| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * nss_pkix_proxy.h | 5 * nss_pkix_proxy.h |
| 6 * | 6 * |
| 7 * PKIX - NSS proxy functions | 7 * PKIX - NSS proxy functions |
| 8 * | 8 * |
| 9 * NOTE: All structures, functions, data types are parts of library private | 9 * NOTE: All structures, functions, data types are parts of library private |
| 10 * api and are subjects to change in any following releases. | 10 * api and are subjects to change in any following releases. |
| 11 * | 11 * |
| 12 */ | 12 */ |
| 13 #include "prerror.h" | 13 #include "prerror.h" |
| 14 #include "prprf.h" | 14 #include "prprf.h" |
| 15 | 15 |
| 16 #include "nspr.h" | 16 #include "nspr.h" |
| 17 #include "pk11func.h" | 17 #include "pk11func.h" |
| 18 #include "certdb.h" | 18 #include "certdb.h" |
| 19 #include "cert.h" | 19 #include "cert.h" |
| 20 #include "secerr.h" | 20 #include "secerr.h" |
| 21 #include "nssb64.h" | 21 #include "nssb64.h" |
| 22 #include "secasn1.h" | 22 #include "secasn1.h" |
| 23 #include "secder.h" | 23 #include "secder.h" |
| 24 #include "pkit.h" | 24 #include "pkit.h" |
| 25 | 25 |
| 26 #include "pkix_pl_common.h" | 26 #include "pkix_pl_common.h" |
| 27 | 27 |
| 28 extern PRLogModuleInfo *pkixLog; | 28 extern PRLogModuleInfo *pkixLog; |
| 29 | 29 |
| 30 #ifdef DEBUG_volkov | |
| 31 /* Temporary declarations of functioins. Will be removed with fix for | |
| 32 * 391183 */ | |
| 33 extern char * | |
| 34 pkix_Error2ASCII(PKIX_Error *error, void *plContext); | |
| 35 | |
| 36 extern void | |
| 37 cert_PrintCert(PKIX_PL_Cert *pkixCert, void *plContext); | |
| 38 | |
| 39 extern PKIX_Error * | |
| 40 cert_PrintCertChain(PKIX_List *pkixCertChain, void *plContext); | |
| 41 | |
| 42 #endif /* DEBUG */ | |
| 43 | |
| 44 #ifdef PKIX_OBJECT_LEAK_TEST | 30 #ifdef PKIX_OBJECT_LEAK_TEST |
| 45 | 31 |
| 46 extern PKIX_UInt32 | 32 extern PKIX_UInt32 |
| 47 pkix_pl_lifecycle_ObjectLeakCheck(int *); | 33 pkix_pl_lifecycle_ObjectLeakCheck(int *); |
| 48 | 34 |
| 49 extern SECStatus | 35 extern SECStatus |
| 50 pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable); | 36 pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable); |
| 51 | 37 |
| 52 PRInt32 parallelFnInvocationCount; | 38 PRInt32 parallelFnInvocationCount; |
| 53 #endif /* PKIX_OBJECT_LEAK_TEST */ | 39 #endif /* PKIX_OBJECT_LEAK_TEST */ |
| (...skipping 837 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 891 PKIX_List *children = NULL; | 877 PKIX_List *children = NULL; |
| 892 PKIX_VerifyNode *childNode = NULL; | 878 PKIX_VerifyNode *childNode = NULL; |
| 893 | 879 |
| 894 PKIX_ENTER(CERTVFYPKIX, "cert_GetLogFromVerifyNode"); | 880 PKIX_ENTER(CERTVFYPKIX, "cert_GetLogFromVerifyNode"); |
| 895 | 881 |
| 896 children = node->children; | 882 children = node->children; |
| 897 | 883 |
| 898 if (children == NULL) { | 884 if (children == NULL) { |
| 899 PKIX_ERRORCODE errCode = PKIX_ANCHORDIDNOTCHAINTOCERT; | 885 PKIX_ERRORCODE errCode = PKIX_ANCHORDIDNOTCHAINTOCERT; |
