mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-28 04:35:33 +00:00
eea673c43a
address of an external variable that comes from another DLL. This is a fundamental difference between WIN32 DLLs and Unix DSOs. So, for every SEC_ASN1Template inside of libnss3 that is referenced by other templates outside of libnss3, a new "chooser" function was created that returns the address of that template. For WIN32, the templates outside of libnss3 access libnss3's templates by the chooser function rather than by direct reference. Some simple macros allow Unix to continue to use direct references, avoiding the extra function calls. With these changes, all.sh (qa script) passes all tests on NT with DLLs. Modified Files: cmd/checkcert/checkcert.c cmd/lib/secutil.c lib/asn1/asn1t.h lib/certdb/certdb.c lib/certdb/certt.h lib/certdb/crl.c lib/certhigh/certreq.c lib/crmf/asn1cmn.c lib/crmf/crmfcont.c lib/crmf/crmftmpl.c lib/cryptohi/secsign.c lib/nss/nss.def lib/pkcs12/p12local.c lib/pkcs12/p12tmpl.c lib/pkcs7/certread.c lib/pkcs7/p7decode.c lib/pkcs7/p7local.c lib/smime/cmsasn1.c lib/smime/cmsattr.c lib/smime/cmspubkey.c lib/smime/cmssigdata.c lib/smime/smimeutil.c lib/softoken/keydb.c lib/softoken/keydbt.h lib/util/secalgid.c lib/util/secasn1.h lib/util/secasn1d.c lib/util/secasn1t.h lib/util/secasn1u.c lib/util/secdig.c lib/util/secdig.h lib/util/secoid.h
244 lines
7.7 KiB
C
244 lines
7.7 KiB
C
/*
|
|
* The contents of this file are subject to the Mozilla Public
|
|
* License Version 1.1 (the "License"); you may not use this file
|
|
* except in compliance with the License. You may obtain a copy of
|
|
* the License at http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS
|
|
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
* implied. See the License for the specific language governing
|
|
* rights and limitations under the License.
|
|
*
|
|
* The Original Code is the Netscape security libraries.
|
|
*
|
|
* The Initial Developer of the Original Code is Netscape
|
|
* Communications Corporation. Portions created by Netscape are
|
|
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
|
* Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
*
|
|
* Alternatively, the contents of this file may be used under the
|
|
* terms of the GNU General Public License Version 2 or later (the
|
|
* "GPL"), in which case the provisions of the GPL are applicable
|
|
* instead of those above. If you wish to allow use of your
|
|
* version of this file only under the terms of the GPL and not to
|
|
* allow others to use your version of this file under the MPL,
|
|
* indicate your decision by deleting the provisions above and
|
|
* replace them with the notice and other provisions required by
|
|
* the GPL. If you do not delete the provisions above, a recipient
|
|
* may use your version of this file under either the MPL or the
|
|
* GPL.
|
|
*/
|
|
|
|
#include "cmmf.h"
|
|
#include "cmmfi.h"
|
|
|
|
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
|
|
SEC_ASN1_MKSUB(SEC_AnyTemplate)
|
|
SEC_ASN1_MKSUB(SEC_IntegerTemplate)
|
|
|
|
static const SEC_ASN1Template CMMFCertResponseTemplate[] = {
|
|
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse)},
|
|
{ SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId)},
|
|
{ SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status),
|
|
CMMFPKIStatusInfoTemplate},
|
|
{ SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER,
|
|
offsetof(CMMFCertResponse, certifiedKeyPair),
|
|
CMMFCertifiedKeyPairTemplate},
|
|
{ 0 }
|
|
};
|
|
|
|
static const SEC_ASN1Template CMMFCertOrEncCertTemplate[] = {
|
|
{ SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL,
|
|
sizeof(CMMFCertOrEncCert)},
|
|
{ 0 }
|
|
};
|
|
|
|
const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = {
|
|
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair)},
|
|
{ SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert),
|
|
CMMFCertOrEncCertTemplate },
|
|
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
|
|
offsetof(CMMFCertifiedKeyPair, privateKey),
|
|
CRMFEncryptedValueTemplate},
|
|
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
|
|
offsetof (CMMFCertifiedKeyPair, derPublicationInfo),
|
|
SEC_ASN1_SUB(SEC_AnyTemplate) },
|
|
{ 0 }
|
|
};
|
|
|
|
const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = {
|
|
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo)},
|
|
{ SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status)},
|
|
{ SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING,
|
|
offsetof(CMMFPKIStatusInfo, statusString)},
|
|
{ SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
|
|
offsetof(CMMFPKIStatusInfo, failInfo)},
|
|
{ 0 }
|
|
};
|
|
|
|
const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = {
