040\124\141\156\165"
-"\163\151\164\166\141\156\171\153\151\141\144\157\061\036\060\034"
-"\006\011\052\206\110\206\367\015\001\011\001\026\017\151\156\146"
-"\157\100\156\145\164\154\157\143\153\056\150\165"
-, (PRUint32)204 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160"
-"\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145"
-"\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172"
-"\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030"
-"\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\153\061\102\060\100\006\003\125\004"
-"\003\023\071\116\145\164\114\157\143\153\040\115\151\156\157\163"
-"\151\164\145\164\164\040\113\157\172\152\145\147\171\172\157\151"
-"\040\050\103\154\141\163\163\040\121\101\051\040\124\141\156\165"
-"\163\151\164\166\141\156\171\153\151\141\144\157\061\036\060\034"
-"\006\011\052\206\110\206\367\015\001\011\001\026\017\151\156\146"
-"\157\100\156\145\164\154\157\143\153\056\150\165"
-, (PRUint32)204 },
- { (void *)"\002\001\173"
-, (PRUint32)3 },
- { (void *)"\060\202\006\321\060\202\005\271\240\003\002\001\002\002\001\173"
-"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060"
-"\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125\061"
-"\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145"
-"\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145\164"
-"\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172\164"
-"\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030\006"
-"\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141\156"
-"\171\153\151\141\144\157\153\061\102\060\100\006\003\125\004\003"
-"\023\071\116\145\164\114\157\143\153\040\115\151\156\157\163\151"
-"\164\145\164\164\040\113\157\172\152\145\147\171\172\157\151\040"
-"\050\103\154\141\163\163\040\121\101\051\040\124\141\156\165\163"
-"\151\164\166\141\156\171\153\151\141\144\157\061\036\060\034\006"
-"\011\052\206\110\206\367\015\001\011\001\026\017\151\156\146\157"
-"\100\156\145\164\154\157\143\153\056\150\165\060\036\027\015\060"
-"\063\060\063\063\060\060\061\064\067\061\061\132\027\015\062\062"
-"\061\062\061\065\060\061\064\067\061\061\132\060\201\311\061\013"
-"\060\011\006\003\125\004\006\023\002\110\125\061\021\060\017\006"
-"\003\125\004\007\023\010\102\165\144\141\160\145\163\164\061\047"
-"\060\045\006\003\125\004\012\023\036\116\145\164\114\157\143\153"
-"\040\110\141\154\157\172\141\164\142\151\172\164\157\156\163\141"
-"\147\151\040\113\146\164\056\061\032\060\030\006\003\125\004\013"
-"\023\021\124\141\156\165\163\151\164\166\141\156\171\153\151\141"
-"\144\157\153\061\102\060\100\006\003\125\004\003\023\071\116\145"
-"\164\114\157\143\153\040\115\151\156\157\163\151\164\145\164\164"
-"\040\113\157\172\152\145\147\171\172\157\151\040\050\103\154\141"
-"\163\163\040\121\101\051\040\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\061\036\060\034\006\011\052\206\110"
-"\206\367\015\001\011\001\026\017\151\156\146\157\100\156\145\164"
-"\154\157\143\153\056\150\165\060\202\001\042\060\015\006\011\052"
-"\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060"
-"\202\001\012\002\202\001\001\000\307\122\045\262\330\075\324\204"
-"\125\011\247\033\275\154\271\024\364\212\002\333\166\374\152\052"
-"\170\253\345\167\360\156\340\214\043\147\333\245\144\231\271\335"
-"\001\076\157\357\055\232\074\042\360\135\311\127\240\125\101\177"
-"\362\103\136\130\202\123\061\145\316\036\362\046\272\000\124\036"
-"\257\260\274\034\344\122\214\240\062\257\267\067\261\123\147\150"
-"\164\147\120\366\055\056\144\336\256\046\171\337\337\231\206\253"
-"\253\177\205\354\240\373\200\314\364\270\014\036\223\105\143\271"
-"\334\270\133\233\355\133\071\324\137\142\260\247\216\174\146\070"
-"\054\252\261\010\143\027\147\175\314\275\263\361\303\077\317\120"
-"\071\355\321\031\203\025\333\207\022\047\226\267\332\352\345\235"
-"\274\272\352\071\117\213\357\164\232\347\305\320\322\352\206\121"
-"\034\344\376\144\010\050\004\171\005\353\312\305\161\016\013\357"
-"\253\352\354\022\021\241\030\005\062\151\321\014\054\032\075\045"
-"\231\077\265\174\312\155\260\256\231\231\372\010\140\347\031\302"
-"\362\275\121\323\314\323\002\254\301\021\014\200\316\253\334\224"
-"\235\153\243\071\123\072\326\205\002\003\000\305\175\243\202\002"
-"\300\060\202\002\274\060\022\006\003\125\035\023\001\001\377\004"
-"\010\060\006\001\001\377\002\001\004\060\016\006\003\125\035\017"
-"\001\001\377\004\004\003\002\001\006\060\202\002\165\006\011\140"
-"\206\110\001\206\370\102\001\015\004\202\002\146\026\202\002\142"
-"\106\111\107\131\105\114\105\115\041\040\105\172\145\156\040\164"
-"\141\156\165\163\151\164\166\141\156\171\040\141\040\116\145\164"
-"\114\157\143\153\040\113\146\164\056\040\115\151\156\157\163\151"
-"\164\145\164\164\040\123\172\157\154\147\141\154\164\141\164\141"
-"\163\151\040\123\172\141\142\141\154\171\172\141\164\141\142\141"
-"\156\040\154\145\151\162\164\040\145\154\152\141\162\141\163\157"
-"\153\040\141\154\141\160\152\141\156\040\153\145\163\172\165\154"
-"\164\056\040\101\040\155\151\156\157\163\151\164\145\164\164\040"
-"\145\154\145\153\164\162\157\156\151\153\165\163\040\141\154\141"
-"\151\162\141\163\040\152\157\147\150\141\164\141\163\040\145\162"
-"\166\145\156\171\145\163\165\154\145\163\145\156\145\153\054\040"
-"\166\141\154\141\155\151\156\164\040\145\154\146\157\147\141\144"
-"\141\163\141\156\141\153\040\146\145\154\164\145\164\145\154\145"
-"\040\141\040\115\151\156\157\163\151\164\145\164\164\040\123\172"
-"\157\154\147\141\154\164\141\164\141\163\151\040\123\172\141\142"
-"\141\154\171\172\141\164\142\141\156\054\040\141\172\040\101\154"
-"\164\141\154\141\156\157\163\040\123\172\145\162\172\157\144\145"
-"\163\151\040\106\145\154\164\145\164\145\154\145\153\142\145\156"
-"\040\145\154\157\151\162\164\040\145\154\154\145\156\157\162\172"
-"\145\163\151\040\145\154\152\141\162\141\163\040\155\145\147\164"
-"\145\164\145\154\145\056\040\101\040\144\157\153\165\155\145\156"
-"\164\165\155\157\153\040\155\145\147\164\141\154\141\154\150\141"
-"\164\157\153\040\141\040\150\164\164\160\163\072\057\057\167\167"
-"\167\056\156\145\164\154\157\143\153\056\150\165\057\144\157\143"
-"\163\057\040\143\151\155\145\156\040\166\141\147\171\040\153\145"
-"\162\150\145\164\157\153\040\141\172\040\151\156\146\157\100\156"
-"\145\164\154\157\143\153\056\156\145\164\040\145\055\155\141\151"
-"\154\040\143\151\155\145\156\056\040\127\101\122\116\111\116\107"
-"\041\040\124\150\145\040\151\163\163\165\141\156\143\145\040\141"
-"\156\144\040\164\150\145\040\165\163\145\040\157\146\040\164\150"
-"\151\163\040\143\145\162\164\151\146\151\143\141\164\145\040\141"
-"\162\145\040\163\165\142\152\145\143\164\040\164\157\040\164\150"
-"\145\040\116\145\164\114\157\143\153\040\121\165\141\154\151\146"
-"\151\145\144\040\103\120\123\040\141\166\141\151\154\141\142\154"
-"\145\040\141\164\040\150\164\164\160\163\072\057\057\167\167\167"
-"\056\156\145\164\154\157\143\153\056\150\165\057\144\157\143\163"
-"\057\040\157\162\040\142\171\040\145\055\155\141\151\154\040\141"
-"\164\040\151\156\146\157\100\156\145\164\154\157\143\153\056\156"
-"\145\164\060\035\006\003\125\035\016\004\026\004\024\011\152\142"
-"\026\222\260\132\273\125\016\313\165\062\072\062\345\262\041\311"
-"\050\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000"
-"\003\202\001\001\000\221\152\120\234\333\170\201\233\077\213\102"
-"\343\073\374\246\303\356\103\340\317\363\342\200\065\111\105\166"
-"\002\342\343\057\005\305\361\052\347\300\101\063\306\266\233\320"
-"\063\071\315\300\333\241\255\154\067\002\114\130\101\073\362\227"
-"\222\306\110\250\315\345\212\071\211\141\371\122\227\351\275\366"
-"\371\224\164\350\161\016\274\167\206\303\006\314\132\174\112\176"
-"\064\120\060\056\373\177\062\232\215\075\363\040\133\370\152\312"
-"\206\363\061\114\054\131\200\002\175\376\070\311\060\165\034\267"
-"\125\343\274\237\272\250\155\204\050\005\165\263\213\015\300\221"
-"\124\041\347\246\013\264\231\365\121\101\334\315\243\107\042\331"
-"\307\001\201\304\334\107\117\046\352\037\355\333\315\015\230\364"
-"\243\234\264\163\062\112\226\231\376\274\177\310\045\130\370\130"
-"\363\166\146\211\124\244\246\076\304\120\134\272\211\030\202\165"
-"\110\041\322\117\023\350\140\176\007\166\333\020\265\121\346\252"
-"\271\150\252\315\366\235\220\165\022\352\070\032\312\104\350\267"
-"\231\247\052\150\225\146\225\253\255\357\211\313\140\251\006\022"
-"\306\224\107\351\050"
-, (PRUint32)1749 }
-};
-static const NSSItem nss_builtins_items_89 [] = {
- { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"NetLock Qualified (Class QA) Root", (PRUint32)34 },
- { (void *)"\001\150\227\341\240\270\362\303\261\064\146\134\040\247\047\267"
-"\241\130\342\217"
-, (PRUint32)20 },
- { (void *)"\324\200\145\150\044\371\211\042\050\333\365\244\232\027\217\024"
-, (PRUint32)16 },
- { (void *)"\060\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160"
-"\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145"
-"\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172"
-"\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030"
-"\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\153\061\102\060\100\006\003\125\004"
-"\003\023\071\116\145\164\114\157\143\153\040\115\151\156\157\163"
-"\151\164\145\164\164\040\113\157\172\152\145\147\171\172\157\151"
-"\040\050\103\154\141\163\163\040\121\101\051\040\124\141\156\165"
-"\163\151\164\166\141\156\171\153\151\141\144\157\061\036\060\034"
-"\006\011\052\206\110\206\367\015\001\011\001\026\017\151\156\146"
-"\157\100\156\145\164\154\157\143\153\056\150\165"
-, (PRUint32)204 },
- { (void *)"\002\001\173"
-, (PRUint32)3 },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-};
-static const NSSItem nss_builtins_items_90 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"NetLock Notary (Class A) Root", (PRUint32)30 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\020\060\016\006\003\125\004\010\023\007\110\165\156\147\141"
-"\162\171\061\021\060\017\006\003\125\004\007\023\010\102\165\144"
-"\141\160\145\163\164\061\047\060\045\006\003\125\004\012\023\036"
-"\116\145\164\114\157\143\153\040\110\141\154\157\172\141\164\142"
-"\151\172\164\157\156\163\141\147\151\040\113\146\164\056\061\032"
-"\060\030\006\003\125\004\013\023\021\124\141\156\165\163\151\164"
-"\166\141\156\171\153\151\141\144\157\153\061\066\060\064\006\003"
-"\125\004\003\023\055\116\145\164\114\157\143\153\040\113\157\172"
-"\152\145\147\171\172\157\151\040\050\103\154\141\163\163\040\101"
-"\051\040\124\141\156\165\163\151\164\166\141\156\171\153\151\141"
-"\144\157"
-, (PRUint32)178 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\020\060\016\006\003\125\004\010\023\007\110\165\156\147\141"
-"\162\171\061\021\060\017\006\003\125\004\007\023\010\102\165\144"
-"\141\160\145\163\164\061\047\060\045\006\003\125\004\012\023\036"
-"\116\145\164\114\157\143\153\040\110\141\154\157\172\141\164\142"
-"\151\172\164\157\156\163\141\147\151\040\113\146\164\056\061\032"
-"\060\030\006\003\125\004\013\023\021\124\141\156\165\163\151\164"
-"\166\141\156\171\153\151\141\144\157\153\061\066\060\064\006\003"
-"\125\004\003\023\055\116\145\164\114\157\143\153\040\113\157\172"
-"\152\145\147\171\172\157\151\040\050\103\154\141\163\163\040\101"
-"\051\040\124\141\156\165\163\151\164\166\141\156\171\153\151\141"
-"\144\157"
-, (PRUint32)178 },
- { (void *)"\002\002\001\003"
-, (PRUint32)4 },
- { (void *)"\060\202\006\175\060\202\005\145\240\003\002\001\002\002\002\001"
-"\003\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000"
-"\060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\020\060\016\006\003\125\004\010\023\007\110\165\156\147\141"
-"\162\171\061\021\060\017\006\003\125\004\007\023\010\102\165\144"
-"\141\160\145\163\164\061\047\060\045\006\003\125\004\012\023\036"
-"\116\145\164\114\157\143\153\040\110\141\154\157\172\141\164\142"
-"\151\172\164\157\156\163\141\147\151\040\113\146\164\056\061\032"
-"\060\030\006\003\125\004\013\023\021\124\141\156\165\163\151\164"
-"\166\141\156\171\153\151\141\144\157\153\061\066\060\064\006\003"
-"\125\004\003\023\055\116\145\164\114\157\143\153\040\113\157\172"
-"\152\145\147\171\172\157\151\040\050\103\154\141\163\163\040\101"
-"\051\040\124\141\156\165\163\151\164\166\141\156\171\153\151\141"
-"\144\157\060\036\027\015\071\071\060\062\062\064\062\063\061\064"
-"\064\067\132\027\015\061\071\060\062\061\071\062\063\061\064\064"
-"\067\132\060\201\257\061\013\060\011\006\003\125\004\006\023\002"
-"\110\125\061\020\060\016\006\003\125\004\010\023\007\110\165\156"
-"\147\141\162\171\061\021\060\017\006\003\125\004\007\023\010\102"
-"\165\144\141\160\145\163\164\061\047\060\045\006\003\125\004\012"
-"\023\036\116\145\164\114\157\143\153\040\110\141\154\157\172\141"
-"\164\142\151\172\164\157\156\163\141\147\151\040\113\146\164\056"
-"\061\032\060\030\006\003\125\004\013\023\021\124\141\156\165\163"
-"\151\164\166\141\156\171\153\151\141\144\157\153\061\066\060\064"
-"\006\003\125\004\003\023\055\116\145\164\114\157\143\153\040\113"
-"\157\172\152\145\147\171\172\157\151\040\050\103\154\141\163\163"
-"\040\101\051\040\124\141\156\165\163\151\164\166\141\156\171\153"
-"\151\141\144\157\060\202\001\042\060\015\006\011\052\206\110\206"
-"\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012"
-"\002\202\001\001\000\274\164\214\017\273\114\364\067\036\251\005"
-"\202\330\346\341\154\160\352\170\265\156\321\070\104\015\250\203"
-"\316\135\322\326\325\201\305\324\113\347\133\224\160\046\333\073"
-"\235\152\114\142\367\161\363\144\326\141\073\075\353\163\243\067"
-"\331\317\352\214\222\073\315\367\007\334\146\164\227\364\105\042"
-"\335\364\134\340\277\155\363\276\145\063\344\025\072\277\333\230"
-"\220\125\070\304\355\246\125\143\013\260\170\004\364\343\156\301"
-"\077\216\374\121\170\037\222\236\203\302\376\331\260\251\311\274"
-"\132\000\377\251\250\230\164\373\366\054\076\025\071\015\266\004"
-"\125\250\016\230\040\102\263\261\045\255\176\232\157\135\123\261"
-"\253\014\374\353\340\363\172\263\250\263\377\106\366\143\242\330"
-"\072\230\173\266\254\205\377\260\045\117\164\143\347\023\007\245"
-"\012\217\005\367\300\144\157\176\247\047\200\226\336\324\056\206"
-"\140\307\153\053\136\163\173\027\347\221\077\144\014\330\113\042"
-"\064\053\233\062\362\110\037\237\241\012\204\172\342\302\255\227"
-"\075\216\325\301\371\126\243\120\351\306\264\372\230\242\356\225"
-"\346\052\003\214\337\002\003\001\000\001\243\202\002\237\060\202"
-"\002\233\060\016\006\003\125\035\017\001\001\377\004\004\003\002"
-"\000\006\060\022\006\003\125\035\023\001\001\377\004\010\060\006"
-"\001\001\377\002\001\004\060\021\006\011\140\206\110\001\206\370"
-"\102\001\001\004\004\003\002\000\007\060\202\002\140\006\011\140"
-"\206\110\001\206\370\102\001\015\004\202\002\121\026\202\002\115"
-"\106\111\107\131\105\114\105\115\041\040\105\172\145\156\040\164"
-"\141\156\165\163\151\164\166\141\156\171\040\141\040\116\145\164"
-"\114\157\143\153\040\113\146\164\056\040\101\154\164\141\154\141"
-"\156\157\163\040\123\172\157\154\147\141\154\164\141\164\141\163"
-"\151\040\106\145\154\164\145\164\145\154\145\151\142\145\156\040"
-"\154\145\151\162\164\040\145\154\152\141\162\141\163\157\153\040"
-"\141\154\141\160\152\141\156\040\153\145\163\172\165\154\164\056"
-"\040\101\040\150\151\164\145\154\145\163\151\164\145\163\040\146"
-"\157\154\171\141\155\141\164\141\164\040\141\040\116\145\164\114"
-"\157\143\153\040\113\146\164\056\040\164\145\162\155\145\153\146"
-"\145\154\145\154\157\163\163\145\147\055\142\151\172\164\157\163"
-"\151\164\141\163\141\040\166\145\144\151\056\040\101\040\144\151"
-"\147\151\164\141\154\151\163\040\141\154\141\151\162\141\163\040"
-"\145\154\146\157\147\141\144\141\163\141\156\141\153\040\146\145"
-"\154\164\145\164\145\154\145\040\141\172\040\145\154\157\151\162"
-"\164\040\145\154\154\145\156\157\162\172\145\163\151\040\145\154"
-"\152\141\162\141\163\040\155\145\147\164\145\164\145\154\145\056"
-"\040\101\172\040\145\154\152\141\162\141\163\040\154\145\151\162"
-"\141\163\141\040\155\145\147\164\141\154\141\154\150\141\164\157"
-"\040\141\040\116\145\164\114\157\143\153\040\113\146\164\056\040"
-"\111\156\164\145\162\156\145\164\040\150\157\156\154\141\160\152"
-"\141\156\040\141\040\150\164\164\160\163\072\057\057\167\167\167"
-"\056\156\145\164\154\157\143\153\056\156\145\164\057\144\157\143"
-"\163\040\143\151\155\145\156\040\166\141\147\171\040\153\145\162"
-"\150\145\164\157\040\141\172\040\145\154\154\145\156\157\162\172"
-"\145\163\100\156\145\164\154\157\143\153\056\156\145\164\040\145"
-"\055\155\141\151\154\040\143\151\155\145\156\056\040\111\115\120"
-"\117\122\124\101\116\124\041\040\124\150\145\040\151\163\163\165"
-"\141\156\143\145\040\141\156\144\040\164\150\145\040\165\163\145"
-"\040\157\146\040\164\150\151\163\040\143\145\162\164\151\146\151"
-"\143\141\164\145\040\151\163\040\163\165\142\152\145\143\164\040"
-"\164\157\040\164\150\145\040\116\145\164\114\157\143\153\040\103"
-"\120\123\040\141\166\141\151\154\141\142\154\145\040\141\164\040"
-"\150\164\164\160\163\072\057\057\167\167\167\056\156\145\164\154"
-"\157\143\153\056\156\145\164\057\144\157\143\163\040\157\162\040"
-"\142\171\040\145\055\155\141\151\154\040\141\164\040\143\160\163"
-"\100\156\145\164\154\157\143\153\056\156\145\164\056\060\015\006"
-"\011\052\206\110\206\367\015\001\001\004\005\000\003\202\001\001"
-"\000\110\044\106\367\272\126\157\372\310\050\003\100\116\345\061"
-"\071\153\046\153\123\177\333\337\337\363\161\075\046\300\024\016"
-"\306\147\173\043\250\014\163\335\001\273\306\312\156\067\071\125"
-"\325\307\214\126\040\016\050\012\016\322\052\244\260\111\122\306"
-"\070\007\376\276\012\011\214\321\230\317\312\332\024\061\241\117"
-"\322\071\374\017\021\054\103\303\335\253\223\307\125\076\107\174"
-"\030\032\000\334\363\173\330\362\177\122\154\040\364\013\137\151"
-"\122\364\356\370\262\051\140\353\343\111\061\041\015\326\265\020"
-"\101\342\101\011\154\342\032\232\126\113\167\002\366\240\233\232"
-"\047\207\350\125\051\161\302\220\237\105\170\032\341\025\144\075"
-"\320\016\330\240\166\237\256\305\320\056\352\326\017\126\354\144"
-"\177\132\233\024\130\001\047\176\023\120\307\153\052\346\150\074"
-"\277\134\240\012\033\341\016\172\351\342\200\303\351\351\366\375"
-"\154\021\236\320\345\050\047\053\124\062\102\024\202\165\346\112"
-"\360\053\146\165\143\214\242\373\004\076\203\016\233\066\360\030"
-"\344\046\040\303\214\360\050\007\255\074\027\146\210\265\375\266"
-"\210"
-, (PRUint32)1665 }
-};
-static const NSSItem nss_builtins_items_91 [] = {
- { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"NetLock Notary (Class A) Root", (PRUint32)30 },
- { (void *)"\254\355\137\145\123\375\045\316\001\137\037\172\110\073\152\164"
-"\237\141\170\306"
-, (PRUint32)20 },
- { (void *)"\206\070\155\136\111\143\154\205\134\333\155\334\224\267\320\367"
-, (PRUint32)16 },
- { (void *)"\060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\020\060\016\006\003\125\004\010\023\007\110\165\156\147\141"
-"\162\171\061\021\060\017\006\003\125\004\007\023\010\102\165\144"
-"\141\160\145\163\164\061\047\060\045\006\003\125\004\012\023\036"
-"\116\145\164\114\157\143\153\040\110\141\154\157\172\141\164\142"
-"\151\172\164\157\156\163\141\147\151\040\113\146\164\056\061\032"
-"\060\030\006\003\125\004\013\023\021\124\141\156\165\163\151\164"
-"\166\141\156\171\153\151\141\144\157\153\061\066\060\064\006\003"
-"\125\004\003\023\055\116\145\164\114\157\143\153\040\113\157\172"
-"\152\145\147\171\172\157\151\040\050\103\154\141\163\163\040\101"
-"\051\040\124\141\156\165\163\151\164\166\141\156\171\153\151\141"
-"\144\157"
-, (PRUint32)178 },
- { (void *)"\002\002\001\003"
-, (PRUint32)4 },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-};
-static const NSSItem nss_builtins_items_92 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"NetLock Business (Class B) Root", (PRUint32)32 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160"
-"\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145"
-"\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172"
-"\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030"
-"\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\153\061\062\060\060\006\003\125\004"
-"\003\023\051\116\145\164\114\157\143\153\040\125\172\154\145\164"
-"\151\040\050\103\154\141\163\163\040\102\051\040\124\141\156\165"
-"\163\151\164\166\141\156\171\153\151\141\144\157"
-, (PRUint32)156 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160"
-"\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145"
-"\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172"
-"\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030"
-"\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\153\061\062\060\060\006\003\125\004"
-"\003\023\051\116\145\164\114\157\143\153\040\125\172\154\145\164"
-"\151\040\050\103\154\141\163\163\040\102\051\040\124\141\156\165"
-"\163\151\164\166\141\156\171\153\151\141\144\157"
-, (PRUint32)156 },
- { (void *)"\002\001\151"
-, (PRUint32)3 },
- { (void *)"\060\202\005\113\060\202\004\264\240\003\002\001\002\002\001\151"
-"\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060"
-"\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125\061"
-"\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145"
-"\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145\164"
-"\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172\164"
-"\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030\006"
-"\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141\156"
-"\171\153\151\141\144\157\153\061\062\060\060\006\003\125\004\003"
-"\023\051\116\145\164\114\157\143\153\040\125\172\154\145\164\151"
-"\040\050\103\154\141\163\163\040\102\051\040\124\141\156\165\163"
-"\151\164\166\141\156\171\153\151\141\144\157\060\036\027\015\071"
-"\071\060\062\062\065\061\064\061\060\062\062\132\027\015\061\071"
-"\060\062\062\060\061\064\061\060\062\062\132\060\201\231\061\013"
-"\060\011\006\003\125\004\006\023\002\110\125\061\021\060\017\006"
-"\003\125\004\007\023\010\102\165\144\141\160\145\163\164\061\047"
-"\060\045\006\003\125\004\012\023\036\116\145\164\114\157\143\153"
-"\040\110\141\154\157\172\141\164\142\151\172\164\157\156\163\141"
-"\147\151\040\113\146\164\056\061\032\060\030\006\003\125\004\013"
-"\023\021\124\141\156\165\163\151\164\166\141\156\171\153\151\141"
-"\144\157\153\061\062\060\060\006\003\125\004\003\023\051\116\145"
-"\164\114\157\143\153\040\125\172\154\145\164\151\040\050\103\154"
-"\141\163\163\040\102\051\040\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\060\201\237\060\015\006\011\052\206"
-"\110\206\367\015\001\001\001\005\000\003\201\215\000\060\201\211"
-"\002\201\201\000\261\352\004\354\040\240\043\302\217\070\140\317"
-"\307\106\263\325\033\376\373\271\231\236\004\334\034\177\214\112"
-"\201\230\356\244\324\312\212\027\271\042\177\203\012\165\114\233"
-"\300\151\330\144\071\243\355\222\243\375\133\134\164\032\300\107"
-"\312\072\151\166\232\272\342\104\027\374\114\243\325\376\270\227"
-"\210\257\210\003\211\037\244\362\004\076\310\007\013\346\371\263"
-"\057\172\142\024\011\106\024\312\144\365\213\200\265\142\250\330"
-"\153\326\161\223\055\263\277\011\124\130\355\006\353\250\173\334"
-"\103\261\241\151\002\003\001\000\001\243\202\002\237\060\202\002"
-"\233\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001"
-"\001\377\002\001\004\060\016\006\003\125\035\017\001\001\377\004"
-"\004\003\002\000\006\060\021\006\011\140\206\110\001\206\370\102"
-"\001\001\004\004\003\002\000\007\060\202\002\140\006\011\140\206"
-"\110\001\206\370\102\001\015\004\202\002\121\026\202\002\115\106"
-"\111\107\131\105\114\105\115\041\040\105\172\145\156\040\164\141"
-"\156\165\163\151\164\166\141\156\171\040\141\040\116\145\164\114"
-"\157\143\153\040\113\146\164\056\040\101\154\164\141\154\141\156"
-"\157\163\040\123\172\157\154\147\141\154\164\141\164\141\163\151"
-"\040\106\145\154\164\145\164\145\154\145\151\142\145\156\040\154"
-"\145\151\162\164\040\145\154\152\141\162\141\163\157\153\040\141"
-"\154\141\160\152\141\156\040\153\145\163\172\165\154\164\056\040"
-"\101\040\150\151\164\145\154\145\163\151\164\145\163\040\146\157"
-"\154\171\141\155\141\164\141\164\040\141\040\116\145\164\114\157"
-"\143\153\040\113\146\164\056\040\164\145\162\155\145\153\146\145"
-"\154\145\154\157\163\163\145\147\055\142\151\172\164\157\163\151"
-"\164\141\163\141\040\166\145\144\151\056\040\101\040\144\151\147"
-"\151\164\141\154\151\163\040\141\154\141\151\162\141\163\040\145"
-"\154\146\157\147\141\144\141\163\141\156\141\153\040\146\145\154"
-"\164\145\164\145\154\145\040\141\172\040\145\154\157\151\162\164"
-"\040\145\154\154\145\156\157\162\172\145\163\151\040\145\154\152"
-"\141\162\141\163\040\155\145\147\164\145\164\145\154\145\056\040"
-"\101\172\040\145\154\152\141\162\141\163\040\154\145\151\162\141"
-"\163\141\040\155\145\147\164\141\154\141\154\150\141\164\157\040"
-"\141\040\116\145\164\114\157\143\153\040\113\146\164\056\040\111"
-"\156\164\145\162\156\145\164\040\150\157\156\154\141\160\152\141"
-"\156\040\141\040\150\164\164\160\163\072\057\057\167\167\167\056"
-"\156\145\164\154\157\143\153\056\156\145\164\057\144\157\143\163"
-"\040\143\151\155\145\156\040\166\141\147\171\040\153\145\162\150"
-"\145\164\157\040\141\172\040\145\154\154\145\156\157\162\172\145"
-"\163\100\156\145\164\154\157\143\153\056\156\145\164\040\145\055"
-"\155\141\151\154\040\143\151\155\145\156\056\040\111\115\120\117"
-"\122\124\101\116\124\041\040\124\150\145\040\151\163\163\165\141"
-"\156\143\145\040\141\156\144\040\164\150\145\040\165\163\145\040"
-"\157\146\040\164\150\151\163\040\143\145\162\164\151\146\151\143"
-"\141\164\145\040\151\163\040\163\165\142\152\145\143\164\040\164"
-"\157\040\164\150\145\040\116\145\164\114\157\143\153\040\103\120"
-"\123\040\141\166\141\151\154\141\142\154\145\040\141\164\040\150"
-"\164\164\160\163\072\057\057\167\167\167\056\156\145\164\154\157"
-"\143\153\056\156\145\164\057\144\157\143\163\040\157\162\040\142"
-"\171\040\145\055\155\141\151\154\040\141\164\040\143\160\163\100"
-"\156\145\164\154\157\143\153\056\156\145\164\056\060\015\006\011"
-"\052\206\110\206\367\015\001\001\004\005\000\003\201\201\000\004"
-"\333\256\214\027\257\370\016\220\061\116\315\076\011\300\155\072"
-"\260\370\063\114\107\114\343\165\210\020\227\254\260\070\025\221"
-"\306\051\226\314\041\300\155\074\245\164\317\330\202\245\071\303"
-"\145\343\102\160\273\042\220\343\175\333\065\166\341\240\265\332"
-"\237\160\156\223\032\060\071\035\060\333\056\343\174\262\221\262"
-"\321\067\051\372\271\326\027\134\107\117\343\035\070\353\237\325"
-"\173\225\250\050\236\025\112\321\321\320\053\000\227\240\342\222"
-"\066\053\143\254\130\001\153\063\051\120\206\203\361\001\110"
-, (PRUint32)1359 }
-};
-static const NSSItem nss_builtins_items_93 [] = {
- { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"NetLock Business (Class B) Root", (PRUint32)32 },
- { (void *)"\207\237\113\356\005\337\230\130\073\343\140\326\063\347\015\077"
-"\376\230\161\257"
-, (PRUint32)20 },
- { (void *)"\071\026\252\271\152\101\341\024\151\337\236\154\073\162\334\266"
-, (PRUint32)16 },
- { (void *)"\060\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160"
-"\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145"
-"\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172"
-"\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030"
-"\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\153\061\062\060\060\006\003\125\004"
-"\003\023\051\116\145\164\114\157\143\153\040\125\172\154\145\164"
-"\151\040\050\103\154\141\163\163\040\102\051\040\124\141\156\165"
-"\163\151\164\166\141\156\171\153\151\141\144\157"
-, (PRUint32)156 },
- { (void *)"\002\001\151"
-, (PRUint32)3 },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-};
-static const NSSItem nss_builtins_items_94 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"NetLock Express (Class C) Root", (PRUint32)31 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160"
-"\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145"
-"\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172"
-"\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030"
-"\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\153\061\064\060\062\006\003\125\004"
-"\003\023\053\116\145\164\114\157\143\153\040\105\170\160\162\145"
-"\163\163\172\040\050\103\154\141\163\163\040\103\051\040\124\141"
-"\156\165\163\151\164\166\141\156\171\153\151\141\144\157"
-, (PRUint32)158 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160"
-"\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145"
-"\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172"
-"\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030"
-"\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\153\061\064\060\062\006\003\125\004"
-"\003\023\053\116\145\164\114\157\143\153\040\105\170\160\162\145"
-"\163\163\172\040\050\103\154\141\163\163\040\103\051\040\124\141"
-"\156\165\163\151\164\166\141\156\171\153\151\141\144\157"
-, (PRUint32)158 },
- { (void *)"\002\001\150"
-, (PRUint32)3 },
- { (void *)"\060\202\005\117\060\202\004\270\240\003\002\001\002\002\001\150"
-"\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060"
-"\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125\061"
-"\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145"
-"\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145\164"
-"\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172\164"
-"\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030\006"
-"\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141\156"
-"\171\153\151\141\144\157\153\061\064\060\062\006\003\125\004\003"
-"\023\053\116\145\164\114\157\143\153\040\105\170\160\162\145\163"
-"\163\172\040\050\103\154\141\163\163\040\103\051\040\124\141\156"
-"\165\163\151\164\166\141\156\171\153\151\141\144\157\060\036\027"
-"\015\071\071\060\062\062\065\061\064\060\070\061\061\132\027\015"
-"\061\071\060\062\062\060\061\064\060\070\061\061\132\060\201\233"
-"\061\013\060\011\006\003\125\004\006\023\002\110\125\061\021\060"
-"\017\006\003\125\004\007\023\010\102\165\144\141\160\145\163\164"
-"\061\047\060\045\006\003\125\004\012\023\036\116\145\164\114\157"
-"\143\153\040\110\141\154\157\172\141\164\142\151\172\164\157\156"
-"\163\141\147\151\040\113\146\164\056\061\032\060\030\006\003\125"
-"\004\013\023\021\124\141\156\165\163\151\164\166\141\156\171\153"
-"\151\141\144\157\153\061\064\060\062\006\003\125\004\003\023\053"
-"\116\145\164\114\157\143\153\040\105\170\160\162\145\163\163\172"
-"\040\050\103\154\141\163\163\040\103\051\040\124\141\156\165\163"
-"\151\164\166\141\156\171\153\151\141\144\157\060\201\237\060\015"
-"\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201\215"
-"\000\060\201\211\002\201\201\000\353\354\260\154\141\212\043\045"
-"\257\140\040\343\331\237\374\223\013\333\135\215\260\241\263\100"
-"\072\202\316\375\165\340\170\062\003\206\132\206\225\221\355\123"
-"\372\235\100\374\346\350\335\331\133\172\003\275\135\363\073\014"
-"\303\121\171\233\255\125\240\351\320\003\020\257\012\272\024\102"
-"\331\122\046\021\042\307\322\040\314\202\244\232\251\376\270\201"
-"\166\235\152\267\322\066\165\076\261\206\011\366\156\155\176\116"
-"\267\172\354\256\161\204\366\004\063\010\045\062\353\164\254\026"
-"\104\306\344\100\223\035\177\255\002\003\001\000\001\243\202\002"
-"\237\060\202\002\233\060\022\006\003\125\035\023\001\001\377\004"
-"\010\060\006\001\001\377\002\001\004\060\016\006\003\125\035\017"
-"\001\001\377\004\004\003\002\000\006\060\021\006\011\140\206\110"
-"\001\206\370\102\001\001\004\004\003\002\000\007\060\202\002\140"
-"\006\011\140\206\110\001\206\370\102\001\015\004\202\002\121\026"
-"\202\002\115\106\111\107\131\105\114\105\115\041\040\105\172\145"
-"\156\040\164\141\156\165\163\151\164\166\141\156\171\040\141\040"
-"\116\145\164\114\157\143\153\040\113\146\164\056\040\101\154\164"
-"\141\154\141\156\157\163\040\123\172\157\154\147\141\154\164\141"
-"\164\141\163\151\040\106\145\154\164\145\164\145\154\145\151\142"
-"\145\156\040\154\145\151\162\164\040\145\154\152\141\162\141\163"
-"\157\153\040\141\154\141\160\152\141\156\040\153\145\163\172\165"
-"\154\164\056\040\101\040\150\151\164\145\154\145\163\151\164\145"
-"\163\040\146\157\154\171\141\155\141\164\141\164\040\141\040\116"
-"\145\164\114\157\143\153\040\113\146\164\056\040\164\145\162\155"
-"\145\153\146\145\154\145\154\157\163\163\145\147\055\142\151\172"
-"\164\157\163\151\164\141\163\141\040\166\145\144\151\056\040\101"
-"\040\144\151\147\151\164\141\154\151\163\040\141\154\141\151\162"
-"\141\163\040\145\154\146\157\147\141\144\141\163\141\156\141\153"
-"\040\146\145\154\164\145\164\145\154\145\040\141\172\040\145\154"
-"\157\151\162\164\040\145\154\154\145\156\157\162\172\145\163\151"
-"\040\145\154\152\141\162\141\163\040\155\145\147\164\145\164\145"
-"\154\145\056\040\101\172\040\145\154\152\141\162\141\163\040\154"
-"\145\151\162\141\163\141\040\155\145\147\164\141\154\141\154\150"
-"\141\164\157\040\141\040\116\145\164\114\157\143\153\040\113\146"
-"\164\056\040\111\156\164\145\162\156\145\164\040\150\157\156\154"
-"\141\160\152\141\156\040\141\040\150\164\164\160\163\072\057\057"
-"\167\167\167\056\156\145\164\154\157\143\153\056\156\145\164\057"
-"\144\157\143\163\040\143\151\155\145\156\040\166\141\147\171\040"
-"\153\145\162\150\145\164\157\040\141\172\040\145\154\154\145\156"
-"\157\162\172\145\163\100\156\145\164\154\157\143\153\056\156\145"
-"\164\040\145\055\155\141\151\154\040\143\151\155\145\156\056\040"
-"\111\115\120\117\122\124\101\116\124\041\040\124\150\145\040\151"
-"\163\163\165\141\156\143\145\040\141\156\144\040\164\150\145\040"
-"\165\163\145\040\157\146\040\164\150\151\163\040\143\145\162\164"
-"\151\146\151\143\141\164\145\040\151\163\040\163\165\142\152\145"
-"\143\164\040\164\157\040\164\150\145\040\116\145\164\114\157\143"
-"\153\040\103\120\123\040\141\166\141\151\154\141\142\154\145\040"
-"\141\164\040\150\164\164\160\163\072\057\057\167\167\167\056\156"
-"\145\164\154\157\143\153\056\156\145\164\057\144\157\143\163\040"
-"\157\162\040\142\171\040\145\055\155\141\151\154\040\141\164\040"
-"\143\160\163\100\156\145\164\154\157\143\153\056\156\145\164\056"
-"\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\003"
-"\201\201\000\020\255\177\327\014\062\200\012\330\206\361\171\230"
-"\265\255\324\315\263\066\304\226\110\301\134\315\232\331\005\056"
-"\237\276\120\353\364\046\024\020\055\324\146\027\370\236\301\047"
-"\375\361\355\344\173\113\240\154\265\253\232\127\160\246\355\240"
-"\244\355\056\365\375\374\275\376\115\067\010\014\274\343\226\203"
-"\042\365\111\033\177\113\053\264\124\301\200\174\231\116\035\320"
-"\214\356\320\254\345\222\372\165\126\376\144\240\023\217\270\270"
-"\026\235\141\005\147\200\310\320\330\245\007\002\064\230\004\215"
-"\063\004\324"
-, (PRUint32)1363 }
-};
-static const NSSItem nss_builtins_items_95 [] = {
- { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"NetLock Express (Class C) Root", (PRUint32)31 },
- { (void *)"\343\222\121\057\012\317\365\005\337\366\336\006\177\165\067\341"
-"\145\352\127\113"
-, (PRUint32)20 },
- { (void *)"\117\353\361\360\160\302\200\143\135\130\237\332\022\074\251\304"
-, (PRUint32)16 },
- { (void *)"\060\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125"
-"\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160"
-"\145\163\164\061\047\060\045\006\003\125\004\012\023\036\116\145"
-"\164\114\157\143\153\040\110\141\154\157\172\141\164\142\151\172"
-"\164\157\156\163\141\147\151\040\113\146\164\056\061\032\060\030"
-"\006\003\125\004\013\023\021\124\141\156\165\163\151\164\166\141"
-"\156\171\153\151\141\144\157\153\061\064\060\062\006\003\125\004"
-"\003\023\053\116\145\164\114\157\143\153\040\105\170\160\162\145"
-"\163\163\172\040\050\103\154\141\163\163\040\103\051\040\124\141"
-"\156\165\163\151\164\166\141\156\171\153\151\141\144\157"
-, (PRUint32)158 },
- { (void *)"\002\001\150"
-, (PRUint32)3 },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-};
-static const NSSItem nss_builtins_items_96 [] = {
+static const NSSItem nss_builtins_items_82 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7045,7 +5993,7 @@
"\264\003\045\274"
, (PRUint32)1076 }
};
-static const NSSItem nss_builtins_items_97 [] = {
+static const NSSItem nss_builtins_items_83 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7074,7 +6022,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_98 [] = {
+static const NSSItem nss_builtins_items_84 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7167,7 +6115,7 @@
"\177\333\275\237"
, (PRUint32)1028 }
};
-static const NSSItem nss_builtins_items_99 [] = {
+static const NSSItem nss_builtins_items_85 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7193,7 +6141,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_100 [] = {
+static const NSSItem nss_builtins_items_86 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7287,7 +6235,7 @@
"\037\027\224"
, (PRUint32)1043 }
};
-static const NSSItem nss_builtins_items_101 [] = {
+static const NSSItem nss_builtins_items_87 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7313,7 +6261,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_102 [] = {
+static const NSSItem nss_builtins_items_88 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7468,7 +6416,7 @@
"\152\263\364\210\034\200\015\374\162\212\350\203\136"
, (PRUint32)1997 }
};
-static const NSSItem nss_builtins_items_103 [] = {
+static const NSSItem nss_builtins_items_89 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7495,7 +6443,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_104 [] = {
+static const NSSItem nss_builtins_items_90 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7608,7 +6556,7 @@
"\245\206\054\174\364\022"
, (PRUint32)1398 }
};
-static const NSSItem nss_builtins_items_105 [] = {
+static const NSSItem nss_builtins_items_91 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7633,7 +6581,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_106 [] = {
+static const NSSItem nss_builtins_items_92 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7756,7 +6704,7 @@
"\060\032\365\232\154\364\016\123\371\072\133\321\034"
, (PRUint32)1501 }
};
-static const NSSItem nss_builtins_items_107 [] = {
+static const NSSItem nss_builtins_items_93 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7783,7 +6731,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_108 [] = {
+static const NSSItem nss_builtins_items_94 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7872,7 +6820,7 @@
"\346\120\262\247\372\012\105\057\242\360\362"
, (PRUint32)955 }
};
-static const NSSItem nss_builtins_items_109 [] = {
+static const NSSItem nss_builtins_items_95 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7899,7 +6847,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_110 [] = {
+static const NSSItem nss_builtins_items_96 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7988,7 +6936,7 @@
"\225\155\336"
, (PRUint32)947 }
};
-static const NSSItem nss_builtins_items_111 [] = {
+static const NSSItem nss_builtins_items_97 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8015,7 +6963,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_112 [] = {
+static const NSSItem nss_builtins_items_98 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8105,7 +7053,7 @@
"\370\351\056\023\243\167\350\037\112"
, (PRUint32)969 }
};
-static const NSSItem nss_builtins_items_113 [] = {
+static const NSSItem nss_builtins_items_99 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8132,7 +7080,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_114 [] = {
+static const NSSItem nss_builtins_items_100 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8213,7 +7161,7 @@
"\227\277\242\216\264\124"
, (PRUint32)918 }
};
-static const NSSItem nss_builtins_items_115 [] = {
+static const NSSItem nss_builtins_items_101 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8237,7 +7185,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_116 [] = {
+static const NSSItem nss_builtins_items_102 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8315,7 +7263,7 @@
"\013\004\216\007\333\051\266\012\356\235\202\065\065\020"
, (PRUint32)846 }
};
-static const NSSItem nss_builtins_items_117 [] = {
+static const NSSItem nss_builtins_items_103 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8340,7 +7288,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_118 [] = {
+static const NSSItem nss_builtins_items_104 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8432,7 +7380,7 @@
"\363\267\240\247\315\345\172\063\066\152\372\232\053"
, (PRUint32)1037 }
};
-static const NSSItem nss_builtins_items_119 [] = {
+static const NSSItem nss_builtins_items_105 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8458,7 +7406,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_120 [] = {
+static const NSSItem nss_builtins_items_106 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8575,7 +7523,7 @@
"\205\206\171\145\322"
, (PRUint32)1477 }
};
-static const NSSItem nss_builtins_items_121 [] = {
+static const NSSItem nss_builtins_items_107 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8599,7 +7547,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_122 [] = {
+static const NSSItem nss_builtins_items_108 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8715,7 +7663,7 @@
"\111\044\133\311\260\320\127\301\372\076\172\341\227\311"
, (PRUint32)1470 }
};
-static const NSSItem nss_builtins_items_123 [] = {
+static const NSSItem nss_builtins_items_109 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8739,7 +7687,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_124 [] = {
+static const NSSItem nss_builtins_items_110 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8856,7 +7804,7 @@
"\156"
, (PRUint32)1473 }
};
-static const NSSItem nss_builtins_items_125 [] = {
+static const NSSItem nss_builtins_items_111 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8880,7 +7828,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_126 [] = {
+static const NSSItem nss_builtins_items_112 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8963,7 +7911,7 @@
"\253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131"
, (PRUint32)896 }
};
-static const NSSItem nss_builtins_items_127 [] = {
+static const NSSItem nss_builtins_items_113 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8989,7 +7937,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_128 [] = {
+static const NSSItem nss_builtins_items_114 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9093,7 +8041,7 @@
"\215\126\214\150"
, (PRUint32)1060 }
};
-static const NSSItem nss_builtins_items_129 [] = {
+static const NSSItem nss_builtins_items_115 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9124,7 +8072,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_130 [] = {
+static const NSSItem nss_builtins_items_116 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9243,7 +8191,7 @@
"\254\021\326\250\355\143\152"
, (PRUint32)1239 }
};
-static const NSSItem nss_builtins_items_131 [] = {
+static const NSSItem nss_builtins_items_117 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9276,7 +8224,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_132 [] = {
+static const NSSItem nss_builtins_items_118 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9361,7 +8309,7 @@
"\113\035\236\054\302\270\150\274\355\002\356\061"
, (PRUint32)956 }
};
-static const NSSItem nss_builtins_items_133 [] = {
+static const NSSItem nss_builtins_items_119 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9386,7 +8334,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_134 [] = {
+static const NSSItem nss_builtins_items_120 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9471,7 +8419,7 @@
"\117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026"
, (PRUint32)960 }
};
-static const NSSItem nss_builtins_items_135 [] = {
+static const NSSItem nss_builtins_items_121 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9496,7 +8444,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_136 [] = {
+static const NSSItem nss_builtins_items_122 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9596,7 +8544,7 @@
"\145"
, (PRUint32)1057 }
};
-static const NSSItem nss_builtins_items_137 [] = {
+static const NSSItem nss_builtins_items_123 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9625,7 +8573,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_138 [] = {
+static const NSSItem nss_builtins_items_124 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9717,7 +8665,7 @@
"\244\140\114\260\125\240\240\173\127\262"
, (PRUint32)1002 }
};
-static const NSSItem nss_builtins_items_139 [] = {
+static const NSSItem nss_builtins_items_125 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9744,7 +8692,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_140 [] = {
+static const NSSItem nss_builtins_items_126 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9853,7 +8801,7 @@
"\333"
, (PRUint32)1217 }
};
-static const NSSItem nss_builtins_items_141 [] = {
+static const NSSItem nss_builtins_items_127 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9881,7 +8829,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_142 [] = {
+static const NSSItem nss_builtins_items_128 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9955,7 +8903,7 @@
"\334\335\363\377\035\054\072\026\127\331\222\071\326"
, (PRUint32)653 }
};
-static const NSSItem nss_builtins_items_143 [] = {
+static const NSSItem nss_builtins_items_129 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9984,7 +8932,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_144 [] = {
+static const NSSItem nss_builtins_items_130 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10076,7 +9024,7 @@
"\321\236\164\310\166\147"
, (PRUint32)1078 }
};
-static const NSSItem nss_builtins_items_145 [] = {
+static const NSSItem nss_builtins_items_131 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10101,7 +9049,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_146 [] = {
+static const NSSItem nss_builtins_items_132 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10198,7 +9146,7 @@
"\253\205\322\140\126\132"
, (PRUint32)1030 }
};
-static const NSSItem nss_builtins_items_147 [] = {
+static const NSSItem nss_builtins_items_133 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10226,7 +9174,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_148 [] = {
+static const NSSItem nss_builtins_items_134 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10245,7 +9193,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_149 [] = {
+static const NSSItem nss_builtins_items_135 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10330,7 +9278,7 @@
"\164"
, (PRUint32)897 }
};
-static const NSSItem nss_builtins_items_150 [] = {
+static const NSSItem nss_builtins_items_136 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10356,7 +9304,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_151 [] = {
+static const NSSItem nss_builtins_items_137 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10453,7 +9401,7 @@
"\374\276\337\012\015"
, (PRUint32)1013 }
};
-static const NSSItem nss_builtins_items_152 [] = {
+static const NSSItem nss_builtins_items_138 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10482,7 +9430,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_153 [] = {
+static const NSSItem nss_builtins_items_139 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10593,7 +9541,7 @@
"\241\361\017\033\037\075\236\004\203\335\226\331\035\072\224"
, (PRUint32)1151 }
};
-static const NSSItem nss_builtins_items_154 [] = {
+static const NSSItem nss_builtins_items_140 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10625,7 +9573,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_155 [] = {
+static const NSSItem nss_builtins_items_141 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10779,7 +9727,7 @@
"\103\307\003\340\067\116\135\012\334\131\040\045"
, (PRUint32)1964 }
};
-static const NSSItem nss_builtins_items_156 [] = {
+static const NSSItem nss_builtins_items_142 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10807,7 +9755,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_157 [] = {
+static const NSSItem nss_builtins_items_143 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10888,7 +9836,7 @@
"\300\226\130\057\352\273\106\327\273\344\331\056"
, (PRUint32)940 }
};
-static const NSSItem nss_builtins_items_158 [] = {
+static const NSSItem nss_builtins_items_144 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -10911,7 +9859,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_159 [] = {
+static const NSSItem nss_builtins_items_145 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11045,7 +9993,7 @@
"\005\211\374\170\326\134\054\046\103\251"
, (PRUint32)1642 }
};
-static const NSSItem nss_builtins_items_160 [] = {
+static const NSSItem nss_builtins_items_146 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11073,7 +10021,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_161 [] = {
+static const NSSItem nss_builtins_items_147 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11178,7 +10126,7 @@
"\016\121\075\157\373\226\126\200\342\066\027\321\334\344"
, (PRUint32)1198 }
};
-static const NSSItem nss_builtins_items_162 [] = {
+static const NSSItem nss_builtins_items_148 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11205,7 +10153,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_163 [] = {
+static const NSSItem nss_builtins_items_149 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11294,7 +10242,7 @@
"\126\144\127"
, (PRUint32)931 }
};
-static const NSSItem nss_builtins_items_164 [] = {
+static const NSSItem nss_builtins_items_150 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11321,7 +10269,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_165 [] = {
+static const NSSItem nss_builtins_items_151 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11402,7 +10350,7 @@
"\000\147\240\161\000\202\110"
, (PRUint32)919 }
};
-static const NSSItem nss_builtins_items_166 [] = {
+static const NSSItem nss_builtins_items_152 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11426,7 +10374,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_167 [] = {
+static const NSSItem nss_builtins_items_153 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11508,7 +10456,7 @@
"\316\145\006\056\135\322\052\123\164\136\323\156\047\236\217"
, (PRUint32)943 }
};
-static const NSSItem nss_builtins_items_168 [] = {
+static const NSSItem nss_builtins_items_154 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11532,7 +10480,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_169 [] = {
+static const NSSItem nss_builtins_items_155 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11613,7 +10561,7 @@
"\246\210\070\316\125"
, (PRUint32)933 }
};
-static const NSSItem nss_builtins_items_170 [] = {
+static const NSSItem nss_builtins_items_156 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11636,7 +10584,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_171 [] = {
+static const NSSItem nss_builtins_items_157 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11755,7 +10703,7 @@
"\201\370\021\234"
, (PRUint32)1460 }
};
-static const NSSItem nss_builtins_items_172 [] = {
+static const NSSItem nss_builtins_items_158 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11781,7 +10729,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_173 [] = {
+static const NSSItem nss_builtins_items_159 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11915,7 +10863,7 @@
"\311\234\220\332\354\251\102\074\255\266\002"
, (PRUint32)1307 }
};
-static const NSSItem nss_builtins_items_174 [] = {
+static const NSSItem nss_builtins_items_160 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -11953,7 +10901,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_175 [] = {
+static const NSSItem nss_builtins_items_161 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12031,7 +10979,7 @@
"\366\324\357\277\114\210\150"
, (PRUint32)855 }
};
-static const NSSItem nss_builtins_items_176 [] = {
+static const NSSItem nss_builtins_items_162 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12055,7 +11003,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_177 [] = {
+static const NSSItem nss_builtins_items_163 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12182,7 +11130,7 @@
"\320\352\111\242\034\215\122\024\246\012\223"
, (PRUint32)1515 }
};
-static const NSSItem nss_builtins_items_178 [] = {
+static const NSSItem nss_builtins_items_164 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12210,7 +11158,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_179 [] = {
+static const NSSItem nss_builtins_items_165 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12284,7 +11232,7 @@
"\366\356\260\132\116\111\104\124\130\137\102\203"
, (PRUint32)828 }
};
-static const NSSItem nss_builtins_items_180 [] = {
+static const NSSItem nss_builtins_items_166 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12307,7 +11255,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_181 [] = {
+static const NSSItem nss_builtins_items_167 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12383,7 +11331,7 @@
"\011\333\212\101\202\236\146\233\021"
, (PRUint32)857 }
};
-static const NSSItem nss_builtins_items_182 [] = {
+static const NSSItem nss_builtins_items_168 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12406,7 +11354,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_183 [] = {
+static const NSSItem nss_builtins_items_169 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12489,7 +11437,7 @@
"\262\033\211\124"
, (PRUint32)932 }
};
-static const NSSItem nss_builtins_items_184 [] = {
+static const NSSItem nss_builtins_items_170 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12513,7 +11461,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_185 [] = {
+static const NSSItem nss_builtins_items_171 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12613,7 +11561,7 @@
"\021\055"
, (PRUint32)1026 }
};
-static const NSSItem nss_builtins_items_186 [] = {
+static const NSSItem nss_builtins_items_172 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12643,7 +11591,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_187 [] = {
+static const NSSItem nss_builtins_items_173 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12717,7 +11665,7 @@
"\367\130\077\056\162\002\127\243\217\241\024\056"
, (PRUint32)652 }
};
-static const NSSItem nss_builtins_items_188 [] = {
+static const NSSItem nss_builtins_items_174 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12746,7 +11694,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_189 [] = {
+static const NSSItem nss_builtins_items_175 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12852,7 +11800,7 @@
"\061\324\100\032\142\064\066\077\065\001\256\254\143\240"
, (PRUint32)1070 }
};
-static const NSSItem nss_builtins_items_190 [] = {
+static const NSSItem nss_builtins_items_176 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12884,7 +11832,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_191 [] = {
+static const NSSItem nss_builtins_items_177 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12963,7 +11911,7 @@
"\017\212"
, (PRUint32)690 }
};
-static const NSSItem nss_builtins_items_192 [] = {
+static const NSSItem nss_builtins_items_178 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -12993,7 +11941,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_193 [] = {
+static const NSSItem nss_builtins_items_179 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13108,7 +12056,7 @@
"\354\315\202\141\361\070\346\117\227\230\052\132\215"
, (PRUint32)1213 }
};
-static const NSSItem nss_builtins_items_194 [] = {
+static const NSSItem nss_builtins_items_180 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13140,7 +12088,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_195 [] = {
+static const NSSItem nss_builtins_items_181 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13238,7 +12186,7 @@
"\055\247\330\206\052\335\056\020"
, (PRUint32)904 }
};
-static const NSSItem nss_builtins_items_196 [] = {
+static const NSSItem nss_builtins_items_182 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13271,7 +12219,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_197 [] = {
+static const NSSItem nss_builtins_items_183 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13373,7 +12321,7 @@
"\330\316\304\143\165\077\131\107\261"
, (PRUint32)1049 }
};
-static const NSSItem nss_builtins_items_198 [] = {
+static const NSSItem nss_builtins_items_184 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13403,7 +12351,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_199 [] = {
+static const NSSItem nss_builtins_items_185 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13522,7 +12470,7 @@
"\370\161\012\334\271\374\175\062\140\346\353\257\212\001"
, (PRUint32)1486 }
};
-static const NSSItem nss_builtins_items_200 [] = {
+static const NSSItem nss_builtins_items_186 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13547,121 +12495,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_201 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"CA Disig", (PRUint32)9 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\112\061\013\060\011\006\003\125\004\006\023\002\123\113\061"
-"\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163"
-"\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104"
-"\151\163\151\147\040\141\056\163\056\061\021\060\017\006\003\125"
-"\004\003\023\010\103\101\040\104\151\163\151\147"
-, (PRUint32)76 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\112\061\013\060\011\006\003\125\004\006\023\002\123\113\061"
-"\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163"
-"\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104"
-"\151\163\151\147\040\141\056\163\056\061\021\060\017\006\003\125"
-"\004\003\023\010\103\101\040\104\151\163\151\147"
-, (PRUint32)76 },
- { (void *)"\002\001\001"
-, (PRUint32)3 },
- { (void *)"\060\202\004\017\060\202\002\367\240\003\002\001\002\002\001\001"
-"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060"
-"\112\061\013\060\011\006\003\125\004\006\023\002\123\113\061\023"
-"\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163\154"
-"\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104\151"
-"\163\151\147\040\141\056\163\056\061\021\060\017\006\003\125\004"
-"\003\023\010\103\101\040\104\151\163\151\147\060\036\027\015\060"
-"\066\060\063\062\062\060\061\063\071\063\064\132\027\015\061\066"
-"\060\063\062\062\060\061\063\071\063\064\132\060\112\061\013\060"
-"\011\006\003\125\004\006\023\002\123\113\061\023\060\021\006\003"
-"\125\004\007\023\012\102\162\141\164\151\163\154\141\166\141\061"
-"\023\060\021\006\003\125\004\012\023\012\104\151\163\151\147\040"
-"\141\056\163\056\061\021\060\017\006\003\125\004\003\023\010\103"
-"\101\040\104\151\163\151\147\060\202\001\042\060\015\006\011\052"
-"\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060"
-"\202\001\012\002\202\001\001\000\222\366\061\301\175\210\375\231"
-"\001\251\330\173\362\161\165\361\061\306\363\165\146\372\121\050"
-"\106\204\227\170\064\274\154\374\274\105\131\210\046\030\112\304"
-"\067\037\241\112\104\275\343\161\004\365\104\027\342\077\374\110"
-"\130\157\134\236\172\011\272\121\067\042\043\146\103\041\260\074"
-"\144\242\370\152\025\016\077\353\121\341\124\251\335\006\231\327"
-"\232\074\124\213\071\003\077\017\305\316\306\353\203\162\002\250"
-"\037\161\363\055\370\165\010\333\142\114\350\372\316\371\347\152"
-"\037\266\153\065\202\272\342\217\026\222\175\005\014\154\106\003"
-"\135\300\355\151\277\072\301\212\240\350\216\331\271\105\050\207"
-"\010\354\264\312\025\276\202\335\265\104\213\055\255\206\014\150"
-"\142\155\205\126\362\254\024\143\072\306\321\231\254\064\170\126"
-"\113\317\266\255\077\214\212\327\004\345\343\170\114\365\206\252"
-"\365\217\372\075\154\161\243\055\312\147\353\150\173\156\063\251"
-"\014\202\050\250\114\152\041\100\025\040\014\046\133\203\302\251"
-"\026\025\300\044\202\135\053\026\255\312\143\366\164\000\260\337"
-"\103\304\020\140\126\147\143\105\002\003\001\000\001\243\201\377"
-"\060\201\374\060\017\006\003\125\035\023\001\001\377\004\005\060"
-"\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\215"
-"\262\111\150\235\162\010\045\271\300\047\365\120\223\126\110\106"
-"\161\371\217\060\016\006\003\125\035\017\001\001\377\004\004\003"
-"\002\001\006\060\066\006\003\125\035\021\004\057\060\055\201\023"
-"\143\141\157\160\145\162\141\164\157\162\100\144\151\163\151\147"
-"\056\163\153\206\026\150\164\164\160\072\057\057\167\167\167\056"
-"\144\151\163\151\147\056\163\153\057\143\141\060\146\006\003\125"
-"\035\037\004\137\060\135\060\055\240\053\240\051\206\047\150\164"
-"\164\160\072\057\057\167\167\167\056\144\151\163\151\147\056\163"
-"\153\057\143\141\057\143\162\154\057\143\141\137\144\151\163\151"
-"\147\056\143\162\154\060\054\240\052\240\050\206\046\150\164\164"
-"\160\072\057\057\143\141\056\144\151\163\151\147\056\163\153\057"
-"\143\141\057\143\162\154\057\143\141\137\144\151\163\151\147\056"
-"\143\162\154\060\032\006\003\125\035\040\004\023\060\021\060\017"
-"\006\015\053\201\036\221\223\346\012\000\000\000\001\001\001\060"
-"\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202"
-"\001\001\000\135\064\164\141\114\257\073\330\377\237\155\130\066"
-"\034\075\013\201\015\022\053\106\020\200\375\347\074\047\320\172"
-"\310\251\266\176\164\060\063\243\072\212\173\164\300\171\171\102"
-"\223\155\377\261\051\024\202\253\041\214\057\027\371\077\046\057"
-"\365\131\306\357\200\006\267\232\111\051\354\316\176\161\074\152"
-"\020\101\300\366\323\232\262\174\132\221\234\300\254\133\310\115"
-"\136\367\341\123\377\103\167\374\236\113\147\154\327\363\203\321"
-"\240\340\177\045\337\270\230\013\232\062\070\154\060\240\363\377"
-"\010\025\063\367\120\112\173\076\243\076\040\251\334\057\126\200"
-"\012\355\101\120\260\311\364\354\262\343\046\104\000\016\157\236"
-"\006\274\042\226\123\160\145\304\120\012\106\153\244\057\047\201"
-"\022\047\023\137\020\241\166\316\212\173\067\352\303\071\141\003"
-"\225\230\072\347\154\210\045\010\374\171\150\015\207\175\142\370"
-"\264\137\373\305\330\114\275\130\274\077\103\133\324\036\001\115"
-"\074\143\276\043\357\214\315\132\120\270\150\124\371\012\231\063"
-"\021\000\341\236\302\106\167\202\365\131\006\214\041\114\207\011"
-"\315\345\250"
-, (PRUint32)1043 }
-};
-static const NSSItem nss_builtins_items_202 [] = {
- { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"CA Disig", (PRUint32)9 },
- { (void *)"\052\310\325\213\127\316\277\057\111\257\362\374\166\217\121\024"
-"\142\220\172\101"
-, (PRUint32)20 },
- { (void *)"\077\105\226\071\342\120\207\367\273\376\230\014\074\040\230\346"
-, (PRUint32)16 },
- { (void *)"\060\112\061\013\060\011\006\003\125\004\006\023\002\123\113\061"
-"\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163"
-"\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104"
-"\151\163\151\147\040\141\056\163\056\061\021\060\017\006\003\125"
-"\004\003\023\010\103\101\040\104\151\163\151\147"
-, (PRUint32)76 },
- { (void *)"\002\001\001"
-, (PRUint32)3 },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-};
-static const NSSItem nss_builtins_items_203 [] = {
+static const NSSItem nss_builtins_items_187 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13766,7 +12600,7 @@
"\115\273\306\104\333\066\313\052\234\216"
, (PRUint32)1258 }
};
-static const NSSItem nss_builtins_items_204 [] = {
+static const NSSItem nss_builtins_items_188 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13791,7 +12625,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_205 [] = {
+static const NSSItem nss_builtins_items_189 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13867,7 +12701,7 @@
"\002\153\331\132"
, (PRUint32)820 }
};
-static const NSSItem nss_builtins_items_206 [] = {
+static const NSSItem nss_builtins_items_190 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13891,7 +12725,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_207 [] = {
+static const NSSItem nss_builtins_items_191 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13973,7 +12807,7 @@
"\362"
, (PRUint32)881 }
};
-static const NSSItem nss_builtins_items_208 [] = {
+static const NSSItem nss_builtins_items_192 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -13998,7 +12832,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_209 [] = {
+static const NSSItem nss_builtins_items_193 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14114,7 +12948,7 @@
"\113\076\053\070\007\125\230\136\244"
, (PRUint32)1465 }
};
-static const NSSItem nss_builtins_items_210 [] = {
+static const NSSItem nss_builtins_items_194 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14138,7 +12972,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_211 [] = {
+static const NSSItem nss_builtins_items_195 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14203,7 +13037,7 @@
"\375\166\004\333\142\273\220\152\003\331\106\065\331\370\174\133"
, (PRUint32)576 }
};
-static const NSSItem nss_builtins_items_212 [] = {
+static const NSSItem nss_builtins_items_196 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14230,99 +13064,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_213 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"Verisign Class 3 Public Primary Certification Authority", (PRUint32)56 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
-"\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151"
-"\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004"
-"\013\023\056\103\154\141\163\163\040\063\040\120\165\142\154\151"
-"\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146"
-"\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164"
-"\171"
-, (PRUint32)97 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
-"\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151"
-"\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004"
-"\013\023\056\103\154\141\163\163\040\063\040\120\165\142\154\151"
-"\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146"
-"\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164"
-"\171"
-, (PRUint32)97 },
- { (void *)"\002\020\074\221\061\313\037\366\320\033\016\232\270\320\104\277"
-"\022\276"
-, (PRUint32)18 },
- { (void *)"\060\202\002\074\060\202\001\245\002\020\074\221\061\313\037\366"
-"\320\033\016\232\270\320\104\277\022\276\060\015\006\011\052\206"
-"\110\206\367\015\001\001\005\005\000\060\137\061\013\060\011\006"
-"\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004"
-"\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143"
-"\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141\163"
-"\163\040\063\040\120\165\142\154\151\143\040\120\162\151\155\141"
-"\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156"
-"\040\101\165\164\150\157\162\151\164\171\060\036\027\015\071\066"
-"\060\061\062\071\060\060\060\060\060\060\132\027\015\062\070\060"
-"\070\060\062\062\063\065\071\065\071\132\060\137\061\013\060\011"
-"\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125"
-"\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156"
-"\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141"
-"\163\163\040\063\040\120\165\142\154\151\143\040\120\162\151\155"
-"\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157"
-"\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060\015"
-"\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201\215"
-"\000\060\201\211\002\201\201\000\311\134\131\236\362\033\212\001"
-"\024\264\020\337\004\100\333\343\127\257\152\105\100\217\204\014"
-"\013\321\063\331\331\021\317\356\002\130\037\045\367\052\250\104"
-"\005\252\354\003\037\170\177\236\223\271\232\000\252\043\175\326"
-"\254\205\242\143\105\307\162\047\314\364\114\306\165\161\322\071"
-"\357\117\102\360\165\337\012\220\306\216\040\157\230\017\370\254"
-"\043\137\160\051\066\244\311\206\347\261\232\040\313\123\245\205"
-"\347\075\276\175\232\376\044\105\063\334\166\025\355\017\242\161"
-"\144\114\145\056\201\150\105\247\002\003\001\000\001\060\015\006"
-"\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201\000"
-"\020\162\122\251\005\024\031\062\010\101\360\305\153\012\314\176"
-"\017\041\031\315\344\147\334\137\251\033\346\312\350\163\235\042"
-"\330\230\156\163\003\141\221\305\174\260\105\100\156\104\235\215"
-"\260\261\226\164\141\055\015\251\105\322\244\222\052\326\232\165"
-"\227\156\077\123\375\105\231\140\035\250\053\114\371\136\247\011"
-"\330\165\060\327\322\145\140\075\147\326\110\125\165\151\077\221"
-"\365\110\013\107\151\042\151\202\226\276\311\310\070\206\112\172"
-"\054\163\031\110\151\116\153\174\145\277\017\374\160\316\210\220"
-, (PRUint32)576 }
-};
-static const NSSItem nss_builtins_items_214 [] = {
- { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"Verisign Class 3 Public Primary Certification Authority", (PRUint32)56 },
- { (void *)"\241\333\143\223\221\157\027\344\030\125\011\100\004\025\307\002"
-"\100\260\256\153"
-, (PRUint32)20 },
- { (void *)"\357\132\361\063\357\361\315\273\121\002\356\022\024\113\226\304"
-, (PRUint32)16 },
- { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
-"\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151"
-"\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004"
-"\013\023\056\103\154\141\163\163\040\063\040\120\165\142\154\151"
-"\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146"
-"\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164"
-"\171"
-, (PRUint32)97 },
- { (void *)"\002\020\074\221\061\313\037\366\320\033\016\232\270\320\104\277"
-"\022\276"
-, (PRUint32)18 },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
-};
-static const NSSItem nss_builtins_items_215 [] = {
+static const NSSItem nss_builtins_items_197 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14419,7 +13161,7 @@
"\202\042\055\172\124\253\160\303\175\042\145\202\160\226"
, (PRUint32)1038 }
};
-static const NSSItem nss_builtins_items_216 [] = {
+static const NSSItem nss_builtins_items_198 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14447,7 +13189,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_217 [] = {
+static const NSSItem nss_builtins_items_199 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14526,7 +13268,7 @@
"\130\077\137"
, (PRUint32)867 }
};
-static const NSSItem nss_builtins_items_218 [] = {
+static const NSSItem nss_builtins_items_200 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14550,7 +13292,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_219 [] = {
+static const NSSItem nss_builtins_items_201 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14674,7 +13416,7 @@
"\156\117\022\176\012\074\235\225"
, (PRUint32)1560 }
};
-static const NSSItem nss_builtins_items_220 [] = {
+static const NSSItem nss_builtins_items_202 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14699,7 +13441,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_221 [] = {
+static const NSSItem nss_builtins_items_203 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14818,7 +13560,7 @@
"\333\374\046\210\307"
, (PRUint32)1525 }
};
-static const NSSItem nss_builtins_items_222 [] = {
+static const NSSItem nss_builtins_items_204 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14842,7 +13584,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_223 [] = {
+static const NSSItem nss_builtins_items_205 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -14998,7 +13740,7 @@
"\167\110\320"
, (PRUint32)1875 }
};
-static const NSSItem nss_builtins_items_224 [] = {
+static const NSSItem nss_builtins_items_206 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15029,7 +13771,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_225 [] = {
+static const NSSItem nss_builtins_items_207 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15182,7 +13924,7 @@
"\351\233\256\325\124\300\164\200\321\013\102\237\301"
, (PRUint32)1869 }
};
-static const NSSItem nss_builtins_items_226 [] = {
+static const NSSItem nss_builtins_items_208 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15212,7 +13954,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_227 [] = {
+static const NSSItem nss_builtins_items_209 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15348,7 +14090,7 @@
"\242\355\264\324\265\145\103\267\223\106\212\323"
, (PRUint32)1532 }
};
-static const NSSItem nss_builtins_items_228 [] = {
+static const NSSItem nss_builtins_items_210 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15378,7 +14120,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_229 [] = {
+static const NSSItem nss_builtins_items_211 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15529,7 +14271,7 @@
"\264"
, (PRUint32)1761 }
};
-static const NSSItem nss_builtins_items_230 [] = {
+static const NSSItem nss_builtins_items_212 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15559,7 +14301,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_231 [] = {
+static const NSSItem nss_builtins_items_213 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15695,7 +14437,7 @@
"\111\043"
, (PRUint32)1522 }
};
-static const NSSItem nss_builtins_items_232 [] = {
+static const NSSItem nss_builtins_items_214 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15725,7 +14467,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_233 [] = {
+static const NSSItem nss_builtins_items_215 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15860,7 +14602,7 @@
"\172\244\047\023\326\117\364\151"
, (PRUint32)1512 }
};
-static const NSSItem nss_builtins_items_234 [] = {
+static const NSSItem nss_builtins_items_216 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -15890,7 +14632,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_235 [] = {
+static const NSSItem nss_builtins_items_217 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16026,7 +14768,7 @@
"\302\021\254"
, (PRUint32)1523 }
};
-static const NSSItem nss_builtins_items_236 [] = {
+static const NSSItem nss_builtins_items_218 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16056,7 +14798,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_237 [] = {
+static const NSSItem nss_builtins_items_219 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16192,7 +14934,7 @@
"\147\024\060"
, (PRUint32)1523 }
};
-static const NSSItem nss_builtins_items_238 [] = {
+static const NSSItem nss_builtins_items_220 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16222,7 +14964,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_239 [] = {
+static const NSSItem nss_builtins_items_221 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16356,7 +15098,7 @@
"\217\116\235\306\066\347\134\246\253\022\017\326\317"
, (PRUint32)1501 }
};
-static const NSSItem nss_builtins_items_240 [] = {
+static const NSSItem nss_builtins_items_222 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16386,7 +15128,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_241 [] = {
+static const NSSItem nss_builtins_items_223 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16520,7 +15262,7 @@
"\130\113\161\203\237\146\346\254\171\110\376\376\107"
, (PRUint32)1501 }
};
-static const NSSItem nss_builtins_items_242 [] = {
+static const NSSItem nss_builtins_items_224 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16550,7 +15292,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_243 [] = {
+static const NSSItem nss_builtins_items_225 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16685,7 +15427,7 @@
"\200\246\202\254\344\154\201\106\273\122\205\040\044\370\200\352"
, (PRUint32)1520 }
};
-static const NSSItem nss_builtins_items_244 [] = {
+static const NSSItem nss_builtins_items_226 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16715,7 +15457,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_245 [] = {
+static const NSSItem nss_builtins_items_227 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16808,7 +15550,7 @@
"\342\342\104\276\134\367\352\034\365"
, (PRUint32)969 }
};
-static const NSSItem nss_builtins_items_246 [] = {
+static const NSSItem nss_builtins_items_228 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16836,7 +15578,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_247 [] = {
+static const NSSItem nss_builtins_items_229 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16933,7 +15675,7 @@
"\364"
, (PRUint32)993 }
};
-static const NSSItem nss_builtins_items_248 [] = {
+static const NSSItem nss_builtins_items_230 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -16962,7 +15704,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_249 [] = {
+static const NSSItem nss_builtins_items_231 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17060,7 +15802,7 @@
"\261\050\272"
, (PRUint32)1011 }
};
-static const NSSItem nss_builtins_items_250 [] = {
+static const NSSItem nss_builtins_items_232 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17089,7 +15831,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_251 [] = {
+static const NSSItem nss_builtins_items_233 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17166,7 +15908,7 @@
"\007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357"
, (PRUint32)848 }
};
-static const NSSItem nss_builtins_items_252 [] = {
+static const NSSItem nss_builtins_items_234 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17190,7 +15932,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_253 [] = {
+static const NSSItem nss_builtins_items_235 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17267,7 +16009,7 @@
"\355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333"
, (PRUint32)848 }
};
-static const NSSItem nss_builtins_items_254 [] = {
+static const NSSItem nss_builtins_items_236 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17291,7 +16033,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_255 [] = {
+static const NSSItem nss_builtins_items_237 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17400,7 +16142,7 @@
"\051\340\266\270\011\150\031\034\030\103"
, (PRUint32)1354 }
};
-static const NSSItem nss_builtins_items_256 [] = {
+static const NSSItem nss_builtins_items_238 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17424,7 +16166,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_257 [] = {
+static const NSSItem nss_builtins_items_239 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17481,7 +16223,7 @@
"\214\171"
, (PRUint32)514 }
};
-static const NSSItem nss_builtins_items_258 [] = {
+static const NSSItem nss_builtins_items_240 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17505,7 +16247,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_259 [] = {
+static const NSSItem nss_builtins_items_241 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17595,7 +16337,7 @@
"\326\267\064\365\176\316\071\232\331\070\361\121\367\117\054"
, (PRUint32)959 }
};
-static const NSSItem nss_builtins_items_260 [] = {
+static const NSSItem nss_builtins_items_242 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17622,7 +16364,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_261 [] = {
+static const NSSItem nss_builtins_items_243 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17740,7 +16482,7 @@
"\377\276\013\166\026\136\067\067\346\330\164\227\242\231\105\171"
, (PRUint32)1440 }
};
-static const NSSItem nss_builtins_items_262 [] = {
+static const NSSItem nss_builtins_items_244 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17766,7 +16508,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_263 [] = {
+static const NSSItem nss_builtins_items_245 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17899,7 +16641,7 @@
"\304\163\304\163\030\137\120\165\026\061\237\267\350\174\303"
, (PRUint32)1679 }
};
-static const NSSItem nss_builtins_items_264 [] = {
+static const NSSItem nss_builtins_items_246 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -17925,7 +16667,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_265 [] = {
+static const NSSItem nss_builtins_items_247 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18009,7 +16751,7 @@
"\274\060\376\173\016\063\220\373\355\322\024\221\037\007\257"
, (PRUint32)895 }
};
-static const NSSItem nss_builtins_items_266 [] = {
+static const NSSItem nss_builtins_items_248 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18035,7 +16777,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_267 [] = {
+static const NSSItem nss_builtins_items_249 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18153,7 +16895,7 @@
"\262\345\214\360\206\231\270\345\305\337\204\301\267\353"
, (PRUint32)1422 }
};
-static const NSSItem nss_builtins_items_268 [] = {
+static const NSSItem nss_builtins_items_250 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18180,7 +16922,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_269 [] = {
+static const NSSItem nss_builtins_items_251 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18264,7 +17006,7 @@
"\136\121\026\053\076"
, (PRUint32)885 }
};
-static const NSSItem nss_builtins_items_270 [] = {
+static const NSSItem nss_builtins_items_252 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18290,7 +17032,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_271 [] = {
+static const NSSItem nss_builtins_items_253 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18403,7 +17145,7 @@
"\214\360\340\050\006\042\267\046\101"
, (PRUint32)1353 }
};
-static const NSSItem nss_builtins_items_272 [] = {
+static const NSSItem nss_builtins_items_254 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18429,7 +17171,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_273 [] = {
+static const NSSItem nss_builtins_items_255 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18532,7 +17274,7 @@
"\041\225\305\242\165"
, (PRUint32)1285 }
};
-static const NSSItem nss_builtins_items_274 [] = {
+static const NSSItem nss_builtins_items_256 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18555,7 +17297,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_275 [] = {
+static const NSSItem nss_builtins_items_257 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18657,7 +17399,7 @@
"\132\145"
, (PRUint32)1170 }
};
-static const NSSItem nss_builtins_items_276 [] = {
+static const NSSItem nss_builtins_items_258 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18683,7 +17425,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_277 [] = {
+static const NSSItem nss_builtins_items_259 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18815,7 +17557,7 @@
"\244\363\116\272\067\230\173\202\271"
, (PRUint32)1689 }
};
-static const NSSItem nss_builtins_items_278 [] = {
+static const NSSItem nss_builtins_items_260 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18840,7 +17582,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_279 [] = {
+static const NSSItem nss_builtins_items_261 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18931,7 +17673,7 @@
"\131"
, (PRUint32)977 }
};
-static const NSSItem nss_builtins_items_280 [] = {
+static const NSSItem nss_builtins_items_262 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -18958,7 +17700,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_281 [] = {
+static const NSSItem nss_builtins_items_263 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19069,7 +17811,7 @@
"\355\020\342\305"
, (PRUint32)1236 }
};
-static const NSSItem nss_builtins_items_282 [] = {
+static const NSSItem nss_builtins_items_264 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19100,7 +17842,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_283 [] = {
+static const NSSItem nss_builtins_items_265 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19182,7 +17924,7 @@
"\201\050\174\247\175\047\353\000\256\215\067"
, (PRUint32)891 }
};
-static const NSSItem nss_builtins_items_284 [] = {
+static const NSSItem nss_builtins_items_266 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19207,7 +17949,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_285 [] = {
+static const NSSItem nss_builtins_items_267 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19340,7 +18082,7 @@
"\371\210\075\176\270\157\156\003\344\102"
, (PRUint32)1370 }
};
-static const NSSItem nss_builtins_items_286 [] = {
+static const NSSItem nss_builtins_items_268 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19376,7 +18118,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_287 [] = {
+static const NSSItem nss_builtins_items_269 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19478,7 +18220,7 @@
"\113\321\047\327\270"
, (PRUint32)1077 }
};
-static const NSSItem nss_builtins_items_288 [] = {
+static const NSSItem nss_builtins_items_270 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19507,7 +18249,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_289 [] = {
+static const NSSItem nss_builtins_items_271 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19532,7 +18274,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_290 [] = {
+static const NSSItem nss_builtins_items_272 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19557,7 +18299,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_291 [] = {
+static const NSSItem nss_builtins_items_273 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19677,7 +18419,7 @@
"\216\362\024\212\314\351\265\174\373\154\235\014\245\341\226"
, (PRUint32)1471 }
};
-static const NSSItem nss_builtins_items_292 [] = {
+static const NSSItem nss_builtins_items_274 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19699,11 +18441,11 @@
{ (void *)"\002\010\127\012\021\227\102\304\343\314"
, (PRUint32)10 },
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_293 [] = {
+static const NSSItem nss_builtins_items_275 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19783,7 +18525,7 @@
"\145\353\127\331\363\127\226\273\110\315\201"
, (PRUint32)875 }
};
-static const NSSItem nss_builtins_items_294 [] = {
+static const NSSItem nss_builtins_items_276 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19808,7 +18550,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_295 [] = {
+static const NSSItem nss_builtins_items_277 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19959,7 +18701,7 @@
"\177\045\245\362\110\000\300\244\001\332\077"
, (PRUint32)1931 }
};
-static const NSSItem nss_builtins_items_296 [] = {
+static const NSSItem nss_builtins_items_278 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -19986,7 +18728,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_297 [] = {
+static const NSSItem nss_builtins_items_279 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20099,7 +18841,7 @@
"\127\055\366\320\341\327\110"
, (PRUint32)1383 }
};
-static const NSSItem nss_builtins_items_298 [] = {
+static const NSSItem nss_builtins_items_280 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20124,7 +18866,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_299 [] = {
+static const NSSItem nss_builtins_items_281 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20234,7 +18976,7 @@
"\327\201\011\361\311\307\046\015\254\230\026\126\240"
, (PRUint32)1373 }
};
-static const NSSItem nss_builtins_items_300 [] = {
+static const NSSItem nss_builtins_items_282 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20258,7 +19000,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_301 [] = {
+static const NSSItem nss_builtins_items_283 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20368,7 +19110,7 @@
"\061\356\006\274\163\277\023\142\012\237\307\271\227"
, (PRUint32)1373 }
};
-static const NSSItem nss_builtins_items_302 [] = {
+static const NSSItem nss_builtins_items_284 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20392,7 +19134,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_303 [] = {