| 900 if (node->error && node->error->errCode != errCode) { | 886 if (node->error && node->error->errCode != errCode) { |
| 901 #ifdef DEBUG_volkov | |
| 902 char *string = pkix_Error2ASCII(node->error, plContext); | |
| 903 fprintf(stderr, "Branch search finished with error: \t%s\n", string)
; | |
| 904 PKIX_PL_Free(string, NULL); | |
| 905 #endif | |
| 906 if (log != NULL) { | 887 if (log != NULL) { |
| 907 SECErrorCodes nssErrorCode = 0; | 888 SECErrorCodes nssErrorCode = 0; |
| 908 CERTCertificate *cert = NULL; | 889 CERTCertificate *cert = NULL; |
| 909 | 890 |
| 910 cert = node->verifyCert->nssCert; | 891 cert = node->verifyCert->nssCert; |
| 911 | 892 |
| 912 PKIX_CHECK( | 893 PKIX_CHECK( |
| 913 cert_PkixErrorToNssCode(node->error, &nssErrorCode, | 894 cert_PkixErrorToNssCode(node->error, &nssErrorCode, |
| 914 plContext), | 895 plContext), |
| 915 PKIX_GETPKIXERRORCODEFAILED); | 896 PKIX_GETPKIXERRORCODEFAILED); |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 996 CERTCertificate **ptrustedRoot, | 977 CERTCertificate **ptrustedRoot, |
| 997 CERTCertList **pvalidChain, | 978 CERTCertList **pvalidChain, |
| 998 void *plContext) | 979 void *plContext) |
| 999 { | 980 { |
| 1000 PKIX_ValidateResult *validResult = NULL; | 981 PKIX_ValidateResult *validResult = NULL; |
| 1001 CERTCertList *validChain = NULL; | 982 CERTCertList *validChain = NULL; |
| 1002 CERTCertificate *trustedRoot = NULL; | 983 CERTCertificate *trustedRoot = NULL; |
| 1003 PKIX_TrustAnchor *trustAnchor = NULL; | 984 PKIX_TrustAnchor *trustAnchor = NULL; |
| 1004 PKIX_PL_Cert *trustedCert = NULL; | 985 PKIX_PL_Cert *trustedCert = NULL; |
| 1005 PKIX_List *pkixCertChain = NULL; | 986 PKIX_List *pkixCertChain = NULL; |
| 1006 #ifdef DEBUG_volkov | |
| 1007 PKIX_Error *tmpPkixError = NULL; | |
| 1008 #endif /* DEBUG */ | |
| 1009 | 987 |
| 1010 PKIX_ENTER(CERTVFYPKIX, "cert_GetBuildResults"); | 988 PKIX_ENTER(CERTVFYPKIX, "cert_GetBuildResults"); |
| 1011 if (buildResult == NULL && error == NULL) { | 989 if (buildResult == NULL && error == NULL) { |
| 1012 PKIX_ERROR(PKIX_NULLARGUMENT); | 990 PKIX_ERROR(PKIX_NULLARGUMENT); |
| 1013 } | 991 } |
| 1014 | 992 |
| 1015 if (error) { | 993 if (error) { |
| 1016 SECErrorCodes nssErrorCode = 0; | 994 SECErrorCodes nssErrorCode = 0; |
| 1017 #ifdef DEBUG_volkov | |
| 1018 char *temp = pkix_Error2ASCII(error, plContext); | |
| 1019 fprintf(stderr, "BUILD ERROR:\n%s\n", temp); | |
| 1020 PKIX_PL_Free(temp, NULL); | |
| 1021 #endif /* DEBUG */ | |
| 1022 if (verifyNode) { | 995 if (verifyNode) { |
| 1023 PKIX_Error *tmpError = | 996 PKIX_Error *tmpError = |
| 1024 cert_GetLogFromVerifyNode(log, verifyNode, plContext); | 997 cert_GetLogFromVerifyNode(log, verifyNode, plContext); |
| 1025 if (tmpError) { | 998 if (tmpError) { |
| 1026 PKIX_PL_Object_DecRef((PKIX_PL_Object *)tmpError, plContext); | 999 PKIX_PL_Object_DecRef((PKIX_PL_Object *)tmpError, plContext); |
| 1027 } | 1000 } |
| 1028 } | 1001 } |
