tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pkix_pl_nsscontext.c (10946B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /*
      5 * pkix_pl_nsscontext.c
      6 *
      7 * NSSContext Function Definitions
      8 *
      9 */
     10 
     11 
     12 #include "pkix_pl_nsscontext.h"
     13 
     14 #define PKIX_DEFAULT_MAX_RESPONSE_LENGTH               64 * 1024
     15 #define PKIX_DEFAULT_COMM_TIMEOUT_SECONDS              60
     16 
     17 #define PKIX_DEFAULT_CRL_RELOAD_DELAY_SECONDS        6 * 24 * 60 * 60
     18 #define PKIX_DEFAULT_BAD_CRL_RELOAD_DELAY_SECONDS    60 * 60
     19 
     20 /* --Public-NSSContext-Functions--------------------------- */
     21 
     22 /*
     23 * FUNCTION: PKIX_PL_NssContext_Create
     24 * (see comments in pkix_samples_modules.h)
     25 */
     26 PKIX_Error *
     27 PKIX_PL_NssContext_Create(
     28        PKIX_UInt32 certificateUsage,
     29        PKIX_Boolean useNssArena,
     30        void *wincx,
     31        void **pNssContext)
     32 {
     33        PKIX_PL_NssContext *context = NULL;
     34        PLArenaPool *arena = NULL;
     35        void *plContext = NULL;
     36 
     37        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_Create");
     38        PKIX_NULLCHECK_ONE(pNssContext);
     39 
     40        PKIX_CHECK(PKIX_PL_Malloc
     41                   (sizeof(PKIX_PL_NssContext), (void **)&context, NULL),
     42                   PKIX_MALLOCFAILED);
     43 
     44        if (useNssArena == PKIX_TRUE) {
     45                PKIX_CONTEXT_DEBUG("\t\tCalling PORT_NewArena\n");
     46                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     47        }
     48        
     49        context->arena = arena;
     50        context->certificateUsage = (SECCertificateUsage)certificateUsage;
     51        context->wincx = wincx;
     52        context->timeoutSeconds = PKIX_DEFAULT_COMM_TIMEOUT_SECONDS;
     53        context->maxResponseLength = PKIX_DEFAULT_MAX_RESPONSE_LENGTH;
     54        context->crlReloadDelay = PKIX_DEFAULT_CRL_RELOAD_DELAY_SECONDS;
     55        context->badDerCrlReloadDelay =
     56                             PKIX_DEFAULT_BAD_CRL_RELOAD_DELAY_SECONDS;
     57        context->certSignatureCheck = PKIX_TRUE;
     58        context->chainVerifyCallback.isChainValid = NULL;
     59        context->chainVerifyCallback.isChainValidArg = NULL;
     60        *pNssContext = context;
     61 
     62 cleanup:
     63 
     64        PKIX_RETURN(CONTEXT);
     65 }
     66 
     67 
     68 /*
     69 * FUNCTION: PKIX_PL_NssContext_Destroy
     70 * (see comments in pkix_samples_modules.h)
     71 */
     72 PKIX_Error *
     73 PKIX_PL_NssContext_Destroy(
     74        void *nssContext)
     75 {
     76        void *plContext = NULL;
     77        PKIX_PL_NssContext *context = NULL;
     78 
     79        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_Destroy");
     80        PKIX_NULLCHECK_ONE(nssContext);
     81 
     82        context = (PKIX_PL_NssContext*)nssContext;
     83 
     84        if (context->arena != NULL) {
     85                PKIX_CONTEXT_DEBUG("\t\tCalling PORT_FreeArena\n");
     86                PORT_FreeArena(context->arena, PKIX_FALSE);
     87        }
     88 
     89        PKIX_PL_Free(nssContext, NULL);
     90 
     91        PKIX_RETURN(CONTEXT);
     92 }
     93 
     94 /*
     95 * FUNCTION: pkix_pl_NssContext_GetCertUsage
     96 * DESCRIPTION:
     97 *
     98 *  This function obtains the platform-dependent SECCertificateUsage  parameter
     99 *  from the context object pointed to by "nssContext", storing the result at
    100 *  "pCertUsage".
    101 *
    102 * PARAMETERS:
    103 *  "nssContext"
    104 *      The address of the context object whose wincx parameter is to be
    105 *      obtained. Must be non-NULL.
    106 *  "pCertUsage"
    107 *      The address where the result is stored. Must be non-NULL.
    108 * THREAD SAFETY:
    109 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
    110 * RETURNS:
    111 *  Returns NULL if the function succeeds.
    112 *  Returns a Fatal Error if the function fails in an unrecoverable way.