+static const NSSItem nss_builtins_items_285 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20485,7 +19227,7 @@
"\116\223\303\244\124\024\133"
, (PRUint32)967 }
};
-static const NSSItem nss_builtins_items_304 [] = {
+static const NSSItem nss_builtins_items_286 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20513,7 +19255,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_305 [] = {
+static const NSSItem nss_builtins_items_287 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20609,7 +19351,7 @@
"\307\314\165\301\226\305\235"
, (PRUint32)1031 }
};
-static const NSSItem nss_builtins_items_306 [] = {
+static const NSSItem nss_builtins_items_288 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20637,7 +19379,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_307 [] = {
+static const NSSItem nss_builtins_items_289 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20662,7 +19404,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_308 [] = {
+static const NSSItem nss_builtins_items_290 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20687,7 +19429,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_309 [] = {
+static const NSSItem nss_builtins_items_291 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20796,7 +19538,7 @@
"\175"
, (PRUint32)1089 }
};
-static const NSSItem nss_builtins_items_310 [] = {
+static const NSSItem nss_builtins_items_292 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20828,7 +19570,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_311 [] = {
+static const NSSItem nss_builtins_items_293 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20920,7 +19662,7 @@
"\164\145\327\134\376\243\342"
, (PRUint32)1079 }
};
-static const NSSItem nss_builtins_items_312 [] = {
+static const NSSItem nss_builtins_items_294 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -20944,7 +19686,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_313 [] = {
+static const NSSItem nss_builtins_items_295 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21039,7 +19781,7 @@
"\352\237\026\361\054\124\265"
, (PRUint32)1095 }
};
-static const NSSItem nss_builtins_items_314 [] = {
+static const NSSItem nss_builtins_items_296 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21064,7 +19806,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_315 [] = {
+static const NSSItem nss_builtins_items_297 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21264,7 +20006,7 @@
"\376\206\364\274\340\032\161\263\142\246"
, (PRUint32)2442 }
};
-static const NSSItem nss_builtins_items_316 [] = {
+static const NSSItem nss_builtins_items_298 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21302,7 +20044,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_317 [] = {
+static const NSSItem nss_builtins_items_299 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21398,7 +20140,7 @@
"\303\055\375\024\052\220\231\271\007\314\237"
, (PRUint32)1019 }
};
-static const NSSItem nss_builtins_items_318 [] = {
+static const NSSItem nss_builtins_items_300 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21426,7 +20168,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_319 [] = {
+static const NSSItem nss_builtins_items_301 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21549,7 +20291,7 @@
"\301\053\022\236\246\236\033\305\346\016\331\061\331"
, (PRUint32)1501 }
};
-static const NSSItem nss_builtins_items_320 [] = {
+static const NSSItem nss_builtins_items_302 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21576,7 +20318,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_321 [] = {
+static const NSSItem nss_builtins_items_303 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21700,7 +20442,7 @@
"\046\277\242\367"
, (PRUint32)1508 }
};
-static const NSSItem nss_builtins_items_322 [] = {
+static const NSSItem nss_builtins_items_304 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21727,7 +20469,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_323 [] = {
+static const NSSItem nss_builtins_items_305 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21840,7 +20582,7 @@
"\360\343\355\144\236\075\057\226\122\117\200\123\213"
, (PRUint32)1389 }
};
-static const NSSItem nss_builtins_items_324 [] = {
+static const NSSItem nss_builtins_items_306 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21865,7 +20607,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_325 [] = {
+static const NSSItem nss_builtins_items_307 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -21978,7 +20720,7 @@
"\363\154\033\165\106\243\345\112\027\351\244\327\013"
, (PRUint32)1389 }
};
-static const NSSItem nss_builtins_items_326 [] = {
+static const NSSItem nss_builtins_items_308 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22003,7 +20745,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_327 [] = {
+static const NSSItem nss_builtins_items_309 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22153,7 +20895,7 @@
"\125\064\106\052\213\206\073"
, (PRUint32)2007 }
};
-static const NSSItem nss_builtins_items_328 [] = {
+static const NSSItem nss_builtins_items_310 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22177,7 +20919,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_329 [] = {
+static const NSSItem nss_builtins_items_311 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22288,7 +21030,7 @@
"\053\006\320\004\315"
, (PRUint32)1349 }
};
-static const NSSItem nss_builtins_items_330 [] = {
+static const NSSItem nss_builtins_items_312 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22313,7 +21055,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_331 [] = {
+static const NSSItem nss_builtins_items_313 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22420,7 +21162,7 @@
"\245\240\314\277\323\366\165\244\165\226\155\126"
, (PRUint32)1340 }
};
-static const NSSItem nss_builtins_items_332 [] = {
+static const NSSItem nss_builtins_items_314 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22444,7 +21186,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_333 [] = {
+static const NSSItem nss_builtins_items_315 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22583,7 +21325,7 @@
"\243\253\157\134\035\266\176\350\263\202\064\355\006\134\044"
, (PRUint32)1615 }
};
-static const NSSItem nss_builtins_items_334 [] = {
+static const NSSItem nss_builtins_items_316 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22614,7 +21356,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_335 [] = {
+static const NSSItem nss_builtins_items_317 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22707,7 +21449,7 @@
"\005\047\216\023\241\156\302"
, (PRUint32)967 }
};
-static const NSSItem nss_builtins_items_336 [] = {
+static const NSSItem nss_builtins_items_318 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22735,7 +21477,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_337 [] = {
+static const NSSItem nss_builtins_items_319 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22813,7 +21555,7 @@
"\035\362\376\011\021\260\360\207\173\247\235"
, (PRUint32)891 }
};
-static const NSSItem nss_builtins_items_338 [] = {
+static const NSSItem nss_builtins_items_320 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22836,7 +21578,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_339 [] = {
+static const NSSItem nss_builtins_items_321 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22948,7 +21690,7 @@
"\063\140\345\303"
, (PRUint32)1380 }
};
-static const NSSItem nss_builtins_items_340 [] = {
+static const NSSItem nss_builtins_items_322 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -22973,7 +21715,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_341 [] = {
+static const NSSItem nss_builtins_items_323 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23085,7 +21827,7 @@
"\203\336\177\214"
, (PRUint32)1380 }
};
-static const NSSItem nss_builtins_items_342 [] = {
+static const NSSItem nss_builtins_items_324 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23110,7 +21852,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_343 [] = {
+static const NSSItem nss_builtins_items_325 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23222,7 +21964,7 @@
"\130\371\230\364"
, (PRUint32)1380 }
};
-static const NSSItem nss_builtins_items_344 [] = {
+static const NSSItem nss_builtins_items_326 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23247,7 +21989,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_345 [] = {
+static const NSSItem nss_builtins_items_327 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23334,7 +22076,7 @@
"\042\023\163\154\317\046\365\212\051\347"
, (PRUint32)922 }
};
-static const NSSItem nss_builtins_items_346 [] = {
+static const NSSItem nss_builtins_items_328 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23361,7 +22103,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_347 [] = {
+static const NSSItem nss_builtins_items_329 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23427,7 +22169,7 @@
"\352\226\143\152\145\105\222\225\001\264"
, (PRUint32)586 }
};
-static const NSSItem nss_builtins_items_348 [] = {
+static const NSSItem nss_builtins_items_330 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23454,7 +22196,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_349 [] = {
+static const NSSItem nss_builtins_items_331 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23541,7 +22283,7 @@
"\062\266"
, (PRUint32)914 }
};
-static const NSSItem nss_builtins_items_350 [] = {
+static const NSSItem nss_builtins_items_332 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23568,7 +22310,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_351 [] = {
+static const NSSItem nss_builtins_items_333 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23634,7 +22376,7 @@
"\263\047\027"
, (PRUint32)579 }
};
-static const NSSItem nss_builtins_items_352 [] = {
+static const NSSItem nss_builtins_items_334 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23661,7 +22403,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_353 [] = {
+static const NSSItem nss_builtins_items_335 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23780,7 +22522,7 @@
"\317\363\146\176"
, (PRUint32)1428 }
};
-static const NSSItem nss_builtins_items_354 [] = {
+static const NSSItem nss_builtins_items_336 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23807,7 +22549,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_355 [] = {
+static const NSSItem nss_builtins_items_337 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23922,7 +22664,7 @@
"\171\356\104\206\276\327\036\344\036\373"
, (PRUint32)1402 }
};
-static const NSSItem nss_builtins_items_356 [] = {
+static const NSSItem nss_builtins_items_338 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -23948,7 +22690,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_357 [] = {
+static const NSSItem nss_builtins_items_339 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24059,7 +22801,7 @@
"\234\313\051\213\070\112\013\016\220\215\272\241"
, (PRUint32)1372 }
};
-static const NSSItem nss_builtins_items_358 [] = {
+static const NSSItem nss_builtins_items_340 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24084,7 +22826,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_359 [] = {
+static const NSSItem nss_builtins_items_341 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24211,7 +22953,7 @@
"\065\123\205\006\112\135\237\255\273\033\137\164"
, (PRUint32)1500 }
};
-static const NSSItem nss_builtins_items_360 [] = {
+static const NSSItem nss_builtins_items_342 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24240,7 +22982,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_361 [] = {
+static const NSSItem nss_builtins_items_343 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24368,7 +23110,7 @@
"\250\375"
, (PRUint32)1506 }
};
-static const NSSItem nss_builtins_items_362 [] = {
+static const NSSItem nss_builtins_items_344 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24397,7 +23139,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_363 [] = {
+static const NSSItem nss_builtins_items_345 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24472,7 +23214,7 @@
"\127\152\030"
, (PRUint32)659 }
};
-static const NSSItem nss_builtins_items_364 [] = {
+static const NSSItem nss_builtins_items_346 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24501,7 +23243,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_365 [] = {
+static const NSSItem nss_builtins_items_347 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24559,7 +23301,7 @@
"\173\013\370\237\204"
, (PRUint32)485 }
};
-static const NSSItem nss_builtins_items_366 [] = {
+static const NSSItem nss_builtins_items_348 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24585,7 +23327,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_367 [] = {
+static const NSSItem nss_builtins_items_349 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24647,7 +23389,7 @@
"\220\067"
, (PRUint32)546 }
};
-static const NSSItem nss_builtins_items_368 [] = {
+static const NSSItem nss_builtins_items_350 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24673,7 +23415,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_369 [] = {
+static const NSSItem nss_builtins_items_351 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24797,7 +23539,7 @@
"\145\110\041\012\057\327\334\176\240\314\145\176\171"
, (PRUint32)1341 }
};
-static const NSSItem nss_builtins_items_370 [] = {
+static const NSSItem nss_builtins_items_352 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24830,7 +23572,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_371 [] = {
+static const NSSItem nss_builtins_items_353 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24944,7 +23686,7 @@
"\367\200\173\041\147\047\060\131"
, (PRUint32)1400 }
};
-static const NSSItem nss_builtins_items_372 [] = {
+static const NSSItem nss_builtins_items_354 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -24969,7 +23711,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_373 [] = {
+static const NSSItem nss_builtins_items_355 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25083,7 +23825,7 @@
"\356\354\327\056"
, (PRUint32)1396 }
};
-static const NSSItem nss_builtins_items_374 [] = {
+static const NSSItem nss_builtins_items_356 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25108,7 +23850,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_375 [] = {
+static const NSSItem nss_builtins_items_357 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25220,7 +23962,7 @@
"\272\204\156\207"
, (PRUint32)1380 }
};
-static const NSSItem nss_builtins_items_376 [] = {
+static const NSSItem nss_builtins_items_358 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25245,7 +23987,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_377 [] = {
+static const NSSItem nss_builtins_items_359 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25357,7 +24099,7 @@
"\267\254\266\255\267\312\076\001\357\234"
, (PRUint32)1386 }
};
-static const NSSItem nss_builtins_items_378 [] = {
+static const NSSItem nss_builtins_items_360 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25382,7 +24124,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_379 [] = {
+static const NSSItem nss_builtins_items_361 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25477,7 +24219,7 @@
"\073\303\035\374\377\262\117\250\342\366\060\036"
, (PRUint32)988 }
};
-static const NSSItem nss_builtins_items_380 [] = {
+static const NSSItem nss_builtins_items_362 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25506,7 +24248,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_381 [] = {
+static const NSSItem nss_builtins_items_363 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25615,7 +24357,7 @@
"\105\366"
, (PRUint32)1090 }
};
-static const NSSItem nss_builtins_items_382 [] = {
+static const NSSItem nss_builtins_items_364 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25647,7 +24389,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_383 [] = {
+static const NSSItem nss_builtins_items_365 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25735,7 +24477,7 @@
"\231\267\046\101\133\045\140\256\320\110\032\356\006"
, (PRUint32)765 }
};
-static const NSSItem nss_builtins_items_384 [] = {
+static const NSSItem nss_builtins_items_366 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25767,7 +24509,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_385 [] = {
+static const NSSItem nss_builtins_items_367 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25883,7 +24625,7 @@
"\056"
, (PRUint32)1425 }
};
-static const NSSItem nss_builtins_items_386 [] = {
+static const NSSItem nss_builtins_items_368 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -25908,7 +24650,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_387 [] = {
+static const NSSItem nss_builtins_items_369 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26004,7 +24746,7 @@
"\102\013\102\222\263\344"
, (PRUint32)1174 }
};
-static const NSSItem nss_builtins_items_388 [] = {
+static const NSSItem nss_builtins_items_370 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26027,7 +24769,7 @@
{ (void *)&ckt_nss_not_trusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_389 [] = {
+static const NSSItem nss_builtins_items_371 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26132,7 +24874,7 @@
"\372\253\101\341\113\266\065\013\300\233\025"
, (PRUint32)1067 }
};
-static const NSSItem nss_builtins_items_390 [] = {
+static const NSSItem nss_builtins_items_372 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26163,7 +24905,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_391 [] = {
+static const NSSItem nss_builtins_items_373 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26268,7 +25010,7 @@
"\264\013\230\113\050\136\257\210\130\313"
, (PRUint32)1066 }
};
-static const NSSItem nss_builtins_items_392 [] = {
+static const NSSItem nss_builtins_items_374 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26299,7 +25041,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_393 [] = {
+static const NSSItem nss_builtins_items_375 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26415,7 +25157,7 @@
"\153\206\102\006\271\101"
, (PRUint32)1430 }
};
-static const NSSItem nss_builtins_items_394 [] = {
+static const NSSItem nss_builtins_items_376 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26440,7 +25182,7 @@
{ (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_395 [] = {
+static const NSSItem nss_builtins_items_377 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26529,7 +25271,7 @@
"\065\255\201\307\116\161\272\210\023"
, (PRUint32)953 }
};
-static const NSSItem nss_builtins_items_396 [] = {
+static const NSSItem nss_builtins_items_378 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26556,7 +25298,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_397 [] = {
+static const NSSItem nss_builtins_items_379 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26639,7 +25381,7 @@
"\217\271\312\314\156\201\061\366\173\234\172\171\344\147\161\030"
, (PRUint32)896 }
};
-static const NSSItem nss_builtins_items_398 [] = {
+static const NSSItem nss_builtins_items_380 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26665,7 +25407,7 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
-static const NSSItem nss_builtins_items_399 [] = {
+static const NSSItem nss_builtins_items_381 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26723,7 +25465,7 @@
"\056\153\361\221\262\220\145\364\232\346\220\356\112"
, (PRUint32)525 }
};
-static const NSSItem nss_builtins_items_400 [] = {
+static const NSSItem nss_builtins_items_382 [] = {
{ (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -26748,6 +25490,271 @@
{ (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
+static const NSSItem nss_builtins_items_383 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"SZAFIR ROOT CA2", (PRUint32)16 },
+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+ { (void *)"\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061"
+"\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167"
+"\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156"
+"\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125"
+"\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040"
+"\103\101\062"
+, (PRUint32)83 },
+ { (void *)"0", (PRUint32)2 },
+ { (void *)"\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061"
+"\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167"
+"\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156"
+"\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125"
+"\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040"
+"\103\101\062"
+, (PRUint32)83 },
+ { (void *)"\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001"
+"\353\055\334\344\326\344"
+, (PRUint32)22 },
+ { (void *)"\060\202\003\162\060\202\002\132\240\003\002\001\002\002\024\076"
+"\212\135\007\354\125\322\062\325\267\343\266\137\001\353\055\334"
+"\344\326\344\060\015\006\011\052\206\110\206\367\015\001\001\013"
+"\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\120"
+"\114\061\050\060\046\006\003\125\004\012\014\037\113\162\141\152"
+"\157\167\141\040\111\172\142\141\040\122\157\172\154\151\143\172"
+"\145\156\151\157\167\141\040\123\056\101\056\061\030\060\026\006"
+"\003\125\004\003\014\017\123\132\101\106\111\122\040\122\117\117"
+"\124\040\103\101\062\060\036\027\015\061\065\061\060\061\071\060"
+"\067\064\063\063\060\132\027\015\063\065\061\060\061\071\060\067"
+"\064\063\063\060\132\060\121\061\013\060\011\006\003\125\004\006"
+"\023\002\120\114\061\050\060\046\006\003\125\004\012\014\037\113"
+"\162\141\152\157\167\141\040\111\172\142\141\040\122\157\172\154"
+"\151\143\172\145\156\151\157\167\141\040\123\056\101\056\061\030"
+"\060\026\006\003\125\004\003\014\017\123\132\101\106\111\122\040"
+"\122\117\117\124\040\103\101\062\060\202\001\042\060\015\006\011"
+"\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000"
+"\060\202\001\012\002\202\001\001\000\267\274\076\120\250\113\315"
+"\100\265\316\141\347\226\312\264\241\332\014\042\260\372\265\173"
+"\166\000\167\214\013\317\175\250\206\314\046\121\344\040\075\205"
+"\014\326\130\343\347\364\052\030\235\332\321\256\046\356\353\123"
+"\334\364\220\326\023\112\014\220\074\303\364\332\322\216\015\222"
+"\072\334\261\261\377\070\336\303\272\055\137\200\271\002\275\112"
+"\235\033\017\264\303\302\301\147\003\335\334\033\234\075\263\260"
+"\336\000\036\250\064\107\273\232\353\376\013\024\275\066\204\332"
+"\015\040\277\372\133\313\251\026\040\255\071\140\356\057\165\266"
+"\347\227\234\371\076\375\176\115\157\115\057\357\210\015\152\372"
+"\335\361\075\156\040\245\240\022\264\115\160\271\316\327\162\073"
+"\211\223\247\200\204\034\047\111\162\111\265\377\073\225\236\301"
+"\314\310\001\354\350\016\212\012\226\347\263\246\207\345\326\371"
+"\005\053\015\227\100\160\074\272\254\165\132\234\325\115\235\002"
+"\012\322\113\233\146\113\106\007\027\145\255\237\154\210\000\334"
+"\042\211\340\341\144\324\147\274\061\171\141\074\273\312\101\315"
+"\134\152\000\310\074\070\216\130\257\002\003\001\000\001\243\102"
+"\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003"
+"\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003"
+"\002\001\006\060\035\006\003\125\035\016\004\026\004\024\056\026"
+"\251\112\030\265\313\314\365\157\120\363\043\137\370\135\347\254"
+"\360\310\060\015\006\011\052\206\110\206\367\015\001\001\013\005"
+"\000\003\202\001\001\000\265\163\370\003\334\131\133\035\166\351"
+"\243\052\173\220\050\262\115\300\063\117\252\232\261\324\270\344"
+"\047\377\251\226\231\316\106\340\155\174\114\242\070\244\006\160"
+"\360\364\101\021\354\077\107\215\077\162\207\371\073\375\244\157"
+"\053\123\000\340\377\071\271\152\007\016\353\035\034\366\242\162"
+"\220\313\202\075\021\202\213\322\273\237\052\257\041\346\143\206"
+"\235\171\031\357\367\273\014\065\220\303\212\355\117\017\365\314"
+"\022\331\244\076\273\240\374\040\225\137\117\046\057\021\043\203"
+"\116\165\007\017\277\233\321\264\035\351\020\004\376\312\140\217"
+"\242\114\270\255\317\341\220\017\315\256\012\307\135\173\267\120"
+"\322\324\141\372\325\025\333\327\237\207\121\124\353\245\343\353"
+"\311\205\240\045\040\067\373\216\316\014\064\204\341\074\201\262"
+"\167\116\103\245\210\137\206\147\241\075\346\264\134\141\266\076"
+"\333\376\267\050\305\242\007\256\265\312\312\215\052\022\357\227"
+"\355\302\060\244\311\052\172\373\363\115\043\033\231\063\064\240"
+"\056\365\251\013\077\324\135\341\317\204\237\342\031\302\137\212"
+"\326\040\036\343\163\267"
+, (PRUint32)886 }
+};
+static const NSSItem nss_builtins_items_384 [] = {
+ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"SZAFIR ROOT CA2", (PRUint32)16 },
+ { (void *)"\342\122\372\225\077\355\333\044\140\275\156\050\363\234\314\317"
+"\136\263\077\336"
+, (PRUint32)20 },
+ { (void *)"\021\144\301\211\260\044\261\214\261\007\176\211\236\121\236\231"
+, (PRUint32)16 },
+ { (void *)"\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061"
+"\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167"
+"\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156"
+"\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125"
+"\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040"
+"\103\101\062"
+, (PRUint32)83 },
+ { (void *)"\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001"
+"\353\055\334\344\326\344"
+, (PRUint32)22 },
+ { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_385 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Certum Trusted Network CA 2", (PRUint32)28 },
+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+ { (void *)"\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114"
+"\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145"
+"\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040"
+"\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103"
+"\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164"
+"\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060"
+"\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124"
+"\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103"
+"\101\040\062"
+, (PRUint32)131 },
+ { (void *)"0", (PRUint32)2 },
+ { (void *)"\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114"
+"\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145"
+"\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040"
+"\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103"
+"\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164"
+"\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060"
+"\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124"
+"\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103"
+"\101\040\062"
+, (PRUint32)131 },
+ { (void *)"\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022"
+"\215\351"
+, (PRUint32)18 },
+ { (void *)"\060\202\005\322\060\202\003\272\240\003\002\001\002\002\020\041"
+"\326\320\112\117\045\017\311\062\067\374\252\136\022\215\351\060"
+"\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\201"
+"\200\061\013\060\011\006\003\125\004\006\023\002\120\114\061\042"
+"\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164\157"
+"\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123\056"
+"\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145\162"
+"\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151\157"
+"\156\040\101\165\164\150\157\162\151\164\171\061\044\060\042\006"
+"\003\125\004\003\023\033\103\145\162\164\165\155\040\124\162\165"
+"\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101\040"
+"\062\060\042\030\017\062\060\061\061\061\060\060\066\060\070\063"
+"\071\065\066\132\030\017\062\060\064\066\061\060\060\066\060\070"
+"\063\071\065\066\132\060\201\200\061\013\060\011\006\003\125\004"
+"\006\023\002\120\114\061\042\060\040\006\003\125\004\012\023\031"
+"\125\156\151\172\145\164\157\040\124\145\143\150\156\157\154\157"
+"\147\151\145\163\040\123\056\101\056\061\047\060\045\006\003\125"
+"\004\013\023\036\103\145\162\164\165\155\040\103\145\162\164\151"
+"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151"
+"\164\171\061\044\060\042\006\003\125\004\003\023\033\103\145\162"
+"\164\165\155\040\124\162\165\163\164\145\144\040\116\145\164\167"
+"\157\162\153\040\103\101\040\062\060\202\002\042\060\015\006\011"
+"\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000"
+"\060\202\002\012\002\202\002\001\000\275\371\170\370\346\325\200"
+"\014\144\235\206\033\226\144\147\077\042\072\036\165\001\175\357"
+"\373\134\147\214\311\314\134\153\251\221\346\271\102\345\040\113"
+"\233\332\233\173\271\231\135\331\233\200\113\327\204\100\053\047"
+"\323\350\272\060\273\076\011\032\247\111\225\357\053\100\044\302"
+"\227\307\247\356\233\045\357\250\012\000\227\205\132\252\235\334"
+"\051\311\342\065\007\353\160\115\112\326\301\263\126\270\241\101"
+"\070\233\321\373\061\177\217\340\137\341\261\077\017\216\026\111"
+"\140\327\006\215\030\371\252\046\020\253\052\323\320\321\147\215"
+"\033\106\276\107\060\325\056\162\321\305\143\332\347\143\171\104"
+"\176\113\143\044\211\206\056\064\077\051\114\122\213\052\247\300"
+"\342\221\050\211\271\300\133\371\035\331\347\047\255\377\232\002"
+"\227\301\306\120\222\233\002\054\275\251\271\064\131\012\277\204"
+"\112\377\337\376\263\237\353\331\236\340\230\043\354\246\153\167"
+"\026\052\333\314\255\073\034\244\207\334\106\163\136\031\142\150"
+"\105\127\344\220\202\102\273\102\326\360\141\340\301\243\075\146"
+"\243\135\364\030\356\210\311\215\027\105\051\231\062\165\002\061"
+"\356\051\046\310\153\002\346\265\142\105\177\067\025\132\043\150"
+"\211\324\076\336\116\047\260\360\100\014\274\115\027\313\115\242"
+"\263\036\320\006\132\335\366\223\317\127\165\231\365\372\206\032"
+"\147\170\263\277\226\376\064\334\275\347\122\126\345\263\345\165"
+"\173\327\101\221\005\334\135\151\343\225\015\103\271\374\203\226"
+"\071\225\173\154\200\132\117\023\162\306\327\175\051\172\104\272"
+"\122\244\052\325\101\106\011\040\376\042\240\266\133\060\215\274"
+"\211\014\325\327\160\370\207\122\375\332\357\254\121\056\007\263"
+"\116\376\320\011\332\160\357\230\372\126\346\155\333\265\127\113"
+"\334\345\054\045\025\310\236\056\170\116\370\332\234\236\206\054"
+"\312\127\363\032\345\310\222\213\032\202\226\172\303\274\120\022"
+"\151\330\016\132\106\213\072\353\046\372\043\311\266\260\201\276"
+"\102\000\244\370\326\376\060\056\307\322\106\366\345\216\165\375"
+"\362\314\271\320\207\133\314\006\020\140\273\203\065\267\136\147"
+"\336\107\354\231\110\361\244\241\025\376\255\214\142\216\071\125"
+"\117\071\026\271\261\143\235\377\267\002\003\001\000\001\243\102"
+"\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003"
+"\001\001\377\060\035\006\003\125\035\016\004\026\004\024\266\241"
+"\124\071\002\303\240\077\216\212\274\372\324\370\034\246\321\072"
+"\016\375\060\016\006\003\125\035\017\001\001\377\004\004\003\002"
+"\001\006\060\015\006\011\052\206\110\206\367\015\001\001\015\005"
+"\000\003\202\002\001\000\161\245\016\316\344\351\277\077\070\325"
+"\211\132\304\002\141\373\114\305\024\027\055\213\117\123\153\020"
+"\027\374\145\204\307\020\111\220\336\333\307\046\223\210\046\157"
+"\160\326\002\136\071\240\367\217\253\226\265\245\023\134\201\024"
+"\155\016\201\202\021\033\212\116\306\117\245\335\142\036\104\337"
+"\011\131\364\133\167\013\067\351\213\040\306\370\012\116\056\130"
+"\034\353\063\320\317\206\140\311\332\373\200\057\236\114\140\204"
+"\170\075\041\144\326\373\101\037\030\017\347\311\165\161\275\275"
+"\134\336\064\207\076\101\260\016\366\271\326\077\011\023\226\024"
+"\057\336\232\035\132\271\126\316\065\072\260\137\160\115\136\343"
+"\051\361\043\050\162\131\266\253\302\214\146\046\034\167\054\046"
+"\166\065\213\050\247\151\240\371\073\365\043\335\205\020\164\311"
+"\220\003\126\221\347\257\272\107\324\022\227\021\042\343\242\111"
+"\224\154\347\267\224\113\272\055\244\332\063\213\114\246\104\377"
+"\132\074\306\035\144\330\265\061\344\246\074\172\250\127\013\333"
+"\355\141\032\313\361\316\163\167\143\244\207\157\114\121\070\326"
+"\344\137\307\237\266\201\052\344\205\110\171\130\136\073\370\333"
+"\002\202\147\301\071\333\303\164\113\075\066\036\371\051\223\210"
+"\150\133\250\104\031\041\360\247\350\201\015\054\350\223\066\264"
+"\067\262\312\260\033\046\172\232\045\037\232\232\200\236\113\052"
+"\077\373\243\232\376\163\062\161\302\236\306\162\341\212\150\047"
+"\361\344\017\264\304\114\245\141\223\370\227\020\007\052\060\045"
+"\251\271\310\161\270\357\150\314\055\176\365\340\176\017\202\250"
+"\157\266\272\154\203\103\167\315\212\222\027\241\236\133\170\026"
+"\075\105\342\063\162\335\341\146\312\231\323\311\305\046\375\015"
+"\150\004\106\256\266\331\233\214\276\031\276\261\306\362\031\343"
+"\134\002\312\054\330\157\112\007\331\311\065\332\100\165\362\304"
+"\247\031\157\236\102\020\230\165\346\225\213\140\274\355\305\022"
+"\327\212\316\325\230\134\126\226\003\305\356\167\006\065\377\317"
+"\344\356\077\023\141\356\333\332\055\205\360\315\256\235\262\030"
+"\011\105\303\222\241\162\027\374\107\266\240\013\054\361\304\336"
+"\103\150\010\152\137\073\360\166\143\373\314\006\054\246\306\342"
+"\016\265\271\276\044\217"
+, (PRUint32)1494 }
+};
+static const NSSItem nss_builtins_items_386 [] = {
+ { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"Certum Trusted Network CA 2", (PRUint32)28 },
+ { (void *)"\323\335\110\076\053\277\114\005\350\257\020\365\372\166\046\317"
+"\323\334\060\222"
+, (PRUint32)20 },
+ { (void *)"\155\106\236\331\045\155\010\043\133\136\164\175\036\047\333\362"
+, (PRUint32)16 },
+ { (void *)"\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114"
+"\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145"
+"\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040"
+"\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103"
+"\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164"
+"\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060"
+"\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124"
+"\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103"
+"\101\040\062"
+, (PRUint32)131 },
+ { (void *)"\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022"
+"\215\351"
+, (PRUint32)18 },
+ { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
builtinsInternalObject
nss_builtins_data[] = {
@@ -26770,12 +25777,12 @@
{ 11, nss_builtins_types_17, nss_builtins_items_17, {NULL} },
{ 13, nss_builtins_types_18, nss_builtins_items_18, {NULL} },
{ 11, nss_builtins_types_19, nss_builtins_items_19, {NULL} },
- { 13, nss_builtins_types_20, nss_builtins_items_20, {NULL} },
+ { 11, nss_builtins_types_20, nss_builtins_items_20, {NULL} },
{ 11, nss_builtins_types_21, nss_builtins_items_21, {NULL} },
- { 13, nss_builtins_types_22, nss_builtins_items_22, {NULL} },
- { 11, nss_builtins_types_23, nss_builtins_items_23, {NULL} },
+ { 11, nss_builtins_types_22, nss_builtins_items_22, {NULL} },
+ { 13, nss_builtins_types_23, nss_builtins_items_23, {NULL} },
{ 11, nss_builtins_types_24, nss_builtins_items_24, {NULL} },
- { 11, nss_builtins_types_25, nss_builtins_items_25, {NULL} },
+ { 13, nss_builtins_types_25, nss_builtins_items_25, {NULL} },
{ 11, nss_builtins_types_26, nss_builtins_items_26, {NULL} },
{ 13, nss_builtins_types_27, nss_builtins_items_27, {NULL} },
{ 11, nss_builtins_types_28, nss_builtins_items_28, {NULL} },
@@ -26885,20 +25892,20 @@
{ 11, nss_builtins_types_132, nss_builtins_items_132, {NULL} },
{ 13, nss_builtins_types_133, nss_builtins_items_133, {NULL} },
{ 11, nss_builtins_types_134, nss_builtins_items_134, {NULL} },
- { 13, nss_builtins_types_135, nss_builtins_items_135, {NULL} },
- { 11, nss_builtins_types_136, nss_builtins_items_136, {NULL} },
- { 13, nss_builtins_types_137, nss_builtins_items_137, {NULL} },
- { 11, nss_builtins_types_138, nss_builtins_items_138, {NULL} },
- { 13, nss_builtins_types_139, nss_builtins_items_139, {NULL} },
- { 11, nss_builtins_types_140, nss_builtins_items_140, {NULL} },
- { 13, nss_builtins_types_141, nss_builtins_items_141, {NULL} },
- { 11, nss_builtins_types_142, nss_builtins_items_142, {NULL} },
- { 13, nss_builtins_types_143, nss_builtins_items_143, {NULL} },
- { 11, nss_builtins_types_144, nss_builtins_items_144, {NULL} },
- { 13, nss_builtins_types_145, nss_builtins_items_145, {NULL} },
- { 11, nss_builtins_types_146, nss_builtins_items_146, {NULL} },
- { 13, nss_builtins_types_147, nss_builtins_items_147, {NULL} },
- { 11, nss_builtins_types_148, nss_builtins_items_148, {NULL} },
+ { 11, nss_builtins_types_135, nss_builtins_items_135, {NULL} },
+ { 13, nss_builtins_types_136, nss_builtins_items_136, {NULL} },
+ { 11, nss_builtins_types_137, nss_builtins_items_137, {NULL} },
+ { 13, nss_builtins_types_138, nss_builtins_items_138, {NULL} },
+ { 11, nss_builtins_types_139, nss_builtins_items_139, {NULL} },
+ { 13, nss_builtins_types_140, nss_builtins_items_140, {NULL} },
+ { 11, nss_builtins_types_141, nss_builtins_items_141, {NULL} },
+ { 13, nss_builtins_types_142, nss_builtins_items_142, {NULL} },
+ { 11, nss_builtins_types_143, nss_builtins_items_143, {NULL} },
+ { 13, nss_builtins_types_144, nss_builtins_items_144, {NULL} },
+ { 11, nss_builtins_types_145, nss_builtins_items_145, {NULL} },
+ { 13, nss_builtins_types_146, nss_builtins_items_146, {NULL} },
+ { 11, nss_builtins_types_147, nss_builtins_items_147, {NULL} },
+ { 13, nss_builtins_types_148, nss_builtins_items_148, {NULL} },
{ 11, nss_builtins_types_149, nss_builtins_items_149, {NULL} },
{ 13, nss_builtins_types_150, nss_builtins_items_150, {NULL} },
{ 11, nss_builtins_types_151, nss_builtins_items_151, {NULL} },
@@ -27022,7 +26029,7 @@
{ 11, nss_builtins_types_269, nss_builtins_items_269, {NULL} },
{ 13, nss_builtins_types_270, nss_builtins_items_270, {NULL} },
{ 11, nss_builtins_types_271, nss_builtins_items_271, {NULL} },
- { 13, nss_builtins_types_272, nss_builtins_items_272, {NULL} },
+ { 11, nss_builtins_types_272, nss_builtins_items_272, {NULL} },
{ 11, nss_builtins_types_273, nss_builtins_items_273, {NULL} },
{ 13, nss_builtins_types_274, nss_builtins_items_274, {NULL} },
{ 11, nss_builtins_types_275, nss_builtins_items_275, {NULL} },
@@ -27058,7 +26065,7 @@
{ 11, nss_builtins_types_305, nss_builtins_items_305, {NULL} },
{ 13, nss_builtins_types_306, nss_builtins_items_306, {NULL} },
{ 11, nss_builtins_types_307, nss_builtins_items_307, {NULL} },
- { 11, nss_builtins_types_308, nss_builtins_items_308, {NULL} },
+ { 13, nss_builtins_types_308, nss_builtins_items_308, {NULL} },
{ 11, nss_builtins_types_309, nss_builtins_items_309, {NULL} },
{ 13, nss_builtins_types_310, nss_builtins_items_310, {NULL} },
{ 11, nss_builtins_types_311, nss_builtins_items_311, {NULL} },
@@ -27136,21 +26143,7 @@
{ 11, nss_builtins_types_383, nss_builtins_items_383, {NULL} },
{ 13, nss_builtins_types_384, nss_builtins_items_384, {NULL} },
{ 11, nss_builtins_types_385, nss_builtins_items_385, {NULL} },
- { 13, nss_builtins_types_386, nss_builtins_items_386, {NULL} },
- { 11, nss_builtins_types_387, nss_builtins_items_387, {NULL} },
- { 13, nss_builtins_types_388, nss_builtins_items_388, {NULL} },
- { 11, nss_builtins_types_389, nss_builtins_items_389, {NULL} },
- { 13, nss_builtins_types_390, nss_builtins_items_390, {NULL} },
- { 11, nss_builtins_types_391, nss_builtins_items_391, {NULL} },
- { 13, nss_builtins_types_392, nss_builtins_items_392, {NULL} },
- { 11, nss_builtins_types_393, nss_builtins_items_393, {NULL} },
- { 13, nss_builtins_types_394, nss_builtins_items_394, {NULL} },
- { 11, nss_builtins_types_395, nss_builtins_items_395, {NULL} },
- { 13, nss_builtins_types_396, nss_builtins_items_396, {NULL} },
- { 11, nss_builtins_types_397, nss_builtins_items_397, {NULL} },
- { 13, nss_builtins_types_398, nss_builtins_items_398, {NULL} },
- { 11, nss_builtins_types_399, nss_builtins_items_399, {NULL} },
- { 13, nss_builtins_types_400, nss_builtins_items_400, {NULL} }
+ { 13, nss_builtins_types_386, nss_builtins_items_386, {NULL} }
};
const PRUint32
-nss_builtins_nObjects = 400;
+nss_builtins_nObjects = 386;
diff --git a/nss/lib/ckfw/builtins/ckbiver.c b/nss/lib/ckfw/builtins/ckbiver.c
index 41783b2..208066c 100644
--- a/nss/lib/ckfw/builtins/ckbiver.c
+++ b/nss/lib/ckfw/builtins/ckbiver.c
@@ -15,5 +15,4 @@
/*
* Version information
*/
-const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs "
- NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING;
+const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING;
diff --git a/nss/lib/ckfw/builtins/constants.c b/nss/lib/ckfw/builtins/constants.c
index 71146e6..f5d267b 100644
--- a/nss/lib/ckfw/builtins/constants.c
+++ b/nss/lib/ckfw/builtins/constants.c
@@ -21,41 +21,44 @@
#endif /* NSSCKBI_H */
const CK_VERSION
-nss_builtins_CryptokiVersion = {
- NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR,
- NSS_BUILTINS_CRYPTOKI_VERSION_MINOR };
+ nss_builtins_CryptokiVersion = {
+ NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR,
+ NSS_BUILTINS_CRYPTOKI_VERSION_MINOR
+ };
const CK_VERSION
-nss_builtins_LibraryVersion = {
- NSS_BUILTINS_LIBRARY_VERSION_MAJOR,
- NSS_BUILTINS_LIBRARY_VERSION_MINOR};
+ nss_builtins_LibraryVersion = {
+ NSS_BUILTINS_LIBRARY_VERSION_MAJOR,
+ NSS_BUILTINS_LIBRARY_VERSION_MINOR
+ };
const CK_VERSION
-nss_builtins_HardwareVersion = {
- NSS_BUILTINS_HARDWARE_VERSION_MAJOR,
- NSS_BUILTINS_HARDWARE_VERSION_MINOR };
+ nss_builtins_HardwareVersion = {
+ NSS_BUILTINS_HARDWARE_VERSION_MAJOR,
+ NSS_BUILTINS_HARDWARE_VERSION_MINOR
+ };
const CK_VERSION
-nss_builtins_FirmwareVersion = {
- NSS_BUILTINS_FIRMWARE_VERSION_MAJOR,
- NSS_BUILTINS_FIRMWARE_VERSION_MINOR };
+ nss_builtins_FirmwareVersion = {
+ NSS_BUILTINS_FIRMWARE_VERSION_MAJOR,
+ NSS_BUILTINS_FIRMWARE_VERSION_MINOR
+ };
-const NSSUTF8
-nss_builtins_ManufacturerID[] = { "Mozilla Foundation" };
+const NSSUTF8
+ nss_builtins_ManufacturerID[] = { "Mozilla Foundation" };
-const NSSUTF8
-nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" };
+const NSSUTF8
+ nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" };
-const NSSUTF8
-nss_builtins_SlotDescription[] = { "NSS Builtin Objects" };
+const NSSUTF8
+ nss_builtins_SlotDescription[] = { "NSS Builtin Objects" };
-const NSSUTF8
-nss_builtins_TokenLabel[] = { "Builtin Object Token" };
+const NSSUTF8
+ nss_builtins_TokenLabel[] = { "Builtin Object Token" };
-const NSSUTF8
-nss_builtins_TokenModel[] = { "1" };
+const NSSUTF8
+ nss_builtins_TokenModel[] = { "1" };
/* should this be e.g. the certdata.txt RCS revision number? */
-const NSSUTF8
-nss_builtins_TokenSerialNumber[] = { "1" };
-
+const NSSUTF8
+ nss_builtins_TokenSerialNumber[] = { "1" };
diff --git a/nss/lib/ckfw/builtins/nssckbi.h b/nss/lib/ckfw/builtins/nssckbi.h
index 5ef3a49..613f6eb 100644
--- a/nss/lib/ckfw/builtins/nssckbi.h
+++ b/nss/lib/ckfw/builtins/nssckbi.h
@@ -18,7 +18,7 @@
#define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
#define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20
-/* These version numbers detail the changes
+/* These version numbers detail the changes
* to the list of trusted certificates.
*
* The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
@@ -45,14 +45,14 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 6
-#define NSS_BUILTINS_LIBRARY_VERSION "2.6"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 7
+#define NSS_BUILTINS_LIBRARY_VERSION "2.7"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
-/* These version numbers detail the semantic changes to ckbi itself
+/* These version numbers detail the semantic changes to ckbi itself
* (new PKCS #11 objects), etc. */
#define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0
diff --git a/nss/lib/ckfw/ckfw.h b/nss/lib/ckfw/ckfw.h
index e5d2e1b..d4a2ead 100644
--- a/nss/lib/ckfw/ckfw.h
+++ b/nss/lib/ckfw/ckfw.h
@@ -40,7 +40,7 @@
* nssCKFWInstance_MayCreatePthreads
* nssCKFWInstance_CreateMutex
* nssCKFWInstance_GetConfigurationData
- * nssCKFWInstance_GetInitArgs
+ * nssCKFWInstance_GetInitArgs
*
* -- private accessors --
* nssCKFWInstance_CreateSessionHandle
@@ -72,295 +72,240 @@
*
*/
NSS_EXTERN NSSCKFWInstance *
-nssCKFWInstance_Create
-(
- CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- CryptokiLockingState LockingState,
- NSSCKMDInstance *mdInstance,
- CK_RV *pError
-);
+nssCKFWInstance_Create(
+ CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+ CryptokiLockingState LockingState,
+ NSSCKMDInstance *mdInstance,
+ CK_RV *pError);
/*
* nssCKFWInstance_Destroy
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_Destroy
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_Destroy(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetMDInstance
*
*/
NSS_EXTERN NSSCKMDInstance *
-nssCKFWInstance_GetMDInstance
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetMDInstance(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetArena
*
*/
NSS_EXTERN NSSArena *
-nssCKFWInstance_GetArena
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+nssCKFWInstance_GetArena(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
/*
* nssCKFWInstance_MayCreatePthreads
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWInstance_MayCreatePthreads
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_MayCreatePthreads(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_CreateMutex
*
*/
NSS_EXTERN NSSCKFWMutex *
-nssCKFWInstance_CreateMutex
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-);
+nssCKFWInstance_CreateMutex(
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError);
/*
* nssCKFWInstance_GetConfigurationData
*
*/
NSS_EXTERN NSSUTF8 *
-nssCKFWInstance_GetConfigurationData
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetConfigurationData(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetInitArgs
*
*/
NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR
-nssCKFWInstance_GetInitArgs
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetInitArgs(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_CreateSessionHandle
*
*/
NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWInstance_CreateSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
+nssCKFWInstance_CreateSessionHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession,
+ CK_RV *pError);
/*
* nssCKFWInstance_ResolveSessionHandle
*
*/
NSS_EXTERN NSSCKFWSession *
-nssCKFWInstance_ResolveSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
+nssCKFWInstance_ResolveSessionHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession);
/*
* nssCKFWInstance_DestroySessionHandle
*
*/
NSS_EXTERN void
-nssCKFWInstance_DestroySessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
+nssCKFWInstance_DestroySessionHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession);
/*
* nssCKFWInstance_FindSessionHandle
*
*/
NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWInstance_FindSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession
-);
+nssCKFWInstance_FindSessionHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession);
/*
* nssCKFWInstance_CreateObjectHandle
*
*/
NSS_EXTERN CK_OBJECT_HANDLE
-nssCKFWInstance_CreateObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
+nssCKFWInstance_CreateObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWObject *fwObject,
+ CK_RV *pError);
/*
* nssCKFWInstance_ResolveObjectHandle
*
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWInstance_ResolveObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-);
+nssCKFWInstance_ResolveObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_OBJECT_HANDLE hObject);
/*
* nssCKFWInstance_ReassignObjectHandle
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_ReassignObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject,
- NSSCKFWObject *fwObject
-);
+nssCKFWInstance_ReassignObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_OBJECT_HANDLE hObject,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWInstance_DestroyObjectHandle
*
*/
NSS_EXTERN void
-nssCKFWInstance_DestroyObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-);
+nssCKFWInstance_DestroyObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_OBJECT_HANDLE hObject);
/*
* nssCKFWInstance_FindObjectHandle
*
*/
NSS_EXTERN CK_OBJECT_HANDLE
-nssCKFWInstance_FindObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject
-);
+nssCKFWInstance_FindObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWInstance_GetNSlots
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWInstance_GetNSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+nssCKFWInstance_GetNSlots(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
/*
* nssCKFWInstance_GetCryptokiVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWInstance_GetCryptokiVersion
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetCryptokiVersion(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetManufacturerID
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_GetManufacturerID
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR manufacturerID[32]
-);
+nssCKFWInstance_GetManufacturerID(
+ NSSCKFWInstance *fwInstance,
+ CK_CHAR manufacturerID[32]);
/*
* nssCKFWInstance_GetFlags
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWInstance_GetFlags
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetFlags(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetLibraryDescription
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_GetLibraryDescription
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR libraryDescription[32]
-);
+nssCKFWInstance_GetLibraryDescription(
+ NSSCKFWInstance *fwInstance,
+ CK_CHAR libraryDescription[32]);
/*
* nssCKFWInstance_GetLibraryVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWInstance_GetLibraryVersion
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetLibraryVersion(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetModuleHandlesSessionObjects
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWInstance_GetModuleHandlesSessionObjects
-(
- NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetModuleHandlesSessionObjects(
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWInstance_GetSlots
*
*/
NSS_EXTERN NSSCKFWSlot **
-nssCKFWInstance_GetSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+nssCKFWInstance_GetSlots(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
/*
* nssCKFWInstance_WaitForSlotEvent
*
*/
NSS_EXTERN NSSCKFWSlot *
-nssCKFWInstance_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL block,
- CK_RV *pError
-);
+nssCKFWInstance_WaitForSlotEvent(
+ NSSCKFWInstance *fwInstance,
+ CK_BBOOL block,
+ CK_RV *pError);
/*
* nssCKFWInstance_verifyPointer
*
*/
NSS_EXTERN CK_RV
-nssCKFWInstance_verifyPointer
-(
- const NSSCKFWInstance *fwInstance
-);
-
+nssCKFWInstance_verifyPointer(
+ const NSSCKFWInstance *fwInstance);
/*
* NSSCKFWSlot
@@ -393,33 +338,27 @@
*
*/
NSS_EXTERN NSSCKFWSlot *
-nssCKFWSlot_Create
-(
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *mdSlot,
- CK_SLOT_ID slotID,
- CK_RV *pError
-);
+nssCKFWSlot_Create(
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDSlot *mdSlot,
+ CK_SLOT_ID slotID,
+ CK_RV *pError);
/*
* nssCKFWSlot_Destroy
*
*/
NSS_EXTERN CK_RV
-nssCKFWSlot_Destroy
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_Destroy(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetMDSlot
*
*/
NSS_EXTERN NSSCKMDSlot *
-nssCKFWSlot_GetMDSlot
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetMDSlot(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetFWInstance
@@ -427,10 +366,8 @@
*/
NSS_EXTERN NSSCKFWInstance *
-nssCKFWSlot_GetFWInstance
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetFWInstance(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetMDInstance
@@ -438,113 +375,91 @@
*/
NSS_EXTERN NSSCKMDInstance *
-nssCKFWSlot_GetMDInstance
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetMDInstance(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetSlotID
*
*/
NSS_EXTERN CK_SLOT_ID
-nssCKFWSlot_GetSlotID
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetSlotID(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetSlotDescription
*
*/
NSS_EXTERN CK_RV
-nssCKFWSlot_GetSlotDescription
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR slotDescription[64]
-);
+nssCKFWSlot_GetSlotDescription(
+ NSSCKFWSlot *fwSlot,
+ CK_CHAR slotDescription[64]);
/*
* nssCKFWSlot_GetManufacturerID
*
*/
NSS_EXTERN CK_RV
-nssCKFWSlot_GetManufacturerID
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR manufacturerID[32]
-);
+nssCKFWSlot_GetManufacturerID(
+ NSSCKFWSlot *fwSlot,
+ CK_CHAR manufacturerID[32]);
/*
* nssCKFWSlot_GetTokenPresent
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetTokenPresent
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetTokenPresent(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetRemovableDevice
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetRemovableDevice
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetRemovableDevice(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetHardwareSlot
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetHardwareSlot
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetHardwareSlot(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetHardwareVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWSlot_GetHardwareVersion
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetHardwareVersion(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetFirmwareVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWSlot_GetFirmwareVersion
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetFirmwareVersion(
+ NSSCKFWSlot *fwSlot);
/*
* nssCKFWSlot_GetToken
- *
+ *
*/
NSS_EXTERN NSSCKFWToken *
-nssCKFWSlot_GetToken
-(
- NSSCKFWSlot *fwSlot,
- CK_RV *pError
-);
+nssCKFWSlot_GetToken(
+ NSSCKFWSlot *fwSlot,
+ CK_RV *pError);
/*
* nssCKFWSlot_ClearToken
*
*/
NSS_EXTERN void
-nssCKFWSlot_ClearToken
-(
- NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_ClearToken(
+ NSSCKFWSlot *fwSlot);
/*
* NSSCKFWToken
@@ -606,459 +521,371 @@
*
*/
NSS_EXTERN NSSCKFWToken *
-nssCKFWToken_Create
-(
- NSSCKFWSlot *fwSlot,
- NSSCKMDToken *mdToken,
- CK_RV *pError
-);
+nssCKFWToken_Create(
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDToken *mdToken,
+ CK_RV *pError);
/*
* nssCKFWToken_Destroy
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_Destroy
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_Destroy(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMDToken
*
*/
NSS_EXTERN NSSCKMDToken *
-nssCKFWToken_GetMDToken
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMDToken(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetArena
*
*/
NSS_EXTERN NSSArena *
-nssCKFWToken_GetArena
-(
- NSSCKFWToken *fwToken,
- CK_RV *pError
-);
+nssCKFWToken_GetArena(
+ NSSCKFWToken *fwToken,
+ CK_RV *pError);
/*
* nssCKFWToken_GetFWSlot
*
*/
NSS_EXTERN NSSCKFWSlot *
-nssCKFWToken_GetFWSlot
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFWSlot(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMDSlot
*
*/
NSS_EXTERN NSSCKMDSlot *
-nssCKFWToken_GetMDSlot
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMDSlot(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetSessionState
*
*/
NSS_EXTERN CK_STATE
-nssCKFWToken_GetSessionState
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSessionState(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_InitToken
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_InitToken
-(
- NSSCKFWToken *fwToken,
- NSSItem *pin,
- NSSUTF8 *label
-);
+nssCKFWToken_InitToken(
+ NSSCKFWToken *fwToken,
+ NSSItem *pin,
+ NSSUTF8 *label);
/*
* nssCKFWToken_GetLabel
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetLabel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR label[32]
-);
+nssCKFWToken_GetLabel(
+ NSSCKFWToken *fwToken,
+ CK_CHAR label[32]);
/*
* nssCKFWToken_GetManufacturerID
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetManufacturerID
-(
- NSSCKFWToken *fwToken,
- CK_CHAR manufacturerID[32]
-);
+nssCKFWToken_GetManufacturerID(
+ NSSCKFWToken *fwToken,
+ CK_CHAR manufacturerID[32]);
/*
* nssCKFWToken_GetModel
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetModel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR model[16]
-);
+nssCKFWToken_GetModel(
+ NSSCKFWToken *fwToken,
+ CK_CHAR model[16]);
/*
* nssCKFWToken_GetSerialNumber
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetSerialNumber
-(
- NSSCKFWToken *fwToken,
- CK_CHAR serialNumber[16]
-);
+nssCKFWToken_GetSerialNumber(
+ NSSCKFWToken *fwToken,
+ CK_CHAR serialNumber[16]);
/*
* nssCKFWToken_GetHasRNG
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasRNG
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHasRNG(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetIsWriteProtected
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetIsWriteProtected
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetIsWriteProtected(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetLoginRequired
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetLoginRequired
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetLoginRequired(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetUserPinInitialized
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetUserPinInitialized
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetUserPinInitialized(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetRestoreKeyNotNeeded
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetRestoreKeyNotNeeded
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetRestoreKeyNotNeeded(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetHasClockOnToken
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasClockOnToken
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHasClockOnToken(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetHasProtectedAuthenticationPath
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasProtectedAuthenticationPath
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHasProtectedAuthenticationPath(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetSupportsDualCryptoOperations
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetSupportsDualCryptoOperations
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSupportsDualCryptoOperations(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMaxSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMaxSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMaxRwSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxRwSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMaxRwSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMaxPinLen
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxPinLen
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMaxPinLen(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMinPinLen
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMinPinLen
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMinPinLen(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetTotalPublicMemory
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetTotalPublicMemory
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetTotalPublicMemory(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetFreePublicMemory
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetFreePublicMemory
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFreePublicMemory(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetTotalPrivateMemory
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetTotalPrivateMemory
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetTotalPrivateMemory(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetFreePrivateMemory
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetFreePrivateMemory
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFreePrivateMemory(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetHardwareVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWToken_GetHardwareVersion
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHardwareVersion(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetFirmwareVersion
*
*/
NSS_EXTERN CK_VERSION
-nssCKFWToken_GetFirmwareVersion
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFirmwareVersion(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetUTCTime
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetUTCTime
-(
- NSSCKFWToken *fwToken,
- CK_CHAR utcTime[16]
-);
+nssCKFWToken_GetUTCTime(
+ NSSCKFWToken *fwToken,
+ CK_CHAR utcTime[16]);
/*
* nssCKFWToken_OpenSession
*
*/
NSS_EXTERN NSSCKFWSession *
-nssCKFWToken_OpenSession
-(
- NSSCKFWToken *fwToken,
- CK_BBOOL rw,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_RV *pError
-);
+nssCKFWToken_OpenSession(
+ NSSCKFWToken *fwToken,
+ CK_BBOOL rw,
+ CK_VOID_PTR pApplication,
+ CK_NOTIFY Notify,
+ CK_RV *pError);
/*
* nssCKFWToken_GetMechanismCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMechanismCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMechanismCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMechanismTypes
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_GetMechanismTypes
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE types[]
-);
+nssCKFWToken_GetMechanismTypes(
+ NSSCKFWToken *fwToken,
+ CK_MECHANISM_TYPE types[]);
/*
* nssCKFWToken_GetMechanism
*
*/
NSS_EXTERN NSSCKFWMechanism *
-nssCKFWToken_GetMechanism
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE which,
- CK_RV *pError
-);
+nssCKFWToken_GetMechanism(
+ NSSCKFWToken *fwToken,
+ CK_MECHANISM_TYPE which,
+ CK_RV *pError);
/*
* nssCKFWToken_SetSessionState
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_SetSessionState
-(
- NSSCKFWToken *fwToken,
- CK_STATE newState
-);
+nssCKFWToken_SetSessionState(
+ NSSCKFWToken *fwToken,
+ CK_STATE newState);
/*
* nssCKFWToken_RemoveSession
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_RemoveSession
-(
- NSSCKFWToken *fwToken,
- NSSCKFWSession *fwSession
-);
+nssCKFWToken_RemoveSession(
+ NSSCKFWToken *fwToken,
+ NSSCKFWSession *fwSession);
/*
* nssCKFWToken_CloseAllSessions
*
*/
NSS_EXTERN CK_RV
-nssCKFWToken_CloseAllSessions
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_CloseAllSessions(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetRwSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetRwSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetRwSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetRoSessionCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWToken_GetRoSessionCount
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetRoSessionCount(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetSessionObjectHash
*
*/
NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetSessionObjectHash
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSessionObjectHash(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetMDObjectHash
*
*/
NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetMDObjectHash
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMDObjectHash(
+ NSSCKFWToken *fwToken);
/*
* nssCKFWToken_GetObjectHandleHash
*
*/
NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetObjectHandleHash
-(
- NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetObjectHandleHash(
+ NSSCKFWToken *fwToken);
/*
* NSSCKFWMechanism
@@ -1107,24 +934,20 @@
*
*/
NSS_EXTERN NSSCKFWMechanism *
-nssCKFWMechanism_Create
-(
- NSSCKMDMechanism *mdMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
+nssCKFWMechanism_Create(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
/*
* nssCKFWMechanism_Destroy
*
*/
NSS_EXTERN void
-nssCKFWMechanism_Destroy
-(
- NSSCKFWMechanism *fwMechanism
-);
+nssCKFWMechanism_Destroy(
+ NSSCKFWMechanism *fwMechanism);
/*
* nssCKFWMechanism_GetMDMechanism
@@ -1132,43 +955,35 @@
*/
NSS_EXTERN NSSCKMDMechanism *
-nssCKFWMechanism_GetMDMechanism
-(
- NSSCKFWMechanism *fwMechanism
-);
+nssCKFWMechanism_GetMDMechanism(
+ NSSCKFWMechanism *fwMechanism);
/*
* nssCKFWMechanism_GetMinKeySize
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetMinKeySize
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetMinKeySize(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetMaxKeySize
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetMaxKeySize
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetMaxKeySize(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetInHardware
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetInHardware
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetInHardware(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* the following are determined automatically by which of the cryptographic
@@ -1179,305 +994,255 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanEncrypt
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanEncrypt(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanDecrypt
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanDecrypt
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanDecrypt(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanDigest
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanDigest
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanDigest(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanSign
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanSign
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanSign(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanSignRecover
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanSignRecover
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanSignRecover(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanVerify
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanVerify
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanVerify(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanVerifyRecover
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanVerifyRecover
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanVerifyRecover(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanGenerate
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanGenerate
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanGenerate(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanGenerateKeyPair
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanGenerateKeyPair
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanGenerateKeyPair(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanWrap
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanWrap
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanWrap(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanUnwrap
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanUnwrap
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanUnwrap(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GetCanDerive
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanDerive
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-);
+nssCKFWMechanism_GetCanDerive(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError);
/*
* nssCKFWMechanism_EncryptInit
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_EncryptInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
+nssCKFWMechanism_EncryptInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWMechanism_DecryptInit
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_DecryptInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
+nssCKFWMechanism_DecryptInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWMechanism_DigestInit
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_DigestInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession
-);
+nssCKFWMechanism_DigestInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession);
/*
* nssCKFWMechanism_SignInit
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_SignInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
+nssCKFWMechanism_SignInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWMechanism_SignRecoverInit
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_SignRecoverInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
+nssCKFWMechanism_SignRecoverInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWMechanism_VerifyInit
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_VerifyInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
+nssCKFWMechanism_VerifyInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWMechanism_VerifyRecoverInit
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_VerifyRecoverInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
+nssCKFWMechanism_VerifyRecoverInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWMechanism_GenerateKey
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWMechanism_GenerateKey
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nssCKFWMechanism_GenerateKey(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
/*
* nssCKFWMechanism_GenerateKeyPair
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_GenerateKeyPair
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- NSSCKFWObject **fwPublicKeyObject,
- NSSCKFWObject **fwPrivateKeyObject
-);
+nssCKFWMechanism_GenerateKeyPair(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ NSSCKFWObject **fwPublicKeyObject,
+ NSSCKFWObject **fwPrivateKeyObject);
/*
* nssCKFWMechanism_GetWrapKeyLength
*/
NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetWrapKeyLength
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwWrappingKeyObject,
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
+nssCKFWMechanism_GetWrapKeyLength(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwWrappingKeyObject,
+ NSSCKFWObject *fwObject,
+ CK_RV *pError);
/*
* nssCKFWMechanism_WrapKey
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_WrapKey
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwWrappingKeyObject,
- NSSCKFWObject *fwObject,
- NSSItem *wrappedKey
-);
+nssCKFWMechanism_WrapKey(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwWrappingKeyObject,
+ NSSCKFWObject *fwObject,
+ NSSItem *wrappedKey);
/*
* nssCKFWMechanism_UnwrapKey
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWMechanism_UnwrapKey
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwWrappingKeyObject,
- NSSItem *wrappedKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nssCKFWMechanism_UnwrapKey(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwWrappingKeyObject,
+ NSSItem *wrappedKey,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
-/*
+/*
* nssCKFWMechanism_DeriveKey
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWMechanism_DeriveKey
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwBaseKeyObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nssCKFWMechanism_DeriveKey(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwBaseKeyObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
/*
* NSSCKFWCryptoOperation
@@ -1506,130 +1271,106 @@
* nssCKFWCrytoOperation_Create
*/
NSS_EXTERN NSSCKFWCryptoOperation *
-nssCKFWCryptoOperation_Create
-(
- NSSCKMDCryptoOperation *mdOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWCryptoOperationType type,
- CK_RV *pError
-);
+nssCKFWCryptoOperation_Create(
+ NSSCKMDCryptoOperation *mdOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWCryptoOperationType type,
+ CK_RV *pError);
/*
* nssCKFWCryptoOperation_Destroy
*/
NSS_EXTERN void
-nssCKFWCryptoOperation_Destroy
-(
- NSSCKFWCryptoOperation *fwOperation
-);
+nssCKFWCryptoOperation_Destroy(
+ NSSCKFWCryptoOperation *fwOperation);
/*
* nssCKFWCryptoOperation_GetMDCryptoOperation
*/
NSS_EXTERN NSSCKMDCryptoOperation *
-nssCKFWCryptoOperation_GetMDCryptoOperation
-(
- NSSCKFWCryptoOperation *fwOperation
-);
+nssCKFWCryptoOperation_GetMDCryptoOperation(
+ NSSCKFWCryptoOperation *fwOperation);
/*
* nssCKFWCryptoOperation_GetType
*/
NSS_EXTERN NSSCKFWCryptoOperationType
-nssCKFWCryptoOperation_GetType
-(
- NSSCKFWCryptoOperation *fwOperation
-);
+nssCKFWCryptoOperation_GetType(
+ NSSCKFWCryptoOperation *fwOperation);
/*
* nssCKFWCryptoOperation_GetFinalLength
*/
NSS_EXTERN CK_ULONG
-nssCKFWCryptoOperation_GetFinalLength
-(
- NSSCKFWCryptoOperation *fwOperation,
- CK_RV *pError
-);
+nssCKFWCryptoOperation_GetFinalLength(
+ NSSCKFWCryptoOperation *fwOperation,
+ CK_RV *pError);
/*
* nssCKFWCryptoOperation_GetOperationLength
*/
NSS_EXTERN CK_ULONG
-nssCKFWCryptoOperation_GetOperationLength
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *inputBuffer,
- CK_RV *pError
-);
+nssCKFWCryptoOperation_GetOperationLength(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *inputBuffer,
+ CK_RV *pError);
/*
* nssCKFWCryptoOperation_Final
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_Final
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *outputBuffer
-);
+nssCKFWCryptoOperation_Final(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *outputBuffer);
/*
* nssCKFWCryptoOperation_Update
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_Update
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *inputBuffer,
- NSSItem *outputBuffer
-);
+nssCKFWCryptoOperation_Update(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *inputBuffer,
+ NSSItem *outputBuffer);
/*
* nssCKFWCryptoOperation_DigestUpdate
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_DigestUpdate
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *inputBuffer
-);
+nssCKFWCryptoOperation_DigestUpdate(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *inputBuffer);
/*
* nssCKFWCryptoOperation_DigestKey
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_DigestKey
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSCKFWObject *fwKey
-);
+nssCKFWCryptoOperation_DigestKey(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKFWObject *fwKey);
/*
* nssCKFWCryptoOperation_UpdateFinal
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_UpdateFinal
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *inputBuffer,
- NSSItem *outputBuffer
-);
+nssCKFWCryptoOperation_UpdateFinal(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *inputBuffer,
+ NSSItem *outputBuffer);
/*
* nssCKFWCryptoOperation_UpdateCombo
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_UpdateCombo
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSCKFWCryptoOperation *fwPeerOperation,
- NSSItem *inputBuffer,
- NSSItem *outputBuffer
-);
+nssCKFWCryptoOperation_UpdateCombo(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKFWCryptoOperation *fwPeerOperation,
+ NSSItem *inputBuffer,
+ NSSItem *outputBuffer);
/*
* NSSCKFWSession
@@ -1685,434 +1426,360 @@
*
*/
NSS_EXTERN NSSCKFWSession *
-nssCKFWSession_Create
-(
- NSSCKFWToken *fwToken,
- CK_BBOOL rw,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_RV *pError
-);
+nssCKFWSession_Create(
+ NSSCKFWToken *fwToken,
+ CK_BBOOL rw,
+ CK_VOID_PTR pApplication,
+ CK_NOTIFY Notify,
+ CK_RV *pError);
/*
* nssCKFWSession_Destroy
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_Destroy
-(
- NSSCKFWSession *fwSession,
- CK_BBOOL removeFromTokenHash
-);
+nssCKFWSession_Destroy(
+ NSSCKFWSession *fwSession,
+ CK_BBOOL removeFromTokenHash);
/*
* nssCKFWSession_GetMDSession
*
*/
NSS_EXTERN NSSCKMDSession *
-nssCKFWSession_GetMDSession
-(
- NSSCKFWSession *fwSession
-);
+nssCKFWSession_GetMDSession(
+ NSSCKFWSession *fwSession);
/*
* nssCKFWSession_GetArena
*
*/
NSS_EXTERN NSSArena *
-nssCKFWSession_GetArena
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
+nssCKFWSession_GetArena(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError);
/*
* nssCKFWSession_CallNotification
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_CallNotification
-(
- NSSCKFWSession *fwSession,
- CK_NOTIFICATION event
-);
+nssCKFWSession_CallNotification(
+ NSSCKFWSession *fwSession,
+ CK_NOTIFICATION event);
/*
* nssCKFWSession_IsRWSession
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWSession_IsRWSession
-(
- NSSCKFWSession *fwSession
-);
+nssCKFWSession_IsRWSession(
+ NSSCKFWSession *fwSession);
/*
* nssCKFWSession_IsSO
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWSession_IsSO
-(
- NSSCKFWSession *fwSession
-);
+nssCKFWSession_IsSO(
+ NSSCKFWSession *fwSession);
/*
* nssCKFWSession_GetFWSlot
*
*/
NSS_EXTERN NSSCKFWSlot *
-nssCKFWSession_GetFWSlot
-(
- NSSCKFWSession *fwSession
-);
+nssCKFWSession_GetFWSlot(
+ NSSCKFWSession *fwSession);
/*
* nssCFKWSession_GetSessionState
*
*/
NSS_EXTERN CK_STATE
-nssCKFWSession_GetSessionState
-(
- NSSCKFWSession *fwSession
-);
+nssCKFWSession_GetSessionState(
+ NSSCKFWSession *fwSession);
/*
* nssCKFWSession_SetFWFindObjects
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_SetFWFindObjects
-(
- NSSCKFWSession *fwSession,
- NSSCKFWFindObjects *fwFindObjects
-);
+nssCKFWSession_SetFWFindObjects(
+ NSSCKFWSession *fwSession,
+ NSSCKFWFindObjects *fwFindObjects);
/*
* nssCKFWSession_GetFWFindObjects
*
*/
NSS_EXTERN NSSCKFWFindObjects *
-nssCKFWSession_GetFWFindObjects
-(
- NSSCKFWSession *fwSesssion,
- CK_RV *pError
-);
+nssCKFWSession_GetFWFindObjects(
+ NSSCKFWSession *fwSesssion,
+ CK_RV *pError);
/*
* nssCKFWSession_SetMDSession
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_SetMDSession
-(
- NSSCKFWSession *fwSession,
- NSSCKMDSession *mdSession
-);
+nssCKFWSession_SetMDSession(
+ NSSCKFWSession *fwSession,
+ NSSCKMDSession *mdSession);
/*
* nssCKFWSession_SetHandle
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_SetHandle
-(
- NSSCKFWSession *fwSession,
- CK_SESSION_HANDLE hSession
-);
+nssCKFWSession_SetHandle(
+ NSSCKFWSession *fwSession,
+ CK_SESSION_HANDLE hSession);
/*
* nssCKFWSession_GetHandle
*
*/
NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWSession_GetHandle
-(
- NSSCKFWSession *fwSession
-);
+nssCKFWSession_GetHandle(
+ NSSCKFWSession *fwSession);
/*
* nssCKFWSession_RegisterSessionObject
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_RegisterSessionObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
+nssCKFWSession_RegisterSessionObject(
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWSession_DeregisterSessionObject
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_DeregisterSessionObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-);
+nssCKFWSession_DeregisterSessionObject(
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject);
/*
* nssCKFWSession_GetDeviceError
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWSession_GetDeviceError
-(
- NSSCKFWSession *fwSession
-);
+nssCKFWSession_GetDeviceError(
+ NSSCKFWSession *fwSession);
/*
* nssCKFWSession_Login
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_Login
-(
- NSSCKFWSession *fwSession,
- CK_USER_TYPE userType,
- NSSItem *pin
-);
+nssCKFWSession_Login(
+ NSSCKFWSession *fwSession,
+ CK_USER_TYPE userType,
+ NSSItem *pin);
/*
* nssCKFWSession_Logout
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_Logout
-(
- NSSCKFWSession *fwSession
-);
+nssCKFWSession_Logout(
+ NSSCKFWSession *fwSession);
/*
* nssCKFWSession_InitPIN
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_InitPIN
-(
- NSSCKFWSession *fwSession,
- NSSItem *pin
-);
+nssCKFWSession_InitPIN(
+ NSSCKFWSession *fwSession,
+ NSSItem *pin);
/*
* nssCKFWSession_SetPIN
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_SetPIN
-(
- NSSCKFWSession *fwSession,
- NSSItem *newPin,
- NSSItem *oldPin
-);
+nssCKFWSession_SetPIN(
+ NSSCKFWSession *fwSession,
+ NSSItem *newPin,
+ NSSItem *oldPin);
/*
* nssCKFWSession_GetOperationStateLen
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWSession_GetOperationStateLen
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
+nssCKFWSession_GetOperationStateLen(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError);
/*
* nssCKFWSession_GetOperationState
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_GetOperationState
-(
- NSSCKFWSession *fwSession,
- NSSItem *buffer
-);
+nssCKFWSession_GetOperationState(
+ NSSCKFWSession *fwSession,
+ NSSItem *buffer);
/*
* nssCKFWSession_SetOperationState
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_SetOperationState
-(
- NSSCKFWSession *fwSession,
- NSSItem *state,
- NSSCKFWObject *encryptionKey,
- NSSCKFWObject *authenticationKey
-);
+nssCKFWSession_SetOperationState(
+ NSSCKFWSession *fwSession,
+ NSSItem *state,
+ NSSCKFWObject *encryptionKey,
+ NSSCKFWObject *authenticationKey);
/*
* nssCKFWSession_CreateObject
*
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWSession_CreateObject
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nssCKFWSession_CreateObject(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
/*
* nssCKFWSession_CopyObject
*
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWSession_CopyObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *object,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nssCKFWSession_CopyObject(
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *object,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
/*
* nssCKFWSession_FindObjectsInit
*
*/
NSS_EXTERN NSSCKFWFindObjects *
-nssCKFWSession_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-);
+nssCKFWSession_FindObjectsInit(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
/*
* nssCKFWSession_SetCurrentCryptoOperation
*/
NSS_IMPLEMENT void
-nssCKFWSession_SetCurrentCryptoOperation
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperation * fwOperation,
- NSSCKFWCryptoOperationState state
-);
+nssCKFWSession_SetCurrentCryptoOperation(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKFWCryptoOperationState state);
/*
* nssCKFWSession_GetCurrentCryptoOperation
*/
NSS_IMPLEMENT NSSCKFWCryptoOperation *
-nssCKFWSession_GetCurrentCryptoOperation
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationState state
-);
+nssCKFWSession_GetCurrentCryptoOperation(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationState state);
/*
* nssCKFWSession_Final
* (terminate a cryptographic operation and get the result)
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_Final
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType type,
- NSSCKFWCryptoOperationState state,
- CK_BYTE_PTR outBuf,
- CK_ULONG_PTR outBufLen
-);
+nssCKFWSession_Final(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType type,
+ NSSCKFWCryptoOperationState state,
+ CK_BYTE_PTR outBuf,
+ CK_ULONG_PTR outBufLen);
/*
* nssCKFWSession_Update
* (get the next step of an encrypt/decrypt operation)
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_Update
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType type,
- NSSCKFWCryptoOperationState state,
- CK_BYTE_PTR inBuf,
- CK_ULONG inBufLen,
- CK_BYTE_PTR outBuf,
- CK_ULONG_PTR outBufLen
-);
+nssCKFWSession_Update(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType type,
+ NSSCKFWCryptoOperationState state,
+ CK_BYTE_PTR inBuf,
+ CK_ULONG inBufLen,
+ CK_BYTE_PTR outBuf,
+ CK_ULONG_PTR outBufLen);
/*
* nssCKFWSession_DigestUpdate
* (do the next step of an digest/sign/verify operation)
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_DigestUpdate
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType type,
- NSSCKFWCryptoOperationState state,
- CK_BYTE_PTR inBuf,
- CK_ULONG inBufLen
-);
+nssCKFWSession_DigestUpdate(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType type,
+ NSSCKFWCryptoOperationState state,
+ CK_BYTE_PTR inBuf,
+ CK_ULONG inBufLen);
/*
* nssCKFWSession_DigestKey
* (do the next step of an digest/sign/verify operation)
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_DigestKey
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwKey
-);
+nssCKFWSession_DigestKey(
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwKey);
/*
* nssCKFWSession_UpdateFinal
* (do a single-step of a cryptographic operation and get the result)
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_UpdateFinal
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType type,
- NSSCKFWCryptoOperationState state,
- CK_BYTE_PTR inBuf,
- CK_ULONG inBufLen,
- CK_BYTE_PTR outBuf,
- CK_ULONG_PTR outBufLen
-);
+nssCKFWSession_UpdateFinal(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType type,
+ NSSCKFWCryptoOperationState state,
+ CK_BYTE_PTR inBuf,
+ CK_ULONG inBufLen,
+ CK_BYTE_PTR outBuf,
+ CK_ULONG_PTR outBufLen);
/*
* nssCKFWSession_UpdateCombo
* (do a combination encrypt/decrypt and sign/digest/verify operation)
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_UpdateCombo
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType encryptType,
- NSSCKFWCryptoOperationType digestType,
- NSSCKFWCryptoOperationState digestState,
- CK_BYTE_PTR inBuf,
- CK_ULONG inBufLen,
- CK_BYTE_PTR outBuf,
- CK_ULONG_PTR outBufLen
-);
+nssCKFWSession_UpdateCombo(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType encryptType,
+ NSSCKFWCryptoOperationType digestType,
+ NSSCKFWCryptoOperationState digestState,
+ CK_BYTE_PTR inBuf,
+ CK_ULONG inBufLen,
+ CK_BYTE_PTR outBuf,
+ CK_ULONG_PTR outBufLen);
/*
* nssCKFWSession_SeedRandom
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_SeedRandom
-(
- NSSCKFWSession *fwSession,
- NSSItem *seed
-);
+nssCKFWSession_SeedRandom(
+ NSSCKFWSession *fwSession,
+ NSSItem *seed);
/*
* nssCKFWSession_GetRandom
*
*/
NSS_EXTERN CK_RV
-nssCKFWSession_GetRandom
-(
- NSSCKFWSession *fwSession,
- NSSItem *buffer
-);
+nssCKFWSession_GetRandom(
+ NSSCKFWSession *fwSession,
+ NSSItem *buffer);
/*
* NSSCKFWObject
@@ -2145,123 +1812,101 @@
*
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWObject_Create
-(
- NSSArena *arena,
- NSSCKMDObject *mdObject,
- NSSCKFWSession *fwSession,
- NSSCKFWToken *fwToken,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+nssCKFWObject_Create(
+ NSSArena *arena,
+ NSSCKMDObject *mdObject,
+ NSSCKFWSession *fwSession,
+ NSSCKFWToken *fwToken,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
/*
* nssCKFWObject_Finalize
*
*/
NSS_EXTERN void
-nssCKFWObject_Finalize
-(
- NSSCKFWObject *fwObject,
- PRBool removeFromHash
-);
+nssCKFWObject_Finalize(
+ NSSCKFWObject *fwObject,
+ PRBool removeFromHash);
/*
* nssCKFWObject_Destroy
*
*/
NSS_EXTERN void
-nssCKFWObject_Destroy
-(
- NSSCKFWObject *fwObject
-);
+nssCKFWObject_Destroy(
+ NSSCKFWObject *fwObject);
/*
* nssCKFWObject_GetMDObject
*
*/
NSS_EXTERN NSSCKMDObject *
-nssCKFWObject_GetMDObject
-(
- NSSCKFWObject *fwObject
-);
+nssCKFWObject_GetMDObject(
+ NSSCKFWObject *fwObject);
/*
* nssCKFWObject_GetArena
*
*/
NSS_EXTERN NSSArena *
-nssCKFWObject_GetArena
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
+nssCKFWObject_GetArena(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError);
/*
* nssCKFWObject_SetHandle
*
*/
NSS_EXTERN CK_RV
-nssCKFWObject_SetHandle
-(
- NSSCKFWObject *fwObject,
- CK_OBJECT_HANDLE hObject
-);
+nssCKFWObject_SetHandle(
+ NSSCKFWObject *fwObject,
+ CK_OBJECT_HANDLE hObject);
/*
* nssCKFWObject_GetHandle
*
*/
NSS_EXTERN CK_OBJECT_HANDLE
-nssCKFWObject_GetHandle
-(
- NSSCKFWObject *fwObject
-);
+nssCKFWObject_GetHandle(
+ NSSCKFWObject *fwObject);
/*
* nssCKFWObject_IsTokenObject
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWObject_IsTokenObject
-(
- NSSCKFWObject *fwObject
-);
+nssCKFWObject_IsTokenObject(
+ NSSCKFWObject *fwObject);
/*
* nssCKFWObject_GetAttributeCount
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWObject_GetAttributeCount
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
+nssCKFWObject_GetAttributeCount(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError);
/*
* nssCKFWObject_GetAttributeTypes
*
*/
NSS_EXTERN CK_RV
-nssCKFWObject_GetAttributeTypes
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-);
+nssCKFWObject_GetAttributeTypes(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount);
/*
* nssCKFWObject_GetAttributeSize
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWObject_GetAttributeSize
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-);
+nssCKFWObject_GetAttributeSize(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError);
/*
* nssCKFWObject_GetAttribute
@@ -2274,38 +1919,32 @@
* specified.