| 1029 cert_PkixErrorToNssCode(error, &nssErrorCode, plContext); | 1002 cert_PkixErrorToNssCode(error, &nssErrorCode, plContext); |
| 1030 PORT_SetError(nssErrorCode); | 1003 PORT_SetError(nssErrorCode); |
| 1031 goto cleanup; | 1004 goto cleanup; |
| 1032 } | 1005 } |
| 1033 | 1006 |
| 1034 if (pvalidChain) { | 1007 if (pvalidChain) { |
| 1035 PKIX_CHECK( | 1008 PKIX_CHECK( |
| 1036 PKIX_BuildResult_GetCertChain(buildResult, &pkixCertChain, | 1009 PKIX_BuildResult_GetCertChain(buildResult, &pkixCertChain, |
| 1037 plContext), | 1010 plContext), |
| 1038 PKIX_BUILDRESULTGETCERTCHAINFAILED); | 1011 PKIX_BUILDRESULTGETCERTCHAINFAILED); |
| 1039 | 1012 |
| 1040 #ifdef DEBUG_volkov | |
| 1041 tmpPkixError = cert_PrintCertChain(pkixCertChain, plContext); | |
| 1042 if (tmpPkixError) { | |
| 1043 PKIX_PL_Object_DecRef((PKIX_PL_Object*)tmpPkixError, plContext); | |
| 1044 } | |
| 1045 #endif | |
| 1046 | |
| 1047 PKIX_CHECK( | 1013 PKIX_CHECK( |
| 1048 cert_PkixToNssCertsChain(pkixCertChain, &validChain, plContext), | 1014 cert_PkixToNssCertsChain(pkixCertChain, &validChain, plContext), |
| 1049 PKIX_CERTCHAINTONSSCHAINFAILED); | 1015 PKIX_CERTCHAINTONSSCHAINFAILED); |
| 1050 } | 1016 } |
| 1051 | 1017 |
| 1052 if (ptrustedRoot) { | 1018 if (ptrustedRoot) { |
| 1053 PKIX_CHECK( | 1019 PKIX_CHECK( |
| 1054 PKIX_BuildResult_GetValidateResult(buildResult, &validResult, | 1020 PKIX_BuildResult_GetValidateResult(buildResult, &validResult, |
| 1055 plContext), | 1021 plContext), |
| 1056 PKIX_BUILDRESULTGETVALIDATERESULTFAILED); | 1022 PKIX_BUILDRESULTGETVALIDATERESULTFAILED); |
| 1057 | 1023 |
| 1058 PKIX_CHECK( | 1024 PKIX_CHECK( |
| 1059 PKIX_ValidateResult_GetTrustAnchor(validResult, &trustAnchor, | 1025 PKIX_ValidateResult_GetTrustAnchor(validResult, &trustAnchor, |
| 1060 plContext), | 1026 plContext), |
| 1061 PKIX_VALIDATERESULTGETTRUSTANCHORFAILED); | 1027 PKIX_VALIDATERESULTGETTRUSTANCHORFAILED); |
| 1062 | 1028 |
| 1063 PKIX_CHECK( | 1029 PKIX_CHECK( |
| 1064 PKIX_TrustAnchor_GetTrustedCert(trustAnchor, &trustedCert, | 1030 PKIX_TrustAnchor_GetTrustedCert(trustAnchor, &trustedCert, |
| 1065 plContext), | 1031 plContext), |
| 1066 PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED); | 1032 PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED); |
| 1067 | 1033 |
| 1068 #ifdef DEBUG_volkov | 1034 PKIX_CHECK( |
| 1069 if (pvalidChain == NULL) { | |
| 1070 cert_PrintCert(trustedCert, plContext); | |
| 1071 } | |
| 1072 #endif | |
| 1073 | |
| 1074 PKIX_CHECK( | |
| 1075 PKIX_PL_Cert_GetCERTCertificate(trustedCert, &trustedRoot, | 1035 PKIX_PL_Cert_GetCERTCertificate(trustedCert, &trustedRoot, |
| 1076 plContext), | 1036 plContext), |
| 1077 PKIX_CERTGETCERTCERTIFICATEFAILED); | 1037 PKIX_CERTGETCERTCERTIFICATEFAILED); |
| 1078 } | 1038 } |
| 1079 | 1039 |
| 1080 PORT_Assert(!PKIX_ERROR_RECEIVED); | 1040 PORT_Assert(!PKIX_ERROR_RECEIVED); |
| 1081 | 1041 |
| 1082 if (trustedRoot) { | 1042 if (trustedRoot) { |