    113 */
    114 PKIX_Error *
    115 pkix_pl_NssContext_GetCertUsage(
    116        PKIX_PL_NssContext *nssContext,
    117        SECCertificateUsage *pCertUsage)
    118 {
    119        void *plContext = NULL;
    120 
    121        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_GetCertUsage");
    122        PKIX_NULLCHECK_TWO(nssContext, pCertUsage);
    123 
    124        *pCertUsage = nssContext->certificateUsage;
    125 
    126        PKIX_RETURN(CONTEXT);
    127 }
    128 
    129 /*
    130 * FUNCTION: pkix_pl_NssContext_SetCertUsage
    131 * DESCRIPTION:
    132 *
    133 *  This function sets the platform-dependent SECCertificateUsage parameter in
    134 *  the context object pointed to by "nssContext" to the value provided in
    135 *  "certUsage".
    136 *
    137 * PARAMETERS:
    138 *  "certUsage"
    139 *      Platform-dependent value to be stored.
    140 *  "nssContext"
    141 *      The address of the context object whose wincx parameter is to be
    142 *      obtained. Must be non-NULL.
    143 * THREAD SAFETY:
    144 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
    145 * RETURNS:
    146 *  Returns NULL if the function succeeds.
    147 *  Returns a Fatal Error if the function fails in an unrecoverable way.
    148 */
    149 PKIX_Error *
    150 pkix_pl_NssContext_SetCertUsage(
    151        SECCertificateUsage certUsage,
    152        PKIX_PL_NssContext *nssContext)
    153 {
    154        void *plContext = NULL;
    155 
    156        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_SetCertUsage");
    157        PKIX_NULLCHECK_ONE(nssContext);
    158 
    159        nssContext->certificateUsage = certUsage;
    160 
    161        PKIX_RETURN(CONTEXT);
    162 }
    163 
    164 /*
    165 * FUNCTION: pkix_pl_NssContext_GetCertSignatureCheck
    166 * DESCRIPTION:
    167 *
    168 *  This function obtains the platform-dependent flag to turn on or off
    169 *  signature checks.
    170 *
    171 * PARAMETERS:
    172 *  "nssContext"
    173 *      The address of the context object whose wincx parameter is to be
    174 *      obtained. Must be non-NULL.
    175 *  "pCheckSig"
    176 *      The address where the result is stored. Must be non-NULL.
    177 * THREAD SAFETY:
    178 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
    179 * RETURNS:
    180 *  Returns NULL if the function succeeds.
    181 *  Returns a Fatal Error if the function fails in an unrecoverable way.
    182 */
    183 PKIX_Error *
    184 pkix_pl_NssContext_GetCertSignatureCheck(
    185        PKIX_PL_NssContext *nssContext,
    186        PKIX_Boolean *pCheckSig)
    187 {
    188        void *plContext = NULL;
    189 
    190        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_GetCertUsage");
    191        PKIX_NULLCHECK_TWO(nssContext, pCheckSig);
    192 
    193        *pCheckSig = nssContext->certSignatureCheck;
    194 
    195        PKIX_RETURN(CONTEXT);
    196 }
    197 
    198 /*
    199 * FUNCTION: pkix_pl_NssContext_SetCertSignatureCheck
    200 * DESCRIPTION:
    201 *
    202 *  This function sets the check signature flag in
    203 *  the context object pointed to by "nssContext" to the value provided in
    204 *  "checkSig".
    205 *
    206 * PARAMETERS:
    207 *  "checkSig"
    208 *      Boolean that tells whether or not to check the signatues on certs.
    209 *  "nssContext"
    210 *      The address of the context object whose wincx parameter is to be
    211 *      obtained. Must be non-NULL.
    212 * THREAD SAFETY:
    213 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
    214 * RETURNS:
    215 *  Returns NULL if the function succeeds.
    216 *  Returns a Fatal Error if the function fails in an unrecoverable way.
    217 */
    218 PKIX_Error *
    219 pkix_pl_NssContext_SetCertSignatureCheck(
    220        PKIX_Boolean checkSig,
    221        PKIX_PL_NssContext *nssContext)
    222 {
    223        void *plContext = NULL;
    224 
    225        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_SetCertUsage");
    226        PKIX_NULLCHECK_ONE(nssContext);
    227 
    228        nssContext->certSignatureCheck =  checkSig;
    229 
    230        PKIX_RETURN(CONTEXT);
    231 }
    232 
    233 /*
    234 * FUNCTION: pkix_pl_NssContext_GetWincx
    235 * DESCRIPTION:
    236 *
    237 *  This function obtains the platform-dependent wincx parameter from the
    238 *  context object pointed to by "nssContext", storing the result at "pWincx".