*/
NSS_EXTERN NSSItem *
-nssCKFWObject_GetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *itemOpt,
- NSSArena *arenaOpt,
- CK_RV *pError
-);
+nssCKFWObject_GetAttribute(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *itemOpt,
+ NSSArena *arenaOpt,
+ CK_RV *pError);
/*
* nssCKFWObject_SetAttribute
*
*/
NSS_EXTERN CK_RV
-nssCKFWObject_SetAttribute
-(
- NSSCKFWObject *fwObject,
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-);
+nssCKFWObject_SetAttribute(
+ NSSCKFWObject *fwObject,
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *value);
/*
* nssCKFWObject_GetObjectSize
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWObject_GetObjectSize
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
+nssCKFWObject_GetObjectSize(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError);
/*
* NSSCKFWFindObjects
@@ -2328,47 +1967,39 @@
*
*/
NSS_EXTERN NSSCKFWFindObjects *
-nssCKFWFindObjects_Create
-(
- NSSCKFWSession *fwSession,
- NSSCKFWToken *fwToken,
- NSSCKFWInstance *fwInstance,
- NSSCKMDFindObjects *mdFindObjects1,
- NSSCKMDFindObjects *mdFindObjects2,
- CK_RV *pError
-);
+nssCKFWFindObjects_Create(
+ NSSCKFWSession *fwSession,
+ NSSCKFWToken *fwToken,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDFindObjects *mdFindObjects1,
+ NSSCKMDFindObjects *mdFindObjects2,
+ CK_RV *pError);
/*
* nssCKFWFindObjects_Destroy
*
*/
NSS_EXTERN void
-nssCKFWFindObjects_Destroy
-(
- NSSCKFWFindObjects *fwFindObjects
-);
+nssCKFWFindObjects_Destroy(
+ NSSCKFWFindObjects *fwFindObjects);
/*
* nssCKFWFindObjects_GetMDFindObjects
*
*/
NSS_EXTERN NSSCKMDFindObjects *
-nssCKFWFindObjects_GetMDFindObjects
-(
- NSSCKFWFindObjects *fwFindObjects
-);
+nssCKFWFindObjects_GetMDFindObjects(
+ NSSCKFWFindObjects *fwFindObjects);
/*
* nssCKFWFindObjects_Next
*
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWFindObjects_Next
-(
- NSSCKFWFindObjects *fwFindObjects,
- NSSArena *arenaOpt,
- CK_RV *pError
-);
+nssCKFWFindObjects_Next(
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSArena *arenaOpt,
+ CK_RV *pError);
/*
* NSSCKFWMutex
@@ -2385,42 +2016,34 @@
*
*/
NSS_EXTERN NSSCKFWMutex *
-nssCKFWMutex_Create
-(
- CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- CryptokiLockingState LockingState,
- NSSArena *arena,
- CK_RV *pError
-);
+nssCKFWMutex_Create(
+ CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+ CryptokiLockingState LockingState,
+ NSSArena *arena,
+ CK_RV *pError);
/*
* nssCKFWMutex_Destroy
*
*/
NSS_EXTERN CK_RV
-nssCKFWMutex_Destroy
-(
- NSSCKFWMutex *mutex
-);
+nssCKFWMutex_Destroy(
+ NSSCKFWMutex *mutex);
/*
* nssCKFWMutex_Lock
*
*/
NSS_EXTERN CK_RV
-nssCKFWMutex_Lock
-(
- NSSCKFWMutex *mutex
-);
+nssCKFWMutex_Lock(
+ NSSCKFWMutex *mutex);
/*
* nssCKFWMutex_Unlock
*
*/
NSS_EXTERN CK_RV
-nssCKFWMutex_Unlock
-(
- NSSCKFWMutex *mutex
-);
+nssCKFWMutex_Unlock(
+ NSSCKFWMutex *mutex);
#endif /* CKFW_H */
diff --git a/nss/lib/ckfw/ckfwm.h b/nss/lib/ckfw/ckfwm.h
index ed0aec3..7b14d20 100644
--- a/nss/lib/ckfw/ckfwm.h
+++ b/nss/lib/ckfw/ckfwm.h
@@ -41,88 +41,72 @@
*
*/
NSS_EXTERN nssCKFWHash *
-nssCKFWHash_Create
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-);
+nssCKFWHash_Create(
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError);
/*
* nssCKFWHash_Destroy
*
*/
NSS_EXTERN void
-nssCKFWHash_Destroy
-(
- nssCKFWHash *hash
-);
+nssCKFWHash_Destroy(
+ nssCKFWHash *hash);
/*
* nssCKFWHash_Add
*
*/
NSS_EXTERN CK_RV
-nssCKFWHash_Add
-(
- nssCKFWHash *hash,
- const void *key,
- const void *value
-);
+nssCKFWHash_Add(
+ nssCKFWHash *hash,
+ const void *key,
+ const void *value);
/*
* nssCKFWHash_Remove
*
*/
NSS_EXTERN void
-nssCKFWHash_Remove
-(
- nssCKFWHash *hash,
- const void *it
-);
+nssCKFWHash_Remove(
+ nssCKFWHash *hash,
+ const void *it);
/*
* nssCKFWHash_Count
*
*/
NSS_EXTERN CK_ULONG
-nssCKFWHash_Count
-(
- nssCKFWHash *hash
-);
+nssCKFWHash_Count(
+ nssCKFWHash *hash);
/*
* nssCKFWHash_Exists
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWHash_Exists
-(
- nssCKFWHash *hash,
- const void *it
-);
+nssCKFWHash_Exists(
+ nssCKFWHash *hash,
+ const void *it);
/*
* nssCKFWHash_Lookup
*
*/
NSS_EXTERN void *
-nssCKFWHash_Lookup
-(
- nssCKFWHash *hash,
- const void *it
-);
+nssCKFWHash_Lookup(
+ nssCKFWHash *hash,
+ const void *it);
/*
* nssCKFWHash_Iterate
*
*/
NSS_EXTERN void
-nssCKFWHash_Iterate
-(
- nssCKFWHash *hash,
- nssCKFWHashIterator fcn,
- void *closure
-);
+nssCKFWHash_Iterate(
+ nssCKFWHash *hash,
+ nssCKFWHashIterator fcn,
+ void *closure);
#endif /* CKFWM_H */
diff --git a/nss/lib/ckfw/ckfwtm.h b/nss/lib/ckfw/ckfwtm.h
index ac8f550..6702984 100644
--- a/nss/lib/ckfw/ckfwtm.h
+++ b/nss/lib/ckfw/ckfwtm.h
@@ -18,6 +18,6 @@
struct nssCKFWHashStr;
typedef struct nssCKFWHashStr nssCKFWHash;
-typedef void (PR_CALLBACK *nssCKFWHashIterator)(const void *key, void *value, void *closure);
+typedef void(PR_CALLBACK *nssCKFWHashIterator)(const void *key, void *value, void *closure);
#endif /* CKFWTM_H */
diff --git a/nss/lib/ckfw/ckmd.h b/nss/lib/ckfw/ckmd.h
index 0a6dc90..820cf90 100644
--- a/nss/lib/ckfw/ckmd.h
+++ b/nss/lib/ckfw/ckmd.h
@@ -11,22 +11,18 @@
*/
NSS_EXTERN NSSCKMDObject *
-nssCKMDSessionObject_Create
-(
- NSSCKFWToken *fwToken,
- NSSArena *arena,
- CK_ATTRIBUTE_PTR attributes,
- CK_ULONG ulCount,
- CK_RV *pError
-);
+nssCKMDSessionObject_Create(
+ NSSCKFWToken *fwToken,
+ NSSArena *arena,
+ CK_ATTRIBUTE_PTR attributes,
+ CK_ULONG ulCount,
+ CK_RV *pError);
NSS_EXTERN NSSCKMDFindObjects *
-nssCKMDFindSessionObjects_Create
-(
- NSSCKFWToken *fwToken,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_RV *pError
-);
+nssCKMDFindSessionObjects_Create(
+ NSSCKFWToken *fwToken,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_RV *pError);
#endif /* CKMD_H */
diff --git a/nss/lib/ckfw/crypto.c b/nss/lib/ckfw/crypto.c
index d97cf6c..66afb77 100644
--- a/nss/lib/ckfw/crypto.c
+++ b/nss/lib/ckfw/crypto.c
@@ -35,15 +35,15 @@
*/
struct NSSCKFWCryptoOperationStr {
- /* NSSArena *arena; */
- NSSCKMDCryptoOperation *mdOperation;
- NSSCKMDSession *mdSession;
- NSSCKFWSession *fwSession;
- NSSCKMDToken *mdToken;
- NSSCKFWToken *fwToken;
- NSSCKMDInstance *mdInstance;
- NSSCKFWInstance *fwInstance;
- NSSCKFWCryptoOperationType type;
+ /* NSSArena *arena; */
+ NSSCKMDCryptoOperation *mdOperation;
+ NSSCKMDSession *mdSession;
+ NSSCKFWSession *fwSession;
+ NSSCKMDToken *mdToken;
+ NSSCKFWToken *fwToken;
+ NSSCKMDInstance *mdInstance;
+ NSSCKFWInstance *fwInstance;
+ NSSCKFWCryptoOperationType type;
};
/*
@@ -51,290 +51,268 @@
*/
NSS_EXTERN NSSCKFWCryptoOperation *
nssCKFWCryptoOperation_Create(
- NSSCKMDCryptoOperation *mdOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWCryptoOperationType type,
- CK_RV *pError
-)
+ NSSCKMDCryptoOperation *mdOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWCryptoOperationType type,
+ CK_RV *pError)
{
- NSSCKFWCryptoOperation *fwOperation;
- fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation);
- if (!fwOperation) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWCryptoOperation *)NULL;
- }
- fwOperation->mdOperation = mdOperation;
- fwOperation->mdSession = mdSession;
- fwOperation->fwSession = fwSession;
- fwOperation->mdToken = mdToken;
- fwOperation->fwToken = fwToken;
- fwOperation->mdInstance = mdInstance;
- fwOperation->fwInstance = fwInstance;
- fwOperation->type = type;
- return fwOperation;
+ NSSCKFWCryptoOperation *fwOperation;
+ fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation);
+ if (!fwOperation) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKFWCryptoOperation *)NULL;
+ }
+ fwOperation->mdOperation = mdOperation;
+ fwOperation->mdSession = mdSession;
+ fwOperation->fwSession = fwSession;
+ fwOperation->mdToken = mdToken;
+ fwOperation->fwToken = fwToken;
+ fwOperation->mdInstance = mdInstance;
+ fwOperation->fwInstance = fwInstance;
+ fwOperation->type = type;
+ return fwOperation;
}
/*
* nssCKFWCryptoOperation_Destroy
*/
NSS_EXTERN void
-nssCKFWCryptoOperation_Destroy
-(
- NSSCKFWCryptoOperation *fwOperation
-)
+nssCKFWCryptoOperation_Destroy(
+ NSSCKFWCryptoOperation *fwOperation)
{
- if ((NSSCKMDCryptoOperation *) NULL != fwOperation->mdOperation) {
- if (fwOperation->mdOperation->Destroy) {
- fwOperation->mdOperation->Destroy(
- fwOperation->mdOperation,
- fwOperation,
- fwOperation->mdInstance,
- fwOperation->fwInstance);
+ if ((NSSCKMDCryptoOperation *)NULL != fwOperation->mdOperation) {
+ if (fwOperation->mdOperation->Destroy) {
+ fwOperation->mdOperation->Destroy(
+ fwOperation->mdOperation,
+ fwOperation,
+ fwOperation->mdInstance,
+ fwOperation->fwInstance);
+ }
}
- }
- nss_ZFreeIf(fwOperation);
+ nss_ZFreeIf(fwOperation);
}
/*
* nssCKFWCryptoOperation_GetMDCryptoOperation
*/
NSS_EXTERN NSSCKMDCryptoOperation *
-nssCKFWCryptoOperation_GetMDCryptoOperation
-(
- NSSCKFWCryptoOperation *fwOperation
-)
+nssCKFWCryptoOperation_GetMDCryptoOperation(
+ NSSCKFWCryptoOperation *fwOperation)
{
- return fwOperation->mdOperation;
+ return fwOperation->mdOperation;
}
/*
* nssCKFWCryptoOperation_GetType
*/
NSS_EXTERN NSSCKFWCryptoOperationType
-nssCKFWCryptoOperation_GetType
-(
- NSSCKFWCryptoOperation *fwOperation
-)
+nssCKFWCryptoOperation_GetType(
+ NSSCKFWCryptoOperation *fwOperation)
{
- return fwOperation->type;
+ return fwOperation->type;
}
/*
* nssCKFWCryptoOperation_GetFinalLength
*/
NSS_EXTERN CK_ULONG
-nssCKFWCryptoOperation_GetFinalLength
-(
- NSSCKFWCryptoOperation *fwOperation,
- CK_RV *pError
-)
+nssCKFWCryptoOperation_GetFinalLength(
+ NSSCKFWCryptoOperation *fwOperation,
+ CK_RV *pError)
{
- if (!fwOperation->mdOperation->GetFinalLength) {
- *pError = CKR_FUNCTION_FAILED;
- return 0;
- }
- return fwOperation->mdOperation->GetFinalLength(
- fwOperation->mdOperation,
- fwOperation,
- fwOperation->mdSession,
- fwOperation->fwSession,
- fwOperation->mdToken,
- fwOperation->fwToken,
- fwOperation->mdInstance,
- fwOperation->fwInstance,
- pError);
+ if (!fwOperation->mdOperation->GetFinalLength) {
+ *pError = CKR_FUNCTION_FAILED;
+ return 0;
+ }
+ return fwOperation->mdOperation->GetFinalLength(
+ fwOperation->mdOperation,
+ fwOperation,
+ fwOperation->mdSession,
+ fwOperation->fwSession,
+ fwOperation->mdToken,
+ fwOperation->fwToken,
+ fwOperation->mdInstance,
+ fwOperation->fwInstance,
+ pError);
}
/*
* nssCKFWCryptoOperation_GetOperationLength
*/
NSS_EXTERN CK_ULONG
-nssCKFWCryptoOperation_GetOperationLength
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *inputBuffer,
- CK_RV *pError
-)
+nssCKFWCryptoOperation_GetOperationLength(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *inputBuffer,
+ CK_RV *pError)
{
- if (!fwOperation->mdOperation->GetOperationLength) {
- *pError = CKR_FUNCTION_FAILED;
- return 0;
- }
- return fwOperation->mdOperation->GetOperationLength(
- fwOperation->mdOperation,
- fwOperation,
- fwOperation->mdSession,
- fwOperation->fwSession,
- fwOperation->mdToken,
- fwOperation->fwToken,
- fwOperation->mdInstance,
- fwOperation->fwInstance,
- inputBuffer,
- pError);
+ if (!fwOperation->mdOperation->GetOperationLength) {
+ *pError = CKR_FUNCTION_FAILED;
+ return 0;
+ }
+ return fwOperation->mdOperation->GetOperationLength(
+ fwOperation->mdOperation,
+ fwOperation,
+ fwOperation->mdSession,
+ fwOperation->fwSession,
+ fwOperation->mdToken,
+ fwOperation->fwToken,
+ fwOperation->mdInstance,
+ fwOperation->fwInstance,
+ inputBuffer,
+ pError);
}
/*
* nssCKFWCryptoOperation_Final
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_Final
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *outputBuffer
-)
+nssCKFWCryptoOperation_Final(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *outputBuffer)
{
- if (!fwOperation->mdOperation->Final) {
- return CKR_FUNCTION_FAILED;
- }
- return fwOperation->mdOperation->Final(
- fwOperation->mdOperation,
- fwOperation,
- fwOperation->mdSession,
- fwOperation->fwSession,
- fwOperation->mdToken,
- fwOperation->fwToken,
- fwOperation->mdInstance,
- fwOperation->fwInstance,
- outputBuffer);
+ if (!fwOperation->mdOperation->Final) {
+ return CKR_FUNCTION_FAILED;
+ }
+ return fwOperation->mdOperation->Final(
+ fwOperation->mdOperation,
+ fwOperation,
+ fwOperation->mdSession,
+ fwOperation->fwSession,
+ fwOperation->mdToken,
+ fwOperation->fwToken,
+ fwOperation->mdInstance,
+ fwOperation->fwInstance,
+ outputBuffer);
}
/*
* nssCKFWCryptoOperation_Update
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_Update
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *inputBuffer,
- NSSItem *outputBuffer
-)
+nssCKFWCryptoOperation_Update(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *inputBuffer,
+ NSSItem *outputBuffer)
{
- if (!fwOperation->mdOperation->Update) {
- return CKR_FUNCTION_FAILED;
- }
- return fwOperation->mdOperation->Update(
- fwOperation->mdOperation,
- fwOperation,
- fwOperation->mdSession,
- fwOperation->fwSession,
- fwOperation->mdToken,
- fwOperation->fwToken,
- fwOperation->mdInstance,
- fwOperation->fwInstance,
- inputBuffer,
- outputBuffer);
+ if (!fwOperation->mdOperation->Update) {
+ return CKR_FUNCTION_FAILED;
+ }
+ return fwOperation->mdOperation->Update(
+ fwOperation->mdOperation,
+ fwOperation,
+ fwOperation->mdSession,
+ fwOperation->fwSession,
+ fwOperation->mdToken,
+ fwOperation->fwToken,
+ fwOperation->mdInstance,
+ fwOperation->fwInstance,
+ inputBuffer,
+ outputBuffer);
}
/*
* nssCKFWCryptoOperation_DigestUpdate
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_DigestUpdate
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *inputBuffer
-)
+nssCKFWCryptoOperation_DigestUpdate(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *inputBuffer)
{
- if (!fwOperation->mdOperation->DigestUpdate) {
- return CKR_FUNCTION_FAILED;
- }
- return fwOperation->mdOperation->DigestUpdate(
- fwOperation->mdOperation,
- fwOperation,
- fwOperation->mdSession,
- fwOperation->fwSession,
- fwOperation->mdToken,
- fwOperation->fwToken,
- fwOperation->mdInstance,
- fwOperation->fwInstance,
- inputBuffer);
+ if (!fwOperation->mdOperation->DigestUpdate) {
+ return CKR_FUNCTION_FAILED;
+ }
+ return fwOperation->mdOperation->DigestUpdate(
+ fwOperation->mdOperation,
+ fwOperation,
+ fwOperation->mdSession,
+ fwOperation->fwSession,
+ fwOperation->mdToken,
+ fwOperation->fwToken,
+ fwOperation->mdInstance,
+ fwOperation->fwInstance,
+ inputBuffer);
}
/*
* nssCKFWCryptoOperation_DigestKey
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_DigestKey
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSCKFWObject *fwObject /* Key */
-)
+nssCKFWCryptoOperation_DigestKey(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKFWObject *fwObject /* Key */
+ )
{
- NSSCKMDObject *mdObject;
+ NSSCKMDObject *mdObject;
- if (!fwOperation->mdOperation->DigestKey) {
- return CKR_FUNCTION_FAILED;
- }
- mdObject = nssCKFWObject_GetMDObject(fwObject);
- return fwOperation->mdOperation->DigestKey(
- fwOperation->mdOperation,
- fwOperation,
- fwOperation->mdToken,
- fwOperation->fwToken,
- fwOperation->mdInstance,
- fwOperation->fwInstance,
- mdObject,
- fwObject);
+ if (!fwOperation->mdOperation->DigestKey) {
+ return CKR_FUNCTION_FAILED;
+ }
+ mdObject = nssCKFWObject_GetMDObject(fwObject);
+ return fwOperation->mdOperation->DigestKey(
+ fwOperation->mdOperation,
+ fwOperation,
+ fwOperation->mdToken,
+ fwOperation->fwToken,
+ fwOperation->mdInstance,
+ fwOperation->fwInstance,
+ mdObject,
+ fwObject);
}
/*
* nssCKFWCryptoOperation_UpdateFinal
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_UpdateFinal
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSItem *inputBuffer,
- NSSItem *outputBuffer
-)
+nssCKFWCryptoOperation_UpdateFinal(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSItem *inputBuffer,
+ NSSItem *outputBuffer)
{
- if (!fwOperation->mdOperation->UpdateFinal) {
- return CKR_FUNCTION_FAILED;
- }
- return fwOperation->mdOperation->UpdateFinal(
- fwOperation->mdOperation,
- fwOperation,
- fwOperation->mdSession,
- fwOperation->fwSession,
- fwOperation->mdToken,
- fwOperation->fwToken,
- fwOperation->mdInstance,
- fwOperation->fwInstance,
- inputBuffer,
- outputBuffer);
+ if (!fwOperation->mdOperation->UpdateFinal) {
+ return CKR_FUNCTION_FAILED;
+ }
+ return fwOperation->mdOperation->UpdateFinal(
+ fwOperation->mdOperation,
+ fwOperation,
+ fwOperation->mdSession,
+ fwOperation->fwSession,
+ fwOperation->mdToken,
+ fwOperation->fwToken,
+ fwOperation->mdInstance,
+ fwOperation->fwInstance,
+ inputBuffer,
+ outputBuffer);
}
/*
* nssCKFWCryptoOperation_UpdateCombo
*/
NSS_EXTERN CK_RV
-nssCKFWCryptoOperation_UpdateCombo
-(
- NSSCKFWCryptoOperation *fwOperation,
- NSSCKFWCryptoOperation *fwPeerOperation,
- NSSItem *inputBuffer,
- NSSItem *outputBuffer
-)
+nssCKFWCryptoOperation_UpdateCombo(
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKFWCryptoOperation *fwPeerOperation,
+ NSSItem *inputBuffer,
+ NSSItem *outputBuffer)
{
- if (!fwOperation->mdOperation->UpdateCombo) {
- return CKR_FUNCTION_FAILED;
- }
- return fwOperation->mdOperation->UpdateCombo(
- fwOperation->mdOperation,
- fwOperation,
- fwPeerOperation->mdOperation,
- fwPeerOperation,
- fwOperation->mdSession,
- fwOperation->fwSession,
- fwOperation->mdToken,
- fwOperation->fwToken,
- fwOperation->mdInstance,
- fwOperation->fwInstance,
- inputBuffer,
- outputBuffer);
+ if (!fwOperation->mdOperation->UpdateCombo) {
+ return CKR_FUNCTION_FAILED;
+ }
+ return fwOperation->mdOperation->UpdateCombo(
+ fwOperation->mdOperation,
+ fwOperation,
+ fwPeerOperation->mdOperation,
+ fwPeerOperation,
+ fwOperation->mdSession,
+ fwOperation->fwSession,
+ fwOperation->mdToken,
+ fwOperation->fwToken,
+ fwOperation->mdInstance,
+ fwOperation->fwInstance,
+ inputBuffer,
+ outputBuffer);
}
diff --git a/nss/lib/ckfw/find.c b/nss/lib/ckfw/find.c
index 8a8a541..55732e6 100644
--- a/nss/lib/ckfw/find.c
+++ b/nss/lib/ckfw/find.c
@@ -21,7 +21,7 @@
*
* -- public accessors --
* NSSCKFWFindObjects_GetMDFindObjects
- *
+ *
* -- implement public accessors --
* nssCKFWFindObjects_GetMDFindObjects
*
@@ -32,17 +32,17 @@
*/
struct NSSCKFWFindObjectsStr {
- NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */
- NSSCKMDFindObjects *mdfo1;
- NSSCKMDFindObjects *mdfo2;
- NSSCKFWSession *fwSession;
- NSSCKMDSession *mdSession;
- NSSCKFWToken *fwToken;
- NSSCKMDToken *mdToken;
- NSSCKFWInstance *fwInstance;
- NSSCKMDInstance *mdInstance;
+ NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */
+ NSSCKMDFindObjects *mdfo1;
+ NSSCKMDFindObjects *mdfo2;
+ NSSCKFWSession *fwSession;
+ NSSCKMDSession *mdSession;
+ NSSCKFWToken *fwToken;
+ NSSCKMDToken *mdToken;
+ NSSCKFWInstance *fwInstance;
+ NSSCKMDInstance *mdInstance;
- NSSCKMDFindObjects *mdFindObjects; /* varies */
+ NSSCKMDFindObjects *mdFindObjects; /* varies */
};
#ifdef DEBUG
@@ -58,30 +58,24 @@
*/
static CK_RV
-findObjects_add_pointer
-(
- const NSSCKFWFindObjects *fwFindObjects
-)
+findObjects_add_pointer(
+ const NSSCKFWFindObjects *fwFindObjects)
{
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
-findObjects_remove_pointer
-(
- const NSSCKFWFindObjects *fwFindObjects
-)
+findObjects_remove_pointer(
+ const NSSCKFWFindObjects *fwFindObjects)
{
- return CKR_OK;
+ return CKR_OK;
}
NSS_IMPLEMENT CK_RV
-nssCKFWFindObjects_verifyPointer
-(
- const NSSCKFWFindObjects *fwFindObjects
-)
+nssCKFWFindObjects_verifyPointer(
+ const NSSCKFWFindObjects *fwFindObjects)
{
- return CKR_OK;
+ return CKR_OK;
}
#endif /* DEBUG */
@@ -91,128 +85,123 @@
*
*/
NSS_EXTERN NSSCKFWFindObjects *
-nssCKFWFindObjects_Create
-(
- NSSCKFWSession *fwSession,
- NSSCKFWToken *fwToken,
- NSSCKFWInstance *fwInstance,
- NSSCKMDFindObjects *mdFindObjects1,
- NSSCKMDFindObjects *mdFindObjects2,
- CK_RV *pError
-)
+nssCKFWFindObjects_Create(
+ NSSCKFWSession *fwSession,
+ NSSCKFWToken *fwToken,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDFindObjects *mdFindObjects1,
+ NSSCKMDFindObjects *mdFindObjects2,
+ CK_RV *pError)
{
- NSSCKFWFindObjects *fwFindObjects = NULL;
- NSSCKMDSession *mdSession;
- NSSCKMDToken *mdToken;
- NSSCKMDInstance *mdInstance;
+ NSSCKFWFindObjects *fwFindObjects = NULL;
+ NSSCKMDSession *mdSession;
+ NSSCKMDToken *mdToken;
+ NSSCKMDInstance *mdInstance;
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdToken = nssCKFWToken_GetMDToken(fwToken);
- mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdToken = nssCKFWToken_GetMDToken(fwToken);
+ mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
- fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects);
- if (!fwFindObjects) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
+ fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects);
+ if (!fwFindObjects) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
- fwFindObjects->mdfo1 = mdFindObjects1;
- fwFindObjects->mdfo2 = mdFindObjects2;
- fwFindObjects->fwSession = fwSession;
- fwFindObjects->mdSession = mdSession;
- fwFindObjects->fwToken = fwToken;
- fwFindObjects->mdToken = mdToken;
- fwFindObjects->fwInstance = fwInstance;
- fwFindObjects->mdInstance = mdInstance;
+ fwFindObjects->mdfo1 = mdFindObjects1;
+ fwFindObjects->mdfo2 = mdFindObjects2;
+ fwFindObjects->fwSession = fwSession;
+ fwFindObjects->mdSession = mdSession;
+ fwFindObjects->fwToken = fwToken;
+ fwFindObjects->mdToken = mdToken;
+ fwFindObjects->fwInstance = fwInstance;
+ fwFindObjects->mdInstance = mdInstance;
- fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError);
- if (!fwFindObjects->mutex) {
- goto loser;
- }
+ fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError);
+ if (!fwFindObjects->mutex) {
+ goto loser;
+ }
#ifdef DEBUG
- *pError = findObjects_add_pointer(fwFindObjects);
- if( CKR_OK != *pError ) {
- goto loser;
- }
+ *pError = findObjects_add_pointer(fwFindObjects);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
#endif /* DEBUG */
- return fwFindObjects;
+ return fwFindObjects;
- loser:
- if( fwFindObjects ) {
- if( NULL != mdFindObjects1 ) {
- if( NULL != mdFindObjects1->Final ) {
- fwFindObjects->mdFindObjects = mdFindObjects1;
- mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession,
- fwSession, mdToken, fwToken, mdInstance, fwInstance);
- }
+loser:
+ if (fwFindObjects) {
+ if (NULL != mdFindObjects1) {
+ if (NULL != mdFindObjects1->Final) {
+ fwFindObjects->mdFindObjects = mdFindObjects1;
+ mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession,
+ fwSession, mdToken, fwToken, mdInstance, fwInstance);
+ }
+ }
+
+ if (NULL != mdFindObjects2) {
+ if (NULL != mdFindObjects2->Final) {
+ fwFindObjects->mdFindObjects = mdFindObjects2;
+ mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession,
+ fwSession, mdToken, fwToken, mdInstance, fwInstance);
+ }
+ }
+
+ nss_ZFreeIf(fwFindObjects);
}
- if( NULL != mdFindObjects2 ) {
- if( NULL != mdFindObjects2->Final ) {
- fwFindObjects->mdFindObjects = mdFindObjects2;
- mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession,
- fwSession, mdToken, fwToken, mdInstance, fwInstance);
- }
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
}
- nss_ZFreeIf(fwFindObjects);
- }
-
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
-
- return (NSSCKFWFindObjects *)NULL;
+ return (NSSCKFWFindObjects *)NULL;
}
-
/*
* nssCKFWFindObjects_Destroy
*
*/
NSS_EXTERN void
-nssCKFWFindObjects_Destroy
-(
- NSSCKFWFindObjects *fwFindObjects
-)
+nssCKFWFindObjects_Destroy(
+ NSSCKFWFindObjects *fwFindObjects)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) {
- return;
- }
+ if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) {
+ return;
+ }
#endif /* NSSDEBUG */
- (void)nssCKFWMutex_Destroy(fwFindObjects->mutex);
+ (void)nssCKFWMutex_Destroy(fwFindObjects->mutex);
- if (fwFindObjects->mdfo1) {
- if (fwFindObjects->mdfo1->Final) {
- fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
- fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
- fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+ if (fwFindObjects->mdfo1) {
+ if (fwFindObjects->mdfo1->Final) {
+ fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
+ fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
+ fwFindObjects->mdSession, fwFindObjects->fwSession,
+ fwFindObjects->mdToken, fwFindObjects->fwToken,
+ fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+ }
}
- }
- if (fwFindObjects->mdfo2) {
- if (fwFindObjects->mdfo2->Final) {
- fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
- fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
- fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+ if (fwFindObjects->mdfo2) {
+ if (fwFindObjects->mdfo2->Final) {
+ fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
+ fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
+ fwFindObjects->mdSession, fwFindObjects->fwSession,
+ fwFindObjects->mdToken, fwFindObjects->fwToken,
+ fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+ }
}
- }
- nss_ZFreeIf(fwFindObjects);
+ nss_ZFreeIf(fwFindObjects);
#ifdef DEBUG
- (void)findObjects_remove_pointer(fwFindObjects);
+ (void)findObjects_remove_pointer(fwFindObjects);
#endif /* DEBUG */
- return;
+ return;
}
/*
@@ -220,18 +209,16 @@
*
*/
NSS_EXTERN NSSCKMDFindObjects *
-nssCKFWFindObjects_GetMDFindObjects
-(
- NSSCKFWFindObjects *fwFindObjects
-)
+nssCKFWFindObjects_GetMDFindObjects(
+ NSSCKFWFindObjects *fwFindObjects)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) {
- return (NSSCKMDFindObjects *)NULL;
- }
+ if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) {
+ return (NSSCKMDFindObjects *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwFindObjects->mdFindObjects;
+ return fwFindObjects->mdFindObjects;
}
/*
@@ -239,89 +226,87 @@
*
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWFindObjects_Next
-(
- NSSCKFWFindObjects *fwFindObjects,
- NSSArena *arenaOpt,
- CK_RV *pError
-)
+nssCKFWFindObjects_Next(
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSArena *arenaOpt,
+ CK_RV *pError)
{
- NSSCKMDObject *mdObject;
- NSSCKFWObject *fwObject = (NSSCKFWObject *)NULL;
- NSSArena *objArena;
+ NSSCKMDObject *mdObject;
+ NSSCKFWObject *fwObject = (NSSCKFWObject *)NULL;
+ NSSArena *objArena;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWObject *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWObject *)NULL;
+ }
- *pError = nssCKFWFindObjects_verifyPointer(fwFindObjects);
- if( CKR_OK != *pError ) {
- return (NSSCKFWObject *)NULL;
- }
+ *pError = nssCKFWFindObjects_verifyPointer(fwFindObjects);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWObject *)NULL;
+ }
#endif /* NSSDEBUG */
- *pError = nssCKFWMutex_Lock(fwFindObjects->mutex);
- if( CKR_OK != *pError ) {
- return (NSSCKFWObject *)NULL;
- }
-
- if (fwFindObjects->mdfo1) {
- if (fwFindObjects->mdfo1->Next) {
- fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
- mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1,
- fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance,
- arenaOpt, pError);
- if (!mdObject) {
- if( CKR_OK != *pError ) {
- goto done;
- }
-
- /* All done. */
- fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
- fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance);
- fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL;
- } else {
- goto wrap;
- }
+ *pError = nssCKFWMutex_Lock(fwFindObjects->mutex);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWObject *)NULL;
}
- }
- if (fwFindObjects->mdfo2) {
- if (fwFindObjects->mdfo2->Next) {
- fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
- mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2,
- fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance,
- arenaOpt, pError);
- if (!mdObject) {
- if( CKR_OK != *pError ) {
- goto done;
+ if (fwFindObjects->mdfo1) {
+ if (fwFindObjects->mdfo1->Next) {
+ fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
+ mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1,
+ fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
+ fwFindObjects->mdToken, fwFindObjects->fwToken,
+ fwFindObjects->mdInstance, fwFindObjects->fwInstance,
+ arenaOpt, pError);
+ if (!mdObject) {
+ if (CKR_OK != *pError) {
+ goto done;
+ }
+
+ /* All done. */
+ fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
+ fwFindObjects->mdSession, fwFindObjects->fwSession,
+ fwFindObjects->mdToken, fwFindObjects->fwToken,
+ fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+ fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL;
+ } else {
+ goto wrap;
+ }
}
-
- /* All done. */
- fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
- fwFindObjects->mdSession, fwFindObjects->fwSession,
- fwFindObjects->mdToken, fwFindObjects->fwToken,
- fwFindObjects->mdInstance, fwFindObjects->fwInstance);
- fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL;
- } else {
- goto wrap;
- }
}
- }
-
- /* No more objects */
- *pError = CKR_OK;
- goto done;
- wrap:
- /*
+ if (fwFindObjects->mdfo2) {
+ if (fwFindObjects->mdfo2->Next) {
+ fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
+ mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2,
+ fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
+ fwFindObjects->mdToken, fwFindObjects->fwToken,
+ fwFindObjects->mdInstance, fwFindObjects->fwInstance,
+ arenaOpt, pError);
+ if (!mdObject) {
+ if (CKR_OK != *pError) {
+ goto done;
+ }
+
+ /* All done. */
+ fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
+ fwFindObjects->mdSession, fwFindObjects->fwSession,
+ fwFindObjects->mdToken, fwFindObjects->fwToken,
+ fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+ fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL;
+ } else {
+ goto wrap;
+ }
+ }
+ }
+
+ /* No more objects */
+ *pError = CKR_OK;
+ goto done;
+
+wrap:
+ /*
* This seems is less than ideal-- we should determine if it's a token
* object or a session object, and use the appropriate arena.
* But that duplicates logic in nssCKFWObject_IsTokenObject.
@@ -336,26 +321,26 @@
* exist in the cache from their initial creation). So this code is correct,
* but it depends on nssCKFWObject_Create caching all objects.
*/
- objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError);
- if (!objArena) {
- if( CKR_OK == *pError ) {
- *pError = CKR_HOST_MEMORY;
+ objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError);
+ if (!objArena) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_HOST_MEMORY;
+ }
+ goto done;
}
- goto done;
- }
- fwObject = nssCKFWObject_Create(objArena, mdObject,
- NULL, fwFindObjects->fwToken,
- fwFindObjects->fwInstance, pError);
- if (!fwObject) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ fwObject = nssCKFWObject_Create(objArena, mdObject,
+ NULL, fwFindObjects->fwToken,
+ fwFindObjects->fwInstance, pError);
+ if (!fwObject) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
}
- }
- done:
- (void)nssCKFWMutex_Unlock(fwFindObjects->mutex);
- return fwObject;
+done:
+ (void)nssCKFWMutex_Unlock(fwFindObjects->mutex);
+ return fwObject;
}
/*
@@ -364,16 +349,14 @@
*/
NSS_EXTERN NSSCKMDFindObjects *
-NSSCKFWFindObjects_GetMDFindObjects
-(
- NSSCKFWFindObjects *fwFindObjects
-)
+NSSCKFWFindObjects_GetMDFindObjects(
+ NSSCKFWFindObjects *fwFindObjects)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) {
- return (NSSCKMDFindObjects *)NULL;
- }
+ if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) {
+ return (NSSCKMDFindObjects *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWFindObjects_GetMDFindObjects(fwFindObjects);
+ return nssCKFWFindObjects_GetMDFindObjects(fwFindObjects);
}
diff --git a/nss/lib/ckfw/hash.c b/nss/lib/ckfw/hash.c
index 7d21084..50de4ce 100644
--- a/nss/lib/ckfw/hash.c
+++ b/nss/lib/ckfw/hash.c
@@ -31,24 +31,22 @@
*/
struct nssCKFWHashStr {
- NSSCKFWMutex *mutex;
+ NSSCKFWMutex *mutex;
- /*
- * The invariant that mutex protects is:
- * The count accurately reflects the hashtable state.
- */
+ /*
+ * The invariant that mutex protects is:
+ * The count accurately reflects the hashtable state.
+ */
- PLHashTable *plHashTable;
- CK_ULONG count;
+ PLHashTable *plHashTable;
+ CK_ULONG count;
};
static PLHashNumber
-nss_ckfw_identity_hash
-(
- const void *key
-)
+nss_ckfw_identity_hash(
+ const void *key)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
/*
@@ -56,53 +54,51 @@
*
*/
NSS_IMPLEMENT nssCKFWHash *
-nssCKFWHash_Create
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
+nssCKFWHash_Create(
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError)
{
- nssCKFWHash *rv;
+ nssCKFWHash *rv;
#ifdef NSSDEBUG
- if (!pError) {
- return (nssCKFWHash *)NULL;
- }
+ if (!pError) {
+ return (nssCKFWHash *)NULL;
+ }
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (nssCKFWHash *)NULL;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (nssCKFWHash *)NULL;
+ }
#endif /* NSSDEBUG */
- rv = nss_ZNEW(arena, nssCKFWHash);
- if (!rv) {
- *pError = CKR_HOST_MEMORY;
- return (nssCKFWHash *)NULL;
- }
-
- rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if (!rv->mutex) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ rv = nss_ZNEW(arena, nssCKFWHash);
+ if (!rv) {
+ *pError = CKR_HOST_MEMORY;
+ return (nssCKFWHash *)NULL;
}
- (void)nss_ZFreeIf(rv);
- return (nssCKFWHash *)NULL;
- }
- rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash,
- PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);
- if (!rv->plHashTable) {
- (void)nssCKFWMutex_Destroy(rv->mutex);
- (void)nss_ZFreeIf(rv);
- *pError = CKR_HOST_MEMORY;
- return (nssCKFWHash *)NULL;
- }
+ rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
+ if (!rv->mutex) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ (void)nss_ZFreeIf(rv);
+ return (nssCKFWHash *)NULL;
+ }
- rv->count = 0;
+ rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash,
+ PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);
+ if (!rv->plHashTable) {
+ (void)nssCKFWMutex_Destroy(rv->mutex);
+ (void)nss_ZFreeIf(rv);
+ *pError = CKR_HOST_MEMORY;
+ return (nssCKFWHash *)NULL;
+ }
- return rv;
+ rv->count = 0;
+
+ return rv;
}
/*
@@ -110,14 +106,12 @@
*
*/
NSS_IMPLEMENT void
-nssCKFWHash_Destroy
-(
- nssCKFWHash *hash
-)
+nssCKFWHash_Destroy(
+ nssCKFWHash *hash)
{
- (void)nssCKFWMutex_Destroy(hash->mutex);
- PL_HashTableDestroy(hash->plHashTable);
- (void)nss_ZFreeIf(hash);
+ (void)nssCKFWMutex_Destroy(hash->mutex);
+ PL_HashTableDestroy(hash->plHashTable);
+ (void)nss_ZFreeIf(hash);
}
/*
@@ -125,31 +119,29 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWHash_Add
-(
- nssCKFWHash *hash,
- const void *key,
- const void *value
-)
+nssCKFWHash_Add(
+ nssCKFWHash *hash,
+ const void *key,
+ const void *value)
{
- CK_RV error = CKR_OK;
- PLHashEntry *he;
+ CK_RV error = CKR_OK;
+ PLHashEntry *he;
- error = nssCKFWMutex_Lock(hash->mutex);
- if( CKR_OK != error ) {
+ error = nssCKFWMutex_Lock(hash->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
+ if (!he) {
+ error = CKR_HOST_MEMORY;
+ } else {
+ hash->count++;
+ }
+
+ (void)nssCKFWMutex_Unlock(hash->mutex);
+
return error;
- }
-
- he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
- if (!he) {
- error = CKR_HOST_MEMORY;
- } else {
- hash->count++;
- }
-
- (void)nssCKFWMutex_Unlock(hash->mutex);
-
- return error;
}
/*
@@ -157,25 +149,23 @@
*
*/
NSS_IMPLEMENT void
-nssCKFWHash_Remove
-(
- nssCKFWHash *hash,
- const void *it
-)
+nssCKFWHash_Remove(
+ nssCKFWHash *hash,
+ const void *it)
{
- PRBool found;
+ PRBool found;
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
+ if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+ return;
+ }
+
+ found = PL_HashTableRemove(hash->plHashTable, it);
+ if (found) {
+ hash->count--;
+ }
+
+ (void)nssCKFWMutex_Unlock(hash->mutex);
return;
- }
-
- found = PL_HashTableRemove(hash->plHashTable, it);
- if( found ) {
- hash->count--;
- }
-
- (void)nssCKFWMutex_Unlock(hash->mutex);
- return;
}
/*
@@ -183,22 +173,20 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWHash_Count
-(
- nssCKFWHash *hash
-)
+nssCKFWHash_Count(
+ nssCKFWHash *hash)
{
- CK_ULONG count;
+ CK_ULONG count;
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
- return (CK_ULONG)0;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+ return (CK_ULONG)0;
+ }
- count = hash->count;
+ count = hash->count;
- (void)nssCKFWMutex_Unlock(hash->mutex);
+ (void)nssCKFWMutex_Unlock(hash->mutex);
- return count;
+ return count;
}
/*
@@ -206,27 +194,25 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWHash_Exists
-(
- nssCKFWHash *hash,
- const void *it
-)
+nssCKFWHash_Exists(
+ nssCKFWHash *hash,
+ const void *it)
{
- void *value;
+ void *value;
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+ return CK_FALSE;
+ }
- value = PL_HashTableLookup(hash->plHashTable, it);
+ value = PL_HashTableLookup(hash->plHashTable, it);
- (void)nssCKFWMutex_Unlock(hash->mutex);
+ (void)nssCKFWMutex_Unlock(hash->mutex);
- if (!value) {
- return CK_FALSE;
- } else {
- return CK_TRUE;
- }
+ if (!value) {
+ return CK_FALSE;
+ } else {
+ return CK_TRUE;
+ }
}
/*
@@ -234,41 +220,37 @@
*
*/
NSS_IMPLEMENT void *
-nssCKFWHash_Lookup
-(
- nssCKFWHash *hash,
- const void *it
-)
+nssCKFWHash_Lookup(
+ nssCKFWHash *hash,
+ const void *it)
{
- void *rv;
+ void *rv;
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
- return (void *)NULL;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+ return (void *)NULL;
+ }
- rv = PL_HashTableLookup(hash->plHashTable, it);
+ rv = PL_HashTableLookup(hash->plHashTable, it);
- (void)nssCKFWMutex_Unlock(hash->mutex);
+ (void)nssCKFWMutex_Unlock(hash->mutex);
- return rv;
+ return rv;
}
struct arg_str {
- nssCKFWHashIterator fcn;
- void *closure;
+ nssCKFWHashIterator fcn;
+ void *closure;
};
static PRIntn
-nss_ckfwhash_enumerator
-(
- PLHashEntry *he,
- PRIntn index,
- void *arg
-)
+nss_ckfwhash_enumerator(
+ PLHashEntry *he,
+ PRIntn index,
+ void *arg)
{
- struct arg_str *as = (struct arg_str *)arg;
- as->fcn(he->key, he->value, as->closure);
- return HT_ENUMERATE_NEXT;
+ struct arg_str *as = (struct arg_str *)arg;
+ as->fcn(he->key, he->value, as->closure);
+ return HT_ENUMERATE_NEXT;
}
/*
@@ -277,24 +259,22 @@
* NOTE that the iteration function will be called with the hashtable locked.
*/
NSS_IMPLEMENT void
-nssCKFWHash_Iterate
-(
- nssCKFWHash *hash,
- nssCKFWHashIterator fcn,
- void *closure
-)
+nssCKFWHash_Iterate(
+ nssCKFWHash *hash,
+ nssCKFWHashIterator fcn,
+ void *closure)
{
- struct arg_str as;
- as.fcn = fcn;
- as.closure = closure;
+ struct arg_str as;
+ as.fcn = fcn;
+ as.closure = closure;
- if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) {
+ if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+ return;
+ }
+
+ PL_HashTableEnumerateEntries(hash->plHashTable, nss_ckfwhash_enumerator, &as);
+
+ (void)nssCKFWMutex_Unlock(hash->mutex);
+
return;
- }
-
- PL_HashTableEnumerateEntries(hash->plHashTable, nss_ckfwhash_enumerator, &as);
-
- (void)nssCKFWMutex_Unlock(hash->mutex);
-
- return;
}
diff --git a/nss/lib/ckfw/instance.c b/nss/lib/ckfw/instance.c
index b8a5b25..f585eb5 100644
--- a/nss/lib/ckfw/instance.c
+++ b/nss/lib/ckfw/instance.c
@@ -33,7 +33,7 @@
* nssCKFWInstance_MayCreatePthreads
* nssCKFWInstance_CreateMutex
* nssCKFWInstance_GetConfigurationData
- * nssCKFWInstance_GetInitArgs
+ * nssCKFWInstance_GetInitArgs
*
* -- private accessors --
* nssCKFWInstance_CreateSessionHandle
@@ -60,52 +60,52 @@
*/
struct NSSCKFWInstanceStr {
- NSSCKFWMutex *mutex;
- NSSArena *arena;
- NSSCKMDInstance *mdInstance;
- CK_C_INITIALIZE_ARGS_PTR pInitArgs;
- CK_C_INITIALIZE_ARGS initArgs;
- CryptokiLockingState LockingState;
- CK_BBOOL mayCreatePthreads;
- NSSUTF8 *configurationData;
- CK_ULONG nSlots;
- NSSCKFWSlot **fwSlotList;
- NSSCKMDSlot **mdSlotList;
- CK_BBOOL moduleHandlesSessionObjects;
+ NSSCKFWMutex *mutex;
+ NSSArena *arena;
+ NSSCKMDInstance *mdInstance;
+ CK_C_INITIALIZE_ARGS_PTR pInitArgs;
+ CK_C_INITIALIZE_ARGS initArgs;
+ CryptokiLockingState LockingState;
+ CK_BBOOL mayCreatePthreads;
+ NSSUTF8 *configurationData;
+ CK_ULONG nSlots;
+ NSSCKFWSlot **fwSlotList;
+ NSSCKMDSlot **mdSlotList;
+ CK_BBOOL moduleHandlesSessionObjects;
- /*
- * Everything above is set at creation time, and then not modified.
- * The invariants the mutex protects are:
- *
- * 1) Each of the cached descriptions (versions, etc.) are in an
- * internally consistant state.
- *
- * 2) The session handle hashes and count are consistant
- *
- * 3) The object handle hashes and count are consistant.
- *
- * I could use multiple locks, but let's wait to see if that's
- * really necessary.
- *
- * Note that the calls accessing the cached descriptions will
- * call the NSSCKMDInstance methods with the mutex locked. Those
- * methods may then call the public NSSCKFWInstance routines.
- * Those public routines only access the constant data above, so
- * there's no problem. But be careful if you add to this object;
- * mutexes are in general not reentrant, so don't create deadlock
- * situations.
- */
+ /*
+ * Everything above is set at creation time, and then not modified.
+ * The invariants the mutex protects are:
+ *
+ * 1) Each of the cached descriptions (versions, etc.) are in an
+ * internally consistant state.
+ *
+ * 2) The session handle hashes and count are consistant
+ *
+ * 3) The object handle hashes and count are consistant.
+ *
+ * I could use multiple locks, but let's wait to see if that's
+ * really necessary.
+ *
+ * Note that the calls accessing the cached descriptions will
+ * call the NSSCKMDInstance methods with the mutex locked. Those
+ * methods may then call the public NSSCKFWInstance routines.
+ * Those public routines only access the constant data above, so
+ * there's no problem. But be careful if you add to this object;
+ * mutexes are in general not reentrant, so don't create deadlock
+ * situations.
+ */
- CK_VERSION cryptokiVersion;
- NSSUTF8 *manufacturerID;
- NSSUTF8 *libraryDescription;
- CK_VERSION libraryVersion;
+ CK_VERSION cryptokiVersion;
+ NSSUTF8 *manufacturerID;
+ NSSUTF8 *libraryDescription;
+ CK_VERSION libraryVersion;
- CK_ULONG lastSessionHandle;
- nssCKFWHash *sessionHandleHash;
+ CK_ULONG lastSessionHandle;
+ nssCKFWHash *sessionHandleHash;
- CK_ULONG lastObjectHandle;
- nssCKFWHash *objectHandleHash;
+ CK_ULONG lastObjectHandle;
+ nssCKFWHash *objectHandleHash;
};
#ifdef DEBUG
@@ -121,30 +121,24 @@
*/
static CK_RV
-instance_add_pointer
-(
- const NSSCKFWInstance *fwInstance
-)
+instance_add_pointer(
+ const NSSCKFWInstance *fwInstance)
{
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
-instance_remove_pointer
-(
- const NSSCKFWInstance *fwInstance
-)
+instance_remove_pointer(
+ const NSSCKFWInstance *fwInstance)
{
- return CKR_OK;
+ return CKR_OK;
}
NSS_IMPLEMENT CK_RV
-nssCKFWInstance_verifyPointer
-(
- const NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_verifyPointer(
+ const NSSCKFWInstance *fwInstance)
{
- return CKR_OK;
+ return CKR_OK;
}
#endif /* DEBUG */
@@ -154,191 +148,189 @@
*
*/
NSS_IMPLEMENT NSSCKFWInstance *
-nssCKFWInstance_Create
-(
- CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- CryptokiLockingState LockingState,
- NSSCKMDInstance *mdInstance,
- CK_RV *pError
-)
+nssCKFWInstance_Create(
+ CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+ CryptokiLockingState LockingState,
+ NSSCKMDInstance *mdInstance,
+ CK_RV *pError)
{
- NSSCKFWInstance *fwInstance;
- NSSArena *arena = (NSSArena *)NULL;
- CK_ULONG i;
- CK_BBOOL called_Initialize = CK_FALSE;
+ NSSCKFWInstance *fwInstance;
+ NSSArena *arena = (NSSArena *)NULL;
+ CK_ULONG i;
+ CK_BBOOL called_Initialize = CK_FALSE;
#ifdef NSSDEBUG
- if( (CK_RV)NULL == pError ) {
- return (NSSCKFWInstance *)NULL;
- }
+ if ((CK_RV)NULL == pError) {
+ return (NSSCKFWInstance *)NULL;
+ }
- if (!mdInstance) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWInstance *)NULL;
- }
+ if (!mdInstance) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKFWInstance *)NULL;
+ }
#endif /* NSSDEBUG */
- arena = NSSArena_Create();
- if (!arena) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWInstance *)NULL;
- }
-
- fwInstance = nss_ZNEW(arena, NSSCKFWInstance);
- if (!fwInstance) {
- goto nomem;
- }
-
- fwInstance->arena = arena;
- fwInstance->mdInstance = mdInstance;
-
- fwInstance->LockingState = LockingState;
- if( (CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs ) {
- fwInstance->initArgs = *pInitArgs;
- fwInstance->pInitArgs = &fwInstance->initArgs;
- if( pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS ) {
- fwInstance->mayCreatePthreads = CK_FALSE;
- } else {
- fwInstance->mayCreatePthreads = CK_TRUE;
- }
- fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved);
- } else {
- fwInstance->mayCreatePthreads = CK_TRUE;
- }
-
- fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena,
- pError);
- if (!fwInstance->mutex) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
-
- if (mdInstance->Initialize) {
- *pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData);
- if( CKR_OK != *pError ) {
- goto loser;
+ arena = NSSArena_Create();
+ if (!arena) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKFWInstance *)NULL;
}
- called_Initialize = CK_TRUE;
- }
-
- if (mdInstance->ModuleHandlesSessionObjects) {
- fwInstance->moduleHandlesSessionObjects =
- mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance);
- } else {
- fwInstance->moduleHandlesSessionObjects = CK_FALSE;
- }
-
- if (!mdInstance->GetNSlots) {
- /* That routine is required */
- *pError = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- fwInstance->nSlots = mdInstance->GetNSlots(mdInstance, fwInstance, pError);
- if( (CK_ULONG)0 == fwInstance->nSlots ) {
- if( CKR_OK == *pError ) {
- /* Zero is not a legitimate answer */
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
- }
-
- fwInstance->fwSlotList = nss_ZNEWARRAY(arena, NSSCKFWSlot *, fwInstance->nSlots);
- if( (NSSCKFWSlot **)NULL == fwInstance->fwSlotList ) {
- goto nomem;
- }
-
- fwInstance->mdSlotList = nss_ZNEWARRAY(arena, NSSCKMDSlot *, fwInstance->nSlots);
- if( (NSSCKMDSlot **)NULL == fwInstance->mdSlotList ) {
- goto nomem;
- }
-
- fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance,
- fwInstance->arena, pError);
- if (!fwInstance->sessionHandleHash) {
- goto loser;
- }
-
- fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance,
- fwInstance->arena, pError);
- if (!fwInstance->objectHandleHash) {
- goto loser;
- }
-
- if (!mdInstance->GetSlots) {
- /* That routine is required */
- *pError = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- *pError = mdInstance->GetSlots(mdInstance, fwInstance, fwInstance->mdSlotList);
- if( CKR_OK != *pError ) {
- goto loser;
- }
-
- for( i = 0; i < fwInstance->nSlots; i++ ) {
- NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i];
-
- if (!mdSlot) {
- *pError = CKR_GENERAL_ERROR;
- goto loser;
+ fwInstance = nss_ZNEW(arena, NSSCKFWInstance);
+ if (!fwInstance) {
+ goto nomem;
}
- fwInstance->fwSlotList[i] = nssCKFWSlot_Create(fwInstance, mdSlot, i, pError);
- if( CKR_OK != *pError ) {
- CK_ULONG j;
+ fwInstance->arena = arena;
+ fwInstance->mdInstance = mdInstance;
- for( j = 0; j < i; j++ ) {
- (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[j]);
- }
-
- for( j = i; j < fwInstance->nSlots; j++ ) {
- NSSCKMDSlot *mds = fwInstance->mdSlotList[j];
- if (mds->Destroy) {
- mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance);
+ fwInstance->LockingState = LockingState;
+ if ((CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs) {
+ fwInstance->initArgs = *pInitArgs;
+ fwInstance->pInitArgs = &fwInstance->initArgs;
+ if (pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS) {
+ fwInstance->mayCreatePthreads = CK_FALSE;
+ } else {
+ fwInstance->mayCreatePthreads = CK_TRUE;
}
- }
-
- goto loser;
+ fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved);
+ } else {
+ fwInstance->mayCreatePthreads = CK_TRUE;
}
- }
+
+ fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena,
+ pError);
+ if (!fwInstance->mutex) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
+
+ if (mdInstance->Initialize) {
+ *pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
+
+ called_Initialize = CK_TRUE;
+ }
+
+ if (mdInstance->ModuleHandlesSessionObjects) {
+ fwInstance->moduleHandlesSessionObjects =
+ mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance);
+ } else {
+ fwInstance->moduleHandlesSessionObjects = CK_FALSE;
+ }
+
+ if (!mdInstance->GetNSlots) {
+ /* That routine is required */
+ *pError = CKR_GENERAL_ERROR;
+ goto loser;
+ }
+
+ fwInstance->nSlots = mdInstance->GetNSlots(mdInstance, fwInstance, pError);
+ if ((CK_ULONG)0 == fwInstance->nSlots) {
+ if (CKR_OK == *pError) {
+ /* Zero is not a legitimate answer */
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
+
+ fwInstance->fwSlotList = nss_ZNEWARRAY(arena, NSSCKFWSlot *, fwInstance->nSlots);
+ if ((NSSCKFWSlot **)NULL == fwInstance->fwSlotList) {
+ goto nomem;
+ }
+
+ fwInstance->mdSlotList = nss_ZNEWARRAY(arena, NSSCKMDSlot *, fwInstance->nSlots);
+ if ((NSSCKMDSlot **)NULL == fwInstance->mdSlotList) {
+ goto nomem;
+ }
+
+ fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance,
+ fwInstance->arena, pError);
+ if (!fwInstance->sessionHandleHash) {
+ goto loser;
+ }
+
+ fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance,
+ fwInstance->arena, pError);
+ if (!fwInstance->objectHandleHash) {
+ goto loser;
+ }
+
+ if (!mdInstance->GetSlots) {
+ /* That routine is required */
+ *pError = CKR_GENERAL_ERROR;
+ goto loser;
+ }
+
+ *pError = mdInstance->GetSlots(mdInstance, fwInstance, fwInstance->mdSlotList);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
+
+ for (i = 0; i < fwInstance->nSlots; i++) {
+ NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i];
+
+ if (!mdSlot) {
+ *pError = CKR_GENERAL_ERROR;
+ goto loser;
+ }
+
+ fwInstance->fwSlotList[i] = nssCKFWSlot_Create(fwInstance, mdSlot, i, pError);
+ if (CKR_OK != *pError) {
+ CK_ULONG j;
+
+ for (j = 0; j < i; j++) {
+ (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[j]);
+ }
+
+ for (j = i; j < fwInstance->nSlots; j++) {
+ NSSCKMDSlot *mds = fwInstance->mdSlotList[j];
+ if (mds->Destroy) {
+ mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance);
+ }
+ }
+
+ goto loser;
+ }
+ }
#ifdef DEBUG
- *pError = instance_add_pointer(fwInstance);
- if( CKR_OK != *pError ) {
- for( i = 0; i < fwInstance->nSlots; i++ ) {
- (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
+ *pError = instance_add_pointer(fwInstance);
+ if (CKR_OK != *pError) {
+ for (i = 0; i < fwInstance->nSlots; i++) {
+ (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
+ }
+
+ goto loser;
}
-
- goto loser;
- }
#endif /* DEBUG */
- *pError = CKR_OK;
- return fwInstance;
+ *pError = CKR_OK;
+ return fwInstance;
- nomem:
- *pError = CKR_HOST_MEMORY;
- /*FALLTHROUGH*/
- loser:
+nomem:
+ *pError = CKR_HOST_MEMORY;
+ /*FALLTHROUGH*/
+loser:
- if( CK_TRUE == called_Initialize ) {
- if (mdInstance->Finalize) {
- mdInstance->Finalize(mdInstance, fwInstance);
+ if (CK_TRUE == called_Initialize) {
+ if (mdInstance->Finalize) {
+ mdInstance->Finalize(mdInstance, fwInstance);
+ }
}
- }
- if (fwInstance && fwInstance->mutex) {
- nssCKFWMutex_Destroy(fwInstance->mutex);
- }
+ if (fwInstance && fwInstance->mutex) {
+ nssCKFWMutex_Destroy(fwInstance->mutex);
+ }
- if (arena) {
- (void)NSSArena_Destroy(arena);
- }
- return (NSSCKFWInstance *)NULL;
+ if (arena) {
+ (void)NSSArena_Destroy(arena);
+ }
+ return (NSSCKFWInstance *)NULL;
}
/*
@@ -346,47 +338,45 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWInstance_Destroy
-(
- NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_Destroy(
+ NSSCKFWInstance *fwInstance)
{
#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#endif /* NSSDEBUG */
- CK_ULONG i;
+ CK_ULONG i;
#ifdef NSSDEBUG
- error = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- nssCKFWMutex_Destroy(fwInstance->mutex);
+ nssCKFWMutex_Destroy(fwInstance->mutex);
- for( i = 0; i < fwInstance->nSlots; i++ ) {
- (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
- }
+ for (i = 0; i < fwInstance->nSlots; i++) {
+ (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
+ }
- if (fwInstance->mdInstance->Finalize) {
- fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance);
- }
+ if (fwInstance->mdInstance->Finalize) {
+ fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance);
+ }
- if (fwInstance->sessionHandleHash) {
- nssCKFWHash_Destroy(fwInstance->sessionHandleHash);
- }
+ if (fwInstance->sessionHandleHash) {
+ nssCKFWHash_Destroy(fwInstance->sessionHandleHash);
+ }
- if (fwInstance->objectHandleHash) {
- nssCKFWHash_Destroy(fwInstance->objectHandleHash);
- }
+ if (fwInstance->objectHandleHash) {
+ nssCKFWHash_Destroy(fwInstance->objectHandleHash);
+ }
#ifdef DEBUG
- (void)instance_remove_pointer(fwInstance);
+ (void)instance_remove_pointer(fwInstance);
#endif /* DEBUG */
- (void)NSSArena_Destroy(fwInstance->arena);
- return CKR_OK;
+ (void)NSSArena_Destroy(fwInstance->arena);
+ return CKR_OK;
}
/*
@@ -394,18 +384,16 @@
*
*/
NSS_IMPLEMENT NSSCKMDInstance *
-nssCKFWInstance_GetMDInstance
-(
- NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_GetMDInstance(
+ NSSCKFWInstance *fwInstance)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSCKMDInstance *)NULL;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (NSSCKMDInstance *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwInstance->mdInstance;
+ return fwInstance->mdInstance;
}
/*
@@ -413,25 +401,23 @@
*
*/
NSS_IMPLEMENT NSSArena *
-nssCKFWInstance_GetArena
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+nssCKFWInstance_GetArena(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSArena *)NULL;
- }
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (NSSArena *)NULL;
+ }
#endif /* NSSDEBUG */
- *pError = CKR_OK;
- return fwInstance->arena;
+ *pError = CKR_OK;
+ return fwInstance->arena;
}
/*
@@ -439,18 +425,16 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWInstance_MayCreatePthreads
-(
- NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_MayCreatePthreads(
+ NSSCKFWInstance *fwInstance)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- return fwInstance->mayCreatePthreads;
+ return fwInstance->mayCreatePthreads;
}
/*
@@ -458,37 +442,35 @@
*
*/
NSS_IMPLEMENT NSSCKFWMutex *
-nssCKFWInstance_CreateMutex
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
+nssCKFWInstance_CreateMutex(
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError)
{
- NSSCKFWMutex *mutex;
+ NSSCKFWMutex *mutex;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWMutex *)NULL;
- }
-
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWMutex *)NULL;
- }
-#endif /* NSSDEBUG */
-
- mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState,
- arena, pError);
- if (!mutex) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ if (!pError) {
+ return (NSSCKFWMutex *)NULL;
}
- return (NSSCKFWMutex *)NULL;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWMutex *)NULL;
+ }
+#endif /* NSSDEBUG */
- return mutex;
+ mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState,
+ arena, pError);
+ if (!mutex) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+
+ return (NSSCKFWMutex *)NULL;
+ }
+
+ return mutex;
}
/*
@@ -496,18 +478,16 @@
*
*/
NSS_IMPLEMENT NSSUTF8 *
-nssCKFWInstance_GetConfigurationData
-(
- NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_GetConfigurationData(
+ NSSCKFWInstance *fwInstance)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSUTF8 *)NULL;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (NSSUTF8 *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwInstance->configurationData;
+ return fwInstance->configurationData;
}
/*
@@ -515,15 +495,13 @@
*
*/
CK_C_INITIALIZE_ARGS_PTR
-nssCKFWInstance_GetInitArgs
-(
- NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_GetInitArgs(
+ NSSCKFWInstance *fwInstance)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (CK_C_INITIALIZE_ARGS_PTR)NULL;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (CK_C_INITIALIZE_ARGS_PTR)NULL;
+ }
#endif /* NSSDEBUG */
return fwInstance->pInitArgs;
@@ -534,50 +512,48 @@
*
*/
NSS_IMPLEMENT CK_SESSION_HANDLE
-nssCKFWInstance_CreateSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
+nssCKFWInstance_CreateSessionHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession,
+ CK_RV *pError)
{
- CK_SESSION_HANDLE hSession;
+ CK_SESSION_HANDLE hSession;
#ifdef NSSDEBUG
- if (!pError) {
- return (CK_SESSION_HANDLE)0;
- }
+ if (!pError) {
+ return (CK_SESSION_HANDLE)0;
+ }
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (CK_SESSION_HANDLE)0;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (CK_SESSION_HANDLE)0;
+ }
#endif /* NSSDEBUG */
- *pError = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != *pError ) {
- return (CK_SESSION_HANDLE)0;
- }
+ *pError = nssCKFWMutex_Lock(fwInstance->mutex);
+ if (CKR_OK != *pError) {
+ return (CK_SESSION_HANDLE)0;
+ }
- hSession = ++(fwInstance->lastSessionHandle);
+ hSession = ++(fwInstance->lastSessionHandle);
- /* Alan would say I should unlock for this call. */
-
- *pError = nssCKFWSession_SetHandle(fwSession, hSession);
- if( CKR_OK != *pError ) {
- goto done;
- }
+ /* Alan would say I should unlock for this call. */
- *pError = nssCKFWHash_Add(fwInstance->sessionHandleHash,
- (const void *)hSession, (const void *)fwSession);
- if( CKR_OK != *pError ) {
- hSession = (CK_SESSION_HANDLE)0;
- goto done;
- }
+ *pError = nssCKFWSession_SetHandle(fwSession, hSession);
+ if (CKR_OK != *pError) {
+ goto done;
+ }
- done:
- nssCKFWMutex_Unlock(fwInstance->mutex);
- return hSession;
+ *pError = nssCKFWHash_Add(fwInstance->sessionHandleHash,
+ (const void *)hSession, (const void *)fwSession);
+ if (CKR_OK != *pError) {
+ hSession = (CK_SESSION_HANDLE)0;
+ goto done;
+ }
+
+done:
+ nssCKFWMutex_Unlock(fwInstance->mutex);
+ return hSession;
}
/*
@@ -585,32 +561,30 @@
*
*/
NSS_IMPLEMENT NSSCKFWSession *
-nssCKFWInstance_ResolveSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
+nssCKFWInstance_ResolveSessionHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession)
{
- NSSCKFWSession *fwSession;
+ NSSCKFWSession *fwSession;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSCKFWSession *)NULL;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (NSSCKFWSession *)NULL;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- return (NSSCKFWSession *)NULL;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+ return (NSSCKFWSession *)NULL;
+ }
- fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
- fwInstance->sessionHandleHash, (const void *)hSession);
+ fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
+ fwInstance->sessionHandleHash, (const void *)hSession);
- /* Assert(hSession == nssCKFWSession_GetHandle(fwSession)) */
+ /* Assert(hSession == nssCKFWSession_GetHandle(fwSession)) */
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return fwSession;
+ return fwSession;
}
/*
@@ -618,34 +592,32 @@
*
*/
NSS_IMPLEMENT void
-nssCKFWInstance_DestroySessionHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
+nssCKFWInstance_DestroySessionHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession)
{
- NSSCKFWSession *fwSession;
+ NSSCKFWSession *fwSession;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
+ if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+ return;
+ }
+
+ fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
+ fwInstance->sessionHandleHash, (const void *)hSession);
+ if (fwSession) {
+ nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
+ nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
+ }
+
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+
return;
- }
-
- fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
- fwInstance->sessionHandleHash, (const void *)hSession);
- if (fwSession) {
- nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
- nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
- }
-
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
-
- return;
}
/*
@@ -653,24 +625,22 @@
*
*/
NSS_IMPLEMENT CK_SESSION_HANDLE
-nssCKFWInstance_FindSessionHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession
-)
+nssCKFWInstance_FindSessionHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (CK_SESSION_HANDLE)0;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (CK_SESSION_HANDLE)0;
+ }
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (CK_SESSION_HANDLE)0;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return (CK_SESSION_HANDLE)0;
+ }
#endif /* NSSDEBUG */
- return nssCKFWSession_GetHandle(fwSession);
- /* look it up and assert? */
+ return nssCKFWSession_GetHandle(fwSession);
+ /* look it up and assert? */
}
/*
@@ -678,49 +648,47 @@
*
*/
NSS_IMPLEMENT CK_OBJECT_HANDLE
-nssCKFWInstance_CreateObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
+nssCKFWInstance_CreateObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWObject *fwObject,
+ CK_RV *pError)
{
- CK_OBJECT_HANDLE hObject;
+ CK_OBJECT_HANDLE hObject;
#ifdef NSSDEBUG
- if (!pError) {
- return (CK_OBJECT_HANDLE)0;
- }
+ if (!pError) {
+ return (CK_OBJECT_HANDLE)0;
+ }
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (CK_OBJECT_HANDLE)0;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (CK_OBJECT_HANDLE)0;
+ }
#endif /* NSSDEBUG */
- *pError = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != *pError ) {
- return (CK_OBJECT_HANDLE)0;
- }
+ *pError = nssCKFWMutex_Lock(fwInstance->mutex);
+ if (CKR_OK != *pError) {
+ return (CK_OBJECT_HANDLE)0;
+ }
- hObject = ++(fwInstance->lastObjectHandle);
+ hObject = ++(fwInstance->lastObjectHandle);
- *pError = nssCKFWObject_SetHandle(fwObject, hObject);
- if( CKR_OK != *pError ) {
- hObject = (CK_OBJECT_HANDLE)0;
- goto done;
- }
+ *pError = nssCKFWObject_SetHandle(fwObject, hObject);
+ if (CKR_OK != *pError) {
+ hObject = (CK_OBJECT_HANDLE)0;
+ goto done;
+ }
- *pError = nssCKFWHash_Add(fwInstance->objectHandleHash,
- (const void *)hObject, (const void *)fwObject);
- if( CKR_OK != *pError ) {
- hObject = (CK_OBJECT_HANDLE)0;
- goto done;
- }
+ *pError = nssCKFWHash_Add(fwInstance->objectHandleHash,
+ (const void *)hObject, (const void *)fwObject);
+ if (CKR_OK != *pError) {
+ hObject = (CK_OBJECT_HANDLE)0;
+ goto done;
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return hObject;
+done:
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+ return hObject;
}
/*
@@ -728,31 +696,29 @@
*
*/
NSS_IMPLEMENT NSSCKFWObject *
-nssCKFWInstance_ResolveObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-)
+nssCKFWInstance_ResolveObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_OBJECT_HANDLE hObject)
{
- NSSCKFWObject *fwObject;
+ NSSCKFWObject *fwObject;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSCKFWObject *)NULL;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (NSSCKFWObject *)NULL;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- return (NSSCKFWObject *)NULL;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+ return (NSSCKFWObject *)NULL;
+ }
- fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
- fwInstance->objectHandleHash, (const void *)hObject);
+ fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
+ fwInstance->objectHandleHash, (const void *)hObject);
- /* Assert(hObject == nssCKFWObject_GetHandle(fwObject)) */
+ /* Assert(hObject == nssCKFWObject_GetHandle(fwObject)) */
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return fwObject;
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+ return fwObject;
}
/*
@@ -760,46 +726,44 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWInstance_ReassignObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject,
- NSSCKFWObject *fwObject
-)
+nssCKFWInstance_ReassignObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_OBJECT_HANDLE hObject,
+ NSSCKFWObject *fwObject)
{
- CK_RV error = CKR_OK;
- NSSCKFWObject *oldObject;
+ CK_RV error = CKR_OK;
+ NSSCKFWObject *oldObject;
#ifdef NSSDEBUG
- error = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != error ) {
+ error = nssCKFWMutex_Lock(fwInstance->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ oldObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
+ fwInstance->objectHandleHash, (const void *)hObject);
+ if (oldObject) {
+ /* Assert(hObject == nssCKFWObject_GetHandle(oldObject) */
+ (void)nssCKFWObject_SetHandle(oldObject, (CK_SESSION_HANDLE)0);
+ nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject);
+ }
+
+ error = nssCKFWObject_SetHandle(fwObject, hObject);
+ if (CKR_OK != error) {
+ goto done;
+ }
+ error = nssCKFWHash_Add(fwInstance->objectHandleHash,
+ (const void *)hObject, (const void *)fwObject);
+
+done:
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
return error;
- }
-
- oldObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
- fwInstance->objectHandleHash, (const void *)hObject);
- if(oldObject) {
- /* Assert(hObject == nssCKFWObject_GetHandle(oldObject) */
- (void)nssCKFWObject_SetHandle(oldObject, (CK_SESSION_HANDLE)0);
- nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject);
- }
-
- error = nssCKFWObject_SetHandle(fwObject, hObject);
- if( CKR_OK != error ) {
- goto done;
- }
- error = nssCKFWHash_Add(fwInstance->objectHandleHash,
- (const void *)hObject, (const void *)fwObject);
-
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return error;
}
/*
@@ -807,34 +771,32 @@
*
*/
NSS_IMPLEMENT void
-nssCKFWInstance_DestroyObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- CK_OBJECT_HANDLE hObject
-)
+nssCKFWInstance_DestroyObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ CK_OBJECT_HANDLE hObject)
{
- NSSCKFWObject *fwObject;
+ NSSCKFWObject *fwObject;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
+ if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+ return;
+ }
+
+ fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
+ fwInstance->objectHandleHash, (const void *)hObject);
+ if (fwObject) {
+ /* Assert(hObject = nssCKFWObject_GetHandle(fwObject)) */
+ nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject);
+ (void)nssCKFWObject_SetHandle(fwObject, (CK_SESSION_HANDLE)0);
+ }
+
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
return;
- }
-
- fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
- fwInstance->objectHandleHash, (const void *)hObject);
- if (fwObject) {
- /* Assert(hObject = nssCKFWObject_GetHandle(fwObject)) */
- nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject);
- (void)nssCKFWObject_SetHandle(fwObject, (CK_SESSION_HANDLE)0);
- }
-
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return;
}
/*
@@ -842,23 +804,21 @@
*
*/
NSS_IMPLEMENT CK_OBJECT_HANDLE
-nssCKFWInstance_FindObjectHandle
-(
- NSSCKFWInstance *fwInstance,
- NSSCKFWObject *fwObject
-)
+nssCKFWInstance_FindObjectHandle(
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWObject *fwObject)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (CK_OBJECT_HANDLE)0;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (CK_OBJECT_HANDLE)0;
+ }
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return (CK_OBJECT_HANDLE)0;
- }
+ if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+ return (CK_OBJECT_HANDLE)0;
+ }
#endif /* NSSDEBUG */
-
- return nssCKFWObject_GetHandle(fwObject);
+
+ return nssCKFWObject_GetHandle(fwObject);
}
/*
@@ -866,70 +826,66 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWInstance_GetNSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+nssCKFWInstance_GetNSlots(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
#ifdef NSSDEBUG
- if (!pError) {
- return (CK_ULONG)0;
- }
+ if (!pError) {
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- *pError = CKR_OK;
- return fwInstance->nSlots;
-}
+ *pError = CKR_OK;
+ return fwInstance->nSlots;
+}
/*
* nssCKFWInstance_GetCryptokiVersion
*
*/
NSS_IMPLEMENT CK_VERSION
-nssCKFWInstance_GetCryptokiVersion
-(
- NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_GetCryptokiVersion(
+ NSSCKFWInstance *fwInstance)
{
- CK_VERSION rv;
+ CK_VERSION rv;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
- if( (0 != fwInstance->cryptokiVersion.major) ||
- (0 != fwInstance->cryptokiVersion.minor) ) {
+ if ((0 != fwInstance->cryptokiVersion.major) ||
+ (0 != fwInstance->cryptokiVersion.minor)) {
+ rv = fwInstance->cryptokiVersion;
+ goto done;
+ }
+
+ if (fwInstance->mdInstance->GetCryptokiVersion) {
+ fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion(
+ fwInstance->mdInstance, fwInstance);
+ } else {
+ fwInstance->cryptokiVersion.major = 2;
+ fwInstance->cryptokiVersion.minor = 1;
+ }
+
rv = fwInstance->cryptokiVersion;
- goto done;
- }
- if (fwInstance->mdInstance->GetCryptokiVersion) {
- fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion(
- fwInstance->mdInstance, fwInstance);
- } else {
- fwInstance->cryptokiVersion.major = 2;
- fwInstance->cryptokiVersion.minor = 1;
- }
-
- rv = fwInstance->cryptokiVersion;
-
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return rv;
+done:
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+ return rv;
}
/*
@@ -937,48 +893,46 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWInstance_GetManufacturerID
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR manufacturerID[32]
-)
+nssCKFWInstance_GetManufacturerID(
+ NSSCKFWInstance *fwInstance,
+ CK_CHAR manufacturerID[32])
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == manufacturerID ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_CHAR_PTR)NULL == manufacturerID) {
+ return CKR_ARGUMENTS_BAD;
+ }
- error = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!fwInstance->manufacturerID) {
- if (fwInstance->mdInstance->GetManufacturerID) {
- fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID(
- fwInstance->mdInstance, fwInstance, &error);
- if ((!fwInstance->manufacturerID) && (CKR_OK != error)) {
- goto done;
- }
- } else {
- fwInstance->manufacturerID = (NSSUTF8 *) "";
+ error = nssCKFWMutex_Lock(fwInstance->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- }
- (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->manufacturerID, (char *)manufacturerID, 32, ' ');
- error = CKR_OK;
+ if (!fwInstance->manufacturerID) {
+ if (fwInstance->mdInstance->GetManufacturerID) {
+ fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID(
+ fwInstance->mdInstance, fwInstance, &error);
+ if ((!fwInstance->manufacturerID) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwInstance->manufacturerID = (NSSUTF8 *)"";
+ }
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return error;
+ (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->manufacturerID, (char *)manufacturerID, 32, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+ return error;
}
/*
@@ -986,19 +940,17 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWInstance_GetFlags
-(
- NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_GetFlags(
+ NSSCKFWInstance *fwInstance)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (CK_ULONG)0;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- /* No "instance flags" are yet defined by Cryptoki. */
- return (CK_ULONG)0;
+ /* No "instance flags" are yet defined by Cryptoki. */
+ return (CK_ULONG)0;
}
/*
@@ -1006,48 +958,46 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWInstance_GetLibraryDescription
-(
- NSSCKFWInstance *fwInstance,
- CK_CHAR libraryDescription[32]
-)
+nssCKFWInstance_GetLibraryDescription(
+ NSSCKFWInstance *fwInstance,
+ CK_CHAR libraryDescription[32])
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == libraryDescription ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_CHAR_PTR)NULL == libraryDescription) {
+ return CKR_ARGUMENTS_BAD;
+ }
- error = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwInstance->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!fwInstance->libraryDescription) {
- if (fwInstance->mdInstance->GetLibraryDescription) {
- fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription(
- fwInstance->mdInstance, fwInstance, &error);
- if ((!fwInstance->libraryDescription) && (CKR_OK != error)) {
- goto done;
- }
- } else {
- fwInstance->libraryDescription = (NSSUTF8 *) "";
+ error = nssCKFWMutex_Lock(fwInstance->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- }
- (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->libraryDescription, (char *)libraryDescription, 32, ' ');
- error = CKR_OK;
+ if (!fwInstance->libraryDescription) {
+ if (fwInstance->mdInstance->GetLibraryDescription) {
+ fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription(
+ fwInstance->mdInstance, fwInstance, &error);
+ if ((!fwInstance->libraryDescription) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwInstance->libraryDescription = (NSSUTF8 *)"";
+ }
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return error;
+ (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->libraryDescription, (char *)libraryDescription, 32, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+ return error;
}
/*
@@ -1055,43 +1005,41 @@
*
*/
NSS_IMPLEMENT CK_VERSION
-nssCKFWInstance_GetLibraryVersion
-(
- NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_GetLibraryVersion(
+ NSSCKFWInstance *fwInstance)
{
- CK_VERSION rv;
+ CK_VERSION rv;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
- if( (0 != fwInstance->libraryVersion.major) ||
- (0 != fwInstance->libraryVersion.minor) ) {
+ if ((0 != fwInstance->libraryVersion.major) ||
+ (0 != fwInstance->libraryVersion.minor)) {
+ rv = fwInstance->libraryVersion;
+ goto done;
+ }
+
+ if (fwInstance->mdInstance->GetLibraryVersion) {
+ fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion(
+ fwInstance->mdInstance, fwInstance);
+ } else {
+ fwInstance->libraryVersion.major = 0;
+ fwInstance->libraryVersion.minor = 3;
+ }
+
rv = fwInstance->libraryVersion;
- goto done;
- }
-
- if (fwInstance->mdInstance->GetLibraryVersion) {
- fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion(
- fwInstance->mdInstance, fwInstance);
- } else {
- fwInstance->libraryVersion.major = 0;
- fwInstance->libraryVersion.minor = 3;
- }
-
- rv = fwInstance->libraryVersion;
- done:
- (void)nssCKFWMutex_Unlock(fwInstance->mutex);
- return rv;
+done:
+ (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+ return rv;
}
/*
@@ -1099,18 +1047,16 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWInstance_GetModuleHandlesSessionObjects
-(
- NSSCKFWInstance *fwInstance
-)
+nssCKFWInstance_GetModuleHandlesSessionObjects(
+ NSSCKFWInstance *fwInstance)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- return fwInstance->moduleHandlesSessionObjects;
+ return fwInstance->moduleHandlesSessionObjects;
}
/*
@@ -1118,24 +1064,22 @@
*
*/
NSS_IMPLEMENT NSSCKFWSlot **
-nssCKFWInstance_GetSlots
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+nssCKFWInstance_GetSlots(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWSlot **)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWSlot **)NULL;
+ }
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSlot **)NULL;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWSlot **)NULL;
+ }
#endif /* NSSDEBUG */
- return fwInstance->fwSlotList;
+ return fwInstance->fwSlotList;
}
/*
@@ -1143,72 +1087,69 @@
*
*/
NSS_IMPLEMENT NSSCKFWSlot *
-nssCKFWInstance_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL block,
- CK_RV *pError
-)
+nssCKFWInstance_WaitForSlotEvent(
+ NSSCKFWInstance *fwInstance,
+ CK_BBOOL block,
+ CK_RV *pError)
{
- NSSCKFWSlot *fwSlot = (NSSCKFWSlot *)NULL;
- NSSCKMDSlot *mdSlot;
- CK_ULONG i, n;
+ NSSCKFWSlot *fwSlot = (NSSCKFWSlot *)NULL;
+ NSSCKMDSlot *mdSlot;
+ CK_ULONG i, n;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWSlot *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWSlot *)NULL;
+ }
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSlot *)NULL;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWSlot *)NULL;
+ }
- switch( block ) {
- case CK_TRUE:
- case CK_FALSE:
- break;
- default:
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWSlot *)NULL;
- }
+ switch (block) {
+ case CK_TRUE:
+ case CK_FALSE:
+ break;
+ default:
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKFWSlot *)NULL;
+ }
#endif /* NSSDEBUG */
- if (!fwInstance->mdInstance->WaitForSlotEvent) {
- *pError = CKR_NO_EVENT;
- return (NSSCKFWSlot *)NULL;
- }
-
- mdSlot = fwInstance->mdInstance->WaitForSlotEvent(
- fwInstance->mdInstance,
- fwInstance,
- block,
- pError
- );
-
- if (!mdSlot) {
- return (NSSCKFWSlot *)NULL;
- }
-
- n = nssCKFWInstance_GetNSlots(fwInstance, pError);
- if( ((CK_ULONG)0 == n) && (CKR_OK != *pError) ) {
- return (NSSCKFWSlot *)NULL;
- }
-
- for( i = 0; i < n; i++ ) {
- if( fwInstance->mdSlotList[i] == mdSlot ) {
- fwSlot = fwInstance->fwSlotList[i];
- break;
+ if (!fwInstance->mdInstance->WaitForSlotEvent) {
+ *pError = CKR_NO_EVENT;
+ return (NSSCKFWSlot *)NULL;
}
- }
- if (!fwSlot) {
- /* Internal error */
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWSlot *)NULL;
- }
+ mdSlot = fwInstance->mdInstance->WaitForSlotEvent(
+ fwInstance->mdInstance,
+ fwInstance,
+ block,
+ pError);
- return fwSlot;
+ if (!mdSlot) {
+ return (NSSCKFWSlot *)NULL;
+ }
+
+ n = nssCKFWInstance_GetNSlots(fwInstance, pError);
+ if (((CK_ULONG)0 == n) && (CKR_OK != *pError)) {
+ return (NSSCKFWSlot *)NULL;
+ }
+
+ for (i = 0; i < n; i++) {
+ if (fwInstance->mdSlotList[i] == mdSlot) {
+ fwSlot = fwInstance->fwSlotList[i];
+ break;
+ }
+ }
+
+ if (!fwSlot) {
+ /* Internal error */
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKFWSlot *)NULL;
+ }
+
+ return fwSlot;
}
/*
@@ -1216,18 +1157,16 @@
*
*/
NSS_IMPLEMENT NSSCKMDInstance *
-NSSCKFWInstance_GetMDInstance
-(
- NSSCKFWInstance *fwInstance
-)
+NSSCKFWInstance_GetMDInstance(
+ NSSCKFWInstance *fwInstance)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSCKMDInstance *)NULL;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (NSSCKMDInstance *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWInstance_GetMDInstance(fwInstance);
+ return nssCKFWInstance_GetMDInstance(fwInstance);
}
/*
@@ -1235,24 +1174,22 @@
*
*/
NSS_IMPLEMENT NSSArena *
-NSSCKFWInstance_GetArena
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+NSSCKFWInstance_GetArena(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
#ifdef DEBUG
- if (!pError) {
- return (NSSArena *)NULL;
- }
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (NSSArena *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWInstance_GetArena(fwInstance, pError);
+ return nssCKFWInstance_GetArena(fwInstance, pError);
}
/*
@@ -1260,18 +1197,16 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-NSSCKFWInstance_MayCreatePthreads
-(
- NSSCKFWInstance *fwInstance
-)
+NSSCKFWInstance_MayCreatePthreads(
+ NSSCKFWInstance *fwInstance)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return CK_FALSE;
+ }
#endif /* DEBUG */
- return nssCKFWInstance_MayCreatePthreads(fwInstance);
+ return nssCKFWInstance_MayCreatePthreads(fwInstance);
}
/*
@@ -1279,25 +1214,23 @@
*
*/
NSS_IMPLEMENT NSSCKFWMutex *
-NSSCKFWInstance_CreateMutex
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
+NSSCKFWInstance_CreateMutex(
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError)
{
#ifdef DEBUG
- if (!pError) {
- return (NSSCKFWMutex *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWMutex *)NULL;
+ }
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWMutex *)NULL;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWMutex *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
+ return nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
}
/*
@@ -1305,18 +1238,16 @@
*
*/
NSS_IMPLEMENT NSSUTF8 *
-NSSCKFWInstance_GetConfigurationData
-(
- NSSCKFWInstance *fwInstance
-)
+NSSCKFWInstance_GetConfigurationData(
+ NSSCKFWInstance *fwInstance)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (NSSUTF8 *)NULL;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (NSSUTF8 *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWInstance_GetConfigurationData(fwInstance);
+ return nssCKFWInstance_GetConfigurationData(fwInstance);
}
/*
@@ -1324,17 +1255,14 @@
*
*/
NSS_IMPLEMENT CK_C_INITIALIZE_ARGS_PTR
-NSSCKFWInstance_GetInitArgs
-(
- NSSCKFWInstance *fwInstance
-)
+NSSCKFWInstance_GetInitArgs(
+ NSSCKFWInstance *fwInstance)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) {
- return (CK_C_INITIALIZE_ARGS_PTR)NULL;
- }
+ if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+ return (CK_C_INITIALIZE_ARGS_PTR)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWInstance_GetInitArgs(fwInstance);
+ return nssCKFWInstance_GetInitArgs(fwInstance);
}
-
diff --git a/nss/lib/ckfw/mechanism.c b/nss/lib/ckfw/mechanism.c
index 14baf02..47e5ac6 100644
--- a/nss/lib/ckfw/mechanism.c
+++ b/nss/lib/ckfw/mechanism.c
@@ -55,13 +55,12 @@
* nssCKFWMechanism_DeriveKey
*/
-
struct NSSCKFWMechanismStr {
- NSSCKMDMechanism *mdMechanism;
- NSSCKMDToken *mdToken;
- NSSCKFWToken *fwToken;
- NSSCKMDInstance *mdInstance;
- NSSCKFWInstance *fwInstance;
+ NSSCKMDMechanism *mdMechanism;
+ NSSCKMDToken *mdToken;
+ NSSCKFWToken *fwToken;
+ NSSCKMDInstance *mdInstance;
+ NSSCKFWInstance *fwInstance;
};
/*
@@ -69,28 +68,25 @@
*
*/
NSS_IMPLEMENT NSSCKFWMechanism *
-nssCKFWMechanism_Create
-(
- NSSCKMDMechanism *mdMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+nssCKFWMechanism_Create(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- NSSCKFWMechanism *fwMechanism;
+ NSSCKFWMechanism *fwMechanism;
-
- fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
- if (!fwMechanism) {
- return (NSSCKFWMechanism *)NULL;
- }
- fwMechanism->mdMechanism = mdMechanism;
- fwMechanism->mdToken = mdToken;
- fwMechanism->fwToken = fwToken;
- fwMechanism->mdInstance = mdInstance;
- fwMechanism->fwInstance = fwInstance;
- return fwMechanism;
+ fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
+ if (!fwMechanism) {
+ return (NSSCKFWMechanism *)NULL;
+ }
+ fwMechanism->mdMechanism = mdMechanism;
+ fwMechanism->mdToken = mdToken;
+ fwMechanism->fwToken = fwToken;
+ fwMechanism->mdInstance = mdInstance;
+ fwMechanism->fwInstance = fwInstance;
+ return fwMechanism;
}
/*
@@ -98,24 +94,22 @@
*
*/
NSS_IMPLEMENT void
-nssCKFWMechanism_Destroy
-(
- NSSCKFWMechanism *fwMechanism
-)
+nssCKFWMechanism_Destroy(
+ NSSCKFWMechanism *fwMechanism)
{
- /* destroy any fw resources held by nssCKFWMechanism (currently none) */
+ /* destroy any fw resources held by nssCKFWMechanism (currently none) */
- if (!fwMechanism->mdMechanism->Destroy) {
- /* destroys it's parent as well */
- fwMechanism->mdMechanism->Destroy(
- fwMechanism->mdMechanism,
- fwMechanism,
- fwMechanism->mdInstance,
- fwMechanism->fwInstance);
- }
- /* if the Destroy function wasn't supplied, then the mechanism is 'static',
- * and there is nothing to destroy */
- return;
+ if (!fwMechanism->mdMechanism->Destroy) {
+ /* destroys it's parent as well */
+ fwMechanism->mdMechanism->Destroy(
+ fwMechanism->mdMechanism,
+ fwMechanism,
+ fwMechanism->mdInstance,
+ fwMechanism->fwInstance);
+ }
+ /* if the Destroy function wasn't supplied, then the mechanism is 'static',
+ * and there is nothing to destroy */
+ return;
}
/*
@@ -123,12 +117,10 @@
*
*/
NSS_IMPLEMENT NSSCKMDMechanism *
-nssCKFWMechanism_GetMDMechanism
-(
- NSSCKFWMechanism *fwMechanism
-)
+nssCKFWMechanism_GetMDMechanism(
+ NSSCKFWMechanism *fwMechanism)
{
- return fwMechanism->mdMechanism;
+ return fwMechanism->mdMechanism;
}
/*
@@ -136,19 +128,17 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWMechanism_GetMinKeySize
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetMinKeySize(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->GetMinKeySize) {
- return 0;
- }
+ if (!fwMechanism->mdMechanism->GetMinKeySize) {
+ return 0;
+ }
- return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism,
- fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
+ return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism,
+ fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
}
/*
@@ -156,19 +146,17 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWMechanism_GetMaxKeySize
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetMaxKeySize(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->GetMaxKeySize) {
- return 0;
- }
+ if (!fwMechanism->mdMechanism->GetMaxKeySize) {
+ return 0;
+ }
- return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism,
- fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
+ return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism,
+ fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
}
/*
@@ -176,22 +164,19 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWMechanism_GetInHardware
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetInHardware(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->GetInHardware) {
- return CK_FALSE;
- }
+ if (!fwMechanism->mdMechanism->GetInHardware) {
+ return CK_FALSE;
+ }
- return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism,
- fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
+ return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism,
+ fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
}
-
/*
* the following are determined automatically by which of the cryptographic
* functions are defined for this mechanism.