| 1083 *ptrustedRoot = trustedRoot; | 1043 *ptrustedRoot = trustedRoot; |
| 1084 } | 1044 } |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1151 PRBool *pSigerror, | 1111 PRBool *pSigerror, |
| 1152 PRBool *pRevoked) | 1112 PRBool *pRevoked) |
| 1153 { | 1113 { |
| 1154 PKIX_ProcessingParams *procParams = NULL; | 1114 PKIX_ProcessingParams *procParams = NULL; |
| 1155 PKIX_BuildResult *result = NULL; | 1115 PKIX_BuildResult *result = NULL; |
| 1156 PKIX_VerifyNode *verifyNode = NULL; | 1116 PKIX_VerifyNode *verifyNode = NULL; |
| 1157 PKIX_Error *error = NULL; | 1117 PKIX_Error *error = NULL; |
| 1158 | 1118 |
| 1159 SECStatus rv = SECFailure; | 1119 SECStatus rv = SECFailure; |
| 1160 void *plContext = NULL; | 1120 void *plContext = NULL; |
| 1161 #ifdef DEBUG_volkov | |
| 1162 CERTCertificate *trustedRoot = NULL; | |
| 1163 CERTCertList *validChain = NULL; | |
| 1164 #endif /* DEBUG */ | |
| 1165 | 1121 |
| 1166 #ifdef PKIX_OBJECT_LEAK_TEST | 1122 #ifdef PKIX_OBJECT_LEAK_TEST |
| 1167 int leakedObjNum = 0; | 1123 int leakedObjNum = 0; |
| 1168 int memLeakLoopCount = 0; | 1124 int memLeakLoopCount = 0; |
| 1169 int objCountTable[PKIX_NUMTYPES]; | 1125 int objCountTable[PKIX_NUMTYPES]; |
| 1170 int fnInvLocalCount = 0; | 1126 int fnInvLocalCount = 0; |
| 1171 PKIX_Boolean savedUsePkixEngFlag = usePKIXValidationEngine; | 1127 PKIX_Boolean savedUsePkixEngFlag = usePKIXValidationEngine; |
| 1172 | 1128 |
| 1173 if (usePKIXValidationEngine) { | 1129 if (usePKIXValidationEngine) { |
| 1174 /* current memory leak testing implementation does not allow | 1130 /* current memory leak testing implementation does not allow |
| (...skipping 14 matching lines...) Expand all Loading... |
| 1189 fnInvLocalCount = PR_ATOMIC_INCREMENT(¶llelFnInvocationCount); | 1145 fnInvLocalCount = PR_ATOMIC_INCREMENT(¶llelFnInvocationCount); |
| 1190 PORT_Assert(fnInvLocalCount == 1); | 1146 PORT_Assert(fnInvLocalCount == 1); |
| 1191 | 1147 |
| 1192 do { | 1148 do { |
| 1193 rv = SECFailure; | 1149 rv = SECFailure; |
| 1194 plContext = NULL; | 1150 plContext = NULL; |
| 1195 procParams = NULL; | 1151 procParams = NULL; |
| 1196 result = NULL; | 1152 result = NULL; |
| 1197 verifyNode = NULL; | 1153 verifyNode = NULL; |
| 1198 error = NULL; | 1154 error = NULL; |
| 1199 #ifdef DEBUG_volkov | |
| 1200 trustedRoot = NULL; | |
| 1201 validChain = NULL; | |
| 1202 #endif /* DEBUG */ | |
| 1203 errorGenerated = PKIX_FALSE; | 1155 errorGenerated = PKIX_FALSE; |
| 1204 stackPosition = 0; | 1156 stackPosition = 0; |
| 1205 | 1157 |
| 1206 if (leakedObjNum) { | 1158 if (leakedObjNum) { |
| 1207 pkix_pl_lifecycle_ObjectTableUpdate(objCountTable); | 1159 pkix_pl_lifecycle_ObjectTableUpdate(objCountTable); |
| 1208 } | 1160 } |
| 1209 memLeakLoopCount += 1; | 1161 memLeakLoopCount += 1; |
| 1210 #endif /* PKIX_OBJECT_LEAK_TEST */ | 1162 #endif /* PKIX_OBJECT_LEAK_TEST */ |
| 1211 | 1163 |
| 1212 error = | 1164 error = |
| (...skipping 22 matching lines...) Expand all Loading... |