    239 *
    240 * PARAMETERS:
    241 *  "nssContext"
    242 *      The address of the context object whose wincx parameter is to be
    243 *      obtained. Must be non-NULL.
    244 *  "pWincx"
    245 *      The address where the result is stored. Must be non-NULL.
    246 * THREAD SAFETY:
    247 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
    248 * RETURNS:
    249 *  Returns NULL if the function succeeds.
    250 *  Returns a Fatal Error if the function fails in an unrecoverable way.
    251 */
    252 PKIX_Error *
    253 pkix_pl_NssContext_GetWincx(
    254        PKIX_PL_NssContext *nssContext,
    255        void **pWincx)
    256 {
    257        void *plContext = NULL;
    258        PKIX_PL_NssContext *context = NULL;
    259 
    260        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_GetWincx");
    261        PKIX_NULLCHECK_TWO(nssContext, pWincx);
    262 
    263        context = (PKIX_PL_NssContext *)nssContext;
    264 
    265        *pWincx = context->wincx;
    266 
    267        PKIX_RETURN(CONTEXT);
    268 }
    269 
    270 /*
    271 * FUNCTION: pkix_pl_NssContext_SetWincx
    272 * DESCRIPTION:
    273 *
    274 *  This function sets the platform-dependent wincx parameter in the context
    275 *  object pointed to by "nssContext" to the value provided in "wincx".
    276 *
    277 * PARAMETERS:
    278 *  "wincx"
    279 *      Platform-dependent value to be stored.
    280 *  "nssContext"
    281 *      The address of the context object whose wincx parameter is to be
    282 *      obtained. Must be non-NULL.
    283 * THREAD SAFETY:
    284 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
    285 * RETURNS:
    286 *  Returns NULL if the function succeeds.
    287 *  Returns a Fatal Error if the function fails in an unrecoverable way.
    288 */
    289 PKIX_Error *
    290 pkix_pl_NssContext_SetWincx(
    291        void *wincx,
    292        PKIX_PL_NssContext *nssContext)
    293 {
    294        void *plContext = NULL;
    295 
    296        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_SetWincx");
    297        PKIX_NULLCHECK_ONE(nssContext);
    298 
    299        nssContext->wincx = wincx;
    300 
    301        PKIX_RETURN(CONTEXT);
    302 }
    303 
    304 /*
    305 * FUNCTION: PKIX_PL_NssContext_SetTimeout
    306 * DESCRIPTION:
    307 *
    308 * Sets user defined socket timeout for the validation
    309 * session. Default is 60 seconds.
    310 *
    311 */
    312 PKIX_Error *
    313 PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout,
    314                              PKIX_PL_NssContext *nssContext)
    315 {
    316        void *plContext = NULL;
    317 
    318        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetTimeout");
    319        PKIX_NULLCHECK_ONE(nssContext);
    320 
    321        nssContext->timeoutSeconds = timeout;
    322 
    323        PKIX_RETURN(CONTEXT);
    324 }
    325 
    326 /*
    327 * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen
    328 * DESCRIPTION:
    329 *
    330 * Sets user defined maximum transmission length of a message.
    331 *
    332 */
    333 PKIX_Error *
    334 PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len,
    335                                     PKIX_PL_NssContext *nssContext)
    336 {
    337        void *plContext = NULL;
    338 
    339        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetMaxResponseLen");
    340        PKIX_NULLCHECK_ONE(nssContext);
    341 
    342        nssContext->maxResponseLength = len;
    343 
    344        PKIX_RETURN(CONTEXT);
    345 }
    346 
    347 /*
    348 * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay
    349 * DESCRIPTION:
    350 *
    351 * Sets user defined delay between attempts to load crl using
    352 * CRLDP.
    353 *
    354 */
    355 PKIX_Error *
    356 PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delay,
    357                                     PKIX_PL_NssContext *nssContext)
    358 {
    359        void *plContext = NULL;
    360 
    361        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetCrlReloadDelay");
    362        PKIX_NULLCHECK_ONE(nssContext);
    363 
    364        nssContext->crlReloadDelay = delay;
    365 
    366        PKIX_RETURN(CONTEXT);
    367 }
    368 
    369 /*
    370 * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay
    371 * DESCRIPTION:
    372 *
    373 * Sets user defined delay between attempts to load crl that
    374 * failed to decode.
    375 *
    376 */
    377 PKIX_Error *
    378 PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delay,
    379                                             PKIX_PL_NssContext *nssContext)
    380 {
    381        void *plContext = NULL;
    382 
    383        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetBadDerCrlReloadDelay");
    384        PKIX_NULLCHECK_ONE(nssContext);
    385 
    386        nssContext->badDerCrlReloadDelay = delay;
    387 
    388        PKIX_RETURN(CONTEXT);
    389 }