@@ -201,16 +186,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanEncrypt
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanEncrypt(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->EncryptInit) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->EncryptInit) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -218,16 +201,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanDecrypt
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanDecrypt(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->DecryptInit) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->DecryptInit) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -235,16 +216,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanDigest
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanDigest(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->DigestInit) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->DigestInit) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -252,16 +231,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanSign
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanSign(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->SignInit) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->SignInit) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -269,16 +246,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanSignRecover
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanSignRecover(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->SignRecoverInit) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->SignRecoverInit) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -286,16 +261,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanVerify
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanVerify(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->VerifyInit) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->VerifyInit) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -303,16 +276,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanVerifyRecover
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanVerifyRecover(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -320,16 +291,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanGenerate
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanGenerate(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->GenerateKey) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->GenerateKey) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -337,16 +306,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanGenerateKeyPair
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanGenerateKeyPair(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->GenerateKeyPair) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->GenerateKeyPair) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -354,16 +321,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanUnwrap
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanUnwrap(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->UnwrapKey) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->UnwrapKey) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -371,16 +336,14 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanWrap
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanWrap(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->WrapKey) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->WrapKey) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
@@ -388,55 +351,50 @@
*
*/
NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetCanDerive
-(
- NSSCKFWMechanism *fwMechanism,
- CK_RV *pError
-)
+nssCKFWMechanism_GetCanDerive(
+ NSSCKFWMechanism *fwMechanism,
+ CK_RV *pError)
{
- if (!fwMechanism->mdMechanism->DeriveKey) {
- return CK_FALSE;
- }
- return CK_TRUE;
+ if (!fwMechanism->mdMechanism->DeriveKey) {
+ return CK_FALSE;
+ }
+ return CK_TRUE;
}
/*
* These are the actual crypto operations
*/
-/*
+/*
* nssCKFWMechanism_EncryptInit
* Start an encryption session.
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_EncryptInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
+nssCKFWMechanism_EncryptInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSCKMDCryptoOperation *mdOperation;
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdObject;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSCKMDCryptoOperation *mdOperation;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdObject;
+ CK_RV error = CKR_OK;
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ NSSCKFWCryptoOperationState_EncryptDecrypt);
+ if (fwOperation) {
+ return CKR_OPERATION_ACTIVE;
+ }
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- NSSCKFWCryptoOperationState_EncryptDecrypt);
- if (fwOperation) {
- return CKR_OPERATION_ACTIVE;
- }
+ if (!fwMechanism->mdMechanism->EncryptInit) {
+ return CKR_FUNCTION_FAILED;
+ }
- if (!fwMechanism->mdMechanism->EncryptInit) {
- return CKR_FUNCTION_FAILED;
- }
-
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdObject = nssCKFWObject_GetMDObject(fwObject);
- mdOperation = fwMechanism->mdMechanism->EncryptInit(
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdObject = nssCKFWObject_GetMDObject(fwObject);
+ mdOperation = fwMechanism->mdMechanism->EncryptInit(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -448,58 +406,54 @@
fwMechanism->fwInstance,
mdObject,
fwObject,
- &error
- );
- if (!mdOperation) {
- goto loser;
- }
+ &error);
+ if (!mdOperation) {
+ goto loser;
+ }
- fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
- mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance,
- NSSCKFWCryptoOperationType_Encrypt, &error);
- if (fwOperation) {
- nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
- NSSCKFWCryptoOperationState_EncryptDecrypt);
- }
+ fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+ mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance,
+ NSSCKFWCryptoOperationType_Encrypt, &error);
+ if (fwOperation) {
+ nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+ NSSCKFWCryptoOperationState_EncryptDecrypt);
+ }
loser:
- return error;
+ return error;
}
-/*
+/*
* nssCKFWMechanism_DecryptInit
* Start an encryption session.
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_DecryptInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
+nssCKFWMechanism_DecryptInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSCKMDCryptoOperation *mdOperation;
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdObject;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSCKMDCryptoOperation *mdOperation;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdObject;
+ CK_RV error = CKR_OK;
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ NSSCKFWCryptoOperationState_EncryptDecrypt);
+ if (fwOperation) {
+ return CKR_OPERATION_ACTIVE;
+ }
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- NSSCKFWCryptoOperationState_EncryptDecrypt);
- if (fwOperation) {
- return CKR_OPERATION_ACTIVE;
- }
+ if (!fwMechanism->mdMechanism->DecryptInit) {
+ return CKR_FUNCTION_FAILED;
+ }
- if (!fwMechanism->mdMechanism->DecryptInit) {
- return CKR_FUNCTION_FAILED;
- }
-
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdObject = nssCKFWObject_GetMDObject(fwObject);
- mdOperation = fwMechanism->mdMechanism->DecryptInit(
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdObject = nssCKFWObject_GetMDObject(fwObject);
+ mdOperation = fwMechanism->mdMechanism->DecryptInit(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -511,55 +465,51 @@
fwMechanism->fwInstance,
mdObject,
fwObject,
- &error
- );
- if (!mdOperation) {
- goto loser;
- }
+ &error);
+ if (!mdOperation) {
+ goto loser;
+ }
- fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
- mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance,
- NSSCKFWCryptoOperationType_Decrypt, &error);
- if (fwOperation) {
- nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
- NSSCKFWCryptoOperationState_EncryptDecrypt);
- }
+ fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+ mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance,
+ NSSCKFWCryptoOperationType_Decrypt, &error);
+ if (fwOperation) {
+ nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+ NSSCKFWCryptoOperationState_EncryptDecrypt);
+ }
loser:
- return error;
+ return error;
}
-/*
+/*
* nssCKFWMechanism_DigestInit
* Start an encryption session.
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_DigestInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession
-)
+nssCKFWMechanism_DigestInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSCKMDCryptoOperation *mdOperation;
- NSSCKMDSession *mdSession;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSCKMDCryptoOperation *mdOperation;
+ NSSCKMDSession *mdSession;
+ CK_RV error = CKR_OK;
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ NSSCKFWCryptoOperationState_Digest);
+ if (fwOperation) {
+ return CKR_OPERATION_ACTIVE;
+ }
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- NSSCKFWCryptoOperationState_Digest);
- if (fwOperation) {
- return CKR_OPERATION_ACTIVE;
- }
+ if (!fwMechanism->mdMechanism->DigestInit) {
+ return CKR_FUNCTION_FAILED;
+ }
- if (!fwMechanism->mdMechanism->DigestInit) {
- return CKR_FUNCTION_FAILED;
- }
-
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdOperation = fwMechanism->mdMechanism->DigestInit(
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdOperation = fwMechanism->mdMechanism->DigestInit(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -569,58 +519,54 @@
fwMechanism->fwToken,
fwMechanism->mdInstance,
fwMechanism->fwInstance,
- &error
- );
- if (!mdOperation) {
- goto loser;
- }
+ &error);
+ if (!mdOperation) {
+ goto loser;
+ }
- fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
- mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance,
- NSSCKFWCryptoOperationType_Digest, &error);
- if (fwOperation) {
- nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
- NSSCKFWCryptoOperationState_Digest);
- }
+ fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+ mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance,
+ NSSCKFWCryptoOperationType_Digest, &error);
+ if (fwOperation) {
+ nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+ NSSCKFWCryptoOperationState_Digest);
+ }
loser:
- return error;
+ return error;
}
-/*
+/*
* nssCKFWMechanism_SignInit
* Start an encryption session.
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_SignInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
+nssCKFWMechanism_SignInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSCKMDCryptoOperation *mdOperation;
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdObject;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSCKMDCryptoOperation *mdOperation;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdObject;
+ CK_RV error = CKR_OK;
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ NSSCKFWCryptoOperationState_SignVerify);
+ if (fwOperation) {
+ return CKR_OPERATION_ACTIVE;
+ }
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- NSSCKFWCryptoOperationState_SignVerify);
- if (fwOperation) {
- return CKR_OPERATION_ACTIVE;
- }
+ if (!fwMechanism->mdMechanism->SignInit) {
+ return CKR_FUNCTION_FAILED;
+ }
- if (!fwMechanism->mdMechanism->SignInit) {
- return CKR_FUNCTION_FAILED;
- }
-
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdObject = nssCKFWObject_GetMDObject(fwObject);
- mdOperation = fwMechanism->mdMechanism->SignInit(
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdObject = nssCKFWObject_GetMDObject(fwObject);
+ mdOperation = fwMechanism->mdMechanism->SignInit(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -632,58 +578,54 @@
fwMechanism->fwInstance,
mdObject,
fwObject,
- &error
- );
- if (!mdOperation) {
- goto loser;
- }
+ &error);
+ if (!mdOperation) {
+ goto loser;
+ }
- fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
- mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance,
- NSSCKFWCryptoOperationType_Sign, &error);
- if (fwOperation) {
- nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
- NSSCKFWCryptoOperationState_SignVerify);
- }
+ fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+ mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance,
+ NSSCKFWCryptoOperationType_Sign, &error);
+ if (fwOperation) {
+ nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+ NSSCKFWCryptoOperationState_SignVerify);
+ }
loser:
- return error;
+ return error;
}
-/*
+/*
* nssCKFWMechanism_VerifyInit
* Start an encryption session.
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_VerifyInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
+nssCKFWMechanism_VerifyInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSCKMDCryptoOperation *mdOperation;
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdObject;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSCKMDCryptoOperation *mdOperation;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdObject;
+ CK_RV error = CKR_OK;
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ NSSCKFWCryptoOperationState_SignVerify);
+ if (fwOperation) {
+ return CKR_OPERATION_ACTIVE;
+ }
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- NSSCKFWCryptoOperationState_SignVerify);
- if (fwOperation) {
- return CKR_OPERATION_ACTIVE;
- }
+ if (!fwMechanism->mdMechanism->VerifyInit) {
+ return CKR_FUNCTION_FAILED;
+ }
- if (!fwMechanism->mdMechanism->VerifyInit) {
- return CKR_FUNCTION_FAILED;
- }
-
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdObject = nssCKFWObject_GetMDObject(fwObject);
- mdOperation = fwMechanism->mdMechanism->VerifyInit(
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdObject = nssCKFWObject_GetMDObject(fwObject);
+ mdOperation = fwMechanism->mdMechanism->VerifyInit(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -695,58 +637,54 @@
fwMechanism->fwInstance,
mdObject,
fwObject,
- &error
- );
- if (!mdOperation) {
- goto loser;
- }
+ &error);
+ if (!mdOperation) {
+ goto loser;
+ }
- fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
- mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance,
- NSSCKFWCryptoOperationType_Verify, &error);
- if (fwOperation) {
- nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
- NSSCKFWCryptoOperationState_SignVerify);
- }
+ fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+ mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance,
+ NSSCKFWCryptoOperationType_Verify, &error);
+ if (fwOperation) {
+ nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+ NSSCKFWCryptoOperationState_SignVerify);
+ }
loser:
- return error;
+ return error;
}
-/*
+/*
* nssCKFWMechanism_SignRecoverInit
* Start an encryption session.
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_SignRecoverInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
+nssCKFWMechanism_SignRecoverInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSCKMDCryptoOperation *mdOperation;
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdObject;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSCKMDCryptoOperation *mdOperation;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdObject;
+ CK_RV error = CKR_OK;
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ NSSCKFWCryptoOperationState_SignVerify);
+ if (fwOperation) {
+ return CKR_OPERATION_ACTIVE;
+ }
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- NSSCKFWCryptoOperationState_SignVerify);
- if (fwOperation) {
- return CKR_OPERATION_ACTIVE;
- }
+ if (!fwMechanism->mdMechanism->SignRecoverInit) {
+ return CKR_FUNCTION_FAILED;
+ }
- if (!fwMechanism->mdMechanism->SignRecoverInit) {
- return CKR_FUNCTION_FAILED;
- }
-
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdObject = nssCKFWObject_GetMDObject(fwObject);
- mdOperation = fwMechanism->mdMechanism->SignRecoverInit(
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdObject = nssCKFWObject_GetMDObject(fwObject);
+ mdOperation = fwMechanism->mdMechanism->SignRecoverInit(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -758,58 +696,54 @@
fwMechanism->fwInstance,
mdObject,
fwObject,
- &error
- );
- if (!mdOperation) {
- goto loser;
- }
+ &error);
+ if (!mdOperation) {
+ goto loser;
+ }
- fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
- mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance,
- NSSCKFWCryptoOperationType_SignRecover, &error);
- if (fwOperation) {
- nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
- NSSCKFWCryptoOperationState_SignVerify);
- }
+ fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+ mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance,
+ NSSCKFWCryptoOperationType_SignRecover, &error);
+ if (fwOperation) {
+ nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+ NSSCKFWCryptoOperationState_SignVerify);
+ }
loser:
- return error;
+ return error;
}
-/*
+/*
* nssCKFWMechanism_VerifyRecoverInit
* Start an encryption session.
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_VerifyRecoverInit
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM *pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
+nssCKFWMechanism_VerifyRecoverInit(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM *pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSCKMDCryptoOperation *mdOperation;
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdObject;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSCKMDCryptoOperation *mdOperation;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdObject;
+ CK_RV error = CKR_OK;
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ NSSCKFWCryptoOperationState_SignVerify);
+ if (fwOperation) {
+ return CKR_OPERATION_ACTIVE;
+ }
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- NSSCKFWCryptoOperationState_SignVerify);
- if (fwOperation) {
- return CKR_OPERATION_ACTIVE;
- }
+ if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
+ return CKR_FUNCTION_FAILED;
+ }
- if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
- return CKR_FUNCTION_FAILED;
- }
-
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdObject = nssCKFWObject_GetMDObject(fwObject);
- mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit(
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdObject = nssCKFWObject_GetMDObject(fwObject);
+ mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -821,59 +755,56 @@
fwMechanism->fwInstance,
mdObject,
fwObject,
- &error
- );
- if (!mdOperation) {
- goto loser;
- }
+ &error);
+ if (!mdOperation) {
+ goto loser;
+ }
- fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
- mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
- fwMechanism->mdInstance, fwMechanism->fwInstance,
- NSSCKFWCryptoOperationType_VerifyRecover, &error);
- if (fwOperation) {
- nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
- NSSCKFWCryptoOperationState_SignVerify);
- }
+ fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+ mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+ fwMechanism->mdInstance, fwMechanism->fwInstance,
+ NSSCKFWCryptoOperationType_VerifyRecover, &error);
+ if (fwOperation) {
+ nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+ NSSCKFWCryptoOperationState_SignVerify);
+ }
loser:
- return error;
+ return error;
}
/*
* nssCKFWMechanism_GenerateKey
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWMechanism_GenerateKey
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nssCKFWMechanism_GenerateKey(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdObject;
- NSSCKFWObject *fwObject = NULL;
- NSSArena *arena;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdObject;
+ NSSCKFWObject *fwObject = NULL;
+ NSSArena *arena;
- if (!fwMechanism->mdMechanism->GenerateKey) {
- *pError = CKR_FUNCTION_FAILED;
- return (NSSCKFWObject *)NULL;
- }
-
- arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
- if (!arena) {
- if (CKR_OK == *pError) {
- *pError = CKR_GENERAL_ERROR;
+ if (!fwMechanism->mdMechanism->GenerateKey) {
+ *pError = CKR_FUNCTION_FAILED;
+ return (NSSCKFWObject *)NULL;
}
- return (NSSCKFWObject *)NULL;
- }
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdObject = fwMechanism->mdMechanism->GenerateKey(
+ arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
+ if (!arena) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWObject *)NULL;
+ }
+
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdObject = fwMechanism->mdMechanism->GenerateKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -887,53 +818,51 @@
ulAttributeCount,
pError);
- if (!mdObject) {
- return (NSSCKFWObject *)NULL;
- }
+ if (!mdObject) {
+ return (NSSCKFWObject *)NULL;
+ }
- fwObject = nssCKFWObject_Create(arena, mdObject,
- fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
+ fwObject = nssCKFWObject_Create(arena, mdObject,
+ fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
- return fwObject;
+ return fwObject;
}
/*
* nssCKFWMechanism_GenerateKeyPair
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_GenerateKeyPair
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- NSSCKFWObject **fwPublicKeyObject,
- NSSCKFWObject **fwPrivateKeyObject
-)
+nssCKFWMechanism_GenerateKeyPair(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ NSSCKFWObject **fwPublicKeyObject,
+ NSSCKFWObject **fwPrivateKeyObject)
{
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdPublicKeyObject;
- NSSCKMDObject *mdPrivateKeyObject;
- NSSArena *arena;
- CK_RV error = CKR_OK;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdPublicKeyObject;
+ NSSCKMDObject *mdPrivateKeyObject;
+ NSSArena *arena;
+ CK_RV error = CKR_OK;
- if (!fwMechanism->mdMechanism->GenerateKeyPair) {
- return CKR_FUNCTION_FAILED;
- }
-
- arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error);
- if (!arena) {
- if (CKR_OK == error) {
- error = CKR_GENERAL_ERROR;
+ if (!fwMechanism->mdMechanism->GenerateKeyPair) {
+ return CKR_FUNCTION_FAILED;
}
- return error;
- }
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- error = fwMechanism->mdMechanism->GenerateKeyPair(
+ arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error);
+ if (!arena) {
+ if (CKR_OK == error) {
+ error = CKR_GENERAL_ERROR;
+ }
+ return error;
+ }
+
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ error = fwMechanism->mdMechanism->GenerateKeyPair(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -950,48 +879,46 @@
&mdPublicKeyObject,
&mdPrivateKeyObject);
- if (CKR_OK != error) {
- return error;
- }
+ if (CKR_OK != error) {
+ return error;
+ }
- *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject,
- fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
- if (!*fwPublicKeyObject) {
- return error;
- }
- *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject,
- fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
+ *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject,
+ fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
+ if (!*fwPublicKeyObject) {
+ return error;
+ }
+ *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject,
+ fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
- return error;
+ return error;
}
/*
* nssCKFWMechanism_GetWrapKeyLength
*/
NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetWrapKeyLength
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwWrappingKeyObject,
- NSSCKFWObject *fwKeyObject,
- CK_RV *pError
-)
+nssCKFWMechanism_GetWrapKeyLength(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwWrappingKeyObject,
+ NSSCKFWObject *fwKeyObject,
+ CK_RV *pError)
{
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdWrappingKeyObject;
- NSSCKMDObject *mdKeyObject;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdWrappingKeyObject;
+ NSSCKMDObject *mdKeyObject;
- if (!fwMechanism->mdMechanism->WrapKey) {
- *pError = CKR_FUNCTION_FAILED;
- return (CK_ULONG) 0;
- }
+ if (!fwMechanism->mdMechanism->WrapKey) {
+ *pError = CKR_FUNCTION_FAILED;
+ return (CK_ULONG)0;
+ }
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
- mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
- return fwMechanism->mdMechanism->GetWrapKeyLength(
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
+ mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
+ return fwMechanism->mdMechanism->GetWrapKeyLength(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -1012,28 +939,26 @@
* nssCKFWMechanism_WrapKey
*/
NSS_EXTERN CK_RV
-nssCKFWMechanism_WrapKey
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwWrappingKeyObject,
- NSSCKFWObject *fwKeyObject,
- NSSItem *wrappedKey
-)
+nssCKFWMechanism_WrapKey(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwWrappingKeyObject,
+ NSSCKFWObject *fwKeyObject,
+ NSSItem *wrappedKey)
{
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdWrappingKeyObject;
- NSSCKMDObject *mdKeyObject;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdWrappingKeyObject;
+ NSSCKMDObject *mdKeyObject;
- if (!fwMechanism->mdMechanism->WrapKey) {
- return CKR_FUNCTION_FAILED;
- }
+ if (!fwMechanism->mdMechanism->WrapKey) {
+ return CKR_FUNCTION_FAILED;
+ }
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
- mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
- return fwMechanism->mdMechanism->WrapKey(
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
+ mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
+ return fwMechanism->mdMechanism->WrapKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -1054,44 +979,42 @@
* nssCKFWMechanism_UnwrapKey
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWMechanism_UnwrapKey
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwWrappingKeyObject,
- NSSItem *wrappedKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nssCKFWMechanism_UnwrapKey(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwWrappingKeyObject,
+ NSSItem *wrappedKey,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdObject;
- NSSCKMDObject *mdWrappingKeyObject;
- NSSCKFWObject *fwObject = NULL;
- NSSArena *arena;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdObject;
+ NSSCKMDObject *mdWrappingKeyObject;
+ NSSCKFWObject *fwObject = NULL;
+ NSSArena *arena;
- if (!fwMechanism->mdMechanism->UnwrapKey) {
- /* we could simulate UnwrapKey using Decrypt and Create object, but
+ if (!fwMechanism->mdMechanism->UnwrapKey) {
+ /* we could simulate UnwrapKey using Decrypt and Create object, but
* 1) it's not clear that would work well, and 2) the low level token
* may want to restrict unwrap key for a reason, so just fail it it
* can't be done */
- *pError = CKR_FUNCTION_FAILED;
- return (NSSCKFWObject *)NULL;
- }
-
- arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
- if (!arena) {
- if (CKR_OK == *pError) {
- *pError = CKR_GENERAL_ERROR;
+ *pError = CKR_FUNCTION_FAILED;
+ return (NSSCKFWObject *)NULL;
}
- return (NSSCKFWObject *)NULL;
- }
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
- mdObject = fwMechanism->mdMechanism->UnwrapKey(
+ arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
+ if (!arena) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWObject *)NULL;
+ }
+
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
+ mdObject = fwMechanism->mdMechanism->UnwrapKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -1108,53 +1031,51 @@
ulAttributeCount,
pError);
- if (!mdObject) {
- return (NSSCKFWObject *)NULL;
- }
+ if (!mdObject) {
+ return (NSSCKFWObject *)NULL;
+ }
- fwObject = nssCKFWObject_Create(arena, mdObject,
- fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
+ fwObject = nssCKFWObject_Create(arena, mdObject,
+ fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
- return fwObject;
+ return fwObject;
}
-/*
+/*
* nssCKFWMechanism_DeriveKey
*/
NSS_EXTERN NSSCKFWObject *
-nssCKFWMechanism_DeriveKey
-(
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwBaseKeyObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nssCKFWMechanism_DeriveKey(
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwBaseKeyObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- NSSCKMDSession *mdSession;
- NSSCKMDObject *mdObject;
- NSSCKMDObject *mdBaseKeyObject;
- NSSCKFWObject *fwObject = NULL;
- NSSArena *arena;
+ NSSCKMDSession *mdSession;
+ NSSCKMDObject *mdObject;
+ NSSCKMDObject *mdBaseKeyObject;
+ NSSCKFWObject *fwObject = NULL;
+ NSSArena *arena;
- if (!fwMechanism->mdMechanism->DeriveKey) {
- *pError = CKR_FUNCTION_FAILED;
- return (NSSCKFWObject *)NULL;
- }
-
- arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
- if (!arena) {
- if (CKR_OK == *pError) {
- *pError = CKR_GENERAL_ERROR;
+ if (!fwMechanism->mdMechanism->DeriveKey) {
+ *pError = CKR_FUNCTION_FAILED;
+ return (NSSCKFWObject *)NULL;
}
- return (NSSCKFWObject *)NULL;
- }
- mdSession = nssCKFWSession_GetMDSession(fwSession);
- mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject);
- mdObject = fwMechanism->mdMechanism->DeriveKey(
+ arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
+ if (!arena) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWObject *)NULL;
+ }
+
+ mdSession = nssCKFWSession_GetMDSession(fwSession);
+ mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject);
+ mdObject = fwMechanism->mdMechanism->DeriveKey(
fwMechanism->mdMechanism,
fwMechanism,
pMechanism,
@@ -1170,13 +1091,12 @@
ulAttributeCount,
pError);
- if (!mdObject) {
- return (NSSCKFWObject *)NULL;
- }
+ if (!mdObject) {
+ return (NSSCKFWObject *)NULL;
+ }
- fwObject = nssCKFWObject_Create(arena, mdObject,
- fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
+ fwObject = nssCKFWObject_Create(arena, mdObject,
+ fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
- return fwObject;
+ return fwObject;
}
-
diff --git a/nss/lib/ckfw/mutex.c b/nss/lib/ckfw/mutex.c
index 0d74cf1..be569e1 100644
--- a/nss/lib/ckfw/mutex.c
+++ b/nss/lib/ckfw/mutex.c
@@ -31,7 +31,7 @@
*/
struct NSSCKFWMutexStr {
- PRLock *lock;
+ PRLock *lock;
};
#ifdef DEBUG
@@ -47,30 +47,24 @@
*/
static CK_RV
-mutex_add_pointer
-(
- const NSSCKFWMutex *fwMutex
-)
+mutex_add_pointer(
+ const NSSCKFWMutex *fwMutex)
{
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
-mutex_remove_pointer
-(
- const NSSCKFWMutex *fwMutex
-)
+mutex_remove_pointer(
+ const NSSCKFWMutex *fwMutex)
{
- return CKR_OK;
+ return CKR_OK;
}
NSS_IMPLEMENT CK_RV
-nssCKFWMutex_verifyPointer
-(
- const NSSCKFWMutex *fwMutex
-)
+nssCKFWMutex_verifyPointer(
+ const NSSCKFWMutex *fwMutex)
{
- return CKR_OK;
+ return CKR_OK;
}
#endif /* DEBUG */
@@ -80,78 +74,74 @@
*
*/
NSS_EXTERN NSSCKFWMutex *
-nssCKFWMutex_Create
-(
- CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- CryptokiLockingState LockingState,
- NSSArena *arena,
- CK_RV *pError
-)
+nssCKFWMutex_Create(
+ CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+ CryptokiLockingState LockingState,
+ NSSArena *arena,
+ CK_RV *pError)
{
- NSSCKFWMutex *mutex;
-
- mutex = nss_ZNEW(arena, NSSCKFWMutex);
- if (!mutex) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWMutex *)NULL;
- }
- *pError = CKR_OK;
- mutex->lock = NULL;
- if (LockingState == MultiThreaded) {
- mutex->lock = PR_NewLock();
- if (!mutex->lock) {
- *pError = CKR_HOST_MEMORY; /* we couldn't get the resource */
+ NSSCKFWMutex *mutex;
+
+ mutex = nss_ZNEW(arena, NSSCKFWMutex);
+ if (!mutex) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKFWMutex *)NULL;
}
- }
-
- if( CKR_OK != *pError ) {
- (void)nss_ZFreeIf(mutex);
- return (NSSCKFWMutex *)NULL;
- }
+ *pError = CKR_OK;
+ mutex->lock = NULL;
+ if (LockingState == MultiThreaded) {
+ mutex->lock = PR_NewLock();
+ if (!mutex->lock) {
+ *pError = CKR_HOST_MEMORY; /* we couldn't get the resource */
+ }
+ }
+
+ if (CKR_OK != *pError) {
+ (void)nss_ZFreeIf(mutex);
+ return (NSSCKFWMutex *)NULL;
+ }
#ifdef DEBUG
- *pError = mutex_add_pointer(mutex);
- if( CKR_OK != *pError ) {
- if (mutex->lock) {
- PR_DestroyLock(mutex->lock);
+ *pError = mutex_add_pointer(mutex);
+ if (CKR_OK != *pError) {
+ if (mutex->lock) {
+ PR_DestroyLock(mutex->lock);
+ }
+ (void)nss_ZFreeIf(mutex);
+ return (NSSCKFWMutex *)NULL;
}
- (void)nss_ZFreeIf(mutex);
- return (NSSCKFWMutex *)NULL;
- }
#endif /* DEBUG */
- return mutex;
-}
+ return mutex;
+}
/*
* nssCKFWMutex_Destroy
*
*/
NSS_EXTERN CK_RV
-nssCKFWMutex_Destroy
-(
- NSSCKFWMutex *mutex
-)
+nssCKFWMutex_Destroy(
+ NSSCKFWMutex *mutex)
{
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_OK;
#ifdef NSSDEBUG
- rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
+ rv = nssCKFWMutex_verifyPointer(mutex);
+ if (CKR_OK != rv) {
+ return rv;
+ }
#endif /* NSSDEBUG */
-
- if (mutex->lock) {
- PR_DestroyLock(mutex->lock);
- }
+
+ if (mutex->lock) {
+ PR_DestroyLock(mutex->lock);
+ }
#ifdef DEBUG
- (void)mutex_remove_pointer(mutex);
+ (void)mutex_remove_pointer(mutex);
#endif /* DEBUG */
- (void)nss_ZFreeIf(mutex);
- return rv;
+ (void)nss_ZFreeIf(mutex);
+ return rv;
}
/*
@@ -159,22 +149,20 @@
*
*/
NSS_EXTERN CK_RV
-nssCKFWMutex_Lock
-(
- NSSCKFWMutex *mutex
-)
+nssCKFWMutex_Lock(
+ NSSCKFWMutex *mutex)
{
#ifdef NSSDEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
+ CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+ if (CKR_OK != rv) {
+ return rv;
+ }
#endif /* NSSDEBUG */
- if (mutex->lock) {
- PR_Lock(mutex->lock);
- }
-
- return CKR_OK;
+ if (mutex->lock) {
+ PR_Lock(mutex->lock);
+ }
+
+ return CKR_OK;
}
/*
@@ -182,29 +170,27 @@
*
*/
NSS_EXTERN CK_RV
-nssCKFWMutex_Unlock
-(
- NSSCKFWMutex *mutex
-)
+nssCKFWMutex_Unlock(
+ NSSCKFWMutex *mutex)
{
- PRStatus nrv;
+ PRStatus nrv;
#ifdef NSSDEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+ CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
+ if (CKR_OK != rv) {
+ return rv;
+ }
#endif /* NSSDEBUG */
- if (!mutex->lock)
- return CKR_OK;
+ if (!mutex->lock)
+ return CKR_OK;
- nrv = PR_Unlock(mutex->lock);
+ nrv = PR_Unlock(mutex->lock);
- /* if unlock fails, either we have a programming error, or we have
- * some sort of hardware failure... in either case return CKR_DEVICE_ERROR.
- */
- return nrv == PR_SUCCESS ? CKR_OK : CKR_DEVICE_ERROR;
+ /* if unlock fails, either we have a programming error, or we have
+ * some sort of hardware failure... in either case return CKR_DEVICE_ERROR.
+ */
+ return nrv == PR_SUCCESS ? CKR_OK : CKR_DEVICE_ERROR;
}
/*
@@ -212,19 +198,17 @@
*
*/
NSS_EXTERN CK_RV
-NSSCKFWMutex_Destroy
-(
- NSSCKFWMutex *mutex
-)
+NSSCKFWMutex_Destroy(
+ NSSCKFWMutex *mutex)
{
#ifdef DEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
+ CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+ if (CKR_OK != rv) {
+ return rv;
+ }
#endif /* DEBUG */
-
- return nssCKFWMutex_Destroy(mutex);
+
+ return nssCKFWMutex_Destroy(mutex);
}
/*
@@ -232,19 +216,17 @@
*
*/
NSS_EXTERN CK_RV
-NSSCKFWMutex_Lock
-(
- NSSCKFWMutex *mutex
-)
+NSSCKFWMutex_Lock(
+ NSSCKFWMutex *mutex)
{
#ifdef DEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
+ CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+ if (CKR_OK != rv) {
+ return rv;
+ }
#endif /* DEBUG */
-
- return nssCKFWMutex_Lock(mutex);
+
+ return nssCKFWMutex_Lock(mutex);
}
/*
@@ -252,18 +234,15 @@
*
*/
NSS_EXTERN CK_RV
-NSSCKFWMutex_Unlock
-(
- NSSCKFWMutex *mutex
-)
+NSSCKFWMutex_Unlock(
+ NSSCKFWMutex *mutex)
{
#ifdef DEBUG
- CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
- if( CKR_OK != rv ) {
- return rv;
- }
+ CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+ if (CKR_OK != rv) {
+ return rv;
+ }
#endif /* DEBUG */
- return nssCKFWMutex_Unlock(mutex);
+ return nssCKFWMutex_Unlock(mutex);
}
-
diff --git a/nss/lib/ckfw/nssckfw.h b/nss/lib/ckfw/nssckfw.h
index 4343eab..8807ac8 100644
--- a/nss/lib/ckfw/nssckfw.h
+++ b/nss/lib/ckfw/nssckfw.h
@@ -8,7 +8,7 @@
/*
* nssckfw.h
*
- * This file prototypes the publicly available calls of the
+ * This file prototypes the publicly available calls of the
* NSS Cryptoki Framework.
*/
@@ -40,10 +40,8 @@
*/
NSS_EXTERN NSSCKMDInstance *
-NSSCKFWInstance_GetMDInstance
-(
- NSSCKFWInstance *fwInstance
-);
+NSSCKFWInstance_GetMDInstance(
+ NSSCKFWInstance *fwInstance);
/*
* NSSCKFWInstance_GetArena
@@ -51,11 +49,9 @@
*/
NSS_EXTERN NSSArena *
-NSSCKFWInstance_GetArena
-(
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+NSSCKFWInstance_GetArena(
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
/*
* NSSCKFWInstance_MayCreatePthreads
@@ -63,10 +59,8 @@
*/
NSS_EXTERN CK_BBOOL
-NSSCKFWInstance_MayCreatePthreads
-(
- NSSCKFWInstance *fwInstance
-);
+NSSCKFWInstance_MayCreatePthreads(
+ NSSCKFWInstance *fwInstance);
/*
* NSSCKFWInstance_CreateMutex
@@ -74,12 +68,10 @@
*/
NSS_EXTERN NSSCKFWMutex *
-NSSCKFWInstance_CreateMutex
-(
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-);
+NSSCKFWInstance_CreateMutex(
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError);
/*
* NSSCKFWInstance_GetConfigurationData
@@ -87,10 +79,8 @@
*/
NSS_EXTERN NSSUTF8 *
-NSSCKFWInstance_GetConfigurationData
-(
- NSSCKFWInstance *fwInstance
-);
+NSSCKFWInstance_GetConfigurationData(
+ NSSCKFWInstance *fwInstance);
/*
* NSSCKFWInstance_GetInitArgs
@@ -98,10 +88,8 @@
*/
NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR
-NSSCKFWInstance_GetInitArgs
-(
- NSSCKFWInstance *fwInstance
-);
+NSSCKFWInstance_GetInitArgs(
+ NSSCKFWInstance *fwInstance);
/*
* NSSCKFWSlot
@@ -118,10 +106,8 @@
*/
NSS_EXTERN NSSCKMDSlot *
-NSSCKFWSlot_GetMDSlot
-(
- NSSCKFWSlot *fwSlot
-);
+NSSCKFWSlot_GetMDSlot(
+ NSSCKFWSlot *fwSlot);
/*
* NSSCKFWSlot_GetFWInstance
@@ -129,10 +115,8 @@
*/
NSS_EXTERN NSSCKFWInstance *
-NSSCKFWSlot_GetFWInstance
-(
- NSSCKFWSlot *fwSlot
-);
+NSSCKFWSlot_GetFWInstance(
+ NSSCKFWSlot *fwSlot);
/*
* NSSCKFWSlot_GetMDInstance
@@ -140,10 +124,8 @@
*/
NSS_EXTERN NSSCKMDInstance *
-NSSCKFWSlot_GetMDInstance
-(
- NSSCKFWSlot *fwSlot
-);
+NSSCKFWSlot_GetMDInstance(
+ NSSCKFWSlot *fwSlot);
/*
* NSSCKFWToken
@@ -161,10 +143,8 @@
*/
NSS_EXTERN NSSCKMDToken *
-NSSCKFWToken_GetMDToken
-(
- NSSCKFWToken *fwToken
-);
+NSSCKFWToken_GetMDToken(
+ NSSCKFWToken *fwToken);
/*
* NSSCKFWToken_GetArena
@@ -172,11 +152,9 @@
*/
NSS_EXTERN NSSArena *
-NSSCKFWToken_GetArena
-(
- NSSCKFWToken *fwToken,
- CK_RV *pError
-);
+NSSCKFWToken_GetArena(
+ NSSCKFWToken *fwToken,
+ CK_RV *pError);
/*
* NSSCKFWToken_GetFWSlot
@@ -184,10 +162,8 @@
*/
NSS_EXTERN NSSCKFWSlot *
-NSSCKFWToken_GetFWSlot
-(
- NSSCKFWToken *fwToken
-);
+NSSCKFWToken_GetFWSlot(
+ NSSCKFWToken *fwToken);
/*
* NSSCKFWToken_GetMDSlot
@@ -195,10 +171,8 @@
*/
NSS_EXTERN NSSCKMDSlot *
-NSSCKFWToken_GetMDSlot
-(
- NSSCKFWToken *fwToken
-);
+NSSCKFWToken_GetMDSlot(
+ NSSCKFWToken *fwToken);
/*
* NSSCKFWToken_GetSessionState
@@ -206,10 +180,8 @@
*/
NSS_EXTERN CK_STATE
-NSSCKFWToken_GetSessionState
-(
- NSSCKFWToken *fwToken
-);
+NSSCKFWToken_GetSessionState(
+ NSSCKFWToken *fwToken);
/*
* NSSCKFWMechanism
@@ -225,10 +197,8 @@
*/
NSS_EXTERN NSSCKMDMechanism *
-NSSCKFWMechanism_GetMDMechanism
-(
- NSSCKFWMechanism *fwMechanism
-);
+NSSCKFWMechanism_GetMDMechanism(
+ NSSCKFWMechanism *fwMechanism);
/*
* NSSCKFWMechanism_GetParameter
@@ -236,10 +206,8 @@
*/
NSS_EXTERN NSSItem *
-NSSCKFWMechanism_GetParameter
-(
- NSSCKFWMechanism *fwMechanism
-);
+NSSCKFWMechanism_GetParameter(
+ NSSCKFWMechanism *fwMechanism);
/*
* NSSCKFWSession
@@ -259,10 +227,8 @@
*/
NSS_EXTERN NSSCKMDSession *
-NSSCKFWSession_GetMDSession
-(
- NSSCKFWSession *fwSession
-);
+NSSCKFWSession_GetMDSession(
+ NSSCKFWSession *fwSession);
/*
* NSSCKFWSession_GetArena
@@ -270,11 +236,9 @@
*/
NSS_EXTERN NSSArena *
-NSSCKFWSession_GetArena
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-);
+NSSCKFWSession_GetArena(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError);
/*
* NSSCKFWSession_CallNotification
@@ -282,11 +246,9 @@
*/
NSS_EXTERN CK_RV
-NSSCKFWSession_CallNotification
-(
- NSSCKFWSession *fwSession,
- CK_NOTIFICATION event
-);
+NSSCKFWSession_CallNotification(
+ NSSCKFWSession *fwSession,
+ CK_NOTIFICATION event);
/*
* NSSCKFWSession_IsRWSession
@@ -294,10 +256,8 @@
*/
NSS_EXTERN CK_BBOOL
-NSSCKFWSession_IsRWSession
-(
- NSSCKFWSession *fwSession
-);
+NSSCKFWSession_IsRWSession(
+ NSSCKFWSession *fwSession);
/*
* NSSCKFWSession_IsSO
@@ -305,10 +265,8 @@
*/
NSS_EXTERN CK_BBOOL
-NSSCKFWSession_IsSO
-(
- NSSCKFWSession *fwSession
-);
+NSSCKFWSession_IsSO(
+ NSSCKFWSession *fwSession);
/*
* NSSCKFWSession_GetCurrentCryptoOperation
@@ -316,11 +274,9 @@
*/
NSS_EXTERN NSSCKFWCryptoOperation *
-NSSCKFWSession_GetCurrentCryptoOperation
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationState state
-);
+NSSCKFWSession_GetCurrentCryptoOperation(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationState state);
/*
* NSSCKFWObject
@@ -340,91 +296,75 @@
*
*/
NSS_EXTERN NSSCKMDObject *
-NSSCKFWObject_GetMDObject
-(
- NSSCKFWObject *fwObject
-);
+NSSCKFWObject_GetMDObject(
+ NSSCKFWObject *fwObject);
/*
* NSSCKFWObject_GetArena
*
*/
NSS_EXTERN NSSArena *
-NSSCKFWObject_GetArena
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
+NSSCKFWObject_GetArena(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError);
/*
* NSSCKFWObject_IsTokenObject
*
*/
NSS_EXTERN CK_BBOOL
-NSSCKFWObject_IsTokenObject
-(
- NSSCKFWObject *fwObject
-);
+NSSCKFWObject_IsTokenObject(
+ NSSCKFWObject *fwObject);
/*
* NSSCKFWObject_GetAttributeCount
*
*/
NSS_EXTERN CK_ULONG
-NSSCKFWObject_GetAttributeCount
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
+NSSCKFWObject_GetAttributeCount(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError);
/*
* NSSCKFWObject_GetAttributeTypes
*
*/
NSS_EXTERN CK_RV
-NSSCKFWObject_GetAttributeTypes
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-);
+NSSCKFWObject_GetAttributeTypes(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount);
/*
* NSSCKFWObject_GetAttributeSize
*
*/
NSS_EXTERN CK_ULONG
-NSSCKFWObject_GetAttributeSize
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-);
+NSSCKFWObject_GetAttributeSize(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError);
/*
* NSSCKFWObject_GetAttribute
*
*/
NSS_EXTERN NSSItem *
-NSSCKFWObject_GetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *itemOpt,
- NSSArena *arenaOpt,
- CK_RV *pError
-);
+NSSCKFWObject_GetAttribute(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *itemOpt,
+ NSSArena *arenaOpt,
+ CK_RV *pError);
/*
* NSSCKFWObject_GetObjectSize
*
*/
NSS_EXTERN CK_ULONG
-NSSCKFWObject_GetObjectSize
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-);
+NSSCKFWObject_GetObjectSize(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError);
/*
* NSSCKFWFindObjects
@@ -439,10 +379,8 @@
*/
NSS_EXTERN NSSCKMDFindObjects *
-NSSCKFWFindObjects_GetMDFindObjects
-(
- NSSCKFWFindObjects *
-);
+NSSCKFWFindObjects_GetMDFindObjects(
+ NSSCKFWFindObjects *);
/*
* NSSCKFWMutex
@@ -459,10 +397,8 @@
*/
NSS_EXTERN CK_RV
-NSSCKFWMutex_Destroy
-(
- NSSCKFWMutex *mutex
-);
+NSSCKFWMutex_Destroy(
+ NSSCKFWMutex *mutex);
/*
* NSSCKFWMutex_Lock
@@ -470,10 +406,8 @@
*/
NSS_EXTERN CK_RV
-NSSCKFWMutex_Lock
-(
- NSSCKFWMutex *mutex
-);
+NSSCKFWMutex_Lock(
+ NSSCKFWMutex *mutex);
/*
* NSSCKFWMutex_Unlock
@@ -481,10 +415,7 @@
*/
NSS_EXTERN CK_RV
-NSSCKFWMutex_Unlock
-(
- NSSCKFWMutex *mutex
-);
+NSSCKFWMutex_Unlock(
+ NSSCKFWMutex *mutex);
#endif /* NSSCKFW_H */
-
diff --git a/nss/lib/ckfw/nssckfwc.h b/nss/lib/ckfw/nssckfwc.h
index 3c11e96..734a67c 100644
--- a/nss/lib/ckfw/nssckfwc.h
+++ b/nss/lib/ckfw/nssckfwc.h
@@ -8,7 +8,7 @@
/*
* nssckfwc.h
*
- * This file prototypes all of the NSS Cryptoki Framework "wrapper"
+ * This file prototypes all of the NSS Cryptoki Framework "wrapper"
* which implement the PKCS#11 API. Technically, these are public
* routines (with capital "NSS" prefixes), since they are called
* from (generated) code within a Module using the Framework.
@@ -104,34 +104,28 @@
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_Initialize
-(
- NSSCKFWInstance **pFwInstance,
- NSSCKMDInstance *mdInstance,
- CK_VOID_PTR pInitArgs
-);
+NSSCKFWC_Initialize(
+ NSSCKFWInstance **pFwInstance,
+ NSSCKMDInstance *mdInstance,
+ CK_VOID_PTR pInitArgs);
/*
* NSSCKFWC_Finalize
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_Finalize
-(
- NSSCKFWInstance **pFwInstance
-);
+NSSCKFWC_Finalize(
+ NSSCKFWInstance **pFwInstance);
/*
* NSSCKFWC_GetInfo
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_INFO_PTR pInfo
-);
-
+NSSCKFWC_GetInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_INFO_PTR pInfo);
+
/*
* C_GetFunctionList is implemented entirely in the Module's file which
* includes the Framework API insert file. It requires no "actual"
@@ -143,871 +137,743 @@
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetSlotList
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList,
- CK_ULONG_PTR pulCount
-);
-
+NSSCKFWC_GetSlotList(
+ NSSCKFWInstance *fwInstance,
+ CK_BBOOL tokenPresent,
+ CK_SLOT_ID_PTR pSlotList,
+ CK_ULONG_PTR pulCount);
+
/*
* NSSCKFWC_GetSlotInfo
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetSlotInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_SLOT_INFO_PTR pInfo
-);
+NSSCKFWC_GetSlotInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_SLOT_INFO_PTR pInfo);
/*
* NSSCKFWC_GetTokenInfo
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetTokenInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_TOKEN_INFO_PTR pInfo
-);
+NSSCKFWC_GetTokenInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_TOKEN_INFO_PTR pInfo);
/*
* NSSCKFWC_WaitForSlotEvent
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR pSlot,
- CK_VOID_PTR pReserved
-);
+NSSCKFWC_WaitForSlotEvent(
+ NSSCKFWInstance *fwInstance,
+ CK_FLAGS flags,
+ CK_SLOT_ID_PTR pSlot,
+ CK_VOID_PTR pReserved);
/*
* NSSCKFWC_GetMechanismList
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetMechanismList
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList,
- CK_ULONG_PTR pulCount
-);
+NSSCKFWC_GetMechanismList(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_MECHANISM_TYPE_PTR pMechanismList,
+ CK_ULONG_PTR pulCount);
/*
* NSSCKFWC_GetMechanismInfo
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetMechanismInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo
-);
+NSSCKFWC_GetMechanismInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_MECHANISM_TYPE type,
+ CK_MECHANISM_INFO_PTR pInfo);
/*
* NSSCKFWC_InitToken
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_InitToken
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen,
- CK_CHAR_PTR pLabel
-);
+NSSCKFWC_InitToken(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_CHAR_PTR pPin,
+ CK_ULONG ulPinLen,
+ CK_CHAR_PTR pLabel);
/*
* NSSCKFWC_InitPIN
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_InitPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-);
+NSSCKFWC_InitPIN(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_CHAR_PTR pPin,
+ CK_ULONG ulPinLen);
/*
* NSSCKFWC_SetPIN
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SetPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pOldPin,
- CK_ULONG ulOldLen,
- CK_CHAR_PTR pNewPin,
- CK_ULONG ulNewLen
-);
+NSSCKFWC_SetPIN(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_CHAR_PTR pOldPin,
+ CK_ULONG ulOldLen,
+ CK_CHAR_PTR pNewPin,
+ CK_ULONG ulNewLen);
/*
* NSSCKFWC_OpenSession
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_OpenSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_FLAGS flags,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_SESSION_HANDLE_PTR phSession
-);
+NSSCKFWC_OpenSession(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_FLAGS flags,
+ CK_VOID_PTR pApplication,
+ CK_NOTIFY Notify,
+ CK_SESSION_HANDLE_PTR phSession);
/*
* NSSCKFWC_CloseSession
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_CloseSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
+NSSCKFWC_CloseSession(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession);
/*
* NSSCKFWC_CloseAllSessions
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_CloseAllSessions
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID
-);
+NSSCKFWC_CloseAllSessions(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID);
/*
* NSSCKFWC_GetSessionInfo
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetSessionInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo
-);
+NSSCKFWC_GetSessionInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_SESSION_INFO_PTR pInfo);
/*
* NSSCKFWC_GetOperationState
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG_PTR pulOperationStateLen
-);
+NSSCKFWC_GetOperationState(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pOperationState,
+ CK_ULONG_PTR pulOperationStateLen);
/*
* NSSCKFWC_SetOperationState
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG ulOperationStateLen,
- CK_OBJECT_HANDLE hEncryptionKey,
- CK_OBJECT_HANDLE hAuthenticationKey
-);
+NSSCKFWC_SetOperationState(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pOperationState,
+ CK_ULONG ulOperationStateLen,
+ CK_OBJECT_HANDLE hEncryptionKey,
+ CK_OBJECT_HANDLE hAuthenticationKey);
/*
* NSSCKFWC_Login
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_Login
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_USER_TYPE userType,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-);
+NSSCKFWC_Login(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_USER_TYPE userType,
+ CK_CHAR_PTR pPin,
+ CK_ULONG ulPinLen);
/*
* NSSCKFWC_Logout
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_Logout
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
+NSSCKFWC_Logout(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession);
/*
* NSSCKFWC_CreateObject
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_CreateObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phObject
-);
+NSSCKFWC_CreateObject(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phObject);
/*
* NSSCKFWC_CopyObject
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_CopyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phNewObject
-);
+NSSCKFWC_CopyObject(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phNewObject);
/*
* NSSCKFWC_DestroyObject
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DestroyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject
-);
+NSSCKFWC_DestroyObject(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject);
/*
* NSSCKFWC_GetObjectSize
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetObjectSize
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ULONG_PTR pulSize
-);
+NSSCKFWC_GetObjectSize(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ULONG_PTR pulSize);
/*
* NSSCKFWC_GetAttributeValue
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-);
-
+NSSCKFWC_GetAttributeValue(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount);
+
/*
* NSSCKFWC_SetAttributeValue
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-);
+NSSCKFWC_SetAttributeValue(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount);
/*
* NSSCKFWC_FindObjectsInit
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_FindObjectsInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-);
+NSSCKFWC_FindObjectsInit(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount);
/*
* NSSCKFWC_FindObjects
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_FindObjects
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE_PTR phObject,
- CK_ULONG ulMaxObjectCount,
- CK_ULONG_PTR pulObjectCount
-);
+NSSCKFWC_FindObjects(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE_PTR phObject,
+ CK_ULONG ulMaxObjectCount,
+ CK_ULONG_PTR pulObjectCount);
/*
* NSSCKFWC_FindObjectsFinal
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_FindObjectsFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
+NSSCKFWC_FindObjectsFinal(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession);
/*
* NSSCKFWC_EncryptInit
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_EncryptInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
+NSSCKFWC_EncryptInit(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hKey);
/*
* NSSCKFWC_Encrypt
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_Encrypt
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pulEncryptedDataLen
-);
+NSSCKFWC_Encrypt(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pData,
+ CK_ULONG ulDataLen,
+ CK_BYTE_PTR pEncryptedData,
+ CK_ULONG_PTR pulEncryptedDataLen);
/*
* NSSCKFWC_EncryptUpdate
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_EncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-);
+NSSCKFWC_EncryptUpdate(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pPart,
+ CK_ULONG ulPartLen,
+ CK_BYTE_PTR pEncryptedPart,
+ CK_ULONG_PTR pulEncryptedPartLen);
/*
* NSSCKFWC_EncryptFinal
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_EncryptFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart,
- CK_ULONG_PTR pulLastEncryptedPartLen
-);
+NSSCKFWC_EncryptFinal(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pLastEncryptedPart,
+ CK_ULONG_PTR pulLastEncryptedPartLen);
/*
* NSSCKFWC_DecryptInit
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DecryptInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
+NSSCKFWC_DecryptInit(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hKey);
/*
* NSSCKFWC_Decrypt
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_Decrypt
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen
-);
+NSSCKFWC_Decrypt(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pEncryptedData,
+ CK_ULONG ulEncryptedDataLen,
+ CK_BYTE_PTR pData,
+ CK_ULONG_PTR pulDataLen);
/*
* NSSCKFWC_DecryptUpdate
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DecryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-);
+NSSCKFWC_DecryptUpdate(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pEncryptedPart,
+ CK_ULONG ulEncryptedPartLen,
+ CK_BYTE_PTR pPart,
+ CK_ULONG_PTR pulPartLen);
/*
* NSSCKFWC_DecryptFinal
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DecryptFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart,
- CK_ULONG_PTR pulLastPartLen
-);
+NSSCKFWC_DecryptFinal(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pLastPart,
+ CK_ULONG_PTR pulLastPartLen);
/*
* NSSCKFWC_DigestInit
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DigestInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism
-);
+NSSCKFWC_DigestInit(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism);
/*
* NSSCKFWC_Digest
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_Digest
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen
-);
+NSSCKFWC_Digest(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pData,
+ CK_ULONG ulDataLen,
+ CK_BYTE_PTR pDigest,
+ CK_ULONG_PTR pulDigestLen);
/*
* NSSCKFWC_DigestUpdate
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DigestUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen
-);
+NSSCKFWC_DigestUpdate(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pData,
+ CK_ULONG ulDataLen);
/*
* NSSCKFWC_DigestKey
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DigestKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hKey
-);
+NSSCKFWC_DigestKey(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hKey);
/*
* NSSCKFWC_DigestFinal
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DigestFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen
-);
+NSSCKFWC_DigestFinal(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pDigest,
+ CK_ULONG_PTR pulDigestLen);
/*
* NSSCKFWC_SignInit
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SignInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
+NSSCKFWC_SignInit(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hKey);
/*
* NSSCKFWC_Sign
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_Sign
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-);
+NSSCKFWC_Sign(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pData,
+ CK_ULONG ulDataLen,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG_PTR pulSignatureLen);
/*
* NSSCKFWC_SignUpdate
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SignUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen
-);
+NSSCKFWC_SignUpdate(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pPart,
+ CK_ULONG ulPartLen);
/*
* NSSCKFWC_SignFinal
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SignFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-);
+NSSCKFWC_SignFinal(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG_PTR pulSignatureLen);
/*
* NSSCKFWC_SignRecoverInit
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SignRecoverInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
+NSSCKFWC_SignRecoverInit(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hKey);
/*
* NSSCKFWC_SignRecover
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SignRecover
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen
-);
+NSSCKFWC_SignRecover(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pData,
+ CK_ULONG ulDataLen,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG_PTR pulSignatureLen);
/*
* NSSCKFWC_VerifyInit
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_VerifyInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
+NSSCKFWC_VerifyInit(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hKey);
/*
* NSSCKFWC_Verify
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_Verify
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen
-);
+NSSCKFWC_Verify(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pData,
+ CK_ULONG ulDataLen,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG ulSignatureLen);
/*
* NSSCKFWC_VerifyUpdate
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_VerifyUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen
-);
+NSSCKFWC_VerifyUpdate(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pPart,
+ CK_ULONG ulPartLen);
/*
* NSSCKFWC_VerifyFinal
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_VerifyFinal
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen
-);
+NSSCKFWC_VerifyFinal(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG ulSignatureLen);
/*
* NSSCKFWC_VerifyRecoverInit
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_VerifyRecoverInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey
-);
+NSSCKFWC_VerifyRecoverInit(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hKey);
/*
* NSSCKFWC_VerifyRecover
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_VerifyRecover
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen
-);
+NSSCKFWC_VerifyRecover(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG ulSignatureLen,
+ CK_BYTE_PTR pData,
+ CK_ULONG_PTR pulDataLen);
/*
* NSSCKFWC_DigestEncryptUpdate
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DigestEncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-);
+NSSCKFWC_DigestEncryptUpdate(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pPart,
+ CK_ULONG ulPartLen,
+ CK_BYTE_PTR pEncryptedPart,
+ CK_ULONG_PTR pulEncryptedPartLen);
/*
* NSSCKFWC_DecryptDigestUpdate
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DecryptDigestUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-);
+NSSCKFWC_DecryptDigestUpdate(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pEncryptedPart,
+ CK_ULONG ulEncryptedPartLen,
+ CK_BYTE_PTR pPart,
+ CK_ULONG_PTR pulPartLen);
/*
* NSSCKFWC_SignEncryptUpdate
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SignEncryptUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen
-);
+NSSCKFWC_SignEncryptUpdate(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pPart,
+ CK_ULONG ulPartLen,
+ CK_BYTE_PTR pEncryptedPart,
+ CK_ULONG_PTR pulEncryptedPartLen);
/*
* NSSCKFWC_DecryptVerifyUpdate
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DecryptVerifyUpdate
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen
-);
+NSSCKFWC_DecryptVerifyUpdate(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pEncryptedPart,
+ CK_ULONG ulEncryptedPartLen,
+ CK_BYTE_PTR pPart,
+ CK_ULONG_PTR pulPartLen);
/*
* NSSCKFWC_GenerateKey
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GenerateKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phKey
-);
+NSSCKFWC_GenerateKey(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phKey);
/*
* NSSCKFWC_GenerateKeyPair
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GenerateKeyPair
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- CK_OBJECT_HANDLE_PTR phPublicKey,
- CK_OBJECT_HANDLE_PTR phPrivateKey
-);
+NSSCKFWC_GenerateKeyPair(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ CK_OBJECT_HANDLE_PTR phPublicKey,
+ CK_OBJECT_HANDLE_PTR phPrivateKey);
/*
* NSSCKFWC_WrapKey
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_WrapKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hWrappingKey,
- CK_OBJECT_HANDLE hKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG_PTR pulWrappedKeyLen
-);
+NSSCKFWC_WrapKey(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hWrappingKey,
+ CK_OBJECT_HANDLE hKey,
+ CK_BYTE_PTR pWrappedKey,
+ CK_ULONG_PTR pulWrappedKeyLen);
/*
* NSSCKFWC_UnwrapKey
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_UnwrapKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hUnwrappingKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG ulWrappedKeyLen,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey
-);
+NSSCKFWC_UnwrapKey(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hUnwrappingKey,
+ CK_BYTE_PTR pWrappedKey,
+ CK_ULONG ulWrappedKeyLen,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_OBJECT_HANDLE_PTR phKey);
/*
* NSSCKFWC_DeriveKey
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_DeriveKey
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hBaseKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey
-);
+NSSCKFWC_DeriveKey(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hBaseKey,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_OBJECT_HANDLE_PTR phKey);
/*
* NSSCKFWC_SeedRandom
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_SeedRandom
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSeed,
- CK_ULONG ulSeedLen
-);
+NSSCKFWC_SeedRandom(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pSeed,
+ CK_ULONG ulSeedLen);
/*
* NSSCKFWC_GenerateRandom
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GenerateRandom
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pRandomData,
- CK_ULONG ulRandomLen
-);
+NSSCKFWC_GenerateRandom(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pRandomData,
+ CK_ULONG ulRandomLen);
/*
* NSSCKFWC_GetFunctionStatus
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_GetFunctionStatus
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
+NSSCKFWC_GetFunctionStatus(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession);
/*
* NSSCKFWC_CancelFunction
*
*/
NSS_EXTERN CK_RV
-NSSCKFWC_CancelFunction
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-);
+NSSCKFWC_CancelFunction(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession);
#endif /* NSSCKFWC_H */
diff --git a/nss/lib/ckfw/nssckfwt.h b/nss/lib/ckfw/nssckfwt.h
index 4c4fad2..cd015d5 100644
--- a/nss/lib/ckfw/nssckfwt.h
+++ b/nss/lib/ckfw/nssckfwt.h
@@ -51,7 +51,6 @@
struct NSSCKFWCryptoOperationStr;
typedef struct NSSCKFWCryptoOperationStr NSSCKFWCryptoOperation;
-
/*
* NSSCKFWSession
*
@@ -87,7 +86,7 @@
typedef enum {
SingleThreaded,
MultiThreaded
-} CryptokiLockingState ;
+} CryptokiLockingState;
/* used as an index into an array, make sure it starts at '0' */
typedef enum {
diff --git a/nss/lib/ckfw/nssckmdt.h b/nss/lib/ckfw/nssckmdt.h
index 2c3aa2e..d98f9b0 100644
--- a/nss/lib/ckfw/nssckmdt.h
+++ b/nss/lib/ckfw/nssckmdt.h
@@ -44,9 +44,9 @@
*/
typedef struct {
- PRBool needsFreeing;
- NSSItem* item;
-} NSSCKFWItem ;
+ PRBool needsFreeing;
+ NSSItem *item;
+} NSSCKFWItem;
/*
* NSSCKMDInstance
@@ -61,152 +61,147 @@
*/
struct NSSCKMDInstanceStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
+ /*
+ * The Module may use this pointer for its own purposes.
+ */
+ void *etc;
- /*
- * This routine is called by the Framework to initialize
- * the Module. This routine is optional; if unimplemented,
- * it won't be called. If this routine returns an error,
- * then the initialization will fail.
- */
- CK_RV (PR_CALLBACK *Initialize)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSUTF8 *configurationData
- );
+ /*
+ * This routine is called by the Framework to initialize
+ * the Module. This routine is optional; if unimplemented,
+ * it won't be called. If this routine returns an error,
+ * then the initialization will fail.
+ */
+ CK_RV(PR_CALLBACK *Initialize)
+ (
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSUTF8 *configurationData);
- /*
- * This routine is called when the Framework is finalizing
- * the PKCS#11 Module. It is the last thing called before
- * the NSSCKFWInstance's NSSArena is destroyed. This routine
- * is optional; if unimplemented, it merely won't be called.
- */
- void (PR_CALLBACK *Finalize)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is called when the Framework is finalizing
+ * the PKCS#11 Module. It is the last thing called before
+ * the NSSCKFWInstance's NSSArena is destroyed. This routine
+ * is optional; if unimplemented, it merely won't be called.
+ */
+ void(PR_CALLBACK *Finalize)(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
+ /*
* This routine gets the number of slots. This value must
- * never change, once the instance is initialized. This
+ * never change, once the instance is initialized. This
* routine must be implemented. It may return zero on error.
*/
- CK_ULONG (PR_CALLBACK *GetNSlots)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ CK_ULONG(PR_CALLBACK *GetNSlots)
+ (
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns the version of the Cryptoki standard
- * to which this Module conforms. This routine is optional;
- * if unimplemented, the Framework uses the version to which
- * ~it~ was implemented.
- */
- CK_VERSION (PR_CALLBACK *GetCryptokiVersion)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the version of the Cryptoki standard
+ * to which this Module conforms. This routine is optional;
+ * if unimplemented, the Framework uses the version to which
+ * ~it~ was implemented.
+ */
+ CK_VERSION(PR_CALLBACK *GetCryptokiVersion)
+ (
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing the manufacturer ID for this Module. Only
- * the characters completely encoded in the first thirty-
- * two bytes are significant. This routine is optional.
- * The string returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns a pointer to a UTF8-encoded string
+ * containing the manufacturer ID for this Module. Only
+ * the characters completely encoded in the first thirty-
+ * two bytes are significant. This routine is optional.
+ * The string returned is never freed; if dynamically generated,
+ * the space for it should be allocated from the NSSArena
+ * that may be obtained from the NSSCKFWInstance. This
+ * routine may return NULL upon error; however if *pError
+ * is CKR_OK, the NULL will be considered the valid response.
+ */
+ NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing a description of this Module library. Only
- * the characters completely encoded in the first thirty-
- * two bytes are significant. This routine is optional.
- * The string returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns a pointer to a UTF8-encoded string
+ * containing a description of this Module library. Only
+ * the characters completely encoded in the first thirty-
+ * two bytes are significant. This routine is optional.
+ * The string returned is never freed; if dynamically generated,
+ * the space for it should be allocated from the NSSArena
+ * that may be obtained from the NSSCKFWInstance. This
+ * routine may return NULL upon error; however if *pError
+ * is CKR_OK, the NULL will be considered the valid response.
+ */
+ NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns the version of this Module library.
- * This routine is optional; if unimplemented, the Framework
- * will assume a Module library version of 0.1.
- */
- CK_VERSION (PR_CALLBACK *GetLibraryVersion)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the version of this Module library.
+ * This routine is optional; if unimplemented, the Framework
+ * will assume a Module library version of 0.1.
+ */
+ CK_VERSION(PR_CALLBACK *GetLibraryVersion)
+ (
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if the Module wishes to
- * handle session objects. This routine is optional.
- * If this routine is NULL, or if it exists but returns
- * CK_FALSE, the Framework will assume responsibility
- * for managing session objects.
- */
- CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if the Module wishes to
+ * handle session objects. This routine is optional.
+ * If this routine is NULL, or if it exists but returns
+ * CK_FALSE, the Framework will assume responsibility
+ * for managing session objects.
+ */
+ CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects)
+ (
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine stuffs pointers to NSSCKMDSlot objects into
- * the specified array; one for each slot supported by this
- * instance. The Framework will determine the size needed
- * for the array by calling GetNSlots. This routine is
- * required.
- */
- CK_RV (PR_CALLBACK *GetSlots)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *slots[]
- );
+ /*
+ * This routine stuffs pointers to NSSCKMDSlot objects into
+ * the specified array; one for each slot supported by this
+ * instance. The Framework will determine the size needed
+ * for the array by calling GetNSlots. This routine is
+ * required.
+ */
+ CK_RV(PR_CALLBACK *GetSlots)
+ (
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDSlot *slots[]);
- /*
- * This call returns a pointer to the slot in which an event
- * has occurred. If the block argument is CK_TRUE, the call
- * should block until a slot event occurs; if CK_FALSE, it
- * should check to see if an event has occurred, occurred,
- * but return NULL (and set *pError to CK_NO_EVENT) if one
- * hasn't. This routine is optional; if unimplemented, the
- * Framework will assume that no event has happened. This
- * routine may return NULL upon error.
- */
- NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_BBOOL block,
- CK_RV *pError
- );
+ /*
+ * This call returns a pointer to the slot in which an event
+ * has occurred. If the block argument is CK_TRUE, the call
+ * should block until a slot event occurs; if CK_FALSE, it
+ * should check to see if an event has occurred, occurred,
+ * but return NULL (and set *pError to CK_NO_EVENT) if one
+ * hasn't. This routine is optional; if unimplemented, the
+ * Framework will assume that no event has happened. This
+ * routine may return NULL upon error.
+ */
+ NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_BBOOL block,
+ CK_RV *pError);
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
+ /*
+ * This object may be extended in future versions of the
+ * NSS Cryptoki Framework. To allow for some flexibility
+ * in the area of binary compatibility, this field should
+ * be NULL.
+ */
+ void *null;
};
-
/*
* NSSCKMDSlot
*
@@ -220,165 +215,161 @@
*/
struct NSSCKMDSlotStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
+ /*
+ * The Module may use this pointer for its own purposes.
+ */
+ void *etc;
- /*
- * This routine is called during the Framework initialization
- * step, after the Framework Instance has obtained the list
- * of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
- * specific initialization can be done here. This routine is
- * optional; if unimplemented, it won't be called. Note that
- * if this routine returns an error, the entire Framework
- * initialization for this Module will fail.
- */
- CK_RV (PR_CALLBACK *Initialize)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is called during the Framework initialization
+ * step, after the Framework Instance has obtained the list
+ * of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
+ * specific initialization can be done here. This routine is
+ * optional; if unimplemented, it won't be called. Note that
+ * if this routine returns an error, the entire Framework
+ * initialization for this Module will fail.
+ */
+ CK_RV(PR_CALLBACK *Initialize)
+ (
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine is called when the Framework is finalizing
- * the PKCS#11 Module. This call (for each of the slots)
- * is the last thing called before NSSCKMDInstance->Finalize.
- * This routine is optional; if unimplemented, it merely
- * won't be called. Note: In the rare circumstance that
- * the Framework initialization cannot complete (due to,
- * for example, memory limitations), this can be called with
- * a NULL value for fwSlot.
- */
- void (PR_CALLBACK *Destroy)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is called when the Framework is finalizing
+ * the PKCS#11 Module. This call (for each of the slots)
+ * is the last thing called before NSSCKMDInstance->Finalize.
+ * This routine is optional; if unimplemented, it merely
+ * won't be called. Note: In the rare circumstance that
+ * the Framework initialization cannot complete (due to,
+ * for example, memory limitations), this can be called with
+ * a NULL value for fwSlot.
+ */
+ void(PR_CALLBACK *Destroy)(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing a description of this slot. Only the characters
- * completely encoded in the first sixty-four bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns a pointer to a UTF8-encoded string
+ * containing a description of this slot. Only the characters
+ * completely encoded in the first sixty-four bytes are
+ * significant. This routine is optional. The string
+ * returned is never freed; if dynamically generated,
+ * the space for it should be allocated from the NSSArena
+ * that may be obtained from the NSSCKFWInstance. This
+ * routine may return NULL upon error; however if *pError
+ * is CKR_OK, the NULL will be considered the valid response.
+ */
+ NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing a description of the manufacturer of this slot.
- * Only the characters completely encoded in the first thirty-
- * two bytes are significant. This routine is optional.
- * The string returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns a pointer to a UTF8-encoded string
+ * containing a description of the manufacturer of this slot.
+ * Only the characters completely encoded in the first thirty-
+ * two bytes are significant. This routine is optional.
+ * The string returned is never freed; if dynamically generated,
+ * the space for it should be allocated from the NSSArena
+ * that may be obtained from the NSSCKFWInstance. This
+ * routine may return NULL upon error; however if *pError
+ * is CKR_OK, the NULL will be considered the valid response.
+ */
+ NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns CK_TRUE if a token is present in this
- * slot. This routine is optional; if unimplemented, CK_TRUE
- * is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetTokenPresent)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if a token is present in this
+ * slot. This routine is optional; if unimplemented, CK_TRUE
+ * is assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetTokenPresent)
+ (
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if the slot supports removable
- * tokens. This routine is optional; if unimplemented, CK_FALSE
- * is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetRemovableDevice)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if the slot supports removable
+ * tokens. This routine is optional; if unimplemented, CK_FALSE
+ * is assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetRemovableDevice)
+ (
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if this slot is a hardware
- * device, or CK_FALSE if this slot is a software device. This
- * routine is optional; if unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetHardwareSlot)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if this slot is a hardware
+ * device, or CK_FALSE if this slot is a software device. This
+ * routine is optional; if unimplemented, CK_FALSE is assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetHardwareSlot)
+ (
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the version of this slot's hardware.
- * This routine is optional; if unimplemented, the Framework
- * will assume a hardware version of 0.1.
- */
- CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the version of this slot's hardware.
+ * This routine is optional; if unimplemented, the Framework
+ * will assume a hardware version of 0.1.
+ */
+ CK_VERSION(PR_CALLBACK *GetHardwareVersion)
+ (
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the version of this slot's firmware.
- * This routine is optional; if unimplemented, the Framework
- * will assume a hardware version of 0.1.
- */
- CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the version of this slot's firmware.
+ * This routine is optional; if unimplemented, the Framework
+ * will assume a hardware version of 0.1.
+ */
+ CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
+ (
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine should return a pointer to an NSSCKMDToken
- * object corresponding to the token in the specified slot.
- * The NSSCKFWToken object passed in has an NSSArena
- * available which is dedicated for this token. This routine
- * must be implemented. This routine may return NULL upon
- * error.
