tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

crlv2.c (4130B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 /*
      6 * Code for dealing with x.509 v3 crl and crl entries extensions.
      7 */
      8 
      9 #include "cert.h"
     10 #include "secitem.h"
     11 #include "secoid.h"
     12 #include "secoidt.h"
     13 #include "secder.h"
     14 #include "secasn1.h"
     15 #include "certxutl.h"
     16 
     17 SECStatus
     18 CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value)
     19 {
     20    return (cert_FindExtensionByOID(crl->extensions, oid, value));
     21 }
     22 
     23 SECStatus
     24 CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value)
     25 {
     26    return (cert_FindExtension(crl->extensions, tag, value));
     27 }
     28 
     29 /* Callback to set extensions and adjust verison */
     30 static void
     31 SetCrlExts(void *object, CERTCertExtension **exts)
     32 {
     33    CERTCrl *crl = (CERTCrl *)object;
     34 
     35    crl->extensions = exts;
     36    DER_SetUInteger(crl->arena, &crl->version, SEC_CRL_VERSION_2);
     37 }
     38 
     39 void *
     40 CERT_StartCRLExtensions(CERTCrl *crl)
     41 {
     42    return (cert_StartExtensions((void *)crl, crl->arena, SetCrlExts));
     43 }
     44 
     45 static void
     46 SetCrlEntryExts(void *object, CERTCertExtension **exts)
     47 {
     48    CERTCrlEntry *crlEntry = (CERTCrlEntry *)object;
     49 
     50    crlEntry->extensions = exts;
     51 }
     52 
     53 void *
     54 CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
     55 {
     56    return (cert_StartExtensions(entry, crl->arena, SetCrlEntryExts));
     57 }
     58 
     59 SECStatus
     60 CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
     61                        SECItem *value)
     62 {
     63    SECItem encodedExtenValue;
     64    SECItem *tmpItem = NULL;
     65    SECStatus rv;
     66    void *mark = NULL;
     67 
     68    encodedExtenValue.data = NULL;
     69    encodedExtenValue.len = 0;
     70 
     71    rv = cert_FindExtension(crl->extensions, SEC_OID_X509_CRL_NUMBER,
     72                            &encodedExtenValue);
     73    if (rv != SECSuccess)
     74        return (rv);
     75 
     76    mark = PORT_ArenaMark(arena);
     77 
     78    tmpItem = SECITEM_ArenaDupItem(arena, &encodedExtenValue);
     79    if (tmpItem) {
     80        rv = SEC_QuickDERDecodeItem(arena, value,
     81                                    SEC_ASN1_GET(SEC_IntegerTemplate),
     82                                    tmpItem);
     83    } else {
     84        rv = SECFailure;
     85    }
     86 
     87    PORT_Free(encodedExtenValue.data);
     88    if (rv == SECFailure) {
     89        PORT_ArenaRelease(arena, mark);
     90    } else {
     91        PORT_ArenaUnmark(arena, mark);
     92    }
     93    return (rv);
     94 }
     95 
     96 SECStatus
     97 CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry,
     98                             CERTCRLEntryReasonCode *value)
     99 {
    100    SECItem wrapperItem = { siBuffer, 0 };
    101    SECItem tmpItem = { siBuffer, 0 };
    102    SECStatus rv;
    103    PLArenaPool *arena = NULL;
    104 
    105    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    106    if (!arena) {
    107        return (SECFailure);
    108    }
    109 
    110    rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE,
    111                            &wrapperItem);
    112    if (rv != SECSuccess) {
    113        goto loser;
    114    }
    115 
    116    rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
    117                                SEC_ASN1_GET(SEC_EnumeratedTemplate),
    118                                &wrapperItem);
    119 
    120    if (rv != SECSuccess) {
    121        goto loser;
    122    }
    123 
    124    *value = (CERTCRLEntryReasonCode)DER_GetInteger(&tmpItem);
    125 
    126 loser:
    127    if (arena) {
    128        PORT_FreeArena(arena, PR_FALSE);
    129    }
    130 
    131    if (wrapperItem.data) {
    132        PORT_Free(wrapperItem.data);
    133    }
    134 
    135    return (rv);
    136 }
    137 
    138 SECStatus
    139 CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value)
    140 {
    141    SECItem encodedExtenValue;
    142    SECItem decodedExtenValue = { siBuffer, 0 };
    143    SECStatus rv;
    144 
    145    encodedExtenValue.data = decodedExtenValue.data = NULL;
    146    encodedExtenValue.len = decodedExtenValue.len = 0;
    147 
    148    rv = cert_FindExtension(crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
    149    if (rv != SECSuccess)
    150        return (rv);
    151 
    152    rv = SEC_ASN1DecodeItem(NULL, &decodedExtenValue,
    153                            SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
    154                            &encodedExtenValue);
    155    if (rv == SECSuccess)
    156        rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
    157    PORT_Free(decodedExtenValue.data);
    158    PORT_Free(encodedExtenValue.data);
    159    return (rv);
    160 }