|
|
{ SEC_ASN1_SEQUENCE_OF, 0, SEC_SignedCertificateTemplate}
|
|
};
|
|
|
|
const SEC_ASN1Template CMMFRandTemplate[] = {
|
|
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand)},
|
|
{ SEC_ASN1_INTEGER, offsetof(CMMFRand, integer)},
|
|
{ SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash)},
|
|
{ 0 }
|
|
};
|
|
|
|
const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = {
|
|
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
|
|
offsetof(CMMFPOPODecKeyRespContent, responses),
|
|
SEC_ASN1_SUB(SEC_IntegerTemplate),
|
|
sizeof(CMMFPOPODecKeyRespContent)},
|
|
{ 0 }
|
|
};
|
|
|
|
const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = {
|
|
{ SEC_ASN1_CONTEXT_SPECIFIC | 1,
|
|
0,
|
|
CRMFEncryptedValueTemplate},
|
|
{ 0 }
|
|
};
|
|
|
|
const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = {
|
|
{ SEC_ASN1_CONTEXT_SPECIFIC | 0,
|
|
0,
|
|
SEC_SignedCertificateTemplate},
|
|
{ 0 }
|
|
};
|
|
|
|
const SEC_ASN1Template CMMFCertRepContentTemplate[] = {
|
|
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent)},
|
|
{ SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
|
|
SEC_ASN1_CONTEXT_SPECIFIC | 1,
|
|
offsetof(CMMFCertRepContent, caPubs),
|
|
CMMFSequenceOfCertsTemplate },
|
|
{ SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response),
|
|
CMMFCertResponseTemplate},
|
|
{ 0 }
|
|
};
|
|
|
|
static const SEC_ASN1Template CMMFChallengeTemplate[] = {
|
|
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge)},
|
|
{ SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
|
|
offsetof(CMMFChallenge, owf),
|
|
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
|
|
{ SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) },
|
|
{ SEC_ASN1_ANY, offsetof(CMMFChallenge, senderDER) },
|
|
{ SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, key) },
|
|
{ SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, challenge) },
|
|
{ 0 }
|
|
};
|
|
|
|
const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = {
|
|
{ SEC_ASN1_SEQUENCE_OF,offsetof(CMMFPOPODecKeyChallContent, challenges),
|
|
CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) },
|
|
{ 0 }
|
|
};
|
|
|
|
SECStatus
|
|
cmmf_decode_process_cert_response(PRArenaPool *poolp,
|
|
CERTCertDBHandle *db,
|
|
CMMFCertResponse *inCertResp)
|
|
{
|
|
SECStatus rv = SECSuccess;
|
|
|
|
if (inCertResp->certifiedKeyPair != NULL) {
|
|
rv = cmmf_decode_process_certified_key_pair(poolp,
|
|
db,
|
|
inCertResp->certifiedKeyPair);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
static CERTCertificate*
|
|
cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert)
|
|
{
|
|
CERTCertificate *newCert;
|
|
|
|
newCert = CERT_DecodeDERCertificate(derCert, PR_TRUE, NULL);
|
|
if (newCert != NULL && newCert->dbhandle == NULL) {
|
|
newCert->dbhandle = db;
|
|
}
|
|
return newCert;
|
|
}
|
|
|
|
static CMMFCertOrEncCertChoice
|
|
cmmf_get_certorenccertchoice_from_der(SECItem *der)
|
|
{
|
|
CMMFCertOrEncCertChoice retChoice;
|
|
|
|
switch(der->data[0] & 0x0f) {
|
|
case 0:
|
|
retChoice = cmmfCertificate;
|
|
break;
|
|
case 1:
|
|
retChoice = cmmfEncryptedCert;
|
|
break;
|
|
default:
|
|
retChoice = cmmfNoCertOrEncCert;
|
|
break;
|
|
}
|
|
return retChoice;
|
|
}
|
|
|
|
static SECStatus
|
|
cmmf_decode_process_certorenccert(PRArenaPool *poolp,
|
|
CERTCertDBHandle *db,
|
|
CMMFCertOrEncCert *inCertOrEncCert)
|
|
{
|
|
SECStatus rv = SECSuccess;
|
|
|
|
inCertOrEncCert->choice =
|
|
cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue);
|
|
|
|
switch (inCertOrEncCert->choice) {
|
|
case cmmfCertificate:
|
|
{
|
|
/* The DER has implicit tagging, so we gotta switch it to
|
|
* un-tagged in order for the ASN1 parser to understand it.
|
|
* Saving the bits that were changed.
|
|
*/
|
|
inCertOrEncCert->derValue.data[0] = 0x30;
|
|
inCertOrEncCert->cert.certificate =
|
|
cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue);
|
|
if (inCertOrEncCert->cert.certificate == NULL) {
|
|
rv = SECFailure;
|
|
}
|
|
|
|
}
|
|
break;
|
|
case cmmfEncryptedCert:
|
|
inCertOrEncCert->cert.encryptedCert =
|
|
PORT_ArenaZNew(poolp, CRMFEncryptedValue);
|
|
if (inCertOrEncCert->cert.encryptedCert == NULL) {
|
|
rv = SECFailure;
|
|
break;
|
|
}
|
|
rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert,
|
|
CMMFCertOrEncCertEncryptedCertTemplate,
|
|
(const char*)inCertOrEncCert->derValue.data,
|
|
inCertOrEncCert->derValue.len);
|
|
break;
|
|
default:
|
|
rv = SECFailure;
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
cmmf_decode_process_certified_key_pair(PRArenaPool *poolp,
|
|
CERTCertDBHandle *db,
|
|
CMMFCertifiedKeyPair *inCertKeyPair)
|
|
{
|
|
return cmmf_decode_process_certorenccert (poolp,
|
|
db,
|
|
&inCertKeyPair->certOrEncCert);
|
|
}
|
|
|
|
|