- */
- NSSCKMDToken *(PR_CALLBACK *GetToken)(
- NSSCKMDSlot *mdSlot,
- NSSCKFWSlot *fwSlot,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine should return a pointer to an NSSCKMDToken
+ * object corresponding to the token in the specified slot.
+ * The NSSCKFWToken object passed in has an NSSArena
+ * available which is dedicated for this token. This routine
+ * must be implemented. This routine may return NULL upon
+ * error.
+ */
+ NSSCKMDToken *(PR_CALLBACK *GetToken)(
+ NSSCKMDSlot *mdSlot,
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
+ /*
+ * This object may be extended in future versions of the
+ * NSS Cryptoki Framework. To allow for some flexibility
+ * in the area of binary compatibility, this field should
+ * be NULL.
+ */
+ void *null;
};
/*
@@ -394,444 +385,437 @@
*/
struct NSSCKMDTokenStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
+ /*
+ * The Module may use this pointer for its own purposes.
+ */
+ void *etc;
- /*
- * This routine is used to prepare a Module token object for
- * use. It is called after the NSSCKMDToken object is obtained
- * from NSSCKMDSlot->GetToken. It is named "Setup" here because
- * Cryptoki already defines "InitToken" to do the process of
- * wiping out any existing state on a token and preparing it for
- * a new use. This routine is optional; if unimplemented, it
- * merely won't be called.
- */
- CK_RV (PR_CALLBACK *Setup)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is used to prepare a Module token object for
+ * use. It is called after the NSSCKMDToken object is obtained
+ * from NSSCKMDSlot->GetToken. It is named "Setup" here because
+ * Cryptoki already defines "InitToken" to do the process of
+ * wiping out any existing state on a token and preparing it for
+ * a new use. This routine is optional; if unimplemented, it
+ * merely won't be called.
+ */
+ CK_RV(PR_CALLBACK *Setup)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine is called by the Framework whenever it notices
- * that the token object is invalid. (Typically this is when a
- * routine indicates an error such as CKR_DEVICE_REMOVED). This
- * call is the last thing called before the NSSArena in the
- * corresponding NSSCKFWToken is destroyed. This routine is
- * optional; if unimplemented, it merely won't be called.
- */
- void (PR_CALLBACK *Invalidate)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is called by the Framework whenever it notices
+ * that the token object is invalid. (Typically this is when a
+ * routine indicates an error such as CKR_DEVICE_REMOVED). This
+ * call is the last thing called before the NSSArena in the
+ * corresponding NSSCKFWToken is destroyed. This routine is
+ * optional; if unimplemented, it merely won't be called.
+ */
+ void(PR_CALLBACK *Invalidate)(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine initialises the token in the specified slot.
- * This routine is optional; if unimplemented, the Framework
- * will fail this operation with an error of CKR_DEVICE_ERROR.
- */
+ /*
+ * This routine initialises the token in the specified slot.
+ * This routine is optional; if unimplemented, the Framework
+ * will fail this operation with an error of CKR_DEVICE_ERROR.
+ */
- CK_RV (PR_CALLBACK *InitToken)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *pin,
- NSSUTF8 *label
- );
+ CK_RV(PR_CALLBACK *InitToken)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSItem *pin,
+ NSSUTF8 *label);
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing this token's label. Only the characters
- * completely encoded in the first thirty-two bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetLabel)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns a pointer to a UTF8-encoded string
+ * containing this token's label. Only the characters
+ * completely encoded in the first thirty-two bytes are
+ * significant. This routine is optional. The string
+ * returned is never freed; if dynamically generated,
+ * the space for it should be allocated from the NSSArena
+ * that may be obtained from the NSSCKFWInstance. This
+ * routine may return NULL upon error; however if *pError
+ * is CKR_OK, the NULL will be considered the valid response.
+ */
+ NSSUTF8 *(PR_CALLBACK *GetLabel)(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing this token's manufacturer ID. Only the characters
- * completely encoded in the first thirty-two bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns a pointer to a UTF8-encoded string
+ * containing this token's manufacturer ID. Only the characters
+ * completely encoded in the first thirty-two bytes are
+ * significant. This routine is optional. The string
+ * returned is never freed; if dynamically generated,
+ * the space for it should be allocated from the NSSArena
+ * that may be obtained from the NSSCKFWInstance. This
+ * routine may return NULL upon error; however if *pError
+ * is CKR_OK, the NULL will be considered the valid response.
+ */
+ NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing this token's model name. Only the characters
- * completely encoded in the first thirty-two bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetModel)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns a pointer to a UTF8-encoded string
+ * containing this token's model name. Only the characters
+ * completely encoded in the first thirty-two bytes are
+ * significant. This routine is optional. The string
+ * returned is never freed; if dynamically generated,
+ * the space for it should be allocated from the NSSArena
+ * that may be obtained from the NSSCKFWInstance. This
+ * routine may return NULL upon error; however if *pError
+ * is CKR_OK, the NULL will be considered the valid response.
+ */
+ NSSUTF8 *(PR_CALLBACK *GetModel)(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns a pointer to a UTF8-encoded string
- * containing this token's serial number. Only the characters
- * completely encoded in the first thirty-two bytes are
- * significant. This routine is optional. The string
- * returned is never freed; if dynamically generated,
- * the space for it should be allocated from the NSSArena
- * that may be obtained from the NSSCKFWInstance. This
- * routine may return NULL upon error; however if *pError
- * is CKR_OK, the NULL will be considered the valid response.
- */
- NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns a pointer to a UTF8-encoded string
+ * containing this token's serial number. Only the characters
+ * completely encoded in the first thirty-two bytes are
+ * significant. This routine is optional. The string
+ * returned is never freed; if dynamically generated,
+ * the space for it should be allocated from the NSSArena
+ * that may be obtained from the NSSCKFWInstance. This
+ * routine may return NULL upon error; however if *pError
+ * is CKR_OK, the NULL will be considered the valid response.
+ */
+ NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns CK_TRUE if the token has its own
- * random number generator. This routine is optional; if
- * unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetHasRNG)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if the token has its own
+ * random number generator. This routine is optional; if
+ * unimplemented, CK_FALSE is assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetHasRNG)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if this token is write-protected.
- * This routine is optional; if unimplemented, CK_FALSE is
- * assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if this token is write-protected.
+ * This routine is optional; if unimplemented, CK_FALSE is
+ * assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetIsWriteProtected)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if this token requires a login.
- * This routine is optional; if unimplemented, CK_FALSE is
- * assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetLoginRequired)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if this token requires a login.
+ * This routine is optional; if unimplemented, CK_FALSE is
+ * assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetLoginRequired)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if the normal user's PIN on this
- * token has been initialised. This routine is optional; if
- * unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if the normal user's PIN on this
+ * token has been initialised. This routine is optional; if
+ * unimplemented, CK_FALSE is assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetUserPinInitialized)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if a successful save of a
- * session's cryptographic operations state ~always~ contains
- * all keys needed to restore the state of the session. This
- * routine is optional; if unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if a successful save of a
+ * session's cryptographic operations state ~always~ contains
+ * all keys needed to restore the state of the session. This
+ * routine is optional; if unimplemented, CK_FALSE is assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if the token has its own
- * hardware clock. This routine is optional; if unimplemented,
- * CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if the token has its own
+ * hardware clock. This routine is optional; if unimplemented,
+ * CK_FALSE is assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetHasClockOnToken)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if the token has a protected
- * authentication path. This routine is optional; if
- * unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if the token has a protected
+ * authentication path. This routine is optional; if
+ * unimplemented, CK_FALSE is assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns CK_TRUE if the token supports dual
- * cryptographic operations within a single session. This
- * routine is optional; if unimplemented, CK_FALSE is assumed.
- */
- CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns CK_TRUE if the token supports dual
+ * cryptographic operations within a single session. This
+ * routine is optional; if unimplemented, CK_FALSE is assumed.
+ */
+ CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * XXX fgmr-- should we have a call to return all the flags
- * at once, for folks who already know about Cryptoki?
- */
+ /*
+ * XXX fgmr-- should we have a call to return all the flags
+ * at once, for folks who already know about Cryptoki?
+ */
- /*
- * This routine returns the maximum number of sessions that
- * may be opened on this token. This routine is optional;
- * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
- * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
- */
- CK_ULONG (PR_CALLBACK *GetMaxSessionCount)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the maximum number of sessions that
+ * may be opened on this token. This routine is optional;
+ * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
+ * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
+ */
+ CK_ULONG(PR_CALLBACK *GetMaxSessionCount)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the maximum number of read/write
- * sesisons that may be opened on this token. This routine
- * is optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
- * CK_EFFECTIVELY_INFINITE?
- */
- CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the maximum number of read/write
+ * sesisons that may be opened on this token. This routine
+ * is optional; if unimplemented, the special value
+ * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
+ * CK_EFFECTIVELY_INFINITE?
+ */
+ CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the maximum PIN code length that is
- * supported on this token. This routine is optional;
- * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
- * is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetMaxPinLen)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the maximum PIN code length that is
+ * supported on this token. This routine is optional;
+ * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
+ * is assumed.
+ */
+ CK_ULONG(PR_CALLBACK *GetMaxPinLen)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the minimum PIN code length that is
- * supported on this token. This routine is optional; if
- * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
- * is assumed. XXX fgmr-- or 0?
- */
- CK_ULONG (PR_CALLBACK *GetMinPinLen)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the minimum PIN code length that is
+ * supported on this token. This routine is optional; if
+ * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
+ * is assumed. XXX fgmr-- or 0?
+ */
+ CK_ULONG(PR_CALLBACK *GetMinPinLen)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the total amount of memory on the token
- * in which public objects may be stored. This routine is
- * optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the total amount of memory on the token
+ * in which public objects may be stored. This routine is
+ * optional; if unimplemented, the special value
+ * CK_UNAVAILABLE_INFORMATION is assumed.
+ */
+ CK_ULONG(PR_CALLBACK *GetTotalPublicMemory)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the amount of unused memory on the
- * token in which public objects may be stored. This routine
- * is optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetFreePublicMemory)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the amount of unused memory on the
+ * token in which public objects may be stored. This routine
+ * is optional; if unimplemented, the special value
+ * CK_UNAVAILABLE_INFORMATION is assumed.
+ */
+ CK_ULONG(PR_CALLBACK *GetFreePublicMemory)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the total amount of memory on the token
- * in which private objects may be stored. This routine is
- * optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the total amount of memory on the token
+ * in which private objects may be stored. This routine is
+ * optional; if unimplemented, the special value
+ * CK_UNAVAILABLE_INFORMATION is assumed.
+ */
+ CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the amount of unused memory on the
- * token in which private objects may be stored. This routine
- * is optional; if unimplemented, the special value
- * CK_UNAVAILABLE_INFORMATION is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the amount of unused memory on the
+ * token in which private objects may be stored. This routine
+ * is optional; if unimplemented, the special value
+ * CK_UNAVAILABLE_INFORMATION is assumed.
+ */
+ CK_ULONG(PR_CALLBACK *GetFreePrivateMemory)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the version number of this token's
- * hardware. This routine is optional; if unimplemented,
- * the value 0.1 is assumed.
- */
- CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the version number of this token's
+ * hardware. This routine is optional; if unimplemented,
+ * the value 0.1 is assumed.
+ */
+ CK_VERSION(PR_CALLBACK *GetHardwareVersion)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the version number of this token's
- * firmware. This routine is optional; if unimplemented,
- * the value 0.1 is assumed.
- */
- CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the version number of this token's
+ * firmware. This routine is optional; if unimplemented,
+ * the value 0.1 is assumed.
+ */
+ CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine stuffs the current UTC time, as obtained from
- * the token, into the sixteen-byte buffer in the form
- * YYYYMMDDhhmmss00. This routine need only be implemented
- * by token which indicate that they have a real-time clock.
- * XXX fgmr-- think about time formats.
- */
- CK_RV (PR_CALLBACK *GetUTCTime)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_CHAR utcTime[16]
- );
+ /*
+ * This routine stuffs the current UTC time, as obtained from
+ * the token, into the sixteen-byte buffer in the form
+ * YYYYMMDDhhmmss00. This routine need only be implemented
+ * by token which indicate that they have a real-time clock.
+ * XXX fgmr-- think about time formats.
+ */
+ CK_RV(PR_CALLBACK *GetUTCTime)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_CHAR utcTime[16]);
- /*
- * This routine creates a session on the token, and returns
- * the corresponding NSSCKMDSession object. The value of
- * rw will be CK_TRUE if the session is to be a read/write
- * session, or CK_FALSE otherwise. An NSSArena dedicated to
- * the new session is available from the specified NSSCKFWSession.
- * This routine may return NULL upon error.
- */
- NSSCKMDSession *(PR_CALLBACK *OpenSession)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKFWSession *fwSession,
- CK_BBOOL rw,
- CK_RV *pError
- );
+ /*
+ * This routine creates a session on the token, and returns
+ * the corresponding NSSCKMDSession object. The value of
+ * rw will be CK_TRUE if the session is to be a read/write
+ * session, or CK_FALSE otherwise. An NSSArena dedicated to
+ * the new session is available from the specified NSSCKFWSession.
+ * This routine may return NULL upon error.
+ */
+ NSSCKMDSession *(PR_CALLBACK *OpenSession)(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKFWSession *fwSession,
+ CK_BBOOL rw,
+ CK_RV *pError);
- /*
- * This routine returns the number of PKCS#11 Mechanisms
- * supported by this token. This routine is optional; if
- * unimplemented, zero is assumed.
- */
- CK_ULONG (PR_CALLBACK *GetMechanismCount)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine returns the number of PKCS#11 Mechanisms
+ * supported by this token. This routine is optional; if
+ * unimplemented, zero is assumed.
+ */
+ CK_ULONG(PR_CALLBACK *GetMechanismCount)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine stuffs into the specified array the types
- * of the mechanisms supported by this token. The Framework
- * determines the size of the array by calling GetMechanismCount.
- */
- CK_RV (PR_CALLBACK *GetMechanismTypes)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_MECHANISM_TYPE types[]
- );
+ /*
+ * This routine stuffs into the specified array the types
+ * of the mechanisms supported by this token. The Framework
+ * determines the size of the array by calling GetMechanismCount.
+ */
+ CK_RV(PR_CALLBACK *GetMechanismTypes)
+ (
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_MECHANISM_TYPE types[]);
- /*
- * This routine returns a pointer to a Module mechanism
- * object corresponding to a specified type. This routine
- * need only exist for tokens implementing at least one
- * mechanism.
- */
- NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_MECHANISM_TYPE which,
- CK_RV *pError
- );
+ /*
+ * This routine returns a pointer to a Module mechanism
+ * object corresponding to a specified type. This routine
+ * need only exist for tokens implementing at least one
+ * mechanism.
+ */
+ NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_MECHANISM_TYPE which,
+ CK_RV *pError);
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
+ /*
+ * This object may be extended in future versions of the
+ * NSS Cryptoki Framework. To allow for some flexibility
+ * in the area of binary compatibility, this field should
+ * be NULL.
+ */
+ void *null;
};
/*
@@ -847,279 +831,275 @@
*/
struct NSSCKMDSessionStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
+ /*
+ * The Module may use this pointer for its own purposes.
+ */
+ void *etc;
- /*
- * This routine is called by the Framework when a session is
- * closed. This call is the last thing called before the
- * NSSArena in the correspoinding NSSCKFWSession is destroyed.
- * This routine is optional; if unimplemented, it merely won't
- * be called.
- */
- void (PR_CALLBACK *Close)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is called by the Framework when a session is
+ * closed. This call is the last thing called before the
+ * NSSArena in the correspoinding NSSCKFWSession is destroyed.
+ * This routine is optional; if unimplemented, it merely won't
+ * be called.
+ */
+ void(PR_CALLBACK *Close)(
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine is used to get any device-specific error.
- * This routine is optional.
- */
- CK_ULONG (PR_CALLBACK *GetDeviceError)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is used to get any device-specific error.
+ * This routine is optional.
+ */
+ CK_ULONG(PR_CALLBACK *GetDeviceError)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine is used to log in a user to the token. This
- * routine is optional, since the Framework's NSSCKFWSession
- * object keeps track of the login state.
- */
- CK_RV (PR_CALLBACK *Login)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_USER_TYPE userType,
- NSSItem *pin,
- CK_STATE oldState,
- CK_STATE newState
- );
+ /*
+ * This routine is used to log in a user to the token. This
+ * routine is optional, since the Framework's NSSCKFWSession
+ * object keeps track of the login state.
+ */
+ CK_RV(PR_CALLBACK *Login)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_USER_TYPE userType,
+ NSSItem *pin,
+ CK_STATE oldState,
+ CK_STATE newState);
- /*
- * This routine is used to log out a user from the token. This
- * routine is optional, since the Framework's NSSCKFWSession
- * object keeps track of the login state.
- */
- CK_RV (PR_CALLBACK *Logout)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_STATE oldState,
- CK_STATE newState
- );
+ /*
+ * This routine is used to log out a user from the token. This
+ * routine is optional, since the Framework's NSSCKFWSession
+ * object keeps track of the login state.
+ */
+ CK_RV(PR_CALLBACK *Logout)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_STATE oldState,
+ CK_STATE newState);
- /*
- * This routine is used to initialize the normal user's PIN or
- * password. This will only be called in the "read/write
- * security officer functions" state. If this token has a
- * protected authentication path, then the pin argument will
- * be NULL. This routine is optional; if unimplemented, the
- * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
- */
- CK_RV (PR_CALLBACK *InitPIN)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *pin
- );
+ /*
+ * This routine is used to initialize the normal user's PIN or
+ * password. This will only be called in the "read/write
+ * security officer functions" state. If this token has a
+ * protected authentication path, then the pin argument will
+ * be NULL. This routine is optional; if unimplemented, the
+ * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
+ */
+ CK_RV(PR_CALLBACK *InitPIN)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSItem *pin);
- /*
- * This routine is used to modify a user's PIN or password. This
- * routine will only be called in the "read/write security officer
- * functions" or "read/write user functions" state. If this token
- * has a protected authentication path, then the pin arguments
- * will be NULL. This routine is optional; if unimplemented, the
- * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
- */
- CK_RV (PR_CALLBACK *SetPIN)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *oldPin,
- NSSItem *newPin
- );
+ /*
+ * This routine is used to modify a user's PIN or password. This
+ * routine will only be called in the "read/write security officer
+ * functions" or "read/write user functions" state. If this token
+ * has a protected authentication path, then the pin arguments
+ * will be NULL. This routine is optional; if unimplemented, the
+ * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
+ */
+ CK_RV(PR_CALLBACK *SetPIN)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSItem *oldPin,
+ NSSItem *newPin);
- /*
- * This routine is used to find out how much space would be required
- * to save the current operational state. This routine is optional;
- * if unimplemented, the Framework will reject any attempts to save
- * the operational state with the error CKR_STATE_UNSAVEABLE. This
- * routine may return zero on error.
- */
- CK_ULONG (PR_CALLBACK *GetOperationStateLen)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine is used to find out how much space would be required
+ * to save the current operational state. This routine is optional;
+ * if unimplemented, the Framework will reject any attempts to save
+ * the operational state with the error CKR_STATE_UNSAVEABLE. This
+ * routine may return zero on error.
+ */
+ CK_ULONG(PR_CALLBACK *GetOperationStateLen)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine is used to store the current operational state. This
- * routine is only required if GetOperationStateLen is implemented
- * and can return a nonzero value. The buffer in the specified item
- * will be pre-allocated, and the length will specify the amount of
- * space available (which may be more than GetOperationStateLen
- * asked for, but which will not be smaller).
- */
- CK_RV (PR_CALLBACK *GetOperationState)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *buffer
- );
+ /*
+ * This routine is used to store the current operational state. This
+ * routine is only required if GetOperationStateLen is implemented
+ * and can return a nonzero value. The buffer in the specified item
+ * will be pre-allocated, and the length will specify the amount of
+ * space available (which may be more than GetOperationStateLen
+ * asked for, but which will not be smaller).
+ */
+ CK_RV(PR_CALLBACK *GetOperationState)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSItem *buffer);
- /*
- * This routine is used to restore an operational state previously
- * obtained with GetOperationState. The Framework will take pains
- * to be sure that the state is (or was at one point) valid; if the
- * Module notices that the state is invalid, it should return an
- * error, but it is not required to be paranoid about the issue.
- * [XXX fgmr-- should (can?) the framework verify the keys match up?]
- * This routine is required only if GetOperationState is implemented.
- */
- CK_RV (PR_CALLBACK *SetOperationState)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *state,
- NSSCKMDObject *mdEncryptionKey,
- NSSCKFWObject *fwEncryptionKey,
- NSSCKMDObject *mdAuthenticationKey,
- NSSCKFWObject *fwAuthenticationKey
- );
+ /*
+ * This routine is used to restore an operational state previously
+ * obtained with GetOperationState. The Framework will take pains
+ * to be sure that the state is (or was at one point) valid; if the
+ * Module notices that the state is invalid, it should return an
+ * error, but it is not required to be paranoid about the issue.
+ * [XXX fgmr-- should (can?) the framework verify the keys match up?]
+ * This routine is required only if GetOperationState is implemented.
+ */
+ CK_RV(PR_CALLBACK *SetOperationState)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSItem *state,
+ NSSCKMDObject *mdEncryptionKey,
+ NSSCKFWObject *fwEncryptionKey,
+ NSSCKMDObject *mdAuthenticationKey,
+ NSSCKFWObject *fwAuthenticationKey);
- /*
- * This routine is used to create an object. The specified template
- * will only specify a session object if the Module has indicated
- * that it wishes to handle its own session objects. This routine
- * is optional; if unimplemented, the Framework will reject the
- * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
- * token objects should come from the NSSArena available from the
- * NSSCKFWToken object; space for session objects (if supported)
- * should come from the NSSArena available from the NSSCKFWSession
- * object. The appropriate NSSArena pointer will, as a convenience,
- * be passed as the handyArenaPointer argument. This routine may
- * return NULL upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *CreateObject)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *handyArenaPointer,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
+ /*
+ * This routine is used to create an object. The specified template
+ * will only specify a session object if the Module has indicated
+ * that it wishes to handle its own session objects. This routine
+ * is optional; if unimplemented, the Framework will reject the
+ * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
+ * token objects should come from the NSSArena available from the
+ * NSSCKFWToken object; space for session objects (if supported)
+ * should come from the NSSArena available from the NSSCKFWSession
+ * object. The appropriate NSSArena pointer will, as a convenience,
+ * be passed as the handyArenaPointer argument. This routine may
+ * return NULL upon error.
+ */
+ NSSCKMDObject *(PR_CALLBACK *CreateObject)(
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSArena *handyArenaPointer,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
- /*
- * This routine is used to make a copy of an object. It is entirely
- * optional; if unimplemented, the Framework will try to use
- * CreateObject instead. If the Module has indicated that it does
- * not wish to handle session objects, then this routine will only
- * be called to copy a token object to another token object.
- * Otherwise, either the original object or the new may be of
- * either the token or session variety. As with CreateObject, the
- * handyArenaPointer will point to the appropriate arena for the
- * new object. This routine may return NULL upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *CopyObject)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdOldObject,
- NSSCKFWObject *fwOldObject,
- NSSArena *handyArenaPointer,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
+ /*
+ * This routine is used to make a copy of an object. It is entirely
+ * optional; if unimplemented, the Framework will try to use
+ * CreateObject instead. If the Module has indicated that it does
+ * not wish to handle session objects, then this routine will only
+ * be called to copy a token object to another token object.
+ * Otherwise, either the original object or the new may be of
+ * either the token or session variety. As with CreateObject, the
+ * handyArenaPointer will point to the appropriate arena for the
+ * new object. This routine may return NULL upon error.
+ */
+ NSSCKMDObject *(PR_CALLBACK *CopyObject)(
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdOldObject,
+ NSSCKFWObject *fwOldObject,
+ NSSArena *handyArenaPointer,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
- /*
- * This routine is used to begin an object search. This routine may
- * be unimplemented only if the Module does not handle session
- * objects, and if none of its tokens have token objects. The
- * NSSCKFWFindObjects pointer has an NSSArena that may be used for
- * storage for the life of this "find" operation. This routine may
- * return NULL upon error. If the Module can determine immediately
- * that the search will not find any matching objects, it may return
- * NULL, and specify CKR_OK as the error.
- */
- NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
+ /*
+ * This routine is used to begin an object search. This routine may
+ * be unimplemented only if the Module does not handle session
+ * objects, and if none of its tokens have token objects. The
+ * NSSCKFWFindObjects pointer has an NSSArena that may be used for
+ * storage for the life of this "find" operation. This routine may
+ * return NULL upon error. If the Module can determine immediately
+ * that the search will not find any matching objects, it may return
+ * NULL, and specify CKR_OK as the error.
+ */
+ NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
- /*
- * This routine seeds the random-number generator. It is
- * optional, even if GetRandom is implemented. If unimplemented,
- * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
- */
- CK_RV (PR_CALLBACK *SeedRandom)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *seed
- );
+ /*
+ * This routine seeds the random-number generator. It is
+ * optional, even if GetRandom is implemented. If unimplemented,
+ * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
+ */
+ CK_RV(PR_CALLBACK *SeedRandom)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSItem *seed);
- /*
- * This routine gets random data. It is optional. If unimplemented,
- * the Framework will issue the error CKR_RANDOM_NO_RNG.
- */
- CK_RV (PR_CALLBACK *GetRandom)(
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *buffer
- );
+ /*
+ * This routine gets random data. It is optional. If unimplemented,
+ * the Framework will issue the error CKR_RANDOM_NO_RNG.
+ */
+ CK_RV(PR_CALLBACK *GetRandom)
+ (
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSItem *buffer);
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
+ /*
+ * This object may be extended in future versions of the
+ * NSS Cryptoki Framework. To allow for some flexibility
+ * in the area of binary compatibility, this field should
+ * be NULL.
+ */
+ void *null;
};
/*
@@ -1135,54 +1115,52 @@
*/
struct NSSCKMDFindObjectsStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
+ /*
+ * The Module may use this pointer for its own purposes.
+ */
+ void *etc;
- /*
- * This routine is called by the Framework to finish a
- * search operation. Note that the Framework may finish
- * a search before it has completed. This routine is
- * optional; if unimplemented, it merely won't be called.
- */
- void (PR_CALLBACK *Final)(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is called by the Framework to finish a
+ * search operation. Note that the Framework may finish
+ * a search before it has completed. This routine is
+ * optional; if unimplemented, it merely won't be called.
+ */
+ void(PR_CALLBACK *Final)(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine is used to obtain another pointer to an
- * object matching the search criteria. This routine is
- * required. If no (more) objects match the search, it
- * should return NULL and set the error to CKR_OK.
- */
- NSSCKMDObject *(PR_CALLBACK *Next)(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
- );
+ /*
+ * This routine is used to obtain another pointer to an
+ * object matching the search criteria. This routine is
+ * required. If no (more) objects match the search, it
+ * should return NULL and set the error to CKR_OK.
+ */
+ NSSCKMDObject *(PR_CALLBACK *Next)(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError);
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
+ /*
+ * This object may be extended in future versions of the
+ * NSS Cryptoki Framework. To allow for some flexibility
+ * in the area of binary compatibility, this field should
+ * be NULL.
+ */
+ void *null;
};
/*
@@ -1199,182 +1177,179 @@
*/
struct NSSCKMDCryptoOperationStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
+ /*
+ * The Module may use this pointer for its own purposes.
+ */
+ void *etc;
- /*
- * This routine is called by the Framework clean up the mdCryptoOperation
- * structure.
- * This routine is optional; if unimplemented, it will be ignored.
- */
- void (PR_CALLBACK *Destroy)(
- NSSCKMDCryptoOperation *mdCryptoOperation,
- NSSCKFWCryptoOperation *fwCryptoOperation,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is called by the Framework clean up the mdCryptoOperation
+ * structure.
+ * This routine is optional; if unimplemented, it will be ignored.
+ */
+ void(PR_CALLBACK *Destroy)(
+ NSSCKMDCryptoOperation *mdCryptoOperation,
+ NSSCKFWCryptoOperation *fwCryptoOperation,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
+ /*
+ * how many bytes do we need to finish this buffer?
+ * must be implemented if Final is implemented.
+ */
+ CK_ULONG(PR_CALLBACK *GetFinalLength)
+ (
+ NSSCKMDCryptoOperation *mdCryptoOperation,
+ NSSCKFWCryptoOperation *fwCryptoOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * how many bytes do we need to finish this buffer?
- * must be implemented if Final is implemented.
- */
- CK_ULONG (PR_CALLBACK *GetFinalLength)(
- NSSCKMDCryptoOperation *mdCryptoOperation,
- NSSCKFWCryptoOperation *fwCryptoOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * how many bytes do we need to complete the next operation.
+ * used in both Update and UpdateFinal.
+ */
+ CK_ULONG(PR_CALLBACK *GetOperationLength)
+ (
+ NSSCKMDCryptoOperation *mdCryptoOperation,
+ NSSCKFWCryptoOperation *fwCryptoOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ const NSSItem *inputBuffer,
+ CK_RV *pError);
- /*
- * how many bytes do we need to complete the next operation.
- * used in both Update and UpdateFinal.
- */
- CK_ULONG (PR_CALLBACK *GetOperationLength)(
- NSSCKMDCryptoOperation *mdCryptoOperation,
- NSSCKFWCryptoOperation *fwCryptoOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- const NSSItem *inputBuffer,
- CK_RV *pError
- );
+ /*
+ * This routine is called by the Framework to finish a
+ * search operation. Note that the Framework may finish
+ * a search before it has completed. This routine is
+ * optional; if unimplemented, it merely won't be called.
+ * The respective final call with fail with CKR_FUNCTION_FAILED
+ * Final should not free the mdCryptoOperation.
+ */
+ CK_RV(PR_CALLBACK *Final)
+ (
+ NSSCKMDCryptoOperation *mdCryptoOperation,
+ NSSCKFWCryptoOperation *fwCryptoOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSItem *outputBuffer);
- /*
- * This routine is called by the Framework to finish a
- * search operation. Note that the Framework may finish
- * a search before it has completed. This routine is
- * optional; if unimplemented, it merely won't be called.
- * The respective final call with fail with CKR_FUNCTION_FAILED
- * Final should not free the mdCryptoOperation.
- */
- CK_RV(PR_CALLBACK *Final)(
- NSSCKMDCryptoOperation *mdCryptoOperation,
- NSSCKFWCryptoOperation *fwCryptoOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSItem *outputBuffer
- );
+ /*
+ * This routine is called by the Framework to complete the
+ * next step in an encryption/decryption operation.
+ * This routine is optional; if unimplemented, the respective
+ * update call with fail with CKR_FUNCTION_FAILED.
+ * Update should not be implemented for signing/verification/digest
+ * mechanisms.
+ */
+ CK_RV(PR_CALLBACK *Update)
+ (
+ NSSCKMDCryptoOperation *mdCryptoOperation,
+ NSSCKFWCryptoOperation *fwCryptoOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ const NSSItem *inputBuffer,
+ NSSItem *outputBuffer);
+ /*
+ * This routine is called by the Framework to complete the
+ * next step in a signing/verification/digest operation.
+ * This routine is optional; if unimplemented, the respective
+ * update call with fail with CKR_FUNCTION_FAILED
+ * Update should not be implemented for encryption/decryption
+ * mechanisms.
+ */
+ CK_RV(PR_CALLBACK *DigestUpdate)
+ (
+ NSSCKMDCryptoOperation *mdCryptoOperation,
+ NSSCKFWCryptoOperation *fwCryptoOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ const NSSItem *inputBuffer);
- /*
- * This routine is called by the Framework to complete the
- * next step in an encryption/decryption operation.
- * This routine is optional; if unimplemented, the respective
- * update call with fail with CKR_FUNCTION_FAILED.
- * Update should not be implemented for signing/verification/digest
- * mechanisms.
- */
- CK_RV(PR_CALLBACK *Update)(
- NSSCKMDCryptoOperation *mdCryptoOperation,
- NSSCKFWCryptoOperation *fwCryptoOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- const NSSItem *inputBuffer,
- NSSItem *outputBuffer
- );
+ /*
+ * This routine is called by the Framework to complete a
+ * single step operation. This routine is optional; if unimplemented,
+ * the framework will use the Update and Final functions to complete
+ * the operation.
+ */
+ CK_RV(PR_CALLBACK *UpdateFinal)
+ (
+ NSSCKMDCryptoOperation *mdCryptoOperation,
+ NSSCKFWCryptoOperation *fwCryptoOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ const NSSItem *inputBuffer,
+ NSSItem *outputBuffer);
- /*
- * This routine is called by the Framework to complete the
- * next step in a signing/verification/digest operation.
- * This routine is optional; if unimplemented, the respective
- * update call with fail with CKR_FUNCTION_FAILED
- * Update should not be implemented for encryption/decryption
- * mechanisms.
- */
- CK_RV(PR_CALLBACK *DigestUpdate)(
- NSSCKMDCryptoOperation *mdCryptoOperation,
- NSSCKFWCryptoOperation *fwCryptoOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- const NSSItem *inputBuffer
- );
+ /*
+ * This routine is called by the Framework to complete next
+ * step in a combined operation. The Decrypt/Encrypt mechanism
+ * should define and drive the combo step.
+ * This routine is optional; if unimplemented,
+ * the framework will use the appropriate Update functions to complete
+ * the operation.
+ */
+ CK_RV(PR_CALLBACK *UpdateCombo)
+ (
+ NSSCKMDCryptoOperation *mdCryptoOperation,
+ NSSCKFWCryptoOperation *fwCryptoOperation,
+ NSSCKMDCryptoOperation *mdPeerCryptoOperation,
+ NSSCKFWCryptoOperation *fwPeerCryptoOperation,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ const NSSItem *inputBuffer,
+ NSSItem *outputBuffer);
- /*
- * This routine is called by the Framework to complete a
- * single step operation. This routine is optional; if unimplemented,
- * the framework will use the Update and Final functions to complete
- * the operation.
- */
- CK_RV(PR_CALLBACK *UpdateFinal)(
- NSSCKMDCryptoOperation *mdCryptoOperation,
- NSSCKFWCryptoOperation *fwCryptoOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- const NSSItem *inputBuffer,
- NSSItem *outputBuffer
- );
+ /*
+ * Hash a key directly into the digest
+ */
+ CK_RV(PR_CALLBACK *DigestKey)
+ (
+ NSSCKMDCryptoOperation *mdCryptoOperation,
+ NSSCKFWCryptoOperation *fwCryptoOperation,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdKey,
+ NSSCKFWObject *fwKey);
- /*
- * This routine is called by the Framework to complete next
- * step in a combined operation. The Decrypt/Encrypt mechanism
- * should define and drive the combo step.
- * This routine is optional; if unimplemented,
- * the framework will use the appropriate Update functions to complete
- * the operation.
- */
- CK_RV(PR_CALLBACK *UpdateCombo)(
- NSSCKMDCryptoOperation *mdCryptoOperation,
- NSSCKFWCryptoOperation *fwCryptoOperation,
- NSSCKMDCryptoOperation *mdPeerCryptoOperation,
- NSSCKFWCryptoOperation *fwPeerCryptoOperation,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- const NSSItem *inputBuffer,
- NSSItem *outputBuffer
- );
-
- /*
- * Hash a key directly into the digest
- */
- CK_RV(PR_CALLBACK *DigestKey)(
- NSSCKMDCryptoOperation *mdCryptoOperation,
- NSSCKFWCryptoOperation *fwCryptoOperation,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey
- );
-
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
+ /*
+ * This object may be extended in future versions of the
+ * NSS Cryptoki Framework. To allow for some flexibility
+ * in the area of binary compatibility, this field should
+ * be NULL.
+ */
+ void *null;
};
/*
@@ -1383,365 +1358,352 @@
*/
struct NSSCKMDMechanismStr {
- /*
- * The Module may use this pointer for its own purposes.
- */
- void *etc;
+ /*
+ * The Module may use this pointer for its own purposes.
+ */
+ void *etc;
- /*
- * This also frees the fwMechanism if appropriate.
- * If it is not supplied, the Framework will assume that the Token
- * Manages a static list of mechanisms and the function will not be called.
- */
- void (PR_CALLBACK *Destroy)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This also frees the fwMechanism if appropriate.
+ * If it is not supplied, the Framework will assume that the Token
+ * Manages a static list of mechanisms and the function will not be called.
+ */
+ void(PR_CALLBACK *Destroy)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
+ /*
+ * This routine returns the minimum key size allowed for
+ * this mechanism. This routine is optional; if unimplemented,
+ * zero will be assumed. This routine may return zero on
+ * error; if the error is CKR_OK, zero will be accepted as
+ * a valid response.
+ */
+ CK_ULONG(PR_CALLBACK *GetMinKeySize)
+ (
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns the minimum key size allowed for
- * this mechanism. This routine is optional; if unimplemented,
- * zero will be assumed. This routine may return zero on
- * error; if the error is CKR_OK, zero will be accepted as
- * a valid response.
- */
- CK_ULONG (PR_CALLBACK *GetMinKeySize)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns the maximum key size allowed for
+ * this mechanism. This routine is optional; if unimplemented,
+ * zero will be assumed. This routine may return zero on
+ * error; if the error is CKR_OK, zero will be accepted as
+ * a valid response.
+ */
+ CK_ULONG(PR_CALLBACK *GetMaxKeySize)
+ (
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine returns the maximum key size allowed for
- * this mechanism. This routine is optional; if unimplemented,
- * zero will be assumed. This routine may return zero on
- * error; if the error is CKR_OK, zero will be accepted as
- * a valid response.
- */
- CK_ULONG (PR_CALLBACK *GetMaxKeySize)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine is called to determine if the mechanism is
+ * implemented in hardware or software. It returns CK_TRUE
+ * if it is done in hardware.
+ */
+ CK_BBOOL(PR_CALLBACK *GetInHardware)
+ (
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine is called to determine if the mechanism is
- * implemented in hardware or software. It returns CK_TRUE
- * if it is done in hardware.
- */
- CK_BBOOL (PR_CALLBACK *GetInHardware)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * The crypto routines themselves. Most crypto operations may
+ * be performed in two ways, streaming and single-part. The
+ * streaming operations involve the use of (typically) three
+ * calls-- an Init method to set up the operation, an Update
+ * method to feed data to the operation, and a Final method to
+ * obtain the final result. Single-part operations involve
+ * one method, to perform the crypto operation all at once.
+ *
+ * The NSS Cryptoki Framework can implement the single-part
+ * operations in terms of the streaming operations on behalf
+ * of the Module. There are a few variances.
+ *
+ * Only the Init Functions are defined by the mechanism. Each
+ * init function will return a NSSCKFWCryptoOperation which
+ * can supply update, final, the single part updateFinal, and
+ * the combo updateCombo functions.
+ *
+ * For simplicity, the routines are listed in summary here:
+ *
+ * EncryptInit,
+ * DecryptInit,
+ * DigestInit,
+ * SignInit,
+ * SignRecoverInit;
+ * VerifyInit,
+ * VerifyRecoverInit;
+ *
+ * The key-management routines are
+ *
+ * GenerateKey
+ * GenerateKeyPair
+ * WrapKey
+ * UnwrapKey
+ * DeriveKey
+ *
+ * All of these routines based on the Cryptoki API;
+ * see PKCS#11 for further information.
+ */
- /*
- * The crypto routines themselves. Most crypto operations may
- * be performed in two ways, streaming and single-part. The
- * streaming operations involve the use of (typically) three
- * calls-- an Init method to set up the operation, an Update
- * method to feed data to the operation, and a Final method to
- * obtain the final result. Single-part operations involve
- * one method, to perform the crypto operation all at once.
- *
- * The NSS Cryptoki Framework can implement the single-part
- * operations in terms of the streaming operations on behalf
- * of the Module. There are a few variances.
- *
- * Only the Init Functions are defined by the mechanism. Each
- * init function will return a NSSCKFWCryptoOperation which
- * can supply update, final, the single part updateFinal, and
- * the combo updateCombo functions.
- *
- * For simplicity, the routines are listed in summary here:
- *
- * EncryptInit,
- * DecryptInit,
- * DigestInit,
- * SignInit,
- * SignRecoverInit;
- * VerifyInit,
- * VerifyRecoverInit;
- *
- * The key-management routines are
- *
- * GenerateKey
- * GenerateKeyPair
- * WrapKey
- * UnwrapKey
- * DeriveKey
- *
- * All of these routines based on the Cryptoki API;
- * see PKCS#11 for further information.
- */
+ /*
+ */
+ NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdKey,
+ NSSCKFWObject *fwKey,
+ CK_RV *pError);
- /*
- */
- NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- CK_RV *pError
- );
+ /*
+ */
+ NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdKey,
+ NSSCKFWObject *fwKey,
+ CK_RV *pError);
- /*
- */
- NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- CK_RV *pError
- );
+ /*
+ */
+ NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- */
- NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ */
+ NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdKey,
+ NSSCKFWObject *fwKey,
+ CK_RV *pError);
+ /*
+ */
+ NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdKey,
+ NSSCKFWObject *fwKey,
+ CK_RV *pError);
- /*
- */
- NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- CK_RV *pError
- );
+ /*
+ */
+ NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdKey,
+ NSSCKFWObject *fwKey,
+ CK_RV *pError);
- /*
- */
- NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- CK_RV *pError
- );
+ /*
+ */
+ NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdKey,
+ NSSCKFWObject *fwKey,
+ CK_RV *pError);
- /*
- */
- NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- CK_RV *pError
- );
+ /*
+ * Key management operations.
+ */
- /*
- */
- NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdKey,
- NSSCKFWObject *fwKey,
- CK_RV *pError
- );
+ /*
+ * This routine generates a key. This routine may return NULL
+ * upon error.
+ */
+ NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
- /*
- * Key management operations.
- */
+ /*
+ * This routine generates a key pair.
+ */
+ CK_RV(PR_CALLBACK *GenerateKeyPair)
+ (
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+ CK_ULONG ulPublicKeyAttributeCount,
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+ CK_ULONG ulPrivateKeyAttributeCount,
+ NSSCKMDObject **pPublicKey,
+ NSSCKMDObject **pPrivateKey);
- /*
- * This routine generates a key. This routine may return NULL
- * upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
+ /*
+ * This routine wraps a key.
+ */
+ CK_ULONG(PR_CALLBACK *GetWrapKeyLength)
+ (
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdWrappingKey,
+ NSSCKFWObject *fwWrappingKey,
+ NSSCKMDObject *mdWrappedKey,
+ NSSCKFWObject *fwWrappedKey,
+ CK_RV *pError);
- /*
- * This routine generates a key pair.
- */
- CK_RV (PR_CALLBACK *GenerateKeyPair)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- NSSCKMDObject **pPublicKey,
- NSSCKMDObject **pPrivateKey
- );
+ /*
+ * This routine wraps a key.
+ */
+ CK_RV(PR_CALLBACK *WrapKey)
+ (
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdWrappingKey,
+ NSSCKFWObject *fwWrappingKey,
+ NSSCKMDObject *mdKeyObject,
+ NSSCKFWObject *fwKeyObject,
+ NSSItem *wrappedKey);
- /*
- * This routine wraps a key.
- */
- CK_ULONG (PR_CALLBACK *GetWrapKeyLength)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdWrappingKey,
- NSSCKFWObject *fwWrappingKey,
- NSSCKMDObject *mdWrappedKey,
- NSSCKFWObject *fwWrappedKey,
- CK_RV *pError
- );
+ /*
+ * This routine unwraps a key. This routine may return NULL
+ * upon error.
+ */
+ NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdWrappingKey,
+ NSSCKFWObject *fwWrappingKey,
+ NSSItem *wrappedKey,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
- /*
- * This routine wraps a key.
- */
- CK_RV (PR_CALLBACK *WrapKey)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdWrappingKey,
- NSSCKFWObject *fwWrappingKey,
- NSSCKMDObject *mdKeyObject,
- NSSCKFWObject *fwKeyObject,
- NSSItem *wrappedKey
- );
+ /*
+ * This routine derives a key. This routine may return NULL
+ * upon error.
+ */
+ NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
+ NSSCKMDMechanism *mdMechanism,
+ NSSCKFWMechanism *fwMechanism,
+ CK_MECHANISM_PTR pMechanism,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDObject *mdBaseKey,
+ NSSCKFWObject *fwBaseKey,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError);
- /*
- * This routine unwraps a key. This routine may return NULL
- * upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdWrappingKey,
- NSSCKFWObject *fwWrappingKey,
- NSSItem *wrappedKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
-
- /*
- * This routine derives a key. This routine may return NULL
- * upon error.
- */
- NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
- NSSCKMDMechanism *mdMechanism,
- NSSCKFWMechanism *fwMechanism,
- CK_MECHANISM_PTR pMechanism,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSCKMDObject *mdBaseKey,
- NSSCKFWObject *fwBaseKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
- );
-
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
+ /*
+ * This object may be extended in future versions of the
+ * NSS Cryptoki Framework. To allow for some flexibility
+ * in the area of binary compatibility, this field should
+ * be NULL.
+ */
+ void *null;
};
/*
@@ -1756,190 +1718,187 @@
*/
struct NSSCKMDObjectStr {
- /*
- * The implementation my use this pointer for its own purposes.
- */
- void *etc;
+ /*
+ * The implementation my use this pointer for its own purposes.
+ */
+ void *etc;
- /*
- * This routine is called by the Framework when it is letting
- * go of an object handle. It can be used by the Module to
- * free any resources tied up by an object "in use." It is
- * optional.
- */
- void (PR_CALLBACK *Finalize)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is called by the Framework when it is letting
+ * go of an object handle. It can be used by the Module to
+ * free any resources tied up by an object "in use." It is
+ * optional.
+ */
+ void(PR_CALLBACK *Finalize)(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine is used to completely destroy an object.
- * It is optional. The parameter fwObject might be NULL
- * if the framework runs out of memory at the wrong moment.
- */
- CK_RV (PR_CALLBACK *Destroy)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This routine is used to completely destroy an object.
+ * It is optional. The parameter fwObject might be NULL
+ * if the framework runs out of memory at the wrong moment.
+ */
+ CK_RV(PR_CALLBACK *Destroy)
+ (
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This helper routine is used by the Framework, and is especially
- * useful when it is managing session objects on behalf of the
- * Module. This routine is optional; if unimplemented, the
- * Framework will actually look up the CKA_TOKEN attribute. In the
- * event of an error, just make something up-- the Framework will
- * find out soon enough anyway.
- */
- CK_BBOOL (PR_CALLBACK *IsTokenObject)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
- );
+ /*
+ * This helper routine is used by the Framework, and is especially
+ * useful when it is managing session objects on behalf of the
+ * Module. This routine is optional; if unimplemented, the
+ * Framework will actually look up the CKA_TOKEN attribute. In the
+ * event of an error, just make something up-- the Framework will
+ * find out soon enough anyway.
+ */
+ CK_BBOOL(PR_CALLBACK *IsTokenObject)
+ (
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
- /*
- * This routine returns the number of attributes of which this
- * object consists. It is mandatory. It can return zero on
- * error.
- */
- CK_ULONG (PR_CALLBACK *GetAttributeCount)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns the number of attributes of which this
+ * object consists. It is mandatory. It can return zero on
+ * error.
+ */
+ CK_ULONG(PR_CALLBACK *GetAttributeCount)
+ (
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This routine stuffs the attribute types into the provided array.
- * The array size (as obtained from GetAttributeCount) is passed in
- * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
- * (either too big or too small).
- */
- CK_RV (PR_CALLBACK *GetAttributeTypes)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
- );
+ /*
+ * This routine stuffs the attribute types into the provided array.
+ * The array size (as obtained from GetAttributeCount) is passed in
+ * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
+ * (either too big or too small).
+ */
+ CK_RV(PR_CALLBACK *GetAttributeTypes)
+ (
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount);
- /*
- * This routine returns the size (in bytes) of the specified
- * attribute. It can return zero on error.
- */
- CK_ULONG (PR_CALLBACK *GetAttributeSize)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
- );
+ /*
+ * This routine returns the size (in bytes) of the specified
+ * attribute. It can return zero on error.
+ */
+ CK_ULONG(PR_CALLBACK *GetAttributeSize)
+ (
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError);
- /*
- * This routine returns an NSSCKFWItem structure.
- * The item pointer points to an NSSItem containing the attribute value.
- * The needsFreeing bit tells the framework whether to call the
- * FreeAttribute function . Upon error, an NSSCKFWItem structure
- * with a NULL NSSItem item pointer will be returned
- */
- NSSCKFWItem (PR_CALLBACK *GetAttribute)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
- );
+ /*
+ * This routine returns an NSSCKFWItem structure.
+ * The item pointer points to an NSSItem containing the attribute value.
+ * The needsFreeing bit tells the framework whether to call the
+ * FreeAttribute function . Upon error, an NSSCKFWItem structure
+ * with a NULL NSSItem item pointer will be returned
+ */
+ NSSCKFWItem(PR_CALLBACK *GetAttribute)(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError);
- /*
- * This routine returns CKR_OK if the attribute could be freed.
- */
- CK_RV (PR_CALLBACK *FreeAttribute)(
- NSSCKFWItem * item
- );
+ /*
+ * This routine returns CKR_OK if the attribute could be freed.
+ */
+ CK_RV(PR_CALLBACK *FreeAttribute)
+ (
+ NSSCKFWItem *item);
- /*
- * This routine changes the specified attribute. If unimplemented,
- * the object will be considered read-only.
- */
- CK_RV (PR_CALLBACK *SetAttribute)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
- );
+ /*
+ * This routine changes the specified attribute. If unimplemented,
+ * the object will be considered read-only.
+ */
+ CK_RV(PR_CALLBACK *SetAttribute)
+ (
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *value);
- /*
- * This routine returns the storage requirements of this object,
- * in bytes. Cryptoki doesn't strictly define the definition,
- * but it should relate to the values returned by the "Get Memory"
- * routines of the NSSCKMDToken. This routine is optional; if
- * unimplemented, the Framework will consider this information
- * sensitive. This routine may return zero on error. If the
- * specified error is CKR_OK, zero will be accepted as a valid
- * response.
- */
- CK_ULONG (PR_CALLBACK *GetObjectSize)(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
- );
+ /*
+ * This routine returns the storage requirements of this object,
+ * in bytes. Cryptoki doesn't strictly define the definition,
+ * but it should relate to the values returned by the "Get Memory"
+ * routines of the NSSCKMDToken. This routine is optional; if
+ * unimplemented, the Framework will consider this information
+ * sensitive. This routine may return zero on error. If the
+ * specified error is CKR_OK, zero will be accepted as a valid
+ * response.
+ */
+ CK_ULONG(PR_CALLBACK *GetObjectSize)
+ (
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
- /*
- * This object may be extended in future versions of the
- * NSS Cryptoki Framework. To allow for some flexibility
- * in the area of binary compatibility, this field should
- * be NULL.
- */
- void *null;
+ /*
+ * This object may be extended in future versions of the
+ * NSS Cryptoki Framework. To allow for some flexibility
+ * in the area of binary compatibility, this field should
+ * be NULL.
+ */
+ void *null;
};
-
#endif /* NSSCKMDT_H */
diff --git a/nss/lib/ckfw/nssckt.h b/nss/lib/ckfw/nssckt.h
index 5ed534c..b50a88f 100644
--- a/nss/lib/ckfw/nssckt.h
+++ b/nss/lib/ckfw/nssckt.h
@@ -10,4 +10,3 @@
#define CK_ENTRY
#endif /* _NSSCKT_H_ */
-
diff --git a/nss/lib/ckfw/object.c b/nss/lib/ckfw/object.c
index 661977e..ff0542e 100644
--- a/nss/lib/ckfw/object.c
+++ b/nss/lib/ckfw/object.c
@@ -50,16 +50,16 @@
*/
struct NSSCKFWObjectStr {
- NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */
- NSSArena *arena;
- NSSCKMDObject *mdObject;
- NSSCKMDSession *mdSession;
- NSSCKFWSession *fwSession;
- NSSCKMDToken *mdToken;
- NSSCKFWToken *fwToken;
- NSSCKMDInstance *mdInstance;
- NSSCKFWInstance *fwInstance;
- CK_OBJECT_HANDLE hObject;
+ NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */
+ NSSArena *arena;
+ NSSCKMDObject *mdObject;
+ NSSCKMDSession *mdSession;
+ NSSCKFWSession *fwSession;
+ NSSCKMDToken *mdToken;
+ NSSCKFWToken *fwToken;
+ NSSCKMDInstance *mdInstance;
+ NSSCKFWInstance *fwInstance;
+ CK_OBJECT_HANDLE hObject;
};
#ifdef DEBUG
@@ -75,123 +75,114 @@
*/
static CK_RV
-object_add_pointer
-(
- const NSSCKFWObject *fwObject
-)
+object_add_pointer(
+ const NSSCKFWObject *fwObject)
{
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
-object_remove_pointer
-(
- const NSSCKFWObject *fwObject
-)
+object_remove_pointer(
+ const NSSCKFWObject *fwObject)
{
- return CKR_OK;
+ return CKR_OK;
}
NSS_IMPLEMENT CK_RV
-nssCKFWObject_verifyPointer
-(
- const NSSCKFWObject *fwObject
-)
+nssCKFWObject_verifyPointer(
+ const NSSCKFWObject *fwObject)
{
- return CKR_OK;
+ return CKR_OK;
}
#endif /* DEBUG */
-
/*
* nssCKFWObject_Create
*
*/
NSS_IMPLEMENT NSSCKFWObject *
-nssCKFWObject_Create
-(
- NSSArena *arena,
- NSSCKMDObject *mdObject,
- NSSCKFWSession *fwSession,
- NSSCKFWToken *fwToken,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+nssCKFWObject_Create(
+ NSSArena *arena,
+ NSSCKMDObject *mdObject,
+ NSSCKFWSession *fwSession,
+ NSSCKFWToken *fwToken,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- NSSCKFWObject *fwObject;
- nssCKFWHash *mdObjectHash;
+ NSSCKFWObject *fwObject;
+ nssCKFWHash *mdObjectHash;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWObject *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWObject *)NULL;
+ }
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWObject *)NULL;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKFWObject *)NULL;
+ }
#endif /* NSSDEBUG */
- if (!fwToken) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWObject *)NULL;
- }
- mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken);
- if (!mdObjectHash) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWObject *)NULL;
- }
-
- if( nssCKFWHash_Exists(mdObjectHash, mdObject) ) {
- fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject);
- return fwObject;
- }
-
- fwObject = nss_ZNEW(arena, NSSCKFWObject);
- if (!fwObject) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWObject *)NULL;
- }
-
- fwObject->arena = arena;
- fwObject->mdObject = mdObject;
- fwObject->fwSession = fwSession;
-
- if (fwSession) {
- fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession);
- }
-
- fwObject->fwToken = fwToken;
- fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken);
- fwObject->fwInstance = fwInstance;
- fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
- fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if (!fwObject->mutex) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ if (!fwToken) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKFWObject *)NULL;
}
- nss_ZFreeIf(fwObject);
- return (NSSCKFWObject *)NULL;
- }
+ mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken);
+ if (!mdObjectHash) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKFWObject *)NULL;
+ }
- *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject);
- if( CKR_OK != *pError ) {
- nss_ZFreeIf(fwObject);
- return (NSSCKFWObject *)NULL;
- }
+ if (nssCKFWHash_Exists(mdObjectHash, mdObject)) {
+ fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject);
+ return fwObject;
+ }
+
+ fwObject = nss_ZNEW(arena, NSSCKFWObject);
+ if (!fwObject) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKFWObject *)NULL;
+ }
+
+ fwObject->arena = arena;
+ fwObject->mdObject = mdObject;
+ fwObject->fwSession = fwSession;
+
+ if (fwSession) {
+ fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession);
+ }
+
+ fwObject->fwToken = fwToken;
+ fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken);
+ fwObject->fwInstance = fwInstance;
+ fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
+ fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
+ if (!fwObject->mutex) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ nss_ZFreeIf(fwObject);
+ return (NSSCKFWObject *)NULL;
+ }
+
+ *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject);
+ if (CKR_OK != *pError) {
+ nss_ZFreeIf(fwObject);
+ return (NSSCKFWObject *)NULL;
+ }
#ifdef DEBUG
- *pError = object_add_pointer(fwObject);
- if( CKR_OK != *pError ) {
- nssCKFWHash_Remove(mdObjectHash, mdObject);
- nss_ZFreeIf(fwObject);
- return (NSSCKFWObject *)NULL;
- }
+ *pError = object_add_pointer(fwObject);
+ if (CKR_OK != *pError) {
+ nssCKFWHash_Remove(mdObjectHash, mdObject);
+ nss_ZFreeIf(fwObject);
+ return (NSSCKFWObject *)NULL;
+ }
#endif /* DEBUG */
- *pError = CKR_OK;
- return fwObject;
+ *pError = CKR_OK;
+ return fwObject;
}
/*
@@ -199,45 +190,43 @@
*
*/
NSS_IMPLEMENT void
-nssCKFWObject_Finalize
-(
- NSSCKFWObject *fwObject,
- PRBool removeFromHash
-)
+nssCKFWObject_Finalize(
+ NSSCKFWObject *fwObject,
+ PRBool removeFromHash)
{
- nssCKFWHash *mdObjectHash;
+ nssCKFWHash *mdObjectHash;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return;
- }
+ if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+ return;
+ }
#endif /* NSSDEBUG */
- (void)nssCKFWMutex_Destroy(fwObject->mutex);
+ (void)nssCKFWMutex_Destroy(fwObject->mutex);
- if (fwObject->mdObject->Finalize) {
- fwObject->mdObject->Finalize(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
- }
-
- if (removeFromHash) {
- mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
- if (mdObjectHash) {
- nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
+ if (fwObject->mdObject->Finalize) {
+ fwObject->mdObject->Finalize(fwObject->mdObject, fwObject,
+ fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+ fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
}
- }
- if (fwObject->fwSession) {
- nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
- }
- nss_ZFreeIf(fwObject);
+ if (removeFromHash) {
+ mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
+ if (mdObjectHash) {
+ nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
+ }
+ }
+
+ if (fwObject->fwSession) {
+ nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
+ }
+ nss_ZFreeIf(fwObject);
#ifdef DEBUG
- (void)object_remove_pointer(fwObject);
+ (void)object_remove_pointer(fwObject);
#endif /* DEBUG */
- return;
+ return;
}
/*
@@ -245,42 +234,40 @@
*
*/
NSS_IMPLEMENT void
-nssCKFWObject_Destroy
-(
- NSSCKFWObject *fwObject
-)
+nssCKFWObject_Destroy(
+ NSSCKFWObject *fwObject)
{
- nssCKFWHash *mdObjectHash;
+ nssCKFWHash *mdObjectHash;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return;
- }
+ if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+ return;
+ }
#endif /* NSSDEBUG */
- (void)nssCKFWMutex_Destroy(fwObject->mutex);
+ (void)nssCKFWMutex_Destroy(fwObject->mutex);
- if (fwObject->mdObject->Destroy) {
- fwObject->mdObject->Destroy(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
- }
+ if (fwObject->mdObject->Destroy) {
+ fwObject->mdObject->Destroy(fwObject->mdObject, fwObject,
+ fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+ fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
+ }
- mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
- if (mdObjectHash) {
- nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
- }
+ mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
+ if (mdObjectHash) {
+ nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
+ }
- if (fwObject->fwSession) {
- nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
- }
- nss_ZFreeIf(fwObject);
+ if (fwObject->fwSession) {
+ nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
+ }
+ nss_ZFreeIf(fwObject);
#ifdef DEBUG
- (void)object_remove_pointer(fwObject);
+ (void)object_remove_pointer(fwObject);
#endif /* DEBUG */
- return;
+ return;
}
/*
@@ -288,18 +275,16 @@
*
*/
NSS_IMPLEMENT NSSCKMDObject *
-nssCKFWObject_GetMDObject
-(
- NSSCKFWObject *fwObject
-)
+nssCKFWObject_GetMDObject(
+ NSSCKFWObject *fwObject)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return (NSSCKMDObject *)NULL;
- }
+ if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+ return (NSSCKMDObject *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwObject->mdObject;
+ return fwObject->mdObject;
}
/*
@@ -307,24 +292,22 @@
*
*/
NSS_IMPLEMENT NSSArena *
-nssCKFWObject_GetArena
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
+nssCKFWObject_GetArena(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError)
{
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSArena *)NULL;
- }
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (NSSArena *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwObject->arena;
+ return fwObject->arena;
}
/*
@@ -332,30 +315,28 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWObject_SetHandle
-(
- NSSCKFWObject *fwObject,
- CK_OBJECT_HANDLE hObject
-)
+nssCKFWObject_SetHandle(
+ NSSCKFWObject *fwObject,
+ CK_OBJECT_HANDLE hObject)
{
#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#endif /* NSSDEBUG */
#ifdef NSSDEBUG
- error = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- if( (CK_OBJECT_HANDLE)0 != fwObject->hObject ) {
- return CKR_GENERAL_ERROR;
- }
+ if ((CK_OBJECT_HANDLE)0 != fwObject->hObject) {
+ return CKR_GENERAL_ERROR;
+ }
- fwObject->hObject = hObject;
+ fwObject->hObject = hObject;
- return CKR_OK;
+ return CKR_OK;
}
/*
@@ -363,18 +344,16 @@
*
*/
NSS_IMPLEMENT CK_OBJECT_HANDLE
-nssCKFWObject_GetHandle
-(
- NSSCKFWObject *fwObject
-)
+nssCKFWObject_GetHandle(
+ NSSCKFWObject *fwObject)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return (CK_OBJECT_HANDLE)0;
- }
+ if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+ return (CK_OBJECT_HANDLE)0;
+ }
#endif /* NSSDEBUG */
- return fwObject->hObject;
+ return fwObject->hObject;
}
/*
@@ -382,44 +361,42 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWObject_IsTokenObject
-(
- NSSCKFWObject *fwObject
-)
+nssCKFWObject_IsTokenObject(
+ NSSCKFWObject *fwObject)
{
- CK_BBOOL b = CK_FALSE;
+ CK_BBOOL b = CK_FALSE;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwObject->mdObject->IsTokenObject) {
- NSSItem item;
- NSSItem *pItem;
- CK_RV rv = CKR_OK;
+ if (!fwObject->mdObject->IsTokenObject) {
+ NSSItem item;
+ NSSItem *pItem;
+ CK_RV rv = CKR_OK;
- item.data = (void *)&b;
- item.size = sizeof(b);
+ item.data = (void *)&b;
+ item.size = sizeof(b);
- pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item,
- (NSSArena *)NULL, &rv);
- if (!pItem) {
- /* Error of some type */
- b = CK_FALSE;
- goto done;
+ pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item,
+ (NSSArena *)NULL, &rv);
+ if (!pItem) {
+ /* Error of some type */
+ b = CK_FALSE;
+ goto done;
+ }
+
+ goto done;
}
- goto done;
- }
+ b = fwObject->mdObject->IsTokenObject(fwObject->mdObject, fwObject,
+ fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+ fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
- b = fwObject->mdObject->IsTokenObject(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
-
- done:
- return b;
+done:
+ return b;
}
/*
@@ -427,42 +404,40 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWObject_GetAttributeCount
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
+nssCKFWObject_GetAttributeCount(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError)
{
- CK_ULONG rv;
+ CK_ULONG rv;
#ifdef NSSDEBUG
- if (!pError) {
- return (CK_ULONG)0;
- }
+ if (!pError) {
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- if (!fwObject->mdObject->GetAttributeCount) {
- *pError = CKR_GENERAL_ERROR;
- return (CK_ULONG)0;
- }
+ if (!fwObject->mdObject->GetAttributeCount) {
+ *pError = CKR_GENERAL_ERROR;
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWMutex_Lock(fwObject->mutex);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
- rv = fwObject->mdObject->GetAttributeCount(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- pError);
+ rv = fwObject->mdObject->GetAttributeCount(fwObject->mdObject, fwObject,
+ fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+ fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+ pError);
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return rv;
+ (void)nssCKFWMutex_Unlock(fwObject->mutex);
+ return rv;
}
/*
@@ -470,42 +445,40 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWObject_GetAttributeTypes
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
+nssCKFWObject_GetAttributeTypes(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != error) {
+ return error;
+ }
- if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray) {
+ return CKR_ARGUMENTS_BAD;
+ }
#endif /* NSSDEBUG */
- if (!fwObject->mdObject->GetAttributeTypes) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwObject->mdObject->GetAttributeTypes) {
+ return CKR_GENERAL_ERROR;
+ }
- error = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != error ) {
+ error = nssCKFWMutex_Lock(fwObject->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ error = fwObject->mdObject->GetAttributeTypes(fwObject->mdObject, fwObject,
+ fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+ fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+ typeArray, ulCount);
+
+ (void)nssCKFWMutex_Unlock(fwObject->mutex);
return error;
- }
-
- error = fwObject->mdObject->GetAttributeTypes(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- typeArray, ulCount);
-
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return error;
}
/*
@@ -513,43 +486,41 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWObject_GetAttributeSize
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+nssCKFWObject_GetAttributeSize(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
- CK_ULONG rv;
+ CK_ULONG rv;
#ifdef NSSDEBUG
- if (!pError) {
- return (CK_ULONG)0;
- }
+ if (!pError) {
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- if (!fwObject->mdObject->GetAttributeSize) {
- *pError = CKR_GENERAL_ERROR;
- return (CK_ULONG )0;
- }
+ if (!fwObject->mdObject->GetAttributeSize) {
+ *pError = CKR_GENERAL_ERROR;
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWMutex_Lock(fwObject->mutex);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
- rv = fwObject->mdObject->GetAttributeSize(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- attribute, pError);
+ rv = fwObject->mdObject->GetAttributeSize(fwObject->mdObject, fwObject,
+ fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+ fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+ attribute, pError);
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return rv;
+ (void)nssCKFWMutex_Unlock(fwObject->mutex);
+ return rv;
}
/*
@@ -563,97 +534,95 @@
* specified.
*/
NSS_IMPLEMENT NSSItem *
-nssCKFWObject_GetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *itemOpt,
- NSSArena *arenaOpt,
- CK_RV *pError
-)
+nssCKFWObject_GetAttribute(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *itemOpt,
+ NSSArena *arenaOpt,
+ CK_RV *pError)
{
- NSSItem *rv = (NSSItem *)NULL;
- NSSCKFWItem mdItem;
+ NSSItem *rv = (NSSItem *)NULL;
+ NSSCKFWItem mdItem;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSItem *)NULL;
- }
+ if (!pError) {
+ return (NSSItem *)NULL;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSItem *)NULL;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (NSSItem *)NULL;
+ }
#endif /* NSSDEBUG */
- if (!fwObject->mdObject->GetAttribute) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSItem *)NULL;
- }
-
- *pError = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != *pError ) {
- return (NSSItem *)NULL;
- }
-
- mdItem = fwObject->mdObject->GetAttribute(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- attribute, pError);
-
- if (!mdItem.item) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ if (!fwObject->mdObject->GetAttribute) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSItem *)NULL;
}
- goto done;
- }
-
- if (!itemOpt) {
- rv = nss_ZNEW(arenaOpt, NSSItem);
- if (!rv) {
- *pError = CKR_HOST_MEMORY;
- goto done;
+ *pError = nssCKFWMutex_Lock(fwObject->mutex);
+ if (CKR_OK != *pError) {
+ return (NSSItem *)NULL;
}
- } else {
- rv = itemOpt;
- }
- if (!rv->data) {
- rv->size = mdItem.item->size;
- rv->data = nss_ZAlloc(arenaOpt, rv->size);
- if (!rv->data) {
- *pError = CKR_HOST_MEMORY;
- if (!itemOpt) {
- nss_ZFreeIf(rv);
- }
- rv = (NSSItem *)NULL;
- goto done;
+ mdItem = fwObject->mdObject->GetAttribute(fwObject->mdObject, fwObject,
+ fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+ fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+ attribute, pError);
+
+ if (!mdItem.item) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+
+ goto done;
}
- } else {
- if( rv->size >= mdItem.item->size ) {
- rv->size = mdItem.item->size;
+
+ if (!itemOpt) {
+ rv = nss_ZNEW(arenaOpt, NSSItem);
+ if (!rv) {
+ *pError = CKR_HOST_MEMORY;
+ goto done;
+ }
} else {
- *pError = CKR_BUFFER_TOO_SMALL;
- /* Should we set rv->size to mdItem->size? */
- /* rv can't have been allocated */
- rv = (NSSItem *)NULL;
- goto done;
+ rv = itemOpt;
}
- }
- (void)nsslibc_memcpy(rv->data, mdItem.item->data, rv->size);
-
- if (PR_TRUE == mdItem.needsFreeing) {
- PR_ASSERT(fwObject->mdObject->FreeAttribute);
- if (fwObject->mdObject->FreeAttribute) {
- *pError = fwObject->mdObject->FreeAttribute(&mdItem);
+ if (!rv->data) {
+ rv->size = mdItem.item->size;
+ rv->data = nss_ZAlloc(arenaOpt, rv->size);
+ if (!rv->data) {
+ *pError = CKR_HOST_MEMORY;
+ if (!itemOpt) {
+ nss_ZFreeIf(rv);
+ }
+ rv = (NSSItem *)NULL;
+ goto done;
+ }
+ } else {
+ if (rv->size >= mdItem.item->size) {
+ rv->size = mdItem.item->size;
+ } else {
+ *pError = CKR_BUFFER_TOO_SMALL;
+ /* Should we set rv->size to mdItem->size? */
+ /* rv can't have been allocated */
+ rv = (NSSItem *)NULL;
+ goto done;
+ }
}
- }
- done:
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return rv;
+ (void)nsslibc_memcpy(rv->data, mdItem.item->data, rv->size);
+
+ if (PR_TRUE == mdItem.needsFreeing) {
+ PR_ASSERT(fwObject->mdObject->FreeAttribute);
+ if (fwObject->mdObject->FreeAttribute) {
+ *pError = fwObject->mdObject->FreeAttribute(&mdItem);
+ }
+ }
+
+done:
+ (void)nssCKFWMutex_Unlock(fwObject->mutex);
+ return rv;
}
/*
@@ -661,128 +630,126 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWObject_SetAttribute
-(
- NSSCKFWObject *fwObject,
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-)
+nssCKFWObject_SetAttribute(
+ NSSCKFWObject *fwObject,
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *value)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- if( CKA_TOKEN == attribute ) {
- /*
- * We're changing from a session object to a token object or
- * vice-versa.
- */
+ if (CKA_TOKEN == attribute) {
+ /*
+ * We're changing from a session object to a token object or
+ * vice-versa.
+ */
- CK_ATTRIBUTE a;
- NSSCKFWObject *newFwObject;
- NSSCKFWObject swab;
+ CK_ATTRIBUTE a;
+ NSSCKFWObject *newFwObject;
+ NSSCKFWObject swab;
- a.type = CKA_TOKEN;
- a.pValue = value->data;
- a.ulValueLen = value->size;
+ a.type = CKA_TOKEN;
+ a.pValue = value->data;
+ a.ulValueLen = value->size;
- newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject,
- &a, 1, &error);
- if (!newFwObject) {
- if( CKR_OK == error ) {
- error = CKR_GENERAL_ERROR;
- }
- return error;
- }
+ newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject,
+ &a, 1, &error);
+ if (!newFwObject) {
+ if (CKR_OK == error) {
+ error = CKR_GENERAL_ERROR;
+ }
+ return error;
+ }
- /*
- * Actually, I bet the locking is worse than this.. this part of
- * the code could probably use some scrutiny and reworking.
- */
- error = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != error ) {
- nssCKFWObject_Destroy(newFwObject);
- return error;
- }
+ /*
+ * Actually, I bet the locking is worse than this.. this part of
+ * the code could probably use some scrutiny and reworking.
+ */
+ error = nssCKFWMutex_Lock(fwObject->mutex);
+ if (CKR_OK != error) {
+ nssCKFWObject_Destroy(newFwObject);
+ return error;
+ }
- error = nssCKFWMutex_Lock(newFwObject->mutex);
- if( CKR_OK != error ) {
- nssCKFWMutex_Unlock(fwObject->mutex);
- nssCKFWObject_Destroy(newFwObject);
- return error;
- }
+ error = nssCKFWMutex_Lock(newFwObject->mutex);
+ if (CKR_OK != error) {
+ nssCKFWMutex_Unlock(fwObject->mutex);
+ nssCKFWObject_Destroy(newFwObject);
+ return error;
+ }
- /*
- * Now, we have our new object, but it has a new fwObject pointer,
- * while we have to keep the existing one. So quick swap the contents.
- */
- swab = *fwObject;
- *fwObject = *newFwObject;
- *newFwObject = swab;
+ /*
+ * Now, we have our new object, but it has a new fwObject pointer,
+ * while we have to keep the existing one. So quick swap the contents.
+ */
+ swab = *fwObject;
+ *fwObject = *newFwObject;
+ *newFwObject = swab;
- /* But keep the mutexes the same */
- swab.mutex = fwObject->mutex;
- fwObject->mutex = newFwObject->mutex;
- newFwObject->mutex = swab.mutex;
+ /* But keep the mutexes the same */
+ swab.mutex = fwObject->mutex;
+ fwObject->mutex = newFwObject->mutex;
+ newFwObject->mutex = swab.mutex;
- (void)nssCKFWMutex_Unlock(newFwObject->mutex);
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
+ (void)nssCKFWMutex_Unlock(newFwObject->mutex);
+ (void)nssCKFWMutex_Unlock(fwObject->mutex);
- /*
- * Either remove or add this to the list of session objects
- */
+ /*
+ * Either remove or add this to the list of session objects
+ */
- if( CK_FALSE == *(CK_BBOOL *)value->data ) {
- /*
- * New one is a session object, except since we "stole" the fwObject, it's
- * not in the list. Add it.
- */
- nssCKFWSession_RegisterSessionObject(fwSession, fwObject);
+ if (CK_FALSE == *(CK_BBOOL *)value->data) {
+ /*
+ * New one is a session object, except since we "stole" the fwObject, it's
+ * not in the list. Add it.
+ */
+ nssCKFWSession_RegisterSessionObject(fwSession, fwObject);
+ } else {
+ /*
+ * New one is a token object, except since we "stole" the fwObject, it's
+ * in the list. Remove it.
+ */
+ if (fwObject->fwSession) {
+ nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
+ }
+ }
+
+ /*
+ * Now delete the old object. Remember the names have changed.
+ */
+ nssCKFWObject_Destroy(newFwObject);
+
+ return CKR_OK;
} else {
- /*
- * New one is a token object, except since we "stole" the fwObject, it's
- * in the list. Remove it.
- */
- if (fwObject->fwSession) {
- nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
- }
+ /*
+ * An "ordinary" change.
+ */
+ if (!fwObject->mdObject->SetAttribute) {
+ /* We could fake it with copying, like above.. later */
+ return CKR_ATTRIBUTE_READ_ONLY;
+ }
+
+ error = nssCKFWMutex_Lock(fwObject->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ error = fwObject->mdObject->SetAttribute(fwObject->mdObject, fwObject,
+ fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+ fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+ attribute, value);
+
+ (void)nssCKFWMutex_Unlock(fwObject->mutex);
+
+ return error;
}
-
- /*
- * Now delete the old object. Remember the names have changed.
- */
- nssCKFWObject_Destroy(newFwObject);
-
- return CKR_OK;
- } else {
- /*
- * An "ordinary" change.
- */
- if (!fwObject->mdObject->SetAttribute) {
- /* We could fake it with copying, like above.. later */
- return CKR_ATTRIBUTE_READ_ONLY;
- }
-
- error = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- error = fwObject->mdObject->SetAttribute(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- attribute, value);
-
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
-
- return error;
- }
}
/*
@@ -790,42 +757,40 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWObject_GetObjectSize
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
+nssCKFWObject_GetObjectSize(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError)
{
- CK_ULONG rv;
+ CK_ULONG rv;
#ifdef NSSDEBUG
- if (!pError) {
- return (CK_ULONG)0;
- }
+ if (!pError) {
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- if (!fwObject->mdObject->GetObjectSize) {
- *pError = CKR_INFORMATION_SENSITIVE;
- return (CK_ULONG)0;
- }
+ if (!fwObject->mdObject->GetObjectSize) {
+ *pError = CKR_INFORMATION_SENSITIVE;
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWMutex_Lock(fwObject->mutex);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWMutex_Lock(fwObject->mutex);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
- rv = fwObject->mdObject->GetObjectSize(fwObject->mdObject, fwObject,
- fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
- fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
- pError);
+ rv = fwObject->mdObject->GetObjectSize(fwObject->mdObject, fwObject,
+ fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+ fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+ pError);
- (void)nssCKFWMutex_Unlock(fwObject->mutex);
- return rv;
+ (void)nssCKFWMutex_Unlock(fwObject->mutex);
+ return rv;
}
/*
@@ -833,18 +798,16 @@
*
*/
NSS_IMPLEMENT NSSCKMDObject *
-NSSCKFWObject_GetMDObject
-(
- NSSCKFWObject *fwObject
-)
+NSSCKFWObject_GetMDObject(
+ NSSCKFWObject *fwObject)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return (NSSCKMDObject *)NULL;
- }
+ if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+ return (NSSCKMDObject *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWObject_GetMDObject(fwObject);
+ return nssCKFWObject_GetMDObject(fwObject);
}
/*
@@ -852,24 +815,22 @@
*
*/
NSS_IMPLEMENT NSSArena *
-NSSCKFWObject_GetArena
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
+NSSCKFWObject_GetArena(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError)
{
#ifdef DEBUG
- if (!pError) {
- return (NSSArena *)NULL;
- }
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (NSSArena *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWObject_GetArena(fwObject, pError);
+ return nssCKFWObject_GetArena(fwObject, pError);
}
/*
@@ -877,18 +838,16 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-NSSCKFWObject_IsTokenObject
-(
- NSSCKFWObject *fwObject
-)
+NSSCKFWObject_IsTokenObject(
+ NSSCKFWObject *fwObject)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+ return CK_FALSE;
+ }
#endif /* DEBUG */
- return nssCKFWObject_IsTokenObject(fwObject);
+ return nssCKFWObject_IsTokenObject(fwObject);
}
/*
@@ -896,24 +855,22 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-NSSCKFWObject_GetAttributeCount
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
+NSSCKFWObject_GetAttributeCount(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError)
{
#ifdef DEBUG
- if (!pError) {
- return (CK_ULONG)0;
- }
+ if (!pError) {
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
#endif /* DEBUG */
- return nssCKFWObject_GetAttributeCount(fwObject, pError);
+ return nssCKFWObject_GetAttributeCount(fwObject, pError);
}
/*
@@ -921,27 +878,25 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWObject_GetAttributeTypes
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
+NSSCKFWObject_GetAttributeTypes(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount)
{
#ifdef DEBUG
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
- error = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != error) {
+ return error;
+ }
- if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray) {
+ return CKR_ARGUMENTS_BAD;
+ }
#endif /* DEBUG */
- return nssCKFWObject_GetAttributeTypes(fwObject, typeArray, ulCount);
+ return nssCKFWObject_GetAttributeTypes(fwObject, typeArray, ulCount);
}
/*
@@ -949,25 +904,23 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-NSSCKFWObject_GetAttributeSize
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+NSSCKFWObject_GetAttributeSize(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
#ifdef DEBUG
- if (!pError) {
- return (CK_ULONG)0;
- }
+ if (!pError) {
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
#endif /* DEBUG */
- return nssCKFWObject_GetAttributeSize(fwObject, attribute, pError);
+ return nssCKFWObject_GetAttributeSize(fwObject, attribute, pError);
}
/*
@@ -975,27 +928,25 @@
*
*/
NSS_IMPLEMENT NSSItem *
-NSSCKFWObject_GetAttribute
-(
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *itemOpt,
- NSSArena *arenaOpt,
- CK_RV *pError
-)
+NSSCKFWObject_GetAttribute(
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *itemOpt,
+ NSSArena *arenaOpt,
+ CK_RV *pError)
{
#ifdef DEBUG
- if (!pError) {
- return (NSSItem *)NULL;
- }
+ if (!pError) {
+ return (NSSItem *)NULL;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSItem *)NULL;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (NSSItem *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWObject_GetAttribute(fwObject, attribute, itemOpt, arenaOpt, pError);
+ return nssCKFWObject_GetAttribute(fwObject, attribute, itemOpt, arenaOpt, pError);
}
/*
@@ -1003,22 +954,20 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-NSSCKFWObject_GetObjectSize
-(
- NSSCKFWObject *fwObject,
- CK_RV *pError
-)
+NSSCKFWObject_GetObjectSize(
+ NSSCKFWObject *fwObject,
+ CK_RV *pError)
{
#ifdef DEBUG
- if (!pError) {
- return (CK_ULONG)0;
- }
+ if (!pError) {
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
#endif /* DEBUG */
- return nssCKFWObject_GetObjectSize(fwObject, pError);
+ return nssCKFWObject_GetObjectSize(fwObject, pError);
}
diff --git a/nss/lib/ckfw/session.c b/nss/lib/ckfw/session.c
index 1d05262..4320a39 100644
--- a/nss/lib/ckfw/session.c
+++ b/nss/lib/ckfw/session.c
@@ -61,26 +61,26 @@
*/
struct NSSCKFWSessionStr {
- NSSArena *arena;
- NSSCKMDSession *mdSession;
- NSSCKFWToken *fwToken;
- NSSCKMDToken *mdToken;
- NSSCKFWInstance *fwInstance;
- NSSCKMDInstance *mdInstance;
- CK_VOID_PTR pApplication;
- CK_NOTIFY Notify;
+ NSSArena *arena;
+ NSSCKMDSession *mdSession;
+ NSSCKFWToken *fwToken;
+ NSSCKMDToken *mdToken;
+ NSSCKFWInstance *fwInstance;
+ NSSCKMDInstance *mdInstance;
+ CK_VOID_PTR pApplication;
+ CK_NOTIFY Notify;
- /*
- * Everything above is set at creation time, and then not modified.