| 1235 /* Currently always PR_FALSE. Will be fixed as a part of 394077 */ | 1187 /* Currently always PR_FALSE. Will be fixed as a part of 394077 */ |
| 1236 *pRevoked = PR_FALSE; | 1188 *pRevoked = PR_FALSE; |
| 1237 } | 1189 } |
| 1238 if (pSigerror) { | 1190 if (pSigerror) { |
| 1239 /* Currently always PR_FALSE. Will be fixed as a part of 394077 */ | 1191 /* Currently always PR_FALSE. Will be fixed as a part of 394077 */ |
| 1240 *pSigerror = PR_FALSE; | 1192 *pSigerror = PR_FALSE; |
| 1241 } | 1193 } |
| 1242 rv = SECSuccess; | 1194 rv = SECSuccess; |
| 1243 | 1195 |
| 1244 cleanup: | 1196 cleanup: |
| 1245 error = cert_GetBuildResults(result, verifyNode, error, log, | 1197 error = cert_GetBuildResults(result, verifyNode, error, log, NULL, NULL, |
| 1246 #ifdef DEBUG_volkov | |
| 1247 &trustedRoot, &validChain, | |
| 1248 #else | |
| 1249 NULL, NULL, | |
| 1250 #endif /* DEBUG */ | |
| 1251 plContext); | 1198 plContext); |
| 1252 if (error) { | 1199 if (error) { |
| 1253 #ifdef DEBUG_volkov | |
| 1254 char *temp = pkix_Error2ASCII(error, plContext); | |
| 1255 fprintf(stderr, "GET BUILD RES ERRORS:\n%s\n", temp); | |
| 1256 PKIX_PL_Free(temp, NULL); | |
| 1257 #endif /* DEBUG */ | |
| 1258 PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext); | 1200 PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext); |
| 1259 } | 1201 } |
| 1260 #ifdef DEBUG_volkov | |
| 1261 if (trustedRoot) { | |
| 1262 CERT_DestroyCertificate(trustedRoot); | |
| 1263 } | |
| 1264 if (validChain) { | |
| 1265 CERT_DestroyCertList(validChain); | |
| 1266 } | |
| 1267 #endif /* DEBUG */ | |
| 1268 if (procParams) { | 1202 if (procParams) { |
| 1269 PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext); | 1203 PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext); |
| 1270 } | 1204 } |
| 1271 if (plContext) { | 1205 if (plContext) { |
| 1272 PKIX_PL_NssContext_Destroy(plContext); | 1206 PKIX_PL_NssContext_Destroy(plContext); |
| 1273 } | 1207 } |
| 1274 | 1208 |
| 1275 #ifdef PKIX_OBJECT_LEAK_TEST | 1209 #ifdef PKIX_OBJECT_LEAK_TEST |
| 1276 leakedObjNum = | 1210 leakedObjNum = |
| 1277 pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL); | 1211 pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL); |
| (...skipping 1038 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2316 | 2250 |
| 2317 } while (errorGenerated); | 2251 } while (errorGenerated); |
| 2318 | 2252 |
| 2319 runningLeakTest = PKIX_FALSE; | 2253 runningLeakTest = PKIX_FALSE; |
| 2320 PR_ATOMIC_DECREMENT(¶llelFnInvocationCount); | 2254 PR_ATOMIC_DECREMENT(¶llelFnInvocationCount); |
| 2321 usePKIXValidationEngine = savedUsePkixEngFlag; | 2255 usePKIXValidationEngine = savedUsePkixEngFlag; |
| 2322 #endif /* PKIX_OBJECT_LEAK_TEST */ | 2256 #endif /* PKIX_OBJECT_LEAK_TEST */ |
| 2323 | 2257 |
| 2324 return r; | 2258 return r; |
| 2325 } | 2259 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1017413002:
Uprev NSS to 3.18 RTM (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@nspr_uprev