- * The items below are atomic. No locking required. If we fear
- * about pointer-copies being nonatomic, we'll lock fwFindObjects.
- */
+ /*
+ * Everything above is set at creation time, and then not modified.
+ * The items below are atomic. No locking required. If we fear
+ * about pointer-copies being nonatomic, we'll lock fwFindObjects.
+ */
- CK_BBOOL rw;
- NSSCKFWFindObjects *fwFindObjects;
- NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max];
- nssCKFWHash *sessionObjectHash;
- CK_SESSION_HANDLE hSession;
+ CK_BBOOL rw;
+ NSSCKFWFindObjects *fwFindObjects;
+ NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max];
+ nssCKFWHash *sessionObjectHash;
+ CK_SESSION_HANDLE hSession;
};
#ifdef DEBUG
@@ -96,30 +96,24 @@
*/
static CK_RV
-session_add_pointer
-(
- const NSSCKFWSession *fwSession
-)
+session_add_pointer(
+ const NSSCKFWSession *fwSession)
{
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
-session_remove_pointer
-(
- const NSSCKFWSession *fwSession
-)
+session_remove_pointer(
+ const NSSCKFWSession *fwSession)
{
- return CKR_OK;
+ return CKR_OK;
}
NSS_IMPLEMENT CK_RV
-nssCKFWSession_verifyPointer
-(
- const NSSCKFWSession *fwSession
-)
+nssCKFWSession_verifyPointer(
+ const NSSCKFWSession *fwSession)
{
- return CKR_OK;
+ return CKR_OK;
}
#endif /* DEBUG */
@@ -129,95 +123,91 @@
*
*/
NSS_IMPLEMENT NSSCKFWSession *
-nssCKFWSession_Create
-(
- NSSCKFWToken *fwToken,
- CK_BBOOL rw,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_RV *pError
-)
+nssCKFWSession_Create(
+ NSSCKFWToken *fwToken,
+ CK_BBOOL rw,
+ CK_VOID_PTR pApplication,
+ CK_NOTIFY Notify,
+ CK_RV *pError)
{
- NSSArena *arena = (NSSArena *)NULL;
- NSSCKFWSession *fwSession;
- NSSCKFWSlot *fwSlot;
+ NSSArena *arena = (NSSArena *)NULL;
+ NSSCKFWSession *fwSession;
+ NSSCKFWSlot *fwSlot;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWSession *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWSession *)NULL;
+ }
- *pError = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSession *)NULL;
- }
+ *pError = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWSession *)NULL;
+ }
#endif /* NSSDEBUG */
- arena = NSSArena_Create();
- if (!arena) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWSession *)NULL;
- }
-
- fwSession = nss_ZNEW(arena, NSSCKFWSession);
- if (!fwSession) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fwSession->arena = arena;
- fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */
- fwSession->fwToken = fwToken;
- fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken);
-
- fwSlot = nssCKFWToken_GetFWSlot(fwToken);
- fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
- fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
-
- fwSession->rw = rw;
- fwSession->pApplication = pApplication;
- fwSession->Notify = Notify;
-
- fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL;
-
- fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError);
- if (!fwSession->sessionObjectHash) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ arena = NSSArena_Create();
+ if (!arena) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKFWSession *)NULL;
}
- goto loser;
- }
+
+ fwSession = nss_ZNEW(arena, NSSCKFWSession);
+ if (!fwSession) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
+ }
+
+ fwSession->arena = arena;
+ fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */
+ fwSession->fwToken = fwToken;
+ fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken);
+
+ fwSlot = nssCKFWToken_GetFWSlot(fwToken);
+ fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
+ fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
+
+ fwSession->rw = rw;
+ fwSession->pApplication = pApplication;
+ fwSession->Notify = Notify;
+
+ fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL;
+
+ fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError);
+ if (!fwSession->sessionObjectHash) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
#ifdef DEBUG
- *pError = session_add_pointer(fwSession);
- if( CKR_OK != *pError ) {
- goto loser;
- }
+ *pError = session_add_pointer(fwSession);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
#endif /* DEBUG */
- return fwSession;
+ return fwSession;
- loser:
- if (arena) {
- if (fwSession && fwSession->sessionObjectHash) {
- (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash);
+loser:
+ if (arena) {
+ if (fwSession && fwSession->sessionObjectHash) {
+ (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash);
+ }
+ NSSArena_Destroy(arena);
}
- NSSArena_Destroy(arena);
- }
- return (NSSCKFWSession *)NULL;
+ return (NSSCKFWSession *)NULL;
}
static void
-nss_ckfw_session_object_destroy_iterator
-(
- const void *key,
- void *value,
- void *closure
-)
+nss_ckfw_session_object_destroy_iterator(
+ const void *key,
+ void *value,
+ void *closure)
{
- NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
- nssCKFWObject_Finalize(fwObject, PR_TRUE);
+ NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
+ nssCKFWObject_Finalize(fwObject, PR_TRUE);
}
/*
@@ -225,51 +215,49 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_Destroy
-(
- NSSCKFWSession *fwSession,
- CK_BBOOL removeFromTokenHash
-)
+nssCKFWSession_Destroy(
+ NSSCKFWSession *fwSession,
+ CK_BBOOL removeFromTokenHash)
{
- CK_RV error = CKR_OK;
- nssCKFWHash *sessionObjectHash;
- NSSCKFWCryptoOperationState i;
+ CK_RV error = CKR_OK;
+ nssCKFWHash *sessionObjectHash;
+ NSSCKFWCryptoOperationState i;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- if( removeFromTokenHash ) {
- error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession);
- }
-
- /*
- * Invalidate session objects
- */
-
- sessionObjectHash = fwSession->sessionObjectHash;
- fwSession->sessionObjectHash = (nssCKFWHash *)NULL;
-
- nssCKFWHash_Iterate(sessionObjectHash,
- nss_ckfw_session_object_destroy_iterator,
- (void *)NULL);
-
- for (i=0; i < NSSCKFWCryptoOperationState_Max; i++) {
- if (fwSession->fwOperationArray[i]) {
- nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]);
+ if (removeFromTokenHash) {
+ error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession);
}
- }
+
+ /*
+ * Invalidate session objects
+ */
+
+ sessionObjectHash = fwSession->sessionObjectHash;
+ fwSession->sessionObjectHash = (nssCKFWHash *)NULL;
+
+ nssCKFWHash_Iterate(sessionObjectHash,
+ nss_ckfw_session_object_destroy_iterator,
+ (void *)NULL);
+
+ for (i = 0; i < NSSCKFWCryptoOperationState_Max; i++) {
+ if (fwSession->fwOperationArray[i]) {
+ nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]);
+ }
+ }
#ifdef DEBUG
- (void)session_remove_pointer(fwSession);
+ (void)session_remove_pointer(fwSession);
#endif /* DEBUG */
- (void)nssCKFWHash_Destroy(sessionObjectHash);
- NSSArena_Destroy(fwSession->arena);
+ (void)nssCKFWHash_Destroy(sessionObjectHash);
+ NSSArena_Destroy(fwSession->arena);
- return error;
+ return error;
}
/*
@@ -277,18 +265,16 @@
*
*/
NSS_IMPLEMENT NSSCKMDSession *
-nssCKFWSession_GetMDSession
-(
- NSSCKFWSession *fwSession
-)
+nssCKFWSession_GetMDSession(
+ NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (NSSCKMDSession *)NULL;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return (NSSCKMDSession *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwSession->mdSession;
+ return fwSession->mdSession;
}
/*
@@ -296,24 +282,22 @@
*
*/
NSS_IMPLEMENT NSSArena *
-nssCKFWSession_GetArena
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
+nssCKFWSession_GetArena(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError)
{
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSArena *)NULL;
- }
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
+ *pError = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != *pError) {
+ return (NSSArena *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwSession->arena;
+ return fwSession->arena;
}
/*
@@ -321,34 +305,32 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_CallNotification
-(
- NSSCKFWSession *fwSession,
- CK_NOTIFICATION event
-)
+nssCKFWSession_CallNotification(
+ NSSCKFWSession *fwSession,
+ CK_NOTIFICATION event)
{
- CK_RV error = CKR_OK;
- CK_SESSION_HANDLE handle;
+ CK_RV error = CKR_OK;
+ CK_SESSION_HANDLE handle;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- if( (CK_NOTIFY)NULL == fwSession->Notify ) {
- return CKR_OK;
- }
+ if ((CK_NOTIFY)NULL == fwSession->Notify) {
+ return CKR_OK;
+ }
- handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession);
- if( (CK_SESSION_HANDLE)0 == handle ) {
- return CKR_GENERAL_ERROR;
- }
+ handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession);
+ if ((CK_SESSION_HANDLE)0 == handle) {
+ return CKR_GENERAL_ERROR;
+ }
- error = fwSession->Notify(handle, event, fwSession->pApplication);
+ error = fwSession->Notify(handle, event, fwSession->pApplication);
- return error;
+ return error;
}
/*
@@ -356,18 +338,16 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWSession_IsRWSession
-(
- NSSCKFWSession *fwSession
-)
+nssCKFWSession_IsRWSession(
+ NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- return fwSession->rw;
+ return fwSession->rw;
}
/*
@@ -375,31 +355,29 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWSession_IsSO
-(
- NSSCKFWSession *fwSession
-)
+nssCKFWSession_IsSO(
+ NSSCKFWSession *fwSession)
{
- CK_STATE state;
+ CK_STATE state;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- state = nssCKFWToken_GetSessionState(fwSession->fwToken);
- switch( state ) {
- case CKS_RO_PUBLIC_SESSION:
- case CKS_RO_USER_FUNCTIONS:
- case CKS_RW_PUBLIC_SESSION:
- case CKS_RW_USER_FUNCTIONS:
- return CK_FALSE;
- case CKS_RW_SO_FUNCTIONS:
- return CK_TRUE;
- default:
- return CK_FALSE;
- }
+ state = nssCKFWToken_GetSessionState(fwSession->fwToken);
+ switch (state) {
+ case CKS_RO_PUBLIC_SESSION:
+ case CKS_RO_USER_FUNCTIONS:
+ case CKS_RW_PUBLIC_SESSION:
+ case CKS_RW_USER_FUNCTIONS:
+ return CK_FALSE;
+ case CKS_RW_SO_FUNCTIONS:
+ return CK_TRUE;
+ default:
+ return CK_FALSE;
+ }
}
/*
@@ -407,18 +385,16 @@
*
*/
NSS_IMPLEMENT NSSCKFWSlot *
-nssCKFWSession_GetFWSlot
-(
- NSSCKFWSession *fwSession
-)
+nssCKFWSession_GetFWSlot(
+ NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (NSSCKFWSlot *)NULL;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return (NSSCKFWSlot *)NULL;
+ }
#endif /* NSSDEBUG */
- return nssCKFWToken_GetFWSlot(fwSession->fwToken);
+ return nssCKFWToken_GetFWSlot(fwSession->fwToken);
}
/*
@@ -426,18 +402,16 @@
*
*/
NSS_IMPLEMENT CK_STATE
-nssCKFWSession_GetSessionState
-(
- NSSCKFWSession *fwSession
-)
+nssCKFWSession_GetSessionState(
+ NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CKS_RO_PUBLIC_SESSION; /* whatever */
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return CKS_RO_PUBLIC_SESSION; /* whatever */
+ }
#endif /* NSSDEBUG */
- return nssCKFWToken_GetSessionState(fwSession->fwToken);
+ return nssCKFWToken_GetSessionState(fwSession->fwToken);
}
/*
@@ -445,33 +419,31 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetFWFindObjects
-(
- NSSCKFWSession *fwSession,
- NSSCKFWFindObjects *fwFindObjects
-)
+nssCKFWSession_SetFWFindObjects(
+ NSSCKFWSession *fwSession,
+ NSSCKFWFindObjects *fwFindObjects)
{
#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#endif /* NSSDEBUG */
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- /* fwFindObjects may be null */
+/* fwFindObjects may be null */
#endif /* NSSDEBUG */
- if ((fwSession->fwFindObjects) &&
- (fwFindObjects)) {
- return CKR_OPERATION_ACTIVE;
- }
+ if ((fwSession->fwFindObjects) &&
+ (fwFindObjects)) {
+ return CKR_OPERATION_ACTIVE;
+ }
- fwSession->fwFindObjects = fwFindObjects;
+ fwSession->fwFindObjects = fwFindObjects;
- return CKR_OK;
+ return CKR_OK;
}
/*
@@ -479,29 +451,27 @@
*
*/
NSS_IMPLEMENT NSSCKFWFindObjects *
-nssCKFWSession_GetFWFindObjects
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
+nssCKFWSession_GetFWFindObjects(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError)
{
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWFindObjects *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWFindObjects *)NULL;
+ }
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSCKFWFindObjects *)NULL;
- }
+ *pError = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWFindObjects *)NULL;
+ }
#endif /* NSSDEBUG */
- if (!fwSession->fwFindObjects) {
- *pError = CKR_OPERATION_NOT_INITIALIZED;
- return (NSSCKFWFindObjects *)NULL;
- }
+ if (!fwSession->fwFindObjects) {
+ *pError = CKR_OPERATION_NOT_INITIALIZED;
+ return (NSSCKFWFindObjects *)NULL;
+ }
- return fwSession->fwFindObjects;
+ return fwSession->fwFindObjects;
}
/*
@@ -509,34 +479,32 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetMDSession
-(
- NSSCKFWSession *fwSession,
- NSSCKMDSession *mdSession
-)
+nssCKFWSession_SetMDSession(
+ NSSCKFWSession *fwSession,
+ NSSCKMDSession *mdSession)
{
#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#endif /* NSSDEBUG */
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!mdSession) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (!mdSession) {
+ return CKR_ARGUMENTS_BAD;
+ }
#endif /* NSSDEBUG */
- if (fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
- fwSession->mdSession = mdSession;
+ fwSession->mdSession = mdSession;
- return CKR_OK;
+ return CKR_OK;
}
/*
@@ -544,30 +512,28 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetHandle
-(
- NSSCKFWSession *fwSession,
- CK_SESSION_HANDLE hSession
-)
+nssCKFWSession_SetHandle(
+ NSSCKFWSession *fwSession,
+ CK_SESSION_HANDLE hSession)
{
#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#endif /* NSSDEBUG */
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- if( (CK_SESSION_HANDLE)0 != fwSession->hSession ) {
- return CKR_GENERAL_ERROR;
- }
+ if ((CK_SESSION_HANDLE)0 != fwSession->hSession) {
+ return CKR_GENERAL_ERROR;
+ }
- fwSession->hSession = hSession;
+ fwSession->hSession = hSession;
- return CKR_OK;
+ return CKR_OK;
}
/*
@@ -575,18 +541,16 @@
*
*/
NSS_IMPLEMENT CK_SESSION_HANDLE
-nssCKFWSession_GetHandle
-(
- NSSCKFWSession *fwSession
-)
+nssCKFWSession_GetHandle(
+ NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return NULL;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return NULL;
+ }
#endif /* NSSDEBUG */
- return fwSession->hSession;
+ return fwSession->hSession;
}
/*
@@ -594,25 +558,23 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_RegisterSessionObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
+nssCKFWSession_RegisterSessionObject(
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject)
{
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_OK;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CKR_GENERAL_ERROR;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- if (fwSession->sessionObjectHash) {
- rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
- }
+ if (fwSession->sessionObjectHash) {
+ rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
+ }
- return rv;
+ return rv;
}
/*
@@ -620,23 +582,21 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_DeregisterSessionObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject
-)
+nssCKFWSession_DeregisterSessionObject(
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CKR_GENERAL_ERROR;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- if (fwSession->sessionObjectHash) {
- nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject);
- }
+ if (fwSession->sessionObjectHash) {
+ nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject);
+ }
- return CKR_OK;
+ return CKR_OK;
}
/*
@@ -644,28 +604,26 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWSession_GetDeviceError
-(
- NSSCKFWSession *fwSession
-)
+nssCKFWSession_GetDeviceError(
+ NSSCKFWSession *fwSession)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (CK_ULONG)0;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return (CK_ULONG)0;
+ }
- if (!fwSession->mdSession) {
- return (CK_ULONG)0;
- }
+ if (!fwSession->mdSession) {
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- if (!fwSession->mdSession->GetDeviceError) {
- return (CK_ULONG)0;
- }
+ if (!fwSession->mdSession->GetDeviceError) {
+ return (CK_ULONG)0;
+ }
- return fwSession->mdSession->GetDeviceError(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance);
+ return fwSession->mdSession->GetDeviceError(fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken,
+ fwSession->mdInstance, fwSession->fwInstance);
}
/*
@@ -673,116 +631,117 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_Login
-(
- NSSCKFWSession *fwSession,
- CK_USER_TYPE userType,
- NSSItem *pin
-)
+nssCKFWSession_Login(
+ NSSCKFWSession *fwSession,
+ CK_USER_TYPE userType,
+ NSSItem *pin)
{
- CK_RV error = CKR_OK;
- CK_STATE oldState;
- CK_STATE newState;
+ CK_RV error = CKR_OK;
+ CK_STATE oldState;
+ CK_STATE newState;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- switch( userType ) {
- case CKU_SO:
- case CKU_USER:
- break;
- default:
- return CKR_USER_TYPE_INVALID;
- }
-
- if (!pin) {
- if( CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken) ) {
- return CKR_ARGUMENTS_BAD;
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
}
- }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ switch (userType) {
+ case CKU_SO:
+ case CKU_USER:
+ break;
+ default:
+ return CKR_USER_TYPE_INVALID;
+ }
+
+ if (!pin) {
+ if (CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken)) {
+ return CKR_ARGUMENTS_BAD;
+ }
+ }
+
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
+ oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
- /*
- * It's not clear what happens when you're already logged in.
- * I'll just fail; but if we decide to change, the logic is
- * all right here.
- */
-
- if( CKU_SO == userType ) {
- switch( oldState ) {
- case CKS_RO_PUBLIC_SESSION:
- /*
- * There's no such thing as a read-only security officer
- * session, so fail. The error should be CKR_SESSION_READ_ONLY,
- * except that C_Login isn't defined to return that. So we'll
- * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented.
- */
- return CKR_SESSION_READ_ONLY_EXISTS;
- case CKS_RO_USER_FUNCTIONS:
- return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
- case CKS_RW_PUBLIC_SESSION:
- newState = CKS_RW_SO_FUNCTIONS;
- break;
- case CKS_RW_USER_FUNCTIONS:
- return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
- case CKS_RW_SO_FUNCTIONS:
- return CKR_USER_ALREADY_LOGGED_IN;
- default:
- return CKR_GENERAL_ERROR;
- }
- } else /* CKU_USER == userType */ {
- switch( oldState ) {
- case CKS_RO_PUBLIC_SESSION:
- newState = CKS_RO_USER_FUNCTIONS;
- break;
- case CKS_RO_USER_FUNCTIONS:
- return CKR_USER_ALREADY_LOGGED_IN;
- case CKS_RW_PUBLIC_SESSION:
- newState = CKS_RW_USER_FUNCTIONS;
- break;
- case CKS_RW_USER_FUNCTIONS:
- return CKR_USER_ALREADY_LOGGED_IN;
- case CKS_RW_SO_FUNCTIONS:
- return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
- default:
- return CKR_GENERAL_ERROR;
- }
- }
-
- /*
- * So now we're in one of three cases:
- *
- * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS;
- * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS;
- * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS;
- */
-
- if (!fwSession->mdSession->Login) {
/*
- * The Module doesn't want to be informed (or check the pin)
- * it'll just rely on the Framework as needed.
+ * It's not clear what happens when you're already logged in.
+ * I'll just fail; but if we decide to change, the logic is
+ * all right here.
*/
- ;
- } else {
- error = fwSession->mdSession->Login(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, userType, pin, oldState, newState);
- if( CKR_OK != error ) {
- return error;
- }
- }
- (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
- return CKR_OK;
+ if (CKU_SO == userType) {
+ switch (oldState) {
+ case CKS_RO_PUBLIC_SESSION:
+ /*
+ * There's no such thing as a read-only security officer
+ * session, so fail. The error should be CKR_SESSION_READ_ONLY,
+ * except that C_Login isn't defined to return that. So we'll
+ * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented.
+ */
+ return CKR_SESSION_READ_ONLY_EXISTS;
+ case CKS_RO_USER_FUNCTIONS:
+ return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
+ case CKS_RW_PUBLIC_SESSION:
+ newState =
+ CKS_RW_SO_FUNCTIONS;
+ break;
+ case CKS_RW_USER_FUNCTIONS:
+ return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
+ case CKS_RW_SO_FUNCTIONS:
+ return CKR_USER_ALREADY_LOGGED_IN;
+ default:
+ return CKR_GENERAL_ERROR;
+ }
+ } else /* CKU_USER == userType */ {
+ switch (oldState) {
+ case CKS_RO_PUBLIC_SESSION:
+ newState =
+ CKS_RO_USER_FUNCTIONS;
+ break;
+ case CKS_RO_USER_FUNCTIONS:
+ return CKR_USER_ALREADY_LOGGED_IN;
+ case CKS_RW_PUBLIC_SESSION:
+ newState =
+ CKS_RW_USER_FUNCTIONS;
+ break;
+ case CKS_RW_USER_FUNCTIONS:
+ return CKR_USER_ALREADY_LOGGED_IN;
+ case CKS_RW_SO_FUNCTIONS:
+ return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
+ default:
+ return CKR_GENERAL_ERROR;
+ }
+ }
+
+ /*
+ * So now we're in one of three cases:
+ *
+ * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS;
+ * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS;
+ * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS;
+ */
+
+ if (!fwSession->mdSession->Login) {
+ /*
+ * The Module doesn't want to be informed (or check the pin)
+ * it'll just rely on the Framework as needed.
+ */
+ ;
+ } else {
+ error = fwSession->mdSession->Login(fwSession->mdSession, fwSession,
+ fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+ fwSession->fwInstance, userType, pin, oldState, newState);
+ if (CKR_OK != error) {
+ return error;
+ }
+ }
+
+ (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
+ return CKR_OK;
}
/*
@@ -790,74 +749,72 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_Logout
-(
- NSSCKFWSession *fwSession
-)
+nssCKFWSession_Logout(
+ NSSCKFWSession *fwSession)
{
- CK_RV error = CKR_OK;
- CK_STATE oldState;
- CK_STATE newState;
+ CK_RV error = CKR_OK;
+ CK_STATE oldState;
+ CK_STATE newState;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
+ oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
- switch( oldState ) {
- case CKS_RO_PUBLIC_SESSION:
- return CKR_USER_NOT_LOGGED_IN;
- case CKS_RO_USER_FUNCTIONS:
- newState = CKS_RO_PUBLIC_SESSION;
- break;
- case CKS_RW_PUBLIC_SESSION:
- return CKR_USER_NOT_LOGGED_IN;
- case CKS_RW_USER_FUNCTIONS:
- newState = CKS_RW_PUBLIC_SESSION;
- break;
- case CKS_RW_SO_FUNCTIONS:
- newState = CKS_RW_PUBLIC_SESSION;
- break;
- default:
- return CKR_GENERAL_ERROR;
- }
-
- /*
- * So now we're in one of three cases:
- *
- * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
- * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
- * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION;
- */
-
- if (!fwSession->mdSession->Logout) {
- /*
- * The Module doesn't want to be informed. Okay.
- */
- ;
- } else {
- error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, oldState, newState);
- if( CKR_OK != error ) {
- /*
- * Now what?! A failure really should end up with the Framework
- * considering it logged out, right?
- */
- ;
+ switch (oldState) {
+ case CKS_RO_PUBLIC_SESSION:
+ return CKR_USER_NOT_LOGGED_IN;
+ case CKS_RO_USER_FUNCTIONS:
+ newState = CKS_RO_PUBLIC_SESSION;
+ break;
+ case CKS_RW_PUBLIC_SESSION:
+ return CKR_USER_NOT_LOGGED_IN;
+ case CKS_RW_USER_FUNCTIONS:
+ newState = CKS_RW_PUBLIC_SESSION;
+ break;
+ case CKS_RW_SO_FUNCTIONS:
+ newState = CKS_RW_PUBLIC_SESSION;
+ break;
+ default:
+ return CKR_GENERAL_ERROR;
}
- }
- (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
- return error;
+ /*
+ * So now we're in one of three cases:
+ *
+ * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
+ * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
+ * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION;
+ */
+
+ if (!fwSession->mdSession->Logout) {
+ /*
+ * The Module doesn't want to be informed. Okay.
+ */
+ ;
+ } else {
+ error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession,
+ fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+ fwSession->fwInstance, oldState, newState);
+ if (CKR_OK != error) {
+ /*
+ * Now what?! A failure really should end up with the Framework
+ * considering it logged out, right?
+ */
+ ;
+ }
+ }
+
+ (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
+ return error;
}
/*
@@ -865,47 +822,45 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_InitPIN
-(
- NSSCKFWSession *fwSession,
- NSSItem *pin
-)
+nssCKFWSession_InitPIN(
+ NSSCKFWSession *fwSession,
+ NSSItem *pin)
{
- CK_RV error = CKR_OK;
- CK_STATE state;
+ CK_RV error = CKR_OK;
+ CK_STATE state;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- state = nssCKFWToken_GetSessionState(fwSession->fwToken);
- if( CKS_RW_SO_FUNCTIONS != state ) {
- return CKR_USER_NOT_LOGGED_IN;
- }
-
- if (!pin) {
- CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
- if( CK_TRUE != has ) {
- return CKR_ARGUMENTS_BAD;
+ state = nssCKFWToken_GetSessionState(fwSession->fwToken);
+ if (CKS_RW_SO_FUNCTIONS != state) {
+ return CKR_USER_NOT_LOGGED_IN;
}
- }
- if (!fwSession->mdSession->InitPIN) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
+ if (!pin) {
+ CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
+ if (CK_TRUE != has) {
+ return CKR_ARGUMENTS_BAD;
+ }
+ }
- error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, pin);
+ if (!fwSession->mdSession->InitPIN) {
+ return CKR_TOKEN_WRITE_PROTECTED;
+ }
- return error;
+ error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession,
+ fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+ fwSession->fwInstance, pin);
+
+ return error;
}
/*
@@ -913,49 +868,47 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetPIN
-(
- NSSCKFWSession *fwSession,
- NSSItem *newPin,
- NSSItem *oldPin
-)
+nssCKFWSession_SetPIN(
+ NSSCKFWSession *fwSession,
+ NSSItem *oldPin,
+ NSSItem *newPin)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- if (!newPin) {
- CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
- if( CK_TRUE != has ) {
- return CKR_ARGUMENTS_BAD;
+ if (!newPin) {
+ CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
+ if (CK_TRUE != has) {
+ return CKR_ARGUMENTS_BAD;
+ }
}
- }
- if (!oldPin) {
- CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
- if( CK_TRUE != has ) {
- return CKR_ARGUMENTS_BAD;
+ if (!oldPin) {
+ CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
+ if (CK_TRUE != has) {
+ return CKR_ARGUMENTS_BAD;
+ }
}
- }
- if (!fwSession->mdSession->SetPIN) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
+ if (!fwSession->mdSession->SetPIN) {
+ return CKR_TOKEN_WRITE_PROTECTED;
+ }
- error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, newPin, oldPin);
+ error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession,
+ fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+ fwSession->fwInstance, oldPin, newPin);
- return error;
+ return error;
}
/*
@@ -963,54 +916,52 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWSession_GetOperationStateLen
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
+nssCKFWSession_GetOperationStateLen(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError)
{
- CK_ULONG mdAmt;
- CK_ULONG fwAmt;
+ CK_ULONG mdAmt;
+ CK_ULONG fwAmt;
#ifdef NSSDEBUG
- if (!pError) {
- return (CK_ULONG)0;
- }
+ if (!pError) {
+ return (CK_ULONG)0;
+ }
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (CK_ULONG)0;
- }
+ *pError = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != *pError) {
+ return (CK_ULONG)0;
+ }
- if (!fwSession->mdSession) {
- *pError = CKR_GENERAL_ERROR;
- return (CK_ULONG)0;
- }
+ if (!fwSession->mdSession) {
+ *pError = CKR_GENERAL_ERROR;
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- if (!fwSession->mdSession->GetOperationStateLen) {
- *pError = CKR_STATE_UNSAVEABLE;
- return (CK_ULONG)0;
- }
+ if (!fwSession->mdSession->GetOperationStateLen) {
+ *pError = CKR_STATE_UNSAVEABLE;
+ return (CK_ULONG)0;
+ }
- /*
- * We could check that the session is actually in some state..
- */
+ /*
+ * We could check that the session is actually in some state..
+ */
- mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, pError);
+ mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+ fwSession->fwInstance, pError);
- if( ((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError) ) {
- return (CK_ULONG)0;
- }
+ if (((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError)) {
+ return (CK_ULONG)0;
+ }
- /*
- * Add a bit of sanity-checking
- */
- fwAmt = mdAmt + 2*sizeof(CK_ULONG);
+ /*
+ * Add a bit of sanity-checking
+ */
+ fwAmt = mdAmt + 2 * sizeof(CK_ULONG);
- return fwAmt;
+ return fwAmt;
}
/*
@@ -1018,82 +969,80 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_GetOperationState
-(
- NSSCKFWSession *fwSession,
- NSSItem *buffer
-)
+nssCKFWSession_GetOperationState(
+ NSSCKFWSession *fwSession,
+ NSSItem *buffer)
{
- CK_RV error = CKR_OK;
- CK_ULONG fwAmt;
- CK_ULONG *ulBuffer;
- NSSItem i2;
- CK_ULONG n, i;
+ CK_RV error = CKR_OK;
+ CK_ULONG fwAmt;
+ CK_ULONG *ulBuffer;
+ NSSItem i2;
+ CK_ULONG n, i;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!buffer) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (!buffer) {
+ return CKR_ARGUMENTS_BAD;
+ }
- if (!buffer->data) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (!buffer->data) {
+ return CKR_ARGUMENTS_BAD;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- if (!fwSession->mdSession->GetOperationState) {
- return CKR_STATE_UNSAVEABLE;
- }
+ if (!fwSession->mdSession->GetOperationState) {
+ return CKR_STATE_UNSAVEABLE;
+ }
- /*
- * Sanity-check the caller's buffer.
- */
+ /*
+ * Sanity-check the caller's buffer.
+ */
- error = CKR_OK;
- fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error);
- if( ((CK_ULONG)0 == fwAmt) && (CKR_OK != error) ) {
- return error;
- }
+ error = CKR_OK;
+ fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error);
+ if (((CK_ULONG)0 == fwAmt) && (CKR_OK != error)) {
+ return error;
+ }
- if( buffer->size < fwAmt ) {
- return CKR_BUFFER_TOO_SMALL;
- }
+ if (buffer->size < fwAmt) {
+ return CKR_BUFFER_TOO_SMALL;
+ }
- ulBuffer = (CK_ULONG *)buffer->data;
+ ulBuffer = (CK_ULONG *)buffer->data;
- i2.size = buffer->size - 2*sizeof(CK_ULONG);
- i2.data = (void *)&ulBuffer[2];
+ i2.size = buffer->size - 2 * sizeof(CK_ULONG);
+ i2.data = (void *)&ulBuffer[2];
- error = fwSession->mdSession->GetOperationState(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance, &i2);
+ error = fwSession->mdSession->GetOperationState(fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken,
+ fwSession->mdInstance, fwSession->fwInstance, &i2);
- if( CKR_OK != error ) {
- return error;
- }
+ if (CKR_OK != error) {
+ return error;
+ }
- /*
- * Add a little integrety/identity check.
- * NOTE: right now, it's pretty stupid.
- * A CRC or something would be better.
- */
+ /*
+ * Add a little integrety/identity check.
+ * NOTE: right now, it's pretty stupid.
+ * A CRC or something would be better.
+ */
- ulBuffer[0] = 0x434b4657; /* CKFW */
- ulBuffer[1] = 0;
- n = i2.size/sizeof(CK_ULONG);
- for( i = 0; i < n; i++ ) {
- ulBuffer[1] ^= ulBuffer[2+i];
- }
+ ulBuffer[0] = 0x434b4657; /* CKFW */
+ ulBuffer[1] = 0;
+ n = i2.size / sizeof(CK_ULONG);
+ for (i = 0; i < n; i++) {
+ ulBuffer[1] ^= ulBuffer[2 + i];
+ }
- return CKR_OK;
+ return CKR_OK;
}
/*
@@ -1101,126 +1050,122 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_SetOperationState
-(
- NSSCKFWSession *fwSession,
- NSSItem *state,
- NSSCKFWObject *encryptionKey,
- NSSCKFWObject *authenticationKey
-)
+nssCKFWSession_SetOperationState(
+ NSSCKFWSession *fwSession,
+ NSSItem *state,
+ NSSCKFWObject *encryptionKey,
+ NSSCKFWObject *authenticationKey)
{
- CK_RV error = CKR_OK;
- CK_ULONG *ulBuffer;
- CK_ULONG n, i;
- CK_ULONG x;
- NSSItem s;
- NSSCKMDObject *mdek;
- NSSCKMDObject *mdak;
+ CK_RV error = CKR_OK;
+ CK_ULONG *ulBuffer;
+ CK_ULONG n, i;
+ CK_ULONG x;
+ NSSItem s;
+ NSSCKMDObject *mdek;
+ NSSCKMDObject *mdak;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!state) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if (!state->data) {
- return CKR_ARGUMENTS_BAD;
- }
-
- if (encryptionKey) {
- error = nssCKFWObject_verifyPointer(encryptionKey);
- if( CKR_OK != error ) {
- return error;
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
}
- }
- if (authenticationKey) {
- error = nssCKFWObject_verifyPointer(authenticationKey);
- if( CKR_OK != error ) {
- return error;
+ if (!state) {
+ return CKR_ARGUMENTS_BAD;
}
- }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!state->data) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ if (encryptionKey) {
+ error = nssCKFWObject_verifyPointer(encryptionKey);
+ if (CKR_OK != error) {
+ return error;
+ }
+ }
+
+ if (authenticationKey) {
+ error = nssCKFWObject_verifyPointer(authenticationKey);
+ if (CKR_OK != error) {
+ return error;
+ }
+ }
+
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- ulBuffer = (CK_ULONG *)state->data;
- if( 0x43b4657 != ulBuffer[0] ) {
- return CKR_SAVED_STATE_INVALID;
- }
- n = (state->size / sizeof(CK_ULONG)) - 2;
- x = (CK_ULONG)0;
- for( i = 0; i < n; i++ ) {
- x ^= ulBuffer[2+i];
- }
+ ulBuffer = (CK_ULONG *)state->data;
+ if (0x43b4657 != ulBuffer[0]) {
+ return CKR_SAVED_STATE_INVALID;
+ }
+ n = (state->size / sizeof(CK_ULONG)) - 2;
+ x = (CK_ULONG)0;
+ for (i = 0; i < n; i++) {
+ x ^= ulBuffer[2 + i];
+ }
- if( x != ulBuffer[1] ) {
- return CKR_SAVED_STATE_INVALID;
- }
+ if (x != ulBuffer[1]) {
+ return CKR_SAVED_STATE_INVALID;
+ }
- if (!fwSession->mdSession->SetOperationState) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession->SetOperationState) {
+ return CKR_GENERAL_ERROR;
+ }
- s.size = state->size - 2*sizeof(CK_ULONG);
- s.data = (void *)&ulBuffer[2];
+ s.size = state->size - 2 * sizeof(CK_ULONG);
+ s.data = (void *)&ulBuffer[2];
- if (encryptionKey) {
- mdek = nssCKFWObject_GetMDObject(encryptionKey);
- } else {
- mdek = (NSSCKMDObject *)NULL;
- }
+ if (encryptionKey) {
+ mdek = nssCKFWObject_GetMDObject(encryptionKey);
+ } else {
+ mdek = (NSSCKMDObject *)NULL;
+ }
- if (authenticationKey) {
- mdak = nssCKFWObject_GetMDObject(authenticationKey);
- } else {
- mdak = (NSSCKMDObject *)NULL;
- }
+ if (authenticationKey) {
+ mdak = nssCKFWObject_GetMDObject(authenticationKey);
+ } else {
+ mdak = (NSSCKMDObject *)NULL;
+ }
- error = fwSession->mdSession->SetOperationState(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey);
+ error = fwSession->mdSession->SetOperationState(fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+ fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey);
- if( CKR_OK != error ) {
- return error;
- }
+ if (CKR_OK != error) {
+ return error;
+ }
- /*
- * Here'd we restore any session data
- */
-
- return CKR_OK;
+ /*
+ * Here'd we restore any session data
+ */
+
+ return CKR_OK;
}
static CK_BBOOL
-nss_attributes_form_token_object
-(
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount
-)
+nss_attributes_form_token_object(
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount)
{
- CK_ULONG i;
- CK_BBOOL rv;
+ CK_ULONG i;
+ CK_BBOOL rv;
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( CKA_TOKEN == pTemplate[i].type ) {
- /* If we sanity-check, we can remove this sizeof check */
- if( sizeof(CK_BBOOL) == pTemplate[i].ulValueLen ) {
- (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL));
- return rv;
- } else {
- return CK_FALSE;
- }
+ for (i = 0; i < ulAttributeCount; i++) {
+ if (CKA_TOKEN == pTemplate[i].type) {
+ /* If we sanity-check, we can remove this sizeof check */
+ if (sizeof(CK_BBOOL) == pTemplate[i].ulValueLen) {
+ (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL));
+ return rv;
+ } else {
+ return CK_FALSE;
+ }
+ }
}
- }
- return CK_FALSE;
+ return CK_FALSE;
}
/*
@@ -1228,133 +1173,132 @@
*
*/
NSS_IMPLEMENT NSSCKFWObject *
-nssCKFWSession_CreateObject
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nssCKFWSession_CreateObject(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- NSSArena *arena;
- NSSCKMDObject *mdObject;
- NSSCKFWObject *fwObject;
- CK_BBOOL isTokenObject;
+ NSSArena *arena;
+ NSSCKMDObject *mdObject;
+ NSSCKFWObject *fwObject;
+ CK_BBOOL isTokenObject;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWObject *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWObject *)NULL;
+ }
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != pError ) {
- return (NSSCKFWObject *)NULL;
- }
+ *pError = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != pError) {
+ return (NSSCKFWObject *)NULL;
+ }
- if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWObject *)NULL;
- }
+ if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKFWObject *)NULL;
+ }
- if (!fwSession->mdSession) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWObject *)NULL;
- }
+ if (!fwSession->mdSession) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKFWObject *)NULL;
+ }
#endif /* NSSDEBUG */
- /*
- * Here would be an excellent place to sanity-check the object.
- */
+ /*
+ * Here would be an excellent place to sanity-check the object.
+ */
- isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount);
- if( CK_TRUE == isTokenObject ) {
- /* === TOKEN OBJECT === */
+ isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount);
+ if (CK_TRUE == isTokenObject) {
+ /* === TOKEN OBJECT === */
- if (!fwSession->mdSession->CreateObject) {
- *pError = CKR_TOKEN_WRITE_PROTECTED;
- return (NSSCKFWObject *)NULL;
- }
+ if (!fwSession->mdSession->CreateObject) {
+ *pError = CKR_TOKEN_WRITE_PROTECTED;
+ return (NSSCKFWObject *)NULL;
+ }
- arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
- if (!arena) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
+ arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
+ if (!arena) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWObject *)NULL;
+ }
- goto callmdcreateobject;
- } else {
- /* === SESSION OBJECT === */
-
- arena = nssCKFWSession_GetArena(fwSession, pError);
- if (!arena) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
-
- if( CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
- fwSession->fwInstance) ) {
- /* --- module handles the session object -- */
-
- if (!fwSession->mdSession->CreateObject) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWObject *)NULL;
- }
-
- goto callmdcreateobject;
+ goto callmdcreateobject;
} else {
- /* --- framework handles the session object -- */
- mdObject = nssCKMDSessionObject_Create(fwSession->fwToken,
- arena, pTemplate, ulAttributeCount, pError);
- goto gotmdobject;
- }
- }
+ /* === SESSION OBJECT === */
- callmdcreateobject:
- mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate,
- ulAttributeCount, pError);
+ arena = nssCKFWSession_GetArena(fwSession, pError);
+ if (!arena) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWObject *)NULL;
+ }
- gotmdobject:
- if (!mdObject) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
+ if (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
+ fwSession->fwInstance)) {
+ /* --- module handles the session object -- */
- fwObject = nssCKFWObject_Create(arena, mdObject,
- isTokenObject ? NULL : fwSession,
- fwSession->fwToken, fwSession->fwInstance, pError);
- if (!fwObject) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
-
- if (mdObject->Destroy) {
- (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
- fwSession->mdSession, fwSession, fwSession->mdToken,
- fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
- }
-
- return (NSSCKFWObject *)NULL;
- }
+ if (!fwSession->mdSession->CreateObject) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKFWObject *)NULL;
+ }
- if( CK_FALSE == isTokenObject ) {
- if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject) ) {
- *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
- if( CKR_OK != *pError ) {
- nssCKFWObject_Finalize(fwObject, PR_TRUE);
+ goto callmdcreateobject;
+ } else {
+ /* --- framework handles the session object -- */
+ mdObject = nssCKMDSessionObject_Create(fwSession->fwToken,
+ arena, pTemplate, ulAttributeCount, pError);
+ goto gotmdobject;
+ }
+ }
+
+callmdcreateobject:
+ mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken,
+ fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate,
+ ulAttributeCount, pError);
+
+gotmdobject:
+ if (!mdObject) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
return (NSSCKFWObject *)NULL;
- }
}
- }
-
- return fwObject;
+
+ fwObject = nssCKFWObject_Create(arena, mdObject,
+ isTokenObject ? NULL
+ : fwSession,
+ fwSession->fwToken, fwSession->fwInstance, pError);
+ if (!fwObject) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+
+ if (mdObject->Destroy) {
+ (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
+ fwSession->mdSession, fwSession, fwSession->mdToken,
+ fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
+ }
+
+ return (NSSCKFWObject *)NULL;
+ }
+
+ if (CK_FALSE == isTokenObject) {
+ if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject)) {
+ *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
+ if (CKR_OK != *pError) {
+ nssCKFWObject_Finalize(fwObject, PR_TRUE);
+ return (NSSCKFWObject *)NULL;
+ }
+ }
+ }
+
+ return fwObject;
}
/*
@@ -1362,222 +1306,228 @@
*
*/
NSS_IMPLEMENT NSSCKFWObject *
-nssCKFWSession_CopyObject
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nssCKFWSession_CopyObject(
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- CK_BBOOL oldIsToken;
- CK_BBOOL newIsToken;
- CK_ULONG i;
- NSSCKFWObject *rv;
+ CK_BBOOL oldIsToken;
+ CK_BBOOL newIsToken;
+ CK_ULONG i;
+ NSSCKFWObject *rv;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWObject *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWObject *)NULL;
+ }
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSCKFWObject *)NULL;
- }
+ *pError = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWObject *)NULL;
+ }
- *pError = nssCKFWObject_verifyPointer(fwObject);
- if( CKR_OK != *pError ) {
- return (NSSCKFWObject *)NULL;
- }
+ *pError = nssCKFWObject_verifyPointer(fwObject);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWObject *)NULL;
+ }
- if (!fwSession->mdSession) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWObject *)NULL;
- }
+ if (!fwSession->mdSession) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKFWObject *)NULL;
+ }
#endif /* NSSDEBUG */
- /*
- * Sanity-check object
- */
+ /*
+ * Sanity-check object
+ */
- if (!fwObject) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWObject *)NULL;
- }
-
- oldIsToken = nssCKFWObject_IsTokenObject(fwObject);
-
- newIsToken = oldIsToken;
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( CKA_TOKEN == pTemplate[i].type ) {
- /* Since we sanity-checked the object, we know this is the right size. */
- (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
- break;
+ if (!fwObject) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKFWObject *)NULL;
}
- }
- /*
- * If the Module handles its session objects, or if both the new
- * and old object are token objects, use CopyObject if it exists.
- */
+ oldIsToken = nssCKFWObject_IsTokenObject(fwObject);
- if ((fwSession->mdSession->CopyObject) &&
- (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) ||
- (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
- fwSession->fwInstance))) ) {
- /* use copy object */
- NSSArena *arena;
- NSSCKMDObject *mdOldObject;
- NSSCKMDObject *mdObject;
+ newIsToken = oldIsToken;
+ for (i = 0; i < ulAttributeCount; i++) {
+ if (CKA_TOKEN == pTemplate[i].type) {
+ /* Since we sanity-checked the object, we know this is the right size. */
+ (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
+ break;
+ }
+ }
- mdOldObject = nssCKFWObject_GetMDObject(fwObject);
+ /*
+ * If the Module handles its session objects, or if both the new
+ * and old object are token objects, use CopyObject if it exists.
+ */
- if( CK_TRUE == newIsToken ) {
- arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
+ if ((fwSession->mdSession->CopyObject) &&
+ (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) ||
+ (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
+ fwSession->fwInstance)))) {
+ /* use copy object */
+ NSSArena *arena;
+ NSSCKMDObject *mdOldObject;
+ NSSCKMDObject *mdObject;
+
+ mdOldObject = nssCKFWObject_GetMDObject(fwObject);
+
+ if (CK_TRUE == newIsToken) {
+ arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
+ } else {
+ arena = nssCKFWSession_GetArena(fwSession, pError);
+ }
+ if (!arena) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWObject *)NULL;
+ }
+
+ mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken,
+ fwSession->mdInstance, fwSession->fwInstance, mdOldObject,
+ fwObject, arena, pTemplate, ulAttributeCount, pError);
+ if (!mdObject) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWObject *)NULL;
+ }
+
+ rv = nssCKFWObject_Create(arena, mdObject,
+ newIsToken ? NULL
+ : fwSession,
+ fwSession->fwToken, fwSession->fwInstance, pError);
+
+ if (CK_FALSE == newIsToken) {
+ if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv)) {
+ *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv);
+ if (CKR_OK != *pError) {
+ nssCKFWObject_Finalize(rv, PR_TRUE);
+ return (NSSCKFWObject *)NULL;
+ }
+ }
+ }
+
+ return rv;
} else {
- arena = nssCKFWSession_GetArena(fwSession, pError);
- }
- if (!arena) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
+ /* use create object */
+ NSSArena *tmpArena;
+ CK_ATTRIBUTE_PTR newTemplate;
+ CK_ULONG i, j, n, newLength, k;
+ CK_ATTRIBUTE_TYPE_PTR oldTypes;
+ NSSCKFWObject *rv;
- mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance, mdOldObject,
- fwObject, arena, pTemplate, ulAttributeCount, pError);
- if (!mdObject) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWObject *)NULL;
- }
-
- rv = nssCKFWObject_Create(arena, mdObject,
- newIsToken ? NULL : fwSession,
- fwSession->fwToken, fwSession->fwInstance, pError);
-
- if( CK_FALSE == newIsToken ) {
- if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv) ) {
- *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv);
- if( CKR_OK != *pError ) {
- nssCKFWObject_Finalize(rv, PR_TRUE);
- return (NSSCKFWObject *)NULL;
+ n = nssCKFWObject_GetAttributeCount(fwObject, pError);
+ if ((0 == n) && (CKR_OK != *pError)) {
+ return (NSSCKFWObject *)NULL;
}
- }
- }
- return rv;
- } else {
- /* use create object */
- NSSArena *tmpArena;
- CK_ATTRIBUTE_PTR newTemplate;
- CK_ULONG i, j, n, newLength, k;
- CK_ATTRIBUTE_TYPE_PTR oldTypes;
- NSSCKFWObject *rv;
-
- n = nssCKFWObject_GetAttributeCount(fwObject, pError);
- if( (0 == n) && (CKR_OK != *pError) ) {
- return (NSSCKFWObject *)NULL;
- }
-
- tmpArena = NSSArena_Create();
- if (!tmpArena) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWObject *)NULL;
- }
-
- oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n);
- if( (CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes ) {
- NSSArena_Destroy(tmpArena);
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWObject *)NULL;
- }
-
- *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n);
- if( CKR_OK != *pError ) {
- NSSArena_Destroy(tmpArena);
- return (NSSCKFWObject *)NULL;
- }
-
- newLength = n;
- for( i = 0; i < ulAttributeCount; i++ ) {
- for( j = 0; j < n; j++ ) {
- if( oldTypes[j] == pTemplate[i].type ) {
- if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) {
- /* Removing the attribute */
- newLength--;
- }
- break;
+ tmpArena = NSSArena_Create();
+ if (!tmpArena) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKFWObject *)NULL;
}
- }
- if( j == n ) {
- /* Not found */
- newLength++;
- }
- }
- newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength);
- if( (CK_ATTRIBUTE_PTR)NULL == newTemplate ) {
- NSSArena_Destroy(tmpArena);
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWObject *)NULL;
- }
-
- k = 0;
- for( j = 0; j < n; j++ ) {
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( oldTypes[j] == pTemplate[i].type ) {
- if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) {
- /* This attribute is being deleted */
- ;
- } else {
- /* This attribute is being replaced */
- newTemplate[k].type = pTemplate[i].type;
- newTemplate[k].pValue = pTemplate[i].pValue;
- newTemplate[k].ulValueLen = pTemplate[i].ulValueLen;
- k++;
- }
- break;
+ oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n);
+ if ((CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes) {
+ NSSArena_Destroy(tmpArena);
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKFWObject *)NULL;
}
- }
- if( i == ulAttributeCount ) {
- /* This attribute is being copied over from the old object */
- NSSItem item, *it;
- item.size = 0;
- item.data = (void *)NULL;
- it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j],
- &item, tmpArena, pError);
- if (!it) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- NSSArena_Destroy(tmpArena);
- return (NSSCKFWObject *)NULL;
+
+ *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n);
+ if (CKR_OK != *pError) {
+ NSSArena_Destroy(tmpArena);
+ return (NSSCKFWObject *)NULL;
}
- newTemplate[k].type = oldTypes[j];
- newTemplate[k].pValue = it->data;
- newTemplate[k].ulValueLen = it->size;
- k++;
- }
- }
- /* assert that k == newLength */
- rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError);
- if (!rv) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- NSSArena_Destroy(tmpArena);
- return (NSSCKFWObject *)NULL;
- }
+ newLength = n;
+ for (i = 0; i < ulAttributeCount; i++) {
+ for (j = 0; j < n; j++) {
+ if (oldTypes[j] == pTemplate[i].type) {
+ if ((CK_VOID_PTR)NULL ==
+ pTemplate[i].pValue) {
+ /* Removing the attribute */
+ newLength--;
+ }
+ break;
+ }
+ }
+ if (j == n) {
+ /* Not found */
+ newLength++;
+ }
+ }
- NSSArena_Destroy(tmpArena);
- return rv;
- }
+ newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength);
+ if ((CK_ATTRIBUTE_PTR)NULL == newTemplate) {
+ NSSArena_Destroy(tmpArena);
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKFWObject *)NULL;
+ }
+
+ k = 0;
+ for (j = 0; j < n; j++) {
+ for (i = 0; i < ulAttributeCount; i++) {
+ if (oldTypes[j] == pTemplate[i].type) {
+ if ((CK_VOID_PTR)NULL ==
+ pTemplate[i].pValue) {
+ /* This attribute is being deleted */
+ ;
+ } else {
+ /* This attribute is being replaced */
+ newTemplate[k].type =
+ pTemplate[i].type;
+ newTemplate[k].pValue =
+ pTemplate[i].pValue;
+ newTemplate[k].ulValueLen =
+ pTemplate[i].ulValueLen;
+ k++;
+ }
+ break;
+ }
+ }
+ if (i == ulAttributeCount) {
+ /* This attribute is being copied over from the old object */
+ NSSItem item, *it;
+ item.size = 0;
+ item.data = (void *)NULL;
+ it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j],
+ &item, tmpArena, pError);
+ if (!it) {
+ if (CKR_OK ==
+ *pError) {
+ *pError =
+ CKR_GENERAL_ERROR;
+ }
+ NSSArena_Destroy(tmpArena);
+ return (NSSCKFWObject *)NULL;
+ }
+ newTemplate[k].type = oldTypes[j];
+ newTemplate[k].pValue = it->data;
+ newTemplate[k].ulValueLen = it->size;
+ k++;
+ }
+ }
+ /* assert that k == newLength */
+
+ rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError);
+ if (!rv) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ NSSArena_Destroy(tmpArena);
+ return (NSSCKFWObject *)NULL;
+ }
+
+ NSSArena_Destroy(tmpArena);
+ return rv;
+ }
}
/*
@@ -1585,135 +1535,140 @@
*
*/
NSS_IMPLEMENT NSSCKFWFindObjects *
-nssCKFWSession_FindObjectsInit
-(
- NSSCKFWSession *fwSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_RV *pError
-)
+nssCKFWSession_FindObjectsInit(
+ NSSCKFWSession *fwSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulAttributeCount,
+ CK_RV *pError)
{
- NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL;
- NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL;
+ NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL;
+ NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWFindObjects *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWFindObjects *)NULL;
+ }
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSCKFWFindObjects *)NULL;
- }
+ *pError = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWFindObjects *)NULL;
+ }
- if( ((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0) ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWFindObjects *)NULL;
- }
+ if (((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0)) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKFWFindObjects *)NULL;
+ }
- if (!fwSession->mdSession) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWFindObjects *)NULL;
- }
+ if (!fwSession->mdSession) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKFWFindObjects *)NULL;
+ }
#endif /* NSSDEBUG */
- if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
- fwSession->fwInstance) ) {
- CK_ULONG i;
+ if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
+ fwSession->fwInstance)) {
+ CK_ULONG i;
- /*
- * Does the search criteria restrict us to token or session
- * objects?
- */
+ /*
+ * Does the search criteria restrict us to token or session
+ * objects?
+ */
- for( i = 0; i < ulAttributeCount; i++ ) {
- if( CKA_TOKEN == pTemplate[i].type ) {
- /* Yes, it does. */
- CK_BBOOL isToken;
- if( sizeof(CK_BBOOL) != pTemplate[i].ulValueLen ) {
- *pError = CKR_ATTRIBUTE_VALUE_INVALID;
- return (NSSCKFWFindObjects *)NULL;
+ for (i = 0; i < ulAttributeCount; i++) {
+ if (CKA_TOKEN == pTemplate[i].type) {
+ /* Yes, it does. */
+ CK_BBOOL isToken;
+ if (sizeof(CK_BBOOL) != pTemplate[i].ulValueLen) {
+ *pError =
+ CKR_ATTRIBUTE_VALUE_INVALID;
+ return (NSSCKFWFindObjects *)NULL;
+ }
+ (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
+
+ if (CK_TRUE == isToken) {
+ /* Pass it on to the module's search routine */
+ if (!fwSession->mdSession->FindObjectsInit) {
+ goto wrap;
+ }
+
+ mdfo1 =
+ fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken,
+ fwSession->mdInstance, fwSession->fwInstance,
+ pTemplate, ulAttributeCount, pError);
+ } else {
+ /* Do the search ourselves */
+ mdfo1 =
+ nssCKMDFindSessionObjects_Create(fwSession->fwToken,
+ pTemplate, ulAttributeCount, pError);
+ }
+
+ if (!mdfo1) {
+ if (CKR_OK ==
+ *pError) {
+ *pError =
+ CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWFindObjects *)NULL;
+ }
+
+ goto wrap;
+ }
}
- (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
- if( CK_TRUE == isToken ) {
- /* Pass it on to the module's search routine */
- if (!fwSession->mdSession->FindObjectsInit) {
+ if (i == ulAttributeCount) {
+ /* No, it doesn't. Do a hybrid search. */
+ mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken,
+ fwSession->mdInstance, fwSession->fwInstance,
+ pTemplate, ulAttributeCount, pError);
+
+ if (!mdfo1) {
+ if (CKR_OK == *pError) {
+ *pError =
+ CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWFindObjects *)NULL;
+ }
+
+ mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
+ pTemplate, ulAttributeCount, pError);
+ if (!mdfo2) {
+ if (CKR_OK == *pError) {
+ *pError =
+ CKR_GENERAL_ERROR;
+ }
+ if (mdfo1->Final) {
+ mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken,
+ fwSession->mdInstance, fwSession->fwInstance);
+ }
+ return (NSSCKFWFindObjects *)NULL;
+ }
+
goto wrap;
- }
-
- mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance,
- pTemplate, ulAttributeCount, pError);
- } else {
- /* Do the search ourselves */
- mdfo1 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
- pTemplate, ulAttributeCount, pError);
}
+ /*NOTREACHED*/
+ } else {
+ /* Module handles all its own objects. Pass on to module's search */
+ mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
+ fwSession, fwSession->mdToken, fwSession->fwToken,
+ fwSession->mdInstance, fwSession->fwInstance,
+ pTemplate, ulAttributeCount, pError);
if (!mdfo1) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWFindObjects *)NULL;
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWFindObjects *)NULL;
}
-
+
goto wrap;
- }
}
- if( i == ulAttributeCount ) {
- /* No, it doesn't. Do a hybrid search. */
- mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance,
- pTemplate, ulAttributeCount, pError);
-
- if (!mdfo1) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWFindObjects *)NULL;
- }
-
- mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
- pTemplate, ulAttributeCount, pError);
- if (!mdfo2) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- if (mdfo1->Final) {
- mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance);
- }
- return (NSSCKFWFindObjects *)NULL;
- }
-
- goto wrap;
- }
- /*NOTREACHED*/
- } else {
- /* Module handles all its own objects. Pass on to module's search */
- mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
- fwSession, fwSession->mdToken, fwSession->fwToken,
- fwSession->mdInstance, fwSession->fwInstance,
- pTemplate, ulAttributeCount, pError);
-
- if (!mdfo1) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWFindObjects *)NULL;
- }
-
- goto wrap;
- }
-
- wrap:
- return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken,
- fwSession->fwInstance, mdfo1, mdfo2, pError);
+wrap:
+ return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken,
+ fwSession->fwInstance, mdfo1, mdfo2, pError);
}
/*
@@ -1721,46 +1676,44 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_SeedRandom
-(
- NSSCKFWSession *fwSession,
- NSSItem *seed
-)
+nssCKFWSession_SeedRandom(
+ NSSCKFWSession *fwSession,
+ NSSItem *seed)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!seed) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (!seed) {
+ return CKR_ARGUMENTS_BAD;
+ }
- if (!seed->data) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (!seed->data) {
+ return CKR_ARGUMENTS_BAD;
+ }
- if( 0 == seed->size ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (0 == seed->size) {
+ return CKR_ARGUMENTS_BAD;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- if (!fwSession->mdSession->SeedRandom) {
- return CKR_RANDOM_SEED_NOT_SUPPORTED;
- }
+ if (!fwSession->mdSession->SeedRandom) {
+ return CKR_RANDOM_SEED_NOT_SUPPORTED;
+ }
- error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, seed);
+ error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession,
+ fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+ fwSession->fwInstance, seed);
- return error;
+ return error;
}
/*
@@ -1768,584 +1721,558 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_GetRandom
-(
- NSSCKFWSession *fwSession,
- NSSItem *buffer
-)
+nssCKFWSession_GetRandom(
+ NSSCKFWSession *fwSession,
+ NSSItem *buffer)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!buffer) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (!buffer) {
+ return CKR_ARGUMENTS_BAD;
+ }
- if (!buffer->data) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (!buffer->data) {
+ return CKR_ARGUMENTS_BAD;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- if (!fwSession->mdSession->GetRandom) {
- if( CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken) ) {
- return CKR_GENERAL_ERROR;
- } else {
- return CKR_RANDOM_NO_RNG;
+ if (!fwSession->mdSession->GetRandom) {
+ if (CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken)) {
+ return CKR_GENERAL_ERROR;
+ } else {
+ return CKR_RANDOM_NO_RNG;
+ }
}
- }
- if( 0 == buffer->size ) {
- return CKR_OK;
- }
+ if (0 == buffer->size) {
+ return CKR_OK;
+ }
- error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession,
- fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
- fwSession->fwInstance, buffer);
+ error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession,
+ fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+ fwSession->fwInstance, buffer);
- return error;
+ return error;
}
-
/*
* nssCKFWSession_SetCurrentCryptoOperation
*/
NSS_IMPLEMENT void
-nssCKFWSession_SetCurrentCryptoOperation
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperation * fwOperation,
- NSSCKFWCryptoOperationState state
-)
+nssCKFWSession_SetCurrentCryptoOperation(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperation *fwOperation,
+ NSSCKFWCryptoOperationState state)
{
#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return;
- }
+ CK_RV error = CKR_OK;
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return;
+ }
- if ( state >= NSSCKFWCryptoOperationState_Max) {
- return;
- }
+ if (state >= NSSCKFWCryptoOperationState_Max) {
+ return;
+ }
- if (!fwSession->mdSession) {
- return;
- }
+ if (!fwSession->mdSession) {
+ return;
+ }
#endif /* NSSDEBUG */
- fwSession->fwOperationArray[state] = fwOperation;
- return;
+ fwSession->fwOperationArray[state] = fwOperation;
+ return;
}
/*
* nssCKFWSession_GetCurrentCryptoOperation
*/
NSS_IMPLEMENT NSSCKFWCryptoOperation *
-nssCKFWSession_GetCurrentCryptoOperation
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationState state
-)
+nssCKFWSession_GetCurrentCryptoOperation(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationState state)
{
#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return (NSSCKFWCryptoOperation *)NULL;
- }
+ CK_RV error = CKR_OK;
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return (NSSCKFWCryptoOperation *)NULL;
+ }
- if ( state >= NSSCKFWCryptoOperationState_Max) {
- return (NSSCKFWCryptoOperation *)NULL;
- }
+ if (state >= NSSCKFWCryptoOperationState_Max) {
+ return (NSSCKFWCryptoOperation *)NULL;
+ }
- if (!fwSession->mdSession) {
- return (NSSCKFWCryptoOperation *)NULL;
- }
+ if (!fwSession->mdSession) {
+ return (NSSCKFWCryptoOperation *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwSession->fwOperationArray[state];
+ return fwSession->fwOperationArray[state];
}
/*
* nssCKFWSession_Final
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_Final
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType type,
- NSSCKFWCryptoOperationState state,
- CK_BYTE_PTR outBuf,
- CK_ULONG_PTR outBufLen
-)
+nssCKFWSession_Final(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType type,
+ NSSCKFWCryptoOperationState state,
+ CK_BYTE_PTR outBuf,
+ CK_ULONG_PTR outBufLen)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSItem outputBuffer;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSItem outputBuffer;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- /* make sure we have a valid operation initialized */
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
- if (!fwOperation) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
-
- /* make sure it's the correct type */
- if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
-
- /* handle buffer issues, note for Verify, the type is an input buffer. */
- if (NSSCKFWCryptoOperationType_Verify == type) {
- if ((CK_BYTE_PTR)NULL == outBuf) {
- error = CKR_ARGUMENTS_BAD;
- goto done;
- }
- } else {
- CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
- CK_ULONG maxBufLen = *outBufLen;
-
- if (CKR_OK != error) {
- goto done;
- }
- *outBufLen = len;
- if ((CK_BYTE_PTR)NULL == outBuf) {
- return CKR_OK;
+ /* make sure we have a valid operation initialized */
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+ if (!fwOperation) {
+ return CKR_OPERATION_NOT_INITIALIZED;
}
- if (len > maxBufLen) {
- return CKR_BUFFER_TOO_SMALL;
+ /* make sure it's the correct type */
+ if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
+ return CKR_OPERATION_NOT_INITIALIZED;
}
- }
- outputBuffer.data = outBuf;
- outputBuffer.size = *outBufLen;
- error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
+ /* handle buffer issues, note for Verify, the type is an input buffer. */
+ if (NSSCKFWCryptoOperationType_Verify == type) {
+ if ((CK_BYTE_PTR)NULL == outBuf) {
+ error = CKR_ARGUMENTS_BAD;
+ goto done;
+ }
+ } else {
+ CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
+ CK_ULONG maxBufLen = *outBufLen;
+
+ if (CKR_OK != error) {
+ goto done;
+ }
+ *outBufLen = len;
+ if ((CK_BYTE_PTR)NULL == outBuf) {
+ return CKR_OK;
+ }
+
+ if (len > maxBufLen) {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ }
+ outputBuffer.data = outBuf;
+ outputBuffer.size = *outBufLen;
+
+ error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
done:
- if (CKR_BUFFER_TOO_SMALL == error) {
+ if (CKR_BUFFER_TOO_SMALL == error) {
+ return error;
+ }
+ /* clean up our state */
+ nssCKFWCryptoOperation_Destroy(fwOperation);
+ nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
return error;
- }
- /* clean up our state */
- nssCKFWCryptoOperation_Destroy(fwOperation);
- nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
- return error;
}
/*
* nssCKFWSession_Update
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_Update
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType type,
- NSSCKFWCryptoOperationState state,
- CK_BYTE_PTR inBuf,
- CK_ULONG inBufLen,
- CK_BYTE_PTR outBuf,
- CK_ULONG_PTR outBufLen
-)
+nssCKFWSession_Update(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType type,
+ NSSCKFWCryptoOperationState state,
+ CK_BYTE_PTR inBuf,
+ CK_ULONG inBufLen,
+ CK_BYTE_PTR outBuf,
+ CK_ULONG_PTR outBufLen)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSItem inputBuffer;
- NSSItem outputBuffer;
- CK_ULONG len;
- CK_ULONG maxBufLen;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSItem inputBuffer;
+ NSSItem outputBuffer;
+ CK_ULONG len;
+ CK_ULONG maxBufLen;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- /* make sure we have a valid operation initialized */
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
- if (!fwOperation) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
+ /* make sure we have a valid operation initialized */
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+ if (!fwOperation) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
- /* make sure it's the correct type */
- if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
+ /* make sure it's the correct type */
+ if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
- inputBuffer.data = inBuf;
- inputBuffer.size = inBufLen;
+ inputBuffer.data = inBuf;
+ inputBuffer.size = inBufLen;
- /* handle buffer issues, note for Verify, the type is an input buffer. */
- len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer,
- &error);
- if (CKR_OK != error) {
- return error;
- }
- maxBufLen = *outBufLen;
+ /* handle buffer issues, note for Verify, the type is an input buffer. */
+ len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer,
+ &error);
+ if (CKR_OK != error) {
+ return error;
+ }
+ maxBufLen = *outBufLen;
- *outBufLen = len;
- if ((CK_BYTE_PTR)NULL == outBuf) {
- return CKR_OK;
- }
+ *outBufLen = len;
+ if ((CK_BYTE_PTR)NULL == outBuf) {
+ return CKR_OK;
+ }
- if (len > maxBufLen) {
- return CKR_BUFFER_TOO_SMALL;
- }
- outputBuffer.data = outBuf;
- outputBuffer.size = *outBufLen;
+ if (len > maxBufLen) {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ outputBuffer.data = outBuf;
+ outputBuffer.size = *outBufLen;
- return nssCKFWCryptoOperation_Update(fwOperation,
- &inputBuffer, &outputBuffer);
+ return nssCKFWCryptoOperation_Update(fwOperation,
+ &inputBuffer, &outputBuffer);
}
/*
* nssCKFWSession_DigestUpdate
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_DigestUpdate
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType type,
- NSSCKFWCryptoOperationState state,
- CK_BYTE_PTR inBuf,
- CK_ULONG inBufLen
-)
+nssCKFWSession_DigestUpdate(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType type,
+ NSSCKFWCryptoOperationState state,
+ CK_BYTE_PTR inBuf,
+ CK_ULONG inBufLen)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSItem inputBuffer;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSItem inputBuffer;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- /* make sure we have a valid operation initialized */
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
- if (!fwOperation) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
+ /* make sure we have a valid operation initialized */
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+ if (!fwOperation) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
- /* make sure it's the correct type */
- if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
+ /* make sure it's the correct type */
+ if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
- inputBuffer.data = inBuf;
- inputBuffer.size = inBufLen;
+ inputBuffer.data = inBuf;
+ inputBuffer.size = inBufLen;
-
- error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
- return error;
+ error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
+ return error;
}
/*
* nssCKFWSession_DigestUpdate
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_DigestKey
-(
- NSSCKFWSession *fwSession,
- NSSCKFWObject *fwKey
-)
+nssCKFWSession_DigestKey(
+ NSSCKFWSession *fwSession,
+ NSSCKFWObject *fwKey)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSItem *inputBuffer;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSItem *inputBuffer;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- /* make sure we have a valid operation initialized */
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- NSSCKFWCryptoOperationState_Digest);
- if (!fwOperation) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
+ /* make sure we have a valid operation initialized */
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ NSSCKFWCryptoOperationState_Digest);
+ if (!fwOperation) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
- /* make sure it's the correct type */
- if (NSSCKFWCryptoOperationType_Digest !=
- nssCKFWCryptoOperation_GetType(fwOperation)) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
+ /* make sure it's the correct type */
+ if (NSSCKFWCryptoOperationType_Digest !=
+ nssCKFWCryptoOperation_GetType(fwOperation)) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
- error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey);
- if (CKR_FUNCTION_FAILED != error) {
+ error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey);
+ if (CKR_FUNCTION_FAILED != error) {
+ return error;
+ }
+
+ /* no machine depended way for this to happen, do it by hand */
+ inputBuffer = nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error);
+ if (!inputBuffer) {
+ /* couldn't get the value, just fail then */
+ return error;
+ }
+ error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer);
+ nssItem_Destroy(inputBuffer);
return error;
- }
-
- /* no machine depended way for this to happen, do it by hand */
- inputBuffer=nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error);
- if (!inputBuffer) {
- /* couldn't get the value, just fail then */
- return error;
- }
- error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer);
- nssItem_Destroy(inputBuffer);
- return error;
}
/*
* nssCKFWSession_UpdateFinal
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSession_UpdateFinal
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType type,
- NSSCKFWCryptoOperationState state,
- CK_BYTE_PTR inBuf,
- CK_ULONG inBufLen,
- CK_BYTE_PTR outBuf,
- CK_ULONG_PTR outBufLen
-)
+nssCKFWSession_UpdateFinal(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType type,
+ NSSCKFWCryptoOperationState state,
+ CK_BYTE_PTR inBuf,
+ CK_ULONG inBufLen,
+ CK_BYTE_PTR outBuf,
+ CK_ULONG_PTR outBufLen)
{
- NSSCKFWCryptoOperation *fwOperation;
- NSSItem inputBuffer;
- NSSItem outputBuffer;
- PRBool isEncryptDecrypt;
- CK_RV error = CKR_OK;
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSItem inputBuffer;
+ NSSItem outputBuffer;
+ PRBool isEncryptDecrypt;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
#endif /* NSSDEBUG */
- /* make sure we have a valid operation initialized */
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
- if (!fwOperation) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
-
- /* make sure it's the correct type */
- if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
-
- inputBuffer.data = inBuf;
- inputBuffer.size = inBufLen;
- isEncryptDecrypt = (PRBool) ((NSSCKFWCryptoOperationType_Encrypt == type) ||
- (NSSCKFWCryptoOperationType_Decrypt == type)) ;
-
- /* handle buffer issues, note for Verify, the type is an input buffer. */
- if (NSSCKFWCryptoOperationType_Verify == type) {
- if ((CK_BYTE_PTR)NULL == outBuf) {
- error = CKR_ARGUMENTS_BAD;
- goto done;
+ /* make sure we have a valid operation initialized */
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+ if (!fwOperation) {
+ return CKR_OPERATION_NOT_INITIALIZED;
}
- } else {
+
+ /* make sure it's the correct type */
+ if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ inputBuffer.data = inBuf;
+ inputBuffer.size = inBufLen;
+ isEncryptDecrypt = (PRBool)((NSSCKFWCryptoOperationType_Encrypt == type) ||
+ (NSSCKFWCryptoOperationType_Decrypt == type));
+
+ /* handle buffer issues, note for Verify, the type is an input buffer. */
+ if (NSSCKFWCryptoOperationType_Verify == type) {
+ if ((CK_BYTE_PTR)NULL == outBuf) {
+ error = CKR_ARGUMENTS_BAD;
+ goto done;
+ }
+ } else {
+ CK_ULONG maxBufLen = *outBufLen;
+ CK_ULONG len;
+
+ len = (isEncryptDecrypt) ? nssCKFWCryptoOperation_GetOperationLength(fwOperation,
+ &inputBuffer, &error)
+ : nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
+
+ if (CKR_OK != error) {
+ goto done;
+ }
+
+ *outBufLen = len;
+ if ((CK_BYTE_PTR)NULL == outBuf) {
+ return CKR_OK;
+ }
+
+ if (len > maxBufLen) {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ }
+ outputBuffer.data = outBuf;
+ outputBuffer.size = *outBufLen;
+
+ error = nssCKFWCryptoOperation_UpdateFinal(fwOperation,
+ &inputBuffer, &outputBuffer);
+
+ /* UpdateFinal isn't support, manually use Update and Final */
+ if (CKR_FUNCTION_FAILED == error) {
+ error = isEncryptDecrypt ? nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer)
+ : nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
+
+ if (CKR_OK == error) {
+ error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
+ }
+ }
+
+done:
+ if (CKR_BUFFER_TOO_SMALL == error) {
+ /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting.
+ * the crypto state to be freed */
+ return error;
+ }
+
+ /* clean up our state */
+ nssCKFWCryptoOperation_Destroy(fwOperation);
+ nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
+ return error;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_UpdateCombo(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationType encryptType,
+ NSSCKFWCryptoOperationType digestType,
+ NSSCKFWCryptoOperationState digestState,
+ CK_BYTE_PTR inBuf,
+ CK_ULONG inBufLen,
+ CK_BYTE_PTR outBuf,
+ CK_ULONG_PTR outBufLen)
+{
+ NSSCKFWCryptoOperation *fwOperation;
+ NSSCKFWCryptoOperation *fwPeerOperation;
+ NSSItem inputBuffer;
+ NSSItem outputBuffer;
CK_ULONG maxBufLen = *outBufLen;
CK_ULONG len;
+ CK_RV error = CKR_OK;
- len = (isEncryptDecrypt) ?
- nssCKFWCryptoOperation_GetOperationLength(fwOperation,
- &inputBuffer, &error) :
- nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
-
+#ifdef NSSDEBUG
+ error = nssCKFWSession_verifyPointer(fwSession);
if (CKR_OK != error) {
- goto done;
+ return error;
+ }
+
+ if (!fwSession->mdSession) {
+ return CKR_GENERAL_ERROR;
+ }
+#endif /* NSSDEBUG */
+
+ /* make sure we have a valid operation initialized */
+ fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ NSSCKFWCryptoOperationState_EncryptDecrypt);
+ if (!fwOperation) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ /* make sure it's the correct type */
+ if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+ /* make sure we have a valid operation initialized */
+ fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+ digestState);
+ if (!fwPeerOperation) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ /* make sure it's the correct type */
+ if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) {
+ return CKR_OPERATION_NOT_INITIALIZED;
+ }
+
+ inputBuffer.data = inBuf;
+ inputBuffer.size = inBufLen;
+ len = nssCKFWCryptoOperation_GetOperationLength(fwOperation,
+ &inputBuffer, &error);
+ if (CKR_OK != error) {
+ return error;
}
*outBufLen = len;
if ((CK_BYTE_PTR)NULL == outBuf) {
- return CKR_OK;
+ return CKR_OK;
}
if (len > maxBufLen) {
- return CKR_BUFFER_TOO_SMALL;
+ return CKR_BUFFER_TOO_SMALL;
}
- }
- outputBuffer.data = outBuf;
- outputBuffer.size = *outBufLen;
- error = nssCKFWCryptoOperation_UpdateFinal(fwOperation,
- &inputBuffer, &outputBuffer);
+ outputBuffer.data = outBuf;
+ outputBuffer.size = *outBufLen;
- /* UpdateFinal isn't support, manually use Update and Final */
- if (CKR_FUNCTION_FAILED == error) {
- error = isEncryptDecrypt ?
- nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) :
- nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
+ error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation,
+ &inputBuffer, &outputBuffer);
+ if (CKR_FUNCTION_FAILED == error) {
+ PRBool isEncrypt =
+ (PRBool)(NSSCKFWCryptoOperationType_Encrypt == encryptType);
- if (CKR_OK == error) {
- error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
+ if (isEncrypt) {
+ error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
+ &inputBuffer);
+ if (CKR_OK != error) {
+ return error;
+ }
+ }
+ error = nssCKFWCryptoOperation_Update(fwOperation,
+ &inputBuffer, &outputBuffer);
+ if (CKR_OK != error) {
+ return error;
+ }
+ if (!isEncrypt) {
+ error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
+ &outputBuffer);
+ }
}
- }
-
-
-done:
- if (CKR_BUFFER_TOO_SMALL == error) {
- /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting.
- * the crypto state to be freed */
return error;
- }
-
- /* clean up our state */
- nssCKFWCryptoOperation_Destroy(fwOperation);
- nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
- return error;
}
-NSS_IMPLEMENT CK_RV
-nssCKFWSession_UpdateCombo
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationType encryptType,
- NSSCKFWCryptoOperationType digestType,
- NSSCKFWCryptoOperationState digestState,
- CK_BYTE_PTR inBuf,
- CK_ULONG inBufLen,
- CK_BYTE_PTR outBuf,
- CK_ULONG_PTR outBufLen
-)
-{
- NSSCKFWCryptoOperation *fwOperation;
- NSSCKFWCryptoOperation *fwPeerOperation;
- NSSItem inputBuffer;
- NSSItem outputBuffer;
- CK_ULONG maxBufLen = *outBufLen;
- CK_ULONG len;
- CK_RV error = CKR_OK;
-
-#ifdef NSSDEBUG
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!fwSession->mdSession) {
- return CKR_GENERAL_ERROR;
- }
-#endif /* NSSDEBUG */
-
- /* make sure we have a valid operation initialized */
- fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- NSSCKFWCryptoOperationState_EncryptDecrypt);
- if (!fwOperation) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
-
- /* make sure it's the correct type */
- if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
- /* make sure we have a valid operation initialized */
- fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
- digestState);
- if (!fwPeerOperation) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
-
- /* make sure it's the correct type */
- if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) {
- return CKR_OPERATION_NOT_INITIALIZED;
- }
-
- inputBuffer.data = inBuf;
- inputBuffer.size = inBufLen;
- len = nssCKFWCryptoOperation_GetOperationLength(fwOperation,
- &inputBuffer, &error);
- if (CKR_OK != error) {
- return error;
- }
-
- *outBufLen = len;
- if ((CK_BYTE_PTR)NULL == outBuf) {
- return CKR_OK;
- }
-
- if (len > maxBufLen) {
- return CKR_BUFFER_TOO_SMALL;
- }
-
- outputBuffer.data = outBuf;
- outputBuffer.size = *outBufLen;
-
- error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation,
- &inputBuffer, &outputBuffer);
- if (CKR_FUNCTION_FAILED == error) {
- PRBool isEncrypt =
- (PRBool) (NSSCKFWCryptoOperationType_Encrypt == encryptType);
-
- if (isEncrypt) {
- error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
- &inputBuffer);
- if (CKR_OK != error) {
- return error;
- }
- }
- error = nssCKFWCryptoOperation_Update(fwOperation,
- &inputBuffer, &outputBuffer);
- if (CKR_OK != error) {
- return error;
- }
- if (!isEncrypt) {
- error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
- &outputBuffer);
- }
- }
- return error;
-}
-
-
/*
* NSSCKFWSession_GetMDSession
*
*/
NSS_IMPLEMENT NSSCKMDSession *
-NSSCKFWSession_GetMDSession
-(
- NSSCKFWSession *fwSession
-)
+NSSCKFWSession_GetMDSession(
+ NSSCKFWSession *fwSession)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return (NSSCKMDSession *)NULL;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return (NSSCKMDSession *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWSession_GetMDSession(fwSession);
+ return nssCKFWSession_GetMDSession(fwSession);
}
/*
@@ -2354,24 +2281,22 @@
*/
NSS_IMPLEMENT NSSArena *
-NSSCKFWSession_GetArena
-(
- NSSCKFWSession *fwSession,
- CK_RV *pError
-)
+NSSCKFWSession_GetArena(
+ NSSCKFWSession *fwSession,
+ CK_RV *pError)
{
#ifdef DEBUG
- if (!pError) {
- return (NSSArena *)NULL;
- }
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
- *pError = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
+ *pError = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != *pError) {
+ return (NSSArena *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWSession_GetArena(fwSession, pError);
+ return nssCKFWSession_GetArena(fwSession, pError);
}
/*
@@ -2380,22 +2305,20 @@
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWSession_CallNotification
-(
- NSSCKFWSession *fwSession,
- CK_NOTIFICATION event
-)
+NSSCKFWSession_CallNotification(
+ NSSCKFWSession *fwSession,
+ CK_NOTIFICATION event)
{
#ifdef DEBUG
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* DEBUG */
- return nssCKFWSession_CallNotification(fwSession, event);
+ return nssCKFWSession_CallNotification(fwSession, event);
}
/*
@@ -2404,18 +2327,16 @@
*/
NSS_IMPLEMENT CK_BBOOL
-NSSCKFWSession_IsRWSession
-(
- NSSCKFWSession *fwSession
-)
+NSSCKFWSession_IsRWSession(
+ NSSCKFWSession *fwSession)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return CK_FALSE;
+ }
#endif /* DEBUG */
- return nssCKFWSession_IsRWSession(fwSession);
+ return nssCKFWSession_IsRWSession(fwSession);
}
/*
@@ -2424,37 +2345,33 @@
*/
NSS_IMPLEMENT CK_BBOOL
-NSSCKFWSession_IsSO
-(
- NSSCKFWSession *fwSession
-)
+NSSCKFWSession_IsSO(
+ NSSCKFWSession *fwSession)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+ return CK_FALSE;
+ }
#endif /* DEBUG */
- return nssCKFWSession_IsSO(fwSession);
+ return nssCKFWSession_IsSO(fwSession);
}
NSS_IMPLEMENT NSSCKFWCryptoOperation *
-NSSCKFWSession_GetCurrentCryptoOperation
-(
- NSSCKFWSession *fwSession,
- NSSCKFWCryptoOperationState state
-)
+NSSCKFWSession_GetCurrentCryptoOperation(
+ NSSCKFWSession *fwSession,
+ NSSCKFWCryptoOperationState state)
{
#ifdef DEBUG
- CK_RV error = CKR_OK;
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return (NSSCKFWCryptoOperation *)NULL;
- }
+ CK_RV error = CKR_OK;
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return (NSSCKFWCryptoOperation *)NULL;
+ }
- if ( state >= NSSCKFWCryptoOperationState_Max) {
- return (NSSCKFWCryptoOperation *)NULL;
- }
+ if (state >= NSSCKFWCryptoOperationState_Max) {
+ return (NSSCKFWCryptoOperation *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+ return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
}
diff --git a/nss/lib/ckfw/sessobj.c b/nss/lib/ckfw/sessobj.c
index 113b0f4..11721b8 100644
--- a/nss/lib/ckfw/sessobj.c
+++ b/nss/lib/ckfw/sessobj.c
@@ -5,7 +5,7 @@
/*
* sessobj.c
*
- * This file contains an NSSCKMDObject implementation for session
+ * This file contains an NSSCKMDObject implementation for session
* objects. The framework uses this implementation to manage
* session objects when a Module doesn't wish to be bothered.
*/
@@ -32,11 +32,11 @@
*/
struct nssCKMDSessionObjectStr {
- CK_ULONG n;
- NSSArena *arena;
- NSSItem *attributes;
- CK_ATTRIBUTE_TYPE_PTR types;
- nssCKFWHash *hash;
+ CK_ULONG n;
+ NSSArena *arena;
+ NSSItem *attributes;
+ CK_ATTRIBUTE_TYPE_PTR types;
+ nssCKFWHash *hash;
};
typedef struct nssCKMDSessionObjectStr nssCKMDSessionObject;
@@ -53,31 +53,25 @@
*/
static CK_RV
-nss_ckmdSessionObject_add_pointer
-(
- const NSSCKMDObject *mdObject
-)
+nss_ckmdSessionObject_add_pointer(
+ const NSSCKMDObject *mdObject)
{
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
-nss_ckmdSessionObject_remove_pointer
-(
- const NSSCKMDObject *mdObject
-)
+nss_ckmdSessionObject_remove_pointer(
+ const NSSCKMDObject *mdObject)
{
- return CKR_OK;
+ return CKR_OK;
}
#ifdef NSS_DEBUG
static CK_RV
-nss_ckmdSessionObject_verifyPointer
-(
- const NSSCKMDObject *mdObject
-)
+nss_ckmdSessionObject_verifyPointer(
+ const NSSCKMDObject *mdObject)
{
- return CKR_OK;
+ return CKR_OK;
}
#endif
@@ -87,234 +81,214 @@
* We must forward-declare these routines
*/
static void
-nss_ckmdSessionObject_Finalize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
+nss_ckmdSessionObject_Finalize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
static CK_RV
-nss_ckmdSessionObject_Destroy
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
+nss_ckmdSessionObject_Destroy(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
static CK_BBOOL
-nss_ckmdSessionObject_IsTokenObject
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
+nss_ckmdSessionObject_IsTokenObject(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
static CK_ULONG
-nss_ckmdSessionObject_GetAttributeCount
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+nss_ckmdSessionObject_GetAttributeCount(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
static CK_RV
-nss_ckmdSessionObject_GetAttributeTypes
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-);
+nss_ckmdSessionObject_GetAttributeTypes(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount);
static CK_ULONG
-nss_ckmdSessionObject_GetAttributeSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-);
+nss_ckmdSessionObject_GetAttributeSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError);
static NSSCKFWItem
-nss_ckmdSessionObject_GetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-);
+nss_ckmdSessionObject_GetAttribute(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError);
static CK_RV
-nss_ckmdSessionObject_SetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-);
+nss_ckmdSessionObject_SetAttribute(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *value);
static CK_ULONG
-nss_ckmdSessionObject_GetObjectSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-);
+nss_ckmdSessionObject_GetObjectSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError);
/*
* nssCKMDSessionObject_Create
*
*/
NSS_IMPLEMENT NSSCKMDObject *
-nssCKMDSessionObject_Create
-(
- NSSCKFWToken *fwToken,
- NSSArena *arena,
- CK_ATTRIBUTE_PTR attributes,
- CK_ULONG ulCount,
- CK_RV *pError
-)
+nssCKMDSessionObject_Create(
+ NSSCKFWToken *fwToken,
+ NSSArena *arena,
+ CK_ATTRIBUTE_PTR attributes,
+ CK_ULONG ulCount,
+ CK_RV *pError)
{
- NSSCKMDObject *mdObject = (NSSCKMDObject *)NULL;
- nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)NULL;
- CK_ULONG i;
- nssCKFWHash *hash;
+ NSSCKMDObject *mdObject = (NSSCKMDObject *)NULL;
+ nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)NULL;
+ CK_ULONG i;
+ nssCKFWHash *hash;
- *pError = CKR_OK;
+ *pError = CKR_OK;
- mdso = nss_ZNEW(arena, nssCKMDSessionObject);
- if (!mdso) {
- goto loser;
- }
-
- mdso->arena = arena;
- mdso->n = ulCount;
- mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount);
- if (!mdso->attributes) {
- goto loser;
- }
-
- mdso->types = nss_ZNEWARRAY(arena, CK_ATTRIBUTE_TYPE, ulCount);
- if (!mdso->types) {
- goto loser;
- }
- for( i = 0; i < ulCount; i++ ) {
- mdso->types[i] = attributes[i].type;
- mdso->attributes[i].size = attributes[i].ulValueLen;
- mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen);
- if (!mdso->attributes[i].data) {
- goto loser;
+ mdso = nss_ZNEW(arena, nssCKMDSessionObject);
+ if (!mdso) {
+ goto loser;
}
- (void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue,
- attributes[i].ulValueLen);
- }
- mdObject = nss_ZNEW(arena, NSSCKMDObject);
- if (!mdObject) {
- goto loser;
- }
+ mdso->arena = arena;
+ mdso->n = ulCount;
+ mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount);
+ if (!mdso->attributes) {
+ goto loser;
+ }
- mdObject->etc = (void *)mdso;
- mdObject->Finalize = nss_ckmdSessionObject_Finalize;
- mdObject->Destroy = nss_ckmdSessionObject_Destroy;
- mdObject->IsTokenObject = nss_ckmdSessionObject_IsTokenObject;
- mdObject->GetAttributeCount = nss_ckmdSessionObject_GetAttributeCount;
- mdObject->GetAttributeTypes = nss_ckmdSessionObject_GetAttributeTypes;
- mdObject->GetAttributeSize = nss_ckmdSessionObject_GetAttributeSize;
- mdObject->GetAttribute = nss_ckmdSessionObject_GetAttribute;
- mdObject->SetAttribute = nss_ckmdSessionObject_SetAttribute;
- mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize;
+ mdso->types = nss_ZNEWARRAY(arena, CK_ATTRIBUTE_TYPE, ulCount);
+ if (!mdso->types) {
+ goto loser;
+ }
+ for (i = 0; i < ulCount; i++) {
+ mdso->types[i] = attributes[i].type;
+ mdso->attributes[i].size = attributes[i].ulValueLen;
+ mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen);
+ if (!mdso->attributes[i].data) {
+ goto loser;
+ }
+ (void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue,
+ attributes[i].ulValueLen);
+ }
- hash = nssCKFWToken_GetSessionObjectHash(fwToken);
- if (!hash) {
- *pError = CKR_GENERAL_ERROR;
- goto loser;
- }
+ mdObject = nss_ZNEW(arena, NSSCKMDObject);
+ if (!mdObject) {
+ goto loser;
+ }
- mdso->hash = hash;
+ mdObject->etc = (void *)mdso;
+ mdObject->Finalize = nss_ckmdSessionObject_Finalize;
+ mdObject->Destroy = nss_ckmdSessionObject_Destroy;
+ mdObject->IsTokenObject = nss_ckmdSessionObject_IsTokenObject;
+ mdObject->GetAttributeCount = nss_ckmdSessionObject_GetAttributeCount;
+ mdObject->GetAttributeTypes = nss_ckmdSessionObject_GetAttributeTypes;
+ mdObject->GetAttributeSize = nss_ckmdSessionObject_GetAttributeSize;
+ mdObject->GetAttribute = nss_ckmdSessionObject_GetAttribute;
+ mdObject->SetAttribute = nss_ckmdSessionObject_SetAttribute;
+ mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize;
- *pError = nssCKFWHash_Add(hash, mdObject, mdObject);
- if( CKR_OK != *pError ) {
- goto loser;
- }
+ hash = nssCKFWToken_GetSessionObjectHash(fwToken);
+ if (!hash) {
+ *pError = CKR_GENERAL_ERROR;
+ goto loser;
+ }
+
+ mdso->hash = hash;
+
+ *pError = nssCKFWHash_Add(hash, mdObject, mdObject);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
#ifdef DEBUG
- if(( *pError = nss_ckmdSessionObject_add_pointer(mdObject)) != CKR_OK ) {
- goto loser;
- }
+ if ((*pError = nss_ckmdSessionObject_add_pointer(mdObject)) != CKR_OK) {
+ goto loser;
+ }
#endif /* DEBUG */
- return mdObject;
+ return mdObject;
- loser:
- if (mdso) {
- if (mdso->attributes) {
- for( i = 0; i < ulCount; i++ ) {
- nss_ZFreeIf(mdso->attributes[i].data);
- }
- nss_ZFreeIf(mdso->attributes);
+loser:
+ if (mdso) {
+ if (mdso->attributes) {
+ for (i = 0; i < ulCount; i++) {
+ nss_ZFreeIf(mdso->attributes[i].data);
+ }
+ nss_ZFreeIf(mdso->attributes);
+ }
+ nss_ZFreeIf(mdso->types);
+ nss_ZFreeIf(mdso);
}
- nss_ZFreeIf(mdso->types);
- nss_ZFreeIf(mdso);
- }
- nss_ZFreeIf(mdObject);
- if (*pError == CKR_OK) {
- *pError = CKR_HOST_MEMORY;
- }
- return (NSSCKMDObject *)NULL;
+ nss_ZFreeIf(mdObject);
+ if (*pError == CKR_OK) {
+ *pError = CKR_HOST_MEMORY;
+ }
+ return (NSSCKMDObject *)NULL;
}
/*
@@ -322,20 +296,18 @@
*
*/
static void
-nss_ckmdSessionObject_Finalize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+nss_ckmdSessionObject_Finalize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- /* This shouldn't ever be called */
- return;
+ /* This shouldn't ever be called */
+ return;
}
/*
@@ -344,48 +316,46 @@
*/
static CK_RV
-nss_ckmdSessionObject_Destroy
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+nss_ckmdSessionObject_Destroy(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#endif /* NSSDEBUG */
- nssCKMDSessionObject *mdso;
- CK_ULONG i;
+ nssCKMDSessionObject *mdso;
+ CK_ULONG i;
#ifdef NSSDEBUG
- error = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nss_ckmdSessionObject_verifyPointer(mdObject);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- mdso = (nssCKMDSessionObject *)mdObject->etc;
+ mdso = (nssCKMDSessionObject *)mdObject->etc;
- nssCKFWHash_Remove(mdso->hash, mdObject);
+ nssCKFWHash_Remove(mdso->hash, mdObject);
- for( i = 0; i < mdso->n; i++ ) {
- nss_ZFreeIf(mdso->attributes[i].data);
- }
- nss_ZFreeIf(mdso->attributes);
- nss_ZFreeIf(mdso->types);
- nss_ZFreeIf(mdso);
- nss_ZFreeIf(mdObject);
+ for (i = 0; i < mdso->n; i++) {
+ nss_ZFreeIf(mdso->attributes[i].data);
+ }
+ nss_ZFreeIf(mdso->attributes);
+ nss_ZFreeIf(mdso->types);
+ nss_ZFreeIf(mdso);
+ nss_ZFreeIf(mdObject);
#ifdef DEBUG
- (void)nss_ckmdSessionObject_remove_pointer(mdObject);
+ (void)nss_ckmdSessionObject_remove_pointer(mdObject);
#endif /* DEBUG */
- return CKR_OK;
+ return CKR_OK;
}
/*
@@ -394,28 +364,26 @@
*/
static CK_BBOOL
-nss_ckmdSessionObject_IsTokenObject
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+nss_ckmdSessionObject_IsTokenObject(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
#ifdef NSSDEBUG
- if( CKR_OK != nss_ckmdSessionObject_verifyPointer(mdObject) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nss_ckmdSessionObject_verifyPointer(mdObject)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- /*
- * This implementation is only ever used for session objects.
- */
- return CK_FALSE;
+ /*
+ * This implementation is only ever used for session objects.
+ */
+ return CK_FALSE;
}
/*
@@ -423,37 +391,35 @@
*
*/
static CK_ULONG
-nss_ckmdSessionObject_GetAttributeCount
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+nss_ckmdSessionObject_GetAttributeCount(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- nssCKMDSessionObject *obj;
+ nssCKMDSessionObject *obj;
#ifdef NSSDEBUG
- if (!pError) {
- return 0;
- }
+ if (!pError) {
+ return 0;
+ }
- *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != *pError ) {
- return 0;
- }
+ *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
+ if (CKR_OK != *pError) {
+ return 0;
+ }
- /* We could even check all the other arguments, for sanity. */
+/* We could even check all the other arguments, for sanity. */
#endif /* NSSDEBUG */
- obj = (nssCKMDSessionObject *)mdObject->etc;
+ obj = (nssCKMDSessionObject *)mdObject->etc;
- return obj->n;
+ return obj->n;
}
/*
@@ -461,44 +427,43 @@
*
*/
static CK_RV
-nss_ckmdSessionObject_GetAttributeTypes
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE_PTR typeArray,
- CK_ULONG ulCount
-)
+nss_ckmdSessionObject_GetAttributeTypes(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE_PTR typeArray,
+ CK_ULONG ulCount)
{
#ifdef NSSDEBUG
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#endif /* NSSDEBUG */
- nssCKMDSessionObject *obj;
+ nssCKMDSessionObject *obj;
#ifdef NSSDEBUG
- error = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nss_ckmdSessionObject_verifyPointer(mdObject);
+ if (CKR_OK != error) {
+ return error;
+ }
- /* We could even check all the other arguments, for sanity. */
+/* We could even check all the other arguments, for sanity. */
#endif /* NSSDEBUG */
- obj = (nssCKMDSessionObject *)mdObject->etc;
+ obj = (nssCKMDSessionObject *)mdObject->etc;
- if( ulCount < obj->n ) {
- return CKR_BUFFER_TOO_SMALL;
- }
+ if (ulCount < obj->n) {
+ return CKR_BUFFER_TOO_SMALL;
+ }
- (void)nsslibc_memcpy(typeArray, obj->types,
- sizeof(CK_ATTRIBUTE_TYPE) * obj->n);
+ (void)nsslibc_memcpy(typeArray, obj->types,
+ sizeof(CK_ATTRIBUTE_TYPE) *
+ obj->n);
- return CKR_OK;
+ return CKR_OK;
}
/*
@@ -506,46 +471,44 @@
*
*/
static CK_ULONG
-nss_ckmdSessionObject_GetAttributeSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+nss_ckmdSessionObject_GetAttributeSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
- nssCKMDSessionObject *obj;
- CK_ULONG i;
+ nssCKMDSessionObject *obj;
+ CK_ULONG i;
#ifdef NSSDEBUG
- if (!pError) {
- return 0;
- }
+ if (!pError) {
+ return 0;
+ }
- *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != *pError ) {
- return 0;
- }
+ *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
+ if (CKR_OK != *pError) {
+ return 0;
+ }
- /* We could even check all the other arguments, for sanity. */
+/* We could even check all the other arguments, for sanity. */
#endif /* NSSDEBUG */
- obj = (nssCKMDSessionObject *)mdObject->etc;
+ obj = (nssCKMDSessionObject *)mdObject->etc;
- for( i = 0; i < obj->n; i++ ) {
- if( attribute == obj->types[i] ) {
- return (CK_ULONG)(obj->attributes[i].size);
+ for (i = 0; i < obj->n; i++) {
+ if (attribute == obj->types[i]) {
+ return (CK_ULONG)(obj->attributes[i].size);
+ }
}
- }
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return 0;
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+ return 0;
}
/*
@@ -553,50 +516,48 @@
*
*/
static NSSCKFWItem
-nss_ckmdSessionObject_GetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- CK_RV *pError
-)
+nss_ckmdSessionObject_GetAttribute(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ CK_RV *pError)
{
- NSSCKFWItem item;
- nssCKMDSessionObject *obj;
- CK_ULONG i;
+ NSSCKFWItem item;
+ nssCKMDSessionObject *obj;
+ CK_ULONG i;
- item.needsFreeing = PR_FALSE;
- item.item = NULL;
+ item.needsFreeing = PR_FALSE;
+ item.item = NULL;
#ifdef NSSDEBUG
- if (!pError) {
- return item;
- }
+ if (!pError) {
+ return item;
+ }
- *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != *pError ) {
- return item;
- }
+ *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
+ if (CKR_OK != *pError) {
+ return item;
+ }
- /* We could even check all the other arguments, for sanity. */
+/* We could even check all the other arguments, for sanity. */
#endif /* NSSDEBUG */
- obj = (nssCKMDSessionObject *)mdObject->etc;
+ obj = (nssCKMDSessionObject *)mdObject->etc;
- for( i = 0; i < obj->n; i++ ) {
- if( attribute == obj->types[i] ) {
- item.item = &obj->attributes[i];
- return item;
+ for (i = 0; i < obj->n; i++) {
+ if (attribute == obj->types[i]) {
+ item.item = &obj->attributes[i];
+ return item;
+ }
}
- }
- *pError = CKR_ATTRIBUTE_TYPE_INVALID;
- return item;
+ *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+ return item;
}
/*
@@ -612,79 +573,77 @@
* more easily. Do this later.
*/
static CK_RV
-nss_ckmdSessionObject_SetAttribute
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_ATTRIBUTE_TYPE attribute,
- NSSItem *value
-)
+nss_ckmdSessionObject_SetAttribute(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_ATTRIBUTE_TYPE attribute,
+ NSSItem *value)
{
- nssCKMDSessionObject *obj;
- CK_ULONG i;
- NSSItem n;
- NSSItem *ra;
- CK_ATTRIBUTE_TYPE_PTR rt;
+ nssCKMDSessionObject *obj;
+ CK_ULONG i;
+ NSSItem n;
+ NSSItem *ra;
+ CK_ATTRIBUTE_TYPE_PTR rt;
#ifdef NSSDEBUG
- CK_RV error;
+ CK_RV error;
#endif /* NSSDEBUG */
#ifdef NSSDEBUG
- error = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != error ) {
- return 0;
- }
-
- /* We could even check all the other arguments, for sanity. */
-#endif /* NSSDEBUG */
-
- obj = (nssCKMDSessionObject *)mdObject->etc;
-
- n.size = value->size;
- n.data = nss_ZAlloc(obj->arena, n.size);
- if (!n.data) {
- return CKR_HOST_MEMORY;
- }
- (void)nsslibc_memcpy(n.data, value->data, n.size);
-
- for( i = 0; i < obj->n; i++ ) {
- if( attribute == obj->types[i] ) {
- nss_ZFreeIf(obj->attributes[i].data);
- obj->attributes[i] = n;
- return CKR_OK;
+ error = nss_ckmdSessionObject_verifyPointer(mdObject);
+ if (CKR_OK != error) {
+ return 0;
}
- }
- /*
- * It's new.
- */
+/* We could even check all the other arguments, for sanity. */
+#endif /* NSSDEBUG */
- ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1));
- if (!ra) {
- nss_ZFreeIf(n.data);
- return CKR_HOST_MEMORY;
- }
- obj->attributes = ra;
+ obj = (nssCKMDSessionObject *)mdObject->etc;
- rt = (CK_ATTRIBUTE_TYPE_PTR)nss_ZRealloc(obj->types,
- sizeof(CK_ATTRIBUTE_TYPE) * (obj->n + 1));
- if (!rt) {
- nss_ZFreeIf(n.data);
- return CKR_HOST_MEMORY;
- }
+ n.size = value->size;
+ n.data = nss_ZAlloc(obj->arena, n.size);
+ if (!n.data) {
+ return CKR_HOST_MEMORY;
+ }
+ (void)nsslibc_memcpy(n.data, value->data, n.size);
- obj->types = rt;
- obj->attributes[obj->n] = n;
- obj->types[obj->n] = attribute;
- obj->n++;
+ for (i = 0; i < obj->n; i++) {
+ if (attribute == obj->types[i]) {
+ nss_ZFreeIf(obj->attributes[i].data);
+ obj->attributes[i] = n;
+ return CKR_OK;
+ }
+ }
- return CKR_OK;
+ /*
+ * It's new.
+ */
+
+ ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1));
+ if (!ra) {
+ nss_ZFreeIf(n.data);
+ return CKR_HOST_MEMORY;
+ }
+ obj->attributes = ra;
+
+ rt = (CK_ATTRIBUTE_TYPE_PTR)nss_ZRealloc(obj->types,
+ sizeof(CK_ATTRIBUTE_TYPE) * (obj->n + 1));
+ if (!rt) {
+ nss_ZFreeIf(n.data);
+ return CKR_HOST_MEMORY;
+ }
+
+ obj->types = rt;
+ obj->attributes[obj->n] = n;
+ obj->types[obj->n] = attribute;
+ obj->n++;
+
+ return CKR_OK;
}
/*
@@ -692,47 +651,45 @@
*
*/
static CK_ULONG
-nss_ckmdSessionObject_GetObjectSize
-(
- NSSCKMDObject *mdObject,
- NSSCKFWObject *fwObject,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- CK_RV *pError
-)
+nss_ckmdSessionObject_GetObjectSize(
+ NSSCKMDObject *mdObject,
+ NSSCKFWObject *fwObject,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ CK_RV *pError)
{
- nssCKMDSessionObject *obj;
- CK_ULONG i;
- CK_ULONG rv = (CK_ULONG)0;
+ nssCKMDSessionObject *obj;
+ CK_ULONG i;
+ CK_ULONG rv = (CK_ULONG)0;
#ifdef NSSDEBUG
- if (!pError) {
- return 0;
- }
+ if (!pError) {
+ return 0;
+ }
- *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
- if( CKR_OK != *pError ) {
- return 0;
- }
+ *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
+ if (CKR_OK != *pError) {
+ return 0;
+ }
- /* We could even check all the other arguments, for sanity. */
+/* We could even check all the other arguments, for sanity. */
#endif /* NSSDEBUG */
- obj = (nssCKMDSessionObject *)mdObject->etc;
+ obj = (nssCKMDSessionObject *)mdObject->etc;
- for( i = 0; i < obj->n; i++ ) {
- rv += obj->attributes[i].size;
- }
+ for (i = 0; i < obj->n; i++) {
+ rv += obj->attributes[i].size;
+ }
- rv += sizeof(NSSItem) * obj->n;
- rv += sizeof(CK_ATTRIBUTE_TYPE) * obj->n;
- rv += sizeof(nssCKMDSessionObject);
+ rv += sizeof(NSSItem) * obj->n;
+ rv += sizeof(CK_ATTRIBUTE_TYPE) * obj->n;
+ rv += sizeof(nssCKMDSessionObject);
- return rv;
+ return rv;
}
/*
@@ -747,18 +704,17 @@
*/
struct nodeStr {
- struct nodeStr *next;
- NSSCKMDObject *mdObject;
+ struct nodeStr *next;
+ NSSCKMDObject *mdObject;
};
struct nssCKMDFindSessionObjectsStr {
- NSSArena *arena;
- CK_RV error;
- CK_ATTRIBUTE_PTR pTemplate;
- CK_ULONG ulCount;
- struct nodeStr *list;
- nssCKFWHash *hash;
-
+ NSSArena *arena;
+ CK_RV error;
+ CK_ATTRIBUTE_PTR pTemplate;
+ CK_ULONG ulCount;
+ struct nodeStr *list;
+ nssCKFWHash *hash;
};
typedef struct nssCKMDFindSessionObjectsStr nssCKMDFindSessionObjects;
@@ -775,31 +731,25 @@
*/
static CK_RV
-nss_ckmdFindSessionObjects_add_pointer
-(
- const NSSCKMDFindObjects *mdFindObjects
-)
+nss_ckmdFindSessionObjects_add_pointer(
+ const NSSCKMDFindObjects *mdFindObjects)
{
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
-nss_ckmdFindSessionObjects_remove_pointer
-(
- const NSSCKMDFindObjects *mdFindObjects
-)
+nss_ckmdFindSessionObjects_remove_pointer(
+ const NSSCKMDFindObjects *mdFindObjects)
{
- return CKR_OK;
+ return CKR_OK;
}
#ifdef NSS_DEBUG
static CK_RV
-nss_ckmdFindSessionObjects_verifyPointer
-(
- const NSSCKMDFindObjects *mdFindObjects
-)
+nss_ckmdFindSessionObjects_verifyPointer(
+ const NSSCKMDFindObjects *mdFindObjects)
{
- return CKR_OK;
+ return CKR_OK;
}
#endif
@@ -809,104 +759,96 @@
* We must forward-declare these routines.
*/
static void
-nss_ckmdFindSessionObjects_Final
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-);
+nss_ckmdFindSessionObjects_Final(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance);
static NSSCKMDObject *
-nss_ckmdFindSessionObjects_Next
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-);
+nss_ckmdFindSessionObjects_Next(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError);
static CK_BBOOL
-items_match
-(
- NSSItem *a,
- CK_VOID_PTR pValue,
- CK_ULONG ulValueLen
-)
+items_match(
+ NSSItem *a,
+ CK_VOID_PTR pValue,
+ CK_ULONG ulValueLen)
{
- if( a->size != ulValueLen ) {
- return CK_FALSE;
- }
+ if (a->size != ulValueLen) {
+ return CK_FALSE;
+ }
- if( PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL) ) {
- return CK_TRUE;
- } else {
- return CK_FALSE;
- }
+ if (PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL)) {
+ return CK_TRUE;
+ } else {
+ return CK_FALSE;
+ }
}
/*
* Our hashtable iterator
*/
static void
-findfcn
-(
- const void *key,
- void *value,
- void *closure
-)
+findfcn(
+ const void *key,
+ void *value,
+ void *closure)
{
- NSSCKMDObject *mdObject = (NSSCKMDObject *)value;
- nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)mdObject->etc;
- nssCKMDFindSessionObjects *mdfso = (nssCKMDFindSessionObjects *)closure;
- CK_ULONG i, j;
- struct nodeStr *node;
+ NSSCKMDObject *mdObject = (NSSCKMDObject *)value;
+ nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)mdObject->etc;
+ nssCKMDFindSessionObjects *mdfso = (nssCKMDFindSessionObjects *)closure;
+ CK_ULONG i, j;
+ struct nodeStr *node;
- if( CKR_OK != mdfso->error ) {
- return;
- }
+ if (CKR_OK != mdfso->error) {
+ return;
+ }
- for( i = 0; i < mdfso->ulCount; i++ ) {
- CK_ATTRIBUTE_PTR p = &mdfso->pTemplate[i];
+ for (i = 0; i < mdfso->ulCount; i++) {
+ CK_ATTRIBUTE_PTR p = &mdfso->pTemplate[i];
- for( j = 0; j < mdso->n; j++ ) {
- if( mdso->types[j] == p->type ) {
- if( !items_match(&mdso->attributes[j], p->pValue, p->ulValueLen) ) {
- return;
- } else {
- break;
+ for (j = 0; j < mdso->n; j++) {
+ if (mdso->types[j] == p->type) {
+ if (!items_match(&mdso->attributes[j], p->pValue, p->ulValueLen)) {
+ return;
+ } else {
+ break;
+ }
+ }
}
- }
+
+ if (j == mdso->n) {
+ /* Attribute not found */
+ return;
+ }
}
- if( j == mdso->n ) {
- /* Attribute not found */
- return;
+ /* Matches */
+ node = nss_ZNEW(mdfso->arena, struct nodeStr);
+ if ((struct nodeStr *)NULL == node) {
+ mdfso->error = CKR_HOST_MEMORY;
+ return;
}
- }
- /* Matches */
- node = nss_ZNEW(mdfso->arena, struct nodeStr);
- if( (struct nodeStr *)NULL == node ) {
- mdfso->error = CKR_HOST_MEMORY;
+ node->mdObject = mdObject;
+ node->next = mdfso->list;
+ mdfso->list = node;
+
return;
- }
-
- node->mdObject = mdObject;
- node->next = mdfso->list;
- mdfso->list = node;
-
- return;
}
/*
@@ -914,162 +856,157 @@
*
*/
NSS_IMPLEMENT NSSCKMDFindObjects *
-nssCKMDFindSessionObjects_Create
-(
- NSSCKFWToken *fwToken,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_RV *pError
-)
+nssCKMDFindSessionObjects_Create(
+ NSSCKFWToken *fwToken,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_RV *pError)
{
- NSSArena *arena;
- nssCKMDFindSessionObjects *mdfso;
- nssCKFWHash *hash;
- NSSCKMDFindObjects *rv;
+ NSSArena *arena;
+ nssCKMDFindSessionObjects *mdfso;
+ nssCKFWHash *hash;
+ NSSCKMDFindObjects *rv;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKMDFindObjects *)NULL;
- }
+ if (!pError) {
+ return (NSSCKMDFindObjects *)NULL;
+ }
- *pError = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != *pError ) {
- return (NSSCKMDFindObjects *)NULL;
- }
+ *pError = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != *pError) {
+ return (NSSCKMDFindObjects *)NULL;
+ }
- if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKMDFindObjects *)NULL;
- }
+ if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKMDFindObjects *)NULL;
+ }
#endif /* NSSDEBUG */
- *pError = CKR_OK;
+ *pError = CKR_OK;
- hash = nssCKFWToken_GetSessionObjectHash(fwToken);
- if (!hash) {
- *pError= CKR_GENERAL_ERROR;
- return (NSSCKMDFindObjects *)NULL;
- }
+ hash = nssCKFWToken_GetSessionObjectHash(fwToken);
+ if (!hash) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKMDFindObjects *)NULL;
+ }
- arena = NSSArena_Create();
- if (!arena) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKMDFindObjects *)NULL;
- }
+ arena = NSSArena_Create();
+ if (!arena) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKMDFindObjects *)NULL;
+ }
- mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects);
- if (!mdfso) {
- goto loser;
- }
+ mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects);
+ if (!mdfso) {
+ goto loser;
+ }
- rv = nss_ZNEW(arena, NSSCKMDFindObjects);
- if(rv == NULL) {
- goto loser;
- }
+ rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+ if (rv == NULL) {
+ goto loser;
+ }
- mdfso->error = CKR_OK;
- mdfso->pTemplate = pTemplate;
- mdfso->ulCount = ulCount;
- mdfso->hash = hash;
+ mdfso->error = CKR_OK;
+ mdfso->pTemplate = pTemplate;
+ mdfso->ulCount = ulCount;
+ mdfso->hash = hash;
- nssCKFWHash_Iterate(hash, findfcn, mdfso);
+ nssCKFWHash_Iterate(hash, findfcn, mdfso);
- if( CKR_OK != mdfso->error ) {
- goto loser;
- }
+ if (CKR_OK != mdfso->error) {
+ goto loser;
+ }
- rv->etc = (void *)mdfso;
- rv->Final = nss_ckmdFindSessionObjects_Final;
- rv->Next = nss_ckmdFindSessionObjects_Next;
+ rv->etc = (void *)mdfso;
+ rv->Final = nss_ckmdFindSessionObjects_Final;
+ rv->Next = nss_ckmdFindSessionObjects_Next;
#ifdef DEBUG
- if( (*pError = nss_ckmdFindSessionObjects_add_pointer(rv)) != CKR_OK ) {
- goto loser;
- }
-#endif /* DEBUG */
- mdfso->arena = arena;
+ if ((*pError = nss_ckmdFindSessionObjects_add_pointer(rv)) != CKR_OK) {
+ goto loser;
+ }
+#endif /* DEBUG */
+ mdfso->arena = arena;
- return rv;
+ return rv;
loser:
- if (arena) {
- NSSArena_Destroy(arena);
- }
- if (*pError == CKR_OK) {
- *pError = CKR_HOST_MEMORY;
- }
- return NULL;
+ if (arena) {
+ NSSArena_Destroy(arena);
+ }
+ if (*pError == CKR_OK) {
+ *pError = CKR_HOST_MEMORY;
+ }
+ return NULL;
}
static void
-nss_ckmdFindSessionObjects_Final
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance
-)
+nss_ckmdFindSessionObjects_Final(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance)
{
- nssCKMDFindSessionObjects *mdfso;
+ nssCKMDFindSessionObjects *mdfso;
#ifdef NSSDEBUG
- if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) {
- return;
- }
+ if (CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects)) {
+ return;
+ }
#endif /* NSSDEBUG */
- mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
- if (mdfso->arena) NSSArena_Destroy(mdfso->arena);
+ mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
+ if (mdfso->arena)
+ NSSArena_Destroy(mdfso->arena);
#ifdef DEBUG
- (void)nss_ckmdFindSessionObjects_remove_pointer(mdFindObjects);
+ (void)nss_ckmdFindSessionObjects_remove_pointer(mdFindObjects);
#endif /* DEBUG */
- return;
+ return;
}
static NSSCKMDObject *
-nss_ckmdFindSessionObjects_Next
-(
- NSSCKMDFindObjects *mdFindObjects,
- NSSCKFWFindObjects *fwFindObjects,
- NSSCKMDSession *mdSession,
- NSSCKFWSession *fwSession,
- NSSCKMDToken *mdToken,
- NSSCKFWToken *fwToken,
- NSSCKMDInstance *mdInstance,
- NSSCKFWInstance *fwInstance,
- NSSArena *arena,
- CK_RV *pError
-)
+nss_ckmdFindSessionObjects_Next(
+ NSSCKMDFindObjects *mdFindObjects,
+ NSSCKFWFindObjects *fwFindObjects,
+ NSSCKMDSession *mdSession,
+ NSSCKFWSession *fwSession,
+ NSSCKMDToken *mdToken,
+ NSSCKFWToken *fwToken,
+ NSSCKMDInstance *mdInstance,
+ NSSCKFWInstance *fwInstance,
+ NSSArena *arena,
+ CK_RV *pError)
{
- nssCKMDFindSessionObjects *mdfso;
- NSSCKMDObject *rv = (NSSCKMDObject *)NULL;
+ nssCKMDFindSessionObjects *mdfso;
+ NSSCKMDObject *rv = (NSSCKMDObject *)NULL;
#ifdef NSSDEBUG
- if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) {
- return (NSSCKMDObject *)NULL;
- }
+ if (CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects)) {
+ return (NSSCKMDObject *)NULL;
+ }
#endif /* NSSDEBUG */
- mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
+ mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
- while (!rv) {
- if( (struct nodeStr *)NULL == mdfso->list ) {
- *pError = CKR_OK;
- return (NSSCKMDObject *)NULL;
+ while (!rv) {
+ if ((struct nodeStr *)NULL == mdfso->list) {
+ *pError = CKR_OK;
+ return (NSSCKMDObject *)NULL;
+ }
+
+ if (nssCKFWHash_Exists(mdfso->hash, mdfso->list->mdObject)) {
+ rv = mdfso->list->mdObject;
+ }
+
+ mdfso->list = mdfso->list->next;
}
- if( nssCKFWHash_Exists(mdfso->hash, mdfso->list->mdObject) ) {
- rv = mdfso->list->mdObject;
- }
-
- mdfso->list = mdfso->list->next;
- }
-
- return rv;
+ return rv;
}
diff --git a/nss/lib/ckfw/slot.c b/nss/lib/ckfw/slot.c
index 658aedb..495e546 100644
--- a/nss/lib/ckfw/slot.c
+++ b/nss/lib/ckfw/slot.c
@@ -46,35 +46,35 @@
*/
struct NSSCKFWSlotStr {
- NSSCKFWMutex *mutex;
- NSSCKMDSlot *mdSlot;
- NSSCKFWInstance *fwInstance;
- NSSCKMDInstance *mdInstance;
- CK_SLOT_ID slotID;
+ NSSCKFWMutex *mutex;
+ NSSCKMDSlot *mdSlot;
+ NSSCKFWInstance *fwInstance;
+ NSSCKMDInstance *mdInstance;
+ CK_SLOT_ID slotID;
- /*
- * Everything above is set at creation time, and then not modified.
- * The invariants the mutex protects are:
- *
- * 1) Each of the cached descriptions (versions, etc.) are in an
- * internally consistant state.
- *
- * 2) The fwToken points to the token currently in the slot, and
- * it is in a consistant state.
- *
- * Note that the calls accessing the cached descriptions will
- * call the NSSCKMDSlot methods with the mutex locked. Those
- * methods may then call the public NSSCKFWSlot routines. Those
- * public routines only access the constant data above, so there's
- * no problem. But be careful if you add to this object; mutexes
- * are in general not reentrant, so don't create deadlock situations.
- */
+ /*
+ * Everything above is set at creation time, and then not modified.
+ * The invariants the mutex protects are:
+ *
+ * 1) Each of the cached descriptions (versions, etc.) are in an
+ * internally consistant state.
+ *
+ * 2) The fwToken points to the token currently in the slot, and
+ * it is in a consistant state.
+ *
+ * Note that the calls accessing the cached descriptions will
+ * call the NSSCKMDSlot methods with the mutex locked. Those
+ * methods may then call the public NSSCKFWSlot routines. Those
+ * public routines only access the constant data above, so there's
+ * no problem. But be careful if you add to this object; mutexes
+ * are in general not reentrant, so don't create deadlock situations.
+ */
- NSSUTF8 *slotDescription;
- NSSUTF8 *manufacturerID;
- CK_VERSION hardwareVersion;
- CK_VERSION firmwareVersion;
- NSSCKFWToken *fwToken;
+ NSSUTF8 *slotDescription;
+ NSSUTF8 *manufacturerID;
+ CK_VERSION hardwareVersion;
+ CK_VERSION firmwareVersion;
+ NSSCKFWToken *fwToken;
};
#ifdef DEBUG
@@ -90,30 +90,24 @@
*/
static CK_RV
-slot_add_pointer
-(
- const NSSCKFWSlot *fwSlot
-)
+slot_add_pointer(
+ const NSSCKFWSlot *fwSlot)
{
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
-slot_remove_pointer
-(
- const NSSCKFWSlot *fwSlot
-)
+slot_remove_pointer(
+ const NSSCKFWSlot *fwSlot)
{
- return CKR_OK;
+ return CKR_OK;
}
NSS_IMPLEMENT CK_RV
-nssCKFWSlot_verifyPointer
-(
- const NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_verifyPointer(
+ const NSSCKFWSlot *fwSlot)
{
- return CKR_OK;
+ return CKR_OK;
}
#endif /* DEBUG */
@@ -123,86 +117,84 @@
*
*/
NSS_IMPLEMENT NSSCKFWSlot *
-nssCKFWSlot_Create
-(
- NSSCKFWInstance *fwInstance,
- NSSCKMDSlot *mdSlot,
- CK_SLOT_ID slotID,
- CK_RV *pError
-)
+nssCKFWSlot_Create(
+ NSSCKFWInstance *fwInstance,
+ NSSCKMDSlot *mdSlot,
+ CK_SLOT_ID slotID,
+ CK_RV *pError)
{
- NSSCKFWSlot *fwSlot;
- NSSCKMDInstance *mdInstance;
- NSSArena *arena;
+ NSSCKFWSlot *fwSlot;
+ NSSCKMDInstance *mdInstance;
+ NSSArena *arena;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWSlot *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWSlot *)NULL;
+ }
- *pError = nssCKFWInstance_verifyPointer(fwInstance);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSlot *)NULL;
- }
+ *pError = nssCKFWInstance_verifyPointer(fwInstance);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWSlot *)NULL;
+ }
#endif /* NSSDEBUG */
- mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
- if (!mdInstance) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWSlot *)NULL;
- }
-
- arena = nssCKFWInstance_GetArena(fwInstance, pError);
- if (!arena) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
+ if (!mdInstance) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKFWSlot *)NULL;
}
- }
- fwSlot = nss_ZNEW(arena, NSSCKFWSlot);
- if (!fwSlot) {
- *pError = CKR_HOST_MEMORY;
- return (NSSCKFWSlot *)NULL;
- }
-
- fwSlot->mdSlot = mdSlot;
- fwSlot->fwInstance = fwInstance;
- fwSlot->mdInstance = mdInstance;
- fwSlot->slotID = slotID;
-
- fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
- if (!fwSlot->mutex) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ arena = nssCKFWInstance_GetArena(fwInstance, pError);
+ if (!arena) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
}
- (void)nss_ZFreeIf(fwSlot);
- return (NSSCKFWSlot *)NULL;
- }
- if (mdSlot->Initialize) {
- *pError = CKR_OK;
- *pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance);
- if( CKR_OK != *pError ) {
- (void)nssCKFWMutex_Destroy(fwSlot->mutex);
- (void)nss_ZFreeIf(fwSlot);
- return (NSSCKFWSlot *)NULL;
+ fwSlot = nss_ZNEW(arena, NSSCKFWSlot);
+ if (!fwSlot) {
+ *pError = CKR_HOST_MEMORY;
+ return (NSSCKFWSlot *)NULL;
}
- }
+
+ fwSlot->mdSlot = mdSlot;
+ fwSlot->fwInstance = fwInstance;
+ fwSlot->mdInstance = mdInstance;
+ fwSlot->slotID = slotID;
+
+ fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
+ if (!fwSlot->mutex) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ (void)nss_ZFreeIf(fwSlot);
+ return (NSSCKFWSlot *)NULL;
+ }
+
+ if (mdSlot->Initialize) {
+ *pError = CKR_OK;
+ *pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance);
+ if (CKR_OK != *pError) {
+ (void)nssCKFWMutex_Destroy(fwSlot->mutex);
+ (void)nss_ZFreeIf(fwSlot);
+ return (NSSCKFWSlot *)NULL;
+ }
+ }
#ifdef DEBUG
- *pError = slot_add_pointer(fwSlot);
- if( CKR_OK != *pError ) {
- if (mdSlot->Destroy) {
- mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance);
- }
+ *pError = slot_add_pointer(fwSlot);
+ if (CKR_OK != *pError) {
+ if (mdSlot->Destroy) {
+ mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance);
+ }
- (void)nssCKFWMutex_Destroy(fwSlot->mutex);
- (void)nss_ZFreeIf(fwSlot);
- return (NSSCKFWSlot *)NULL;
- }
+ (void)nssCKFWMutex_Destroy(fwSlot->mutex);
+ (void)nss_ZFreeIf(fwSlot);
+ return (NSSCKFWSlot *)NULL;
+ }
#endif /* DEBUG */
- return fwSlot;
+ return fwSlot;
}
/*
@@ -210,35 +202,33 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSlot_Destroy
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_Destroy(
+ NSSCKFWSlot *fwSlot)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWSlot_verifyPointer(fwSlot);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSlot_verifyPointer(fwSlot);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- if (fwSlot->fwToken) {
- nssCKFWToken_Destroy(fwSlot->fwToken);
- }
+ if (fwSlot->fwToken) {
+ nssCKFWToken_Destroy(fwSlot->fwToken);
+ }
- (void)nssCKFWMutex_Destroy(fwSlot->mutex);
+ (void)nssCKFWMutex_Destroy(fwSlot->mutex);
- if (fwSlot->mdSlot->Destroy) {
- fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance);
- }
+ if (fwSlot->mdSlot->Destroy) {
+ fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot,
+ fwSlot->mdInstance, fwSlot->fwInstance);
+ }
#ifdef DEBUG
- error = slot_remove_pointer(fwSlot);
+ error = slot_remove_pointer(fwSlot);
#endif /* DEBUG */
- (void)nss_ZFreeIf(fwSlot);
- return error;
+ (void)nss_ZFreeIf(fwSlot);
+ return error;
}
/*
@@ -246,18 +236,16 @@
*
*/
NSS_IMPLEMENT NSSCKMDSlot *
-nssCKFWSlot_GetMDSlot
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_GetMDSlot(
+ NSSCKFWSlot *fwSlot)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKMDSlot *)NULL;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return (NSSCKMDSlot *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwSlot->mdSlot;
+ return fwSlot->mdSlot;
}
/*
@@ -266,18 +254,16 @@
*/
NSS_IMPLEMENT NSSCKFWInstance *
-nssCKFWSlot_GetFWInstance
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_GetFWInstance(
+ NSSCKFWSlot *fwSlot)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKFWInstance *)NULL;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return (NSSCKFWInstance *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwSlot->fwInstance;
+ return fwSlot->fwInstance;
}
/*
@@ -286,18 +272,16 @@
*/
NSS_IMPLEMENT NSSCKMDInstance *
-nssCKFWSlot_GetMDInstance
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_GetMDInstance(
+ NSSCKFWSlot *fwSlot)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKMDInstance *)NULL;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return (NSSCKMDInstance *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwSlot->mdInstance;
+ return fwSlot->mdInstance;
}
/*
@@ -305,18 +289,16 @@
*
*/
NSS_IMPLEMENT CK_SLOT_ID
-nssCKFWSlot_GetSlotID
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_GetSlotID(
+ NSSCKFWSlot *fwSlot)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (CK_SLOT_ID)0;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return (CK_SLOT_ID)0;
+ }
#endif /* NSSDEBUG */
- return fwSlot->slotID;
+ return fwSlot->slotID;
}
/*
@@ -324,49 +306,47 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSlot_GetSlotDescription
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR slotDescription[64]
-)
+nssCKFWSlot_GetSlotDescription(
+ NSSCKFWSlot *fwSlot,
+ CK_CHAR slotDescription[64])
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == slotDescription ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_CHAR_PTR)NULL == slotDescription) {
+ return CKR_ARGUMENTS_BAD;
+ }
- error = nssCKFWSlot_verifyPointer(fwSlot);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSlot_verifyPointer(fwSlot);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwSlot->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!fwSlot->slotDescription) {
- if (fwSlot->mdSlot->GetSlotDescription) {
- fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription(
- fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
- fwSlot->fwInstance, &error);
- if ((!fwSlot->slotDescription) && (CKR_OK != error)) {
- goto done;
- }
- } else {
- fwSlot->slotDescription = (NSSUTF8 *) "";
+ error = nssCKFWMutex_Lock(fwSlot->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- }
- (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->slotDescription, (char *)slotDescription, 64, ' ');
- error = CKR_OK;
+ if (!fwSlot->slotDescription) {
+ if (fwSlot->mdSlot->GetSlotDescription) {
+ fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription(
+ fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
+ fwSlot->fwInstance, &error);
+ if ((!fwSlot->slotDescription) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwSlot->slotDescription = (NSSUTF8 *)"";
+ }
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return error;
+ (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->slotDescription, (char *)slotDescription, 64, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+ return error;
}
/*
@@ -374,49 +354,47 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWSlot_GetManufacturerID
-(
- NSSCKFWSlot *fwSlot,
- CK_CHAR manufacturerID[32]
-)
+nssCKFWSlot_GetManufacturerID(
+ NSSCKFWSlot *fwSlot,
+ CK_CHAR manufacturerID[32])
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == manufacturerID ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_CHAR_PTR)NULL == manufacturerID) {
+ return CKR_ARGUMENTS_BAD;
+ }
- error = nssCKFWSlot_verifyPointer(fwSlot);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSlot_verifyPointer(fwSlot);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwSlot->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!fwSlot->manufacturerID) {
- if (fwSlot->mdSlot->GetManufacturerID) {
- fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID(
- fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
- fwSlot->fwInstance, &error);
- if ((!fwSlot->manufacturerID) && (CKR_OK != error)) {
- goto done;
- }
- } else {
- fwSlot->manufacturerID = (NSSUTF8 *) "";
+ error = nssCKFWMutex_Lock(fwSlot->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- }
- (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->manufacturerID, (char *)manufacturerID, 32, ' ');
- error = CKR_OK;
+ if (!fwSlot->manufacturerID) {
+ if (fwSlot->mdSlot->GetManufacturerID) {
+ fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID(
+ fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
+ fwSlot->fwInstance, &error);
+ if ((!fwSlot->manufacturerID) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwSlot->manufacturerID = (NSSUTF8 *)"";
+ }
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return error;
+ (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->manufacturerID, (char *)manufacturerID, 32, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+ return error;
}
/*
@@ -424,23 +402,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWSlot_GetTokenPresent
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_GetTokenPresent(
+ NSSCKFWSlot *fwSlot)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwSlot->mdSlot->GetTokenPresent) {
- return CK_TRUE;
- }
+ if (!fwSlot->mdSlot->GetTokenPresent) {
+ return CK_TRUE;
+ }
- return fwSlot->mdSlot->GetTokenPresent(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance);
+ return fwSlot->mdSlot->GetTokenPresent(fwSlot->mdSlot, fwSlot,
+ fwSlot->mdInstance, fwSlot->fwInstance);
}
/*
@@ -448,23 +424,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWSlot_GetRemovableDevice
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_GetRemovableDevice(
+ NSSCKFWSlot *fwSlot)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwSlot->mdSlot->GetRemovableDevice) {
- return CK_FALSE;
- }
+ if (!fwSlot->mdSlot->GetRemovableDevice) {
+ return CK_FALSE;
+ }
- return fwSlot->mdSlot->GetRemovableDevice(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance);
+ return fwSlot->mdSlot->GetRemovableDevice(fwSlot->mdSlot, fwSlot,
+ fwSlot->mdInstance, fwSlot->fwInstance);
}
/*
@@ -472,23 +446,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWSlot_GetHardwareSlot
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_GetHardwareSlot(
+ NSSCKFWSlot *fwSlot)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwSlot->mdSlot->GetHardwareSlot) {
- return CK_FALSE;
- }
+ if (!fwSlot->mdSlot->GetHardwareSlot) {
+ return CK_FALSE;
+ }
- return fwSlot->mdSlot->GetHardwareSlot(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance);
+ return fwSlot->mdSlot->GetHardwareSlot(fwSlot->mdSlot, fwSlot,
+ fwSlot->mdInstance, fwSlot->fwInstance);
}
/*
@@ -496,43 +468,41 @@
*
*/
NSS_IMPLEMENT CK_VERSION
-nssCKFWSlot_GetHardwareVersion
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_GetHardwareVersion(
+ NSSCKFWSlot *fwSlot)
{
- CK_VERSION rv;
+ CK_VERSION rv;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
- if( (0 != fwSlot->hardwareVersion.major) ||
- (0 != fwSlot->hardwareVersion.minor) ) {
+ if ((0 != fwSlot->hardwareVersion.major) ||
+ (0 != fwSlot->hardwareVersion.minor)) {
+ rv = fwSlot->hardwareVersion;
+ goto done;
+ }
+
+ if (fwSlot->mdSlot->GetHardwareVersion) {
+ fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion(
+ fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
+ } else {
+ fwSlot->hardwareVersion.major = 0;
+ fwSlot->hardwareVersion.minor = 1;
+ }
+
rv = fwSlot->hardwareVersion;
- goto done;
- }
-
- if (fwSlot->mdSlot->GetHardwareVersion) {
- fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion(
- fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
- } else {
- fwSlot->hardwareVersion.major = 0;
- fwSlot->hardwareVersion.minor = 1;
- }
-
- rv = fwSlot->hardwareVersion;
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return rv;
+done:
+ (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+ return rv;
}
/*
@@ -540,100 +510,96 @@
*
*/
NSS_IMPLEMENT CK_VERSION
-nssCKFWSlot_GetFirmwareVersion
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_GetFirmwareVersion(
+ NSSCKFWSlot *fwSlot)
{
- CK_VERSION rv;
+ CK_VERSION rv;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
- if( (0 != fwSlot->firmwareVersion.major) ||
- (0 != fwSlot->firmwareVersion.minor) ) {
+ if ((0 != fwSlot->firmwareVersion.major) ||
+ (0 != fwSlot->firmwareVersion.minor)) {
+ rv = fwSlot->firmwareVersion;
+ goto done;
+ }
+
+ if (fwSlot->mdSlot->GetFirmwareVersion) {
+ fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion(
+ fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
+ } else {
+ fwSlot->firmwareVersion.major = 0;
+ fwSlot->firmwareVersion.minor = 1;
+ }
+
rv = fwSlot->firmwareVersion;
- goto done;
- }
-
- if (fwSlot->mdSlot->GetFirmwareVersion) {
- fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion(
- fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
- } else {
- fwSlot->firmwareVersion.major = 0;
- fwSlot->firmwareVersion.minor = 1;
- }
-
- rv = fwSlot->firmwareVersion;
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return rv;
+done:
+ (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+ return rv;
}
/*
* nssCKFWSlot_GetToken
- *
+ *
*/
NSS_IMPLEMENT NSSCKFWToken *
-nssCKFWSlot_GetToken
-(
- NSSCKFWSlot *fwSlot,
- CK_RV *pError
-)
+nssCKFWSlot_GetToken(
+ NSSCKFWSlot *fwSlot,
+ CK_RV *pError)
{
- NSSCKMDToken *mdToken;
- NSSCKFWToken *fwToken;
+ NSSCKMDToken *mdToken;
+ NSSCKFWToken *fwToken;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWToken *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWToken *)NULL;
+ }
- *pError = nssCKFWSlot_verifyPointer(fwSlot);
- if( CKR_OK != *pError ) {
- return (NSSCKFWToken *)NULL;
- }
+ *pError = nssCKFWSlot_verifyPointer(fwSlot);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWToken *)NULL;
+ }
#endif /* NSSDEBUG */
- *pError = nssCKFWMutex_Lock(fwSlot->mutex);
- if( CKR_OK != *pError ) {
- return (NSSCKFWToken *)NULL;
- }
-
- if (!fwSlot->fwToken) {
- if (!fwSlot->mdSlot->GetToken) {
- *pError = CKR_GENERAL_ERROR;
- fwToken = (NSSCKFWToken *)NULL;
- goto done;
+ *pError = nssCKFWMutex_Lock(fwSlot->mutex);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWToken *)NULL;
}
- mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot,
- fwSlot->mdInstance, fwSlot->fwInstance, pError);
- if (!mdToken) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- return (NSSCKFWToken *)NULL;
+ if (!fwSlot->fwToken) {
+ if (!fwSlot->mdSlot->GetToken) {
+ *pError = CKR_GENERAL_ERROR;
+ fwToken = (NSSCKFWToken *)NULL;
+ goto done;
+ }
+
+ mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot,
+ fwSlot->mdInstance, fwSlot->fwInstance, pError);
+ if (!mdToken) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ return (NSSCKFWToken *)NULL;
+ }
+
+ fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError);
+ fwSlot->fwToken = fwToken;
+ } else {
+ fwToken = fwSlot->fwToken;
}
- fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError);
- fwSlot->fwToken = fwToken;
- } else {
- fwToken = fwSlot->fwToken;
- }
-
- done:
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return fwToken;
+done:
+ (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+ return fwToken;
}
/*
@@ -641,25 +607,23 @@
*
*/
NSS_IMPLEMENT void
-nssCKFWSlot_ClearToken
-(
- NSSCKFWSlot *fwSlot
-)
+nssCKFWSlot_ClearToken(
+ NSSCKFWSlot *fwSlot)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) {
- /* Now what? */
- return;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) {
+ /* Now what? */
+ return;
+ }
- fwSlot->fwToken = (NSSCKFWToken *)NULL;
- (void)nssCKFWMutex_Unlock(fwSlot->mutex);
- return;
+ fwSlot->fwToken = (NSSCKFWToken *)NULL;
+ (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+ return;
}
/*
@@ -668,18 +632,16 @@
*/
NSS_IMPLEMENT NSSCKMDSlot *
-NSSCKFWSlot_GetMDSlot
-(
- NSSCKFWSlot *fwSlot
-)
+NSSCKFWSlot_GetMDSlot(
+ NSSCKFWSlot *fwSlot)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKMDSlot *)NULL;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return (NSSCKMDSlot *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWSlot_GetMDSlot(fwSlot);
+ return nssCKFWSlot_GetMDSlot(fwSlot);
}
/*
@@ -688,18 +650,16 @@
*/
NSS_IMPLEMENT NSSCKFWInstance *
-NSSCKFWSlot_GetFWInstance
-(
- NSSCKFWSlot *fwSlot
-)
+NSSCKFWSlot_GetFWInstance(
+ NSSCKFWSlot *fwSlot)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKFWInstance *)NULL;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return (NSSCKFWInstance *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWSlot_GetFWInstance(fwSlot);
+ return nssCKFWSlot_GetFWInstance(fwSlot);
}
/*
@@ -708,16 +668,14 @@
*/
NSS_IMPLEMENT NSSCKMDInstance *
-NSSCKFWSlot_GetMDInstance
-(
- NSSCKFWSlot *fwSlot
-)
+NSSCKFWSlot_GetMDInstance(
+ NSSCKFWSlot *fwSlot)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) {
- return (NSSCKMDInstance *)NULL;
- }
+ if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+ return (NSSCKMDInstance *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWSlot_GetMDInstance(fwSlot);
+ return nssCKFWSlot_GetMDInstance(fwSlot);
}
diff --git a/nss/lib/ckfw/token.c b/nss/lib/ckfw/token.c
index 4a97576..4483bb5 100644
--- a/nss/lib/ckfw/token.c
+++ b/nss/lib/ckfw/token.c
@@ -75,49 +75,49 @@
*/
struct NSSCKFWTokenStr {
- NSSCKFWMutex *mutex;
- NSSArena *arena;
- NSSCKMDToken *mdToken;
- NSSCKFWSlot *fwSlot;
- NSSCKMDSlot *mdSlot;
- NSSCKFWInstance *fwInstance;
- NSSCKMDInstance *mdInstance;
+ NSSCKFWMutex *mutex;
+ NSSArena *arena;
+ NSSCKMDToken *mdToken;
+ NSSCKFWSlot *fwSlot;
+ NSSCKMDSlot *mdSlot;
+ NSSCKFWInstance *fwInstance;
+ NSSCKMDInstance *mdInstance;
- /*
- * Everything above is set at creation time, and then not modified.
- * The invariants the mutex protects are:
- *
- * 1) Each of the cached descriptions (versions, etc.) are in an
- * internally consistant state.
- *
- * 2) The session counts and hashes are consistant.
- *
- * 3) The object hashes are consistant.
- *
- * Note that the calls accessing the cached descriptions will call
- * the NSSCKMDToken methods with the mutex locked. Those methods
- * may then call the public NSSCKFWToken routines. Those public
- * routines only access the constant data above and the atomic
- * CK_STATE session state variable below, so there's no problem.
- * But be careful if you add to this object; mutexes are in
- * general not reentrant, so don't create deadlock situations.
- */
+ /*
+ * Everything above is set at creation time, and then not modified.
+ * The invariants the mutex protects are:
+ *
+ * 1) Each of the cached descriptions (versions, etc.) are in an
+ * internally consistant state.
+ *
+ * 2) The session counts and hashes are consistant.
+ *
+ * 3) The object hashes are consistant.
+ *
+ * Note that the calls accessing the cached descriptions will call
+ * the NSSCKMDToken methods with the mutex locked. Those methods
+ * may then call the public NSSCKFWToken routines. Those public
+ * routines only access the constant data above and the atomic
+ * CK_STATE session state variable below, so there's no problem.
+ * But be careful if you add to this object; mutexes are in
+ * general not reentrant, so don't create deadlock situations.
+ */
- NSSUTF8 *label;
- NSSUTF8 *manufacturerID;
- NSSUTF8 *model;
- NSSUTF8 *serialNumber;
- CK_VERSION hardwareVersion;
- CK_VERSION firmwareVersion;
+ NSSUTF8 *label;
+ NSSUTF8 *manufacturerID;
+ NSSUTF8 *model;
+ NSSUTF8 *serialNumber;
+ CK_VERSION hardwareVersion;
+ CK_VERSION firmwareVersion;
- CK_ULONG sessionCount;
- CK_ULONG rwSessionCount;
- nssCKFWHash *sessions;
- nssCKFWHash *sessionObjectHash;
- nssCKFWHash *mdObjectHash;
- nssCKFWHash *mdMechanismHash;
+ CK_ULONG sessionCount;
+ CK_ULONG rwSessionCount;
+ nssCKFWHash *sessions;
+ nssCKFWHash *sessionObjectHash;
+ nssCKFWHash *mdObjectHash;
+ nssCKFWHash *mdMechanismHash;
- CK_STATE state;
+ CK_STATE state;
};
#ifdef DEBUG
@@ -133,30 +133,24 @@
*/
static CK_RV
-token_add_pointer
-(
- const NSSCKFWToken *fwToken
-)
+token_add_pointer(
+ const NSSCKFWToken *fwToken)
{
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
-token_remove_pointer
-(
- const NSSCKFWToken *fwToken
-)
+token_remove_pointer(
+ const NSSCKFWToken *fwToken)
{
- return CKR_OK;
+ return CKR_OK;
}
NSS_IMPLEMENT CK_RV
-nssCKFWToken_verifyPointer
-(
- const NSSCKFWToken *fwToken
-)
+nssCKFWToken_verifyPointer(
+ const NSSCKFWToken *fwToken)
{
- return CKR_OK;
+ return CKR_OK;
}
#endif /* DEBUG */
@@ -166,154 +160,148 @@
*
*/
NSS_IMPLEMENT NSSCKFWToken *
-nssCKFWToken_Create
-(
- NSSCKFWSlot *fwSlot,
- NSSCKMDToken *mdToken,
- CK_RV *pError
-)
+nssCKFWToken_Create(
+ NSSCKFWSlot *fwSlot,
+ NSSCKMDToken *mdToken,
+ CK_RV *pError)
{
- NSSArena *arena = (NSSArena *)NULL;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- CK_BBOOL called_setup = CK_FALSE;
+ NSSArena *arena = (NSSArena *)NULL;
+ NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+ CK_BBOOL called_setup = CK_FALSE;
- /*
- * We have already verified the arguments in nssCKFWSlot_GetToken.
- */
+ /*
+ * We have already verified the arguments in nssCKFWSlot_GetToken.
+ */
- arena = NSSArena_Create();
- if (!arena) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fwToken = nss_ZNEW(arena, NSSCKFWToken);
- if (!fwToken) {
- *pError = CKR_HOST_MEMORY;
- goto loser;
- }
-
- fwToken->arena = arena;
- fwToken->mdToken = mdToken;
- fwToken->fwSlot = fwSlot;
- fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
- fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
- fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
- fwToken->sessionCount = 0;
- fwToken->rwSessionCount = 0;
-
- fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError);
- if (!fwToken->mutex) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ arena = NSSArena_Create();
+ if (!arena) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
}
- goto loser;
- }
- fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError);
- if (!fwToken->sessions) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ fwToken = nss_ZNEW(arena, NSSCKFWToken);
+ if (!fwToken) {
+ *pError = CKR_HOST_MEMORY;
+ goto loser;
}
- goto loser;
- }
- if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
- fwToken->fwInstance) ) {
- fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
- arena, pError);
- if (!fwToken->sessionObjectHash) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
- }
- goto loser;
+ fwToken->arena = arena;
+ fwToken->mdToken = mdToken;
+ fwToken->fwSlot = fwSlot;
+ fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
+ fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
+ fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
+ fwToken->sessionCount = 0;
+ fwToken->rwSessionCount = 0;
+
+ fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError);
+ if (!fwToken->mutex) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
}
- }
- fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
- arena, pError);
- if (!fwToken->mdObjectHash) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError);
+ if (!fwToken->sessions) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
}
- goto loser;
- }
- fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance,
- arena, pError);
- if (!fwToken->mdMechanismHash) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
+ fwToken->fwInstance)) {
+ fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
+ arena, pError);
+ if (!fwToken->sessionObjectHash) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
}
- goto loser;
- }
- /* More here */
-
- if (mdToken->Setup) {
- *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
- if( CKR_OK != *pError ) {
- goto loser;
+ fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
+ arena, pError);
+ if (!fwToken->mdObjectHash) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
}
- }
- called_setup = CK_TRUE;
+ fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance,
+ arena, pError);
+ if (!fwToken->mdMechanismHash) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto loser;
+ }
+
+ /* More here */
+
+ if (mdToken->Setup) {
+ *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
+ }
+
+ called_setup = CK_TRUE;
#ifdef DEBUG
- *pError = token_add_pointer(fwToken);
- if( CKR_OK != *pError ) {
- goto loser;
- }
+ *pError = token_add_pointer(fwToken);
+ if (CKR_OK != *pError) {
+ goto loser;
+ }
#endif /* DEBUG */
- *pError = CKR_OK;
- return fwToken;
+ *pError = CKR_OK;
+ return fwToken;
- loser:
+loser:
- if( CK_TRUE == called_setup ) {
- if (mdToken->Invalidate) {
- mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ if (CK_TRUE == called_setup) {
+ if (mdToken->Invalidate) {
+ mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ }
}
- }
- if (arena) {
- (void)NSSArena_Destroy(arena);
- }
+ if (arena) {
+ (void)NSSArena_Destroy(arena);
+ }
- return (NSSCKFWToken *)NULL;
+ return (NSSCKFWToken *)NULL;
}
static void
-nss_ckfwtoken_session_iterator
-(
- const void *key,
- void *value,
- void *closure
-)
+nss_ckfwtoken_session_iterator(
+ const void *key,
+ void *value,
+ void *closure)
{
- /*
- * Remember that the fwToken->mutex is locked
- */
- NSSCKFWSession *fwSession = (NSSCKFWSession *)value;
- (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
- return;
+ /*
+ * Remember that the fwToken->mutex is locked
+ */
+ NSSCKFWSession *fwSession = (NSSCKFWSession *)value;
+ (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+ return;
}
static void
-nss_ckfwtoken_object_iterator
-(
- const void *key,
- void *value,
- void *closure
-)
+nss_ckfwtoken_object_iterator(
+ const void *key,
+ void *value,
+ void *closure)
{
- /*
- * Remember that the fwToken->mutex is locked
- */
- NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
- (void)nssCKFWObject_Finalize(fwObject, CK_FALSE);
- return;
+ /*
+ * Remember that the fwToken->mutex is locked
+ */
+ NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
+ (void)nssCKFWObject_Finalize(fwObject, CK_FALSE);
+ return;
}
/*
@@ -321,56 +309,54 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_Destroy
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_Destroy(
+ NSSCKFWToken *fwToken)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- (void)nssCKFWMutex_Destroy(fwToken->mutex);
-
- if (fwToken->mdToken->Invalidate) {
- fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
- }
- /* we can destroy the list without locking now because no one else is
- * referencing us (or _Destroy was invalidly called!)
- */
- nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator,
- (void *)NULL);
- nssCKFWHash_Destroy(fwToken->sessions);
+ (void)nssCKFWMutex_Destroy(fwToken->mutex);
- /* session objects go away when their sessions are removed */
- if (fwToken->sessionObjectHash) {
- nssCKFWHash_Destroy(fwToken->sessionObjectHash);
- }
+ if (fwToken->mdToken->Invalidate) {
+ fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+ }
+ /* we can destroy the list without locking now because no one else is
+ * referencing us (or _Destroy was invalidly called!)
+ */
+ nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator,
+ (void *)NULL);
+ nssCKFWHash_Destroy(fwToken->sessions);
- /* free up the token objects */
- if (fwToken->mdObjectHash) {
- nssCKFWHash_Iterate(fwToken->mdObjectHash, nss_ckfwtoken_object_iterator,
- (void *)NULL);
- nssCKFWHash_Destroy(fwToken->mdObjectHash);
- }
- if (fwToken->mdMechanismHash) {
- nssCKFWHash_Destroy(fwToken->mdMechanismHash);
- }
+ /* session objects go away when their sessions are removed */
+ if (fwToken->sessionObjectHash) {
+ nssCKFWHash_Destroy(fwToken->sessionObjectHash);
+ }
- nssCKFWSlot_ClearToken(fwToken->fwSlot);
-
+ /* free up the token objects */
+ if (fwToken->mdObjectHash) {
+ nssCKFWHash_Iterate(fwToken->mdObjectHash, nss_ckfwtoken_object_iterator,
+ (void *)NULL);
+ nssCKFWHash_Destroy(fwToken->mdObjectHash);
+ }
+ if (fwToken->mdMechanismHash) {
+ nssCKFWHash_Destroy(fwToken->mdMechanismHash);
+ }
+
+ nssCKFWSlot_ClearToken(fwToken->fwSlot);
+
#ifdef DEBUG
- error = token_remove_pointer(fwToken);
+ error = token_remove_pointer(fwToken);
#endif /* DEBUG */
- (void)NSSArena_Destroy(fwToken->arena);
- return error;
+ (void)NSSArena_Destroy(fwToken->arena);
+ return error;
}
/*
@@ -378,18 +364,16 @@
*
*/
NSS_IMPLEMENT NSSCKMDToken *
-nssCKFWToken_GetMDToken
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetMDToken(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKMDToken *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKMDToken *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwToken->mdToken;
+ return fwToken->mdToken;
}
/*
@@ -397,24 +381,22 @@
*
*/
NSS_IMPLEMENT NSSArena *
-nssCKFWToken_GetArena
-(
- NSSCKFWToken *fwToken,
- CK_RV *pError
-)
+nssCKFWToken_GetArena(
+ NSSCKFWToken *fwToken,
+ CK_RV *pError)
{
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSArena *)NULL;
- }
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
- *pError = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != *pError ) {
- return (NSSArena *)NULL;
- }
+ *pError = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != *pError) {
+ return (NSSArena *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwToken->arena;
+ return fwToken->arena;
}
/*
@@ -422,18 +404,16 @@
*
*/
NSS_IMPLEMENT NSSCKFWSlot *
-nssCKFWToken_GetFWSlot
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetFWSlot(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKFWSlot *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKFWSlot *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwToken->fwSlot;
+ return fwToken->fwSlot;
}
/*
@@ -441,18 +421,16 @@
*
*/
NSS_IMPLEMENT NSSCKMDSlot *
-nssCKFWToken_GetMDSlot
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetMDSlot(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKMDSlot *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKMDSlot *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwToken->mdSlot;
+ return fwToken->mdSlot;
}
/*
@@ -460,29 +438,27 @@
*
*/
NSS_IMPLEMENT CK_STATE
-nssCKFWToken_GetSessionState
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetSessionState(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CKS_RO_PUBLIC_SESSION; /* whatever */
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CKS_RO_PUBLIC_SESSION; /* whatever */
+ }
#endif /* NSSDEBUG */
- /*
- * BTW, do not lock the token in this method.
- */
+ /*
+ * BTW, do not lock the token in this method.
+ */
- /*
- * Theoretically, there is no state if there aren't any
- * sessions open. But then we'd need to worry about
- * reporting an error, etc. What the heck-- let's just
- * revert to CKR_RO_PUBLIC_SESSION as the "default."
- */
+ /*
+ * Theoretically, there is no state if there aren't any
+ * sessions open. But then we'd need to worry about
+ * reporting an error, etc. What the heck-- let's just
+ * revert to CKR_RO_PUBLIC_SESSION as the "default."
+ */
- return fwToken->state;
+ return fwToken->state;
}
/*
@@ -490,56 +466,54 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_InitToken
-(
- NSSCKFWToken *fwToken,
- NSSItem *pin,
- NSSUTF8 *label
-)
+nssCKFWToken_InitToken(
+ NSSCKFWToken *fwToken,
+ NSSItem *pin,
+ NSSUTF8 *label)
{
- CK_RV error;
+ CK_RV error;
#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return CKR_ARGUMENTS_BAD;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return CKR_ARGUMENTS_BAD;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if( fwToken->sessionCount > 0 ) {
- error = CKR_SESSION_EXISTS;
- goto done;
- }
-
- if (!fwToken->mdToken->InitToken) {
- error = CKR_DEVICE_ERROR;
- goto done;
- }
-
- if (!pin) {
- if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
- ; /* okay */
- } else {
- error = CKR_PIN_INCORRECT;
- goto done;
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- }
- if (!label) {
- label = (NSSUTF8 *) "";
- }
+ if (fwToken->sessionCount > 0) {
+ error = CKR_SESSION_EXISTS;
+ goto done;
+ }
- error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, pin, label);
+ if (!fwToken->mdToken->InitToken) {
+ error = CKR_DEVICE_ERROR;
+ goto done;
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
+ if (!pin) {
+ if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) {
+ ; /* okay */
+ } else {
+ error = CKR_PIN_INCORRECT;
+ goto done;
+ }
+ }
+
+ if (!label) {
+ label = (NSSUTF8 *)"";
+ }
+
+ error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, pin, label);
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
}
/*
@@ -547,48 +521,46 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetLabel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR label[32]
-)
+nssCKFWToken_GetLabel(
+ NSSCKFWToken *fwToken,
+ CK_CHAR label[32])
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == label ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_CHAR_PTR)NULL == label) {
+ return CKR_ARGUMENTS_BAD;
+ }
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!fwToken->label) {
- if (fwToken->mdToken->GetLabel) {
- fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, &error);
- if ((!fwToken->label) && (CKR_OK != error)) {
- goto done;
- }
- } else {
- fwToken->label = (NSSUTF8 *) "";
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- }
- (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, (char *)label, 32, ' ');
- error = CKR_OK;
+ if (!fwToken->label) {
+ if (fwToken->mdToken->GetLabel) {
+ fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, &error);
+ if ((!fwToken->label) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwToken->label = (NSSUTF8 *)"";
+ }
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
+ (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, (char *)label, 32, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
}
/*
@@ -596,48 +568,46 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetManufacturerID
-(
- NSSCKFWToken *fwToken,
- CK_CHAR manufacturerID[32]
-)
+nssCKFWToken_GetManufacturerID(
+ NSSCKFWToken *fwToken,
+ CK_CHAR manufacturerID[32])
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == manufacturerID ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_CHAR_PTR)NULL == manufacturerID) {
+ return CKR_ARGUMENTS_BAD;
+ }
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!fwToken->manufacturerID) {
- if (fwToken->mdToken->GetManufacturerID) {
- fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken,
- fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
- if ((!fwToken->manufacturerID) && (CKR_OK != error)) {
- goto done;
- }
- } else {
- fwToken->manufacturerID = (NSSUTF8 *)"";
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- }
- (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, (char *)manufacturerID, 32, ' ');
- error = CKR_OK;
+ if (!fwToken->manufacturerID) {
+ if (fwToken->mdToken->GetManufacturerID) {
+ fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken,
+ fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
+ if ((!fwToken->manufacturerID) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwToken->manufacturerID = (NSSUTF8 *)"";
+ }
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
+ (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, (char *)manufacturerID, 32, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
}
/*
@@ -645,48 +615,46 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetModel
-(
- NSSCKFWToken *fwToken,
- CK_CHAR model[16]
-)
+nssCKFWToken_GetModel(
+ NSSCKFWToken *fwToken,
+ CK_CHAR model[16])
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == model ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_CHAR_PTR)NULL == model) {
+ return CKR_ARGUMENTS_BAD;
+ }
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!fwToken->model) {
- if (fwToken->mdToken->GetModel) {
- fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, &error);
- if ((!fwToken->model) && (CKR_OK != error)) {
- goto done;
- }
- } else {
- fwToken->model = (NSSUTF8 *)"";
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- }
- (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, (char *)model, 16, ' ');
- error = CKR_OK;
+ if (!fwToken->model) {
+ if (fwToken->mdToken->GetModel) {
+ fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, &error);
+ if ((!fwToken->model) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwToken->model = (NSSUTF8 *)"";
+ }
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
+ (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, (char *)model, 16, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
}
/*
@@ -694,73 +662,68 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetSerialNumber
-(
- NSSCKFWToken *fwToken,
- CK_CHAR serialNumber[16]
-)
+nssCKFWToken_GetSerialNumber(
+ NSSCKFWToken *fwToken,
+ CK_CHAR serialNumber[16])
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- if( (CK_CHAR_PTR)NULL == serialNumber ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_CHAR_PTR)NULL == serialNumber) {
+ return CKR_ARGUMENTS_BAD;
+ }
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- if (!fwToken->serialNumber) {
- if (fwToken->mdToken->GetSerialNumber) {
- fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken,
- fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
- if ((!fwToken->serialNumber) && (CKR_OK != error)) {
- goto done;
- }
- } else {
- fwToken->serialNumber = (NSSUTF8 *)"";
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- }
- (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, (char *)serialNumber, 16, ' ');
- error = CKR_OK;
+ if (!fwToken->serialNumber) {
+ if (fwToken->mdToken->GetSerialNumber) {
+ fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken,
+ fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
+ if ((!fwToken->serialNumber) && (CKR_OK != error)) {
+ goto done;
+ }
+ } else {
+ fwToken->serialNumber = (NSSUTF8 *)"";
+ }
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
+ (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, (char *)serialNumber, 16, ' ');
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
}
-
/*
* nssCKFWToken_GetHasRNG
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetHasRNG
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetHasRNG(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetHasRNG) {
- return CK_FALSE;
- }
+ if (!fwToken->mdToken->GetHasRNG) {
+ return CK_FALSE;
+ }
- return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -768,23 +731,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetIsWriteProtected
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetIsWriteProtected(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetIsWriteProtected) {
- return CK_FALSE;
- }
+ if (!fwToken->mdToken->GetIsWriteProtected) {
+ return CK_FALSE;
+ }
- return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -792,23 +753,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetLoginRequired
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetLoginRequired(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetLoginRequired) {
- return CK_FALSE;
- }
+ if (!fwToken->mdToken->GetLoginRequired) {
+ return CK_FALSE;
+ }
- return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -816,23 +775,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetUserPinInitialized
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetUserPinInitialized(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetUserPinInitialized) {
- return CK_FALSE;
- }
+ if (!fwToken->mdToken->GetUserPinInitialized) {
+ return CK_FALSE;
+ }
- return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -840,23 +797,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetRestoreKeyNotNeeded
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetRestoreKeyNotNeeded(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetRestoreKeyNotNeeded) {
- return CK_FALSE;
- }
+ if (!fwToken->mdToken->GetRestoreKeyNotNeeded) {
+ return CK_FALSE;
+ }
- return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -864,23 +819,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetHasClockOnToken
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetHasClockOnToken(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetHasClockOnToken) {
- return CK_FALSE;
- }
+ if (!fwToken->mdToken->GetHasClockOnToken) {
+ return CK_FALSE;
+ }
- return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -888,23 +841,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetHasProtectedAuthenticationPath
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetHasProtectedAuthenticationPath(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) {
- return CK_FALSE;
- }
+ if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) {
+ return CK_FALSE;
+ }
- return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken,
- fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken,
+ fwToken, fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -912,23 +863,21 @@
*
*/
NSS_IMPLEMENT CK_BBOOL
-nssCKFWToken_GetSupportsDualCryptoOperations
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetSupportsDualCryptoOperations(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_FALSE;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_FALSE;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetSupportsDualCryptoOperations) {
- return CK_FALSE;
- }
+ if (!fwToken->mdToken->GetSupportsDualCryptoOperations) {
+ return CK_FALSE;
+ }
- return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken,
- fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken,
+ fwToken, fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -936,23 +885,21 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMaxSessionCount
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetMaxSessionCount(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetMaxSessionCount) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (!fwToken->mdToken->GetMaxSessionCount) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
- return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -960,23 +907,21 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMaxRwSessionCount
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetMaxRwSessionCount(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetMaxRwSessionCount) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (!fwToken->mdToken->GetMaxRwSessionCount) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
- return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -984,23 +929,21 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMaxPinLen
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetMaxPinLen(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetMaxPinLen) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (!fwToken->mdToken->GetMaxPinLen) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
- return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -1008,23 +951,21 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMinPinLen
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetMinPinLen(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetMinPinLen) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (!fwToken->mdToken->GetMinPinLen) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
- return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -1032,23 +973,21 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetTotalPublicMemory
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetTotalPublicMemory(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetTotalPublicMemory) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (!fwToken->mdToken->GetTotalPublicMemory) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
- return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -1056,23 +995,21 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetFreePublicMemory
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetFreePublicMemory(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetFreePublicMemory) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (!fwToken->mdToken->GetFreePublicMemory) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
- return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -1080,23 +1017,21 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetTotalPrivateMemory
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetTotalPrivateMemory(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetTotalPrivateMemory) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (!fwToken->mdToken->GetTotalPrivateMemory) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
- return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -1104,23 +1039,21 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetFreePrivateMemory
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetFreePrivateMemory(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetFreePrivateMemory) {
- return CK_UNAVAILABLE_INFORMATION;
- }
+ if (!fwToken->mdToken->GetFreePrivateMemory) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
- return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -1128,44 +1061,42 @@
*
*/
NSS_IMPLEMENT CK_VERSION
-nssCKFWToken_GetHardwareVersion
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetHardwareVersion(
+ NSSCKFWToken *fwToken)
{
- CK_VERSION rv;
+ CK_VERSION rv;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
- if( (0 != fwToken->hardwareVersion.major) ||
- (0 != fwToken->hardwareVersion.minor) ) {
+ if ((0 != fwToken->hardwareVersion.major) ||
+ (0 != fwToken->hardwareVersion.minor)) {
+ rv = fwToken->hardwareVersion;
+ goto done;
+ }
+
+ if (fwToken->mdToken->GetHardwareVersion) {
+ fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion(
+ fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ } else {
+ fwToken->hardwareVersion.major = 0;
+ fwToken->hardwareVersion.minor = 1;
+ }
+
rv = fwToken->hardwareVersion;
- goto done;
- }
- if (fwToken->mdToken->GetHardwareVersion) {
- fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion(
- fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
- } else {
- fwToken->hardwareVersion.major = 0;
- fwToken->hardwareVersion.minor = 1;
- }
-
- rv = fwToken->hardwareVersion;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
}
/*
@@ -1173,44 +1104,42 @@
*
*/
NSS_IMPLEMENT CK_VERSION
-nssCKFWToken_GetFirmwareVersion
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetFirmwareVersion(
+ NSSCKFWToken *fwToken)
{
- CK_VERSION rv;
+ CK_VERSION rv;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- rv.major = rv.minor = 0;
- return rv;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ rv.major = rv.minor = 0;
+ return rv;
+ }
- if( (0 != fwToken->firmwareVersion.major) ||
- (0 != fwToken->firmwareVersion.minor) ) {
+ if ((0 != fwToken->firmwareVersion.major) ||
+ (0 != fwToken->firmwareVersion.minor)) {
+ rv = fwToken->firmwareVersion;
+ goto done;
+ }
+
+ if (fwToken->mdToken->GetFirmwareVersion) {
+ fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion(
+ fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+ } else {
+ fwToken->firmwareVersion.major = 0;
+ fwToken->firmwareVersion.minor = 1;
+ }
+
rv = fwToken->firmwareVersion;
- goto done;
- }
- if (fwToken->mdToken->GetFirmwareVersion) {
- fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion(
- fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
- } else {
- fwToken->firmwareVersion.major = 0;
- fwToken->firmwareVersion.minor = 1;
- }
-
- rv = fwToken->firmwareVersion;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
}
/*
@@ -1218,86 +1147,95 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetUTCTime
-(
- NSSCKFWToken *fwToken,
- CK_CHAR utcTime[16]
-)
+nssCKFWToken_GetUTCTime(
+ NSSCKFWToken *fwToken,
+ CK_CHAR utcTime[16])
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
- if( (CK_CHAR_PTR)NULL == utcTime ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if ((CK_CHAR_PTR)NULL == utcTime) {
+ return CKR_ARGUMENTS_BAD;
+ }
#endif /* DEBUG */
- if( CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken) ) {
- /* return CKR_DEVICE_ERROR; */
- (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, (char *)utcTime, 16, ' ');
+ if (CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken)) {
+ /* return CKR_DEVICE_ERROR; */
+ (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, (char *)utcTime, 16, ' ');
+ return CKR_OK;
+ }
+
+ if (!fwToken->mdToken->GetUTCTime) {
+ /* It said it had one! */
+ return CKR_GENERAL_ERROR;
+ }
+
+ error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, utcTime);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ /* Sanity-check the data */
+ {
+ /* Format is YYYYMMDDhhmmss00 */
+ int i;
+ int Y, M, D, h, m, s;
+ static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
+
+ for (i = 0; i < 16; i++) {
+ if ((utcTime[i] < '0') || (utcTime[i] > '9')) {
+ goto badtime;
+ }
+ }
+
+ Y = ((utcTime[0] - '0') * 1000) + ((utcTime[1] - '0') * 100) +
+ ((utcTime[2] - '0') * 10) + (utcTime[3] - '0');
+ M = ((utcTime[4] - '0') * 10) + (utcTime[5] - '0');
+ D = ((utcTime[6] - '0') * 10) + (utcTime[7] - '0');
+ h = ((utcTime[8] - '0') * 10) + (utcTime[9] - '0');
+ m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0');
+ s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0');
+
+ if ((Y < 1990) || (Y > 3000))
+ goto badtime; /* Y3K problem. heh heh heh */
+ if ((M < 1) || (M > 12))
+ goto badtime;
+ if ((D < 1) || (D > 31))
+ goto badtime;
+
+ if (D > dims[M - 1])
+ goto badtime; /* per-month check */
+ if ((2 == M) && (((Y % 4) || !(Y % 100)) &&
+ (Y % 400)) &&
+ (D > 28))
+ goto badtime; /* leap years */
+
+ if ((h < 0) || (h > 23))
+ goto badtime;
+ if ((m < 0) || (m > 60))
+ goto badtime;
+ if ((s < 0) || (s > 61))
+ goto badtime;
+
+ /* 60m and 60 or 61s is only allowed for leap seconds. */
+ if ((60 == m) || (s >= 60)) {
+ if ((23 != h) || (60 != m) || (s < 60))
+ goto badtime;
+ /* leap seconds can only happen on June 30 or Dec 31.. I think */
+ /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */
+ }
+ }
+
return CKR_OK;
- }
- if (!fwToken->mdToken->GetUTCTime) {
- /* It said it had one! */
+badtime:
return CKR_GENERAL_ERROR;
- }
-
- error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, utcTime);
- if( CKR_OK != error ) {
- return error;
- }
-
- /* Sanity-check the data */
- {
- /* Format is YYYYMMDDhhmmss00 */
- int i;
- int Y, M, D, h, m, s;
- static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
-
- for( i = 0; i < 16; i++ ) {
- if( (utcTime[i] < '0') || (utcTime[i] > '9') ) {
- goto badtime;
- }
- }
-
- Y = ((utcTime[ 0] - '0') * 1000) + ((utcTime[1] - '0') * 100) +
- ((utcTime[ 2] - '0') * 10) + (utcTime[ 3] - '0');
- M = ((utcTime[ 4] - '0') * 10) + (utcTime[ 5] - '0');
- D = ((utcTime[ 6] - '0') * 10) + (utcTime[ 7] - '0');
- h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0');
- m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0');
- s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0');
-
- if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */
- if( (M < 1) || (M > 12) ) goto badtime;
- if( (D < 1) || (D > 31) ) goto badtime;
-
- if( D > dims[M-1] ) goto badtime; /* per-month check */
- if( (2 == M) && (((Y%4)||!(Y%100))&&(Y%400)) && (D > 28) ) goto badtime; /* leap years */
-
- if( (h < 0) || (h > 23) ) goto badtime;
- if( (m < 0) || (m > 60) ) goto badtime;
- if( (s < 0) || (s > 61) ) goto badtime;
-
- /* 60m and 60 or 61s is only allowed for leap seconds. */
- if( (60 == m) || (s >= 60) ) {
- if( (23 != h) || (60 != m) || (s < 60) ) goto badtime;
- /* leap seconds can only happen on June 30 or Dec 31.. I think */
- /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */
- }
- }
-
- return CKR_OK;
-
- badtime:
- return CKR_GENERAL_ERROR;
}
/*
@@ -1305,108 +1243,106 @@
*
*/
NSS_IMPLEMENT NSSCKFWSession *
-nssCKFWToken_OpenSession
-(
- NSSCKFWToken *fwToken,
- CK_BBOOL rw,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_RV *pError
-)
+nssCKFWToken_OpenSession(
+ NSSCKFWToken *fwToken,
+ CK_BBOOL rw,
+ CK_VOID_PTR pApplication,
+ CK_NOTIFY Notify,
+ CK_RV *pError)
{
- NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL;
- NSSCKMDSession *mdSession;
+ NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL;
+ NSSCKMDSession *mdSession;
#ifdef NSSDEBUG
- if (!pError) {
- return (NSSCKFWSession *)NULL;
- }
+ if (!pError) {
+ return (NSSCKFWSession *)NULL;
+ }
- *pError = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSession *)NULL;
- }
+ *pError = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWSession *)NULL;
+ }
- switch( rw ) {
- case CK_TRUE:
- case CK_FALSE:
- break;
- default:
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSCKFWSession *)NULL;
- }
+ switch (rw) {
+ case CK_TRUE:
+ case CK_FALSE:
+ break;
+ default:
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSCKFWSession *)NULL;
+ }
#endif /* NSSDEBUG */
- *pError = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != *pError ) {
- return (NSSCKFWSession *)NULL;
- }
-
- if( CK_TRUE == rw ) {
- /* Read-write session desired */
- if( CK_TRUE == nssCKFWToken_GetIsWriteProtected(fwToken) ) {
- *pError = CKR_TOKEN_WRITE_PROTECTED;
- goto done;
+ *pError = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != *pError) {
+ return (NSSCKFWSession *)NULL;
}
- } else {
- /* Read-only session desired */
- if( CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken) ) {
- *pError = CKR_SESSION_READ_WRITE_SO_EXISTS;
- goto done;
+
+ if (CK_TRUE == rw) {
+ /* Read-write session desired */
+ if (CK_TRUE == nssCKFWToken_GetIsWriteProtected(fwToken)) {
+ *pError = CKR_TOKEN_WRITE_PROTECTED;
+ goto done;
+ }
+ } else {
+ /* Read-only session desired */
+ if (CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken)) {
+ *pError = CKR_SESSION_READ_WRITE_SO_EXISTS;
+ goto done;
+ }
}
- }
- /* We could compare sesion counts to any limits we know of, I guess.. */
+ /* We could compare sesion counts to any limits we know of, I guess.. */
- if (!fwToken->mdToken->OpenSession) {
- /*
- * I'm not sure that the Module actually needs to implement
- * mdSessions -- the Framework can keep track of everything
- * needed, really. But I'll sort out that detail later..
- */
- *pError = CKR_GENERAL_ERROR;
- goto done;
- }
-
- fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError);
- if (!fwSession) {
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ if (!fwToken->mdToken->OpenSession) {
+ /*
+ * I'm not sure that the Module actually needs to implement
+ * mdSessions -- the Framework can keep track of everything
+ * needed, really. But I'll sort out that detail later..
+ */
+ *pError = CKR_GENERAL_ERROR;
+ goto done;
}
- goto done;
- }
- mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, fwSession,
- rw, pError);
- if (!mdSession) {
- (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
- if( CKR_OK == *pError ) {
- *pError = CKR_GENERAL_ERROR;
+ fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError);
+ if (!fwSession) {
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto done;
}
- goto done;
- }
- *pError = nssCKFWSession_SetMDSession(fwSession, mdSession);
- if( CKR_OK != *pError ) {
- if (mdSession->Close) {
- mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, fwSession,
+ rw, pError);
+ if (!mdSession) {
+ (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+ if (CKR_OK == *pError) {
+ *pError = CKR_GENERAL_ERROR;
+ }
+ goto done;
}
- (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
- goto done;
- }
- *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession);
- if( CKR_OK != *pError ) {
- (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
- fwSession = (NSSCKFWSession *)NULL;
- goto done;
- }
+ *pError = nssCKFWSession_SetMDSession(fwSession, mdSession);
+ if (CKR_OK != *pError) {
+ if (mdSession->Close) {
+ mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
+ }
+ (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+ goto done;
+ }
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return fwSession;
+ *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession);
+ if (CKR_OK != *pError) {
+ (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+ fwSession = (NSSCKFWSession *)NULL;
+ goto done;
+ }
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return fwSession;
}
/*
@@ -1414,23 +1350,21 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetMechanismCount
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetMechanismCount(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return 0;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return 0;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetMechanismCount) {
- return 0;
- }
+ if (!fwToken->mdToken->GetMechanismCount) {
+ return 0;
+ }
- return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
/*
@@ -1438,110 +1372,103 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_GetMechanismTypes
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE types[]
-)
+nssCKFWToken_GetMechanismTypes(
+ NSSCKFWToken *fwToken,
+ CK_MECHANISM_TYPE types[])
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CKR_ARGUMENTS_BAD;
+ }
- if (!types) {
- return CKR_ARGUMENTS_BAD;
- }
+ if (!types) {
+ return CKR_ARGUMENTS_BAD;
+ }
#endif /* NSSDEBUG */
- if (!fwToken->mdToken->GetMechanismTypes) {
- /*
- * This should only be called with a sufficiently-large
- * "types" array, which can only be done if GetMechanismCount
- * is implemented. If that's implemented (and returns nonzero),
- * then this should be too. So return an error.
- */
- return CKR_GENERAL_ERROR;
- }
+ if (!fwToken->mdToken->GetMechanismTypes) {
+ /*
+ * This should only be called with a sufficiently-large
+ * "types" array, which can only be done if GetMechanismCount
+ * is implemented. If that's implemented (and returns nonzero),
+ * then this should be too. So return an error.
+ */
+ return CKR_GENERAL_ERROR;
+ }
- return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, types);
+ return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, types);
}
-
/*
* nssCKFWToken_GetMechanism
*
*/
NSS_IMPLEMENT NSSCKFWMechanism *
-nssCKFWToken_GetMechanism
-(
- NSSCKFWToken *fwToken,
- CK_MECHANISM_TYPE which,
- CK_RV *pError
-)
+nssCKFWToken_GetMechanism(
+ NSSCKFWToken *fwToken,
+ CK_MECHANISM_TYPE which,
+ CK_RV *pError)
{
- NSSCKMDMechanism *mdMechanism;
- if (!fwToken->mdMechanismHash) {
- *pError = CKR_GENERAL_ERROR;
- return (NSSCKFWMechanism *)NULL;
- }
-
- if (!fwToken->mdToken->GetMechanism) {
- /*
- * If we don't implement any GetMechanism function, then we must
- * not support any.
- */
- *pError = CKR_MECHANISM_INVALID;
- return (NSSCKFWMechanism *)NULL;
- }
+ NSSCKMDMechanism *mdMechanism;
+ if (!fwToken->mdMechanismHash) {
+ *pError = CKR_GENERAL_ERROR;
+ return (NSSCKFWMechanism *)NULL;
+ }
- /* lookup in hash table */
- mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance, which, pError);
- if (!mdMechanism) {
- return (NSSCKFWMechanism *) NULL;
- }
- /* store in hash table */
- return nssCKFWMechanism_Create(mdMechanism, fwToken->mdToken, fwToken,
- fwToken->mdInstance, fwToken->fwInstance);
+ if (!fwToken->mdToken->GetMechanism) {
+ /*
+ * If we don't implement any GetMechanism function, then we must
+ * not support any.
+ */
+ *pError = CKR_MECHANISM_INVALID;
+ return (NSSCKFWMechanism *)NULL;
+ }
+
+ /* lookup in hash table */
+ mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance, which, pError);
+ if (!mdMechanism) {
+ return (NSSCKFWMechanism *)NULL;
+ }
+ /* store in hash table */
+ return nssCKFWMechanism_Create(mdMechanism, fwToken->mdToken, fwToken,
+ fwToken->mdInstance, fwToken->fwInstance);
}
NSS_IMPLEMENT CK_RV
-nssCKFWToken_SetSessionState
-(
- NSSCKFWToken *fwToken,
- CK_STATE newState
-)
+nssCKFWToken_SetSessionState(
+ NSSCKFWToken *fwToken,
+ CK_STATE newState)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
- switch( newState ) {
- case CKS_RO_PUBLIC_SESSION:
- case CKS_RO_USER_FUNCTIONS:
- case CKS_RW_PUBLIC_SESSION:
- case CKS_RW_USER_FUNCTIONS:
- case CKS_RW_SO_FUNCTIONS:
- break;
- default:
- return CKR_ARGUMENTS_BAD;
- }
+ switch (newState) {
+ case CKS_RO_PUBLIC_SESSION:
+ case CKS_RO_USER_FUNCTIONS:
+ case CKS_RW_PUBLIC_SESSION:
+ case CKS_RW_USER_FUNCTIONS:
+ case CKS_RW_SO_FUNCTIONS:
+ break;
+ default:
+ return CKR_ARGUMENTS_BAD;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
- fwToken->state = newState;
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return CKR_OK;
+ fwToken->state = newState;
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return CKR_OK;
}
/*
@@ -1549,101 +1476,96 @@
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_RemoveSession
-(
- NSSCKFWToken *fwToken,
- NSSCKFWSession *fwSession
-)
+nssCKFWToken_RemoveSession(
+ NSSCKFWToken *fwToken,
+ NSSCKFWSession *fwSession)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
- error = nssCKFWSession_verifyPointer(fwSession);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWSession_verifyPointer(fwSession);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
+ }
+
+ if (CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession)) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto done;
+ }
+
+ nssCKFWHash_Remove(fwToken->sessions, fwSession);
+ fwToken->sessionCount--;
+
+ if (nssCKFWSession_IsRWSession(fwSession)) {
+ fwToken->rwSessionCount--;
+ }
+
+ if (0 == fwToken->sessionCount) {
+ fwToken->rwSessionCount = 0; /* sanity */
+ fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
+ }
+
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
return error;
- }
-
- if( CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession) ) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto done;
- }
-
- nssCKFWHash_Remove(fwToken->sessions, fwSession);
- fwToken->sessionCount--;
-
- if( nssCKFWSession_IsRWSession(fwSession) ) {
- fwToken->rwSessionCount--;
- }
-
- if( 0 == fwToken->sessionCount ) {
- fwToken->rwSessionCount = 0; /* sanity */
- fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
- }
-
- error = CKR_OK;
-
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
}
-
/*
* nssCKFWToken_CloseAllSessions
*
*/
NSS_IMPLEMENT CK_RV
-nssCKFWToken_CloseAllSessions
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_CloseAllSessions(
+ NSSCKFWToken *fwToken)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
#ifdef NSSDEBUG
- error = nssCKFWToken_verifyPointer(fwToken);
- if( CKR_OK != error ) {
- return error;
- }
+ error = nssCKFWToken_verifyPointer(fwToken);
+ if (CKR_OK != error) {
+ return error;
+ }
#endif /* NSSDEBUG */
- error = nssCKFWMutex_Lock(fwToken->mutex);
- if( CKR_OK != error ) {
- return error;
- }
-
- nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL);
-
- nssCKFWHash_Destroy(fwToken->sessions);
-
- fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error);
- if (!fwToken->sessions) {
- if( CKR_OK == error ) {
- error = CKR_GENERAL_ERROR;
+ error = nssCKFWMutex_Lock(fwToken->mutex);
+ if (CKR_OK != error) {
+ return error;
}
- goto done;
- }
- fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
- fwToken->sessionCount = 0;
- fwToken->rwSessionCount = 0;
+ nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL);
- error = CKR_OK;
+ nssCKFWHash_Destroy(fwToken->sessions);
- done:
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return error;
+ fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error);
+ if (!fwToken->sessions) {
+ if (CKR_OK == error) {
+ error = CKR_GENERAL_ERROR;
+ }
+ goto done;
+ }
+
+ fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
+ fwToken->sessionCount = 0;
+ fwToken->rwSessionCount = 0;
+
+ error = CKR_OK;
+
+done:
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return error;
}
/*
@@ -1651,26 +1573,24 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetSessionCount
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetSessionCount(
+ NSSCKFWToken *fwToken)
{
- CK_ULONG rv;
+ CK_ULONG rv;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (CK_ULONG)0;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- return (CK_ULONG)0;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ return (CK_ULONG)0;
+ }
- rv = fwToken->sessionCount;
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
+ rv = fwToken->sessionCount;
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
}
/*
@@ -1678,26 +1598,24 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetRwSessionCount
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetRwSessionCount(
+ NSSCKFWToken *fwToken)
{
- CK_ULONG rv;
+ CK_ULONG rv;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (CK_ULONG)0;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- return (CK_ULONG)0;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ return (CK_ULONG)0;
+ }
- rv = fwToken->rwSessionCount;
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
+ rv = fwToken->rwSessionCount;
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
}
/*
@@ -1705,26 +1623,24 @@
*
*/
NSS_IMPLEMENT CK_ULONG
-nssCKFWToken_GetRoSessionCount
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetRoSessionCount(
+ NSSCKFWToken *fwToken)
{
- CK_ULONG rv;
+ CK_ULONG rv;
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (CK_ULONG)0;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (CK_ULONG)0;
+ }
#endif /* NSSDEBUG */
- if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) {
- return (CK_ULONG)0;
- }
+ if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+ return (CK_ULONG)0;
+ }
- rv = fwToken->sessionCount - fwToken->rwSessionCount;
- (void)nssCKFWMutex_Unlock(fwToken->mutex);
- return rv;
+ rv = fwToken->sessionCount - fwToken->rwSessionCount;
+ (void)nssCKFWMutex_Unlock(fwToken->mutex);
+ return rv;
}
/*
@@ -1732,18 +1648,16 @@
*
*/
NSS_IMPLEMENT nssCKFWHash *
-nssCKFWToken_GetSessionObjectHash
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetSessionObjectHash(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (nssCKFWHash *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (nssCKFWHash *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwToken->sessionObjectHash;
+ return fwToken->sessionObjectHash;
}
/*
@@ -1751,18 +1665,16 @@
*
*/
NSS_IMPLEMENT nssCKFWHash *
-nssCKFWToken_GetMDObjectHash
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetMDObjectHash(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (nssCKFWHash *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (nssCKFWHash *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwToken->mdObjectHash;
+ return fwToken->mdObjectHash;
}
/*
@@ -1770,18 +1682,16 @@
*
*/
NSS_IMPLEMENT nssCKFWHash *
-nssCKFWToken_GetObjectHandleHash
-(
- NSSCKFWToken *fwToken
-)
+nssCKFWToken_GetObjectHandleHash(
+ NSSCKFWToken *fwToken)
{
#ifdef NSSDEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (nssCKFWHash *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (nssCKFWHash *)NULL;
+ }
#endif /* NSSDEBUG */
- return fwToken->mdObjectHash;
+ return fwToken->mdObjectHash;
}
/*
@@ -1790,18 +1700,16 @@
*/
NSS_IMPLEMENT NSSCKMDToken *
-NSSCKFWToken_GetMDToken
-(
- NSSCKFWToken *fwToken
-)
+NSSCKFWToken_GetMDToken(
+ NSSCKFWToken *fwToken)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKMDToken *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKMDToken *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWToken_GetMDToken(fwToken);
+ return nssCKFWToken_GetMDToken(fwToken);
}
/*
@@ -1810,24 +1718,22 @@
*/
NSS_IMPLEMENT NSSArena *
-NSSCKFWToken_GetArena
-(
- NSSCKFWToken *fwToken,
- CK_RV *pError
-)
+NSSCKFWToken_GetArena(
+ NSSCKFWToken *fwToken,
+ CK_RV *pError)
{
#ifdef DEBUG
- if (!pError) {
- return (NSSArena *)NULL;
- }
+ if (!pError) {
+ return (NSSArena *)NULL;
+ }
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- *pError = CKR_ARGUMENTS_BAD;
- return (NSSArena *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ *pError = CKR_ARGUMENTS_BAD;
+ return (NSSArena *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWToken_GetArena(fwToken, pError);
+ return nssCKFWToken_GetArena(fwToken, pError);
}
/*
@@ -1836,18 +1742,16 @@
*/
NSS_IMPLEMENT NSSCKFWSlot *
-NSSCKFWToken_GetFWSlot
-(
- NSSCKFWToken *fwToken
-)
+NSSCKFWToken_GetFWSlot(
+ NSSCKFWToken *fwToken)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKFWSlot *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKFWSlot *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWToken_GetFWSlot(fwToken);
+ return nssCKFWToken_GetFWSlot(fwToken);
}
/*
@@ -1856,18 +1760,16 @@
*/
NSS_IMPLEMENT NSSCKMDSlot *
-NSSCKFWToken_GetMDSlot
-(
- NSSCKFWToken *fwToken
-)
+NSSCKFWToken_GetMDSlot(
+ NSSCKFWToken *fwToken)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return (NSSCKMDSlot *)NULL;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return (NSSCKMDSlot *)NULL;
+ }
#endif /* DEBUG */
- return nssCKFWToken_GetMDSlot(fwToken);
+ return nssCKFWToken_GetMDSlot(fwToken);
}
/*
@@ -1876,16 +1778,14 @@
*/
NSS_IMPLEMENT CK_STATE
-NSSCKFWSession_GetSessionState
-(
- NSSCKFWToken *fwToken
-)
+NSSCKFWSession_GetSessionState(
+ NSSCKFWToken *fwToken)
{
#ifdef DEBUG
- if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) {
- return CKS_RO_PUBLIC_SESSION;
- }
+ if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+ return CKS_RO_PUBLIC_SESSION;
+ }
#endif /* DEBUG */
- return nssCKFWToken_GetSessionState(fwToken);
+ return nssCKFWToken_GetSessionState(fwToken);
}
diff --git a/nss/lib/ckfw/wrap.c b/nss/lib/ckfw/wrap.c
index 3a0b0df..44c2e8e 100644
--- a/nss/lib/ckfw/wrap.c
+++ b/nss/lib/ckfw/wrap.c
@@ -92,41 +92,46 @@
/* figure out out locking semantics */
static CK_RV
nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs,
- CryptokiLockingState *pLocking_state) {
- int functionCount = 0;
+ CryptokiLockingState *pLocking_state)
+{
+ int functionCount = 0;
- /* parsed according to (PKCS #11 Section 11.4) */
- /* no args, the degenerate version of case 1 */
- if (!pInitArgs) {
- *pLocking_state = SingleThreaded;
- return CKR_OK;
- }
+ /* parsed according to (PKCS #11 Section 11.4) */
+ /* no args, the degenerate version of case 1 */
+ if (!pInitArgs) {
+ *pLocking_state = SingleThreaded;
+ return CKR_OK;
+ }
- /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */
- if (pInitArgs->flags & CKF_OS_LOCKING_OK) {
- *pLocking_state = MultiThreaded;
- return CKR_OK;
- }
- if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++;
- if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++;
- if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++;
- if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++;
+ /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */
+ if (pInitArgs->flags & CKF_OS_LOCKING_OK) {
+ *pLocking_state = MultiThreaded;
+ return CKR_OK;
+ }
+ if ((CK_CREATEMUTEX)NULL != pInitArgs->CreateMutex)
+ functionCount++;
+ if ((CK_DESTROYMUTEX)NULL != pInitArgs->DestroyMutex)
+ functionCount++;
+ if ((CK_LOCKMUTEX)NULL != pInitArgs->LockMutex)
+ functionCount++;
+ if ((CK_UNLOCKMUTEX)NULL != pInitArgs->UnlockMutex)
+ functionCount++;
- /* CKF_OS_LOCKING_OK is not set, and not functions supplied,
- * explicit case 1 */
- if (0 == functionCount) {
- *pLocking_state = SingleThreaded;
- return CKR_OK;
- }
+ /* CKF_OS_LOCKING_OK is not set, and not functions supplied,
+ * explicit case 1 */
+ if (0 == functionCount) {
+ *pLocking_state = SingleThreaded;
+ return CKR_OK;
+ }
- /* OS_LOCKING_OK is not set and functions have been supplied. Since
- * ckfw uses nssbase library which explicitly calls NSPR, and since
- * there is no way to reliably override these explicit calls to NSPR,
- * therefore we can't support applications which have their own threading
- * module. Return CKR_CANT_LOCK if they supplied the correct number of
- * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will
- * fail the initialize */
- return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD;
+ /* OS_LOCKING_OK is not set and functions have been supplied. Since
+ * ckfw uses nssbase library which explicitly calls NSPR, and since
+ * there is no way to reliably override these explicit calls to NSPR,
+ * therefore we can't support applications which have their own threading
+ * module. Return CKR_CANT_LOCK if they supplied the correct number of
+ * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will
+ * fail the initialize */
+ return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD;
}
static PRInt32 liveInstances;
@@ -136,60 +141,58 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_Initialize
-(
- NSSCKFWInstance **pFwInstance,
- NSSCKMDInstance *mdInstance,
- CK_VOID_PTR pInitArgs
-)
+NSSCKFWC_Initialize(
+ NSSCKFWInstance **pFwInstance,
+ NSSCKMDInstance *mdInstance,
+ CK_VOID_PTR pInitArgs)
{
- CK_RV error = CKR_OK;
- CryptokiLockingState locking_state;
+ CK_RV error = CKR_OK;
+ CryptokiLockingState locking_state;
- if( (NSSCKFWInstance **)NULL == pFwInstance ) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
+ if ((NSSCKFWInstance **)NULL == pFwInstance) {
+ error = CKR_GENERAL_ERROR;
+ goto loser;
+ }
- if (*pFwInstance) {
- error = CKR_CRYPTOKI_ALREADY_INITIALIZED;
- goto loser;
- }
+ if (*pFwInstance) {
+ error = CKR_CRYPTOKI_ALREADY_INITIALIZED;
+ goto loser;
+ }
- if (!mdInstance) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
+ if (!mdInstance) {
+ error = CKR_GENERAL_ERROR;
+ goto loser;
+ }
- error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFW_GetThreadSafeState(pInitArgs, &locking_state);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error);
- if (!*pFwInstance) {
- goto loser;
- }
- PR_ATOMIC_INCREMENT(&liveInstances);
- return CKR_OK;
+ *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error);
+ if (!*pFwInstance) {
+ goto loser;
+ }
+ PR_ATOMIC_INCREMENT(&liveInstances);
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_ARGUMENTS_BAD:
- case CKR_CANT_LOCK:
- case CKR_CRYPTOKI_ALREADY_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_NEED_TO_CREATE_THREADS:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_ARGUMENTS_BAD:
+ case CKR_CANT_LOCK:
+ case CKR_CRYPTOKI_ALREADY_INITIALIZED:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_NEED_TO_CREATE_THREADS:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
/*
@@ -197,59 +200,57 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_Finalize
-(
- NSSCKFWInstance **pFwInstance
-)
+NSSCKFWC_Finalize(
+ NSSCKFWInstance **pFwInstance)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
- if( (NSSCKFWInstance **)NULL == pFwInstance ) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
-
- if (!*pFwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- error = nssCKFWInstance_Destroy(*pFwInstance);
-
- /* In any case */
- *pFwInstance = (NSSCKFWInstance *)NULL;
-
- loser:
- switch( error ) {
- PRInt32 remainingInstances;
- case CKR_OK:
- remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances);
- if (!remainingInstances) {
- nssArena_Shutdown();
+ if ((NSSCKFWInstance **)NULL == pFwInstance) {
+ error = CKR_GENERAL_ERROR;
+ goto loser;
}
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- break;
- default:
- error = CKR_GENERAL_ERROR;
- break;
- }
- /*
- * A thread's error stack is automatically destroyed when the thread
- * terminates or, for the primordial thread, by PR_Cleanup. On
- * Windows with MinGW, the thread private data destructor PR_Free
- * registered by this module is actually a thunk for PR_Free defined
- * in this module. When the thread that unloads this module terminates
- * or calls PR_Cleanup, the thunk for PR_Free is already gone with the
- * module. Therefore we need to destroy the error stack before the
- * module is unloaded.
- */
- nss_DestroyErrorStack();
- return error;
+ if (!*pFwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
+
+ error = nssCKFWInstance_Destroy(*pFwInstance);
+
+ /* In any case */
+ *pFwInstance = (NSSCKFWInstance *)NULL;
+
+loser:
+ switch (error) {
+ PRInt32 remainingInstances;
+ case CKR_OK:
+ remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances);
+ if (!remainingInstances) {
+ nssArena_Shutdown();
+ }
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ break;
+ default:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ /*
+ * A thread's error stack is automatically destroyed when the thread
+ * terminates or, for the primordial thread, by PR_Cleanup. On
+ * Windows with MinGW, the thread private data destructor PR_Free
+ * registered by this module is actually a thunk for PR_Free defined
+ * in this module. When the thread that unloads this module terminates
+ * or calls PR_Cleanup, the thunk for PR_Free is already gone with the
+ * module. Therefore we need to destroy the error stack before the
+ * module is unloaded.
+ */
+ nss_DestroyErrorStack();
+ return error;
}
/*
@@ -257,57 +258,55 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_INFO_PTR pInfo
-)
+NSSCKFWC_GetInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_INFO_PTR pInfo)
{
- CK_RV error = CKR_OK;
+ CK_RV error = CKR_OK;
- if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ if ((CK_INFO_PTR)CK_NULL_PTR == pInfo) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- /*
- * A purify error here means a caller error
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO));
+ /*
+ * A purify error here means a caller error
+ */
+ (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO));
- pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance);
+ pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance);
- error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- pInfo->flags = nssCKFWInstance_GetFlags(fwInstance);
+ pInfo->flags = nssCKFWInstance_GetFlags(fwInstance);
- error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance);
+ pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance);
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- break;
- default:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ break;
+ default:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
-
+
/*
* C_GetFunctionList is implemented entirely in the Module's file which
* includes the Framework API insert file. It requires no "actual"
@@ -319,179 +318,175 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetSlotList
-(
- NSSCKFWInstance *fwInstance,
- CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList,
- CK_ULONG_PTR pulCount
-)
+NSSCKFWC_GetSlotList(
+ NSSCKFWInstance *fwInstance,
+ CK_BBOOL tokenPresent,
+ CK_SLOT_ID_PTR pSlotList,
+ CK_ULONG_PTR pulCount)
{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
+ CK_RV error = CKR_OK;
+ CK_ULONG nSlots;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- switch( tokenPresent ) {
- case CK_TRUE:
- case CK_FALSE:
- break;
- default:
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) {
- *pulCount = nSlots;
- return CKR_OK;
- }
-
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID));
-
- if( *pulCount < nSlots ) {
- *pulCount = nSlots;
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- } else {
- CK_ULONG i;
- *pulCount = nSlots;
-
- /*
- * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we
- * just index one when we need it.
- */
-
- for( i = 0; i < nSlots; i++ ) {
- pSlotList[i] = i+1;
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
}
- return CKR_OK;
- }
+ switch (tokenPresent) {
+ case CK_TRUE:
+ case CK_FALSE:
+ break;
+ default:
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- loser:
- switch( error ) {
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ if ((CK_ULONG_PTR)CK_NULL_PTR == pulCount) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- return error;
+ nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+ if ((CK_ULONG)0 == nSlots) {
+ goto loser;
+ }
+
+ if ((CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList) {
+ *pulCount = nSlots;
+ return CKR_OK;
+ }
+
+ /*
+ * A purify error here indicates caller error.
+ */
+ (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID));
+
+ if (*pulCount < nSlots) {
+ *pulCount = nSlots;
+ error = CKR_BUFFER_TOO_SMALL;
+ goto loser;
+ } else {
+ CK_ULONG i;
+ *pulCount = nSlots;
+
+ /*
+ * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we
+ * just index one when we need it.
+ */
+
+ for (i = 0; i < nSlots; i++) {
+ pSlotList[i] = i + 1;
+ }
+
+ return CKR_OK;
+ }
+
+loser:
+ switch (error) {
+ case CKR_BUFFER_TOO_SMALL:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
-
+
/*
* NSSCKFWC_GetSlotInfo
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetSlotInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_SLOT_INFO_PTR pInfo
-)
+NSSCKFWC_GetSlotInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_SLOT_INFO_PTR pInfo)
{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
+ CK_RV error = CKR_OK;
+ CK_ULONG nSlots;
+ NSSCKFWSlot **slots;
+ NSSCKFWSlot *fwSlot;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
+ nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+ if ((CK_ULONG)0 == nSlots) {
+ goto loser;
+ }
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
+ if ((slotID < 1) || (slotID > nSlots)) {
+ error = CKR_SLOT_ID_INVALID;
+ goto loser;
+ }
- if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ if ((CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO));
+ /*
+ * A purify error here indicates caller error.
+ */
+ (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO));
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
+ slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+ if ((NSSCKFWSlot **)NULL == slots) {
+ goto loser;
+ }
- fwSlot = slots[ slotID-1 ];
+ fwSlot = slots[slotID - 1];
- error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- if( nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- pInfo->flags |= CKF_TOKEN_PRESENT;
- }
+ if (nssCKFWSlot_GetTokenPresent(fwSlot)) {
+ pInfo->flags |= CKF_TOKEN_PRESENT;
+ }
- if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) {
- pInfo->flags |= CKF_REMOVABLE_DEVICE;
- }
+ if (nssCKFWSlot_GetRemovableDevice(fwSlot)) {
+ pInfo->flags |= CKF_REMOVABLE_DEVICE;
+ }
- if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) {
- pInfo->flags |= CKF_HW_SLOT;
- }
+ if (nssCKFWSlot_GetHardwareSlot(fwSlot)) {
+ pInfo->flags |= CKF_HW_SLOT;
+ }
- pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot);
- pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot);
+ pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot);
+ pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot);
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- }
+loser:
+ switch (error) {
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_SLOT_ID_INVALID:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ }
- return error;
+ return error;
}
/*
@@ -499,156 +494,154 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetTokenInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_TOKEN_INFO_PTR pInfo
-)
+NSSCKFWC_GetTokenInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_TOKEN_INFO_PTR pInfo)
{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+ CK_RV error = CKR_OK;
+ CK_ULONG nSlots;
+ NSSCKFWSlot **slots;
+ NSSCKFWSlot *fwSlot;
+ NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
+ nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+ if ((CK_ULONG)0 == nSlots) {
+ goto loser;
+ }
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
+ if ((slotID < 1) || (slotID > nSlots)) {
+ error = CKR_SLOT_ID_INVALID;
+ goto loser;
+ }
- if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ if ((CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO));
+ /*
+ * A purify error here indicates caller error.
+ */
+ (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO));
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
+ slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+ if ((NSSCKFWSlot **)NULL == slots) {
+ goto loser;
+ }
- fwSlot = slots[ slotID-1 ];
+ fwSlot = slots[slotID - 1];
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
+ if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+ error = CKR_TOKEN_NOT_PRESENT;
+ goto loser;
+ }
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
+ fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+ if (!fwToken) {
+ goto loser;
+ }
- error = nssCKFWToken_GetLabel(fwToken, pInfo->label);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWToken_GetLabel(fwToken, pInfo->label);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- error = nssCKFWToken_GetModel(fwToken, pInfo->model);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWToken_GetModel(fwToken, pInfo->model);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- if( nssCKFWToken_GetHasRNG(fwToken) ) {
- pInfo->flags |= CKF_RNG;
- }
+ if (nssCKFWToken_GetHasRNG(fwToken)) {
+ pInfo->flags |= CKF_RNG;
+ }
- if( nssCKFWToken_GetIsWriteProtected(fwToken) ) {
- pInfo->flags |= CKF_WRITE_PROTECTED;
- }
+ if (nssCKFWToken_GetIsWriteProtected(fwToken)) {
+ pInfo->flags |= CKF_WRITE_PROTECTED;
+ }
- if( nssCKFWToken_GetLoginRequired(fwToken) ) {
- pInfo->flags |= CKF_LOGIN_REQUIRED;
- }
+ if (nssCKFWToken_GetLoginRequired(fwToken)) {
+ pInfo->flags |= CKF_LOGIN_REQUIRED;
+ }
- if( nssCKFWToken_GetUserPinInitialized(fwToken) ) {
- pInfo->flags |= CKF_USER_PIN_INITIALIZED;
- }
+ if (nssCKFWToken_GetUserPinInitialized(fwToken)) {
+ pInfo->flags |= CKF_USER_PIN_INITIALIZED;
+ }
- if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) {
- pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED;
- }
+ if (nssCKFWToken_GetRestoreKeyNotNeeded(fwToken)) {
+ pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED;
+ }
- if( nssCKFWToken_GetHasClockOnToken(fwToken) ) {
- pInfo->flags |= CKF_CLOCK_ON_TOKEN;
- }
+ if (nssCKFWToken_GetHasClockOnToken(fwToken)) {
+ pInfo->flags |= CKF_CLOCK_ON_TOKEN;
+ }
- if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
- pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
- }
+ if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) {
+ pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
+ }
- if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) {
- pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS;
- }
+ if (nssCKFWToken_GetSupportsDualCryptoOperations(fwToken)) {
+ pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS;
+ }
- pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken);
- pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken);
- pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken);
- pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken);
- pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken);
- pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken);
- pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken);
- pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken);
- pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken);
- pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken);
- pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken);
- pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken);
-
- error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime);
- if( CKR_OK != error ) {
- goto loser;
- }
+ pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken);
+ pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken);
+ pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken);
+ pInfo->ulRwSessionCount = nssCKFWToken_GetRwSessionCount(fwToken);
+ pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken);
+ pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken);
+ pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken);
+ pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken);
+ pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken);
+ pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken);
+ pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken);
+ pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken);
- return CKR_OK;
+ error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- if (fwToken)
- nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ return CKR_OK;
- return error;
+loser:
+ switch (error) {
+ case CKR_DEVICE_REMOVED:
+ case CKR_TOKEN_NOT_PRESENT:
+ if (fwToken)
+ nssCKFWToken_Destroy(fwToken);
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_SLOT_ID_INVALID:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -656,82 +649,80 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_WaitForSlotEvent
-(
- NSSCKFWInstance *fwInstance,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR pSlot,
- CK_VOID_PTR pReserved
-)
+NSSCKFWC_WaitForSlotEvent(
+ NSSCKFWInstance *fwInstance,
+ CK_FLAGS flags,
+ CK_SLOT_ID_PTR pSlot,
+ CK_VOID_PTR pReserved)
{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- CK_BBOOL block;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- CK_ULONG i;
+ CK_RV error = CKR_OK;
+ CK_ULONG nSlots;
+ CK_BBOOL block;
+ NSSCKFWSlot **slots;
+ NSSCKFWSlot *fwSlot;
+ CK_ULONG i;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- if( flags & ~CKF_DONT_BLOCK ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE;
-
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
-
- if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
-
- fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error);
- if (!fwSlot) {
- goto loser;
- }
-
- for( i = 0; i < nSlots; i++ ) {
- if( fwSlot == slots[i] ) {
- *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1);
- return CKR_OK;
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
}
- }
- error = CKR_GENERAL_ERROR; /* returned something not in the slot list */
+ if (flags & ~CKF_DONT_BLOCK) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- loser:
- switch( error ) {
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_NO_EVENT:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE;
- return error;
+ nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+ if ((CK_ULONG)0 == nSlots) {
+ goto loser;
+ }
+
+ if ((CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
+
+ if ((CK_VOID_PTR)CK_NULL_PTR != pReserved) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
+
+ slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+ if ((NSSCKFWSlot **)NULL == slots) {
+ goto loser;
+ }
+
+ fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error);
+ if (!fwSlot) {
+ goto loser;
+ }
+
+ for (i = 0; i < nSlots; i++) {
+ if (fwSlot == slots[i]) {
+ *pSlot = (CK_SLOT_ID)(CK_ULONG)(i + 1);
+ return CKR_OK;
+ }
+ }
+
+ error = CKR_GENERAL_ERROR; /* returned something not in the slot list */
+
+loser:
+ switch (error) {
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_NO_EVENT:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -739,113 +730,111 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetMechanismList
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList,
- CK_ULONG_PTR pulCount
-)
+NSSCKFWC_GetMechanismList(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_MECHANISM_TYPE_PTR pMechanismList,
+ CK_ULONG_PTR pulCount)
{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- CK_ULONG count;
+ CK_RV error = CKR_OK;
+ CK_ULONG nSlots;
+ NSSCKFWSlot **slots;
+ NSSCKFWSlot *fwSlot;
+ NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+ CK_ULONG count;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
+ nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+ if ((CK_ULONG)0 == nSlots) {
+ goto loser;
+ }
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
+ if ((slotID < 1) || (slotID > nSlots)) {
+ error = CKR_SLOT_ID_INVALID;
+ goto loser;
+ }
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ if ((CK_ULONG_PTR)CK_NULL_PTR == pulCount) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
+ slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+ if ((NSSCKFWSlot **)NULL == slots) {
+ goto loser;
+ }
- fwSlot = slots[ slotID-1 ];
+ fwSlot = slots[slotID - 1];
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
+ if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+ error = CKR_TOKEN_NOT_PRESENT;
+ goto loser;
+ }
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
+ fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+ if (!fwToken) {
+ goto loser;
+ }
- count = nssCKFWToken_GetMechanismCount(fwToken);
+ count = nssCKFWToken_GetMechanismCount(fwToken);
- if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) {
+ if ((CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList) {
+ *pulCount = count;
+ return CKR_OK;
+ }
+
+ if (*pulCount < count) {
+ *pulCount = count;
+ error = CKR_BUFFER_TOO_SMALL;
+ goto loser;
+ }
+
+ /*
+ * A purify error here indicates caller error.
+ */
+ (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE));
+
*pulCount = count;
- return CKR_OK;
- }
- if( *pulCount < count ) {
- *pulCount = count;
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
+ if (0 != count) {
+ error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
+ } else {
+ error = CKR_OK;
+ }
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE));
+ if (CKR_OK == error) {
+ return CKR_OK;
+ }
- *pulCount = count;
+loser:
+ switch (error) {
+ case CKR_DEVICE_REMOVED:
+ case CKR_TOKEN_NOT_PRESENT:
+ if (fwToken)
+ nssCKFWToken_Destroy(fwToken);
+ break;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_BUFFER_TOO_SMALL:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_SLOT_ID_INVALID:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- if( 0 != count ) {
- error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
- } else {
- error = CKR_OK;
- }
-
- if( CKR_OK == error ) {
- return CKR_OK;
- }
-
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- if (fwToken)
- nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
+ return error;
}
/*
@@ -853,139 +842,137 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetMechanismInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo
-)
+NSSCKFWC_GetMechanismInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_MECHANISM_TYPE type,
+ CK_MECHANISM_INFO_PTR pInfo)
{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- NSSCKFWMechanism *fwMechanism;
+ CK_RV error = CKR_OK;
+ CK_ULONG nSlots;
+ NSSCKFWSlot **slots;
+ NSSCKFWSlot *fwSlot;
+ NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+ NSSCKFWMechanism *fwMechanism;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
+ nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+ if ((CK_ULONG)0 == nSlots) {
+ goto loser;
+ }
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
+ if ((slotID < 1) || (slotID > nSlots)) {
+ error = CKR_SLOT_ID_INVALID;
+ goto loser;
+ }
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
+ slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+ if ((NSSCKFWSlot **)NULL == slots) {
+ goto loser;
+ }
- fwSlot = slots[ slotID-1 ];
+ fwSlot = slots[slotID - 1];
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
+ if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+ error = CKR_TOKEN_NOT_PRESENT;
+ goto loser;
+ }
- if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ if ((CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO));
+ /*
+ * A purify error here indicates caller error.
+ */
+ (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO));
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
+ fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+ if (!fwToken) {
+ goto loser;
+ }
- fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error);
- if (!fwMechanism) {
- goto loser;
- }
+ fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error);
+ if (!fwMechanism) {
+ goto loser;
+ }
- pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error);
- pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error);
+ pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error);
+ pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error);
- if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) {
- pInfo->flags |= CKF_HW;
- }
- if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) {
- pInfo->flags |= CKF_ENCRYPT;
- }
- if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) {
- pInfo->flags |= CKF_DECRYPT;
- }
- if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) {
- pInfo->flags |= CKF_DIGEST;
- }
- if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) {
- pInfo->flags |= CKF_SIGN;
- }
- if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) {
- pInfo->flags |= CKF_SIGN_RECOVER;
- }
- if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) {
- pInfo->flags |= CKF_VERIFY;
- }
- if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) {
- pInfo->flags |= CKF_VERIFY_RECOVER;
- }
- if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) {
- pInfo->flags |= CKF_GENERATE;
- }
- if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) {
- pInfo->flags |= CKF_GENERATE_KEY_PAIR;
- }
- if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) {
- pInfo->flags |= CKF_WRAP;
- }
- if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) {
- pInfo->flags |= CKF_UNWRAP;
- }
- if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) {
- pInfo->flags |= CKF_DERIVE;
- }
- nssCKFWMechanism_Destroy(fwMechanism);
+ if (nssCKFWMechanism_GetInHardware(fwMechanism, &error)) {
+ pInfo->flags |= CKF_HW;
+ }
+ if (nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error)) {
+ pInfo->flags |= CKF_ENCRYPT;
+ }
+ if (nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error)) {
+ pInfo->flags |= CKF_DECRYPT;
+ }
+ if (nssCKFWMechanism_GetCanDigest(fwMechanism, &error)) {
+ pInfo->flags |= CKF_DIGEST;
+ }
+ if (nssCKFWMechanism_GetCanSign(fwMechanism, &error)) {
+ pInfo->flags |= CKF_SIGN;
+ }
+ if (nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error)) {
+ pInfo->flags |= CKF_SIGN_RECOVER;
+ }
+ if (nssCKFWMechanism_GetCanVerify(fwMechanism, &error)) {
+ pInfo->flags |= CKF_VERIFY;
+ }
+ if (nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error)) {
+ pInfo->flags |= CKF_VERIFY_RECOVER;
+ }
+ if (nssCKFWMechanism_GetCanGenerate(fwMechanism, &error)) {
+ pInfo->flags |= CKF_GENERATE;
+ }
+ if (nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error)) {
+ pInfo->flags |= CKF_GENERATE_KEY_PAIR;
+ }
+ if (nssCKFWMechanism_GetCanWrap(fwMechanism, &error)) {
+ pInfo->flags |= CKF_WRAP;
+ }
+ if (nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error)) {
+ pInfo->flags |= CKF_UNWRAP;
+ }
+ if (nssCKFWMechanism_GetCanDerive(fwMechanism, &error)) {
+ pInfo->flags |= CKF_DERIVE;
+ }
+ nssCKFWMechanism_Destroy(fwMechanism);
- return error;
+ return error;
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- if (fwToken)
- nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_MECHANISM_INVALID:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_DEVICE_REMOVED:
+ case CKR_TOKEN_NOT_PRESENT:
+ if (fwToken)
+ nssCKFWToken_Destroy(fwToken);
+ break;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_MECHANISM_INVALID:
+ case CKR_SLOT_ID_INVALID:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
/*
@@ -993,94 +980,92 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_InitToken
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen,
- CK_CHAR_PTR pLabel
-)
+NSSCKFWC_InitToken(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_CHAR_PTR pPin,
+ CK_ULONG ulPinLen,
+ CK_CHAR_PTR pLabel)
{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- NSSItem pin;
- NSSUTF8 *label;
+ CK_RV error = CKR_OK;
+ CK_ULONG nSlots;
+ NSSCKFWSlot **slots;
+ NSSCKFWSlot *fwSlot;
+ NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+ NSSItem pin;
+ NSSUTF8 *label;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
+ nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+ if ((CK_ULONG)0 == nSlots) {
+ goto loser;
+ }
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
+ if ((slotID < 1) || (slotID > nSlots)) {
+ error = CKR_SLOT_ID_INVALID;
+ goto loser;
+ }
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
+ slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+ if ((NSSCKFWSlot **)NULL == slots) {
+ goto loser;
+ }
- fwSlot = slots[ slotID-1 ];
+ fwSlot = slots[slotID - 1];
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
+ if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+ error = CKR_TOKEN_NOT_PRESENT;
+ goto loser;
+ }
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
+ fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+ if (!fwToken) {
+ goto loser;
+ }
- pin.size = (PRUint32)ulPinLen;
- pin.data = (void *)pPin;
- label = (NSSUTF8 *)pLabel; /* identity conversion */
+ pin.size = (PRUint32)ulPinLen;
+ pin.data = (void *)pPin;
+ label = (NSSUTF8 *)pLabel; /* identity conversion */
- error = nssCKFWToken_InitToken(fwToken, &pin, label);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWToken_InitToken(fwToken, &pin, label);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- case CKR_TOKEN_NOT_PRESENT:
- if (fwToken)
- nssCKFWToken_Destroy(fwToken);
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_INCORRECT:
- case CKR_PIN_LOCKED:
- case CKR_SESSION_EXISTS:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_RECOGNIZED:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_DEVICE_REMOVED:
+ case CKR_TOKEN_NOT_PRESENT:
+ if (fwToken)
+ nssCKFWToken_Destroy(fwToken);
+ break;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_PIN_INCORRECT:
+ case CKR_PIN_LOCKED:
+ case CKR_SESSION_EXISTS:
+ case CKR_SLOT_ID_INVALID:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
/*
@@ -1088,73 +1073,71 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_InitPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-)
+NSSCKFWC_InitPIN(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_CHAR_PTR pPin,
+ CK_ULONG ulPinLen)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem pin, *arg;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSItem pin, *arg;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
- arg = (NSSItem *)NULL;
- } else {
- arg = &pin;
- pin.size = (PRUint32)ulPinLen;
- pin.data = (void *)pPin;
- }
+ if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) {
+ arg = (NSSItem *)NULL;
+ } else {
+ arg = &pin;
+ pin.size = (PRUint32)ulPinLen;
+ pin.data = (void *)pPin;
+ }
- error = nssCKFWSession_InitPIN(fwSession, arg);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWSession_InitPIN(fwSession, arg);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_INVALID:
- case CKR_PIN_LEN_RANGE:
- case CKR_SESSION_READ_ONLY:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_PIN_INVALID:
+ case CKR_PIN_LEN_RANGE:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ case CKR_USER_NOT_LOGGED_IN:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
/*
@@ -1162,84 +1145,82 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_SetPIN
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_CHAR_PTR pOldPin,
- CK_ULONG ulOldLen,
- CK_CHAR_PTR pNewPin,
- CK_ULONG ulNewLen
-)
+NSSCKFWC_SetPIN(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_CHAR_PTR pOldPin,
+ CK_ULONG ulOldLen,
+ CK_CHAR_PTR pNewPin,
+ CK_ULONG ulNewLen)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem oldPin, newPin, *oldArg, *newArg;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSItem oldPin, newPin, *oldArg, *newArg;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) {
- oldArg = (NSSItem *)NULL;
- } else {
- oldArg = &oldPin;
- oldPin.size = (PRUint32)ulOldLen;
- oldPin.data = (void *)pOldPin;
- }
+ if ((CK_CHAR_PTR)CK_NULL_PTR == pOldPin) {
+ oldArg = (NSSItem *)NULL;
+ } else {
+ oldArg = &oldPin;
+ oldPin.size = (PRUint32)ulOldLen;
+ oldPin.data = (void *)pOldPin;
+ }
- if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) {
- newArg = (NSSItem *)NULL;
- } else {
- newArg = &newPin;
- newPin.size = (PRUint32)ulNewLen;
- newPin.data = (void *)pNewPin;
- }
+ if ((CK_CHAR_PTR)CK_NULL_PTR == pNewPin) {
+ newArg = (NSSItem *)NULL;
+ } else {
+ newArg = &newPin;
+ newPin.size = (PRUint32)ulNewLen;
+ newPin.data = (void *)pNewPin;
+ }
- error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ARGUMENTS_BAD:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_INCORRECT:
- case CKR_PIN_INVALID:
- case CKR_PIN_LEN_RANGE:
- case CKR_PIN_LOCKED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_PIN_INCORRECT:
+ case CKR_PIN_INVALID:
+ case CKR_PIN_LEN_RANGE:
+ case CKR_PIN_LOCKED:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
/*
@@ -1247,128 +1228,126 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_OpenSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID,
- CK_FLAGS flags,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_SESSION_HANDLE_PTR phSession
-)
+NSSCKFWC_OpenSession(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID,
+ CK_FLAGS flags,
+ CK_VOID_PTR pApplication,
+ CK_NOTIFY Notify,
+ CK_SESSION_HANDLE_PTR phSession)
{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- NSSCKFWSession *fwSession;
- CK_BBOOL rw;
+ CK_RV error = CKR_OK;
+ CK_ULONG nSlots;
+ NSSCKFWSlot **slots;
+ NSSCKFWSlot *fwSlot;
+ NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+ NSSCKFWSession *fwSession;
+ CK_BBOOL rw;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
+ nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+ if ((CK_ULONG)0 == nSlots) {
+ goto loser;
+ }
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
+ if ((slotID < 1) || (slotID > nSlots)) {
+ error = CKR_SLOT_ID_INVALID;
+ goto loser;
+ }
- if( flags & CKF_RW_SESSION ) {
- rw = CK_TRUE;
- } else {
- rw = CK_FALSE;
- }
+ if (flags & CKF_RW_SESSION) {
+ rw = CK_TRUE;
+ } else {
+ rw = CK_FALSE;
+ }
- if( flags & CKF_SERIAL_SESSION ) {
- ;
- } else {
- error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
- goto loser;
- }
+ if (flags & CKF_SERIAL_SESSION) {
+ ;
+ } else {
+ error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
+ goto loser;
+ }
- if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ if (flags & ~(CKF_RW_SESSION | CKF_SERIAL_SESSION)) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ if ((CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- /*
- * A purify error here indicates caller error.
- */
- *phSession = (CK_SESSION_HANDLE)0;
+ /*
+ * A purify error here indicates caller error.
+ */
+ *phSession = (CK_SESSION_HANDLE)0;
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
+ slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+ if ((NSSCKFWSlot **)NULL == slots) {
+ goto loser;
+ }
- fwSlot = slots[ slotID-1 ];
+ fwSlot = slots[slotID - 1];
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
+ if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+ error = CKR_TOKEN_NOT_PRESENT;
+ goto loser;
+ }
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
+ fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+ if (!fwToken) {
+ goto loser;
+ }
- fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication,
- Notify, &error);
- if (!fwSession) {
- goto loser;
- }
+ fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication,
+ Notify, &error);
+ if (!fwSession) {
+ goto loser;
+ }
- *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance,
- fwSession, &error);
- if( (CK_SESSION_HANDLE)0 == *phSession ) {
- goto loser;
- }
+ *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance,
+ fwSession, &error);
+ if ((CK_SESSION_HANDLE)0 == *phSession) {
+ goto loser;
+ }
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_COUNT:
- case CKR_SESSION_EXISTS:
- case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
- case CKR_SESSION_READ_WRITE_SO_EXISTS:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_PRESENT:
- case CKR_TOKEN_NOT_RECOGNIZED:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_SESSION_COUNT:
+ case CKR_SESSION_EXISTS:
+ case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+ case CKR_SESSION_READ_WRITE_SO_EXISTS:
+ case CKR_SLOT_ID_INVALID:
+ case CKR_TOKEN_NOT_PRESENT:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
/*
@@ -1376,58 +1355,56 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_CloseSession
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
+NSSCKFWC_CloseSession(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- nssCKFWInstance_DestroySessionHandle(fwInstance, hSession);
- error = nssCKFWSession_Destroy(fwSession, CK_TRUE);
+ nssCKFWInstance_DestroySessionHandle(fwInstance, hSession);
+ error = nssCKFWSession_Destroy(fwSession, CK_TRUE);
- if( CKR_OK != error ) {
- goto loser;
- }
+ if (CKR_OK != error) {
+ goto loser;
+ }
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_SESSION_HANDLE_INVALID:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
/*
@@ -1435,78 +1412,76 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_CloseAllSessions
-(
- NSSCKFWInstance *fwInstance,
- CK_SLOT_ID slotID
-)
+NSSCKFWC_CloseAllSessions(
+ NSSCKFWInstance *fwInstance,
+ CK_SLOT_ID slotID)
{
- CK_RV error = CKR_OK;
- CK_ULONG nSlots;
- NSSCKFWSlot **slots;
- NSSCKFWSlot *fwSlot;
- NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+ CK_RV error = CKR_OK;
+ CK_ULONG nSlots;
+ NSSCKFWSlot **slots;
+ NSSCKFWSlot *fwSlot;
+ NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
- if( (CK_ULONG)0 == nSlots ) {
- goto loser;
- }
+ nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+ if ((CK_ULONG)0 == nSlots) {
+ goto loser;
+ }
- if( (slotID < 1) || (slotID > nSlots) ) {
- error = CKR_SLOT_ID_INVALID;
- goto loser;
- }
+ if ((slotID < 1) || (slotID > nSlots)) {
+ error = CKR_SLOT_ID_INVALID;
+ goto loser;
+ }
- slots = nssCKFWInstance_GetSlots(fwInstance, &error);
- if( (NSSCKFWSlot **)NULL == slots ) {
- goto loser;
- }
+ slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+ if ((NSSCKFWSlot **)NULL == slots) {
+ goto loser;
+ }
- fwSlot = slots[ slotID-1 ];
+ fwSlot = slots[slotID - 1];
- if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) {
- error = CKR_TOKEN_NOT_PRESENT;
- goto loser;
- }
+ if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+ error = CKR_TOKEN_NOT_PRESENT;
+ goto loser;
+ }
- fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
- if (!fwToken) {
- goto loser;
- }
+ fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+ if (!fwToken) {
+ goto loser;
+ }
- error = nssCKFWToken_CloseAllSessions(fwToken);
- if( CKR_OK != error ) {
- goto loser;
- }
+ error = nssCKFWToken_CloseAllSessions(fwToken);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SLOT_ID_INVALID:
- case CKR_TOKEN_NOT_PRESENT:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_SLOT_ID_INVALID:
+ case CKR_TOKEN_NOT_PRESENT:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
/*
@@ -1514,80 +1489,78 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetSessionInfo
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo
-)
+NSSCKFWC_GetSessionInfo(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_SESSION_INFO_PTR pInfo)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWSlot *fwSlot;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSCKFWSlot *fwSlot;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ if ((CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- /*
- * A purify error here indicates caller error.
- */
- (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO));
+ /*
+ * A purify error here indicates caller error.
+ */
+ (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO));
- fwSlot = nssCKFWSession_GetFWSlot(fwSession);
- if (!fwSlot) {
- error = CKR_GENERAL_ERROR;
- goto loser;
- }
+ fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+ if (!fwSlot) {
+ error = CKR_GENERAL_ERROR;
+ goto loser;
+ }
- pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot);
- pInfo->state = nssCKFWSession_GetSessionState(fwSession);
+ pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot);
+ pInfo->state = nssCKFWSession_GetSessionState(fwSession);
- if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) {
- pInfo->flags |= CKF_RW_SESSION;
- }
+ if (CK_TRUE == nssCKFWSession_IsRWSession(fwSession)) {
+ pInfo->flags |= CKF_RW_SESSION;
+ }
- pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */
+ pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */
- pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession);
+ pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession);
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_SESSION_HANDLE_INVALID:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
/*
@@ -1595,88 +1568,86 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG_PTR pulOperationStateLen
-)
+NSSCKFWC_GetOperationState(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pOperationState,
+ CK_ULONG_PTR pulOperationStateLen)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- CK_ULONG len;
- NSSItem buf;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ CK_ULONG len;
+ NSSItem buf;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ if ((CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- len = nssCKFWSession_GetOperationStateLen(fwSession, &error);
- if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) {
- goto loser;
- }
+ len = nssCKFWSession_GetOperationStateLen(fwSession, &error);
+ if (((CK_ULONG)0 == len) && (CKR_OK != error)) {
+ goto loser;
+ }
- if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
+ if ((CK_BYTE_PTR)CK_NULL_PTR == pOperationState) {
+ *pulOperationStateLen = len;
+ return CKR_OK;
+ }
+
+ if (*pulOperationStateLen < len) {
+ *pulOperationStateLen = len;
+ error = CKR_BUFFER_TOO_SMALL;
+ goto loser;
+ }
+
+ buf.size = (PRUint32)*pulOperationStateLen;
+ buf.data = (void *)pOperationState;
*pulOperationStateLen = len;
+ error = nssCKFWSession_GetOperationState(fwSession, &buf);
+
+ if (CKR_OK != error) {
+ goto loser;
+ }
+
return CKR_OK;
- }
- if( *pulOperationStateLen < len ) {
- *pulOperationStateLen = len;
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_BUFFER_TOO_SMALL:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_OPERATION_NOT_INITIALIZED:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_STATE_UNSAVEABLE:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- buf.size = (PRUint32)*pulOperationStateLen;
- buf.data = (void *)pOperationState;
- *pulOperationStateLen = len;
- error = nssCKFWSession_GetOperationState(fwSession, &buf);
-
- if( CKR_OK != error ) {
- goto loser;
- }
-
- return CKR_OK;
-
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OPERATION_NOT_INITIALIZED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_STATE_UNSAVEABLE:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
-
- return error;
+ return error;
}
/*
@@ -1684,100 +1655,98 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_SetOperationState
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG ulOperationStateLen,
- CK_OBJECT_HANDLE hEncryptionKey,
- CK_OBJECT_HANDLE hAuthenticationKey
-)
+NSSCKFWC_SetOperationState(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pOperationState,
+ CK_ULONG ulOperationStateLen,
+ CK_OBJECT_HANDLE hEncryptionKey,
+ CK_OBJECT_HANDLE hAuthenticationKey)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *eKey;
- NSSCKFWObject *aKey;
- NSSItem state;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSCKFWObject *eKey;
+ NSSCKFWObject *aKey;
+ NSSItem state;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- /*
- * We could loop through the buffer, to catch any purify errors
- * in a place with a "user error" note.
- */
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) {
- eKey = (NSSCKFWObject *)NULL;
- } else {
- eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
- if (!eKey) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
}
- }
- if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) {
- aKey = (NSSCKFWObject *)NULL;
- } else {
- aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
- if (!aKey) {
- error = CKR_KEY_HANDLE_INVALID;
- goto loser;
+ if ((CK_BYTE_PTR)CK_NULL_PTR == pOperationState) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
}
- }
- state.data = pOperationState;
- state.size = ulOperationStateLen;
+ /*
+ * We could loop through the buffer, to catch any purify errors
+ * in a place with a "user error" note.
+ */
- error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey);
- if( CKR_OK != error ) {
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- return CKR_OK;
+ if ((CK_OBJECT_HANDLE)0 == hEncryptionKey) {
+ eKey = (NSSCKFWObject *)NULL;
+ } else {
+ eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
+ if (!eKey) {
+ error = CKR_KEY_HANDLE_INVALID;
+ goto loser;
+ }
+ }
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_KEY_CHANGED:
- case CKR_KEY_NEEDED:
- case CKR_KEY_NOT_NEEDED:
- case CKR_SAVED_STATE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ if ((CK_OBJECT_HANDLE)0 == hAuthenticationKey) {
+ aKey = (NSSCKFWObject *)NULL;
+ } else {
+ aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
+ if (!aKey) {
+ error = CKR_KEY_HANDLE_INVALID;
+ goto loser;
+ }
+ }
- return error;
+ state.data = pOperationState;
+ state.size = ulOperationStateLen;
+
+ error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey);
+ if (CKR_OK != error) {
+ goto loser;
+ }
+
+ return CKR_OK;
+
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_KEY_CHANGED:
+ case CKR_KEY_NEEDED:
+ case CKR_KEY_NOT_NEEDED:
+ case CKR_SAVED_STATE_INVALID:
+ case CKR_SESSION_HANDLE_INVALID:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -1785,77 +1754,75 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_Login
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_USER_TYPE userType,
- CK_CHAR_PTR pPin,
- CK_ULONG ulPinLen
-)
+NSSCKFWC_Login(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_USER_TYPE userType,
+ CK_CHAR_PTR pPin,
+ CK_ULONG ulPinLen)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSItem pin, *arg;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSItem pin, *arg;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) {
- arg = (NSSItem *)NULL;
- } else {
- arg = &pin;
- pin.size = (PRUint32)ulPinLen;
- pin.data = (void *)pPin;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- error = nssCKFWSession_Login(fwSession, userType, arg);
- if( CKR_OK != error ) {
- goto loser;
- }
+ if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) {
+ arg = (NSSItem *)NULL;
+ } else {
+ arg = &pin;
+ pin.size = (PRUint32)ulPinLen;
+ pin.data = (void *)pPin;
+ }
- return CKR_OK;
+ error = nssCKFWSession_Login(fwSession, userType, arg);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_PIN_EXPIRED:
- case CKR_PIN_INCORRECT:
- case CKR_PIN_LOCKED:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY_EXISTS:
- case CKR_USER_ALREADY_LOGGED_IN:
- case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
- case CKR_USER_PIN_NOT_INITIALIZED:
- case CKR_USER_TOO_MANY_TYPES:
- case CKR_USER_TYPE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ return CKR_OK;
- return error;
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_PIN_EXPIRED:
+ case CKR_PIN_INCORRECT:
+ case CKR_PIN_LOCKED:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_READ_ONLY_EXISTS:
+ case CKR_USER_ALREADY_LOGGED_IN:
+ case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+ case CKR_USER_PIN_NOT_INITIALIZED:
+ case CKR_USER_TOO_MANY_TYPES:
+ case CKR_USER_TYPE_INVALID:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -1863,57 +1830,55 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_Logout
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession
-)
+NSSCKFWC_Logout(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- error = nssCKFWSession_Logout(fwSession);
- if( CKR_OK != error ) {
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- return CKR_OK;
+ error = nssCKFWSession_Logout(fwSession);
+ if (CKR_OK != error) {
+ goto loser;
+ }
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ return CKR_OK;
- return error;
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_USER_NOT_LOGGED_IN:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -1921,85 +1886,83 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_CreateObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phObject
-)
+NSSCKFWC_CreateObject(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phObject)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSCKFWObject *fwObject;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- /*
- * A purify error here indicates caller error.
- */
- *phObject = (CK_OBJECT_HANDLE)0;
+ if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate,
- ulCount, &error);
- if (!fwObject) {
- goto loser;
- }
+ /*
+ * A purify error here indicates caller error.
+ */
+ *phObject = (CK_OBJECT_HANDLE)0;
- *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
- if( (CK_OBJECT_HANDLE)0 == *phObject ) {
- nssCKFWObject_Destroy(fwObject);
- goto loser;
- }
+ fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate,
+ ulCount, &error);
+ if (!fwObject) {
+ goto loser;
+ }
- return CKR_OK;
+ *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
+ if ((CK_OBJECT_HANDLE)0 == *phObject) {
+ nssCKFWObject_Destroy(fwObject);
+ goto loser;
+ }
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCOMPLETE:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ return CKR_OK;
- return error;
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_ATTRIBUTE_READ_ONLY:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_TEMPLATE_INCOMPLETE:
+ case CKR_TEMPLATE_INCONSISTENT:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ case CKR_USER_NOT_LOGGED_IN:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -2007,94 +1970,92 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_CopyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phNewObject
-)
+NSSCKFWC_CopyObject(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phNewObject)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- NSSCKFWObject *fwNewObject;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSCKFWObject *fwObject;
+ NSSCKFWObject *fwNewObject;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- /*
- * A purify error here indicates caller error.
- */
- *phNewObject = (CK_OBJECT_HANDLE)0;
+ if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
+ /*
+ * A purify error here indicates caller error.
+ */
+ *phNewObject = (CK_OBJECT_HANDLE)0;
- fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject,
- pTemplate, ulCount, &error);
- if (!fwNewObject) {
- goto loser;
- }
+ fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+ if (!fwObject) {
+ error = CKR_OBJECT_HANDLE_INVALID;
+ goto loser;
+ }
- *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance,
- fwNewObject, &error);
- if( (CK_OBJECT_HANDLE)0 == *phNewObject ) {
- nssCKFWObject_Destroy(fwNewObject);
- goto loser;
- }
+ fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject,
+ pTemplate, ulCount, &error);
+ if (!fwNewObject) {
+ goto loser;
+ }
- return CKR_OK;
+ *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance,
+ fwNewObject, &error);
+ if ((CK_OBJECT_HANDLE)0 == *phNewObject) {
+ nssCKFWObject_Destroy(fwNewObject);
+ goto loser;
+ }
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_USER_NOT_LOGGED_IN:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ return CKR_OK;
- return error;
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_ATTRIBUTE_READ_ONLY:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_OBJECT_HANDLE_INVALID:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_TEMPLATE_INCONSISTENT:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ case CKR_USER_NOT_LOGGED_IN:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -2102,65 +2063,63 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_DestroyObject
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject
-)
+NSSCKFWC_DestroyObject(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSCKFWObject *fwObject;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject);
- nssCKFWObject_Destroy(fwObject);
+ fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+ if (!fwObject) {
+ error = CKR_OBJECT_HANDLE_INVALID;
+ goto loser;
+ }
- return CKR_OK;
+ nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject);
+ nssCKFWObject_Destroy(fwObject);
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ return CKR_OK;
- return error;
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_OBJECT_HANDLE_INVALID:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -2168,77 +2127,75 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetObjectSize
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ULONG_PTR pulSize
-)
+NSSCKFWC_GetObjectSize(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ULONG_PTR pulSize)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSCKFWObject *fwObject;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+ if (!fwObject) {
+ error = CKR_OBJECT_HANDLE_INVALID;
+ goto loser;
+ }
- /*
- * A purify error here indicates caller error.
- */
- *pulSize = (CK_ULONG)0;
+ if ((CK_ULONG_PTR)CK_NULL_PTR == pulSize) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error);
- if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) {
- goto loser;
- }
+ /*
+ * A purify error here indicates caller error.
+ */
+ *pulSize = (CK_ULONG)0;
- return CKR_OK;
+ *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error);
+ if (((CK_ULONG)0 == *pulSize) && (CKR_OK != error)) {
+ goto loser;
+ }
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_INFORMATION_SENSITIVE:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ return CKR_OK;
- return error;
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_INFORMATION_SENSITIVE:
+ case CKR_OBJECT_HANDLE_INVALID:
+ case CKR_SESSION_HANDLE_INVALID:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -2246,229 +2203,233 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_GetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-)
+NSSCKFWC_GetAttributeValue(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- CK_BBOOL sensitive = CK_FALSE;
- CK_BBOOL invalid = CK_FALSE;
- CK_BBOOL tooSmall = CK_FALSE;
- CK_ULONG i;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSCKFWObject *fwObject;
+ CK_BBOOL sensitive = CK_FALSE;
+ CK_BBOOL invalid = CK_FALSE;
+ CK_BBOOL tooSmall = CK_FALSE;
+ CK_ULONG i;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- for( i = 0; i < ulCount; i++ ) {
- CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject,
- pTemplate[i].type, &error);
- if( (CK_ULONG)0 == size ) {
- switch( error ) {
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_INFORMATION_SENSITIVE:
- sensitive = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- case CKR_ATTRIBUTE_TYPE_INVALID:
- invalid = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- case CKR_OK:
- break;
- default:
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
goto loser;
- }
}
- if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) {
- pTemplate[i].ulValueLen = size;
- } else {
- NSSItem it, *p;
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- if( pTemplate[i].ulValueLen < size ) {
- tooSmall = CK_TRUE;
- continue;
- }
+ fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+ if (!fwObject) {
+ error = CKR_OBJECT_HANDLE_INVALID;
+ goto loser;
+ }
- it.size = (PRUint32)pTemplate[i].ulValueLen;
- it.data = (void *)pTemplate[i].pValue;
- p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it,
- (NSSArena *)NULL, &error);
- if (!p) {
- switch( error ) {
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_INFORMATION_SENSITIVE:
- sensitive = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- case CKR_ATTRIBUTE_TYPE_INVALID:
- invalid = CK_TRUE;
- pTemplate[i].ulValueLen = (CK_ULONG)(-1);
- continue;
- default:
- goto loser;
+ if ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
+
+ for (i = 0; i < ulCount; i++) {
+ CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject,
+ pTemplate[i].type, &error);
+ if ((CK_ULONG)0 == size) {
+ switch (error) {
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_INFORMATION_SENSITIVE:
+ sensitive =
+ CK_TRUE;
+ pTemplate[i].ulValueLen =
+ (CK_ULONG)(-1);
+ continue;
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ invalid =
+ CK_TRUE;
+ pTemplate[i].ulValueLen =
+ (CK_ULONG)(-1);
+ continue;
+ case CKR_OK:
+ break;
+ default:
+ goto loser;
+ }
}
- }
- pTemplate[i].ulValueLen = size;
+ if ((CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue) {
+ pTemplate[i].ulValueLen = size;
+ } else {
+ NSSItem it, *p;
+
+ if (pTemplate[i].ulValueLen < size) {
+ tooSmall = CK_TRUE;
+ continue;
+ }
+
+ it.size = (PRUint32)pTemplate[i].ulValueLen;
+ it.data = (void *)pTemplate[i].pValue;
+ p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it,
+ (NSSArena *)NULL, &error);
+ if (!p) {
+ switch (error) {
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_INFORMATION_SENSITIVE:
+ sensitive =
+ CK_TRUE;
+ pTemplate[i].ulValueLen =
+ (CK_ULONG)(-1);
+ continue;
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ invalid =
+ CK_TRUE;
+ pTemplate[i].ulValueLen =
+ (CK_ULONG)(-1);
+ continue;
+ default:
+ goto loser;
+ }
+ }
+
+ pTemplate[i].ulValueLen = size;
+ }
}
- }
- if( sensitive ) {
- error = CKR_ATTRIBUTE_SENSITIVE;
- goto loser;
- } else if( invalid ) {
- error = CKR_ATTRIBUTE_TYPE_INVALID;
- goto loser;
- } else if( tooSmall ) {
- error = CKR_BUFFER_TOO_SMALL;
- goto loser;
- }
+ if (sensitive) {
+ error = CKR_ATTRIBUTE_SENSITIVE;
+ goto loser;
+ } else if (invalid) {
+ error = CKR_ATTRIBUTE_TYPE_INVALID;
+ goto loser;
+ } else if (tooSmall) {
+ error = CKR_BUFFER_TOO_SMALL;
+ goto loser;
+ }
- return CKR_OK;
+ return CKR_OK;
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_BUFFER_TOO_SMALL:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_OBJECT_HANDLE_INVALID:
+ case CKR_SESSION_HANDLE_INVALID:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
- return error;
+ return error;
}
-
+
/*
* NSSCKFWC_SetAttributeValue
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_SetAttributeValue
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-)
+NSSCKFWC_SetAttributeValue(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWObject *fwObject;
- CK_ULONG i;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSCKFWObject *fwObject;
+ CK_ULONG i;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
-
- fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
- if (!fwObject) {
- error = CKR_OBJECT_HANDLE_INVALID;
- goto loser;
- }
-
- if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
-
- for (i=0; i < ulCount; i++) {
- NSSItem value;
-
- value.data = pTemplate[i].pValue;
- value.size = pTemplate[i].ulValueLen;
-
- error = nssCKFWObject_SetAttribute(fwObject, fwSession,
- pTemplate[i].type, &value);
-
- if( CKR_OK != error ) {
- goto loser;
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
}
- }
- return CKR_OK;
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- loser:
- switch( error ) {
- case CKR_SESSION_CLOSED:
- /* destroy session? */
- break;
- case CKR_DEVICE_REMOVED:
- /* (void)nssCKFWToken_Destroy(fwToken); */
- break;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_FUNCTION_FAILED:
- case CKR_GENERAL_ERROR:
- case CKR_HOST_MEMORY:
- case CKR_OBJECT_HANDLE_INVALID:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_READ_ONLY:
- case CKR_TEMPLATE_INCONSISTENT:
- case CKR_TOKEN_WRITE_PROTECTED:
- break;
- default:
- case CKR_OK:
- error = CKR_GENERAL_ERROR;
- break;
- }
+ fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+ if (!fwObject) {
+ error = CKR_OBJECT_HANDLE_INVALID;
+ goto loser;
+ }
- return error;
+ if ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
+
+ for (i = 0; i < ulCount; i++) {
+ NSSItem value;
+
+ value.data = pTemplate[i].pValue;
+ value.size = pTemplate[i].ulValueLen;
+
+ error = nssCKFWObject_SetAttribute(fwObject, fwSession,
+ pTemplate[i].type, &value);
+
+ if (CKR_OK != error) {
+ goto loser;
+ }
+ }
+
+ return CKR_OK;
+
+loser:
+ switch (error) {
+ case CKR_SESSION_CLOSED:
+ /* destroy session? */
+ break;
+ case CKR_DEVICE_REMOVED:
+ /* (void)nssCKFWToken_Destroy(fwToken); */
+ break;
+ case CKR_ATTRIBUTE_READ_ONLY:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_FUNCTION_FAILED:
+ case CKR_GENERAL_ERROR:
+ case CKR_HOST_MEMORY:
+ case CKR_OBJECT_HANDLE_INVALID:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_TEMPLATE_INCONSISTENT:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ break;
+ default:
+ case CKR_OK:
+ error = CKR_GENERAL_ERROR;
+ break;
+ }
+
+ return error;
}
/*
@@ -2476,85 +2437,83 @@
*
*/
NSS_IMPLEMENT CK_RV
-NSSCKFWC_FindObjectsInit
-(
- NSSCKFWInstance *fwInstance,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount
-)
+NSSCKFWC_FindObjectsInit(
+ NSSCKFWInstance *fwInstance,
+ CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount)
{
- CK_RV error = CKR_OK;
- NSSCKFWSession *fwSession;
- NSSCKFWFindObjects *fwFindObjects;
+ CK_RV error = CKR_OK;
+ NSSCKFWSession *fwSession;
+ NSSCKFWFindObjects *fwFindObjects;
- if (!fwInstance) {
- error = CKR_CRYPTOKI_NOT_INITIALIZED;
- goto loser;
- }
-
- fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
- if (!fwSession) {
- error = CKR_SESSION_HANDLE_INVALID;
- goto loser;
- }
+ if (!fwInstance) {
+ error = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto loser;
+ }
- if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) {
- error = CKR_ARGUMENTS_BAD;
- goto loser;
- }
+ fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+ if (!fwSession) {
+ error = CKR_SESSION_HANDLE_INVALID;
+ goto loser;
+ }
- fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
- if (fwFindObjects) {
- error = CKR_OPERATION_ACTIVE;
- goto loser;
- }
+ if (((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0)) {
+ error = CKR_ARGUMENTS_BAD;
+ goto loser;
+ }
- if( CKR_OPERATION_NOT_INITIALIZED != error ) {
- goto loser;
- }
+ fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
+ if (fwFindObjects) {
+ error = CKR_OPERATION_ACTIVE;
+ goto loser;
+ }
- fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession,
- pTemplate, ulCount, &error);
- if (!fwFindObjects) {
- goto loser;
- }
+ if (CKR_OPERATION_NOT_INITIALIZED != error) {
+ goto loser;
+ }
- error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects);
+ fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession,
+ pTemplate, ulCount, &error);
+ if (!fwFindObjects) {
+ goto loser;
+ }
- if( CKR_OK != error ) {
- nssCKFWFindObjects_Destroy(fwFindObjects);
- goto loser;
- }
+ error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects);
- return CKR_OK;
+ if (CKR_OK != error) {
+ nssCKFWFindObjects_Destroy(fwFindObjects);
+ goto loser;
+ }
